WinRM: Evil-WinRM Invoke-PS-Script

overview

A Kali GUI machine and a target machine running a WinRM server are provided to you. The IP address of the target machine is provided in a text file named target placed on the Desktop of the Kali machine (/root/Desktop/target).

Your task is to fingerprint the WinRM service using the tools available on the Kali machine. Then, use the Evil-WinRM tool to perform a post-exploitation on the WinRM service and load the Invoke-Mimikatz.ps1 on the remote server to extract sensitive information i.e windows users hashes, LSA secrets, etc.

The following username and password may be used to access the service:

Objective: Exploit the WinRM service load the Invoke-Mimikatz.ps1 on the remote server and dump the administrator user hash.

Instructions:

Your Kali machine has an interface with IP address 10.10.X.Y. Run “ip addr” to know the values of X and Y.
The IP address of the target machine is mentioned in the file “/root/Desktop/target”
Do not attack the gateway located at IP address 192.V.W.1 and 10.10.X.1

solutions

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-2029.pdf

PreviousDumping RDCMan Credentials NextWindows: Pass The Hash: Metasploit

Last updated 10 months ago