Skip to content

Quick Overview: Knife HTB Challenge Writeup

Original Post: Knife HTB Writeup — In Short. image from hack the box | by Dheeraj Deshmukh | Aug, 2024

The content provided describes a step-by-step guide on exploiting a target system using various tools and commands, likely for penetration testing purposes. Here’s a summary:

  1. Nmap Port Scan: Initial port scanning using Nmap to discover open ports and services running on the target.
  2. Version Detection: Identifying versions of the services using Nmap, which appeared not to be vulnerable.
  3. Source Code Analysis: Reviewing the source code but finding nothing special.
  4. Dirsearch and Gobuster: Using directory search tools but not finding useful directories or files.
  5. Whatweb: Identifying versions of Apache and PHP, noting that Apache isn’t vulnerable but finding an exploit for PHP 8.1.0-dev.
  6. Exploitation: Running a Python script based on the PHP exploit to gain a reverse shell using netcat.
  7. Privilege Escalation:
    • Obtaining a reverse shell as a user ("james").
    • Running various commands and checking sudo permissions to find potential root access points.
    • Utilizing a Ruby script to gain elevated privileges.
    • Adjusting the Ruby script for the local host and port, uploading, and executing it on the target to gain a root shell.

Final success in getting root access on the target machine is documented.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version