No Admin?

  • Do you have any access to file shares?

  • wwwroot: drop a web shell

  • web.config: access to cleartext creds

  • backdooring any files with your payload

  • Pivot through SQL server with your current credentials or with any SQL scripts you have found

  • Internal spear phishing

  • Pivot to web and cloud services and try to escalate privileges from there(Azure, exchange etc.)

  • Search for any low hanging VNC creds or SSH keys/passwords

Last updated