Read my writeup for Mailing machine on:
TL;DR
User: Found an LFI vulnerability in the download.php
file. Download the hMailServer.ini
file to obtain the password for the Administrator
mailbox. Use CVE-2024-21413
to leak the NTLM hash of the user maya
.
Root: Discovered LibreOffice
. Use CVE-2023-2255
to add our user to the Administrators
group. Retrieve the NTLM hash of the localadmin
user using crackmapexec
.