Post

HTB Linux Easy: Knife

Knife is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Knife

Nmap scan

Pasted image 20240715102620.png

Initial Foothold

Enumerate HTTP (Port 80)

Nothing interesting found while dirbusting, enumerating the page, etc. We do know that PHP is running on the server, we can determine the version using curl. Pasted image 20240715102616.png

Gain shell

Run the Python exploit (it will use the host User-Agent header to execute a reverse shell). Pasted image 20240715102611.png

Our nc listener will have turned into a shell. Pasted image 20240715102605.png

Priv Esc

Sudo -l reveals a program that we can execute as root. Pasted image 20240715102600.png

Following the command on GTFOBins results in a root shell. Pasted image 20240715102556.png

User.txt

Pasted image 20240715102550.png

Root.txt

Pasted image 20240715102545.png

You have PWNED

Pasted image 20240715102521.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.