Official Cap Discussion

I somehow manage to get root with exploiting the specific services but I am still abit confuse on how it works, anyone can PM and explain to me, still very new to this

I really liked initial foothold, it was somewhat different compared to other easy boxes.
Root was very easy, just check how to app works (although I’m not sure why people needed any fancy commands to escalate). PM for hints :smiley:

rooted
uid=0(root) gid=0(root) groups=0(root)

nice box, root was easier than user
still dont really get how i was able to get the p**** of the ***
Id love to learn, if someone would like to pm… :slight_smile:

Thanks for the box.

Fun and easy box, perfect for lifting the morale after a long HTB break lol Feel free to DM me for nudges

Fun box.
Got little lost on the user part (forgot how to count as a computer :P)
Thank you @InfoSecJack for creating this good challenge.

All hints are on this forum.

Done!

User part: i think the first foothold is the most difficult part but its easy to find, just need to keep your eyes open and stay focus.

Root part: easiest part. Intuitive and with the basics of the privesc you can get it.

Feel free to pm for hint

Guys, sanity check on foothold.
Is it regarding HP Repe spl***ing?

This took me quite a while, but then again I am new to this stuff.

I managed to get root at the end, but I did get the system flag before getting root lol.

I actually got user pretty easy but struggling with root. From the comments it has me pretty frustrated others had it the other way around. I know I need to use k**** but confused on what the script needs to be. Any nudges?

@7ailwind
The name of the box serves 2 purposes (user access and root).
Its an abbreviation for the latter

Type your comment> @7ailwind said:

I actually got user pretty easy but struggling with root. From the comments it has me pretty frustrated others had it the other way around. I know I need to use k**** but confused on what the script needs to be. Any nudges?

Don’t be confused with all the comments. Do your basic enumeration. Make sure you know about file permissions. If you get stuck, DM me.

Rooted!

User: check 0.
Root: Machine name is a big clue. What is CAPabale? everything you need is on HackTricks.

Enjoy :smiley:

Rooted :smiley:

the foothold is extremely easy to fly over your head, someone here said a good hint about count like a machine not a human, instantly clicked for me!

The root on this box I’ve only ever seen once on HTB before, some of the oldies might be familiar with it and there’s TONS of information online about how to privilege escalate this vulnerability, the user who commented before me gives a pretty decent hint ^

Rooted. Box was fun.

User was easy. Just don’t dig too deep

Learned a new way to root with this box.
Pretty awesome

I got the root.txt but getting incorrect flag error when submit it. What’s wrong? ?

Type your comment> @OldProgrammer said:

For people who block for the root part, the name of the machine is a very good clue. :wink:

So True :wink:
I pwned it :wink:

Thanks

So the user own was admittedly fairly easy. The root own on the other hand… I only think I got it because I stumbled upon someone talking about this specific box when I was googling privledge escalations.

User:
Do your scans
Pay attention to how the web app is behaving as you interact with it

Root:
Honestly I have never seen this one before, but with some of the most simple privesc scripts youll find something a bit strange, plus have a trawl through this discussion for clues (like i did) .

For those feeling bummed because this says easy, you dont know what you dont know (obviously) but the more you read and the more you try the better you will get. I have been doing this for years and Im still not that good and I get frustrated every time.

Keep going

DM me if you want a nudge

This was my first ever box that I rooted without any walkthroughs/write-ups, the feeling is incredible.
Thank you for the forum discussion, it really helped.
In case someone is stuck, read carefully through this discussion all the necessary information and clues are here.
Although I have the contents of user.txt and root.txt, it seems like a can’t submit those flags, do I need to be a VIP user to submit flags?
Thank you

upd:
nvm, I’m too dumb :~/