Realist

So I found the injection point, but am quite stuck trying to get a shell. I have tried re-enabling the [*** stop spoil plz ***]. Can anyone point me in the right direction?

.....

Search for all users’ hashes in the db. try cracking hashes. try automated tools and payloads. I’m stuck at the next part.. local privilege escalation/pivoting/service enumeration. Can anyone help me out?

Can someone PM me about this challenge? I am not going to ask for answers, but I need to make sure I am headed in the right direction. I already have a shell on the Webserver and have a decent understanding of Windows and Active Directory post exploitation.