HackTheBox - Active Writeup
Active is an easy Hack The Box Windows machine set in an Active Directory environment. Anonymous SMB access reveals a Groups.xml file with a GPP-encrypted password, leading to domain credentials and the user flag. Kerberoasting a user with an SPN yields a crackable TGS hash, granting Administrator access via PsExec and full system compromise.
March 23, 2025 1 min read smb smbmap smbclient-ng groups.xml group-policy-file gpp-decrypt ldap ldapsearch impacket-GetADUsers kerberoasting ldapsearch-SPN hashcat impacket-psexec kerberos