https://joaobonin.com/tags/hard/ Recent content in Hard on João Vítor Moutinho Bonin Hugo en Thu, 04 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-flight/ Thu, 04 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-flight/ Flight is a Hard Windows Active Directory box from HackTheBox. An LFI on a PHP school subdomain escalates to NTLM hash capture via UNC path. Crack svc_apache's hash, password spray to S.Moon, use ntlm_theft via the Shared share to coerce C.Bum's hash, pivot through a PHP webshell to meterpreter, RunasCs to C.Bum, discover an internal IIS dev site, upload an ASPX webshell, and escalate to SYSTEM via SeImpersonatePrivilege and EfsPotato. https://joaobonin.com/posts/htb-blackfield/ Wed, 03 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-blackfield/ Blackfield is a Hard Windows Active Directory box from HackTheBox. ASREPRoasting lands the support account, BloodHound reveals a ForceChangePassword path to audit2020, whose forensic SMB share contains an lsass dump. pypykatz extracts svc_backup's hash, and SeBackupPrivilege abuse via wbadmin extracts ntds.dit to dump the domain admin hash.