Official Jewel Discussion

OS rebuilt, can finally go build this payload now

After sending the payload I see the code on the top of the title bar, but nothing happens, no shell returned. Has this happened to any of you? Thanks.

Type your comment> @sparkla said:

@pizzapower wearing all black?

Yes. I’m at my own funeral, lol. Still can’t get my payload to work, and I’ve been too busy this weekend to work on it much

So I’m getting the 500 error but none of my payloads are working, tried a bash one-liner and nc rev shell

Anyone else having the same issue?

Type your comment> @zerologon said:

After sending the payload I see the code on the top of the title bar, but nothing happens, no shell returned. Has this happened to any of you? Thanks.

Go to a place and try to load it

i’m stuck with getting R**. pm me anyone please

i created payload and pasted it but when i send that i doesnt get shell in nc

Completely lost on this one. I get it from the hints that there’s an obvious vulnerability somewhere, i come up with only one candidate and there’s a very quick check that shows it’s not vulnerable to it.

I give up. The bugs have made this box unsolvable.

Rooted! Feel free to DM for tips or hints. Actually a fun box in hindsight.

Finally rooted, great box. For foothold, look at the name for ideas - what you need is rather recent. If your payload doesn’t work, play around with other potential payloads. For root, just ensure running the command “date” on your local machine, and on the box match.

Rooted. Box was all buggy yesterday, today was a bit better. Root was straightforward, user was a lot more difficult. PM me for nudges, happy to help!

Type your comment> @sparkla said:

Type your comment> @pizzapower said:

Type your comment> @sparkla said:

@pizzapower wearing all black?

Yes. I’m at my own funeral, lol. Still can’t get my payload to work, and I’ve been too busy this weekend to work on it much

I know the feeling :smiley:

Just got home from working all weekend and rooted within a couple of hours. I spent 95% of my time trying to figure out what I had wrong in getting foothold. Seems to be par for the course for me.

Spoiler Removed

Found the problem, my local time was not in sync with the server. Please sync the Jewel box with ntp to prevent this **** or is it intended?

Got user.
To be honest, I’ve never, ever, dealt with R*** at that level, so I was doing my field study while at it. But I probably spent 8 to 10 straight hours searching anything that would get me the foothold. Any exploits, CVEs, patches, versions, anything. Then I searched on a random place after hope was lost and I finally found it.

Even then, the payload was a bit confusing, I had to use a few online tools to write it properly and to mess with it around. The tool everyone uses was returning me a perfect message with my payload, where it shouldn’t.

For root, after many tries (and hours) on making things equal, I gave up on anything by the books and I went the ugly, manual way. It worked instantly.

Great box. I’ve learnt so much from it.

Rooted! Took me far too long to find the initial vulnerability as I was looking in the wrong places. The vuln is much more recent and didn’t turn up in initial searches!

For root enumerate and go back and do something you may have tried at the start. They aren’t the same… from there its straight sailing.

Also for the foothold, the way I found it was using a website that scans a certain file that is exclusive to the language involved in the blog. It parses the file and looks for vulns.

I found it like 5 minutes after the box was live. I was sure I was going to get blood, and then I had to go to work, and then I couldn’t get my payload to work properly, and then I drank too much.

I thought this was my one chance for HTB glory, because even easy boxes take me like 5 hours, usually, but alas, it was not in the cards, lololol.

Type your comment> @pizzapower said:

I was sure I was going to get blood… and then I drank too much.

that’s me every Saturday

Type your comment> @sm4sh0ps said:

Type your comment> @pizzapower said:

I was sure I was going to get blood… and then I drank too much.

that’s me every Saturday

At 2 in the afternoon? :lol: