HackTheBox: Checkpoint
A Windows Server 2025 Active Directory box starring BadSuccessor (the 2025 dMSA succession abuse). From alex.turner: restore a deleted user and BadSuccessor it for mark.davies's NT hash, plant a malicious .vsix VS Code extension on the DevDrop share to land as ryan.brooks (user.txt), BadSuccessor svc_deploy via ryan's GenericWrite, read a VMware memory snapshot from the VMBackups share, carve the Administrator hash with Volatility, and Pass-the-Hash to own the DC.
Read 