3 :8065 mattermost

Logged in using 
9352896@delivery.htb
Qwerty@1234567890

"Internal" chat channel:

root >
@developers Please update theme to the OSTicket before we go live.  Credentials to the server are maildeliverer:Youve_G0t_Mail!
Also please create a program to help us stop re-using the same passwords everywhere.... Especially those that are a variant of "PleaseSubscribe!"
root >
PleaseSubscribe! may not be in RockYou but if any hacker manages to get our hashes, they can use hashcat rules to easily crack all variations of common words or phrases.

Can ssh using
maildeliverer:Youve_G0t_Mail!

maildeliverer@Delivery:~$ whoami
maildeliverer

Ran PEAS nothing

maildeliverer@Delivery:/opt/mattermost/config$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:1025          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:50118         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50130         ESTABLISHED
tcp        0    208 10.10.10.222:22         10.10.14.2:37872        ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50118         ESTABLISHED
tcp        0      0 127.0.0.1:50132         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50126         ESTABLISHED
tcp        0      0 127.0.0.1:50128         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:50120         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50120         ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50122         ESTABLISHED
tcp        0      0 127.0.0.1:50130         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50132         ESTABLISHED
tcp        0      0 127.0.0.1:50126         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:50124         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50128         ESTABLISHED
tcp        0      0 127.0.0.1:50122         127.0.0.1:3306          ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:50124         ESTABLISHED
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:631                 :::*                    LISTEN
tcp6       0      0 :::8065                 :::*                    LISTEN

MySQL is running on port 3306.

Found config file at /opt/mattermost/config/config.json
"SqlSettings": {
        "DriverName": "mysql",
        "DataSource": "mmuser:Crack_The_MM_Admin_PW@tcp(127.0.0.1:3306)/mattermost?charset=utf8mb4,utf8\u0026readTimeout=30s\u0026writeTimeout=30s",
        "DataSourceReplicas": [],
        "DataSourceSearchReplicas": [],
        "MaxIdleConns": 20,
        "ConnMaxLifetimeMilliseconds": 3600000,
        "MaxOpenConns": 300,
        "Trace": false,
        "AtRestEncryptKey": "n5uax3d4f919obtsp1pw1k5xetq1enez",
        "QueryTimeout": 30,
        "DisableDatabaseSearch": false

Last updated