Leopard's Blogsite

Leopard's Blogsite https://le0pard.vercel.app/blog en-us Leopardplaysctf@gmail.com (Yasir Mehmood) Leopardplaysctf@gmail.com (Yasir Mehmood) Mon, 06 Apr 2026 00:00:00 GMT https://le0pard.vercel.app/blog/HTB-DarkZero-Writeup Hack-The-Box - Hard - Windows - DarkZero https://le0pard.vercel.app/blog/HTB-DarkZero-Writeup Initial MSSQL access on DC01, linked instance on DC02 enables xp_cmdshell for lateral movement. CVE-2024-30088 elevates to SYSTEM. Unconstrained delegation on DC01 coerced via MSSQL to capture TGT with Rubeus, then DCSync extracts Administrator hash for root flag. Mon, 06 Apr 2026 00:00:00 GMT Leopardplaysctf@gmail.com (Yasir Mehmood) ALL BLOGSHack-The-BoxPentestingMachinesWriteupSeason-9WindowsHardActive-DirectoryBloodhoundMSSQLUnconstrained DelegationDCSyncCVE-2024-30088Lateral Movementauthz_basepMimikatzRubeus