Machine Synopsis

Helpline is a hard difficulty windows box which needs a good amount of enumeration at each stage. A ServiceDesk web application is found to be vulnerable to XXE exposing sensitive data which gives a foothold. There are hashes on the PostgreSQL database which can be cracked to gain access to a user who can read Windows Event Logs. These logs contain user credentials and can be used to move laterally. Enumeration of the file system reveals a script vulnerable to command injection, which allow for code execution in the context of another user. The local Administrator credentials are then found in the form of powershell securestring.