Member-only story
Why evil-winrm doesn’t “like” Mimikatz (and other Tools)
If you’ve ever tried to run Mimikatz or similar tools through evil-winrm, you’ve probably hit a wall. Commands fail, the tool doesn’t behave as expected, and you’re left scratching your head wondering what went wrong. Keep reading and I will explain why.
Evil-winrm is a fantastic tool for remote PowerShell sessions, but it’s built on Windows Remote Management (WinRM), which has its own set of quirks and limitations. Let’s dive into why some commands, including Mimikatz, don’t work and why it’s not something you can fix with a few tweaks.
Non-Interactive
One of the first hurdles with WinRM is that it’s non-interactive. Imagine trying to run a command that asks for user input or confirmation, like Get-Credential or certain Mimikatz operations. WinRM doesn’t allow for that kind of back-and-forth communication. It’s designed for automation and remote scripting, not for interactive workflows.
This also explains why tools that attempt to launch GUI components, like Start-Process or anything that opens a window, fall flat. WinRM simply doesn’t support graphical elements, making it unsuitable for commands or tools that rely on them.
