https://0xc4rc3l.github.io/ Red team trainee focused on AD exploitation, C2 frameworks, and real-world attack simulations. 2026-03-19T19:07:49+00:00 0xc4rc3l https://0xc4rc3l.github.io/ Jekyll © 2026 0xc4rc3l /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-01-31T00:00:00+00:00 2026-01-31T00:00:00+00:00 https://0xc4rc3l.github.io/posts/HackTheBox-CodePartTwo/ 0xc4rc3l

CodePartTwo is an Easy Linux machine that features a vulnerable Flask-based web application. Initial web enumeration reveals a JavaScript code editor powered by a vulnerable version of js2py, which allows for remote code execution via sandbox escape. Exploiting this flaw grants access to the system as an unprivileged user. Further enumeration reveals an SQLite database containing password hashe...

2025-09-27T00:00:00+00:00 2026-03-19T17:10:12+00:00 https://0xc4rc3l.github.io/posts/HackTheBox-Puppy/ 0xc4rc3l

Puppy is a Medium Difficulty machine that features a non-default SMB share called DEV. With the provided credentials for user levi.james, enumeration of the domain is possible. The enumeration reveals that this user has GenericWrite privileges over the Developers group. After adding Levi to this group, we can access the previously inaccessible DEV share. This share contains the backup of a KeeP...

2025-09-20T00:00:00+00:00 2026-03-19T17:10:12+00:00 https://0xc4rc3l.github.io/posts/HackTheBox-Fluffy/ 0xc4rc3l

Fluffy is an easy-difficulty Windows machine designed around an assumed breach scenario, where credentials for a low-privileged user are provided. By exploiting CVE-2025-24071, the credentials of another low-privileged user can be obtained. Further enumeration reveals the existence of ACLs over the winrm_svc and ca_svc accounts. WinRM can then be used to log in to the target using the winrc_svc...

2025-04-20T00:00:00+00:00 2026-03-19T18:07:19+00:00 https://0xc4rc3l.github.io/posts/Fixing-Kerberos-Clock-Skew/ 0xc4rc3l

Fixing Kerberos Clock Skew TL;DR: Two commands. Thirty seconds. Back to hacking. The problem You’ve got valid credentials. You’ve got your tooling ready. Then you fire off secretsdump, psexec, or evil-winrm — and get nothing back but a wall of red: [-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great) Kerberos is paranoid about time. By design, it rejects any authenticatio...

2025-04-19T00:00:00+00:00 2026-03-19T19:07:38+00:00 https://0xc4rc3l.github.io/posts/HackTheBox-Administrator/ 0xc4rc3l

Administrator is a medium-difficulty Windows machine designed around a complete domain compromise scenario, where credentials for a low-privileged user are provided. To gain access to the michael account, ACLs (Access Control Lists) over privileged objects are enumerated, leading us to discover that the user olivia has GenericAll permissions over michael, allowing us to reset his password. With...