HTB-Academy Password Attacks

Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.

Here I have a long password list I need a small password list to crack it could you guys give me some suggestions

In the right side you can see the resources download them you will be able to get the resources
image

if you get at least one user via crackmapexec or hydra we can just enumerate there how many users are there net users and net localgroup "Remote Desktop Users". We can then use this list of users and brute force with the password list provided

I was able to find the user and password but I am not sure where to look for the flag

wish I had seen this sooner :confused:

By Default you are in the Documents folder, cd out of that and look at other common directories.

1 Like

can you expand on that please? Im confused in how to do so

For every one who is stack here. So one tricky part is that when you download resources you need to call crackmapexec dircely from unzip folder. So its suppose to look like this : crackmapexec winrm (Target IP) -u username.list -p password.list .
When you get user and pass use it for evil-winrm. Flag is on users Desktop.
BR.