I followed both http://blogs.technet.com/b/askperf/archive/2010/09/24/an-introduction-to-winrm-basics.aspx and https://github.com/WinRb/WinRM to get winrm up and working and running remote commands.
WinRM appears to be a soap based shell allowing users/admins to connect in and run commands or scripts or whatever. It's basically a remote administration/management tool. All the tests i performed was on a windows 7 box.
Something to note is that the http port it runs on is 5985, https is on 5986. Neither of these ports are in nmap's default port scan list (top 1000) so unless you are looking for it, you could miss it.
In nmap it shows up as:
So no super obvious signs that its WinRM listening on the port. I think the only thing you could really go off of is the actual port number and know that its a windows system.
Luckily someone created a ruby library that interacts with WinRM and allows you to connect to it and run commands.
When i first the github example, it was giving me auth issues so i had to run the following to get it to shut up and accept my creds:
Once I ran that on the server, the library stopped giving me auth errors. I was able to run ipconfig on the remote system and it spat back the results.