Windows

Inject: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Vintage: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Administrator: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Certified: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Blazorized: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Mist: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Axlle: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Compiled: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Jarmis: use CVE-2021-38647 where it fits the service, gain a shell, and escalate to root.

YPuffy: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Help: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Cicada: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Soccer: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Bastion: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Active: enumerate the AD surface, abuse the exposed credential or delegation path, and escalate to Administrator.

Paper: use CVE-2019-17671 and CVE-2021-3560 where it fits the service, gain a shell, and escalate to root.

Blog: abuse the WordPress foothold, stabilize the shell, and escalate through the local weakness.