Aero
Aero
Aero 571
Aero
RETIRED MACHINE

Aero

Aero - Windows Windows
Aero - Medium Medium

4.5

MACHINE RATING

446

USER OWNS

369

SYSTEM OWNS

28/09/2023

RELEASED
Created by ctrlzero

Machine Synopsis

Aero is a medium-difficulty Windows machine featuring two recent CVEs: CVE-2023-38146 , affecting Windows 11 themes, and CVE-2023-28252 , targeting the Common Log File System (CLFS). Initial access is achieved through the crafting of a malicious payload using the ThemeBleed proof-of-concept, resulting in a reverse shell. Upon gaining a foothold, a CVE disclosure notice is found in the user's home directory, indicating vulnerability to CVE-2023-28252 . Modification of an existing proof-of-concept is required to facilitate privilege escalation to administrator level or code execution as NT Authority\SYSTEM.

Machine Matrix

Ready to start your
hacking journey?