Hack The Box Popcorn

August 14, 2018

Hack The Box Popcorn

TESTING METHODOLOGIES

We can start the enumeration using nmap scan

nmap -sC -sV 10.10.10.6

The output shows that there are two ports open 22 (SSH) , 80 (HTTP)

By visiting HTTP we get a It works page

Seems like there is no interesting so we can do further enumeration by doing a directory brute force

So there is a directory called torrent , By visiting this we have page called torrent hoster

Now we can see that we have an upload page but we need an account by creating an account we can create a torrent

By uploading an torrent file there is an option to add an image as a thumbnail

We can upload a php shell by uploading a php shell with an image extension and intercepting the request on burpsuite and changing the extension to php

By changing the gif extension to php the file gets uploaded and we can access it in the /uploads directory

Privilege escalation

There are two privilege escalation methods in this box

First one is a kernel exploit

Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation

Second one is

Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation

Search This Blog

Rahul R

Hack The Box Popcorn

Comments

Post a comment

Popular posts

From Multiple IDORs leading to Code Execution on a different Host Container

COCON XII DOME CTF Walkthrough