Box rooted.
Foothold: Standard HTB enumeration. No brute force of wordlists needed. Use what you got to get you more.
User: Standard HTB escalation path to get user.
Root: Your tools can point you in the right direction.
Interesting thing… I logged in as pe using evil-winrm so I had a more stable shell. Using evil-winrm I was unable to run the m**c command to trigger the payload I created via a popular framework tool. No error back, it would just “run” but I’d never catch it on the other end.
The same command ran flawlessly through a regular rev shell.
Is there something I don’t understand about RM/evil-winrm?