Official Attended Discussion

Official discussion thread for Attended. Please do not post any spoilers or big hints.

Interesting initial nmap results. This will be different.

This is unusual. So quiet here. Anyone gotten through email stuff ?
I feel like I am close to code execution. Anyone gotten a foothold? DM me if you have some hints. Thanks.

Stuck on sending the gift with coolness, someone is complaining not being able to open it, tried multiple extensions tar py txt even libreoffice’s odt, what am i doing wrong?

Spoiler Removed

Cool box. Need to get the format right… otherwise I can’t see anything.

Can some one give me a hint for root. DM please.

anyone has a link to some ‘good’ reading on SMTP for pentesting (tools, command injection, exfiltration etc…), had a look @ippsec “reel” it’s about enum mainly, Thanks.

FYI I have found one tool s***s (used in SneakMailer) for email transactions however not many examples out there…

I get not many people have done this box - but can anyone confirm if I need to set up a local server to receive responses from the box on the higher of the open ports?

Yes I used some python module

@gh0stm5n said:

Yes I used some python module

Thanks - I am pretty much in the 11th circle of hell trying with that right now. You have no idea the mistakes I’ve made getting to even this starting point :lol:

I want to kill myself. I’ve spent ~8 hours failing to get something working. A reset of the box and it works instantly.

You have to wait a bit :wink: It does take some time to do what you want it to do.

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

Yes, syntax is a tough one there. Not making mistake with folders is anther gotcha.
The root thing is giving me the grief though.

Type your comment> @TazWake said:

@all said:

You have to wait a bit :wink: It does take some time to do what you want it to do.

Yeah it took me a while to come to terms with that. I feel I am close to a foothold now though. I just need to stop making syntax errors :grin:

I’m at the same spot. Initially I tried setting up a local server, but then found the python module easier to work with for sending, and a socket script for receiving. I’m able to get a response, and based on the clues inside am now trying to send something that will trigger a command.

hint: forget any “usual” commands that would throw something back to you. its pretty locked

A small step forward - I’m now getting “thanks dude” when sending something

his reply should tell you where to dig for. Look at the whole e-mail