active-directory

  • 22nd December 2025

Administrator writeup

writeupshack-the-boxwindowsactive-directorybloodhoundpermission-chainingpassword-spraytargeted-kerberoastingdcsyncpass-the-hash

Administrator is a Windows Active Directory box that demonstrates permission chaining, BloodHound enumeration, and password‑spraying. We will use a recovered PasswordSafe database for credential spraying, perform targeted Kerberoasting, abuse DCSync, and finally use pass‑the‑hash to gain domain administrator access.

Read more 
  • 18th December 2025

TheFrizz writeup

writeupshack-the-boxrcehash-crackingkerberosactive-directorycve

TheFrizz is a hybrid box that combines web exploitation, database credential extraction, and Active Directory lateral movement. We will exploit a Gibbon CMS RCE (CVE‑2023‑45878), extract and crack hashes, use Kerberos authentication, and abuse Group Policy Objects (GPO) for privilege escalation.

Read more 
  • 16th December 2025

Fluffy writeup

writeupshack-the-boxwindowsactive-directorysmbresponderhash-crackingcve

Fluffy is a Windows Active Directory box that focuses on SMB share enumeration and NTLM hash capture. We will exploit CVE‑2025‑24071 via Responder, crack the obtained hash, then leverage shadow credentials and the ESC16 vulnerability to gain domain administrator access.

Read more 
  • 15th December 2025

TombWatcher writeup

writeupshack-the-boxwindowsactive-directorykerberoastingshadow-credentialscertificate-abusebloodhound

TombWatcher is a Windows Active Directory box that involves lateral movement through multiple user accounts, Kerberoasting, shadow credential attacks, and certificate template abuse. We will perform BloodHound enumeration, set a service principal name for Alfred, Kerberoast to obtain Alfred’s hash, then leverage GenericAll permissions to manipulate SAM, John, and CERT_ADMIN accounts, finally using ESC1 vulnerability to request a certificate as the domain administrator.

Read more