Jeeves

@LHM said:
Stuck on Jeeves. Got user.txt, found .k*** file,cracked it , found password. Open .k*** file to get lot of passwords but none of them are working. Not sure where i missed. Can someone please help me.

Any tips regarding what passlist to use???

@alaem said:
Any tips regarding what passlist to use???

Nvm!

@alaem said:

@LHM said:
Stuck on Jeeves. Got user.txt, found .k*** file,cracked it , found password. Open .k*** file to get lot of passwords but none of them are working. Not sure where i missed. Can someone please help me.

Any tips regarding what passlist to use???

Stuck at exactly the same place! Waiting for my ‘never mind’ moment. Little push needed

rock

@dneyed said:

Stuck at exactly the same place! Waiting for my ‘never mind’ moment. Little push needed

It turns out my hash was corrupt, doublecheck that your copy of the file matches and try a different cracking tool

Got root, but stuck on finding root.txt. Any hints on going deeper? Is it somewhere under Administrator folder and I’m not seeing it?

Look harder, it is there. The Lord of Jeeves sees all — his gaze pierces cloud, shadow passwords, earth and systems.

@lokori said:
Look harder, it is there. The Lord of Jeeves sees all — his gaze pierces cloud, shadow passwords, earth and systems.

Amazing, it’s really there! Thank you sir!

Th> @Talos13 said:
Hi guys I am new to all this. I am trying to exploit Jeeves pc. I have found open ports but am struggling to find what to do next. Any help please or pointers

Thanks

Did you dirb the intresting port?

@LHM said:
Stuck on Jeeves. Got user.txt, found .k*** file,cracked it , found password. Open .k*** file to get lot of passwords but none of them are working. Not sure where i missed. Can someone please help me.

google -fu about ntfs file system… obeviously the file is hidden…

@v0idPtr said:
anyone can hint at the privesc for jeeves? I got shell but suck at privesc overall and most of all in windows…

do you like patato? it can help you in esc priv…

@Sevuhl said:
Look into this script: Pure Groovy/Java Reverse Shell · GitHub

There is a special place you can maybe put this, and use something like netcat to listen for it :slight_smile:

hugeeeeeeeeeeee hint…

@DaddyGuru04 said:
Any tips on getting the reverse tcp payload to execute?

smb…

Is there someone here who I can pm about transferring files from the Jeeves box to my own? I just haven’t been able to set this up, probably thinking about it in the wrong way.

@lokori said:
Look harder, it is there. The Lord of Jeeves sees all — his gaze pierces cloud, shadow passwords, earth and systems.

I am super struggling with this. I have a meterpreter shell with authority access and I have run searches for every .txt file, anything the size of a flag file and crawled through directories manually and I have no idea where it is.

add me to the “nvm got it” group :slight_smile:

I try to enumerate with dirb, nothing special comes back. i use dirbuster (medium wordlist), only 2 results.
should i use large wordlist? or am i doing anything wrong

@w31rd0 said:
I try to enumerate with dirb, nothing special comes back. i use dirbuster (medium wordlist), only 2 results.
should i use large wordlist? or am i doing anything wrong

A large list will be fine if you don’t mind waiting.

Do you know what you are looking for? I’d re-read the Jeeves threads and understand what you are fuzzing for.

@quadzer0 said:

@w31rd0 said:
I try to enumerate with dirb, nothing special comes back. i use dirbuster (medium wordlist), only 2 results.
should i use large wordlist? or am i doing anything wrong

A large list will be fine if you don’t mind waiting.

Do you know what you are looking for? I’d re-read the Jeeves threads and understand what you are fuzzing for.

To be honest I was on the initial enumeration, so i just scanned the http page (did not use a larger list yet).
Should i look elsewhere?

@w31rd0 said:

@quadzer0 said:

@w31rd0 said:
I try to enumerate with dirb, nothing special comes back. i use dirbuster (medium wordlist), only 2 results.
should i use large wordlist? or am i doing anything wrong

A large list will be fine if you don’t mind waiting.

Do you know what you are looking for? I’d re-read the Jeeves threads and understand what you are fuzzing for.

To be honest I was on the initial enumeration, so i just scanned the http page (did not use a larger list yet).
Should i look elsewhere?

Don’t skimp on the initial port scan :slight_smile: