https://b3ta-blocker.github.io/blog A hands-on hacking blog covering penetration testing walkthroughs by Hassaan Ali Bukhari. en-us root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) Thu, 13 Nov 2025 00:00:00 GMT https://b3ta-blocker.github.io/blog/blue https://b3ta-blocker.github.io/blog/blue Compromise of a Windows 7 SP1 lab machine by exploiting the MS17-010 EternalBlue SMB vulnerability via Metasploit to obtain a SYSTEM-level Meterpreter shell and extract password hashes, followed by a manual exploitation attempt using AutoBlue that resulted in a BSOD. Thu, 13 Nov 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) windowseasyms17-010eternalblue https://b3ta-blocker.github.io/blog/butler https://b3ta-blocker.github.io/blog/butler Compromise of a Windows machine via Jenkins default credentials and Groovy script RCE, followed by privilege escalation through an unquoted service path vulnerability in the WiseBootAssistant service. Fri, 05 Dec 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) windowsjenkinsprivilege-escalation https://b3ta-blocker.github.io/blog/fluffy https://b3ta-blocker.github.io/blog/fluffy Compromise of a Windows HackTheBox Active Directory machine by exploiting CVE-2025-24071 via a malicious library-ms file to capture NTLM hashes via Responder, abusing GenericWrite permissions through BloodHound enumeration to perform Shadow Credential attacks, and escalating to Domain Admin by exploiting an ESC16 ADCS misconfiguration with Certipy. Thu, 10 Jul 2025 00:00:00 GMT root.b3ta.blocker@gmail.com (Hassaan Ali Bukhari) windowshacktheboxeasyactive-directorycve-2025-24071privilege-escalation