Aniket Badamianiket.one·Jun 17, 2023HTB - Escape Write-upTL;DR We start off with finding guest user SQL credentials from a PDF document and right off the bat we could able to perform SMB Relay attack and capture Service Account hash. Upon cracking the hash we could able to login into the system via WinRM p...48 readshtbComments disabledThe comments have been disabled by the author for this article.