#modules

Oh duh ><

Wait i'm pretty sure I already tried that

okay lets see

yea login failed

Can u dm me with a screen shot

@low vine use small letter maybe

I'm having a problem here too

yea tried both ways @placid quest

i feel like it should work with 'sa' account but it's not

Okay did I miss something with the SMB connect thing. Like I connected looked around but ddint seem to be shit to find

was that just a rabbit hole?

Or I guess thats where we logically can make the admin connection

okay now im lost i might of missed the section how to use the sql server any tips

No idea

cant get connected

found on alex desktop = Microsoft SQL Server Management Studio 18.lnk

do i need to do anything with that

@storm jackal did you find a way to connect?

Having a hard time mapping this out in my head

sure once i get through it a couple times it will flow better

phew im in using xfreedp

no i was at the same step you were...but I just tried something...password reuse is possible Administrator account

poking around now

iirc there was one user you could rdp into that couldnt connect to the db even with valid creds but another user that could

wait is this dumb that i have to connect back with like sa

or something lol

okay let me try

yea got it

okay lets find some creds

No clue how to use this shit time to google

so laggy lol

wht was it

||snoop around alex's file for some creds and use password reuse on creds that you find||

Hey I have a question for PtH password attacks. It was assumed that a user can connect to a share called dc01. I was wondering how you could enumerate that. On the system logged in with the user i looked at the shares but its not listed. Am i missing something (This is not a question to solve the questions i got that already)

|| PS C:> net share

Share name Resource Remark

C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
The command completed successfully.||

found it whats i believe i found it

Im in as Administrator rdp

nice!

hey I'm stuck with API Attack skill assessment..!!!

i'm trying to execute the automate.py script but i've a syntax error

reviewing the script code i dont see any differences with the module

so, i dont understand why the error

Could someone shoot me a hint for Attacking Common Services - Medium? I've been cracking at it for 2 days now and I haven't been able to get a foothold anywhere. || Besides my nmap that shows ftp is on 2121 I got nothing. As you can't login anonymously and Hydra has come up with nothing. ||

try doing a more thorough scan and go through all the ports, you will find one more port open

if not, try resetting the box

Hey! So I'm trying to complete a section in the linux fundamental module and the question is "What is the path to the htb-student's mail?" and I genuinely cannot find the path to the students mail. The closest thing i found was in /var which was mail.log. Am I inputting the path wrong or am I in the complete wrong spot?

||Thanks finally got it! had to reset it 3 times and finally got it to show up and not be filtered out ||

Hi im having a problem in the PIVOTING, TUNNELING, AND PORT FORWARDING module in the RDP and SOCKS Tunneling with SocksOverRDP section.
I upload the SocksOverRDP-Plugin.dll and tried to load it using regsvr32.exe but Windows delete the file saying that is a virus. The antivirus is disabled by default and i dont know what to do.

@hidden meadow look in var

ran into the same problem. iirc its wrong about AV being disabled and you need to go in and disable it yourself. I could be misremembering

If not I think I had given up and just chained through it not using the intended method

So this is for erratum no?

hint ||environment||

and yep i think the issue is the av

yeah im pretty sure that section is busted as intended

Its down

you minimum have to go through some non listed hoops to fix it, if not ignore it completely and get the flags elseway

check the real time protection

yeah real time can be on even if AV is off

which doesnt make sense, but ya know windows

after you disable that remove both file that the av flag and upload or extract it again

thats an example

it says me to restart in every change i make

i did give up on trying to get this section to work for a good while and this section is kinda dumb because if you have access to the section machine why not use that to rdp into the third but have to set all of this up just to rdp from the first to the third machine

oh yeah now I remember how I did it

i got no idea where you found this but check the real time protection in your previous screenshot

instead of just tunneling the rdp, I just opened a rdp client within my session and just rdpd to the next box lol

me too

yeah but i want to follow the section 😦

but the section is kinda dumb

the section is broken

Ive also never heard of anyone ever using that method in the real world

yeah yeah i know

if the real time protector catch it is not so good

xd

youre never gunna get it as a question in a technical interview and youll ne er do it on an engagement

anyone have any idea why my terminal just stops letting me type sometimes?

in any situation where you NEED to tunnel rdp, youd just use literally any of the other tunneling tools available

either from your implant supporting it, or running something far more popular like chisel

Are you working as pentester mad¿?

chisel is so good I copied my notes for that page into the root of my academy obsidian notes

not yet no

Im echoing the opinions ive heard and read of those that have though

(and maybe from a little bit of teenager blackhat days exp)

dark side teenager xd

Okey so ill rdp with another tool ty guys

np

Honestly if theres anything that the CPTS course could use as a whole module addition, it would probably be a C2 framework

doubled check, academy doesnt have one at all. Would be a great addition. any of the free popular ones would be fine just to get the general principles down of like generating payloads, creating intermediate host beacons, forwarding, loading modules, ect.

hello, i am having an issue with the very first module, when you have to guess bob's password i can simply not find it for the life of me

the module that covers services i believe

specifically which module, a lot of modules can be the 'first module'

the getting started module

the service scanning page

i need to complete the last excercise and i only need the password to complete the page

did you try the example password they gave in the module?

idr the exact answer but id try that one first

they dont give one

||this is a spoiler ig so the hint is that the password is weak||

they do, read through the module again

Anyone having connectivity issues, connected to the VPN but can't ever ping the target

try changing from udp to tcp

Or I try a long Nmap scan it it can't complete

yeah

hint their example username is even the same

yes

oh

i see

i must be blind

thank for the help

np like I said idr if thats even right, it just probably is

hello, i got a problem in the Attacking Web Applications with Ffuf module, in the first question of the finbal examn i dont find any sub-domain whit any of the list i try, can anyone give me a hint?

Thanks, looks like I was on UDP and I switched it to TCP and seems to better, hopefully it stays that way

i had similar issues, switching to tcp was the solution, we probably have high packet loss

I would think I would get a specail VPN as a paying user haha

you do 😛

well more special haha

Well either you did not tryed the correct lists or your command may be wrong

THIS!!!!

WE NEED A MODULE ON C2's. Pls hackthebox pls

This is an area I am unfamiliar with.

On another note. Can I have some help on the attacking common applications part 2?

The medium box?

The skills assessment I think.

whoops I missread that as attack common services

Speaking of Attacking Common services, on the Hard assessment || Im logged in RDP to Fiona but I cant figure out how the hell im supposed to connect to the sql server. None of the credentials I have work. ||

Hello quick question. I know that the box are shared so what are we allowed to do on a box ? upload file, ? create file ? change $PATH ?

do what ever you want they reset anyway

ok thx

Mine cryptocurrency

uhm ._.

i mean you can try but its gonna be hard without internet access 😄

sometimes i feel like a 5yrs old whos not allowed to use a computer when im on a box and want to download something

😆

seriously tho. If anybody knows how to do the Attacking Common Applications Skills Assessment 2 let me know. I need help. I am going to cry 😿

https://tenor.com/view/cat-catcry-gif-19131995

not done yet sry ¯_(ツ)_/¯

im quite a few modules away from that one sadly

but most of them seem like pretty short ones though so

¯_(ツ)_/¯

I wish MrTOm was online. He always helps me out but I don't want to ping him.

That dude is awesome

hiding behind that noob rank like a crouching hidden master

||Start with the vhost they give you and thoroughly enumerate it. Keep in mind that it is git||

Can I dm for some clarification?

Sure but it has been a while and that is all I remember from that module though

anyone good with SSH keys? ive got all the info i need i just dont know how/where to store them so when i try to connect via SSH i dont get access denied public key.

well you need to chmod them to 600 and then connect with the priv key aka id_rsa or what ever its called ssh user@ip -i privkey

do i need to make them into a file? i already have them saved in a dir, just not sure what to do from there. ill try do some more reading see if i can figure it out. I do remember covering this before i just cant remember where so got nothing to ref back to at the moment

yea the key has to be a file

like everything in linux 🙃

Could someone shoot me a hint for Attacking Common Services Hard? || Im logged into the remote computer but I cant login to the Db, and theres no users to session hijack idk where to go from here ||

cheers, ill starting reading about that just need a poke into that direction

i dont remember a lot but i do know that i got creds for the db

theres one user that you can rdp into that cannot log into the DB and theres another user you can rdp into as that can.

yo srsly who though that RDP to 10.129.253.112 with user ".\Administrator" and password "AnotherC0mpl3xP4$$" would be cool credentials to log in? gotta escape so much

scratch that I double checked my notes and thats wrong

Has anyone here worked on the Wordpress module before?

theres another module thats very similar, but for attacking common services hard, go back and look at your initial scans again 🙂

I'm a bit confused on how to use wpscan to scan the target forinstalled plugins

|| Are you meaning rpc? As I couldnt connect to that when I first tried ||

Hi guys having trouble with the AD Assessment I

Submit the contents of the flag.txt file on the Administrator desktop on MS01

How can i find the IP address of MS01?

no, much simpler and straightforward

my notes even have myself scolding past me for overlooking it

||Do you mean the smb? I got the credentials from there and got my first rdp from there ||

a tad more complicated than smb

remember what youre trying to login to in the first place here

hello any hints on the footprinting Hard lab ?

||also im presuming you already found the creds, just having difficulty logging into the db||

havent been able to enumerate the service

what am i missing

you try both tcp and udp

I just logged in and im facepalming so hard

dont worry that was my reaction too

In the "Setting Up" Module it says to type "cat tools.list" into the terminal but when I do it says "No such file or directory". What do I do please?

are you in the correct directory?

try using the command: pwd

that will tell you your current directory

then look back at your question and see if you're in the right directory if not you can look around by doing cd <directory> or cd .. , to go back a directory

I still cant find what i need to know... I'm sure its so simple the only thing is i dont remember covering SSH or chmod in this module at all

well i assume you got 2 files right ? a public key and a private key

yup got them

then you take the private key to connect to the server sh ssh user@ip -i privKey

and that should log you in

Question for you, Does this mean im in the linked db or I just ran a command and got the output? The page on sql is a little unclear and I have zero idea what im doing when it comes to sql.

chmod is just a generell thing you need to do cause openssl dont like sloppy rights on these files

nope says identity file privkey not accessible... not sure where its reading the file from

im pretty sure that means youre executing at the linked server, but I could be misremembering

So how do I add commands to execute and return output?

yea then just provide the path to the file you want to use

either absolute or relative

you already have

I'm in the home directory. The module shows "cat tools.list" being typed in at the home directory. It's supposed to be a list of tools that I should download but I don't have the list on my computer

Honestly the mysql portion of this module is kinda all over the place and im just so lost.

thats not mysql

sql

its mssql

the distinction is important

We love windows dont we 😄

almost same thing except windows made something simple way more confusing

yup, but also has built in command execution, which is super nice of them

its a pita to do the same with mysql

the impersonation is also nice tho

the user impersonation or the SeImpersonatePrivilege?

both are nice 😛

well.. so much stuff to exploit so nice of them ¯_(ツ)_/¯

hey ify, I think ive got it sorted. cheers

no worries

So i've been trying to add more on to the remote command but im not getting the syntax right. || EXECUTE('select @@servername, @@version, system_user, is_srvrolemember(''sysadmin''),EXECUTE sp_configure 'show advanced options', 1') AT [LOCAL.TEST.LINKED.SRV] ||

youre stacking executes

dm me

Hi

Can anyone help me with somth.

https://dontasktoask.com

I am lost on this syntax as || EXECUTE(xp_cmdshell 'whoami') AT [LOCAL.TEST.LINKED.SRV]
|| does not work either

gotta enable it first

I tried and I get more syntax errors

you were on the right track with your last message, but stacked the executes

Pm bro

no

is there a way to view hidden dir's in ssh? ive used ls -la but cant quite locate the file i need...

ls -la is correct

if you dont see it, its probably not there

that leads me to my problem then.. appears the file i need isnt there

what file?

a flag.txt

im on footprinting easy lab. done all the bits to get into the SSH

but cant find the flag.txt

||EXECUTE('sp_configure 'xp_cmdshell', 1') AT [LOCAL.TEST.LINKED.SRV] || Im still lost as this wont work either, do I have to keep it with their select?

you gotta use double single quotes tho in a command threw me off one time as well

EXECUTE('select @@servername, @@version, system_user, is_srvrolemember(''sysadmin'')') AT [10.0.0.12\SQLEXPRESS]```

just an example

Finally got the flag, god damn I hate Mssql I need more practice with it

gz :=)

Hello all, I keep getting this error when trying the PrintNightmare attack on the Active Directory Enumeration & Attacks module. Any help is greatly appreciated.

your IP looks bad

youre requesting the call back to be an interface that the DC is not gunna have access to

youll want it to be the 172.whatever of the attack host box

Gotcha! That's my bad

Let me try this

make sure to regen your payload, listener, ect

You were right. I got it!

Thanks @thorn urchin. That was a stupid mistake!

its only stupid if you did it on a live engagement 😉

nothing's ever stupid in a lab environment

thats why youre doing it in a lab environment

What would actually happen if he'd done that on a real target

True! Good practice I guess.

dont know for sure, but it could potentially have network packets trying to go to the wrong IP outside the subnet which could potentially be flagged as an anomaly in whatever detection tools they may be using, possibly early alerting a defender to your presence.

granted youd hope vanilla PrintNightmare would get flagged just as well, but still the principal remains

ja gotcha

I was watching alh4zr3d's stream and once he mentioned that for red team engagements before any command is executed it gets put into slack and double checked by the team and approved. You never want a syntax error or a mistake like that to happen live.

*also subnet earlier not subdomain

I mean makes sense for red teaming if your in a atk against blue team. But just normal pentest 🤔

Like i dont think you gonna send a mail for every command you gonna try 😄

¯_(ツ)_/¯

would be funny tho

Just want to thank you for the help. Your amazing.

np youre welcome

will you guys do the cert?

yes thats the goal then its on to oscp

then working on my Masters at NYU or Georgia Tech

they both have good cyber programs

thats the plan as well, minus the college

uff im kinda against the you buy the cert and then you have to renew that stuff

oscp gets you jobs though

also oscp isnt a renew cert

mostly (at least here) certificates are not important at all

certs are usually more important for the first job

well ..i did not now that

at least last I checked anyways

I already have ccna and Cysa as well as a billion other certs I'm used to having to renew

damn u are going ham

I was trying to swap to the cyber team at my work and I got declined because I was just a net tech

nice, I have an expired A+ cert I never renewed 🙂

Im empty handed ;D

ccna isnt that hard

the new test seems easier too

how much are these

hello

300 for ccna

I dont know man a more viable option for me is to get it later once i got the job but paying all that money for certs idk

ccna will get you an entry networking position

I got B.Sc. in cyber sec next yr then ill go for a junior pentest job

def will do the htb one so i got something to show tho

ive been fiddling around as a repair tech after some unfortunate life turns and Im just tired of it. But oscp is so expensive to risk not passing. But CPTS is much more affordable and supposedly harder, so passing that should make me a lot more confident in one shotting the oscp and make the payment palpable. Then with that getting an entry pentest job should be a lot more feasible

hearing that cpts is harder worries me lol

more so its more modern and more TTP focused

But Im going to finish the pathway and switch to trying the other boxes before attacking the cert

I dont know where u guys are from but here in germany a lot of companies put their interest def not in certs but they will def give u the oppertunity to do them in your job

america for me

so I have to cheatcode HR or its no dice

thats a F

If you can get a clearance the NSA pays pretty well for "pentesters"

after the CPTS I might play around with some of the other labs and dabble in bug bounties while I save up

already checked, NSA mandates degrees that I dont have

I mean that would be pretty sick xD

and cant afford to get

and the only way to bypass the degree req is to have several years of exp on your resume

Georgia Techs Masters in Cyber Sec is around 5k which is extremely affordable for a master

My masters is 3k : )

I havnt been able to afford an associates lol

I dont have assosciates yet

Im young

😢

Take a look at WGU its pretty affordable and you can technically finish the entire degree in 6 months

otherwise Id already have the clearance section checked. My army job had me with secret clearance with top secret eligibility (if required for something)

Still thinking about getting masters degree but i dont see the benefits if you can actually get a pentest job with B.sc

I finished my Comp Sci degree through them in 8 months

ill keep that in mind

but right now my focus is on the oscp plan

mind if I dm you?

tired of waiting to do what I want with roundabout methods

sure but cant promise ill respond quickly

aight was nice chatting w/ u guys but gtg to sleep 😴 cya!

Attacking Common Service - hey guys any suggestions on the wordlist to use for the attacking FTP module?

Iirc you should use the wordlist they gave in the resources of the module.

it looks llike there's only 333 passwords in the included password file. Are mutations required? My understanding is that we are suppose to brute force || R* smb creds || so we can download the || id_rsa || from the smb server so we can logon via || ssh || ?

Dm me?

Has anybody attempted the Introduction to NoSQL skills assessment yet?

It's a fun module, but this skills assessment is killing me

anyone able to help with the footprinting Hard lab. Wass able to ssh into tom acount but stuck on finding any other creds

@warm blaze do u have the ssh keys

yes i do

@warm blaze login in ssh with ssh -i ssh keys tom@ip address

im in with tom ssh already cant find much after that

@warm blaze use the password of tom to connect to mysql database

through xfreerdp ?

@warm blaze no just use mysql -u Tom -p

oh i see let me try that

im in thank you !!!

@warm blaze no problem

Working on Footprinting:Hard lab and I believe I have toms information. I'm failing miserably at trying to login via SSH and frankly not quite understanding how I should appropriately do that.

i've been trying ||ssh tom@<ip> -p22|| but keep getting Permission Denied (publickey)

Very likely i just missing some ssh understanding but trying to get it clear

Wait....think I just got it ...

if you mean the Skills Assessment - SQL Injection Fundamentals then hint you can just use previous example payload and if you are having issue with those payload hint ||columns||

hint it is

but for this to login via ssh you need something else ||key||

yea thats what I was afraid oof, not understanding how I might find/go after that back to reading

yea this is a bit too much spoiler if you need we can discuss this is dm

also this is tom cred so pls remove this

????

wait what?

Weird...

Well I promise I'm not messing with you

looking now....

Hi there guys, can i have some help on AD Skill Assessment I?

pls check because that module do look like fun because i know next to nothing about nosql injection

I didnt see nosql

i guess 0xYaoi got early access

just searched here and dont have the nosql module too

Maybe it’s just for few users

can someone explain to me how to write a proper sqsh query? WHatever I do I don't get an output

so after you type your command the next line run go (no cap) to execute

oh so it's no cap

thanks

Hello all, I'm trying the PetitPotem attack in Active Directory Enumeration & Attacks module. I don't get the base64 encoded certificate. It says Error Obtaining Certificate. Has anyone seen this before?

13minutes

https://cdn.discordapp.com/avatars/1033826573465436321/0efa9b8b8e8b4432575fc68068fb2844.webp?size=80

can anybody tell me why i get the access denied error? I manage to add the key manually through the GUI but couldn't do it by running this command

Can somebody help me at the SSRF module Nginx Reverse Proxy & AJP ?
Can you please send me a picture with the conf file
I think I am doing something wrong that is why I keep getting the "location" error

you would need to run the command prompt as administrator

where you stuck?

Actually figured it out, but damn took me nearly three hours

any idea why this doesn't work? I have added the ip to /etc/hosts

is this from attacking common services > dns section ?

Yes

Hello who completed module nmap

hey could i have a nudge on AD Skill Asssessment II?

Obtain a password hash for a domain user account that can be leveraged to gain a foothold in the domain. What is the account name?

Enumeration with Nmap?

Yes

you would need to enumerate a bit more and find a subdomain

Firewall IPS Evasion hard lab

ah, I did it a couple of days. You just have to use an example provided with ncat in the Firewall evasion session, using the same "source port" method. Try with the same port as in that example

do some poisoning 😉

Output takes some seconds btw, it's not instant

oh geez, i left it and got no hits in like 30s and thought oh well should try crackmapexec and see if i can enum users through smb

Hello everyone ! I am blocked at Password Attacks Lab - Medium ! I found the credentials of d***** & j**** but then on d***** I don't find anything interesting except the ssh private key but I don't have the passphrase for it please help, lot of thanks !

Oh also there is the Docs.zip document in which it talks a lot about inlane deployment service using maven, but I can't do a simple manipulation because I don't have root permissions

there's a way to get the passphrase that was explained in the module

i've tried mail,root,ns1,ns2,customer,ns3 but nothing is transferable

also tried blog and my

thank you !

you need to bruteforce to find a subdomain as demonstrated in that section

i did

with subfinder

DM me

I don't find the way 😒 can you give more hint please?

@fair mesa what is the problem

I don't find a way to get the passphrase of the private key found on the user "d*****" in Password attacks lab -medium

@fair mesa if u use ls -la what do u see

id_rsa id_rsa.pub authorized_keys

@fair mesa how many uses do u see

how many users?

@fair mesa yes how many uses do u see

I see 1 user but I know I feel like I can use this private key for the root user. But I don't find the passphrase

I can write on authorized_keys as well so I can copy my ssh key

@fair mesa how did u login with the first user

both ssh

@fair mesa dm me

I have a question There is anyone known Courses teach Web App Pentesting ?
I want learn Web App Pentesting

use john to find the passphrase dude

Thanks mate I found the passphrase with ssh2john

good

that's not the key for the root user tho

id_rsa I mean

Yeah there was hints as if it was the key for root user so it worked now I got into root thanks again

portswigger

Need some help on file upload attack module skills assessment

is anybody else having trouble with the LFI page 8 (Log Poisoning) exercises? I don't get it to work with the examples from the page or the cheat sheet for that matter

pff n/m...typo 🙂

I'm stuck on attacking common services - ftp
I've used hydra and medusa with the wordlists on the ftp but I find no user/password for ssh

@unreal patio look closely and try to login with anonymous

@placid quest I logged in with anonymous and downloaded the two files and then used those with hydra and medusa, how many threads should I be using?

firewall.wiki

@unreal patio use xhydra

I'll try xhydra again with 12 threads now instead of 16

Because I've gone through that already 😦

fine bro

someone help me ddos https://firewall.wiki so i can test its durability

@spring tundra

what's up buddy

ok

5 star

did you have to use Ncat or was it just a scan?

@vital bough it looks like he was trying to connect to a vpn

@slate dome could you please read the rules. Asking for illegal activity isn’t welcome here

I have the same problem. @vital adder I didn't use special character. I used the filename ||shell.phar.jpg||. Could someone help me with this one?

while you are here #modules message

Ta

so you found the upload directory but having issue with bypassing the filter right?

Yes

hint ||magic number||

I used what was taught on the module..I used ||GIF8 || at the beginning of the file.

here: #modules message and here: https://gist.github.com/leommoore/f9e57ba2aa4bf197ebc5
if you are having issue with adding it that shoot me a dm

hint ||use jpg||

Can I DM you?

sure

Good morning everybody

https://tenor.com/view/wake-up-cat-kitty-feed-me-get-up-gif-23487416

Going back to my CPTS grind

hello all, i just finished the the whole Footprinting module except for one question, which for IMAP / POP3: Figure out the exact organization name from the IMAP/POP3 service and submit it as the answer.

i have done nmap on the services/ip and found the organization name, but when i submit it, it's always wrong can someone help please, thx

what i have is

commonName=dev.inlanefreight.htb/organizationName=Inlan*

commonName=dev.inlanefreight.htb/organizationName=Inlan******

hint ||the organization name have a Ltd in it||

you are right, just submitted it

thx alot

Lets do it!

@low vine so u are doing cpts

Yea thats what I'm working on currently

I plan to take CPTS as a warmup for OSCP and see what happens

Someone up for network enumeration with nmap module ?

@low vine i am following cpts

I've been really happy so far, have definitely learned some things and will likely learn a ton throughout the course.

Vulnerability Assessement module / OpenVAS skills assessment.
I have ran this scan so many times and I'm not getting the results i need.
In the description it gives a target IP and creds. Below the VM it gives entirely different creds and IP. Which one are we supposed to use? I used the ones at the top and the scan doesn't even start. Just goes from 0% to Done. When i use the creds and ip at the bottom it scans to 100% but I'm missing FTP and it seems like through the scan I'm not getting the results the questions are asking for. Can anyone DM me or help me with what configs I need to set up this scan properly?

guys

what happens if i say the n word here

@hazy grotto u don't need run the scan because the ip address is already scanned

What do you mean? It's asking me questions that can only be answered with scan results?

@hazy grotto yes read the scan

ima say it

pls dont hack me for this

@ebon agate what is the problem

hackthebox or tryhackme? I've been using tryhackme but want to hear your guys' opinions

they're both good

some stuff in tryhackme are locked behind payments, whereas hackthebox has much more free stuff to offer

but htb can be a bit confusing (im stuck on a question for like 2 days now lmfao)

but thats probably me being dumb though

if he mean the academy then almost all module are locked behind a paywall

@rustic sage Hackthebox goes deeper and sometimes u may stuck for 3-4 days without getting any answer so u may use Hackthebox after u have tried out tryhackme

like vsimplezz said both are good so do both but thm is more beginner friendly

^

me rn 🥲

I alr bought premium 💀

for tryhackme?

yea

THEN DO THAT THEN INNIT

cus I needed to access the attackbox 💀

ig

can you not set up a vm?

thats what an attack box is

right ?

no thats browser based

im talking oracle virtual box type vm

like actually on your pc

oh, yea, but the vpn connection is too slow

ah ok

if you need help pls just send the question, module and section you need help with also pls remove that (literally almost all right answer is there) and for that hint ||environment||

"origin message was deleted"

oh right yh mb forgot the answers were there 💀

dam, dirsearch is a very handy tool

ive been using locate this entire time 🥲

wait is that even in the cheat sheet

it isnt 💀

welp

what cheat sheet

time to try it one more time

list of commands that might be helpful

naw, I just happened to be using dirsearch for the first time

o

dumb question but ||thats a directory right||

nope check the cheat sheet

or the command in that section

I SEEEEEEE

thank you

i hope this works

bruh, what if Cross-site scripting worked on Discord messages 😳

instant grab everyones tokens 💀

oh my god i literally typed that exact directory in yesterday and it said it was wrong 💀

💀

small typo be like

im so annoyed

ong

prolly had an extra space in there

ive been stuck on a question for literally no reason

maybe

lmao

i cant remember what i input

wait until you got a bug in one of the hard module at that poin you will 100% not sure if it's a bug or you are doing something wrong

i even did ||locate mail|| and input so many of the directories i got from that

i wasted like 2 hours today and yesterday 💀

oh god no

welp

i can finally progress

thanks

what should i know before starting in hack the box

linux shell

basic commands at least

but they do teach you that in the linux fundamentals module

ill check that thanks

np

also learn patience if you get frustrated easily. took me 2 days to answer a damn question cuz of a typo 💀

https://www.youtube.com/watch?v=lhz0-qAQlBM

what a thumbnail 💀

thanks

i have no idea if this is good or not, but my teacher recommended our class this in case we were interested in learning linux cli so see if you like it

https://linuxjourney.com/

yea well i know how to code , networking skills and basic it skills but i lk nothing about linux so i think ill start there

So I am trying to figure out something in the Windows Privilege Escalation under subsection Communication with Processes. It seems as though I am supposed to use accesschk.exe to check for permissions, but accesschk.exe doesn't exist. Could someone point me in the right direction?

What did you figure out?

Hi guys having some trouble with the question

Use a common method to obtain weak credentials for another user. Submit the username for the user whose credentials you obtain.

I'm already inside MS01 but whenever i run Import-Module .\DomainPasswordSpray.ps1 i get an error

Figured it out, in the .ps1 script there is a variable called $Message:

Well Powershell doesn't like it that way, so it should be changed to ${Message}:

Awesome explanation here: https://stackoverflow.com/questions/61581718/powershell-variable-reference-is-not-valid-was-not-followed-by-a-valid-va

well idk about your error, but what can MS01 even access where a password spray would net a credential that you couldnt do from any other host?

You may want to consider looking at something else.

The question hint will point the right way

Can some one help me with file inclusion >. File inclusion prevention. I don't understand what they mean by make a webshell and execute using system(). I think I found where the disable functions place is in the ini file but idk if I'm editing that correctly either

actually figured it out, edited my original question for others who have the same problem know the fix

Awesome, but its still the wrong path 😛

oh wait I may be thinking of a different question

ye nvm

check in C:\Tools\AccessChk\accesschk.exe

Oh I am dumb haha. Thank you.

hey guys can someone help me out with hashcat final exercice?

tried everything

aaaaannnnnd I got it

hello

https://www.youtube.com/watch?v=0vu_Hs4N8B8&t=1036s I have a video on my channel for noobs

about to say videos showing beginner where and what to learn to get started is always good, mind shamelessly plug your channel? already did

oh wait when did they updated the ptf? the last time i check from hackersploit that thing was super outdated

Still being updated.

Has anyone been able to install tplmap? I try from the exersise but I keep getting an error when I do pip install requirements

it seems so and i may miss remember this also i got 0 idea when is the last time i check but i think the last time i check it wasn't getting any update in years

this is what i have for the pwnbox

git clone https://github.com/epinna/tplmap.git
cd tplmap
pip install virtualenv
virtualenv -p python2 venv
source venv/bin/activate
pip install -r requirements.txt

Hello guys hmmm

Im new in the hacking and hackthebox

I'm not going to tryhackme because although hackthebox is also paid for some rooms, I can't pay and hackthebox seemed better than tryhackme

and I wanted to ask something

I have a video that I posted to help out noobies

Also wut is your question

when install to connect OpenVPN, q put tcp or udp

I usually do UDP

Hm okay very thanks

https://www.spiceworks.com/tech/networking/articles/tcp-vs-udp/ Really just a different type of connection if that makes sense

I'm from Argentina and I don't know much English hahaha

oh shit lol

lol hmmm

Do they speak SPanish or Portuguese in Argentina?

Spanish, portuguese? Wtf lol

that is spoken in brazil and portugal

oh my b. I thought they spoke spanish because online it says Spanish is the official langauge

jesus christ nice vid and you did cover some stuff that tcm didn't, like setting up lab and which tool to learn which is very useful for beginner

Thank you, I was able to get it on the pwnbox. Not sure why I can't do it on my VM tho

hm okay hahaha

Guys, is there a way to verify me or something like that to be able to send images?

use ++verify at #bot-commands

Thank you so much. This is my first vid so I really appreciate the feedback.

i just try on my kali and i did get an error: subprocess-exited-with-error error message if you got the same thing give me a sec let me see if i can troubleshoot this running each command at a time fix it for me 🤣

Liked and subbed

hey there, need some help with

Submit the contents of the flag.txt file on the Administrator Desktop on the SQL01 host.

On AD Skills Assessment II.

Tried logging in both through skills-par01 and my own attack host which is connected via sshuttle to the 172.16.6.0/23 network but the login fails with this error

ERROR(SQL01\SQLEXPRESS): Line 1: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.

Any typs?

what are you trying to login with and as?

and to what?

Working on the into into Bash Scripting, is Bash like python where whitespace matters?

For example I found that if my echo statement in my if wasn't tabed it didnt work correctly?

can i dm you @thorn urchin ? as to avoid pasting creds here

sure, but im at work so may be slow to respond

anybody on footprinting DNS questions? there is something that I don't fully understand: If I make a zone transfer dig axfr <domain> @<DNS SERVER> I can see several DNS entries. I guess all for that domain. But, if I type dig ANY <subdomain>.<domain> some entries return the IP as I expected but others doesn't. It is normal? If anybody can help me,please? DM or directly here. Thanks

After checking with my notes, when you make an any request it returns all records it finds. Not all records are A/AAAA records that point to an ip. They could also be txt files, email servers, other dns servers (ns ) The attached image shows the return from a dig any on google.com You get name servers as well as email servers and etc

guys can someone help me out with hashcat module?¿

I see. But in the exercice a afxr return several subdomains with an IP.

but dig dev.inlanefreight.htb doesn't return the IP but app.inlanefreight.htb return the 10.129.18.15. It looks like weird for me.

@zenith schooner maybe dev.inlanefreight.htb has a another subdomain

what do you mean?

@zenith schooner i mean if the website has top domain and a subdomain maybe that subdomain has another sub-subdomain

you mean internal. I got it. But my question was about why dig app.inlanefreight.htb any return and IP and not dev.inlanefreight.htb?

they do not mean internal

subdomains can have more subdomains

thats just how subdomains work

@thorn urchin thanks for more information

whether or not theyre internal is a matter of routing, mot DNS

a good example would be say you have 4 different sites with their own sharepoint. So detroit.us.inlanefreight.htb, newyork.us.inlanefreight.htb etc.. They are all members of the us.inlanefreight subdomain which is a member of the inlanefreight domain.

Anyone familiar with bash scripting? I'm trying to write something like:
a.length() < x which would work in something like python. But in Bash im writing it like:

[echo var | wc -c ] -gt $x but idk how to make bash to evaluate the enclosed item first before doing the comparison.

Use pipes

wouldn't || be an or statement?

Pipes get evaluated left to right so if you add a second pipe it would just evaluate the output of echo $var | wc -c

..I say that without actually testing it on my machine 😄

hmm the problem is that it dosn't do the greater than operation after what ever wc is returning

im getting -gt not found

Let me play around with it. I assume it would be because you need to pipe things into a function, -gt looks like a flag for something

-gt is supposed to be a int operator

what output are you hoping to get? Boolean?

I'm trying to get the flag in the Getting Started Public exploits. I get the exploit to comple for WordPress Simple Backup File Read Vulnerability. I got the file but not sure what to do with it.

Yes

The issue it appears is that it assumes the -gt is an operator part of wc, but if I put the entire previous statement in a () it gives me echo command not found

Yeah I understand now

I'm not sure pipe would solve your issue

I think you'll need to use in-line bash or something similar, I'm trying to find the syntax for it now

Like wc -gt <<evaluate bash here>>

You might be able to play around with xargs to do what you need

I figured I could just do the wc and put the result in another variable then check it

not sure if thats working yet since wc isn't returning me a character count for some reason

can i see?

Oh

Btw the -c flag is byte count, not character count. But I guess it would be the same in most cases anyway

I did -m and it didnt work either

figured that part out, idk why you need to echo it but that what it wants

Ahh right lol. Yeah that's weird

Why did you have to use bash and not just python? 😄

im doing the bash module lol

Fair enough then

I took it because I more or less wanted to figure how to make very basic scripts like, do nmap take xml results into html and open firefox with them

Yeah true. I always just stumble through bash when it requires more than just basic piping or for loops

I might do that module

the secret to bash one liners is to just excessively pipe things and eyeball the results until you see what you need to add to the change

nobody does cat file | awk blah | sed s/blah/bleh | grep 'dub' | ect ect off the top of their head

people who do that are psycopaths

yo doing PtH from Linux in password attacks. Just wondering when configuring proxychains the section just said use socks5 and port 1080 but im kinda wondering why we need to use port 1080.

just checked its for the socks proxy service well..

@warm lichen I figured it out if your interested, just know its the answer to a module

depends on what youre using. chisel tunnels tend to wind up defaulting to listening on 1080

do they? In the section it looks like its on 8080 ```sh
sudo ./chisel server --reverse

2022/10/10 07:26:15 server: Reverse tunneling enabled
2022/10/10 07:26:15 server: Fingerprint 58EulHjQXAOsBRpxk232323sdLHd0r3r2nrdVYoYeVM=
2022/10/10 07:26:15 server: Listening on http://0.0.0.0:8080```

thats why im wondering

Yeah DM it to me, I'm invested now haha

thats server mode

if you were say running the server on the target host, and then connected it with the client, the interface the client creates is usually 1080

so just depends on how youre using it

Thank you : D

ah makes sense ty

aw yea also just browsed through the docs and obv they mention it "R:socks" will listen on the server's default socks port (1080)

Hello I’m stuck on cracking the Mr Gates ssh I tried many wordlist and spending so much time on this module , any clue to which dictionary choose?

Anyone, any help here?

create it yourself with cupp

what does this tag do and why does the bruteforce fail without it?

crack map does not have a man page and the --help is rather minimalist doesnt even mention that tag

Hello everyone,

Ive been stuck on active subdomain enumeration for awhile

I need help on the syntax of zone transfer

and how to use dig axfr

what is the easiest way too transfer from xfreeRDP files between windows/linux?

#modules message

Is the bug bounty path worth it?

👍Totally

ok ive just passed my oscp and was looking to really hone down on my web skills.

Looks like i will try that path first and then move onto burp certified, then oswe.

someone?

if you dont particularly care about opsec stuff, the +home-drive option will auto mount your linux home dir.

@graceful mortar using smbserver is the easiest method

no Im about to fo to bed

Ah I realized that. Can we talk tomorrow?

maybe

I'm working on Linux Fundamental - Find files and directory and I'm encoutering trouble w/ the find command

the question is: What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

my command is

find / -size +25k -size -28k -newermt 2020-03-03 -exec ls -la {} \; 2>/dev/null

but I don't find the right answer

what's the prob?

You want to find a config file.
So you have to declare that in your search as well
|| -name "*.conf" ||

It is not quite clear to me what you intend by this
-exec ls -la {} ;

oops I do grep config and also -name *.cfg

the exec part is just to list all the file the find command found then do a ls -la against it

easy to look at

Oh cool, thanks, learned something again

Hello im new

is it normal that I can't connect to the mysql db remotely in attacking common services lab easy?

telnet can't reach it either

nevermind

Any one completed module nmap

Firewall Evasion hard lab

Academy Dashboard is giving a 502

Yes, it's giving a 502

me too🥲

same but only for the Dashboard

i'm in a module right now and after a refresh everything is still fine (also the pwnbox)

me too

but you can't submit the flag in the module 😦

can anyone help with LLPE? I am at the skills assessment and I'm stuck on flag 4

can anyone help me with attacking common services lab easy? I've been at it all afternoon and I'm obviously missing smth but I don't get what

Hey so i found out that i didnt use the intended strategy for Password Attacks - Medium Lab....... Is this something that needs to be patched out so that the intended strat is the only solution or......... are we ok to use other means?

@vital adder Are u on?

yep

Feel free to DM me

I'm currently stuck on attacking common services smb,
xhydra says it's lacking libsmbclient for smb2 which I've downloaded and reconfigured xhydra with but to no avail

If I use the normal reconfigured hydra it only gives false positives on smb2 and on smb it doesnt crack the pw

by false positives you mean? its accepting any username/password?

to install libsmbclient-dev do the following
apt install libsmbclient-dev -t parrot-backports
and then ./configure to check that smbclient is now found.

I just had to add --local-auth to it

oh ok

Hi, I am working on Footprinting DNS module. I already anwered almost all the questions. The first one is not yet solved because I don't understand what they actually ask. Anyone can help me what I am looking for? Any teacher on the room? 🙂

It asks you for the FQDN of the nameserver
https://en.wikipedia.org/wiki/Fully_qualified_domain_name

Done... Sometimes I lost in translation I guess. Thank you.

Good morning colleagues I have a problem to install apache2 in kali I get this and I do not know what to do.

i can't install apache

i don't know about apache but apache2 is pre-install on kali

apavhe2

apache2

Are you talking about the libapache2-mod-jk?

In the console I get this

E: Could not get lock /var/lib/apt/lists/lock. It is held by process 47836 (apt)
N: Be aware that removing the lock file is not a solution and may break your system.
E: Unable to lock directory /var/lib/apt/lists/

and I cannot connect to localhost

Did u try doing a: ps aux, look for PID and then kill it with kill -9 PID

ok

U can do “ps aux | grep apt” and it should filter it to that

[sudo] password for kali:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
apache2 is already the newest version (2.4.54-3).
0 upgraded, 0 newly installed, 0 to remove and 481 not upgraded.

But when I connect to the localhost it tells me that I cannot connect.

it's not running

you need to start it using
sudo service apache2 start
or
sudo systemctl start apache2

or enable it to make it run on startup

Now its running thanks

Hello, i think there is a problem with the server of the box from the Session Hijacking / XSS. I tried to get a response from every parameter of the form with Burp but i fail to see any connexion on my server acces log. While the same thing worked for the Skill Assessment.

Anyone for network enumeration with nmap module ?

Yes?

How to mount Bxxxxxp.vhd in linux? its encrypted with bitlocker but i have pass.

https://www.linuxuprising.com/2019/04/how-to-mount-bitlocker-encrypted.html

thank you

@pliant sage Nice ty

np

if anybody can answer a question about common services - medium lab btw that'd be great

let me check if i have notes

where are u stuck on @pliant sage

imma dm u

Okey

you can also mount it in a windows VM

it is easier

ans faster

everyone should have a Comando VM hahaha

thank you. I managed to mount it with Affect's help.

awesome

@rustic sage Comando VM? whats that?

https://github.com/mandiant/commando-vm

Thank you!

Hello! i do Skills Assessment part 1 in ACTIVE DIRECTORY ENUMERATION & ATTACKS. Stucked on 4 question. How i can connect to MS01? Tried instances SQL, lsass dumped. Computer SQL01 is not responding. What i need to try?

thank you all
https://academy.hackthebox.com/achievement/499031/147

@unreal patio

to build .vhd without taking it to ur windoows

omg did it

nice if i stuck there ill ask u xD @lethal shard

okay 😉

yo

common services lab -hard

why the hell do I get this when I try to read the flag?

@pliant sage no idea

try enabling xp_cmdshell first

Can anyone help me out for a movie with the final knowledge check for getting started? I’m not sure what I’m doing wrong, but trying to run the RCE exploit for get simple metasploit keeps saying it can’t make the session

"Started reverse TCP handler on <ip>
Exploit complete, but no session was created.

you are creating payload with msfvenom?

i dont think ive used msfvenom

using the search exploit on metasploit

i was watching a walkthrough for it and they did the same thing i did, im not sure if its something i did earlier that messed it up or if theres something else i have to configure

nevermind i think im just stupid

is 911 still working

what

the emergency service?

ive configured the payload and it shows that the target is vulnerable, but it keeps giving me the same completed but session not created

send us a image

and let us see how u configured the options

@wary river

alright, yeah

there

unless thats exactly what it's supposed to do and im stupid

can u send me a image of "ifconfig" result?

here it is

try with tun0 ip

done true?

let me try really quick

yes! that worked, thank you!!!

When u are connecting to htb u have to use tun0 ip

because thats the "ip that can see" other machines in htb network

okay, that makes sense, tun0 is the ip from the vpn?

the tunneled ip?

yep

can someone help me with password attacks module

"Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer."

not sure where to start

@limber ledge try brute force method

fuck I suck at this shit, always have to look up answers haha

@ashen orbit That is the best thing and that is what makes learning beautiful thing

lets hope I get better, thinking to much sometimes, i was going to execute dirty pipe exploit when I just had to change to a directory

We all suck at first. Gotta keep battling for an understanding. It’ll start making sense with time.

Hacking Wordpress - Skills Assesment last question, I can't find any credentials, I found the wordpress location but I can't read php files with the lfi vuln (Found it, banging my head for something easy...)

Yeah, I went back over everything and at least get what was done this time. It wasn't a directory it was executing a command as a different user and it made the user switch

Nice! Sometimes you've got to walk away and live with the problem. Honestly, a lot of solutions or different things to try come to me when Im on the couch or taking a break from the frustration. Its like frustration can lead me to try the same things lol.

So when doing privilege escalation, it says you can run scripts, but when I transfer the scripts to the sever, you need root access? How would they help?

@ashen orbit maybe sudo script name

permission denied, but the next section is transferring files, maybe they will elaborate

On Pivoting Tunneling & Port Forwarding, I can see the reverse proxy connection coming in but I don't have a meterpreter connection

Any ideas as to why I don't have a console with metasploit? Its clearly coming back to me correctly.

check your directory

you might of not uploaded it to your current directory

or try ./LinEnum.sh

ok thanks, will try tomorrow as i closed the shell by mistake ahahhaha

when doing a wget from the victim machine you need to include the LinEnum.sh part in the url, in the response you posted it would have returned index.html

Hi there,
I'm currently doing the web service and api attacks skills assessment.
This is the question Submit the password of the user that has a username of "admin". Answer format: FLAG{string}. Please note that the service will respond successfully only after submitting the proper SQLi payload, otherwise it will hang or throw an error.
I manage to get do the sqli and get the password in md5 format, do i need to crack it ? or i need to interrogate the DB to get it in clear text?

Hi someone might help for Skill assessment I - Introduction to deserialization ?

Anyone else have issues with the pivoting module? I can't get metasploit to play nice with my socks server for whatever reason. If I try to open one in Metasplot it crashes instantly.

Anyone good with finding IP address please dm in need of help $$

anyone got an idea why johns not doing what its supposed to do ?

used ssh2john id_rsa > id_rsa.hash before to convert

hi can anyone help with Windows Privilege Escalation - Weak Permissions... i have membership of the admin group but cant get access to the admin directory

will john unzip the .gz for you? I always just point it at the txt file

Doesnt matter if i use eg darkweb wordlist it'll just load and finish instantly

is having a napalm watergun illegal

2 things going on here

1. i dont believe john supports running gzipped wordlists inline, though hashcat does these days

2. it is doing exactly what you asked it to

the reason it appears to be completing instantly is because that's how long it took to go through the candidates you loaded, especially in the case of the gzipped rockyou since that loaded as a bunch of garbled text, which you see on the right side, so the total number of lines was probably much smaller than the already minimal rockyou

So okay, but when using the txt file it's finishing instantly as well. It cant be that fast checking all the hashes tho

(im on the zip one)

l'm stuck in these question too.
Can i dm you for help? plz.

looks like it is

there's only 14M passwords in rockyou

and its doing 10M/second according to that screenshot

so only should take 1.4 seconds

Okkkkkkkkkk

Some hashes are faster to calculate than others

dont realy think that the algorithms stay the same

well then im stuck because i dont know which worlist else to try

you are supposed to get the clear text cred (and flag) when sending the right sql payload

used all the mutated and normal once from the course

i just have the same issue on the pwnbox a exit and re-run metasploit fix it for me

mind if i ask which module are you on?

Password attacks

protected archives

try this #modules message
but for me i end up have get a rev shell to access the flag

so the only note i got on this section is the file is at ||kira document|| and use the mutated wordlist

also i'm pretty sure this is not the case but try to unzip that file there could be a another zip file in there and that's the file you're supposed to crack

nah this one is pw protected

i tried all of the mutated once .. kinda sux

so i just give it a try and it's working fine for me

huh

if you want to double check the hash shoot me a dm if your hash

yea this isn't look like a hash issue try with hashcat

or if you can on a different machine

a07a87ddfd01e9e105dfaa540a2ff75b md5 of the hash

of the zip file?

yes for u to check

nah wait doesnt make sense because the name is integrated in the hash ill shoot u a dm

nope i got different one: 461d6bc95b03112697102d13f880ac33

461d6bc95b03112697102d13f880ac33

the zip is fine

Just want to share how I managed to solve RDP and SOCKS Tunneling with SocksOverRDP exercise following the steps in the section.

After configuring Proxifier, I ran mstsc.exe ||(not as administrator)||. The "User name" needs an additional information: ||The hint mentioned that Jason is a local account||.

Initially I used the alternative method of using netsh.exe shared by user 19delta4u in the forum . From 172.16.5.19, I RDP normally into 172.16.6.155 without success. Using the hint, I tried to play around with switching user and saw that it prompted what was the extra information it needed.

im trying to connect with xfreerdp and i got this error [171895:171896] [ERROR][com.freerdp.core] - transport_connect_tls:freerdp_set_last_error_ex ERRCONNECT_TLS_CONNECT_FAILED [0x00020008]

i think is my xfreerdp version 😔

Try Rdesktop

Need assistance/nudge. AD Living off the land final question

"Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer."

RDP keeps crashing so taking a break

Hello, I am using Mac and i want to setup openvpn and want to complete htb challenges locally. I also have Kali Linux in my virtual machine. Can someone tell me what is the process?

Hello fellow heqrs... I must say this discord business is making me feel like quite the boomer trying to figiure the tv remote out for the 300th time.. Anyways, brb, gotta get these kids of my lawn again, thanks for having me!

(did i already use the wrong chat 🫣

openvpn is pre-installed in kali you just need to download the ovpn file to your kali machine and run it
if you want to run openvpn from your mac device you can google how to install it

That's niceee... Thank you so much.

note the "challenges" don't require a vpn connection

The htb academy questions require?

the academy require openvpn

Ahh i get it now.

Thanks for clarify it, was quite easy .

Dont want an answer but would like to be pointed wher I need to read more. Currently working on Information gathering - web edition ||Submit the FQDN of the nameserver for the "inlanefreight.htb" domain as the answer.||

Not sure if i'm just mentally strugling right now as I feel this would be extremely easy to figure out and find nad I'm just mentally lapsing

Wait

Mental collapse confirmed ><

@low vine use dig ns

I figured it out literally right after I asked

I did try ns but let me try that again

cool, thanks for that.. i ended up going with a reverse shell too

hey everybody , i m stuck in privilege escalations exercices in module getting started. I dont understand , how i do read flag.txt in /root/flag.txt , someone want help me ? thanks

Hi I am working on footprinting medium and stucked here.. got one username from nfs share with a password but when using it with xfreerdp get an error because password contains !mD... Anybody could help or send me a write up?