Official SneakyMailer Discussion

Type your comment> @GH057404 said:

Type your comment> @GH057404 said:

Struggling with user. Any suggestions or hints?

Finally rooted. root part was so easy when considering the initial foothold and user part

thanks @schizo for the hints

Totally agree with you! The user part was crazy, very interesting.

Spoiler Removed

struggling with initial foothold. if anyone can nudge me in the right direction it would be appreciated.

login successful in 8080 use p#p# creds
stop here, can’t go forward…
Does anyone find an article about p#p# misconfiguration or exploits??,
Need some hints, no spoilers
please DM me!!!
thank you!

Can anyone drop any link to articles that are relevant to this scenario.
Thanks

Type your comment> @fighter said:

Can anyone drop any link to articles that are relevant to this scenario.
Thanks

Which « scenario »?..

Excellent facking box

Everything is classic here and I loved. In other time this kind of boxes would be hard I think

User: just follow the name of the box. At this part I don’t know why the box show me that the classic vuln is not there. When you enumerate and get the list of users, may you will need create a script. I don’t know why the classic tools didn’t work just for do it with bash script

When you get response, enumerate all and try to get into all service. Again start from the beginning when you get all that you need.

When you get shell, enumerate and Google FU package like others said

Root: Again is classic but fantastic. This part remember me Canape style

Gracias @sulcud Esta maquina estuvo Genial y es mas de lo que necesitamos en esta plataforma (en mi opinion)

Would love a DM nudge if anyone had time. I have found a way to send items from a low numbered port, and I have a list of recipients… but have not done this before and don’t know what to send or what/how to listen for! Would appreciate a nudge, or a pointed article/blog maybe…

** Many thanks to @sparkla for the DM

# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Thanks to @CRYP70 and @Choupit0 for their help!

Rooted

# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Thanks @Hato0, @Elvi7major, @itakana for hint in looking my mistakes and @sulcud for this box

Can somebody help me? I’ve spent a good amount of time and I dont advance. Please DM me if you can give me some hints.

Thanks @sulcud I enjoyed this box after initial frustrations with the foothold! Had a bit of a battle with the last step before getting user but simplifying what I was doing helped.

If you need a hand you can DM what you’ve tried and what you’re struggling with and I’ll try and nudge.

lab is under maintenance!!!

Could use a nudge for foothold. User s**p_enum for some users, but they all look really standard, and uncertain of how to use them. Tried sending them an email with a payload, but i obviously couldnt without having a mailserver

Rooted finaly! :cold_sweat:

I got stuck. I have accessed **** mailbox, those credentials work for f** but not for p*** on 8080. I didn’t find anything useful at all in f**.

So far, great machine anyway.

EDIT:
Thanks to @choupit0 for getting me out of the rabbit hole. Rooted.
Thanks to @sulcud , the machine frustrated me a lot, but it was really fun and I enjoyed it a lot! The foothold was very original!

Type your comment> @sudneo said:

I got stuck. I have accessed **** mailbox, those credentials work for f** but not for p*** on 8080. I didn’t find anything useful at all in f**.

So far, great machine anyway.

With your rigths on the F**, you can upload some interesting things to progress…

Can I get a DM nudge? Have email addresses, sent email with payload, tried hydra, and just can’t seem to find how to get creds and access mailboxes. What vector am I missing?

EDIT:
Thanks @AidynSkullz !

Rooted!

whoami && id && hostname

root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

got it
foothold and user is really interesting if you didnt solve something like it

i learn tons of new things with this box, thanks a lot @CurioCT for helps :slight_smile: