Official Knife Discussion

Got user trying to get root. Stuck at k***e command, don’t know what to do with it, any tips will be accepted.

FOOTHOLD and USER: Try to find version of something that is used a lot in webapps and google it.

Rooted :naughty:

Pretty easy one! Can’t even think of hints that do not disclose it completely!

Anyone that needs some help/guidance, pm me!

Just say upfront what you have and where you stuck!

@busshi can you tell me here please ? i cannot find a path for root, i access k…e menu and then… :-s

Rooted. This was a fun box.
User: Don’t rabbit hole… There is much information in the ways of recon
Root: You should find what you need almost immediately. Remember your Priv Esc enumeration and what your user can do… Then from there… look for how the tool can be leveraged…
SPECIAL HINT: A good rule of thumb (In general that MIGHT be applicable to this box) is to remember that there are other shells that have already been written… Sometimes generating your own isn’t necessary.

Rooted! Lots of good hints on this thread but I’ll leave my two cents.

Foothold: Something I always see but never have had to check until now.

Root: Maybe something in the help menu can help you?

DM me for a nudge :slight_smile:

Quite a fun box. Very recent exploits so it was impressive that HTB were able to build and deploy this so quickly.

Fun box, easy though, but fun! Thanks to the makers. DM me if you need help.

Rooted

Foothold was easy for me
Root wasn’t as straight forward as for you. I’ve been trying for an hour until I finally got it.
My tip is, read what the program can do. What you have to use is pretty straight forward. Just make sure you use the correct language!

rooted
PM for help

Done.

User: Versions versions versions

Some dudes are modifying code of other dudes and leave backdoor :joy:

Root:
Only 1 line and not more than 40 symbols (max) is needed for root :wink:

PM for hints

Not a hard one, but that can be long for a newbie… a few research, don’t look to far, the path is not so deep.

A fun one.

Quiet easy machine, actually for User is just following recent news (GOOGLE) and check everything the app tell you.

Root: just RTFM.

for some reason i’m not able to get a reverse shell. tried the oneliners and tried upload shell files in to the target machine the request doesn’t reach my python webserver. but still ping works… Any suggeestions?

@D3adsh0t said:

for some reason i’m not able to get a reverse shell. tried the oneliners and tried upload shell files in to the target machine the request doesn’t reach my python webserver. but still ping works… Any suggeestions?

It depends on how you are trying to exploit it. At a guess, I’d say check how the quotation is set. If you are trying to send a one-liner by the command line, there might be lots of quotes needed, check how they are nested.

■■■■, this was a nice easy box. Got a lil bit confused at the foothold part but still it was interesting.

Any hints getting a full TTY shell? Tried everything I can find, not getting any hits.

Rooted, DM if u need help

Hi. I got remote command injection with the exploit . Trying to get full tty shell with it. Having issues with netcat arguments. Can’t get the rest of the argument to work “-e /bin/bash” even with . netcat command works fine without out it but know bash shell.

I have been able to get a user flag but i am struggling with root flag… i have been able to find the ///***fe which can be exploited for privesc but i don’t know how to use if

Someone should please give me a nudge to the right direction