Am stuck on how to find alternative usernames. Have got the 2.5 credential sets okay & have been looking at username enumeration options (including playing some some of the impacket scripts). So far not having much luck.
-e and -s are to set a local dir containing executables and powershell scripts. Let’s suppose you want to launch a Sherlock.ps1 . Ok, put that powershell script on your local folder, set it using -s and once connected you can launch “menu” command. You’ll see some stuff but not Sherlock stuff (yet). Then, type “Sherlock.ps1” ← it autocompletes using tab, and after pressing enter, Evil-WinRM is loading the powershell into memory. If you launch again “menu” command you’ll see all the available Sherlock commands including the Find-AllVulns command.
I used r**c****t for that and manually enumerated after finding some known users, probably not the most elegant way, probably missing a tool that auto does it!
Can anyone drop me a hint on where/how to use the 3 creds I found. I’ve tried all user/pass combinations on every service I could find but nothing is working
Hi guys… just after a little nudge please? I have 3 passwords… I can authenticate on 445 with a username and password… but can’t seem to use the winrm shell etc to progress… I think I may be missing something…