Chatterbox

onlyamedic · May 6, 2018, 11:06pm

man this box made me feel like an idiot. Really simple after the first step, don’t think too hard trying to privesc.

or1on · May 8, 2018, 12:34pm

can anyone pm me for the payload?

hemang · May 8, 2018, 2:42pm

Got root. No need to privilege escalation. Just see where in windows shell is landing you.

w31rd0 · May 10, 2018, 2:18pm

has anyone managed through metasploit exploit? or does only python script work?

impetuousdanny · May 10, 2018, 4:25pm

@w31rd0 said:
has anyone managed through metasploit exploit? or does only python script work?

Python was completely stable for me

kikos · May 11, 2018, 9:49am

Hello guys,

I am stuck on the epxloit. I found the ports, and the exploit in python which use a simple shell code. I generate another one with msfvenom but doesn’t work. Can some one help me please? This is my first challenge here and I am really lost

Thanks

azadooo · May 14, 2018, 9:04pm

For the people who still have problems with the payload, you do not need to make 
sessions migration. ShellPayload is enough to become user and root .. find the right 
payload and change advanced option ... then you have it

jackshd · May 15, 2018, 3:08pm

every 3sec my exploit is dead, can someone help me with this issue please ?
thanks

KevinMoore · May 16, 2018, 8:51am

any hints on priv esclation?

0x23b · May 16, 2018, 4:29pm

Just rooted a few minutes ago. I used the python exploit and generated a shellcode with msfvenom. You don’t need to change the encoding but the payload. You can also give the payload some parameters like host and port. Read, how you can use msfvenom.

And a fresh reset might help setting up a reverse shell.

krxxp · May 16, 2018, 8:03pm

Thinking about doing it but why does it have a lot of downs?

w31rd0 · May 17, 2018, 8:55am

@xdaem00n said:
Thinking about doing it but why does it have a lot of downs?

cause it is unstable. if exploited once it requires reset to be scanned and exploited again

21y4d · May 17, 2018, 9:02am

For me the Shell was very stable.
Only meterpreter is not stable.

You could modify the code to use a different Shell.

Actually I didn’t use Metadploit at all.

sheeets · May 17, 2018, 6:12pm

Can anyone help with what payload I should be using? I’ve tried all of the ones that make sense, and each one dies immediately. Just don’t want to keep reseting this box and throwing out exploits if there’s something I can look into to help me understand why none of these exploits are working. Also, I keep seeing people mention something about changing an advanced option for the payload.

sheeets · May 17, 2018, 6:56pm

Never mind, got it. I will say that there are apparently multiple ways to do something. Try them all.

Vex20k · May 19, 2018, 1:21pm

I manged to use python and get a connection but every time I use a command ie. “dir” the shell exits out. Does anyone have an idea what’s wrong?

Relwarc17 · May 20, 2018, 6:55pm

@CyDefUnicorn said:
Best thing to do is to spin up a Windows 7 VM, install the vulnerable service and keep messing with it by testing and restarting until you get a solid shell back. Just got user without Metasploit, working on root

Thanks for the tip, you saved me a lot of time

Drewinator · May 20, 2018, 11:41pm

So i scanned this one, found the open ports and what i’m fairly certain is the exploitable service (google says it is vulnerable). I was trying to use the metasploit exploit but havent had success getting in that way. I’m trying to find this python script but my googlefu has failed me, any hints on where to find it?

Drewinator · May 21, 2018, 7:27pm

Figured that out. I’m running the python script on my test box and it makes the default program the script is set to pop up on the test box but no shell back. I tried taking that out and editing the script to make a reverse shell but it still does the exact same thing.

EMotion2K18 · May 21, 2018, 8:16pm

If you’re using the python script I think you’re using, look closely. Are you really editing the script correctly?