Resolute was a quite particular windows box that did not have a web server running. A password could be retrieved remotely from user descriptions comments, allowing a login into the box through WinRM. From there, another password can be grabbed from PSTranscripts to escalate to a user with DnsAdmin privieleges, which allowed us to further privesc to the Domain Admins group and finish the box.
You May Also Enjoy
Recently the Qualys Research Team did an amazing job discovering a Heap overflow vulnerability in Sudo. In the next sections, we will analyze the bug and we will write an exploit to gain root privileges on Debain 10.
Rope2 by R4J has been my favorite box on HackTheBox by far. It wasn’t really related to pentesting, but was an immersive exploit dev experience