Fluffy - HackTheBox
This is an Easy Active Directory box, where CVE-2025-24071 is exploited giving access to another account. ADCS ESC16 will be exploited, allowing for domain compromise. Recon The nmap scan shows several ports open, these are related to Windows AD. $ sudo nmap -sS 10.10.11.69 -o allPorts [sudo] password for kali: Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-28 16:36 WEST Nmap scan report for 10.10.11.69 Host is up (0.039s latency). Not shown: 989 filtered tcp ports (no-response) PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 5985/tcp open wsman Nmap done: 1 IP address (1 host up) scanned in 4.91 seconds The service scan gives us the domain name and the hostname of the Domain Controller (DC01). ...
