# Using the exploit

![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FjuvAIE38QyKU48cbkH7W%2FUsing%20the%20exploit%20to%20log%20in%20as%20nekrotic.PNG?alt=media\&token=ad54c7dd-8e4f-4904-9700-2c74c3747e5f)

Using the exploit to login as the user "nekrotic"

![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2Fpqf8swHXCLK20u0XZI1A%2FLooking%20at%20the%20user%20desktop%20to%20find%20the%20neccesary%20flags.PNG?alt=media\&token=8967c1ab-3170-4a72-a07c-a6fcba9c648a)

Looking at the user desktop to see find the flags. In this instance I was only able to look at the user .txt flag, I had to do something else to get the root.txt flag.

![Wont let me open root.txt file](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FCT0zPC0upDh0KyOW7JbP%2FWont%20let%20me%20open%20the%20root%20one.PNG?alt=media\&token=ff47a034-4eb9-4137-a482-0a909c852121)

-ERR no reply means I could not open the root.txt file. I needed privileges