Crane
Difficulty: Intermediate
Notes & Methodology#
Start Here: Service Discovery This includes my mistakes, reasoning, and rabbit holes – it’s not the most direct way to solve the box!
Summary of Findings#
Vulnerabilities and Suggested Remediation#
- SuiteCRM uses simple, easy-to-guess credentials (admin:admin)
- Set a strong password for the admin user
- SuiteCRM version 7.12.3 is vulnerable to CVE-2022-23940, allowing for authenticated remote code execution.
- Upgrade to a more recent version, at least 7.15.
- www-data user can run /usr/sbin/service without a password as root, which can be abused to escalate privileges
Credentials#
admin:admin (SuiteCRM)
admin: (/ical_server.php)
Flags#
/var/www/local.txt: f76f9651c1aef18def542f34cb34bf03
/root/proof.txt: 907907e1630d55a774cbe7f9b8dcc38b
OSCP Note Template and Runbooks#
This is my checklist of commands and methodologies to use while taking the OSCP. Feel free to use, adapt for your own use, or open a PR with suggestions!
- Clone the template and copy/rename for each machine
- Start with ‘Service Discovery’ and move between the other pages as applicable