Official SneakyMailer Discussion

1567810

Comments

  • It was a really interesting machine!
    Discovered new tools, techniques and how p**** pack**** work!

    However, the foothold was unexpected. Maybe a bit of guessing?

    The BIG CLUE for you would be to think as if there was a real victim using the machine.

    Feel free to PM me for nudges!

    Feel free to PM me for help but explain your problem as much as possible!

  • edited September 20

    I'm a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

  • @burgers said:

    I'm a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

    Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @burgers said:

    I'm a bit lost. I got into f*p and uploaded a simple php hello world file to test but keep getting 404 even after fixing permissions. I guess we are on another sub-domain or something, but not sure. I tried the obvious *** based on the folder name. Is there a clue lying around somewhere?

    Double-check how you checked the obvious. Interestingly I found the emails on it in the first place.

    I understand you can't be specific but a PM would be great, still learning so I'm not sure if I'm totally unaware of something I should check :smile:

    I do have 2 sets of creds that I've used in 2 different services, and have tried reusing them elsewhere without luck yet. I know there's a 3rd account that'll run some stuff, but don't seem to have a way to put it in the right place just yet and was thinking the PHP file is the way to get in.

  • @burgers said:

    I understand you can't be specific but a PM would be great, still learning so I'm not sure if I'm totally unaware of something I should check

    Feel free to PM me but I won't be able to reply until the morning (UTC+1) now.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and it's not opening...

    any thing to do ?

  • @Dostora said:

    guys does this machine over? since I am trying accessing the website http://sneakycorp.htb/ and it's not opening...

    When you say "it's not opening" what does that mean? Your browser should be giving you some error message. This message will give you an idea what the issue is.

    For example the difference between a server issue, a network issue and an issue at your end is only visible in the error messages.

    any thing to do ?

    At a guess, with nothing else to go on, I'd say it was probably down to the /etc/hosts entry not being set up.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Finally rooted, that was intense, but learn a lot of new things.
    You can pm me for nuggets :)

  • finally rooted ^_^

  • rooted. What a ride. PM open if you need a nudge or two...

  • edited September 28

    Spoiler Removed

  • @encroachdcs said:

    Even after ************, i am not able to get the reverse shell..
    any idea..how to go ahead...

    It entirely depends on why you cant get a reverse shell.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @encroachdcs said:

    Even after ************, i am not able to get the reverse shell..
    any idea..how to go ahead...

    It entirely depends on why you cant get a reverse shell.

    "" to be more specific,,, even after file transfer,,,, when I try open that file on webpage I get below error

    "404 Not Found"

  • @encroachdcs said:

    "" to be more specific,,, even after file transfer,,,, when I try open that file on webpage I get below error

    "404 Not Found"

    Check where you are putting it - the server thinks it isn't there. Make sure the place you've put it is the place you are looking.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Got shell! onto user :)

  • Type your comment> @TazWake said:

    @encroachdcs said:

    "" to be more specific,,, even after file transfer,,,, when I try open that file on webpage I get below error

    "404 Not Found"

    Check where you are putting it - the server thinks it isn't there. Make sure the place you've put it is the place you are looking.

    Please any more specific nudge....???

  • @encroachdcs said:

    Type your comment> @TazWake said:

    @encroachdcs said:

    "" to be more specific,,, even after file transfer,,,, when I try open that file on webpage I get below error

    "404 Not Found"

    Check where you are putting it - the server thinks it isn't there. Make sure the place you've put it is the place you are looking.

    Please any more specific nudge....???

    If you put a file in a folder on a webserver called /tmp there are two common ways it can be found. If you haven't enumerated the server fully previously, you need to try both.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited October 2

    Help request!
    So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

  • @nineT9 said:

    Help request!
    So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

    I hate saying this but try harder. Make that work.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Okay, I guess that squares it. XD

  • edited October 2

    Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I've noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don't have sufficient privileges to put it into packages folder. Any nudge is appreciated.

  • @PapyrusTheGuru said:

    Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I've noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don't have sufficient privileges to put it into packages folder. Any nudge is appreciated.

    You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited October 2

    @TazWake said:

    @PapyrusTheGuru said:

    Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I've noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don't have sufficient privileges to put it into packages folder. Any nudge is appreciated.

    You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

    Thank you for the clarification, I'll look more into it! :D

  • edited October 6

    Spoiler Removed

  • Rooted! What a great machine, thanks to rwu (i don't know his HTB username unfortunately) and @TazWake for the nudge on the user part, I really struggled with it but finally managed to do it and learned so much, absolutely loved it!

    some advice when doing the machine:

    Initial foothold:

    • Go back the basics, try to find sensitive information about the users.
    • Try to think of it in a real-world scenario, what do employees commonly fall for?
    • If you can't get your shell to execute.. you need to enumerate a bit more

    User:

    • Try to upload your script to a certain "repository"

    Root:

    • This is classic basic privilege escalation, doing simple enumeration will help you figure out what you need to do.

    If you're stuck somewhere and need a bit extra assistance, please send me PM. I'll be sure to respond ASAP.

  • edited October 10

    hi, I found the *** credentials and was able to login, also found the d************ subdomain, whoever i cant put the re************p but i cant access it to get a reverse shell any nudges

  • Type your comment> @cool4coder said:

    sometimes you catch a fish with a spear and sometimes you have to go after all those fishes

    i got directly with a spear by luck

  • Finally rooted the box! Good box to get my brain working again as I start to get active on HTB again.

    The technique for the foothold was something I've never done in a CTF environment, but definitely applicable in the real world. The foothold was definitely the most difficult part of this challenge.

    Once I got the foothold, then it was just a matter of following the trail of discoveries to lead me to user. Getting to user wasn't too difficult, and I thought it was pretty straight forward. Especially if you are familiar with the snake language. From there, privilege escalating from user to root was probably the easiest part of this challenge.

    PM if you need a nudge.

    zalpha
    OSCP | CISSP | CSSLP

    Respect always welcome if I can help you: https://www.hackthebox.eu/home/users/profile/140630

  • damn that user was a tough one. spent days with it

    good box !

  • edited October 19

    Really fun box!
    the entry level and user was something new for me and I liked that you have to write stuff for yourself instead of just copying someone else's code

    If you are stuck, send me a DM and I will try to help!

Sign In to comment.