CAP HTB WALKTHROUGH
Hello everyone , in this story I will be sharing my writeup for Cap is an active and easy Linux machine at Hackthebox.
NMAP
Now, I start Nmap scan.
Now, we can see that FTP, SSH and HTTP ports are open.
PORT 80 (HTTP)
I checked that are there any vulnerability in website. Security Events and Failed Login Attempts grabs my attention. After that, I clicked Security Snapshot (5 Second PCAP + Analysis).
I saw that the 0th data isn’t null and download it.
After opening this file with wireshark, username and password that coming with the FTP protocol attract my attention. I can connect this SSH port with this username and password.
Username: nathan
Password: Buck3tH4TF0RM3!
I connected the system with using username and password with SSH port. After that, I captured user flag. I need privilege escalation to get other flag.
I can get privilege with python so that I searched python privilege command at internet.
python3 -c ‘import os; os.setuid(0); os.system(“/bin/sh”)’
I found this command to get privilege.
I entered this command to get a root shell and I can get root flag.
