Deliver
An easy Linux box from HackTheBox, use a cool ticket trick to get an email on the domain, then create an account on the messaging service with it to see private messages from root and plaintext ssh creds, then dump hashes from the database and crack them for root.
Solidstate
An easy Linux box from HackTheBox, use an RCE combined with POP3 email compromise to get initial access, and exploit a misconfigured cron python script running as root to escalate privileges.
Intelligence
A medium Windows box from HackTheBox, enumerate users by scraping pdf data off of a web site, and use a password spray attack to get SMB access, through that get another user’s NTLM hash by abusing a custom script and finally abuse ReadGMSAPassword privileges to craft a TGT as administrator and get root.
Active
An easy WIndows box from HackTheBox, find creds intside of an smb share and use those to kerberoast the administrators credentials, crack them with hashcat and get root.
Jarvis
A medium Linux box from HackTheBox, exploit a SQLi to get admin creds to phpmyadmin to upload a webshell and get initial access, then exploit command injection in a script with sudo privileges to elevate to a user and use a SUID enabled systemctl from there to get root.