NetExec

Hack The Box: DarkCorp Machine Walkthrough – Insane Difficulity

by darknite
2025-10-20

Finished the Insane-level DarkCorp box on Hack The Box. Initial foothold came from registering on a webmail portal and abusing a contact form to deliver a payload that resulted in a reverse shell. From there I enumerated the app and DB, identified SQL injection and extracted hashes (cracked one to thePlague61780), recovered DPAPI master key material and additional credentials (Pack_beneath_Solid9!), and used those artifacts to escalate to root and retrieve root.txt. Valuable practice in web vectors, SQLi exploitation, credential harvesting, DPAPI analysis, and Windows privilege escalation. Happy to share high-level notes or mitigations.

#HackTheBox #Infosec #RedTeam #Pentesting #WindowsSecurity #CredentialHunting #CTF

Hack The Box: Fluffy Machine Walkthrough – Easy Difficulity

by darknite
2025-09-20

Introduction to Fluffy: In this write-up, we will explore the “Fluffy” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will… Read More »Hack The Box: Fluffy Machine Walkthrough – Easy Difficulity

Hack The Box: Haze Machine Walkthrough – Hard Difficulty

by darknite
2025-06-28

New Write-Up Published: Haze [Medium | Windows | Active Directory] – Hack The Box

Just released a walkthrough for Haze, a medium-difficulty Windows machine on Hack The Box. Initial access was obtained by exploiting CVE-2024-36991, a local file inclusion vulnerability in Splunk, to extract LDAP credentials. This enabled a Shadow Credentials attack using PyWhisker and Certipy, allowing lateral movement to a high-privileged domain user. For privilege escalation, I utilized Splunk admin access to deploy a reverse shell via a crafted app package. Upon gaining shell access, I escalated privileges to NT SYSTEM by abusing SeImpersonatePrivilege with SweetPotato. This box offers great insight into chained Active Directory abuse and Splunk misconfigurations.

#HackTheBox #RedTeam #ActiveDirectory #Splunk #CVE202436991 #ShadowCredentials #PrivilegeEscalation #SweetPotato #CTF #InfoSec #WriteUp #CyberSecurity

Hack The Box: Cicada Machine Walkthrough – Easy Difficulty

by darknite
2025-02-22

Introduction on Cicada: In this write-up, we will explore the “Cicada” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will… Read More »Hack The Box: Cicada Machine Walkthrough – Easy Difficulty

Hack The Box: Analysis Machine Walkthrough – Hard Difficulty

by darknite
2024-06-01

In this post, I would like to share a walkthrough of the Analysis Machine from Hack the Box This room will be considered a Hard machine on Hack the Box… Read More »Hack The Box: Analysis Machine Walkthrough – Hard Difficulty

Hack The Box: Manager Machine Walkthrough – Medium Difficulty

by darknite
2024-03-17

In this post, I would like to share a walkthrough of the Manager Machine from Hack the Box This room will be considered a medium machine on Hack the Box… Read More »Hack The Box: Manager Machine Walkthrough – Medium Difficulty