Official Knife Discussion

?

Found a way to get the user flag, and find the way to get the root but since i cannot get a reverse shell i don’t think that the method will work

Got root !

Initial Foothold/User : very simple if you can find the exploit

Root : usual enumeration will tell you what to look for, after that read the documents you will find a way to execute your payload.

DM me for nudges !!! :slight_smile:

Got user trying to get root. Stuck at k***e command, don’t know what to do with it, any tips will be accepted.

FOOTHOLD and USER: Try to find version of something that is used a lot in webapps and google it.

Rooted :naughty:

Pretty easy one! Can’t even think of hints that do not disclose it completely!

Anyone that needs some help/guidance, pm me!

Just say upfront what you have and where you stuck!

@busshi can you tell me here please ? i cannot find a path for root, i access k…e menu and then… :-s

Rooted. This was a fun box.
User: Don’t rabbit hole… There is much information in the ways of recon
Root: You should find what you need almost immediately. Remember your Priv Esc enumeration and what your user can do… Then from there… look for how the tool can be leveraged…
SPECIAL HINT: A good rule of thumb (In general that MIGHT be applicable to this box) is to remember that there are other shells that have already been written… Sometimes generating your own isn’t necessary.

Rooted! Lots of good hints on this thread but I’ll leave my two cents.

Foothold: Something I always see but never have had to check until now.

Root: Maybe something in the help menu can help you?

DM me for a nudge :slight_smile:

Quite a fun box. Very recent exploits so it was impressive that HTB were able to build and deploy this so quickly.

Fun box, easy though, but fun! Thanks to the makers. DM me if you need help.

Rooted

Foothold was easy for me
Root wasn’t as straight forward as for you. I’ve been trying for an hour until I finally got it.
My tip is, read what the program can do. What you have to use is pretty straight forward. Just make sure you use the correct language!

rooted
PM for help

Done.

User: Versions versions versions

Some dudes are modifying code of other dudes and leave backdoor :joy:

Root:
Only 1 line and not more than 40 symbols (max) is needed for root :wink:

PM for hints

Not a hard one, but that can be long for a newbie… a few research, don’t look to far, the path is not so deep.

A fun one.

Quiet easy machine, actually for User is just following recent news (GOOGLE) and check everything the app tell you.

Root: just RTFM.

for some reason i’m not able to get a reverse shell. tried the oneliners and tried upload shell files in to the target machine the request doesn’t reach my python webserver. but still ping works… Any suggeestions?

@D3adsh0t said:

for some reason i’m not able to get a reverse shell. tried the oneliners and tried upload shell files in to the target machine the request doesn’t reach my python webserver. but still ping works… Any suggeestions?

It depends on how you are trying to exploit it. At a guess, I’d say check how the quotation is set. If you are trying to send a one-liner by the command line, there might be lots of quotes needed, check how they are nested.

Damn, this was a nice easy box. Got a lil bit confused at the foothold part but still it was interesting.

Any hints getting a full TTY shell? Tried everything I can find, not getting any hits.