AX Jeeves

@b1narygl1tch - If you didn’t get it already, it is entirely possible without meterpreter.

hello,
Can someone please confirm the script console is working on this machine ?
I can not seems to be running anything from my kali firefix esr browser . thanks

Can someone dm me with a hint to Jeeves? I have a steady meterpreter shell and got USER. I’m on a dead end on Priv Esc. Any hint would be appreciated.

enumerate…there is an interesting file

@puerkito66 said:

@ShadyAck said:
Are you referring to the txt file that says root is “elsewhere and look deeper”?

You where trolled :B It should be a txt, not called root, but is necessary to get the root. Just play with the dir command, all options if necessary.

I found this file, too (hm.txt: The flag is elsewhere. Look deeper.)… I tried resetting the machine and it is still there. I already tried dir with all possible options. All that I could list was this hm.txt, a .lnk file and desktop.ini… No idea on what to do next…

nvm, got it

@Agent22 said:

@h0m3r said:
Any hints on Jetty 9.4.z-SNAPSHOT? Directory traversal?

run dirbuster ? or askjeeves

dirbuster with db directory-list-1.0.txt will gives you the same answer in long way :wink:

Hey guys, about priv esc on this machine. I’m running john to the “k” file after converting it. It seems it’s going to take a while, any hint on if I’m in the right track or if I’m wasting my time cracking this is greatly appreciated.

@DarkNight7 said:
Hey guys, about priv esc on this machine. I’m running john to the “k” file after converting it. It seems it’s going to take a while, any hint on if I’m in the right track or if I’m wasting my time cracking this is greatly appreciated.

If I understood which file you’re talking about you’re probably using the wrong wordlist. With the right one you’ll get it in less than 5 minutes. Try other default wordlists from kali.

@bianca said:

@DarkNight7 said:
Hey guys, about priv esc on this machine. I’m running john to the “k” file after converting it. It seems it’s going to take a while, any hint on if I’m in the right track or if I’m wasting my time cracking this is greatly appreciated.

If I understood which file you’re talking about you’re probably using the wrong wordlist. With the right one you’ll get it in less than 5 minutes. Try other default wordlists from kali.

Thanks! I did that and worked :). I got system now, but I’m banging my head on where to find the flag… And it’s funny because throughout the forum everyone is like "Can’t seem to find the file… (next-post) never mind… " So, I’m fighting to get to my “never mind”. Haha.

I am able to see an interesting file .k but I don’t know how to move the file to Kali box for investigation (cracking). Please, can someone help me with this?

https://www.hak5.org/episodes/haktip-83

I do not want to sound pretty stupid however, I am having a really hard time with this and when I do dirbuster and try different extensions I got an obnoxious number of results am I missing something or do I need to just wait it out I do not want to have a spoiler. It should not be this hard.

It’s in one of the wordlist under dirbuster wordlist directory if you are using kali and if you are using the right wordlist, you should see it very soon!

@Saoirse said:
https://www.hak5.org/episodes/haktip-83

:+1:

I’ve got root…but where the ■■■■ is flag? I am still waiting on my “■■■” moment…

I’m a bit stuck on this box. I found the place to run commands in AskJeeves and uploaded my nc file but whenever I try running it from the console, I’m told that it doesn’t exist. I can clearly see my nc file when list the directory contents.

Am I missing something here? Thanks

Whoops, nvm. Looks like the nc file i was using was incompatible with the version of Windows on the machine. So frustrating to spend several hours on that haha

So I am stuck in privesc. I found a file .k*** that I cracked and gave me a password. I thought it would be the Administrator’s password but seems it is not. Any hints?
I think it is supposed to be the admin pass but maybe I am not using it properly. I would like to DM someone on how to log as Admin with the pass, maybe that is what I am doing wrong.

I got a normal shell on this thing but struggling to get a reverse meterpreter shell back.