Hack The Box Moncton Meetup #2.
Cap is an easy Linux-based hacking challenge that was released on HTB on June 5th, 2021. It focuses on several important aspects of cyber security and information technology, including broken access controls, packet capture analysis, and Linux capabilities. To complete this challenge, the user needs to have a basic understanding of port scans, Python programming, and network analysis tools such as nmap and Wireshark. Additionally, the user should be familiar with the process of enumerating a system and exploiting vulnerabilities.
Like most walkthrough, the first step is to perform a port scan on the target machine, which can be done using the nmap tool. After the scan, the user will find that there are three open ports: ftp, ssh, and web. The user should start by trying the lowest hanging fruit, which in this case is the ftp port. However, the user will find that anonymous access to the ftp server is not allowed.
Next, the user should turn to the web page, which is the next best option. Upon visiting the web page, the user will find that they are already logged in and that the page is a strange application. The next step is to analyze the page and try to find vulnerabilities. The user can use tools such as linpeas to enumerate the system and find potential exploits. The user should also use their understanding of Linux capabilities and be on the lookout for files with special capabilities.
Finally, the user will use the information they have gathered to escalate their privileges and gain access to the root account. This may require the user to use a Python script to spawn a root shell or to modify a file with special capabilities. The end goal of the challenge is to demonstrate a complete understanding of the concepts and skills required to perform a successful hack on a Linux system.