Mailing writeup by evyatar9

Read my writeup for Mailing machine on:

TL;DR

User: Found an LFI vulnerability in the download.php file. Download the hMailServer.ini file to obtain the password for the Administrator mailbox. Use CVE-2024-21413 to leak the NTLM hash of the user maya.

Root: Discovered LibreOffice. Use CVE-2023-2255 to add our user to the Administrators group. Retrieve the NTLM hash of the localadmin user using crackmapexec.

pwn.JPG