Sendai - HackTheBox
This is a Medium Active Directory box, where the usage of insecure credentials leads to the compromise of a user. From there it is possible to obtain the NTLM hash for a service account. Then there are two paths to full system compromise: creating a Silver Ticket to MSSQL using credentials in a config file and then abusing SeImpersonatePrivilege; or by getting credentials for a user that can abuse ADCS ESC4. ...
