Granny [Retired Box] Hint Request

Hello fellow hackTheBox members,

I apologize if my etiquette is not correct. This is my first time posting on the forum.

I have been working on the Granny box for around 2 days now. I have gotten a shell with the user nt authority/network service. I have attempted many privilege escalation exploits (I can name them if you PM me, I don’t want to give out too much info on the forum), but I haven’t had any luck getting system. I would appreciate greatly any hints that people can offer me on how they got system. (or if you can tell me how, since the box is retired).

Thank you kind members,

i think it’s the same as grandpa

@peek true. The difference is only on the initial entry.

There are many exploits that allow you to escalate from network service to system authority. My two favorites have to do with tokens and are named after a barbecued steak and an uncooked sauce used for grilled meat. :slight_smile:

Hello everyone, thank you so much for replying. @peek I’ll keep that in mind. Have not done grandpa yet. @alamot So I had previously uploaded executables of those two exploits and ran them from a meterpreter shell. However, I get no output to console from them. May I ask how you normally deploy these? They also seem to not terminate. Additionally, preconfigured metasploit modules tend to get an stdapi getuid error whenever I attempt to run them for this box. Thank you once again guys, I am new and I really appreciate this community.

I will try deploying from a different reverse shell and using metasploit as the listener to see if that works.

Now I’m completely stuck. I feel like I know exactly what the path is to system, but the way I am going about it. I am hitting a lot of bugs along the way. May I PM someone about how they carried out the exploits? Thank you once again @alamot

Update: I got it! haha, I just had to migrate my shell into another process, for some reason that eliminated the issues. Thanks to all that helped!


Hi, I have done this box by using ms, but I want to get root shell without it. However I have met a problem? Anyone has done it without ms, please PM me!