Chatterbox

Anybody stuck on scanning for ports pm me; made a bash script to automate it

Can i DM someone for this Box. Im not using msf. Have the py exploit, but cant seem to make it work.

Wasn’t too hard after reading all the hints on here and figuring out what to do after spawning the shell. Thanks everyone

This box was ridiculously easy lol.

After getting the payload to work properly this box was super super easy

Hack The Box

Can someone help me? I have found the python script, but i don t get a reverse shell.

@DeepBlue5 said:
Can someone help me? I have found the python script, but i don t get a reverse shell.

if you have the python script it’s pretty obvious , just read it and try to understand what it’s doing , plus read the comments on that script !

Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :slight_smile:

Why is my Meterpreter Session always died?

10.10.10.74 - Meterpreter session 1 closed. Reason: Died

Can someone help?

@DeepBlue5 said:
Why is my Meterpreter Session always died?

10.10.10.74 - Meterpreter session 1 closed. Reason: Died

Can someone help?

dont use meterpreter at first, use a satandar one and then upgrade

I got two open ports, one port mentioning service with three letters, but I can’t find any exploit on this protocol.
Can anybody help me pls?

@sqw3Egl said:
Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :slight_smile:

did you do with metasploit or python script?

@mokrea said:

@sqw3Egl said:
Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :slight_smile:

did you do with metasploit or python script?

could be both together

@mokrea said:

@sqw3Egl said:
Woo - got root.txt. Once I got a stable meterpreter session it was easy - took longer to do the nmap scan :slight_smile:

did you do with metasploit or python script?

just with metasploit - there are options you can configure to make it work and be stable.

@War4uthor said:
Ok scratch that I found a payload that works. It’s just very unstable!

are you using a payload in msf? can you share your process of elimination without a spoiler?

@Kwicster said:

@bianca said:
My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one’s the only one that opened a session.

Happened to me too, google up auto migrating meterpreter sessions. The exploit used will naturally close out the connection unless migrated

Thanks, this is really helpful !

@wirepigeon said:

@estihex said:
i cant find any :frowning: wasted 3 hours with nmap :smiley: hehe

nmap -sT --min-rate 5000 --max-retries 1 -p-

Kudos man!

Is someone willing to DM me with help on this one? Trying to get the python script to work. Have generate what I think is the right payload with none of the forbidden characters and under the size limit (i’m around 692 bytes) But nothing is happening. I know it’s a stupid simple mistake, it usually is.

Best thing to do is to spin up a Windows 7 VM, install the vulnerable service and keep messing with it by testing and restarting until you get a solid shell back. Just got user without Metasploit, working on root

no open ports found…what to do