Giddy

@tt0t3s said:
what wordlists are you guys using? If the answer can be considered a spoiler, nevermind.

For initial enum gobuster and small is all you need.

@denials3c said:

@tt0t3s said:
what wordlists are you guys using? If the answer can be considered a spoiler, nevermind.

For initial enum gobuster and small is all you need.

And for moving to user? Not sure if the vector I have in mind is valid though

Using gobuster i only found xxxoxe but i dont have creds… what can i do?

Try the dirbuster lists.

Is MVC a rabbit hole?

Mmm so I have found MVC & the other things running on https

Also found a typical OWASP Top 10 Vuln on MVC but not finding any exploit path, anyone able to help?

I was able to get the password for the user but when I use it it looks like the “new session” always give internal error :frowning:

I tried to use the creds using some other linux tools and libraries without success.
Should I insist on that interface ? What I’m doing wrong ?

@devloop said:
I was able to get the password for the user but when I use it it looks like the “new session” always give internal error :frowning:

I tried to use the creds using some other linux tools and libraries without success.
Should I insist on that interface ? What I’m doing wrong ?

I’m in the same boat as you. Stucked on this step.

Is Spoiler Removed - egre55 a rabbit hole? Haven’t been able to pull anything useful out of it so far, apart from a username.

@opt1kz with the caveat that I don’t have any flags on this box so I might be completely wrong, the only useful thing I got from attacking MVC itself was the username but pages can be exploited to give you something more useful. If that makes sense.

Anyone able to drop a hint on bypassing PWSA auth rules? I have a username and pass but stuck…

What error are you getting? I think something on the box has broken as an hour ago I could get “in” through this and now it just says cannot establish a connection to the destination computer.

@TazWake said:
What error are you getting? I think something on the box has broken as an hour ago I could get “in” through this and now it just says cannot establish a connection to the destination computer.

that happened to me earlier today. i had to reset the box in order to make it work.

someone who rooted giddy please pm me!

i am still working user lol. lates see how far i get!

@Marantral said:
I think I know where to start. I just haven’t got a foot hold yet. Think Powershell.

i think that is rabbit whole lol… if it not let me know i though about it as well

Edit: No flags yet, but I now have valid login credentials. This is one of those boxes where if you’re not aware of the existence of a certain technique… You’ll bang your head on the keyboard for hours and get nowhere. There’s no way to guess it unless you’ve already seen it before. Willing to spread the love and give hints. Just PM me.

Ok so noticed the RDP port and that it needs CredSSP have no idea if that a rabbit hole or something found some vulns for it but none seems to work or have errors while compiling if anyone is on user hints would be great

Edit: Never mind. Figured that issue out.

Yo i am trying to log on "‘’''te with credentials from giddy but it is telling me unathorized amean can some one tell me why it is not taking the creds?