Chatterbox

12346

Comments

  • every 3sec my exploit is dead, can someone help me with this issue please ?
    thanks

  • any hints on priv esclation?

  • Just rooted a few minutes ago. I used the python exploit and generated a shellcode with msfvenom. You don't need to change the encoding but the payload. You can also give the payload some parameters like host and port. Read, how you can use msfvenom.

    And a fresh reset might help setting up a reverse shell.

    OSCP


    0x23b

  • Thinking about doing it but why does it have a lot of downs?

    v1ew-s0urce.flv
  • @xdaem00n said:
    Thinking about doing it but why does it have a lot of downs?

    cause it is unstable. if exploited once it requires reset to be scanned and exploited again

  • edited May 2018
    For me the Shell was very stable.
    Only meterpreter is not stable.

    You could modify the code to use a different Shell.

    Actually I didn't use Metadploit at all.
  • Can anyone help with what payload I should be using? I've tried all of the ones that make sense, and each one dies immediately. Just don't want to keep reseting this box and throwing out exploits if there's something I can look into to help me understand why none of these exploits are working. Also, I keep seeing people mention something about changing an advanced option for the payload.

  • Never mind, got it. I will say that there are apparently multiple ways to do something. Try them all.

  • I manged to use python and get a connection but every time I use a command ie. "dir" the shell exits out. Does anyone have an idea what's wrong?

    Vex20k

  • @CyDefUnicorn said:
    Best thing to do is to spin up a Windows 7 VM, install the vulnerable service and keep messing with it by testing and restarting until you get a solid shell back. Just got user without Metasploit, working on root

    Thanks for the tip, you saved me a lot of time

  • So i scanned this one, found the open ports and what i'm fairly certain is the exploitable service (google says it is vulnerable). I was trying to use the metasploit exploit but havent had success getting in that way. I'm trying to find this python script but my googlefu has failed me, any hints on where to find it?

  • Figured that out. I'm running the python script on my test box and it makes the default program the script is set to pop up on the test box but no shell back. I tried taking that out and editing the script to make a reverse shell but it still does the exact same thing.

  • If you're using the python script I think you're using, look closely. Are you really editing the script correctly?

  • This box is creating problems. i have tested on my local win 7 vm and exploit is working and creating reverse shell but when i try on chatterbox vm then nothing happened and not receiving reverse shell. i also have done reset. can anyone help me??
    i think this problem is happening due to other users using the chatterbox VM at same time or due to some firewall problem.. if python exploit is working on my local VM then it should also work on chatterbox.

  • So ... I've seen some advice about breaking up port scans on this box into smaller batches, something like -p 1-10000, rather than all of the ports at once.

    Check out the horrific performance I'm getting from the following command:
    nmap -sS -sU -p 1-10000 10.10.10.74

    Stats: 8:40:22 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
    SYN Stealth Scan Timing: About 17.18% done; ETC: 02:01 (41:48:13 remaining)

    If I attempt to speed it up with the -T4/5 options, I get a very unreliable scan, and so far, I see no open ports from either approach.

    Has anyone else had such poor performance scanning over the VPN, and would upgrading to a VIP account perhaps fix this?

  • edited June 2018
    *Nice work, but it's kind of a spoiler as it gives away the exact exploit technique, removed - Arrexel*
  • For the record, you can absolutely get some type of meterpreter shell right off the bat. Gotta step that metasploit knowledge up.

  • If anyone can PM me about scanning the target, that would be nice. I have no luck with the scans. Thanks.

  • I can say only this: By reading all the posts above, the full solution (user + root) is... out there!
    No more, no less to say... ;)

    Thiseas

  • Is priv esc broke or did I piggy back? I got the user by spamming that exploit and basically did not have to do any exploit to get root flag. Curious if I piggy backed as I had reset the box a half hour before.

  • @3lpsy said:
    Is priv esc broke or did I piggy back? I got the user by spamming that exploit and basically did not have to do any exploit to get root flag. Curious if I piggy backed as I had reset the box a half hour before.

    follows a Spoiler

    Thiseas

  • this machine doesn't even deserve to be on this platform.... verified my exploit with a guru and been using it for over a day but can't even spawn a shell with it because the service dies instantly.... what could a person learn from it.... so disappointed with hackthebox :anguished:

  • I set up VM test environment which is the same like this vbox. In my environment I can easily exploit vuln app but not at all on chatterbox machine.. Any idea what I can do? I already reset vbox and tried on fresh VM but that doesnt help...

  • @blackangel said:
    I set up VM test environment which is the same like this vbox. In my environment I can easily exploit vuln app but not at all on chatterbox machine.. Any idea what I can do? I already reset vbox and tried on fresh VM but that doesnt help...

    Very unstable VM.. One second working fine and next time you need 3 resets that you can establish reverse shell again. Be patient with that vm :)

  • I got the root.txt using the suggested tool of cacls before... Im not sure I understood why it worked though, can someone send a link or explain why/how this works?

  • @axel205 said:
    I got the root.txt using the suggested tool of cacls before... Im not sure I understood why it worked though, can someone send a link or explain why/how this works?

    With icalcs, you can grant a certain user the permissions to a certain folder and its underlying files. The user was already elevated, just the permissions were not yet properly configured.

  • @daddycocoaman said:
    For the record, you can absolutely get some type of meterpreter shell right off the bat. Gotta step that metasploit knowledge up.

    I rooted the box but didn't manage to get meterpreter running. Can you PM me which flavor you used?

  • edited June 2018

    @UN1X00 said:
    Spoiler Removed - Arrexel

    God Bless this man or Woman (not judging) they just saved me throwing me and my laptop out of a first story window!

  • hi anybody can tell me about priv escalation for "chatter box". i also have read comments that there is no need of priv escalation and just see in folder where your shell let you landed. but i have search folder nothing specious found ?

  • @fhlipZero said:
    finally got it, dont kill yourself on priv esc, focus on the file itself

    Thanks!! finally!

Sign In to comment.