HackTheBox - Precious Writeup
Precious is an easy Hack The Box Linux machine focused on Ruby exploitation. It features a vulnerable Ruby web app using pdfkit (CVE-2022-25765) that enables RCE. Plaintext credentials in a Gem config file allow lateral movement. The final privilege escalation uses insecure Ruby deserialization for root access.
pdfkit pdfkit-v0.8.6 CVE-2022-25765 tcpdump ruby-yaml rce