Cap HacktheBox Walkthrough

nmap scan gives the below ports, so basic FTP, SSH and HTTP

21
80
22

Upon accessing the port 80 we get a network administrator dashboard:

from there upon further browsing we could see some network captured packets files, but there was nothing here, but look at the url it’s something like /data/1 may be try with /data/0

There was some data in the /data/0 lets download the pcap and analyze it using the wireshark.

There the user name and password was clearly visible, may be we can use those to may be FTP or better SSH lol, that would be pretty easy.

Anyway FTP worked let’s see can we also do SSH, otherwise we will need this FTP as the initial foothold to get the low level user.

Well bingo using the same credentials from the pcap file we could ssh also.

Now we own the low level user nathan, browsing through the /home/nathan you will get the user.txt flag

Now, we can use this(nathan)user to perform privilege escalation.

Here we get to come across a kind of privilege escalation called as privilege escalation using capabilities.

For better understanding pleas refer to the below link:

using getcap command we can see python 3.8 as capability for Privilege escalation.

Please search the gtfobin python capabilities and you will come across the below github link:

From there we can easily get root shell, using the given command:

A small modification in command might be required depending upon the python version and also in the gtfobin link they are invoking python using./python but here you can directly use pyhton3.8 as below:

Browse to /root directory and capture the root flag also.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store