HackTheBox | Authority — Exploiting ADCS & ESC1

🔥 CTF Challenge Walkthrough: Authority🔥 🕹️ CTF Platform: HackTheBox 📁 Difficulty: Medium 💻 Category: Windows, Active Directory, ADCS, ESC1 Thanks to mrb3n & Sentinal920 for making this amazing box 📝 Video Overview: In this video, we tackle the Hack The Box "Authority" Machine. Here’s a summary of the key steps and findings: - SMB Enumeration: Discovered sensitive files in exposed shares. - Ansible Vault: Cracked encrypted fields to retrieve credentials. - PWM Misconfiguration: Exploited configuration mode to capture plaintext LDAP credentials. - ADCS Exploitation: Leveraged a vulnerable certificate template (ESC1) to escalate privileges. - Privilege Escalation: Added the svc_ldap user to the Administrators group, achieving full control. 📚 Useful Resources: ADCS - https://posts.specterops.io/certified-pre-owned-d95910965cd2 ESC1 - https://www.blackhillsinfosec.com/abusing-active-directory-certificate-services-part-one/ Box - https://app.hackthebox.com/machines/Authority Writeup - https://anuragtaparia.gitbook.io/write-ups/active-directory/htb-or-authority 🔔 Stay Connected: GitBook: https://anuragtaparia.gitbook.io/write-ups LinkedIn: https://www.linkedin.com/in/anurag-taparia-a1a981198/ Twitter: https://twitter.com/AnuragTaparia1 Medium: https://medium.com/@anuragtaparia14 Don’t forget to like, subscribe, and hit the notification bell to stay updated on my latest videos!