Official SneakyMailer Discussion

Type your comment> @TazWake said:

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Please any more specific nudge…???

@encroachdcs said:

Type your comment> @TazWake said:

@encroachdcs said:

“” to be more specific, even after file transfer, when I try open that file on webpage I get below error

“404 Not Found”

Check where you are putting it - the server thinks it isn’t there. Make sure the place you’ve put it is the place you are looking.

Please any more specific nudge…???

If you put a file in a folder on a webserver called /tmp there are two common ways it can be found. If you haven’t enumerated the server fully previously, you need to try both.

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

@nineT9 said:

Help request!
So far, Paul posted me some cred. *********, but it was just a failed try. Can someone give me some hints on what to do with there credentials??

I hate saying this but try harder. Make that work.

Okay, I guess that squares it. XD

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

@PapyrusTheGuru said:

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

@TazWake said:

@PapyrusTheGuru said:

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

Thank you for the clarification, I’ll look more into it! :smiley:

Spoiler Removed

Rooted! What a great machine, thanks to rwu (i don’t know his HTB username unfortunately) and @TazWake for the nudge on the user part, I really struggled with it but finally managed to do it and learned so much, absolutely loved it!

some advice when doing the machine:

Initial foothold:

  • Go back the basics, try to find sensitive information about the users.
  • Try to think of it in a real-world scenario, what do employees commonly fall for?
  • If you can’t get your shell to execute… you need to enumerate a bit more

User:

  • Try to upload your script to a certain “repository”

Root:

  • This is classic basic privilege escalation, doing simple enumeration will help you figure out what you need to do.

If you’re stuck somewhere and need a bit extra assistance, please send me PM. I’ll be sure to respond ASAP.

hi, I found the *** credentials and was able to login, also found the d************ subdomain, whoever i cant put the re************p but i cant access it to get a reverse shell any nudges

Type your comment> @cool4coder said:

sometimes you catch a fish with a spear and sometimes you have to go after all those fishes

i got directly with a spear by luck

Finally rooted the box! Good box to get my brain working again as I start to get active on HTB again.

The technique for the foothold was something I’ve never done in a CTF environment, but definitely applicable in the real world. The foothold was definitely the most difficult part of this challenge.

Once I got the foothold, then it was just a matter of following the trail of discoveries to lead me to user. Getting to user wasn’t too difficult, and I thought it was pretty straight forward. Especially if you are familiar with the snake language. From there, privilege escalating from user to root was probably the easiest part of this challenge.

PM if you need a nudge.

■■■■ that user was a tough one. spent days with it

good box !

Really fun box!
the entry level and user was something new for me and I liked that you have to write stuff for yourself instead of just copying someone else’s code

If you are stuck, send me a DM and I will try to help!

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

Type your comment> @TazWake said:

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread

@Dreads said:

Type your comment> @TazWake said:

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread

Certainly

Type your comment> @TazWake said:

@Dreads said:

Type your comment> @TazWake said:

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread

Certainly

Just got it working. I was being dump and thinking in a very small box haha