Push, a hard rated active directory chain, involved obtaining credentials from FTP, having write access to smb share, placing the configuration and DLL file for abusing clickonce application to gain a shell on MS01, enumerating the domain to find about SCCM agent deployed on system, c...