Official SneakyMailer Discussion

The mechanism to receive a message on port 80 is an absolute mystery to me. Please, can someone enlighten me on this subject?

@blueteam said:

The mechanism to receive a message on port 80 is an absolute mystery to me. Please, can someone enlighten me on this subject?

Well, I am not sure what this is actually asking - do you mean how HTTP traffic works over IP?

Type your comment> @TazWake said:

@blueteam said:

The mechanism to receive a message on port 80 is an absolute mystery to me. Please, can someone enlighten me on this subject?

Well, I am not sure what this is actually asking - do you mean how HTTP traffic works over IP?

Forget I asked TazWake. I’ll ask someone else via DM.

@blueteam said:

Forget I asked TazWake. I’ll ask someone else via DM.

Awesome.

Finally rooted after multiple days of banging my head

Foothold

Nothing i can really add here that hasnt been said already.

User

You’ve got to bring your own chair to this block party. Remember to leave your chair somewhere nice, and dont get the address wrong. No one wants to be the guy who knocks on the neighbors house when the party is next door.

Root:

■■■■ if you make it past the gauntlet that is user, no reason to not have root within 5 minutes.

Please let me know if the information is misleading or useless and feel free to remove if this is a spoiler

Really fun box! I have learned a few things! Congrants @sulcud

And thanks @TazWake for point me on the right track again!!

I have enumerated users, tryin to brutefore using h****. Read all about IMAP, POP3, Courier IMAP. Not getting foothold. Some are saying fishing, whats that? Any nudges would be grt

@AnoopRon said:

I have enumerated users, tryin to brutefore using h****. Read all about IMAP, POP3, Courier IMAP. Not getting foothold. Some are saying fishing, whats that? Any nudges would be grt

Look at what you have as a list of users. There is a common way to attack that type of information.

If you do it, you might get a user to process a link in a way your listener can capture useful loot.

Type your comment> @TazWake said:

@AnoopRon said:

I have enumerated users, tryin to brutefore using h****. Read all about IMAP, POP3, Courier IMAP. Not getting foothold. Some are saying fishing, whats that? Any nudges would be grt

Look at what you have as a list of users. There is a common way to attack that type of information.

If you do it, you might get a user to process a link in a way your listener can capture useful loot.

Thanks, I will try

I got the foothold into d*******r account …can I get a nudge to get into L** to get the user flag?

@KavinNK said:

I got the foothold into d*******r account …can I get a nudge to get into L** to get the user flag?

Yeah, have a look at what other folders might point to a subdomain. Have a look at the subdomain.

It implies you can do something locally which would normally be pushed to an internet site and may run with different privs than you currently have.

Stucked at user for a very long long long time.
Much thanks to @TazWake ,finally gotten root. and also thanks to @mdnwvn and @m1r3x

huhn

This was a fun box. I got root yesterday, which was much easier than getting user. Be sure to carefully for typoes. One typo took me 4 hours of work early in getting user. I added an extra newline accidentally at the start of a chunk of something important.

Thanks, @sulcud, for the fun machine :slight_smile:

Rooted. This box is a real roller coaster:
I love the foothold, it was pretty cool and unusual (I didn’t see it in a CTF for now);
I clearly hate the user part, it was way too capillotracted;
I liked the root part because it is the beginner level. And I feel like I’m that level :stuck_out_tongue:

For the hints, the previous ones are good. You just need to know that you must not give up. I puked blood for the user, it’s okay. I persevered and I got root.

Feel free to ask for nudges in DM.

I’m stuck. I got creds and access to the lower port service but uploading anything for shell doesn’t work because it always says “not found” when I try to open it in browser.

I found p*** subdomain on the higher port but I cannot log in to it through any credentials and can’t figure out a way to get shell. I can’t figure out what I could possibly upload to the lower port or how I can get it to execute.

Update: Got shell as www-data. Now to figure out how to get the user everyone seems to be having trouble with.

Edit: Rooted. Really nice box with a very unique foothold. Taught me a couple interesting new tricks. Feel free to DM for hints. I will help you with some slight nudges and try my best not to give any big hints or answers. Learning is the objective.

Rooted - such a good box. Foothold and user especially.
DM for nudges =)

Spoiler Removed

@scorpion4347, if I were to guess, your code block after “with open(…) as f:” is not indented properly.

http://************/tools/***********l/php-reverse-shell-1.0.tar.gz

php file not working !!!

The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.