Official SneakyMailer Discussion

Finally rooted, that was intense, but learn a lot of new things.
You can pm me for nuggets :slight_smile:

finally rooted :slight_smile:

rooted. What a ride. PM open if you need a nudge or two…

Spoiler Removed

@encroachdcs said:

Even after ************, i am not able to get the reverse shell…
any idea…how to go ahead…

It entirely depends on why you cant get a reverse shell.

Type your comment> @TazWake said:

@encroachdcs said:

Even after ************, i am not able to get the reverse shell…
any idea…how to go ahead…

It entirely depends on why you cant get a reverse shell.

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Got shell! onto user :slight_smile:

Type your comment> @TazWake said:

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Please any more specific nudge…???

@encroachdcs said:

Type your comment> @TazWake said:

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Please any more specific nudge…???

If you put a file in a folder on a webserver called /tmp there are two common ways it can be found. If you haven’t enumerated the server fully previously, you need to try both.

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

@nineT9 said:

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

I hate saying this but try harder. Make that work.

Okay, I guess that squares it. XD

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

@PapyrusTheGuru said:

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

@TazWake said:

@PapyrusTheGuru said:

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

Thank you for the clarification, I’ll look more into it! :smiley:

Spoiler Removed

Rooted! What a great machine, thanks to rwu (i don’t know his HTB username unfortunately) and @TazWake for the nudge on the user part, I really struggled with it but finally managed to do it and learned so much, absolutely loved it!

some advice when doing the machine:

Initial foothold:

  • Go back the basics, try to find sensitive information about the users.
  • Try to think of it in a real-world scenario, what do employees commonly fall for?
  • If you can’t get your shell to execute… you need to enumerate a bit more

User:

  • Try to upload your script to a certain “repository”

Root:

  • This is classic basic privilege escalation, doing simple enumeration will help you figure out what you need to do.

If you’re stuck somewhere and need a bit extra assistance, please send me PM. I’ll be sure to respond ASAP.

hi, I found the *** credentials and was able to login, also found the d************ subdomain, whoever i cant put the re************p but i cant access it to get a reverse shell any nudges

Type your comment> @cool4coder said:

sometimes you catch a fish with a spear and sometimes you have to go after all those fishes

i got directly with a spear by luck