HackSmarter Walkthrough – StellarComms
Objective / Scope StellarComms has recently onboarded a new junior analyst to support satellite operations monitoring. As part of standard security procedures, a comprehensive internal access assessment must be conducted to validate that the new user account maintains appropriate privilege boundaries and cannot be leveraged for unauthorized escalation. This lab started with just a username - junior.analyst - and no password. The challenge was to figure out how a brand new, low-privileged account could potentially escalate all the way to domain administrator. Spoiler alert: turns out there were quite a few misconfigurations to exploit along the way. ...