CTF walkthroughs, security research, and hacking tutorials for aspiring ethical hackers.
Featured Walkthrough
HTB Writeup – Fluffy
Published • November 27, 2025 • 15 min read
A comprehensive walkthrough of the Fluffy machine from Hack The Box. This easy-rated Windows Active Directory machine demonstrates exploiting CVE-2025-24071 to capture NTLM hashes, performing shadow credentials attacks with BloodHound analysis, and leveraging ADCS ESC16 vulnerability for privilege escalation to Domain Administrator.
RECONNAISSANCE
Nmap scanning, SMB enumeration with j.fleischman creds, IT share discovery, CVE-2025-24071 identification
USER - SHADOW CREDENTIALS
NTLM capture via CVE-2025-24071, p.agila hash cracking, BloodHound analysis, shadow credentials on winrm_svc
ROOT - ADCS ESC16
Lateral movement to ca_svc, ESC16 exploitation, UPN modification, certificate request as administrator
KEY FINDINGS
CVE-2025-24071 exploited via malicious .library-ms file to capture p.agila's NTLM hash
BloodHound analysis revealed GenericAll on Service Accounts with GenericWrite on winrm_svc
Shadow credentials attack on winrm_svc and ca_svc for lateral movement
ESC16 vulnerability with disabled security extension allows UPN modification to administrator