HTB: Knife - OSCP Prep Write-up
Sometimes the vulnerability is not in your target’s code - it is in their supply chain. Knife is a good example of what happens when a poisoned release slips through. Machine info Name Knife Platform HackTheBox OS Linux Difficulty Easy TL;DR A web server running PHP 8.1.0-dev - a version that shipped with a backdoor - allows arbitrary command execution via a custom HTTP header Initial shell as james, sudo -l reveals the knife CLI can be run as root without a password sudo knife exec -E "exec('/bin/bash')" drops a root shell immediately Recon Nmap 1 nmap -sV -sC -Pn -A 10.129.34.68 ...