Hack The Box — Forest

Initial Enumeration

Domain users not directory

Getting the user credentials


Using BloodHound to escalate privileges

Active directory attacks
  1. Enter the username at the top to search for him
  2. It will appear at the free space, right click on them and click mark user as owned
  3. Notice that you have 4 reachable high value targets
  4. Click on the number, you will get this diagram


Stay in touch

Offensive Security Enthusiast — twitter @eslam3kll

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Web3 vs. R3 — Reputation, Recognition & Rewards

Announcing $PROT IDO Whitelisting on Prostarter Launchpad

How to setup 2FA for Cloud wallet

Phantom Protocol Mainnet Going Live

Raze Network Partners With Polygon (formerly Matic)

It’s time to turn on HTTPS: the benefits are well worth the effort

Knit Finance partners with Oropocket to enable deeper penetration of OpenDeFi in Binance smart…

Dxcpl 11 Windows 10 64 Bit Download

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eslam Akl

Eslam Akl

Offensive Security Enthusiast — twitter @eslam3kll

More from Medium

Steghide — A beginners tutorial

HTB: Nibble Writeup w/o Metasploit

Vulnhub: basic pentesting 1 (Walkthrough)