Cracked a password-protected Excel on an SMB share to recover service-account credentials, used Kerberos to access a user account and capture user.txt, then leveraged AD write permissions to restore a deleted admin, decrypt DPAPI artefacts for high‑priv creds, and access the DC to grab root.txt.
#HackTheBox #ADSecurity #Kerberos #DPAPI #RedTeam #CTF
New Write-Up Published: Haze [Medium | Windows | Active Directory] – Hack The Box
Just released a walkthrough for Haze, a medium-difficulty Windows machine on Hack The Box. Initial access was obtained by exploiting CVE-2024-36991, a local file inclusion vulnerability in Splunk, to extract LDAP credentials. This enabled a Shadow Credentials attack using PyWhisker and Certipy, allowing lateral movement to a high-privileged domain user. For privilege escalation, I utilized Splunk admin access to deploy a reverse shell via a crafted app package. Upon gaining shell access, I escalated privileges to NT SYSTEM by abusing SeImpersonatePrivilege with SweetPotato. This box offers great insight into chained Active Directory abuse and Splunk misconfigurations.
#HackTheBox #RedTeam #ActiveDirectory #Splunk #CVE202436991 #ShadowCredentials #PrivilegeEscalation #SweetPotato #CTF #InfoSec #WriteUp #CyberSecurity
In this post, I would like to share a walkthrough of the Sekhmet Machine from Hack the Box This room will be considered an Insane machine… Read More »Hack The Box: Sekhmet Machine Walkthrough – Insane Difficulty
In this post, I would like to share a walkthrough of the Timelapse Machine from Hack the Box This room will be considered as a Easy machine on Hack… Read More »Hack The Box: Timelapse Machine Walkthrough – Easy Difficulty
In this post, I would like to share a walkthrough of the Acute Machine from Hack the Box This room will be considered as a Hard machine on Hack… Read More »Hack The Box: Acute Machine Walkthrough – Hard Difficulty
For this post, I would like to share the knowledge and skills that I just acquire by doing this machine. Attacktive Directory is an old… Read More »TryHackMe: Attacktive Directory Walkthrough