SuiteCRM Auth RCE (CVE-2022-23940)

In this lab environment, the user will access a Kali GUI instance. A vulnerable machine SuiteCRM server deployed on 10.0.X.X. The IP address of the target machine is provided in a text file named target placed on the Desktop of the Kali machine (/root/Desktop/target).

In 2022, a high-risk vulnerability was found in the SuiteCRM. SuiteCRM 7.12.1 and 8.x through 8.0.1 is vulnerable to remote code execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.Your task is to fingerprint the application using command-line tools available on the Kali terminal and then exploit the application using the appropriate Metasploit module. Get a meterpreter shell on the target.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-23940 

SuiteCRM is the award-winning open-source, enterprise-ready Customer Relationship Management (CRM) software application.

SuiteCRM: https://github.com/salesagility/SuiteCRM

The following credentials might be useful:

Objective: Exploit the SuiteCRM server and find the flag!

Instructions: 

• This lab is dedicated to you! No other users are on this network :) 
• Once you start the lab, you will have access to a root Kali instance
• Do not attack the gateway located at IP address 192.V.W.1 and 10.10.X.1