The Forest Windows box retired this weekend on HackTheBox. Getting user was quite straight forward but escalating privileges was a little more compricated. We’ll have a look at BloodHound for that last step, it’s an open source tool that I use a lot for work now and that I can’t recommend enough. 1: Recon First, I do the usual nmap scan I start with on all boxes: nmap -A -T5 10.

The Bastion Windows box retired this weekend on HackTheBox. It was a Windows box, quite easy to solve but learned a lot along the way. It’s my first write-up of a HTB box so it might not be the best but hopefully it will be a nice summary! We learn about SMB, mounting VHD in Linux, stealing Windows hashes, cracking them with John, and exploiting a program for Privesc. 1: Recon First, I do the usual nmap scan I start with on all boxes: nmap -A -oN nmap-bastion.