Giddy

2456789

Comments

  • @TazWake said:
    What error are you getting? I think something on the box has broken as an hour ago I could get "in" through this and now it just says cannot establish a connection to the destination computer.

    that happened to me earlier today. i had to reset the box in order to make it work.

  • someone who rooted giddy please pm me!

  • i am still working user lol. lates see how far i get!

    Arrexel
    OSCP | OSCE half way!

  • @Marantral said:
    I think I know where to start. I just haven't got a foot hold yet. Think Powershell.

    i think that is rabbit whole lol.. if it not let me know i though about it as well

    Arrexel
    OSCP | OSCE half way!

  • edited September 2018

    Edit: No flags yet, but I now have valid login credentials. This is one of those boxes where if you're not aware of the existence of a certain technique... You'll bang your head on the keyboard for hours and get nowhere. There's no way to guess it unless you've already seen it before. Willing to spread the love and give hints. Just PM me.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • Ok so noticed the RDP port and that it needs CredSSP have no idea if that a rabbit hole or something found some vulns for it but none seems to work or have errors while compiling if anyone is on user hints would be great

  • edited September 2018

    Edit: Never mind. Figured that issue out.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • Yo i am trying to log on "''''te with credentials from giddy but it is telling me unathorized amean can some one tell me why it is not taking the creds?

    Arrexel
    OSCP | OSCE half way!

  • Managed to get logged in as s***y via a technique on my Windows box however I can't get it to work using powershell on linux - anyone know a work around to get it to work on linux?

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • Any way to bypass/escape constrained mode or am I looking for the wrong thing?

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • @>; @opt1kz said:

    Any way to bypass/escape constrained mode or am I looking for the wrong thing?

    Also stuck on this...

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • You can escape that mode using some installed dev tools ;-)
    But then there is always the AV and group policies :-/

    I wonder if those .b** files are of any interest

    Also found a troll on the box

  • Too many people on the session, I have to wait to create a session.

    Arrexel

  • @seepckoa check you have logged in correctly, sometimes a slightly incorrect use of credentials appears to login but doesn't login.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I have the right login and the good password I know, there's too much nobody in the session.

    Arrexel

  • 'S****' has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.

    Arrexel

  • ah - I'd not seen that error. Nightmare.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I managed to access :) I managed to access :) but no powershell access

    Arrexel

  • Got user and a stable access now (had to use a windows attack box) - but are having issues with priv esc... anyone who got root on Giddy please PM - i would like to discuss my approach for getting closer to priv esc.

    ninpox

  • "****** has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.". I need to wait, or I can bypass this?

  • edited September 2018

    Fully rooted with stable admin shell. Awesome box. Learned a lot.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

  • edited September 2018

    I have a shell :D

    Arrexel

  • For now I am stucked at escape from limited access that you have from web interface. Any hint?

  • @zyaya said:
    For now I am stucked at escape from limited access that you have from web interface. Any hint?

    +1 . anyone with some suggestions ?

  • Rooted! What a journey lol... Fun box but certainly not my favourite, had me banging my head far too many times.

    If anyone needs a hint catch me on mattermost... mochan

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • Has anyone done this box without a windows attack box? I run mac and vms of kali do not have a copy of windows to use for a challenge without pirating which is not a good thing to be doing.

  • @genxweb said:
    Has anyone done this box without a windows attack box? I run mac and vms of kali do not have a copy of windows to use for a challenge without pirating which is not a good thing to be doing.

    https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

    You can download legitimate windows VM's there for trial use. I solely run linux with a kali vm. When I need windows, that link is where I get mine from.

  • @epi said:

    @genxweb said:
    Has anyone done this box without a windows attack box? I run mac and vms of kali do not have a copy of windows to use for a challenge without pirating which is not a good thing to be doing.

    https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

    You can download legitimate windows VM's there for trial use. I solely run linux with a kali vm. When I need windows, that link is where I get mine from.

    Thanks will do that.

  • edited September 2018

    Ended up doing all stuff from linux attack box, seems that my browser session was buggy, got stable web shell via linux box.

    Liked the initial foothold on this box, but getting priv esc /root was a bit too ..... easy in my opinion going for the flag.

    ninpox

  • so i have the username computer name cracked hashes which game password.

    when i try using those to log on /****** P*****ll i it says anothorized, can some pm me please. ?

    Arrexel
    OSCP | OSCE half way!

Sign In to comment.