#modules

I have it on a VM can't copy paste to discord

I may just need to get some rest and try tomorrow with a fresh brain.

sure np and you can just take a screenshot of that

Yeah brother, I had shut the kali VM off

Thanks man

np see you when you don't have brain damage

I'm afraid that won't ever change but will see you around

lol

Hi, could anyone help me with something for the password attack lab -hard please?

sure what's the issue?

dm'ed you

can someone please help with Attacking Common Applications, Application Discovery & Enumeration... aquatone is not working, either timing out or not taking screenshots

dm me if u wanna learn how to hack

did you install chrome?

#858470491676737536 message

yea installed chrome, chromium, chromium-driver

did you do that in the pwnbox or your vm? because it's going to hell with all of that in kali

all you need is wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb;sudo dpkg -i google-chrome-stable_current_amd64.deb

in own kali vm

it's going to be hell but it should still work

so after you run ||cat web_discovery.xml | ./aquatone -nmap|| like in the example show what did you get?

also shoot me a dm i'll help you troubleshoot

Hi again, I'm trying to download a file using evil win-rm, it says the file was downloaded successfully but when I check the directory it's supposed to be in it's nowhere to be found. Has anybody encountered this problem before?

Yooo

Imma newbiw

Can yall tell me from where do i start learning to do ethical hacking?

https://www.youtube.com/watch?v=lhz0-qAQlBM

i got that same issue something but for the password attack module i didn't use evil-winrm so i have no idea how to fix that but try metasploit or updog

did you manage to fix the issue?

its a common problem with winrm

gotta use full path names

i did

I think both source and destination

not really a disconnect and connect back in would usually help for me but still not 100%

download c:/whatever/Logins.kbdx /home/whatever

didn't work

i disconnected and reconnected many times already

yep it isn't really a "fix"

also try updog

I'm really not gonna fall for it man

https://github.com/sc0tfree/updog

😉

loool

about to send that

mb was genuinely thinking you where tryin to prank me

do I use certreq.exe to post the file?

nope

you can just use a browser or curl

but i for the command for curl and i don't thing i did save that command but for powershell

Yes bro

Tysm bro

I can't connect back to the website from the machine

feels like the host can't connect to anything through internet

nvm

Anyone managed to complete the nmap module - firewall evasion hard part?

@vital adder is it normal I can't open the .img files with 7z?

i have no idea about that

Hi ! Can someone help me on the Login Brute Forcing - 2nd skill assessment ?

i Created a user list, created a password list with name and surname, numbers, special characters and leet.

Then used the sed commands provided in the module. But after 7 attempts in 3 days, I still have no hits.

hi

Can someone give me a pointer on Password Attacks Medium skill assessment? I got both ssh users but I'm stuck on priv esc

if you are on the Skills Assessment - service then big hint you don't need that much info (i only realize that after through reading like god know how much harry potter wiki)

Yeah just resolved it ...

congratz

God I am so mad

hint check ||key||

yea me too after reading all of that

Nani

yamete kudasai

wait i think i copy the wrong thing

I checked for ssh keys but found nothing

shoot me a dm with your user just to double check wait nope i misunderstand my own note you should have found ||all of the user|| but if there is no ||ssh keys|| then i think you should restart the target machine

I'm currently exhausting the wordlists on the hash

if you got the right ||key|| hash it should take like 2 sec (it did for me on the pwnbox)

Hi it's me again. I'm still on the password attacks lab - hard. I found the .iso files but I can't for the life of me read them. Most of what I see online says to use 7z but it just doesn't do anything when I try to use it. I've also tried mounting it but that fail as well, telling me something about bitlocker (i did try to run the file through bitlocker2john but that produces nothing)

Am I doing smth wrong?

ok let me get back on these modules..... lord giv me strength

wait what iso file?

there should be only a .vhd file

.img sorry

still no

yeah but when i unpack it there are .img files in it no?

wait they did update the module not sure if they update this last bit or not

well I ran the .vhd file through 7z and I found 2 .img files in it

wait how?

that is a F ing ||partition|| how tf did you ran 7z on that?

whatchu mean?

shoot me a dm

Hello everyone
One step away from the flag)
module - AD Enumeration & Attacks
Skills Assessment # I
With the help of ||mimikatz, I pulled out the administrator's ntlm hash||, cracked his password, but I can't connect to ||DC01 via PsExec||
Is writing:

Access is denied.
I tried using ||Invoke-Winexec||, but I didn't quite understand what commands you can pull out the flag.
(give a hint please))
And then I doubt that I pulled out the hash of the domain administrator I need)

maybe you used other tools to get to the flag when you had the administrator's hash and the password itself in plain text on your hands?🤔

So im connecting to an ftp server, but anytime I issue commands it enters extended passive mode. What can I do from here?

Hmm wget was able to get the files but can anyone explain what Extended Passive mode from ftp is? Google just left me more confused

Just completed Nmap Hard lab... what a humbling experience

Could use a hint, Im on Attacking Common Services - Easy, and im in the sql database but I don't know how to escape and escalate from here.

@pastel ginkgo upload file

Tried that I dont think im doing it right

I don't know what happened, at the new session I repeated all the actions again.
The only thing I did everything through the command line.
||powershell only when it has already received admin access after the DCSync attack!!||
Everything is successful!
||Got what I wanted through mimikatz!)||

||How do I upload the rev shell? Im using the exploit listed and I can read it as text but I can't figure out how to upload the entire shell script.||

@pastel ginkgo use mysql to upload the file

OK what am I missing? I'm so confused on how to do this exploit

@pastel ginkgo add another /

Im lost, where?

|| I tried putting it into the dashboard directory, but when I try and launch it from my browser it fails ||

@pastel ginkgo did u try with ?c=

|| I had no idea that was a thing q.q, Well now to figure out how to chain commands in it to get to the flag which im assuming is under C:/ ||

@pastel ginkgo u need to get a reverse shell using powershell

hello

Im even more confused now

Hey guys, stuck on Password Attacks - Lab Easy. I understand we are suppose to brute force FTP. Based on the hints I've seen on here, the included password.list should be all you need to crack the credentials correct? I'm using hydra with the uname list and passlist provided in resources. Increased my threads to 48 and still am not getting results. Any suggestions?

||You should be using the materials provided, you can crack it with the username / password file ||

According to my notes it took me 15 mins to crack it at 64 threads

Going to reboot, load up a new VPN key and give it another shot. Sweet, thank you @pastel ginkgo

I'm having trouble connecting to HTB academy VPN, when i run sudo openvpn academy-regular.ovpn i get this error

2022-11-12 20:32:09 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-11-12 20:32:09 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-11-12 20:32:09 OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022
2022-11-12 20:32:09 library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
2022-11-12 20:32:09 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-11-12 20:32:09 Cannot load inline certificate file
2022-11-12 20:32:09 Exiting due to fatal error

hey i would like to build like a team with people that are really new to this domain so we can grind together

Change the vpn server and download another ovpn file. This happened to me when I switch from mac to linux using the same file. Once I downloaded a new ovpn file it worked.

I am working on the web proxies zap scanner module. I am unable to find the vulnerability. All I am getting on the scanner is CSP and CSRF vulns.

Anyone here has experience with this module?

👍

Hello! I'm doing (mostly not 😕 ) Footprinting lab hard. I did the enumeration and found the port for snmp. I did the footprinting with onesixtyone tool (with snmp.txt from seclist) and found 3220 communities. What should I do further? I read some of the hard lab related messages from here, but I'm still trying to figure it out. Thanks for any advice/suggestions!

I'm in!

Hey guys, for password attacks -medium lab, do we use the included resources pass.list and user.list to brute force ssh? I managed to get into an smb share and cracked a pass protected file and was able to discover a password. I've tried using that password with crackmap to bruteforce both smb and ssh with no success. Any pointers?

|| Did you find credentials in that document? I'd see if I could login with it||

Hey guys for the Internal Password Spraying - from Linux, I had a problem where I could not get the username that started with "s" to show up in my 1 liner bash, and kerbrute had a problem checking jsmith.txt I completed the question but only by looking at the given name in the section which just happened to be the answer

the only one that got resolved from bash 1 liner

kerbrute failing

i didnt see a user, i was able to open the file but it was all encrypted. So when I ran that through John, I only found a password @pastel ginkgo . Must be missing something simple, I'll go back and retrace steps

anybody got any ideas??? is it a problem with the vm or??? I just dunno if im doing something wrong. interestingly enough when I tried a crackmapexec, I also only got tjohnson

I just created a file that contained the correct user and passed it against kerbrute with the same above syntax but it found the user this time, I also checked jsmith.txt to confirm that the user in question IS in the file but alas.....it errors when I try to use jsmith in kerbrute

@rustic sage try to enumerate using braa

I did find the credentials using onesixtyone. I was not paying attention to the output details before. But I'm not sure what are the credentials for, now.

@rustic sage try to login mail server

will do so. thanks!

@rustic sage no problem

docx files dont have users 🙂

Crackmap to find the associated user to the password? Or mutate that password?

use the password to decrypt the docx file

Wow of course..thank you for the help!

I'm logged in with ssh as ||tom||. I found there 2 more users, but no way to elevate privileges (or maybe another method?) so I can access some of their files to find out some passwords. Any hints on this update?

@rustic sage find useful files

Believe me, I am for the last few hours. 😔

@rustic sage use ls -la

@placid quest I am. And there are a lot of files. Not all of them accessible or useful. Still looking...

@rustic sage would u dm me with screen shot

I don't know what wordlist you mean by this

i can dm you? this is a a bit too much spoiler

Hello all, working on the "Active Directory Enumeration & Attacks" module. I keep getting this error when trying the DCSync attack using mimikatz

Is that the DCSync chapter or the Skill Assessment ? If its the first then I believe that your issue is that you're meant to be attacking the ||khartsfield|| user, not administrator

Hey guys, stuck on Password attacks - medium lab. How you do you about finding the mysql credentials once you are logged in as J user?

I tried for Administrator as well as the user. It gives the same error

I can help. DM me?

did you try the cred for the j user?

Honestly, I didn't use mimikatz. I used ||secretsdump over proxychains||.

let me give it a shot. Thanks @pine dagger

Yeah I got the answer too. I was just practicing to see if mimikatz worked the way they showed it in the explanation

It might be that you need to escalate the privs, try ||TOKEN::Elevate|| before you run the lsadump::dcsync ?

Nope. Doesn't work

I'll have to go back and try after I finish skill assessment 2

That would be great! Thank you! 🙂

hi

hi guy, so let say i want to write a pentest report for the attacking enterprise networks module what type of report should i write? there is a lot of both AD and web app hacking

Sorry to disturb you, friends. Let me ask a question: Do we have the course details of Java code auditing here?

not sure if this is what you are looking for the the academy have 3 module about java here is 2 of them and the last one is the Whitebox Pentesting 101: Command Injection module that will "build upon what you learned in the Secure Coding 101 module"

🙏 Thanks a lot sir . Let me see see .

Shell & Payloads Module: The Live Engagement. I'm stuck on HOST-1: I had tried create a WAR file with a Java reverse shell in Msfvenom and uploaded it to Tomcat but I get a HTTP 500 Error when I try to deploy it for a reverse shell. I had also tried used Msfconsole: Tomcat_mgr_upload exploit but it not work there either. Can anyone give me a Hint? I have no clue after working on this many hours

I can help. DM me

hello! is anyone wishing to help me with the footprinting hard lab?

shoot me a dm if you still need help with that

@vital adder Thank you for your help!

hello everyone

anyone who has completed API Attacks to discuss a little bit a logical attack vector under LFI section..!!!

hello im blocked please

I'm stuck under API Attacks LFI section, I found the download folder but can not find the upload, any clue | hint about this?

hello all, i currently doing Footprinting Lab - Medium, i know what is the initial step is, which is to mount the available share and take the information and move on, but the issue is the permission that is given to the share which is "nobody nogroup" , and i can't cd into ther share

since i have to be root when mounting the share, which i have done, can someone help please

@sleek urchin cd TechSupport

"cd: permission denied: TechSupport"

Use sudo cd

@sleek urchin unmount and try again when u are in root privileges

thank you very much, i have been stick there for hours

@sleek urchin look for file with big numbers

i have found it, and cat it and found the necessary information

Ok

Hey all, question about Password Attacks module. I'm in Password mutations, trying to do a question at the end and I'm not sure if I got it. I created a mutated passwords list, but when using the custom.rule from the resources, it has >90k entries. Using the hashcat's best64, it has >13k. Should these be so big? Because using the smaller one (best64) to brute force sam's password according to hydra will take 3h on my local computer...

3h is more than the time allowed for the instance 😄

@high totem You can use egrep to filter out by 10 chars and so on ^.{10,10}$

Hello all ! I'm stuck for few hours on the footprinting module at the last question of the DNS section which ask for the IP of the host ending with .203. If someone could juste give me an hint, would be highly appreciate ! Cheers 🙂

you mean to remove strings that are 10 chars or longer? Or use only 10 char long strings?

@high totem iirc the password has 11 characters

I split the mut_password.list into 8 -> 9 -> 10 -> etc

And eventually got a hit

smart. But makes me not like this question even more. There is nothing to base the assumption that the correct pass is not "1234" or something of similar length

Bruteforcing is a pain in the ass

@jovial halo it's a vhost of .dev. try enumerating that with the 'fierce' wordlist

@high totem egrep '^.{11,11}$' mut_password.list > mut_password2.list

Yeah, did something like this. It's still 18k records 😭

It beats 90k 😐

It worked ! Thanks 👍

hi im blocked please

@knotty summit how

@placid quest for a challenge which is name "tree"

normally it is very easy but here i don't understand

Hi everyone

I have a doubt in the footprinting module in dns, actually I tried to change in the etc/bind directory and then nano names.conf.local but it does not let me modify anything :((

I've been at this for two days and I don't understand what I'm doing wrong 😦

most files in the etc folder are sensitive and thus write protected, to edit them you need to run your editor(nano) with sudo

I got same annoying issue, in the end, I installed BH 3.0.5 on my Windows machine, and finally I was able to import ILF_BH.zip file!

Thanks for the help, but it got complicated again, I was able to make the changes in nano with sudo but now nothing appears when I want to put cat /etc/bind/db.domain.com:(

Greetings everyone I'm actually a beginner. Can someone coach me through?

Hi everyone, I've been stuck on the footprinting easy lab for hours. I've done the DNSENUM with the correct wordlist, but I'm not sure how to proceed

Hi there! I'm stuck on #8 of AD Enumeration Skill Assessment 2 - The flag.txt on Administrator desktop on MS01. I've got the passwords for the two user accounts, and the NTLM hash of ||mssql_svc|| account. I've tried a bunch of different things, but no success. Any hints on what to do next?

Hello all, looking for a hint for password attacks hard lab. I cracked the keypass file and found creds for D user but they do not work for remote logons. So far I’ve found the bitlocker file on D’s smb share and I’ve managed to get the registry hives from the mounted drive, and cracked the hashes. I cracked the admins hash but I’m also unable to logon with it. I was unable to crack D’s hash as well. Any suggestions as what direction to head in? Should I be attempting PtH attack?

From my notes, I think you're going in the wrong direction. Try using ||nmap on some non-standard ports||.

where exactly are you?

You probably won't crack D's hash. You should check ||J's account for a particular file, and crack that||.

@inland coral ive mainly been doing dns enumeration, ive found like a ftpserver but i cant connect into it

@lyric dome yes, I concur with @pine dagger ... look for non-standard ports.

I think i am super lost

Cause i thought the main direction was to start with dns

No

Its "start with the basics"

I was able to crack the keypass file and find D’s pass but not sure what to do with it. Tried xfreerdp and evil-winrm and was unable to login. Should these creds work? Might need to reload vpn key

Use ||nmap... a key to moving forward is to find the right port, and do something.||

I can understand why you went down that route. You're investigating a DNS server. But they don't say anything about investigating it for DNS flaws. So just start from the basic enumeration and work up.

Try attacking ||smb|| with some of the tools that attack that.

Try|| nmap -A -p- <target> ...|| it takes a bit but can often be helpful. There are some cases where that is not the best, so try ||nmap -Pn -A target ... you should see the port from one of those.||

ohhh i see i see, thank you guys

np... if you do not see it, loop back.

Im really new to htb, so im not sure about all the resources. Are there any like walkthroughs anywhere

All the skill assessments for the modules generally work by starting at the basics of the module and working up.

or do you find out mainly through hints

I am new as well, and it's like drinking from a firehose. LoL. So you are in like company!

For academy? No. The point is to trial and error and use it to learn. For boxes, the retired ones have various guides and walkthroughs. Active boxes don't

It can get very frustrating at times, but when you crack it.... feeeeels goooood

I think you mean "hints" generally, not question/answer Hint button hints... but FYI, someone experienced on HTB told me to just click the Hint button because sometimes it has essential information. ||I think for the lab you are on right now, there is one hint button that has required info.||

If you get stuck, try using the search function in Discord on this channel, or checking out the HTB forums. You can sometimes pick up hints that trigger you to realise what you're missing.

hmm makes sense for sure

so i found an ssh hostkey

with rsa and ecdsa

Im not sure if ive worked with ssh much

so idk what those keys mean or do 😅

optional hint: ||You should do something with the key.|| Check in if you get lost.

so after ssh into the server, i have to enter a password

Is that the rsa key or ecdsa key or whats the difference

damn, none of them work

@lyric dome feel free to dm me. but you should be able to get somewhere by ||using the key and the password you already have.||

Ah wait I was confused where you are. Try ||mutating the pw||.

Correct me if wrong but ||would he not have had to do that already to get as far as he is?||

I have sent you a DM

Same name. Two different passwords. 🙂

@languid dawn ^^^

@teal mountain

Could somebody provide me some assistance with "Attacking Common Applications-Skills Assessment I "?

Mind if I DM you real quick?

Hello, I am working on the footprinting easy lab: I have started with a nmap scan and entered into the ftp

ftp> ls -a
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxr-xr-x 2 root root 4096 Nov 10 2021 .
drwxr-xr-x 2 root root 4096 Nov 10 2021 ..
226 Transfer complete

I've entered this command in the FTP but I'm not entirely sure how to proceed

Was watching a show with my wife. 🙂
Try using the ||same mutated password list that was used in the Network Services section||

Just to clarify, I’m using the mutated keepass discovered password to brute force wim-rm? I added the found password to a text file and applied both custom.rule and best64.rule to mutate that discovered password and found no success with crackmap. Am I overthinking this? Thanks for your assistance

If you've ||dumped the hashes|| from ||the files on the vhd||, then you should have the ||administrator hash||. Just crack that and then access the machine.

Went down an unnecessary rabbit hole. I tried logging in with that cracked registry hive password earlier and it didn’t work. Reloaded a vpn key and tried again and it worked!! Thanks for you time!! @pine dagger greatly appreciate your advice.

Now if only someone would give me a hint on AD Skill Assessment 2! 🙂

@fallen osprey I am not a moderator, it's just my username lol 😂

okey 🙂

@fallen osprey it happens all the time with me, just false pings and I like it

@sterile hawk

Ty, removing

I guess the same can happen if someone get robbed and they see a person with name Police 🤣

Hello, for the Network enumeration with NMAP on Host and Ports scanning this question: Enumerate the hostname of your target and submit it as the answer. (case-sensitive

I used sudo nmap -sS -sV

and I got For service info

Service Info: Host: NIX-NMAP-DEFAULT; OS: Linux; CPE: cpe:/o:linux:linux_kernel

I dont know if I am formatting it wrong or whatever

I spent an Hour on this, any help would be appreciated

damn feels like i m a newbie here..totally newbie

Not for long. Youll level up quick here 😁

@sleek urchin

ah it’s not about levelling up..tbh i just have Linux ..but idk how to use/hack

hello, I have a question in the smtp footprinting module, I already listed the SMTP to find the username but many appear and I already tried one by one and it doesn't work, any advice? 🙏🏻

@wraith gazelle use Metasploit

I currently use it but I get many users 😦

finally finished Active Directory Enumeration and Attacks

hot damn what a beefy module

has anyone done the CBBH file upload module? im very stuck , and whats worse is i have the upload.php file

@sly tapir Is it allowed to ask for help when doing exams

im not sure...but i been on this thing for the majority of the day...i feel like im getting dumber hahaha

no hints for exams

its a skills assessment, not the actual exam

Using the Metasploit Framework Module: the text talk about 2 versions of Metasploit: Metasploit Pro and Metasploit Framework (Pro is commercial and you need pay for it) and Metasploit Framework is free. But when I try answer Metasploit Framework on the question (see my Screenshot) it give me a Error. I have even tried online enter: Framework. Can anyone give me a hint?

its a badly worded question and wants to know the name of the tool itself

now I tried with "msfconsole" and it was the right answer. Thank you

Trying to dump hashes for Footprinting - IPMI. Have attempted with msfvenom and not getting the hasehs to dump, how might I go about doing this manually?

@low vine use msfconsole

err sorry thats what i'm using

I think

msf6

Did u search for ipmi

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Like I guess next step would be ot just use some password list?

or maybe hashcat?

Did u provide the ip address

Congrats! Would you mind if I dm you for a hint on skill assessment 2 question 8? The sql01 desktop one.

Yes , I ended up getting it

using something else

err sorry no I didnt end up getting it

working on trying hashcat but no fucking clue and the examples of use seem to not work

Hashfile '/usr/share/wordlists/rockyou.txt' on line 49357 (panda14): Token length exception

hashcat -a 0 -m 400 /usr/share/wordlists/rockyou.txt

because you did not supply a hash or file with hashes

I'm trying to disctionary attack

dictionary*

it tried to crack hashes inside the word list

that's why it said that

So if i wanted to set a username and then use a wordlist to attack.
hashcat -a 0 -m 400 -u admin /rockyou.txt

idk its not clear to me after reading like 5 different "beginner walkthroughs"

how to use hashcat as a dictionary attack

sry I did not read all the conversation before just replied to the error
so you want to crack a hash right ?

No

I dont have a hash (could get the hash with msf)

so I'm trying to dictionary attack since I have username

what protocol you trying

what you mean?

like what are you attacking ftp rdp etc

IPMI

oh okay then i have to get back home later and see because out of my head I don't know how to attack that
if you don't get it dm me in the evening and I'll try to help

yea so far i tried metaspoit to try to dump the hash

but wastn successful so looking at other ways to do it

@low vine u can use john to crack the password

I'm not trying to crack the password

I'm trying to dump the hash

if possible I have to be fucking something up but I dont understand what or why

yep the mode you are using is wrong use the ||one show in the example||

Example? I just randomly googled and came accross so not sure what example you might be referring too

under ||Dangerous Settings|| there is a example hashcat command with the right mode for this hash

i can see the ||right answer|| for that question in your output and hint it's all ||lowercase||

yea idk I dont understand how to use hashcat

just keeps erroring

And I have no information leading me to believe the password is a certain length

so this seems like a bad idea

oh yea you just need the mode from that example

that's why john is a bit better (less error)

okay ill look at john

cause fuck this shit

looking at my notes found || hashcat -m 7300 ipmi.txt -a 3 ?1?1?1?1?1?1?1?1 -1 ?d?u || maybe it helps

it doesnt work

i think that's the example command (it is)

yup pretty sure

found 1 more tool ill try

you just need to || get the hash via metasploit use auxiliary/scanner/ipmi/ipmi_dumphashes || That should definitely work if you set all the required options

so i just give it a try and if you use load the hash in hash cat without the username even the example will work

and then || crack the pw w/ hashcat as shown ||

@zealous belfry i tried i got nothing

from metasploit

[*] Auxiliary module execution completed

hm have you checked with nmap if they use a non default port ?

I did earlier ill rescan

no i just try that and it should work fine (i use the pwnbox not kali)

Let me walk back through set it up again

does the || version enum work? use auxiliary/scanner/ipmi/ipmi_version ||

yea version enum works

setting it up again

Verry Strange

I reset it

so diff ip

Works immediately obviously

no clue

Ty for the help that was really frustrating I didnt have a clue why i was not able to reproduce.

np sometimes they just stuck

¯_(ツ)_/¯

ACTIVE DIRECTORY ENUMERATION & ATTACKS, i'm stuck on privileged access, anyone to give me a helping hand?

Could you be more specific?

did you try using xp_cmdshell to get admin access? by trying to exploit SeImpersonatePrivilege?

Which question, 1, 2, or 3?

not a question was just wondering for learning purposes lol

it's below under "Choosing enable_xp_cmdshell"

Not sure how you're "stuck". That part just involves running the command xp_cmdshell after turning it on.

All the stuff after that is covered in Windows Priv Escalation

ok cool

Hello I am stuck on SSRF AJP Proxy
sudo docker run -it --rm -p 8009:8009 -v pwd/tomcat-users.xml:/usr/local/tomcat/conf/tomcat-users.xml --name tomcat "tomcat:8.0" this command gives me an error like shortname "tomcat:8.0" did not resolve to an alias and no unqualified-search registries are defined in "/etc/containers/registries.conf"

Thanks for the help! The answer was actually all uppercase

@pine dagger were you having issues connecting to the machine via mssqlclient?

oh that's weird it's all ||lowercase|| for me

No.

could you dm me so i can show you?

that worked for me

nice and weird but pls remove that

Currently out on the road. Maybe later on this afternoon

all right no worries ty

I have some order questions, who should I contact.

Who can decrypt elf.so file ?

Paid help

i just finished closed out that section...the skills assessment had me in a very deep rabbit hole

do the active directory attacks module, definitely worth the money

which one did you finish?

The skills assessment

Yeah, for which module?

File upload attacks

Ah!

Have you done Active Directory Enumeration at all? :3

Not yet

Oh Well 😦

But congrats on completing File Uploads!

Any one can give me the pdf copy of “Hands on hacking” by Matthew?

anyoen who has finished API Attacks

to ask something regarding SSRF section

Hello

did you resolve it ?

I am having problems with the login brute forcing module , skill-assesment website section. I've been stuck on this module for some time.

As yaoi74 said is my password wrong ?

I am trying to the second question "Once you access the login page, you are tasked to brute force your way into this page as well. What is the flag hidden inside? "

Is anyone else having trouble spawning machines in the modules? I'm back working on some lower level modules in an attempt to clear out every training module but the box for Win Fundamentals will not spawn.

check if your string for an invalid password is correct.

anyone having issues spawning targets? I have been waiting almost 20 minutes now

I'm having issues spawning target systems too

well there is my answer

@indigo forge @lethal atlas Glad I'm not the only one.

Footprinting Lab - Easy , I ended up looking at the hint giving me username/password. What was the intended methodology for finding this. Could not for the lift of me figure it out.

Yes cant spawn atm

i'm not sure if it's a spawning issue. i'm on login brute force skills assessment and it says i shall look at the website to create a wordlist. but when opening the ip address it just says it cannot connect to the server. also not on port 80. or am i just too dumb to use the correct ip?

Sorry Zeit, that wasn't in reference to your issue, just in spawning the machines in general.

yeah i'm not sure if i'm using the wrong ip address or if the target is not spawning properly. description says "We are given the IP address of an online academy". i'm using the ip I get when spawning the machine and my browser says it cannot connect

I would assume if all of ours is down that your stuff is likely down too

It's sounding like they're running into some internal issues over at HtB if machines aren't spawning. Can you ping the spawned IP?

nope. get timeouts. so i guess it's the spawning issue and not my brain 😄

Haha, glad you got that relief. There's nothing more frustrating than following directions, trying multiple iterations of the directions, and still not getting the flag.

^^

Sounds like it's time for an early lunch. Catch you all later!

yeah i was really questioning myself if i'm too dumb to open a website

you mean I should make a command with something like this ||"/login.php:[user parameter]=^USER^&[password parameter]=^PASS^:[FAIL/SUCCESS]=[success/failed string]"|| ?

you already got the login for the first prompt and now doing the webform? then yes. check the path to the php file, the names of the inputs and the string you use for detecting if the login failed. hint: they're all pretty close to the examples and tasks of the previous sections. but only close, not equal 😉

i received a bunch of passwords but none of them work

i was wondering if the username is wrong

you already found a username from the first prompt. try using that again

you can put the form name and the fail/succes string in the same command ?

in the examples you use the form-tag with the name to detect if you got redirected back to login which basically means your login failed. if it's not found this means you got redirected to another page = successful login

I keep getting passwords but they don't work

i even made a wordlist with cupp for ||nas||

pm so we won't spam here

Thanks! I will look into it after I complete this CBHH course

one of the privileged sections that covers mssql mentions the technique you need to use. The annoying part though is that none of the practical sections actually covers the method you need to use.

I had some issues trying to run it myself, until I discovered a certain convenient shell implements it natively. So it went from frustrating pulling my hair out trying to sort it all together to a 5 second solution 🙂 definitely imo the hardest part of the whole assessment.

Thank you! I'll give that a try this evening.

specifically the Priviledged Access section is the one youll want to scrutinize deeper

anyone is experiencing some buggy behavior with some modules?

Not normally. Only time I had issues with it, it was the VPN related to some platform issues.

Hi

ok., weird

when established a reverse shell with the web server under SSRF section/API Attacks the connection is closed

@pine dagger do you finished API Attacks?

On my to do list.

ok.

OH wait, sorry! I meant the MS01 one. The one after the SQL01 question!

anyone who has finished API Attacks to ask some related to SSRF section..!!!

Oh thats some standard windows post exploitation stuff. Try diff tools though cause I know my first go to tool turns out didnt get the particular info you need, but another common tool I tend to avoid did.

Anybody know why this is happening and how to resolve it?

Can you try nc -lvnp 4444
and let me know if it works

brilliant lol

p expects the very next sequence to be the specified port number

so when you're shorthand grouping them together order actually matters

Appreciate you..

anyone knows other way to establish a connection "reverse shell" than the example of SSRF section under API Attacks?

because when I establish the reverse shell with curl encoded command as described in the section and ran a command the connection is immediately closed

Mmm. Will try again. Did you RDP onto the machine to do that?

no

Hi everyone, I'm thinking of getting a new laptop, should I go for m1 mac or should i stick to Intel/AMD? For hacking purposes

dude, its not about you. maybe someone else needs a hint 😉

I have an improvement to one of the CBBH modules.. who can i send this too? might be nothing because we are expected to Google some stuff, but I was hard stuck on this until i tried a certain tool out, and that helped alot, because the magic numbers didnt work like I expected

#858470491676737536

then turn off ping during reply or ask the question directly lol

@sly tapir I may be happy to know that tool

Hexedit

@sly tapir thanks

So i was having issues starting a reverse shell today. I actually went over to Tryhackme to do a couple easy boxes for practice and when i was setting up a reverse shell. I was using my tun0 ip address.

I noticed in my THM VPN it had mentioned tun1 open or something along those lines. After smashing my head for a about 2 hours I used tun1's ipaddress and it worked.
I'm thinking I may need to delete tun1 from my machine but i'm not really sure. Can anyone explain my issue if I have one and a solution? or does THM use tun1 and HTB use tun0.... I don't really even know what the difference is.

hello,
simple one probably.
i am doing https://academy.hackthebox.com/module/147/section/1657

I am presently looking at svc_workstations.kt. it only has a AES-256 has in there. I believe i am supposed to crack this. My question is, what hashcat code do i use? the formatting of the hash doesnt conform to the kerberos options that i can see.

i have similar issues when connecting to HTB and my usual vpn at the same time. weird delays etc. when you need to use HTB, just disconnect whatever vpn is on your tun1

So i was disconnected from HTB... and started a new VPN via THM

when you say disconnect. What does that entail? I usually just close the terminal window and wipe my hands of it.

depends on how they set something up, when in doubt use ifconfig and check the interfaces listed

depends on how you connect to the vpn i guess?
For example, if you are using openvpn to connect then you can just CTRL-C in the terminal you ran the original command to close the connection.

Once all vpn connections are disconnected run ifconfig.

Ifconfig should list nothing for any TUN interface.

from there connect to the vpn you need to use and run ifconfig again to see what comes up for TUN.

Default should be tun0. tun1 shouldnt exist unless connected.

anyway... can someone help me with my issue? haha.

Went round in a circle, back to things I thought I had already tried, and then finally I must have done something differently. Thanks for the pointer! 🙂

anyone help? i want to get this finished please.

...

does anyone know if its possible for firefox_decrypt to recognize newly added profiles instead of overwriting the existing once?

sry haven't done that yet if you are looking for the right mode take a look at the examples https://hashcat.net/wiki/doku.php?id=example_hashes

there is no cracking necessary in that section

its the Pass the Ticket part afterall 🙂

reason i ask is:
"Carlos has a cronjob that uses a keytab file named svc_workstations.kt. We can repeat the process, crack the password, and log in as svc_workstations."

suggests i should crack.

so i can ignore that and just pth or ptt

if I remember correctly at least

if not go back over how it said to do it

ah yeah it even recommends just plugging it into crackstation. Try that if passing it doesnt work

the hash doesnt do anything in crackstation. Its not NTLM or another supported hash.
Its an AES-256 hash.

I cant use rubeus as its a linux box.
I am at a loss... guess i will keep digging.

figured out why. 2nd file.

I have tun0 still running with no vpn up.

reboot?

Hey ya'll, I am on the last problem for the web proxies module. I am having trouble getting ZAP to intercept my msfconsole exploit. I have set the proxies, rhost, and rport on msfconsole but it not working. Any pointers?

Wasted a bunch of time trying to get ZAP to work with msfconsole. Used BURPSUITE and it worked immediately. Got the last flag.

did you open both programms at the same time?

No, and I tested. ZAP did not work.

asking because if you would then zap cant bind to port 8080

zap is just kinda garbage tbh

because its occupied by burp but if it worked with burp guess its fine

ja i dont like it neither

Yeah, I made sure. I've been using ZAP only cause its open source but I guess burp is a bit better I just don't want to pay while i'm learning.

shouldnt need to

youre fine without the payment

burp community is still pretty good

community edition is good enough

It's kinda frustrating that the modules are labeled easy but I struggled to get them completed

Thought I was decent with computers.

remember the adage

HTB easy is medium to hard anywhere else

ya but tbh sometimes the module assignments are kind weired

anyone of you guys got a quick tip on how to crack the root hash in password attacks by any chance? Dont want to waste my time with rockyou if its not the right path

generally use the mutated password list or the regular password list first, then brush off rockyou

yea i tried but did not hit on any

which lab was it

https://academy.hackthebox.com/module/147/section/1319

found || $6$XePuRx/4eO0WuuPS$a0t5vIuIrBDFx1LyxAozOu.cVaww01u...fqhXg ||

ah I dont have any particular notes on that one

sad :/

Hi, I don't quite understand what you mean by IMAP/POP3 service🤕 in module footprinting

what about em

Footprinting Lab - Easy , I looked at the hint giving me username/password. What was the intended methodology for finding this? Could not for the life of me figure it out.

there is none, is the most common complaint of that module

whenever they do a pass over that module next I expect itll get updated

cause people complain all the time

Not really a complaint just trying to understand what I might have missed/ not understood

But okay makes sense

ty

yeah saying that feeling is the valid reason to be complaining though lol, the hint is just simply mandatory information to complete the section

I saw it and I was like what in the fuck did I miss during the 3x I walked through both FTP servers + other open things

lol

I need a pro hacker

me and you are in the same boat. hopefully we can find some help here tho

Hello! I've solved everything for Information Gathering - Web Edition, Active Subdomain Enumeration, but I want to confirm my understanding...
Is the way to identify the number of zones on the target nameserver (Question 2) simply to try to do a zone transfer on each subdomain and if it works, that's a zone? Or did I miss something much simpler?

Ohhh yeah! AD Enumeration complete. Damn that was frustrating as hell, but oh so fun. 😄

nice congrats

I need help with login brute forcing Skills Assrssment first question "When you try to access the IP shown above, you will not have authorization to access it. Brute force the authentication and retrieve the flag."

I wait an hour without any succes

I am ONE YEAR on this room

can anyone help me with the footprinting medium lab, Already found the creds but hitting roadblocks on attempted methods

How did you get the username b.gates? Are you 100% sure that's correct?

I’m interested in learning more about IDORs and business logic errors does anyone know of any good resources on hack the box or other platforms?

In a forum, I tried with admin too

And doing a 1337 bill

https://academy.hackthebox.com/module/134/section/1158 This has a section on IDOR

You shouldn't need to look at a forum to get a username for HTB Academy Skills Assessments

Everything you need to answer the question is in the module

Read them again and apply what they taught you

From my notes I can see that the username is wrong (^:

That's not helping...

If you don't want to help just don't answer I get enough of these responses one year.

it is help, its telling you that youre on the wrong track and need to refocus back on the content directly in the module

If you dont like the help just because its not the direct answer thats on you

I tried all the possible combinations, everything that was said in the forums I've created random dictionaries of usernames and passwords

So you are not helping.

its big choosey beggar energy

Dude stop sarcasm I have enough of this ONE FCKN YEAR

its the kind of attitude that for me at least makes me definitely not want to help at all

Youre being a jerk to people who simply tried to help you

You are NOT helping at all

Stop being a jackass

It's not the first time I am asking this how the hell do you think I'm passing I'm so fcking happy

I was asking for this since one year

Forums, reddit discord

you taking a year to work on one module doesnt entitle you to being a jerk

Ok so just don't answer if you don't want to help that's all I have a lot of these responses.

Sounds good to me 👍

what even is the module youre working on

hey buddy 🙂

buddy pal

your form name is wrong

so is your page name for that matter

and your params

copy paste less and youd get it. If your command is formatted properly itll find the correct password in about 15 seconds

also also the hint tells you what user to use

My boy needs to try harder if he's been at it for a year

also your attempted command is closer for the form login page but thats the second question and your initial question is about the first one.

which ironically can be solved by a near copy paste from the relevant module page

Hello all! Somebody is doing file upload attacks module (blacklist & whitelists section?) I can't get response from the server but I was able to upload the file 😵‍💫🤔

@nova geyser if u still need help ping me!

I got it now, it is related to the -C flag of hydra and login form attacks tab from room

aghhhh so fucking ez to take one year lololol

wdym by can't get response from the server? so the server crash after you upload the payload? or you can't access the your payload after uploading it?

the problem was that I didnt know what hydra -C did, just knew -L and -P

@nova geyser great to know!

@vital adder can't access sorry I explain wrong but I'm sure was upload succesful

is Easy Lab in Password attacks module intended to solve with resources files?

yep

and is it normal to take longer to bruteforce than the 90 minutes of spawn time? 😂

yea a few peoples including me have that same issue yesterday #modules message

I can't access login bruteforce second skill assesment

it could a problem be from HTB

Hello

anyone can hellpme with Attacking Common Applications - Skills Assessment II

what's the issue?

sure shoot me a dm

i need a little help for an academy module, where should i ask?

here

but make sure to include the module and section name

oo okay, so the problem is for the shells & payloads module's live assessment i was required to rdp into a "foothold" machine, but i cant find a browser on that machine

i think i need one to upload war files and stuff..

Have you tried reseting the VM?

oh yea the new "updated" machine don't have a firefox icon

run firefox on the terminal

omg woww....

ty so muchh

also i'm predy sure that "updated" lab was just an old lab re-used

np

😂😭

hey @vital adder i was wondering, how long did you take to complete AD module?

nope still can't stop procrastinating

rly? I'm kinda near the end but for sure will need to go through it again, too much info

yea that's one of the thing i'm kinda scared of

can't access that ip address

i'm doing the attacking enterprise networks with now and still that module have a lot of stuff

where did you try to access that ip

that target port is ||ssh|| so don't try to access it in the browser

yoooo I have a very weird problem

I'm doing the attacking common services module, ftp section

i bruteforced the ftp serv with hydra and got a login:password and the subsequent flag

except those are all for the smb section

@pliant sage that is what happened to me

so for that module there is i think only one machine throughout the whole module or something so you can kinda still access smb in the ftp section, if you use the right method you should still be able the get the ftp flag

dunno for the rght method but I found another user I'll try to bruteforce that one lol

shoot me a dm if you need help with that

@pliant sage u don't need to brute force because the ftp has anonymous login

yea that's a bit too much spoiler

yeah but it only gives me the password and user lists no?

i saw that anonymous login was enable

@pliant sage try to login with anonymous

yeah no I got that I just misunderstood smth about the files we were given

thanks

Hi there who can decrypt (lib.so) decompiled like smali to java.? To be more readable

Paid help

Missing some lack of understanding on using ssh for Footprinting Lab - Easy
I'm using this command ||ssh -i ~/10.129.60.185:2121/.ssh/id_rsa.pub ceil@10.129.42.195|| I've changed permissions to ||chmod 077|| and not quite understanding what I might be doing wrong. Is it because i've reset my box and what I downloaded is for a diff ip?

@low vine The ssh keys are private not pub

if that is the key you got in some service then yep that's the right key and the naming thing really important but .pub is for public key not private key

and you need to set the chmod to 600 not 077 (for ssh private key)

then how can you make a custom wordlist with the employees names ?

use ||cupp||

as the exercise says
skill asssesment login bruteforce service login

I know about ||cupp|| but how can i find the information necessary about employees ? : ))

oh wait no that's for the password not the username

anyway I am at a THM Hydra room and will get back to it after

for the username use username-anarchy

yea sometime i go back to room for hydra tag

I feel like yall gave me the best possible hint but I'm really clueless on what I'm not understanding

and would love a small ELI5

the only thing you need to do here is change permissions to chmod 600

yea I did and im still getting the same thing lol

thats whats causing me confusion

oh wait that's weird can you shoot me a dm with a screenshot of that error?

Hello ! I need help on Password Attacks Lab - Easy... I get access to the FTP server but once I got the ssh files I can download them and modify them but I can't upload them on the ftp server to make me connect to ssh

why tf would you upload them back on ftp after getting the ssh key?

just use the ssh key to login via ssh

Oh

so i can use the private key directly?

yep

that's how ssh work

Ohhhhh I get it xD thank you mate

It tells me "Permission denied (public key)" is there a command with ssh to use the private key or something?

nope you need to get the id_rsa key from the ftp not id_rsa.pub

Okey I got it ! ssh -i [id_rsa file] with the correct permissions on the file

thank you MRtom !

Ok so I got to that module

I now know about the username

but should I use an online tool for the password ?

I tried a command like ||hydra -l <username> -P <full path to pass> MACHINE_IP -t 4 ssh|| is this ok ?
I think it is but the problem is how to figure out that passwd list

@flint agate try to use xhydra maybe it may be easy to use more than hydra

Why sometimes the "lifetime" of a spawned machine in any module is way shorter than it says? For example, a machine is supposed to stay as spawned for 90 mins, but some of them do not remain spawned for more than 5 mins (and the time counter decreases really fast). Why is this? D: I mean, sometimes you need that time to scan ports, or crack passwords :c

I was looking but didnt see it can we us Burpsuite Pro on CPTS/CBBH?

or community edition only

I hope so 😄 I used Burp Pro on my exam attempt

How did you exam go?

I got the points to pass. I'm waiting for feedback on my report to tell me if I pass or not

Awesome congrats! Looking forward to giving it a go here in a couple months

Good luck!!

can someone help me on login bruteforce second skill assesment ?

Someone have done the attacking AD module ? I'm stuck :x

What do you need help with specifically?

can I send you a dm ?

regarding the creating of custom wordlists

curl -X POST -d 'username=admin&password=admin' http://167.99.204.5:32558/ -v
curl: no URL specified!

Why i have this error?

Sure go ahead

Hiya, having some issues on **Information Gathering - Web Edition ** - Active Subdomain Enumeration.
Every time I try to use > nslookup -type=NS inlanefreight.htb
I'm getting the following: ** server can't find inlanefreight.htb: NXDOMAIN
I've tried looking through messages from users who previously have had this issue but haven't found anything, any help is welcome :)

@raven urchin what is the problem

Regardless of what tool or command I try to use, anything in terms of DNS Enum just errors out and pretty much just equates to not being able to resolve the target.

@raven urchin use dig tool

hi all, im stuck on a lab and really not sure where to go with this. its the footprinting module and im on the easy lab 😳 . I dont want to type to many spoilers in here but proper stuck

anyone help please?

@rustic sage like how are u stuck

ive wget on p2121 says 12 files downloaded but when I cd to it and ls theres nothing in the cd?

nothing in the directory*

@rustic sage try to use ls -la

Hi, can anyone give a hint on module "Attacking Common Services", section "Attacking FTP", Question 2: "What username is available for the FTP server?"
Only suggestion during the text is to brute-force it with medusa, I've tried that now with no luck, can't think of anything else, please help

Cheers crean, making progress now. found what i needed.

@rustic sage ok

@uncut mirage the ftp allows anonymous login so try that

Thanks, ended up working, also made a stupid mistake with the command.

Someone can Help me? 😄

The syntax looks correct to me

Are you using Windows CMD?

yes

Yeah ok that would do it 😄

You need to escape your quotes with \

Linux has no problem with it

can you give me an example?

🙂

Ah

Like 'password'?

I was wrong, sorry. You only need to escape single quotes if it's within double quotes

curl -X POST -d "username=admin&password=admin" "http://167.99.204.5:32558/" -v

with ?

This works

sorry idk discord cancel \

My advice is to stick with a linux-like terminal, or use WSL if you want to keep using windows

Cause funky stuff like that happens in my experience

ty

❤️

No problem 💪

When mounting NFS share what might cause you to not be able to access it?

using nmap it shows /<NFSshare>(everyone)

which makes me think there shouldnt be limitations to accessing it

Wait i think it just hit me

yeh, tho tbh, I'm just curious about "how to grab ip people, learn hacking and shit", not to attack people, but to know what someone else could do to me, and how to protect myself/attack them back

who needs a pro hacker when you yourself are the hacker ?

Not so much module specific but just started using parrot os and I'm receiving !mD: event not found

when trying to use xfreerdp

Not understanding whats going on so kinda lost on whats happening

Hi, can anyone give a hint on module "Attacking Common Services", section "Attacking SMB", Question 2: "What is the password for the username "jason"? "
I can't think of anything to find out the answer. I have tried crackmapexec and ran the ./enum4linux-ng.py without any luck, I have tried to read the file GGJ/id_rsa but it's empty because access denied:/. please help

not sure if this will help but try set +H before using xfreerdp

What is set +H?

yea just trying parrot for the 1st time

and failing miserably

lol

hint either use auxiliary/scanner/smb/smb_login in metasploit or use the --local-auth tag with crackmapexec

i google your error and found this https://serverfault.com/questions/208265/what-is-bash-event-not-found

yea was reading that

the i did get event not found error when using metasploit one liner

so any luck with that command, if not then i have no idea how to fix it

Im just trying to use xfreerdp

and its spitting that out

oh wait what is your xfreerdp command also try remmia

xfreerdp /u:<user> /p:<password> /v:<ip>

trying to login on medium box for footprinting

that look fine but try /p:'<password>' or '/p:<password>'

Oh i did miss that

so did that work?

no

well diff error

oh

command not found ><

<

wait what? 🤣

xrdp = xfreerdp?

wait nope

wait what

guess i failed at installing xfreerdp then

oh wait this is actual cred that password is kinda dumb so I thought it was just a example command

Yea my bad

Idk just having bunch of problems trying to get stuff onto parrot

<

oh yea that make sense the cred have special characters so you need the quotes without that bash will give the event not found error thing

Wish i worked a little more with linux

<

I'm like a 5 year old

so seems like i just explicitly install one of the 2 packages right

i can't remember exactly but i think i did have a lot if issue when installing one of the rdp tool into linux and i wasn't able to fix that issue whatever it was, but i can't remember which rdp tool so if you are having issue installing this i think you should try other tool first

i think so try google that

Is there any like giant package like kali has to just download a ton of extra tools

didnt really find one when doing quick google

Must have missed that on initial install ty

oh thats kali, yea I know kali has it trying to see if parrot os has it

no idea if this will help because i don't have a vm that doesn't have xfreerdp installed so i can't try but i found this https://www.kali.org/tools/freerdp2/

Aight im just nuking this and going bacxk to what I know

lol sorry for the spam

no worries, it's ok to ask for help besides we got way worse scammer that spam a lot here

@low vine
sudo apt-get install aptitude
sudo aptitude install freerdp2-x11

hello anyone who has completed the API Attacks skill assessment?

unfortunately I'm not being able to enumerate the API

any hint?

sure shoot me a dm also keep in mind "the service will respond successfully only after submitting the proper SQLi payload"

thanks

oh needed aptitude

tdhat might have been the thing i was missing

Quick one please, using Hydra with FTP... what Thread count can i get away with (password attacks lab easy)

I used 48 on smb iirc

But I read some people used 64

I am using 64 with FTP now. Slow process tho... I also used CrackMapExec but it goes soooo fast i cant see if i got a hit to stop it in time.....

cme should stop automatically on success

then..... im doing something wrong. maybe.

anybody knows how to kill a process in the pwnbox? Im trying with "kill PID" but its still there

@mellow turtle you can always use xkill

But it might kill all your terminals if that's what you're looking to close

@unreal patio I often close python http server processes with ctrl + z instead of ctrl + c so they still running and i cant use that port again

Then type jobs

and kill %1

the number being the job process you want to end

@unreal patio It worked ty :3

ctrl c

or just close the terminal

hint on list for Password Attacks -Lab "Easy" please?

@loud sapphire details?

i have 2 services. FTP and SSH open. default ports.

I need to find username and pass for one of these services to gain a foothold.

I have used the files in resources but am failing to get creds. am i missing a list of a mutation?

Have you tried without mutation?

yes.

I did this one a week ago and I've forgotten how I solved it

But I thought that one was just user.list and password.list for the initial foothold

see i tried that. I will try again.

which is best for FTP? CME or Hydra?

ftp with cme

Last time I used hydra it skipped over a password

😦

ill try again now. its very possible that cme is skipping

@loud sapphire i think u should try nmap with -p-

I think there is a port opened > 1000

i did. only 21 and 22 open.

i always nmap IP -p- -Pn to collect the active services and then i run the nmap -sC -sV -p{PORTS} -Pn

oh sorry then 🙂

hydra

This a lame question but How do I start?
PS: i have less to no knowledge of programming but i really love the idea of coding

@barren heath academy.hackthebox.com

Is any prerequisite knowledge required?

I cant tell because when i started on HTB i was full stack developer and sys admin

but i dont think so, if you dont know something just google it

Can someone give me a nudge about PW Attacks Lab - Hard?

I got most of the credentials but I'm stuck

@unreal patio where are u stuck?

I can't seem to open the vhd file

import it to your own windows machine

and then open it and put the password

bruhh you had a good knowledge

Is there no other way?

😦

i do it like that @unreal patio :/

if you find another way tell me

:p

Wait last question
Which language should I start with?

@barren heath nice question

mr tom always recommends a video to see

let me find it

https://www.youtube.com/watch?v=lhz0-qAQlBM

hey thanks a lot

@loud sapphire try hydra with -t 64

hydra -L username.list -P password.list ftp://{YOUR-IP} -t 64

@barren heath NP

hii

hi

yes. i did that.

I got it now another way. thanks all.

nice

can you help me

maybe

i am new in cyber security

check this #modules message

isn't the app too costly ?

hey mrtom thats the video u usually send right?

hint this is the right path nvm miss the part you got it 🤣

yep

nice

@barren heath it depends where u live

it is costly where i live

which app?

the website i meant

the academy

ohh

hello

sup

@barren heath its a low price for all it gives

yea not going to lie it kinda is i'll recommend tryhackme if you are new to this

also check the tcm video out there should be some free stuff in there

on it sir

oh yeah i forgot tryhackme have this: https://tryhackme.com/resources/blog/free_path

hello anyone tell me

you need emotional support?

@pulsar fjord #modules message

nice

check that video killer

Okay so trying to clear my head a bit everything shown as an example seems to not work in Parrot

is there a particular reason why?

Or is there some bigger download I can put to it to download most of the tools and not have to do this tool by tool?

@low vine what tool

xfreerdp

winrm

Kali has like an install everything package wasnt sure if parrot had something similar

so what's the issue with both tool?

you can't install or there is an error when using both tool?

@vital adder maybe he needs a package that can install all tools needed

or just use kali

cant

copy paste doesnt work

lol

FUCK KALI

FUCK THIS