Hello,
The question for the SeImpersonate section ask to logon as “sql_dev” and to escalate privileges using one of the methods shown in this section. Submit the contents of the flag file located at c:\Users\Administrator\Desktop\SeImpersonate\flag.txt.
First, I was not able to RDP using the sql_dev account. I connected with htb-student and ran cmd as sql_dev.
However, the sql_dev user does not have the SeImpersonate nor SeAssignPrimaryToken tokens:
C:\Users\htb-student>whoami
winlpe-srv01\sql_dev
C:\Users\htb-student>whoami /priv
PRIVILEGES INFORMATION
Privilege Name Description State
============================= ============================== ========
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
C:\Users\htb-student>
Am I missing something? Can someone please advise?
Thank you,
raff