HackTheBox Signed Writeup

As is common in real life Windows penetration tests, you will start the Signed box with credentials for the following account which can be used to access the MSSQL service: scott / Sm230#C5NatH

┌──(dollarboysushil㉿kali)-[~/Documents/HTB_BOXES/signed]
└─$ nmap -sC -sV 10.129.95.75
Starting Nmap 7.95 ( https://nmap.org ) at 2025-10-11 22:35 EDT
Stats: 0:01:27 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 31.00% done; ETC: 22:39 (0:03:14 remaining)
Nmap scan report for 10.129.95.75
Host is up (0.28s latency).
Not shown: 999 filtered tcp ports (no-response)
PORT     STATE SERVICE  VERSION
1433/tcp open  ms-sql-s Microsoft SQL Server 2022 16.00.1000.00; RTM
| ms-sql-info: 
|   10.129.95.75:1433: 
|     Version: 
|       name: Microsoft SQL Server 2022 RTM
|       number: 16.00.1000.00
|       Product: Microsoft SQL Server 2022
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433
| ms-sql-ntlm-info: 
|   10.129.95.75:1433: 
|     Target_Name: SIGNED
|     NetBIOS_Domain_Name: SIGNED
|     NetBIOS_Computer_Name: DC01
|     DNS_Domain_Name: SIGNED.HTB
|     DNS_Computer_Name: DC01.SIGNED.HTB
|     DNS_Tree_Name: SIGNED.HTB
|_    Product_Version: 10.0.17763
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2025-10-11T23:53:51
|_Not valid after:  2055-10-11T23:53:51
|_ssl-date: 2025-10-12T02:39:16+00:00; +24s from scanner time.

Host script results:
|_clock-skew: mean: 23s, deviation: 0s, median: 23s

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 225.64 seconds

Secured

🔒

Active HackTheBox Challenge

This challenge is currently active on HackTheBox. According to HTB's content policy, sharing writeups of active challenges is prohibited.

This writeup will be made publicly available once the challenge is retired.