first we try login with valid credential on rdp server
we success to login and we found file call pentest-open
pentest-open
now let’s change value of DisableRestrictedAdmin from 0 to 1
DisableRestrictedAdmin
then let’s try sign in by this hash
we found flag
Last updated 10 months ago
reg add HKLM\\System\\CurrentControlSet\\Control\\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f
