In this writeup we're looking at the Cap box from HackTheBox. This box goes into PCAP analysis and linux capability sets.

Covers network service scanning (T1046), software discovery (T1518), supply chain compromise (T1195.001) within the open source PHP project, remote code execution (T1210), compromising a user’s authorized_keys and id_rsa files (T1021.004), and abusing sudo (T1548.003) to gain root privileges.

The recently retired HTB machine Ophiuchi was assigned a “Medium” difficulty and featured a pretty interesting set of vulnerabilities leading to initial compromise and root access. This write up will give a step by step analysis of the machine and hopefully help those who struggled to complete it.

Spectra is a retired HackTheBox machine that was ranked as “Easy”. It covered multiple simple vulnerabilities including directory listings, information leakage, clear-text credential leakage, remote code execution via WordPress plugin, and over-privileged sudo abilities.