# HTB-Escape

2026-01-24 4 min read

Using kerbrute I was able to find the following service accounts present:

# HTB-EscapeTwo

2026-01-23 4 min read

Using the enum4linux-ng tool I was able to enumerate the following information:

2025-11-22 5 min read

Since we already got valid creds I decided to use nxc to spray the credentials

2025-11-17 6 min read

I tried the creds for winrm but they didn’t work, let’s try them for port 80 instead.

2025-10-16 5 min read

Using the given credentials we are able to login using impacket: