Leopard's Blogsite https://le0pard.vercel.app/blog en-us Leopardplaysctf@gmail.com (Yasir Mehmood) Leopardplaysctf@gmail.com (Yasir Mehmood) Mon, 06 Apr 2026 00:00:00 GMT https://le0pard.vercel.app/blog/HTB-DarkZero-Writeup Hack-The-Box - Hard - Windows - DarkZero https://le0pard.vercel.app/blog/HTB-DarkZero-Writeup Initial MSSQL access with provided creds revealed a linked server to DC02, enabling xp_cmdshell for lateral movement. CVE-2024-30088 granted SYSTEM on DC02 for user.txt. Unconstrained delegation on DC01 allowed TGT capture via coercion, then DCSync extracted Administrator hash for root.txt. Mon, 06 Apr 2026 00:00:00 GMT Leopardplaysctf@gmail.com (Yasir Mehmood) ALL BLOGSHack-The-BoxPentestingMachinesWriteupSeason-9WindowsHardActive-DirectoryBloodhoundMSSQLDCSyncCMDSHELLLateral Movementauthz_basepCVE-2024-30088Unconstrained DelegationMimikatzRubeusLinkedSQLServerCoercion