Official Jewel Discussion

12357

Comments

  • #id
    uid=0(root) gid=0(root) groups=0(root)

    Very nice machine. I enjoyed every step, even though foothold was pretty PITA (especially payload part). Thanks @LMAY75 for saving my time and confirming what works.

    Hints:
    Foothold: Use virtualenv for exploit POC. That will save you time with incompatible system packages. There are typos in POC Readme - just keep focus. Remember that it's not enough to upload something. You must also trigger it.
    Root: Pretty straightforward. If you have Dali clock that is bent too much remember that you can do everything on the machine. Use their clock, Luke.

    sparrow1

  • Just got root with some nudges from @trab3nd0 and @LMAY75

    Some tips:
    Foothold: Find someone else to appraise your jewels. As others have said, the github page is mostly correct but there is a typo and some encoding issues
    Root: Don't be afraid of bcrypt! (I normally don't bother trying to crack them)

    PM for nudges but make sure you tell me what you've tried

    cmoon
    OSCP

  • hey, anyone get this error in the final step at the root :
    [ Error "Operation not permitted" while writing config ]

  • Type your comment> @KareemElsadek said:

    hey, anyone get this error in the final step at the root :
    [ Error "Operation not permitted" while writing config ]

    Sync your time (your kali) with the box and you will get it

    Why 50 53R10U5

  • Finally, i've rooted it. User part took most of the time and was pretty awesome. No further tips are needed, everything is in this topic. For the root part: the thing you think is a huge waste of time. Well IT IS NOT a waste of time. Just do it.

  • Type your comment> @sparrow1 said:

    #id
    uid=0(root) gid=0(root) groups=0(root)

    Very nice machine. I enjoyed every step, even though foothold was pretty PITA (especially payload part). Thanks @LMAY75 for saving my time and confirming what works.

    Hints:
    Foothold: Use virtualenv for exploit POC. That will save you time with incompatible system packages. There are typos in POC Readme - just keep focus. Remember that it's not enough to upload something. You must also trigger it.
    Root: Pretty straightforward. If you have Dali clock that is bent too much remember that you can do everything on the machine. Use their clock, Luke.

    Thanks @sparrow1 for saving me.
    I've Rooted it.

  • It's not working at all for me.
    `
    We're sorry, but something went wrong.

    If you are the application owner check the logs for more information.
    `
    This error pops up in port 8080 every time

  • Type your comment> @Spl01ter said:

    This error pops up in port 8080 every time

    That's not a problem at all. In fact, that error is a good sign ;)

  • Can someone tell me if my payload is right :blush:

  • Type your comment> @pizzapower said:

    Also for the foothold, the way I found it was using a website that scans a certain file that is exclusive to the language involved in the blog. It parses the file and looks for vulns.

    I found it like 5 minutes after the box was live. I was sure I was going to get blood, and then I had to go to work, and then I couldn't get my payload to work properly, and then I drank too much.

    I thought this was my one chance for HTB glory, because even easy boxes take me like 5 hours, usually, but alas, it was not in the cards, lololol.

    I was trying around for hours. This hint helped me get at least the start/user. I thank you so much, this was a pain, lol.

  • Another good box - again it felt like user was harder than root, largely because I needed to do a lot of tweaking to get it working.

    Privesc had a very interesting element - never seen that on a CTF before.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Can anyone give me a hint via DM on how to get foothold?
    I'm pretty sure I am on the right track however i cannot get my payload to work properly.

  • @Arestenia said:

    Can anyone give me a hint via DM on how to get foothold?
    I'm pretty sure I am on the right track however i cannot get my payload to work properly.

    It depends what your payload is and how you are trying to deliver it. Assuming you've injected via burp, you may need to refresh the home page to trigger it.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Is there a way to fix this error?
    Error "Operation not permitted" while writing config
    I have synced my machine to the server but it still won't work. Tried many things but nothing is working.

  • @AidynSkullz said:

    Is there a way to fix this error?
    Error "Operation not permitted" while writing config
    I have synced my machine to the server but it still won't work. Tried many things but nothing is working.

    Don't try to create a new config, but rather use what you already have ;)


    Hack The Box
    OSWE | GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • edited November 2020
    finally root; this was a great and 'lessons learned ' kind of box. I spend too much time on the wrong cve for foothold/user. lesson learned: make sure you check if the settings match the cve if they dont it is probably the wrong one and move on. regarding root: the tool with the spherical vegetable will not show you everything you need. make sure you manually double check the interesting file(s) for creds and dont be afraid of bcrypt.
    thx to @TazWake putting me back on track for root.

    zaphoxx

  • Foothold was a mess for me XD
    [email protected]:~# id uid=0(root) gid=0(root) groups=0(root)

  • Type your comment> @zaphoxx said:

    finally root; this was a great and 'lessons learned ' kind of box. I spend too much time on the wrong cve for foothold/user. lesson learned: make sure you check if the settings match the cve if they dont it is probably the wrong one and move on. regarding root: the tool with the spherical vegetable will not show you everything you need. make sure you manually double check the interesting file(s) for creds and dont be afraid of bcrypt.

    Well actually the exact same tool gave me the interesting file along with its contents. Maybe you need an updated version.

    There are a couple of things i don't fully understand regarding the foothold, would like to discuss if somebody is interested.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • There were so many points in this box where I thought "hey this is easy!" only to realize I hadn't figured out the real issue yet. User gave me some trouble with setting up the G** because I barely have any experience with it.

    Also had to look at the machine checklist after spending a while on d. to make sure I wasn't crazy about what I was trying to do.

  • edited December 2020

    I could say I'm lost, but actually I'm not even sure I started to move and, in any case, I have no clue where I'm supposed to go. I spent quite some time looking for anything, and in the end I found a potential CVE, but it's so much trouble getting it to run that I'd like someone to DM me so I know if it's worth wasting more of my time.

    Edit : Rooted. A big, big thanks to @benj0, without his/her help regarding the foothold I think i would just have moved to another box.

    dragonista

  • worst box i've ever done.

    You'd think that you can at least debug something when you have the source. Not with this one. Let's intentionally remove some files from the sources so when someone tries to run the app it's just gonna crash. Great idea.

    Let's use some langauge package that even the internet doesn't know. So let's install all the packages that have the database in the name. No, still nothing. You just don't won't this to work no matter what :) Great idea again.

    Can't debug the exploitation? No problem, let's just try throwing random stuff at the box, maybe that's gonna work or most likely not.

    Really wanna understand where the vuln is, why it exists and how it works at the low level? Sorry, not not possible with this box :) This box just gives you everything else other than possibility to understand the vuln and learn somethnig from it which is nothing. So a big thanks for NOTHING!

    PLEASE JUST DON'T DO ANY MORE BOXES LIKE THIS EVER.

  • Can someone help me for timezone issue ?

  • Rooted.

    Found the vulnerability and POC without any assistance, but couldn't get it to work properly with any custom commands. Took a lot of time spinning my wheels after that, but got it working. Root was easy. Decent box, albeit far from my favorite.

  • edited December 2020

    So going through a file I found two password hashes. With the type of hashing used, it's going to take over a week to crack one using john. Is this a rabbit hole?

    DaShan3l

  • @DaShan3 said:

    So going through a file I found two password hashes. With the type of hashing used, it's going to take over a week to crack one using john. Is this a rabbit hole?

    It depends. It shouldn't take that long if you have the right file. The hashing mode (starts with a b) is quick to crack in Hashcat.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @DaShan3 said:

    So going through a file I found two password hashes. With the type of hashing used, it's going to take over a week to crack one using john. Is this a rabbit hole?

    It depends. It shouldn't take that long if you have the right file. The hashing mode (starts with a b) is quick to crack in Hashcat.

    Thank you! Forgot about Hashcat.

    DaShan3l

  • rooted. another box where i learned a good amount of new things, and reminder to not forget what you've already learned!

    DaShan3l

  • Rooted. a fun box, needs a good dict-file.

  • System doesn't let me log in to website. I made a payload but I can't use. Because I can't log in [If you are the application owner check the logs for more information.] Any hints?

  • @Capitan said:

    System doesn't let me log in to website. I made a payload but I can't use. Because I can't log in [If you are the application owner check the logs for more information.] Any hints?

    When you say you "cant log in", what error messages are you getting? Are you sure you are using the correct account details?

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.