Chatterbox

Your payload is correct but you need to adjust the encoder it seems, under no circumstances would I advocate using msf, you learn little from that approach and it’s highly discouraged, but I make an exception with boxes whether intentionally or not are dysfunctional. I’m a little ambivalent when I come across a box like it, which is rare, so here’s a riddle, the answer is ‘universally mixed’, and 'W’e 'M’erry 'I’ndividuals can’t just allude to the post local privilege exploit you should use.

Pretty sure have the right exploit and used smaller payload to remove the error about no encoders, but still no connect back, tried msf and manual to get a shell back with no luck, have reverted this box so many times, can anyone provide a nudge in the right direction. PM me pls.

@frenchish said:
Pretty sure have the right exploit and used smaller payload to remove the error about no encoders, but still no connect back, tried msf and manual to get a shell back with no luck, have reverted this box so many times, can anyone provide a nudge in the right direction. PM me pls.

Use google to learn how to migrate your meterpreter’s session.

Use google to learn how to migrate your meterpreter’s session.

But I am not using a meterpreter payload, ideally want to get the manual exploit working and have tried with earlier suggestion “set AutoRunScript post/windows/manage/migrate” when using meterpreter payload.

there is a much better python exploit that should be used… if you have done your OSCP the buffer overflow payload work should be easy, little customisation…

Hey RPSUK, I am using the python exploit customized (Dont want to put too much on here, incase of spoilers) , even installed clone environment to test on, could you PM to discuss more detail?

@estihex said:
i cant find any :frowning: wasted 3 hours with nmap :smiley: hehe

nmap -sT --min-rate 5000 --max-retries 1 -p-

Hi All,
I got the priv file and I’ve tried to get system for long time however no more progress then. Could anyone please point me in the right direction?

Anybody stuck on scanning for ports pm me; made a bash script to automate it

Can i DM someone for this Box. Im not using msf. Have the py exploit, but cant seem to make it work.

Wasn’t too hard after reading all the hints on here and figuring out what to do after spawning the shell. Thanks everyone

This box was ridiculously easy lol.

After getting the payload to work properly this box was super super easy

Hack The Box

Can someone help me? I have found the python script, but i don t get a reverse shell.

@DeepBlue5 said:
Can someone help me? I have found the python script, but i don t get a reverse shell.

if you have the python script it’s pretty obvious , just read it and try to understand what it’s doing , plus read the comments on that script !

Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :slight_smile:

Why is my Meterpreter Session always died?

10.10.10.74 - Meterpreter session 1 closed. Reason: Died

Can someone help?

@DeepBlue5 said:
Why is my Meterpreter Session always died?

10.10.10.74 - Meterpreter session 1 closed. Reason: Died

Can someone help?

dont use meterpreter at first, use a satandar one and then upgrade

I got two open ports, one port mentioning service with three letters, but I can’t find any exploit on this protocol.
Can anybody help me pls?

@sqw3Egl said:
Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :slight_smile:

did you do with metasploit or python script?