HackTheBox - Certified

Certified is a Windows machine having misconfigured ACL in Active Directory environment where initial access for a low-privileged user judith.mader is provided. Exploitation of the Active Directory Certificate Service (ADCS) is required to get access to the management_svc, ca_operator and Administrator account by abusing shadow credentials and ESC9.

March 20, 2025 · 17 min · Aditya Telange

HackTheBox - Photobomb

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

February 11, 2023 · 7 min · Aditya Telange

HackTheBox - Legacy

Legacy is a relatively easy box which has SMB running on Windows XP(2000) OS. We find the exploit with metasploit and get access to priviledged user NT AUTHORITY\SYSTEM directly.

June 3, 2022 · 4 min · Aditya Telange
This site uses cookies to improve your experience on our website. By using and continuing to navigate this website, you accept this. More details in Privacy Statement.