Cap - Easy
Overview Cap is a retired easy Linux box which demonstrates how small web authorization flaws and insecure protocol usage can chain into full system compromise. it teaches three core ideas: Basic service enumeration (FTP/SSH/HTTP) IDOR (Insecure Direct Object Reference) in a web app that exposes other users’ files Credential discovery from a PCAP file, then privilege escalation via Linux capabilities (cap_setuid) The following content is protected. ...