Machine Synopsis

`Breach` is a medium difficulty Windows machine, where guest access to an SMB share is available. By leveraging write permissions on that SMB share, `NTLMv2` hashes of a domain user are captured to obtain valid credentials. With access as a low-privileged domain user, a kerberoastable service account (`svc_mssql`) is revealed. After getting access to the service account, a Silver Ticket attack is performed to impersonate the `Administrator` user and gain access to Microsoft SQL Server. Through the `xp_cmdshell` feature, remote code execution is achieved as the `svc_mssql` service account. Finally, privilege escalation is performed by abusing the `SeImpersonatePrivilege` privilege.