Runs on platform of choice (Windows, Linux, Solaris) and supports all relevant RFC protocols POP3, SMTP, IMAP4, LDAP, HTTP, TLS/SSL. Users can create and manage blogs.Advanced spam filtering, enhanced SPF stops most spam early. This email server is fast, reliable and feature rich, with integrated WebMail. Publisher's description of SurgeMail Mail ServerĪ Complete, advanced Mail Server, SurgeMail is secure, easy to install and manage. SurgeMail Mail Server Reviews Fast, simple to install Mail Server. at this point i got pretty excited and went into explotation mode.Home > Servers > Mail Servers > SurgeMail Mail Server > Reviews I then tried uploading a test file and it worked. r-rr- 1 admin users 12645888 May 03 05:53 surgemail_installer.exeĢ50 Directory changed to "/MyDocuments/./././surgemail".Ģ50 Directory changed to "/MyDocuments/./././surgemail/scripts". I browsed to the surgemail/scripts directoryĢ50 Directory changed to "/MyDocuments/././.".ġ50 Opening ASCII mode data connection for listingĭr-xrwx- 1 admin users 0 May 03 22:58 $Recycle.Binĭr-xrwx- 1 admin users 0 Documents and Settingsĭr-xrwx- 1 admin users 0 May 03 19:20 Program Filesĭr-xrwx- 1 admin users 0 May 03 19:21 ProgramDataĭr-xrwx- 1 admin users 0 May 03 22:51 Python26ĭr-xrwx- 1 admin users 0 Apr 30 01:21 Recoveryĭr-xrwx- 1 admin users 0 May 07 23:48 surgemailĭr-xrwx- 1 admin users 0 May 03 22:38 System Volume Informationĭr-xrwx- 1 admin users 0 May 07 23:48 Usersĭr-xrwx- 1 admin users 0 May 03 21:28 Windows \.\" actually was working and after a few iterations got me to the root directory. After messing around for awhile I realized that the "cd. After browsing files for awhile I decided this ftp session was a bust and logged out.īack to FTP:After noticing the EXE files with a possible execution on the webpage i decided to hit the FTP session back up and see if I can get to the scripts directory. But unfortunately I didnt have access to write to that directory so i moved on. My actual first thought was to replace the system32 directory program Magnify.exe with my evil payload so that at the Remote desktop login the accessibility options would become a shell. I also seemed to be able to browse to a directory with system32 files. So i decided to directly call the root directory with "cd c:".Ĭd C: correctly hopped me into a directory with loads of files available. \.\.\.\.\" and the response back indicated a fail. Failed, so I then flipped the slashes to "cd. I tried to hop out of the ftp directory structure via directory traversal attacks with "cd. After logging into the FTP server there wasnt much to play with in any available directories so i decided to try to hop out of the FTP environment. Initial FTP probing:First thing i did was log into the FTP server with credentials that were provided on the offsec page. Probably a wrong assumption, but its a good theory to cling to when things get rough KilltheN00b had various ports open including FTP, HTTP and some various mail ports.Ĩ0/tcp open http Surgemail webmail (DNews based)ġ06/tcp open pop3pw Qualcomm poppassd (Maximum users connected)ġ10/tcp open pop3 SurgeMail pop3d 3.8k4-4ġ43/tcp open imap SurgeMail imapd 3.8k4-4ģ66/tcp open smtp Surgemail smtpd 3.8k4-4ĥ87/tcp open smtp Surgemail smtpd 3.8k4-4Īll Girls Just want to have fun? Wait no that's a song LOL I logged into the offsec labs and reviewed some of the documentation on the contest page that stated there were 2 targets.Īfter a quick portscan I chose to attack killthen00b purely based on the amount of open ports available on the system. How Strong is Your FU hacker challenge Part 2Īfter some chips, salsa and a supersized burrito from el habinaro i was down for anouther challenge.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |