Hack The Box — Cap

Image Source- hackthebox.store

This is my first writeup of a HackTheBox Machine called Cap.It is an Easy Linux machine and gaining initial foothold is easy whereas the priv esc part is interesting.

Enumeration

We use Dirsearch to find hidden directories.

An interesting one is /data we can bruteforce this directory further, to find more files and we find one such interesting file 0 ….We download it and see that it’s a pcap file.

Open the file using wireshark and we can see all the packets.Apply the filter FTP to find only FTP traffic

ftp filter

We find a packet containing FTP username:password.Right click on it and Click on Follow TCP stream to see all the data.

We Found the FTP username and password

Log in to ftp using the credentials and grab the user flag

Use the same credentials to log in to SSH

PRIVILEGE ESCALATION

We are in, firstly we try running sudo -l to find any SUID binaries but it asks for password.

Lets run Linpeas to find possible privilege escalation vectors.Set up a python http server in your kali machine and transfer Linpeas.sh to the target. Here are some interesting finds:

The binary python3.8 has capability set.Another hint is the name of this HackTheBox machine- CAP

Sudo version 1.8.31 is vulnerable and we can find a CVE using google-https://github.com/mohinparamasivam/Sudo-1.8.31-Root-Exploit

Lets go with the capabilities option.On GTFO bins we can search for capabilities and we find something.

Lets run the command using our python version which is 3.8….and we are ROOT!!!

root flag

[+]Extra Notes: You can run the command getcap -r / 2>/dev/null in the target system to check if any binary has capability set(cap_setuid) and we indeed find /use/bin/python3.8 having it.

I hope you learned something from this writeup.The privilege escalation part was new and interesting.Make sure to follow me on medium as i share many writeups of OSCP type machines of TryHackMe and HTB. -ZEUS

--

--

--

I am a Penetration Tester, Currently pursuing OSCP. Skilled in Network Pen-testing and Developing Hacking Tools using Python.I Share my Knowledge on YouTube

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Tips for starting to code 💻

Automated Testing — IaC for multi-cloud

How to Make a Harry Porter Invisible Cloak

Recursion

Unreal Engine 4 — Making a Android Plugin in (almost) 10 minutes

What is MongoDB & Mongoose?

30 Days of Android(with Kotlin)- Day 1

Why Programming Is Too Difficult For Some People

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ZeusCybersec

ZeusCybersec

I am a Penetration Tester, Currently pursuing OSCP. Skilled in Network Pen-testing and Developing Hacking Tools using Python.I Share my Knowledge on YouTube

More from Medium

Hack The Box — Grandpa

picoCTF write up: Wave a flag

Advent of Cyber 2021 — [Day 1] Save The Gifts

Write up: Backdoor -HTB