search

11. Validate New Credentials via WinRM

Now that you've reset the password for sysadmin, you can try to get a remote shell using WinRM.

Test the new credentials over WinRM, a Windows remote shell. This gives full command-line access to the target.

hashtag
Command:

evil-winrm -i 192.168.10.4 -u 'sysadmin' -p 'NewPassword123'

hashtag
✅ If successful:

You’ll get a PowerShell prompt like:

PS C:\Users\sysadmin>

Then type:

Expected output:

That confirms full access as sysadmin on the machine .

Previous10. Abuse ForceChangePassword Right via RPCNext12. Enumerate Local Privileges and AutoLogon

Last updated