Olivia
Online
Dark@Joker:~$
@ExploitNest
CRTA | CAP | OSCP (Aspirant)
- Pentration Tester & Bug Hunter
- Red Teamer 🤡
Joined May 2022
2.2K Following
95 Followers
565 Posts
🚩HTB: Flight (Hard) - Pwned!
PHP site → forced SMB auth → cracked Net-NTLMv2 🔑 RPC enum → password spray → reused creds 💀 Malicious share files → second hash captured ASPX webshell → IIS shell → machine account abuse → Admin
SMB + AD + IIS chained 🔥
#HackTheBox #OSCP
Solved “Access” from Hack The Box 🔓
Started with anonymous FTP access, extracted creds from an Access DB, found more creds inside an Outlook mail file, then got user access via Telnet.
PrivEsc involved abusing cached Administrator credentials to grab root.txt 💀
#HackTheBox
Sometimes old boxes hit harder because they introduced techniques before they became common. 💀#HackTheBox #HTB #Jeeves #Windows #ActiveDirectory #Pentesting #CyberSecurity #RedTeam #Infosec
Just rooted Jeeves on Hack The Box 🎩🔥
A classic Windows machine that still teaches valuable concepts from abusing an exposed Jenkins instance for RCE to extracting creds from a KeePass database and escalating to Administrator.
Who to follow
Abby Williams
@abby_wils
A girly girl who loves all things football, especially #ManCity. Ex Captain of Airbus Ladies FC.
pijat hanya terima panggilan aja
@Mochama58036454
hanya bisa sabar dan ikhlas saja
yang minat Monggo hub
089523012811
संदेश धारा RNI.NO.DELHIN/2023/87207
@SandeshDhara
एडिटर इन चीफ, संदेश धारा दैनिक समाचार पत्र।
E-mail:- [email protected]
Pwned Cascade (HTB) 💥
Recovered creds via LDAP → SMB access → found TightVNC password → got shell → dumped & decrypted creds from SQLite → abused AD Recycle Bin to recover deleted admin creds → root access 🔥
#HackTheBox #AD #Pentesting #CyberSecurity
🚨 ALERTA: HACKEAN EL CORAZÓN DE INTERNET; FALLO EN CPANEL AFECTA A MILLONES 🛡️💻🔓
Se ha detectado una vulnerabilidad zero-day crítica (CVE-2026-41940) en cPanel y WHM, las herramientas que administran más de 70 millones de sitios web. Este fallo es una "llave maestra" que permite a cualquier atacante convertirse en administrador total (root) sin conocer la contraseña.
🖋️ ¿CÓMO FUNCIONA EL ATAQUE? (EN TÉRMINOS SENCILLOS)
En términos sencillos, el hacker engaña al sistema mediante "recados falsos":
📋 El Engaño: Envía un inicio de sesión falso y manipula una "cookie" para que el servidor deje de cifrar datos.
📋 Inyección: Introduce líneas de texto ocultas que dicen "este usuario ya puso su clave y es el jefe".
📋 El Salto: El sistema lee estas líneas, confía en ellas y le da acceso total al atacante, saltándose toda seguridad.
🧐 ¿QUÉ DEBES HACER? ✨🧤🕊️
Si administras un servidor, la situación es crítica realidad en la que el ataque ya se está usando "en la calle".
Actualiza de inmediato: Debes instalar las versiones parchadas (ej. 11.136.0.5 o superiores según tu rama).
Limpia la casa: Si tenías una versión vulnerable, asume que ya entraron. Cambia contraseñas de root, bases de datos, correos y regenera llaves SSH y certificados SSL.
¿Está tu sitio web a salvo o le has dejado la puerta abierta al mundo? 🕒 En este entorno digital en el que un par de clics bastan para perderlo todo, la velocidad de tu reacción es tu única defensa, realidad en la que el parcheo no es opcional, es vital. 💸🚫💻
LA INFORMACIÓN TÉCNICA 👇
https://t.co/x1MBrnnBF8
#cPanel #CyberSecurity #Hackers #ZeroDay #Hosting #SeguridadDigital 📋 📢🚨🛡️
Cicada (Easy AD box) walkthrough 🔐
Started with SMB enum → found new hire note with default creds.
RID cycling → got users → password spray = initial access.
LDAP enum → creds in description 😅
New user → access to dev backup script → more creds.
#HTB #ActiveDirectory
🔥 Pwned Manager on HTB
Started with RID cycling/Kerberos brute to enumerate users → password spray (username = password) got initial access
Gained MSSQL access → used xp_dirtree → found backup with creds → accessed ADCS → exploited ESC7 → Domain Admin 🚀
#HackTheBox #AD
Pwned Intelligence from Hack The Box 🧠💥
AD enum → PDF naming brute-force → default creds → password spray = access
Captured hash via Responder → cracked → new user
Abused GMSA + delegation → Domain Admin 🚀
#HackTheBox #ActiveDirectory #RedTeam #Penetration
🚀 Just Pwned: HTB “Escape” Machine
A pure Windows-focused challenge covering MSSQL & ADCS exploitation.
🔹 Found MSSQL creds via open file share
🔹 Captured Net-NTLMv2 using xp_dirtree & cracked it
🔹 Escalated to sql_svc → extracted more creds from logs
#HackTheBox #Pentest
🔥 2 more machines down on @HackTheBox!
✅ Monteverde — Apr 22
✅ Return — Apr 23
Active Directory enumeration, service abuse, privilege escalation... the grind never stops. 💀
#HackTheBox #HTB #Activedirectory #CyberSecurity #PenTest #InfoSec #ExploitNest
These labs really helped me understand real-world AD attack chains and post-exploitation techniques.
#HackTheBox #ActiveDirectory #Pentesting #RedTeam #CyberSecurity #OSCP #EthicalHacking #Infosec
🚩 Just Pwned Forest & Sauna from Hack The Box AD Labs!
Dived deep into Active Directory exploitation and learned a lot:
🔐 Enumerated AD users & shares
🎯 Performed Kerberoasting & credential attacks
🧠 Leveraged BloodHound for attack paths
⚡ Achieved privilege escalation 💻
🔐 Exploring Active Directory Pentesting Tools
https://t.co/lFPe2bmxXZ
Came across a useful GitHub repository that lists various tools for Active Directory Security Pentesting, enumeration, privilege escalation, and post-exploitation.
#CyberSecurity #ActiveDirectory #Pentesting
Pwned two machines today on Hack The Box 💀🔥
• SOU
• UpDown
Learned a lot during the process from enumeration to exploitation and privilege escalation. Every machine teaches something new and sharpens the mindset 🧠
Consistency is the real hack 🚀
#HackTheBox #HTB #Pentest
Just solved — Busqueda🔥
🔥 Learned a lot while going through enumeration, exploitation, and post-exploitation. Every step pushed me to think deeper and stay patient.
#VAPT #EthicalHacking #RedTeam #InfoSec #CyberSecurityJourney
Just Pwned Support 💻🔥
Another box down on HTB 🧠💀
Skills Learned
Connecting to an SMB share
Quering an LDAP server for information
Performing a Resource Based Constrained Delegation attack.
#HackTheBox #CyberSecurity #Pentesting #redteam
🚨 Unified (HTB) Pwned 🚨
Solved a Log4j (Log4Shell) based machine — from exploitation to full root access 💻🔥
Great hands-on learning on real-world impact of vulnerable dependencies!
#HTB #Log4j #HackTheBox #Pentesting #CyberSecurity
💉 Rooted Vaccine on Hack The Box! 🔥
Cracked credentials with John, exploited SQL Injection, and got OS shell via sqlmap 🖥️
Simple chain, powerful impact 💀
#HackTheBox #Pwned #SQLInjection #Pentesting #CyberSecurity
🚀 Another box owned! 💀🔥
Just rooted Oopsie on Hack The Box 🐂
This machine was a great learning experience from enumeration to privilege escalation, every step reinforced how important fundamentals are in penetration testing.
#HackTheBox #HTB #Pwned #CyberSecurity
Last Seen Users on Sotwe
Pencinta binor gemoy montok besar
Seen from United States
Tập Đánh Vần
Seen from United States
شاب مثلي جنس
Seen from Israel
Yuuki:7🍩 
Seen from United States
Battle Beagle
Seen from United States
Damla 21 Osmaniye
Seen from Turkey
機智小御御
Seen from United States
Sema💜(akışta)
Seen from Turkey
Kaharr
Seen from Indonesia
Hinca-P
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers