We demonstrated how to do privilege escalation on windows after grabbing plain text credentials in XML files. We used a lab machine from cyberseclabs unattend for this demo.
Machine Name: Unattend
Difficulty: Beginner
Skills Learned
- Windows Privilege Escalation
- Unattend XML plain text credentials
Video Highlights
In this scenario, we leveraged XML configuration files, an example is unattend.xml, to obtain privilege on the Windows system as the SYSTEM user. Usually these configuration files are located under C:\Windows\User\Unattend.xml and can be viewed after gaining a foothold on the target machine.
First foothold access can be obtained by searching with “Rejetto” using Metasploit and using windows/http/rejetto_hfs_exec.
Show Comments