3 :8065 mattermost
Logged in using
9352896@delivery.htb
Qwerty@1234567890
"Internal" chat channel:
root >
@developers Please update theme to the OSTicket before we go live. Credentials to the server are maildeliverer:Youve_G0t_Mail!
Also please create a program to help us stop re-using the same passwords everywhere.... Especially those that are a variant of "PleaseSubscribe!"
root >
PleaseSubscribe! may not be in RockYou but if any hacker manages to get our hashes, they can use hashcat rules to easily crack all variations of common words or phrases.
Can ssh using
maildeliverer:Youve_G0t_Mail!
maildeliverer@Delivery:~$ whoami
maildeliverer
Ran PEAS nothing
maildeliverer@Delivery:/opt/mattermost/config$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:1025 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:50118 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50130 ESTABLISHED
tcp 0 208 10.10.10.222:22 10.10.14.2:37872 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50118 ESTABLISHED
tcp 0 0 127.0.0.1:50132 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50126 ESTABLISHED
tcp 0 0 127.0.0.1:50128 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:50120 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50120 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50122 ESTABLISHED
tcp 0 0 127.0.0.1:50130 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50132 ESTABLISHED
tcp 0 0 127.0.0.1:50126 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:50124 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50128 ESTABLISHED
tcp 0 0 127.0.0.1:50122 127.0.0.1:3306 ESTABLISHED
tcp 0 0 127.0.0.1:3306 127.0.0.1:50124 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 :::8065 :::* LISTEN
MySQL is running on port 3306.
Found config file at /opt/mattermost/config/config.json
"SqlSettings": {
"DriverName": "mysql",
"DataSource": "mmuser:Crack_The_MM_Admin_PW@tcp(127.0.0.1:3306)/mattermost?charset=utf8mb4,utf8\u0026readTimeout=30s\u0026writeTimeout=30s",
"DataSourceReplicas": [],
"DataSourceSearchReplicas": [],
"MaxIdleConns": 20,
"ConnMaxLifetimeMilliseconds": 3600000,
"MaxOpenConns": 300,
"Trace": false,
"AtRestEncryptKey": "n5uax3d4f919obtsp1pw1k5xetq1enez",
"QueryTimeout": 30,
"DisableDatabaseSearch": false
Last updated