Official SneakyMailer Discussion

2456710

Comments

  • edited July 13

    GOT Root!
    Nice Box

    PM for hints

    image
    Respect me if I helped U

  • Cannot ping this box any other..... is it just me or you guys having issues as well?

  • Spoiler Removed

    v1ew-s0urce.flv
  • edited July 13

    Spoiler Removed

    Edit:

    Sorry for the spoiler guys =D

    ferreirasc
    OSCP | CRTE | Pentest+ | DCPT

  • edited July 13

    interesting challenge

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • Whoever is killing the vhost we need talk to in order to advance, could you restrict your gobuster threads or whatever is causing this DoS to a more appropriate amount? thx in advance!

  • I'm struggling with the initial foothold so I'm either down a rabbit hole or I'm over complicating things (or both). If anyone is willing to share some hints send me a message and I'll let you know what I've tried so far and you can have a good laugh.

  • Type your comment> @sloth1985 said:

    I'm struggling with the initial foothold so I'm either down a rabbit hole or I'm over complicating things (or both). If anyone is willing to share some hints send me a message and I'll let you know what I've tried so far and you can have a good laugh.

    You have some emails... you can see some protocols related to mail server... you have certainly some tools to use them both 😊... and listen the result!!

    Fr0Ggi3sOnTour
    La team recrute ! 👽 We are hiring!

  • Struggling with initial foothold.
    I know I have to cook fish
    I can send test messages to one of the user successfully (At least the response says so)

    Do I need to send payload ?
    What kind of payload for linux?

    Am I in the right direction?

    Any hints?

  • sometimes you catch a fish with a spear and sometimes you have to go after all thoses fishes

  • Struggling with user. Any suggestions or hints?

  • edited July 13

    I'm hang in the initial foothold. I'm testing with ETRN command trying to catch the fish, is it the correct path or I'm overthinking as always?

    Thanks

  • I have got the **rs and e****s and am stuck know. Need some hints, no spoilers.

  • Got root. Thank you @sulcud for a fun box, got to learn about some tools I hadn't used before.

    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~# hostname
    sneakymailer
    [email protected]:~# ip addr | grep 10.10.10
    inet 10.10.10.197/24 brd 10.10.10.255 scope global ens160

    pugpug

  • edited July 13

    Feel like I missed a step. Is it just a lot of enumeration for users?

  • edited July 14

    Was able to login on port 1#3 got the message dedicated to the user ##ve##pper but didn't understand the message about P#yP# . Any hints?

    never mind got www-d###

  • I really loved how this box was built to demonstrate a realistic scenario, I also appreciated all the effort made in putting those scripts to keep the box stable.
    Big up @sulcud and thanks for the box! :)

  • edited July 14

    Great box @sulcud learned a lot of new techniques. Was really impressed with the enumeration needed to get a foothold. One of the first boxes I have ever seen use that technique.

    Hint: Look at the box profile image and think like an attacker

    sneakymailer
    uid=0(root) gid=0(root) groups=0(root) 
    
  • Great Box, learned new things!
    [email protected]:~# id
    id
    uid=0(root) gid=0(root) groups=0(root)

    Hack The Box

  • Finally rooted!!!
    Nice box, If anyone need a nudge, PM
    Hack The Box

  • Type your comment> @GH057404 said:

    Struggling with user. Any suggestions or hints?

    Finally rooted. root part was so easy when considering the initial foothold and user part

    thanks @schizo for the hints

  • Type your comment> @GH057404 said:

    Type your comment> @GH057404 said:

    Struggling with user. Any suggestions or hints?

    Finally rooted. root part was so easy when considering the initial foothold and user part

    thanks @schizo for the hints

    Totally agree with you! The user part was crazy, very interesting.

    Fr0Ggi3sOnTour
    La team recrute ! 👽 We are hiring!

  • Spoiler Removed

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • struggling with initial foothold. if anyone can nudge me in the right direction it would be appreciated.

  • Can someone please tell me if there's some kind of "role play" / "alternate reality game" elements involved in a box like this one? Or is it a pure technical challenge as usual?

    Hack The Box
    Anger is more useful than despair - T800

  • edited July 14

    login successful in 8080 use p#p# creds
    stop here, can't go forward...
    Does anyone find an article about p#p# misconfiguration or exploits??,
    Need some hints, no spoilers
    please DM me!!!
    thank you!

  • Can anyone drop any link to articles that are relevant to this scenario.
    Thanks

  • Type your comment> @fighter said:
    > Can anyone drop any link to articles that are relevant to this scenario.
    > Thanks

    Which « scenario »?...

    Fr0Ggi3sOnTour
    La team recrute ! 👽 We are hiring!

  • edited July 15

    Excellent facking box

    Everything is classic here and I loved. In other time this kind of boxes would be hard I think

    User: just follow the name of the box. At this part I don't know why the box show me that the classic vuln is not there. When you enumerate and get the list of users, may you will need create a script. I don't know why the classic tools didn't work just for do it with bash script

    When you get response, enumerate all and try to get into all service. Again start from the beginning when you get all that you need.

    When you get shell, enumerate and Google FU package like others said

    Root: Again is classic but fantastic. This part remember me Canape style

    Gracias @sulcud Esta maquina estuvo Genial y es mas de lo que necesitamos en esta plataforma (en mi opinion)

  • @CHUCHO said:
    Excellent facking box

    So that's what this is about? I was wondering...

    Hack The Box
    Anger is more useful than despair - T800

Sign In to comment.