Possibly Related Threads…

ArkhamKnight-47 · 02-09-2025, 08:08 PM

Hidden Content

You must register or login to view this content.

ArkhamKnight-47 · 02-10-2025, 02:03 PM

This provides the complete process for capturing the flags.

CyberBlade · 02-11-2025, 05:14 AM

Thanks alot Mate
this is usefull

vladiksin · 02-11-2025, 10:28 PM

Thnaks for content

0xbeef · 02-12-2025, 12:03 AM

How did you get the hash of the admin on WEB-01 is what I am dying to understand. I did the ntlmrelayx but did not get anywhare. Please I am trying to understand what I am doing wrong

ArkhamKnight-47 · 02-12-2025, 06:26 PM

(02-12-2025, 12:03 AM)0xbeef Wrote:
(02-09-2025, 08:08 PM)ArkhamKnight-47 Wrote:

How did you get the hash of the admin on WEB-01 is what I am dying to understand. I did the ntlmrelayx but did not get anywhare. Please I am trying to understand what I am doing wrong

You can use certipy,

certipy auth -pfx 'WEB-01$.pfx' -u 'WEB-01$' -domain darkcorp.htb -dc-ip 172.16.20.1 -debug

The command uses Certipy to authenticate as the WEB-01$ machine account on the darkcorp.htb domain using a .pfx certificate instead of a password or hash, targeting the Domain Controller at 172.16.20.1.

Zephyru · 02-14-2025, 02:55 PM

thnx for this mate, great work really appreciate it lad Smile

valentinbvro · 02-14-2025, 06:36 PM

im intrested on the info!!!!!!!!!!!!!

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	HTB Eloquia User and Root Flags - Insane Box	69646B	13	350	03-27-2026, 06:14 PM Last Post: vlxw
	[Season10] ROOT Pterodactyl	pulsebreaker	55	1,068	03-27-2026, 04:03 AM Last Post: Dvlspo
	HTB - ARTIFICIAL.HTB - EASY LINUX	chain	0	21	02-10-2026, 02:12 PM Last Post: chain
	HTB - VOLEUR.HTB - MEDIUM WINDOWS	chain	1	120	02-09-2026, 07:07 PM Last Post: 403Forbidden
	HTB - CERTIFICATE.HTB - HARD WINDOWS	chain	0	113	02-09-2026, 04:49 PM Last Post: chain