🎣Reel
https://app.hackthebox.com/machines/143
Here is the nmap output of the scan:
The odd bit is that the ftp port indicates it's a windows box and the ssh port would let us think it's a linux box so maybe there is a VM techno behind all that
We can assume it's a windows box after a quick ping since default TTL on windows is 127 compared to 64 for linux
We connect through anonymous login on the ftp server and go get all the documents:
We go through the documents and see interesting stuff letting us think there's maybe a bot reviewing emails for a potential phishing chal, and via exiftool we find a potential username:
And just under we can see the software used is:
Now we are going to go through port 25 which is the smtp server and communicate with the mail service ->
HELO felix.com
: The HELO
command is used to introduce the client to the server. Here, felix.com
is the domain name of the client.
MAIL FROM: <felix@felix.com>
: This command specifies the email address of the sender.
Thanks to this little experiment, we can confirm that user nico exists because SMTP validates users coming from outside the server but does not validate when we try with a user that "should" be in the server database
RCPT TO: <nico@megabank.com>
: TheRCPT TO
command specifies the recipient’s email address. The server responds with250 OK
, indicating that the recipient is valid.This process is repeated for multiple recipients. The server responds with
250 OK
fornico@megabank.com
,iWantMyOSCP@please.com
, andOSCP2024@megabank.local
, indicating these recipients are valid.RCPT TO: <helloworld@megabank.com>
: When specifying this recipient, the server responds with550 Unknown user
, indicating that the email addresshelloworld@megabank.com
does not exist on the server.
Last updated