vintage start by exploiting a computer to read gmsa password of a machine account that can add itself to a group who has generic write over 3 service accounts. We perform a targeted kerberos ...

SMB nxc smb 10.10.10.10 -u user -p password nxc smb 10.10.10.10 -u user -p password --user --shares -M spider_plus LDAP ldapsearch -H 'ldap://htb.local/' -x -b "dc=htb,dc=local" '(o...

On Blackfield I start by dumping users and making a list to perform as-rep roasting attacking, we crack the hash of one user who can change the password of another user. The latter has read p...

On Outdated we start by exploiting a remote code execution vulnerability in MSDT to get a reverse shell. After that we perform shadow credentials attack to obtain the hash of a user. The latt...

On Trick We exploit a sql injection to bypass a login page, the use the same vulnerability to read files on the system exposing subdomain. The latter is running a website vulnerable to LFI al...

Agile from HackTheBox is running a password manager vulnerable to path traversal, the website is using flask with debug mode allowing us to generate the pin code and get a reverse shell. Once...

Dog from HackTheBox is running backdrop cms vulnerable to authenticated rce that exploit after finding credentials on git directory in the webserver. After that we exploit a sudo entry to get...

Cat from HackTheBox start with a source code review where we find an XSS that we exploit to get the admin’s cookie followed by sql injection to get credentials to the box. We find another use...

SAM SAM (Security Account Manager) is a database file in Windows that stores local user account credentials, including password hashes, and is used during the local authentication proces...

Titanic from HackTheBox starts with a website having it’s source code on a gitea instance helping us discover a directory traversal. We exploit that retrieve the gitea db file and crack the f...