Official Jewel Discussion

Type your comment> @elseif said:

Type your comment> @mandev said:

I find the right cve but page gives 500 error. I tryed ar***s instead of usrs but not luck. Any nudge?

It will respond with 500 but still go through. Try sending multiple requests and reload the page to see if it’s reflected. Curl/burp/zap works better than going through the browser as well.

For pad part only changing cond is enough right? and remote address to ofcource :slight_smile: If it fails then its co**nd or encode right?

Type your comment> @mandev said:

Type your comment> @elseif said:

Type your comment> @mandev said:

I find the right cve but page gives 500 error. I tryed ar***s instead of usrs but not luck. Any nudge?

It will respond with 500 but still go through. Try sending multiple requests and reload the page to see if it’s reflected. Curl/burp/zap works better than going through the browser as well.

For pad part only changing cond is enough right? and remote address to ofcource :slight_smile: If it fails then its co**nd or encode right?

Hmmm pm me and show me what you’ve been trying. I think you might be stuck in a rabbit hole.

Type your comment> @UrbanMystery said:

Hmm, can’t seem to establish a reverse-shell connection, might be payload encoding (although it seems fine) - anybody have any tips?

I am in the same boat mate.

rooted. thanks @sm4sh0ps for confirming i was on the right track, and @Hyp3rDrive for the idea to use the snake to encode the payload for the foothold.

not much to add that hasn’t already been said, apart from if you think you are doing everything right for the foothold, check your encoding again. and watch out for shady characters.

i am still stuck on this The change you wanted was rejected. > > Maybe you tried to change something you didn’t have access to. …

does any one have any clue how to deal with it, I have reset the browser, the box, the pvn pack , I already have the user flag , while moving on to root I am stuck back at square one.

Type your comment> @mohsinhakak said:

i am still stuck on this The change you wanted was rejected. > > Maybe you tried to change something you didn’t have access to. …

does any one have any clue how to deal with it, I have reset the browser, the box, the pvn pack , I already have the user flag , while moving on to root I am stuck back at square one.

I got this after the box was reset and the account I created was deleted. creating a new one fixed it.

Type your comment> @mohsinhakak said:

i am still stuck on this The change you wanted was rejected. > > Maybe you tried to change something you didn’t have access to. …

does any one have any clue how to deal with it, I have reset the browser, the box, the pvn pack , I already have the user flag , while moving on to root I am stuck back at square one.

I get that all the time.
Worked using Chromium and when I switched my own VM (kali VM)

I need a nudge with root. The is something wrong with the Time :frowning:

Rooted. Thanks @pizzapower for helping with a scanning tool.

My best recommendation for foothold is to set up that environment yourself. Works like a charm after that :slight_smile:

Done,
Good box, not very fun, but i’ve learnt a couple if interesting things…

What payload to use for rev shell? Only touch command seems to work, nothing else is working.

Type your comment> @pswalia said:

What payload to use for rev shell? Only touch command seems to work, nothing else is working.

DM me if you’re still stuck.

Type your comment> @PapyrusTheGuru said:

Type your comment> @pswalia said:

What payload to use for rev shell? Only touch command seems to work, nothing else is working.

DM me if you’re still stuck.

i stuck at the same part…

You may have the right payload but it doesn’t work straight away as other payloads do. There’s caching involved, etc, so it might take a few more steps to actually trigger it.

The vuln can be hard to find. For what is worth, when a vulnerability has a CVE documented by NVD, it’ll show up after a search here: https://nvd.nist.gov/vuln/search - so worth a shot to see if there are potential candidates in there.
The usual 2cents:
Foothold/User: CVE has a PoC showing the way to generate a valid payload - look at the code to figure out where to use it
Root: while doing your usual check you’ll realize what this is about - and you’re a couple of commands from root

If anybody cared to set up the whole environment locally, other payloads will not work. > @Timdb said:

Type your comment> @PapyrusTheGuru said:

(Quote)
i stuck at the same part…

If anybody cared to set up the whole environment locally(like me), other payloads will not work locally. But everything works on the box. I was trying to reproduce everything locally but none other than “touch” seems to work. So do it directly on the box itself. Now I am trying for the root.

Type your comment> @iWillBeFamous said:

got some hashes can’t crack them tho…

me too

The box is very slow tonight… ssh connection take so much time (yes I’ve put a public key in it) and broken pipe occurs a lot…

Spoiler Removed

For the timing issue, i’d recommend that you use the mobile app version with time synced there. I couldn’t get anything on my machine to work, even with perfect synchronization.