The next endpoint in our HTB writeup series is Popcorn, a medium box that is retired but also very OSCP-like.
After running our nmap scans we find that the endpoint is vulnerable to CVE-2010-0832 a vulnerability in the linux authentication system (PAM) USN-959-1. When discovered the severity rate was 7 with the MOTD module in libpam-modules of Ubuntu 10.04 LTS. After lets enumerate, enumerate and enumerate; hope fully we can bypass some security and pwn some systems.
Enumeration
Enumeration is the process of gathering information about a target system. This information can be used to identify vulnerabilities and to plan an attack. There are a number of different ways to enumerate a system, including:
Network scanning: Network scanning can be used to identify the IP address of the target system, as well as the services that are running on the system.
OS fingerprinting: OS fingerprinting can be used to identify the operating system that is running on the target system.
Directory traversal: Directory traversal can be used to find hidden files and directories on the target system.
Port scanning: Port scanning can be used to identify the ports that are open on the target system.
Version detection: Version detection can be used to identify the versions of the software that is running on the target system.
Exploitation
Once we have gathered enough information about the target system, we can start to exploit vulnerabilities. There are a number of different ways to exploit vulnerabilities, including:
Buffer overflows: A buffer overflow occurs when a program tries to write more data to a buffer than the buffer can hold. This can cause the program to crash or, in some cases, allow an attacker to execute arbitrary code on the system.
Format string vulnerabilities: A format string vulnerability occurs when a program uses a format string incorrectly. A format string is a string that is used to format output. For example, a format string might be used to print the value of a variable to the screen.
SQL injection: SQL injection is a type of attack that can be used to exploit vulnerabilities in web applications. SQL injection occurs when a user is able to inject malicious SQL code into a web application. This malicious code can then be executed on the database server, which can allow the attacker to steal data or even take control of the server.
Cross-site scripting (XSS)
XSS is a type of attack that can be used to exploit vulnerabilities in web applications. XSS occurs when a user is able to inject malicious JavaScript code into a web application. This malicious code can then be executed in the victim’s browser, which can allow the attacker to steal cookies, hijack sessions, or even deface the website.
Privilege escalation
Privilege escalation is a type of attack that can be used to gain unauthorized access to a system. Privilege escalation can be used to gain access to sensitive data or to take control of the system.
There are a number of different ways to exploit privilege escalation vulnerabilities. One common method is to exploit a buffer overflow or a format string vulnerability. Another common method is to exploit a misconfiguration in the system.
Defenses
There are a number of things that can be done to defend against cyber attacks. Some of the most important defenses include:
Keeping your software up to date: Software updates often include security patches that can fix vulnerabilities. Keeping your software up to date is one of the most important things you can do to protect your system from attack.
Using strong passwords: Strong passwords are difficult to guess and crack. Using strong passwords is one of the best ways to protect your account from unauthorized access.
Being careful about what you click on: Phishing attacks are one of the most common ways that attackers gain access to systems. Being careful about what you click on can help you avoid falling victim to a phishing attack.
Using a firewall: A firewall can help to block unauthorized traffic from reaching your system. Using a firewall is a good way to add an extra layer of security to your system.
I hope this article has been helpful. If you have any questions, please feel free to ask.



