How to find existing windows / AD CVEs
I've just completed the fluffy box, where you can read a PDF file that tells you what CVEs to use to get an initial foothold. The CVE was CVE-2025-24071, where you can create a malicious .zip and capture an NTLMv2 hash to crack when someone opens it.
I realised that if this PDF never told me what CVE to look at and use, I never would've found it / solved the box. In my current methodology, I only test for coercion CVEs (such as petit potam) via netexecs coerce_plus module, and nopac.
If you were to do the fluffy box without being told what CVE to use, how would you figure it out? Would anyone be willing to share their methodology when it comes to finding these things?
Thank you