HackTheBox - Shibuya
14 min read :: Jun 24, 2025
#hackthebox
#active-directory
#windows
#smb
#kerberos
#esc1
#cross-session-relay
A comprehensive walkthrough of the Hard-rated Shibuya machine from HackTheBox, featuring Windows registry extraction from WIM files, cross-session COM/DCOM relay attacks with RemotePotato0, BloodHound enumeration, and Active Directory Certificate Services (ADCS) ESC1 exploitation for domain takeover.
SSRF
7 min read :: Oct 01, 2023
#ssrf
#web
#vulnerability
SSRF is a type of web attack where a server can make requests on behalf of an attacker.
CSRF
11 min read :: Aug 10, 2023
#csrf
#web
#vulnerability
CSRF is an attack that tricks the victim into submitting a malicious request.