And we pwned it …….

Quicker: Output shows that james is allowed to run knife as root. Knife tool provides an interface to manage Chef automation server nodes, cookbooks, recipes and etc. Knife usage can be read from 

Some examples shows that, it is possible to edit knife data bags using a text editor. We can try that.

sudo knife data bag create 1 2 -e vi

This opens up the vim editor. We type below in the editor to get a shell as root.





Topic Url
PHP 8.1.0-dev development version backdoor