Official Knife Discussion

@kshitizkr6003 said:

Message me on instagram ( ) i will provide a link to a writeup

Writeups on active machines are prohibited by HTB rules.

The easiest machine I have ever done. Loved it.

Type your comment> @TazWake said:

@kshitizkr6003 said:

Message me on instagram ( ) i will provide a link to a writeup

Writeups on active machines are prohibited by HTB rules.
Ooo…

Rooted the machine
User: version
Root: impersonate them

PM if you need help

3/10 machine

Foothold - Check web services and google the exploit for it.
Root - ■■■■ this is easy, you would just need to read a little documentation.

Hey everybody,

Stuck with foothold.
I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

Am I in a rabbit hole? any hint?

@Tw1st3dxF4t3 said:

Hey everybody,

Stuck with foothold.
I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

Am I in a rabbit hole? any hint?

Possibly, you don’t need any python scripts here.

Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

Type your comment> @TazWake said:

@Tw1st3dxF4t3 said:

Hey everybody,

Stuck with foothold.
I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

Am I in a rabbit hole? any hint?

Possibly, you don’t need any python scripts here.

Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

Sorry sir, but here’s a python RCE Script of the version of that service. He might be using different thing. I’ve pwned this box from that script. Have a nice day. :smiley:

@realhawwk said:

Type your comment> @TazWake said:

@Tw1st3dxF4t3 said:

Hey everybody,

Stuck with foothold.
I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

Am I in a rabbit hole? any hint?

Possibly, you don’t need any python scripts here.

Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

Sorry sir, but here’s a python RCE Script of the version of that service.

Totally - you can create python scripts to automate anything. You clearly don’t need one though as it’s just a modification of one line.

He might be using different thing. I’ve pwned this box from that script. Have a nice day. :smiley:

I suppose it hinges on did you use a python script from the repo the OP describes?

Here are my two cents:

For the Initial foothold I got stuck for too many hours, just because I was always thinking that something more complicated needed to be checked on the box. It ended to be not that hard, but I needed to review the forum to have an idea about it.

From there, user and root were simple, and now I got the rating of the box. If you are stuck and need some hints let me know.

Pepe

User: A good enumeration is the key of the user - google research
Root: Remember the name of machine and good basic Priv Esca enumeration - enumeration

recommended tools Nikto, masscan, netcat, ruby, curl

Type your comment> @TazWake said:

@Tw1st3dxF4t3 said:

Hey everybody,

Stuck with foothold.
I have been spending way too much time Googling around, and the only thing I found which could lead to RCE is a CVE applicable to one of the services running on the machine and with a nice GitHub repository provided by some Chinese with a py code ready to run.

However, I tried to run that code, and it simply does nothing. I tried to change a bit the code or the input parameters with no results.

Am I in a rabbit hole? any hint?

Possibly, you don’t need any python scripts here.

Visit the server, look closely at what it tells you, google the information. The biggest clue is that it a thing that was in the tech news quite a bit from about the end of March.

Thanks. Apparently, there are two vulnerabilities with exploits written from Chinese guys that you can find when googling what you enumerated in this machine. But yeah, I was using the wrong one.

Hint for who is stuck on my same wrong python script: if it’s not recent (2021) it’s the wrong one.

Root is pretty straightforward.

Rooted !!

User: Just first two lines of nikto are sufficient for gaining initial foothold.
Root: See what things you can do!! ( just with a simple command). Enumerate more about what the binary is doing.

DM Me For hints

■■■ guys finally after 4 hrs … got root … feeling happy.

Type your comment> @divyansc said:

Rooted !!

User: Just first two lines of nikto are sufficient for gaining initial foothold.
Root: See what things you can do!! ( just with a simple command). Enumerate more about what the binary is doing.

DM Me For hints

Would love to know what you did with nikto.

Stuck on root and could use some help. I know it’s e*** but I cannot get this syntax right for the life of me, any tips would be appreciated

@DemiScuzz said:

Would love to know what you did with nikto.

I cant speak for @divyansc but I ran Nikto, read the output and then found the attack path.

Rooted.
Thanks’ for @TazWake, @Lnevx

Rooted!!! My second active box ever. This thread helped, thank you guys!! User is pretty trivial and an easy google…the resulting shell I got was pretty strange. No way to update it in a usual way. Maybe someone got any info on that part? Was there a way to get a decent shell before escalating? And why it was like that? I got a feeling, that it does not show st err? Am I right? Can anyone please elaborate on this part a little bit?

I was able to get a foothold pretty quick, just spent a long time running in circles trying to get root. I finally got it with some help from @Z3R013 .