Proving Grounds Practice - Access

Access from Proving Grounds Practice is an intermediate rated Windows machine, in which we first get a shell through a file upload vulnerability in a web application running in the context of a low privileged domain user svc_apache. Within that shell we perform a kerberoasting attack using Rubeus and obtain the credentials of the user svc_mssql. In order to get a shell as svc_mssql, we make use of a tool called RunasCs. Read more