Cap writeup

Breaking into my first hackthebox machine

About

Below are some notes from when I was breaking into my first HackTheBox machine, “Cap”. Don’t expect much commentary on this post as its mostly showing the steps I went through to break into this box/machine 😊

Basic scan

Starting off, a basic scan with nmap reveals the following:

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-22 23:52 BST
Nmap scan report for 10.10.10.245
Host is up (0.028s latency).
Not shown: 997 closed ports
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0)
80/tcp open  http    gunicorn
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
[PART OMMITTED, USELESS INFO]

Network Distance: 2 hops
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 140.77 seconds

Showing that there is a secure FTP server and OpenSSH server, both of which are not that vunerable past DOS attacks which isn’t the purpose of this, the FTP looks interesting as its the only real thing past hacking into gunicorn or flask/django there is.

Files

Found these .pcap files at https://http://10.10.10.245/data/x where x is the id whilst digging around on the dashboard and used wireshark to view, see sections below:

File 0

File 1

Entering FTP

Time to look into the FTP files seen previously in wireshark:

Flag!

Wow.. seems like that user.txt is actually the flag; guess I’ve just got user access to my first hackthebox machine!

  1. https://www.logpoint.com/en/blog/sudo-privilege-escalation-vulnerability/