HackTheBox - EscapeTwo Writeup
EscapeTwo is an easy Windows machine focused on full domain compromise. Starting with low-privileged credentials, we extract more creds from a corrupted Excel file, gain MSSQL and WinRM access, and discover ADCS misconfigurations. Exploiting these flaws leads to the Administrator hash and full domain control.
smb smbmap smbclient-ng netexec-mssql impacket-mssqlclient mssql netexec-winrm evil-winrm xp_cmdshell bloodhound sharphound powerview.ps1 account-cert-publishers-group writeowner certipy-ad adcs-esc4 rubeus psexec-hash psexec.py impacket-psexec