AX Jeeves

@zelsonm1 said:
the video posted by @peek makes totally sense right now. nice hint

Yeah it’s a clever hint. This machine is very nice, amazing learning experience…

Hmm, I’m still missing something about the file… got root on the box, but can’t find the root.txt… any further hints?

Hey, can someone give me a nudge in the right direction? I’ve found both portals and tried 2 different wordlists on them yet can’t figure out the entry point. Any type of hint would be appreciated. Thanks!

@mbenzan said:
Hey, can someone give me a nudge in the right direction? I’ve found both portals and tried 2 different wordlists on them yet can’t figure out the entry point. Any type of hint would be appreciated. Thanks!

Look for command execution in what you have found

I know root.txt is elsewhere and to look deeper… I exposed all files and can even see desktop.ini, but Desktop does not have root.txt. What else can I have missed?

desktop should have something, the something is there for a reason

Are you referring to the txt file that says root is “elsewhere and look deeper”?

@ShadyAck said:
Are you referring to the txt file that says root is “elsewhere and look deeper”?

You where trolled :B It should be a txt, not called root, but is necessary to get the root. Just play with the dir command, all options if necessary.

o-m-g… it is literally one of my top 20 stupid geek tricks

Hi guys,
I started this machine with whatever I have done in shocker, found 000’s, run a command in and got the user.txt. However I am unable to get a basic shell using metasploit reverse etc. Possibly AV is prohibiting the payload. Anyone can give me a simple hand at this point? I believe If I can get a basic shell, then I can work on my way to priv esc.

Some people used a tool to get around that, but I utilized Powershell in my reverse shelling, someone on the internet did a pretty good demonstration.

The problem I am having now is the priv esc. I’ve been at it for a few days now and I think I’m looking for a particular hash for passing, however I don’t seem to have the enumeration prowess. I am currently searching all files for a “:” in it. I have searched for all .txt files as well and found two interesting files with what appears to be hashes, but when trying them in any combination or by themselves, it seems to fail.

Can someone send me a PM and point me in the right direction and tell me if I am just going down the wrong rabbit hole.

Hello! I have a low privileged shell (netcat) but I don’t know how to escalate privileges. Could anyone give me a little hint, please? I found a file (artifact from well-known utility) with hashed password and I cracked the password. I tried the password for Administrator and user with PsExec, but no success. Any hints? Am I on the right way? Is it possible to escalate privileges without using meterpreter?

@b1narygl1tch - If you didn’t get it already, it is entirely possible without meterpreter.

hello,
Can someone please confirm the script console is working on this machine ?
I can not seems to be running anything from my kali firefix esr browser . thanks

Can someone dm me with a hint to Jeeves? I have a steady meterpreter shell and got USER. I’m on a dead end on Priv Esc. Any hint would be appreciated.

enumerate…there is an interesting file

@puerkito66 said:

@ShadyAck said:
Are you referring to the txt file that says root is “elsewhere and look deeper”?

You where trolled :B It should be a txt, not called root, but is necessary to get the root. Just play with the dir command, all options if necessary.

I found this file, too (hm.txt: The flag is elsewhere. Look deeper.)… I tried resetting the machine and it is still there. I already tried dir with all possible options. All that I could list was this hm.txt, a .lnk file and desktop.ini… No idea on what to do next…

nvm, got it

@Agent22 said:

@h0m3r said:
Any hints on Jetty 9.4.z-SNAPSHOT? Directory traversal?

run dirbuster ? or askjeeves

dirbuster with db directory-list-1.0.txt will gives you the same answer in long way :wink: