The subscription isn't super needed, but i go with silver so I can do all of the modules in good time

I didn't buy the sub, I just flat out bought the cubes still worth it

¯_(ツ)_/¯

Yeah, this works also best for me. 200 cubes more than enough for 30 days

yeah, it's different for everyone

i have no life so

: D

so i was only able to found a fix for the perl version of this tool so first run sudo apt-get install libcompress-raw-lzma-perl -y and use the perl version of 7z2john at /usr/share/john/7z2john.pl

parfait

merci

Can I DM @vital adder ?

sure

You don't need that. For the win SCP, just turn logs on and mark the checkbox to log credentials, than start the connection and you are good to go

Hi everybody. I am doing "Public exploits" in the "Getting started" module. I nmaped IP and I got 2 open ports, 1 with apache 2.4.41 running on it. And second with Node.js. Where I am supposed to search for exploit. In "searchsploit" or "msfconsole"? I tried both and didn't find anything for apache 2.4.41 nor Node.js (Node.js is broad thing to search)?

Well, what is Apache?

server?

More importantly what type of server?

web server

Mhm so maybe there's more to explore

it says Apache httpd 2.4.41 ((Ubuntu))

okay, Ill try

Sometimes you need more than the terminal

What has the module shown you, so far

Google 😄

Don't need google really

If it's a web server what other way can you see that IP?

One more question, if CVE says that it has impact on 2.4-2.4.51 does that mean it includes 2.4.41 also?

pf, idk to be honest

What is port 80?

Oh

I opened it on Firefox

Simple Backup Plugin 2.7.10 for WordPress

Have fun from there

Thank you mate a lot! 😄

Also if you're doing the msfconsole don't forget to Show Options so you can see what you need to set

just look and see what can be done :)

Sorry for bothering. By using Wordpress Simple Backup Plugin exploit, I found these:

root0:0:root:/root:/bin/bash
daemon1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin2:2:bin:/bin:/usr/sbin/nologin
sys3:3:sys:/dev:/usr/sbin/nologin
sync4:65534:sync:/bin:/bin/sync
games5:60:games:/usr/games:/usr/sbin/nologin
man6:12/var/cache/man:/usr/sbin/nologin
lp7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail8:8:mail:/var/mail:/usr/sbin/nologin
news9:9:news:/var/spool/news:/usr/sbin/nologin
uucp10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy13:13:proxy:/bin:/usr/sbin/nologin
www-data33:33:www-data:/var/www:/usr/sbin/nologin
backup34:34:backup:/var/backups:/usr/sbin/nologin
list38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt100:65534::/nonexistent:/usr/sbin/nologin
mysql101:102:MySQL Server,,,:/nonexistent:/bin/false
systemd-timesync102:103:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
systemd-network103:105:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve104:106:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus105:107::/nonexistent:/usr/sbin/nologin
sshd106:65534::/run/sshd:/usr/sbin/nologin

I am not sure what I could do with these?

DM me

hey guys, I have a question about a module, is any1 here able to answer this? : on Linux fundamentals module - working with web services.

Why is the document saying about curl tool, wget, if the question is actually how to start a http web server on 8080, but the lecture is not teaching you to do that or mentioning the command

It worked thanks

Hi, I'm struggling with Footprinting (medium). I have found the sa credentials but it will not work for the SQL server. I've tried sa, admin and administrator for the the "login" field.

Which box is that ?

It's the Footprinting (medium) Lab.

Are you passing the password via command line flags?

No. I'm using Remmina to access the windows machine of Alex and then using the GUI Microsoft SQL studio thing, which is where I cannot log in

Enumerate the ||accounts|| database

up

sorry if I'm asking stupid Q, i'm new here

Did the module talk about starting a web server?

In the fisrt paragraph yes. Working with web services it's called.

is the module kind of trying to make you search for an information that they have not provided to actually make you grow the skill of searching the information on the web? or is something else that I am not paying attention to?

The module should tell you what you need to know; it might not be in that same page sometimes but it's usually within the module

Thank you. I think I might be missing something, how would I enumerate the accounts database without being able to access the SQL service?

thank you!

Hint: you may need to look up the service they are referring to; found the answer within a few seconds - I can dm you the page that specifically talks about how to use it

just dm you

also curl and wget is for retrieving info from a site

For the AD Domain Trusts - Child -> Parent Trusts - from Linux module: How do I get the NT Hash for bross?

huh,,,
not sure where to go from here

Only got this issue in pwnbox

You can. Think about some of the ways you can use a password

What if someone shared it.... or it's reused from somewhere else..

Reset my VPN, seems to be working now

how relevant is the job role path of htb wrt OSCP?

There's a list of HTB boxes similar to OSCP. @lament tartan did a video just recently where he implies CPTS is harder.

"every windows box has an administrator account" haha! Thank you

Or at least that's what I take from it. I don't mean to put words in their mouth.

https://youtu.be/UN5fTQtlKCc

From what I've heard CPTS is harder than OSCP. There are some things like binary exploitation that OSCP has which CPTS does not but not anything major. The very big difference between the two is that OSCP feels very very ctf like where as CPTS is designed to feel like a realistic environment

what should be the order in your opinion i am an undergrad student currently doing the job role path as a foundation before purchasing oscp subscription or should i go for cpts

i am not working only studying

Depends. They will both provide two very different things. CPTS will provide you with a very very solid knowledge base and if you really internalize everything you learn from it you'll pretty much be ready to start working in the field. OSCP on the other hand is very expensive, but the really big benifit is that it's basically an HR bypass. Once you have OSCP on your LinkedIn profile you'll have recruiters messaging you.

In my personal opinion I'd go for CPTS first and then OSCP. If you can pass CPTS then assuming you study the few things OSCP has that CPTS does not, you should be able to pass OSCP

But again, it all depends on what you can afford

Thanks for the opinion @graceful rampart

Np

I was about to give up on the ipmi module then I remembered that there's more than one way to rip a hash :D

Lmao

Nice

the module talks specifically about using hashcat but it kept erroring on me

Oh I used hashcat when I did it. But I have hashcat installed on my main machine

It bugs out running in a vm

ah

that's probably what it was then

because running it through the other, worked fine

I also have a pretty powerful gpu that I use for cracking and my vm dosent have access to it

checking if it happens in pwnbox

Even if it does work I wouldn't reccomend doing your password cracking in a VM

Your host machine will almost always be faster if you have a half decent GPU

fair

and since it's not connected to anything; no harm in having it installed

Could you not also pass through a GPU to a VM?

You can but it can be finicky

Why bother?

Cracking hashes is done completely offline. Just copy paste hashes lol

Haha I think my OCD would just like everything in one place but I do see your point.

A lot of people have an entirely separate rig for cracking

Like, their own hardware! That's pretty cool. I've heard people spin up a VPS with beefy GPU's

Yea. People do that too

Hi, I'm looking for help to solve the "Mass IDOR Enumeration" section of the "webattack" module. Do you know where I can discuss this issue?

Usually individuals that just need it for some moments go the VPS route, but any serious company will have their own dedicated rig just cause its more cost effective for the kind if volumes theyre doing.

You can ask here you just need to include the issue you're facing. You'll generally be guided to the right answer.

hello i'm new to htb and don't have a clue how to code or anything i'm young but very interested and was wondering if anyone is able to point me in a good direction

Any of the basics modules are a good place to start on the academy site, they teach you basics

thanks @fathom pendant i appreciate the advice

It's always a good idea to start from the roots and go up then get to a module and not be sure how to proceed

im intrested in software programming and malware prevention any specific modules

Depends on the coding language tbh

c++/html/linux

You can search and see if there's modules that teach you how to break those, html and Linux are very... Broad

i found a module caled tier 0 im going to have a go with it and let the path pave itself

Hi all,
I need help with Password Attacks Module - Credentials Hunting in Linux in which:

• I got stuck with brute-forcing the Notes.zip using John. John does not seem to work.
  Thank you so much for your help!

Did you unzip?

The zip file requires password.
I used zip2john to get the hash file and then execute: john —wordlist=mut_password.txt hashzip. But it doesn’t seem to work

<@&861185840277487616>

in "PASSWORDS ATTACKS: Pass the Ticket (PtT) from Linux" I got stuck with this question (see my screenshot). I used smbclient to download the flag.txt file and read the content of it with cat command. But when I try enter it as a answer it said: Incorret Answer. Anyone have a hint or clue ?

thanks

@thorn urchin can I send you a DM ?

not today, Im still doing Christmas

okey

Hey all I.am starting classes covering everything in the course for FREE. NOT giving away answers but will explain what you need to know to be successful. They’ll start around the 15th Jan if interested dm me. Once we get started I won’t be able to take on more people so if you’re interested Nows the time to dm me. Happy hacking and holidays 🙂

Or people can just ask for help like normal

what course?

I have began the password attacks module, what are the recommend files to use for users and passwords lists.

There are some options for usernames in /opt/useful/SecLists/Usernames/, but it really depends on the situation there. For a lot of boxes/CTF stuff, rockyou.txt is usually what is used if it's 'supposed' to be brute-forced. Many of the academy modules will provide you specific user/pass lists, for the purpose of the module.

Did not realize the resources existed got it thanks.

Network Enumeration with Nmap - Firewall and IDS/IPS Evasion - Medium Lab - having some trouble with this if anyone is available. I feel like I've tried just most of the things listed in the the lessons and still getting filtered for DNS and no further info

Any suggestions on where to learn rootkit and bootkit malware coding

books. amazon got lots of good books on the subject. Though its actually a very advanced topic. Mastery of C, C++, and C# languages and operating systems programming will be needed

thanks for the info, im on amazon right now and they do have lots of books, i also looked through pdfdrive and found lots of pdfs on it. It is pretty advanced stuff its all in the kernal from the things i have learned so far

I need guidance on the Network Services section of the Password Attacks modules, I have completed SSH and WinRM. I have credentials for smb and rdp, but I am unable to connect to rdp, and I am getting an access denied error which does not allow me to check the contents of the smb share.

might try again but use the pwn box. Think networking isssues between your own vm and lab can interefere

ok, let me try that

sometimes it happens, yeah

happens on TryHackMe as well

Would you be able to take a look at my problem?

Sure, DM me.

you can interact with smb using smbclient tool

I have, it's giving me an access denied error even though I'm enumerating the share.

I'm genuinely unsure why I'm receiving this error.

Hack

sounds like your not using the right credentials

you can dm me too if you want aobut that

same kind of errors on pwnbox if anyone is able to take a look to see if I'm on the right track

might want to try turning on the -v verbose switch or even -vv on while scanning. Think the flag you need could pop up in the enhanced log output.

try -d 3 with smbclient as well to find a reason for the failure

Solution solved, thanks for help.

I'm getting mixed up who's asking what, my bad

Can I dm screenshots?

i remember one of the nmap assessments needing to grab the version using a different tool: hint

ya been a while since ive done that module and my note taking game at that time was non existent. Trying to remember just off the top of my head how I did that

but i don't remember everything

oh so it could potentially need to be a totally separate tool outside of nmap?

I imagine I could find a metasploit module or something

you could use nmap but the reason it's not working is very meta/ not intuitive

no

it's a lot more basic then that

it's literally one sentence in the entire module.

and it alluded me for months because they never strongly touch on it

I don't remember which one it was So don't rely on what I'm saying

I don't even know why I'm mentioning it. I don't fully remember

-sA ack scans also have better chance of getting through firewalls too

can also try spoofing the i.p to being one internal to the firewall with an ack scan

they don't strongly teach about timeouts, or why they're used

But when I spoof to an IP in the same range and point to the tunnel is says it doesn't have a route. I add the route, no change

hmm not sure actually trying the lab now again myself

nvm I got it

thanks everyone

I got it too can you dm your command? going to write it down this time

I could use a nudge in the Footprinting Medium Lab; having a hard time finding an entry point i believe some people were saying xfreerdp was being buggy is there another service that may be helpful in this case?

nevermind I didn't see the ports

What time zone are you in? When do you sleep? 😂

CST, I sleep whenever it happens LOL

Hehe. You're flying through the modules.

meh

some of the network stuff was self explanatory in this module (aside from being a pain

so some of my notes are light af

Tfw right when I give up (system was being slow) I realized what I need to do next

i can`t login beef

please someone help me in this error

beef_over_wan_login_not_working

hey guys happy christmas for everyone.

on the Shells & Payload module section Reverse Shell, have you guys tried to execute the || PowerShell command in Windows after rdp in order to set connection with nc in the attacking machine|| it is not working for me even if try with different ports

I mean in the end with the rdp connection ||you can run in cmd hostname and you get the flag but without settling|| the reverse shell which is what i want to do obviously

Module name: Password Attacks

Section name: Attacking lsass

#Question: Apply the concepts taught in this section to obtain the password to the Vendor user account on the target. Submit the clear-text password as the answer. (Format: Case sensitive)

PYPYKATZ is not working its crashes midway

also when you ||rdp into the target machine you get the host-name|| if anyone can help would appreciate

thanks!

any help would be appreciated

run the given powershell command on cmd 🤣

use crackmapexec or metasploit with a nt authority system shell

not in powershell oh gosh 😅

let me try

hey anyone would be able to help me recover my old gmails account i understand this is not a hacking service but my account got hack and it would mean a lot if i could get it back cause i had some family emails in there thats really personal sorry to bother

excellent thanks a lot @vital adder

Google support. Not this discord.

i understand i have tried but it doesn't work

so pypykat i snot working

?

i tried crackmap exec with local auth but its not wroking

beef-xss login not working on wide area WAN

can someone solve this problem

Who else has the same issue?

@dim hound why -debug

Since I want to see, what is going wrong

The server transfers data on ssl if mssqlclient had option -k to switch off ssl it would be ok

try without the -windows-auth tag if that doesn't work just use sqsh

if you don't have that tool pre-install and can't install it from apt-get use

sudo bash -c 'echo "deb http://ftp.de.debian.org/debian buster main" >> /etc/apt/sources.list';sudo apt-get update;sudo apt-get install sqsh -y

That doesn't work, I will try with sqsh

I have arch 😀 so that won't work haah

oh yea i forgot about that

Thanks, Basically, I have made the following script that they suggest, modifying the ip and the documents route, but when I execute it, I do not get any results. I have also tried to do Fuzzing but I have not achieved anything.

#!/bin/bash

url="http://SERVER_IP:PORT"

for i in {1..10}; do
for link in $(curl -s "$url/documents.php?uid=$i" | grep -oP "/documents.*?.pdf"); do
wget -q $url/$link
done
done

hello i am wondering if linux fundamentals is a good starting course to learn the basics i have no previous knowledge of coding

What is the plugin ID of the highest criticality vulnerability for the Windows authenticated scan? I stuck here please help me

start with all the fundamental modules. coding is not necessarily a pre-req to understand most of the content.

What is the plugin ID of the highest criticality vulnerability for the Windows authenticated scan? I stuck here please help me

I mean, it's not hard. If you actually read the module, you'd know. Start up the machine, connect to either nessus or openvas (whichever you're doing) and look at the windows authenticated scan

I have done it and I have filtered by family and by level of vulnerability but the IDs I put, are not

Okey fixed, I did a new scan and I detected another vulnerability that I had not detected before

Anyone for a small question on Pivoting's final skill assessment ?

What's wrong? Sorry, I haven't followed the whole conversation but I have been able to solve it so could you recap your issue?

rule break??

yh i think

Is there anywhere I can go for help on a subject?

how to free port forwading without ngrok & router

8 too

Hi

can someone tell me beef page not login in wan network

wrong server my dude

Hello guys I’m trying to solve updown machine stuck at reverse shell… php isn’t accepting any revshell functions

Is there a contact board/ directory? I’m new to discord but it seems useless

Nice

try asking that in #boxes if you can't access that channel use ++verify at #bot-commands

sure shoot me a dm a if you still need help with that

big hint the format of the actual target is different then the example there is no uid parameter you have to do some enum to find the right parameter and from there enum to find the flag

anyone done with the footprinting module that i can dm with a question?

I'm really a bit lost with this challenge, but further down in the chat @vital adder gives a good hint, I'll follow that hint, thanks a lot anyway

np

thank you! I think this is the key

sure shoot me a dm if you still have question

Perfect, thank again

Anyone here working on AD Skills assessment 2?

I have done that. Do you need help?

Ys a little nudge

Well, look at that one line of code. What does it do?

var flag = "HTB{..." + "..." + "..." + "..." + "..." + "..." + "}";

This is the line of code with the flag in it. What does this line of code do?

Yea, so its concating a bunch of strings. So putting the strings all together would be deobfusctaing the code

nope it will print out the flag (image removed)

i havent done the module myself yet but thats what i would be doing

ah. to be fair, i didnt read most of the code lol

Well you were saying that you can infer what the flag is. My point is that by doing that youre deobfuscating the code

@rustic sage also for the love of god pls remove spoiler so all that have any thing to do with the flag

The question is pretty clear

first off, stop posting the freaking flag

thats considered a spoiler

Well then clearly you havent fully deobfuscated the code then

or you dont understand what its doing

I can read it right now..

Have you tried running the code 😅

whats the error?

HTB originated in England, did it not?

Well i mean, its really very simple. They want you to retrieve the flag from the code.

The first one you tried isnt it but i can see 2 in the code

have you tried the other one?

It seems pretty clear. The variable is obfuscated.

What module is this?

give me a name lmao

numbers arent helpful

What part about the sentence gives you trouble? The question seems pretty clear.

Maybe you're struggling because you don't understand the terms it's using.

ive done this module. You need to do exactly what you think you need to do

You know the format of a htb flag. Do you understand what "var" is?

Do you understand basic obfuscation ideas and yara rules?

I just scrolled up... And... Yeah it's super obvious and I haven't done this

none of that matters. He already deobfuscated everything

Its sitting right there

So he understands the question.

Reminds me I keep getting yaml not installed is it as simple as Sudo apt install yaml?

I just don't understand what is so confusing about it.

its very very clear

Whats the exact sentence of the question?

i dont understand what youre having trouble with

What part confuses you about this?

Whats hard yo understand about it

There's nothing confusing about this sentence

Thats exactly what it means

The variable is the part after the equals sign.

thats not true lol.

Not specifically the item denoting a variable.

Jesus you are dunning kruger.

What is the value of flag, once the code is run

Is what it is asking

Because its obfuscated in the code

🤦‍♂️

The issue here is that you dont understand how code works lol.

var flag = ("xxx" + "yyy")
does not store a variable "xxx" + "yyy"
It stores it as "xxxyyy"

^

and if you dont know that you can just run that line and slap a console.log at the end

I call bs

no way

A js dev whose first language is English is not what you're portraying.

console log (flag)?

Console.log(flag)

If you came from a full-stack js background youd know right away to do this

Just another day in htb 🙃

lol yea. Im all for helping people but dont lie about your background

ItS tHe WoRdInG

just makes you look dumb

I feel like youre confused just because the flag asked you to concatenate the various string parts.

no. i dont know what the issue is cuz he said it right here

Which if so, kinda weird thing to be confused about, but its the only thing I can guess from you literally posting the flag and still not getting it.

There is literally nothing wrong about how the question is worded

bro theres nothing wrong with how its worded lmao

Elon Musk is that you?

like 5 peoiple got it instatntly

fullstack js developer my rear

"use the information learned in the module to deobfuscate the flag" idk whats confusing about it.

He's American. American is his first language. Dw.

Whatever works, the question never said you had to use a specific technique

this

this is litteraly all you need to do

I mean fuck me too and I got it lol

It's fine to not understand but just say that. Don't say it's badly written.

^

There are badly wirrten questions. This isn't one.

It's written just fine

This is one of the more well written questions lol

How would you've worded it?

How would you have worded it? literally everyone else here understood it.

Lol I wonder what your idea of a well written question is

so how would you have written it?

What's ambiguous? The js dev who doesn't understand what variables are?

Like I dont like dogpiling someone just for not knowing things and this server is really terrible when it comes to bullying randos but im genuinely flabbergasted by how you became confused by such a straightforward question

What was ambiguous about the question?

yea. I try really hard not to bully people but like...

This kinda just blew me away

Atm Im trying to figure out if its just a bad attempt to save face from having a rando brain fart moment(which is totally fine and happens to us all for the record) and blaming the question instead of saying ooos or if there genuinely is some fascinating disconnect between what literally everyone else is able to understand without issue and this person.

yea idk

sometimes their questions are very strangely worded

but I don't see it here

Yes, this is not one

agreed. This is not one of them

Sometimes yes, which is why I asked for the specific question earlier, this is not one of em

I think the confusion was that as a full stack js dev he was unable to output the variable.

Like sometimes they are like "lol good luck nerd"

If theres any criticism is that this question isnt as hand holdy as many questions are as it just says "use what youve learned" instead of saying a specific technique. but that wouldnt be a wording fault and some people prefer that.

except he had the flag without needing to output it and was still confused somehow

So he wa a looking at the code and didn't understand the "obfuscation"

what a landslide lol...

Speaking of good luck nerd; I got stuck after getting the username from the share on footprinting medium 🙃 tackling that later to see what I missed

Oh well. He got the answer.

I'm not making fun of anybody.

Im trying not to. I would like to think the handful of people that Ive made acquaintances here, you included know that Im not the bully type when it comes to newbs

You got to own your stupid moments. Cause it'll happen lots. You can't save face all the time

yeah. I would have just deleted the " and + and just submit the flag

John Hammond makes dumb mistakes in his videos all the time and leaves em in

if I was that new

Kek

It's all part of the process, which is funny when he goofs it

Yeah I did similar during the Halloween ctf. Oh I got enough of the flag that I can manually piece it together, screw taking extra time to do it "right".

Making mistakes is how you learn. Im all for making a stupid mistake. The dumber the mistake the more chance youll never forget it.

Yep

Even better if someone calls me stupid for it. Cuz then i really wont forget it 😆

I am proven for overlooking very, very simple things.

for sometimes hours

I got stuck on an assessment looking for a way to log into a particular mssql server and nothing worked, derped and forgot from my very first scan the port was just open and I could connect directly. it happens

Ive spent hours on end doing a box, tearing my hair out cuz i misstyped a password and just assumed that wasnt the intended path when i couldnt log in

this+is+a+pretty+obvious+one

lmao

yea

lol

Or more recently I got stuck on an assessment trying to get a password for a service, resorted to bruteforcing and no dice. Hours spent, caved and looked up tips and no dice. Eventually turns out the password was in an earlier part of the assessment, I just got mislead by the question flow into thinking I was done with that part and I wasnt, even though it was something explicitly stated to check for in the sections and in my notes lol

"'1', not 'l'"

I think you were there when I fucked that one up

maybe, sounds about right lol

All you did was make it more hand holdy

you dont have to output it in the console, thats just one way to do it

No it doesnt

The way it did already, where it leaves the choice up to you on how to you want to retrieve the final flag

Yours is just spoonfeeding a particular answer when there are multiple possible answers

i mean..

Or manually piecing it together like you already did

It should be noted that the overarching goal of these modules is to also instill methodology and mindset over nitpicky specifics. The real world isnt going to guide you towards what you need to do, you have to figure it out. The modules complement this by often giving you multiple tools to solve a problem and encouraging you to device the solution from what works and what doesnt.

To that end, the question fits the spirit of the module and The Academy as a whole.

js deobf is a "hard" module isn't it?

I don't remember

I thought it was rated "easy"

Again, nothing wrong with the questions, this is pretty clearly a you issue and ya need to adjust your paradigms if you want to fit in this world

@thorn urchin are you talking about the password attacks module?

no I mean this world as in the infosec and hacking world

idk Ive alluded to like 5 different modules in the past hour

@thorn urchin Well I can understand your frustration if you're talking about the pass attacks module

i swear that one is broken

in some parts

I didnt like that module but im not the frustrated one, I think youre crossing some wires here

The one he linked is the fundamentals t0

Reset the target then

I'm in the middle of it. So far I've only had an issue with the password mutation section

it's a sign from the powers that be to take a step back

I don't know but I've had a lot of trouble with the PtT section.

tickets don't update properly or maybe I'm just a fool.

Shouldn't need your own VM, for the most part all of the modules have been tested on pwnbox

Look at this guy, paying for VMware

I havent gotten there yet lol. But I've done PtT before so I don't expect to have any issues with it

Instead of using the free VirtualBox

eventually one day the ticket just " magically updated " and i was just like....

Nice

Lmao. Yea. Thats just kerberos in general

actually it was very frustrating and it made me stop.

Kerberos is a royal pain in the rear to deal with

I finished it and then I just stopped for like 2 weeks lmao

It's not about making money to afford it. VMware is more of a pain to use unless you're already used to it

yeah it works fine if you're on Windows using Rubeus but for some reason...

Kerberos is usually my reason for malding when doing anything AD related

VMware Pro is fine. You're just used to the shitty free version.

I had to buy vmware im on an m1

Well, I have a windows attack box set up anyway. I try to do most of my AD attack8ng from a windows machine. Since my end goal is red teaming and you can blend in better on a windows machine

Virtualbox is better than the free Vmware.

Agreed

¯_(ツ)_/¯

Vmware is only good if you have pro

@rustic sage m1 max

I also don't want to think about VMware outside of the context of work, my work uses VMware to sign in to tools... So it is generally a pain for me lol

@rustic sage those are great too. I hear they are getting the m2 soon

It was specifically PtT from Linux that has the most problems

everything else in that module is perfect. I don't know what it is but something is goofy with Linux and Kerberos

or maybe it's the script HTB uses to update tickets? either way, I've had nothing but problems with it

Yea. I don't know the exact reason for it but yea tickets get buggy

I'll play around with it when I get there. Will let you know what I find

Curved monitor, I was thinking about getting one of those.

Man you're better off posting screenshots. I can't speak for snyone else but in a server full of hackers I refuse to click links

@graceful rampart it's fine lol just an image.

Curved monitors are nice

you can if you're verified on Discord

you have to link your hack the box account with Discord

Yea. Go to #welcome explains how to do it

As am i

You need to link you regularly htb account

And the emails don't need to be the same

Go read #welcome lol

you only need to link your API key from the settings on your hack the box account

I don't think emails have to match

You just need your secret account identifier

Dosent matter

Subscription dosent matter for discord

Np

anyone I can clarify a quick one on web shells - laudanum section second question

Thx!

trying to find out where ||to upload the shell in the website||

Do what it says lol. Message a mod

did you get the dm from htb bot? also you'll a htb account to verify

that shouldn't an issue so yep just message a mod or support

wdym? if you access the target site through the given subdomain you should be able to just upload the file and i think that's under Import configuration file or something

yeah found it just when reading your ms

im so non focused today

thx

Is there an error in the Linux Priv Esc - Misc Techniques? Under Weak NFS Privs, It talks about creating the binary on our local root host, then copying it over to the remote host. But the example starts from the remote then back and forth. Its confusing as hell lol

all i got in my note for that section is about the ||NFS|| nothing about a binary but i do remember that section super confusing

I think they just have it mixed up idk

ooo there is a new cme module

cant wait to try it out once I finish this pro lab

😄

Yea. cme is slowly but surely becoming an entire exploitation framework

lol cme is awesome 🙂

its winrm module doesnt play well with metasploit socks proxies though

returns false negatives becuase of connection failures

so I just use chisel

@warm sand Why the hell would they say ssh if you're not suppose to use ssh lol

chisel is awesome

I love it 😄

chisels biggest downside is fairly heft bin size even with build flags to slim it down, but other than that it rocks. I moved my notes on chisel to the root of my obsidian vault for faster access and Ive used it pretty extensively throughout the modules when appropriate even if the module doesnt mention using it or pivoting

also av flags it these days 😦

so I usually use it after I turn av off on a pivot point

yeah but thats a given for most tools so I dont knock it against chisel specifically

im loving all this new academy content 🙂

@graceful rampart can I get a quick sanity check for the footprinting medium lab? I'm not running atm it but just wanted to confirm I was in the right direction

waiting impatiently for the av module

i need some new tricks hehe 😄

I don't have notes on those assessments. Wish I did but I honestly don't remember them

Fair

Lol

All I remember is that everything you need to do is pretty much straight out of the module aside from needing to change a few numbers here and there

I think htb is doing a mentor thing now

if you get stuck

and you have silver+ membership

they will help you

😮

https://github.com/Nicocha30/ligolo-ng

Best pivoting tool I've ever used

looks nifty

🙂

Yea. It's by far the easiest pivoting method I've ever used

does anyone know how to install the mysql package for parrot? im getting errors for it

Funny thing is, I found it cuz someone mentioned it in here when they were talking about the pivoting module

i always feel like im walking on the backs of giants

when I use these tools

As do I. Eventually I'll get to the point where I'm writing my own tools

nice

If you can get the student discount there's no reason to do the yearly lmao

😦

And yea, for now only annual students get the tutoring but they said it will be coming to everyone else eventually

im kinda jealous of HTB's b2b stuff

they have more pro labs

That's a very good news then.

😦

looks nifty, would have to see how well it does reverse connections cause the age old firewall issue. That or im misunderstanding something from just skimming it. Filed away in my to look at later bit

Haven't used it when a firewall is present yet. You're right, that's definetly something to test

Hi all,
I am stuck at "Getting started" module, "Privilege Escalation" part. I SSHed into machine, and I can't find way to user2 account. I ran 'sudo-l' as user1 and got:
"(user2 : user2) NOPASSWD: /bin/bash"

I can't move from here. Should I download enumeration script? Or there is other way around getting priv esc to user2?

the agent/proxy wording seems to suggest that perhaps its actually the default, but Ive seen so many tools define those words differently that I dunno without testing lol

I am actually looking for some small hint, so I could continue alone 🙂

Yea

I mean the path is right what you posted

Well, what is /bin/bash?

Answer that question and you'll understand how to privesc

Look up sudoers and how to interpret the results from sudo -l

Hi, i was going through the "File Inclusion" module and under the title Basic Bypasses, section 'path truncation' it read as on the screenshot highlighted in blue...may i ask why would starting the path with a non existent directory would be necessary for the technique to work?

ooops, my screenshot did not attach

because you may not know the full path, or they can be prepending a path so you need to use a relative path

need to verify your account before can post images here

this is how it said in part, since i cant attach the screenshot of the section "Path Truncation

In earlier versions of PHP, defined strings have a maximum length of 4096 characters, likely due to the limitation of 32-bit systems. If a longer string is passed, it will simply be truncated, and any characters after the maximum length will be ignored. Furthermore, PHP also used to remove trailing slashes and single dots in path names, so if we call (/etc/passwd/.) then the /. would also be truncated, and PHP would call (/etc/passwd). PHP, and Linux systems in general, also disregard multiple slashes in the path (e.g. ////etc/passwd is the same as /etc/passwd). Similarly, a current directory shortcut (.) in the middle of the path would also be disregarded (e.g. /etc/./passwd).

If we combine both of these PHP limitations together, we can create very long strings that evaluate to a correct path. Whenever we reach the 4096 character limitation, the appended extension (.php) would be truncated, and we would have a path without an appended extension. Finally, it is also important to note that we would also need to start the path with a non-existing directory for this technique to work.

An example of such payload would be the following:
Code: url

?language=non_existing_directory/../../../etc/passwd/./././.[./ REPEATED ~2048 times]
"

idk I dont have that bit saved to my notes, I wouldnt start with an explicitly non existing directory

hey quick question how can i share the link to it a friend of mine wants to join

Bit confused on this first question in the Shells & Payloads section

It's probably something super simple, but what am i missing on this answer?

maybe aspx bit on the file path

aspx instead of axpx

i havent done the module but i can only guess that from the context

yeah looks like ya got a typo

Thanks for answer. I was a little bit dumb, so I overlooked sudo -su user2 command. Now I am into /root folder but can't 'cat' flag.txt file. I need permission. Could you provide me some small hint? I am stuck..

Well only root can read the files in /root

are you root yet?

if not you may wanna start looking for more privesc vectors

any shortcuts of unneeded info for linux fundamentakls

Privesc is very cyclical. You start your enumeration, find a vector, go to the next user, then go back and start enumeration again

yep. In "Hint" on HTB, it says "Dont forget to chmod". I tried to chmod flag.txt file for u+r and nothing. Tried various combinations, actually

Nah. you arent there yet. Keep searching. iirc this vulnerability is straight out of the example the give

yeah technically what youve done now going from user1 to user2 is called 'Lateral Movement' because youre moving from similar priv levels to similar priv levels. But other users may have access to escalation paths than others.

So if this was a real world situation, hypothetically you would have seen that there was no route from user1 to root, so you laterally moved to a different user to then see if they have a route instead.

& thats a spoiler

i mean, you can just copy the path from the example lol

Thank you so much, I think Im on the right path

Didn't realize i needed to include directory in the hint as well, bit of a gotcha question, but that + fixing the typo = finally got it

Yeah in the real world theres no gurantee that moving laterally is the correct path, but in these lab and challenge scenarios usually things are only there for a reason and rabbit holes from the box creator are rare(outside of some like hard or insane ranked boxes), so generally if you CAN laterally move to a different user, then youre supposed to.

Youll often find in the real world that actual exploitation steps are easier than lab boxes, but will have far more enumeration and dead end paths requiring triaging than in lab boxes.

Understood. Yep, I succeed at the end. Salute to SSH Private keys! 😂

Ergo why you see every couple months some random google payout for several $K for the most mind numbing trivial web vulnerability and youre like '1. How did google mess this up and 2. Howd nobody else find it already.' the answer to both is the sheer scope and triaging required

I guess, lack of exploitation in lab is because it's not safe for HTB?

So they give to us more enumeration things?

Hmm? I think you misunderstood what I said

Actually I did 🙂
Thank you so much for these infos, beside my question

Yea. The amount of times you see payouts cuz someone put a key or password in a public github Repo is crazy

hey, I'm on one of the easier modules (Getting Started - Service Scanning) and having a technical issue with connection timing out after inputting bob's password. I have the same issue whether or not I'm on my own VM w/VPN or the HTB web instance. Seems so basic that it must be user error, but have tried it every which way. Anyone have similar issue or see what I'm doing wrong?

Try smbclient -U bob//IP/users

tried this and several syntax variants but none working - syntax error coming back rather than connection error

it's strange because it only times out after inputting pw

Can anybody assist wIth BloodHound -- Skills assessment. The third question, "What GPO does the VPN Users group have WriteProperty rights over? (case-sensitive)". What I believe to be the answer is not taking, and I am having issues figuring out what else it could be XD. I was right, it randomly took it today lol.

alright whos willing to help on the box HEALTH

nobody cause this is the wrong channel

oh my bad didnt see i was in academy

Module 88 Section 22
Introduction To Python 3

What are the values of target and port you want us to use?

likely whatever your target is and the corresponding port number of whatever youre interacting with

It's just a tutorial. No target and port is given, though in the example python code it is provided as target:port directly.

It's possible a domain exists for target, but it isn't defined in /etc/hosts so it would have to be some DNS server on the internal network of the box I'm working on. port, however, is invalid by itself and must signify a placeholder.

Yes, if the module section has an interactive portion you need to spawn the instance first at the bottom. Otherwise if it doesnt the placeholder is just for demonstration sake.

Unless its a scenario where they want you to make the server portion as well, I havnt done that module specifically

I didn't hit the "Spawn a target ..." option at the bottom. Apologies. Still figuring out the UI 🙂 Thank you

Anyone for a nudge on the excersize at the end of "Credential Hunting in Linux" in the password attacks module? Im able to log in as Kira but i cant find anything after that. Im completely at a loss here. This feel like im trying to privesc an HTB box, not do an excersize on academy 😅

Academy modules wouldnt be as useful if they didnt intentionally throw ya some curve balls 😉

Is there a way to use my own environment instead of the HTML embedded shell for the academy assignments? Perhaps, VPN into my module or something? I think the HTML shell is extremely cool, but it's still a little slow compared to a local shell. If not, no worries.

Ive never used the html shell

Always done either pwnbox or vpn connection

html shell is brand new.

Fair, but like, im completely lost. Ive tried all the tools in the module. Mimipenguin needs root, firefox_decryptor asks for a master password that I dont have, I found the passwd.bak and shadow.bak but i cant read shadow.bak so those are useless. Im at a loss here

Why cant you read shadow.bak?

I'm sure this info is available somewhere that I just haven't seen yet. Would you mind sending over instructions? I'd appreciate it.

cuz its only readable by will lmao

and if i had his password id be set

I dont have notes on the section by section practicals so need to jog my memory a little

pwnbox is just click on the start pwnbox instance button. vpn is download the openvpn profile and use openvpn to connect. Google how if youre unfamiliar.

with the caveat that my memory is fuzzy, have you also checked say bash history?

I remember one of the sections being like that and just glossing over a password in clear text

thanks, I'll setup the VPN

Not sure if @thorn urchin is a Hack The Box affiliate or anything, but mad props for helping folks here. 👍

I just like helping when I can

Appreciated. I'll be around much more in the future 🙂

I hate this module so much. I reset the box and now one of the tools that i tried before magically worked

Its my least favorite module by far

Yea. Lots of very poorly designed excersizes

if so should probably verify your account with #welcome like 90% of the discord is locked out to white names lol

the informational parts are just as good as the rest of academy. But the excersizes are brutal

The biggest problem with the exercises is a ton of them are time wasters where you dont even know if youve made a mistake until 30minutes+ into an attempt

yea

yes for sure

Ive been sitting here for an hour pulling my hair out only to reset the box and have a tool that a tried at the very beginning magically work now

Doing everything perfectly will still take several hours purely from processing time. I know its more real world realistic but rapid feedback is more important for learning than realism in this case.

Agreed

That specifically I havnt had an issue with but yeah the module overall could use a slight rework

Notably the newer added sections with PtH and PtT are much better designed and doesnt waste your time, most peoples issues with it are just their own issues dealing with curve balls.

appreciate the tip once again. I think I'm identified now

you are

Ahh yes, the n00b tag

I've noticed more than a few people be like, "This section was hard for me, that makes it bad" and im just like 🤦‍♂️

It's not an easy discipline

lmao. yea. Hard is good most of the time

thats the best way to learn

I just dont enjoy spending an hour only to find out im on the wrong path

Yeah but sometimes thats just the nature of the beast

Fair

but imo an excersize shouldnt take longer than most of the labs 😆

Kinda like my earlier rant about the difference between real world and lab environments. The real world isnt going to be limited to just relevant stuff, you will absolutely be spending hours and hours on rabbit holes and wrong paths with utterly zero indication youre on the wrong path. Just how it is sometimes.

But yeah difference between "oops IM on the wrong path" and "teehee you won't know youre on the wrong path till over half the instance lifetime has passed already because thats how the challenge was calibrated"

I totally agree. But an excersize is expected to be an excersize. You wanna throw rabbit holes into the labs, by all means, thats fair game. But if im doing an excersize, i assume its supposed to test what i just learned

yeah im on the same page there

If the excersize dosent test what you just learned and instead tests on something that you did an excersize on 2 sections ago whats the point?

eh im a little more picky on that particular statement

I would add on, unless up until that section it's building on top of itself

like, it took me like 20 minutes to figure out i needed to bruteforce Kiras password. Not because i dont know how to do it but because I wasnt expecting to need to generate a mutated password list because i did that in the previuous section

Theres been more than a few modules that are 10x easier if you apply lessons from totally different modules and its a great joy to discover those. Being able to find moments where you can go off the beaten path and use a better path you figured out yourself is a valuable learning moment and I suspect secretly some of the modules has that in mind.

idk,m aybe its just a falw with how im going throught he modules. Ill defiently be thinking about everything goign forward but i thinkt hat defeats the purpose of excersizes

Yeah the mutated password list is used for most of the whole module and assessments, keep that file handy

Order to use is Mut password list>Unmutated list>rockyou

cause iirc youll use all three in the assessments

I totally hear that. Ive done that in a few places as well. But before this module I would never have thought "Ill try this thing that i was just tested on in the previous section"

can swap unmutated list and mutated list though cause its shorter

Yeah itd be nicer if there was a little bit more of a hint that the mutated section was going to be a foundational piece for future sections to reuse

Yea. Agreed. Like, ont he labs id expect that. But not for the excersizes

But yeah I mean more like applying pivoting module lessons to the AD assessments or the ffuf section for the file inclusions and uploads modules

those are the offbeaten paths I really liked to use

Yea of course

any short cuts in the modules for malware prevention

?

what

if i am studying attack prevention on htb is there any short cuts of unneeded info

whats a "shortcut of unneeded info"?

are you asking about what parts you can skip?

yes

exactly

things that are unimportant or mimic other parts of the lesson

none, study well

I mean there is no real shortcut, the goal is to teach you the concept, but if you have or know of a tool that works with the concept then great.

Yeah its a question of if you have to ask then its not something you should skip

Hi, I need some help in "Attacking Common Services - Medium". I have enumerated all ports and found ||port 2121 open (FTP proxy) beside other ports. I mention this one specially since this is the one you should focus based on previous questions for this.|| However, I tried to brute forcing it (with resources lists), login as anonymous, but nothing seems to work. Any little hint about how to procedure?

enumerate harder

The med lab is actually the easiest of all three labs for that one. You just have to do your due diligence

Well, that was easy...

ty

yup and np

literally the last bit of my notes for that lab lol

Lolll it do be that way

Could use an assist on nmap firewall ids/idp evasion hard module if anyone is available

The answer is in the lesson

Check carefully

I've read the lesson, question and hint and nothing is jumping out at me. The ports that show open enumerate the services fine but neither are the answer.

Look VERY carefully

Once you see it

Hey I am just about to graduate highschool and am trying to get into cyber security. If anyone has any tips or advice to pass down that would be awesome I’m completely new trying to prep and get ahead for college. Appreciate y’all

But the tools and commands are there

Tip: if you ever get stuck , don't stop trying, and Uncle Google is always your friend

I will remember that

In which lesson, the hard module or the preceding modules?

Also if you're ever stuck, just think about the few things: what can you see, what can you not see, and how do these combine for the whole picture

Thank you so much

It's in one of the lesson sections

ok

Can't say much more but it's fairly obvious once you see it

I had to get nudged to it myself, so don't worry

Password Attacks: Pass the hash section. What exactly is this question asking for? I tried HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy LocalAccountTokenFilterPolicy and FilterAdministratorToken

in "PASSWORDS ATTACKS: Pass the Ticket (PtT) from Linux" I got stuck with this question (see my screenshot). I used smbclient to download the flag.txt file and read the content of it with cat command. But when I try enter it as a answer it said: Incorret Answer. Anyone have a hint or clue ?

it ask for the name of the key that you set to 0

Hello

Ah. Had a minor brainfsrt there. Thanks

What framework would be followed?

You know what would probably help me enumerate on my vm... connecting to the vpn 🤡

anyone working on Footprinting IMAP/POP3?

you need help on it?

i dont know if im too tired of been working on modules the whole day but im having trouble to login into IMAP

im tagging LOGIN login pass and getting error

try the syntax as they have it here. Dont think they give correct or updated syntax in the module

https://www.atmail.com/blog/imap-commands/

i just got

tks

i forgot to tag IMAP before the command

xD

https://www.atmail.com/blog/imap-101-manual-imap-sessions/

👍

AD Assessment 1 down!

moving on to the next one

Ok I'm frustrated at this point I can't RDP into this lab (Footprinting Medium) unless I'm just missing something if someone wants to nudge me in the right direction that'd be great; because I do have a password/login but that's about it

[04:30:22:263] [9814:9814] [ERROR][com.freerdp.client.x11] - failed to open display: :1
[04:30:22:264] [9814:9814] [ERROR][com.freerdp.client.x11] - Please check that the $DISPLAY environment variable is properly set. I get this error each time so I guess I'm moving one step forward

after disassembling main function there is no eip in the dump so how can i find it and perform buffer overflow . please help

https://tenor.com/view/hacker-pc-meme-matrix-codes-gif-16730883

I'm in bois LET'S GOOOOOOO

How was it? I just finished up the learning material today.

I personally found it a little challenging. It's more or less figuring out what steps you should be taking next

Pivoting, and enumeraiton are key

That’s what I was thinking it would be about. Piecing it all together seems like a pretty big challenge, though the individual parts aren’t too difficult.

admin

can i get help

Why do you specifically need admin assistance?

where is the link for hack the box website?

Yea. Doing assessment 2 now. I really want to take my time and enumerate/information gather, and then after that slowly formulate what I should be able to do, and then make a checklist for me to go down

Do you mean the academy? Or the standard site?

site

u can dm me

http://www.hackthebox.com

thnsk

Np, this chat is really for the modules found on http://academy.hackthebox.com

how do you sit ON the HTB discord and NOT know how to find the HTB website....

https://github.com/Jaratai/AD-mindmap-by-m4yfly-and-vikingfr-Sant0rryufrom-Orange-Cyberdefense/blob/main/pentest_ad_dark_2022_11.svg

This is one of the best AD mindmaps I've ever used. I havent done the AD module yet so idk how helpful itll be but I use it any time im attacking AD

Also, bloodhound is a very very useful tool, altho im sure the module covers it right?

I watched John Hammond demo how to use it's actually neat

I finally was able to get into the footprinting medium :D

Congrats!

Ohhhh I just brain blasted this part

Yea. Bloodhound is really good. Altho if you're trying to be stealthy you'll have problems. The collectors will set off every flag you can set off

True

I do like it as a vuln assess tool though

Because if your ids/IPS doesn't catch or stop it... Then you got major issues

Even as a pentest tool. As long as you dont need ti evade detection

True

If you're permitted to run in guns ablazing

Well I mean how wiuld they? The ingestors run locally on the target machine and you exfiltrate a zip file to import to bloodhound

Ah fair point

It's AV/IDS/EDR that you need to worry about

Yeah

Altho there are ways to get around them. But we won't get into that now

if bloodhound isnt caught locally its mostly because of the sheer volume of abnormal requests it makes

Usually yea

I'm just feeling good that I was able to privesc without any troubles in this module

Nice!

but even then, its gotta be a pretty tight environment to truly ring alarms

Fair

Most of my issue was that I was using stinky xfreerdp

but yes AD module covers Bloodhound

I figured as much

Then I remembered I installed the GUI tool for it

And was like 'oh... This is fantastic'

AD module is actually insanely in depth. PtH, CME, Bloodhound, Kerberoasting, DACLS, forest trusts

Nice. Thats good

I'll get there eventually

like practically the only thing it doesnt cover is ACDS and it at least gives an honory nod to it.

As soon as a stop banging my head against a wall with this God damn password attacks module

Ah. Well ADCS I feel is more advanced anyway

||@fathom pendant||

Altho it's a really big topic in red teaming currently

yeah exactly

i need help again

CAN send screenshots?

?

?

i have trouble setting up the vpn

csn i send screenshots here ????

If you're interested in ADCS, Alh4zr3d is writing a course on it. Not sure what the planned release is but he will proly put it on his patreon before it gets released on TCM

Im aware and already on the patreon 😉

HELP!

stop spamming

sorry

just help PLS

nah

-_-

I dont have the kind of patience to aid someone that tags somebody and then writes 9 messages screeching for help in sub-2 minutes, sorry. Best of luck though.

Do you not realize that you're asking other people to take the time to help you? Right after you send 9 messages in 30 seconds because you didn't get a response?

😧

ye

Nobody is going to take the time to help you after you do something like that

where else can i go?

support chat on the website

^

i saw the role of "PRO" on ur profile and asked for help

or exercise the slightest of patience to wait for a reply

..

this is a place for discussion and helping others about academy modules but nobody is entitled to help you. The more entitled you sound, the less most people are gunna want to actually help you.

how not to be "entitled" ?

its like a child throwing a tantrum in the supermarket, aint nobody but their mother wants to deal with the tantrum child

Be more patient, ask more politely

😂

learn to ask good questions too

HELP

isnt a good question

Just act like a human being and understand that nobody here is required to help you.

"hello my friends"

Can i get ur polite attention

I needed a helping hand....

Also give this a read: https://dontasktoask.com/

"Hey, Im trying to connect to the vpn but im having issues with it, can anybody help me with it?" thats a better question

yeah unironically read that link

THANK U 😘

Ive set it as my status in the past 😂

Lmao

I should really do that

thnks ❤️

The amount of times I get people dming me with "I have a question about x module"

Drives me nuts

My bio literally says to ask me before DMing for help, which shouldn't be necessary because its in the rules

LOL

I just auto ignore all DMs from those I havnt said okay to

heh

Nice

I do that most of the time too

Unless I'm bored

best part is they show up from here as message requests and not actual notifications so usually I dont even see they tried till three days after the fact

Lmao

like damn bruh, shoulda asked I might've actually said okay three days ago

I usually say okay unless im heading to bed or busy with something

um

hello

"Hey, Im trying to connect to the vpn but im having issues with it, can anybody help me with it?" This message was recommended from a friend

Well, what have you tried and what issues are you having with it

i tried putting those commands into the terminal

but the errors occures

wanna se/

if you're meaning copying it exactly as path/to/file?

nope

if you're using the pwnbox you don't need to do anything it's already on the vpn

i coppied the path the actual path

did you download the vpn file?

yes

ok show us what command you did and what error you're getting :)

ok wait

you can't post screenshots in here until you verify in #bot-commands btw

ok

@fathom pendant

can i dm?

sure

Hello people I am a beginner and I am unable to connect to the ssh in my instance

eventhough I typed the credentials given by HTB that is HTB_@cademy_stdnt! it says that the authentication have failed

What command you running. What error you getting?

I tried changing my ip and password too

@thorn urchin @rustic sage need ur help 😂

I gave
ssh [username]@[ipaddress]

wait lemme share the screenshots if u dont mind

Sure

nooo

@rustic sage

first u have to verifh

or ull be muted

Send me dm @rustic sage

RIP

i have doubt in module stack based buffer overflow in linux

he is muted

He didn’t even send them lol dayum

How can i verify ??!

Just copy paste your terminal command

there is no eip in the given program file , when i disassemble the main function

why would eip be in the file, eip only exists during run time

go in #bot-commands and type "++verify"

#bot-commands is where you verify

@rough trail you have to debug, not disassemble

that program is running in background , this is given in the description

by gdb debugger

right

Yep

EIP still doesnt exists inside a file, it only exists during run time

EIP is just what the cpu uses to say "Im executing this opcode next" that's it.

hmm

That's right madf0x, the adress of the eip it is tied to the RAM of the machine, it can change even from one architecture to another

@thorn urchin what percentage are you with cpts

The IP stands for Instruction Pointer

85% ive been slacking the past couple weeks

Nice just curious

What are cpts ?? 😅

How long did it take you to get there like in days/months?

That’s the htb academy course

I wanted to finish linux priv esc to night but eyes were hurting so I cant read focus on a monitor screen atm.

For pen test

Cpts the certified penetration tester ya goon on the academy site

Lol ya goon

Overall im 3 months in from when I started roughly

Omg okok 🙂

For sure cool man

I'm about a week or so in lol I'd be further along if footprinting /andRDP/ wasn't a bitch

I just did all the tier 0 and the bbh path 🙂

It says you accepts messages only from your friends

The first half went by way faster for me than the second half, but that's mostly been cause if life stuff

now I have verified

Nice you’ll get there man just gotta keep on truckin

I had the right idea, but xfreerdp can suckit

Because once I used Remmina... I was in, grabbed the data and was out...

@fathom pendant install a windows vm and use mstsc 😉

Rdesktop is nice can manipulate size of screen iirc

Sticking with one VM my poor 4 core processor can barely handle it

xfreerdp can too with option

By that I mean if I tried running multiple I'd probably burn the house down

can also mount the local folder as a remote share too, which I wouldnt recommend doing in the real world but is convenient for some of the annoying manual rdp sections

"Hey, do anyone know how to change kali linux password , having issues with it, can anybody help me with it?"

Interesting that would of been useful so many times ha know the option off top of your head I’m not at terminal right now so can’t research

its either like +dynamic-resolution or /dynamic-resolution

Dope I’ll have to try that tmrw

passwd

okie thanks

almost forgot that

Default is root:toor

+home-drive or something like that for automounting as a remote share when connecting to windows