No Admin?
  • Do you have any access to file shares?
    • wwwroot: drop a web shell
    • web.config: access to cleartext creds
    • backdooring any files with your payload
  • Pivot through SQL server with your current credentials or with any SQL scripts you have found
  • Internal spear phishing
  • Pivot to web and cloud services and try to escalate privileges from there(Azure, exchange etc.)
  • Search for any low hanging VNC creds or SSH keys/passwords
Copy link