Mailing is a mail server company that offers webmail powered by hMailServer. There’s a PHP site which has a file read / directory traversal vulnerability. I’ll leak the hMailServer config, and crack the password hash to get valid credentials.

0xdf hacks stuff

Mailing, a company offering webmail through hMailServer, has a vulnerable PHP site susceptible to file read and directory traversal. By exploiting these vulnerabilities, hMailServer configurations can be leaked and password hashes cracked to gain credentials. Various tools and techniques like nmap for open TCP ports detection, subdomain brute-forcing, SMB enumeration, and using vulnerabilities like CVE-2024-21413, can assist in obtaining shell access and escalating privileges on the target server.

HTB: Mailing