Footprinting Lab - Hard

How are you connecting? It’s the same like medium lab but in linux

Hint: Look for tom user group

hint : check .bash_history
I am lazy, so I use Linpeas to find a vulnerability of this machin :slight_smile:


Any hint on how to read that email? Have tried every command I can think of but I get no response when typing 1 FETCH 1 body[1]. Any other body number I get nothing and when I try to fetch all I only get toms email adress and the Subject line (which seems very interesting) as well as some dates and other not very useful data.

1 Like

@god_f3lla If you want to view a mail message in full you must use the command “1 FETCH RFC822”. The above command is equivalent to “1 FETCH BODY”. Here is a link to find more information about the command.

IMAP 101: Manual IMAP Sessions - IMAP commands - Atmail email

1 Like

did you ssh in with just the private key you got from the imap/pop3 server? I name the key id_rsa and chmod 600 but I am still getting invalid format. We dont need to do ssh-copy-id with a public key like we did in the easy lab?

1 Like

who owns the id_rsa key?

1 Like

So I believe I have all the credentials, I’ve accessed toms machine but I’m struggling to access the database on the target machine. Am I on the right track? Any suggestions?


Ok guys, i need little help …
I have access to computer ( ssh ) with tom password but i dont know what next.
I looking for something mysql/ssh/passwd/suid/ etc but nothing. I used Linpeas and still i dont know what i should do next. I need road to end it :wink: please help

1 Like

Use simple http server in python and wget on target machine :wink:

If you find a solution, pls text me

You’re on the right track. It’s right in front of you.

for those who could not connect to the database, you have to enter the ssh server with a different user from tom.

Losing my mind here. I’ve found the OpenSSH private key value, copy and pasted into a file on my system, changed the perms, and attempted to use to ssh, but I receive the following error message no matter what I do (Load key “./id_rsa”: error in libcrypto), rename to id_rsa, check file format to ensure there’s no BOM or anything (there isn’t). I did see reference to updating the ownership on the file, but what am I supposed to do? create a user on my system that matches the user I’m trying to SSH as so that I can change the owner of the file on my system to that? aghhhhh. Any help greatly appreciated.

Hello! I cant seem to open Toms inbox… all the commands I type in the openssl session are ERR… Any hint highly appreciated!

1 Like

Im with the SSH session with tom but cant seem to find anything... cant get Linpeas working either :frowning:

Im in the same step... I cant find anything with Tom in the SSH session…

Hi All! super stuck on this, thanks for all your comments yet still stuck. I’ve found something via SNMP… however what I’ve found I can’t use to get onto any open services (if that makes sense?) - access denied. Any help appreciated/ DM with a hint, much appreciated.

Hi, try to find the password for tom and then you will be able to move further

Kudos to @NorthernLight for help. This was an issue with my notes and formatting :exploding_head: :exploding_head: :exploding_head:

1 Like

Guys please give me a hint, already found Tom keys and ssh to the server. Looking files, history etc but so far not a clue. I understand I need to find another user credential or keys, but nothing so far. Thks!