SSH2JOHN
OFFSEC - Proving Grounds - SCRUTINY
·2638 words·13 mins
OSCP
OFFSEC PG PRACTICE
VHOST
JOHN
SSH2JOHN
TEAMCITY
Initial access via OFFSEC credentials or TeamCity CVE-2024-27198 exploit, get id_rsa key for marcot and password of multiple users. Briand runs /usr/bin/systemctl as root, escalate to root using GTFOBins.