BoardLight, an easy-rated machine on Hack The Box created by cY83rR0H1t, involves discovering a new virtual host, leveraging a CVE to gain a low-privileged foothold, performing horizontal escalation to another user on the box, and ultimately exploiting a lesser-known binary for root access.
I am going to walkthrough "Creative" from TryHackMe. This is an easy-rated machine that starts off with discovering a new virtual host, exploiting a server-side request forgery vulnerability in a URL testing tool, and then escalating to root via the LD_PRELOAD environment variable.
One of the TCM Discord community members SecHamza created a TryHackMe room, and I gave it a spin and wanted to post my write-up about it. Here's my take.
Becoming a domain controller to retrieve credentials through DCSync simply by abusing DS-Install-Replica permissions and leveraging Machine Account Quota. I am the DC now!
