Giddy

Edit: No flags yet, but I now have valid login credentials. This is one of those boxes where if you’re not aware of the existence of a certain technique… You’ll bang your head on the keyboard for hours and get nowhere. There’s no way to guess it unless you’ve already seen it before. Willing to spread the love and give hints. Just PM me.

Ok so noticed the RDP port and that it needs CredSSP have no idea if that a rabbit hole or something found some vulns for it but none seems to work or have errors while compiling if anyone is on user hints would be great

Edit: Never mind. Figured that issue out.

Yo i am trying to log on "’’’'te with credentials from giddy but it is telling me unathorized amean can some one tell me why it is not taking the creds?

Managed to get logged in as s***y via a technique on my Windows box however I can’t get it to work using powershell on linux - anyone know a work around to get it to work on linux?

Any way to bypass/escape constrained mode or am I looking for the wrong thing?

@> @opt1kz said:

Any way to bypass/escape constrained mode or am I looking for the wrong thing?

Also stuck on this…

You can escape that mode using some installed dev tools :wink:
But then there is always the AV and group policies :-/

I wonder if those .b** files are of any interest

Also found a troll on the box

Too many people on the session, I have to wait to create a session.

@seepckoa check you have logged in correctly, sometimes a slightly incorrect use of credentials appears to login but doesn’t login.

I have the right login and the good password I know, there’s too much nobody in the session.

‘S****’ has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.

ah - I’d not seen that error. Nightmare.

I managed to access :slight_smile: I managed to access :slight_smile: but no powershell access

Got user and a stable access now (had to use a windows attack box) - but are having issues with priv esc… anyone who got root on Giddy please PM - i would like to discuss my approach for getting closer to priv esc.

“****** has reached the maximum allowed number of sessions per user. To start a new session, the user must first sign out from another session.”. I need to wait, or I can bypass this?

Fully rooted with stable admin shell. Awesome box. Learned a lot.

I have a shell :smiley:

For now I am stucked at escape from limited access that you have from web interface. Any hint?

@zyaya said:
For now I am stucked at escape from limited access that you have from web interface. Any hint?

+1 . anyone with some suggestions ?