• Search for:

    Tag Archives: evil-winrm

    1. Home  - 
    2. Posts tagged "evil-winrm"
      3. ( Page2 )
    26 Apr, 2025
    Hack The Box: Vintage Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    Recently completed an Active Directory penetration test where I obtained both the user and root flags through a series of Kerberos and privilege escalation attacks. I first exploited a weak password on a legacy computer account (fs01$) to retrieve a Kerberos TGT and extract the gMSA password. After reactivating a disabled service account (svc_sql), making it ASREPRoastable, and cracking its hash, I gained credentials for another domain user and authenticated via Evil-WinRM to capture the user flag. For the root flag, I decrypted DPAPI-protected secrets to access a higher-privileged account (c.neri_adm), added a compromised service account to a privileged group, assigned an SPN, and performed a Kerberos delegation attack to impersonate a domain admin, ultimately achieving SYSTEM-level access and capturing the root flag. Great experience applying Kerberos exploitation techniques and privilege escalation strategies in a real-world scenario!

    hashtag#ActiveDirectory hashtag#PenetrationTesting hashtag#Kerberos hashtag#OffensiveSecurity hashtag#RedTeam hashtag#CyberSecurity hashtag#ASREPRoasting hashtag#DPAPI hashtag#PrivilegeEscalation hashtag#HackTheBox hashtag#Infosec hashtag#HacktheBox …

    Learn MoreHack The Box: Vintage Machine Walkthrough – Hard Difficulty

    19 Apr, 2025
    Hack The Box: Administrator Walkthrough Medium Difficulty
    Medium Machine , , , , , , , , , ,

    Chained privilege escalation on an AD environment via misconfigured permissions — no CVEs, just clever abuse of default rights. From Olivia to Emily to Ethan, we pivoted through user relationships using BloodHound, CrackMapExec, Kerberoasting, and WinRM access. Highlighting how overlooked configurations can lead to full domain compromise.

    #ActiveDirectory #PrivilegeEscalation #BloodHound #Kerberoasting #HackTheBox #RedTeam #CyberSecurity #WindowsPentest …

    Learn MoreHack The Box: Administrator Walkthrough Medium Difficulty

    5 Apr, 2025
    Hack The Box: Ghost Machine Walkthrough – Insane Difficulty
    Insane Machine , , , , , , , , , , , , , , , , , , , , , , ,

    The initial foothold was gained by exploiting command injection on intranet.ghost.htb:8008/api-dev/scan/, which provided a reverse shell inside a Docker container. From there, I enumerated the environment and discovered credentials that allowed SSH access as Florence Ramirez. By extracting and converting a Kerberos ticket, I authenticated as a legitimate user, escalating access within the system. With access to the Windows environment, I retrieved NTLM hashes for the adfs_gmsa account and leveraged evil-winrm for lateral movement. A reverse shell was established using JokerShell, and privileges were escalated by enabling xp_cmdshell through a debug interface. After uploading EfsPotato.cs and disabling antivirus, I used Mimikatz and Rubeus.exe to dump credentials, ultimately achieving SYSTEM access. This led to the extraction of domain admin credentials and the retrieval of the root flag. Another Insane box down! 💀💻

    #HackTheBox #RedTeam #CyberSecurity #PenTesting #PrivilegeEscalation #EthicalHacking …

    Learn MoreHack The Box: Ghost Machine Walkthrough – Insane Difficulty

    15 Mar, 2025
    Hack The Box: Certified Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    Access is gained using Judith Mader’s credentials, allowing enumeration of network resources. CrackMapExec identifies key accounts like management_svc and ca_operator. Privilege escalation is performed using a Shadow Credentials attack with Certipy, taking control of management_svc. With valid credentials, Evil-WinRM establishes a remote session, leading to the user flag.

    For root access, the attack exploits Active Directory Certificate Services by modifying ca_operator’s User Principal Name (UPN) to Administrator, enabling a privileged certificate request. A vulnerable ESC9 certificate is issued without linking back to ca_operator, effectively granting Administrator access. The UPN is restored to avoid detection, and authentication via Kerberos retrieves the NT hash of the Administrator account. Full system control is confirmed by obtaining the root flag.

    #HackTheBox #Pentesting #ActiveDirectory #PrivilegeEscalation #CyberSecurity #EthicalHacking …

    Learn MoreHack The Box: Certified Machine Walkthrough – Medium Difficulty

    15 Feb, 2025
    Hack The Box: Cicada Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , ,

    Introduction on Cicada: In this write-up, we will explore the “Cicada” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective

    Continue ReadingHack The Box: Cicada Machine Walkthrough – Easy Difficulty

    14 Dec, 2024
    Hack The Box: Compiled Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , ,

    Introduction to Compiled: In this write-up, we will explore the “Compiled” machine from Hack The Box, which is categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective:

    Continue ReadingHack The Box: Compiled Machine Walkthrough – Medium Difficulty

    16 Nov, 2024
    Hack The Box: Axlle Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , ,

    Introduction to Axlle: In this write-up, we will explore the “Axlle” machine from Hack The Box, categorized as a Hard difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The

    Continue ReadingHack The Box: Axlle Machine Walkthrough – Hard Difficulty

    22 Jun, 2024
    Hack The Box: Office Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Office Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Office machine? For the user flag, you need to

    Continue ReadingHack The Box: Office Machine Walkthrough – Hard Difficulty

    8 Jun, 2024
    Hack The Box: POV Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    In this post, I would like to share a walkthrough of the Pov Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Pov machine? For the user flag, you must to

    Continue ReadingHack The Box: POV Machine Walkthrough – Medium Difficulty