Introduction

This is my first vulnerable virtual machine called fishymail. You can download it here load the .vdi up on VirtualBox and give it a try.

This is FishyMail: 1 from vulnhub.

Setup

This box is provided as a virtual disk image, not as a full VM. So you have to create a new VM in VirtualBox and then add the disk image. Also the page doesn’t tell you, but it’s running OpenBSD 64-bit, so you have to figure that out for yourself? This is somewhat unusual and it strikes me as odd that it’s not mentioned on the box description on Vulnhub. I mean it does say ‘BSD’ but that doesn’t give you the full picture. Anyway …

Whatever

I’m not going to bother writing up all the steps for this. Basically it’s find a text file on the webserver containing base64 encoded text that gives you some credentials and then log in to the box via SSH. Only one set of the creds works. On the box is another file with base64 encoded creds (passwords hashed with MD5), and again this will get you another user with a better shell via SSH. The first user has a limited shell.

Privsec

Being OpenBSD 6.6 there is at least one Local Privilege Escalation exploit available - e.g. here. When I tried this, I could only get errors about the disk being full and I literally couldn’t write anything to the disk.

After a while I checked a writeup and they ran a similar exploit with no issues. They were apparently able to write to the disk with no problems; what was going wrong? I tried setting up the machine again a few times including with a larger capacity, but nothing changed - it still complained the disk was full - eg:

fishymail$ df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/wd0a      867M    849M  -25.4M   103%    /
/dev/wd0e      365M    1.8M    345M     1%    /home
/dev/wd0d      2.5G    1.8G    614M    75%    /usr

I couldn’t find any options for enlarging the partitions without being root, and it seemed like even though I was on the right track there was some issue with my configuration that was preventing me moving forward. I decided not to spend any more time on it.

Not an overly satisfying experience.