Hackthebox - Granny / Grandpa

From nmap, there is http service on port 80.

It says it is under construction.

We can see that it runs Microsoft IIS 6.0 from nmap. I use exploit/windows/iis/iis_webdav_scstoragepathfromurl in msf, and we get login with NT AUTHORITY\NETWORK SERVICE.

Later, we use module post/multi/recon/local_exploit_suggester to get suggestion for privilege escalation. After using module windows/local/ms14_070_tcpip_ioctl, we are NT AUTHORITY\SYSTEM.