Footprinting Lab - Hard

How are you connecting? It’s the same like medium lab but in linux

Hint: Look for tom user group

hint : check .bash_history
I am lazy, so I use Linpeas to find a vulnerability of this machin :slight_smile:

Any hint on how to read that email? Have tried every command I can think of but I get no response when typing 1 FETCH 1 body[1]. Any other body number I get nothing and when I try to fetch all I only get toms email adress and the Subject line (which seems very interesting) as well as some dates and other not very useful data.

@god_f3lla If you want to view a mail message in full you must use the command “1 FETCH RFC822”. The above command is equivalent to “1 FETCH BODY”. Here is a link to find more information about the command.

IMAP 101: Manual IMAP Sessions - IMAP commands - Atmail email

1 Like

did you ssh in with just the private key you got from the imap/pop3 server? I name the key id_rsa and chmod 600 but I am still getting invalid format. We dont need to do ssh-copy-id with a public key like we did in the easy lab?

who owns the id_rsa key?

I assume tom owns it? I did ssh -i id_rsa tom@10.129.231.31

type ls -la to see all files and their associated ownership. Make sure YOU own the key.

I do own the key. Just to make sure I don’t need a public key for this question?

hmm. You can pm me if you want. don’t want to give spoilers

So I believe I have all the credentials, I’ve accessed toms machine but I’m struggling to access the database on the target machine. Am I on the right track? Any suggestions?

Solved

Ok guys, i need little help …
I have access to computer ( ssh ) with tom password but i dont know what next.
I looking for something mysql/ssh/passwd/suid/ etc but nothing. I used Linpeas and still i dont know what i should do next. I need road to end it :wink: please help

1 Like

Use simple http server in python and wget on target machine :wink:

If you find a solution, pls text me

You’re on the right track. It’s right in front of you.