Hack the Box — Knife Write up |scriptkiddie.gq

Hey Hackers !!

In this blog , I will cover the knife HTB CTF challenge that is an easy linux based machine. It is similar to Capture the flag types of CTF challenges. You will get to know a lot of learning in this CTF challenge. Below are the Concepts you’ll learn through this box.

Concepts Learnt :

  1. Enumeration

2. PHP Vulnerability

3. Ruby (Knife)

So Let’s first add this one to our local DNS….

Now lets run nmap scan and see what ports and services are running in the machine

Command:

nmap -sV -sS -A -p- -Pn -T5 10.10.10.242

We see that there are 2 ports open :

22/tcp- SSH port

80/tcp- HTTP port

In this machine initial recon was kind of waste of time cause the useful information can be seen through tool named whatweb( a tool which helps you to get you familiarize with the tech used in system) in Linux.

As you’ve notice its not much tech used here lets see do we have any exploits available for tech used lets try PHP first.

We found a remote code execution exploit in Exploit-DB.

Lets git clone it and try the exploit.

As you can see I was successfully able to get a reverse shell, its time to grab user.txt. You can find it on /home/james/user.txt

Now let’s escalate privilege's, previously I tried transferring a Linpeas into victims machine using nc but found that james (user I own) doesn’t has any privilege to write files too.

So with some recon, I tried below command on victims machine:

sudo knife exec — exec “exec ‘/bin/sh -i’ ”

Boom Bam !! i got root privileges now you know where to direct your terminal to get root.txt .

Hope you liked it. Keep Coming for more.

Here’s the video demonstration for Knife.

Happy Hacking!!!

--

--

--

Hey Hackers !! I am Harshit Dodia aka Freaky Dodo , I am a student of Information Technology and Ethical hacking.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Introducing Experimental Galactic Punk Analytics

CS373 Spring 2020: Brian LeQuang — #12

Terminator: Death to the (State) Machines II —Salvation

Flutter web hosting using Firebase and Netlify

basic looking from flutter web creation

Custom Object in UserDefaults : Swift

UNITY3D DEVS — SETTING UP YOUR MAC FOR ANDROID BUILDS

How I Use Obsidian As A Creative — Part 3

Trying a New Platform

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
FreakyDodo

FreakyDodo

Hey Hackers !! I am Harshit Dodia aka Freaky Dodo , I am a student of Information Technology and Ethical hacking.

More from Medium

TryHackme: Overpass by NinjaJc01

picoCTF 2022: Cryptography writeups

DHCP Writeup | TRYHACKME

HTB: Valentine (Linux) Write-up Exploiting heartbleed/finding juicy bash hisotory & dirtycow for PE