Embedded Files
nmap Scan Result
Brute-forcing directories, the below vhost which was added to the /etc/hosts file was found.
/master page hints to potential username (and password).. "rick" worked for both password and username for the Dolibarr login page
Foothold
Installed version of Dolibarr is vulnerable to Authenticated RCE. luckily a working exploit was found in searchsploit
Privilege Escalation
The netstat output shows port 25 (SMTP) running locally.
Checking the installed version of running SMTP service. it oberverd that the version 6.6.1p1 has a publicly known privilege escalation vulnerability (https://www.exploit-db.com/exploits/48051)
Extras
Dolibarr config file conataining mysql password
Page updated
Google Sites
Report abuse