Voleur is a medium level Active Directory Hackthebox machine which is based on the assumed breach scenario (means we have valid credentials).This focusses on kerberos authentication, realm fixation...

Artificial is an easy Linux machine on HTB. Foothold comes from uploading a malicious TensorFlow model for RCE. Dumped credentials give user access, and root is obtained via a backup misconfiguration.

Walkthrough of the HTB TombWatcher machine, covering initial access with domain creds, BloodHound ACL abuse, targeted Kerberoasting, and privilege escalation via ADCS ESC15 to Domain Admin.

Walkthrough of the HTB Certificate machine, covering PHP webshell upload, MySQL enumeration, AD credential cracking, and privilege escalation via ESC3 in ADCS.

Fluffy is an easy Windows machine on HTB. Initial access is achieved with valid credentials. Active Directory enumeration and abuse of service account permissions allow privilege escalation to Admi...

Planning is an easy machine. discovering a vulnerable service, leveraging RCE, then using container and system misconfigurations for privilege escalation.

Administrator is a medium Windows AD box where SMB enumeration and misconfigured user privileges lead to password resets, credential cracking,finally a DCSync attack to gain full domain admin access.