This is a walkthrough of the Hack The Box machine called “Knife”. It features the exploitation of PHP 8.1 using Wappalyzer and a python script RCE to get a shell, getting a better shell using busybox, and privesc by exploiting a binary due to dangerous sudo “no password” misconfiguration. I learned a lot tackling this one. ***SPOILERS*** I show you how to pwn the box, so if you don’t want help with it do not watch this video. Hope this helps someone and I hope you enjoy.
Hack the Box Walkthrough – Knife
