password-spray

  • 31st December 2025

Cicada writeup

writeupshack-the-boxwindowsactive-directorysmbpassword-spraysebackupprivilege

Cicada is a Windows Active Directory box that involves SMB share enumeration, password spraying, and exploitation of SeBackupPrivilege. We will discover default credentials in an HR notice, perform RID brute‑forcing to enumerate users, spray passwords to gain initial access, then leverage backup operator privileges to dump and crack password hashes for domain administrator access.

Read more 
  • 22nd December 2025

Administrator writeup

writeupshack-the-boxwindowsactive-directorybloodhoundpassword-spraytargeted-kerberoastingdcsyncpass-the-hash

Administrator is a Windows Active Directory box that demonstrates permission chaining, BloodHound enumeration, and password‑spraying. We will use a recovered PasswordSafe database for credential spraying, perform targeted Kerberoasting, abuse DCSync, and finally use pass‑the‑hash to gain domain administrator access.

Read more