Official Cap Discussion

@koushik777 said:
im new to hacking , i though of trying this box , cant do … but when u guys said this the the easiest box in htb … i feel like im not fit for hacking…

@akhileshadz said:
im also feeling like that

Ignore comments like that. People like to post ■■■■ like that because it makes them feel like they are good. The truth is it’s all relative, what’s simple for someone might be hard for someone else and vice versa, it just depends on the path you’ve taken to get where you are.

I have my OSCP, I’m on the Synack Red Team, I’ve popped more boxes and done more challenges than I could count and right now I’m browsing this thread looking for clues because I’ve been working on this box for an hour and I’m completely stuck and haven’t even found the foothold yet.

Does this mean I suck? I need help on the supposedly easiest box out of the hundreds that HTB has ever published according to RandomUser69420!! Should I quit SRT, delete my accounts and hide my face in shame? No, it just means I’m stuck. A state I’ve been in thousands of times, and a state I’m going to be in thousands more. That’s all this journey is really, a whole ■■■■ of a lot of being stuck, frustrated, confused and lost. If you start comparing yourself to other people or evaluating your selfworth when you are in that state, you are going to have either a very short journey, because you get depressed and quit, or a very unsatisfying one, because no matter how “good” or how far you get, there is always going to be someone better and father. Don’t compensate for that by trying to lift yourself up with forum comments to inform everyone of how easy you found something, instead realize that every frustration and every time you are stuck means you are about to learn something, you are about to acquire some knowledge you didn’t have before, and your skill is about to increase by a little bit.

So am I ashamed I’m in here looking for help on the easiest box in the history of hacking? ■■■■ no, I’m excited because when I finally figure this ■■■■ out I’m going to feel good about it, because my goal is always the same, “Did I get better today?” and I will have accomplished that. And in the event I can’t figure this out, and I give up, I’m still going to feel good about today because all the dead ends and ■■■■ I tried that didn’t work still made me better in the process. If that’s what you tie your self esteem to, and that’s how you mark your progress and view what it means to succeed, then there isn’t a single person on the planet who can make you feel bad about yourself, or keep you from doing what it is you want to do, because you don’t need to get the approval of all the RandomUser69420s out there to become a hacker, you just need to keep putting one foot in front of the other.

Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

Type your comment> @R3B00T said:

Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

Same ! Rooted but user.txt and root.txt are not correct on htb.

Just got root! Was really nice to learn a new command to escalate!!! If need a nudge PM

@R3B00T said:
Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

try resetting the box, I think this happens if someone else is on and they use the hash before you do

Rooted, but having the incorrect flag error. Tried resetting the machine but the root hash is still the same one.

Type your comment> @Hilbert said:

@R3B00T said:
Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

try resetting the box, I think this happens if someone else is on and they use the hash before you do

Cool… thanks. Both hashes submitted successfully.

Type your comment> @Hilbert said:

So am I ashamed I’m in here looking for help on the easiest box in the history of hacking? ■■■■ no, I’m excited because when I finally figure this ■■■■ out I’m going to feel good about it, because my goal is always the same, “Did I get better today?” and I will have accomplished that. And in the event I can’t figure this out, and I give up, I’m still going to feel good about today because all the dead ends and ■■■■ I tried that didn’t work still made me better in the process. If that’s what you tie your self esteem to, and that’s how you mark your progress and view what it means to succeed, then there isn’t a single person on the planet who can make you feel bad about yourself, or keep you from doing what it is you want to do, because you don’t need to get the approval of all the RandomUser69420s out there to become a hacker, you just need to keep putting one foot in front of the other.

This must be the single most inspiring comment that I’ve had ever seen on this forum. This should be pinned somewhere. “Keep putting one foot in front of the other” sounds so much better than “try harder”. Much respect to you, sir.

rooted. This box was extre easy

Pretty easy box, getting the foothold was a bit tricky at first bu when I saw the pattern it was darn easy.

User: the first number is never 1
Root: think about how the web app does what it does(since that isn’t possible by any user), enumerate a little bit read the comments.

PM me if still any doubts.

@koushik777 said:
im new to hacking , i though of trying this box , cant do … but when u guys said this the
the easiest box in htb … i feel like im not fit for hacking…
@akhileshadz said:
im also feeling like that

Guys never let this get to you every one is a beginner and everything is tough in the beginning, never think that it is not your type, if for once you feel the spark of doing something do it whatever it takes never regret your decision to do something. I am a noob too(infact a complete noob) but I never give up because I know that one day I’ll reach a point when I’ll look down the timeline and be proud of myself that even in my toughest times when I knew nothing of what must be done I stood up and never gave up. And thats how it always is you are a beginner at start but when you start getting a hang of things(no matter how much time it takes{I myself started studying about hacking about 3 years ago and till today I have completed only 17 machines, and I am proud of it because I did it on my own}) it is at that point you’ll be confident(never a pro, but confident). This confidence is what drives us never let it die.

Peace!!

Type your comment> @gorkamu said:

Rooted.
It’s not so easy if you don’t know anything about the privesc vector but the machine’s name it’s a good hint.
Very interesting learn something new to get root.
If you are stuck with it just think on the machine’s name and study this link

You sir, are great!

ROOTED!
this a nice box I learned a new things in it.

please help me . I cannot get root

Uuuh I stayed one hour drilling every braincells I had left finding the foothold. I forgot not to count “as I was learned at school”. I feel stupid, but at least I won’t do this fault later.

Attacking Root now. It wasn’t hard, meaning no specific tools or fancy script were used.

Rooted. Have some questions though. Anyone available for a few questions? like did i find the intended way and why is this possible…thanks.

@Hilbert and @St4yc4lm thank you guys for your nice words … i would have quit hacking from that day … but because of u guys i dint stopped … and started doing all the easy boxes and learning so much … and starting not taking the words “easy box” , “ur a noob” “ur dumb” …etc im happy now … did around 20 easy boxes …hoping to do more and learn great stuff.

Hi Guys,

I am new to HTB can someone tell me where to start for cap machine I have used nmap and i found all ports are closed

@nickhack said:

Hi Guys,

I am new to HTB can someone tell me where to start for cap machine I have used nmap and i found all ports are closed

I strongly suggest you work through the starting point boxes before moving to the live machines.

If every port is closed it probably means one of the following:

• You arent connected to the VPN
• The box hasn’t been made active on your connection (If you are VIP/VIP+)
• You have some security control on your system blocking traffic

You can check some of this:

• ifconfig to see if you have a HTB VPN IP address (often tun0)
• traceroute to the box IP to see if the network is working
• Check the HTB access page to make sure you are connected to the correct VPN

(Note: I haven’t looked at cap so I cant give specific hints on this box)

Yeah I figured that part in nmap I could just find it is using gunicorn server so should it be the place I shld look for?

I’m bitter i did not realize the priv esc on my own lol