Official Attended Discussion

Spoiler Removed

Cool box. Need to get the format right… otherwise I can’t see anything.

Can some one give me a hint for root. DM please.

anyone has a link to some ‘good’ reading on SMTP for pentesting (tools, command injection, exfiltration etc…), had a look @ippsec “reel” it’s about enum mainly, Thanks.

FYI I have found one tool s***s (used in SneakMailer) for email transactions however not many examples out there…

I get not many people have done this box - but can anyone confirm if I need to set up a local server to receive responses from the box on the higher of the open ports?

Yes I used some python module

@gh0stm5n said:

Yes I used some python module

Thanks - I am pretty much in the 11th circle of ■■■■ trying with that right now. You have no idea the mistakes I’ve made getting to even this starting point :lol:

I want to kill myself. I’ve spent ~8 hours failing to get something working. A reset of the box and it works instantly.

You have to wait a bit :wink: It does take some time to do what you want it to do.

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

Yes, syntax is a tough one there. Not making mistake with folders is anther gotcha.
The root thing is giving me the grief though.

Type your comment> @TazWake said:

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

I’m at the same spot. Initially I tried setting up a local server, but then found the python module easier to work with for sending, and a socket script for receiving. I’m able to get a response, and based on the clues inside am now trying to send something that will trigger a command.

hint: forget any “usual” commands that would throw something back to you. its pretty locked

A small step forward - I’m now getting “thanks dude” when sending something

his reply should tell you where to dig for. Look at the whole e-mail

Cannot find any useful gadgets in the binary.

@gh0stm5n said:

Cannot find any useful gadgets in the binary.

There are some on an online resource, but I don’t know how useful it would be. I am not even sure how the binary would be used to privesc.

I do think that this is the binary to keep attacking. Looking at the evidence, it seems this is it.

Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be converted… Succes