Official Cap Discussion

Yeah, down =(

Spoiler Removed

Type your comment> @koushik777 said:

im new to hacking , i though of trying this box , cant do … but when u guys said this the the easiest box in htb … i feel like im not fit for hacking… :disappointed:

I was you a couple of months ago…really I was…I really recommend you to go through the hackthebox academy. It teaches you form zero to hero lol.

Type your comment> @kavigihan said:

Rooted!! Actually, this is too easy to be a hackthebox machine tho. Anyways…

User:
Remember 1 is not the first number you have.
Lazy people use only one password.

Root:
what are SUIDs??
Python is a lifesaver

This is everything you need to know to root this box… Hope thse might help you…DM me for any help… Thanks @InfoSecJack

hey do you get any issue with s*t**p command? or is there any other way

Just rooted thanks to kavigihan’s hint on user. I realised how dumb i was :frowning:
For the root part: It highly depends on your “ability”

Edit: Feel free to pm me!

This is an easy box for beginners. After it gets retired, would suggest to shift to starting point.

Why do people complain when easy machines are easy? I don’t get it.
Anyway, rooted, feel free to DM me.

1 Like

Yay! Rooted! Got stuck at user at first! But the privesc was more straightforward! Lots of rabbit holes here, tho…so if you struggling, don’t forget thats an easy machine. Nothing really complicated. Like literally super basic stuff in the end. When you see it you immediately know it.

@koushik777 said:

im new to hacking , i though of trying this box , cant do … but when u guys said this the the easiest box in htb … i feel like im not fit for hacking… :disappointed:

@akhileshadz said:

im also feeling like that

Dont let it get to you. Boxes are easy when you know how to exploit them. All the people saying “this is easy” really mean is that they found it easy.

If you are new, no box is easy. If you know how what a box involves, no box is easy.

In HTB the “easy-medium-hard-insane” is supposed to be related to how much custom exploitation is needed. For example, you should be able to complete an easy box with existing tools and minimal configuration. However, an insane box nearly always needs customised attacks. It doesn’t always work like this though…

(note - I haven’t looked at this box yet, I cant offer hints or help)

My second box. First one was “Knife”, which I’ve done pretty easily with a little help from the forum here.

Now on this (cap) I got user own finally after some hours. A few more hours in and I can’t make root happen. I’ve tried LinPEAS.sh even, but I also looked at the SUID services, looked up some of them in GTFObins (all but the “snap” ones. I’m not sure if “snap” will get me to the right path, and since I don’t know anything about “snap” I didn’t look further for now).

I’m giving up right now because for some reason, every 30 sec or so, the server seems to be down for some minutes, coming back up for some seconds and going down again … Makes it too hard currently to continue.

just rooted …tq all for ur hints … and some for supporting and motivating noobs like me @CrimsonFlea @TazWake @kavigihan

Type your comment> @SVARTBERG said:

Now on this (cap) I got user own finally after some hours. A few more hours in and I can’t make root happen. I’ve tried LinPEAS.sh even, but I also looked at the SUID services, looked up some of them in GTFObins (all but the “snap” ones. I’m not sure if “snap” will get me to the right path, and since I don’t know anything about “snap” I didn’t look further for now).

You didn’t read the out put well enough then. You took the same steps I did.

@SVARTBERG said:
(Quote)
My second box. First one was “Knife”, which I’ve done pretty easily with a little help from the forum here.

Now on this (cap) I got user own finally after some hours. A few more hours in and I can’t make root happen. I’ve tried LinPEAS.sh even, but I also looked at the SUID services, looked up some of them in GTFObins (all but the “snap” ones. I’m not sure if “snap” will get me to the right path, and since I don’t know anything about “snap” I didn’t look further for now).

I’m giving up right now because for some reason, every 30 sec or so, the server seems to be down for some minutes, coming back up for some seconds and going down again … Makes it too hard currently to continue.

You did well. Don’t give up. Rest a bit and go back to it with a fresh view. You’ll see it :slight_smile: you will know it when you do. Good luck.

Got user pretty easy. Working on root but going down some rabbit holes i think… Tried some things but feeling a bit lost rn on the PE. Any advice?

I got root, but not with hints from an enumeration script. I saw something fishy that I didn’t think was possible, and then replicated it. I’m still curious what configurations led to this error though. Please PM, I like to learn. :slight_smile:

This is a really good box for beginners. I don’t think it was too easy, but just the right difficulty for someone who is getting introduced to information security. Not everyone can do the more difficult levels yet, so I think it’s a nice box for getting someone interested without being overwhelmingly difficult.

Here are my hints:

For user, I would find a tool good for reading pcap files. There’s a tool named after a fish (that has an entire week dedicated to it) that I found useful for this.

For root, I did not have to use any enumeration tools, but I did browse a few of the files and found one with a particularly interesting comment. Once you know what you can do with a certain language, you should get root fairly easily. I would read this article if you are having trouble with it.

■■■■, nice and easy one. Was stuck on the foothold part for some time but figured it out.
The box name is the real hint for everything.

Spoiler Removed

Type your comment> @Aether32 said:

Type your comment> @kavigihan said:

Rooted!! Actually, this is too easy to be a hackthebox machine tho. Anyways…

User:
Remember 1 is not the first number you have.
Lazy people use only one password.

Root:
what are SUIDs??
Python is a lifesaver

This is everything you need to know to root this box… Hope thse might help you…DM me for any help… Thanks @InfoSecJack

hey do you get any issue with s*t**p command? or is there any other way

It would be a spoiler if I say it aloud.DM me. I will walk you through with an explanation

Type your comment> @Aether32 said:

Type your comment> @kavigihan said:

Rooted!! Actually, this is too easy to be a hackthebox machine tho. Anyways…

User:
Remember 1 is not the first number you have.
Lazy people use only one password.

Root:
what are SUIDs??
Python is a lifesaver

This is everything you need to know to root this box… Hope thse might help you…DM me for any help… Thanks @InfoSecJack

hey do you get any issue with s*t**p command? or is there any other way

rooted lol the root part is still confuse me. im glad i learn new way of getting root but at the same time kinda frustrated on how much i was depend on hints. can someone tell me how did you figure that it is possible to use p***** to spawn shell?