SSRF into Responder, gMSA Password & SeRestorePrivilege - Heist @ PG Practice

We are solving Heist from PG Practice. Heist is a really cool Windows machine that involves stealing a hash, reading a gMSA password & exploiting the SeRestorePrivilege.

Links

• https://github.com/itm4n/PrivescCheck
• https://www.dsinternals.com/en/retrieving-cleartext-gmsa-passwords-from-active-directory/
• https://github.com/micahvandeusen/gMSADumper
• https://gist.github.com/xct/278319041d2521ed11cd5fe953b74a4e
• https://github.com/xct/SeRestoreAbuse