HackTheBox - Granny and Grandpa

IppSec · Intermediate ·📰 AI News & Updates ·8y ago

Skills: Network Security80%

Heads up. The pivot idea, was a pretty big fail. Should of prep'd more but was short on time. Enjoy watching me struggle, if you wanted to see the pivot stuff working I uploaded an updated video here: https://youtu.be/HQkDL-xh7es 1:50 - Nmap Results (Discovery of WebDav) 4:35 - DavTest 6:22 - HTTP PUT Upload Files 7:00 - MSFVenom Generate aspx payload 13:00 - User Shell Returned 16:23 - Get Admin Shell (ms14-070) 17:14 - Beginning of Pivot Fail. Socks Proxy 29:35 - Shell on Grandpa (CVE-2017-7269) 32:45 - Using portfwd to access ports not exposed to routable interfaces 34:45 - Cracking LM Hash Explanation 38:30 - Cracking LM Hashes via Hashcat 41:30 - Grandpa acts cranky. Revert. 42:30 - Expected behavior when exploiting via CVE-2017-7269. None of that auto system weirdness (45:20 gets admin) 45:50 - Using Hashcat to crack NTLM using LM Hashes 48:50 - Finally log into SMB using the portfwd from 32:45 49:07 - Random pivot attempt failure.

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 11 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: Network Security

View skill →

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

GNS3 Labs: DMVPN, IPsec and NAT across BGP Internet routers: Answers Part 7

Building a High-throughput VPN

Configuring Network Connectivity Center as a Transit Hub

VPC Flow Logs - Analyzing Network Traffic

HackTheBox - Intentions

HackTheBox - Intentions

Google Cloud Packet Mirroring with OpenSource IDS

Related AI Lessons

Companies Cut 100,000 Jobs. Then Spent $725 Billion on AI

Companies are cutting jobs while investing heavily in AI, with $725 billion spent on AI despite 100,000 job cuts

Big Tech firms are accelerating AI investments and integration, while regulators and companies focus on safety and responsible adoption.

Big Tech firms are investing heavily in AI, driving growth and transformation, while prioritizing safety and responsible adoption

How to Beat AI Interview Screening in the UK (2026)

Learn to ace AI-powered job interviews in the UK with these actionable tips

Dev.to · Hanzala Mehmood

Big Tech firms are accelerating AI investments and integration, while regulators and companies focus on safety and responsible adoption.

Big Tech firms are investing billions in AI, driving growth and transformation, while prioritizing safety and responsible adoption

Chapters (16)

1:50 Nmap Results (Discovery of WebDav)

4:35 DavTest

6:22 HTTP PUT Upload Files

7:00 MSFVenom Generate aspx payload

13:00 User Shell Returned

16:23 Get Admin Shell (ms14-070)

17:14 Beginning of Pivot Fail. Socks Proxy

29:35 Shell on Grandpa (CVE-2017-7269)

32:45 Using portfwd to access ports not exposed to routable interfaces

34:45 Cracking LM Hash Explanation

38:30 Cracking LM Hashes via Hashcat

41:30 Grandpa acts cranky. Revert.

42:30 Expected behavior when exploiting via CVE-2017-7269. None of that auto system

45:50 Using Hashcat to crack NTLM using LM Hashes

48:50 Finally log into SMB using the portfwd from 32:45

49:07 Random pivot attempt failure.

The Information | TITV | May 14, 2026

The Information