Hi Forum I am really stuck on Grandpa. I have been trying to root it both with and without Metasploit with no luck. It would be great if someone could help me out here. These are my sticking points:
Without Metasploit:
- Gained a shell on the server without Metasploit using an IIS6 reverse shell (exploding can).
- Attempted to copy in churrasco.exe for a privesc via SMB but getting access denied. Same happens after renaming churrasco.exe to churrasco.txt and attempting to copy it.
- Tried the same with FTP but FTP won’t connect. I know my FTP server is working OK.
Questions:
- In this situation how is one supposed to get files into the server? There is no curl or wget.
With Metasploit:
- Gained a shell with exploding can module and migrated to the davcdata process.
- Local exploit suggesteter just doesn’t work. Every time I run it it kills my session completely. Managed to get around this with winPEAS however.
- Managed to upload churrasco.exe via metasploit and put it into a folder that I can write to however running it gives me “program too big to fit in memory”
Questions:
- How is one supposed to get around program too big to fit in memory?
- What can you do to stop the exploit checker from failing with “Meterpreter session closed. Reason: died”
- winPEAS confirmed that ppr_flatten_rec exploit can be used to privesc. Someones writeup confirmed also that it can be used however when I run it Iget “Meterpreter session closed. Reason: Died.”
Any tips greatly appreaciated…
Thanks