Official SneakyMailer Discussion

Can anyone drop any link to articles that are relevant to this scenario.
Thanks

Type your comment> @fighter said:

Can anyone drop any link to articles that are relevant to this scenario.
Thanks

Which « scenario »?..

Excellent facking box

Everything is classic here and I loved. In other time this kind of boxes would be hard I think

User: just follow the name of the box. At this part I don’t know why the box show me that the classic vuln is not there. When you enumerate and get the list of users, may you will need create a script. I don’t know why the classic tools didn’t work just for do it with bash script

When you get response, enumerate all and try to get into all service. Again start from the beginning when you get all that you need.

When you get shell, enumerate and Google FU package like others said

Root: Again is classic but fantastic. This part remember me Canape style

Gracias @sulcud Esta maquina estuvo Genial y es mas de lo que necesitamos en esta plataforma (en mi opinion)

Would love a DM nudge if anyone had time. I have found a way to send items from a low numbered port, and I have a list of recipients… but have not done this before and don’t know what to send or what/how to listen for! Would appreciate a nudge, or a pointed article/blog maybe…

** Many thanks to @sparkla for the DM

# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Thanks to @CRYP70 and @Choupit0 for their help!

Rooted

# whoami;id;hostname
root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

Thanks @Hato0, @Elvi7major, @itakana for hint in looking my mistakes and @sulcud for this box

Can somebody help me? I’ve spent a good amount of time and I dont advance. Please DM me if you can give me some hints.

Thanks @sulcud I enjoyed this box after initial frustrations with the foothold! Had a bit of a battle with the last step before getting user but simplifying what I was doing helped.

If you need a hand you can DM what you’ve tried and what you’re struggling with and I’ll try and nudge.

lab is under maintenance!!!

Could use a nudge for foothold. User s**p_enum for some users, but they all look really standard, and uncertain of how to use them. Tried sending them an email with a payload, but i obviously couldnt without having a mailserver

Rooted finaly! :cold_sweat:

I got stuck. I have accessed **** mailbox, those credentials work for f** but not for p*** on 8080. I didn’t find anything useful at all in f**.

So far, great machine anyway.

EDIT:
Thanks to @choupit0 for getting me out of the rabbit hole. Rooted.
Thanks to @sulcud , the machine frustrated me a lot, but it was really fun and I enjoyed it a lot! The foothold was very original!

Type your comment> @sudneo said:

I got stuck. I have accessed **** mailbox, those credentials work for f** but not for p*** on 8080. I didn’t find anything useful at all in f**.

So far, great machine anyway.

With your rigths on the F**, you can upload some interesting things to progress…

Can I get a DM nudge? Have email addresses, sent email with payload, tried hydra, and just can’t seem to find how to get creds and access mailboxes. What vector am I missing?

EDIT:
Thanks @AidynSkullz !

Rooted!

whoami && id && hostname

root
uid=0(root) gid=0(root) groups=0(root)
sneakymailer

got it
foothold and user is really interesting if you didnt solve something like it

i learn tons of new things with this box, thanks a lot @CurioCT for helps :slight_smile:

Root is certainly a lot easier than getting user on this box. The tips here are already good, all I can add is try not to make typos or it will drive you up the wall…

I keep shelling my own box with my reverse shell payload (php reverse shell. a nudge would be appreciated. thanks

Type your comment> @zenrasta said:

I keep shelling my own box with my reverse shell payload (php reverse shell. a nudge would be appreciated. thanks

nevermind, got it!

I think I need a nudge towards a foothold.

I’ve gotten creds for pd, used those to get the creds for dr. I can log in to the service for those creds. I also saw the multiple references to p** including the task from p****d to l.

I’ve run through multiple wordlists doing discovery on 8080 but found nothing.

I tried uploading my own php shell but not having luck with that.

Would appreciate a PM, and i can go into more detail about what i’ve tried and looked at. Just looking for the smallest nudge forward.