Giddy

Let’s discuss on the Giddy Machine

still only 5 people got root… that seems like a hard one, once again

Any one got the initial foothold?

have been working on it got some enumeration still cannot figure out where to start … dosen’t seem much hard the only thing is to get the initial foot in the right direction …

I dont know if I’m in the correct path or some rabbit hole. Been able to exploit a clear vulnerability but cant gain much information from that specific exploit. Any hints would be appreciated,

I think I know where to start. I just haven’t got a foot hold yet. Think Powershell.

I find a vulnerability known enough, I have access to a lot of things

@SYNDROME said:
I dont know if I’m in the correct path or some rabbit hole. Been able to exploit a clear vulnerability but cant gain much information from that specific exploit. Any hints would be appreciated,

In the same boat. I have a bad feeling it’s a rabbit hole based on where the infrastructure surrounding the exploit came from…

@stonepresto said:

@SYNDROME said:
I dont know if I’m in the correct path or some rabbit hole. Been able to exploit a clear vulnerability but cant gain much information from that specific exploit. Any hints would be appreciated,

In the same boat. I have a bad feeling it’s a rabbit hole based on where the infrastructure surrounding the exploit came from…

True. It cant be that easy. That’s my feeling

Inital vuln does give some good contextual info but not sure it’s the whole thing. Must be missing something obvious?

getting user.txt was quite straight if you found something often seen on one service, then got some interaction from it with yourself, and the result to be used on another service.

heading for root now :wink:

@spoppi what are you using for vulnerability identification / enumeration. Everything I have been using has been stupid slow (most likely due to high utilization of people trying to crack the box)

@Marantral nothing special, just usual tools like nmap, gobuster/dirbuster. Then I’ve done it mostly manually to achieve user.

I have a bunch of creds that are obfuscated in a very bizzare way and I have no idea how to go about cracking / decoding them. @spoppi May I pm you for a sanity check?

user is done, I think giddy.jpg is actually an extremely subtle hint but not a necessary one. Don’t get stuck trying to enumerate every little thing. Once you’ve found something, focus on taking that vector a step further.

look for hidden directories

Found a store and well I tried the obvious when trying to get something from a online store but I am guessing its a rabbit hole since I can’t find nothing or dont know what Im looking for

@dmcxblue said:
Found a store and well I tried the obvious when trying to get something from a online store but I am guessing its a rabbit hole since I can’t find nothing or dont know what Im looking for

i tried the same, but getting errors that are not allowing me to exploit. maybe manual way is needed

what wordlists are you guys using? If the answer can be considered a spoiler, nevermind.

@tt0t3s said:
what wordlists are you guys using? If the answer can be considered a spoiler, nevermind.

For initial enum gobuster and small is all you need.