Jeeves Priv Esc

I was able to crack the interesting file, however what I found I was not able to priv escalate need help please.

whats in the interesting file gets you to admin, just gotta double check EVERYTHING in there

I’ve had SYSTEM access for a while, but this flag eludes me ;(

after cracking the interesting file you may want to look again for a different way to get in.

Having trouble figuring out which file I need to use to access Admin. The file I’m looking at right now is an MD5 but i get non-ascii characters when I use john and a default wordlist.

@NINGEN said:
Having trouble figuring out which file I need to use to access Admin. The file I’m looking at right now is an MD5 but i get non-ascii characters when I use john and a default wordlist.

There IS a file that’s one of the ways to own system, but it is not related to Jenkins. Enumerate the filesystem.

@fingeron said:

@NINGEN said:
Having trouble figuring out which file I need to use to access Admin. The file I’m looking at right now is an MD5 but i get non-ascii characters when I use john and a default wordlist.

There IS a file that’s one of the ways to own system, but it is not related to Jenkins. Enumerate the filesystem.

Spoiler Removed - Arrexel

Got it! A quick reset on the box and I found my problem.

I have the hash and got the password too but cant get system/admin rights. Any hint for that? I’ve tried a lot of exploits but they didnt work.

@davad said:
I have the hash from .k and got the password too but cant get system/admin rights. Any hint for that? I’ve tried a lot of exploits but they didnt work.

You might use the wrong hash AND wrong technique. Enumerate more. Look which entry looks bogus, or different to others.

@davad said:
I have the hash from .k and got the password too but cant get system/admin rights. Any hint for that? I’ve tried a lot of exploits but they didnt work.

that file is all what u need to escalate, search how to open that kind of files

@S4ck said:

@davad said:
I have the hash from .k and got the password too but cant get system/admin rights. Any hint for that? I’ve tried a lot of exploits but they didnt work.

that file is all what u need to escalate, search how to open that kind of files

I could open it and extract the hash.

Then you have enough hints here on what to do next :slight_smile:

Got it! :slight_smile:

I found the juicy stuff from the file and nothing have worked for me so far. I tried some runas and some winexe but no luck… Any hint? I hope I didn’t give any spoliers.

same here… runas, reverse powershell, but I’m still the stupid kohsuke…

Some where on this topic gives you the answer… you just need to download it and use it

ok I was in the end able to get a reverse shell as administrator - after a lot of pain -, but with metasploit. I would like to be able to do it without metasploit because I’m planning to start the OSCP soon. Anyone who didn’t use metasploit to get an admin reverse shell who wants to PM me? Thanks …

you can pm me @halfluke

I have rev shell low priv, but no user.txt?