I competed in immersive labs CTF.
The machine that I was able to get user compromise for was “The source of all evil”
SMB was open, I was able to access it without creds. In the creds there was a default password stored that I was able to use. After finding a user list
I went through the users and the password and found a match. After loggin into the smb share through that username and password I was able to find the flag
From there we were able to work to get root compromise