← All posts
#

BloodHound

2 posts

HTB Fluffy: From Low-Priv Creds to Domain Admin via CVE-2025-24071 & Shadow Credentials
HTB · Easy

HTB Fluffy: From Low-Priv Creds to Domain Admin via CVE-2025-24071 & Shadow Credentials

Starting with low-privileged domain credentials, the attack chain exploits CVE-2025-24071 to leak an NTLM hash, cracks it, abuses GenericAll ACLs, uses Shadow Credentials to take over service accounts, and finally forges an Administrator certificate via ADCS for Domain Admin.

09 Jun 2026 Easy
Forest — AS-REP Roasting et DCSync via Exchange permissions
HTB · Easy

Forest — AS-REP Roasting et DCSync via Exchange permissions

AS-REP Roasting sur un compte sans pré-auth Kerberos, puis abus des permissions Exchange WriteDACL pour obtenir DCSync et dumper les hashes NTDS.

02 Apr 2025 Easy