Hack the box Popcorn is a Linux medium level box. I’m a bit tired so gonna make the whole thing a bit short. First nmap
Port 22 and 80 are the only open ports. Time to enumerate
Ran gobuster and found few ones like /test
and /torrent
.
Tried login using basic logins and passwords didn’t work. Tried to sign up and it worked. First thing I saw was upload. Always good to mess about with uploads.
couldn’t bypass .torrent so uploaded a kali linux torrent.
uploaded it. went in to torrent and found out that we can upload screenshot. Let’s try to bypass that. Got a reverse shell. Renamed it as reverse.php.jpg. Now intercept using burpsuite and remove the jpg.
It worked
let’s check if we can access upload folder and also it seems like file is being renamed to 0ba something.
looks like there are few others doing the box. setup the Netcat listener and click on the reverse shell.
next spawn a shell using python -c 'import pty;pty.spawn("/bin/bash")'
Downloaded LinEnum.sh to the box.
That’s a false alarm. Couldn’t do it. The kernel was pretty old so went for the kernel exploit.
https://www.exploit-db.com/exploits/40839
After downloading the exploit follow the guide to exploit it.
For me su firefart didn’t work, Next was to ssh it. Let’t try that
seems like we got the root flag. https://twitter.com/far3y
Be First to Comment