Executive Summary
JobTwo is a Windows Server 2022 machine that simulates a realistic corporate phishing and privilege escalation scenario. The attack chain begins with a job posting website that solicits Word document CVs via email. By crafting a macro-embedded .docm file and sending it to the HR email address, we obtain an initial foothold as user julian. From there, we discover hMailServer installed on the box, extract and crack a password hash from its database to pivot to user ferdinand (user flag). Finally, we exploit CVE-2023-27532 - an unauthenticated credential leak and RCE vulnerability in Veeam Backup & Replication - to execute commands as NT AUTHORITY\SYSTEM and retrieve the root flag.
Table of Contents
Reconnaissance
Web Enumeration











