HTB: Eighteen
This Hack The Box write-up walks through a Windows Server 2025 compromise that starts with valid MSSQL credentials and turns them into full domain admin. The attack abuses MSSQL login impersonation to access a financial-planner database, extract a Werkzeug PBKDF2 password hash for the web admin account, and crack it for reuse against domain users until a valid WinRM login is found. After landing on the host, the key escalation step is exploiting the new Windows 2025 functional-level dMSA migration behavior in the Bad Successor technique: creating a delegated managed service account that inherits the Administrator account’s group memberships. The write-up is useful because it ties together SQL abuse, credential reuse, and a modern Active Directory privilege-escalation path that defenders need to understand as Server 2025 deployments appear.