Machine Synopsis
Multimaster is an insane difficulty Windows machine featuring a web application that is vulnerable to SQL Injection. This vulnerability is leveraged to obtain the foothold on the server. Examination the file system reveals that a vulnerable version of VS Code is installed, and VS Code processes and found to be running on the server. By exploiting debug functionality, a shell as the user `cyork` can be gained. A password is found in a DLL, which due to password reuse, results in a shell as `sbauer`. This user is found to have `GenericWrite` permissions on the user `jorden`. Abusing this privilege allows us to gain access to the server as this user. `jorden` is be member of `Server Operators` group, whose privileges we exploit to get a SYSTEM shell.
Machine Matrix