Type your comment> @ssklash said:
Finally got root, but more through trial and error than anything else. Could anyone else PM their enumeration process for the vulnerable service? Not sure if there’s a systematic way people are finding it or just luck/bruteforce.
Me too. Although I can write a pseudo script which can find that service, and I have found the instructions which are needed for the implementation, but I have no practice in Powershell.
The privilege escalation phase (including discovery) is superb. Thanks @TRX.