Search for a command to run...
Series
Article Series: Active Directory, Windows (╯°□°)╯︵ ⓕ Ⓒ┻━┻Ⓡ߈Ɩᄅ⓪
Just another IIS & MSSQL Creds Leaks / sqsh & DBeaver (TLS-free) / CVE Lookup / MS14-068 Write-up. Machine Link. IppSec Walkthough. This is the first HTB’s Active Directory machine. Foothold Open ports Scanning the ports against our target reveals ...
![[HackTheBox] Mantis](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1756722180445%2Fe9e7aba4-6953-48c5-a66c-a39df1b7c724.png&w=3840&q=75)
Just another GenericAll / ForceChangePassword / Cypher / Password Safe 3 / GenericWrite & targeted kerberoast / DCSync Write-up. As is common in real life Windows pentests, you will start the Administrator box with credentials for the following acco...
![[HackTheBox] Administrator](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1755587093136%2F8a3f1afd-b5d9-4e26-a689-a90a2526be1a.png&w=3840&q=75)
Just another Pass Spray / ADIDNS Poisoning / NTLMv2 Crack / gMSA Password / Constrained Delegation (S4U) / msDS-ManagedPassword Constructed Attribute (LDAP Req) Write-up. CTF Link. IppSec Walkthrough. Foothold Open ports The SYN and NSE scan agains...
![[HackTheBox] Intelligence](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1745593237761%2Fa5fe1054-659b-461e-81ff-438b10fc0cd2.png&w=3840&q=75)
Just another ZIP & PFX Cracking / WinRM Cert Auth / PSReadLine ConsoleHost_History Leak / LAPS / RDP (socat) & SAM reg over DC (?) Write-up. Machine Link. IppSec Walkthrough. Foothold Open ports The Nmap scan reveals the following open ports: jamar...
![[HackTheBox] Timelapse](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1745854241228%2Fb8053637-d81b-43ec-8ad5-75b76ee8cbf4.png&w=3840&q=75)
Just another jq Parsing / Ownership DACL Abuse / PKINIT / Shadow Credentials / ESC9 Vulnerable Template / UPN Mismatch (?) / Certificate Mapping Write-up. As is common in Windows pentests, you will start the Certified box with credentials for the fo...
![[HackTheBox] Certified](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1734078489126%2F59675673-0533-4c3c-9154-275a4163cbc5.png&w=3840&q=75)
Just another User-Description Leakage / SeBackupPrivilege Write-up. Machine link. IppSec Walkthrough. Footprinting Open ports The Nmap scan shows it’s a Windows machine (SMB:445, RPC:135/593, WinRM:5985), but more particularly a DC (LDAP:389/636, D...
![[HackTheBox] Cicada](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1730323906589%2F83d86cbf-4ad5-4c79-8a00-a5ea9121ee0f.png&w=3840&q=75)
