Machine Synopsis

Axlle is a hard Windows machine that starts with a website on port `80`. The site, informs potential users that it's down for maintenance but Excel invoices that need processing can be sent over through email and they will get reviewed. An attacker is able to craft a malicious `XLL` file to bypass security checks that are in place and perform a phising attack. Once the attacker has code execution on the machine, he is able to create a malicious `.url` file that the user `dallon.matrix` will execute and will get comprised. This user, is member of a group that can change the password of the user `jacob.greeny` and use WinRM afterwards to authenticate as `jacob.greeny`. Finally, that user is a member of the `App Devs` group and the `StandaloneRunner` binary has been automated and it's running as `SYSTEM`. The attacker is able to exploit that automation and get a shell as the `Administrator` user.