Post

HTB Linux Easy: Cap

Cap is an Easy rated Linux machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Linux Easy: Cap

Nmap scan

Pasted image 20240715102246.png

Initial Foothold

Visiting the webpage we find a tab that allows us to download Wireshark captures, the data number in the URL can be changed to get Wireshark captures for other users (IDOR). Pasted image 20240715102240.png

Only 0 gives us a different result. We can download this capture using the download button and open it in Wireshark, looking through the data we find a username and password in plain text format: nathan:Buck3tH4TF0RM3! Pasted image 20240715102235.png

Even though the credentials were used to login to FTP, we will try to log in to SSH using the same credentials. Pasted image 20240715102230.png

Priv Esc

Linpeas reveals a priv esc using Python capabilities. Pasted image 20240715102221.png

Become root: Pasted image 20240715102225.png

User.txt

Pasted image 20240715102216.png

Root.txt

Pasted image 20240715102211.png

You have PWNED

Pasted image 20240715102205.png

Sources

CTF, HTB
Linux Easy
This post is licensed under CC BY 4.0 by the author.