HTB · Easy
HTB Cap: IDOR to PCAP Credential Leak and PwnKit Privilege Escalation
An IDOR vulnerability on a network capture endpoint reveals plaintext FTP credentials in a PCAP file. Credential reuse provides SSH access, and a vulnerable pkexec SUID binary (CVE-2021-4034) allows root escalation.
