Sauna is a 20-point Windows Machine on HackTheBox. For user, we bruteforce usernames and then use ASREP-Roasting to obtain the hash of one the users. For root, we find the logon password for an account that has DCSync privileges and then use secretsdump.py to execute the attack.
Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag. For root we exploit Azure AD Connect’s way of storing the password for the account that synchronizes on premise AD accounts with Azure AD.
Nest is a 20-point Windows machine on HackTheBox that involves searching through smb shares and analyzing 2 short custom programs.
P.O.O. Endgame is one of HackTheBox’s endgame labs and was just retired. It involves exploiting SQL Server Links & Active Directory ACLs.
Sniper is a 30-point machine on HackTheBox that involves abusing a remote file inclusion and uploading a crafted chm file which is opened automatically by the local administrator.
Forest is a 20-point active directory machine on HackTheBox that involves user enumeration, AS-REP-Roasting and abusing Active Directory ACLs to become admin.
Bankrobber is a 50-point machine on hackthebox that involves exploiting a cross site scripting vulnerability to gain access to an admin account, using a command injection to get a user shell and exploiting a simple buffer overflow to become system.
RE is a 40 point windows machine on HackTheBox that involves uploading an ods file with a malicious macro, abusing a winrar vulnerability and using UsoSVC together with metasploit's incognito module to become root.
Heist is an "easy" machine on hackthebox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory).