Retro
Retro presents a Windows Active Directory environment with weak domain configurations and passwords. Enumerating SMB shares as a Guest user and pivoting to a Trainee user reveals sensitive operational information. The Domain Controller is vulnerable to AD CS ESC1 which is leveraged to gain Domain Admin compromising the domain controller entirely.