AX Jeeves

I am able to see an interesting file .k but I don’t know how to move the file to Kali box for investigation (cracking). Please, can someone help me with this?

https://www.hak5.org/episodes/haktip-83

I do not want to sound pretty stupid however, I am having a really hard time with this and when I do dirbuster and try different extensions I got an obnoxious number of results am I missing something or do I need to just wait it out I do not want to have a spoiler. It should not be this hard.

It’s in one of the wordlist under dirbuster wordlist directory if you are using kali and if you are using the right wordlist, you should see it very soon!

@Saoirse said:
https://www.hak5.org/episodes/haktip-83

:+1:

I’ve got root…but where the ■■■■ is flag? I am still waiting on my “■■■” moment…

I’m a bit stuck on this box. I found the place to run commands in AskJeeves and uploaded my nc file but whenever I try running it from the console, I’m told that it doesn’t exist. I can clearly see my nc file when list the directory contents.

Am I missing something here? Thanks

Whoops, nvm. Looks like the nc file i was using was incompatible with the version of Windows on the machine. So frustrating to spend several hours on that haha

So I am stuck in privesc. I found a file .k*** that I cracked and gave me a password. I thought it would be the Administrator’s password but seems it is not. Any hints?
I think it is supposed to be the admin pass but maybe I am not using it properly. I would like to DM someone on how to log as Admin with the pass, maybe that is what I am doing wrong.

I got a normal shell on this thing but struggling to get a reverse meterpreter shell back.

Nm got it. PTH and more < for the win

I found the .k file and cracked it. Not sure how to use these values to get root. Sorry if i sound like a noob. Any help appreciated.

@hacker194 said:
I am able to see an interesting file .k but I don’t know how to move the file to Kali box for investigation (cracking). Please, can someone help me with this?

The hak5 link method didnt work for some reason for me. I used this

https://nakkaya.com/2009/04/15/using-netcat-for-file-transfers/

Finally sussed this box. A challenging though great learning experience, though think I’ve gone around the houses to get there. From reading other comments, some of the techniques weren’t possible. Does the box evolve and get hardened over it’s lifetime to prevent certain attack methods?

I have system but can’t find the flag. I feel like I have looked deeper and have still turned up nothing. A point in the right direction would greatly be appreciated.

@FloptimusCrime said:
I found the .k file and cracked it. Not sure how to use these values to get root. Sorry if i sound like a noob. Any help appreciated.

Same here! Managed to get user access fairly easily and also found / cracked the .k file but how is this used? Driving me crazy!! Any hints most welcome, going mad here! :frowning:

@OS34607 said:

@FloptimusCrime said:
I found the .k file and cracked it. Not sure how to use these values to get root. Sorry if i sound like a noob. Any help appreciated.

Same here! Managed to get user access fairly easily and also found / cracked the .k file but how is this used? Driving me crazy!! Any hints most welcome, going mad here! :frowning:

DM me.

Can you give me any hint for jeeves? Because I ran dirb, gobuster with some wordlists, but I found nothing…

I found the admin credentials to login as admin. But I don’t know how to find root.txt file :frowning:

You may have to look for an ‘alternate’ way of looking at the directory…