Chatterbox

12467

Comments

  • After getting the payload to work properly this box was super super easy

    Hack The Box

  • Can someone help me? I have found the python script, but i don t get a reverse shell.

    DeepBlue5

  • @DeepBlue5 said:
    Can someone help me? I have found the python script, but i don t get a reverse shell.

    if you have the python script it's pretty obvious , just read it and try to understand what it's doing , plus read the comments on that script !

  • Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :)

  • Why is my Meterpreter Session always died?

    10.10.10.74 - Meterpreter session 1 closed. Reason: Died

    Can someone help?

    DeepBlue5

  • @DeepBlue5 said:
    Why is my Meterpreter Session always died?

    10.10.10.74 - Meterpreter session 1 closed. Reason: Died

    Can someone help?

    dont use meterpreter at first, use a satandar one and then upgrade

  • I got two open ports, one port mentioning service with three letters, but I can't find any exploit on this protocol.
    Can anybody help me pls?

  • @sqw3Egl said:
    Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :)

    did you do with metasploit or python script?

  • @mokrea said:

    @sqw3Egl said:
    Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :)

    did you do with metasploit or python script?

    could be both together

  • edited March 2018

    @mokrea said:

    @sqw3Egl said:
    Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :)

    did you do with metasploit or python script?

    just with metasploit - there are options you can configure to make it work and be stable.

  • @War4uthor said:
    Ok scratch that I found a payload that works. It's just very unstable!

    are you using a payload in msf? can you share your process of elimination without a spoiler?

    Arrexel

  • @Kwicster said:

    @bianca said:
    My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one's the only one that opened a session.

    Happened to me too, google up auto migrating meterpreter sessions. The exploit used will naturally close out the connection unless migrated

    Thanks, this is really helpful !

  • @wirepigeon said:

    @estihex said:
    i cant find any :( wasted 3 hours with nmap :D hehe

    nmap -sT --min-rate 5000 --max-retries 1 -p-

    Kudos man!

  • Is someone willing to DM me with help on this one? Trying to get the python script to work. Have generate what I think is the right payload with none of the forbidden characters and under the size limit (i'm around 692 bytes) But nothing is happening. I know it's a stupid simple mistake, it usually is.

  • edited April 2018

    Best thing to do is to spin up a Windows 7 VM, install the vulnerable service and keep messing with it by testing and restarting until you get a solid shell back. Just got user without Metasploit, working on root

  • no open ports found...what to do

  • is there a user.txt? or just root.txt?

  • @n0tl33t said:
    is there a user.txt? or just root.txt?

    Nvm. Reset the box and the user.txt showed up, also need to do something before being able to read root.txt now. Almost missed a chance to learn something

  • Got a meterpreter connection, but for every commands it returns:
    Error running command command_name: Rex::TimeoutError Operation timed out.

    Any hint?

  • try masscan guys. Its the fastest

  • @F2F said:
    Got a meterpreter connection, but for every commands it returns:
    Error running command command_name: Rex::TimeoutError Operation timed out.

    Any hint?

    I've been having the same problem since yesterday, I got the user.txt then decided to go back for root, not Im getting crashes every time I get a session.

  • any info to start looking for? I don't know where to start on this machine. Found a port, a service and a exploit, buuut it's failing, so I think I'm gonna start reading about the exploit. Any recomendation?

    Randsec

  • Have managed to get a stable shell on this and taken the user flag, however privesc to system is baffling me, don’t know where to start. Feel like I’m missing something obvious 🤔
  • edited April 2018

    hi folks
    i have get the user.txt and the root.txt file
    now the questions is... how get an Administrator shell?
    some suggestions?

  • @Ben83 said:
    Have managed to get a stable shell on this and taken the user flag, however privesc to system is baffling me, don’t know where to start. Feel like I’m missing something obvious 🤔

    dont over think it, think basics. it has been mentioned already but research cacls ;)

    Ar3s

  • @Ar3s said:

    @Ben83 said:
    Have managed to get a stable shell on this and taken the user flag, however privesc to system is baffling me, don’t know where to start. Feel like I’m missing something obvious 🤔

    dont over think it, think basics. it has been mentioned already but research cacls ;)

    Thanks, managed to get the root flag this a short while after i posted that by doing just that.

  • @pennega said:
    hi folks
    i have get the user.txt and the root.txt file
    now the questions is... how get an Administrator shell?
    some suggestions?

    I'm wondering the same thing...is it really fully pwned if you don't actually have SYSTEM privs? This took me forever to solve as I was trying to privesc...

  • @Alexander1212 said:
    no open ports found...what to do

    use masscan . worked for me

  • DEFINITELY DEFINITELY DEFINITELY recommend installing a local copy of whatever you find and testing your own payloads on it. (as some others have mentioned)

    Also helps to read what the bad characters are (I think I wasted an hour or two wondering why nothing was working....). I used the python script.

    My first attempt doing it on the box ( after figuring stuff out locally) went off flawlessly.

    OSCE | OSCP | WCNA | CCNP | CCDP | ECSAv9 | CEHv8 | CISSP | Sec+

  • Totally agree. Install a local copy of vulnerability service and try on a local vm. Once you find the correct exploit, it really is a simple machine. I 100% recommend a reset before launching it on the lab, because it only works once.

Sign In to comment.