Official Attended Discussion

anyone has a link to some ‘good’ reading on SMTP for pentesting (tools, command injection, exfiltration etc…), had a look @ippsec “reel” it’s about enum mainly, Thanks.

FYI I have found one tool s***s (used in SneakMailer) for email transactions however not many examples out there…

I get not many people have done this box - but can anyone confirm if I need to set up a local server to receive responses from the box on the higher of the open ports?

Yes I used some python module

@gh0stm5n said:

Yes I used some python module

Thanks - I am pretty much in the 11th circle of ■■■■ trying with that right now. You have no idea the mistakes I’ve made getting to even this starting point :lol:

I want to kill myself. I’ve spent ~8 hours failing to get something working. A reset of the box and it works instantly.

You have to wait a bit :wink: It does take some time to do what you want it to do.

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

Yes, syntax is a tough one there. Not making mistake with folders is anther gotcha.
The root thing is giving me the grief though.

Type your comment> @TazWake said:

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

I’m at the same spot. Initially I tried setting up a local server, but then found the python module easier to work with for sending, and a socket script for receiving. I’m able to get a response, and based on the clues inside am now trying to send something that will trigger a command.

hint: forget any “usual” commands that would throw something back to you. its pretty locked

A small step forward - I’m now getting “thanks dude” when sending something

his reply should tell you where to dig for. Look at the whole e-mail

Cannot find any useful gadgets in the binary.

@gh0stm5n said:

Cannot find any useful gadgets in the binary.

There are some on an online resource, but I don’t know how useful it would be. I am not even sure how the binary would be used to privesc.

I do think that this is the binary to keep attacking. Looking at the evidence, it seems this is it.

Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be converted… Succes

@gh0stm5n said:

Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be converted… Succes

That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once I’ve worked out how to exploit the binary fully. Finding an executable “victim” to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.

This is definitely an insane box.

Type your comment> @TazWake said:

@gh0stm5n said:

Gadgets are there. Some are hidden. Ropper will show them. A working exploit then has to be converted… Succes

That is good to know. At the moment I am stuck trying to think ahead and work out what I want to do once I’ve worked out how to exploit the binary fully. Finding an executable “victim” to run it on is defeating me. My current assumption is that it is going to be related to something running on ****.

m*d*l*s