Official SneakyMailer Discussion

I have got the **rs and e****s and am stuck know. Need some hints, no spoilers.

Got root. Thank you @sulcud for a fun box, got to learn about some tools I hadn’t used before.

root@sneakymailer:~# id
uid=0(root) gid=0(root) groups=0(root)
root@sneakymailer:~# hostname
sneakymailer
root@sneakymailer:~# ip addr | grep 10.10.10
inet 10.10.10.197/24 brd 10.10.10.255 scope global ens160

Feel like I missed a step. Is it just a lot of enumeration for users?

Was able to login on port 1#3 got the message dedicated to the user ##ve##pper but didn’t understand the message about P#yP# . Any hints?

never mind got www-d###

I really loved how this box was built to demonstrate a realistic scenario, I also appreciated all the effort made in putting those scripts to keep the box stable.
Big up @sulcud and thanks for the box! :slight_smile:

Great box @sulcud learned a lot of new techniques. Was really impressed with the enumeration needed to get a foothold. One of the first boxes I have ever seen use that technique.

Hint: Look at the box profile image and think like an attacker

sneakymailer
uid=0(root) gid=0(root) groups=0(root) 

Great Box, learned new things!
root@sneakymailer:~# id
id
uid=0(root) gid=0(root) groups=0(root)

Finally rooted!!!
Nice box, If anyone need a nudge, PM

Type your comment> @GH057404 said:

Struggling with user. Any suggestions or hints?

Finally rooted. root part was so easy when considering the initial foothold and user part

thanks @schizo for the hints

Type your comment> @GH057404 said:

Type your comment> @GH057404 said:

Struggling with user. Any suggestions or hints?

Finally rooted. root part was so easy when considering the initial foothold and user part

thanks @schizo for the hints

Totally agree with you! The user part was crazy, very interesting.

Spoiler Removed

struggling with initial foothold. if anyone can nudge me in the right direction it would be appreciated.

login successful in 8080 use p#p# creds
stop here, can’t go forward…
Does anyone find an article about p#p# misconfiguration or exploits??,
Need some hints, no spoilers
please DM me!!!
thank you!

Can anyone drop any link to articles that are relevant to this scenario.
Thanks

Type your comment> @fighter said:

Can anyone drop any link to articles that are relevant to this scenario.
Thanks

Which « scenario »?..

Excellent facking box

Everything is classic here and I loved. In other time this kind of boxes would be hard I think

User: just follow the name of the box. At this part I don’t know why the box show me that the classic vuln is not there. When you enumerate and get the list of users, may you will need create a script. I don’t know why the classic tools didn’t work just for do it with bash script

When you get response, enumerate all and try to get into all service. Again start from the beginning when you get all that you need.

When you get shell, enumerate and Google FU package like others said

Root: Again is classic but fantastic. This part remember me Canape style

Gracias @sulcud Esta maquina estuvo Genial y es mas de lo que necesitamos en esta plataforma (en mi opinion)

Would love a DM nudge if anyone had time. I have found a way to send items from a low numbered port, and I have a list of recipients… but have not done this before and don’t know what to send or what/how to listen for! Would appreciate a nudge, or a pointed article/blog maybe…

** Many thanks to @sparkla for the DM

# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Thanks to @CRYP70 and @Choupit0 for their help!

Rooted

# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Thanks @Hato0, @Elvi7major, @itakana for hint in looking my mistakes and @sulcud for this box

Can somebody help me? I’ve spent a good amount of time and I dont advance. Please DM me if you can give me some hints.