Chatterbox

@onlyamedic said:
A set of hints for this box is to audit the exploit script (do not use metasploit exploit), and see what it’s doing first.

Run the application on virtual machine (recommend windows 7)

do not use meterpreter/reverse_tcp as shell, this is why the service keeps crashing.

Use regular windows reverse shell (do not use meterpreter please), and you will have a stable shell.

Get your payload/exploit working locally first then move to live box.

Should be easy from there.

First post and first box I’ve done on here, I must say I’m really loving this community and all of the helpful tips everyone has (using basics like netcat or just shell instead of meterpreter were HUGE for this one, as was trying out different nmap parameters!)

Also I don’t think it can be stressed enough to try exploits out on your own VM; it was first-try-Friday’s for me once I realized I had the right exploit & payload, and that the box just needed resetting so the exploit could actually work.

And if you need any hints, please feel free to PM literally anybody else that’s already offered as I doubt I’m the right person to be asking.

Hi everyone,
First post here.
I’ve got the root.txt but can’t figure how to get a nt/authority shell.

Does anyone here managed to root shell this box?

Regards,

got root, nice box :wink:

This is my first machine attempt ever, thought trying some retired machines and following along with some write ups would be a decent way to learn more, doesn’t seem so now though haha.

I know what ports are supposed to be targeted, but every nmap scan (even one that specifically targets the listening ports) is coming up with “all scanned ports are on ‘…’ are filtered” or “Host seems down. If it is really up, but blocking out ping probes, try -Pn Nmap done: 1 IP address (0 host up)” HTB status check lists Chatterbox as up. Just need to know if its something I’m doing or if this is a common issue with this box.

I also have all ports as filtered even the 2 ports it’s all about. Did somebody change this box or are we doing something wrong?

Have you tried resetting the box? It is very easy to kill the service on that one

Thank, resetting the box was indeed the solution.

According to the comment section on Ippsec’s video this seems to be an ongoing issues for many.

Requested a reset then went to HTB to check to confirm reset. Tried targeting the vulnerable ports about 5 min after reset, nmap -p port,port -sC -SV ip.ip.ip.ip still nothing. Saw that someone else requested a reset, checked HTB, last reset listed as “1 minute ago”. Tried nmap again, nothing. Waited 5 minutes, still nothing. Read earlier comments in this thread, tried scanning with netcat using -v -n -z -w1. All connections timed out. Checked my tunnel to HTB just to make sure it wasn’t something stupid like that, all green. Welp, I’m out of ideas until I can get the box to respond. Might try Fulcrum instead as it is the only other box available, just a little intimidated by that difficulty rating.

Just watched IppSec video, I have to say I would never have gotten that box, I never used powershell and all those windows commands look like gibberish to me. I’ll keep trying the Linux boxes before attempting another Windows machine :slight_smile:

@melka said:

Just watched IppSec video, I have to say I would never have gotten that box, I never used powershell and all those windows commands look like gibberish to me. I’ll keep trying the Linux boxes before attempting another Windows machine :slight_smile:

I watched the video and took notes (maybe they’ll be useful at some point), it seemed like a very fickle box. I grew up on dos and batch so some it looked familiar but I never really used Powershell before, so like you I would’ve struggled with that as well. That being said, you never know if you don’t try, between Ippsec’s video and some googling skills you might have been able to pull it off Melka! Falafel is up as a retired box now so I’m going to take a crack at that this week.

@Winfox I’ll try some windows boxes later in the future, for now I’ll keep on honing my skills on linux machines (I’m used to Debian, so FreeBSD on Poison got me struggling), but I’ll have to up my game and learn me some Windows if I want to become a 1337 h4x0rz :slight_smile:
I like IppSec videos because if possible, he’ll avoid using any exploits and / or bruteforce. Misconfigurations and admin errors are my favorites :slight_smile:

Hi guys. Ive disco’d the open ports, I understand the vulnerability.

My question is, how would one go about manually fuzzing the remote host’s vulnerable service? Try as I might, I’m totally stumped at how to do this from the beginning… Can anyone help me through this?

It’s specifically the fuzzing stage that I seek help with.

No metasploit or prepared exploits, please.

nmap shows only filtered ports. I reset the machine but it didnt help. any suggestions, anyone ?

Could someone PM me with some help in getting a shell? I’ve been trying for hours, and for some reason the reverse shells never work - I get no answer to my listeners. And yes, I’ve resetted the box half a dozen times.

Type your comment> @secnec said:

Could someone PM me with some help in getting a shell? I’ve been trying for hours, and for some reason the reverse shells never work - I get no answer to my listeners. And yes, I’ve resetted the box half a dozen times.

stuck here as well :frowning:
would appreaciate any help to get a shell (have tried staged, unstaged, meterpeter and nishang as well but no luck)

The box might be broken, I’ve gotten the shell to work previously but doing the exact same thing now no longer works

Same here… I was beginning to lose patience trying everything, switching computers, rebooting machines, resetting the VPN…
I’ll just chose another box then :tired_face:

Hi Guys,

I tried a lot of things on chatterbox few weeks back. Followed all the steps from write-up and video but no luck getting the initial reverse shell. does anyone faced similar problems recently.

@lolokidd said:
Same here… I was beginning to lose patience trying everything, switching computers, rebooting machines, resetting the VPN…
I’ll just chose another box then :tired_face:

I was really hoping to learn through this box, I failed miserably in my oscp exam with similar type of target with remote buffer overflow. I have reported this to HTB support lets see if they have anything on this.

Type your comment> @nownath said:

@lolokidd said:
Same here… I was beginning to lose patience trying everything, switching computers, rebooting machines, resetting the VPN…
I’ll just chose another box then :tired_face:

I was really hoping to learn through this box, I failed miserably in my oscp exam with similar type of target with remote buffer overflow. I have reported this to HTB support lets see if they have anything on this.

Hi everyone,

I was able to get the exploit running today, I changed my connect region from EU to US. I think there is some problem with EU setup.