all InfoSec news
HackTheBox Writeup: Precious
June 23, 2023, 3:54 p.m. | Lena
System Weakness - Medium systemweakness.com
This blog post contains my writeup for HackTheBox’s Precious. This box was about Ruby, PDFKit, and YAML. This was an active box at the time of Pwning.
Table of Contents
- Reconnaissance
- HTTP
- PDFKit Command Injection Vulnerability
- Exploiting the PDFKit Command Injection Vulnerability
- SSH
- Privilege Escalation
- Exploiting YAML Deserialization
Reconnaissance
I started by checking the connection to the box using,
$ ping 10.10.11.189
I was connected to 10.10.11.189, so I went on with a Nmap scan using
$ nmap -sC …
More from systemweakness.com / System Weakness - Medium
Clocky | TryHackMe Write-up
1 day, 11 hours ago |
systemweakness.com
Tuesday Morning Threat Report: Apr 30, 2024
1 day, 11 hours ago |
systemweakness.com
Safeguarding the Virtual Frontier
1 day, 11 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Information Security Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Principal Security Researcher (Advanced Threat Prevention)
@ Palo Alto Networks | Santa Clara, CA, United States
EWT Infosec | IAM Technical Security Consultant - Manager
@ KPMG India | Bengaluru, Karnataka, India
Security Engineering Operations Manager
@ Gusto | San Francisco, CA; Denver, CO; Remote
Network Threat Detection Engineer
@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC