HackTheBox - Chatterbox

IppSec · Beginner ·🔐 Cybersecurity ·7y ago

Skills: AI Security90%Defensive AI80%Security Basics70%Tool Use & Function Calling60%

01:18 - Begin of Recon 04:55 - Start of aChat buffer Overflow: Finding the exploit script with Searchsploit 07:24 - Begin of replacing POC's Calc Shellcode with what is generated from MSFVenom 09:42 - Correction: Payload Size wrong, should be 3,xxx -- look at "Payload Size" I accidentally highlighted the size of the python file. 14:30 - Whoops, erased too much out of POC. Lets correctly replace the shellcode this time and get a shell. 17:50 - Running PowerUp to find AutoLogon Credentials 20:05 - Running Code as Administrator 24:18 - First Privesc Method: Using Start-Process to execute commands as a different user because Invoke-Command did not work. 27:30 - Alternate way to read root.txt -- Alfred owns root.txt, so he can edit the files access list. Get-ACL to view access list and cacls to modify 33:12 - Summary of the box ### BOX DONE 34:37 - Doing the box with Metasaploit, Warning: Lots of fails. 43:10 - Using meterpreters PortFwd to bypass ChatterBox's firewall and access port 445 51:25 - Doing the box with Empire ! 58:20 - Using Empire's Run_As module to execute commands as Administrator

Watch on YouTube ↗ (saves to browser)

Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from IppSec · IppSec · 43 of 60

← Previous Next →

HHC2016 - Analytics

HHC2016 - Analytics

HackTheBox - October

HackTheBox - October

HackTheBox - Arctic

HackTheBox - Arctic

HackTheBox - Brainfuck

HackTheBox - Brainfuck

HackTheBox - Bank

HackTheBox - Bank

HackTheBox - Joker

HackTheBox - Joker

HackTheBox - Lazy

HackTheBox - Lazy

Camp CTF 2015 - Bitterman

Camp CTF 2015 - Bitterman

HackTheBox - Devel

HackTheBox - Devel

Reversing Malicious Office Document (Macro) Emotet(?)

Reversing Malicious Office Document (Macro) Emotet(?)

HackTheBox - Granny and Grandpa

HackTheBox - Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Pivoting Update: Granny and Grandpa

HackTheBox - Optimum

HackTheBox - Optimum

HackTheBox - Charon

HackTheBox - Charon

HackTheBox - Sneaky

HackTheBox - Sneaky

HackTheBox - Holiday

HackTheBox - Holiday

HackTheBox - Europa

HackTheBox - Europa

Introduction to tmux

Introduction to tmux

HackTheBox - Blocky

HackTheBox - Blocky

HackTheBox - Nineveh

HackTheBox - Nineveh

HackTheBox - Jail

HackTheBox - Jail

HackTheBox - Blue

HackTheBox - Blue

HackTheBox - Calamity

HackTheBox - Calamity

HackTheBox - Shrek

HackTheBox - Shrek

HackTheBox - Mirai

HackTheBox - Mirai

HackTheBox - Shocker

HackTheBox - Shocker

HackTheBox - Mantis

HackTheBox - Mantis

HackTheBox - Node

HackTheBox - Node

HackTheBox - Kotarak

HackTheBox - Kotarak

HackTheBox - Enterprise

HackTheBox - Enterprise

HackTheBox - Sense

HackTheBox - Sense

HackTheBox - Minion

HackTheBox - Minion

VulnHub - Sokar

VulnHub - Sokar

VulnHub - Pinkys Palace v2

VulnHub - Pinkys Palace v2

HackTheBox - Inception

HackTheBox - Inception

Vulnhub - Trollcave 1.2

Vulnhub - Trollcave 1.2

HackTheBox - Ariekei

HackTheBox - Ariekei

HackTheBox - Flux Capacitor

HackTheBox - Flux Capacitor

HackTheBox - Jeeves

HackTheBox - Jeeves

HackTheBox - Tally

HackTheBox - Tally

HackTheBox - CrimeStoppers

HackTheBox - CrimeStoppers

HackTheBox - Fulcrum

HackTheBox - Fulcrum

HackTheBox - Chatterbox

HackTheBox - Chatterbox

HackTheBox - Falafel

HackTheBox - Falafel

How To Create Empire Modules

How To Create Empire Modules

HackTheBox - Nightmare

HackTheBox - Nightmare

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Nightmarev2 - Speed Run/Unintended Solutions

HackTheBox - Bart

HackTheBox - Bart

HackTheBox - Aragog

HackTheBox - Aragog

HackTheBox - Valentine

HackTheBox - Valentine

HackTheBox - Silo

HackTheBox - Silo

HackTheBox - Rabbit

HackTheBox - Rabbit

HackTheBox - Celestial

HackTheBox - Celestial

HackTheBox - Stratosphere

HackTheBox - Stratosphere

HackTheBox - Poison

HackTheBox - Poison

HackTheBox - Canape

HackTheBox - Canape

HackTheBox - Olympus

HackTheBox - Olympus

HackTheBox - Sunday

HackTheBox - Sunday

HackTheBox - Fighter

HackTheBox - Fighter

HackTheBox - Bounty

HackTheBox - Bounty

More on: AI Security

View skill →

Managing Threat Intelligence with Cortex XSOAR

SECURE Your App with Roles and Permissions in Spring Security!

SECURE Your App with Roles and Permissions in Spring Security!

TheCodeAlchemist

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Pete Bryan - Scaling Jupyter Notebooks for global scale security analysis | JupyterCon 2020

Warning! Python Remote Keylogger (this is really too easy!)

Warning! Python Remote Keylogger (this is really too easy!)

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Episode 9: Automating Single-Turn Attacks with PyRIT | AI Red Teaming 101

Microsoft Developer

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Secure Agent Authorization with OAuth 2.0 | Amazon Bedrock AgentCore | Amazon Web Services

Amazon Web Services

Related AI Lessons

Stop Storing JWTs in localStorage: A Security Guide for Web Developers

Learn why storing JWTs in localStorage is insecure and how to secure your web application's authentication, which is crucial for protecting user data

Dev.to · Damilola Owolabi

Inside Consumer DVRs — Hardware, Firmware & Network Security Evaluation

Learn about the hardware, firmware, and network security of consumer DVRs through a reverse engineering analysis of the Hikvision DS-7204HUHI-K

Medium · Cybersecurity

Cómo construimos un SOC con honeypot e IA local

Learn how to build a Security Operations Center (SOC) using honeypot and local AI to detect and prevent cyber threats

Dev.to · Yoandy Ramirez Delgado

Credentials in web applications: how to store them properly

Learn how to store credentials properly in web applications to prevent breaches

Dev.to · Ian Johnson

Chapters (14)

1:18 Begin of Recon

4:55 Start of aChat buffer Overflow: Finding the exploit script with Searchsploit

7:24 Begin of replacing POC's Calc Shellcode with what is generated from MSFVenom

9:42 Correction: Payload Size wrong, should be 3,xxx -- look at "Payload Size" I ac

14:30 Whoops, erased too much out of POC. Lets correctly replace the shellcode this

17:50 Running PowerUp to find AutoLogon Credentials

20:05 Running Code as Administrator

24:18 First Privesc Method: Using Start-Process to execute commands as a different u

27:30 Alternate way to read root.txt -- Alfred owns root.txt, so he can edit the fil

33:12 Summary of the box

34:37 Doing the box with Metasaploit, Warning: Lots of fails.

43:10 Using meterpreters PortFwd to bypass ChatterBox's firewall and access port 445

51:25 Doing the box with Empire !

58:20 Using Empire's Run_As module to execute commands as Administrator

A single PR just hijacked the NPM registry...