2024

Hack the Box: Perfection Writeup

Summary: To gain a foothold on the machine, we exploited an SSTI vulnerability in the web app. Subsequently, we discovered an email detailing the password pattern along with some hashes.…

Hack the Box: Analytics Writeup

Summary: In our approach to solving this box, we first gained access to the machine by exploiting a pre-authentication Remote Code Execution (RCE) vulnerability found in Metabase. After that, we…

KRBTGT Password – Active Directory

What is the KRBTGT account? The user account: KRBTGT is an account that is automatically created when promoting the first domain controller of the domain (DC). This account is located…