Writeup for Hackthebox: Popcorn
Popcorn is a box that mimics a real world scenario. Attackers will establish the initial foothold by exploiting a vulnerability in a web app.
nmap scan shows ports 80 and 22 are open
Popcorn is a box that mimics a real world scenario. Attackers will establish the initial foothold by exploiting a vulnerability in a web app.
nmap scan shows ports 80 and 22 are open
October is a slightly difficult box. An attacker needs to apply some advanced techniques to gain root access. The complexity sits in identifying a buffer overflow and exploiting it with the tools available on a Linux system.
Perform a nmap scan of the system
Initial foothold is established through a very common developer mistake: code repository contains a set of credentials inadvertently included in one of the commits.
Perform a port scan using nmap:
For box Postman, the initial foothold is established by exploiting a security misconfiguration in REDIS. Through this vector an attacker can establish a SSH connection as an unprivileged user.
Enumerate using nmap and notice REDIS port is open
# cat postmap-nmap2.txt |grep "Discovered open port"
Discovered open port 22/tcp on 10.10.10.160
Discovered open port 80/tcp on 10.10.10.160
Discovered open port 6379/tcp on 10.10.10.160
Discovered open port 10000/tcp on 10.10.10.160
follow tutorial on
Nmap detects three open ports, ssh, http and elasticsearch
root@kali:~/projects# nmap 10.10.10.115
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-13 01:49 EDT
Nmap scan report for 10.10.10.115
Host is up (0.021s latency).Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
9200/tcp open wap-wsp
Nmap done: 1 IP address (1 host up) scanned in 6.64 seconds
A browser connection to the host reveals a page with the image of a needle