We covered Insecure Direct Object Reference vulnerability exploitation along with Python privilege escalation as part of HackTheBox Cap CREST CRT Track.

Cap is an easy difficulty Linux machine running an HTTP server thus allowing users to capture the non-enrypted traffic. Improper controls result in Insecure Direct Object Reference (IDOR) giving access to another user capture. The capture contains plaintext credentials and can be used to gain foothold. A Linux capability is then leveraged to get root.

Get OSCP Notes

Video Walkthrough

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles