Giddy

You can escape that mode using some installed dev tools :wink:
But then there is always the AV and group policies :-/

I wonder if those .b** files are of any interest

Also found a troll on the box

Too many people on the session, I have to wait to create a session.

@seepckoa check you have logged in correctly, sometimes a slightly incorrect use of credentials appears to login but doesn’t login.

I have the right login and the good password I know, there’s too much nobody in the session.

‘S****’ has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.

ah - I’d not seen that error. Nightmare.

I managed to access :slight_smile: I managed to access :slight_smile: but no powershell access

Got user and a stable access now (had to use a windows attack box) - but are having issues with priv esc… anyone who got root on Giddy please PM - i would like to discuss my approach for getting closer to priv esc.

“****** has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.”. I need to wait, or I can bypass this?

Fully rooted with stable admin shell. Awesome box. Learned a lot.

I have a shell :smiley:

For now I am stucked at escape from limited access that you have from web interface. Any hint?

@zyaya said:
For now I am stucked at escape from limited access that you have from web interface. Any hint?

+1 . anyone with some suggestions ?

Rooted! What a journey lol… Fun box but certainly not my favourite, had me banging my head far too many times.

If anyone needs a hint catch me on mattermost… mochan

Has anyone done this box without a windows attack box? I run mac and vms of kali do not have a copy of windows to use for a challenge without pirating which is not a good thing to be doing.

@genxweb said:
Has anyone done this box without a windows attack box? I run mac and vms of kali do not have a copy of windows to use for a challenge without pirating which is not a good thing to be doing.

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

You can download legitimate windows VM’s there for trial use. I solely run linux with a kali vm. When I need windows, that link is where I get mine from.

@epi said:

@genxweb said:
Has anyone done this box without a windows attack box? I run mac and vms of kali do not have a copy of windows to use for a challenge without pirating which is not a good thing to be doing.

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

You can download legitimate windows VM’s there for trial use. I solely run linux with a kali vm. When I need windows, that link is where I get mine from.

Thanks will do that.

Ended up doing all stuff from linux attack box, seems that my browser session was buggy, got stable web shell via linux box.

Liked the initial foothold on this box, but getting priv esc /root was a bit too … easy in my opinion going for the flag.

so i have the username computer name cracked hashes which game password.

when i try using those to log on /****** P*****ll i it says anothorized, can some pm me please. ?

Forgot to mention this box is able to be completed without a Windows attack box.

I had some issues getting Powershell Web Access to work but it was cause I was missing some simple things in the username field.