I did CAP from HTB. It’s active so no writeup. It’s probably the easiest modern HTB machine I’ve done. No new releases from VulnHub lately. I also did Basic Pentesting and yes it was basic.
We have SSH, SMB and a webserver. We’ve got anonymous access on the SMB and we can get a username; it hints that we can upload but that’s not something we end up doing:
With our username, we can bruteforce SSH:
And from there we can SSH in as Jan. We can read files in Kay’s home, including her (encrypted) SSH private key which we can then crack and login as Kay:
We get Kay’s password backup, and then we can get root:
Now I’ve got to go watch the footy. Man I’m really phoning in these writeups.