I’ve been working on a pentesting exercise and recently managed to obtain a user’s hash with GetUserSPNs.py
and cracked it with john
. After validating the credentials with GetADUsers.py
against administrator.htb
, I was able to confirm that the credentials for olivia
and ethan
are indeed correct.
Here’s a summary of what I’ve done and the issue I’m facing:
- Used
GetUserSPNs.py
to request a hash for the userolivia
, cracked it, and verified it alongsideethan
’s credentials usingGetADUsers.py -all
. - WinRM access works perfectly with
olivia
, but I can’t connect via WinRM withethan
’s credentials, even though the credentials are confirmed to be correct. - When I log in as
olivia
via WinRM, I can see only three accounts on the machine:olivia
,emily
, andadministrator
. However,ethan
’s credentials should, in theory, allow me to connect.
My question is: Why might ethan
’s credentials fail with WinRM access even though they are valid, and what else can I try to troubleshoot this?
Additional Info:
- OS: Target machine is Windows Server 2019.
- WinRM is configured correctly since it works with
olivia
. - I’ve already attempted using different Impacket tools and CrackMapExec with
ethan
, but they don’t return any unusual errors.
Any insights on why I might be facing this issue or suggestions on additional checks or configurations I could try would be greatly appreciated!