This room will cover all of the basics of attacking Kerberos the windows ticket-granting service; we’ll cover the following: Initial enumeration using tools like Kerbrute and Rubeus Kerberoa...

Forest in an easy difficulty Windows Domain Controller (DC), for a domain in which Exchange Server has been installed. The DC is found to allow anonymous LDAP binds, which is used to enumerate doma...

Authority is a medium-difficulty Windows machine that highlights the dangers of misconfigurations, password reuse, storing credentials on shares, and demonstrates how default settings in Active Dir...

PC is an Easy Difficulty Linux machine that features a gRPC endpoint that is vulnerable to SQL Injection. After enumerating and dumping the database's contents, plaintext credentials l...

MonitorsTwo is an Easy Difficulty Linux machine showcasing a variety of vulnerabilities and misconfigurations. Initial enumeration exposes a web application prone to pre-authentication Remote Code ...

Sauna is an easy difficulty Windows machine that features Active Directory enumeration and exploitation. Possible usernames can be derived from employee full names listed on the website. With these...

TwoMillion is a special release from HackTheBox to celebrate 2,000,000 HackTheBox members. It released directly to retired, so no points and no bloods, just for run. It features a website that look...

Pilgrimage is an easy-difficulty Linux machine featuring a web application with an exposed Git repository. Analysing the underlying filesystem and source code reveals the use of a vulnerable versio...

Escape is a Medium difficulty Windows Active Directory machine that starts with an SMB share that guest authenticated users can download a sensitive PDF file. Inside the PDF file temporary credenti...

Request Credentials Reverse DNS lookup and AXFR request doesn’t work /etc/hosts # THM STUFF 10.200.19.101 THMDC za.tryhackme.com THMDC.za.tryhackme.com 10.200.19.249 THMJMP2.za.tryhackme.co...

Credential Injection Runas Explained Have you ever found AD credentials but nowhere to log in with them? Runas may be the answer you’ve been looking for! In security assessments, you will often ...

Introduction to AD Breaches Alert!, This Room Is Aweful Active Directory (AD) is used by approximately 90% of the Global Fortune 1000 companies. If an organisation’s estate uses Microsoft Win...

Room Objectives In this room, we will learn about Active Directory and will become familiar with the following topics What Active Directory is What an Active Directory Domain is What compo...

Stocker is a medium difficulty Linux machine that features a website running on port 80 that advertises various house furniture. Through vHost enumeration the hostname dev.stocker.htb is identified...