November 15, 2024 | 23:48
Proving Grounds Practice - Access
Access from Proving Grounds Practice is an intermediate rated Windows machine, in which we first get a shell through a file upload vulnerability in a web application running in the context of a low privileged domain user svc_apache.
Within that shell we perform a kerberoasting attack using Rubeus and obtain the credentials of the user svc_mssql. In order to get a shell as svc_mssql, we make use of a tool called RunasCs.
Read more