Active Directory - Skills Assessment II

Stuck on Q10.
I got user who as “GenericAll” rights. Any hint to get his hash?

I’m stuck here as well, if you find anything please share!

Apply the hint from question 9!

yes, same technique… but different OS! I used Inveigh.ps1

I got the user and the password from Q10, i and i know ho to exploit the GenericAll rights against DC01, but i can’t evil-winrm or rdp to user (even if bloodhound tells me that this user is in “Domain Users” and that group can rdp to ms01) , so what is going wrong?

There are still different methods to perform remote access on DC01 from MS01.

yes, and get the tunneling too, for me worked ssh tunneling instead of chisel

Did you solve it?