Giddy

Let's discuss on the Giddy Machine

xMagass

«13456789

Comments

  • still only 5 people got root.. that seems like a hard one, once again

  • Any one got the initial foothold?

  • have been working on it got some enumeration still cannot figure out where to start ... dosen't seem much hard the only thing is to get the initial foot in the right direction ...

  • I dont know if I'm in the correct path or some rabbit hole. Been able to exploit a clear vulnerability but cant gain much information from that specific exploit. Any hints would be appreciated,

  • I think I know where to start. I just haven't got a foot hold yet. Think Powershell.
  • I find a vulnerability known enough, I have access to a lot of things

  • @SYNDROME said:
    I dont know if I'm in the correct path or some rabbit hole. Been able to exploit a clear vulnerability but cant gain much information from that specific exploit. Any hints would be appreciated,

    In the same boat. I have a bad feeling it's a rabbit hole based on where the infrastructure surrounding the exploit came from...

  • @stonepresto said:

    @SYNDROME said:
    I dont know if I'm in the correct path or some rabbit hole. Been able to exploit a clear vulnerability but cant gain much information from that specific exploit. Any hints would be appreciated,

    In the same boat. I have a bad feeling it's a rabbit hole based on where the infrastructure surrounding the exploit came from...

    True. It cant be that easy. That's my feeling

  • Inital vuln does give some good contextual info but not sure it's the whole thing. Must be missing something obvious?

  • getting user.txt was quite straight if you found something often seen on one service, then got some interaction from it with yourself, and the result to be used on another service.

    heading for root now ;)

  • @spoppi what are you using for vulnerability identification / enumeration. Everything I have been using has been stupid slow (most likely due to high utilization of people trying to crack the box)
  • @Marantral nothing special, just usual tools like nmap, gobuster/dirbuster. Then I've done it mostly manually to achieve user.

  • I have a bunch of creds that are obfuscated in a very bizzare way and I have no idea how to go about cracking / decoding them. @spoppi May I pm you for a sanity check?
  • edited September 2018

    user is done, I think giddy.jpg is actually an extremely subtle hint but not a necessary one. Don't get stuck trying to enumerate every little thing. Once you've found something, focus on taking that vector a step further.

  • look for hidden directories

  • Found a store and well I tried the obvious when trying to get something from a online store but I am guessing its a rabbit hole since I can't find nothing or dont know what Im looking for

  • @dmcxblue said:
    Found a store and well I tried the obvious when trying to get something from a online store but I am guessing its a rabbit hole since I can't find nothing or dont know what Im looking for

    i tried the same, but getting errors that are not allowing me to exploit. maybe manual way is needed

  • what wordlists are you guys using? If the answer can be considered a spoiler, nevermind.

  • edited September 2018

    @tt0t3s said:
    what wordlists are you guys using? If the answer can be considered a spoiler, nevermind.

    For initial enum gobuster and small is all you need.

  • edited September 2018

    @denials3c said:

    @tt0t3s said:
    what wordlists are you guys using? If the answer can be considered a spoiler, nevermind.

    For initial enum gobuster and small is all you need.

    And for moving to user? Not sure if the vector I have in mind is valid though

  • Using gobuster i only found xxxoxe but i dont have creds... what can i do?

  • Try the dirbuster lists.

  • Is MVC a rabbit hole?

  • Mmm so I have found MVC & the other things running on https

    Also found a typical OWASP Top 10 Vuln on MVC but not finding any exploit path, anyone able to help?

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • I was able to get the password for the user but when I use it it looks like the "new session" always give internal error :(

    I tried to use the creds using some other linux tools and libraries without success.
    Should I insist on that interface ? What I'm doing wrong ?

  • @devloop said:
    I was able to get the password for the user but when I use it it looks like the "new session" always give internal error :(

    I tried to use the creds using some other linux tools and libraries without success.
    Should I insist on that interface ? What I'm doing wrong ?

    I'm in the same boat as you. Stucked on this step.

  • edited December 2018

    Is Spoiler Removed - egre55 a rabbit hole? Haven't been able to pull anything useful out of it so far, apart from a username.

    opt1kz

  • @opt1kz with the caveat that I don't have any flags on this box so I might be completely wrong, the only useful thing I got from attacking MVC itself was the username but pages can be exploited to give you something more useful. If that makes sense.

  • Anyone able to drop a hint on bypassing PWSA auth rules? I have a username and pass but stuck...

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • What error are you getting? I think something on the box has broken as an hour ago I could get "in" through this and now it just says cannot establish a connection to the destination computer.

Sign In to comment.