I’ll start with guest share access where I’ll find an email with an attachment containing a default password. I’ll brute force users on the domain, and spray the password to find a user who hasn’t changed it. That user has access to another SMB share where I’ll find a VeraCrypt volume. I’ll crack that using a custom wordlist and hashcat rules, and get access to a VyOS backup. I’ll use creds from that backup to get a shell as a service account on the host. For root, I’ll abuse ...
