Machine Synopsis

`Signed` is a medium-difficulty Windows machine that demonstrates exploitation of an MSSQL server by extracting the NTLMv2 hash of the service account running the instance and cracking the hash to obtain its password. This enables creation of silver tickets for user impersonation and access to the service. The domain is then enumerated via the MSSQL instance to gather the necessary information to impersonate the Administrator account, granting command execution through the MSSQL service. For privilege escalation, recently discovered [CVE-2025-33073](https://nvd.nist.gov/vuln/detail/CVE-2025-33073), an NTLM reflection attack is leveraged to perform self-relaying even with signing enforced, providing access to the `WinRMS` interface.