Hi all,
just did this host and achieved privilege escalation through password discovery with winPEAS.
However, that is not the intended way to go I believe. I saw a write-up where the job.bat file is used. Apparently icacls shows that the Users group has Full Rights to it. But that does not by itself result into this bat file running with Administrative privileges. How is this then possible?
Cheers for your insight,
BC