#modules

if fg is a thing, surely bg must be

it did work as well

i need a little help on info gathering web edition active subdomain enum, the third question

I managed to do the first and second

ping or dm me if u wanna help me

This question isnt very helpful. You havent actually asked your question yet which means when someone offers to help, they then have to wait for you to ask a second question. You havent said what youve tried either.

If you want an answer to a question, start by first actually asking the question. Share as much info as you can (while avoiding spoilers obviously). You want to make it as easy as possible for someone to help you that way when they see the message, if they know the answer, they can just say it

That being said, if you provide the information i just mentioned ill be happy to try to help you

k

so I try to dig or nslookup the ip given by the section it returns nxdomain

which i looked up what nxdomain means and it means non existant domain

Well, theres more you can do than just a dns lookup

i put the ip into the zone transfer website thingey and it still returns an error

maybe try running a command from your terminal to do a zone trnasfer

ok

i think it could be because u need to connect to the website through the openvpn proxy htb academy gives me and nslookup or dig or whatever is connecting through their server so they cant connect but im not too sure how to resolve this

Hola alguien sabe co o puedo hacer si pedí mi código 2FA

Perdón alguien sabe cómo puedo hacer si perdí mi código 2FA

please use english

Sorry, does anyone know what I can do if I lost my 2FA code?

contact customer support

Sorry, does anyone know what I can do if I lost my 2FA code?

how can i contact support

?

Via the green chat bubble on the website

Tanks

Gracias

Hm, so not all modules return cubes?

really?

I try use John the ripper for crack a id_rsa ssh key-file but I get a errormessage when I try run ssh2john to get a hash. What I'm doing wrong?

@fallen osprey did you first run ssh2john to get the hash that John can crack?

Oh sorry I read that wrong

You probably have Python v3.9

Try an earlier version or python2

when I tried python2 it succed. Doesn´t v3.9 like this?

PASSWOR ATTACK-Pass the Thicket (PrT) from Linux I used smbclient to download the flag.txt from //dc01/linux01 and read the content from that flag.txt to answer the question. But it said it´s Incorrent Answer. Anyone have any hint/clue/idea ?

Hi all

May anybody assist in Footprinting module. section DNS in last question please. as i already dig all the links and also did the brute force of those link but no luck. Any assistance will be appreciated.

Thanks

The method changed from base64.decodestring() to base64.decodebytes() in the newer versions

is that something I can change in ssh2john.py file ?

You can try lol maybe there's a new compatible version of it for 3.9

Hm so in the File Transfers module in the PowerShell Web Uploads section it says
"PowerShell doesn't have a built-in function for upload operations, but we can use Invoke-WebRequest or Invoke-RestMethod to build our upload function."

But in the Net.Webclient docs there's a table of methods that can be used to upload files and data
https://learn.microsoft.com/en-us/dotnet/api/system.net.webclient?view=net-6.0

Mistake?

@harsh badger do you have any idea/hint for my Pass the Ticket ((PrT) issue too?

Sadly no(t yet) lol

Dm me the flag that you found

Need to confirm you actually found the correct one

sent 🙂

why

i mean i could

nut this is not hacking service

Wrong server

This is not hacking service server

sorry

I finally got the content in table flag5 for SQLMAP ESSENTIALS module and it says its not the correct answer...... any help here would be greatly appreciated. I do not have a space character at the end or begining of this key.. just for clarification.

ok what gives.... one of the characters was a _ instead of a number?!

I submitted it successfully but the above doesn't make any sense if anyone would care to explain it to me.

DM me

😆

Any one complete Introduction to Windows Command Line ? Need help with question 5 of the skill assessment

"User4 has a lot of files and folders in their Documents folder. The flag can be found within one of them. "

if the flag you got in the exercise is not the correct flag accepted as the answer maybe should report an error in the erratum chat.

Thanks with the help from @proud pine seems like the type of sqli can miss some data so multiple passes can be beneficial

@wheat garden dm'd you

Anyone been able to complete the last question of the skill assessment for Intro to Windows Command Line? I've been able to view the event log entries and the usernames, but none of them work for the answer...

@sterile hawk

Please don't ask for help with illegal activity in future

Hi all

May anybody assist in Footprinting module. section DNS in last question please. as i already dig all the links and also did the brute force of those link but no luck. Any assistance will be appreciated.

Thanks

The module tells you somewhat what you may need to do; hint: something about zone transfers- I just pulled my notes up from that with my commands. One of the tools they give you; or if you know where you're looking using the for loop they provide you with (with some minor changes) should resolve your issue.

Man, I spent 20 minutes trying to figure out why the bash script I was writing for this module wasn't working, and ChatGPT goes and finds the error in 2 seconds.

im not sure if this is useful for anyone, but i found this AD map for pentesting, looks pretty legit. https://github.com/esidate/pentesting-active-directory

@sly tapir

can anyone help me with the skills assessment on the AD module

That sorta depends on what your goal is. The modules are just there to teach you a concept, or how to use a tool. If you know what you are doing already, or know a better way to do something, that's up to you.

only if you want to be

CROSS-SITE SCRIPTING (XSS), the first question there is
To get the flag, use the same payload we used above, but change its JavaScript code to show the cookie instead of showing the url.

So i tried to put inside of the input <script>console.log(window.cookie)</script>

But in the console I get error message
Cookie “cookie” will be soon rejected because it has the “SameSite"...

You've got a mistake there. I'd suggest checking with google on syntax, or using the 'hint' button for the question.

yep.. i meant document.cookie.. but still the same issue

the page is also refreshing when I submit the form

and it's the first question on this module so I assume they don'y want me to go too deep with JS and use e.preventDefault()

I'd go back through the module, and try to use the methods they show.

Also, you should avoid putting outright spoilers in any of your messages here.

Ok

l

Pivoting, Tunneling, and Port Forwarding module. I can't move forward as the instance is up and down, not fun.

Hi Guys anyone have any idea what is the answer for "What is the ObjectAceType of the first right that the forend user has over the GPO Management group? (two words in the format Word-Word) " in Active Directory Modue? stuck there for a while, powershell is stuck and the 2 answers from Bloodhound not working 😄

@proud pine but the page should refresh on that question? in the example they provided I should be able to add a "word" and it will submit the form and show the word below

honestly, I don't understand this question, I can just go to the dev tools, run the command there and get the flag..

so I'm good for now, until the next one

Iirc you need to research objectacetypes elsewhere.

I had a look there.. do i need to take a second look ? 😄

Well the answer is there so probably.

Solved, thanks buddy!

No worries it was a bit of a weird question haha

Any one finish introduction to windows command line module? On the final question of the skill asessment. Ran

Get-WinEvent -FilterHashTable @{LogName='Security';ID='4625 '} | select-object -ExpandProperty message

non of the displayed usernames haave been accepted im stumped

run it at dc

Has anyone completed the Footprinting Hard Lab ( https://academy.hackthebox.com/module/112/section/1080 ) who'd be happy to DM a hint (I'll need to describe where I'm at)? I've been stuck on it for days, tried all sorts of stuff, and made no ground.

Hi

I'm new in this, any hint to solve my module

What Module?

Feel free to DM

Linux Local Privilege Escalation - Skill Assessment
flag 5
Can someone help me to obtain the reverse shell? I have tried with msfconsole and there is no way, I have the username and password

Read the lab instructions carefully, it gives you a hint where to start

Hint: what does it tell you it serves as

Thanks, @stuck hull / @fathom pendant - I got some help over DM, and I'm making progress again.

hey can anyone help me with the Nmap module hard and medium labs, i have completed this module like 4-5 months ago currently taking notes so would really appreciate if someone helps

Once you get a foothold it's fairly smooth from there iirc

Yup, just finished it 🙂

@brisk geode for medium, try running a scan in NMAP that utilizes a different protocol. And for the hard lab review the last two examples in the module.

@brisk geode Feel free to message me directly if you are still stuck after those hints.

When i get home from work gonna pick op academy again. Been to pang…

ty ill

bro thank you! I saw this once and forgot to save it. good find

hi everyone!
i'm doing the skill assessment for the file inclusion module and i'm kinda lost.
i've already tried somethings like LFI and RCI with PHP Wrappers and nothing yet.
i also look on web for tips and i saw a lot of people saying about source code disclosure but everything i tried lead me to a dead end somehow, i know maybe i'm doing anything wrong or missing something basic but if anyone has some way to point me or any useful tip i'll appreciate it 🙂
**Btw english is not my native language so if i said anything weird please tell me 🙂 **

is someone available for DM about my findings related to Broken Authentication - Skill Assessment ?

doing the reverse port forwarding section in the pivot module and im stuck at creating a reverse shell.
I tried the meterpreter way and it always clses the session, then i tried the nc way and something strange happend xD
im not sure what im doing wrong haha

@polar crag check the payload option

@placid quest thanks! but im still confused because the payload created was a reverse_https and was shown in the module "windows/x64/meterpreter/reverse_https" and this didnt worked.
Now i created a new payload but a windows/x64/meterpreter/reverse_tcp changed it in the multi/handler to reverse_tcp and now it worked.

I have to write down all the steps because there were so many...
-Create payload
-Remote forwarding so you can login via rdp

• Copy payload to Pivothost
  -Login to ssh and start the http server
• Download payload
• Reverse port forward
  -Start Multi/Handler
  -Execute payload

@polar crag That thing that to happen to me when i was doing pivoting module so to solve it i had to change the payload and it worked

It confused me hard but now i understood the concept of reverse port forwarding. Its a really interesting module.

Hello all I am new here but have no idea about anything can anyone help me?

Check out academy.hackthebox.com/

its the place to learn if youre interested

Thank you

Well i have no idea abt hacking too can anyone guide me i am interested but don't know wat to do

Thats a very very broad question thats impossible to sum up in one message. Theres so many areas of hacking

google and youtube is your friend

A short question is it possible to hack with JS

yes

XSS for example

But i would say if you overall want to do more pentesting/cybersec. One language you know isnt going to do much for you

there a giant amount of different areas within the term "hacking" term

you should be well versed with any scripting language and you must have a little coding experience so that you can atleast read code for vulnerabilities and exploits IMO

finally coming back to try to finish the fuzz module

i have ran fuzz and dirb for this question and i cannot find the page. "Try to use what you learned in this section to fuzz the '/blog' directory and find all pages. One of them should contain a flag. What is the flag?" its in page fuzzing

ATTACKING WEB APPLICATIONS WITH FFUF

i need help, like fuzz finds the index.php page that has no information but cant find the page with the flag

Can anyone explain dns zone transferring to me? I understand that your basically doing a download of the records stored on that dns server, but what I don’t understand is how do you know you that you can do a zone transfer? When using dig what differentiates a normal dns record to a server that can do transfers?

Helo, I am doing

LINUX PRIVILEGE ESCALATION - Skill Assessment

I believe I am pretty close to get flag5.txt or root flag. I am stuck at one place. Can someone help me? can I DM someone??

Dropped you a DM

why is the target server so buggy today it keeps dropping the connection

anybody else having issues with starting instances?

.

i guess its a server issue from htb

i would point my finger at aws

just shoddy infrastructuring

😛

lmao

ill come back later i guess no point doing this with this connection

mine just worked

mwhaaha

go on

and wait till you loose connection in the middle of an exploit

mwahahahahah

anyone has a solution to increasing the resolution of a windows rdp

U in shells and payloads?

read the documentation for the rdp client you use, it's most certainly in there

instances be going dowwwwn

got it

can someone help me with this please

• Basic Bypasses - LFI - module/23 section/1491
• web application employs more than one filter to avoid LFI exploitation
• ?language=languages/en.php

i tried with cheat sheet and tried all methods but not getting /etc/passwd

The answers aren’t given. If you need help you should state what module and section you are on and where you are stuck.

i am working on Public Exploits and the target Web Server can not be reached. The website was working at first. I am guessing I tried the wrong exploit in Metasploit and now nothing is reachable. I wanted to try the wp_plugin_backup_guard_rce for remote code execution but I am having no luck

sorry I found it out. took a lot of struggling when all i needed to do was read the advanced options -_-

hey guys, i have an error, somebody help -me
I config the resolv.conf with ip and status.inlanefreight.local

but the page doesnt load
Laudanum, One Webshell To Rule Them All

I just did that one!

happy to help i am building my notes now

send the path of the exploit you are using

The lesson itself walks you through how to do so

ok the main step is going to the web server

your next step will be searching for the exploit on Metasploit. From there it is key to look at how it is configured befcore launching it

that is not it

How do we report minor errors in the material?

be more specific in your exploit search

Just so I'm clear on this, the purpose of static/dynamic port forwarding is to get around a firewall?

hey guys im stuck on Firewall and IDS/IPS Evasion - Easy Lab (cpts path) i cant get the answer "Our client wants to know if we can identify which operating system their provided machine is running on. Submit the OS name as the answer. " any help will be appreciate.

Have you looked at what information the web sever gives you?

i think i did let me check again thx

Hi all, I have managed to fail at the first hurdle. I am progressing through Starting-Point. I have a target machine started. I can ping it. But I cannot ssh/rdp/web to it.
The last question in the module is to "Submit root flag" but I cannot get onto the target.
I am obviously missing something fundamental.

I ran the following command nmap (target) -sV -p80 -O -D RND:5 --disable-arp-ping -Pn -e tun0 and it give to me different version of the OS

You don't need the version number for the answer

Just the name of the OS

Go have a look at the actual website

Apache2 Ubuntu

Apache2 is not an OS

One of those is an OS the other is a Web Server

oh

i tried before text on this chat

thx

send your msf > exploit search

I PM'd you @rustic sage

what is the target machine name

Could anyone learn me coding 1 on 1

That's not what this server is for. It is also an incredibly expensive way to learn. You can learn for free.

Hi, for the Precious HTB machine I had created my own webserver in order to input the URL in the Precious.htb webpage since it requests a valid url. However, it continues to ask for a valid url. Can someone help me out with this. I've been inputting http://127.0.0.1 and it doesn't work. Also for the image below, I got a response when I opened the IP address in a separate tab not from the Precious.htb page.

127.0.0.1 is a loopback address, that's why

How do I fix a loopback address?

Apologies, AFK.
It doesn't give one...

Where could I learn for free

http://introtopython.org/ is a good resource to get you going, good if your intending on getting into infosec.

*python is useful if your intending on getting into infosec. The course itself is just a generic python course. But it will introduce you to the basics of programming too

Oke thanks

If anyones got some time to help me out with SQLMap Essentials -> Building attacks, please DM me, i'd be really appreciative ^^

ohoh

uhhh put your tun0 address with the port

tun0 is your actual IP

you can check with ifconfig

How do you know python http server, have your /etc/hosts set up and know to point precious at it but not know what localhost is.

to be fair - when i get really tired i forget the basic stuff too

HAPPENS

like typing print instead of printf for C

(pain)

bro

java

c

c++

python

javascript

all syntax gets messed

python, my beloved

+1

FUCK JAVA

fuck java, me and my homies hate java

We all about simple, efficient and easy to understand design

imagine needing to type

You forget the difference between 127.0.0.1 and 10.10.11.111

system.out.println just for print()

And when reminded ask how to fix "loopback address"

if you want to take input

CALL A NEW SCANNER FUNCTION wtffff

why would people use this shit

actually so real

what are you talking about cack you're speaking in moon runes now

i haven't slept for two days lmao.

i was stuck on shells and payloads for 3 days just because i was using my rdp ip as the lhost -___-

The guy who's probably failing at following a writeup is what I'm talking about.

I got stuck on some machines for a while because i was using "starting point" PWNBOX :' )

anyways - can anyone help me with SQLMap - Attack Tuning

i just wanna get this module done for today so i can crack one with coding too

https://tenor.com/view/tumbleweed-lonely-gif-15382550

Does regular hackthebox have any kind of students discount?

can anyone help me set up my vsFTPd.conf file to be anonymous

dont understand how to set it ip

up

Just uncomment the anonymous access line

https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-anonymous-downloads-on-ubuntu-16-04

Does anyone anything about remote acces dm me please

Elaborate please

https://dontasktoask.com/

^

This channel is also for the modules found on academy; if you have an unrelated question #1024429874246590575 is the place to ask/search if your question has already been asked and answered

Bruh. Im on Attacking Common Services > Attacking ftp
The ftp port refuses to open

Anyone else have this issue?

Not open from pwnbox either

how are you posting pics?

Ive tried swapping vpn servers too 😭

verify your account

are u sure its not on 21?

yep

positive

sometimes there is port forwardiung

no. theres no port forwarding. I know its supposed to be there cuz when i started the machine the first time it was there. Then i crashed the machine trying bruteforce something. Then when i restarted it ftp wont open

L

btw how do you verify?

i dont see a channe;l

@pastel gale #welcome

yes yes

got it

thanks

@rustic sage probably the only tutorial you will need on Remote Access Tools: https://www.youtube.com/watch?v=K7Hn1rPQouU

I have a remote acces tool

But problem is when I send it to someone it doenst work buttt it did work on my dads laptop

If you dont know how to use it you shouldnt have it lol

Idk why it dindt work on him

I know

How to use it

Little

does academy not have any account identifier

clearly you dont

Actually

No

I don’t

you have to verify your htb account. not academy

But I want to learn

nobody is gonna teach you that here

Why

go back to the shady server full of skids from where you came from

Cuz we dont do illegal things here

So u hack legal

Brother, you don't hack at all

I know

I’m learning

Yes. We do lol

How

Thats litteraly the entire point of this server

Okay

Learn

Me

🤣

Pleasee

is this really what we are doing

right now

i come back from changing my tire and i find this

hm

i am disappointed

tire

https://academy.hackthebox.com/course/preview/introduction-to-academy

car tire was flat

You went outside?

i touched grass yes

ewww

why?

touching grass is so overrated

for the sensation

https://tenor.com/view/tim-gunn-eww-gross-yuck-meme-disgusting-sticks-tongue-out-gif-25378754

I prefer the sensation of installing a RAT onto my Dad's laptop

and get scarred by the things he searches?

https://thumbs.gfycat.com/CluelessFastAtlasmoth-size_restricted.gif literally me

POV : How to humble my child?

i am really shelling out 2k$ for oscp !! i am so fucking scared regarding the ifs

Do u guys also learn here how to program a cheat for a game

no that is beneath us

Ow

And where can I find that

not here

Where

the opposite of here

And that is?

Where

somewhere else

This discussion is for academy module stuff

And who are u

If academy adds a game hacking module then sure itll be relevant

otherwise too bad

Okay

getting this when trying to get the version of FTP my target is running

Use (y:,

but it says my answer is wrong

.

that is the right answer, you just gotta little too much there 😉

omg

lmfao

is the correct answer

hahahaha

and then delete the answers in the channel pls 😄

220 is a response code

lol rfr

alright well that was enough learning for today this footprinting module long as hell lol

but learned a lot

its a decent module

definitely one of the fun early ones

Great module, but long

eh not that much

Id put it at high medium in length

AD module is a mammoth though

i started the intro to AD module, got halfway, then said 'na maybe later...'

its just so dense

i am so bored to attempt passtheticket

anything elkated to rdp is boring

related

PtT isnt related to rdp, rdp is just one such means to potentially abuse a PtT scenario

i meant any excercise where i have to use an rdp is boring

btw the rdp keeps dropping connection anyone else facing the same issue

?

PtH and PtT are really fun

especially if you understand whats happening under the hood

These servers are acting funny

the targets are dropping connection for me

yea. theyre doin some weird stuff for me as well

mine are lacking jquery and as a result all the javascript functions don't work 😄

it's great

xd

I have to read the source and manually recreate the requests

Im doing the 'Attacking ftp' section of Attacking common services and theres no FTP running lmao

In ptt the rdp connection resolution is so small i tried to increase it but apparently i cant change it from a remote session is there any workaround

im stuck in the assessment for XSS module
the hint says: i can see you but you cant see me.

characters like <>" gets converted to < >
can someone give me a rough direction?

weird

with xfreerdp i know you can give the /dynamic-resolution flag

idk how to do it with remmina

ill try

thanks

look where your input is reflected. try to find a place where you don't need lt or gt to inject javascript

I think that's how you do it in remmina

see above...

ok

Thanks man i feel so dumb for not trying that

ugh

okey i think i found the right spot, its not the search input, its the feedback section with the hint that the admin needs to view it... 😄

Okay I have to be extremely dense but I'm failing ot connect to MYSQL database in SQL section
||mysql -u root -h <ip> -p|| this is what i'm doing to try to connect and I'm not understanding why I cannot connect

Specify port?

^

i just realized that

facepalm.jpg ><

Lol mood

-p... Which p

I'm crying inside

-P 😦

-P is password

Iirc

I forget the syntax

When I go on break I'll double check that section

-p is password -P is port

So much great info !

Awh bless

We all have those moments aha

since you guys are good at hacking does anyone know how to get unban for fivem

don't use cheats

finished the XSS, its such a cool module, worth every penny

For the Footprinting Module test boxes, when they say "forbidden to attack the services aggressively using exploits" does that mean no wordlist enumerations or more like no metasploit?

it means you really dont need to use an exploit to answer the questions. so you dont need metasploit. just need to look around by hand and find information and use that information to gain further access into the systems presented to you

kk

Yea

The information is easily available if you know where you're looking :) the lab tells you what services you should be looking for

see you say that and then the box time expires and one then has to avoid questioning their decisions in life 🤣

Everything you need is within the module, so I hope you took notes!

In the Active Directory Skill Assessment I, how do I get to the MS01 computer?

did you do an nmap scan

Lmao yea

It finally decided ti start working

After like 3 hours

ok because im on the same module and i didnt have that issue 😄

but it didnt use ||port 21|| as well

most likely on purpose

Yea ik

It worked initially, but then the machine crashed. So i reset it and there was no ftp

rip

Yea

F

Yeah, so HTB leaves the initial necessary knowledge and sends you to hunt for the rest with ggl?

Not even that. A lot of the times the commands you need or tools are told to you in the module/section

Including potential flags you'd need

It does a good job of telling you the thing and giving an example. In some cases the section covers what it's asking for you to walk through

The labs usually are designed to be done as an INDIVIDUAL module regardless if you're doing a path or not. So very much self contained

I'm wondering if anyone could provide some insight to completing the footprinting hard lab? I've goen through SNMP with the correct community string. I've logged into the IMAP service and retried the one email with private key. I've been able to connect over ssh with that key and I've looked at the history. I think I've found additional credentials but when I try the two I think I've found to log into the mysql service I keep getting access denied. I think it's a typo on my part or I'm completely off base.

You are in the right area

I'd say you're pretty close

Hint: you are thinking about the right tool;

The credentials you need you would have found when enumerating the SNMP service.

For anyone who completed the Footprinting module > host based enumeration> SMTP section.
I got the answer to question 2 but I didn't take notes so I'm redoing it, and I don't really remember how I got the answer. I tried using smtp-user-enum and the Footprinting-wordlist given by HTB but I got 0 results. Which I know can't be true because I can see the correct name in the wordlist. So I'm just curious how anyone else approached this

you are using the right tool... can you dm your command to check?

It's because the scan is too fast I forget how I worked around it

Ah yes! You can slow the scan with flag.

Well remembered!

I forget the flag for it

Ik it can be done within msfconsole, but that is a sanity check for sure

I think this is how I did it in the end.

MrTom had the answer for the flag: -w

ill be honest guys, i did that part manually 🙂

im a masochist i guess

Well boys we did it

my very first

machine by myself

yippee

You tested all of the names in the file they gave, one by one - or with a script?

the former

and you still find time to touch grass. Amazing!

i am quite the enigma i suppose

https://malicious.link/post/2011/2011-05-16-dumping-hashes-on-win2k8-r2-x64-with-metasploit/

||you have to migrate to a PID that support x64|| (answering for future searches)

@stuck hull I have that…or I think I do. It’s the one that errored out in the script? If it is, so I need (). I’ve tried a few different ways and can’t get it to work.

DM me.

Anyone else on the Active Directory Bloodhound module? I think the module is broken, when importing the files it says "File created from incompatible Collector" Any workarounds?

i am doing file upload labs. when i put my php code in to the website why does it get commented out... for example: tyhis is what happens when i view page source. <!--?php echo shell_exec('ls /'); ? -->

Hi all I hope you are well

Im stuck a bit on the footprinting Module

I was wondering if someone would be able to point me in the right direction

https://dontasktoask.com/

Have this on lock huh

Lmao. It's in my bio

Easier than telling them to just ask their question myself

Maybe in the future they'll actually just ask the question lol

Yeah I need to edit my bio for here

@dim hemlock I've just completed it. Feel free to DM if you still need a hand.

Look at mine lol

Nice

Hi thank you but I improved a step

I will continue until I get stuck again

hghaha

Hi guys, I have ssh-d to the server on the footprinting easy module lab
but I am unable to find flag.txt with ceil user
do I need to get root user?

opokay I got ittt

Hey all, can anyone help me with Attacking Common Applications Skills Assessment I? I've got the answer but I still have some questions.

What's the question

http://dontasktoask.com

For Password Attacks - Password Mutations can someone just tell me the first digit of the password.

The first digit is [0-9a-zA-Z]

:^)

Bingo your right i found it

I had to do the regex, just a bit of trolling

Went back to my office for it to be done. I want to build a cracking server for this reason

how did you solve this?

What’s the max threads you all run on hydra?

depends on the service and the target server

and whether you care about being detected or not

What’s a good threshold for being silent and not caring for FTP

I am working on attacking active directory module, but when I RDP into machine it disconnects me after couple of minutes
I cannot continue my learning, how to fix that ?
thanks

I’ve had this happen when I’m on VPN and I open the pwnbox together

I only connect my kali to VPN

Did you open the pwnbox though? I only run mine off VPN but I guess I bumped it and that caused it

I will try open pwnbox without connecting to vpn

Well, if you want to be silent dont bruteforce lol. Even if you go extremely slow youll get caught eventually. If your evading detection the slower the better. As for not caring when attacking FTP: It depends on the strength of the server, Most ive ever pulled off was 64 threads

same issue, same question in pivoting section, how did you solve, if you don't mind sharing?

not sure what you mean. Saying I need to run it as another user or login to a different account?

Anyone free to assist with the footprinting IMAP/POP3 module?

http://dontasktoask.com

https://tenor.com/view/wow-youre-the-coolest-kid-in-the-world-craig-tucker-thomas-south-park-s11e8-gif-21153225

It's best to just ask the question, if someone has the answer they'll assist and help nudge you

hello

like my dog

he be doin hole pack

krlgkrg,fmlmblmbl;fg ,kldbdklfldsrdr;d;lfsnbsl lsblsdfnbdfkbkdnfbndsflkbndklnbithbekngknbls b d,f dkfn lksdnfksdvb

dont copy link hehe

it tells p

sike

You good?

you

hey you

let me dm you

No

fine

join hacking dark

its private

i am real hacker

i learned how to hack by this server

Cool story bro

then then theeee

dang

just join it

nah

your ip

is

your mom sonic boy

poopy oppsi

nah thats mine

wanna come to my house

play date

Please stop spamming in this channel. If you want to mess around go do it in #general

what

https://tenor.com/view/abbott-elementary-does-it-look-like-i-care-unbothered-dont-care-not-impressed-gif-25415522

i you using mom gif meme

what's your real name

i can tell you your id if you tell me

HOnestly, you could prolly figure that out if you were a half decent hacker

ids are easy

1057858724670210098 is yours

I have a very public linkedIn profile lol

236600482750005248 is Man'

how about ip

Indeed

my private one

277851449147392000 is mine

192.168.0.2

wrong let me look

wrong

L

prove it

Wow. Amazing. Congrats. Youre just like every other skid in the world

i am joking

#staff

#STAFF

Hi guys

anyone finished the Medium footprinting module?

Im stuck trying to RDP with a privilged user which should be the last part

I think I got the credentials

You can DM me if you want; happy to help.

awesomeee

https://youtu.be/8UZXSScvshU

click

gen z belikehttps://youtu.be/BGiSjpKujNg

click link

CROSS-SITE SCRIPTING (XSS)
the Phishing part, I didn't understand why adding a parameter in the link of the website (for example: URL=image.jpg) would render it on the page

Can someone explain?

what do you mean? are you talking about utilizing a basic XSS payload for discovery?

why when you put ?url=image.png it's adding image to the website?

I didn't see explanation for that

is it because of this line? <input type="text" placeholder="Image URL" name="url">

That's because that query parameter (url) is included in the page's source (and therefore being rendered). If it's happening server-side, you won't see its exact PHP code (or whichever language it uses).

so what do you mean.. that there is a php code that accept this url param and echo a <img> tag because of this param?

Yup, basically.

Or the img tag is always there, but it's src attribute is being set to the url query parameter.

yep

Weird.. I don't see why anyone do that as a web developer

and the question is how would you know as a hacker that it's available, that's what I'm asking

You'd be surprised 🙂

view source; enumeration tools; trial and error

i think its more because that form of image viewers are found in online forums and other similar web applications

but is there a way to see this vulnerability? or you have to guess with just typing url=...?

You'd usually find a URL with existing query parameters and fuzz that or a combination of parameters/values to discover which ones are available. It takes time and patience.

^

hacking isn't like what most movies make it out to be

Mr.Robot does a decent job of showing some things can take several days to actually pull off, but that's also a mix of external AND internal penetration of assets

@ripe terrace Thanks for the reply, I'll see you in the next question

btw, I saw here some people asking for 1vs1?
is that like a game that someone is trying to hack and someone is trying to defend?

if you're talking about the guy saying 1 on 1 he's just asking someone to help him for free. The 1vs1 is a thing on the hackthebox main site but that's more in #battlegrounds

no, not this guy

I'm talking about battlefrounds

is it what I think it is?

I can join to this anytime with a friend.. and basically someone trying to attack and the other one trying to defend?

basically a mix of both actually you are trying to attack while the other person is trying to defend

yes, that's what I said

Do you mean.. like both attacking and defending?

Yeah, you each have servers to patch and defend. It's a points-based system.

cool, I'll try it

hey @proud pine, good to see you again

I'm on the Phising question now, in the CROSS-SITE SCRIPTING (XSS)
It's talking about to do what I learned from this page.. and I tried to go to /phishing/send.php

Any hint if I'm doing something wrong?

also /phishing/index.php isn't available

You use send.php once you have placed the malicious code.

Then it simulates a person checking the page

I can't think of a way to add something to the page because I have a blank page

I assume I'm in the wrong page

At /phishing ?

yes

no, phishing is saying Not found

Maybe it's a restart machine issue?

If you refresh the module page, does it still show the VM IP?

to spawn again

I've had weird situations where machines are dying after a few minutes lately.

Yeah.. but I spawned it again bunch of times, let me try again

Yes, /phising/ or /phising/index.php

isn't working

I guess I'm doing something wrong

I had to redo part of my notes from Getting started since I'm migrating my notes over to obsidian; got bored, decided to test my working knowledge in the Starting Point Labs on the regular HTB site... and wow I am zooming through this; some of the ports and names I already knew having gone through a course for it and receiving a CompTIA network+ cert but holyyy

i'm riding downhill with the wind at my back through starting point lol

You've being doing lots of modules. The starting point boxes are super simple. You should fly through them.

i had a bit of a time with redeemer but it's because it's a tool that isn't gone over in the main modules but it is probably in a different fundamental module that I just didn't bother to check, but uncle google had my back :D I'm not paying for VIP but I passed all the free modules ez

and taking a look at the next set that it's recommending modules for; I'm not even going to attempt yet - but hey! At least I could do it without really needing to reference my notes too much either :) the annoying part at the start was waiting for the machine to spawn so I can answer the trivial questions

Nice. There's not a lot you can't get past with a bit of Google. I'd just keep doing them until you hit a wall.

That is fair since they're rated "very easy" But I'd rather tackle them with pre-existing knowledge for the most part

I personally find I absorb more just doing boxes than academy modules but some of them are really good to take lots of notes from.

yeah I learned about a linux db service called redis... which is neat... and the commands are fairly straightforward which is also nice lol

Did you end up liking obsidian? I was using cherrytree, but moved to vscodium instead.

(zoomed out because spoilers) but I'm liking the canvas feature a lot tbh of obsidian; and the fact I can link/use documents from the working vault to sort of keep things together without needing for additional copy/pasting

In the module on "windows command line " there is this question "What command can display the contents of a file and redirect the contents of the file into another file or to the console? "

what is expected out here? which file name should I enter which will make it happy

What command
That's the question

This command does what is asked in the question

is it the one given in the module?

that's basically how to answer your question

refrain from putting the hints here; as it can still be considered spoiling

my apologies

got the answer finally.

it was just the command name ..

^spoilers

sometimes it really is that easy :)

the fundamentals are generally going to walk you through things and mostly hold your hand throughout, the easy modules presume you have some working knowledge, medium builds off of the easy knowledge, and hard is basically you have advanced knowledge and are looking to dive deeper if that makes any sense

yes, true

How are you drawing arrows? I was hoping to flowchart more, using links.

with the canvas page if you mouse over the center edge of any note box you create an arrow

you can either join it to an existing box, or to a blankspace and create/import a new note

you can also color/label the arrows

Ooh. I played with it briefly and it seemed to only want to link things that had backlinks.

you can either add note from vault or add card

this is why you'd want color coding if you have to point things back to each other i.e. enumerate a step; get a result that lets you go back to another step

Hi, I'm currently in Pivoting Module. I have a question in the second section "Remote/Reverse Port Forwarding with SSH". Not about the section questions, it's about how to implement the reverse shell in pivoting. Anyone that could help?

to whom or how can i communicate to solve this issue:
Identification error: please contact an online Moderator or Administrator for help

Anyone else having issues with File Inclusion? I do what the lesson tells me too, even look up other people doing it on youtube, and they don't work. php://filter/read=convert.base64-encode/resource=config.php shows a blank box. fuzzed it to find en, es, index, and configure but none of them show anything more than a blank box. curl also shows blank

had same problem with earlier lessons in this but found the right answers elsewhere.

if you are having issue with getting a shell try a normal shell instead of a meterpreter because that could be too big to go through 2 route (include your vpn)

if you can still login and see there is a chat bubble try that or ping a mod with this issue

which section are you on? if you are on the PHP Filters section hint the file isn't named config.php

Not configure, en, es either. Probably flag. Sigh, I’ll have to wait until tomorrow for the pwn box to resets

Thanks

you may want to remove that list because one of them is right 🤣

also you don't need the pwnbox for this

?

oh wait i forgot you will need tool like ffuf for this but if you have kali you can just do it on there

I’ve got Ubuntu, I can install gif

Fuff

here try this https://github.com/ffuf/ffuf#installation

Thanks

Me dumb

morning guys! Is anyone available to assist me with the last step of the AD SKills assessment? I am losing my mind hahahaha

preferable not with the "chain" route 😉

sure which assessment are you on?

the Active Directory Skills assessment I

the very last step

is it ok if I DM you @vital adder , to prevent any spoilers 😄

sure

At module Password Attacks>protected files. I have try to run ssh2john with rockyou and with a mut password list from the resources but i can not crack. Do anyone have a hint?

Mmm I succesfully passed every file as the section explains. However, it never says how to initialize the .exe file you have uploaded to the Windows Machine. I used some PS commands like "Start-Process". Also tried with "Invoke-Item". I mean, I passed that section easily, but I just wanted to go further trying to understand everything that was explained there 😦

you should always try with Passwords given in Resources, Mutated Passwords for that list and, in last instance, with rockyou dictionary. As far as I remember I did not need more than those 3

I've try all 3 and it will not cracked.

Hello team, Im stucked in the Footprinting DNS last question, I tried to bruteforce with dnsenum with all Seclist/Discovery/DNS/files and dont find any *.*.*.203 IP. Am I doing something wrong?

Which subdomain are you trying?

Your command should work fine

hint: try ||fierce||

as far as I remember you should first try to do a transfer zone "axfr" to every domain you get from previous scans. Some of them will fail, some of them will not. With those that don't fail, you could try the DNSenum command provided in the section. || A good hint is that in dns enum you can also try subdomains inside subdomains, so, in the example provided in the section, instead of 'inlanefreight.htb' you could also try 'example.inlanefreight.htb'. Which subdomains should you use? Well, read the first thing I told you to do. Which dictionary should you use? Be fierce ||

I found it

Got it thanks guys

yep, I suffered with that one too

Yeah the last one got me too

Finally completed Broken Authentication - Skill Assessment. If somone need hints/support you can DM.

For module Active Directory Enumeration and Attacks / LLMNR/NBT-NS Poisoning - from Windows, I can't seem to connect using xfreerdp to the Windows host. I get a black screen on the remote window and get the below error on my VM terminal:

I struggled with xfreerdp on another module. Try Reminna.

I think I remember encountering the same thing. Just press enter a few times on the black screen - should solve it.

Thanks. It worked👍

Anyone having connectivity issues into the AD skills 2 lab?

For the Footprinting lab > host enumeration> IMAP/POP3. I got the answers to questions 1-4 and 6 but I can't find the admin email. The obvious one didn't work or I'm entering it in wrong? and I didn't see one in the message containing the flag for question 6 either.

I think it is the obvious one, DM what you used.

I managed to figure it out, I was using the wrong ID in my fetch command. What I though was the obvious one was the cto one that is displayed at the top of our openssl results 😅

Thank you though

No problem. Well done!

Im on password attacks network services and Im no getting results for smb

have tried both hydra and msf

any clues?

Msf should work

I'll try again

Show options and dm me the output

ok

Hey everyone, question regarding Attacking Common Services - Attacking SMB section. I try getting password for user jason. Hint says to use the password list provided in the resources, but running it checking all passes for jason using CME returns no matches. Am I missing something, or misunderstand question/hint?

Crackmapexec by default will attempt domain authentication if it can identify the domain. Make sure you're using the --local-auth flag

Hi , I have a problem with the question9 on cmdline module (skills assessment)

https://dontasktoask.com/

I can PM anyone ?

Didn't know that! Thank you!

Np

I'm going to save that page 😄

Hey guys, I am doing the Cracking passwords with hashcat module and I'm stuck at the last question of the assessment witht the NTDS.dit file with all the hashes inside it, I tried to crack using MD4 and NTLM but I think hashcat gives me random passwords because it cracks all the passwords and I see people cracking a average of 80% of the password. So I really dont know what is the hash format, can someone help me ?

if you leave the hash format blank it will try to auto detect it

If i leave it blank I get this error

Failed to parse hashes using the 'pwdump' format.

Hello, I am currently working on the Skills Assessment on the CrackMapExec module and I have been stuck for a few days on the 3rd question. Is there someone that I could talk to about where to go next ?
Thx !

What do you mean by 'it gives me random passwords'?

nevermind, I figured it out by finding that the hashcat.potfile displays only once the password even with the --username flag, I used the --show directly to the command and it shows me the repeated passwords

on introduction to windows commandline question , tasklist give me some strange result :/

Ah yes. That's so you never have to crack the same hash more than once

Unless you actually ask a question I'm just going to keep ignoring you

Sorry I will just show if my command is ok

You're unlikely to get an answer from anyone unless you actually ask a question

Go for it

I will not spoil 🙂

I pm you ?

tasklist /v show me only unknown status for services

Get-Services is ok , I can see if service is running ok stopped etc

Running  wscsvc             Security Center
Running  WSearch            Windows Search
Running  wuauserv           Windows Update```

Maybe I misunderstand the question

Hi bros excuse me someone could help me with this error un de openvpn to connect

What is the error?

Click on 'switch' and select one of the free labs. Then download a new connection file and try again

need help with pivoting, tunnel - ah you understand :). setup proxychains, able to RDP to the windows box. see a different network that seems to map back to the original box. used mimikatz to get the PW of a different user, but don't see how to use it. tried ssh and rdp to the other 2 ips found from the windows box. Can someone help, pls?

ok bro thats

i am trying

if you found the cred for a user on the second machine hint that's the cred for the third machine and also if you are having issue with the powershell ping sweep use the cmd one

i'll try cmd sweep

thanks @vital adder

@vital adder can i dm you?

sure

Question about the Footprinting Hard box. ||Given that it states: Subsequently, this server has the function of a backup server for the internal accounts in the domain.
does that mean that previous users from the easy and medium box are relevant for this box? ||

no.

The description however does give an idea of how to start enumeration, took me about 20 minutes because I didn't read that part

In the module Public exploit I have a problem with the filepath i guess, someone can help me?

Bro you are in the wrong directory
Try download in /dev/shm or /tmp

In Getting Started - Public Exploits? What's the exact issue?

I am using WordPress Simple Backup File Read Vulnerability y set the rhost good but I really can’t find the pathfile. I don’t know if I have a problem with the sploit or the path

Anyone which I can discuss about Responder in Attacking Active Directory module? It is not an issue, just a misunderstanding I think. DM me

The question says "Once you do, try to get the content of the '/flag.txt' file"

@rustic sage yes

||When you say "enumeration" does that mean just nmaping and recon scripts to you or something else?||

Enumeration itself just means gathering Intel

DM you

Investigating

^

@rustic sage yes

Nmap is an enumeration tool, so is gobuster, netcat, etc. Anything that can be used to establish/verify the presence of something is an enumeration tool

Enumeration is King

@tulip pollen You DMd me but I wasn't expecting it so it was just by luck I saw it. Copy your msfconsole options here, maybe someone can help

I have it in my bio to ask in channel before DMing or ill autodelete it and people still randomly dm me

I swear it's a rule as well.

It is

if you cant enumerate server rules or a discord profile to deduce the best way to contact someone for help, how can you ever be able to enumerate a box for the best way to exploit it?

Enumeration is King

Hey everyone. New here and I'm running into an issue with the unified box. Been stuck for about 2 hours now. Anyone have time to help, give advice?

You might want to post your question with a bit more detail to #boxes - this is for the academy modules

which module? if its not a module and just a box you need to go to the boxes channel, verify your account with the rules in #welcome if you cant see it

Oh! Sorry about that, didn't see the academy tag. I'll give a better writeup in #boxes

Could someone give me a bit of direction on Ambassador?

Same situation as above I think. Post your question to #boxes

As ambassador is a box| #boxes

My bad, this discord is a bit confusing for new peeps

im currently in the assessment for command injection module.

the hint says: It is always easier to inject our command in an input going at the end of the command, rather than in the middle of it, though both are possible.

so i think i need to break the search/find command then || to my injection?

in password attacks - attacking sam I completed the module but was getting access denied when attempting to run reg.exe save hklm\sam C:\sam.save

my question is, is there two ways to accomplish this take and I just didn't explore far enough doing it on the local machine or is doing it remote with a ||secret ||tool, the only way to do it.

Someone can correct me if im wrong, but iirc reg.exe wont operate on the sensitive hives while they are in active use in memory. Hence you have to do a couple different workarounds to dump the hive.

theres more than one way, but reg.exe alone isnt one of em

Confused on this question. "What is the full system path of that specific share?"

ok cool just wanted to make sure when following the module i didn't do anything wrong

I need help

I got this information but it says its not suposed to be a C:// but this is the only path i find for the share.

dont understand how its supose to be linux when it is windows destination...

can someone help

this is the SMB section of the foothold module

Can u guys find people

Off anonymous profiles

Are you sure it's a windows machine??

i got the answer

literally right infront of my face only had to delete the c:

lmfao

Yo is there ever any study sessions for people in the acaedmy

by study session do you mean a bunch of peeps quietly clicking on links and occasionally saying..."hmmm...."

I'll be honest, there would be a lot more vulgarity if I were there.

yeah a lot of "what the fuuu...OH!... wait.. no...fucking hell"

Soooo looking for a hint for the Footprinting Hard box. ||Nothing to fancy, but something like which of the services is the jumping off point, 22, 110, 143, 993, 995... or none of these||

None if I recall correctly. Try some other scanning 😉

So the key is that the server is used as a managment server.

and remember Nmap scans TCP by default

Think what else can you scan with nmap

good fucking point dude

thanks

always something simple 🤦‍♂️

anyone see this with pypykatz

╰─ pypykatz -h ─╯
Traceback (most recent call last):
File "/usr/bin/pypykatz", line 33, in <module>
sys.exit(load_entry_point('pypykatz==0.4.9', 'console_scripts', 'pypykatz')())
File "/usr/lib/python3/dist-packages/pypykatz/main.py", line 16, in main
from pypykatz.kerberos.cmdhelper import KerberosCMDHelper
File "/usr/lib/python3/dist-packages/pypykatz/kerberos/cmdhelper.py", line 17, in <module>
from pypykatz.kerberos.kerberos import get_TGS, get_TGT, generate_targets,
File "/usr/lib/python3/dist-packages/pypykatz/kerberos/kerberos.py", line 11, in <module>
from msldap.commons.url import MSLDAPURLDecoder
ModuleNotFoundError: No module named 'msldap.commons.url'

Spoilers

Try sudo apt install --fix-broken

nope

As a backup server, not management

There's an easy way; what can you do as user2

How do you check what user 2 can do

Because that's not what you're meant to do :)

Think about this question and how to answer it.

Currently working through Active Infrastructure Identification. The tool Aquatone errors out on installation, there is a github issue - however the project seems dead. Does anyone know of a replacement tool or a decent fork?

What command are you using to install it?

The command given in the module wont work due to some changes in GO

I'm using: go install github.com/michenriksen/aquatone@latest

oh

that should work

What error are you getting?

the error is: invalid operation: cannot call non-function xurls.Relaxed (variable of type *regexp.Regexp)

You installed the chromium-driver? And set you path to include $HOME/go/bin?

Yes. I've done both of those 😦

thank you

lemme make sure it still works. I did that about 2 weeks ago but ive since ahd to revert to a previous snapshot

That's very kind of you, thank you.

Yea its not working for me now either

so something broke recently

You should report it in #858470491676737536

That's a shame, because the project does not seem active either.

unfortunate

Yeah Aquatone was dead in the water for me too

took a little fiddling to get Eyewitness working too

Eyewitness has its own issues lol

Hi guys, can anybody help me pls with ACTIVE DIRECTORY ENUMERATION & ATTACKS skill assessment part II at the question: "Submit the contents of the flag.txt file on the Administrator Desktop on the SQL01 host."?, I found the credentials net***:D@ta*** but I can't connect to SQL01 host via mssqlclient.py, always I recive the same Error message: "error(sql01\sqlexpress): line 1: login failed. the login is from an untrusted domain and cannot be used with integrated authentication"; I have tried all possible methods (ssh htb_student@<spawned ip> -X, xfreerdp <spawned ip>, adding SQL01 IP to /etc/resolv.conf of the VM gived) but nothing works. Regards

It looks like eyewitness does a similar thing?

thats an mssqlclient issue

use something like sqsh and youll be fine

yeah its taught in the Attacking Common Applications modules alongside Aquatone

Great thank you. It also seems like there are some forks of Aquatone, so I may give them a go.

I also wonder if installing from source would fix the issue...

could be, but they specifically refuse to give instructions for that lol

oh yeah. arrghh

Hi

Sounds like someone needs to do a new rust replacement version of the tool 😉

hru guys?

@west rampart hey i have a question

can somebody give me a hint for the footprinting smtp last question. I tried to bruteforce with a lot of username wordlists, with 3 tools but still stucked

http://nohello.net/en

Did you try with the user list provided?

https://dontasktoask.com/

Silly question, but did you try with the provided list?

in the resources there is a wordlist

Lol 3 people jumped on that xD

wow hahaha

I didnt saw this wordlist hahahah

It can help

Thats a common problem if you cant tell lol

new link to add to the reply list, rad

Hey I have a question...
{20 minutes later}
So my question is...

what does the fox say?

They still haven't asked the question

"Why does nobody want to help me"

if you are using the ||-windows-auth|| tag try without that if that still doesn't work shoot me a dm i'll troubleshoot also the target SQL01 isn't accessible from the given attack box you have to do some pivot to access this machine

When you ping, just ask

Hi raccoon person

isn't that a red panda?

Listen I'm looking at it on mobile with bad eyesight

Upon further review; red panda indeed. Remediation steps: get glasses

WTF It worked, I don't understand, because before I tried what you tell me now and it not worked, It's very strange. Thanks my friend

I was able to get the password using Mimikatz locally on the box for Attacking LSASS but still cant figure out how to get pypykatz to work.

thanks for the hint

enumerate more

@graceful rampart Could I DM you about Aquatone?

sure

There is no need to use a VPN to connect for any of the CA Challenges, they are all accessible via the public IP's given when started. Not all challenges have an HTTP server however, some you need to connect via nc.

I'm pretty much a newby to this, currently im having trouble with this question:
Module: Linux fundementals.
chapter: system information
What is the path to htb-student's home directory?
I tried cd /home/username
$home
this did not work, anyone got some ideas, also please let me know in case this is the wrong channel.

its a module so its the right channel

ah, thats good I did read the rules channel 3 times so I guess that paid off😂

@trim bramble the cd /home/username

is a command

to change the directory

and you need to send just the path of the directory

Anyone free to answer a question for the AD Enumeration & Attacks - Skills Assessment Part II? I've got the hash for CTXXX but I can't find a wordlist to crack it. I've tried rockyou and all seclist lists. Any help?

rockyou should definitely be able to

I would definitely read over what the question is asking you to do :)

Nope...

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 5600 (NetNTLMv2)
Hash.Target......: CT059::INLANEFREIGHT:896549794fb4b8b5:79e7552af3b4b...000000
Time.Started.....: Fri Dec 30 21:55:30 2022 (23 secs)
Time.Estimated...: Fri Dec 30 21:55:53 2022 (0 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/usr/share/wordlists/rockyou.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 639.7 kH/s (0.62ms) @ Accel:256 Loops:1 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 14344385/14344385 (100.00%)

I just verified its in there

so

¯_(ツ)_/¯

Maybe my hash is wrong, I'll re-do it and copy it again.

yeah I grepped the password to confirm it was indeed in that list

It was my hash, got the pass.

It happens

this happens bozo

did pwd in the home folder (~) dir, so it would be: /home/htb-acxxxxxxx
I typed that in there, but still it says the answer is incorrect.
This should be the path though or am I wrong?😅

Such good input you have, so clever you are: