Giddy

I got a username but a feel stuck on my way to user. What now?

It’s true that payloads created by msfvenom will fail, if used ‘as is’. But there is some sort of ‘post processing’ you can do to make them stealthier. Then it works, this was my method of choice here … and on other Windows boxes than use similar protections.

I learned it from an ippsec video of a HTB box that shares some features with Giddy.

Is there a possibility to get a shell without using MSFVenom and just use a simple binary that works most of the times

Edit: Able to upload binaries, but somehow not able to execute them

Edit: BInary upload is not required. A nice box. Cheers to the maker

Rooted! Great box, thanks to the creator!
As mentioned above don’t waste time to get reverse shell. Powershell has all needed to trigger your stuff. And of course Enumeration is the key )

Fuckkkk, It was being hard for me. Excelent Box and thanks for this lab I have learned a lot!!!

Snowman418 was right in everything

could someone give me a nudge in the right direction for the initial foothold? i managed to inject something but the information i got out of it was useless. all the stuff i enumerated seems to lead nowhere aside from the one thing where i don’t have credentials for. any help would be greatly appreciated!

That was an awesome box. Privesc ended up being pretty simple, but learnt some more post-exploitation enumeration tricks!

I am stuck with the xp_*** ,i cant execute in the where clause. Send Me a PM

I need help please !

So i finally got root on this bad boy, thanks for a fun box! I am not 100% sure the way I did it was the intended method however… someone else who’s done it mind pm’ing me to compare methods?

@s4rgey said:
Rooted! Great box, thanks to the creator!
As mentioned above don’t waste time to get reverse shell. Powershell has all needed to trigger your stuff. And of course Enumeration is the key )

what about the suggested exploit as suggested by whats in front of me (to do with something that not where it should be)

Can someone drop my a PM to make sure I’m not way off track. I found a very common vuln and managed to grab some creds from M********** table but not sure how to use them. Don’t want to give spoilers so please DM for more info. Thanks

Rooted , awesome learning :slight_smile:

Feel free to PM me if you are running into problems.

Great machine! I learned a lot on this one, used a lot of new tools… Probably one of the my favorite machines so far…

@TheBull369 said:
Great machine! I learned a lot on this one, used a lot of new tools… Probably one of the my favorite machines so far…

Indeed, great machine. Many thanks to @lkys37en for it.
And @snowman418 for pointing to the right direction.

Vista and SuperiorCard … love it

Does priv esc require a restart? My current user isn’t allowed to do this. I therefore wonder if I’m off track.

I found this to be very useful once you have an idea of the PE vector (and if you are a complete noob to powershell like I was 24 hours ago) Microsoft PowerShell for Beginners - Video 1 Learn PowerShell - YouTube

Solved. Now onto root.