Type your comment> @gurbanli said:
Rooted. User part was difficult than root part. But root part was long
Hints:
Foothold: Abuse pi functionality with well-known OWASP attack and bypass WAF
User1: Enumerate with what you have in order to get what you need
User2: look who you are and which processes are running
User3: Reverse it
User4: Standard AD Attack with imp****
Root: Standard windows privilege escalation
Oh god… Im so stupid, I had user3 all along.