What is it?
“Windows Remote Management (WinRM) is the Microsoft
implementation of WS-Management Protocol, a standard Simple Object Access
Protocol (SOAP)-based, firewall-friendly protocol that allows hardware and
operating systems, from different vendors, to interoperate.
The WS-Management protocol specification provides a common
way for systems to access and exchange management information across an IT
infrastructure. WinRM and Intelligent Platform Management Interface (IPMI),
along with the Event Collector are components of the Windows Hardware
Management features. “
Now may have come across this service whilst scanning Windows systems before.
The ports you will see are 5985 (http) and 5986 (https).
The service is disabled by default and even when it’s not
(Windows 2008 and above), the listener is not enabled so no traffic can pass.
This makes this service quite hard to find in the wild, but it is there.
Because remote execution is needed for certain systems, the users will…
View original post 698 more words