Jeeves Priv Esc

Getting user.txt was pretty easy. This priv esc has me at a brick wall, though. I think it's simple, I'm just blind.

«13

Comments

  • Same here. I've had a reverse shell for a while and can't seem to figure out any way to escalate.

  • edited November 2017

    some data are hidden, it's a CTF challenge on a Windows machine.

    peek

  • Getting the user.txt wasn't that frustrating (once you figure out the dirb/gobuster/etc step). I found an interesting file that I was able to take back to my machine for further analysis and I was able to crack it... now I just can't figure out where/how to use that nugget of goodness. Any tips or pointers? If you DM me I will explain my steps, I didn't want to explain every step I've taken already here.

  • edited December 2017

    same hole for me, was able to crack the important thing, now stuck at what the hell to do with it, thinking i should start from scratch with some fresh dirbs and see if there was something web i missed

    fhlipZero

  • @lunchboxrcl said:
    Getting the user.txt wasn't that frustrating (once you figure out the dirb/gobuster/etc step). I found an interesting file that I was able to take back to my machine for further analysis and I was able to crack it... now I just can't figure out where/how to use that nugget of goodness. Any tips or pointers? If you DM me I will explain my steps, I didn't want to explain every step I've taken already here.

    if you have what is required, check with the type of content you have. look for how to use those content to proceed further. It was a good learning for me after weeks.

    Hack The Box

  • edited December 2017

    I did solve it but in a different way, didn't crack anything :/ maybe that was not the intended way D:

    Puerkito66

  • im at war... with a certain webserver, probably down a rabbit hole but seeing where it goes

    fhlipZero

  • cracked didn't seem to help...meterpreter didn't seem to help. I must be missing something.

  • edited December 2017

    @modevius said:
    cracked didn't seem to help...meterpreter didn't seem to help. I must be missing something.

    Meterpreter is the easy way to privesc

    Puerkito66

  • my payload did not stay there on system for priv.... even i tried with veil .. any tip

  • keep on with veil

    peek

  • Confirmed veil definitely works, but is not necessary to gain root.

    brox

  • fish and chips

    peek

  • pretty sure there are multiple ways to skin this cat. I went through a crazy process, then heard from another user how simple priv esc was for them. =/

  • Tried getsystem, local exploits, getprivs...enumerated services, processes...ugh

  • can i DM anybody for jeeves?

  • edited February 2018

    I could really use a nudge on the "Interesting file", took me a couple days until I figured it out, but now I'm not sure how to continue with it. Any help will be appreciated :)

  • ive got a shell in multiple different way, just struggling with the priv esc

  • you can PM me if needed..

  • If you need
    PM me

    Hack The Box

  • Got root but cant find the flag.
    I searched from meterpreter for flag root HTB{ token etc ... without result ... for hours
    I would appreciate any help in PM. Thancks

  • I was able to crack the interesting file, however what I found I was not able to priv escalate need help please.

  • whats in the interesting file gets you to admin, just gotta double check EVERYTHING in there

    fhlipZero

  • I've had SYSTEM access for a while, but this flag eludes me ;(

  • edited February 2018

    after cracking the interesting file you may want to look again for a different way to get in.

  • Having trouble figuring out which file I need to use to access Admin. The file I'm looking at right now is an MD5 but i get non-ascii characters when I use john and a default wordlist.

    NINGEN

  • @NINGEN said:
    Having trouble figuring out which file I need to use to access Admin. The file I'm looking at right now is an MD5 but i get non-ascii characters when I use john and a default wordlist.

    There IS a file that's one of the ways to own system, but it is not related to Jenkins. Enumerate the filesystem.

  • edited March 2018

    @fingeron said:

    @NINGEN said:
    Having trouble figuring out which file I need to use to access Admin. The file I'm looking at right now is an MD5 but i get non-ascii characters when I use john and a default wordlist.

    There IS a file that's one of the ways to own system, but it is not related to Jenkins. Enumerate the filesystem.

    Spoiler Removed - Arrexel

    NINGEN

  • edited February 2018

    Got it! A quick reset on the box and I found my problem.

    NINGEN

  • edited March 2018

    I have the hash and got the password too but cant get system/admin rights. Any hint for that? I've tried a lot of exploits but they didnt work.

Sign In to comment.