Forest from Hack The Box presented a fairly straightforward Windows Active Directory box with some lightweight initial reconnaissance and enumeration, ASREPRoasting, Bloodhound exploration revealing privilege abuse leading to a final DCSync attack to compromise the domain.
Retro presents a Windows Active Directory environment with weak domain configurations and passwords. Enumerating SMB shares as a Guest user and pivoting to a Trainee user reveals sensitive operational information. The Domain Controller is vulnerable to AD CS ESC1 which is leveraged to gain Domain Admin compromising the domain controller entirely.
