Windows Lateral Movement - Double Hop

Since I haven’t found no other topic and no one was keen to help me out in Discord, thought of giving a try here.

In the WinRM Section, I was able to get access to DC01 as the user ‘Helen’ but with ‘Leonvqz’ I was only able to get access to SRV02. If someone can help me out, give it a shout!

1 Like

Got it. If anyone is using the Pwnbox and is struggling, feel free to DM.

1 Like

hi @bsnun,

I have a question for you. i started this module recently and the Server Message Block (SMB) section i have a problem with the question number “Use any tool to get a shell on SRV02 using the service Application Layer Gateway Service (ALG) and read the flag located at C:\Flags\serviceflag.txt:”

the system show me an error when i try to use the following sentence : proxychains4 -q impacket-services INLANEFREIGHT/helen:‘RedRiot88’@172.20.0.52 start -name ‘Service Backdoor’
error: cant locate the file.

can you help me?

Check what you are trying to accomplish and what your commands are

thanks, I solved it