Official Cap Discussion

Official discussion thread for Cap. Please do not post any spoilers or big hints.

«1345

Comments

  • as usual .. an error occured -_- cant access the machine

  • Just a question, why does HTB not vary their release timings for the box? Like every box that they release its always 3am in my time. I wonder if it is actually possible and much more fairer in terms of competing opportunity for people if they vary the release timing for the boxes accordingly?

    Hack The Box

  • Puzzled myself - I thought release would be 19:00 CET but it seems +2 ?? lol

  • Rooted. I think this is the simplest machine in HackTheBox.

    Arrexel

  • edited June 5

    I think this machine is way too easy... It's rare to see a machine which is that easy. Pm if anyone need a nudge

  • I haven't looked at this box yet but I just wanted to say, its good to have a range of boxes covering easy to hard - and what feels easy for one person might not be easy for other people.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Yea, I think this machine is quite suitable for beginners who just started and who are not able to do other boxes

  • Feeling tempted to make my own hackbbox plattform just to see if 3.5min blood on such a box is anywhere close to being realistic :)

  • edited June 6

    Pretty Easy Machine, probably easiest one i've done so far. DM Me For Hints

  • @LPHermanos said:

    Feeling tempted to make my own hackbbox plattform just to see if 3.5min blood on such a box is anywhere close to being realistic :)

    Well, in my case it would be unlikely that either nmap would have completed in that time and I've spent longer opening a file to keep notes...

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • It's a real beginner's box, PM for a hint

    SpawnZii

  • After getting average user, the train of thought that gives right can offer below simply?

  • Fun box - learned smth new - didn't know about the PE Vector beforehand.

    Thanks for creating the box!

  • Rooted, PM for hint

  • edited June 6
    Got user.txt working on Root ^_^

    Update: rooted :D DM for nudges
  • This is a great starter box. Thank you for the box, @InfoSecJack !

    DM for nudges.

    Harbard

  • Fun box. Got root. Feel free to shoot me a PM for nudges. Thanks @InfoSecJack

    hadrian3689

  • Rooted!
    If anyone needs help feel free to send me a message. I'll reply as soon as i can :-)

  • edited June 5

    Type your comment> @krizy said:

    Rooted!
    If anyone needs help feel free to send me a message. I'll reply as soon as i can :-)

    Excuse me,What's the clue to root

  • got user pretty easy. root is making me think.....

  • Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.

  • Type your comment> @Eklypze said:

    Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.

    Mate it's not your brain thats wrong ok :D Best case scenario is that people who looked there first are lucky. Worst case is writeups where sold before release. Need to test if I could make it in 3.5 min if I already know what to do now, like start release arena, connect vpn, ignore all standard scans and enum, go straight to the point of interest, use the thing found with the thing you need to use it with (programs and browsers also have some load time) then enter not on the obvious thing you found but on the next one straight away to save a few more seconds, copy paste that privesc in just under another minute, and lets not forget submit both user and root keys to the HTB interface. I think that's already a close call to make it to these blood numbers.

    Why be frustrated? I was long frustated until I realized... HAHA no f**in way man. If you do thorrough enum you did better not worse. How to know where's the thing? Could've been everywhere, in any user input field, in some header, in some anon login, default creds, feel me? At best it's luck, maybe little bit of experience on top but yeah you cant be sure so need to turn every stone so that takes time ok? lol cheers, chill! :D

  • edited June 6

    Type your comment> @x00future said:

    got user pretty easy. root is making me think.....

    lol, its a piece of cake, just do proper enumeration with your scripts, but I think that will take longer from the manual enumeration of the only thing that's on the server ;-)

    Hack The Box

  • rooted! can't believe it took me another 2 hours to get root. That should have been one of the FIRST things I checked.

    Great box. prop to @InfoSecJack for the fun afternoon.

  • Oh man, it took me a while to get root. I was stuck on it for so long, but once I actually figured it out, I'm kicking myself as to how I didn't think of it sooner.

    This was a really cool box, and I learned a lot, especially in regards to the PE. Good stuff @InfoSecJack !

  • Nice and easy box, but a new priv esc for me which I enjoyed learning about, thanks InfoSecJack!

    Hack The Box

  • I enjoyed that box !!! I learnt a new way to privesc so easily !!! Feel free to ask for nudge...

    Hint : think about the name of the box...

  • edited June 6

    Type your comment> @LPHermanos said:

    Type your comment> @Eklypze said:

    Why was root like a thousand times easier for me to find than user? I think my brain was 404 for 2 hours.

    Mate it's not your brain thats wrong ok :D Best case scenario is that people who looked there first are lucky. Worst case is writeups where sold before release. Need to test if I could make it in 3.5 min if I already know what to do now, like start release arena, connect vpn, ignore all standard scans and enum, go straight to the point of interest, use the thing found with the thing you need to use it with (programs and browsers also have some load time) then enter not on the obvious thing you found but on the next one straight away to save a few more seconds, copy paste that privesc in just under another minute, and lets not forget submit both user and root keys to the HTB interface. I think that's already a close call to make it to these blood numbers.

    Why be frustrated? I was long frustated until I realized... HAHA no f**in way man. If you do thorrough enum you did better not worse. How to know where's the thing? Could've been everywhere, in any user input field, in some header, in some anon login, default creds, feel me? At best it's luck, maybe little bit of experience on top but yeah you cant be sure so need to turn every stone so that takes time ok? lol cheers, chill! :D

    I wasn't too frustrated. I noticed what I should have tested like an hour before I did. Well actually, I half-assed it and then came back to it.

    But, I don't think I could pop this box manually in 3.5min right now. I think I'd need atleast 5, if I did all the steps.

  • im new to hacking , i though of trying this box , cant do .. but when u guys said this the the easiest box in htb .... i feel like im not fit for hacking.. :disappointed:

  • Type your comment> @koushik777 said:

    im new to hacking , i though of trying this box , cant do .. but when u guys said this the the easiest box in htb .... i feel like im not fit for hacking.. :disappointed:

    im also feeling like that

Sign In to comment.