winrm

CME

cme winrm manager.htb -u raven -p 'R4v3nBe5tD3veloP3r!123'

evil-winrm

simple connection

evil-winrm -u 'raven' -p 'R4v3nBe5tD3veloP3r!123' -i manager.htb

connection using kerberos

export KRB5CCNAME=user.ccache
# modify /etc/krb5.conf
┌──(kali㉿kali)-[~/hack-the-box/machines]
└─$ cat /etc/krb5.conf                                                                   
[libdefaults]
    default_realm = DOMAIN.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = false
    forwardable = true
[realms]
    DOMAIN.LOCAL = {
        kdc = dc01.domain.local
        admin_server = dc01.domain.local
    }
[domain_realm]
    .domain.local = DOMAIN.LOCAL
    domain.local = DOMAIN.LOCAL

# Get ticket
impacket-getTGT domain/username:'Password' -dc-ip dc01.infiltrator.htb

evil-winrm -u 'user.ccache' -p  -i domain.local -r domain.local

Previous161,162,10161,10162- Pentesting SNMP NextNetExec

Last updated 3 months ago

winrm

CME

cme winrm manager.htb -u raven -p 'R4v3nBe5tD3veloP3r!123'

evil-winrm

simple connection

evil-winrm -u 'raven' -p 'R4v3nBe5tD3veloP3r!123' -i manager.htb

connection using kerberos

export KRB5CCNAME=user.ccache
# modify /etc/krb5.conf
┌──(kali㉿kali)-[~/hack-the-box/machines]
└─$ cat /etc/krb5.conf                                                                   
[libdefaults]
    default_realm = DOMAIN.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = false
    forwardable = true
[realms]
    DOMAIN.LOCAL = {
        kdc = dc01.domain.local
        admin_server = dc01.domain.local
    }
[domain_realm]
    .domain.local = DOMAIN.LOCAL
    domain.local = DOMAIN.LOCAL

# Get ticket
impacket-getTGT domain/username:'Password' -dc-ip dc01.infiltrator.htb

evil-winrm -u 'user.ccache' -p  -i domain.local -r domain.local

Previous161,162,10161,10162- Pentesting SNMP NextNetExec

Last updated 3 months ago