Chatterbox

you should reset the box before trying to pwn

@peek said:

@h4x3r said:
[-] Exploit failed: No encoders encoded the buffer successfully
can somebody help please?

try another payload

@peek i found the right py payload but how to set PAYLOAD location of py file? it says the value of payload is wrong

I Changed the payload and got Exploit Completed but no session was created !

So, I ran a bunch of port scans on this using netcat, 1 - 65355 at the speed of one port per second. Taken around 18 hours and turned up a very small number of ports. Is this normal behavior for this box? Guessing it is, but just need a sanity check.

@CtrlEsc said:
So, I ran a bunch of port scans on this using netcat, 1 - 65355 at the speed of one port per second. Taken around 18 hours and turned up a very small number of ports. Is this normal behavior for this box? Guessing it is, but just need a sanity check.

One port per second? I used -T5 on my nmap and had full scan done in ~ few mins. and Yes this machine is set to filter almost every port

@bulbafett said:
One port per second? I used -T5 on my nmap and had full scan done in ~ few mins. and Yes this machine is set to filter almost every port

At the outset, I tried the standard set of nmap scans, a full UDP scan and some staggered TCP scans. I got literally nothing, hence the netcat approach - slow and steady. Not sure what the heck is going on here.

What is our mantra? “Try Harder”. So I guess that is what I will do. :+1:

@CtrlEsc said:

@bulbafett said:
One port per second? I used -T5 on my nmap and had full scan done in ~ few mins. and Yes this machine is set to filter almost every port

At the outset, I tried the standard set of nmap scans, a full UDP scan and some staggered TCP scans. I got literally nothing, hence the netcat approach - slow and steady. Not sure what the heck is going on here.

What is our mantra? “Try Harder”. So I guess that is what I will do. :+1:

For a machine like this, I’d recommend doing a quick scan for any responding port then go back and actually try to enumerate any responding ports will save you a TON of time

The design of the machine i awful. The required resets and unstable shells makes Chatterbox unpleasant experience. By my opinion the box should be fixed and activated again.

I scan Triple time then found the open ports… :frowning:

So I’ve located the vulnerable service and identified an exploit. I’m just having trouble with choosing the right payload, as the default option doesn’t seem to be working.

Is this now a process of elimination for choosing the correct windows payload, or is there more information around that would help? Have been stuck at this point for a few hours

try allports

Ok scratch that I found a payload that works. It’s just very unstable!

maybe if it’s unstable, you should try a different payload.

@ice2004 said:
The design of the machine i awful. The required resets and unstable shells makes Chatterbox unpleasant experience. By my opinion the box should be fixed and activated again.

agreed.

can i dm somebody?

@h4x3r said:
can i dm somebody?

ok :slight_smile:

Having just spent most of my day trying to maintain a shell and get this box, I’ve noticed a thing or two so I’ll share my experience.
Some tips to try and maintain a shell without spoilers:

  1. Don’t try to spawn a Meterpreter shell straight up, spawn a normal shell that you can then upgrade to a Meterpreter shell. My gut feeling is a Meterpreter shell may step on itself when spawning which is why it continuously crashed (Not once did my standard shell crash). This has the added benefit of another session you can change to if things go badly.

  2. Try your exploit from a fresh reset of the machine.

  3. Make sure your exploit code is correct, there’s no point wasting your resets if you’re just hammering the box with gibberish.

Priv esc?

@ipatchcables said:
Priv esc?

For this box, you don’t necessarily need to Priv esc.

Read the other comments. Don’t over think this one.

I guess I’m over thinking it then… spent most of the day trying to priv esc after getting a stable shell and user. Back to basics tomorrow.