These are some scribbles if I ever need to look up how to dump AD hashes (in various ways). I might expand on this later… ℹ️ This is nothing new, most of this stuff can be easily found on the Internet. This is just for my own reference. Please excuse my brevity. This posts strictly limits itself to post-exploitation, after already having obtained DA credentials. Dumping Requesting a Kerberos ticket first: ...
This was a real tough one, and I eventually got the System Flag in a very roundabout way. I really suspect there had to be easier ways to get that flag, but I could not figure out how to get around the walls I encountered left and right. Anyway, let’s get to it. Starting this machine, we already have basic credentials: As is common in real life Windows penetration tests, you will start the Eighteen box with credentials for the following account: kevin / iNa2we6haRj2gaw! — Machine Information ...