Official Precious Discussion

Pixart · March 14, 2023, 9:32pm

every url I provide leads to a blank pdf, is that normal ? even a simple directory hosted with python still gives me a blank pdf

GoodmanDev · March 15, 2023, 1:43am

No, you should be able to host a simple file yourself and have it converted to a pdf. All web URLs will fail since the box doesn’t have internet access, but I just hosted a directory with an index.html file in it gave the application http://10.10.14.123 and it worked.

kaiserxo · March 18, 2023, 4:49pm

best hint i could give for this challenge:
always check the indentation/formatting of every code you copy from the internet. depending of how bad it is formatted the compiler won’t execute it.

Pixart · March 19, 2023, 10:58am

SOLVED

Problem: I hosted a python -m http.server on my attacking machine and could not get something else than a blank pdf
Explanation: my openvpn instance was running on my host machine (outside my attacking vm) and my attacker machine was in NAT mode.
Solution: if you’re running a vm, make sure that your openvpn instance is running ON your vm (I assume that using the bridge mode on the attacker vm would also work…)

Linucifer · March 26, 2023, 3:11am

I has finished the box. But I just find only one way to get a reverse shell. Could you tell me your methods? THANK YOU!!!

quido18 · April 1, 2023, 8:01am

i have the same problem. did you solve it?

quido18 · April 1, 2023, 8:33am

solved: problem was: connecting with another ovpn profile

dogeggs · April 3, 2023, 8:01am

Rooted! Honestly think the user flag was harder than the root flag. Enumerate as much as possible

MapleLeaf1998 · April 4, 2023, 1:08am

OR You could open the pdf in a text editor and look at end of the file…use exploit for that generator

TheValley · April 13, 2023, 8:11pm

Hey there, can someone give me a hint?
Where is creds for

henry ?

vanilla · April 13, 2023, 11:33pm

hi guyz

why does the enumeration part works only with p**** server and not with apache2?

astride · April 14, 2023, 12:35am

For anyone getting Cannot load remote URL! this might help, worked for me:
stop your listener, then:
sudo /sbin/iptables -P INPUT ACCEPT
sudo /sbin/iptables -F INPUT
restart your listener and try the POST request again.

d0z0 · April 14, 2023, 12:24pm

Finally rooted

Thanks to your hints and google

vanilla · April 15, 2023, 11:12pm

got the user some days ago, trying to escalate privileges…

The box disconnects all the time. Why? Why is it so difficult to connect?
Why only p___n server works and not apache for the reverse shell?

HowToGOAT · April 30, 2023, 3:27pm

Maybe try with a fastest scan, skip ping test with -Pn, skip DNS test with -n, use a high min rate and you can even use a -T5, all of that can help

HowToGOAT · April 30, 2023, 3:29pm

Hey! if you found the username “henry” somewhere then you found it’s password, because the password is literally next to that user

pavka · May 1, 2023, 9:18am

Hi, I think I am at the final step to get root, I got the idea for privesc but I can’t edit up****_de**********.rb to locate it to my malicious payload.
Can sombody give me a hint pls

evrohachik · May 1, 2023, 10:19am

google for Yaml Deserialization

gutech · May 1, 2023, 8:35pm

Hey,

Just got the user flag, i just started learning so i was just poking around randomly to find the password. how would you go about finding it more efficiently? like is it just nice grep and find ? (dm me if needed)

carelesswhisper · May 18, 2023, 10:04pm

This was killing me too. Formatting of the whitespace in the file is apparently more important than I initially realized. Adjusting that let it run properly.