@nyckelharpa said:
About the idea with the Administator password hashes… does anybody know what to use on Windows machines/where to find the hash? As far as I understand, it’s in the SAM file that can only be accessed when the system is not booted up…?
On a running machine, it can be accessed via Volume Shadow Services, but it’s a tad bit impractical. Especially here on HTB, where some machines get reset at a 2 minute interval 