An easy-rated HTB Active Directory machine. The attack chain involves SMB guest enumeration, RID brute-forcing, password spraying, LDAP dumping, and finally abusing SeBackupPrivilege to extract the Administrator hash.
Exploiting a .wax file upload to steal NTLMv2 credentials, then escalating privileges via SeImpersonate using GodPotato on a Windows target.
UpDown is a medium Linux box where you chain an exposed .git repo, a custom header bypass, and a Phar wrapper LFI + file upload to get a shell. Root involves Python 2 input() injection on a SUID binary, then easy_install sudo abuse via GTFOBins.
