Hack The Box Cap Writeup

Hi, Hackers!!! In this post we will solve Hack The Box machine Cap. This machine is created by InfoSecJack. Without wasting time, Let's start our adventure.

Enumeration

First we scan for open ports with rustscan.

We can see that port 80 is open. Let's visit.

/data directory looks interesting. Let's try with /data/0.

Bingo!!!! We can download a packet capture file now. Open the .pcap file with Wireshark.

We get a password for ftp. Let's log into ftp.

The ftp filesystem looks like a home folder of a user. SSH service is open. Let's log into ssh with same credentials of ftp.

You can find the user.txt now.

Privilege Escalation

After searching for SUID files, we found nothing interesting. Then we search for capabilities.

Python3.8 has cap_setuid capability. If you search in the GTFOBins, you will find some exploitation tricks.

Let's apply the above command.

Annnnnnnnd! We are root. You can find the root flag in /root/root.txt. Happy Hacking!!!