Forum Discussion

sidi7's avatar
sidi7
Icon for Bronze I rankBronze I
10 days ago

PoshC2: Ep.6 – Demonstrate Your Skills

Hi everyone

I am stuck on question 8: Run a privilege escalation enumeration module. What is the Administrator password?

I already tried most of the privesc modules like invoke-allchecks, hashdump etc.

Any hints?

Thanks!

offensive cyber
  • NyePrior's avatar
    NyePrior
    10 days ago

    👋 sidi7 

    You've mentioned that you've already tried the Invoke-AllChecks module - I'd have another look at the output from that module, as one of the files it checks for (and finds) contains a plain-text password. You shouldn't need to do any hash-cracking or use any external tools to find the password!

  • steven's avatar
    steven
    Icon for Bronze III rankBronze III
    10 days ago

    well, I have not found another way except cracking the hash externally of IL.
    The plaintext password I've not found on the target system by using "Dir -Recurse | Select-String -pattern 'XXXXX'". Also the "priv escalation" part of the "help" command didn't brought anything nor the mimikatz stuff (also including debug-stuff).


    Looking forward to learn how others point to the correct way :)

  • NyePrior's avatar
    NyePrior
    Icon for Immerser rankImmerser
    10 days ago

    👋 sidi7 

    You've mentioned that you've already tried the Invoke-AllChecks module - I'd have another look at the output from that module, as one of the files it checks for (and finds) contains a plain-text password. You shouldn't need to do any hash-cracking or use any external tools to find the password!

  • KieranRowley's avatar
    KieranRowley
    Icon for Community Manager rankCommunity Manager
    10 days ago

    Hi sidi7 - welcome to the community

    Demonstrate Labs are technically challenging labs that offer very limited information and guidance, they are supposed to be challenging and consolidate your learning from all of the other labs in the collection (in this case, the other 5 labs in the Posh C2 Collection).

    As a result, the level of detail of the hints and tips that the community are able to share here is limited.

    If you haven't already, I recommend that you complete all of the labs in the collection, and if it's been a while since you did, you might want to refresh your memory.