HackTheBox: Media
A Windows XAMPP box: a job-application upload form is weaponised with a malicious Windows Media Player file to capture enox's NTLMv2 hash via Responder, then an NTFS junction redirects an upload into the Apache web root for a webshell, and SeTcbPrivilege adds enox to Administrators.
Read 