Control
Control
Control 218
Control
RETIRED MACHINE

Control

Control - Windows Windows
Control - Hard Hard

4.5

MACHINE RATING

3177

USER OWNS

2671

SYSTEM OWNS

23/11/2019

RELEASED
Created by TRX

Machine Synopsis

Control is a hard difficulty Windows machine featuring a site that is found vulnerable to SQL injection. This is leveraged to extract MySQL user password hashes, and also to write a webshell and gain a foothold. The password hash for the SQL user `hector` is cracked, which is used to move laterally to their Windows account. Examination of the PowerShell history file reveals that the Registry permissions may have been modified. After enumerating Registry service permissions and other service properties, a service is abused to gain a shell as `NT AUTHORITY\SYSTEM`.

Machine Matrix

Ready to start your
hacking journey?