Read my writeup to BoardLIght machine on:
TL;DR
User: Discovered the virtual host crm.board.htb running Dolibarr 17.0.0, which is vulnerable to CVE-2023-30253. Exploit this CVE to obtain a reverse shell as www-data. Reuse the database password from conf.php for SSH login as larissa.
Root: Identified an SUID file at lib/x86_64-linux-gnu/enlightenment/utils/enlightenment_sys. Use CVE-2022-37706 to achieve Local Privilege Escalation.
2 posts - 2 participants