HTB Chatterbox - AChat Buffer Overflow and Registry Credentials
Machine Information Field Details Name Chatterbox Platform HackTheBox OS Windows Difficulty Medium TL;DR AChat 0.150 beta7 is running on a non-standard port with a known buffer overflow. A public Python PoC gets us a shell as alfred after generating an x86 unicode-compatible reverse shell payload with msfvenom. Once in, the registry gives away autologon credentials (Alfred:Welcome1!) that also work for Administrator — straightforward credential reuse to SYSTEM. Recon 1 nmap -sC -sV -p- 10.129.1.92 Most of the ports are standard Windows noise — RPC, SMB. The interesting ones are 9255 and 9256, both identified as AChat. That’s a Windows chat application that barely anyone runs outside of CTFs, which is a big hint there’s something exploitable there. ...