Giddy

1356789

Comments

  • Forgot to mention this box is able to be completed without a Windows attack box.

    I had some issues getting Powershell Web Access to work but it was cause I was missing some simple things in the username field.

    Mochan

    Checkout my Dropbox of Goodies >> https://www.dropbox.com/sh/ba0t59c5fnccgms/AACvUbUSflWB1_AAgj8okEUra?dl=0

    [CCNA R&S] [OSCP - In Progress] [Security+ - In Progress]

  • @crysthoffer said:
    "****** has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.". I need to wait, or I can bypass this?

    its 2 active user(sessions) allowed not more (its WIndows thing), so maybe you have to wait more time on free servers

    r4bit

  • I'm stucked on priv esc, can anyone help me? Pm please

    Arrexel

  • edited September 2018

    Ok after retrieving root flag...decided to go after a real root/system shell... and just verified successfully reverse shell is indeed possible :)

    A small hint for Priv Esc - basic enumeration/research and its right in front of you

    ninpox

  • Very nice machine. Easy to read the file once you know the path. Learned a lot in the initial steps to user. I went back modified the code I wrote to add myself to the machine as an administrator for poops and giggles.

  • I'll leave my review here. The machine was outstanding good and hard, learned a ton from it. Now to the part were i give some kind of usefull hint, for everyone that is trying to abuse the Common Factor attack that you already located you need to abuse it in a type of a different way to achieve getting what you need(Creds). Take a look into that page,http://www.patrickkeisler.com/2012/11/how-to-use-xpdirtree-to-list-all-files.html i have to say that this one is a major spoil for undergoind the whole machine process, so everyone that is overly dramatic either take your eyes away from it, or report it as SPOIL.

    Hack The Box

  • anyone rooted this box I can PM? I know what I have to do but for some strange reason the exploit does not seem to work.

  • Really nice machine. Respect to @lkys37en

  • edited September 2018

    Update: NVM, got user.txt

  • Nice box, logging in was sporadic tho

  • been on privesc for 2-3 days now. i know what im able to do and what i can read, found a few interesting things but not anything i can use... im now a bit blinded by it all and struggling to move forward

    is there anyone will to discuss with me over pm?

  • edited September 2018

    delicious box

  • Rooted... From my point of view this box has been the most similar to a production environment.. I liked a lot.. good job to the machine maker

  • I've managed to get the classic Windows hash through Res*****r and xp_****** of \G****\s***y, but cracking it with john I get 'NO PASSWORD', so doesn't seem to me the right road.

    Any hints? :anguished:

  • @iswearimnotalu said:
    I've managed to get the classic Windows hash through Res*****r and xp_****** of \G****\s***y, but cracking it with john I get 'NO PASSWORD', so doesn't seem to me the right road.

    Any hints? :anguished:

    Try with the most used wordlist. You're on the right track

  • edited September 2018

    @iswearimnotalu said:
    I've managed to get the classic Windows hash through Res*****r and xp_****** of \G****\s***y, but cracking it with john I get 'NO PASSWORD', so doesn't seem to me the right road.

    Any hints? :anguished:

    Use hashcat with rockyou.txt and best64.rule ;)

  • edited September 2018

    @Phr33fall said:

    @iswearimnotalu said:
    I've managed to get the classic Windows hash through Res*****r and xp_****** of \G****\s***y, but cracking it with john I get 'NO PASSWORD', so doesn't seem to me the right road.

    Any hints? :anguished:

    Use hashcat with rockyou.txt and best64.rule ;)

    Thanks!! Now I've to figure out where user:pass work, since "I have to contact the gateway administrator"

    EDIT: nvm, got it! Needed to reset :D

  • Simply wow! I am loving this machine. What a way to get to user. Cheers @lkys37en

  • Hey, I've managed to access the app and web PS but I couldn't find a genuine user, I know a genuine user from the error messages, am I going in the right direction? bruteforce this user creds?

  • Hi, i'm stuck with the xp_****** syntax, somebody is available in PM to help me ?
    tks a lot

  • Stuck on privesc; i followed basic privilege escalation tutorials but I could not come up with anything useful. Ideas?

  • edited September 2018

    Why Re******r doesn't work? Any help?

    Edit (1): got user.txt!
    Any tips for priv esc?

    Edit (2): root dance!

    Thank you for your help!!!
    here for hints! Just PM me

  • @iswearimnotalu said:

    @Phr33fall said:

    @iswearimnotalu said:
    I've managed to get the classic Windows hash through Res*****r and xp_****** of \G****\s***y, but cracking it with john I get 'NO PASSWORD', so doesn't seem to me the right road.

    Any hints? :anguished:

    Use hashcat with rockyou.txt and best64.rule ;)

    Thanks!! Now I've to figure out where user:pass work, since "I have to contact the gateway administrator"

    EDIT: nvm, got it! Needed to reset :D

    dude dis guys letry put every on the machine WTF>>> this fricking sploiler man you actualy told every body what to do lol :))))))))))))))))))))))))))))

    i got user about go for privsac.

    Arrexel
    OSCP | OSCE half way!

  • Hey, I think I have found some interesting files for user that might contain credentials but I can't really read them and I'm stuck. If anyone could help me out I would appreciate it

  • I got foothold & am dumping, found a few other owasp top 10s (critical). Could use some guidance from someone who has beaten it. Also wondering if giddy is linked to another box im working on where Ive obtained what appears to be ddns sec hash or ripe320

  • Rooted. Thanks to my bros!!!

    This is one of the boxes that if you know the technology, you will know what to do but if you don't you will be bashing your head against the keyboard.

    Can only say -

    Initial foothold - typical enum. Try adding '.... and look at Frey's Comment on 24 Sep.
    On Privesc - Hint in first folder you see, just dig.

    Goodluck and all the best!!!

    wilsonnkwanl

  • Anyone able to log in p***. I am getting an error related to ga***** which is not allowing me in. Any insight?

    3zCulprit

  • can someone give me a hand with my U***N S*****T xp_*******l syntax, got code execution but can seem to get the syntax right

  • @badman89 said:
    can someone give me a hand with my U***N S*****T xp_*******l syntax, got code execution but can seem to get the syntax right

    Sure, you can DM me

  • Does the initial foothold have something to do with xp_******ll or xp_****ee? Been playing around with it for hours but can't figure out how to get it to function.

Sign In to comment.