AX Jeeves

135

Comments

  • @puerkito66 said:

    @ShadyAck said:
    Are you referring to the txt file that says root is "elsewhere and look deeper"?

    You where trolled :B It should be a txt, not called root, but is necessary to get the root. Just play with the dir command, all options if necessary.

    I found this file, too (hm.txt: The flag is elsewhere. Look deeper.)... I tried resetting the machine and it is still there. I already tried dir with all possible options. All that I could list was this hm.txt, a .lnk file and desktop.ini... No idea on what to do next...

    bianca

  • nvm, got it

    bianca

  • @Agent22 said:

    @h0m3r said:
    Any hints on Jetty 9.4.z-SNAPSHOT? Directory traversal?

    run dirbuster ? or askjeeves

    dirbuster with db directory-list-1.0.txt will gives you the same answer in long way ;)

  • Hey guys, about priv esc on this machine. I'm running john to the "k" file after converting it. It seems it's going to take a while, any hint on if I'm in the right track or if I'm wasting my time cracking this is greatly appreciated.

    Hack The Box

  • @DarkNight7 said:
    Hey guys, about priv esc on this machine. I'm running john to the "k" file after converting it. It seems it's going to take a while, any hint on if I'm in the right track or if I'm wasting my time cracking this is greatly appreciated.

    If I understood which file you're talking about you're probably using the wrong wordlist. With the right one you'll get it in less than 5 minutes. Try other default wordlists from kali.

    bianca

  • @bianca said:

    @DarkNight7 said:
    Hey guys, about priv esc on this machine. I'm running john to the "k" file after converting it. It seems it's going to take a while, any hint on if I'm in the right track or if I'm wasting my time cracking this is greatly appreciated.

    If I understood which file you're talking about you're probably using the wrong wordlist. With the right one you'll get it in less than 5 minutes. Try other default wordlists from kali.

    Thanks! I did that and worked :). I got system now, but I'm banging my head on where to find the flag... And it's funny because throughout the forum everyone is like "Can't seem to find the file... (next-post) never mind... " So, I'm fighting to get to my "never mind". Haha.

    Hack The Box

  • I am able to see an interesting file .k but I don't know how to move the file to Kali box for investigation (cracking). Please, can someone help me with this?

  • I do not want to sound pretty stupid however, I am having a really hard time with this and when I do dirbuster and try different extensions I got an obnoxious number of results am I missing something or do I need to just wait it out I do not want to have a spoiler. It should not be this hard.

  • It’s in one of the wordlist under dirbuster wordlist directory if you are using kali and if you are using the right wordlist, you should see it very soon!
  • I've got root...but where the hell is flag? I am still waiting on my "omg" moment...

  • I'm a bit stuck on this box. I found the place to run commands in AskJeeves and uploaded my nc file but whenever I try running it from the console, I'm told that it doesn't exist. I can clearly see my nc file when list the directory contents.

    Am I missing something here? Thanks

    NINGEN

  • Whoops, nvm. Looks like the nc file i was using was incompatible with the version of Windows on the machine. So frustrating to spend several hours on that haha

    NINGEN

  • edited March 2018

    So I am stuck in privesc. I found a file .k*** that I cracked and gave me a password. I thought it would be the Administrator's password but seems it is not. Any hints?
    I think it is supposed to be the admin pass but maybe I am not using it properly. I would like to DM someone on how to log as Admin with the pass, maybe that is what I am doing wrong.

  • I got a normal shell on this thing but struggling to get a reverse meterpreter shell back.

  • Nm got it. PTH and more < for the win

  • I found the .k file and cracked it. Not sure how to use these values to get root. Sorry if i sound like a noob. Any help appreciated.

    FloptimusCrime

  • @hacker194 said:
    I am able to see an interesting file .k but I don't know how to move the file to Kali box for investigation (cracking). Please, can someone help me with this?

    The hak5 link method didnt work for some reason for me. I used this

    https://nakkaya.com/2009/04/15/using-netcat-for-file-transfers/

    FloptimusCrime

  • Finally sussed this box. A challenging though great learning experience, though think I've gone around the houses to get there. From reading other comments, some of the techniques weren't possible. Does the box evolve and get hardened over it's lifetime to prevent certain attack methods?

  • I have system but can't find the flag. I feel like I have looked deeper and have still turned up nothing. A point in the right direction would greatly be appreciated.

  • @FloptimusCrime said:
    I found the .k file and cracked it. Not sure how to use these values to get root. Sorry if i sound like a noob. Any help appreciated.

    Same here! Managed to get user access fairly easily and also found / cracked the .k file but how is this used? Driving me crazy!! Any hints most welcome, going mad here! :-(

  • @OS34607 said:

    @FloptimusCrime said:
    I found the .k file and cracked it. Not sure how to use these values to get root. Sorry if i sound like a noob. Any help appreciated.

    Same here! Managed to get user access fairly easily and also found / cracked the .k file but how is this used? Driving me crazy!! Any hints most welcome, going mad here! :-(

    DM me.

    FloptimusCrime

  • Can you give me any hint for jeeves? Because I ran dirb, gobuster with some wordlists, but I found nothing..

  • I found the admin credentials to login as admin. But I don't know how to find root.txt file :(

    tiasantos

  • You may have to look for an 'alternate' way of looking at the directory..

  • can someone dm me for getting a foothold on jeeves? I swear I am going crazy

  • @R0b1n said:
    can someone dm me for getting a foothold on jeeves? I swear I am going crazy

    Teel us what you have so far?

  • Any hint for reverse shell? without admin credentials?

Sign In to comment.