https://7rocky.github.io/en/tags/assumed-breach/Recent content in Assumed-Breach on 7Rocky's Blog. Cybersecurity and MathsHugoenLicensed under CC BY-NC 4.0Thu, 16 Apr 2026 09:39:08 +0200https://7rocky.github.io/en/htb/eighteen/Fri, 10 Apr 2026 00:00:00 +0100https://7rocky.github.io/en/htb/eighteen/Hack The Box. Windows. Easy machine. In this assumed-breach machine we have credentials for an exposed MSSQL service where we can impersonate another user and find a hashed password for the website hosted by the machine. This hash can be cracked to find a password. After enumerating users by brute forcing RIDs in MSSQL, we find that it is reused by a domain user and we get access via WinRM. There is a bad ACL configured to group <code>IT</code> and we can use <code>BadSuccessor</code> to escalate privileges, after configuring a SOCKS proxy to access required AD services