Chatterbox

@h4x3r said:
can i dm somebody?

ok :slight_smile:

Having just spent most of my day trying to maintain a shell and get this box, I’ve noticed a thing or two so I’ll share my experience.
Some tips to try and maintain a shell without spoilers:

  1. Don’t try to spawn a Meterpreter shell straight up, spawn a normal shell that you can then upgrade to a Meterpreter shell. My gut feeling is a Meterpreter shell may step on itself when spawning which is why it continuously crashed (Not once did my standard shell crash). This has the added benefit of another session you can change to if things go badly.

  2. Try your exploit from a fresh reset of the machine.

  3. Make sure your exploit code is correct, there’s no point wasting your resets if you’re just hammering the box with gibberish.

Priv esc?

@ipatchcables said:
Priv esc?

For this box, you don’t necessarily need to Priv esc.

Read the other comments. Don’t over think this one.

I guess I’m over thinking it then… spent most of the day trying to priv esc after getting a stable shell and user. Back to basics tomorrow.

finally got it, dont kill yourself on priv esc, focus on the file itself

Thanks for the hint, got it… and this is why I love HTB. Hours of researching various way to get to something can be used next time :smiley:

My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one’s the only one that opened a session.

@bianca said:
My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one’s the only one that opened a session.

Happened to me too, google up auto migrating meterpreter sessions. The exploit used will naturally close out the connection unless migrated

I’m having an issue with formation of the payload. How to keep the payload under 730 bytes while avoiding the mentioned characters?

@Kwicster said:

@bianca said:
My session keeps getting killed with error message Died from Errno::ECONNRESET before I can do anything. Is that because someone else is on the machine? I tried several payloads already. This one’s the only one that opened a session.

Happened to me too, google up auto migrating meterpreter sessions. The exploit used will naturally close out the connection unless migrated

Thanks! That did the trick :slight_smile:

This box, is a serious annoying “waste of time”

Finally got the shell to be stable, tried several privesc suggested, no luck. Any hints?

@fatalglitch said:
Finally got the shell to be stable, tried several privesc suggested, no luck. Any hints?

Hmmm… ever wondered if you already had the priv?

Tried to access priv’d file in a few different ways, no luck…

@fatalglitch said:
Tried to access priv’d file in a few different ways, no luck…

pm me

can I pm someone on priv esc? Tried several different things no luck.

@Semtex said:
can I pm someone on priv esc? Tried several different things no luck.

Spoiler Removed - Arrexel

Thank you

It is a bind shell?