Official SneakyMailer Discussion

I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using curl too but no luck there.

I have got creds for user p*pi , what to do next can someone give a nudge… am i in a rabbithole?

nvm rooted the box

Type your comment> @joenibe said:

I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using curl too but no luck there.

Rabbit hole :wink:

Type your comment> @Caracal said:

Type your comment> @joenibe said:

I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using curl too but no luck there.

Rabbit hole :wink:

damnnnnn I have been trying that path for 6 hours

root nice box

The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…

Thanks for the box @sulcud.

uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Type your comment> @Caracal said:

The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…

Thanks for the box @sulcud.

uid=0(root) gid=0(root) groups=0(root)
sneakymailer

You should as @TazWake says… submit a ticket about this so that HTB can fix it. If enough of us keep submitting tickets eventually they will get the point.

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

This box is interesting so far. I haven’t really gotten anywhere yet, but I’ve learned loads about mail servers.

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Type your comment> @Caracal said:

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Thank you! Changing my approach then! :slight_smile:

Finally … a foothold turned user… alas, doesn’t look that that was what I needed. Back to the drawing board!

Edit:
root@sneakymailer:~# id
uid=0(root) gid=0(root) groups=0(root)

Still more to learn about mail thats for sure! Good box. The first 2/3 were at times frustrating, the last third was trivial. Will think about a proper set of Hints to be posted later on after people get a fair crack at the box

emoji hint for foothold:

?

Spoiler Removed

For the user part, someone could send me a good link/article to exploit the p*** server in PM? I think it is necessary to add my own key… Thanks!

Update: I found!

Finally rooted.
Nice machine. Learnt bunch of things.
My hints:

Initial Foothold - Fishing and your local machine is the bait.
User - Enumeration - Google FU - Packages
Root - The user has a super power.

Thanks @sulcud for a interesting machine.

finally rooted

Spoiler Removed

GOT Root!
Nice Box

PM for hints

Cannot ping this box any other… is it just me or you guys having issues as well?