I though i was going to miss the chance to get root in this challenging box but, i could. i learned tons. Enumeration is the key, also i tried several AV evasion techniques, Veil, hyperion, encryption… but no one of them worked, unless a simple C# script did the work… The thing is the connection is not stable enough to carry a meterpreter i think…
yes, this is sad that machine is going to be retired.
I think I just about have this one rooted. Can someone give me a nudge on getting t********* to execute correctly?
Fun box. I tried it after watching IppSec’s walkthrough. Few points regarding the walkthru that might help if you are a noob like me
-
IppSec’s vid is pretty good, but I suggest going through his full vid before you try attempting his techniques. He had quite a few trial and error and it’s good to understand the thought process, but no point just replicating the dead ends he got.
-
For privesc, he relies on his Windows machine to compile an easily available “bypass AV” reverse shell code. You can actually compile this code on Giddy itself as it has the required .Net framework installed (maybe not the same version as shown in the vid, I think). So you don’t need to exit your Kali. Also for this type of shell, this article helps understand the concepts: Undetectable C# & C++ Reverse Shells | by Bank Security | Medium
-
Both user and root owns use common techniques useful for other boxes. For beginners, his video has a lot of valuable lessons like
- easy to follow SQL injection using Burp
- Exec methods via MSSQL
- obtaining and then cracking NTLMv2 hash
- Serving a file to remote machine via SimpleHTTP and also SMBServer
- Options to detect execution authority, and options to bypass AV detection
- PS methods to search configured services in Windows box and start/stop services
- Setup simple listener