Hi,
I’m stuck with CTF 1 (the first lab) flag 4. I have been trying for days with not luck. I compromised the web.prod machine pivoting from server.prod. I was able to open a session using Evil-WINRM. I even have powershell session opened on web.prod. I did even exploit a script and elevated the credentials to administrative.
The task says flag 4 is available on C drive. I was able to browse the entire file system but nothing was there. I browsed all possible folders even hidden ones. I ran a search task with recursive on all folders including hidden ones and couldn’t find flag 4.
Please tell me where is it located?