Footprinting Lab - Hack The Box - Hard
The third lab from Foot-printing module has the following description: The third server is an MX and management server for the internal network. Subsequently, this server has the function of a backup server for the internal accounts in the domain. Accordingly, a user named HTB was also created here, whose credentials we need to access. Upon enumerating the server, both POP3 and IMAP ports were found to be open, along with the SSH port. imap/pop3/ssh -sC At this point, email credentials were needed. It took some time to connect the fact that this was also a backup server with the information obtained from the SNMP section in HTB . However, after running the onesixtyone tool, several interesting details were uncovered. onesixtyone As shown in the image above, there was a community string labeled "backup," and by using snmpwalk , the credential was retrieved. snmpwalk Using Tom's credentials, access to the mailbox was gained, revealing additional information. - First, a