CAP is an easy Linux machine which provides most of the information to solve in its name itself.
Lets jump right into attacking this machine.
Scanning and Enumeration:nmap -A -T4 -p 21,22,80 10.129.119.234 -o scan
the vsftpd 3.03 has no known vulnerability and also the anonymous login is not enabled.
No known vulnerabilities on this version of SSH.
Hence we need to find some credentials for the FTP/SSH service via the website hosted in port 80.
I first tried running gobuster but nothing useful was found.
So just enumerating the website we could find different things it provides.
We can observe 2 things:
1)Different service it provides
2)Name of some person who has access to this site.
In different services the first one produce some pcap files and the machine name being cap may not be some coincidence
So visiting this page we could see the webiste keeps giving us pcap files in the path /data/pcapid
with pcapid=continuous numbers like (1,2,3,…..)
Each time we try to access the page / for every 5 sec as mentioned in the site the pcapid increments.
The starting /the first pcapid
Read the article