Windows Archives - Page 2 of 7

27 Sep, 2025

Hack The Box: Puppy Machine Walkthrough – Medium Difficulty

Medium Machine BloodHoundCE, bloodyAD, Challenges, evil-winrm, HackTheBox, impacket, KDBX, ldapmodify, ldapsearch, Penetration Testing, rpcclient, smbclient, Windows

Crushed the Puppy machine on HTB with surgical precision! Unlocked the user flag by leveraging levi.james credentials to access the DEV share, cracking recovery.kdbx with “Liverpool,” and using ant.edwards:Antman2025! to reset ADAM.SILVER’s password, followed by a swift WinRM login to grab user.txt. For the root flag, extracted steph.cooper:ChefSteph2025! from C:\Backups, accessed a WinRM shell, and exfiltrated DPAPI keys via SMB. Impacket unveiled steph.cooper_adm:FivethChipOnItsWay2025!, opening the Administrator directory to claim root.txt.

#Cybersecurity #HackTheBox #CTF #Pentesting #PrivilegeEscalation …

Learn MoreHack The Box: Puppy Machine Walkthrough – Medium Difficulty

20 Sep, 2025

Hack The Box: Fluffy Machine Walkthrough – Easy Difficulity

Easy Machine BloodHoundCE, bloodyAD, Certify, Challenges, CVE-2025-24071, ESC16, HackTheBox, hashcat, NetExec, Penetration Testing, python3, smbclient, Windows

23 Aug, 2025

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

Medium Machine BloodHoundCE, BurpSuite, Challenges, CVE-2023-34598, faketime, Gibbon, HackTheBox, hashcat, impacket, Local Fle Inclusion, Penetration Testing, python3, SharpGPOAbuse, sqlite3, ssh, Windows

I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.

#Cybersecurity #CTF #EthicalHacking #PenetrationTesting …

Learn MoreHack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

9 Aug, 2025

Hack The Box: University Machine Walkthrough – Insane Walkthrough

Insane Machine Bloodhound, BurpSuite, Challenges, CVE-2023-33733, evil-winrm, HackTheBox, LocalPotato, Penetration Testing, python3, ssh, SSH key, Windows

Compromised university.htb by exploiting ReportLab RCE (CVE-2023-33733) to gain initial access as wao. Forged a professor certificate to impersonate george, then uploaded a malicious lecture to compromise Martin.T.

Escalated privileges by exploiting a scheduled task with a malicious .url file, used LocalPotato (CVE-2023-21746) for elevation on WS-3, and abused SeBackupPrivilege to extract NTDS.dit, ultimately retrieving Domain Admin credentials.

🔍 A great hands-on challenge combining web exploitation, privilege escalation, and Active Directory abuse.

#CyberSecurity #RedTeam #CTF #PrivilegeEscalation #HTB #InfoSec #WindowsExploitation #PenetrationTesting #EthicalHacking #HackTheBox …

Learn MoreHack The Box: University Machine Walkthrough – Insane Walkthrough

19 Jul, 2025

Hack The Box: Scepter Machine Walkthrough – Hard Difficulty

Hard Machine ADCS, Bloodhound, bloodyAD, Certipy, Challenges, ESC14, ESC9, evil-winrm, HackTheBox, hashcat, ldapsearch, nfs, openssl, Penetration Testing, showmount, Windows

I conquered the “Scepter” machine on Hack The Box, a challenging Active Directory exploit! Initially, I cracked weak .pfx certificate passwords using pfx2john and rockyou.txt. After syncing time, I extracted D.BAKER’s NTLM hash via Certipy and used BloodHound to reveal A.CARTER’s password reset privileges, exploiting ESC9 to capture the user flag. Subsequently, H.BROWN’s access to P.ADAMS’s altSecurityIdentities enabled an ESC14 attack, forging a certificate for passwordless authentication. Consequently, P.ADAMS’s DCSync rights allowed domain hash extraction, securing the root flag via Evil-WinRM.

#Cybersecurity #HackTheBox #ActiveDirectory #PrivilegeEscalation #CTF #EthicalHacking …

Learn MoreHack The Box: Scepter Machine Walkthrough – Hard Difficulty

14 Jun, 2025

Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

Insane Machine bitlocker, Bloodhound, BloodHoundCE, bloodyAD, BurpSuite, Certipy, Challenges, evil-winrm, HackTheBox, hashcat, impacket, john the ripper, kerbrute, Output Messenger, Penetration Testing, RDP, sqlite3, Windows, Wireshark

Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

#CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
…

Learn MoreHack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

24 May, 2025

Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty

Easy Machine Bloodhound, Certipy, Challenges, crackmapexec, dacledit, HackTheBox, MSSQL, owneredit, Penetration Testing, smb, smbclient, SQL2019, Windows, winrm

🔒 My Write-Up for the EscapeTwo Machine on Hack The Box 🔍

I’m excited to share my detailed write-up for solving the beginner-friendly “EscapeTwo” machine on Hack The Box, showcasing skills in network enumeration and privilege escalation. First, to capture the user flag, I scanned for open ports, accessed SMB shares, uncovered a password, and leveraged the Ryan account’s elevated permissions to retrieve the flag remotely. Next, for the root flag, I escalated privileges by exploiting an Active Directory misconfiguration. Then, using the Ryan account, I employed tools to identify and modify permissions, thereby gaining control over a privileged account. With this control, I acquired a certificate, subsequently authenticated as an administrator, and finally captured the root flag. This challenge strengthened my expertise in Active Directory security and penetration testing. Check out the full write-up for a deep dive!

#Cybersecurity #HackTheBox #EthicalHacking #PenetrationTesting #ActiveDirectory …

Learn MoreHack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty

26 Apr, 2025

Hack The Box: Vintage Machine Walkthrough – Hard Difficulty

Hard Machine BloodHoundCE, bloodyAD, Challenges, DPAPI, evil-winrm, HackTheBox, impacket, kerberos, ldapsearch, Penetration Testing, SMB & Kerberos Attacks, smbclient, Windows

Recently completed an Active Directory penetration test where I obtained both the user and root flags through a series of Kerberos and privilege escalation attacks. I first exploited a weak password on a legacy computer account (fs01$) to retrieve a Kerberos TGT and extract the gMSA password. After reactivating a disabled service account (svc_sql), making it ASREPRoastable, and cracking its hash, I gained credentials for another domain user and authenticated via Evil-WinRM to capture the user flag. For the root flag, I decrypted DPAPI-protected secrets to access a higher-privileged account (c.neri_adm), added a compromised service account to a privileged group, assigned an SPN, and performed a Kerberos delegation attack to impersonate a domain admin, ultimately achieving SYSTEM-level access and capturing the root flag. Great experience applying Kerberos exploitation techniques and privilege escalation strategies in a real-world scenario!

hashtag#ActiveDirectory hashtag#PenetrationTesting hashtag#Kerberos hashtag#OffensiveSecurity hashtag#RedTeam hashtag#CyberSecurity hashtag#ASREPRoasting hashtag#DPAPI hashtag#PrivilegeEscalation hashtag#HackTheBox hashtag#Infosec hashtag#HacktheBox …

Learn MoreHack The Box: Vintage Machine Walkthrough – Hard Difficulty

19 Apr, 2025

Hack The Box: Administrator Walkthrough Medium Difficulty

Medium Machine BloodHoundCE, Challenges, crackmapexec, evil-winrm, ftp, HackTheBox, hashcat, Penetration Testing, pwsafe, TargetedKerberoast, Windows

Chained privilege escalation on an AD environment via misconfigured permissions — no CVEs, just clever abuse of default rights. From Olivia to Emily to Ethan, we pivoted through user relationships using BloodHound, CrackMapExec, Kerberoasting, and WinRM access. Highlighting how overlooked configurations can lead to full domain compromise.

#ActiveDirectory #PrivilegeEscalation #BloodHound #Kerberoasting #HackTheBox #RedTeam #CyberSecurity #WindowsPentest …

Learn MoreHack The Box: Administrator Walkthrough Medium Difficulty

15 Mar, 2025

Hack The Box: Certified Machine Walkthrough – Medium Difficulty

Medium Machine Active Directory Exploitation, Bloodhound, Certificate Services Exploitation, Certipy, Cybersecurity, evil-winrm, Hack The Box, Penetration Testing, Privilege Escalation, Red Teaming, SMB & Kerberos Attacks, Windows, Windows Security

Access is gained using Judith Mader’s credentials, allowing enumeration of network resources. CrackMapExec identifies key accounts like management_svc and ca_operator. Privilege escalation is performed using a Shadow Credentials attack with Certipy, taking control of management_svc. With valid credentials, Evil-WinRM establishes a remote session, leading to the user flag.

For root access, the attack exploits Active Directory Certificate Services by modifying ca_operator’s User Principal Name (UPN) to Administrator, enabling a privileged certificate request. A vulnerable ESC9 certificate is issued without linking back to ca_operator, effectively granting Administrator access. The UPN is restored to avoid detection, and authentication via Kerberos retrieves the NT hash of the Administrator account. Full system control is confirmed by obtaining the root flag.

#HackTheBox #Pentesting #ActiveDirectory #PrivilegeEscalation #CyberSecurity #EthicalHacking …

Learn MoreHack The Box: Certified Machine Walkthrough – Medium Difficulty

Threatninja.net

Threatninja.net

Hack The Box: Puppy Machine Walkthrough – Medium Difficulty

Hack The Box: Fluffy Machine Walkthrough – Easy Difficulity

Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

Hack The Box: University Machine Walkthrough – Insane Walkthrough

Hack The Box: Scepter Machine Walkthrough – Hard Difficulty

Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty

Hack The Box: Vintage Machine Walkthrough – Hard Difficulty

Hack The Box: Administrator Walkthrough Medium Difficulty

Hack The Box: Certified Machine Walkthrough – Medium Difficulty

Threatninja.net

Threatninja.net

Tag Archives: Windows