- Published on
Anonymous SMB access is allowed which leads to a password leak and also to RID Bruteforcing that reveals available users. Enumerating those again reveals a Powershell script with credentials enabling user access. The current user has SeBackupPrivilege enabled which allows for dumping NTLM hashes including Domain Admin's.