Hi, today’s tale of pentest pwnage covers a few wins and one loss:
- A cool opportunity to drop Farmer “crops” to a domain admin’s desktop folder via PowerShell remote session
- Finding super sensitive data by dumpster-diving into a stale C:\Users\Domain-Admin profile
- Finding a vCenter database backup and being unable to pwn it using vcenter_saml_login
Share on socials: