How are you connecting? It’s the same like medium lab but in linux
Hint: Look for tom user group
hint : check .bash_history
I am lazy, so I use Linpeas to find a vulnerability of this machin
Any hint on how to read that email? Have tried every command I can think of but I get no response when typing 1 FETCH 1 body[1]. Any other body number I get nothing and when I try to fetch all I only get toms email adress and the Subject line (which seems very interesting) as well as some dates and other not very useful data.
@god_f3lla If you want to view a mail message in full you must use the command “1 FETCH RFC822”. The above command is equivalent to “1 FETCH BODY”. Here is a link to find more information about the command.
IMAP 101: Manual IMAP Sessions - IMAP commands - Atmail email
did you ssh in with just the private key you got from the imap/pop3 server? I name the key id_rsa and chmod 600 but I am still getting invalid format. We dont need to do ssh-copy-id with a public key like we did in the easy lab?
who owns the id_rsa key?
So I believe I have all the credentials, I’ve accessed toms machine but I’m struggling to access the database on the target machine. Am I on the right track? Any suggestions?
Solved
Ok guys, i need little help …
I have access to computer ( ssh ) with tom password but i dont know what next.
I looking for something mysql/ssh/passwd/suid/ etc but nothing. I used Linpeas and still i dont know what i should do next. I need road to end it please help
Use simple http server in python and wget on target machine
If you find a solution, pls text me
You’re on the right track. It’s right in front of you.
for those who could not connect to the database, you have to enter the ssh server with a different user from tom.
Losing my mind here. I’ve found the OpenSSH private key value, copy and pasted into a file on my system, changed the perms, and attempted to use to ssh, but I receive the following error message no matter what I do (Load key “./id_rsa”: error in libcrypto), rename to id_rsa, check file format to ensure there’s no BOM or anything (there isn’t). I did see reference to updating the ownership on the file, but what am I supposed to do? create a user on my system that matches the user I’m trying to SSH as so that I can change the owner of the file on my system to that? aghhhhh. Any help greatly appreciated.
Hello! I cant seem to open Tom
s inbox… all the commands I type in the openssl session are ERR… Any hint highly appreciated!
Im with the SSH session with tom but cant seem to find anything... can
t get Linpeas working either
Im in the same step... I can
t find anything with Tom in the SSH session…
Hi All! super stuck on this, thanks for all your comments yet still stuck. I’ve found something via SNMP… however what I’ve found I can’t use to get onto any open services (if that makes sense?) - access denied. Any help appreciated/ DM with a hint, much appreciated.
Hi, try to find the password for tom and then you will be able to move further
Guys please give me a hint, already found Tom keys and ssh to the server. Looking files, history etc but so far not a clue. I understand I need to find another user credential or keys, but nothing so far. Thks!