49663
Bruteforcing directories:
We can access the smb share here. We can upload an aspx reverse shell in the smb share and access it from here.

We get a shell:
We have SeImpersonatePrivilege
privilege:
Running PrintSpoofer64.exe:
PrintSpoofer64.exe -i -c powershell.exe

Last updated
Was this helpful?