Driver write-up by evyatar9

Read my write-up to Driver machine on


User: Found admin:admin credentials for port 80, Using smb-share-scf-file-attack, Getting the user NTLM hash using responder and we get the credentials of tony user.

Root: By running Get-Service -Name "spooler" we can see that print spooler service is running - Using PrintNightmare to get privilege escalation by creating a new user on administrator group.