lnorgaard
Checking mails for the lnorgaard user after performing basic enumeration
lnorgaard@keeper:~$ ll /var/mail
total 36
drwxrwsr-x 2 root mail 4096 aug 14 16:30 ./
drwxr-xr-x 12 root root 4096 may 24 16:09 ../
-rw------- 1 lnorgaard mail 2649 may 24 12:37 lnorgaard
-rw------- 1 root mail 14838 aug 14 16:30 root
-rw------- 1 www-data mail 4632 may 24 12:37 www-datathere is indeed a mail for the lnorgaard user
lnorgaard@keeper:~$ cat /var/mail/lnorgaard
from www-data@keeper.htb wed may 24 12:37:18 2023
return-path: <www-data@keeper.htb>
x-original-to: lnorgaard@keeper.htb
delivered-to: lnorgaard@keeper.htb
received: by keeper.htb (Postfix, from userid 33)
id 64bef61083; wed, 24 may 2023 12:37:18 +0200 (CEST)
from: "Enoch Root" <rt@keeper.htb>
in-reply-to:
content-type: multipart/alternative; boundary="----------=_1684924638-1803-2"
x-managed-by: RT 4.4.4+dfsg-2ubuntu1 (http://www.bestpractical.com/rt/)
x-rt-loop-prevention: tickets.keeper.htb
subject: [tickets.keeper.htb #300000] Issue with Keepass Client on Windows
x-rt-originator: root@localhost
references: <RT-Ticket-300000@keeper.htb>
reply-to: rt@keeper.htb
x-rt-ticket: tickets.keeper.htb #300000
message-id: <rt-4.4.4+dfsg-2ubuntu1-1803-1684924638-1810.300000-8-0@keeper.htb>
to: lnorgaard@keeper.htb
precedence: bulk
date: Wed, 24 May 2023 12:37:18 +0200
mime-version: 1.0
content-transfer-encoding: 8bit
This is a multi-part message in MIME format...
------------=_1684924638-1803-2
rt-attach-message: yes
content-type: text/plain; charset="utf-8"
x-rt-original-encoding: utf-8
wed may 24 12:37:18 2023: Request 300000 was acted upon by root.
transaction: Ticket created by root
queue: General
subject: Issue with Keepass Client on Windows
owner: lnorgaard
requestors: webmaster@keeper.htb
status: new
ticket url: http://keeper.htb/rt/Ticket/Display.html?id=300000
Lise,
Attached to this ticket is a crash dump of the keepass program. Do I need to
update the version of the program first...?
Thanks!
------------=_1684924638-1803-2
content-type: text/html; charset="utf-8"
x-rt-original-encoding: utf-8
<b>wed may 24 12:37:18 2023: Request <a href="http://keeper.htb/rt/Ticket/Display.html?id=300000">300000</a> was acted upon by root.</b>
<br>
<table border="0">
<tr><td align="right"><b>transaction:</b></td><td>Ticket created by root</td></tr>
<tr><td align="right"><b>queue:</b></td><td>General</td></tr>
<tr><td align="right"><b>subject:</b></td><td>Issue with Keepass Client on Windows </td></tr>
<tr><td align="right"><b>owner:</b></td><td>lnorgaard</td></tr>
<tr><td align="right"><b>requestors:</b></td><td>webmaster@keeper.htb</td></tr>
<tr><td align="right"><b>status:</b></td><td>new</td></tr>
<tr><td align="right"><b>ticket url:</b></td><td><a href="http://keeper.htb/rt/Ticket/Display.html?id=300000">http://keeper.htb/rt/Ticket/Display.html?id=300000</a></td></tr>
</table>
<br/>
<br/>
Lise,<br>
<br>
Attached to this ticket is a crash dump of the keepass program. Do I need to update the version of the program first...?<br>
<br>
Thanks!
------------=_1684924638-1803-2--This is identical to the ticket that I saw earlier in the web application. It’s about that crash dump of KeePass PEAS also picked up the crash dump file earlier.
I will proceed to enumerating the crash dump file