Fun box.
Got little lost on the user part (forgot how to count as a computer :P)
Thank you @InfoSecJack for creating this good challenge.
All hints are on this forum.
Fun box.
Got little lost on the user part (forgot how to count as a computer :P)
Thank you @InfoSecJack for creating this good challenge.
All hints are on this forum.
Done!
User part: i think the first foothold is the most difficult part but its easy to find, just need to keep your eyes open and stay focus.
Root part: easiest part. Intuitive and with the basics of the privesc you can get it.
Feel free to pm for hint
Guys, sanity check on foothold.
Is it regarding HP Repe spl***ing?
This took me quite a while, but then again I am new to this stuff.
I managed to get root at the end, but I did get the system flag before getting root lol.
I actually got user pretty easy but struggling with root. From the comments it has me pretty frustrated others had it the other way around. I know I need to use k**** but confused on what the script needs to be. Any nudges?
@7ailwind
The name of the box serves 2 purposes (user access and root).
Its an abbreviation for the latter
Type your comment> @7ailwind said:
I actually got user pretty easy but struggling with root. From the comments it has me pretty frustrated others had it the other way around. I know I need to use k**** but confused on what the script needs to be. Any nudges?
Donāt be confused with all the comments. Do your basic enumeration. Make sure you know about file permissions. If you get stuck, DM me.
Rooted!
User: check 0.
Root: Machine name is a big clue. What is CAPabale? everything you need is on HackTricks.
Enjoy
Rooted
the foothold is extremely easy to fly over your head, someone here said a good hint about count like a machine not a human, instantly clicked for me!
The root on this box Iāve only ever seen once on HTB before, some of the oldies might be familiar with it and thereās TONS of information online about how to privilege escalate this vulnerability, the user who commented before me gives a pretty decent hint ^
Rooted. Box was fun.
User was easy. Just donāt dig too deep
Learned a new way to root with this box.
Pretty awesome
I got the root.txt but getting incorrect flag error when submit it. Whatās wrong? ?
Type your comment> @OldProgrammer said:
For people who block for the root part, the name of the machine is a very good clue.
So True
I pwned it
Thanks
So the user own was admittedly fairly easy. The root own on the other handā¦ I only think I got it because I stumbled upon someone talking about this specific box when I was googling privledge escalations.
User:
Do your scans
Pay attention to how the web app is behaving as you interact with it
Root:
Honestly I have never seen this one before, but with some of the most simple privesc scripts youll find something a bit strange, plus have a trawl through this discussion for clues (like i did) .
For those feeling bummed because this says easy, you dont know what you dont know (obviously) but the more you read and the more you try the better you will get. I have been doing this for years and Im still not that good and I get frustrated every time.
Keep going
DM me if you want a nudge
This was my first ever box that I rooted without any walkthroughs/write-ups, the feeling is incredible.
Thank you for the forum discussion, it really helped.
In case someone is stuck, read carefully through this discussion all the necessary information and clues are here.
Although I have the contents of user.txt and root.txt, it seems like a canāt submit those flags, do I need to be a VIP user to submit flags?
Thank you
upd:
nvm, Iām too dumb :~/
root@cap:/tmp# id
uid=0(root) gid=1001(nathan) groups=1001(nathan)
Good box
Good Machine
It required some time. The name helps in both flags. CAP
Use some googling and nmap doesnt help much
This was a great box- straightforward once I knew what to look for. I got caught up in the HTML offset for a bit and was really confused. Once I got on the right track, it was right in front of me. Enum, donāt overthink and itāll all work out
Nice machine and very easy! Here my hints:
Rooted!
My first Linux box
PrivEsc took me longer then it should have, but got there in the end.
PM for nudges.