In this Lab we will access the Main Office and use the hash we found in our previous Lab post exploitation in order to compromise the AD Server using IP 172.16.0.10 from the 172.16.0.0/24 subnet. Nmap scan shows various ports are open but we will be using SMB to pass the hash since we have a username, hash and port 445 open. SMBclient also shows what shares are available.
Enumerating the files share, we get a network test document, and the token which we view via kali!! The network test document has a username and password for the DIR subnet as well as a clue about ARP table.
Comments
Post a Comment