#modules

DM me

DM me

on password attack module, hard assessment can someone tells me why i can't use the password i found to connect as d*** ? bcs i can't use smb server to upload a file on my kali

DM me

Hey Jinn,
I've found the exploit in the end. Just thought it would show up with automated tools. But it did not.

I have some questions about the "ACL Enumeration" part of Active Directory Enumeration & Attacks, if anyone can help me ?

hey guys

new here

i just finished the brute force on "password attack" module, "Network Services" section. and no valid combination was found, i used :
crackmapexec winrm 10.129.212.194 -u username.list -p password.list

hey, any one doing footprinting lab hard?

i got an issue using tom credentials

i cant login using "a authenticate plain"

and then the hash

from telnet

Hey guys, currently on File Upload Attacks - Blacklist Filters, the issue I'm having is that after finding the correct extension I'm not able to run the bashphp.ext file

oof

that should work but I tried it and it failed.

Yes

use ||.phar|| but use .png when upload and change it to that in burp

Enmm, I just scanned the entry network segment 10.10.110.0/24, why are ports 25 and 110

why or what

port 25 is going to be an SMTP, so mail service

then 110 - Post Office Protocol

also, googling helps

😄

I see. It could be NMAP-PN

fuck me

anyone know whats up with the Responder machine in tier 0?

when running evil-winrm theres a certificate failure...?

No, just port 25, port 100

bro，You scan 10.10.110.0/24 the port just 25、110 right?

@raven grove I dont understand your Q. mind elaborating?

sudo nmap -sS -A -sC -sV -Pn --open -p 1-65535 --min-rate 5000 -iL ip.txt -oX love.xml

then 25/tcp，110/tcp .............blabla

been an issue recently

what os

the OpenSSL issue has been an issue? I'm running Kalio

Kali*

ya

do a full upgrade

"sudo apt update" ?

#613049811481919508 message

that

@cosmic helm -- im currently running a full update. i appreciate your help pal 🤞

np

hopefully it solves it

dont u guys feel that all these hacking tools are useless, in real cyber attack none of them are actually being used and this is just a companies marketing trend to sell there stupid softwares ?

which tool specifically?

how am i supposed to finish this module...🥲

Hey guys, I am currently in this section of SQL Injection Fundamentals: https://academy.hackthebox.com/module/33/section/194

I need some help because I managed to successfully login to the admin page but I can't see the flag value it is asking for

Feel free to DM me

I get your point. Some boxes or certs among the whole area are too CTF like or even just scam. But some exercise there like AD one on HTB academy are quite real and helpful.

I heard some people don't bother to use kali or parrot. They built their own linux. In the end, it's up to people to decide what to learn, what to do and what hacker they might want to be.

Trying to understand… what boxes/tools for example? I might get your point but there are a lot of open source resources used in general

OSCP for example

Absolutely… though having a path towards your goal is something important so as not to be jumping from here to there and also get fundamentals to deep dive and specialized later based on that initial knowledge and understanding

literally wasting time on their exercises for 10 bonus points.

Agree

I work as a pentester for a bank and while hackthebox may be a bit ctf-y now and then, I do learn tips and tricks now and then which I use at work.

That’s where I think HTB adds value … learning new things you may not know before and for many beginners putting some basics at the same time that sets you to think outside the box

and that's why i chose HTB for basics start-up in hacking

dm me of you still need help with that also like the question said you need to login as user "tom" to get the flag not admin

can you help me ?

Hey guys I am doing skill assesment of linux local privesc. And I got till the last part but I am not able to perform the gtfobin sudo exploit bcoz. the command isn't creating a page like less command.

I am thinking it might be bcoz of the shell?? Can someone help?

dont you have to add a | and then spawn a shell ?

like bash

If u use | then it will run in the context of the current user not root

exploit is similar to the less sudo exploit, ie less and then !/bin/sh

but you are using busctl1 to run it as priveleg

I did this

didnt work bro sudo busctl --show-machine|bash

that level is only for busctl

SUID from those services ?

maybe one of them can be use to escalate?

not sure just giving ideas 🙂

its a sudo exploit from gtfobins. And I enumerated the machine fully. There isn't any other way sadly

maybe you can write the busctl file and add the shell there

https://gtfobins.github.io/gtfobins/busctl/#sudo

yes i was looking at it already

there should be a space sudo busctl --show-machine | bash

are u sure u dont have permissions to write the file ?

show me

doesn't work bro

XD

have u tried using the less command as | less

to write the file

I got the problem my shell isn't fully interactive I have to change the shell for commands like less to be effective

stty ? i guess

not sure then, more than i can handle for now

I did the normal stuff like python, stty raw -echo and all but it is a jsp reverse shell

oh i see

mind if u help me ?

got a problem with credentials

which module??

doing the footprinting lab hard

oh k

got this

not working??

am supposed to encode the email and the pass

to do a plain authentication on telnet 143

What pass did u try??

everything that i got from the snmpwalk tool

Did u try sshing using it?

this is the info i got from the tool

||NMds732Js2761||

am supposed to get an email from telnet but i havent ssh

Any webapp??

u can try login to telnet using this pass too

i did but dont work

is says that authentication fail

can u use the email and creds in any login portal of a web app.

no wep app

oh

no port 80

What all ports?

did u login to imap to check the users emails?

yes

they return ok

ayo y r u base64 encoding for imap

this error is what bothers me

yes using openssl

i use this as reference

it is imaps??

yes

ohh i see

i used port 993 too

but dindt work

Lets proceed in dm i think this convo is going to be long.

service?

yes

has anyone encountered this problem? the target machine ip address seems weird... and i can't ping to it.

Have you reset?

yup, i've reset for several times, and it doesn't help.

Let me dm you

Not all machines are reachable by ping.
The IP looks okay. Which module are you in?

@feral stump the ip is not weird

I'm in SQL INJECTION FUNDAMENTALS module

Oh, I can log into the DB directly, no need to ping it.

I've got a question when it comes to DNS enumeration. In this question (from the starting point), I am expected to find a specific subdomain. As there is no DNS server for my host, and that I have added the domain to my hosts file to be resolved, I cannot understand how different fuzzers will operate to test different subdomains as they will not be resolvable

If it's subdomain I would suggest using gobuster or something for vhost enumeration

As for how it'll work, just add the top domain and ip to your hosts file

It's all the same ip anyway as it's the same server

alright, i see

so am I supposed to be able to reach the subdomains with, let's say curl ?

why after being added to the admin group I still can't read the file?

you have to log in again / reboot the machine / launch your process after killing it

Instead of adding yourself to the administrators group, you can simply build a reverse shell. This will then come with admin rights

Hi need help with information gathering active subdomains enumeration

Not finding all the zones and A records

|| Try a zone transfer ||

I’ve done that here I got the internal ones

But when I count them and the original ones my answer no right so I’m missing something

Dm

Who can I pm regarding sqlmap module?

About SQLMap + bypass CSRF

How can provide me a hint with SQLmap Essential Skill Assesment?

I have identified the vulnerable vector ||json|| but I am not able to get a valid SQL payload

Fellow hackers, currently on the File Upload Attacks - Blacklist Filters, been trying to figure out what's the problem wit the file extension, found the ones that are not blacklisted using burp intruder and went ahead to check if this works but my php code doesn't show up

did you use the ||TESTPARAMETER|| tag and you also need to use a ||tamper scripts||

try ||.phar|| extension

I already got it sorted, thanks for your reaction

guys

i got a problem in File inclusion

section automated scanning

am Fuzzing the parameters and everything

but idk where to go next

am doing curl for the files shown after fuzzing

but nothing appears

first did you get the parameter?

i got a lot of parameters yes i did

one of them is language

which is the know for that website

nope not this one

did you use the ffuf command show in the first example?

ofc i did yes

wait i will try again

if you run that command it should just show you 1 parameter and that's the one

ffuf -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u 'http://46.101.54.91:32280/index.php?FUZZ=value' -fs 2287

this is the command for the parameters

is there any wrong with it?

oh wait i forgot look at the size of the ouput and find the size the repeat and filter it out

hmmmmm let me see

am getting the same

😓

filter out ||2309||

it worked

but

how

am missing some little gaps

hey guys! i have.... i think so far an easy issue but iam really stupid to find the issue. iam connecting via VPN and can find via netstat -nv the IP network ip HTP 10.10.x.x but i cannot connect on http://10.10.10.121/private what do i wrong?

basically the request that have size ||2309|| appear too many time and most of it don't work so we can assume that most not all of the request have size is false so just filter it out

it worked

i got the parameter

now

idk where to go

i got the payloads

a lot of them, and am using them

no output

has anyone been able to complete the Web Proxies on HTBA?

buddy what tools specifically are you talking about ????? 🤣

it's all a conspiracy perpetuated by BIG IDA

this is all to sell ida licenses

🤣

Hi all, can anyone confirm if they managed to use the CDATA method of XXE of the Web Attacks Module, on the same host provided in the page below?

The exercise is located on this page: https://academy.hackthebox.com/module/134/section/1206

Doest technical support even work on HTBA? it says im using a pop-up blocker but I disabled all plugins and whitelisted in ff

anyone had this problem on "Shell & payload", skill assessment "host 2" :

i used the exploit given on the blog but when i set the RHOSTS it put the same value on the LHOST which is named RHOST. there is no such variables on the .rb file so i'm not sure what to do

hey dudes, kinda struggling with a question in the linux fundamentals module. " How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only):
can curl gather that info or am I missing something basic?

have you used nmap? Think that should be able to tell you how many services are on open ports

havent done the course though

nmap hasn't been covered but that was gonna be my next move. was trying to stay within scope

you could curl every port I suppose?

what would that look like?

for i in {1..1000}; do curl <target>:$i | grep -v "Connection refused"; done

have you done much bash?

meh, not a ton

does the above all make sense I guess

not complex but

windows admin turning linux so theres that

lol fair

ya, i understand the concept

just struggling with syntax

fair
if you dont get the right answer by curl I would think to move to nmap

Not too much else springs to mind with what you've got 🤔

lol I appreciate it, gotta learn nmap anyways

thanks bud!

too easy

curl -s lol
gets noisy otherwise

hi

hello

@xp you active lad?

So I am working on Active Subdomain Enumeration and I am having trouble finding the total number of all "A" records. Anyone got a hint?

Did you perform checks on all the subdomains that intially popped up?

I tried using ||dig A|| on each one, kinda like with ||dig txt||, but I can't seem to find the right number

we should be able to just add up all the A records from the ||two ||zones

have you done a zone transfer yet?

I think some records had A records and others
Did you try counting strict A and also not strict A?

@west canopy I did ||dig axfr inlanefreight.htb @ns.inlanefreight.htb|| at the beginning

I'm not sure I understand the difference

it had been a while since I had worked on HTB Academy's Linux Fundamentals module so I decided to do Linux Journey. Now I've completed Linux Journey and I need help with this one Linux Fundamentals section. Can someone give me a hint? The question is that " How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)"

what do I do about this

@vale salmon try doing ||dig axfr inlanefreight.htb @ipaddress (of the spawned target)||

hi would it be better for me to just redo Linux Fundamentals path?

@quasi wave one sec let me check my notes

ok thanks @west canopy

sec ill DM you 🙂

That gave me the same output, but when I count them, the number still ends up being wrong. Maybe I'm not looking at the right thing?

one second I'll take a look

ok, its been a minute since I looked at it
are you counting ones that have only A in the record column or the ones that have A and other letters?

I was just counting the ones with A

did you miss ones that were out of the column?

No, I got those too. Problem is I'm only counting ||19|| and that isn't right.

definitely missed a few

looks like you only queried one of the servers

Yeah, I just got it. I came to the same conclusion at the same time. Lol. Thanks!

rip too easy

Yeah, I actually have a note, in my notes document, in all caps that says STOP OVERTHINKING!

I'm having a hard time determining which user is using a given ProFTPd service

I used ps aux | grep ProFTPd

and I got a result but

the user I listed is the wrong answer

can someone give me a hint

without giving me the answer necessarily

I say I ought to be able to make it work with

ps aux | grep ProFTPd

what am I leaving out?

try doing grep -i ProFTPd

linux case sensitivity might be messing you up

@fossil crescent my objectguid is different than yours

That's really odd, as I respawned target 3x and always got same result

sec i will DM 🙂

Please be careful with the spoilers

I didnt able to see #general

@acoustic owl are you around? Can I dm you?

Thx

Windows Privilege Escalation
Initial Enumeration
"What service is listening on port 8080 (service name not the executable)?"

I know whats listening, I can see it, I can visit it. I cant get the question to take the answer. What am I doing wrong here?

I've tried|| apache, http, tomcat, apache tomcat, etc ||

Can someone help me with the skill assessment of the AD Enumeration & Attack module

When you open the task list, look in the Services column.

I finished Web Proxies. Do you have a specific question about one of the challenges?

Hi everyone ! I need help on the module « password attacks » I’m blocked with the question « use the user’s credentials we found in the previous section and find out the credentials for MySQL ».
I tried many things but nothing worked, i don’t know what to do 😬

Is there a way to interupt a command when we are running a reverse shell, without ctrl+c (as it breaks everything) ?

hey can you tell me how you solved the problem?

If you upgrade your reverse shell to an interactive TTY, Ctrl + C should not be a problem.

Hello I just started with hackthebox and I am answering the questions on the very first lesson.
It says to submit the root flag but I don't know what that means.
can somebody help me?

dm me

thanks

Who can provide me a nudge for Command Injection?

@rustic sage I might be able to give you a little nudgey nudge

it's a text file "root.txt" containing the flag. Will be on the desktop of the administrator user in windows, or in /root on linux

guys wanna ask

in file inclusion

automated scanning

after fuzzing the directories i got this

i will show the last two lines

||/nologin sshd : x :106:65534::/run/sshd:/usr/sbin/nologin barry : x :1000:1000::/home/barry:/bin/sh||

so as we see it is ssh

as i connect to ssh

they need password

how do i find it

Use the same LFI payload you used to read /etc/passwd but use it to read /flag.txt

you will not be SSHing into any machines this module, it is purely web based

i will give it a try

i have been using heavy command and it everything was in front of my eyes

@west canopy THX a lot

nice work 🙂

np!

@rugged stag May I dm you?

Hey all I'm stuck on the IMAP/POP3 section of footprinting. I can't seem to find the admin email address or access emails on the IMAP server. Not 100% sure what I'm doing wrong here. Any help would be appreciated

Dure

Sure

Dm

me

I already got it sorted, thanks!

hello

anyone can help me

What’s your question ?

i am at foorprinting module

smb

What is the full system path of that specific share?

i tried every thing

/c/home/sambauser

nothing works

I also have a question … does someone know how to get the flag in the web fuzer module ? Because I try with burp suite (not pro) and used the wordlist provided in the example but I took so many time that te target was shuttting down without finishing the fuzing 😅 maybe I’ m using the wrong word list ?

Not a this module yet 😢

Dm me

Would someone like to provide me a nudge on Command Injection Skill Assessment?

@little summit your answer|| is correct but there is a formatting problem,|| feel free to DM me

When's the CPTS exam gonna be available

@steel kite have you finished the path?

mine is stuck at 98.7% even though i've completed every module, curious if anyone else is experiencing this

Almost done, maybe a few new sections were added to a module? I'll check what mine shows once complete

well my path shows as 100% complete but the exam progress bar shows 98.7% 🤷‍♂️

Firewall and IDS/IPS Evasion - Medium Lab
Oddly enough, I was able to get the hard module, but I can't get the medium module to nudge. I am trying to use the || dns-nsid || module, but It never outputs any results. When I do a tcpdump on the target IP, I see the || TXT CHAOS? version.bind. || keywords, but I keep getting || Refused- 0/0/0 (30) || Any nudges or advice?

@warm needle DM me 🙂

Hey guys

I’m at vulnerability skill assessment at open as section. Trying to log into the Vpn but looks like it’s off. Is there anything bout it? Everything fine with my environment

Lately a few of my vpn's were not connecting, i just had to download new ones for the main HTB site and for Fortresses

using Singapore and EU now haha

but they connect

this was literally like a few hours ago

On password attacks lab -medium, and im just curious if anyone else has problems with the docx

nvm just tried harder

Hey

Someone help me

I am stuck at getting started module at the knowledge chek poit

I have the access of initial shell but i am failed to escalate privilege

I found this but i don't know how to use it

Obtain a session cookie through a valid login, and then use the cookie with cURL to search for the flag through a JSON POST request to '/search.php'

curl -X POST http://ip:port/search.php -H 'Content-Type: application/json' -b "PHPSESSID=71kg4rbms08de6935hjk82kerd" -i

my payload

still dont get anything

send me /usr/bin/blahblah

my bad guys

i found it

im stupid lol

Who can help me with Command Injection Skill Assesment?

/usr/bin/php

Anyone can give a nudge on Password Attacks Lab - Easy?
There is FTP and SSH services and nothing else, no initial info or hints. Tried some of the default credentials - no luck.

dm me

In the Lab there are two lists username.list and password.list.Try them.

Hi there,

can someone help me out with web attack skill assessment?

I manage to figure out which user is the admin and ahve the token and uid. however i am unable to change the password

dm me

Thanks for pointing me to the solution. Would have never guessed that in my life. There are some exercises that I could never solve without the community help here because there is no way I would have guesses what they suppose you to do from the lesson. And sometimes the info you get is so vague that I'm like, "what they hell do they mean with that". Not all of them are that way, thank god. Some are excellent. But some are just totally confusing and I don't see what that has to do with learning. Since this is an academy they're supposed to challenge us with the exercises, but give us enough information that the challenge is solvable. Anyway, rant over. Thanks again.

somebody find for the question about HTB academy in the module learning progress

Tell the module name

Can somebody help me on sqlmap Attack Tuning Case6? I've wasted hours of my life (with no learning effect at all), and I just don't get what they want me to do.

• I get that case 6 it's about changing the prefix. I did that.
• I already tried a gazillion possibilities, including raising level and risk, randomizing user agent, focusing on the right table, ...

There must be something I'm missing. Any nudge in the right direction is greatly appreciated before I throw the computer out the window. Thanks.

pm me

Having trouble with the AD introduction labs. From my local Kali VM I keep getting recursive lock messages and a blank xfreerdp window then it disconnects after a few minutes. So I tried loading my free pwnbox and am mostly unable to connect there too. On both systems I can connect occasionally but I get disconnected after a very short time...

@rustic sage try to use rdesktop

having trouble finding the correct website to download krnl, can someone send the link to me?

It connects okay, but will not let me log in!

Anyone has most economic plan to finish everything in Academy, when I see amount of cubes required and prices I am kind of discouraged I would ever be able to afford it all

https://academy.hackthebox.com/billing Silver annual plan includes everything up to and including tier 2. There are only 7 modules I can see above that...

tell me about it. as someone who isn't interested in cbbh but i would like to talk about modules with other people it is a bit discouraging if you want to do every single module. i think the pricing is inflated at the higher tiers because of the isc2 credits they give.

in that case buying the cubes through the highest subscription makes more sense.

the last 7 modules are at minimum 4400 cubes (deducting the amount returned upon completion), and for the last one the 200 cubes returned are worthless.

I have trouble with File Upload Attacks module: Blacklist Filters, I found a valid exentsion (with Burp Suite) but when I try to perform ?cmd=id I don't get a output

Can someone helps me in the skills assesment 1 from Active Directory Enumeration & Attacks? I have the administrator hash but can't find a way to execute commands through pass the hash

hello everyone

anyone who has finished SSRF module?

Hi, how did you solve the error? 🙂

||mimikatz # sekurlsa::pth /user:administrator /ntlm<hash that you have> /domain:inlanefreight.local /run:".\psexec.exe /accepteula \\dc01.inlanefreight.local -h cmd.exe" ||

I saw that, but I'm connected with a reverse shell, not rdp

evil-winrm accepts hashes

I tried using the same syntax for executing others command but doesn't give any output

can I used it from the windows host?

why not? u can use from the attack host if u make a tunnel on the windows host

Hi im stuck with section Broken Authentication - Skill Assessment ,it seems i guessed the cookie encoding algorithm as ||md5 + base64 + urlencode|| , i also found the user can have admin rights as admin , but after i add a new cookie i just get the message "User cannot have requested role" ,
where am i wrong?

hi there, is anyone available to help me with Skills Assessment - File Upload Attacks? i fuzz the extention and can bypass the different filter and use ||xxe ||to disclosure the ||upload.php|| files an the other ||common-function.php||. I discover the Path where the file upload, ||/user_feedback_submissions/|| and finish i try to acces to my payload with the nomenclature ||220820_payload.xxx|| and i retrive not found, i dont can execute my malicious php code. the other hand, if i try redo the same process with a image without nothing, in this case i can see the image. At the moment I can't think of anything else to try, does anyone have any idea what I can try?

if you use special character or some thing that can be url encoded for your payload name you can't access the payload, the system will save the payload as the name you give it but if it have special character your browser will url encode the access request so you can't access the payload

I have some questions about the "ACL Enumeration" part of Active Directory Enumeration & Attacks, if anyone can help me ?

hi i'm stuck on this https://academy.hackthebox.com/module/116/section/1512. i've used gobuster to get the subdomains control and helpdesk and i've written a script to check for every record type on them with dig and query the answer section. there are no flags only ip addresses which do not ping. i tried to axfr them too.

i used the names.txt list that comes with the tool subbrute which is recommended in the hint

all of the ip for the subdomain is dead so you can't doing anything with that also if gobuster don't work use subbrute and i have no idea why, most of the time i try gobuster work fine but there are some situation that gobuster don't work but subbrute do so try that

subbrute takes a long time and so far it only produces the same records as gobuster

subbrute take too long that's why i use gobuster

i ran gobuster and only got two subdoains, helpdesk and control.

is there another one i missed?

if you use gobuster you should find ||6|| subdmain including the ||ns|| and ||ns1||

did you use gobuster with the custom dns name?

gobuster dns -d inlanefreight.htb -w names.txt -r 10.129.126.251 -t 100

it did not find ns1

nope that's the wrong command and if you use the wrong command you may find pornhub subdomain

🥲

no i didnt find that

Module 'Attacking Common Applications' section 'Attacking GitLab': I found 3 valid users for the GitLab instance however none are accepted as the answer. Is there some weird format you need to enter it as?

replace the -r with the ns subdomain also remember to put everything in /etc/hosts

also the pornhub part i'm not joking and there are also i think 2 more guy dm with this #modules message

gobuster doesn't work there because gobuster can't find DNS zones, try using the suggested tool

i'm running that tool it's taking a really long time.

i think i read somewhere if the tooling for an exercise meant to be educational takes longer than 5 minutes it's shit and poorly written

with this i concur

use the correct resolver.txt file, take in count which resolver are you using

I think with the right command doesn't take too long

other solvers have said to use gobuster, though.

i'm only using the spawned ip as a resolver. i nicknamed is ns.inlanefreight.htb in the hosts file.

should i just duplicate the entry 17 times?

I think I only used the given wordlist by the tool (names.txt), the IP as resolver and only inlanefreight.htb

is it took you how long?

i've tried that but it didnt work by the time i stopped the process because no thanks around 15 minutes

I don't think more than 5 minutes, I remember when I get the correct command the subbrute show some output

at first, when I launched It the output was completely blank

https://imgur.com/6v2uhwT.png

looks good? you're saying i should have useful output in ~5min?

yeah seems good for me

in resolvers.txt is the ip spawned in the exercise

it's correct?

yep, only that ip

or I think it will check all the ips

ok it's been about 5 minutes

same output as before

I used this command, with only the ip in the resolvers.txt

the answer is a flag (HTB{...}), make sure to check the dns zones you have there

Hi, for Burp intruder use zapp and (directory-small-list-2.3-small.txt) from seclist. 😆

it's been a while still nothing.

can anyone help me? , I found user support but am stuck trying to find this user's login password

grep '[[:upper:]]' /usr/share/wordlists/rockyou.txt | grep '[[:lower:]]' | grep '[[:punct:]]' | grep '[0-9]$' | grep -x '.{20}' , I use the following grep command to find the password that matches the password policy

and after this command how many password do you have left

I found 20 passwords but none of them are correct

i'm trying your command on the pwnbox to see if the support user password is in there but it is given error but that command seem right and also which support username did you found? there is multiple support user but there is only one right

I just found only user support

so what username did you found?

username is *support *

I found out by sending messages

oh that isn't the username that's the role

the support have a country code (typo)

i tried top-username-shortlist but didn't see any possible username

did you add country code

no, I see on the Support page that it says to use country code but haven't tried it, thank you

I'm also doing the Pentester Path. But I'm focusing on the Bug Bounty Hunter first (since a lot of modules are the same anyway and this will also help me with pentesting). I'm at 45% of the Bounty Hunter now. DM me if you're interested in interchanging information...

this part is silly and got me wasting time too. i thought the country code was +1 but it's like us. uk. ca. etc (the abbreviation of the country with a . after it)

speaking of wastes of time

the dns part of attacking common services

it's been 2 weeks and i'm still stuck with this section 😦

u get it now?

some of these 'gotchas' distract from technical application and serve no purpose other than to waste time "thinking outside the box"

the askhole of red herring

¯_(ツ)_/¯

but at least i get to think about modeling problems with nuance

I think they want to teach us about patience 🙂

🙂 maybe

i just gotta tRy HaRdeR

Try smarter > Try harder

Screw OFFSEC man 🤣🤣🤣

I tried adding the country code after 3 users admin,administrator,adm in the format (eg: adminuk,adminus) but still no success 😦

us.support

uk.support

looks like that

ok 😦

nope it's username.code so ||admin.us||

thanks , i try to create cookie as md5 > base64 > end character encoding url but no success

sudo grep '[[:upper:]]' /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt | grep '[[:punct:]]' |grep '[[:lower:]]' | grep '[0-9]$' | grep -x '.{20}'

I think it's not possible to escalate by modifying cookies right?

idk what you are on

what's the link

to your module and section

Broken Authentication - Skill Assessment

i remember there was only one i did which asked for country code and it ended up being concatenated with a . and us/uk

i have this ||https://imgur.com/zUxl8cP.png||

yes, i saw the user a.us

i used ||support.us|| to crack the password

for the cookie ||admin.us:admin||

try that tell me if u find flag.

I don't see the flag after encrypting this cookie, error "User cannot have requested role"

my cookie ZTY1ODNjMWU1NTNiNDQ2NjAwYmI2MzNhYmMwMTkxNmU%3D

e6583c1e553b446600bb633abc01916e  -

is that how u made the cookie?

no , im using https://www.md5hashgenerator.com/

try the command line cookie

for online one i like cyber chef it has a lot of easy to use features

https://gchq.github.io/CyberChef/

my md5 code and yours are the same

md5 > base64 and url encode last char

do u have to do that last two encoding?

i think i only used md5 output nothing else. i dont remember though

i just url encode the last character as "="

i don't know either, but i tried to create 1 user and the algorithm for creating cookie for this user is same as above

Does someone know why my zap browser is so slow when I type ip of target ? it never reach it

ok i got it

you have to do the other transforms

😅

to get the input for cyberchef i did ||echo -n 'admin.us'|md5sum && echo -n 'admin'|md5sum|| and concatenated together with a :

then using that website i dragged the transformations over and clicked the box on the URLENCODE option to encode the special characters (takes care of the "=")

r.i.p so hard 😦

using that output as a cookie while logged into the support account i refreshed the page n got a flag

did u get the flag?

cyberchef is so good 8-)

This part is probably the hardest part of the CBBH module :)) , thank you so much

no the hardest one so far imo is the active directory one

i haven't done them all yet tho

luckily I haven't learned that module yet :)) , previously on tryhackme I learned through bloodhound + kerberous

hi i need some help AD Enumeration & Attacks - Skills Assessment Part II at Submit the contents of the flag.txt file on the Administrator Desktop on the SQL01 i cant find the flag i have list all the files thats end with txt but i cant find the flag

https://tenor.com/view/calculation-math-hangover-allen-zach-galifianakis-gif-6219070

The hint for "Generating Shellcode" in "Stack-Based Buffer Overflows on Linux x86" should be changed to this. The questions in the Linux Buffer Overflows aren't specific enough in general.

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

hello

i was look something like this when i look at it

XD

Why the search is working with curl and not with the browser

https://academy.hackthebox.com/module/35/section/247

Have you found a solution? I have the same problem

i can't catch the second shell

Hi, replace robots_txt with http_put and you need an ip and port from any website or question and use it, and have the burp open .

I have some questions about the "ACL Enumeration" part of Active Directory Enumeration & Attacks, if anyone can help me ?

Dm if you still need help

Hi ,Could anyone give me some hint about FILE UPLOAD ATTACKS-Whitelist Filters?
I use the Burp intruder to get this

But I curl this file get 404 not found

how can I request the web when the file name contain "\ " or "//"?

dm me

hello

can any body help me

footprinting>SNMP

Enumerate the custom script that is running on the system and submit its output as the answer

Hi! I'm currently doing the Linux Fundamentals module and I stumbled upon this command:
find / -type f -name *.conf -user root -size +20k -newermt 2020-03-03 -exec ls -al {} ; 2>/dev/null

what's confusing me is the -exec ls -al {} ; part of it. Why would we use this instead of much shorter:
find / -type f -name *.conf -user root -size +20k -newermt 2020-03-03 -ls 2>/dev/null

The explanation in the module says:
This option executes the specified command, using the curly brackets as placeholders for each result. The backslash escapes the next character from being interpreted by the shell because otherwise, the semicolon would terminate the command and not reach the redirection.

This is all good but for noob like me it's not enough of an explanation. Why do we need a placeholder in the command? We need to escape semicolon but why it's there in the first place? 😄

Network Traffic Analysis: Interrogating Network Traffic With Capture and Display Filters

Could I have help with this?

Is there a walkthrough for the knowledge check version of Nibbles?

Hey, I need help in the AD Enumeration & Attacks - Skills Assessment Part II, on the question to pivot from SQL01 to MS01, I run the lazagne.exe in a system32 shell but it doesn't providing any clear password,

I also tried to use hashcat to the hashes I got or pass the hash, but anything of this seems to work

How did you manage to get the second IP? I seem to be searching blindly :/

I don't remember exactly, try doing ifconfig/ipconfig to see which subnets are and then fping or bash loop to check which of them are alive

Hi everyone, I am currently working on the ffuf module and now reached the skill assessment. One of the questions is to find the full page URL for a page that says "You don't have access!" I am 100% sure that I found the correct URL but my answer is not accepted. Can anyone help?

I am 100% sure because the two questions that follow require the URL and I was able to answer both of them.

for this answer with the url but change your port number to PORT

@vital adder that worked, thank you very much

hello, anyone who had completed the SSRF module, to ask some general questions..!!!

For the Intro to Assembly module, it says that the command man -s 2 write shows the details of that syscall. Don't appear to have those docs installed on the Kali host, anyone know which packages provide that?

dm

anyone?

Hey everyone, can anyone give me a nudge for Password Attacks Lab - Hard? I've found all the services, trying to bruteforce them with provides password list for user Johanna but no luck.

did you use the mutated wordlist?

the one that created from custom.rule? no

yeah use that and yes created with hash and custom.rule

thanks!

hello friends

Did you get it?

Hello I'm new to HTB
I have problem in starting point module
Setting Up
I didn't understand the explanation is there any videos regarding to starting up in setting up ?

😫 sorry

There are no videos in the Academy. If you want to watch videos, I can recommend TCM Security.

What exactly do you not understand? If you write your questions here, there are certainly people who can help you.

I got the VHD but I can't mount it in Linux, spent an hour already 😦
How can I mount it so I can steal the hive?

I found the key to BitLocker but when trying to mount vhd with guestmount it says that BitLocker is unknown FS

use bitlocker with losetup

sudo apt-get update; sudo apt-get install dislocker -y
sudo mkdir -p /media/bitlocker
sudo mkdir -p /media/bitlockermount
sudo losetup -f -P Backup.vhd
sudo dislocker /dev/loop0p2 -u(password) -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount

also here is the unmount command if you are doing this on your machine

umount /media/bitlockermount /media/bitlocker
losetup -d /dev/loop0

Is that supposed to be on this course? I mean, there is no info about dislocker in the module

oh no it isn't in the module but now thinking about it yeah it should be in the module but this is just a way to mount bitlocker

yeah, I guess at least mentioning there about dislocker would be great
because in the section about BitLocker it only says about "double-click the VHD and enter password" which is not the case for Linux machine

I will try the way you recommend, thanks!

It worked, thanks! However, it was a struggling one, I would recommend at least adding some hints there in section about it.

It's really impossible to connect with nomachine to the target at the Shell and payloads module

Okay thanks, I will try that!

Can I get a nudge for password attack lab - hard

I have J

can someone help me with this Q Perform active infrastructure identification against the host https://i.imgur.com. What server name is returned for the host?

Module :Information Gathering - Web Edition

Hi guys, I’m working on the module information gathering. Right now I’m at the active infrastructure identification. Here it give to me the key to connect to vpn and two urls:

• app.inlanefreight.com and dev.inlanefreight.com. After I connect to the vpn I can’t access to this two urls but I can access to the the private ip of the target. When I open up the page it says “this is the inlanefreight.local default vhost”. How can I access to the two vhosts app and dev?

Hi I guess you already done the section where I’m having problems, could you help me please? 🥲

yes ofcource i wil PM you @sudden oriole

@oak summit try to use curl

OPsss i did understand the Q wrong i was thinking dns server name , , Thanks al lot for pointing out curl

@sudden oriole add them in /etc/hosts file

@acoustic owl tnx sir

I ended up ||moving the VHD file to my windows machine and mounting it wit OSFMount :)||

oh wow so i'm not the only one who mount that vhd on a windows vm (but i use double click)

i am too low IQ to understand the|| bitlocker / losetup|| method lol

oh about the dislocker part me and i think most people found a blog about this but dislocker is for mounting bitlocker partition so that's what losetup is for

Wassup guys!

sup homie

Hey guys, managed to upload the file but got this error, any ideas?

File Uploads Attacks - Type Filters

Don't follow the steps outlined on that page - they don't work (well not for many of us anyway). I would go back and look at the AD enum and attacks module where some info was added about the Kerberos double hop problem. I used a remote port forward (ssh -R) for the metasploit shell and then a local port forward (ssh -L) for the win rm and that worked for me

I could not get the double hop to work using the steps either

@woeful oxide i would try a much simpler php shell

could anyone nudge me for password attacks lab hard?

Anyone else get the response from crackmaspexec:
aardwolf librairy is missing, you need to install the submodule
run the command: ( nothings here )

ive looked online and tried installing it with pipx, apt-get, ive tried a bunch of different things to no avail.

NP, yea I totally agree. I was stuck on a module for an hour until I looked for a tip. My approach was overly complicated and the answer was right in my face. Make sure to pay it forward and provide help to those in need.

I love the "Miscellaneous Misconfigurations" from the AD module. AS-REP and others are most common ways to obtain a foothold

quite handy when doing the HTB AD track

thank you, I got help and was able to solve it that way.

There is a thread just above

When you have one

Well, with losetup you just create kind of a mounted device from vhd file. So it becomes not the file but the device on your machine, like it’s a mounted hard drive, not the file.

ah nice

Absolutely!!

On Introduction to Active Directory. 95% sure the answer to this NTLM uses three messages to authenticate; Negotiate, Challenge, and <__>. What is the missing message? (fill in the blank) is authenticate or authentication. Basically the module said that, google searches say that, but the question doesn't accept it. What's the answer?

Is it broken or am I stupid?

(from module)It is a challenge-response authentication protocol and uses three messages to authenticate: a client first sends a NEGOTIATE_MESSAGE to the server, whose response is a CHALLENGE_MESSAGE to verify the client's identity. Lastly, the client responds with an AUTHENTICATE_MESSAGE.

I have J but idk if im just not looking hard enough, but I can't find anything that I can use. Also the account doesn't have admin privs so I can't do any dumps

@dire eagle it should be ||Authenticate||

........was it really just the capital A

haha

ten minutes of searching and rage.......and it was a damn A

thanks

who want to help me?

@sullen siren about what

someone stole my gmail account

can you help me bro?

@sullen siren change the password

but he change a password and phone number

i can't log in

i need a good hacker

@sullen siren I cannot help on that

yes

i know

you have a good hacker pls tell me

🧐

I need a good hacker

I have nmap bios windows mac linux hacker blackhat whitehat greyhat skills DM me if you want a REAL hacker ..

I want to call but I don't have to give him money

@sullen siren try this https://support.google.com/accounts/answer/6294825?hl=en

bro what is that?

"Secure a hacked or compromised Google Account"

anyone here has a sub on HTB academy who can answer a question ?

ok bro

what's the issue?

I'm planning on doing the silver sub but it give you 200 cubes. Now my question is if i complete the module do i get the cubes back or are they just consumed ?

bro that is hard to me

Cus ur account isn't compromised

Okay, am I supposed to do this from the webshell? Because I cant make it work :/

why bro?

look under each module there will be a cubes cost you some will get some cude back

so if a module costs 100 cubes i won't get the 100 cubes back

nope

that really sucks

for example this module will cost you 1000 cube and it will give you back 200 cube

the Unlocks For is the cost and the +200 is what you get back

Do the boxes give you cubes ?

nope box are on hackthebox not hackthebox academy module is for hackthebox academy

How are you supposed to get enough cubes ?

with MONEY

Oh ..

who can hack a gmail?

What is your gmail account name ?

yeah guess i will sub and than buy the cubes as i need them

Only Google support can help you

not help me bro

he change a password and ph number

MFA is a must

and Security is too strong

you mean gmail?

Yes

bro come cb

Why is ur email called that

and that email is in 1 data breach

no that is

he stole that gmail

Is English your first language ?

oh he probably found you email password in that data breach

bro

don't do it

Hi guys,
I'm doing the skill assesment on the pivoting module, but I don't understand if you are capable of ennumerating the internal network from the webshell? '

pls stop being an idiot no one is going tell you how to hack gmail if you need help recover your email i already send you the resource and also i found your email in a data breach so change your password

yes with nmap

It says nmap is not found

nope nmap on your machine

thanks bro

Sorry, I'm a bit confused
The webshell has access to the internal network, and we don't have direct access from attackbox, right? (That's what I understood when looking at ifconfig)

first attackbox is on tryhackme and the webshell has access to the internal network and you have access to the webshell that make you have direct access to the internal network

okay, understood.
Do i then have to use the webshell machine as a pivot machine or?

of course and for the next machine answer the question to get the cred

Thanks!

can dm you about the data breach? (if you can't tell i'm trying to help)

I could use some assistance with broken authentication module weak brute force protections section, in question 2 I'm using the basic_bruteforce.py script they have us. I changed my target to http:// <target up>/question2/ and I can get my header to have the "X-Forwarded-For":"1.2.3.4" but I keep coming up short it seems so simple though idk what Im missing

that header need to be in this format ||X-Forwarded-For: IP|| also there are no ip from 1 to 4 use a different ip

I copied right from the example, this exactly how it sits within my script headers = {
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36",
"X-Forwarded-For": "1.2.3.4"
} So is that all correct and the ip needs to be changed? to like anything or does it have to be like a 192.xx.xx.x?

read the the hint and the stuff bellow the example what ip do you think the target trust also do it in burp

did anyone here pass the PNPT with help from HTB academy ?

i'm hesistant to sub but i'm not sure about it

Have not, but at least for the student price HTB Academy is definitely worth

i think tcm academy just end a big sale where you can get 6 courses 3 of them for 1 USD and the other 3 for 6 USD

I got them all but i'm having issues with AD and linux escalation

Hi everyone

Im new

so i wanted to push in a different aproach to it like some of the stuff i got in the academy like stabilizing shells wasn't covered in the course

How do i hack in windoes

https://www.youtube.com/watch?v=lhz0-qAQlBM

for something like that you can just use socat or a tty

thanks

i just send the HTB team an email to request for them to unblock my academic email to get access to the student discount

that is unnecessary there is a chat bubble click that and send them your academic email and info they will whitelist it

where is the chat bubble

if you have ads block on you can't see it

it's on the right corner of your screen

let me try with firefox

yeah it doesnt show me on the billing page of academy.hackthebox.com

if you don't have ads block on i have no idea why it doesn't show

Try it on this Site: https://help.hackthebox.com/en/

Thanks it worked i got my sub with student email 😄

¯_(ツ)_/¯

The reverse shell is not working for Getting Started in the hack the box academy

hello friends

Hi :3

for web requests : POST has anyone had the search just never fire off? I put it in the web interface and the search just spins, no Search.php ever fires

@oblique shale sometimes with docker targets i have to respawn them a few times

Ok I will give that a try, I was like how am I screwing up by following the example

Maybe I’m being impatient and trying to get it to work before loaded. How many times have you respawned them?

Maybe try using curl instead of your browser? If you just navigate to the target you might not necessarily be sending a POST request

for example:

I was playing with browser so I could see the search request

I will skip it for curl

using burpsuite.... what will be the content-type to bypass .WAR file ??

whats the longest study/learning session in terms of hours you guys have done on academy? anyone above 12hrs? 😄

I'm stuck with Blind SSRF exploitation examples, anyone to whom ask some?

Mr Tom I deadmr tom is dead

rip mrtom

stop bullying mrtom

about that....
i was bored, he was spamming, so i did a bit of trolling... and now he think i got killed by "the russian"

No one

already tell him that

can anyone help me with this question from ACL Enumeration section in ACTIVE DIRECTORY ENUMERATION & ATTACKS
https://academy.hackthebox.com/module/143/section/1485
I have tried both ||AddSelf-GenericWrite|| and ||GenericWrite-AddSelf|| but did not work

@unreal timber DM me 🙂

can someone pls help me ?
Module: Broken Authentication -> Predictable Reset Token
I know the algorythm and the way how the hash is generated but everything i do is wrong
My code:

||https://pastebin.com/WACunjui||

Hey! Could I get some help with Broken Authentication Assessment? I found the passord for the support user and see the cookie, but am having troubles with the next step to decode

dm

Password Attacks -> Password Reuse / Default Passwords: Found some useful files on the target, tried known credentials and bruteforce tools. Enumerated other services, dead ends. Think the key is in one of the files that are on the target, a bit stuck on reading/gaining access to them. Any help is appreciated!

the password is in ||one the link|| on that section

Indeed.. it is. Well that was more hours than I care to admit hammering away in the wrong direction lol

Thanks!

got it

Can anyone assist me in Password Attacks - Hard? I've hit a wall after finding the VHD file.

are having issue mounting it or extracting the hash?

Mounting. I was able to crack the hash fortunately

here try this #modules message

Thank you! I'll give that a shot

Thank did the trick. Thank you very much!

hey

did you use vdi2j to crack

got it....

I did not. ||bitlocker2john||

Since techinically its a encrypted drive that would make sense. lol

thank you

You're very welcome

Finally finished PW attack - lab hard

spent so much time on that one

Nice work 🙂 The ||backup.vhd|| threw me for a loop !

Does anybody know how to change their profile picture for academy?

I dont think you can

If I could find a stored XSS attack vector, I could change the website so I could change my profile picture.

i mean what the hell is even this???

So ugly

its like a bomberman pez dispenser

Also not to flex but https://academy.hackthebox.com/achievement/361678/path/120

you're killing it bro

Now just need to complete the CBBH path. Only have 20 sections left.

i have been getting spanked by this Secure Coding 101 module

The javascript one?

yea

I wish I could help but no way in hell am I going to spend 1000 cubes on that 🤣

i managed to get mrb3n to unlock it for me

turns out extortion is quite effective

lol

I got OSINT corporate recon for free because I fixed the hashcat module

hell yea

@west canopy How many modules have you completed?

all but two

Which ones?

The flex haha

i have OCD so i wont complete a section

until the entire module is done

Hackthebox really needs to fix the progress meters. It fucks with my mind

lmao i know they make no sense

As often as you help everyone here, you more than deserve it.

awww 🙂

Hello, I am in the module of the academy called vulnerability assessment. I connect to my virtual machine, Pwnbox, but I can't find Nessus within the programs. And from my VMware machine, when doing the scan, it does not find the vulnerabilities of the exercise or anything. Some help?

Scan again...

I've done it several times and nothing. And with my nessus I only have 16 Ip's to scan, I've already spent 2

It's being pushed through an advertisement session id;;ior::rn'musabr'

also, the exercise is supposed to scan a windows machine, but the ip it gives me is a linux machine

Yes because I'm in one of those remote controlled drones r.dp (Direct.Point'Pontificure') Remote controlled pneumatics...

N+N Mk.Setup loc/soc 'm6H2'

N+N Mk.Setup loc/soc 'm6H2'

It broke into tiles using tulsa.blues icon.pkg

Okay you figure it out from here.

../Runc.mk(d.d) [pnkdi] --sha1::t.Pastorea::d.h2'M6

--HMS(MS13)

Hey @acoustic owl you around? I have a quick question on the easy lab footprinting

Thx!

Huh?

Where are you stuck?

Not stuck solved it on my own but wanted to understand if the id_rsa and id_rsa.pub need to be on the local root folder under .ssh to make the connection to the remote ssh server successfully

Just because I see when ssh that it loads the keys from there so just wanted to make sure that is a rule

You can basically store id_rsa (private key) wherever you want. You can specify it like this

ssh -i /path/to/your/key user@serverip

Ok perfect wasn’t sure how to make that happen

Thx!

I always get this error after i upload a crafted metasploit payload in .war format on Tomcat and listening...
please i need you're help
module: SHELL & PAYLOAD

Upload payload with curl command line search Google

the payload was uploaded successfully but when i try to execute.. tomcat raises an expection of metasploit payload

Change msfvenom Upload cmd payload

if so.. we need file restriction bypass

i tried that using burpsuite ... and tomcat insist it must be .war file

Any help.. please

spent so much hours finding solution.. all to no avail

can you give example of that pls

tomcat only accepts .war file

so can i upload .exe file using that methode ?

payload.exe%00.war

got it.. let me tried that out

Password Attacks Module - Q: Examine the target using the credentials from the user Will and find out the password of the root. Then, submit the password as the answer.
Are we supposed to ||use rockyou wordlist on the unhashed file||?

nvm, got it

Using the Metasploit Framework Module / Introduction to Metasploit / Question 2: Which version of Metasploit is free and can be used only through a CLI?
Are we really expecting anything else than "Metasploit Framework"? This answer isn't accepted.

The "msfconsole" is accepted as an answer though, but it is an interface to the Metasploit Framework not a version of Metasploit.

Hi, I can't move in the Attacking Enterprise Network, Active Directory Compromise, in the first steps (getting the tgt hash) the socket is failing, I have just copy and paste the commands so I don't know what I'm doing bad

(the credentials are ok, if I wrote bad credentials the error message is different)

each time I launch the command (GetUserSPNs.py) a new line of error appears in the left, but I can connect with proxychains, nmap and others tools works fine

Password Attacks Module Q: Use the cracked password of the user Kira, log in to the host, and read the Notes.zip file containing the flag. Then, submit the flag as the answer. Can I ask someone about that?

sure

I downloaded the Notes.zip file to my host, to get the password.
Am I using the wrong wordlist or what am I doing wrong exactly?

Can I send u the screen via dm? So I dont spoil

Look at your print screen.
two lines the IP is addressed on port 88. Then the domain inlanefreight.local
Your system is unable to resolve inlanefreight.local.
You can solve the problem via hosts file. Just enter the domain and the target ip

sure

thank you, I wasn't understanding this c:

Guys is BeEF good for larrning to hack

Or we should use linux terminal to learn the commandes

Commands*

If you want to learn how to attack systems, you must first understand how they work.

can someone give me a hint on how to gain ssh access on the password attack easy lab? i've tried bruteforcing ssh/ftp with username.list & password.list provided from the resources

Could i DM someone about Attacking Common Services - Attacking DNS? I'm stuck and idk what else to do :/

didn't ftp give you any result?

@hard lodge i might be able to help 🙂

i cancelled hydra after like 15min.. is it supposed to take that long?

it took me longer (:

alright, i guess i will let it run in the background

thanks 🙂

np, hmu if u need something from that module

Module: Skill Assessment - Broken Authentication
Can somebody pls help me ?

||I have The user admin.us..; support.us..; and a wordlist adapted to the rules but i just can't crack the password||

@shadow willow DM me 🙂

Anyone avail for a dm/nudge on WHITEBOX PENTESTING 101: COMMAND INJECTION -- Skills Assessment? Have looked at the code and virtually certain I know what's to be exploited, and ability to control it (at least alter it's default behavior), but aside from altering default behavior, can't figure out how to get command execution locally (let alone remote). Lost as to what I'm doing wrong. Thx. EDIT: Figured it out.

ca n anyone help with Find and submit the contents of the TXT record as the answer? can anyone help please?

which module?

information gathering - web edition

yes DM

@rustic sage DM

has anyone completed intro to assembly language? I need some help

@night pier i can help on any questions except the first question in the skills assessment

yo guys

wanna help

in file inclusion skills assessment

i FUZZed the directory and everything

it is the logic way to me, anyway, as am trying to put it in the URL

it shows nothing

what should i do

SORRY @night pier im in the middle of that module

password attacks medium lab felt quite difficult compared to all the previous modules in the path, but nice learning experience

😭

the command i did last as they want the flag inside root folder

ffuf -w /usr/share/seclists/Fuzzing/LFI/LFI-Jhaddix.txt:FUZZ -u 'http://134.209.31.118:30751/index.php?page=FUZZ' -fs 4521 | grep root

Having a little trouble signing in on my computer . Says I don’t have an account but yet I’m logged in , maybe another email verification or something ? Anyone had this issue ?