Skip to content

Throwback-Mail

Port scan

22/tcp  open  ssh      syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp  open  http     syn-ack ttl 63 Apache httpd 2.4.29 ((Ubuntu))
143/tcp open  imap     syn-ack ttl 63 Dovecot imapd (Ubuntu)
993/tcp open  ssl/imap syn-ack ttl 63 Dovecot imapd (Ubuntu)

On port 80, the webserver is Squirrel mail. Guest account credentials are listed here:

Pasted image 20220602005413.png

The guest account has a list of contacts, which are assumingly users on the domain:

Pasted image 20220602005515.png

Able to get a few of the passwords by attacking the mail server's login page:

Pasted image 20220602005549.png

We even did a phishing campaign (using reverse shell executable) and one of the users fell for it which gave us an administrator reverse shell.