Hack the Box — Knife Write up |scriptkiddie.gq
Hey Hackers !!
In this blog , I will cover the knife HTB CTF challenge that is an easy linux based machine. It is similar to Capture the flag types of CTF challenges. You will get to know a lot of learning in this CTF challenge. Below are the Concepts you’ll learn through this box.
Concepts Learnt :
- Enumeration
2. PHP Vulnerability
3. Ruby (Knife)
So Let’s first add this one to our local DNS….
Now lets run nmap scan and see what ports and services are running in the machine
Command:
nmap -sV -sS -A -p- -Pn -T5 10.10.10.242
We see that there are 2 ports open :
22/tcp- SSH port
80/tcp- HTTP port
In this machine initial recon was kind of waste of time cause the useful information can be seen through tool named whatweb( a tool which helps you to get you familiarize with the tech used in system) in Linux.
As you’ve notice its not much tech used here lets see do we have any exploits available for tech used lets try PHP first.
We found a remote code execution exploit in Exploit-DB.
Lets git clone it and try the exploit.
As you can see I was successfully able to get a reverse shell, its time to grab user.txt. You can find it on /home/james/user.txt
Now let’s escalate privilege's, previously I tried transferring a Linpeas into victims machine using nc but found that james (user I own) doesn’t has any privilege to write files too.
So with some recon, I tried below command on victims machine:
sudo knife exec — exec “exec ‘/bin/sh -i’ ”
Boom Bam !! i got root privileges now you know where to direct your terminal to get root.txt .
Hope you liked it. Keep Coming for more.
Here’s the video demonstration for Knife.
Happy Hacking!!!