Hi, This is a simple walkthrough of the CAP machine in HTB.
First I started scanning with Nmap:
nmap -sC -sV 10.10.10.104
This gave me no results. Then I browsed the web application and came to know that the application have Pcap analysis where everything showed 0. I tried changing values like 1,2,3 and tried 0 in the URL and got the values changed and I then downloaded the Pcap file and analysed it through Wireshark.
It had an ssh username and password open. I used it to connect it through ssh.
I logged in here and listed the directories and files using the ls command and got to know that the flag is in cat user.txt and submitted the user flag.
Then used this python command to get root access.
python3.8 -c ‘import os; os.setuid(0); os.system(“/bin/bash”)’
Then I go to the root directory and get the root flag.
Thanks for reading.
Read the article