Official Jewel Discussion

got it, i must have overlooked it sigh…thanks!

Rooted, not a fan of the system used. Had some PTSD from a time when I had time sync issues.

rooted, foothold was annoying, root was really easy.

rooted! The foothold got me for a few days. Privesc wasn’t too bad.

Need nudges for foothold here!

@kurogai said:

Need nudges for foothold here!

There is a CVE you can use.

Type your comment> @TazWake said:

@kurogai said:

Need nudges for foothold here!

There is a CVE you can use.

I think i found it, can i pm you?

@kurogai said:

Type your comment> @TazWake said:

@kurogai said:

Need nudges for foothold here!

There is a CVE you can use.

I think i found it, can i pm you?

Yes

rooted finally. overlooked a few things as usual. i swear i gloss over obvious things and i’ll never learn… PM for hints if anyone is still trying this box.

any help with root pls?

@k01n said:

any help with root pls?

Look at what the account is allowed to do as a super user.

I think I found the exploit… I manage to make it work locally but when I do it on the real target it doesn’t work, any advice ?

@seniuus said:

I think I found the exploit… I manage to make it work locally but when I do it on the real target it doesn’t work, any advice ?

If you’re using the exploit properly it should work. If you think you’re doing everything right and it’s not working you can reset the box. If it still doesn’t work it’s probably not correct.

Loved this one. So rewarding. Learned a lot of things today.

Some nudges.

Foothold: some of dependencies used for building application are vulnerable. One of them is a critical vulnerability. It has a CVE assigned to it. CVE → Google exploit for it.
Root: Look around, look around a lot. All you need is on the box. No need to download and execute external scripts.

Huge thanks to @HcKy. A lot of help without revealing answers. Helped me to not waste too much time on rabbit holes. Love when people encourage you to continue trying.

# id
uid=0(root) gid=0(root) groups=0(root)
# hostname
jewel.htb

took me quite some time…
First time I had to use burp (didn’t feel like parsing html), debugging locally was a waste of time (CVE easily googled by app language + looking at source). Also john is much faster on my ■■■■-end laptop, wasted 3-4 hours messing with opencl on my fedora host only to get slower speeds than inside my VM…

Does somebody know why my john and my hashcat are not able to crack that ■■■■ hash?
apparently more people had that issue…? How did you solve it?

please PM me

based on hints above ive been trying on the wrong vuln all this time hahaha, situation in that cve look sooo this box i thought it’s about customize toward the dir structure in the repo and some guess work

I synced my time and timezone with the machine’s time and timezone but i still get Error “Operation not permitted” while writing config. Can anyone help me?

for someone who already got user, on the way of rooting, box got reset so have to do user again, keep getting “The change you wanted was rejected. Maybe you tried to change something you didn’t have access to.” :

recall that you’ve done something with time, not necessarily in a clean way, depend on your time zone, your gnome version and the way your browser decide what time you’re in e.g. ip, time zone reading, clock reading etc, now your browser could have a “just got a session cookie that had been expired for x hours yikes not gonna save it not to mention send it in the future” altitude, while the htb server being “no session cookie? no session access”

rooted
(I tried with the mobile app and it worked like a charm right away)