Skip to content

Hack the box – Popcorn writeup without Metasploit

Hack the box Popcorn is a Linux medium level box. I’m a bit tired so gonna make the whole thing a bit short. First nmap

Port 22 and 80 are the only open ports. Time to enumerate

Ran gobuster and found few ones like /test and /torrent.

Tried login using basic logins and passwords didn’t work. Tried to sign up and it worked. First thing I saw was upload. Always good to mess about with uploads.

couldn’t bypass .torrent so uploaded a kali linux torrent.

uploaded it. went in to torrent and found out that we can upload screenshot. Let’s try to bypass that. Got a reverse shell. Renamed it as reverse.php.jpg. Now intercept using burpsuite and remove the jpg.

It worked

let’s check if we can access upload folder and also it seems like file is being renamed to 0ba something.

looks like there are few others doing the box. setup the Netcat listener and click on the reverse shell.

next spawn a shell using python -c 'import pty;pty.spawn("/bin/bash")'

Downloaded LinEnum.sh to the box.

That’s a false alarm. Couldn’t do it. The kernel was pretty old so went for the kernel exploit.

https://www.exploit-db.com/exploits/40839

After downloading the exploit follow the guide to exploit it.

For me su firefart didn’t work, Next was to ssh it. Let’t try that

seems like we got the root flag. https://twitter.com/far3y

Published inHackinghacktheboxOSCP

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *