Official Precious Discussion

emdeh · December 5, 2022, 5:03am

@lorenm210 I don’t know if the path you’re on is a viable one, but the path that worked for me didn’t involve cracking any hashes

@MeerCT

“I keep getting “Cannot load remote URL” when trying to input any URL. I’m not looking for hints, but is this normal or an issue with the machine itself?”

I got that sometimes depending on the URL syntax…try giving it different types of URLs

@r00tKeep3r

“Hi, I’m stuck on getting user flag, I’m already got reverse shell, but cat command return permission denied. Could you please give a tip, thank you”

Try poking around - you might need to move laterally

pickle31 · December 5, 2022, 7:10pm

Issues with finding the web page. Not sure the issue. I can ping precious.htb and get a response, and ping 10.10.11.189 with a response, but I am never referred to precious.htb in the browser? I put 10.10.11.189 precious.htb in my /etc/hosts file. Anyone else having this issue?

Edit:
Not sure what the issue was. I flushed my DNS, restarted the box, and re downloaded the OpenVPN pack but nothing worked. I then did the tried and true turning my kali off and on again, and that seemed to fix the issue.

Eyezik · December 6, 2022, 10:24pm

someones DoS’ing it please fix mods

cmoon · December 6, 2022, 10:53pm

Fantastic easy box. Thanks to @Nauten! Feel free to reach out for help but let me know what you’ve already tried

Ven0m98 · December 7, 2022, 8:06pm

Hello guys I’m stuck with the « can’t load the remote URL » i tested in local but don’t works for me…

akin0 · December 8, 2022, 7:57pm

Guys I tried to set nano file but I didn’t. Can anyone help me this situation?

Gateberg · December 9, 2022, 6:44pm

Rooted, great box! I was a little confused how to get the root shell and honestly think I got lucky. If anyone understands it well and the overall concept please PM me…preferably on discord “fogel#9315”

JTZ · December 11, 2022, 9:11am

Hello, I try to write reverse SHELL in dependencies.yml Why can’t I receive the connection?

invalid2 · December 11, 2022, 1:56pm

I still cant access the web page even when I try to add ip addr and domain name to /etc/host. it just timeout if I do it.

nessacaleia · December 11, 2022, 6:40pm

Hi! The right file to add this is /etc/hosts, maybe you missed the “s” in the end!

MrZoom · December 11, 2022, 10:43pm

I’m up to the code execution on the convert to pdf portion… My webserver works fine, I go to run [Example Domain]curl xget and I get " can not load remote code " and stuck.
I decided to try and press through with the reverse shell
[Example Domain] & reverse shell bash script
and nothing comes up on the listener.

I wouldve preferred asking in private messages so I do have to obscure anything for challenge sake, but the two I messaged have not responded. I’d love some pointers.

dazistgut · December 12, 2022, 12:48am

@MrZoom - You have the right idea, so just spend some time tweaking your script and confirm port.

As a separate post… I have a feeling somebody has changed the user password from what it should be set to… can anybody confirm?

Gateberg · December 12, 2022, 1:28pm

The web app doesn’t connect to devices over the internet which may cause that error. Be sure you are hosting a local web server then try to connect

m0n51er · December 13, 2022, 1:29am

Thank you wery mach i have a reverse shell =)

armenianrage · December 14, 2022, 6:20am

PLEASE I have the pass and its not working.
I reset the box and I can confirm someone changed the password.

wannnnna · December 14, 2022, 6:33pm

Hello guys, I have a question after getting root. Why the website will only respond if I put a new line sign after the URL, I was very confused. Even after looking at the source code, I could not figure out why a new line sign will return a PDF. I hope this little question will not spoil anyone’s fun and I really appreciate any response to my question.

r3nt0n · December 15, 2022, 2:17pm

Just rooted, straightforward but interesting machine to get some knowledge about Ruby.

However, all the fun was over when I found /bin/bash with suid bit enabled, and a dependencies.yml in henry home dir… I was trying to figure out how to leverage the update_dependencies.rb when I get the both flags almost at the same time, suddenly realized it wasnt the intended path, but the spoiler was done anyway… honestly its annoying, they could just create a copy instead of doing the stuff directly to the bash binary, and use a directory like tmp to create the .yml… or at least remove the breadcrumbs after the sh*t is done… I manage to make the way back and understand why and how to do it myself, but all of you know its not the same feeling.

PD: If you need any hint, feel free to PM me.

WildMakaby · December 15, 2022, 7:11pm

I’m using pwnbox and doesn’t work… Is still working this machine?

Wizkalina · December 16, 2022, 10:52pm

Hi, I am having some troubles with inserting reverse shell, if someone could help I will be grateful.

M4rbles · December 17, 2022, 6:33pm

This is a great box for beginners. You should be able to get root with the basics of pen testing here. If you’re stuck on what I got stuck on, consider a forensic approach. lol