Chatterbox

@berninator said:
Keep at it with the scans. Nearly all ports are filtered, which makes nmap extremely slow. But some ports are open, you’ll just take a while to find them.

Thanks, man… I see the ports hahah… more hints?

i cant find any :frowning: wasted 3 hours with nmap :smiley: hehe

i got the ports, just no idea what to do with them yet, dont try hitting the whole range at once

@estihex said:
i cant find any :frowning: wasted 3 hours with nmap :smiley: hehe

Don’t scan all ports at once. Do a basic scan with port ranges. If you find open ports go for them with other options.

@druckk4mm3r like 1-1000, 1000-2000 ?

@estihex yep :wink:

that box is boring.

Boring boring

Scan witn netcat ftw

i can not bufferoverflow in chatterbox. can u hint me. what do i need? i found exploit but not work…

if someone could pm me to talk about the initial exploit that would be great.

@kimbilirkim said:
i can not bufferoverflow in chatterbox. can u hint me. what do i need? i found exploit but not work…

I think this has something to do with the OS version. I also found it, but noticed that the exploit works up to an irrelevant version.

can someone tell me the prots … its taking too long i wasted 3 hours before and 2 hours today i dont know what the thing in wrong.

you cant get a shell if someone is already using a shell…you can wait 3 days for nothing…or cheat with somone to run your powershell line there. in any case that box sucks.

F

@peek said:
you cant get a shell if someone is already using a shell…you can wait 3 days for nothing…or cheat with somone to run your powershell line there. in any case that box sucks.

Hey there,

So you’re saying that if we found the ports and attempted exploiting it properly but failed, it’s because of the environment? How did people get that reverse shell then? They were just lucky?

yep, do a reset then exploit…

[-] Exploit failed: No encoders encoded the buffer successfully
can somebody help please?

@h4x3r said:
[-] Exploit failed: No encoders encoded the buffer successfully
can somebody help please?

try another payload

metasploit sucks …try some others