I am a new user and trying to learn.
I have been following most of the write-ups. I followed all the instructions except, I couldn’t figure out your instruction on downloading the file “CEH.kdbx” to my local kali box.
Where you say, “There’s a couple of ways to do this. One is to use Netcat to set up a listener on the Jeeves box and then connect to it from your attacking machine but the easiest way I found was to copy the file to the userContent folder inside the Jenkins directory (C:\Users\Administrator.jenkins)”.
Where is exactly the ‘userContent’ folder, I copied the file to the C:\Users\Administrator.jenkins folder, then I tried to access the file to download it, it couldn’t just find this folder.
I went to http://10.10.10.63:50000/askjeeves/userContent/ but couldn’t find the copied file.
Please help me getting the file.
Also, you mentioned about an alternate way of initiating a listener on the remote Windows box, please provide some instructions/tips on that as well.
It would be a great learning experience for me please!
Thanks for the great work!
Thanks for the kind words. I’m not at a machine right now to double check, but there should be a folder inside
userContent. Any files placed in here will be served up on request, for example copying CEH.kdbx in to the
userContent dir will be accessible using the url
I couldn’t get the netcat listener working, however I’m also having the same issues with 2 other boxes so I think there’s an issue on my system somewhere. I need to investigate this before I can write it up.
Great writeup, but for Priv Esc, you can do it without metasploit by using pth-win.exe once you have the hash - especially if you intend to do oscp as I assume that it what you will be doing based on your initial message
I’m going to give this a go this week and will amend the writeup. Thanks for the advice!