I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using curl
too but no luck there.
I have got creds for user p*pi , what to do next can someone give a nudge… am i in a rabbithole?
nvm rooted the box
Type your comment> @joenibe said:
I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using
curl
too but no luck there.
Rabbit hole
Type your comment> @Caracal said:
Type your comment> @joenibe said:
I created a user and I can verify that he exists (or his mailbox). But i am not able to authenticate. Is this the right way? or is it a rabbit hole? I tried using
curl
too but no luck there.Rabbit hole
damnnnnn I have been trying that path for 6 hours
root nice box
The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…
Thanks for the box @sulcud.
uid=0(root) gid=0(root) groups=0(root)
sneakymailer
Type your comment> @Caracal said:
The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…Thanks for the box @sulcud.
uid=0(root) gid=0(root) groups=0(root)
sneakymailer
You should as @TazWake says… submit a ticket about this so that HTB can fix it. If enough of us keep submitting tickets eventually they will get the point.
Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.
This box is interesting so far. I haven’t really gotten anywhere yet, but I’ve learned loads about mail servers.
Type your comment> @Jfly said:
Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.
Enumeration, that’s all, no need for exploit.
Type your comment> @Caracal said:
Type your comment> @Jfly said:
Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.
Enumeration, that’s all, no need for exploit.
Thank you! Changing my approach then!
Finally … a foothold turned user… alas, doesn’t look that that was what I needed. Back to the drawing board!
Edit:
root@sneakymailer:~# id
uid=0(root) gid=0(root) groups=0(root)
Still more to learn about mail thats for sure! Good box. The first 2/3 were at times frustrating, the last third was trivial. Will think about a proper set of Hints to be posted later on after people get a fair crack at the box
emoji hint for foothold:
?
Spoiler Removed
For the user part, someone could send me a good link/article to exploit the p*** server in PM? I think it is necessary to add my own key… Thanks!
Update: I found!
Finally rooted.
Nice machine. Learnt bunch of things.
My hints:
Initial Foothold - Fishing and your local machine is the bait.
User - Enumeration - Google FU - Packages
Root - The user has a super power.
Thanks @sulcud for a interesting machine.
finally rooted
Spoiler Removed
GOT Root!
Nice Box
PM for hints
Cannot ping this box any other… is it just me or you guys having issues as well?