Hey, if anyone has completed this skill assessment.
I’m stuck on question II, I think I have somethings but I am getting some weird output from it and it’s not working.
I would gladly accept any nudge.
Ty Vx
Solved it, if anyone need help i can provide.
Cheers
Vx
Hello,
I could use a nudge for the second question. I see the attack path but I am not able to find a way to get to the user.
Thanks!
add me on discord
cheers
For anyone struggling with Skill Assessment questions 2 and 3.
Question 2
Enumerate ACL misconfigurations granted to USERS with powerview on Windows or dacledit on Linux; BloodHound won’t show all attack paths.
Start by looking for the permissions granted to the users you have access to, and if you get stuck try looking the other way around: find which entities have permissions on the machine you want to compromise.
Once you know the attack path if you don’t know how to compromise any user try inspect their LDAP entries.
Question 3
Similar to question 2, find the attack path with powerview or dacledit.
Once rd09 is compromised, you get access to a new user (A), and that user has privileges over another user (B).
What can you do with that new user (B)?
I had problems here because of sessions and winrm (I kept getting “COMException” errors).
Once you have access to user B:
- open an interactive session with any user (taino for example)
- import to your session the TGT of user B
- and execute the pertinent command of user B
Hope this helps!
I’m stuck on the 2nd question as well. I know who the “creator” is and own that account, and I know who the “linkers” are but cannot find any paths to them. I’ve been using PowerView to enumerate the ACLs and come up with nothing.