HackTheBox - Forest
This box maybe classified as an easy machine but takes prior knowledge to solve, made by egre55 and mrb3n on HackTheBox. We gain our foothold by enumerating RPC where we get usernames, then we will Kerberoast the usernames until we get a Kerberos ticket hash, then crack it and get in as the user. For privilege escalation, we will abuse Access Control List-based permission to add a new user, add the new user to a group that will enable us to get the Administrator hash; we will use Pass-The-Hash and login as Administrator....