An easy-rated HTB Active Directory machine. The attack chain involves SMB guest enumeration, RID brute-forcing, password spraying, LDAP dumping, and finally abusing SeBackupPrivilege to extract the Administrator hash.
UpDown is a medium Linux box where you chain an exposed .git repo, a custom header bypass, and a Phar wrapper LFI + file upload to get a shell. Root involves Python 2 input() injection on a SUID binary, then easy_install sudo abuse via GTFOBins.
A walkthrough of HackTheBox Searcher — exploiting CVE-2023-43364 (Searchor 2.4.0 RCE) for initial access, then leveraging a path injection vulnerability in a privileged Python script to escalate to root.
