So I recently got a shell on grandpa but after looking through nearly every directory I couldn’t find the user.txt. Any help or hints would be much appreciated, thanks


  • I sent you a pm in the CLI
    just type message berzerk0 to reply

  • the user.txt file will always be in the c:\somepath\$some_username_here\Desktop\. Someone might have deleted the flag, so I recommend resetting the box and trying again.

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: <3

  • c: document and setting\$username\Desktop

  • its asking admin priv i cant bybass ? help me

  • I got both proof user.txt when I got the system account.

  • It's in the Desktop of the user present in Documents and Settings folder.

    Hack The Box

    Don't let the box pwn you!!

  • i can't escalate privilege any help plz

  • Did this get retired just last night / today? I was working away on it and thought I was almost there - logged on today and it's gone :(

    Hack The Box

  • edited October 2017

    Was retired last week. Optimum was retired last night. The Grandpa machine is still available for free users until next Saturday.

    Once a machine is retired, it remains available for 2 weeks. After that need VIP to access it.

  • Did anyone succeeded without metasploit?

  • @viking1989 said:
    Did anyone succeeded without metasploit?



  • Hi guys, I am trying to upload a file to Grandpa in the very same way as i did to Granny, however, for some reason it does not work. Also, Grandpa fails all uploads from davtest. Am I missing something?

  • Check the write-ups/videos. Grandpa and Granny don't have the same route to user. Can't really give more of a hint without spoiling it, and if i spoil it you would be better off just reading or watching a video.

  • edited January 2018

    Crawling for the flags. Many thanks for the direction.

  • Hi, just subscribed to VIP to do some more Windows machines. I did Blue with and without Metasploit, then Grandpa with Metasploit. I can see that Grandma had a way to upload a webshell, but Grandpa seems more restrictive and I'm not sure how that can be done. Anyone willing to help me quickly in exploiting Grandpa without Metasploit (initial shell with Network Service privileges and possibly PrivEsc? @ippsec or @Agent22.
    Let me know if you are willing to help me on this
    Thanks in advance


  • Nevermind, I had some luck and a publicly available python script worked and I got a session in multi/handler


Sign In to comment.