Official SneakyMailer Discussion

@burgers said:

Iā€™m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.

Type your comment> @TazWake said:

@burgers said:

Iā€™m a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.

I understand you canā€™t be specific but a PM would be great, still learning so Iā€™m not sure if Iā€™m totally unaware of something I should check :smile:

I do have 2 sets of creds that Iā€™ve used in 2 different services, and have tried reusing them elsewhere without luck yet. I know thereā€™s a 3rd account thatā€™ll run some stuff, but donā€™t seem to have a way to put it in the right place just yet and was thinking the PHP file is the way to get in.

@burgers said:

I understand you canā€™t be specific but a PM would be great, still learning so Iā€™m not sure if Iā€™m totally unaware of something I should check

Feel free to PM me but I wonā€™t be able to reply until the morning (UTC+1) now.

guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and itā€™s not openingā€¦

any thing to do ?

@Dostora said:

guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and itā€™s not openingā€¦

When you say ā€œitā€™s not openingā€ what does that mean? Your browser should be giving you some error message. This message will give you an idea what the issue is.

For example the difference between a server issue, a network issue and an issue at your end is only visible in the error messages.

any thing to do ?

At a guess, with nothing else to go on, Iā€™d say it was probably down to the /etc/hosts entry not being set up.

Finally rooted, that was intense, but learn a lot of new things.
You can pm me for nuggets :slight_smile:

finally rooted :slight_smile:

rooted. What a ride. PM open if you need a nudge or twoā€¦

Spoiler Removed

@encroachdcs said:

Even after ************, i am not able to get the reverse shellā€¦
any ideaā€¦how to go aheadā€¦

It entirely depends on why you cant get a reverse shell.

Type your comment> @TazWake said:

@encroachdcs said:

Even after ************, i am not able to get the reverse shellā€¦
any ideaā€¦how to go aheadā€¦

It entirely depends on why you cant get a reverse shell.

ā€œā€ to be more specific, even after file transfer, when I try open that file on webpage I get below error

ā€œ404 Not Foundā€

@encroachdcs said:

ā€œā€ to be more specific, even after file transfer, when I try open that file on webpage I get below error

ā€œ404 Not Foundā€

Check where you are putting it - the server thinks it isnā€™t there. Make sure the place youā€™ve put it is the place you are looking.

Got shell! onto user :slight_smile:

Type your comment> @TazWake said:

@encroachdcs said:

ā€œā€ to be more specific, even after file transfer, when I try open that file on webpage I get below error

ā€œ404 Not Foundā€

Check where you are putting it - the server thinks it isnā€™t there. Make sure the place youā€™ve put it is the place you are looking.

Please any more specific nudgeā€¦???

@encroachdcs said:

Type your comment> @TazWake said:

@encroachdcs said:

ā€œā€ to be more specific, even after file transfer, when I try open that file on webpage I get below error

ā€œ404 Not Foundā€

Check where you are putting it - the server thinks it isnā€™t there. Make sure the place youā€™ve put it is the place you are looking.

Please any more specific nudgeā€¦???

If you put a file in a folder on a webserver called /tmp there are two common ways it can be found. If you havenā€™t enumerated the server fully previously, you need to try both.

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

@nineT9 said:

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

I hate saying this but try harder. Make that work.

Okay, I guess that squares it. XD

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, Iā€™ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I donā€™t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

@PapyrusTheGuru said:

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, Iā€™ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I donā€™t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.