Blog
About
Tags
Deserilization
May 20, 23
Hack the Box - Precious
Precious is an Easy Difficulty Linux machine, that focuses on the Ruby language. It hosts a custom Ruby web application, using an outdated library, namely pdfkit, which is vulnerable to CVE-2022-25765, leading to an initial shell on the target machine. After a pivot using plaintext credentials that are found in a Gem repository config file, the box concludes with an insecure deserialization attack on a custom, outdated, Ruby script.
Follow me
I hack things and tweet about things...
Search
Results
No results found
Try adjusting your search query