https://joaobonin.com/tags/ldap/ Recent content in Ldap on João Vítor Moutinho Bonin Hugo en Mon, 01 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-monteverde/ Mon, 01 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-monteverde/ Monteverde is a Medium Windows Active Directory box from HackTheBox. We enumerate domain users via null session, discover a username-as-password credential for SABatchJobs, find an Azure AD Connect config file containing plaintext credentials in an SMB share, and escalate to Administrator by decrypting the Azure AD Sync service account password from the local MSSQL Express database. https://joaobonin.com/posts/htb-return/ Tue, 19 May 2026 00:00:00 -0300 https://joaobonin.com/posts/htb-return/ Write-up for the HackTheBox machine Return - capturing LDAP credentials via a printer settings page, then abusing Server Operators group membership to get SYSTEM.