Phantom is a Medium AD box where SMB enumeration leads to a decrypted VeraCrypt container, recovered credentials enable a foothold via password spraying, and Resource-Based Constrained Delegation (RBCD) is exploited to gain Administrator access.
LustrousTwo is a hard HackTheBox Windows machine where I use FTP to gather usernames, then spray with kerbrute and elpscrk to access an IIS site with Kerberos (IIS_KERBEROS_AUTH). By decompiling DLLs and abusing S4U2Proxy constrained_delegations, I achieve RCE and escalate via a Velociraptor server key.
