Official Jewel Discussion

13567

Comments

  • Type your comment> @sparkla said:

    Type your comment> @pizzapower said:

    Type your comment> @sparkla said:

    @pizzapower wearing all black?

    Yes. I'm at my own funeral, lol. Still can't get my payload to work, and I've been too busy this weekend to work on it much

    I know the feeling :D

    Just got home from working all weekend and rooted within a couple of hours. I spent 95% of my time trying to figure out what I had wrong in getting foothold. Seems to be par for the course for me.

    Hack The Box

  • Spoiler Removed

  • Found the problem, my local time was not in sync with the server. Please sync the Jewel box with ntp to prevent this **** or is it intended?

  • edited October 2020

    Got user.
    To be honest, I've never, ever, dealt with R*** at that level, so I was doing my field study while at it. But I probably spent 8 to 10 straight hours searching anything that would get me the foothold. Any exploits, CVEs, patches, versions, anything. Then I searched on a random place after hope was lost and I finally found it.

    Even then, the payload was a bit confusing, I had to use a few online tools to write it properly and to mess with it around. The tool everyone uses was returning me a perfect message with my payload, where it shouldn't.

    For root, after many tries (and hours) on making things equal, I gave up on anything by the books and I went the ugly, manual way. It worked instantly.

    Great box. I've learnt so much from it.

  • Rooted! Took me far too long to find the initial vulnerability as I was looking in the wrong places. The vuln is much more recent and didn't turn up in initial searches!

    For root enumerate and go back and do something you may have tried at the start. They aren't the same.. from there its straight sailing.

    alt text

  • Also for the foothold, the way I found it was using a website that scans a certain file that is exclusive to the language involved in the blog. It parses the file and looks for vulns.

    I found it like 5 minutes after the box was live. I was sure I was going to get blood, and then I had to go to work, and then I couldn't get my payload to work properly, and then I drank too much.

    I thought this was my one chance for HTB glory, because even easy boxes take me like 5 hours, usually, but alas, it was not in the cards, lololol.

    Hack The Box

  • Type your comment> @pizzapower said:

    I was sure I was going to get blood.... and then I drank too much.

    that's me every Saturday

    alt text

  • Type your comment> @sm4sh0ps said:

    Type your comment> @pizzapower said:

    I was sure I was going to get blood.... and then I drank too much.

    that's me every Saturday

    At 2 in the afternoon? :lol:

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Amazing box!!!!

    Learned some tricks. I would think this box is not medium but ok. Thx for this kind of boxes

    my hints:

    User: try to find the code and google somethings. I'm not expert on this programming language so it takes me a lot of time. There is a CVE on github and other article on hackerone. Read them (remember don't need clone nothing)

    Root: Basic enumeration will give you some key words. Keep in mind that home have a clue about escalation.

    Very greatfull

  • Type your comment> @LMAY75 said:

    Type your comment> @sm4sh0ps said:

    Type your comment> @pizzapower said:

    I was sure I was going to get blood.... and then I drank too much.

    that's me every Saturday

    At 2 in the afternoon? :lol:

    lol, I have a strange work schedule, so I have to fit the drinking in whenever I can

    Hack The Box

  • Just rooted this. Pm for a nudge but make sure you can tell me what you've tried first.

    Hack The Box

  • Hi can someone give me hint on initial foothold part, i am working with r**** exploit and i found rce script on github, but when i tried it, it doesn't work. I tried to do what the script do manually, but it doesn't work too. Any hint with foothold?

  • Finally rooted this box. Last part with "synchronization" almost killed me :smile: I tried to synchronize over and over again, but still nothing. After all attempts I went the other way and succeed at the end

    N0rt0N

  • This ones driving me potty. Even with the tips here I'm getting nowhere :{

  • Completely reinstalled Kali because my VM was filled with so much clutter and filler, going to get back to this machine tomorrow, hopefully I'll make some progress :)

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • Type your comment> @0xstain said:

    Hi can someone give me hint on initial foothold part, i am working with r**** exploit and i found rce script on github, but when i tried it, it doesn't work. I tried to do what the script do manually, but it doesn't work too. Any hint with foothold?

    This tricked me for a bit too, first make sure you have the correct version of ruby, and then there's a typo in the readme's r**** commands on github so pay close attention.

    elseif

  • Anyone else getting this when trying to register an account?

    "The change you wanted was rejected. Maybe you tried to change something you didn't have access to. "

    Using firefox on kali..

    Chromium works fine though but the above is very strange.

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Type your comment> @acidbat said:

    Anyone else getting this when trying to register an account?

    "The change you wanted was rejected. > > Maybe you tried to change something you didn't have access to. "

    Using firefox on kali..

    Chromium works fine though but the above is very strange.

    I always get that every sign up account. I thought it was a server problem, so it is a web browser problem?

  • Type your comment> @0xstain said:

    Type your comment> @acidbat said:

    Anyone else getting this when trying to register an account?

    "The change you wanted was rejected. > > > > Maybe you tried to change something you didn't have access to. "

    Using firefox on kali..

    Chromium works fine though but the above is very strange.

    I always get that every sign up account. I thought it was a server problem, so it is a web browser problem?

    Looks like it, (speculating)
    Might be a setting (new version or something)
    ... TBD

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Type your comment> @acidbat said:

    Anyone else getting this when trying to register an account?

    "The change you wanted was rejected. > > Maybe you tried to change something you didn't have access to. "

    Using firefox on kali..

    Chromium works fine though but the above is very strange.

    It's happen to me when the session expires

  • Type your comment> @acidbat said:

    Anyone else getting this when trying to register an account?

    "The change you wanted was rejected. > > Maybe you tried to change something you didn't have access to. "

    Using firefox on kali..

    Chromium works fine though but the above is very strange.

    Nope, it works perfectly fine for me.

    Feel free to PM me, but please ask good questions: https://www.shorturl.at/fmAX6

  • can anyone pm for root part, i am like 95% done with it and for some reasons it is not working , any help is appreciated

  • I have no clue why the payload is printing out on the webpage but no shell, is this encoding?

  • The change you wanted was rejected. > > Maybe you tried to change something you didn't have access to. ........................... anyone else on this when signing up or while login in ?

  • Type your comment> @BrandonSG said:

    I have no clue why the payload is printing out on the webpage but no shell, is this encoding?

    Either encoding or the shell command, or both.

    elseif

  • Type your comment> @Andres7ll said:

    Type your comment> @acidbat said:

    Anyone else getting this when trying to register an account?

    "The change you wanted was rejected. > > > > Maybe you tried to change something you didn't have access to. "

    Using firefox on kali..

    Chromium works fine though but the above is very strange.

    It's happen to me when the session expires

    Weird, I get this when creating an account, so session expiry shouldn't be a problem..

    Anyway, bigger problems to solve, this is just an annoyance that can be dealt with

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • I don't understand why i get :smiley:

    Error "Operation not permitted" while writing config
    

    when logging in.... and i know i have the right credentials as the message is different if i input some random stuff.

    How close in sync should machines be ? I'm within a few seconds only, and assumed that would be enough, based on the doc...

    lebutter
    eCPPT | OSCP

  • edited October 2020

    I find the right cve but page gives 500 error. I tryed ar****s instead of us*rs but not luck. Any nudge?

  • Rooted! Fun box! I bit hard for me the foothold, but I enjoyed it! Congrats @polarbearer

    Pm if anyone need a nudge!

  • root was pretty easy, user was way easier than i made it, after hours of beating my head against my own stupid wall, the solution turned out to look harder but worked the first time. sometimes the way that looks harder is the way to go in the first place.

    Arrexel
    GWAPT,Security+,VCP,A+,Server+,Linux+,Nework+

Sign In to comment.