Official SneakyMailer Discussion

@encroachdcs said:

I am not able to get ************ domain. Any hint for that. I tried several times. but no luck…
stucked…

Have you added it to your hosts file?

It was a really interesting machine!
Discovered new tools, techniques and how p**** pack**** work!

However, the foothold was unexpected. Maybe a bit of guessing?

The BIG CLUE for you would be to think as if there was a real victim using the machine.

Feel free to PM me for nudges!

I’m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

@burgers said:

I’m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.

Type your comment> @TazWake said:

@burgers said:

I’m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.

I understand you can’t be specific but a PM would be great, still learning so I’m not sure if I’m totally unaware of something I should check :smile:

I do have 2 sets of creds that I’ve used in 2 different services, and have tried reusing them elsewhere without luck yet. I know there’s a 3rd account that’ll run some stuff, but don’t seem to have a way to put it in the right place just yet and was thinking the PHP file is the way to get in.

@burgers said:

I understand you can’t be specific but a PM would be great, still learning so I’m not sure if I’m totally unaware of something I should check

Feel free to PM me but I won’t be able to reply until the morning (UTC+1) now.

guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and it’s not opening…

any thing to do ?

@Dostora said:

guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and it’s not opening…

When you say “it’s not opening” what does that mean? Your browser should be giving you some error message. This message will give you an idea what the issue is.

For example the difference between a server issue, a network issue and an issue at your end is only visible in the error messages.

any thing to do ?

At a guess, with nothing else to go on, I’d say it was probably down to the /etc/hosts entry not being set up.

Finally rooted, that was intense, but learn a lot of new things.
You can pm me for nuggets :slight_smile:

finally rooted :slight_smile:

rooted. What a ride. PM open if you need a nudge or two…

Spoiler Removed

@encroachdcs said:

Even after ************, i am not able to get the reverse shell…
any idea…how to go ahead…

It entirely depends on why you cant get a reverse shell.

Type your comment> @TazWake said:

@encroachdcs said:

Even after ************, i am not able to get the reverse shell…
any idea…how to go ahead…

It entirely depends on why you cant get a reverse shell.

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Got shell! onto user :slight_smile:

Type your comment> @TazWake said:

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Please any more specific nudge…???

@encroachdcs said:

Type your comment> @TazWake said:

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Please any more specific nudge…???

If you put a file in a folder on a webserver called /tmp there are two common ways it can be found. If you haven’t enumerated the server fully previously, you need to try both.

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

@nineT9 said:

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

I hate saying this but try harder. Make that work.