Can you help me please? I’m in HTB DACLs I module, I’m in Password Abuse section, I’m stuck on the last part, abusing Marcos’ account to get the gMSA of the htb-svc$ account to get the contents of the flag.txt file, I already have the hash of the htb account, I tried to connect with pth-winexe, with psexec, winrm, crackmapexec, and others, but it refuses the connection, then I try to do pth with mimikatz but to run it I need to access as administrator, but I don’t have those credentials. What should I do to get that flag, or what am I doing wrong? Thanks for your help.
You can use smbclient with --pw-nt-hash to connect it.