Chatterbox

The design of the machine i awful. The required resets and unstable shells makes Chatterbox unpleasant experience. By my opinion the box should be fixed and activated again.

I scan Triple time then found the open ports… :frowning:

So I’ve located the vulnerable service and identified an exploit. I’m just having trouble with choosing the right payload, as the default option doesn’t seem to be working.

Is this now a process of elimination for choosing the correct windows payload, or is there more information around that would help? Have been stuck at this point for a few hours

try allports

Ok scratch that I found a payload that works. It’s just very unstable!

maybe if it’s unstable, you should try a different payload.

@ice2004 said:
The design of the machine i awful. The required resets and unstable shells makes Chatterbox unpleasant experience. By my opinion the box should be fixed and activated again.

agreed.

can i dm somebody?

@h4x3r said:
can i dm somebody?

ok :slight_smile:

Having just spent most of my day trying to maintain a shell and get this box, I’ve noticed a thing or two so I’ll share my experience.
Some tips to try and maintain a shell without spoilers:

  1. Don’t try to spawn a Meterpreter shell straight up, spawn a normal shell that you can then upgrade to a Meterpreter shell. My gut feeling is a Meterpreter shell may step on itself when spawning which is why it continuously crashed (Not once did my standard shell crash). This has the added benefit of another session you can change to if things go badly.

  2. Try your exploit from a fresh reset of the machine.

  3. Make sure your exploit code is correct, there’s no point wasting your resets if you’re just hammering the box with gibberish.

Priv esc?

@ipatchcables said:
Priv esc?

For this box, you don’t necessarily need to Priv esc.

Read the other comments. Don’t over think this one.

I guess I’m over thinking it then… spent most of the day trying to priv esc after getting a stable shell and user. Back to basics tomorrow.

finally got it, dont kill yourself on priv esc, focus on the file itself

Thanks for the hint, got it… and this is why I love HTB. Hours of researching various way to get to something can be used next time :smiley:

My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one’s the only one that opened a session.

@bianca said:
My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one’s the only one that opened a session.

Happened to me too, google up auto migrating meterpreter sessions. The exploit used will naturally close out the connection unless migrated

I’m having an issue with formation of the payload. How to keep the payload under 730 bytes while avoiding the mentioned characters?

@Kwicster said:

@bianca said:
My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one’s the only one that opened a session.

Happened to me too, google up auto migrating meterpreter sessions. The exploit used will naturally close out the connection unless migrated

Thanks! That did the trick :slight_smile:

This box, is a serious annoying “waste of time”