I can’t get either of these to work on the second box. The Enter-PSSession works but gives me a very disfunctional session. Can’t get nc.exe to run on second box properly at all…
What I usually do once I have the unstable shell with Enter-PSSession is I upload nc.exe to the first box, then download nc.exe into the second box from the first box through that unstable shell, then pop a more solid shell through a different port from box2 to box1. Kind of schlep but it gets me through.
what other method did you use? I think my methodology is kind of clunky here and I’m starting to overthink it / go in other directions not covered in the lessons…hmmmm
i have to make with scriptblock like this Invoke-Command -computername box2 -credential $cred -ScriptBlock{command}
Now trying to make a dcsync.
i put nc.exe and other files in uploads(webFolder)
this way it was simpler to download and execute the reverse shell from box2 to box1
now it’s the dcsync part secretsdump doesn’t return me the screen in the shell to put the password or follow the result
Hi All, I ran Mimikatz with sekurlsa::loXXXXX on second box but no cleartext password for THAT user.
Any guide for Question “Submit this user’s cleartext password.” ?
I solved Question “Submit this user’s cleartext password.” now. Dont know is this the intended way to do it but I need to add a registy entry and restart the machine to get the plaintext password with Mimikatz “sekurlsa::loXXXXX FXXX”