Machine Synopsis

Sweep is a medium difficulty Windows box that involves Active Directory and `Lansweeper`, a technology asset intelligence tool. The attacker abuses an enabled guest account to gain access to Lansweeper, which has Map Credentials configured, which are login/password combinations for accessing and scanning network assets remotely. The attacker deploys a honeypot SSH server to read the configured credentials. The compromised account is a member of the `Lansweeper Discovery` group, which has `GenericAll` ACL over the `Lansweeper Admins` group. Any account member of the `Lansweeper Admins` group has administrator privileges on the Lansweeper dashboard. The attacker creates and deploys a package on the Domain Controller to gain complete control.