HomeBrewedHacker

Hack The Box Precious Machine Walkthrough

Tue, 20 Jun 2023 10:48:02 -0700

Introduction

Welcome to my first Hack The Box machine walkthrough. This system is one that I had the privilege of doing live and am now going to post my process of popping root since the machine has since retired. Here is a quick overview of the machine as stated directly from HTB.

Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which is vulnerable to CVE-2022-25765, leading to an initial shell on the target machine. After a pivot using plaintext credentials that are found in a Gem repository config file, the box concludes with an insecure deserialization attack on a custom, outdated, Ruby script.

About Me

Thu, 23 Feb 2023 00:00:00 +0000

I’m nobody, really. However, if I had to describe myself, you might call me a wannabe hacker, code cracker, slacker. Wastin time with all the chatroom yakkers.

Links

Thu, 23 Feb 2023 00:00:00 +0000

Here shall be links to my favorite sites!

Nmap Tutorial: The 80% Guide

Tue, 31 Jan 2023 21:54:23 -0800

Introduction

Since this will be my first ever post on this site, what better tool to cover than NMAP! Other than some basic Linux, this was the first tool that I learned on my quest to learn penetration testing. It will likely be the first tool that you start learning as well. I always enjoy starting up NMAP on a new box or challenge, and waiting to see what juicy tidbits it discovers. Am I going to have a lot of interesting open ports to explore (and maybe a lot of rabbit holes), or will I only have a couple of open ports which funnels my efforts towards these services? This tool is what starts unlocking the mystery of every box. I feel that this guide follows the 80/20 rule. I am probably only providing about 20% of NMAP’s capabilities, but this will likely be the techniques and commands you use 80% of the time. Let’s get started!