A medium Windows box from HackTheBox, enumerate users by scraping pdf data off of a web site, and use a password spray attack to get SMB access, through that get another user’s NTLM hash by abusing a custom script and finally abuse ReadGMSAPassword privileges to craft a TGT as administrator and get root.

A medium Windows box from HackTheBox, enumerate users by scraping pdf data off of a web site, and use a password spray attack to get SMB access, through that get another user’s NTLM hash by abusing a custom script and finally abuse ReadGMSAPassword privileges to craft a TGT as administrator and get root.

A medium Windows box from HackTheBox, enumerate users by scraping pdf data off of a web site, and use a password spray attack to get SMB access, through that get another user’s NTLM hash by abusing a custom script and finally abuse ReadGMSAPassword privileges to craft a TGT as administrator and get root.

An easy WIndows box from HackTheBox, find creds intside of an smb share and use those to kerberoast the administrators credentials, crack them with hashcat and get root.

An easy WIndows box from HackTheBox, find creds intside of an smb share and use those to kerberoast the administrators credentials, crack them with hashcat and get root.