Use native binaries already present on the target OS (built-in utilities like certutil , powershell , or bash ) to bypass application whitelisting.
Using the SharePoint vulnerability, we can create a malicious file to upload to the server. After crafting our exploit, we can use a tool like msfvenom to create a reverse shell: hackthebox red failure
Once we have the Meterpreter session, we can explore the system and escalate privileges as needed. For this box, we can simply use the getsystem command to gain system access. Use native binaries already present on the target