Home Brewed Hacker

Introduction Welcome to my first Hack The Box machine walkthrough. This system is one that I had the privilege of doing live and am now going to post my process of popping root since the machine has since retired. Here is a quick overview of the machine as stated directly from HTB. Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which is vulnerable to CVE-2022-25765, leading to an initial shell on the target machine. After a pivot using plaintext credentials that are found in a Gem repository config file, the box concludes with an insecure deserialization attack on a custom, outdated, Ruby script. ...

Introduction Since this will be my first ever post on this site, what better tool to cover than NMAP! Other than some basic Linux, this was the first tool that I learned on my quest to learn penetration testing. It will likely be the first tool that you start learning as well. I always enjoy starting up NMAP on a new box or challenge, and waiting to see what juicy tidbits it discovers. Am I going to have a lot of interesting open ports to explore (and maybe a lot of rabbit holes), or will I only have a couple of open ports which funnels my efforts towards these services? This tool is what starts unlocking the mystery of every box. I feel that this guide follows the 80/20 rule. I am probably only providing about 20% of NMAP’s capabilities, but this will likely be the techniques and commands you use 80% of the time. Let’s get started! ...