Official Precious Discussion

Someone could get a shell as root? I just got the root flag. Thanks

Any tips on submitting a URL to convert? I nothing returns but ā€œCannot load remote URL!ā€. Iā€™m not sure how to progress.

Thereā€™s probably more than one way but the way I did it involved changing permissions of one specific file in clever way not so often seen in normal system administration.

You could probably also just modify the exploit you already used to get flag and pop another reverse shell in another port

1 Like

The question isnā€™t how but what. To get the foothold you need to understand why the form does what it does and then use a decently well-known exploit

It got a bit frustrating for me at times, but managed to get both flags. Interesting challenge! And definitely learned new things

anyone having the problem of firefox or burpsuite saying ā€˜unknown hostsā€™?

Hi, Iā€™m stuck on getting user flag, Iā€™m already got reverse shell, but cat command return permission denied. Could you please give a tip, thank you

Hi, Iā€™m stuck on getting user flag, Iā€™m already got reverse shell, but cat command return permission denied. Could you please give a tip, thank you

Tell me, please, does it work for everyone? It tells me that the ports are ignoring meā€¦ Maybe someone knows what to do about it?

Which user are you running with?

It works, is your VPN correctly running?

Iā€™m using pwnbox, it works correctly

Already rooted by myself), but thank you for reply

Hi, you should add this host:
$ sudo nano /etc/hosts
Than add ip which htb gives you when you started machine and domain like that for example:
10.10.11.186 precious.htb

1 Like

Still, even without the DNS entry in hosts it should work at least for the services that donā€™t redirect to an hostname.

anyone else have trouble popping the reverse shell? Iā€™m sure iā€™m on the right track, i just canā€™t get it to work. Probably some silly syntax mistake?

Edit: finally got it! now onto the root flag :slight_smile:

DM me if you get stuck and need a pointer

rooted after spying on some writeup.
stucked at foothold for a few hours.

Maybe the S**F of w*******pdf is a rabbit hole?

1 Like

Hi guys, can somebody help me? Iā€™m using ā€˜johnā€™ to crack hash, but output is: No password hashes loaded (see FAQ). I have wordlist and file with 2 hashes.

I think so tooā€¦ the other route was a quite a bit easier

I keep getting ā€œCannot load remote URLā€ when trying to input any URL. Iā€™m not looking for hints, but is this normal or an issue with the machine itself?