An easy-rated HTB Active Directory machine. The attack chain involves SMB guest enumeration, RID brute-forcing, password spraying, LDAP dumping, and finally abusing SeBackupPrivilege to extract the Administrator hash.
A walkthrough of HackTheBox Searcher — exploiting CVE-2023-43364 (Searchor 2.4.0 RCE) for initial access, then leveraging a path injection vulnerability in a privileged Python script to escalate to root.
