Notes & Methodology

Start Here: Service Discovery This includes my mistakes, reasoning, and rabbit holes — it’s not the most direct way to solve the box!

Summary of Findings

Vulnerabilities and Suggested Remediation

SuiteCRM uses simple, easy-to-guess credentials (admin:admin)
- Set a strong password for the admin user
SuiteCRM version 7.12.3 is vulnerable to CVE-2022-23940, allowing for authenticated remote code execution.
- Upgrade to a more recent version, at least 7.15.
www-data user can run /usr/sbin/service without a password as root, which can be abused to escalate privileges

Credentials

admin:admin (SuiteCRM)
admin: (/ical_server.php)

Flags

/var/www/local.txt: f76f9651c1aef18def542f34cb34bf03
/root/proof.txt: 907907e1630d55a774cbe7f9b8dcc38b

OSCP Note Template and Runbooks

This is my checklist of commands and methodologies to use while taking the OSCP. Feel free to use, adapt for your own use, or open a PR with suggestions!

Clone this site’s repo, open ‘content’ in Obsidian, and copy the template’s directory for each machine
Start with ‘Service Discovery’ and move between the other pages as applicable

Veilcat

Explorer

Latest

OSCP 🐲

Medjed

OSCP Note Template and Runbooks

Crane

Notes & Methodology

Summary of Findings

Vulnerabilities and Suggested Remediation

Credentials

Flags

OSCP Note Template and Runbooks

80 HTTP

Linux Privilege Escalation

Service Discovery

Graph View

Table of Contents