Hack The Box: Knife Overview

Sep 7, 2024

Hack The Box Series: Knife

Overview

  • Box Name: Knife
  • Status: Recently retired
  • Type: Linux box
  • Difficulty: Fairly simple; no CTF-like exploitation challenges.
  • Focus: Enumeration and exploitation.

Nmap Results

  • Service Ports:
    • SSH: Port 22 (OpenSSH 8.2p1, Ubuntu)
    • Web Server: Port 80 (Apache HTTP 2.4.41)
  • Web Application Title: Emergent Medical Idea
  • No known vulnerabilities found in OpenSSH or Apache versions.

Web Server Analysis

  • Web Page Structure: Simple HTML template.
  • Robots.txt: No information.
  • Source Code: Contains internal CSS styling and JavaScript (terminal effect).

Enumeration Steps

  1. Technologies Used:
    • Linux (Ubuntu), Apache, PHP (8.1.0 dev)
  2. Tools for Enumeration:
    • WhatWeb: To identify technologies running on the server.
    • Nikto: Confirmed PHP version.

Vulnerability Discovery

  • PHP Version: 8.1.0 dev, which had a backdoor.
  • Exploit: Found GitHub repository for remote code execution exploit for PHP 8.1.0 dev.
  • Exploit Execution Steps:
    1. Use a reverse shell script provided in the repository.
    2. Set up a netcat listener.
    3. Execute the exploit to obtain a reverse shell as user "james."

Initial Access

  • User Flag: Obtained from /home/james/user.txt
  • System Info: Ubuntu 20.04.2 LTS, Kernel 5.4.0.
  • Useful Files: No bash history saved (cleared).
  • Users on System: Check /etc/passwd for users including "james" and root.

Privilege Escalation

  1. Enumeration Tools:
    • LinPEAS, Linux Exploit Suggester, LinEnum.
  2. LinEnum Findings:
    • User james can run commands with sudo without a password.
  3. Command to Elevate Privileges:
    • Use sudo knife exec -e 'exec /bin/bash' to gain root access.
    • Confirm by running id to verify root access.

Resource Recommendations

  • GTFO Bins: List of binaries that can help bypass local restrictions.
    • Useful for gaining elevated privileges in misconfigured systems.
  • Knife Binary: A command-line tool for managing Chef infrastructure that can spawn a shell.

Conclusion

  • Key Takeaway: Enumeration is crucial to identify potential vulnerabilities and exploit them effectively.
  • Community Engagement: Encouraged to join discussions on Discord for additional support and information sharing.
  • Patreon Acknowledgments: Thanks to supporters for enabling the creation of further content.