Machine Synopsis

Rainbow is a medium-difficulty Windows machine exposing FTP and HTTP services on ports `21` and `80` & `8080` respectively. From the FTP server, we can retrieve the web server binary and a PowerShell restart script, which is used to relaunch the server in the event of a crash automatically. The HTTP service on port `8080` is vulnerable to an SEH-based buffer overflow and exploiting this yields code execution as the `rainbow` user. Because `rainbow` is a member of the Administrators group, we achieved full elevation by bypassing UAC via the FodHelper technique.