WINDOWS PRIVILEGE ESCALATION [Interacting with Users]

Can someone please help me with “Using the techniques in this section obtain the cleartext credentials for the SCCM_SVC user.”?

1 Like

Sure! did you solve it finally?

Can you help me? I’m stuck here, too

You can DM me.

1 Like

solved. Thanks anyway :beers:

1 Like

To anyone stuck on this, I will give you a clue. Malicious SCF File.

If you need help, send me a message.

3 Likes

I need for help
I use the latest Responder to get sccm_svc hash
but Its cracked-password is wrong

C:\Department Shares\ is you folder, find writable sub-folder and copy SCF there
When you get the responce, copy the whole hash nat crack it like in the lesson :space_invader:

7 Likes

I am also stuck bro can you help on this!!!

Hey! Where you are stuck?

Hey @19delta4u how can I get in contact with you?, I’m completely stuck.

Hey @pavka I can’t find any writable sub-folder, I mapped both Public & Private and all the sub-folders are read only, I mapped with smbmap app + -r flag, can you lemme know how can we get in contact and give a hint?

Write in a subfolder of C:\Department Shares\Public

1 Like

Just follow the steps of the lesson, within the C: drive you will find several shares, you can write the SCF file within one of them, on your attacking machine setup responder or smbserver to capture the hash of the user.

Hi, i am stacked here could anyone help me out?

I created the file within the department share still I’m getting no Response back but when i open the file i get the my account response.
What should i do?

Did anyone manage to capture the hash with an .lnk file ?

hey I’m a little stuck, Ive created the file in the share folder. but i’m not getting a response. Even when i enter the share. the .ico file has the payload to my address too. Even tried the hosting the smb from my machine, but still nothing.

solved! dw about it