pentesteasy

Pochta (Mail)

hackerlab

Task: Compromise a Roundcube Webmail server. Solution: Discover exposed update.zip backup via directory enumeration, extract MySQL credentials from config.inc.php, reuse credentials for IMAP login, then exploit CVE-2025-49113 (authenticated RCE via PHP deserialization) to get shell and read the flag.

$ ls tags/ techniques/

rce credential_leak deserialization roundcube webmail cve backup_exposure imap

backup_file_discoveryblind_rceconfig_credential_extractioncredential_reusecve_exploitation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]