The scenario begins with a successful scan for 10.10.11.42, finding it to be running Kerberos.
The following is then attempted on the machine:
Using several different usernames and passwords, an attacker tries to gain access to the 10.10.11.42 using SMB. Theattempts fail due to the fact that the passwords are either incorrect or the username is inaccurate.
Using a known username and password to successfully log in as ethan on 10.10.11.42 using WinRM.
The attacker then attempts to perform a SMB relay attack, using a local DC to relay to 10.10.11.42. Theattack fails, however, since the DC does not support SMBv1. The attacker then performs a Kerberoasting attack and retrieves thehash for the krbtgt account, which they crack and use to authenticate to the domain as an administrator. Ultimately,the attacker fails to exploit the DC using evil-winrm.