Hack The Box Escape 2 Walkthrough | SMB to MSSQL Foothold & AD CS Domain Admin | Part - 3 (Final)
Description:
In this walkthrough of the Escape 2 Active Directory machine on Hack The Box, I solve the entire box without using any guides. The challenge involves pivoting from SMB file share access to MSSQL command execution, then escalating privileges through AD CS certificate abuse to gain full domain compromise.
What You’ll Learn:
- Enumerating SMB shares to retrieve `.xlsx` files containing MSSQL credentials
- Logging into MSSQL as `sa`, enabling xp_cmdshell, and gaining initial shell access
- Enumerating internal files to find `ryan`'s credentials and logging in via WinRM
- Using BloodHound to identify privilege escalation vectors
- Abusing AD CS ESC4 misconfigurations to impersonate a Domain Admin
- Gaining full SYSTEM shell access and capturing root.txt
Machine Link: https://app.hackthebox.com/machines/EscapeTwo
If this video helped you, drop a like, comment with your thoughts, and subscribe for more realistic, guide-free HTB walkthroughs.
Видео Hack The Box Escape 2 Walkthrough | SMB to MSSQL Foothold & AD CS Domain Admin | Part - 3 (Final) канала Tech n Talk
In this walkthrough of the Escape 2 Active Directory machine on Hack The Box, I solve the entire box without using any guides. The challenge involves pivoting from SMB file share access to MSSQL command execution, then escalating privileges through AD CS certificate abuse to gain full domain compromise.
What You’ll Learn:
- Enumerating SMB shares to retrieve `.xlsx` files containing MSSQL credentials
- Logging into MSSQL as `sa`, enabling xp_cmdshell, and gaining initial shell access
- Enumerating internal files to find `ryan`'s credentials and logging in via WinRM
- Using BloodHound to identify privilege escalation vectors
- Abusing AD CS ESC4 misconfigurations to impersonate a Domain Admin
- Gaining full SYSTEM shell access and capturing root.txt
Machine Link: https://app.hackthebox.com/machines/EscapeTwo
If this video helped you, drop a like, comment with your thoughts, and subscribe for more realistic, guide-free HTB walkthroughs.
Видео Hack The Box Escape 2 Walkthrough | SMB to MSSQL Foothold & AD CS Domain Admin | Part - 3 (Final) канала Tech n Talk
Комментарии отсутствуют
Информация о видео
25 июня 2025 г. 4:20:17
03:37:54
Другие видео канала
