Hack The Box Precious Machine Walkthrough
Introduction Welcome to my first Hack The Box machine walkthrough. This system is one that I had the privilege of doing live and am now going to post my process of popping root since the machine has since retired. Here is a quick overview of the machine as stated directly from HTB. Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which is vulnerable to CVE-2022-25765, leading to an initial shell on the target machine. After a pivot using plaintext credentials that are found in a Gem repository config file, the box concludes with an insecure deserialization attack on a custom, outdated, Ruby script. ...