Given the fact that Windows Exploit Suggester or equivalent is probably the first tool that comes to mind when dealing with a Windows box, it is quite amazing to me that most of the walkthroughs do not bother talking about using it for Jeeves.
I have checked out close to 20 walkthroughs for Jeeves and only 1 person has written about the use of Windows Exploit Suggester to get to root.
It seems all the other walkthroughs jumped straight to making use of CEH.kdbx without explaining how they got lucky at guessing this was the file to use.
I prefer a video walkthrough because I can learn from the step by step instruction.
Here are all the walkthroughs I have checked out with not one mention of Windows Exploit Suggester or equivalent.
I tend to not use Windows-Exploit-Suggestor because it gives a lot of false positives. The program works by pulling a list of exploits from an excel file, grabbing the patch name, and then searching for updates checking if the patch name (KBxxxxxx) is Installed. Unfortunately, Microsoft changes the bulletin ID quite frequently especially with their new “monthly roll-up” style of patches.
Sherlock works a bit differently, it pulls the Version Number off the DLL associated with the exploit. So there isn’t any false positives, the downside is that the script has to be manually updated as Microsoft doesn’t release what files change in each patch.
As for why everyone skipped over how they found the keypass file. It’s in the User’s Documents folder, a place most people just check manually. Some enumeration scripts will point out files in the directories (such as JAWS). I just don’t show every tool every video because it would be super repetitive.
Yeah exactly as ippsec pointed out, in the case of Jeeeves most people, myself included found the KeePass database because we regularly check all the standard directories (Desktop, Downloads, Documents) manually for anything of interest and a KeePass database sticks out as something that may have valuable stuff in it.
I see you have my video posted. I am mike from digital offensive. I used JAWS similar tool to what you are referring you can see in the video I execute jaws and show how I came up with the CEH file. However even without the tool you would find it through basic enumeration as CEH is a odd name and is a hacker certification. Then googling the extension if you did not know already would of gave you further hints.
As for why everyone skipped over how they found the keypass file. It’s in the User’s Documents folder, a place most people just check manually. Some enumeration scripts will point out files in the directories (such as JAWS). I just don’t show every tool every video because it would be super repetitive.
IppSec , thanks for the videos you have created for these retired machines.
Unlike most walkthroughs you take the time to explain your thinking behind the steps you take in your video and these are the teaching moments I believe your audience is looking for.
They are the main reason why I am paying to be a VIP with Hackthebox in order to learn pentesting.
I know you aim to keep them interesting by teaching new tricks in every video.
May I suggest to you to do your best to cater to 2 groups of audience:
Noobs like me who are still learning the basics and the pros who are learning new tricks.
For noobs like me we would like to know why certain ‘required’ tools are used and not used in enumeration and privilege escalation.
We noobs are still learning how to avoid rabbit holes and therefore we would like to understand under what circumstances what should be done or not done in pentesting.
So if nmap or equivalent is not used in enumeration we would like to know why.
Just like when Sherlock or equivalent is not used in privilege escalation when dealing with Windows boxes.
Yes , it might sound repetitive to some but then tools such as nmap is a ‘required’ tool and therefore cannot be skipped in any of your videos.
Another good thing about your videos is your limited use of ‘easy way out’ tools such as Meterpreter* and SQLmap which are not allowed in OSCP as you seem to prefer to spend time explaining the manual way of doing enumeration and privilege escalation.
You are doing a great job and I hope to see more great videos from you.
Thanks a million.
Well , I know Meterpreter is allowed to be used for only 1 out of 5 VM in OSCP
@witness2pro said:
May I suggest to you to do your best to cater to 2 groups of audience:
Noobs like me who are still learning the basics and the pros who are learning new tricks.
For noobs like me we would like to know why certain ‘required’ tools are used and not used in enumeration and privilege escalation.
We noobs are still learning how to avoid rabbit holes and therefore we would like to understand under what circumstances what should be done or not done in pentesting.
So if nmap or equivalent is not used in enumeration we would like to know why.
Thanks for all the kind words, unfortunately, I’m not going to say why I’m not using X tool in most videos. There are far too many tools and tools change so it makes the videos become dated faster. I’m relatively good at answering comments on YT, so can always ask there. Additionally if you do a youtube search on tools like “ippsec sparta”, you can find the first video I talk about the tool and my general thoughts behind it. Why I used it or why I didn’t use it.
My best advice is when you have a tool you think should be used, run it a few times and see if there’s any reason to not like it.
I think when you make your videos the noobs like me will appreciate it very much when you can spend just a few seconds explaining why you skip the ‘standard’ or ‘expected’ tools (e.g. nmap) in enumeration and privilege escalation.
It might help us learn the limitations of these tools as we develop our pentesting methodology.
Since we are noobs we still do not know what we don’t know so we need all the help we can get.
