Chatterbox

if someone could pm me to talk about the initial exploit that would be great.

@kimbilirkim said:
i can not bufferoverflow in chatterbox. can u hint me. what do i need? i found exploit but not work…

I think this has something to do with the OS version. I also found it, but noticed that the exploit works up to an irrelevant version.

can someone tell me the prots … its taking too long i wasted 3 hours before and 2 hours today i dont know what the thing in wrong.

you cant get a shell if someone is already using a shell…you can wait 3 days for nothing…or cheat with somone to run your powershell line there. in any case that box sucks.

F

@peek said:
you cant get a shell if someone is already using a shell…you can wait 3 days for nothing…or cheat with somone to run your powershell line there. in any case that box sucks.

Hey there,

So you’re saying that if we found the ports and attempted exploiting it properly but failed, it’s because of the environment? How did people get that reverse shell then? They were just lucky?

yep, do a reset then exploit…

[-] Exploit failed: No encoders encoded the buffer successfully
can somebody help please?

@h4x3r said:
[-] Exploit failed: No encoders encoded the buffer successfully
can somebody help please?

try another payload

metasploit sucks …try some others

you should reset the box before trying to pwn

@peek said:

@h4x3r said:
[-] Exploit failed: No encoders encoded the buffer successfully
can somebody help please?

try another payload

@peek i found the right py payload but how to set PAYLOAD location of py file? it says the value of payload is wrong

I Changed the payload and got Exploit Completed but no session was created !

So, I ran a bunch of port scans on this using netcat, 1 - 65355 at the speed of one port per second. Taken around 18 hours and turned up a very small number of ports. Is this normal behavior for this box? Guessing it is, but just need a sanity check.

@CtrlEsc said:
So, I ran a bunch of port scans on this using netcat, 1 - 65355 at the speed of one port per second. Taken around 18 hours and turned up a very small number of ports. Is this normal behavior for this box? Guessing it is, but just need a sanity check.

One port per second? I used -T5 on my nmap and had full scan done in ~ few mins. and Yes this machine is set to filter almost every port

@bulbafett said:
One port per second? I used -T5 on my nmap and had full scan done in ~ few mins. and Yes this machine is set to filter almost every port

At the outset, I tried the standard set of nmap scans, a full UDP scan and some staggered TCP scans. I got literally nothing, hence the netcat approach - slow and steady. Not sure what the heck is going on here.

What is our mantra? “Try Harder”. So I guess that is what I will do. :+1:

@CtrlEsc said:

@bulbafett said:
One port per second? I used -T5 on my nmap and had full scan done in ~ few mins. and Yes this machine is set to filter almost every port

At the outset, I tried the standard set of nmap scans, a full UDP scan and some staggered TCP scans. I got literally nothing, hence the netcat approach - slow and steady. Not sure what the heck is going on here.

What is our mantra? “Try Harder”. So I guess that is what I will do. :+1:

For a machine like this, I’d recommend doing a quick scan for any responding port then go back and actually try to enumerate any responding ports will save you a TON of time

The design of the machine i awful. The required resets and unstable shells makes Chatterbox unpleasant experience. By my opinion the box should be fixed and activated again.

I scan Triple time then found the open ports… :frowning:

So I’ve located the vulnerable service and identified an exploit. I’m just having trouble with choosing the right payload, as the default option doesn’t seem to be working.

Is this now a process of elimination for choosing the correct windows payload, or is there more information around that would help? Have been stuck at this point for a few hours