Troubles with Grandpa

Hi Forum I am really stuck on Grandpa. I have been trying to root it both with and without Metasploit with no luck. It would be great if someone could help me out here. These are my sticking points:

Without Metasploit:

  1. Gained a shell on the server without Metasploit using an IIS6 reverse shell (exploding can).
  2. Attempted to copy in churrasco.exe for a privesc via SMB but getting access denied. Same happens after renaming churrasco.exe to churrasco.txt and attempting to copy it.
  3. Tried the same with FTP but FTP won’t connect. I know my FTP server is working OK.


  • In this situation how is one supposed to get files into the server? There is no curl or wget.

With Metasploit:

  1. Gained a shell with exploding can module and migrated to the davcdata process.
  2. Local exploit suggesteter just doesn’t work. Every time I run it it kills my session completely. Managed to get around this with winPEAS however.
  3. Managed to upload churrasco.exe via metasploit and put it into a folder that I can write to however running it gives me “program too big to fit in memory”


  • How is one supposed to get around program too big to fit in memory?
  • What can you do to stop the exploit checker from failing with “Meterpreter session closed. Reason: died”
  • winPEAS confirmed that ppr_flatten_rec exploit can be used to privesc. Someones writeup confirmed also that it can be used however when I run it Iget “Meterpreter session closed. Reason: Died.”

Any tips greatly appreaciated…

OK so I figured out the problem with Churrasco.exe I was using a dud exploit. Finally managed to find the right one and rooted it.

Still interested to know why Meterpreter has let me down in this instance. Its been OK on other boxes.