https://adityatelange.in/tags/esc1/Recent content in ESC1 on Aditya Telangehttps://adityatelange.in/assets/tn.jpghttps://adityatelange.in/assets/tn.jpgHugo -- 0.156.0en2020 - 2026 Aditya TelangeSun, 06 Jul 2025 19:50:00 +0530https://adityatelange.in/writeups/hackthebox/escape/Sun, 06 Jul 2025 19:50:00 +0530https://adityatelange.in/writeups/hackthebox/escape/Escape is a medium-difficulty Windows machine on Hack The Box that revolves around Active Directory. The initial foothold is gained by finding credentials in a PDF file on an open SMB share. This access is then leveraged to connect to an MSSQL service, from which we capture and crack the NTLM hash of a service account. Lateral movement is achieved by discovering another user’s credentials in a log file. Finally, privilege escalation to Administrator is accomplished by exploiting a misconfiguration in Active Directory Certificate Services (ADCS), specifically the ESC1 vulnerability.