Chatterbox

@junior said:

@IVWKCSEC said:
So when creating the payload, I’ve managed to get one to encode but the size is no where near 512.

Tried a few different payloads as well as changing some of the buffer length.

Sort of on the right track for a working buff ?

Does size really matter, at least in this case :slight_smile: ?

Haha thats what they all say !

I’ve tried with a custom payload … basic one of a shell_tcp but it never connects back.

I’ll have to keep trying /setup it in a local lab to get it working.

@scp said:

@PencilTester said:
Finally.
---->{P00F}!
For real.

I’m guessing you’re talking about the python exploit.
What does it do? I can’t figure it out reading the source.

Yes, Theres two key parts two it which it shows you in the comments.

One the payload and the other the UDP port.

Look up msf venom and the payload that’s already there and see if you can figure out what it does and how it could be changed :slight_smile:

NVM got some alternative shellcode
No stable connection but able to grab user.txt

Just a warning, i had both the valid exploit with valid shellcode, when the machine has just been reset it works fine, but any other time it just doesn’t connect back.

So just be aware, just because its not connecting or stable doesn’t mean you are doing it wrong, it COULD be the machine… or it could be your shellcode. So if you aren’t sure, install the software locally to test and confirm.

Got it , VPN IP had changed lol.
Priv esc now

Can anyone help me with privesc? I’m totaly stuck. PM please.

man this box made me feel like an idiot. Really simple after the first step, don’t think too hard trying to privesc.

can anyone pm me for the payload?

Got root. No need to privilege escalation. Just see where in windows shell is landing you.

has anyone managed through metasploit exploit? or does only python script work?

@w31rd0 said:
has anyone managed through metasploit exploit? or does only python script work?

Python was completely stable for me

Hello guys,

I am stuck on the epxloit. I found the ports, and the exploit in python which use a simple shell code. I generate another one with msfvenom but doesn’t work. Can some one help me please? This is my first challenge here and I am really lost

Thanks

For the people who still have problems with the payload, you do not need to make 
sessions migration. ShellPayload is enough to become user and root .. find the right 
payload and change advanced option ... then you have it

every 3sec my exploit is dead, can someone help me with this issue please ?
thanks

any hints on priv esclation?

Just rooted a few minutes ago. I used the python exploit and generated a shellcode with msfvenom. You don’t need to change the encoding but the payload. You can also give the payload some parameters like host and port. Read, how you can use msfvenom.

And a fresh reset might help setting up a reverse shell.

Thinking about doing it but why does it have a lot of downs?

@xdaem00n said:
Thinking about doing it but why does it have a lot of downs?

cause it is unstable. if exploited once it requires reset to be scanned and exploited again

For me the Shell was very stable.
Only meterpreter is not stable.

You could modify the code to use a different Shell.

Actually I didn’t use Metadploit at all.

Can anyone help with what payload I should be using? I’ve tried all of the ones that make sense, and each one dies immediately. Just don’t want to keep reseting this box and throwing out exploits if there’s something I can look into to help me understand why none of these exploits are working. Also, I keep seeing people mention something about changing an advanced option for the payload.