It's been a while since I've written up a box and Vulnhub just dumped a fresh batch so here we go...

The box description states:  "Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing." 

This is a solid entry level box.  Nothing complicated and going through standard enumeration should lead to a low privilege shell and root. 

In a previous post, I wrote about GoPhish.  Since then, I've been working quite a bit with GoPhish and there are some tricks to an effective campaign that I'd like to share.  First, I'd like to point out, this is not a game where you try to win but it's also not something you want to approach like a fake Nigerian Prince.  You want to fall somewhere in the middle.  With respect to the actual campaigns, rather than come at the company all at once, I want to break the company into groups.  In this campaign, we're targeting the sales group.

Not unlike the previous post, PowerShell Data Exfil, this is another example of how we would move data outside the network using email.  This time, we're using a simple Bash script that base64 encodes the data, calls Sendmail, and exfiltrates the data to a Gmail account.  By default, Gmail will not allow what it considers "less secure apps" to send data but a simple flip of the switch will solve that issue.  As a final point, we're obviously not confined to using Gmail, I would suggest using a provider that supports TLS rather than sending this over port 25.