Hepet 🔸

Enumeration

Ftp has anonymous access

The webpage shows some users, a description is odd

We can try to read messages with pop3

Initial Access

So we can send a malicious openoffice document as mailadmin. We can use https://github.com/0bfxgh0st/MMG-LO.git to generate it and sendEmail to send it.

Privilege Escalation

Transfer winpeas

We can hijack the binary

Restarting the service doesn't work, so restart the machine

Post Exploitation

Get the flag