#nmap

 PORT   STATE SERVICE
 21/tcp open  ftp
 22/tcp open  ssh
 80/tcp open  http

visit web service on port number 80 and it looks like a static dashboard but has 1.pcap file, but unfortunately, it was a bank file. Tried for a different number instead of 1 like 2 and 3 but it redirects to the main page. Then tried 0, got the password and username nathan of FTP service.
nathan:Buck3tH4TF0RM3!

#user flag

use that credentials to login via ssh and got user.txt

#root flag

for privilege escalation run linpeas.sh

got interesting files with capabilities, here is good article about privilege escalation capabilities https://www.hackingarticles.in/linux-privilege-escalation-using-capabilities/https://www.hackingarticles.in/linux-privilege-escalation-using-capabilities/

can also check it manually

getcap -r / 2>/dev/null

for escalating privileges

python3 -c 'import os; os.setuid(0); os.system("/bin/bash")'

LEAVE A REPLY

Please enter your comment!
Please enter your name here