Hepet 🔸

Enumeration

ftp has anonymous access.

The webpage shows some users; a description is odd.

We can try to read messages with pop3.

So we can send a malicious OpenOffice document as mailadmin. We can use https://github.com/0bfxgh0st/MMG-LO.git to generate it and sendEmail to send it.

Transfer winpeas.

We can hijack the binary.

Restarting the service doesn't work, so restart the machine.

Get the flag.