Official Jewel Discussion

Can someone tell me if my payload is right :blush:

Type your comment> @pizzapower said:

Also for the foothold, the way I found it was using a website that scans a certain file that is exclusive to the language involved in the blog. It parses the file and looks for vulns.

I found it like 5 minutes after the box was live. I was sure I was going to get blood, and then I had to go to work, and then I couldn’t get my payload to work properly, and then I drank too much.

I thought this was my one chance for HTB glory, because even easy boxes take me like 5 hours, usually, but alas, it was not in the cards, lololol.

I was trying around for hours. This hint helped me get at least the start/user. I thank you so much, this was a pain, lol.

Another good box - again it felt like user was harder than root, largely because I needed to do a lot of tweaking to get it working.

Privesc had a very interesting element - never seen that on a CTF before.

Can anyone give me a hint via DM on how to get foothold?
I’m pretty sure I am on the right track however i cannot get my payload to work properly.

@Arestenia said:

Can anyone give me a hint via DM on how to get foothold?
I’m pretty sure I am on the right track however i cannot get my payload to work properly.

It depends what your payload is and how you are trying to deliver it. Assuming you’ve injected via burp, you may need to refresh the home page to trigger it.

Is there a way to fix this error?
Error "Operation not permitted" while writing config
I have synced my machine to the server but it still won’t work. Tried many things but nothing is working.

@AidynSkullz said:

Is there a way to fix this error?
Error "Operation not permitted" while writing config
I have synced my machine to the server but it still won’t work. Tried many things but nothing is working.

Don’t try to create a new config, but rather use what you already have :wink:

finally root; this was a great and 'lessons learned ’ kind of box. I spend too much time on the wrong cve for foothold/user. lesson learned: make sure you check if the settings match the cve if they dont it is probably the wrong one and move on. regarding root: the tool with the spherical vegetable will not show you everything you need. make sure you manually double check the interesting file(s) for creds and dont be afraid of bcrypt.
thx to @TazWake putting me back on track for root.

Foothold was a mess for me XD
root@jewel:~# id uid=0(root) gid=0(root) groups=0(root)

Type your comment> @zaphoxx said:

finally root; this was a great and 'lessons learned ’ kind of box. I spend too much time on the wrong cve for foothold/user. lesson learned: make sure you check if the settings match the cve if they dont it is probably the wrong one and move on. regarding root: the tool with the spherical vegetable will not show you everything you need. make sure you manually double check the interesting file(s) for creds and dont be afraid of bcrypt.

Well actually the exact same tool gave me the interesting file along with its contents. Maybe you need an updated version.

There are a couple of things i don’t fully understand regarding the foothold, would like to discuss if somebody is interested.

There were so many points in this box where I thought “hey this is easy!” only to realize I hadn’t figured out the real issue yet. User gave me some trouble with setting up the G** because I barely have any experience with it.

Also had to look at the machine checklist after spending a while on d***.*** to make sure I wasn’t crazy about what I was trying to do.

I could say I’m lost, but actually I’m not even sure I started to move and, in any case, I have no clue where I’m supposed to go. I spent quite some time looking for anything, and in the end I found a potential CVE, but it’s so much trouble getting it to run that I’d like someone to DM me so I know if it’s worth wasting more of my time.

Edit : Rooted. A big, big thanks to @benj0, without his/her help regarding the foothold I think i would just have moved to another box.

worst box i’ve ever done.

You’d think that you can at least debug something when you have the source. Not with this one. Let’s intentionally remove some files from the sources so when someone tries to run the app it’s just gonna crash. Great idea.

Let’s use some langauge package that even the internet doesn’t know. So let’s install all the packages that have the database in the name. No, still nothing. You just don’t won’t this to work no matter what :slight_smile: Great idea again.

Can’t debug the exploitation? No problem, let’s just try throwing random stuff at the box, maybe that’s gonna work or most likely not.

Really wanna understand where the vuln is, why it exists and how it works at the low level? Sorry, not not possible with this box :slight_smile: This box just gives you everything else other than possibility to understand the vuln and learn somethnig from it which is nothing. So a big thanks for NOTHING!

PLEASE JUST DON’T DO ANY MORE BOXES LIKE THIS EVER.

Can someone help me for timezone issue ?

Rooted.

Found the vulnerability and POC without any assistance, but couldn’t get it to work properly with any custom commands. Took a lot of time spinning my wheels after that, but got it working. Root was easy. Decent box, albeit far from my favorite.

So going through a file I found two password hashes. With the type of hashing used, it’s going to take over a week to crack one using john. Is this a rabbit hole?

@DaShan3 said:

So going through a file I found two password hashes. With the type of hashing used, it’s going to take over a week to crack one using john. Is this a rabbit hole?

It depends. It shouldn’t take that long if you have the right file. The hashing mode (starts with a b) is quick to crack in Hashcat.

Type your comment> @TazWake said:

@DaShan3 said:

So going through a file I found two password hashes. With the type of hashing used, it’s going to take over a week to crack one using john. Is this a rabbit hole?

It depends. It shouldn’t take that long if you have the right file. The hashing mode (starts with a b) is quick to crack in Hashcat.

Thank you! Forgot about Hashcat.

rooted. another box where i learned a good amount of new things, and reminder to not forget what you’ve already learned!

Rooted. a fun box, needs a good dict-file.