# HTB-Pirate

2026-03-05 5 min read

In order to avoid clock skew errors I used the following commands to adjust the time to that of the target:

# HTB-Vintage

2026-01-30 5 min read

By mutating a wordlist to the naming convention of the user we already found we can find another user in the domain:

2026-01-24 6 min read

Right away I noticed that an NFS port was open which is almost always low hanging fruit.

2026-01-24 3 min read

Using the provided creds I start off by running an enum scan of the target:

2025-11-25 9 min read

When trying to log in using the provided ldap creds we get the following message:

2025-11-22 8 min read

I started off by mounting the nfs share.