Part 2 of the Lock machine. I was able to capture both the user and system flags with the help of the walkthrough. My biggest learning was with the MSI Installer bug where you can use the installer repair action to elevate yourself from Guest to System Administrator.
Part 1:
https://youtu.be/M6CMolFPnGs
Hack the Box Lock Machine:
https://app.hackthebox.com/machines/Lock
Microsoft Windows MSI Installer – Repair to SYSTEM – A detailed journey
https://sec-consult.com/blog/detail/msi-installer-repair-to-system-a-detailed-journey/
Thanks to @HackTheBox and users xct and kozmer for creating the Lock machine:
https://app.hackthebox.com/users/13569
https://app.hackthebox.com/users/637320
Have a question you want answered in a future video? A challenging or interesting problem you need you want to see solved? Constructive feedback? Then comment, DM me, or send an email to ask@saturdaymp.com.
Found this video useful? Then help others find it by liking, subscribing, sharing, and/or sponsoring:
https://github.com/sponsors/saturdaymp
Thank you for watching!