HTB - Tag - My Personal Bloghttps://f0dh1l.github.io/blog/tags/htb/HTB - Tag - My Personal BlogHugo -- gohugo.ioenbenhibafodhil@gmail.com (F0DH1L)benhibafodhil@gmail.com (F0DH1L)2025 F0DH1LThu, 23 Oct 2025 14:01:34 +0100HTB Machine Writeup "TombWatcher"https://f0dh1l.github.io/blog/posts/htb_tombwatcher/Thu, 23 Oct 2025 14:01:34 +0100benhibafodhil@gmail.com (F0DH1L)https://f0dh1l.github.io/blog/posts/htb_tombwatcher/HTB Machine: TombWatcher - Writeup

Machine Information

  • Difficulty: Medium
  • Key Concepts: Kerberoasting, LDAP Enumeration, BloodHound Analysis, Active Directory Privilege Escalation, Deleted Object Recovery, ADCS ESC15 Vulnerability

Overview

TombWatcher is a Medium Windows machine from HackTheBox that demonstrates a complex Active Directory attack path involving Kerberoasting, group membership manipulation, GMSA password extraction, ownership changes, recovering and restoring deleted AD objects, and ultimately exploiting an ADCS vulnerability (ESC15) to achieve domain administrator privileges.

]]>HTB Machine Writeup "Artificial"https://f0dh1l.github.io/blog/posts/htb_artificial/Thu, 23 Oct 2025 13:48:04 +0100benhibafodhil@gmail.com (F0DH1L)https://f0dh1l.github.io/blog/posts/htb_artificial/HTB Machine: Artificial - Writeup

Machine Information

  • Difficulty: Easy
  • OS: Linux
  • Key Concepts: TensorFlow/Keras Vulnerability, File Upload, Privilege Escalation Through Backrest service

Overview

Artificial is an Easy Linux machine from HackTheBox that demonstrates the dangers of accepting user uploaded machine learning models. The path to root involves exploiting a TensorFlow remote code execution vulnerability, database credential extraction, and abusing a backup service to read the root flag.

]]>