Hutch 🔸

Enumeration

Enumerating LDAP anonymously.

There is a user with a password in comment.

fmcsorley:CrabSharkJellyfish192

Use bloodhound-python to scout the domain.

This user can read the local admin password using pylaps.

So Administrator:rD{7eI/@x9tG/[

Initial Access

Using evil-winrm.

Post Exploitation

Get the flags.