Section Contents

• 📄 HTB: Active

  A textbook Active Directory compromise. Finding passwords in SYSVOL (GPP) and Kerberoasting the Administrator.

• 📄 HTB: Administrator

  Cracking Cisco hashes and exploiting Splunk via CVE-2019-15107 to pivot into Active Directory.

• 📄 HTB: Bastion

  Mounting remote VHD backup files to steal SAM hives.

• 📄 HTB: BoardLight

  Exploiting Dolibarr CRM via PHP injection.

• 📄 HTB: Certified

  Active Directory Certificate Services (AD CS) abuse. Exploiting ESC1 to forge a Golden Certificate.

• 📄 HTB: Cicada

  Abusing Forest Trusts and data mining SMB shares to compromise a child domain.

• 📄 HTB: Devel

  The classic 'FTP Upload -> IIS Execute' path, followed by a Kernel exploit for System.

• 📄 HTB: Forest

  Using BloodHound to map ACL paths, abusing Exchange Windows Permissions to grant DCSync rights.

• 📄 HTB: Netmon

  Exploiting PRTG Network Monitor default credentials and config file leakage.

• 📄 HTB: Sauna

  Exploiting username enumeration, ASREPRoasting, and extracting plain text credentials for lateral movement.

• 📄 HTB: Tombwatcher

  A complex chain involving Database exploitation and Active Directory pivoting.