smtp-user-enum.plwith the syntax below:
/etc/hoststo get this working. Once completed the web pages should load correctly.
netcatlistener on port 80.
EternaLSunshinEWe can then login to
linpeasover to the target machine. After running we identify being a member of the 'filter' group which is a non default group. We also find /etc/postfix/disclaimer as being of interest.
/etc/postfix/disclaimer_addresses. When any of these addresses send or recieve an email the following file gets executed
/etc/postfix/disclaimer. The file takes the contents of
/etc/postfix/disclaimer.txtand appends it to the emails.
/etc/postfix/disclaimer. Using nano to edit the script I inserted a bash reverse shell to the top of the script.
netcatand sent an email to trigger the shell.
sudo -land found that we can run the