Read my writeup for Mailing machine on:
TL;DR
User: Found an LFI vulnerability in the download.php file. Download the hMailServer.ini file to obtain the password for the Administrator mailbox. Use CVE-2024-21413 to leak the NTLM hash of the user maya.
Root: Discovered LibreOffice. Use CVE-2023-2255 to add our user to the Administrators group. Retrieve the NTLM hash of the localadmin user using crackmapexec.
1 post - 1 participant