Official Precious Discussion

elf1337 · January 26, 2023, 3:41am

Some unsafe characters will break the payload. Try with the browser, or encode it with proper

warlord · January 28, 2023, 11:18am

I tried via the precious.htb page (skipped burp) and I tried encoding it but nothing… It’s kind of annoying

Paradise_R · February 1, 2023, 11:12am

Just completed my second machine, this one was much easier because I already knew the first steps, and the script I made for Photobomb helped me a lot to enumerate everything in the beggining

I forgot to say in the other post, but I didn’t use Burp, in neither one of the machines

If anyone is desiring to have some help, you surely can send me a message, R is always here

dobrocat · February 4, 2023, 10:58pm

Root is killin’ me.

/usr/lib/ruby/2.7.0/psych.rb:456:in `parse’: (): mapping values are not allowed in this context at line 3 column 7 (Psych::SyntaxError)

AngryBurrito · February 6, 2023, 7:54pm

Owned today. I am new to pentesting… but this seems a lot harder than the “Easy” rating. I cant imagine what Medium or Hard will be like.

AndreiPintea · February 9, 2023, 7:47am

Rooted!
Interesting machine but not as easy if you lack the enumeration patience. Also overcomplicating things does not work.
DM for nudges!

Haz · February 9, 2023, 8:35am

thank you for that hint got the creds

sakelover · February 9, 2023, 12:02pm

Rooted! Nice easy machine!

Haz · February 9, 2023, 1:04pm

rooted
thanks to @devi4nt for user and @Paradise_R for the articles provided

R10T · February 10, 2023, 2:37pm

Rooted User flag I think was harder then root flag. I just got stucked cause of repetitive resets

Jutin · February 11, 2023, 3:42pm

clean up after yourselves, ya nasties. it takes two seconds to undo what you did to get root…

ChampagnePete · February 12, 2023, 5:38am

Hey guys,

I got user flag and I’m trying to escalate privileges. I’m pretty sure I know how to do it but when I try running a ruby script I created as sudo I get message “Sorry, user ***** is not allowed to execute /usr/bin/ruby as root on precious.” When I check sudo -l it says I can run ruby as sudo.

Any idea why that might be? Thanks

Paradise_R · February 12, 2023, 6:51am

Hello

It is because you can, but only the file that is specified in the path, you need to find an exploit based on this, if you need help with it, you can surely call me

ChampagnePete · February 12, 2023, 7:11am

Ahh that makes sense now. I’m going to investigate that and let you know if I need more help.

Thank you!! (:

badxcode · February 16, 2023, 9:00am

Thanks everyone for not throwing in big hints or something. It was quite fun, I didn’t quite understand how to get to root but I knew it’s all about that ruby. Good luck future adventurers !

Haz · February 16, 2023, 4:51pm

Try something more like you’re searching for files in LFI u know how to get back two dir …/…/etc/passwd
with this knowledge try using the *.js to your advantage

Fish · February 21, 2023, 11:30am

Need explanation on the steps for this box. Much appreciated. Spoilers alert.

Q1) Why do i fail to download a pdf file when i type in an URL, whereas i manage to get a website for the download using a web server (python3 -m http.server)

Q2) I tried using netcat as a listener “-nc lnvp 5555” but it does not work. Doesnt netcat set itself as a listener or server?

ming019 · February 21, 2023, 2:31pm

Q1: You will need to tell which port you are running, or the server runs at port 8000.
If you want use default http port, you need to tell the python.
That is, “python3 -m http.server 80”

Q2. Netcat is a listener. I think you’ll need"nc -lnvp 5555"

suti · February 26, 2023, 5:01pm

Hi folks, I have both flags but when I submit any of them in HTB it says “Incorrect flag” - Machine has been reset and I’ve obtained flags again but they don’t work. Any idea of what’s going on?

bobalus · March 11, 2023, 12:34pm

obtained first pdf by putting really long url like

http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.xz