Lessons Learned

SMB Enumeration

As stated in the main page, I have made the mistake of trying to list the shares using a null session.

smbclient -L //10.10.10.125/ -U "" -N

Since most SMB service nowadays does not allow connection through a null session, it is reasonable to always try using an empty password instead.

PowerUp.ps1

As I am not very good at Windows privilege escalation, I tend to always run Winpeas as soon as I get a user shell. But I don't have any other plans after running Winpeas. From this box and from the walkthrough video, I have figured that the PowerUp.ps1 script should be added to my repo for privilege escalation.

PreviousMy Attempt NextPopcorn

Last updated 2 years ago