Resourced
Enumerating with enum4linux:
Now running sharphound:
So doing the following steps:
Convert password to rc4_hmac hash:
Now we can get the ticket for administrator:
Now to get a shell:
Last updated
Enumerating with enum4linux:
Now running sharphound:
So doing the following steps:
Convert password to rc4_hmac hash:
Now we can get the ticket for administrator:
Now to get a shell:
Last updated
Now we get rpc info back: Found credentials Now using the credentials to check shares:
Now we find ntds.dit and registry hives of system and security: Now cracking it:
From rpc enumeration we know L.Livingstone is sysadmin: So trying his hashes:
Now we can check out transitive outbound relations with L.LIVINGSTONE: This means we have GenericAll access on ResourceDC.