I am Groot

Nmap Scan Result

Service running on port 80 displays what seems to be Captured Wifi traffic and auto downloads a IamGrootWLAN.cap file

Using Aircrack-ng tool. I was able to brute-force and  recover the WPA key. adding decryption key allowed us to view decrypted packet.

All we got from the cap file is a flag

SSH access was easy since we have the WPA and and we know the username IamGroot. Same credfential worked for RDP...

Privilege Escalation

A schedule PowerShell script run by admin, pretty straight forward. Just pasted a base64 PowerShell reverse shell payload.

Last Flag :)