Official SneakyMailer Discussion

This box is interesting so far. I haven’t really gotten anywhere yet, but I’ve learned loads about mail servers.

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Type your comment> @Caracal said:

Type your comment> @Jfly said:

Does anyone have a nudge for the foothold? I think I’ve looked into all possible msf exploits and some other exploits without luck.

Enumeration, that’s all, no need for exploit.

Thank you! Changing my approach then! :slight_smile:

Finally … a foothold turned user… alas, doesn’t look that that was what I needed. Back to the drawing board!

Edit:
root@sneakymailer:~# id
uid=0(root) gid=0(root) groups=0(root)

Still more to learn about mail thats for sure! Good box. The first 2/3 were at times frustrating, the last third was trivial. Will think about a proper set of Hints to be posted later on after people get a fair crack at the box

emoji hint for foothold:

?

Spoiler Removed

For the user part, someone could send me a good link/article to exploit the p*** server in PM? I think it is necessary to add my own key… Thanks!

Update: I found!

Finally rooted.
Nice machine. Learnt bunch of things.
My hints:

Initial Foothold - Fishing and your local machine is the bait.
User - Enumeration - Google FU - Packages
Root - The user has a super power.

Thanks @sulcud for a interesting machine.

finally rooted

Spoiler Removed

GOT Root!
Nice Box

PM for hints

Cannot ping this box any other… is it just me or you guys having issues as well?

Spoiler Removed

Spoiler Removed

Edit:

Sorry for the spoiler guys =D

interesting challenge

Whoever is killing the vhost we need talk to in order to advance, could you restrict your gobuster threads or whatever is causing this DoS to a more appropriate amount? thx in advance!

I’m struggling with the initial foothold so I’m either down a rabbit hole or I’m over complicating things (or both). If anyone is willing to share some hints send me a message and I’ll let you know what I’ve tried so far and you can have a good laugh.

Type your comment> @sloth1985 said:

I’m struggling with the initial foothold so I’m either down a rabbit hole or I’m over complicating things (or both). If anyone is willing to share some hints send me a message and I’ll let you know what I’ve tried so far and you can have a good laugh.

You have some emails… you can see some protocols related to mail server… you have certainly some tools to use them both ?.. and listen the result!!

Struggling with initial foothold.
I know I have to cook fish
I can send test messages to one of the user successfully (At least the response says so)

Do I need to send payload ?
What kind of payload for linux?

Am I in the right direction?

Any hints?

sometimes you catch a fish with a spear and sometimes you have to go after all thoses fishes