Categoria Walkthroughs

Macchine di HTB, PG e simili spiegate come appunti personali: comandi, output importanti e reasoning, niente fuffa.

Articoli
11+ Note
Focus
OSCP · Red Team
Struttura
Recon → Exploit
Categoria Walkthroughs - <nil>

Walkthroughs Articles

Filtri

  • HTB Eighteen Walkthrough: MSSQL e privesc BadSuccessor(dMSA)
    walkthroughs

    HTB Eighteen Walkthrough: MSSQL e privesc BadSuccessor(dMSA)

    WriteUp Hack The Bpx Eighteen: impersonation MSSQL, cracking hash Werkzeug PBKDF2, privilege escalation con BadSuccessor (CVE-2025-53779) su Windows Server 2025

  • Voleur HTB: Writeup con Kerberoasting, DPAPI e WSL Privesc
    walkthroughs

    Voleur HTB: Writeup con Kerberoasting, DPAPI e WSL Privesc

    Walkthrough completo di Voleur di Hack The Box: targeted Kerberoasting, abuso AD Recycle Bin, catena DPAPI e privilege escalation via WSL fino ad Administrator.

  • HTB Scepter Walkthrough: NFS, ESC9, ESC14 e DCSync
    walkthroughs

    HTB Scepter Walkthrough: NFS, ESC9, ESC14 e DCSync

    WriteUp completo a Hack The Box Scepter: NFS, certificati PFX/PEM, ADCS ESC9, ESC14, altSecurityIdentities e DCSync finale.

  • HTB Anubis Walkthrough — ASP SSTI, Jamovi RCE e ADCS ESC4
    walkthroughs

    HTB Anubis Walkthrough — ASP SSTI, Jamovi RCE e ADCS ESC4

    Walkthrough completo di Hack The Box Anubis (Insane, Windows): ASP SSTI per shell in Docker, CVE-2021-28079 su Jamovi per foothold su host, e privilege escalation via ADCS ESC4 con GenericAll su certificate template.

  • HTB Haze Walkthrough: Splunk RCE e AD Attack Chain
    walkthroughs

    HTB Haze Walkthrough: Splunk RCE e AD Attack Chain

    Writeup HTB Haze: CVE-2024-36991 su Splunk, decryption credenziali con splunksecrets, GMSA abuse, Shadow Credentials su AD e RCE fino a SYSTEM.

  • HTB Search Walktrough – GMSA, Kerberoast e AD Certificate
    walkthroughs

    HTB Search Walktrough – GMSA, Kerberoast e AD Certificate

    Writeup completo di HTB Search: foothold tramite credenziali in un'immagine, Kerberoasting, GMSA abuse e due path distinti verso Domain Admin.

  • HTB Scrambled Walkthrough: Silver Ticket e .NET Deserialization
    walkthroughs

    HTB Scrambled Walkthrough: Silver Ticket e .NET Deserialization

    Writeup HTB Scrambled: Kerberoasting, Silver Ticket su MSSQL e RCE via BinaryFormatter insecure deserialization. Analisi statica con dnSpy e ysoserial.net

  • HTB Sekhmet Walkthrough: Node.js Deserialization, WAF Bypass e DPAPI
    walkthroughs

    HTB Sekhmet Walkthrough: Node.js Deserialization, WAF Bypass e DPAPI

    HTB Sekhmet Insane,WriteUp Completo: insecure deserialization in node-serialize, bypass ModSecurity con Unicode encoding, ZipCrypto, Kerberos su Linux e DPAPI su Active Directory.

  • HTB ProLab Dante: Review Completa 2026 – Vale la Pena Farlo?
    walkthroughs

    HTB ProLab Dante: Review Completa 2026 – Vale la Pena Farlo?

    Review HTB ProLab Dante: struttura del lab, punti di forza sul pivoting, problemi reali con OS datati e CVE unintended. A chi serve davvero e quando saltarlo.

  • HTB Hathor Walkthrough ITA: AppLocker Bypass, DLL Hijacking e DCSync su Windows Insane
    walkthroughs

    HTB Hathor Walkthrough ITA: AppLocker Bypass, DLL Hijacking e DCSync su Windows Insane

    Walkthrough HTB Hathor: AppLocker bypass, DLL hijacking su SMB, code signing con certificato rubato e DCSync senza NTLM. Macchina Windows Insane

  • Osaka Walkthrough – OffSec PG | BOF, ROP Chain & DEP Bypass
    walkthroughs

    Osaka Walkthrough – OffSec PG | BOF, ROP Chain & DEP Bypass

    Walkthrough Osaka – OffSec Proving Grounds: format string → ASLR bypass, ROP chain con VirtualAlloc → DEP bypass, shellcode e SeDebugPrivilege → SYSTEM.