Pirate is a Hard Windows machine that involves compromising an Active Directory environment by chaining multiple delegation and authentication abuses. The attack begins with LDAP enumeration to identify computer accounts, which are used to extract gMSA credentials. These credentials provide access to the Domain Controller via WinRM and allow establishing a pivot into the internal network.
You need to be signed in to access protected stories.
For hints/guidance/requests, you can join our Discord Server
*Following HTB policies, the solutions to live machines will not be shared publicly even on the Discord server.