Skip to main content

Hub

Difficulty: Easy

Hub Notes & Methodology
#

Start Here: Service Discovery
#

This includes my mistakes, reasoning, and rabbit holes – it’s not the most direct way to solve the box!

Findings
#

Vulnerabilities and Suggested Remediation
#

  • The FuguHub instance was not initialized with an admin user, allowing anyone to create the admin account.
    • Create the admin user with a strong password.
  • The FuguHub instance is vulnerable to CVE-2023-24078, allowing for remote code execution. Because the service is running as root, this allows direct code execution as root.
    • Update FuguHub to a non-vulnerable version.

Flags
#

/root/proof.txt: bf19205b33d1545178aaca10ca29b879

OSCP Note Template and Runbooks
#

This is my checklist of commands and methodologies to use while taking the OSCP. Feel free to use, adapt for your own use, or open a PR with suggestions!

  • Clone the template and copy/rename for each machine
  • Start with ‘Service Discovery’ and move between the other pages as applicable

Resources Inspiring this Cheatsheet Template
#

0001