AX Jeeves

124

Comments

  • Hi who can help me with the root flag? I got the user.txt and i can use powershell and also meterpreter, but i don't found any hidden files and i don't know how to privesc. I hate windows and this is why i have no much skill with it but i think to know how to search files also in subdirectories. I used dir with different options, but nothing. I have different hashes but i'm not sure that are usefulls. Who can pm me?

  • Hi,

    What tool did you guys used to pass the hash manually ?

    I tried wce, mimikatz, psexe and didn't manage to make it work

  • Is there someone here who I can pm about transferring files from the Jeeves box to my own? I just haven't been able to set this up, probably thinking about it in the wrong way.

  • I used meterpreter

  • Struggling here... Got user via the console like most have but i can't seem to get further.
    I'm thinking i need a better shell so trying to catch a reverse meterpreter via various methods. no luck.
    also working on cracking on the hashes found in the .k*** file and the one in the .xml file (not sure which one i need - if any?) but can't seem to get any joy.

    Would love to run what im doing by someone for a sanity check in pm if anyone could spare a mo?

  • edited April 2018

    @Mumbles said:
    Is there someone here who I can pm about transferring files from the Jeeves box to my own? I just haven't been able to set this up, probably thinking about it in the wrong way.

    PM me if you like... but there is a very intersting readme laying around that explains exactlty what you need to do

  • edited April 2018

    The root flag is in the administrator folder? I don't find it! >.<

  • edited April 2018

    Nevermind, got it

  • edited April 2018
    Me, too. 🤩
  • If anyone can help point me in the right direction with regards to priv esc, please shoot me a PM. Thanks.

  • Anybody else having issues accessing the webapp today.

  • OSCE | OSCP | WCNA | CCNP | CCDP | ECSAv9 | CEHv8 | CISSP | Sec+

  • Finally rooted. That was a mindbender

  • Hi, is anyone in this discussion online that is willing to give me a little push in privesc? any help greatly appreciated

  • @d3x3 said:
    Nevermind, got it

    I'm still struggling with this, don't know where/how to look any more. Anyone a small poke in the right direction?

  • Hi guys, need some help in this. I have found the .k**** file and able to extract some passwords from this file. However i don't know what can all these passwords do to help me in my priv escalation?

  • I was struggling on this box as well. Priv esc was hard work, but finally got it.
    @SleepyKaze You should think about the information you got and for what attack vectors you can use it.

    Hack The Box

  • edited May 2018

    Got root!

    DM me for any hint :)

    lamexcape

  • got user priv and stable reverse meterpreter, found various interesting files, but unable to use them... could you please help me on priv esc?

  • How to download file?
    I stuck in there...
  • @gigi944 said:
    got user priv and stable reverse meterpreter, found various interesting files, but unable to use them... could you please help me on priv esc?

    There's a few different files, if you find the right one you might be able to find a few bits of information in it, but you might need to ask you're friend john to help you read them.

    @0racle said:
    How to download file?
    I stuck in there...

    If you dont have a meterpreter shell, maybe you can find some other space you can work with

  • edited May 2018

    @sk2k said:

    @gigi944 said:
    got user priv and stable reverse meterpreter, found various interesting files, but unable to use them... could you please help me on priv esc?

    There's a few different files, if you find the right one you might be able to find a few bits of information in it, but you might need to ask you're friend john to help you read them.

    my dear friend says it take too much time for his "ceh" job...

  • smtsmt
    edited May 2018

    this is driving me insane, I can't even get a foothold, any directory/file scanning returns nothing new (and I've used some of the larger wordlists here), any poking at other services hasn't revealed anything, what am I missing to get an initial foothold here?

  • @smt said:
    this is driving me insane, I can't even get a foothold, any directory/file scanning returns nothing new (and I've used some of the larger wordlists here), any poking at other services hasn't revealed anything, what am I missing to get an initial foothold here?

    What have you discovered to date?

  • @fuzzydunlop said:

    @smt said:
    this is driving me insane, I can't even get a foothold, any directory/file scanning returns nothing new (and I've used some of the larger wordlists here), any poking at other services hasn't revealed anything, what am I missing to get an initial foothold here?

    What have you discovered to date?

    I honestly haven't found anything apart from nmapping for the second webserver, running dirbuster or similar on both webservers hasn't revealed anything, unless I'm missing some obvious very first step (which is possible, it sounds like this box is easy to overthink)

  • Dirbuster on the second web service is the way forward. Make sure you're using a good dictionary.

  • @fuzzydunlop said:
    Dirbuster on the second web service is the way forward. Make sure you're using a good dictionary.

    welp I got it, thank you, just needed to know I was doing the right thing, a larger list helped

  • I found the ****.k file and opened it, any hint on where to progress from here ?

  • edited May 2018

    (Might be a spoiler)
    Is it possible to gain access to user via the console or should I build a payload package? I have been trying both but I'm unfamiliar with it.

    v1ew-s0urce.flv
  • @xdaem00n said:
    (Might be a spoiler)
    Is it possible to gain access to user via the console or should I build a payload package? I have been trying both but I'm unfamiliar with it.

    Nevermind

    v1ew-s0urce.flv
Sign In to comment.