Official Precious Discussion

Great box.

Small hints (remove if too much)

• Foothold: pdf metadata
• User: creds are somewhere on the system
• Root: sudo+ruby+bash, trio fantastico

/dev/shm is a good place to set up shop in a hidden directory that isn’t persistent as well. Not sure why they went as far as modifying bash though, that’s just a messy and unnecessary extra step.

Hello all. I need help getting a foothold on this box. I tried many different things but I’m stuck now.

Rooted! DM me on discord (n3hal#1527) if anyone need a nudge.

hi tnx its actually working now.

Hey, im currently getting error when forming a rev shell, “cannot execute binary file” and rev shell ends. anyone know a fix for this? i tried using zsh and bash shells nothing changed. Thanks!

Hey folks, I haven’t rooted the box yet, but I think that I can save people some headaches on the “Cannot resolve remote URL!” error.

I’m not sure if anybody said this yet, but try adding a space after the URL.

“http://google.com” fails to resolve. "http://google.com " does. I thought that the box was broken.

Pretty simple box! Can’t say much on here that hasn’t already been said.

Initial access: There’s software running that performs the only function the website is built for. Figure out what it is and how to use it to your advantage. Sometimes you have to go beyond traditional website enumeration.
User: Do some manual searching around the box. Probably won’t need to travel too far from home.
Root: It was super easy finding the privesc method, took a little Googling to figure out what to do with it. Found it by running one of like 3 commands I always run when getting a new shell.

P.S. I don’t get on the forums very often. I probably should be the last person to message for hints.

nice box, rooted if you need help send DM for help

Dude thanks. This hint cracked the user for me. In plain sight

Rooted a few days ago. Old machine but if anyone needs help chuck a forum message.

Is there something wrong with this box? FYI I’m a paid user and this is the experience im getting

1. on my kali machine, unable to connect to my python3 -m http.server 8080 error message “Cannot load URL”. But when i do the exact same thing on pwnbox it works. This is super frustrating because I wasted so much time wondering why it would not connect

2. On Pwnbox precious website keeps crashing (And i’m a paid used so there is only 2 users)

Fun box! The foothold was interesting.

All the hints you need are in the thread but the something that tripped me up : single quotes aren’t the same as backticks…

Agree with @paddanada … this is also easier if/when you know what to Google; copy and paste was my friend.

Made an account just to thank you for this.

This was my first machine i’ve ever played on, and this hint helped me find user.

(spent like 8 hrs tryna figure out why the webpage wasn’t working)

However, I didn’t get to find root and probably will leave this machine for another time.

Thank you @Thy_GoD , I appreciate that.

I am also glad to see that I am not the only one that struggles with some tricky things on these boxes. I get discouraged when 20 posts say, “EASY BOX! SUPER EASY!” (which isn’t useful) and I am still wondering why my approach doesn’t work. I’m glad to know that it’s not just me.

Yeah after failing to find root, I searched up youtube walkthroughs of people doing other retired machines.

Safe to say it’s “Easy” in more experienced people’s terms, but in our world it’s much more confusing.

I’ll probs stick w academy first before trying root (or wait until a walkthrough appears).

how are you guys getting pdfs… I tried both local and remote urls but it still gives me the same output
Cannot load remote URL!
a small hint will be appreciated.

edit: never mind it was a problem with the browser, works in burp

you had to put a spacing after the url you submitted.

Dunno what kind of ■■■■ bug it was.

Why is the foothold so annoying. Found the lib that converts it to pdf and it’s version. Still not working as expected LOL