ldapsearch

Hack The Box: Puppy Machine Walkthrough – Medium Difficulty

by darknite
2025-09-27

Crushed the Puppy machine on HTB with surgical precision! Unlocked the user flag by leveraging levi.james credentials to access the DEV share, cracking recovery.kdbx with “Liverpool,” and using ant.edwards:Antman2025! to reset ADAM.SILVER’s password, followed by a swift WinRM login to grab user.txt. For the root flag, extracted steph.cooper:ChefSteph2025! from C:\Backups, accessed a WinRM shell, and exfiltrated DPAPI keys via SMB. Impacket unveiled steph.cooper_adm:FivethChipOnItsWay2025!, opening the Administrator directory to claim root.txt.

#Cybersecurity #HackTheBox #CTF #Pentesting #PrivilegeEscalation

Hack The Box: Scepter Machine Walkthrough – Hard Difficulty

by darknite
2025-07-19

I conquered the “Scepter” machine on Hack The Box, a challenging Active Directory exploit! Initially, I cracked weak .pfx certificate passwords using pfx2john and rockyou.txt. After syncing time, I extracted D.BAKER’s NTLM hash via Certipy and used BloodHound to reveal A.CARTER’s password reset privileges, exploiting ESC9 to capture the user flag. Subsequently, H.BROWN’s access to P.ADAMS’s altSecurityIdentities enabled an ESC14 attack, forging a certificate for passwordless authentication. Consequently, P.ADAMS’s DCSync rights allowed domain hash extraction, securing the root flag via Evil-WinRM.

#Cybersecurity #HackTheBox #ActiveDirectory #PrivilegeEscalation #CTF #EthicalHacking

Hack The Box: Vintage Machine Walkthrough – Hard Difficulty

by darknite
2025-05-03

Recently completed an Active Directory penetration test where I obtained both the user and root flags through a series of Kerberos and privilege escalation attacks. I first exploited a weak password on a legacy computer account (fs01$) to retrieve a Kerberos TGT and extract the gMSA password. After reactivating a disabled service account (svc_sql), making it ASREPRoastable, and cracking its hash, I gained credentials for another domain user and authenticated via Evil-WinRM to capture the user flag. For the root flag, I decrypted DPAPI-protected secrets to access a higher-privileged account (c.neri_adm), added a compromised service account to a privileged group, assigned an SPN, and performed a Kerberos delegation attack to impersonate a domain admin, ultimately achieving SYSTEM-level access and capturing the root flag. Great experience applying Kerberos exploitation techniques and privilege escalation strategies in a real-world scenario!

hashtag#ActiveDirectory hashtag#PenetrationTesting hashtag#Kerberos hashtag#OffensiveSecurity hashtag#RedTeam hashtag#CyberSecurity hashtag#ASREPRoasting hashtag#DPAPI hashtag#PrivilegeEscalation hashtag#HackTheBox hashtag#Infosec hashtag#HacktheBox

Hack The Box: Monitored Machine Walkthrough – Medium Difficulty

by darknite
2024-05-11

In this post, I would like to share a walkthrough of the Monitored Machine from Hack the Box This room will be considered a Medium machine on Hack the Box… Read More »Hack The Box: Monitored Machine Walkthrough – Medium Difficulty

Hack The Box: Absolute Machine Walkthrough – Insane Difficulty

by darknite
2023-05-27

In this post, I would like to share a walkthrough of the Absolute Machine from Hack the Box This room will be considered an Insane machine… Read More »Hack The Box: Absolute Machine Walkthrough – Insane Difficulty

Hack The Box: Support Machine Walkthrough – Easy Difficulty

by darknite
2023-02-22

In this post, I would like to share a walkthrough of the Support Machine from Hack the Box This room will be considered an Easy machine on… Read More »Hack The Box: Support Machine Walkthrough – Easy Difficulty

HackTheBox: Pikaboo Machine Walkthrough – Hard Difficulty

by darknite
2023-02-25

In this post, I would like to share a walkthrough of the Pikaboo Machine from HackTheBox This room has been considered difficulty rated as a Hard machine What will… Read More »HackTheBox: Pikaboo Machine Walkthrough – Hard Difficulty