rce

  • 18th December 2025

TheFrizz writeup

writeupshack-the-boxrcehash-crackingkerberosactive-directorycve

TheFrizz is a hybrid box that combines web exploitation, database credential extraction, and Active Directory lateral movement. We will exploit a Gibbon CMS RCE (CVE‑2023‑45878), extract and crack hashes, use Kerberos authentication, and abuse Group Policy Objects (GPO) for privilege escalation.

Read more