Official SneakyMailer Discussion

@ricm916 said:

I’m confused – machine went live less than 3 hours ago – yet it shows bloods at 3 hours 45+ minutes from going live… huh? what am I missing? Do VIP members get early access?

The bloods are always about 3 hours out. Its a glitch in the way they are calculated.

Rooted it! This was an interesting box! Thanks @sulcud! Time to go to bed now…

i only enumerate the users can any one give me a nudge please

Hey guys! I’m a bit new at this…having trouble finding a foothold…any nudges? I’ve done some basic enum, found several open ports/a dashboard, currently reading up on the whole SMTP/POP3/Courier IMAP stuff…

At least people waited more than the first 3 hours to ask for nudges. Looks like progress compared to normal release day!

any nudges!!
bruteforcing!!

post removed by user

I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using curl too but no luck there.

I have got creds for user p*pi , what to do next can someone give a nudge… am i in a rabbithole?

nvm rooted the box

Type your comment> @joenibe said:

I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using curl too but no luck there.

Rabbit hole :wink:

Type your comment> @Caracal said:

Type your comment> @joenibe said:

I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using curl too but no luck there.

Rabbit hole :wink:

damnnnnn I have been trying that path for 6 hours

root nice box

The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…

Thanks for the box @sulcud.

uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Type your comment> @Caracal said:

The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…

Thanks for the box @sulcud.

uid=0(root) gid=0(root) groups=0(root)
sneakymailer

You should as @TazWake says… submit a ticket about this so that HTB can fix it. If enough of us keep submitting tickets eventually they will get the point.

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

This box is interesting so far. I haven’t really gotten anywhere yet, but I’ve learned loads about mail servers.

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Type your comment> @Caracal said:

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Thank you! Changing my approach then! :slight_smile:

Finally … a foothold turned user… alas, doesn’t look that that was what I needed. Back to the drawing board!

Edit:
root@sneakymailer:~# id
uid=0(root) gid=0(root) groups=0(root)

Still more to learn about mail thats for sure! Good box. The first 2/3 were at times frustrating, the last third was trivial. Will think about a proper set of Hints to be posted later on after people get a fair crack at the box

emoji hint for foothold:

?