Eighteen - HackTheBox Writeup

Wed, 14 Jan 2026 00:00:00 +0000

Difficulty: Medium
Operating System: Windows

Executive Summary

Eighteen is a Windows Active Directory machine that combines database misconfigurations, password reuse, and modern Active Directory abuse techniques to achieve full domain compromise.

The attack begins with access to a Microsoft SQL Server instance, progresses through credential recovery and password reuse, and ultimately leverages the BadSuccessor technique to abuse delegated Managed Service Accounts (dMSA), resulting in Domain Administrator privileges.

Attack Path

MSSQL Access (kevin)
    → Login Impersonation (appdev)
    → Financial Planner Database
    → PBKDF2 Credential Recovery
    → Password Reuse
    → WinRM Access (adam.scott)
    → BadSuccessor (dMSA Abuse)
    → Kerberos Impersonation
    → DCSync
    → Domain Administrator

Reconnaissance

Service Enumeration

Initial enumeration revealed a limited attack surface:

WinRM on Maccioni Andrea - Portfolio

Eighteen - HackTheBox Writeup

Executive Summary

Attack Path

Reconnaissance

Service Enumeration