Forum Discussion
PoshC2: Ep.6 – Demonstrate Your Skills
Hi everyone
I am stuck on question 8: Run a privilege escalation enumeration module. What is the Administrator password?
I already tried most of the privesc modules like invoke-allchecks, hashdump etc.
Any hints?
Thanks!
👋 sidi7
You've mentioned that you've already tried the Invoke-AllChecks module - I'd have another look at the output from that module, as one of the files it checks for (and finds) contains a plain-text password. You shouldn't need to do any hash-cracking or use any external tools to find the password!
4 Replies
- steven
Silver II
well, I have not found another way except cracking the hash externally of IL.
The plaintext password I've not found on the target system by using "Dir -Recurse | Select-String -pattern 'XXXXX'". Also the "priv escalation" part of the "help" command didn't brought anything nor the mimikatz stuff (also including debug-stuff).
Looking forward to learn how others point to the correct way :) - NyePrior
Immerser
👋 sidi7
You've mentioned that you've already tried the Invoke-AllChecks module - I'd have another look at the output from that module, as one of the files it checks for (and finds) contains a plain-text password. You shouldn't need to do any hash-cracking or use any external tools to find the password!
- KieranRowley
Community Manager
Hi sidi7 - welcome to the community
Demonstrate Labs are technically challenging labs that offer very limited information and guidance, they are supposed to be challenging and consolidate your learning from all of the other labs in the collection (in this case, the other 5 labs in the Posh C2 Collection).
As a result, the level of detail of the hints and tips that the community are able to share here is limited.
If you haven't already, I recommend that you complete all of the labs in the collection, and if it's been a while since you did, you might want to refresh your memory.