Timelapse is an easy difficulty Windows box. The box is focused primarily on enumeration, with little tool usage or “exploitation”. You enumerate an unrestricted SMB share, move laterally through finding plaintext credentials, enumerate the Administrator password with those credentials, and finally privilege escalate to Domain Admin through dumping the SAM.
Support is an easy difficulty Windows box. The box is focused on Active Directory (AD) Discretionary Access Control List (DACL) abuse into a Resource-Based Constrained Delegation (RBCD) attack. Initial access can be gotten by decompiling company-specific software and enumerating LDAP.
EscapeTwo is an easy difficulty Windows box. The box is focused on Active Directory (AD) Discretionary Access Control List (DACL) abuse, shadow credential attacks, and attacking a weak template for privilege escalation.
Administrator is a medium difficulty Windows box, it's focused on Active Directory (AD) Discretionary Access Control List (DACL) abuse, kerberoasting, and privilege escalation through DCSync.
Certified is a medium difficulty Windows box that focuses on abusing Active Directory Discretionary Access Control Lists (AD DACL) and misconfigured certificate enrollment templates.
SteamCloud is an easy rated Linux box that is running a Kubernetes cluster. While relatively simple, I have no experience with Kubernetes so this was all new for me. This box includes exposed API ports, Kubernetes pod RCE, and creation of an attack pod for privilege escalation.
TwoMillion is an easy rated Linux box that was made to celebrate 2 million users on hackthebox. The box includes API enumeration and abuse, along with a vulnerability for the Linux kernel’s OverlayFS subsystem that allows an unprivileged user to escalate their privileges to root.
The WriteFreely server was relatively easy to set up and only took 2 hours until it was fully functional. I decided on WriteFreely because I wanted something very simple, lightweight, and that also supported markdown for posting write-ups for Hack the Box content.