Hackthebox Walkthroughs: Popcorn

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp
 

Hello Guys, In this blog I am posting the walkthrough of a HACKTHEBOX retired machine POPCORN.  

Popcorn is a Linux based machine.

Let’s Start

The IP of the machine is 10.10.10.6

I start with the Nmap.

After scanning I found two ports are open

1.  22  (SSH is running)

2.  80  (HTTP is running)

 On port 80 I found nothing

Then I use DIRBUSTER to scanning the web pages

I found a webpage with the help of Dirbuster named torrent.

I open it on the browser and found a login and register option there.

I register on the web page and there is an upload option there. I try to upload a reverse shell file

But there is a filter so I upload a torrent file and file successfully uploaded.

Then I open the file and there is an option of Edit this torrent.

So I click on this and there is an option of upload a file and I upload a PHP reverse file and get the reverse shell of machine

I start the server on my Kali Linux machine to transfer a file in Popcorn machine.

LimEnum.sh you can read about this file from here.

After executing this file I found the Linux version of the machine which is Linux Version 2.6.31.

Before exploiting the machine I bypass the limited shell from this command

I found the exploit of that Linux version and I transfer the exploit file in the Popcorn machine and execute that Exploit. You can download that exploit from here.

With this exploit, I am able to create a new user, After creating the new user. I try to login to ssh from that username and password.

And I get the root.txt

Happy Hacking

This walkthrough is written by Amit. Amit is a Penetration testing student at Azure Skynet. You can contact him from here.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top