#modules

It's a domain user who has administrative rights on the local machine.

Hello @everyone

I want hacking service...

Any professional hacker online?

I will okay

Don't worry I will pay you for that

got it thanks

failed to understand the question

Yeah it's slightly confusing to be enumerating the local box when you're doing all these domain queries

Just FYI if you're not save all the creds you uncover throughout the course of this module. It has you re-using things without expressly telling you.

@halcyon pulsar u are on the wrong place

@candid zephyr can u help me w/ smth else?

I'm trying to solve the last question with ldap filters

Hello. Can anyone help me to decrypt a file please

question is 'Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the an'

I've tried this: dsquery * -filter "(&(objectClass=user)(memberOf=cn=administrators)(userAccountControl:1.2.840.113556.1.4.803:=2))" -limit 5 -attr sAMAccountName

but the (memberOf...) part seems to be incorrect

what file

Im not able to upload the zip file here, can I dm you?

nah no offense but I'm not gonna open random files you send me mate

Its actually a prerequisite for internship

Like those who do it, will qualify for the next round

i suggest you try using john the ripper

"Hello Everyone,
Need to decrypt this files. Interns who will successfully decrypts it, gets chance to work on investigation of ransomware attack case."

https://www.openwall.com/john/

Its not a password file. It has DumpStack.log in it

And the other file name is "BOOTNXT.vision"

yeah no when I said I could help you I thought you were working on a htb academy module, helping you cheat your internship isn't really part of my job and/or skillset

Oh I used a different command for this it seemed like a really awkward way to work around a simple powershell command lol

Well, I just want to qualify the round 0

if something is manually encrypted you can't just use a tool and just crack it

Ahh okay, so what do you suggest?

Google.

odds are, if you can't make it to round 0 on your own you won't make it very far anyways no?

No like, they gave 2 days to complete this task, so just would like to know where to start

so you do know anything about cryptography or encryption?

If you don't know where to start you failed the challenge. Sorry amigo.

yeahh

aight figured it out anyway, thanks!

i just skipped the filtering of administrative privileges lol

Haha dw. If you want to remember an actually useful way to do this you'd really do it with the get-aduser command imo

Get-ADuser -filter {(Enabled -eq $false)} -Properties Description

It's a much more normal powershell syntax.

noted, thanks

im having a logic failure here. Im on the AD assessment but im having a hard time getting mimikatz to work on on my reverse shell

You might have to be more specific.

For example I transfered mimikatz over to the target machine along with all of its other files. I have a reverse shell, as NT authority using (Powershell). I'm trying to execute mimikatz, but everytime i try my shell just stalls out

You mean the shell hangs?

yep

And you're system?

yes

Why are you using a reverse shell and not creating a user for yourself...

valid

L me

It's funny these modules get you out of the habit of basic thinking haha

Yeah, thank you!

Thanks! I'll def check out this vid

Looking for experienced programmers and maybe engineers to possibly be a mentor along the way of my learning journey. Please feel free to DM me

Can someone possibly have a quick message with me regarding AD test 2?

im on the ffuf module and ffuf wont work. Im running the exact command and have checked my IP address multiple times but every time I get 0 results. I dont even get the one provided the 'blog' one

Dirb was able to find what I need but i feel like i should be using ffuf since its a ffuf module

What's your command?

ffuf -w directory-list-2.3-small.txt:FUZZ -u http://157.245.35.145:31627/FUZZ

like literally the first one ;_;

are you running ffuf from the directory that the wordlist is it

is in*

i moved the wordlist to my curretn direcoty so i wouldnt have to do the whole /xx/xxx/xxx/xxx bit

ah okay.

it runs but all the results are just " Progress: [2215/87664] :: Job [1/1] :: 0 req/sec :: Duration: [0:00:00] :"

oh wait your command is weird

you don't need that :FUZZ after the wordlist.

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u http://157.245.35.145:31627/FUZZ

owo ill try

nothign

*nothing

this should be a working command. the only difference is you're setting FUZZ as the variable, by setting no variable ffuf sets FUZZ as the variable by default

are you on the ffuf module?

yeah im on the frist fuff module

like ik the anser but got it with dirb, i just want fuff to work

fuff still isnt giving me anything :(

yeah your command looks right, let me try to replicate and see how it works for me

it literally works for me

ffuf -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://157.245.35.145:31915/FUZZ

so idk

yeah it should be one of the first hits you get

are you suing ffuf on the attack box?

i beleive so

i dont have it in usr but have the list in opt

I am blonde things tend to fly over my head lol

what I mean is it could be filtering out the status code

when you run ffuf what do you get here: :: Matcher : Response status: 200,204,301,302,307,401,403,405,500

I guess the crux of what I'm asking for mine without giving anything away is I got a fairly obvious password in sekurlsa::logonpasswords but it has the heading DefaultPassword, is there somewhere i can see what that password is for or do I just have to try users

i just retired the command using what gateberg posted, its running, ill see if i get anything

this one is running differently

are you getting output? your answer should come early in the scan

i got the anser

ok but fr, the command i put in should have for all purposes worekd right?

Did you buy chance copy the wrong word list with the right name? Lol

naw i double checked it and nanod to make sure it wasnt like empty or something

like all i did was move it to my home direcotry ;_;

that's weird...host could've been down? not sure

welp glad it worked

i have ran into weird things with some of their assessments being ran on public ips and ports

They generally host their random web things on a public docker IP

Same for challenges etc.

can anyone ping this http://167.71.143.119:30603/

like is my computer just being dumb

nvm imma just move to hashcat and come back later

Hello everyone. I'm in the SQLmap essentials. Case 4. I've tried darn near everything. Can someone please point me in the right direction? I'd really appreciate it. PM would be best. Thank you ahead of time.

When I am looking up services using PowerShell do I only need to type in Get-Service?

Powershell is not recognizing Get-Service on the Pwnbox, anyone have any ideas?

It helps if I put in the command in the right location...

sure shoot me a dm if you still need help with that

Can anyone give me a hint to the non-standard update service for the Windows Fundamentals module?

Found what I was doing wrong using the forums. Had the right service just did not add .exe onto the end of it... Very infuriating when I learned that.

Anyone know where i can contact MrR3boot?

How can I bypass the internet censorship in iran?

@rustic sage @vivid aurora I think you should post your question in #general 😄

aight

There ain't no general channel for me tbh

Same

You need to first link your HTB account with your discord profile

umm how

Check #welcome and #bot-commands

I mean that website is restricted for my country, That's exactly why I asked how to bypass internet censorship in iran tho

People in #general will help you for sure 😄

How can I verify tho :/

When I can't access the website lol

Well I see your issue now

PM me can discuss further

anyone here finish information gathering - web - skill assessment? https://academy.hackthebox.com/module/144/section/1311 I got a question for the last one... I feel like im overlooking something overly simple

Hello guys i have a question, how much time does a machine stay active without stop it?

90 mins

thanks 🙂

Good evening! Anyone working around the credentials hunting in Linux!

been stuck for a while with this one 😦 😦

I've finished it...i remember that question, it was tough

any clues you can give without giving away too much?

Where you stuck at?!

tried a bunch of wordlists on each of the domains listed and the main one with no hits

yeah utilize some of your publicly available sources, using a tool or wordlist won't help much

hint says to use sublister, but I haven't found a solution to the virustotal error

ah over DNS, im assuming

yeah

that hint is misleading then, ahah

maybe ill need it after, but thats why thats all I was focused on. Thanks for the redirect

i agree, at least that's how I was able to find the answer, not sure if there is a right way with sublist3r, but using sublist3r just lead to me hours of scanning with not the result that i wanted

alrighty thanks! DNS discovery it is then when I get back to my pc

Any hints in the linux hunting credentials module!

no idea if I did it

link?

https://academy.hackthebox.com/module/147/section/1320

general question... I`m trying to copy files from a ssh session to my pawnbox...

I have a problem in JS Deobfuscation, with who can I contact

I started the smbserver in my pawnbox but in the ssh session it doesnt find the pawnbox...

I didnt look yet, but have you tried ftps?

"Obtain a shell on the system and submit the contents of the flag in the /home/erika directory"

Can't have a remote shell with php

Can't login to ssh via erika

Where have I to look for?

Wordpress module

which section?

what's the issue?

Wordpress module, Skill assessment

Last section

Also last question

so according to my note the ||erika|| user is one of the admin account and you should be able to just change one of the theme to get a shell (also spoiler tags)

Yes i have already tried that way

I receive an error from wordpress

I have found the flag but when submit it, it's give me wrong answer

try using the theme that's not in use and or better use the 404 theme that been working fine for me so far

shoot me a dm with the flag you founded also the section name

and I have verification account issue, it does not send the email verification, I don't know with who can I contact

there is not a 404 theme

@rustic sage in case of you are too lazy to get a rev shell (like me) try this it will give you a shell in your browser and you can just use that to get the flag
https://github.com/Arrexel/phpbash

and you send screenshot of the list of theme?

you'll need to verify your account first use ++verify at #bot-commands

There is no flag here. Get back to hacking!

how can i send a scrennshot here?

#modules message

what is up with the target system spawning? Spawned targets are up for a few seconds before they go away. Not long enough to complete any modules

did you refresh the page?

if you did and you have a docker target then that's the issue

ive had that happen to me 20 times yesterday.... glad im not alone xD

++verify

Please see your DMs for instructions on how to verify your HTB account.

nope, not refreshing. I click Spawn target system. It gives me an IP. Can sometimes curl it once or twice before it goes away and the connections time out. Was using PWNBox just switched to VPN. Same issue

can't even use wpscan:
Scan Aborted: The url supplied 'http://10.129.191.110/' seems to be down (Timeout was reached)

when I was having that issue, I would keep a terminal open with a ping cmd, just to see when its up or down, it would cycle all the time... pretty annoying

would be down 10-15 minutes at a time

was REALLY annoying last week when I had to exploit on and then priv esc. Kept getting kicked off after about 30 seconds. Seems to have started last week sometime

yeah that sucks!

On the attacking common services> attacking SMB. Question 2 gives a user name 'jason' and the password list is given as well in the resource tab. But when I run CME it doesn't work.

Any hints on the linux hunting credentials module?!?!

Read through all the sections. Take notes. Answer the questions.

this may sound like a feels bad answer to some people but its also the truth. Ive helped a fair number of people on here over the past few months and I've noticed pretty consistently that the people who struggle on sections are ones that arent taking section by section notes.

truetrue, I find this area is good to ask for hints, or redirection 🙂

its easy to waste hours in the wrong area ahah

Everyone gets stuck that's part of learning. A lot of people think it's a race though and just think by clicking next a lot they'll magic some knowledge.

the skill assessments at the end of modules often require a synthesis of learned information and so I expect people to get a bit more tripped up there. But particularly when the issues arent on the skill assessment, lack of notes is usually the fault.

and doing the necessary synthesis of knowledge is also a lot harder if notes werent taken.

the second most common issue Ive seen so far is that people will like toss out knowledge from previous modules or think "well the module didnt teach this part so I cant do anything" and its like well you cant let those things limit you, need to have some amount of your own initiative to do well.

There are several modules that have been notoriously difficult but are nearly trivialized if you used the knowledge from the pivoting module or the ffuf module.

I require assistance with the OpenVAS skills assessment lab in the vulnerability assessment module. I know where to find the answer but I do not want to download OpenVAS as I prefer Nessus, I'm still accessing Nessus from the previous lab but can not get the specific answer for two questions. Could someone private message me, I basically just want the answers so that I don't need to go through the process of downloading and using OpenVAS. Thank you.

I managed to find an interesting solution to me problem lol, resolved.

yeah the lab provides a box with it already installed and even the scan already done. No reason to download it if you didnt want to.

Based haha

Calling me out lol

one of many lol

👋

damn that fox got torque

is there any way to search for just free modules?

or do you just have to click around until you find them?

all tier 0 and 1 module are free

it will cost you 10 cube and you will get 10 cube back

Need help on the "Broken Authentification" modules, for the final assessment. The support page mentions "other accounts" that we can contact by adding a country code, but I don't understand what I should add it to, as appending country codes to "support" doesn't work...

hint ||username.(country code)||

Does anyone have a fix for theHarvester in Parrot OS? seems there's a packaging issue with it and i'm getting the same error as this issue: https://github.com/laramies/theHarvester/issues/1151

@rocky marsh

Hiya u too here!

Oh hey invoke haha

Hiya how ya doing

Doin good

Nice ;')

For the File Inclusion module on Log Poisoning was anyone else having trouble getting it to work?

I have tried both curl and burpsuite and once I apply the poison I can no longer see the logs/ execute cmds

its a very tricky and tedious portion

basically any error at all will brick your injection and you have to restart the box

you can often include the error.log to get what php error youre getting with your injection

when I did the assessment it was like ten rounds of inject -> fail -> check error log -> come up with different variation -> reset box -> inject again

im doing word for word what they are doing, im just copying and pasting into burpsuite q.q

rip I dont know how much id use this real world if 1 failure means its bricked

imo log poisoning is the last ditch effort of LFI exploitation

you do it once you exhausted all other methods, and yes I even tested if the kinda new php filter chaining payload works on the assessment and it does not.

there should be a digital forensics pathway

like as a job-role path

IMO

it would serve as a great complement to the other pathways

yeah log poisoning with LFI is kinda risky, if you fuck up you have to wait for the logs to rotate or you're just going to have syntax errors no matter what

eh blue team focused stuff is not nearly as popular on HTB, what blue team content is there is kinda just there lol

well, there should be a place to go online to learn all different kinds of digital forensics: network forensics, web app forensics, linux/windows forensics, etc

I don't disagree I just think it's not as perceptibly cool or flashy, though it fascinates me

Tryhackme does all thay

That

HTB usually just keeps it to red team

I can see which Starting Point machines are free, but once I'm done with those, do you know how to find free content in Machines or Tracks?

if you mean stuff on htb then nope i'm not on there

lolwut

I guess I thought you were responding to me, and about HTB

this section is for the HTB academy and modules, not the main site boxes

Ah, there's where my confusion is then

i need some help by someone that know alot about computer and router

is it htb academy module related?

Hello I did the Login Brute Forcing module and I am facing something very weird : for the last question of the last assessment when connected to ssh as ||harry.potter|| when I try to brute force the ||ftp|| account for ||g.potter|| it doesn't show the password. I watched a video showing it in 5 seconds (https://rumble.com/vrjon5-hack-the-box-academy-login-bruteforcing-with-hydra.html). I faced the same problem during all the module and I wanted to know if someone have had the same problem or if I can contact an admin ? PS: I tried to reset my pwnbox and the target and I tried on my personal VM but nothing change ...

@wide pathwhat wordlist did you use? maybe its not have the password

the rockyou-30 from the target machine

I used the exact same command as in the video

I had some weird problems with hydra. And I started to use ncrack when I had them. If not use meta

By problems you mean hydra did not find password but ncrack did ?

yes actually that happened

Hello is it just me but when ever I sign up on academy.hackthebox.com I do not get a verification email? I checked I did spell my email correctly

seen a couple people ask today about that, there may be an issue. Id reach out to support.

ye I did but its 1 o clock on a friday dont think they're here 😂

thx tho ill reach out tmr

I saw the CPTS course and wanted to give it a go now but...

please teach me to hack crypto

i need to hack some crypto like $100,000 would be enough

not the right channel or the right server for this. Best of luck.

Why people come in here all the time asking that bs

Reactions

Hacking crypto is one of the worst things you could do. Don't steal peoples hard earned money. You really need to think about your life choices and ask yourself how YOU'D feel if someone stole your entire life savings. I hope if you steal someones crypto you lose it all and go to prison

Long press message if on mobile

Someone needs to howl to the nightwolf 😂

there much better haha

Chef kiss

really academy section just needs to add verification to see the channels and itd fix 90% of these spam messages

Lmao

Facts

most sane crypto investing fan

If anyone got the time tomorrow, could someone help me out with file transfers? Bit of a tricky module. Says it takes three hours- not so sure on that.

Sure homie

Ngl this is definitely one of the easier modules

Not for me TwT

We all have different skill levels and that is ok. What is most important is having a growth mindset

I went in with a bad mindset and now im just more annoyed at it, which is a shame

But I bounced back this evening and got over myself and just for on with it and took notes

i got u i can help u now tho if u want

send me a dm @rustic sage

I said tomorrow, sorry. Been looking at code too much today

ok well what time you gonna be around tmrw its not a bad module and is super useful as you progress

0900-1400 GMT

still dm me real quick will only take a second

if not thats cool i'll be around tmrw

bold to assume itll be real quick without knowing what aspect theyre struggling with.

unless youre just handing out answers which is no fun

Yeah I just want to be guided

I hate having answers handed out to me or spoilt

So im stuck on the file inclusion skills assessment || I've found page but I cant figure out where to go from here, I tried getting the source code to the index.php but so far ive gotten nothing ||

and when you figure it out

it smacks you in the face like duh

every. single. time. lol

So for CNAME takeover if it points to a website like this that used to be registered(but now isn't and I can register it): test.www.midigator.com.s3-website-us-west-1.amazonaws.com. am I able to request such a name via AWS or similar provider. I thought those names were random or specifically generated. Can you rly register a domain via AWS or similar like this: test.www.midigator.com.s3-website-us-west-1.amazonaws.com.?

Yea i think you can, in my college class we did that… it was a route console or something can’t remember

For the File Inclusion skills assessment, I can see the flag with ls but when I try to open it with cat according to the error logs it does not exist..

im pulling my hair out

your pathing for it good?

Good morning, please tell me what I need to answer, I do not understand?
Introduction to Windows Command Line,
Finding & Filtering Content,
What defines the functions of our objects?

I can see it with ls, so im using the same path that I can see it with ls

I've even tried adding more ../ and its not taking it

also tried url encoding

maybe the / is being encoded weird

it works with ls fine

i really need some help with the attacking email services module? i could use some hints. Spent 2 hours tried every command i could think of and everything in the lab guide. DM if you want to help I'm 60% done so I'm sure I could help you at some point

Hi everyone, I need a nudge in the right direction for sqlmap essentials case 5, can anyone assist?

sent u a dm

Hi guys! I need help! I tried to sign up for this course called getting started, when I tried to sign up it redirected me to verify my email. But it did not send me the verification.

Can anyone nudge me for AD assessment 1

I have a few ideas maybe i can present them to you

Checked spam?

I got it thanks

nevermind I got nothing on my spam

DM me.

DM me.

I wish the HTB academy would update their Windows Fundamentals course, sailed through it all months, maybe a year ago, but had to stop on the last two questions of the skills assessment because it thought that the SID is wrong, it wasn't. I asked for help on here and I was responded as either "that's weird," or "I don't know what the module is." The Module is dated on Windows 10 and teaches depreciated commands even older. I am bitter because this module has made me stop using HTB for almost a year. I reviewed it just now, and I still stand by this. Unorganized and jumps from 0-100. Sorry for the rant, but not sorry.

go be fair, in pentesting your not always going to encounter upto date machines, things will very often be very very out of date so the newer stuff wont be available

If you can't handle those 0-100 jumps then you won't be able to handle real life scenarios where you will be asked to do 0-10000 jumps 😉

And what is exactly wrong with the SID things? I solved the module and no issues, would you like to clarify more if you may?

Attacking Common Applications - Skills Assessment II

I have managed to enter Nagios with the admin and password but I do not quite understand how to obtain a shell. I have tried several exploits without success. And on the other hand I can't find out the FDNQ of nagios either. Any help here?

Hint: searchsploit

Yes, I've tried several exploits found in searchesploit, maybe I'm not configuring them correctly because I don't know the Nagios Vhost, but none of them work for me

What is the last two digits of the exploit you are using?

46*21

Wrong one

When searching for exploits don't forget utilizing version numbers.

47*99

It is not a guessing game right 😁

It's also wrong

as he said, he tried several

even in metasploit

Look for exploits that give you RCE maybe?

40*67 in metasploit, but without success

...

Be specific when searching for exploits if you gathered enough intel (which you should have done already).

Chained - Remote Code Execution (Metasploit)

Whatever it may be but when using searchsploit do (for example):

searchsploit Apache 5.6

Instead of:

searchsploit Apache

searchsploit nagios xi

Is that a version number or a product name?

product

Hello can someone help me with the first question of Windows Credential Hunting ? I try every password from ||findstr also to search for Unattend.xml (i find 2 file but they don't exist). The password in Powershell Histrory also in web.config|| but nothing work

Password Attacks or which module?

Windows Priv Esc

Why not hunt for files that contain the string "password" utilizing findstr?

if you click on my spoiler I do it and I find a lot of password but none of them work

DM me.

Turns out I knew the answers I was just stupid from being annoyed lel

ey anyone alive here

yes

what's up?

no

no what

no sir

wym by no

what

are you sick whatever

Hey all, after some guidance/ nudge if possible, seems im partially losing the plot. the question is: Submit the FQDN of the nameserver for the "inlanefreight.htb" domain as the answer.

Module nformation gathering, section Active subdomain enumeration

@rustic sage use ns

hi,could you please explain better because what is the fierce pwd list. Is it mut_password or rockyou(both sed and custom.role) or is it the fierce tool. Thank you

I guess it was a wordlist in the SecLists by Danial Miessler, you can find it on Github😉

not all wordlists are the same is the moral of the story

ah,so is it a simple rockyou with all the processes applied,cause I opened before the SecLists and did find like,exact fierce password, am having a bit of issues with double senses,autistic i am. Fierce,ferociuos

absolutely

it is,like that guys, will definitely consider other wordlists for this module and future

Hi! I've been stuck on the live engagement (shells and payloads) for hours. Please help. I tried to use eternal blue on host 3 but it keeps on erroring out. I also am trying tomcat manager upload for host 1 but that doesn't work either. What am i doing wrong?? I'm so frustrated:/

What is your msfconsole exploit/payload? @teal birch

I'm also stuck in host 2 and i'm using the exploit 50064.rb for host 2. For host 1, I'm using exploit/multi/http/tomcat_mgr_upload and for host 3 i'm using exploit/windows/smb/ms17_010_eternalblue

Wrong exploit/payload for host 3

okay and what about the other two?

I did not use metasploit for host 1 as it suffices to upload a msfvenom payload and catch the reverse shell with nc

For host 2 it is correct

yes but i can't login into the manager

i used the default credentials

who said so? Did you read the section clearly?

See the hints

i'm an idiot😂

i just now saw the creds

so for the host 3, do i have to select the psexec exploit?? @kind turret

exploit/windows/smb/ms17_010_psexec

This one??

Why don't you try and see? This is what you will need to do on a penetration test ...

alright i'll have a look. Thanks

i need help with smth anyone free to answer 2 questions ?

@kind turret I finished it:) Thanks for your help, bro!

I'm doing the "MacOS Fundamentals" module. It seems there's no way of spawning a MacOS instance. How am I supposed to answer questions if I can't run commands? Or am I missing something?

I think they all can be answered without spawning one

Thanks! I answered the first question by googling. I was afraid I had to create my own instance.

Good afternoon from Spain! Someone recenlty taken the linux hunting credentials module!! I`ve been stuck for a while 😦

DM me.

For the "Find the numeric version running on your machine and submit it as the answer.", just look at the hint and make up any number 🤣

OK 🙂

Are there licensing issues that impede spawning MacOS instances? I guess so.

If it ain't apple running apple then that's catastrophic.

I am having a rough time with module 58 flag4 this is Running SQLMap on an HTTP Request. From what I have gathered this is a more complex command, hints at using json based http header format so the ?id=1 can be rewritten as { "id" = 1 } in json and then run in SQLMap referencing the file with the -r option. My issue is figuring out how to get that file. I can copy from Burpsuite or from the website but both are in http format. I've tried quite a few things to get this going but it just keeps brushing me off. Anyone have any clues or advice as to what I need to do here? Thanks 🙏👍♥️

the file from burpsuite is fine

json is just the format of the post data. its not http vs json, its http including json

yo guys can anyone help about asyncrat

@flat patrol check ur dm

so can I just copy/paste that {"id"= 1} into what I save as a file from my capture in burpsuite?

json is post data

Because that’s why we call the module fundamentals right? People have to start somewhere, so let’s throw them in level 10000, great logic.

htb is slowly improving things, but its never been a true beginner learning platform

yes, I am learning that...

Thank you. I suppose I’m just not built for it, it is kind of beating me up. Hahaha.

that's what it's meant to do

whooping my butt too

It's not about that. Some people have worked closely with computers their entire life, so your "fundamentals" might not be everyone elses. HTB academy is rough, but HTB is 10 times that. There is a point to it.

That’s is not true at all. Do you think elite warriors like navy seals are just given a gun and thrown into battle? No it takes years of trading starting from zero and building their way up. Quit dis gatekeeper bullshit and encourage your fellow hackers

You guys are right, I’m sorry. I’m just having a mental breakdown, I’ve been working hard at this stuff for awhile now, and little things got to me this morning. I’m sorry everyone. I don’t like Windows, I’ll say that. I know, “get used to it, because everyone uses it,” but blah.

Htb could def be improved in some ways to make it more cohesive and beginner friendly. I’d like to see it so my grandma could take it and become a master hacker

theyre not wrong, a substantial chunk of hacking is being able to quickly process a shit ton of new information and turn it into actionable things in a quick manner.

Doesnt mean everyones got the foundations to do that yet.

That is a learned skill but I agree

your grandma should try tryhackme

theres also the classic Why Cant Programmers Program? that I honestly think has a hacker corollary as well

but that's getting a bit off topic

@barren stone check ur dms

I am reduced to grandma level! 😩😆

THM definitely has better foundational content for true beginners. My only gripe is it kinda babies you so you can make a shit ton of on paper progress there but in real life your skills have barely budged.

Naw I wasn’t saying that lol

MRTom did lol

Actually there is a machine called grandma so maybe lol

😆

if you are new to this give both of these video a check to see where you should start
https://www.youtube.com/watch?v=0vu_Hs4N8B8
https://www.youtube.com/watch?v=lhz0-qAQlBM

@barren stone hit me up if you ever need help via dm I got a good portion done and take real good notes so I can prob steer you in the right direction

@barren stone same goes here

I need help with the Linux fundamentals module specifically with the ssh interactive can anyone shed some light on it??

sure what's the issue?

Is there a module strictly for burp-suite ?

Well it gives me a target with IP address user-name and passsword but I can’t figure out how or where to enter the information to make it work

I must have missed it

hint there are non

Thought so, it does get mentioned quite a bit despite that

yea but thm have them https://tryhackme.com/module/learn-burp-suite

and then it asks for the password

Yeah, that's the only reason I know my way around it, at least a bit thanks to the free module

oh thanks i was about to link that

most of them isn't free 🤣

👍

I put that in the shell? As a command?

yep

Yep, but I know me and 2 subscriptions would be a waste for my lazy ass:D

but remember to change the placeholder for the username and ip replace it with the give that section give you

same

I tired that. And where’s the place for password that it gives

It asks for it after

portswigger (the company that make burp) also have a academy and they have a lot of stuff about web application vuln but not sure if they have burp basic if that's what you are looking for

Interesting, I'll check it out. thanks!

also everything on there is free

Thanks I’ll check it out when I get off work

guys it's just me or the public exploits exercise on gettin started didn 't work ?

i try to ping the IP,nmap, everything i know but the ip don't work .I tried to refresh too

if you are in the Getting Started module that ip is from docker container and you can't ping for scan that

the target will give you an ip and a port and that's all you can access

hint for that it's a website access it and find a "public exploit" for the ||plugin|| version that you can find

Actually check out web proxies module goes into burp and ZAP fairly in-depth

oh yeah i completely forgot about that module

I can’t believe I ever paid for a burp license when zap does it all for free zap is a game changer dat UI is ugly as fuuuu tho lol

Try disabling ping in nmap via -Pn

Reason ping won’t work is a lot of devices disable ping responses.

Also try restarting vpn

Via command line

nobody actually uses zap

I will for a lot now mostly bc of unthrottled burp I ntruder type stuff

But in this exercise vpn i thought vpn is not necessary. There is not vpn file on the exercise to download

switch VPN servers, this happens quite often

You always gotta acces the target connected via vpn

Vpn file stays the same regardless of lab

Thanks but there isnt vpn configuration file in that page

What’s the URL to page

So i can use same file but different exercise?

Yes

Vpn is required for all labs just dl once and you’re good

It doesn’t change per lab

Ah ok so ty. I will try when i go home.

I can almost guarantee that’s why u were having trouble

I Read that if you Switch you need to change vpn file in getting started thats why i Said this

That means if u switch vpn from tcp to udp. I recommend using tcp always

No need to switch usually

I haven’t had to and I’m 60 percent done with cpts

Ok. Thanks a lot man! 🥰

No prob happy hacking

@wet jolt btw most or all labs have a section to redownload or switch vpn it’s near bottom either above or below the pwnbox start instance button. Also you can only use either vpn or pwnbox at a single time. And remember like I said if you have connection issues just stop vpn via terminal and start again USUALLY no need to switch

Anybody tell me how to do the Active Directory Enumeration and Attacks questions? I don't understand where I'm supposed to point kerbrute at?

Just completed Attacking Common Services - Easy. Would be interested to hear from other people who have completed to see if they did it the same way as I did, which I found a bit interesting. I'm sure there is another way of doing it... I think. DM me if you've completed it.

Does anyone know if there is a huge github list of all the githubs we should download through the modules? I want to just do a huge install on a fresh linux install

Don't. Just re-download them every time. Most of these repos get updated a lot.

Mannn, I've had to reinstall linux 5 times cause of my own mistakes lol

Do you have a recommended linux installation, I like Kali linux but parrot runs better and such. But I've heard is that jobs don't like parrot that much

Blackarch is okay

Can't imagine employers caring. Use what you like. OSCP has support for Kali. They're both pretty similar.

Ah, I was told not to use parrot because of either support or jobs. Something

Try both and see which you prefer. I had a vm for both for a while until I settled.

I 100% perfer parrot

Parrots well used. Its all Debian anyway

Okay

I've never heard of an employer myself disliking a certain os

Or vm

Even if for whatever reason you were forced to use one after using the other you'd barely notice once you customise some defaults.

I just did a test between parrot and Kali, same folder size, specs, everything. Parrot used 1-25% on average doing the HTB modules. Kali used 12-99% doing the HTB modules

The only reason I prefer Kali is repos for speed of doing things. I dont notice a performance difference at all tbh.

I used to use one called MATE I think

You'll break either eventually. Stick with the one that breaks less often.

Parrot 100% hasn't given me any major issues (Besides my stupidity), but thank you both for the help!

eh. Always like to geek out a bit.

Yep! My first linux base was some ubuntu based OS, but it did not handle anything well. So that made me think linux sucked, but now I can see it was just that build that sucked lol

quick question - For footprinting DNS, I keep getting host unreachable/timeout for both dig axfr and dnsenum/ custom script provided for it on each domain found after the original transfer. I have restarted my vpn as well as the target multiple times. Is this normal?

Does it give a 404 error? or a 504, etc?

only thing it gives me is connection to the domain failed, host unreachable ( as well as timed out for others

So press f12, and under network, does any of the status's say any of the errors?

I'm in the terminal, not browser unfortunately

Ah, okay

Apologies, I can't help there

Thanks anyways

No problem! But if it says 404, missing file/etc. But if its 504, then its not setup properly

Bro i used vpn but nothing changed..
I had the same problem with parrot on the website

Having an issue with an invalid flag on Linux File transfer.

||Question: Upload the attached file named upload_nix.zip to the target using the method of your choice. Once uploaded, SSH to the box, extract the file and run "hasher <extracted file>" from the CLI. Submit the has as the answer.||

I successfully uploaded the file multiple times zipped and unzipped, checked the contents of the txt and even checked the other side. Unsure what's happening here and at a bit of a loss.

Which VPN are you using?

Starting point right?

try refresh the page or even a hard refresh if that doesn't help shoot me a dm if the flag

did you add the ip and the domain to your hosts file?

https://academy.hackthebox.com/vpn here

2022-12-17 16:02:02 Initialization Sequence Completed

There are separate ones I mean

I think it work fine the VPN but the problem is with nmap

i'm still pretty sure you can't scan htb docker container so if that's your original issue unfortunately there is no fix because there is no issue htb only give you access one port

I've been caught out using the wrong one for wrong environments

I have the target ip/domain on my host file, should I be adding the domains and ip found in the dns transfer too?

Also Tom, im gonna ping you a message, it's still being off

i tried to scan with nmap with the parrot online browser and nothing changed!

sure

again if your target is a docker container you just can't scan it

if you mean you should add the founded subdomain by the tool to your hosts file then yes if you want to also access / scan those subdomain

sorry . okay...so what should i do? this is the ip target to exploit 139.59.161.137:31109

go to that port on your browser

yes it brings me on "Simple Backup Plugin 2.7.10 for WordPress" ..but idk what to do...I'm sorry . i m dumb.

hint you need to find public exploits (hence the section name) for this plugin also you may want to remove that plugin because of spoiler

OMG

I'll let you know how it ends

Hey I have a problem with the module of FFUF, I added the machine ip into the /etc/hosts file with academy.htb as domain but I'm not able to ping it ...

For the File Upload Attacks - Blacklist Filters, I've ran burpsuite and identified what I can upload. But none of them will execute my script. I've tried all sorts of variations to get it to push any output like system(whoami) to just see if it will give any output and I cant get squat. What am I missing?

when adding the target to your host file don't add the port number but when accessing it you need to add the port number to the domain so academy.htb:(port number) also the target for this is a docker container so you can't ping or scan it

ok I did not add the port to the hosts file

For one of the getting started sections (Nmap) trying to connect to openVPN on my VM instead of Pwnbox i'm unable to establish a connection. Just wondering if there's something I'm missing. Does Pwnbox need to be shut down for me to establish a connection on my own vm? just getting : sitnl_send: rtnl: generic error (-101): Network is unreachable

if I can not scan it how can I resolve it ? 🙂

First of all dowload the vpn file to your VM, after that open terminal and type sudo openvpn "vpnfile"

and no pwnbox does not need to by shutdown as far as I know

yes that is what I'm doing that: sitnl_send: rtnl: generic error (-101): Network is unreachable

maybe try to download the file again ?

oh i mean like port scan with nmap not the ffuf thing

The ffuf does not work I got error 😦

ffuf -w seclist/discovery/dns/subdomain...:FUZZ -u http://FUZZ.academy.htb/ I used this command

my note on this module is kinda dumb because i got 0 note on how to find the right thing just the right thing but basically you'll need to find a extensions that can run php but isn't blacklisted also for the payload try <?php system('id'); ?> (to run the id command)

you still need the port on this

Do you have internet on your VM ? try to use nat or bridge connection between your vm and host

even with the port 😦

connection is enabled

Maybe try another server and download the file again it should works

It's working within pwnbox but perhaps I'm just missing something crucial, finishing the module then doing ts :)

so your can access the page but just ffuf can't access it?

also which section are you on?

exact

ATTACKING WEB APPLICATIONS WITH FFUF

Skills Assessment - Web Fuzzing

@fathom pendant wait nope the pwnbox need to be off when you are using the vpn because if not both of them are trying to kick each other of the network

but even if that's the case you still shouldn't get any error just can't connect to your target

yeah that's the thing I'm getting a no connection established

er network is unreachable

able to connect to target just fine on pwnbox

oh for that you need to use to domain without the FUZZ thing in the url and you need to add that in Host so use -u http://academy.htb:31522/ -H 'Host: FUZZ.academy.htb:31522'

try to re-generate your vpn and use that (you may need to restart your target for this) and also which openvpn version are you using?

HO ok it works so it is vhost fuzzing and not subdomain

thx

openvpn is already the newest version (2.5.1-3).

yep i got the same thing on my kali just without the -3 at the end but this shouldn't be an issue and re-generate your vpn didn't work?

I will regen the vpn in a moment just finishing up the module; because I didn't fully read the commands used to get what we need :^)

I think I might of been using the wrong word list as I was going back through with intruder after all the files were uploaded to see which file was successful and none were coming back

hello friend can you express your question in other words ?

hello @vital adder have you taken and completed the local file inclusion module ?

Tried again (using us-academy-1) tried both udp 1337/tcp443 in tcp 443 it states unable to resolve host

It's resolved thanks to MRtom 🙂

ok hope someone will answer my own questions 😭

what was the question again?

i am stuck on the local file inclusion module precisely the skill assessment exercise

what about it are you stuck on

can not succeed bypassing file inclusion filter

have you tried the base64 wrapper yet?

when in doubt getting a peak at some source code can be useful

yes the issue is that a .php extension is been appended at the end of the input

so?

i could retrieve an index.php code having the LFI source code

yes you could

index.php page*

Does anyone else have issues with the Hints, Resources and Cheat Sheets in Chrome? Somehow I can only get them from Firefox...

no issues for at least

then try without it

how 😅

for this you may want to contact support (also no issue for me so far)

just dont put it there

let it fill it out for you

you were able to view the index source yes?

yes ?

then read it closer

Anyone nudge me on AD assessment1

it is php dont really understand php but from what i could tell it loads a error.php page in case it spots a .. and append a .php at the end of each input 😅

dont need to know php, just read it closely

shell isnt always the goal of LFI, sometimes its just information

i used it, still nothing

for this one is the goal

Im aware and I know what I said 🙂

I know exactly what your hangup is on this one but unfortunately I cant state it without it just being a spoiler

can i dm ?😀

sure

I have sql creds but, I've failed to find the correct way to login with them

assessment 2?

1

ah my notes and memory on assessment 1 are nonexistent

oooof

can I ask you a general question then, maybe this can help me

its mostly in my head as just a warmup before the real assessment that is 2

shoot away

??

Still unable to connect via vpn on my own VM ugh

?

So when I get a computer name after some enumeration, as an example lets use
DB2.domainexample.local, how do i go about getting the actual IP for that address??? I can't look it up using nslookup

I also have system privs

I have credentials for a DB account but haivng a hard time authenticating to the instance it exists on

can just ping it from a domain joined computer

i cannot

using the exact name?? Example --> ping DB2.domainexample.local

yeah

let me respin it up and double check. I've attempted to reach out to it

for the ip address resolution you dont necessarily need a ping back either, you just need the system to resolve the address

"could not find host"

so thats kind of where im stuck at

I also am doing this form one of the domain-joined target machines

sure the host exists then?

anyone here done the attacking common services skill assesment?

comon marcie tell me you get the help i need lol

I feel like i'm missing something super obvious in the Public exploit/ metasploit thing i'm missing something to actually get the flag but what is it lol i got the meta command to grab the /etc/passwd but idk

nope I'm a n00b

whats the url?

@fathom pendant ^^

http://139.59.161.137:30360/ I know what the vulnerability but how to use it lol google has proven fruitless

Hmm, in the macOS module I have no command mapped to l1 so I don't really know how can I get the answer also in .zshrc there was no mention about l1 alias

that section did show you how to install some theme i think you are supposed to find that keymap in there

the weird thing is i wasn't able to but google that them with the keymap show me the right thing

I installed the theme and I have error message zsh: command not found: l1

sup?

switchy back to bash maybe i forget how

Your message does not make any sense

chsh -s bash

why would I do that?

actually not right holdf on

I guess.. You did not understand my question.

you are running a zshell and certain commands are not there like history is one

so you need to change it hink it's exec /bin/sh

have you done the macOS module?

oh no i just know when you get that error for a verified command thats what you need to do

no, go through the module, and you will understand.

There was task, to read from .zshrc about command l1 and there is no such command in the .zshrc file.

ugh this is driving me crazy lol it's probably so simple

Perhaps you haven't added the aliases shown to the zshrc file. Once done you'll need to open a new terminal window for it to take effect

your questioning did help, but im still stuck on the same issue of trying to figure out the best way to use the credentials. I've tired a few ways to interact with the host on the shell I have. I'm at the point where I think im trying to setup a pivot proxy

What am I missing I get the etc/passwd/ file for the wordpress one but not sure where to go from there

you can use whats in passwd to get list of usernames to bruteforce

i havent done wp module tho

yup it was obvious and I thought I tried it... i swear if I cat this file...

Yup got the flag

Sorry for the late response, I realized I did not change the ip in the host file after restarting the target. After that it was simple! Thank you

Looking for a small hint for File Upload attacks Assessment || I was able to use svg to be able to read the upload.php but I have no idea where the upload directory is. HTB says we can use it to find the upload directory but does not go into how.. as ive tried fuzzing but no hits so far||

How do you tell metasploit to use an exploit from your home folder? I can't figure it out for the life of me

try asking that in #challenges if you can't access that channel use ++verify at #bot-commands

What am I supposed to do for the 2nd machine on Shells & Payloads Live Engagement?

https://www.youtube.com/watch?v=eWdfr1CcmJc

Did this, didn't work

i've been doing exactly this for 30 minutes

misread some stuff but you should be able to find the upload directory in that file make sure you are checking in the ||/contact/|| directory

@spring sigil after they change the lab now you need to put the exploit in root .msf4

Hey question so it doesn't drive me crazy: if I have successfully connected to the vpn I should see IPs on tun0 yeah? and that should be fine? even if I get that message (Network is unreachable)

yeah

and in metasploit make sure you use reload_all after import the exploit

look for this in vpn terminal:

2022-12-17 19:06:38 Initialization Sequence Completed

or if its been a while this: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA1

at the bottom

i didn't read any vpn log after i run the vpn i just check by scanning or connecting to the target

but that could be the case

its in the terminal you're running it as so if you split your terms which i highly recommend youll see it no matter what youre doing

where do I submit questions about starting point boxes? Thank you.

i got 6 terms in one window 🙂

aint i fancy

at #boxes if you can't access that channel use ++verify at #bot-commands

i got 6 terminal but in tab that's way better for my eye

wdym tab? like 6 open windows?

nope like google tab

like this

ahh ok. i like mine being all in front of me so i don't gotta switch tabs but whatever works for you is cool 🙂

have u ever tried just splitting ther terms via R-Click and split horizontly/vertically

btw anyone know why they chose parrot os over kali for htb?

you can arrange the sizes of each one and everything

yep i did try that and after like 2-3 hours of hacking it will hurt my eye like a lot also i can't focus on one thing

ahh ok well whatever works for you is all that matters

i got 2 32 inch curved monitors together and i just love it it'd be really challenging for me to do work on only one mon or even worse ... a laptop screen. i'm low key jealous of ppl who can work on just a laptop screen. just a randome comment

not related to what we were talking about just being chatty

i work on a laptop screen 🤣

one day i'll need to get good at that

I've given up for now, thanks though

bet you can't put that 2 32 inch curved monitors on your stomach, lay on your bed and start hacking 🤣

when you are done giving up and still need help with that shoot me a dm i'll help you troubleshoot (i got a one liner for that)

nope but i got a projector i can hook it up to and have like a 200 inch screen so that kinda counts ha. its not just laptop screen its hard for me to type on laptop keyboard so ya i gotta work on dem skillz

was gonna send a pic of my setup but it won't let me

you need to verify your account first

alright i gotta get back to htb... btw i'm curious what all of you guys in here how much time you devote to htb per day?

maybe later i will then 🙂

Hello,
Could anyone drop a small hint for the root user for Password Attacks Lab - Medium , Module Password Attacks.
I managed to log in as j, then switch to d.... but I'm kinda stuck for root.

Have you managed to log in to any services with a method that isn’t through a password? Perhaps a key of some type?

openvpn is still not letting me do anything on vm :/ keep getting told the docker is not there and stuff

woooo

I'm new here just wanted to say hello 😄

Welcome Banished!

Anyone able to point me in the right direction for the knowledge check after nibbles? (In the Getting Started module)

I need some help on the Linux fundamentals ssh won’t accept the password what do I do?

what's the issue?

Im attempting to use metasploit. Ill dm you.

when you use the given password what error did you get? just wrong password?

sure

Permission denied, please try again. An I’ve tried again, many times

if you target is a docker container (public ip with a port) then you don't need the vpn to access that target

which section are you on?

System information

so for this did you use htb-student@(target ip) and use HTB_@cademy_stdnt! as the password?

Woods lol I thought the exclamation was an l

sorry not docker some of the internal ones; had issues on the first one even when i try and sudo the commands it doesn't work

When I use proxychains, it always says timeout. I attempted to install "Tor," change the time zone, and restart the service without success. Did someone face this before?

sudo proxychains nmap -p 3389 -Pn -sT -v 172.16.5.19
[sudo] password for kali: 
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-18 10:43 XXX
Initiating Parallel DNS resolution of 1 host. at 10:43
Completed Parallel DNS resolution of 1 host. at 10:43, 0.02s elapsed
Initiating Connect Scan at 10:43
Scanning 172.16.5.19 [1 port]
[proxychains] Dynamic chain  ...  127.0.0.1:9095  ...  timeout
[proxychains] Dynamic chain  ...  127.0.0.1:1080  ...  timeout

I got it, thanks lol

attempting to see if a different VM has the same issue

Hey! I am new! I wanted to ask if OpenVPN is safe, I dont really like trusting downloads I make. (Isnt personal with HackTheBox).

Anyways, do you guys recommend me installing it? Are there any other alternatives?

(is this the place to ask??)

that look like a private ip if that's the case tor can't scan locally

also make sure you have tor running

nope but OpenVPN is pre-installed on a lot of linux system

I am on windows

Actually, I think we don't really need tor to do this right?

if you are scared the install file have a virus or something just upload it on to virustotal or something

Nono, what I mean is that if you as community recommend OpenVPN

I just want to learn to protect my stuff from xss

and attacks

you can't really get attacks by using a vpn that just connect you to a different network

and yep i would 100% recommend that for htb

No like my websites or stuff like that

OpenVPN is safe just where you are connecting to

and for example, if I give up on learning, can I uninstall the VPN?

just don't download random vpn file and connect to random network

uh?

yep it's just program

I mean I am downloading it from Htb page

yep htb network is safe (pretty much)

and for example, can I be hacked or atleast with that VPN? (I am a complete newbie with vpns and hacking :sobs:)

mkay!

if you don't want to install anything in your computer, just use pwnbox

but that only gives you 2hrs

as far as i know

yep

you can get hacked by turning your computer so yes in theory you can get hacked but i don't see anyone did get hacked from openvpn on htb or thm (at least publicly)

same

💀

Can someone DM me the flag or password for the "Password Mutations" section. I understand the commands really well and the bruteforcing is not working, so I'm done wasting time.

so then I should use a vm

kali linux vm

yep

cut the first ||17000|| password

and now the problem is, how do I do that

i use a vm too

Anyways, yt always there to help

Will do, thanks

also you can really hack or learn how to hack on windows so you just use linux or better a vm linux (everyone use that)

I think a vm is better

first give both of these video a check to see what you should learn first
https://www.youtube.com/watch?v=0vu_Hs4N8B8
https://www.youtube.com/watch?v=lhz0-qAQlBM

at the end the one being destroyed is the vm

🫶

I will also find some vids on how to install the vm

:)

i can't remember if those 2 video have anything about virtual machine or not if not search the guy networkchuck on youtube he got a lot of video on how to install / use that

network chuck is the best

yeah

ty!

https://www.youtube.com/watch?v=wX75Z-4MEoM&t=538s this

If I open/start the attack system on my main OS it shouldn't matter if I switch to my VM if I'm doing it that way, right?

trying not to use pwnbox but ugh pain

if you mean you run your vpn on your main os and also run the vpn in your vpn then nope that will be an issue

or if not then i think it should be fine

No I just mean running the htb site on my main and run the modules in vm

yep that's 100% fine

I got it working finally

I think it's because i was trying to use the us servers?

and I was being a dummy and not closing the openvpn connection when trying to delete and add new ones

when refreshing the credentials

but let's fuckin GOOOOOO

also

how do I add the open vpn to my vm?

My man julio has no valid tickets: PtT from Linux: Question 7. Both of his tickets are expired.

e

I lied :C

I am trying to do the priv-esc module and I think the server that's trying to launch is borken

is the privesc server one that requires the vpn? I think the one mine is generating seems to be borked and not launching

I'm feeling a little slow learning these Linux Fundamentals. Trying to find the pathway to the htb students mail but I don't see a command in the cheat sheet and i'm not finding any other directories in the machine I'm ssh to. Can someone point me in the right direction?

figured out what I was doing wrong

What module are you in? If you could provide a link maybe someone can help

The privesc server one starts you off at a standard user that you would have no way of knowing otherwise; thought i was supposed to magically pull it out lol

Yes. unprivileged -> privileged is the definition of privesc lol

Hey guys.

I just installed my vm with kali and idk how to add open vpn to my vm. Can you guys help me?

kali should come with it by default.

How do I set it up with htb?

sudo openvpn /your/ovpn/file

Where ever you downloaded it.

@forest tapir https://academy.hackthebox.com/module/18/section/70

But like, my hbt is on my main os

And the vpn will be on the vm

How do I connect both?

I don't understand.. you connect one attacking host to HTB through openvpn.

attacking machine sorry...

doesn't matter if it's baremetal or a vm

this one takes a bit of exploring

yes lol

been exploring for a bit

make sure to start in /. I'll give a hint: it's one of the last directories, alphabetically

you should only be connecting one machine.

Nooo, what I mean is that I will have the HTB hub on my main OS

And openvpn on my vm

Which one are you hacking with?

That was my problem I couldn't find any other directories with pwd command. Tried to open it with ls command but that didn't work

HTB hub?

app.hackthebox.com

Ackkk

I want to simply connect my starting point (openvpn) of my kali to htb

Okay. Did you download the ovpn config for starting point onto your attacking machine?

"vm"

Didnt you say kali has openvpn already?

yes, but you need the config file

How do I do that

top right Connect to HTB on HTB.

Then click 'starting point'

On my Windows OS?

From Kali.

You have to download the config to wherever you're going to be connecting from.

It's like a "key"

not really, but you can think of it that way

But how do I enter htb from kali if there is no browser

oh?

there should be.

firefox

Let me find it

Oh yeah

👍

@forest tapir I got the answer by guessing. I was right but wasn't able to open the directory for /var/mail

put originally /htb-student/var/mail

then flipped it haha

yup

is there a reason why I couldn't open the directory though?

would I need sudo permissions?

Wait

I need to install kali again

._.

Give me a few mins to download it again

y?

Idk

wat

Suddenly the amd dissapeared

The file

It was just folders

._.

huh?

Idk

Its a zip folder

ok

When i extract

There is just folders

._.

Bruh what

Uhh

Question

I might not be installing kali correctly

From the website of kali, should I download the "Installer Images" or "Virtual Machines"