Pentest Everything

Hack The Box | Granny

In this walkthrough, we will be going through the Granny box on Hack The Box.

Granny icon

Granny

OS

Windows

RELEASE DATE

12 Apr 2017

DIFFICULTY

Easy

MACHINE STATE

Retired

https://app.hackthebox.com/machines/14

Successfully Pwned Granny

Completed and pwned this challenge on Hack The Box.

Hack The Box logo

Hack The Box

Granny pwned screenshot

Machine Overview

The Ganny machine is exactly the same as the Grandpa machine, but with a different name.

Enumeration

Nmap Scan

bash
nmap -sCV -p 80 -oN granny.nmap 10.10.10.15
# nmap version: 7.93

Scan Results:

bash
PORT   STATE SERVICE VERSION
80/tcp open  http    Microsoft IIS httpd 6.0
| http-webdav-scan:
|   Server Date: Wed, 15 Oct 2025 17:48:02 GMT
|   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
|   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
|   WebDAV type: Unknown
|_  Server Type: Microsoft-IIS/6.0
| http-methods:
|_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
|_http-server-header: Microsoft-IIS/6.0
|_http-title: Under Construction

Since the machine is exactly the same as the Grandpa machine, we can use the same enumeration steps. To have the walkthrough, see the Grandpa machine page.

User & Root Flags

  • User: C:\Documents and Settings\Lakis\Desktop\user.txt
  • Root: C:\Documents and Settings\Administrator\Desktop\root.txt