HackTheBox: PingPong
HackTheBox: PingPong
Feel free to reachout on LinkedIn or any of my socials in case you need help with the challenge. The full writeup will be released after the box is retired.
Related Articles
Kubernetes CTF writeup: pivoting from a low-privilege bastion into a hidden cluster service by manually joining a Flannel VXLAN overlay network, bypassing pod network isolation, and discovering an internal endpoint via reverse DNS sweeps against CoreDNS.
HackTheBox Season 10 Logging writeup: unauthenticated AD enumeration, shadow-credential abuse to reset msa_health for the initial foothold, DLL hijacking on UpdateMonitor for lateral movement, and ADCS ESC1 + WSUS abuse for Domain Admin.
HackTheBox AirTouch writeup: WPA-PSK and WPA2-Enterprise (PEAP) attacks with the Aircrack-ng suite and EAPHammer, evil-twin captures, and VLAN pivoting through wpa_supplicant for full network compromise.
Tags:
#CTF#CTF Writeup#HTB#HackTheBox#HackTheBox: PingPong#HTB: PingPong#PingPong#HTB Season 10#Windows#Active Directory#Cross-Forest Trust#AD Trust Abuse#ADCS#ADCS ESC4#ENROLLEE_SUPPLIES_SUBJECT#Shadow Credentials#RBCD#Resource-Based Constrained Delegation#Kerberos Delegation#Service Ticket Impersonation#Group Scope Manipulation#gMSA#gMSA Password Dump#JEA Bypass#Just Enough Administration#DCSync#SeImpersonatePrivilege#GodPotato#TGT Abuse#BloodHound#BloodyAD#Certipy#Impacket#Evil-WinRM#Lateral Pivoting#Privilege Escalation#ADIDNS#Information Gathering#Red Team#Windows Pentesting#OSCP Prep#CRTP#CRTE