This post is password protected. Please enter the password to view the content.
Incorrect password. Please try again.
Samurai is a Linux machine featuring a Joomla 4.2.5 instance vulnerable to CVE-2023-23752, leaking database credentials and sensitive information granting admin access, leading to RCE and a command injection privesc via a SUID-like custom binary.
EscapeTwo is an easy Windows Active Directory machine on HackTheBox. Starting with provided credentials, we enumerate SMB shares to recover plaintext credentials from Excel files, pivot through MSSQL to a shell as sql_svc, recover ryan credentials from a SQL installer config, then abuse ESC4 via the ca_svc account to forge an administrator certificate and own the domain.
Eighteen is a Windows Server 2025 domain controller where MSSQL impersonation leads to a cracked PBKDF2 hash and a password spray foothold, then BadSuccessor dMSA abuse escalates to Domain Admin.
