Machine Synopsis

Control is a hard difficulty Windows machine featuring a site that is found vulnerable to SQL injection. This is leveraged to extract MySQL user password hashes, and also to write a webshell and gain a foothold. The password hash for the SQL user `hector` is cracked, which is used to move laterally to their Windows account. Examination of the PowerShell history file reveals that the Registry permissions may have been modified. After enumerating Registry service permissions and other service properties, a service is abused to gain a shell as `NT AUTHORITY\SYSTEM`.