#modules

Sexual Squid Game Fan Club Owner (926879219655524352) has been banned until 2022-12-21 03:29:16 (UTC).

Rippp

Cause you left your caps lock on? 🤣

Ok so this one stumped me because the module teaches you a specific tool which may not be installed on a VM, but is on the pwnbox

the answer is in || the introduction to the 3 boxes ||

I know, I also found the way to do it without installing that tool as well

I got the flag :D

Just figured I'd see if you still needed help with it since I just did it

I DMed you

Helllllllloooooo

Hello, I the question What is the name of the security regulation for credit card payments a company must adhere to? (Answer Format: acronym) is giving me an error saying it is wrong but i am fairly certain it is right. Can someone help me?

Penetration Testing Process: Post Exploitation

Hint: Check the regulation section and look for payment card and acronyms

Hello, I'm stuck answering the following question in the footprinting

What is the FQDN of the host where the last octet ends with "x.x.x.203"?

I have tried all the possibilities using the wordlist. But I couldn't get the answer

I did > Subdomain Brute Forcing

I did, is it not PCI?

it's close

one sec while I pull it up

using dnsenum with SecLists. word list

Is the regulation section inside the Post-Exploitation page? or do i need to go somewhere else in the modules

it's in the Post-Exploitation Page

but it's within that page area that you'll find it :)

Oh, i just got it. I tried that before, but i didn't have the hyphon. Thanks for the help!

No Problem! also as just a note: sometimes the labs can be touchy/buggy so if you're having an issue with a box or trying to nab info when you get to it - sometimes refreshing the host is the key :)

Also if you plan to JUST use the pwnbox remember whenever it is terminated and restarted it starts fresh with no made directories or files downloaded etc

It warns you as such; but they do provide you the resources (If your pc can run it) to the parrot VM they use (though it's not required) but good luck in moving forward! if you ever need help you can always field a question in here; to get best results try and phrase things in ways like
"I am stuck at this module, and have tried this - but no luck" the veterans usually will swoop in and push you in the right direction. The reason they won't tell you the direct command to run is that it doesn't help you learn to use resources :)

hey can somebody help me with a question on the wordpress module

https://academy.hackthebox.com/module/17/section/64

its this section

i got everything except for "Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download"

and i am not sure what to do for that one

help would be appreciated 😄

have you checked all your choices for exploiting vulnerabilities?

yeah, i found out that the plugin im supposed to exploit is the site-editor one

i found this directory on exploit-db

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd

what happens when that is run?

i get this

i sent a ss in dms

Appreciate it

@raven cairn

Which version of the FTP server is running on the target system? Submit the entire banner as the answer.
what do thy mean by entering the entire banner ?

i mean i have the version off the scan and its 1.1 so what kind of stuff are they asking for

Please someone help , i even added the option to trace the packet to see if there's something hidden , but nothing showed up , one script showed some nonsense , but i think the answer needs only the version , and it seems i cant type it right 😄

btw module footprinting

When you are trying to connect to the FTP server, it usually sends you a banner.
If this isn’t the case with your scanner application, then you can always try to connect to it with any other tools, and just grab the whole banner it sends you

Has anyone done the hard lab in the footprinting module and is willing to point me in the right direction? I feel as if I have enumerated all possibilities (which clearly isn't the case, otherwise, I wouldn't be stuck), and I'm not sure what else I can/should try.

i tried nmap , ftp , netcat , openssl

other than FTP v1.1 nothing really came up

so can u please be more specific about what other tools you are talking about ? should i try the telnet ?

@fierce pond , you have the answer in the first screenshot.

i tried that couple times now , its not working , and i keep getting the same answer , there is no other one , let me check the upper case while im entering the banner in the field

ah damn

i was entering that with the 220 ! that was dumb , sorry to waste your time guys

Yeah, the 220 at the front is just a status code, not part of the banner 🙂

well its kinda part of the banner XD !!

anyway , yeah i should have tried to just delete the status code , you are right !

@fierce pond if you have any luck with the next lab (Hard), let me know... I'm stuck there at the moment.

i skipped it all just to take a look XD , if i pass it i will let u know

I am trying to connect to openvpn using mac terminal but I am unable to connect. can someone help me?

i installed openvpn using homebrew

What group type is best utilized for assigning permissions and right to users? I know what group it is but it tells me that it is not

Please someone help me with predictable reset token module?

my target is spawned and now i dont want it

how to disconnect from it

Need help with Password Attacks/Credential Hunting in Linux module. Can i DM someone?

I am stuck on Broken Authentication in Weak Bruteforce Protections section. Question 2. I used|| X-Forwareded-For: TargetIp:Port with deafault-credentials.csv || I've used other lists as well but still can't figure out the correct credentials. Any hints ??

im not sure its possible. just wait for it to end. Or if u broke something and it and want to respawn it - reset it.

it resets with a different ip

but the timer ticks

in thm there is a button to terminate

but i cant find any here

What group type is best utilized for assigning permissions and right to users? I know what group it is but it tells me that it is not

sometimes timer doesnt reset. I fix this my reloading page or just opening a new tab and closing existing one. Looks like there is now way to terminate the target before timer runs out. tho maybe "finishing" the page after u type in all the answers does the trick

which module is this?

active directory

section active directory groups

Introduction to AD? what is your answer

||Security groups||

just read the question with care for each word. it says WHICH GROUP, not WHICH GROUPS

even which GROUP TYPE

correct your answer accordingly. You are right, but should answer the question they ask.

group type and group scopes is the same?

"What group type" should probably have a one-worded answer

no

okey its solved thanks for your help

Your welcome. Just read the questions with care. Mistake in quantity is a mistake.

Need help with Password Attacks/Credential Hunting in Linux module. Can i DM someone?

if you only have the ssh , imaps , pop3 ports , you need to enumerate more , there's 6 ports open ! 🙂

Hello world, I need help, I have a problem with the "Pivoting, Tunneling, and Port Forwarding" module. When I use my kali, the port forwarding reverses do not work and I tried with the workstation, it works perfectly.

I have no response on msf

as long as you can connect to the ubuntu client and to the windows desktop , then there's no problem , check your the ports and the Ip you providing !

sure.. If you are still stuck.. You can dm me

I have tried different ports, I have the same problem.

On the workstations of HTB, it works. And not on my kali. I'm going through exactly the same steps.

oh Yeah i remember that well , can you connect to the VPN correctly ?

Sure

send a screen shot of your configuration

I have never had a problem yet, I am following the CPTS path. I have problems only with this module.

What do you need ?

you need to specify the ip of your tun0

Yeah I tried too

you dont need to try that , it doesnt work otherwise

so the first thing you need to do , is that you need to be sure that the ubuntu will connect to the tun0

I tried 0.0.0.0 and tun0 ip and differents ports

just 1 min

I will try

Can someone help me on Skills Assessment of PIVOTING, TUNNELING, AND PORT FORWARDING module? stuck on the last question. I found another host from the last machine which is 172.16.10.5 (I think this is a DC) but cannot move further.

im not that far yet with that module , sorry 😦

With this command right ? : ssh -R 172.16.5.129:8080:tun0ip:8000 ubuntu@10.129.x.x -vN

there's so much going on for ad assessment 2 :-s

Trying to do the BloodHound assessment, but the BloodHound user//pass is not working. Has anybody experienced this?

you confused me now lol ! , let me check !

bug hint you don't need to 🤣

Howw

hint click this pc in the file explorer

did you use the msfvenom ?

yes

Will check it tonight. Thanks

for windows machine ? yes

lhost= ubuntu ?

yes 172.16.5.129

Does it work on your own kali?

i remember having a problem there on my own kali once but it was related to VPN connection

@sinful falcon i remember helping some guy on this module with a weird issue and the issue end up to be the meterpreter shell is too big to be route through multiple machine but which section are you on?

i dont think you are facing that kind since you can connect to the ubuntu and windows freely

Remote/Reverse Port Forwarding with SSH

With workstation, no problem, only with my own kali

i got no note but i'm pretty sure it's this one

try with a normal instead of the meterpreter shell

I have not to use this one ; windows/x64/meterpreter/reverse_https ?

found an old screenshot on this

nope that's still a meterpreter shell

Ok i wil try, thanks

use windows/x64/shell/reverse_tcp (that work for my babased on the screenshot)

or netcat 🤣

I'll keep you informed

I have this problem now

Need help with Password Attacks/Credential Hunting in Linux module. Can i DM someone?

oh yep i think that's the weird issue the guy i help before but the only "fix" i found for this is just use a light shell (like netcat)

what's the issue? and sure shoot me a dm

oh wait those are the same number of bytes as my first screenshot

try with netcat just for a sanity check

Works with netcat

yep so the issue still is the shell is way too big some how

even with the normal shell

you def have mistake in your exe file or the configuration on msf

I followed the same steps.

Thanks

Thank you for your help

after finishing this ad module I am definitely going to figurre out a better, more orderly workflow hahaha

so many things open 😭

I’ve tried using basic-bruteforce.py with modifications. I’ve tried using burp.. I’ve tried wfuzz too.. can’t seem to figure this one out. Any hint would be appreciated

Has anyone done AD Module Assessment 2 available for a quick Q?

Before I waste a bunch of time...

Nvm it was that stupid mimikatz thing.

Still stuck on Password Attacks/Credential Hunting in Linux module. Can i DM anyone?

@sinful falcon

from my machine

you need to set the ip to your ip machine

@hallow oxide dm

Where?

@vital adder hei man can i dm u because i am stuck on pivoting module skills assessment

so
ssh -R 172.16.5.129:8080:yourtunip:8000 ubuntu@10.129.50.110 -vN

this was right

I tried but it didn't work. I'll try again and maybe on another VPN server, which one do you use? Europe 1 ?

idk , never looked , but it has nothing to do with the VPN , you are getting connected to the VPN and the connection is actually established as u can see from your screen shot here , it just that the msf doesnt get the connection for somereson , i thought it because of the connection through the VPN that's why i specified the redirection in the SSH -R to the ip of the tun , after i done that restarted the process of the msf , and it worked !

Ok, too bad it doesn't work for me.

im trying to tell you that i got the same problem and i worked around it by just replacing the 0.0.0.0 with the actual ip from the tun0 and restarting the msf process , try that and maybe it will work

Thanks, I will try today. Thanks for your help

@fierce pond replacing 0.0.0.0 may not work

I will test too with new kali instance

why not ?

he's getting connected to it , it just the matter of the msf , and idont know if msf has it own routing tables , but it worked for me while having the same problem , are you facing the same problem as well ?

@fierce pond no i have completed that selection but on skills assessment i have tried to use the msf but i am still stuck since the payload is not showing any errors but i am not getting the shell

are you on the last step of that ?

@fierce pond yes

check out the chat history

@fierce pond i have done everything but i am not understanding where i am making the mistake

.

nnniiggeerrrss nniggeerrrsss

well im not there yet , but i will tell you to recheck everything from the start , maybe with some dawings it should help , i think drawing is essential in the first period of learning Pivoting

Ih

Sorry hi

@fierce pond @vital adder I just tried with another kali VM and it's working !

your nat was the problem ? damn i hate when that happen !!

I have a new problem with the following section... Meterpreter Tunneling & Port Forwarding. Same problem, no return, even with netcat ...

from "Meterpreter Reverse Port Forwarding" it does not work

Port forwarding is present though

@sinful falcon i don't think u need to use nc

your port is open on 3389

yes just a test

the shell must go through port 1234 and return to me with port 8081

@sinful falcon if it is a test u are doing it the wrong way

meterpreter don't work too

@sinful falcon u need to transfer the payload to the windows machine

I did

@sinful falcon can u dm

ok

he's trying to just ping or use netcat instead which should work .

yes exactly

this module will make me lose my mind

yeah that's why i left to another time 2 month ago , hahahaha ! but i already finished mostly everything

@sinful falcon it will not work since ur local machine cannot ping the windows machine due to dmz

i will go back to that module because of you mate thanks for the motivation

I'll move on to another module I think. I hope the problems will be solved in the meantime.

@sinful falcon notice something that IN THE MODULE the redirection is done through the ubuntu not your machine

I follow exactly the steps of the module. If it doesn't work, there is a problem with the explanations given.

@fierce pond yes but u cannot start the nc on ur local machine u need to start the nc on Ubuntu

no you dont , if there's a redirection it should just go , but for nc he would need another open port on his machine which is redirected from the ubuntu machine , omg it got complicated in my head LOL

AD Attacks and Enumeration Module is great for anyone interested. Windows Priv Esc will help. Pivoting knowledge needs to be up to scratch.

how about we make a learning session on voice call if yall have time for that

I will see the following sections. Hopefully it works.

you are absolutely right but there's a module for pivoting which is less intimidating i guess.

@fierce pond That would be great 👍

Hands down one of the best modules on HTB

I knew enough about it before the AD assessment, not done the module but think if you've not learned to do it youi'll hit a hard wall in the assessment.

I hope there is no fowarding port on the CPTS exam otherwise I'm in trouble

its not that hard

good to know , i will def hop on that after the pivoting section , i need it anyway for the OSCP , i failed big time because of AD

I think the hardest thing to do with pivoting imo is just keeping track of all your shit.

Just use chisel for pivioting

its gold

practice will make the master . dont worry about it we will get to that level

Idk how people do this stuff with tmux/terminator or whatever.

Yeah im like 80% done with the pathway and plan on starting dante before the end of the year as my final prep for the exam

damn same thinking

got to take advantage of that 95 dollars off lol

Exactly !!

even if I dont get to it for a month im still saving 60 dollars

you will be saving the money either way so this is a good offer , specially i have time to do it because of the vacation

right

people were like what are you doing for the holiday and got crazy looks when I said im trying to finish this hacking course 😆

😂

When does the offer end? December 31?

same bro same !

yup

im sure theres quite a few people in this discord with the same idea

but we need to finish the pivoting and the ad section , i guess we can achieve that till 31

I loved that module

its kinda buggy though

yup i start to notice a sync of a schedule , we gonna have a good team for Dante !!

cracking Dante in 10 days

lol thats wishful thinking

I will be difficult with this tricky pivoting module lol

im expecting to get wrecked lol

@sinful falcon @placid quest imma be on VC lets finish this pivoting section

@fierce pond i have been stuck on skills assessment if u start that selection tell me i will be waiting ✋️ for u

what ya stuck on?

@pastel ginkgo on getting a reverse shell with msf

i started pivoting long time ago , i finished till netsh but im redoing it from Meterpreter tunneling

I dont think I as able to get that working, the vpn tunnel bandwith isn't large enough to get meterpeter working

I kinda got it working from pwnbox

@pastel ginkgo thanks let me try that

You can also make a windows build of chisel

For Web Attacks Mass Idor Enum, how did yall write the regix expression? As I couldn't figure out how to write it properly so I ended up || writing a script that did the curl request then I grep it to just the documents then just looked for the flag in my wall of text ||

are you using dehashed?

My phone locked how can I unnlock it without losing my data? It's Oppo a83 and I haven't used the phone today. I can't use whatsapp...payment apps etc...

Pllz mention me when u reply so tht i can a notification

Hi all, what type of decoder did you use to solve Brute Forcing Cookies

same

i use cyberchef

i'm stuck on the secoond answer

im using cyberchef

but probably i dont know how to use it correctly

This isn't the chat for that sort of thing but good luck

lol

ik but still...

I am doing Password Attacks -> Remote Passwords Attacks -> Network Services. I am not able to get the Winrm and SMB password... I am using the user and password list that are present at the resources tab of this module

Would someone be willing to provide me a nudge ?

@dim hound yes

Can I dm you? @placid quest

@dim hound yes

I need help!!! I am running Network Enumeration with Nmap Hard Lab and ||found the hidden port 50000.|| I have made several attempts but it is always filtered. Can anyone help me?

Its been a couple months since I last did that module, but are you changing where your ip is coming from?

theres 2 ways to get around that , changing source ip or source .... 🙂

This web attacks module be like, hope you know how to script in bash xD

fr ?

kinda, just a little you have to modify their scripts. although this one I just got to said write a script to change all users emails as an optional.

But that being said the bash module is a kinda ok intro into scripting

or you could chatgpt it out

i was waiting for someone to say that !! XD

chatgpt something is gonna be a new verb soon lol

i already used it to help me solve one modules assessment lol

i am not super familiar with php so I asked it to explain the code lol

yeah its cool , actually its good way to learn with chatgpt , it can answer questions u have instantly so you dont have to search google for the best answer , i kinda like it when it comes to that

though some people say it delivers false information , which i didnt encounter still

yup I had it write me a couple non related scripts to fix stuff already

I think it might be down atm though

im getting a 404 error

anyone do the live engagement from shells and payloadds recently

i had it once to explain me how routing tables function , i went with my curiosity till the kernel XD

Not super recently but I have notes for it

i need help with the priv eesc of host 3

check the cheat sheet

answer is there

BRUHHHH

never bothered to look there

thankss

I tried different types: ||IP address spoofing/Decoy IP, source port manipulation and MAC address spoofing||. the best result is|| with -sM --> 50000/tcp open|filtered ||

how many decoys are you using?

||-D RND:10||

try a source port , with some rate modifications

|| I think I used like 15 ||

but that should also be enough

for some reason the reverse shell doesnt want to connect

i am not sure where i am effing up

Hi there. For Module "Getting Started", section "Service Scanning" one needs to grab the version of whatever service is running on port 8080. However nmap doesn't seem to return that:

nmap -sV 10.129.248.35 -p8080
Starting Nmap 7.92 ( https://nmap.org ) at 2022-12-20 19:15 GMT
Nmap scan report for 10.129.248.35
Host is up (0.011s latency).

PORT     STATE SERVICE VERSION
8080/tcp open  http    Apache Tomcat

The hint also does not tell much more than running nmap with option -sV on the target IP

use another tag

with -sV

@vocal goblet

What do you mean with tag?

just like -sV

there are other tags

try using them

OK ill keep looking, thanks 🙂

dm me if you need help later

Hello

I need help

so turns out the version is literally what it says in the output of my command, I was looking for a version number 😅

correct

🙂

just ask

Is there a channel for discussing hacking

Or can i just ask for the help here

this is the academy channel

Where can i ask for help hacking smth

unless its not related to whitehat i would suggest you to not look around here

I just did that one last night, and tbh the answer or how to get to it is given to you, hint: return to the IDS page and read carefully. As a note, if you do not get the flag, that happens sometimes, but you should be able to run it in pwnbox and get the results

It's not really blackhat or whitehat

I just need to talk to someone that has experience

Just ask your question. If this is the wrong channel for it ill direct you to the right place

Well this channel is for talking about Modules from HTB Academy so if its not about that please look in another channel

If you do not receive a flag, you may need to redownload your VPN key as well @heavy dome -- after redownloading and refreshing my VPN connection I got it in a jiffy with the right command

I need to talk to someone that has experience in breaking into devices

again, just ask the question

What type of device, or devices, you're being obtuse which is making it harder to provide an answer and to redirect

What does a hacker need to steal folders from a device

One does not simply "Steal files" from a device

Like an average hacker

you got hacked or something ?

IP, SSH key, Credentials, access

hashes

If only there was a course structure all about how to get information or something to help the man out

I have relatives that work in the ministry of education and they think that ppl can get into their devices and get the exam files

what module is this about? because youre posting in the modules channel which is for discussion about modules so surely you must be asking a module question and not being off topic?

Hmm. I wonder where you could find such a thing

lmao

i thought you wanted to do something illegal

+1

wrong server buddy

Sorry

It sounds like they need to hire someone to run a test, to perhaps see if their network can be penetrated somehow

go to reddit you will find your answers there

Ty guys sorry for interrupting

Not trying to be mean but if you want to steal files without someones permissin youre in the wrong place.

i've thake the flag...THX

well its possible if that's what you are asking

I'm not ty for ur help doe

I was watching like yeah he's setting him up for a ban 😂

haha lool

They youre asking if its possible for someone to steal files?

Yes it is

If they are worried as well, they need to raise it to the relevant leadership so they can do the paperwork required to get a contract from a qualified pen tester.

if youre concerned for a buisness then they likely need a pentest

I mean like they don't know how much information they can put out

also i would suggest them to not store exam files unencrypted tell them to pssword protect all the files next time with a difficult password

There is a reason there are people that get paid for this

Like an ip adress can be grabbed from a home line number

^

Didn't think of that ig it's the right thing to do

I mean that's just a bandaid solution

I'll try to hire someone

No

failsafe

AND PLEASEE do not store the passwords to the files in the notes of the same phone @heavy ferry

You yourself cannot hire a pen tester on behalf of a company

you cant leagly hire someone to perform a pentest if you dont own the systems they will be testing

As stated only the relevant leadership for their team can hire someone

They are old so I'll do everything for them

good

They are my relatives i have permission

Ty guys

we actually need an off topic channel for sruff like this hmmm

No... No you don't

Just because they're your relatives does not mean shit

They asked me for it lmao

why so livid

Do you work directly for the department? As in, are you on the payroll?

I'm known as the tech guy in the family but I'm not really experienced in that topic

More like, do you write the pay checks lol

That too

I asked for help here because i don't really know what to do yk

that's the important thing for TUX !! XDXDXD

😂

DEAD !!

lol

Because penetration testing is a serious legal topic lol

And if you're going to hire someone, you HAVE to use the proper channels within the organization to do so.

And live in a shitty country we don't even have proper cyber security

Ahh yes i get that I thought you were pissed as he was working for his fam for free 😂

System

Like primal shit yk

So that's why I'm afraid too

Yes but there are still basic legality and ethics if there aren't strict laws.

I get it

Ty

At the end of the day, what youre looking for is a pentest. There is a lot of legal work that has to be done before any professional will perform said pentest. Now you know what youre looking for, so you can start looking into it

Or actually, if said company has never had a pentest done before youll probably want a vulnerability assesment instead

Tysm 🤍

np

Vuln assessment is definitely a lot less risky as well

Pentests are suually done after several vulnerability assments have been conducted and the results of those assesments have been acted upon

Yep

@graceful rampart vulnerability assessment and pentesting are different things

yes i know

hence why i said usually you dont do a pentest until after youve already done several vulnerability assements

Yes but you should probably know about vulnerabilities first, and mitigate risks prior to a pen test

The pen test is there to say 'hey there are still x y z flaws in the system'

A pentest is pointless if its going to find 100 critical vulnerabilites that are gonna overwhelm the buisness. Cuz once they get overwhelmed, aint none of em getting fixed

so you do several vulnerability assements first to find and fix a mojority of them before hand. Then you do a pentest and see whats left

sounds professional

Your mom is a professional

@graceful rampart Using nessus and finding some vulnerability that does not mean that all vulnerability are real some are not vulnerability that is why u need to reconnaissance first

again, I very much understand the difference between a pentest and a vulnerability assesment lmao

you know his mom ?

Hello

@rustic sage hei

@placid quest Any tips ? In h@cking

did you start in the Academy ?

@fierce pond thanks for ur help

I'm new here

@fierce pond i created my htb account 2 years ago

Now I'm just logged in

And i want to learn

on what , i need to help my self first lol , i need to finish the pivoting or at least finish till the skill assessment , so we can do that later

@fierce pond yeap

@rustic sage start on getting started

@placid quest

@rustic sage what

She's expensive

Oh, lord.. I promise you I've had enough ||ftp brute forcring||
I won't do it again after this ||Password Attacks easy lab||
1 billion tries, userlists, passwords, mutated, reversed, blablaed...
lead me to this point where I beg you for guidance in my path
or the next bruteforcing will be my lobotomy, followed by the
||cme ftp -u cus_mut_use -p cus_mut pass||... with a Intel3-no graphic card.
I'm crying out my soul to you right now..

LOL we talking money now !

If you're looking to do a specific specialty I would suggest going to http:://academy.hackthebox.com and starting there. Or if you wanna test it out there are a few getting started modules that give you a gentle guide into what to expect.

@fading quail anonymous login is enabled on ftp

Try to avoid giving direct answers as spoilers, but guiding to the right answer is usually more helpful

@fathom pendant I will try to improve on that thanks 😊

I tried that already >.< But I'll hard-try then 😛 Thanks!!

u remind me of the Try harder moto from OFFENSIVE SECURITY 😤

can someone help me or direct me to talk to someone about something related to VM and stuff like that ?

i notice that im facing a problem with the VM , and everytime its a different shit , sometimes its the NAT sometimes its the routing table , sometimes is VPN is there anyway you guys are getting along with this ?

are you all connecting to HTB behind a NAT ?

don't set your vm network adapter to nat

bridged.

and do you advice to get it bridged while im connecting to the Academy ? im not monitoring my network all the time im on HTB that's why nat was better choice for me

what do you mean?

im not monitoring my network all the time im on HTB that's why nat was better choice for me

this doesn't make sense?

well i mean we are connecting to a platform to learn how to pentest , but some will take another road and try to hack us instead just for fun , we are all sharing VPN and maybe the instances as well in some cases

anyway i will change it to bridge as you advice if that will solve the Issue !

It's highly unlikely. The kinds of people inclined to mess with your Kali VM don't have the ability to do so and the people with the ability have better things to do with their time.

unless your threat model is someone compromising your kali vm through the HTB VPN and escaping the VM into your host OS to install a bitcoin miner.

Hopefully!

that would be very unlikely but yeah i think i was just being paranoid

You'll be safe inside your VM :>

yeah i will totally ping you if that got hacked LOL

there is a pro lab channel you can go there and im sure they will help you

#prolabs-dante

Okay, for some reason i am not able to view the channel #prolabs-dante

How do i access it?

#welcome

Oh alright, thanks for the help!

Any module on HTB Academy with Fundamentals in the name is a really good place to start

Preferably do them all

Fundamentally insane

I like to compare learning hacking as researching eldritch truths so yes you need to be a little nuts.

I think in "Pass the Hash (PtH)" (https://academy.hackthebox.com/module/147/section/1638) there is a mistake in the example:

PS c:\tools\Invoke-TheHash> Import-Module .\Invoke-TheHash.psd1
PS c:\tools\Invoke-TheHash> Invoke-SMBExec -Target 172.16.1.10 -Domain inlanefreight.htb -Username julio -Hash 64F12CDDAA88057E06A81B54E73B949B -Command "net user mark Password123 /add && net localgroup administrators mark /add" -Verbose

The Import-Module here seems like it should be on Invoke-SMBExec instead. Otherwise the second command won't execute properly.

#858470491676737536

Could I have some help on the AD skills assessment 1?

I am pretty sure I know the way about how to do this, but I just need some clarification on a few things.

Been stuck on it for a while and would appreciate a nudge in the right direction

I don't think the tool I am supposed to use was touched on enough within the module.

How many threads did you use? It's taking forever to find the password.

I gotcha let me check my notes

Thank you my dude. 🙏 Always appreciate your help.

So for where you are I made a reverse shell because it was just easier to work with, although madF0x insisted he didnt need one and just was ok with that crappy webshell

for a hint || These accounts tend to have weak passwords because they are not intended as user accounts ||

Can i dm? I don't want to give spoilers

Sure

been having this same issue you find a solution? As soon as I login to the jason machine that has the flag I get this error before the desktop can load up so I cant read the flag.

Oh that one is buggy as fuck

I never got Proxifier to work

I used a different pivoting method to get the flag

its a common complaint

For Web Attacks - Blind Data Exfiltration, Was anyone able to get the automated tool to work? I got the flag the good old fashioned way but the tool dose not work for me.

Well, that sadly was unhelpfull...
But, remember, after abusing the drug and if it isn't working anymore, there always be a mythical creature around to help you

okay guess ill try another method I basically got to the final step but the rdp desktop bugs out before I can see the flag everytime lol

I never got that far, I got stuck trying to get a connection

I think the issue is due to bandwith limitations

There's a similar problem on getting meterpreter working on the 2nd pivot in that module. Has to be done from pwnbox to work. Over the vpn it shits the bed.

ok

actually got it to work ....not really but I managed to open and copy and paste the flag right before it could crash on me haha take that buggy module

lol there you go

Anybody doing the THM advent event?

Should I learn some SQL before I take SQL Injection Fundamentals or will that teach me what I need to know

your fine to just take the SQLi module...its for beginners

search again, the exploit is a txt file

The feeling when you finish a module you started working on at 10 this morning and finished 12 hours later

i have definitely been there...thought i was the only one

Bro, this file transfers module is like an encyclopedia lmao. Theres a transfer method for everything. Not that im complaining. 3 pages of different commands so far and theres still more 😆

File Transfer's are super important tho!!!

Agreed

And it's awesome how many methods they give

Always good to have something ti pull outta your back pocket for that one super obscure situation that you're inevitably gonna run into eventually

Loved how the module talked about evading detection

I completed CBBH modules today, looking forward for the exam

Good luck let us know how it was 🔥

Thanks man!

Good luck man

I recommend you having your notes ready for the exam

~~hey can anyone help?

Module:Login Brute Forcing
Section: Service Authentication Brute Forcing

it seems like my container isnt responding i restarted the container multiple times~~

solved

I'm a new student. How do I get started?

hello. I think there is a problem with metasploit - module section. Aim is finding an eternalromance exploit and get shell on target machine. I tried it on both vm and parrot instance. In both cases I ve got timed out error.

I had it, thanks

you want to get the shell on the 4444 port?

i am not sure but I think you have to change RPORT option

to te port you want and later being listening on thag port with nc

can someone melt this guys router if i give you guys his ip address? stupid request, but he be creeping on girls on snap and I wanted to do a good deed lol

no

i respect your decision

@frozen socketno on 445 , 4444 lport for listening

the RPORT should be the same as the one on listening because

it is supposed to be open and ready to inject

and later you should have in your machine nc waiting on listening mode on that port

the RPORT is the receiving port iirc

not to familiar with the msfconsole stuff but that rings a bell on it

This isn't the type of server for black/greyhat requests :)

@frozen socketwell no worries. I tried at that in instance

here you go

my apologies, butttt if you have a server for that, plz provide @fathom pendant

you shouldn't change rport for this exploit. 445 is default smb port
and lower ports are reserved. for listening port you shoud probably use a higher port

@tepid thicketyepp I used 4444

I do not, this server is for learning/using the http://academy.hackthebox.com and https://www.hackthebox.com; and in the rules it's strictly prohibited against distributing blackhat services :)

4. Keep it legal.
Do not request, suggest, perform, promote or in other way or shape discuss illegal activities. We respect and follow the Discord ToS as well as the HackTheBox ToS, and do not hesitate escalating matters appropriately, if we deem it necessary. If in doubt, ask a Community Administrator before posting or don’t post it at all.```

I know that is confusing questions but did you found the commands to get sid of the last two questions you are talking about.
these are the ones I found that gives correct sid.
||getting sid of user:- wmic useraccount get name,sid or whoami /user
getting sid of group:- wmic group get name,sid||

The reason for win10 is most likely because a lot of corporate infrastructure still uses 10 and windows 11 isn't standard in corporations :)

getting to the end of the AD enumeration module, this thing is -dense-

It's really good. The assessments are kinda fun.

No. 2 was like a mini htb box.

good to know, im trying to finish it off before i fly out for vacation thursday lol

running out of time

You'll do the assessments quickly but just absorbing and taking notes for each section takes time haha

its like brainstorming

can you use the golden ticket with secretsdump to get a specific users hash?

nvm, got it

ok the smb module is super buggy x-x i had to try the access command like 5 times before it let me do the thing

These boxes often take a while to boot properly. I always go straight to launching the box then to the top of page to read.

Nah even after it was loaded for a minute I'd still get the nt timeout message lol

What are you guys studying

Penetration testing :)

Nice

How long have u been in this field

N00b time lol but tbh the modules are super simple to learn from

Super digestable

I'm new to cyber security and I'm struggling to choose the path

Well are you interested in finding bugs in programs, or sniffing and poking into networks is the first question

Yes

I'm stuck to choose the path and I hope I can get an idea where to go

Just dabble in everything, you'll find something that fits.

^you can take a look at the general skill paths

Or the wider look at the career paths

Right now I'm working on a pre-security certificate from try hack me

TryHackMe might be better for you for a brief overview. They have a bit better step by step for Blue / Red team beginners.

What's the difference between blue and red team

Offensive / Defensive security.

Aight

Red is offensive

Blue is defensive

It needn't be so black and white really, but when people refer to red team they refer to pen testing generally.

^

Thank you for the information

Blue team refers to ethical hacker

Both are ethical

Oh I see

Penetration testing isn't necessarily an unethical thing. The goal of pen testing is just that, testing

I think I'll just get the basic knowledge from tryhack me then I should come to hack the box

You are testing within the scope defined by a contract,

What do you say

Perfect

Up to you man :)

Appreciate it

What stuff are you doing on hackthebox

Are u a student

https://academy.hackthebox.com/module/details/77

I'm a student :)

Thanks for the link

I am a math tutor

Can somebody nudge me with the blacklist filter of FILE UPLOAD ATTACKS?

DM me

hello, in this latest module MacOS Fundamentals https://academy.hackthebox.com/module/157/section/1522 how do i suppose to access MacOS desktop enviroment?
Like in Windows fundamental module there was remote rdp based windows desktop access I dont seem to find any similar to way to access macOS desktop here.

Hello, you can only do the module if you have macOS or you have a VM with macOS.

exactly where are you stuck?

I got it ow thank you now trying to get Type Filters done! Thank you!

well that make sense but i need to ask based on the fact that not many people have a mac is there any plan on adding something like a mac instance or like a section on showing how to make a mac VM?

np

Having a mac instance is not very of a big importance for now as there is not much modules for it. This is my point of view.
An article for setting a macOS on VM would be a good idea.

Trying to connect to the machine on Password Attacks / Pass the Ticket (PtT) from Windows, with RDP and I get the following:

Can anyone help with this?

In the broken authentication module > predictable reset tokens section. I'm struggling to grasp what's being conveyed. The information just seems all over the place. I get that mt_rand() isn't like secure, but I don't understand what I'm supposed to do with my python script or if I'm even supposed to use it? The question says use the one from the open meeting example, but one link is just a whole php script that doesn't work (I tried serving it up on Apache locally and I get a page but it's wonky) and the other is the python reset token script. Then there's the two POC's.
Am I trying to actually get the flag with that python script or do I need to do something else? Do I need to modify the script beyond just the username? And current date (in milliseconds)? and do I need to change 'from hashlib import md5' to something different?

Yeahhh, it happened me as well... try reseting both the pawnbox and the target...

or try it from your own VM

🦐 prawnbox

I'm trying this from my own VM

I'm reaching the machine..

now try xfreerdp...

or gnome boxes...

👌

I think it's failing because the password? encase in ''

'P@ssw0rd' etc

single quotes

'

Worked. Thank you. But why it required ' here? Cause of special characters on password? If it was abc it wouldn't require ', right?

the double quotes mean it'll still try to interpret the $ etc

so if you did 0xhai = 1337

echo "$ohai" would output 1337

and echo '$ohai' would out put $ohai

0xhai you know what i mean

yesss, perfect, thank you!

👌

So single quotes for your passwords basically xD

hi

why i can't see gc in this server 😔

read #welcome and verify your account

Thank you 😊

hi hi

can smeone help me with pivoting tunneling and port forwarding skill assessment?

https://academy.hackthebox.com/module/80/section/837

can anyone help me to use the script they have provided?

Broken Authentication > Weak Bruteforce Protections

the script is from previous section

@rustic sage where are u stuck maybe we can help each other

dm?

@rustic sage ok

Hey there, I was wondering if anyone can help me with the getting started, service scanning module, I am getting the following error: error NT_STATUS_NOT_FOUND when connecting to the target with the following command: smbclient -U bob ////{IP_ADRESS}//users

I should add that I am able to see the shares. I just can't seem to log in with the provided user credentials

it'll be backslashes

smbclient is one of those stupid syntaxes i always get wrong first try.

Omg, I feel so stupid XD Thanks a ton xd

Can anyone help me out on the pivot & tunnelling assessment?

fyi https://wadcoms.github.io is a good website for windows-esque syntax

I will have a look at that, thanks again

because i'll be damned if i can remember the slight dlffereinces with each impacket syntax /o\

Yeh, I have that problem myself >.<

Can someone help with Type Filters, I had the php file firing up and reflecting but then my pwnbox died. I treid to redo it but now it is just showing me the code when im trying to get the hello world reflecting.

Windows Privilege Escalation Skills Assessment - Part I, i got a reverse shell on the box but somehow powershell doesn't let me download Juicypotato.exe with either curl or wget. Any idea?

@rustic sage what about Invoke-WebRequest

What happens when you try? Error message?

there was an error message as well

@rustic sage did u use powershell

yes

What does the error message say?

@red obsidian Who can I contact for an issue on one of the academy modules? I do not need help with a module but is more in line with a bug.

Anyone nudge for:
FILE UPLOAD ATTACKS
Module: Typer Filter

Did anyone in the password attacks module/password mutation section attack ftp instead of ssh when try to brute the user 'sam'?

Anyone for quick question on login brute forcing module ?

Update: Ok so ftp is faster to attack than ssh. Why didn't they just get us to attack ftp in the module..

Need help to make a bypass system for subway tickets with an NFC card

Any assistance?

Your question doesn't seem to be related to a Module on the HTB Academy and at first glance appears illegal. You're not going to find any help here is you're not asking for help with educational content held on the HTB Academy.

Hello world, SOCKS5 Tunneling with Chisel module, I have this error on ubuntu server

Are you sure that you have downloaded the binary for your architecture ?

I just followed the steps for moment : https://academy.hackthebox.com/module/158/section/1437

im not going to use it for anything i just want to see if it can actually be done bc if i use the card i can go in jail bc im going to be commiting forgery

@frozen socket you may be able to get sensitive info from auxiliary one Backup might contain credentials

You would need a device like proxmark3 and get familiar with various nfc systems

ah thanks man

much appreciated

It’s pretty cool tbh

I can get cheap ones off Amazon that read and write but none hold a candle to proxmark3

i mean i need to see if someone can do it bc then i can get it to my gov and tell them that this can happen so they can reinforce their system

And you likely will need “magic” UID cards

nah i can just jump the fence

True lol but it’s an area worth exploring

hacking in general and programming is something worth exploring

i would like to get in that endless rabbit hole

There are a lot of phsyical access controls that can be bypassed with proxmark3 far more than you realize most likely

idk how to do any of this

furthest ive gone is arduino XD

Anyone nudge for:
FILE UPLOAD ATTACKS
Module: Typer Filter

Everyone starts off knowing nothing 🙂

:D

Even the best of the best

or like the furthest i might have gone is put windows 10 or do some weird things on linux

but i would enjoy starting to learn

Anyone nudge for:
FILE UPLOAD ATTACKS
Module: Type Filter
Thnx in advance! I had it but since my pwnbox died I can not recreate the thing without failing..

Anyone here finish ACTIVE DIRECTORY ENUMERATION & ATTACKS Skills Assessment 1? I am stuck on the last 2 questions?

Hello I am struggling with FOOTPRINTING LAB (EASY). Any help greatly appreciated.

I have connected to the ftp server on both the standard and non-standard port. I had to use the hint... but when there I cannot even list the contents of the directory. I see this:

What were the questions again?

It won't let me review the questions on mobile 😂

Oh ya

I'm trying to think of a way to give a nudge without a spoiler. Have you enumerated what things the user you've got is able to do?

I am working on the following module: https://academy.hackthebox.com/module/20/section/134. I identified the hash; ||Drupal 7|| but the answer is wrong?

Someone knows how to report issue with the target server in a module?
Module: Windows Privilege Escalation
Section: SeImpersonate and SeAssignPrimaryToken
The question ask to execute priv escalation but the user does not have SeImpersonate privilege.

check out #858470491676737536

Just reset the box? Tho I'm sure it's fine I did it recently.

I reset the box 2 times already, disconnected from the VPN, connected again, spun-up the box again. Same issue.

I connected to the box using "htb-student" and ran cmd as sql_dev. But the user does not have the tokens privileges.

iirc thats not an issue. If you remember in the module, it said youll only see the SeImpersonate privilege when you do whoami /priv if your process is running as an administrator

Also, someone call me stupdi but where exactly is the vrowser in the shells and payloads skills assement vm? I could very well just be blind but I dont see any bropwsers installed

Am i just dumb?

I don't think so @graceful rampart . From my understanding, the token should be listed as disabled when the user has the token privilege.

If you arent running in a high integrity shell there are certain privileges you wont see even if theyre already enabled

SeImpersonate is one of them

iirc you get GUI access for that one right? Just run cmd or powershell as administrator

it should be there

No, I didn't. The sql_dev account is not in the Remote Desktop group, this is the first issue with the box.

ohhh, right. I just looked back at my notes sorry

As workaround, I connected using htb-student and then executed cmd as sql_dev user.

well thats youre issue likely lol

iirc youre supposed to connect usiong mssqlclient like they do in the example

you can pretty much just copy commands directly from the example for most of it

but I don't see the tokens and I also tried to execute JuicyPotato, RoguePotato and PrintSpoofer.exe - non of them worked

Can you show me the output when you run whoami /priv?

humm ok, I didn't try to get access through mysqlclient... I thought we had to RDP to the server

thanks for the tip, let me try that

mssqlclient not mysql

big difference

but yea, just follow what they do in the example

Anyone nudge for:
FILE UPLOAD ATTACKS
Module: Type Filter
Thnx in advance! I had it but since my pwnbox died I can not recreate the thing without failing..

worked fine man! Thank you!
what a shame for me! Sorry to waste your time with that!

all good

Anyone able to help with the SID question on the Window's Security lesson?

Someone please tell me i dont have to use this god awful browser

ok, so I can run firefox from the commandline, but not from anywhere else on the system

fml

How can I check which 3rd party security app is disabled at startup?

Anyone nudge for:
FILE UPLOAD ATTACKS
Module: Type Filter
Thnx in advance! I had it but since my pwnbox died I can not recreate the thing without failing.. Thnx in advance

Oussama Ben Laden is the goat

Anyone available to help? I used Get-MpComputerStatus but everything appears to be enabled

I have this in my general notes but I've never done the moduel you're doing Get-CimInstance -Namespace root/SecurityCenter2 -Classname AntiVirusProduct

Only thing it's showing is Windows Defender

Oh idk. I've not done th emodule. 3rd party implies not defender.

Is there any way I can look up help or get in contact with someone that could help? Been getting stuck numerous times and ability to get help appears to be limited

If you're getting stuck a lot then you need to spend more time parsing the information / taking notes to be honest. the answers are generally in the text above. There's here and the forum but nothing in the questions hasn't been answered in the section already.

I have to say the Academy pwnboxes are not stable as well. Still figuring out why my command worked before and now it does not..

i don't understand the pwnbox. they run like shit for me - surely a vm will be better performance for anyone?

or even boot kali off a usb

Ya true but sometimes its just easier to do stuff on my dual screen setup from browser

but ya still, you pay for it.. why isnt it just stable..

Also target resetting is more like reset 8x before the target works again

Sometimes they're buggy

Also if you're having issues with targets sometimes you need to refresh your VPN/VPN key

heh?

pwnbox is not using vpn

It is

Just in the background

no as you just use a browser

I am using both pwnbox does not require you to set up vpn

You don't need to set up VPN... Because it's already on it

pwnbox is casting a VM from HTB to your browser

VPN is only for your own attack box to connect to htb servers what are you talking about?

open the htb site, top right is your connection through vpn. Now disconnect your attack box vpn and start pwnbox, that status box will stay red and disconnected

Looking some help for the Pivoting, Tunneling, and Port Forwarding skills assessment. I'm on the 2nd box but when I try to do a reverse port forward from the 2nd box to my attack host via the 1st box, I can't get a connection. I've tried all the options outlined in the module. Breaking it down to see where it's not working, I started a python web server on my attacker box and used a ssh -R tunnel to the 1st pivot box but it's opening the listener on it on 127.0.0.1 so it won't accept connections. The I've tried a MSF reverse tunnel and I can see the port listening on the 1st pivot box on 0.0.0.0, and when I try to make a connection from the 2nd pivot box it establishes with the 1st pivot but the connection doesn't get established from the 1st box to my attack machine. Any ideas?

yes thats cuz the pwnbox has its own vpn connection

Hahahaha oki so how do I reset the vpn of pwnbox?

^

Switch the VPN server

oki nvrmnd

talking to a wall here

Bro, Ive done 4 modules in the past day and a half. If I continue at this pace ill be done with CPTS by the end of next week 😆

lol hes just trying to help you. Considering you asked for help theres no need to be rude about it

congratz

I am just saying

What you are showing is for your personal computer vpn connection

Has nothing to do with the pwnbox

Brother

Read the text

Warning: Each time you "Switch", your connection keys are regenerated and you must re-download your VPN connection file.

All VM instances associated with the old VPN Server will be terminated when switching to a new VPN server.
Existing PwnBox instances will automatically switch to the new VPN server.

Yes. You download that file and use it to connect. But when you switch servers, the config is changed. This forces the pwnbox to reset its connection to the vpn

I understand that I need it for my own comp to connect to academy vpn

Pwn box generates a attack vm for me to attack on plus the module requires me to click another thing to spwan a target

Ok

spawn*

Let's break this down

Everytime I Start an instance a new VM will be generated

PWNbox generates a new instance VM every time I click Start Instance. Connected to their servers yes but not through my openvpn file

nvrmnd, I dont want to discuss I want to progress

All is good

Was anyone able to get the Eyewitness.py to work in the Attacking Common Applications Module?

it just spits out a massive error for me

whats the error?

its massive but it looks to be an issue with firefox

can you dm me the error

I ran an apt update / upgrade but nada

It still connects through the VPN tunnel, that's how it's able to actually connect to the local labs, because the actual local test labs are on an internal network, not connected to the outside world. The VPN tunnel connects us to an interim access point which we use to explore those labs/modules... So yes the VPN is the exact same. The only difference is, the VPN is connected in the background on pwnbox instead of manually on your own system/VM... There is no way to access the (non public) IPs without the VPN so changing servers resets and refreshes that connection

While it generates a new instance it's still using the same VPN key

Oki you win

Thank you for all the effort

Didnt wanna keep you from your projects srry for wasting your time

Phone support job so I got time. not on my personal system ATM to assist with directly doing anything. But yeah if you are having difficulties with a specific module: best practices:
Be specific with your ask:
Provide screenshots:
If it's going to be a spoiler try to avoid it:
Ask yourself what you do know about the attack you are performing, what did the module teach you so far

Sometimes the answer is in plain text in the module

Aka the steps they show you are EXACTLY what they want you to do :)

Also with pwnbox I recommend opening it up in Fullscreen instead of the tiny window they give you

Nah my frustration is that I had the script reflecting what I needed then pwnbox died, so all my work gone. I have my notes so I retried from my own attack box but now the same comman does not worj

Supeerrrr annoying

What module are you on?

FILE UPLOAD ATTACKS: Type Filters

The rest Ive completed

just that one before i can do skill assessment

Sometimes the error you get can help determine if you need to regen your VPN key

I've had it where I copied the attack onto pwnbox and it worked so I just redownload my ovpn key

Oki ill try tomorrow

Thank you tho

I wish you luck !

Anyone online for a question at skill assessment at password attacks?

Sorry haven't done that one

can I pm you regarding that matter?

if i have a password encoded as a hash, what tool would i use to crack it?

John the Ripper or Hashcat

dm

thanks, i'll try it

I'm on a budget recently and have to get rid of Pwnbox... is VirtualBox working for macOS again? I have an M1 chip

I'd also kinda like to have a VM again instead of doing everything in the browser

You should not use a pentest distro as a daily driver.

anyone use macOS what do you do?

I want to use macOS as my main OS

and have VMs

What's the problem you're running into with virtualbox?

is parrot as mainOS better than Kali?

I was told it doesn't work on M1 macs

or apple silicon in general

does it work on M1 macs?

people always said it didn't work

thats is why I've been using Pwnbox

I don't know much about mac. Is it ARM or something?

it says it mainly uses the ARM architecture yeah

Apple silicon is a series of system on a chip (SoC) and system in a package (SiP) processors designed by Apple Inc., mainly using the ARM architecture.

https://www.macworld.com/article/668848/best-virtual-machine-software-for-mac-2022.html

Checkout VMware fusions or parallels @rustic sage

Pwnbox sucks it should be called painbox cuz it b a pita

Ah yeah, pretty sure virtualbox would not work. I don't know if there's any other alternative that can run an x86 VM.

If you need license code just search for them online

VMware Fusion doesn't currently support M1 macs @rustic sage

Doesn't kali have an ARM version, though?

What about parallels

haven't heard too much about Parallels I'll do some research

https://www.kali.org/get-kali/#kali-arm

On the Attacking Common Apps - Worpress enum, where in the hell is this mysterious 3rd plugin. Everything ive found isnt the answer and ive found a few plugins.

Parallels looks interesting! I'll try that thanks @rustic sage

No problem

VBox is fine

VirtualBox works for Mac M1?!

Can someone explain the "Passwd, Shadow & Opasswd" objective? I SSH in with the username and password from the previous section and then I'm assuming I've got to do something with /etc/shadow. The probablem is that I have no access to this file at all

Have u tried ca /etc/passwd

Cat*

https://osxdaily.com/2022/10/22/you-can-now-run-virtualbox-on-apple-silicon-m1-m2/#:~:text=Mac VirtualBox users will be,including the M1 and M2. Looks like it's a preview/test build available

I believe passwd is accessible by all users as it’s needed for certain things

Yup, I can see the /etc/passwd

So typically you’d take a list of all those users and use that data for password attacks. Shadow contains password hashes and is protected

In general

I wish I could help more but can’t acces htb or my notes atm

The list I’m referring to is from passwd

Apparently from doing searches, I see people can access the shadow file, but I don't understand how

Need to elevate permissions.

Or change permissions on shadow but that typically requires elevated perms anyways

So u need to get access to a higher user or one with proper permissions. The passwd file can help you do that

To access shadow all you’d do is cat /etc/shadow with right user/perms

Yup, that's the strange thing, everyone who seems to have solved it, just goes straight for the shadow hash and cracks it

Copy the entire question you’re trying to solve into here

Do a ls -lah on shadow

-rw-r----- 1 root shadow 1.7K Feb 9 2022 /etc/shadow

" Examine the target using the credentials from the user Will and find out the password of the "root" user. Then, submit the password as the answer"

Hmm looks like users can read the file try audio

sudo cat /etc/shadow

Actually I think it shows people in group shadow can read it my b

Will isn't in the sudoers file

Try doing sudo -l and see if you can run any programs with no password

Sorry, user will may not run sudo on nix01.

nervermind I found a hidden folder in will's homedirectory called backups with the shadow file in there

Nice there ya go always enumerate dies

for that you'll need to find Passwd, Shadow & ( not Opasswd) backup file and crack those file

HTB is just evil

Lol

It’s truuu