Skip to main content

Hack The Box Popcorn


TESTING METHODOLOGIES

We can start the enumeration using nmap scan

nmap -sC -sV 10.10.10.6


The output shows that there are two ports open 22 (SSH) , 80 (HTTP)

 By visiting HTTP we get a It works page



Seems like there is no interesting so we can do further enumeration by doing a directory brute force


So there is a directory called torrent , By visiting this we have page called torrent hoster 



Now we can see that we have an upload page but we need an account by creating an account we can create a torrent 



By uploading an torrent file there is an option to add an image as a thumbnail


We can upload a php shell by uploading a php shell with an image extension and intercepting the request on burpsuite and changing the extension to php


By changing the gif extension to php the file gets uploaded and we can access it in the /uploads directory


Privilege escalation

There are two privilege escalation methods in this box 

  • First one is a kernel exploit 
Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Local Privilege Escalation 

  • Second one is   
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation





Comments