I’m back to conquer another Windows Domain Controller with #HTB #Cascade. I encountered a variety of exploits: unauthenticated LDAP enumeration, SMB exploitation, passwords in files, DnSpy to decompile/intercept info during debug, & AD Recycle Bin recovery. I introduced a few niche techniques, so come hack along!
HackTheBox ~ Sauna Walkthrough
Now's a great time to learn some Windows/Kerberos/LDAP pentest tactics. In the end, I'll cover mimikatz and impacket to lock in Administrator. Come watch me take down Sauna on #HTB!
#HackTheBox #Sauna #BridgingTheGap
HackTheBox ~ Book Walkthrough
Join me as I take down Book! This box had some stability issues, but was a great introduction to LFI via XSS on dynamic PDFs. Combining that with SQL truncation, we’ll gain foothold and use the Logrotten exploit to get a root shell.
#HackTheBox #HTB #Book #BridgingTheGap
HackTheBox ~ ForwardSlash Walkthrough
Come follow along as I tackle ForwardSlash from HackTheBox. There are a variety of chained items to get a foothold; from Virtual Host enumeration to File Inclusion vulnerabilities. From there, getting root required bypassing a custom time-sync’d backup program and decrypting the final password with a custom Python encryption script. With some LUKS encryption and mounting a backup, the whole box was a challenge from start to finish!
#HackTheBox #HTB #ForwardSlash #BridgingTheGap