Pwn Cap by Hack The Box Walkthrough / Writeup!
Hello friends! today we are going to take a look at a very easy ctf challenge from hack the box
Called “Cap” the credit for this machine goes to infosecjack.
It’s a linux based system,
So without further ado let’s hack!! :)
First things first after joining the machine do a quick ping to check whether the connection between your system and machine is established or not.
Now
#Step 1 (Recon the available ports & services running onto the target machine)
As we can see from the nmap results port 80 is open & and it’s loading a html page along with it!
#Step 2 (Now let’s get acquainted with our site. )
After browsing the website we can conclude there’s some useful information in “security snapshot” page
After the page load's locate & choose the stock with the most elements in the partition.
So i choose ‘data/0’ directory, Then download .pcap the file from the page.Use the command wireshark 0.pcap to open the file from the terminal.
#Step 3 ( Examine the file & find ftp details )
And Voila!. We found the username and password for the user.
#Step 4 ( SSH & Stuff! )
From our recon stage we can see the nmap result shows that port “22” is open so let’s try ssh into the server..
Using the command: “ ssh nathan@ip “
Once successfully logged in, do ls & cat the user flag and submit it to hack the box.
#Step 5 ( Privilege Escalation )
If a binary has the Linux CAP_SETUID capability set or it is executed by another binary with the capability set, it can be used as a backdoor to maintain privileged access by manipulating its own process UID.
For more check out this page: https://gtfobins.github.io/gtfobins/python/#sudo
From the given resource we are using the following script:
python -c 'import os; os.setuid(0); os.system("/bin/sh")'
And Voila! we have our root flag as well, Congratulations!! :)
Now submit the flag to get your own cap pwned badge from hack the box.
