Windows Privilege Escalation Through Runas | HackTheBox Access | CREST CRT Track
HackTheBox Access was a simple Windows box, which is great to have around because it can be difficult to identify places for new Windows users. And it didn’t use SMB, unlike other Windows boxes. We’ll begin by requesting a zip file and an Access database via anonymous FTP access. We’ll utilize command line tools to search the database for a zip file-compatible password before opening the file to discover an Outlook mail file. We’ll read the email to find the account password on the box, then use telnet to connect. From there, We’ll access root.txt in two separate methods by using cached administrator credentials.