A medium-rated active directory box which involves chaining rights abuses to compromise users, gain access to FTP to discover a Password Safe file and execute a targeted Kerberoast and DCSync attack to compromise the domain.

An easy-rated active directory box involving LDAP and plaintext credentials for initial access, and abusing services to run a malicious image and obtain a SYSTEM shell.

An easy-rated Active Directory box involving SMB enumeration, hardcoded credentials and user enumeration for initial access, ending with SeBackupPrivilege abuse to dump NTLM hashes and gain administrator access.