Wow incredible i got this. It’s mind-boggling evil-winrm changed everything. I have so many privs compared to what RDP showed. But why? it’s just remote connection. I guess it is cuz user can have different rights over different services even when it’s remote connection. ehh… lesson learned.
Thank you, lim8en1 for help. Now I see what I should do next.
Stuck with Q4 “Use a common method to obtain weak credentials for another user. Submit the username for the user whose credentials you obtain”, any help would be appreciated.
You can find it in top 200 passwords used in USA i believe https://nordpass.com/most-common-passwords-list/
It’s on 180-something place but still.
The idea for password spraying is to use passwords from such lists (because that are the most widely used passwords) so you can check only a few most probable choices instead of brute forcing through all of them (and consider possible account locks as well)
At first, I wanted to use rockyou.txt, but given the number of users, I don’t think it makes sense to use it. Even though ‘Welcome1’ is on the 40399th line, perhaps this question is intended to ensure that every student reads or completes that particular section
Can someone here give me a nudge? I’ve gotten a foothold and did a LSASS dump from SQL01 and got the Administrator hash. However, when I try a pass-the-hash to MS01 with that hash it doesn’t authenticate. I’m a bit confused on how I get a foothold on MS01. Thanks!