On a recent hacking challenge I was presented with a privesc scenario where I had already compromised a low privileged user with the tools available in Impacket. The user (a service account) had access to winrm and therefore had a semi-functional shell but no access to rdp or smb shares. The network had a default […]
