I personally had an easier (faster) time using curl vise using Fetch.
Can’t really argue with that. Would be nice if HtB would provide a little nudge to remind people that maybe they should do a little self study. As this maybe someone’s first foray into this type of thing.
It tis module, it says: “In the SMTP section, we have found the user robin . Another member of our team was able to find out that the user also uses his username as a password (robin :robin ).”
How this member was able to find the password? Have you tried to find password by yourself?
Thanks!
Hello maybe u can help me cause i’ve stucked firstly nmat doesn’t give me any info and i can’t get connection via openssl. i answered for 3rd and 4th questions, using technique from previous lessons, but now i’ve stucked cause can’t get any info via openssl and nmap, i’ve rebooted machine, reconnected to vpn and it didn’t help me
did all tasks, all work good with PWNbox but with my VM+vpn nothing works
Nice 1. Solved it for me. Thank you
how is possible that the only answer i missing is the first one:
Figure out the exact organization name from the IMAP/POP3 service and submit it as the answer.
Did someone find the version? Tried all the Information which I found over Banner grabbing … enumeration of the Service etc.
It worked after a new start of the VM … entered the same name like yesterday
Nice. Thanks
I don’t know why, but for some reason not one of the commands that’s listed on that site is working for me. I’m connected to IMAP and authenticated as robin, and can use other commands but the format they have them in on that site isn’t working.
Wow I’m blind
What name did you enter. what is the answer. I have gotten the rest. It is the only challenge here now
Can someone give some advice? I’m really stuck on the admin email. The above tips didn’t seem to help me so much…
1 Like
Try to curl imap or pop3 and look at the organization field.
Thanks. i have gotten it. its just to add Infreight to the pop3 version
what is the sytnax to use these commands i’m so lost
Just trying to bring a clear picture what module wants us to do:
-
What services are running on the IP
Here we have to deal with POP3 and IMAP
Commands are in the module. First and second questions answers can found from the scanned results. -
In order to understand what version of the services are running we have to grab some banner. For that we have to use netcat. Third and fouth questions answers can to from netcat results.
For third question: Try enumerating with netcat for the specific IMAP port
For fouthr question: Try enumerating with netcat in general -
Now we have target to read contents of mails
Fifth question: In order to know mail ID, first we need connect to the mail server.
Command for that is in the module (using openssl …)
When get connected, need to login. Command is given in IMAP Commands section. user id and password is also given in the module.
When logged in, we need to list every thing what it has. Command is given in IMAP Commands section. (Hint: LIST …)
Try SELECT to every sections if some mail is there. (Hint: 1 EXISTS)
When you found the section which contains a mail, first SELECT then, do ‘1 FETCH 1 BODY.PEEK[HEADER.FIELDS (FROM EXISTS)]’
Wondering where I found that, google about IMAP commands and do little modification. #Thinking_out_of_the_BOX
For sixth question: Till now we have read the header of the mail, but the body remains. So do ‘1 FETCH 1 BODY.PEEK[ ]’
#Thinking_out_of_the_BOX
Hence we have able to read the every contents of the available mails for the server
3 Likes
If you use this resource and walk through the commands you’re gonna find the answers.
EDIT: If you’re struggling, just know the answers are SUPER PEDNATIC on this module and don’t feel bad. Also it could be very possible your target machine loaded misconfigured (happened to me). You have to read IMAP docs off site as other suggested because the module doesn’t give you clear instructions.
Regarding the question What is the customized version of the POP3 server? … copy the whole thing (except the response code) and not just the version number. I wasted too much time on that just because of this small issue.
2 Likes