Official SneakyMailer Discussion

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

@PapyrusTheGuru said:

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

@TazWake said:

@PapyrusTheGuru said:

Having some trouble getting user, I am really not sure what to do, tried the basic enumeration and using scripts such as LinEnum.sh, I’ve noticed the p*p* repository but have no idea what to do with it, I initially thought this privesc had to do something about p*p because of all the virtualenvs, but now I have no idea, creating my own p*th*n p*c*a*e repository does not seem to do anything anyways, and I don’t have sufficient privileges to put it into packages folder. Any nudge is appreciated.

You are on the right path. You dont need privs for this, you just need to tell things where to look for the configuration files.

Thank you for the clarification, I’ll look more into it! :smiley:

Spoiler Removed

Rooted! What a great machine, thanks to rwu (i don’t know his HTB username unfortunately) and @TazWake for the nudge on the user part, I really struggled with it but finally managed to do it and learned so much, absolutely loved it!

some advice when doing the machine:

Initial foothold:

  • Go back the basics, try to find sensitive information about the users.
  • Try to think of it in a real-world scenario, what do employees commonly fall for?
  • If you can’t get your shell to execute… you need to enumerate a bit more

User:

  • Try to upload your script to a certain “repository”

Root:

  • This is classic basic privilege escalation, doing simple enumeration will help you figure out what you need to do.

If you’re stuck somewhere and need a bit extra assistance, please send me PM. I’ll be sure to respond ASAP.

hi, I found the *** credentials and was able to login, also found the d************ subdomain, whoever i cant put the re************p but i cant access it to get a reverse shell any nudges

Type your comment> @cool4coder said:

sometimes you catch a fish with a spear and sometimes you have to go after all those fishes

i got directly with a spear by luck

Finally rooted the box! Good box to get my brain working again as I start to get active on HTB again.

The technique for the foothold was something I’ve never done in a CTF environment, but definitely applicable in the real world. The foothold was definitely the most difficult part of this challenge.

Once I got the foothold, then it was just a matter of following the trail of discoveries to lead me to user. Getting to user wasn’t too difficult, and I thought it was pretty straight forward. Especially if you are familiar with the snake language. From there, privilege escalating from user to root was probably the easiest part of this challenge.

PM if you need a nudge.

■■■■ that user was a tough one. spent days with it

good box !

Really fun box!
the entry level and user was something new for me and I liked that you have to write stuff for yourself instead of just copying someone else’s code

If you are stuck, send me a DM and I will try to help!

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

Type your comment> @TazWake said:

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread

@Dreads said:

Type your comment> @TazWake said:

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread

Certainly

Type your comment> @TazWake said:

@Dreads said:

Type your comment> @TazWake said:

@Dreads said:

I keep getting “530 Permission Denied” for ftp. I went fishing and got the juice, but stumped on what to do now. tried both password and username spraying but nothing. could this be me, or is it an actual issue

Generally that message means incorrect username and/or password. You might have credentials for something else.

I’ve tried others on 143, and 22 with equally dull results. Can i PM you? don’t wanna give away too much in the thread

Certainly

Just got it working. I was being dump and thinking in a very small box haha

@Dreads said:

Just got it working. I was being dump and thinking in a very small box haha

Nice work! Learning is about trial and error!

Hi!

I’m still struggling with the foothold. I think I’m on the right path, however it seems the response to my messages never came. Listener is in place and works (tested locally), however I never got any response.
Any help would be appreciated.

@SecThor said:

Hi!

I’m still struggling with the foothold. I think I’m on the right path, however it seems the response to my messages never came. Listener is in place and works (tested locally), however I never got any response.
Any help would be appreciated.

Check how you are sending it and make sure its easy for an automated process to know what you want it to do.

I am having trouble wrapping my head around how to “send something from my home addy” instead of using the email provider “post office”… i have a automated script but mail never arrives. maybe trying too hard on this one…nudges?

@sudozeus said:

I am having trouble wrapping my head around how to “send something from my home addy” instead of using the email provider “post office”…

I am not sure I understand that. There is a service you can use for this.

i have a automated script but mail never arrives. maybe trying too hard on this one…nudges?