Official SneakyMailer Discussion

1246711

Comments

  • Finally rooted. Thanx to @sulcud. Nice box.

    Special thanx to @holeymoley

  • If you feel like you are doing the right thing to get user but seem to be still executing as d********, consider that your code may be executed with low privs first before it runs again as the user you want to escalate to. If you aren't handling errors, the script will fail before it runs the second time.

  • Fun box, rooted, pm for nudges.


    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • Same here, it was a great box. Root was super easy and user was fun. I learned a lot. PM me for nudges (not answers, sorry)

    lmakonem

    If I helped you out at all, feel free to click my badge and give +1 respect!

    My youtube tutorials: https://www.youtube.com/channel/UCXPdZsu8g1nKerd-o5A75vA

  • I like this machine but honestly i have 0 idea till user when i was doing this machine. Everything was pretty new for me.

    s1lv3rst4r

  • edited July 2020

    Spoiler Removed

  • rooted.

    great box. Had a blast. cant wait to see more from op.

    pm for any hints :smile:

    Treelovah

  • The server is very unresponsive... Does anyone know why?

  • Finally rooted this box :smiley: Learned so many things for sure. Thanks @Treelovah for guiding me where i was stuck. Discord for help at Centip3d3#2049

  • Done!! rooted!!

    Some stuff learned there, good box!!
    Thanks to the creator for some good and interesting stuff. Good work!

    Feel free to contact by pm if you need help or a nugde.

    rulzgz

  • edited July 2020

    @kricket08 said:

    Can I get a DM nudge? Have email addresses, sent email with payload, tried hydra, and just can't seem to find how to get creds and access mailboxes. What vector am I missing?

    EDIT:
    Thanks @AidynSkullz !

    Same here, can someone send me a hint via DM? (also found r******.p*p, but seems useless)

    doxxos

  • @doxxos said:

    Same here, can someone send me a hint via DM? (also found r******.p*p, but seems useless)

    The first thing I'd suggest is double-check the payload you've sent.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Am I supposed to assume the team members will reply to emails like real people? I'm lost on how much suspension of disbelief I should have going into this box.
    If anyone has hints on foothold I would be incredibly happy to hear them.

  • @red404 said:

    Am I supposed to assume the team members will reply to emails like real people? I'm lost on how much suspension of disbelief I should have going into this box.

    Lots. Start off with an assumption that any links you send will result in something from someone.

    At the end of the day, it's a CTF not a real environment with human users. You can make assumptions that a level of automation will be in place to reflect expected behaviours.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • can someone hint me??i have done a script that i extracted usernames and emails,tried to ftp =none ,tried to brute imap =none tryed to register and then connect to the mail with evolution = nothing ...any help would be greatful

  • @xenofon said:

    can someone hint me??i have done a script that i extracted usernames and emails,tried to ftp =none ,tried to brute imap =none tryed to register and then connect to the mail with evolution = nothing ...any help would be greatful

    What else can you do with email addresses?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Type your comment> @xenofon said:

    can someone hint me??i have done a script that i extracted usernames and emails,tried to ftp =none ,tried to brute imap =none tryed to register and then connect to the mail with evolution = nothing ...any help would be greatful

    I guess you have tried with evolution only to "receive" some email messages. But that's not the only thing you can try to do with an email client, isn't it?

    rulzgz

  • Has anyone had 405 Method Not Allowed issues when trying to get user? I cannot get my payload to upload.

    Hack The Box
    Discord: AzAxIaL#8633

  • Lovely box, was a bit confused for a while until i knew what to fish for, but smooth sailing after that. root was a bit too easy and close to user imho, but i'm not gonna complain about low hanging fruit :P

    0x41

  • Type your comment> @AzAxIaL said:
    > Has anyone had 405 Method Not Allowed issues when trying to get user? I cannot get my payload to upload.

    Change your request method with use of any proxying software like Burp.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • is it try to send something?
    I get mail list but nothing can do next

  • edited July 2020

    Yesterday I completed this machine. My feelings about this one is a bit mixed. Altogether the machine is above medium or medium based machines are getting harder then earlier, because of the complexity. The first path of the user was quickly solvable and I like these interactive machines but when you have at least 3 passwords, things are getting complex. You need to think out of the box a bit, and that's why I liked this machine (even though I hit my head on the wall when realized it).

    If you know the specific script language internals you are good to go and this machine will be easy especially the root path. But if you're not that type of person, you will have some hard time like I had. That part was frustrating and also the language has some annoying restricts/features (e.g. ' vs ").

    My hints (if there is a spoiler, pls remove it):

    User: check your notes and try to find some relationship between the open services and the @-s on the site. You need some fishing rods and some cats to catch that fish :)
    After that do some basic enumeration in the service (also check your notes and use google). The brainfuck part is coming; some hosts contains more h****s in it. You can guess or brute it, it's up to you. Once you find it, you will understand how to get in. Just do what you wanted to do first on FT*, but you couldn't trigger it.

    ShellZ: you don't need to stick with the service user, just change to the other one you got earlier. Then you need to understand how things are going. Check the running processes, and you will get a clue, how should you get that user. Once you found out, you need a little GoogleFu how trick this internal service to get what you want. I think this is the hardest part. Yes, you need to upload something but it's not the uploaded package what gives you the shell, so do not overcomplicate this.

    Root: strongly related to the previous service. Basic privilege enumeration and GTFOBins will bring you the joy.

    Thanks @sulcud for this machine, I learned a brand new thing what I didn't find in other machines earlier.

  • This box is offline every 5 minutes?

  • @zeroes said:

    This box is offline every 5 minutes?

    Not that I've noticed.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Well, that was quite a road to user.txt. Liked part with s****.** a lot! Getting root itself was a matter of a few seconds

    0x79656574

  • And done! A few good learning points from this one. The path to user takes several long steps. Root was a breeze compared to it! If things arent working remember to check your package :)

    alt text

  • I thought that was one of the best boxes I've done on here. It was super engaging, used things I hadn't really done in other boxes, and seemed like something that would be ultra realistic. Root was a bit disappointing because it was so trivial, but given the setup that's probably pretty realistic, heh.

    Thanks to @j88001 for the nudge on how to go spear fishing

    Hilbert

  • edited July 2020

    Thanks to @sulcud , this machine was for some steps amazing :)

    The foothold was amazing but i need to search some nudge because, i have never do that before, i have never seen something before in this enviroment, so great machine! Try to user diffrent easy list, don't complicate

    For the user part, it was confusing, thanks to @rulzgz to make me more clearly about steps. For the user, i can say, sometimes, if you write keeping a sequence , maybe you can try to invert that sequence. Googling, most common sequence didnt work for me.

    THe root part was easy, it takes 5 minutes.

  • this machine was really hard for me took me ages to get the initial foothold but finally got root learned a lot of new things with this machine, thanks @schizo , @joenibe , @zaero and @CurioCT you all helped me rooting this box. really, appreciated your help!!

  • This was a really fun box! Big thanks to @rulzgz for the nudges in the right direction!

Sign In to comment.