Popcorn PrivEsc (spoilers)

asparagus6000 · March 30, 2018, 7:24am

Hi folks,
Has anyone popped popcorn recently? I started it yesterday and got as far as www-data shell easily enough. I see there’s an exploit for PAM MOTD which I tried but am asked for a password for www-data account which I don’t have. I also don’t have a password for george.

I figured that would be my next step but for some reason (it was late and I was feeling lazy…) I checked the write ups by ipp and arrexel and there’s no mention of needing a password when they run the same exploit.

There’s also no mention of using the file renamer PHP script at /index.php but maybe that’s just the way they did it.

I’m just wondering really, has this box been changed since release/write up or is just something slightly different that I’m doing?

In more general terms, do boxes ever get modified after release?

Cheers,

bobthebuilder · March 31, 2018, 11:49am

Try ippsec’s video on youtube.

asparagus6000 · March 31, 2018, 12:27pm

Thanks but I have l. As I said in my post, my experience is different from what is shown in ipp’s video and arrexel’s writeup and I’m wondering if it’s something I’m doing or if it’s possible the box has changed.

TedLogan89 · February 7, 2020, 11:12pm

Posting this here as well:
Another exploit that works is (SPOILER):

Got this from Exp1o1t9r’s Writeup: https://exp1o1t9r.com/2020/01/08/hackthebox-writeup-popcorn/

G0rmle55 · September 27, 2020, 11:07am

Hi, why can’t I ever successfully upload a torrent? Thanks.

Topic		Replies	Views
Monteverde Machines box	587	89041	June 12, 2020
Bashed Priv Esc Exploit Machines bashed , privilege-escaltion	9	1314	March 18, 2018
Official Moderators Discussion Machines	12	2470	October 17, 2022
Smasher Machines machines , brainfuck , smasher	1	1551	June 11, 2018
Blocky priv-esc Machines privledge-escelatio , blocky , shell , root	39	5900	January 16, 2018

Popcorn PrivEsc (spoilers)

Related topics