Skip to content

Postfish 🔸

Enumeration

Add postfish.off to /etc/hosts.

Web server is a template.

With people.

Make a users file and put the names, also add the departments.

Initial Access

Using hydra, first use the same list for user and password.

We have sales:sales.

We can install evolution and put the email to view emails.

Or with pop3 port, connecting with telnet.

So we need to send an email looking as if it is from the user to the users. Start a listener on port 80 and execute sendEmail.

brian.moore:EternaLSunshinE

We can try ssh.

Get the flag.

Privilege Escalation

Execute linpeas and we see:

This file executes altermime and adds content to all emails, so if we put a reverse shell and send the email...

Using sudo -l:

Post Exploitation

Get the flag.