HackTheBox Blazorized [WriteSPN Kerberoasting + DC session pirvesc + DCSync hash dump + Bloodhound-CE]

Excellent! 216 posts in total. Keep on posting.

2024

11-10

HackTheBox Blazorized [WriteSPN Kerberoasting + DC session pirvesc + DCSync hash dump + Bloodhound-CE]

10-27

HackTheBox Mist [CVE-2024-9405 + PetitPotam Attack + shadow credential + s4u impersonat + reading GMSA password + abusing AddKeyCredentialLink + exploiting ADCS ESC 13 twice]

04-22

Grafana backend sql injection affected all version

04-01

HackTheBox Rebound [RID cycling + AS-REP-Roasting with Kerberoasting + Weak ACLs + ShadowCredentials attack + cross-session relay + Runascs and KrbRelay read gMSA password + Resource-Based Constrained Delegation (RBCD) + S4U2Self & S4U2Proxy]

03-17

HackTheBox Manager [RID cycling + MSSQL xp_dirtree + ESC7 exploitation]

2023

12-19

HackTheBox Coder [Bloodhound AD Enumeration + ADCS CVE-2022-26923]

12-11

HackTheBox Authority [ansible hash crack + ESC1 attack + pass-the-cert attack]

07-01

2023年春秋杯网络安全联赛春季赛 web php_again [PHP 8.2.2 OPcache Binary Webshell + CVE-2022-42919 LPE]

06-29

ciscn 2022 ezpentest writeup [sql BIGINT盲注绕正则+解phpjiami混淆+反序列化POP链构造]

06-18

HackTheBox Escape [Net-NTLMv2 + ADCS + PTH + Silver Ticket]