Skip to main content

Squid

Difficulty: Easy

Squid Notes & Methodology
#

Start Here: Service Discovery
#

This includes my mistakes, reasoning, and rabbit holes – it’s not the most direct way to solve the box!

Findings
#

Vulnerabilities and Suggested Remediation
#

  • The open Squid http proxy allows anyone to enumerate the internal WAMP dashboard running on port 8080 internally, exposing critical server details and administrative capabilities
    • Implement Squid proxy access controls or firewall rules to prevent the proxy from exposing sensitive endpoints
  • phpmyadmin uses default credentials which can easily be guessed to gain administrative access
    • Change credentials to use a strong password
  • WAMP stack runs as NT Authority/System rather than a dedicated service account, meaning compromise of the web application leads to direct compromise of the entire system
    • Run web services with a dedicated service account

Flags
#

C:\local.txt: 325ada73456c3a84178762552f5d6acb
C:\Users\Administrator\Desktop\proof.txt: 1831c3d66ff2db78c816574a09c6e26f

OSCP Note Template and Runbooks
#

This is my checklist of commands and methodologies to use while taking the OSCP. Feel free to use, adapt for your own use, or open a PR with suggestions!

  • Clone the template and copy/rename for each machine
  • Start with ‘Service Discovery’ and move between the other pages as applicable

0001