Original Post: Knife HTB Writeup — In Short. image from hack the box | by Dheeraj Deshmukh | Aug, 2024
The content provided describes a step-by-step guide on exploiting a target system using various tools and commands, likely for penetration testing purposes. Here’s a summary:
- Nmap Port Scan: Initial port scanning using Nmap to discover open ports and services running on the target.
- Version Detection: Identifying versions of the services using Nmap, which appeared not to be vulnerable.
- Source Code Analysis: Reviewing the source code but finding nothing special.
- Dirsearch and Gobuster: Using directory search tools but not finding useful directories or files.
- Whatweb: Identifying versions of Apache and PHP, noting that Apache isn’t vulnerable but finding an exploit for PHP 8.1.0-dev.
- Exploitation: Running a Python script based on the PHP exploit to gain a reverse shell using netcat.
- Privilege Escalation:
- Obtaining a reverse shell as a user ("james").
- Running various commands and checking sudo permissions to find potential root access points.
- Utilizing a Ruby script to gain elevated privileges.
- Adjusting the Ruby script for the local host and port, uploading, and executing it on the target to gain a root shell.
Final success in getting root access on the target machine is documented.
Go here to read the Original Post