Forum Discussion
sidi7
Bronze I
6 months agoPoshC2: Ep.6 – Demonstrate Your Skills
Hi everyone I am stuck on question 8: Run a privilege escalation enumeration module. What is the Administrator password? I already tried most of the privesc modules like invoke-allchecks, hashdump ...
- 6 months ago
👋 sidi7
You've mentioned that you've already tried the Invoke-AllChecks module - I'd have another look at the output from that module, as one of the files it checks for (and finds) contains a plain-text password. You shouldn't need to do any hash-cracking or use any external tools to find the password!
steven
Silver II
6 months agowell, I have not found another way except cracking the hash externally of IL.
The plaintext password I've not found on the target system by using "Dir -Recurse | Select-String -pattern 'XXXXX'". Also the "priv escalation" part of the "help" command didn't brought anything nor the mimikatz stuff (also including debug-stuff).
Looking forward to learn how others point to the correct way :)