Official Sekhmet Discussion

Official discussion thread for Sekhmet. Please do not post any spoilers or big hints.

You mean the malware that points to your Captain Hook discord server?

:sweat_smile:

Weird how there are no posts in this discussion… Anyway just rooted the machine and to be honest i needed some hints along the way… learned a lot of new things about windows attack vectors.
For anyone stuck feel free to PM.

mobile hint?

Thank you @nullb1te for the valuable help! :slight_smile: What a journey full of understandings about windows behaviors. Thank you @4ndr34z for the learning :hugs:

FOOTHOLD: try to identify backend. There’s a vuln where you can try param injection to get RCE. Enum and search for juice cracking access for another account and generate ticket.
USER: connect with that user and try to get root to get flag.
ROOT: it’s a pivot challenge. You have to access the server and enum to get juice that will give you direct access to root.

1 Like