I am Groot
Nmap Scan Result
Service running on port 80 displays what seems to be Captured Wifi traffic and auto downloads a IamGrootWLAN.cap file
Using Aircrack-ng tool. I was able to brute-force and recover the WPA key. adding decryption key allowed us to view decrypted packet.
All we got from the cap file is a flag
SSH access was easy since we have the WPA and and we know the username IamGroot. Same credfential worked for RDP...
Privilege Escalation
A schedule PowerShell script run by admin, pretty straight forward. Just pasted a base64 PowerShell reverse shell payload.
Last Flag :)