Forest – HackTheBox Writeup

Machine Name: Forest
IP: 10.10.10.161
Difficulty: Easy

Summary

Forest is a easy machine that starts with enumerating usernames through LDAP and performing Kerberoasting on that user. After cracking the TGT hash, we obtain the user shell. The privilege escalation involved mapping the Active Directory domain and understanding the group memberships and permissions that could be exploited. WriteDACL permissions were discovered for one of the groups which was abused to perform the DCSync attack to dump the hashes and finally pass them to gain the administrator shell.

Read More