Official SneakyMailer Discussion

root nice box

The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…

Thanks for the box @sulcud.

uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Type your comment> @Caracal said:

The flags rotation system become more and more laggy… specially with new boxes, it’s kind of frustrating.
I mean i’m still trying to submit those flags, it’s been 1 hour…

Thanks for the box @sulcud.

uid=0(root) gid=0(root) groups=0(root)
sneakymailer

You should as @TazWake says… submit a ticket about this so that HTB can fix it. If enough of us keep submitting tickets eventually they will get the point.

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

This box is interesting so far. I haven’t really gotten anywhere yet, but I’ve learned loads about mail servers.

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Type your comment> @Caracal said:

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Thank you! Changing my approach then! :slight_smile:

Finally … a foothold turned user… alas, doesn’t look that that was what I needed. Back to the drawing board!

Edit:
root@sneakymailer:~# id
uid=0(root) gid=0(root) groups=0(root)

Still more to learn about mail thats for sure! Good box. The first 2/3 were at times frustrating, the last third was trivial. Will think about a proper set of Hints to be posted later on after people get a fair crack at the box

emoji hint for foothold:

?

Spoiler Removed

For the user part, someone could send me a good link/article to exploit the p*** server in PM? I think it is necessary to add my own key… Thanks!

Update: I found!

Finally rooted.
Nice machine. Learnt bunch of things.
My hints:

Initial Foothold - Fishing and your local machine is the bait.
User - Enumeration - Google FU - Packages
Root - The user has a super power.

Thanks @sulcud for a interesting machine.

finally rooted

Spoiler Removed

GOT Root!
Nice Box

PM for hints

Cannot ping this box any other… is it just me or you guys having issues as well?

Spoiler Removed

Spoiler Removed

Edit:

Sorry for the spoiler guys =D

interesting challenge

Whoever is killing the vhost we need talk to in order to advance, could you restrict your gobuster threads or whatever is causing this DoS to a more appropriate amount? thx in advance!