eZ CVE straight to SYSTEM

Another eZ CVE straight to SYSTEM. Looks to be a few vulns for foothold/ pwnage

This box was really cool. A very interesting foothold, consisting of exploiting a h2 database console to write a dll to disk. The dll can be invoked through user defined functions within the h2 console. SE impersonate was enabled with the user you gain after foothold but none of the potatos work because it is too new of a version. However a vulnerable service is running which can be exploited for SYSTEM.

This was a fun foothold. A remote service was running called RemoteMouse. This allows you to turn your mobile devices into a remote mouse/ keyboard. Each action has an assocaited value assigned to it which is sent to the remote device and the approiate actions are carried out accordingly. This allowed us to remotely control the mouse with a script to open a cmd prompt and execute a reverse shell.