https://heretek.dev/pt/writeups/ Recent content in Writeups de Boxes on Heretek https://heretek.dev/og-image.png https://heretek.dev/og-image.png Hugo pt Sat, 28 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/htb-certified/ Sat, 28 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/htb-certified/ Box AD assumed breach. Abuso de WriteOwner num grupo, double shadow credentials chain, e abuso de certificado ADCS ESC9 até Domain Admin. https://heretek.dev/pt/writeups/htb-active/ Tue, 24 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/htb-active/ Minha primeira box AD. Null session no SMB -> senha GPP no SYSVOL -> Kerberoasting do Administrator -> Domain Admin. https://heretek.dev/pt/writeups/htb-blackfield/ Tue, 24 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/htb-blackfield/ Box AD Hard. AS-REP Roasting -> BloodHound -> ForceChangePassword -> lsass.DMP -> SeBackupPrivilege -> VSS snapshot -> NTDS.dit -> Domain Admin. https://heretek.dev/pt/writeups/htb-forest/ Tue, 24 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/htb-forest/ Segunda box AD. AS-REP Roasting sem creds, caminho de ataque no BloodHound por 5 grupos nested, ACL abuse até DCSync. https://heretek.dev/pt/writeups/htb-monteverde/ Tue, 24 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/htb-monteverde/ Box Active Directory — password spraying -> extração de credenciais do Azure AD Connect -> Domain Admin. https://heretek.dev/pt/writeups/htb-querier/ Tue, 24 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/htb-querier/ Acesso guest no SMB -> macro Excel com creds MSSQL -> roubo de hash via Responder com xp_dirtree -> xp_cmdshell -> reverse shell. https://heretek.dev/pt/writeups/pg-algernon/ Tue, 24 Mar 2026 00:00:00 +0000 https://heretek.dev/pt/writeups/pg-algernon/ Box Proving Grounds — FTP anônimo, SmarterMail numa porta estranha, .NET deserialization RCE direto pra SYSTEM. Sem privesc necessário.