So I recently got a shell on grandpa but after looking through nearly every directory I couldn’t find the user.txt. Any help or hints would be much appreciated, thanks

I sent you a pm in the CLI
just type message berzerk0 to reply

the user.txt file will always be in the c:\somepath\$some_username_here\Desktop\. Someone might have deleted the flag, so I recommend resetting the box and trying again.

c: document and setting$username\Desktop

its asking admin priv i cant bybass ? help me

I got both proof user.txt when I got the system account.

It’s in the Desktop of the user present in Documents and Settings folder.

i can’t escalate privilege any help plz

Did this get retired just last night / today? I was working away on it and thought I was almost there - logged on today and it’s gone :frowning:

Was retired last week. Optimum was retired last night. The Grandpa machine is still available for free users until next Saturday.

Once a machine is retired, it remains available for 2 weeks. After that need VIP to access it.

Did anyone succeeded without metasploit?

@viking1989 said:
Did anyone succeeded without metasploit?


Hi guys, I am trying to upload a file to Grandpa in the very same way as i did to Granny, however, for some reason it does not work. Also, Grandpa fails all uploads from davtest. Am I missing something?

Check the write-ups/videos. Grandpa and Granny don’t have the same route to user. Can’t really give more of a hint without spoiling it, and if i spoil it you would be better off just reading or watching a video.

Crawling for the flags. Many thanks for the direction.

Hi, just subscribed to VIP to do some more Windows machines. I did Blue with and without Metasploit, then Grandpa with Metasploit. I can see that Grandma had a way to upload a webshell, but Grandpa seems more restrictive and I’m not sure how that can be done. Anyone willing to help me quickly in exploiting Grandpa without Metasploit (initial shell with Network Service privileges and possibly PrivEsc? @ippsec or @Agent22.
Let me know if you are willing to help me on this
Thanks in advance

Nevermind, I had some luck and a publicly available python script worked and I got a session in multi/handler