Official Jewel Discussion

Rooted! Took me far too long to find the initial vulnerability as I was looking in the wrong places. The vuln is much more recent and didn’t turn up in initial searches!

For root enumerate and go back and do something you may have tried at the start. They aren’t the same… from there its straight sailing.

Also for the foothold, the way I found it was using a website that scans a certain file that is exclusive to the language involved in the blog. It parses the file and looks for vulns.

I found it like 5 minutes after the box was live. I was sure I was going to get blood, and then I had to go to work, and then I couldn’t get my payload to work properly, and then I drank too much.

I thought this was my one chance for HTB glory, because even easy boxes take me like 5 hours, usually, but alas, it was not in the cards, lololol.

Type your comment> @pizzapower said:

I was sure I was going to get blood… and then I drank too much.

that’s me every Saturday

Type your comment> @sm4sh0ps said:

Type your comment> @pizzapower said:

I was sure I was going to get blood… and then I drank too much.

that’s me every Saturday

At 2 in the afternoon? :lol:

Amazing box!!!

Learned some tricks. I would think this box is not medium but ok. Thx for this kind of boxes

my hints:

User: try to find the code and google somethings. I’m not expert on this programming language so it takes me a lot of time. There is a CVE on github and other article on hackerone. Read them (remember don’t need clone nothing)

Root: Basic enumeration will give you some key words. Keep in mind that home have a clue about escalation.

Very greatfull

Type your comment> @LMAY75 said:

Type your comment> @sm4sh0ps said:

Type your comment> @pizzapower said:

I was sure I was going to get blood… and then I drank too much.

that’s me every Saturday

At 2 in the afternoon? :lol:

lol, I have a strange work schedule, so I have to fit the drinking in whenever I can

Just rooted this. Pm for a nudge but make sure you can tell me what you’ve tried first.

Hi can someone give me hint on initial foothold part, i am working with r**** exploit and i found rce script on github, but when i tried it, it doesn’t work. I tried to do what the script do manually, but it doesn’t work too. Any hint with foothold?

Finally rooted this box. Last part with “synchronization” almost killed me :smile: I tried to synchronize over and over again, but still nothing. After all attempts I went the other way and succeed at the end

This ones driving me potty. Even with the tips here I’m getting nowhere :{

Completely reinstalled Kali because my VM was filled with so much clutter and filler, going to get back to this machine tomorrow, hopefully I’ll make some progress :slight_smile:

Type your comment> @0xstain said:

Hi can someone give me hint on initial foothold part, i am working with r**** exploit and i found rce script on github, but when i tried it, it doesn’t work. I tried to do what the script do manually, but it doesn’t work too. Any hint with foothold?

This tricked me for a bit too, first make sure you have the correct version of ruby, and then there’s a typo in the readme’s r**** commands on github so pay close attention.

Anyone else getting this when trying to register an account?

"The change you wanted was rejected.

Maybe you tried to change something you didn’t have access to. "

Using firefox on kali…

Chromium works fine though but the above is very strange.

Type your comment> @acidbat said:

Anyone else getting this when trying to register an account?

"The change you wanted was rejected.

Maybe you tried to change something you didn’t have access to. "

Using firefox on kali…

Chromium works fine though but the above is very strange.

I always get that every sign up account. I thought it was a server problem, so it is a web browser problem?

Type your comment> @0xstain said:

Type your comment> @acidbat said:

Anyone else getting this when trying to register an account?

"The change you wanted was rejected.

Maybe you tried to change something you didn’t have access to. "

Using firefox on kali…

Chromium works fine though but the above is very strange.

I always get that every sign up account. I thought it was a server problem, so it is a web browser problem?

Looks like it, (speculating)
Might be a setting (new version or something)
… TBD

Type your comment> @acidbat said:

Anyone else getting this when trying to register an account?

"The change you wanted was rejected.

Maybe you tried to change something you didn’t have access to. "

Using firefox on kali…

Chromium works fine though but the above is very strange.

It’s happen to me when the session expires

Type your comment> @acidbat said:

Anyone else getting this when trying to register an account?

"The change you wanted was rejected.

Maybe you tried to change something you didn’t have access to. "

Using firefox on kali…

Chromium works fine though but the above is very strange.

Nope, it works perfectly fine for me.

can anyone pm for root part, i am like 95% done with it and for some reasons it is not working , any help is appreciated

I have no clue why the payload is printing out on the webpage but no shell, is this encoding?

The change you wanted was rejected. > > Maybe you tried to change something you didn’t have access to. … anyone else on this when signing up or while login in ?