~/home ./writeups ./bounties ./membership ./news ./forums ./tools ./about ./contact

~/home ./writeups ./membership ./news ./forums ./tools ./bounties ./about ./contact

Garfield - HTB Machine Writeup

Difficulty: Hard | OS: Windows | Status: Completed

Abuse SYSVOL write access with j.arbuckle credentials to plant a malicious logon script triggering a reverse shell as l.wilson, then use ForceChangePassword ACL abuse to pivot to l.wilson_adm, before exploiting RODC RBCD and the Kerberos Key List Attack to extract the Administrator hash and fully compromise the domain.

Tags: Active Directory, Kerberos, SYSVOL / Logon Script Abuse

[ LOADING MACHINE DATA... ]

_

ONLINE

Privacy Policy Terms of Service

© 2026 0xJerry. All rights reserved.

|Built in the shadows///

Garfield - HTB Writeup | 0xJerry's Lab