Official Jewel Discussion

Are user (b***) password crackable? I’m like 1h in rockyou and can’t can’t manage to crack it and I’m quite stuck on that
EDIT:
It is but right hash need to be bruteforced

Type your comment> @SovietBeast said:

Are user (b***) password crackable? I’m like 1h in rockyou and can’t can’t manage to crack it and I’m quite stuck on that
EDIT:
It is but right hash need to be bruteforced

are there any hints on the machine that clued you into any patterns for the mask? like b*** likes special characters, password length X, etc ?

Type your comment> @unkn0wnsyst3m said:

Type your comment> @SovietBeast said:

Are user (b***) password crackable? I’m like 1h in rockyou and can’t can’t manage to crack it and I’m quite stuck on that
EDIT:
It is but right hash need to be bruteforced

are there any hints on the machine that clued you into any patterns for the mask? like b*** likes special characters, password length X, etc ?

@unkn0wnsyst3m b*** is a user, I wasn’t sure if this was a spoiler or not so I mask it, but if you are struggling with cracking user password you are probably looking at wrong hash of this user. Right hash are cracked in seconds with john and rockyou. I missed it at first but then I ran linpeas and after that I was able to use right hash

Type your comment> @SovietBeast said:

Type your comment> @ghostng said:

(Quote)
@ghostng b*** is a user, I wasn’t sure if this was a spoiler or not so I mask it, but if you are struggling with cracking user password you are probably looking at wrong hash of this user. Right hash are cracked in seconds with john and rockyou. I missed it at first but then I ran linpeas and after that I was able to use right hash

Ok thanks for the feedback. I have 3 hashes and already found the one from linpeas, hmmm I’ll look at my John commands again.

got it, i must have overlooked it sigh…thanks!

Rooted, not a fan of the system used. Had some PTSD from a time when I had time sync issues.

rooted, foothold was annoying, root was really easy.

rooted! The foothold got me for a few days. Privesc wasn’t too bad.

Need nudges for foothold here!

@kurogai said:

Need nudges for foothold here!

There is a CVE you can use.

Type your comment> @TazWake said:

@kurogai said:

Need nudges for foothold here!

There is a CVE you can use.

I think i found it, can i pm you?

@kurogai said:

Type your comment> @TazWake said:

@kurogai said:

Need nudges for foothold here!

There is a CVE you can use.

I think i found it, can i pm you?

Yes

rooted finally. overlooked a few things as usual. i swear i gloss over obvious things and i’ll never learn… PM for hints if anyone is still trying this box.

any help with root pls?

@k01n said:

any help with root pls?

Look at what the account is allowed to do as a super user.

I think I found the exploit… I manage to make it work locally but when I do it on the real target it doesn’t work, any advice ?

@seniuus said:

I think I found the exploit… I manage to make it work locally but when I do it on the real target it doesn’t work, any advice ?

If you’re using the exploit properly it should work. If you think you’re doing everything right and it’s not working you can reset the box. If it still doesn’t work it’s probably not correct.

Loved this one. So rewarding. Learned a lot of things today.

Some nudges.

Foothold: some of dependencies used for building application are vulnerable. One of them is a critical vulnerability. It has a CVE assigned to it. CVE → Google exploit for it.
Root: Look around, look around a lot. All you need is on the box. No need to download and execute external scripts.

Huge thanks to @HcKy. A lot of help without revealing answers. Helped me to not waste too much time on rabbit holes. Love when people encourage you to continue trying.

# id
uid=0(root) gid=0(root) groups=0(root)
# hostname
jewel.htb

took me quite some time…
First time I had to use burp (didn’t feel like parsing html), debugging locally was a waste of time (CVE easily googled by app language + looking at source). Also john is much faster on my ■■■■-end laptop, wasted 3-4 hours messing with opencl on my fedora host only to get slower speeds than inside my VM…

Does somebody know why my john and my hashcat are not able to crack that ■■■■ hash?
apparently more people had that issue…? How did you solve it?

please PM me