Welcome! In this article, we will try to solve the Cap Machine from HackTheBox and provide as many details as we can so it can be a reference for anyone who wants to recall any part of it. Here are some details about the machine itself from the official website: Level: Easy OS: Linux Machine URL: Hack The Box: Cap Machine About: Cap is an easy difficulty Linux machine running an HTTP server that performs administrative functions including performing network captures. Improper controls result in Insecure Direct Object Reference (IDOR) giving access to another user’s capture. The capture contains plaintext credentials and can be used to gain foothold. A Linux capability is then leveraged to escalate to root. Let’s get started: Task 1: How many TCP ports are open? -Pn: if the machine is refusing the ping requests, port scan only. -p-: if for scanning all ports. -sC: Scan with default NSE scripts. -sV: attempts to find the version of the service. — min-rate 10000: Send packets no slower than 10000 per second.…