Jerry

Hi everyone, I'm giving this box a go. Is this box a bit unstable because I'm having trouble keeping myself logged in.

Vex20k

«13456710

Comments

  • The box is unstable, before exploiting do a reset.

    Hack The Box

  • @Frey said:
    The box is unstable, before exploiting do a reset.

    Ah alright, I'll try it again when it's a bit less busy. The box is being reset every minute.

    Vex20k

  • Is there only one service in this?? I'm having a hard time finding something to exploit....

  • After watching 90 people own this box in less than an hour and getting nowhere myself feeling pretty noobish.
  • That was very funny. @n00bn00b kept asking admin about machine booting up, and someone got first blood while he was asking LoL

  • I'm new to HTB and wanted to give this machine a go as it seems easy, but I'm stuck. Does anyone have any resources that I can go through that might help me with this box, or HTB in general?

  • @mobiusKey said:
    I'm new to HTB and wanted to give this machine a go as it seems easy, but I'm stuck. Does anyone have any resources that I can go through that might help me with this box, or HTB in general?

    The best resource is always the manual

    drtychai

  • I haven't exploited yet, but consider this: The name of the Server is Jerry. What service is running on the only (AFAIK) port? Think of the cartoon with similar character names. I have observed that using Hydra won't help you get a password. It's like a game of....

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • @C3PJoe said:
    I haven't exploited yet, but consider this: The name of the Server is Jerry. What service is running on the only (AFAIK) port? Think of the cartoon with similar character names. I have observed that using Hydra won't help you get a password. It's like a game of....

    Spike for sure

  • @dmknght said:

    @C3PJoe said:
    I haven't exploited yet, but consider this: The name of the Server is Jerry. What service is running on the only (AFAIK) port? Think of the cartoon with similar character names. I have observed that using Hydra won't help you get a password. It's like a game of....

    Spike for sure

    I always liked watching him take a bite out of crime!

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • I hate these machines with just jerrys friend and no way to string together some exploits to get the login information. Throw me an lfi somewhere at least
  • didnt like this box much :( was annoyed at how long it took me to find what i needed ugh

    H4ck3d5p4c3

  • edited July 2018

    Spoiler Removed - Arrexel

    Shadow2Xx

  • edited July 2018

    @H4ck3d5p4c3 said:
    didnt like this box much :( was annoyed at how long it took me to find what i needed ugh

    you still could have learned a lot though from searching for other stuff! :)
    cause someone had messed the machine up. before resetting it and getting access i read quite some stuff i did not know

  • @Shadow2Xx said:
    Could once log in into the manager app, but from there I couldn't get any further. Now I can't log in anymore:/

    Reset the machine.

    felli0t

  • Anyone I can PM about this box? I want to make sure I am on the right track.

    Sh311c0d324

  • edited July 2018

    @Shadow2Xx said:
    Could once log in into the manager app, but from there I couldn't get any further. Now I can't log in anymore:/

    As already mentioned by felli0t there are l*w life people that enjoy changing passwords. This is the second box in the row, really lame.

  • @packetrider said:
    After watching 90 people own this box in less than an hour and getting nowhere myself feeling pretty noobish.

    For everyone that is struggling with this Box, keep in mind the entry point and the name of the box, even if you don't know the platform this was made off talking about the panel you will probably find. The panels has somehow the same name as a cartoon now you can guess what characters played over it and test that theory out. The box is easy take your time, enumerate the services locate the exploits try details into the forms and do it manually or exploit it via msf. This box should take atleast 5 mins for exploitation regarding the people who are more familiar with the specific platform that was used into the box for the members to exploit. Have fun, and keep hacking all of you!

    Hack The Box

  • I've seen a few people mention here and in the shoutbox how the password on Jerry keeps getting changed, so before I spend any time on it can anyone tell me if the password can be found somewhere or if we are meant to make an educated guess as to what it is? If we're meant to guess it, but it keeps getting changed then it seems there is no point starting this box.

  • edited July 2018

    Spoiler Removed - Arrexel

  • the user and password combination is visible to you at some point, and a search for default credentials brings it up as well.

  • !!!!!!!!!!! damnit! that was it.. I had it from the beginning but someone / everyone changed the password.

  • I know the creds, I reset the machine but still unable to log in the manager panel, are they changing passwords? wtf

  • Lord, finally managed to log in. I must have tried these credentials about 10 times already among a plethora of other ideas but of course people think it's fun to mess with the box.

  • is someone deleting the uploaded war files? I don't understand if is some douchebag doing so or tomcat. Got the shell but connection dies after 10 secs because of the deleted file.

  • Yeah, I couldn't get into this box last night to save my life. This morning about a minute after someone reset the box I was able to try and get manager access just using list of default credentials. So if anyone was banging their head against the wall on this one, reset it and give it another try.

    Oh, and for anyone who doesn't spend a lot of time on windows, "type" is the windows equivalent of "cat" when you finally find the flag text file.

  • easy and simple box nothing complicated, basic enum will let you own it in a matter of minutes, i like those kind of boxes they represent simple misconfigurations on real production enviroments.
    +1 to the creator
  • edited July 2018

    +1

    dflo16

  • @Cryovenom said:
    Yeah, I couldn't get into this box last night to save my life. This morning about a minute after someone reset the box I was able to try and get manager access just using list of default credentials. So if anyone was banging their head against the wall on this one, reset it and give it another try.

    Oh, and for anyone who doesn't spend a lot of time on windows, "type" is the windows equivalent of "cat" when you finally find the flag text file.

    you should not give that much out.. i mean this machine is easy, so this stuff is the minimum to research if you are new.. just my perspective though. :)

  • @w31rd0 said:
    you should not give that much out.. i mean this machine is easy, so this stuff is the minimum to research if you are new.. just my perspective though. :)

    Yeah the box is easy, it's hard not to give too much away while helping people not go crazy from the fact that some jackass keeps changing the password. (and type == cat isn't a spoiler, just saving them a 30 sec google search).

    I was getting frustrated on this box, and it helps knowing if you were on the right track. Else you might never go back and re-do your initial stages and figure it out.

Sign In to comment.