• Search for:

    Tag Archives: Windows

    1. Home  - 
    2. Posts tagged "Windows"
      3. ( Page2 )
    23 Aug, 2025
    Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity
    Medium Machine , , , , , , , , , , , , , , ,

    I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.

    #Cybersecurity #CTF #EthicalHacking #PenetrationTesting …

    Learn MoreHack The Box: TheFrizz Machine Walkthrough – Medium Difficulity

    9 Aug, 2025
    Hack The Box: University Machine Walkthrough – Insane Walkthrough
    Insane Machine , , , , , , , , , , ,

    Compromised university.htb by exploiting ReportLab RCE (CVE-2023-33733) to gain initial access as wao. Forged a professor certificate to impersonate george, then uploaded a malicious lecture to compromise Martin.T.

    Escalated privileges by exploiting a scheduled task with a malicious .url file, used LocalPotato (CVE-2023-21746) for elevation on WS-3, and abused SeBackupPrivilege to extract NTDS.dit, ultimately retrieving Domain Admin credentials.

    🔍 A great hands-on challenge combining web exploitation, privilege escalation, and Active Directory abuse.

    #CyberSecurity #RedTeam #CTF #PrivilegeEscalation #HTB #InfoSec #WindowsExploitation #PenetrationTesting #EthicalHacking #HackTheBox …

    Learn MoreHack The Box: University Machine Walkthrough – Insane Walkthrough

    19 Jul, 2025
    Hack The Box: Scepter Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , , , , ,

    I conquered the “Scepter” machine on Hack The Box, a challenging Active Directory exploit! Initially, I cracked weak .pfx certificate passwords using pfx2john and rockyou.txt. After syncing time, I extracted D.BAKER’s NTLM hash via Certipy and used BloodHound to reveal A.CARTER’s password reset privileges, exploiting ESC9 to capture the user flag. Subsequently, H.BROWN’s access to P.ADAMS’s altSecurityIdentities enabled an ESC14 attack, forging a certificate for passwordless authentication. Consequently, P.ADAMS’s DCSync rights allowed domain hash extraction, securing the root flag via Evil-WinRM.

    #Cybersecurity #HackTheBox #ActiveDirectory #PrivilegeEscalation #CTF #EthicalHacking …

    Learn MoreHack The Box: Scepter Machine Walkthrough – Hard Difficulty

    14 Jun, 2025
    Hack The Box: Inflitrator Machine Walkthrough – Insane Difficulity
    Insane Machine , , , , , , , , , , , , , , , , , ,

    Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

    #CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF
    Successfully completed a two-stage Active Directory exploitation scenario involving both user access and privilege escalation. The first stage focused on identifying accounts that did not require Kerberos pre-authentication (AS-REP Roasting), allowing extraction and cracking of a user password hash to gain remote access and retrieve the user flag. In the second stage, a misconfigured certificate template (ESC4 vulnerability) within Active Directory Certificate Services was exploited to request a certificate impersonating a privileged user. This enabled full administrative access and retrieval of the root flag.

    #CyberSecurity #ActiveDirectory #RedTeam #Kerberos #PrivilegeEscalation #ASREP #ADCS #ESC4 #PenetrationTesting #Infosec #HackTheBox #WindowsSecurity #CTF

    Learn MoreHack The Box: Inflitrator Machine Walkthrough – Insane Difficulity

    24 May, 2025
    Hack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , , , , , , , ,

    🔒 My Write-Up for the EscapeTwo Machine on Hack The Box 🔍

    I’m excited to share my detailed write-up for solving the beginner-friendly “EscapeTwo” machine on Hack The Box, showcasing skills in network enumeration and privilege escalation. First, to capture the user flag, I scanned for open ports, accessed SMB shares, uncovered a password, and leveraged the Ryan account’s elevated permissions to retrieve the flag remotely. Next, for the root flag, I escalated privileges by exploiting an Active Directory misconfiguration. Then, using the Ryan account, I employed tools to identify and modify permissions, thereby gaining control over a privileged account. With this control, I acquired a certificate, subsequently authenticated as an administrator, and finally captured the root flag. This challenge strengthened my expertise in Active Directory security and penetration testing. Check out the full write-up for a deep dive!

    #Cybersecurity #HackTheBox #EthicalHacking #PenetrationTesting #ActiveDirectory …

    Learn MoreHack The Box: EscapeTwo Machine Walkthrough – Easy Difficulty

    26 Apr, 2025
    Hack The Box: Vintage Machine Walkthrough – Hard Difficulty
    Hard Machine , , , , , , , , , , , ,

    Recently completed an Active Directory penetration test where I obtained both the user and root flags through a series of Kerberos and privilege escalation attacks. I first exploited a weak password on a legacy computer account (fs01$) to retrieve a Kerberos TGT and extract the gMSA password. After reactivating a disabled service account (svc_sql), making it ASREPRoastable, and cracking its hash, I gained credentials for another domain user and authenticated via Evil-WinRM to capture the user flag. For the root flag, I decrypted DPAPI-protected secrets to access a higher-privileged account (c.neri_adm), added a compromised service account to a privileged group, assigned an SPN, and performed a Kerberos delegation attack to impersonate a domain admin, ultimately achieving SYSTEM-level access and capturing the root flag. Great experience applying Kerberos exploitation techniques and privilege escalation strategies in a real-world scenario!

    hashtag#ActiveDirectory hashtag#PenetrationTesting hashtag#Kerberos hashtag#OffensiveSecurity hashtag#RedTeam hashtag#CyberSecurity hashtag#ASREPRoasting hashtag#DPAPI hashtag#PrivilegeEscalation hashtag#HackTheBox hashtag#Infosec hashtag#HacktheBox …

    Learn MoreHack The Box: Vintage Machine Walkthrough – Hard Difficulty

    19 Apr, 2025
    Hack The Box: Administrator Walkthrough Medium Difficulty
    Medium Machine , , , , , , , , , ,

    Chained privilege escalation on an AD environment via misconfigured permissions — no CVEs, just clever abuse of default rights. From Olivia to Emily to Ethan, we pivoted through user relationships using BloodHound, CrackMapExec, Kerberoasting, and WinRM access. Highlighting how overlooked configurations can lead to full domain compromise.

    #ActiveDirectory #PrivilegeEscalation #BloodHound #Kerberoasting #HackTheBox #RedTeam #CyberSecurity #WindowsPentest …

    Learn MoreHack The Box: Administrator Walkthrough Medium Difficulty

    15 Mar, 2025
    Hack The Box: Certified Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , ,

    Access is gained using Judith Mader’s credentials, allowing enumeration of network resources. CrackMapExec identifies key accounts like management_svc and ca_operator. Privilege escalation is performed using a Shadow Credentials attack with Certipy, taking control of management_svc. With valid credentials, Evil-WinRM establishes a remote session, leading to the user flag.

    For root access, the attack exploits Active Directory Certificate Services by modifying ca_operator’s User Principal Name (UPN) to Administrator, enabling a privileged certificate request. A vulnerable ESC9 certificate is issued without linking back to ca_operator, effectively granting Administrator access. The UPN is restored to avoid detection, and authentication via Kerberos retrieves the NT hash of the Administrator account. Full system control is confirmed by obtaining the root flag.

    #HackTheBox #Pentesting #ActiveDirectory #PrivilegeEscalation #CyberSecurity #EthicalHacking …

    Learn MoreHack The Box: Certified Machine Walkthrough – Medium Difficulty

    15 Feb, 2025
    Hack The Box: Cicada Machine Walkthrough – Easy Difficulty
    Easy Machine , , , , , , ,

    Introduction on Cicada: In this write-up, we will explore the “Cicada” machine from Hack The Box, categorized as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. The objective

    Continue ReadingHack The Box: Cicada Machine Walkthrough – Easy Difficulty

    14 Dec, 2024
    Hack The Box: Compiled Machine Walkthrough – Medium Difficulty
    Medium Machine , , , , , , , , , , , , ,

    Introduction to Compiled: In this write-up, we will explore the “Compiled” machine from Hack The Box, which is categorized as a medium-difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective:

    Continue ReadingHack The Box: Compiled Machine Walkthrough – Medium Difficulty