Hub Notes & Methodology

Start Here: Service Discovery

This includes my mistakes, reasoning, and rabbit holes — it’s not the most direct way to solve the box!

Findings

Vulnerabilities and Suggested Remediation

The FuguHub instance was not initialized with an admin user, allowing anyone to create the admin account.
- Create the admin user with a strong password.
The FuguHub instance is vulnerable to CVE-2023-24078, allowing for remote code execution. Because the service is running as root, this allows direct code execution as root.
- Update FuguHub to a non-vulnerable version.

Flags

/root/proof.txt: bf19205b33d1545178aaca10ca29b879

OSCP Note Template and Runbooks

This is my checklist of commands and methodologies to use while taking the OSCP. Feel free to use, adapt for your own use, or open a PR with suggestions!

Clone this site’s repo, open ‘content’ in Obsidian, and copy the template’s directory for each machine
Start with ‘Service Discovery’ and move between the other pages as applicable

Resources Inspiring this Cheatsheet Template

Red Team Manual: Services Cheat Sheet
Windows Commands Cheat Sheet
Linux Commands Cheat Sheet
OSCP Secret Sauce - eins.li - UDP scanning, NetExec usage, pspy monitoring
Netexec
GTFOBins
PayloadsAllTheThings
HackTricks

Veilcat

Explorer

Latest

OSCP 🐲

Medjed

OSCP Note Template and Runbooks

Hub

Hub Notes & Methodology

Start Here: Service Discovery

Findings

Vulnerabilities and Suggested Remediation

Flags

OSCP Note Template and Runbooks

Resources Inspiring this Cheatsheet Template

Service Enumeration

Service Discovery

Graph View

Table of Contents

Backlinks