Jeeves root.txt

ok ok - been at it for a while now - been down a heap of rabbit holes - leant heaps - way too much about somethings - but i guess that is part of the fun…but…cant get priv on jeeves - i think i have everything i need - got reverse shell, meterpreter, tried all the exploits but no love to priv esc 8-(…got user.txt, found the uncrackable file - but cracked it - which was great fun !!! - found the contents and from the thread it says it obvious what to do when you look at the content - one will stand out ? i have tried all the psexec pth etc etc - just cant see how to use the contents to priv esc - i know there are a few more hurdles once i get admin to find root.txt so can someone PM me so i can move to the next challenge and learn like we all want to do ? i am sure it is something that i am obvious ? @hackthebox6969

useful script: GitHub - byt3bl33d3r/pth-toolkit: Modified version of the passing-the-hash tool collection made to work straight out of the box

For learning: http://www.harmj0y.net/blog/penetesting/pass-the-hash-is-dead-long-live-pass-the-hash/

re-check your steps…or perhaps check your assumptions.

@ Saoirse - your a champion - thanks helps - got the final flag…this was a great challenge and worth the time for those still pulling your hair out…learnt heaps…everything is in the forum - in riddles and you need to read things several times but worth it…i need to get the Aussies up in the country ratings… so now onto root Bashed

Could I pm someone, got shell, meter, file… need a nodge at crackin’ the file… thanks

@obwanken00by said:
Could I pm someone, got shell, meter, file… need a nodge at crackin’ the file… thanks

Whaa all fine:
Session…: hashcat
Status…: Cracked

Jee would still need a slight poke on this, got everything, figured out the needed info from the loot, confirmed it works but can’t find a proper way of using it… thanks for any PM…

@obwanken00by said:

@obwanken00by said:
Could I pm someone, got shell, meter, file… need a nodge at crackin’ the file… thanks

Whaa all fine:
Session…: hashcat
Status…: Cracked

im still cracking… and cracking… can someone pm me ? dont know what im missing except a slow computer

If it takes you more than a few minutes to crack, you’re either trying to crack the wrong hash or using the wrong wordlist

right - got it know; thx. Lets say i tried it the wrong way

Someone can give me a hint about how I get access to the machine? I’ve found port 50000 but I don’t know how to access. Help a noob, please haha…

You can use your browser

@Skullsec said:
Someone can give me a hint about how I get access to the machine? I’ve found ------- but I don’t know how to access. Help a noob, please haha…

Dont forget you can do simple things to see what ports do. Like netcat to it and send it a hello. See what it says. Sometimes they respond and tell you what they are.

@Skunkfoot said:
You can use your browser

I used and tried some things, but no success. I don’t know how to do…

@Nalaurien said:

@Skullsec said:
Someone can give me a hint about how I get access to the machine? I’ve found ------- but I don’t know how to access. Help a noob, please haha…

Dont forget you can do simple things to see what ports do. Like netcat to it and send it a hello. See what it says. Sometimes they respond and tell you what they are.

Yeah, I used nc to enumerate the service in the port, but I still missing something 'cause I don’t have success…

@Skullsec said:

@Nalaurien said:

@Skullsec said:
Someone can give me a hint about how I get access to the machine? I’ve found ------- but I don’t know how to access. Help a noob, please haha…

Dont forget you can do simple things to see what ports do. Like netcat to it and send it a hello. See what it says. Sometimes they respond and tell you what they are.

Yeah, I used nc to enumerate the service in the port, but I still missing something 'cause I don’t have success…

As always, then enumerate more. Write notes, link up together what you find (KeepNote is a great program for that purpose).
Enumration is firstly do a nmap. Then write down the open ports and which programs are running there, if possible, which Version they have.
Look to which ports you have access without restriction.
Dirbust web Services (the dirbuster lists are good to start, also SecList has some good lists).
Write down what you find. Enumerate.

Jeeves was really a nice trip, IMHO. Don’t ruin the trip for yourself and spoil you.

@wirehack7 said:

@Skullsec said:

@Nalaurien said:

@Skullsec said:
Someone can give me a hint about how I get access to the machine? I’ve found ------- but I don’t know how to access. Help a noob, please haha…

Dont forget you can do simple things to see what ports do. Like netcat to it and send it a hello. See what it says. Sometimes they respond and tell you what they are.

Yeah, I used nc to enumerate the service in the port, but I still missing something 'cause I don’t have success…

As always, then enumerate more. Write notes, link up together what you find (KeepNote is a great program for that purpose).
Enumration is firstly do a nmap. Then write down the open ports and which programs are running there, if possible, which Version they have.
Look to which ports you have access without restriction.
Dirbust web Services (the dirbuster lists are good to start, also SecList has some good lists).
Write down what you find. Enumerate.

Jeeves was really a nice trip, IMHO. Don’t ruin the trip for yourself and spoil you.

Can I pm you? I don’t want a spoiler, just learn how to explore this machine. I feel some difficult to gain access.

Spoiler Removed - Arrexel

@bianca said:

@b1narygl1tch said:
Could someone give me a hint what to do with hash/password from CEH.kdbx? I tried the password on smb and Administrator, but I had no success.
I can’t escalate privileges. Enumerated services, folders, files etc. No idea

Is this file useful for priv esc? I found it and cracked it, but I don’t know what to do with it. I’m stuck in priv esc and don’t know where else to go. I already have a meterpreter session running, but can’t get system or dump hashes. Any help would be welcome.

Pass by any data that might be useless and isolate the outliers and identify them. The clarification of where it comes from and its use cases might be worth noting. Hash values can be identified based on certain attributes.

■■■, this is embarrassing… It was so obvious! I finally found out what to do with that file. Now I’m logged as system and looking for the flag file.