/tags/windows/ Recent content in Windows on v4lle's Blog Hugo en Tue, 07 Apr 2026 00:00:00 +0000 /posts/fluffy/ Tue, 07 Apr 2026 00:00:00 +0000 /posts/fluffy/ <p><img src="/posts/fluffy/fluffy.png" alt="fluffy"></p> <p>Fluffy is an Easy-rated Windows machine and my first box from the new CPTS Preparation Track on HackTheBox. It&rsquo;s a great box if you want to get hands-on with modern Active Directory attacks. We start from an assumed-breach perspective, inject a crafted .library-ms file via an SMB share to harvest NTLM hashes, and continue by abusing Generic Write privileges through Shadow Credentials. The final step to Domain Takeover is exploiting an AD CS ESC16 vulnerability.</p> /posts/optimum/ Sat, 13 Sep 2025 00:00:00 +0000 /posts/optimum/ <p><img src="/posts/optimum/optimum.png" alt="optimum"></p> <p><strong>Optimum</strong> is a beginner-level machine which mainly focuses on enumeration of services with known exploits. Both exploits are easy to obtain and have associated Metasploit modules, making this machine fairly simple to complete.</p> <hr> <h2 id="-enumeration">🕵️ Enumeration</h2> <p>After spawning the machine and connecting to the VPN, we start with the initial enumeration.</p> <hr> <h2 id="-initial-nmap-scan">🔍 Initial Nmap Scan</h2> <p>We begin by running an initial nmap scan with the following command:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">nmap -sC -sV -vv -oA nmap/initial_scan &lt;Target-IP&gt; </span></span></code></pre></div><ul> <li><code>-sC</code> Default script scan</li> <li><code>-sV</code> Service version detection</li> <li><code>-vv</code> Verbose output</li> <li><code>-oA</code> Output all formats</li> </ul> <p>Nmap reports only Port 80 open:</p>