HackTheBox - Sauna Writeup
Sauna is an easy Hack The Box Windows machine focused on Active Directory exploitation. Usernames are gathered from a company site and used in an ASREPRoasting attack, revealing a crackable hash. The recovered credentials enable WinRM access. WinPEAS uncovers autologon credentials for another user, who has remote access and DCSync privileges. A successful DCSync attack retrieves the domain admin hash, which is used with Impacket’s psexec.py for SYSTEM access.
March 16, 2025 1 min read ldap ldapsearch username-anarchy crackmapexec-smb ASREPRoast GetNPUsers.py evil-winrm bloodhound sharphound printnightmare printer DCSync-attack winpeas secretsdump.py psexec.py psexec-hash hashcat msfvenom kerberos CVE-2021-1675 CVE-2021-34527