Credential Access - NTDS
Got down to the last two questions and I felt like I've tried all suggestions in the briefing. Can anyone help out with the last two question? Also, the "secretsdump.py -ntds <ntds.dit path> -system <SYSTEM hive path> LOCAL" isn't working but tried "impacket.examples.secretsdump" and it doesn't throw an error, but also doesn't throw any output.
help with A Christmas Catastrophe: A Letter to Santa
I am in the scalation privileges part. Tried to create a symlink to /root/root.txt and to /root in /etc/letters/ waiting cron /etc/chmod.sh takes ownership with chmod 666 instruction and then extract token, but doesn't work Any help? Is there something missing?
Introduction to Active Directory Attacks: Local Passwords
Briefing says to use poweup.ps1 but i dont see the powershell script in the tools folder. additionally tried powershell command mentioned but producing so many result. any thoughts or suggestion to find the password stored in some where in files.
