PrivEsc LPE , admin access

[Эрмано]

how to dump hashes? without access ad administrator?

Прости, не увидел сразу, думал уже аккаунт админа есть, ну в таком случае попробуй zerologon или как сказали выше - ищи известные уязвимости

 

[seidziwhitehat]

This

Have you tried to dump the sam or lsass to see if there are any cached user/pass

this

mimikatz or incognito

and this

user is logged in or if you can steal their token?

are allowed only to administatrators.

tnx , but for installl python ,,, need administrator access (

I suggest to not to concentrate on local PE, set pivot using msf(post/multi/manage/autoroute), ligolo-ng, chisel, or your preffered C2 beacon, which you are using. Then perform situational awareness, enumerate domain, check easy CVE's(zerologon, nopac, eternalblue, bluekeep), then things like ADCS, roasting, NTLMv1, and plenty other techniques(you have creds, so a lot of vectors are open for you). There is a high chance that you will obtain domain admin, so your LPE won't be needed.