Flight - HackTheBox Writeup (10.10.11.187)
Hard-difficulty Windows machine that covers forced NTLM authentication techniques through Remote File Inclusion and SCF file attacks. Lots of pivoting between service accounts and user accounts using web shells. Privilege escalation by abusing SeImpersonatePrivilege to perform token impersonation.
Sharp - HackTheBox Writeup (10.10.10.219)
Hard-difficulty Windows box with a focus on reverse engineering C# applications and enumerating SMB shares. Foothold gained by reversing the encryption in a Kanban application. Privilege escalation by abusing WCF server and client applications ported from .NET remoting.
Reel2 - HackTheBox Writeup (10.10.10.210)
Hard-difficulty Windows box with a focus on password spraying attacks and NetNTLMv2 hash phishing on Outlook. Privilege escalation by abusing an insecure Powershell JEA cmdlet with symbolic links, while bypassing PS constrained language mode.
Feline - HackTheBox Writeup (10.10.10.205)
Hard-difficulty Linux box on exploiting Apache Tomcat CVE-2020-9484 and abusing docker.sock exposure.