User flag
Use my implementation of CVE-2023-38146 to generate a malicious Windows 11 theme and upload it to the machine. This should get you the user shell.
Root flag
After looking around for stuff on the machine, I found a PDF file in the C:/Users/sam.emerson/Documents
folder that says something about CVE-2023-28252. ๐
So, I compiled it and replaced notepad.exe
with a reverse shell executable, compiled it using Visual Studio and gained the system shell. Easy machine.