UNCONSTRAINED-DELEGATION

Unconstrained-delegation

ALL TAGS

all-blogs(19)
pentesting(15)
hack-the-box(12)
linux(10)
windows(9)
season-8(8)
active-directory(7)
web(7)
writeup(6)
medium(5)
ctf(4)
reverse-engineering(4)
python(4)
easy(4)
certification(4)
exam(4)
network(4)
machines(4)
bloodhound(4)
scripting(3)
workflow(3)
kerberos(3)
netexec(3)
pwn(2)
deserialization(2)
review(2)
enumeration(2)
hard(2)
lateral-movement(2)
mimikatz(2)
rce(2)
non-seasonal(2)
genericall(2)
dpapi(2)
evil-winrm(2)
acl(2)
runascs(2)
password-change(2)
kerberoasting(2)
writespn(2)
tombstone-restoration(2)
ine(2)
ghidra(2)
bitsctf-2025(1)
obfuscation(1)
dfir(1)
forensics(1)
malware(1)
rng(1)
crypto(1)
aes(1)
broncoctf-2025(1)
bytecode(1)
decompilation(1)
code(1)
tensorflow(1)
restic(1)
backrest(1)
port-forwarding(1)
cpts(1)
reporting(1)
privilege-escalation(1)
tools(1)
oscp(1)
10-days(1)
comparison(1)
tips--tricks(1)
my-opinionpov(1)
season-9(1)
mssql(1)
unconstrained-delegation(1)
dcsync(1)
cve-2024-30088(1)
authz_basep(1)
rubeus(1)
xwiki(1)
cve-2025-24893(1)
netdata(1)
ndsudo(1)
path-hijack(1)
cve-2024-32019(1)
idor(1)
php(1)
suid(1)
cronjob(1)
signed-binary(1)
php-wrappers(1)
openssl(1)
ssh2-wrapper(1)
insecure-design(1)
elf-signing(1)
roundcube(1)
cve-2025-49112(1)
docker(1)
password-reuse(1)
mariadb(1)
credential-dumping(1)
sudo(1)
symlink(1)
below(1)
group-escalation(1)
nextjs(1)
cve-2025-29927(1)
authentication-bypass(1)
lfi(1)
terraform(1)
smb(1)
keepass(1)
password-spraying(1)
genericwrite(1)
time-roasting(1)
computer-account(1)
dll-hijack(1)
winrm(1)
rbcd(1)
delegation(1)
ad-cs(1)
esc-15(1)
cve-2024-49019(1)
gmsa(1)
shadow-credentials(1)
writeowner(1)
certipy-ad(1)
api(1)
information-disclosure(1)
auth-bypass(1)
command-injection(1)
env-leak(1)
credential-reuse(1)
kernel-exploit(1)
overlayfs(1)
fuse(1)
cve-2023-0386(1)
dacl(1)
wsl(1)
ntds(1)
hash-cracking(1)
bloodyad(1)
pypykatz(1)
ecppt(1)
methodology(1)
ejpt(1)
exploitation(1)
misc(1)
radare2(1)
cyberchef(1)
sql(1)
pcap(1)
tryhackme(1)
pt1(1)
active(1)
directory(1)
tuctf-2024(1)
binary-exploitation(1)
debugging(1)

PUBLISHED ON
Blog Published on: April 6, 2026
Hack-The-Box - Hard - Windows - DarkZero
ALL-BLOGS Hack-The-Box Pentesting Machines Writeup Season-9 Windows Hard Active-Directory Bloodhound MSSQL Unconstrained-Delegation DCSync CVE-2024-30088 Lateral-Movement authz_basep Mimikatz Rubeus
Initial MSSQL access on DC01, linked instance on DC02 enables xp_cmdshell for lateral movement. CVE-2024-30088 elevates to SYSTEM. Unconstrained delegation on DC01 coerced via MSSQL to capture TGT with Rubeus, then DCSync extracts Administrator hash for root flag.

UNCONSTRAINED-DELEGATION

Unconstrained-delegation

ALL TAGS

Hack-The-Box - Hard - Windows - DarkZero