Hi, I need a tip for bob_adm credentials. It looks so simple by I don’t now what I am missing. Thankyou!
Solved. I got a rabbit hole since I founded “bob_adm” string in another file… this drove me to a wrong path.
How’d you solve it? I’m stuck here
pls help
You can send me a DM.
do you mean the rabbit hole is the PS credentials?
for those stucked at the same rabbit hole, → yes, ps credentials are a rabbit hole, keep an eye to the sticky notes 
3 Likes
Many thanks! You saved me a lot of time.
any one have the locatation cant find stickynotes in any of the user appdata files
The Ep bypass command described in the module results in an error.
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by
a policy defined at a more specific scope
Use “Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass”.
Not " Set-ExecutionPolicy Bypass -Scope Process"
For Anyone After me, the commands provide are enough to find the clear test flag, just need to modify it a bit
Summary
PS C:\Users> findstr /si bob_adm .
Be sure to leverage your elevated privileges from the previous module