Hutch 🔸

Enumeration

Enumerating LDAP anonymously

There is a user with a password in comment

fmcsorley:CrabSharkJellyfish192

Use bloodhound python to scout the domain

This user can read the local admin password using pylaps.

So Administrator:rD{7eI/@x9tG/[

Using evil-winrm

Get the flags