HackSmarter

Initial Reconnaissance Port Scanning 1 nmap -Pn -p- -sC -sV $TARGET --open -oA nmap/scan --min-rate 3000 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Starting Nmap 7.93 ( https://nmap.org ) at 2026-02-05 10:06 EST Nmap scan report for 10.1.98.36 Host is up (0.026s latency). Not shown: 65525 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53/tcp open domain Simple DNS Plus 80/tcp open http Microsoft IIS httpd 10.0 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP 3389/tcp open ms-wbt-server Microsoft Terminal Services Service Info: Host: DC-404; OS: Windows Key Services Identified: ...

Objective / Scope StellarComms has recently onboarded a new junior analyst to support satellite operations monitoring. As part of standard security procedures, a comprehensive internal access assessment must be conducted to validate that the new user account maintains appropriate privilege boundaries and cannot be leveraged for unauthorized escalation. This lab started with just a username - junior.analyst - and no password. The challenge was to figure out how a brand new, low-privileged account could potentially escalate all the way to domain administrator. Spoiler alert: turns out there were quite a few misconfigurations to exploit along the way. ...

Context Most people working in offensive security, or anyone who regularly spends time in Hack The Box or HackSmarter labs, are probably already familiar with ligolo-ng. It was a genuine game changer for pivoting and tunneling during internal assessments and quickly became a go-to tool for many operators. Ligolo-MP builds directly on that foundation. While it isn’t entirely new (it’s based on ligolo-ng), it introduces a multiplayer-capable architecture and, more importantly in my opinion, a much cleaner and more intuitive user interface. I haven’t fully explored the multiplayer functionality yet, but purely from a usability perspective, ligolo-mp feels like a meaningful improvement and is extremely operator-friendly. ...

Objective / Scope Lumon Industries will soon be integrating a high-value employee into the organization. In accordance with internal security protocols, a comprehensive penetration test and internal access verification must be conducted prior to full onboarding. For this assessment, valid credentials were provided for a standard domain user. The goal was to understand what level of access this account truly had, identify any escalation paths, and determine whether internal controls would prevent an attacker from moving laterally or escalating privileges. ...