Jeeves Priv Esc

Getting user.txt was pretty easy. This priv esc has me at a brick wall, though. I think it’s simple, I’m just blind.

Same here. I’ve had a reverse shell for a while and can’t seem to figure out any way to escalate.

some data are hidden, it’s a CTF challenge on a Windows machine.

Getting the user.txt wasn’t that frustrating (once you figure out the dirb/gobuster/etc step). I found an interesting file that I was able to take back to my machine for further analysis and I was able to crack it… now I just can’t figure out where/how to use that nugget of goodness. Any tips or pointers? If you DM me I will explain my steps, I didn’t want to explain every step I’ve taken already here.

same hole for me, was able to crack the important thing, now stuck at what the ■■■■ to do with it, thinking i should start from scratch with some fresh dirbs and see if there was something web i missed

@lunchboxrcl said:
Getting the user.txt wasn’t that frustrating (once you figure out the dirb/gobuster/etc step). I found an interesting file that I was able to take back to my machine for further analysis and I was able to crack it… now I just can’t figure out where/how to use that nugget of goodness. Any tips or pointers? If you DM me I will explain my steps, I didn’t want to explain every step I’ve taken already here.

if you have what is required, check with the type of content you have. look for how to use those content to proceed further. It was a good learning for me after weeks.

I did solve it but in a different way, didn’t crack anything :confused: maybe that was not the intended way D:

im at war… with a certain webserver, probably down a rabbit hole but seeing where it goes

cracked didn’t seem to help…meterpreter didn’t seem to help. I must be missing something.

@modevius said:
cracked didn’t seem to help…meterpreter didn’t seem to help. I must be missing something.
Meterpreter is the easy way to privesc

my payload did not stay there on system for priv… even i tried with veil … any tip

keep on with veil

Confirmed veil definitely works, but is not necessary to gain root.

fish and chips

pretty sure there are multiple ways to skin this cat. I went through a crazy process, then heard from another user how simple priv esc was for them. =/

Tried getsystem, local exploits, getprivs…enumerated services, processes…ugh

can i DM anybody for jeeves?

I could really use a nudge on the “Interesting file”, took me a couple days until I figured it out, but now I’m not sure how to continue with it. Any help will be appreciated :slight_smile:

ive got a shell in multiple different way, just struggling with the priv esc

you can PM me if needed…