got user s****
any hint for privesc , ?
i know s****k is the way…but how, to put approach!
Well you probably want a local privesc attack.
I think I am in the same place as @in3vitab13. I’ve done what I thought was the hard work and got a shell as s***n and thought I spotted the path to root quite easily. I am running the local version of a script to target the service (as the default creds can’t be used remotely), but it’s not working, so either I’m running the script wrong or the creds aren’t default. I don’t have permissions to read them from the service directory. Any gentle nudges? Have I missed some enum?