Official Jewel Discussion

Type your comment> @mohsinhakak said:

i am still stuck on this The change you wanted was rejected. > > Maybe you tried to change something you didn’t have access to. …

does any one have any clue how to deal with it, I have reset the browser, the box, the pvn pack , I already have the user flag , while moving on to root I am stuck back at square one.

I got this after the box was reset and the account I created was deleted. creating a new one fixed it.

Type your comment> @mohsinhakak said:

i am still stuck on this The change you wanted was rejected. > > Maybe you tried to change something you didn’t have access to. …

does any one have any clue how to deal with it, I have reset the browser, the box, the pvn pack , I already have the user flag , while moving on to root I am stuck back at square one.

I get that all the time.
Worked using Chromium and when I switched my own VM (kali VM)

I need a nudge with root. The is something wrong with the Time :frowning:

Rooted. Thanks @pizzapower for helping with a scanning tool.

My best recommendation for foothold is to set up that environment yourself. Works like a charm after that :slight_smile:

Done,
Good box, not very fun, but i’ve learnt a couple if interesting things…

What payload to use for rev shell? Only touch command seems to work, nothing else is working.

Type your comment> @pswalia said:

What payload to use for rev shell? Only touch command seems to work, nothing else is working.

DM me if you’re still stuck.

Type your comment> @PapyrusTheGuru said:

Type your comment> @pswalia said:

What payload to use for rev shell? Only touch command seems to work, nothing else is working.

DM me if you’re still stuck.

i stuck at the same part…

You may have the right payload but it doesn’t work straight away as other payloads do. There’s caching involved, etc, so it might take a few more steps to actually trigger it.

The vuln can be hard to find. For what is worth, when a vulnerability has a CVE documented by NVD, it’ll show up after a search here: https://nvd.nist.gov/vuln/search - so worth a shot to see if there are potential candidates in there.
The usual 2cents:
Foothold/User: CVE has a PoC showing the way to generate a valid payload - look at the code to figure out where to use it
Root: while doing your usual check you’ll realize what this is about - and you’re a couple of commands from root

If anybody cared to set up the whole environment locally, other payloads will not work. > @Timdb said:

Type your comment> @PapyrusTheGuru said:

(Quote)
i stuck at the same part…

If anybody cared to set up the whole environment locally(like me), other payloads will not work locally. But everything works on the box. I was trying to reproduce everything locally but none other than “touch” seems to work. So do it directly on the box itself. Now I am trying for the root.

Type your comment> @iWillBeFamous said:

got some hashes can’t crack them tho…

me too

The box is very slow tonight… ssh connection take so much time (yes I’ve put a public key in it) and broken pipe occurs a lot…

Spoiler Removed

For the timing issue, i’d recommend that you use the mobile app version with time synced there. I couldn’t get anything on my machine to work, even with perfect synchronization.

Just Rooted. Learnt 2fa implementation. Good box. Pm for hints. Thanks to @ruskii and @zweeden for hints.

rooted! nice one!

Type your comment> @aimforthehead said:

keep getting Error “Operation not permitted” while writing config" after
entering the T** code. anyone have any idea ?

It’s time based. Try to sync your box as close to the HTB one as possible. If not, use the mobile phone app - this worked for me.

Rooted !
My first box !
Lot of fun and rage ! I feel very stupid about the right escalation…

Rooted, PM for hints.