Official Jewel Discussion

12346

Comments

  • can i please get a nudge? im stuck on that box for a couple of hours now and im so frustrated have'nt gotten the user yet but done so much recon

  • @bgokjh said:

    can i please get a nudge? im stuck on that box for a couple of hours now and im so frustrated have'nt gotten the user yet but done so much recon

    This is one of the harder medium boxes, so be prepared to do some "out-of-the-box" thinking.

    First make sure your wordlist is big enough. Then enumerate the servers. One on you might find something which is worth further investigation. If you find a software version, look to see if it is exploitable. If it is, exploit it.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I got real slow cracking with hashcat and bcrypt 624h/s. Im using a rtx 3080. that cant be right?

  • @pufferty said:

    I got real slow cracking with hashcat and bcrypt 624h/s. Im using a rtx 3080. that cant be right?

    Double check you are using the correct mode. It should crack in a fairly short time.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake said:

    @pufferty said:

    I got real slow cracking with hashcat and bcrypt 624h/s. Im using a rtx 3080. that cant be right?

    Double check you are using the correct mode. It should crack in a fairly short time.

    Or put in other words: When it takes a long time, it wasn't the correct the hash ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

  • can i get a nudge on cracking the hashes? I found more than 2, having trouble getting the right dictionary for this. I am running hashcat and ran jtr both with the B* algorithm but it doesnt seem to be able to crack. I found the search engine but i believe i need to crack these hashes before i priv esc so i can use the password to run s***

    Hack The Box

  • Got root! Very nice machine! Learned so much about new things!
    Foothold is hard when it's compared to privilege escalation. Timing created a huge problem for me to do 2 F* thing. But I used a mobile app, then it's finally done.

    PM for nudges

  • edited January 2

    Are user (b***) password crackable? I'm like 1h in rockyou and can't can't manage to crack it and I'm quite stuck on that
    EDIT:
    It is but right hash need to be bruteforced

  • Type your comment> @SovietBeast said:
    > Are user (b***) password crackable? I'm like 1h in rockyou and can't can't manage to crack it and I'm quite stuck on that
    > EDIT:
    > It is but right hash need to be bruteforced

    are there any hints on the machine that clued you into any patterns for the mask? like b*** likes special characters, password length X, etc ?

    Hack The Box

  • edited January 2

    Type your comment> @unkn0wnsyst3m said:

    Type your comment> @SovietBeast said:

    Are user (b***) password crackable? I'm like 1h in rockyou and can't can't manage to crack it and I'm quite stuck on that
    EDIT:
    It is but right hash need to be bruteforced

    are there any hints on the machine that clued you into any patterns for the mask? like b*** likes special characters, password length X, etc ?

    @unkn0wnsyst3m b*** is a user, I wasn't sure if this was a spoiler or not so I mask it, but if you are struggling with cracking user password you are probably looking at wrong hash of this user. Right hash are cracked in seconds with john and rockyou. I missed it at first but then I ran linpeas and after that I was able to use right hash

  • Type your comment> @SovietBeast said:
    > Type your comment> @unkn0wnsyst3m said:
    >
    > (Quote)
    > @unkn0wnsyst3m b*** is a user, I wasn't sure if this was a spoiler or not so I mask it, but if you are struggling with cracking user password you are probably looking at wrong hash of this user. Right hash are cracked in seconds with john and rockyou. I missed it at first but then I ran linpeas and after that I was able to use right hash

    Ok thanks for the feedback. I have 3 hashes and already found the one from linpeas, hmmm I’ll look at my John commands again.

    Hack The Box

  • got it, i must have overlooked it sigh....thanks!

    Hack The Box

  • Rooted, not a fan of the system used. Had some PTSD from a time when I had time sync issues.

    GRID, GPEN

  • rooted, foothold was annoying, root was really easy.

  • rooted! The foothold got me for a few days. Privesc wasn't too bad.

    GCIH | GCED | GCIA | GSEC | GPYC | CEH | Security+

  • Need nudges for foothold here!

    Security+

    Hack The Box

  • @kurogai said:

    Need nudges for foothold here!

    There is a CVE you can use.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @kurogai said:

    Need nudges for foothold here!

    There is a CVE you can use.

    I think i found it, can i pm you?

    Security+

    Hack The Box

  • @kurogai said:

    Type your comment> @TazWake said:

    @kurogai said:

    Need nudges for foothold here!

    There is a CVE you can use.

    I think i found it, can i pm you?

    Yes

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • rooted finally. overlooked a few things as usual. i swear i gloss over obvious things and i'll never learn.. PM for hints if anyone is still trying this box.

    HcKy

    Happy to help. If any of my rambling is useful consider leaving some respect.

  • any help with root pls?

  • @k01n said:

    any help with root pls?

    Look at what the account is allowed to do as a super user.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I think I found the exploit... I manage to make it work locally but when I do it on the real target it doesn't work, any advice ?

  • edited January 29

    @seniuus said:

    I think I found the exploit... I manage to make it work locally but when I do it on the real target it doesn't work, any advice ?

    If you're using the exploit properly it should work. If you think you're doing everything right and it's not working you can reset the box. If it still doesn't work it's probably not correct.

    HcKy

    Happy to help. If any of my rambling is useful consider leaving some respect.

  • Loved this one. So rewarding. Learned a lot of things today.

    Some nudges.

    Foothold: some of dependencies used for building application are vulnerable. One of them is a critical vulnerability. It has a CVE assigned to it. CVE -> Google exploit for it.
    Root: Look around, look around a lot. All you need is on the box. No need to download and execute external scripts.

    Huge thanks to @HcKy. A lot of help without revealing answers. Helped me to not waste too much time on rabbit holes. Love when people encourage you to continue trying.

  • # id
    uid=0(root) gid=0(root) groups=0(root)
    # hostname
    jewel.htb
    

    took me quite some time...
    First time I had to use burp (didn't feel like parsing html), debugging locally was a waste of time (CVE easily googled by app language + looking at source). Also john is much faster on my piss-end laptop, wasted 3-4 hours messing with opencl on my fedora host only to get slower speeds than inside my VM...

  • edited February 2

    Does somebody know why my john and my hashcat are not able to crack that damn hash?
    apparently more people had that issue...? How did you solve it?

    please PM me

  • edited February 6

    based on hints above ive been trying on the wrong vuln all this time hahaha, situation in that cve look sooo this box i thought it's about customize toward the dir structure in the repo and some guess work

    what_what

  • I synced my time and timezone with the machine's time and timezone but i still get Error "Operation not permitted" while writing config. Can anyone help me?

  • edited February 6

    for someone who already got user, on the way of rooting, box got reset so have to do user again, keep getting "The change you wanted was rejected. Maybe you tried to change something you didn't have access to." :

    recall that you've done something with time, not necessarily in a clean way, depend on your time zone, your gnome version and the way your browser decide what time you're in e.g. ip, time zone reading, clock reading etc, now your browser could have a "just got a session cookie that had been expired for x hours yikes not gonna save it not to mention send it in the future" altitude, while the htb server being "no session cookie? no session access"

    what_what

Sign In to comment.