Machine Synopsis

Reaper is an Insane Windows machine that begins with an exposed FTP service. Within the FTP share resides a Windows binary vulnerable to both format-string and buffer-overflow attacks. By exploiting these flaws, an attacker can leak sensitive memory regions, hijack the program’s execution flow, and ultimately obtain a reverse shell on the target as the user `keysvc`. After gaining initial access, the attacker discovers a file containing a DPAPI blob. Once decrypted, this blob provides valid credentials for RDP access as `keysvc`. Continued enumeration reveals a custom kernel driver present and actively running on the system. Through reverse-engineering the driver, the attacker determines that it permits arbitrary kernel-level writes. Leveraging this capability, the attacker is able to steal a privileged token and escalate to a full SYSTEM shell (`NT AUTHORITY\SYSTEM`).