Hello Guys, In this blog I am posting the walkthrough of a HACKTHEBOX retired machine POPCORN.
Popcorn is a Linux based machine.
The IP of the machine is 10.10.10.6
I start with the Nmap.
After scanning I found two ports are open
1. 22 (SSH is running)
2. 80 (HTTP is running)
On port 80 I found nothing
Then I use DIRBUSTER to scanning the web pages
I found a webpage with the help of Dirbuster named torrent.
I open it on the browser and found a login and register option there.
I register on the web page and there is an upload option there. I try to upload a reverse shell file
But there is a filter so I upload a torrent file and file successfully uploaded.
Then I open the file and there is an option of Edit this torrent.
So I click on this and there is an option of upload a file and I upload a PHP reverse file and get the reverse shell of machine
I start the server on my Kali Linux machine to transfer a file in Popcorn machine.
LimEnum.sh you can read about this file from here.
After executing this file I found the Linux version of the machine which is Linux Version 2.6.31.
Before exploiting the machine I bypass the limited shell from this command
I found the exploit of that Linux version and I transfer the exploit file in the Popcorn machine and execute that Exploit. You can download that exploit from here.
With this exploit, I am able to create a new user, After creating the new user. I try to login to ssh from that username and password.
And I get the root.txt
This walkthrough is written by Amit. Amit is a Penetration testing student at Azure Skynet. You can contact him from here.