TJ_Null’s OSCP Prep – HTB – Bastion
On this Windows machine there was a SMB share that had two VHDs that we could remotly mount. The VHDs looked like a backup of a Windows. Using secretsdump we could dump the hash from from the /system32/config, and get the hash for users. Using john the ripper, I cracked the hash for L4mpje. After…