(August 13, 2022, 09:41 PM)undeadly Wrote: sadly bug on the box. the intended way should be probably dealing with hmail and group policies.
if an author will fix this fast, it still be playable.
 

    Directory: C:\Users\Administrator\Documents


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/16/2022  11:05 AM                SQL Server Management Studio
d-----        6/16/2022  11:05 AM                Visual Studio 2017
d-----        6/16/2022  12:07 AM                WindowsPowerShell
-a----         8/1/2022   6:38 PM           7023 hmail_cleanup.ps1
-a----         8/3/2022   4:18 PM            978 install_updates.ps1
-a----        6/16/2022   6:51 PM            518 wsus_group_cleanup.ps1


*Evil-WinRM* PS C:\Users\Administrator\Documents>

(August 13, 2022, 10:27 PM)JINXX Wrote:

(August 13, 2022, 09:41 PM)undeadly Wrote: sadly bug on the box. the intended way should be probably dealing with hmail and group policies.
if an author will fix this fast, it still be playable.
 

    Directory: C:\Users\Administrator\Documents


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/16/2022  11:05 AM                SQL Server Management Studio
d-----        6/16/2022  11:05 AM                Visual Studio 2017
d-----        6/16/2022  12:07 AM                WindowsPowerShell
-a----         8/1/2022   6:38 PM           7023 hmail_cleanup.ps1
-a----         8/3/2022   4:18 PM            978 install_updates.ps1
-a----        6/16/2022   6:51 PM            518 wsus_group_cleanup.ps1


*Evil-WinRM* PS C:\Users\Administrator\Documents>

---

How did you achieve a shell with evilwinrm

---

How did you achieve a shell with evilwinrm

(August 13, 2022, 10:30 PM)yumi Wrote: if I get users i will  warn you here with more details, I tried zero logon the first time, but I didn't realize that it had worked, I always try on a windows machine, and with the name outdated I tried several vulnerabilities zero logon worked and the petitpotam partially worked because there was no way to access certsrv remotely in this machine.

---

(August 13, 2022, 10:27 PM)JINXX Wrote:

(August 13, 2022, 09:41 PM)undeadly Wrote: sadly bug on the box. the intended way should be probably dealing with hmail and group policies.
if an author will fix this fast, it still be playable.
 

    Directory: C:\Users\Administrator\Documents


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        6/16/2022  11:05 AM                SQL Server Management Studio
d-----        6/16/2022  11:05 AM                Visual Studio 2017
d-----        6/16/2022  12:07 AM                WindowsPowerShell
-a----         8/1/2022   6:38 PM           7023 hmail_cleanup.ps1
-a----         8/3/2022   4:18 PM            978 install_updates.ps1
-a----        6/16/2022   6:51 PM            518 wsus_group_cleanup.ps1


*Evil-WinRM* PS C:\Users\Administrator\Documents>

---

How did you achieve a shell with evilwinrm

---

How did you achieve a shell with evilwinrm

get hash from  secretsdump and acess with evil-winrm

(August 13, 2022, 09:02 PM)yumi Wrote: Thanks

(August 13, 2022, 09:02 PM)yumi Wrote: :D :D :D