Giddy

@opt1kz with the caveat that I don’t have any flags on this box so I might be completely wrong, the only useful thing I got from attacking MVC itself was the username but pages can be exploited to give you something more useful. If that makes sense.

Anyone able to drop a hint on bypassing PWSA auth rules? I have a username and pass but stuck…

What error are you getting? I think something on the box has broken as an hour ago I could get “in” through this and now it just says cannot establish a connection to the destination computer.

@TazWake said:
What error are you getting? I think something on the box has broken as an hour ago I could get “in” through this and now it just says cannot establish a connection to the destination computer.

that happened to me earlier today. i had to reset the box in order to make it work.

someone who rooted giddy please pm me!

i am still working user lol. lates see how far i get!

@Marantral said:
I think I know where to start. I just haven’t got a foot hold yet. Think Powershell.

i think that is rabbit whole lol… if it not let me know i though about it as well

Edit: No flags yet, but I now have valid login credentials. This is one of those boxes where if you’re not aware of the existence of a certain technique… You’ll bang your head on the keyboard for hours and get nowhere. There’s no way to guess it unless you’ve already seen it before. Willing to spread the love and give hints. Just PM me.

Ok so noticed the RDP port and that it needs CredSSP have no idea if that a rabbit hole or something found some vulns for it but none seems to work or have errors while compiling if anyone is on user hints would be great

Edit: Never mind. Figured that issue out.

Yo i am trying to log on "’’’'te with credentials from giddy but it is telling me unathorized amean can some one tell me why it is not taking the creds?

Managed to get logged in as s***y via a technique on my Windows box however I can’t get it to work using powershell on linux - anyone know a work around to get it to work on linux?

Any way to bypass/escape constrained mode or am I looking for the wrong thing?

@> @opt1kz said:

Any way to bypass/escape constrained mode or am I looking for the wrong thing?

Also stuck on this…

You can escape that mode using some installed dev tools :wink:
But then there is always the AV and group policies :-/

I wonder if those .b** files are of any interest

Also found a troll on the box

Too many people on the session, I have to wait to create a session.

@seepckoa check you have logged in correctly, sometimes a slightly incorrect use of credentials appears to login but doesn’t login.

I have the right login and the good password I know, there’s too much nobody in the session.

‘S****’ has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.

ah - I’d not seen that error. Nightmare.