Forum Discussion

Bronze I

22 days ago

NHS Offensive Cyber Range: Armsdon Hospital

Hi all, Just wanted some advice on this as I am stuck. I managed to get into the intranet using SQL injection/union and extract all the usernames and passwords. I am not sure if I am on the wrong ...

Community Support

21 days ago

Hi ofield!

You are on the right track, but the order matters. The intranet credentials are not intended to work directly against the domain controller. If RDP is available, focus first on the non DC system where that access makes sense.

If logins are failing, double-check the context rather than the technique. Confirm the correct host, domain, and username format. The intended flow is initial access on a non DC host, followed by local privilege escalation, and only then pivoting back to the domain.

You are very close. I am not able to offer exact steps or commands, but a small shift in approach should.

Forum Discussion

NHS Offensive Cyber Range: Armsdon Hospital

Featured Places

Help

Related Content

CVE-2021-25281 (SaltStack) – Offensive

Offensive PowerShell: Demonstrate Your Skills

Practical Malware Analysis: Demonstrate Your Skills Malware (Offensive)

CVE-2021-22205 (GitLab) – Offensive

Reverse Engineering (Offensive) JavaScript Analysis: JSDetox

Recent Discussions

python-scripting-for-malware-analysis-ep-5-code-obfuscation

Endace: Scenario – Credential Theft and Lateral Movement

Letter to Santa Entry access?

Network Hardening Lab Recommendations

Advanced CTF Challenge: Inner Maze