We covered Insecure Direct Object Reference vulnerability exploitation along with Python privilege escalation as part of HackTheBox Cap CREST CRT Track.
Cap is an easy difficulty Linux machine running an HTTP server thus allowing users to capture the non-enrypted traffic. Improper controls result in Insecure Direct Object Reference (IDOR) giving access to another user capture. The capture contains plaintext credentials and can be used to gain foothold. A Linux capability is then leveraged to get root.
Video Walkthrough
Show Comments
