Official Cap Discussion

Okay, I’m lost on user. I’ve sifted through the *cap files, and I’ve seen the mail b/t everyone. I still can’t figure it out. Any tips?

First box I’ve done in a while, nice and easy to get me back in the swing of things.

Don’t rely too much on fancy tools - you don’t need them here. Go back to some basics with this one about vulnerable web apps and exposed services. The box gives you all you need without having to do any fancy exploits.

Once I was on the box, a few minutes of poking around in the obvious places gives you everything you need for root, though I had to spend time troubleshooting it because I missed one very obvious thing when I got ahead of myself.

Took me about an hour start to finish. Nice little warm-up/beginner box, and would like to see this in the Starting Point boxes when it’s retired.

R00ted!

User - Manual Enumeration
Root - Hail
The Cyber Mentor’s linux priv esc room on tryhackme. The name of the box really gives it away tho.

Rooted!

root@cap:/var/www/html# whoami
root

User: Count down from 2 and it will find you. Parse what you find.

Root: The name of the box is a very strong hint. New technique I haven’t seen before but I also haven’t finished the Cyber Mentor’s Privesc courses so shame on me!

Type your comment> @Noobman20 said:

Okay, I’m lost on user. I’ve sifted through the *cap files, and I’ve seen the mail b/t everyone. I still can’t figure it out. Any tips?

You obviously havent been through all the cap files, remember numbers don’t start at 1.

@ellj said:
User: Use what you are given and poke around. Numbers are fungible. Despite what others wrote here you don’t need an ocean animal tool… basic linux tools for parsing files will work.

Root: My standard tool did not work (or I missed it), so I started manually looking at things from a checklist I follow. Once I saw it, I knew it had to be the path.

If your standard tool is a garden veg it does in fact pick up what you need .
![Foalma321] (https://www.hackthebox.eu/badge/image/74636)

R00ted! :smile:
Feel free to PM for help.

User : There may be different p**p files than they should be
Root : You can search for Privilege Escalations by searching the machine name.

Rooted. Great for beginners. Drop a message for a nudge

@koushik777 said:
im new to hacking , i though of trying this box , cant do … but when u guys said this the the easiest box in htb … i feel like im not fit for hacking… :disappointed:

@akhileshadz said:
im also feeling like that

Ignore comments like that. People like to post ■■■■ like that because it makes them feel like they are good. The truth is it’s all relative, what’s simple for someone might be hard for someone else and vice versa, it just depends on the path you’ve taken to get where you are.

I have my OSCP, I’m on the Synack Red Team, I’ve popped more boxes and done more challenges than I could count and right now I’m browsing this thread looking for clues because I’ve been working on this box for an hour and I’m completely stuck and haven’t even found the foothold yet.

Does this mean I suck? I need help on the supposedly easiest box out of the hundreds that HTB has ever published according to RandomUser69420!! Should I quit SRT, delete my accounts and hide my face in shame? No, it just means I’m stuck. A state I’ve been in thousands of times, and a state I’m going to be in thousands more. That’s all this journey is really, a whole ■■■■ of a lot of being stuck, frustrated, confused and lost. If you start comparing yourself to other people or evaluating your selfworth when you are in that state, you are going to have either a very short journey, because you get depressed and quit, or a very unsatisfying one, because no matter how “good” or how far you get, there is always going to be someone better and father. Don’t compensate for that by trying to lift yourself up with forum comments to inform everyone of how easy you found something, instead realize that every frustration and every time you are stuck means you are about to learn something, you are about to acquire some knowledge you didn’t have before, and your skill is about to increase by a little bit.

So am I ashamed I’m in here looking for help on the easiest box in the history of hacking? ■■■■ no, I’m excited because when I finally figure this ■■■■ out I’m going to feel good about it, because my goal is always the same, “Did I get better today?” and I will have accomplished that. And in the event I can’t figure this out, and I give up, I’m still going to feel good about today because all the dead ends and ■■■■ I tried that didn’t work still made me better in the process. If that’s what you tie your self esteem to, and that’s how you mark your progress and view what it means to succeed, then there isn’t a single person on the planet who can make you feel bad about yourself, or keep you from doing what it is you want to do, because you don’t need to get the approval of all the RandomUser69420s out there to become a hacker, you just need to keep putting one foot in front of the other.

Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

Type your comment> @R3B00T said:

Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

Same ! Rooted but user.txt and root.txt are not correct on htb.

Just got root! Was really nice to learn a new command to escalate!!! If need a nudge PM :slight_smile:

@R3B00T said:
Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

try resetting the box, I think this happens if someone else is on and they use the hash before you do

Rooted, but having the incorrect flag error. Tried resetting the machine but the root hash is still the same one.

Type your comment> @Hilbert said:

@R3B00T said:
Anyone having problems submitting the user and root hashes? I managed to root the box, thanks to the help in this forum. But I keep getting error when submitting the hash.

try resetting the box, I think this happens if someone else is on and they use the hash before you do

Cool… thanks. Both hashes submitted successfully. :slight_smile:

Type your comment> @Hilbert said:

So am I ashamed I’m in here looking for help on the easiest box in the history of hacking? ■■■■ no, I’m excited because when I finally figure this ■■■■ out I’m going to feel good about it, because my goal is always the same, “Did I get better today?” and I will have accomplished that. And in the event I can’t figure this out, and I give up, I’m still going to feel good about today because all the dead ends and ■■■■ I tried that didn’t work still made me better in the process. If that’s what you tie your self esteem to, and that’s how you mark your progress and view what it means to succeed, then there isn’t a single person on the planet who can make you feel bad about yourself, or keep you from doing what it is you want to do, because you don’t need to get the approval of all the RandomUser69420s out there to become a hacker, you just need to keep putting one foot in front of the other.

This must be the single most inspiring comment that I’ve had ever seen on this forum. This should be pinned somewhere. “Keep putting one foot in front of the other” sounds so much better than “try harder”. Much respect to you, sir.

rooted. This box was extre easy

Pretty easy box, getting the foothold was a bit tricky at first bu when I saw the pattern it was darn easy.

User: the first number is never 1
Root: think about how the web app does what it does(since that isn’t possible by any user), enumerate a little bit read the comments.

PM me if still any doubts.

@koushik777 said:
im new to hacking , i though of trying this box , cant do … but when u guys said this the
the easiest box in htb … i feel like im not fit for hacking… :disappointed:
@akhileshadz said:
im also feeling like that

Guys never let this get to you every one is a beginner and everything is tough in the beginning, never think that it is not your type, if for once you feel the spark of doing something do it whatever it takes never regret your decision to do something. I am a noob too(infact a complete noob) but I never give up because I know that one day I’ll reach a point when I’ll look down the timeline and be proud of myself that even in my toughest times when I knew nothing of what must be done I stood up and never gave up. And thats how it always is you are a beginner at start but when you start getting a hang of things(no matter how much time it takes{I myself started studying about hacking about 3 years ago and till today I have completed only 17 machines, and I am proud of it because I did it on my own}) it is at that point you’ll be confident(never a pro, but confident). This confidence is what drives us never let it die.

Peace!!

Type your comment> @gorkamu said:

Rooted.
It’s not so easy if you don’t know anything about the privesc vector but the machine’s name it’s a good hint.
Very interesting learn something new to get root.
If you are stuck with it just think on the machine’s name and study this link

You sir, are great!

ROOTED!
this a nice box I learned a new things in it.