Love is a Easy difficulty Windows machine that hosts two web servers. One of them replies with a Forbidden error, however disclosing an internal staging sub-domain, while the other one is vulnerable to SSRF and allows to enumerate the first. Exploitation of the SSRF permit to obtain valid credentials in order to access a restricted area vulnerable to Arbitrary File Upload and thus to Remote Code Execution. Once obtained a reverse shell the local enumeration of the target reveals that both the machine and the compromised user has the AlwaysInstallElevated attribute enabled, allowing to install a malicious .msi binary in order to elevate privileges to SYSTEM.