HTB: Silentium Writeup

🔒 Protected Content

This post is password protected. Please enter the password to view the content.

Incorrect password. Please try again.

Connect With Me

Apr 10, 2026

thepentesting.ninja in silentium htb hackthebox linux silentium.htb

15 min read Apr 4, 2026

HTB: DarkZero Writeup

Hard Windows Active Directory machine featuring MSSQL linked server lateral movement across two forests, CVE-2024-30088 kernel LPE to SYSTEM, and unconstrained delegation abuse for domain takeover.

thepentesting.ninja in darkzero hackthebox windows hard active-directory mssql kerberos cve-2024-30088

19 min read Apr 4, 2026

HTB: StreamIO Writeup

StreamIO is a medium Windows Active Directory box. SQL injection on a PHP login page leaks MD5 hashes, cracking them gets admin panel access, where a hidden debug parameter enables LFI and PHP source disclosure leading to RCE via eval(). Pivoting through MSSQL and Firefox saved credentials exposes an AD path through LAPS.

thepentesting.ninja in streamio hackthebox windows active-directory sqli lfi laps bloodhound mssql firefox

15 min read Apr 2, 2026

HTB: VulnCicada Writeup

Windows AD machine where NFS exposes a credential in a sticky note photo, NTLM is disabled forcing Kerberos throughout, and ESC8 lets us relay the DC machine account to ADCS for a certificate-based takeover.

thepentesting.ninja in vulncicada hackthebox windows active-directory nfs kerberos adcs esc8 krbrelayx petitpotam

🔒 Protected Content

Connect With Me