Post

HackTheBox Signed Writeup

A walkthrough of the HackTheBox 'Signed' machine. This write-up covers initial access, privilege escalation, and post-exploitation techniques.

Posted Updated
Preview Image
By dollarboysushil
1 min read

As is common in real life Windows penetration tests, you will start the Signed box with credentials for the following account which can be used to access the MSSQL service: scott / Sm230#C5NatH

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

┌──(dollarboysushil㉿kali)-[~/Documents/HTB_BOXES/signed]
└─$ nmap -sC -sV 10.129.95.75
Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-11 22:35 EDT
Stats: 0:01:27 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 31.00% done; ETC: 22:39 (0:03:14 remaining)
Nmap scan report for 10.129.95.75
Host is up (0.28s latency).
Not shown: 999 filtered tcp ports (no-response)
PORT     STATE SERVICE  VERSION
1433/tcp open  ms-sql-s Microsoft SQL Server 2022 16.00.1000.00; RTM
| ms-sql-info: 
|   10.129.95.75:1433: 
|     Version: 
|       name: Microsoft SQL Server 2022 RTM
|       number: 16.00.1000.00
|       Product: Microsoft SQL Server 2022
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433
| ms-sql-ntlm-info: 
|   10.129.95.75:1433: 
|     Target_Name: SIGNED
|     NetBIOS_Domain_Name: SIGNED
|     NetBIOS_Computer_Name: DC01
|     DNS_Domain_Name: SIGNED.HTB
|     DNS_Computer_Name: DC01.SIGNED.HTB
|     DNS_Tree_Name: SIGNED.HTB
|_    Product_Version: 10.0.17763
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2025-10-11T23:53:51
|_Not valid after:  2055-10-11T23:53:51
|_ssl-date: 2025-10-12T02:39:16+00:00; +24s from scanner time.

Host script results:
|_clock-skew: mean: 23s, deviation: 0s, median: 23s

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 225.64 seconds

Active Challenge

This challenge is currently active on HackTheBox.

In accordance with HackTheBox's content policy, this writeup will be made publicly available only after the challenge is retired. This approach maintains the integrity of active challenges while ensuring educational resources are available for learning purposes.

Connect With Me
𝕏 Twitter in LinkedIn GitHub
Support My Work
❤️ Buy Me Momo
Secured
🔒

Content Access Required

Enter the password to unlock the full writeup content

Writeups, HackTheBox
signed aes htb windows ctf
This post is licensed under CC BY 4.0 by the author.

© dollarboysushil. Some rights reserved.

Using the Chirpy theme for Jekyll.