Fair enough, so I got confused about what you were talking about, ignore all that I've just said, and think about what you can do and where to get access to it, and what access you would need for it

Remove the credentials in your message, that is considered a spoiler

It's given in the hint

the hint is just a hint but isn't needed afaik to get that info

But is still a spoiler

As it's not in plaintext directly on the page without interaction

So if the hint is a hint and not needed to find the flag then what's the purpose of it being there? DM me so we're not taking up space on here though.

No problem ,I appreciate y'all coming to assist though either way.

The hint helps as in it's credentials that can be found through enumeration techniques

But it's not required to hit the hint button

cross compile

youre not who the bot tagged

if you have access, you can always upload

it may be a pita though

million other ways to file transfer

depends on the situation

the File Transfer module goes over a bunch of common ways

id suggest doing that

the getting started module shouldnt require any uploading of exploits

if youre trying something like pwnkit, that was discovered after the creation of the box and is an unintended path

you dont have to compile code for that one

searchsploit will tell you unintended paths too

idr the exact path cause its been a few months, I distinctly remember not needing any code compilation though

and even if code compilation was required, HTB would definitely provide gcc and the likes for a beginner module

also that one is ssh, you should be able to scp if you really wanted to

yeah definitely an unintended route

the intended path is much simpler

idk what you mean by ssh method lol

ssh is given to you by default lol

ah, you mean searching for ssh keys

yeah, always a good thing to look for, esp with multiple users on a box

well, dont always think you have to aim for root right away

the section objective is to settle for user2

Second question is root

But look at what user2 can (su)do

ah thought you were still working on that part

gotcha

That's my biggest hint iirc that pushed me in the right direction

honestly might be too much of a hint imo lol

I mean it still took me an hour after getting that hint I think

but its also a basic thing to always check so meh

You shouldn't be denied sudo -l as user2 I don't think unless I'm thinking wrong

I'll have to revisit that

yeah youre thinking of a diff one

just checked

Ohhhh I remember now with this one

You're right

okay yeah confirmed the route was the one I was originally think

google sudoers

it depends entirely on how that file is configured

Anyway some exploring may help :)

sudoers is the config file that dictates the results of sudo -l

<@&861185840277487616>

https://tenor.com/view/summoned-i-have-been-summoned-power-gif-15859341

@rustic sage (803120787711066153) has been muted for 2h.

Thanks for the heads up.

ofc

keep it up! Its a great feeling to feel your progress!

Are there issues with windows privesc skills assessment currently? I've restarted the machine multiple times and switched vpn server/redownloaded vpn file and still can't connect to the target machine from my vm

Are you a student?

thats good then! Its such a life saver with the student subscription!

Did you reconnect to the VM after redownloading your key?

You mean did I reconnect to the vpn? Yes

Yes and ok. You'd be surprised how often that's the answer lol

lol 🤣

Are you able to access the machine from pwnbox?

nope, seems like an issue on the backend...

Are you able to ping it?

personally im sus of anyone these days offerring to be a tutor

Also after resetting the VPN key, reset the box

either someone likes to help so they just help when they can, or theyre trying to grift something from ya. Imo at least

The HTB Academy is your tutor 😉

Can anybody gift me nitro i really really want it

Hey

https://academy.hackthebox.com/achievement/516097/109

finally

hi

can you buy me nitro please

wtf

i dont even have it

oh sorry

Why not use some of your millions?

𝐈'𝐦 𝐬𝐦𝐨𝐤𝐢𝐧' 𝐥𝐨𝐮𝐝 𝐩𝐚𝐜𝐤 𝐰𝐡𝐢𝐥𝐞 𝐈 𝐬𝐩𝐞𝐧𝐝 𝐦𝐲 𝐦𝐢𝐥𝐥𝐢𝐨𝐧𝐬🚬

I dont actully have that much its just something people in the hood say

Can u gift me it pls pls pls

im begging

i really really really want it

no

already did that too and can't ping it from pwnbox

dont be the third person today Ive had to ping mods over

okay so, for AD skills assessment, trying to use metasploit autoroute now and not having any luck

I used chisel and life was a breeze

i was trying that as well, but i think im having a different issue

i dont think i have the right IP of the target

or at least, im not seeing the correct machine from my shell

i know i have creds for a sql admin that i can see in bloodhound, but not seeing the ip of the machine to target

CROSS-SITE SCRIPTING (XSS) - Phishing
I'm still stuck on that
How can I inject HTML to the page, I still didn't find an exploit

Can anyone help me understand this net stat output on a raspberry pi I am running?

Is anyone good with hydra and can help me with the Password Attacks - Password Mutations Challenge?

My box keeps timing out (after 90 mins) before the password is cracked. I've set it to -t 48 but still no luck. I can't see in the documentation how to set a minimum password length without also having to state exactly which characters to include (i.e. /!@# etc.).

I can't use the -R function as the IP is different each time the box times out. Is there a way to get it to resume a previous attempt but with a different IP address?

for the AD skills assessment, I know the next box i need to touch, but didnt see it in my ping sweep... can anyone tell me if its outside the /24? wondering if i need to sweep a full /16 for it

Dm me

Dm me also if you know XSS, haha

helppp

Any nudges? I'm on Password Attacks -> Password Mutations. I'm using the VM. I made the mutations list, cut the first 17k entries like suggested above. The VM STILL says it will take hours to complete. I've tinkered with the threads to get it down to two hours, which potentially will have the VM time out first...

I've done the theory/work part of it and can make/use combined lists. But is there anything to do to speed it up? (ncrack was even slower)

Heh, and the VM just died again.

I mean there's the add time button under the spawn instance

I keep using it and keeps terminating

if you can; cut that smaller list into even more cut up lists if it's really taking forever;

huh i looked up how the example in the getting started/public exploit works and managed to actually do it manually without needing msfconsole... neat

yeah - might need to do that - I might just try from a kali box tomorrow and see if that goes faster.

or if you hate yourself you could do it manually :^) might be faster

also was it 17000 or first 1700

I honestly forgot lol

(ISC)² certified in cybersecurity certification is worth its 50$ ?
Will it make any difference in my resume or will the HR notice it ?

probably better to ask in #careers-and-certs if you do not have access to that channel verify your account in #bot-commands this channel is about the academy modules and asking questions and getting nudges/sanity checks in them ¯_(ツ)_/¯

It's internal.

After gaining access to Windows PC from Kali, I want to transfer some files (for example output of winpeas) back to kali. How to do so?

Can someone help me to fix ffuf: command not found ?

How do I add that to the variables on my machine

good evening so im in the web enumeration of th egetting started module and im havinf an issue with getting the flag. how do i get the Robots.txt file?

by internal, you mean on the same network as the other machines right?

You won't see it externally.

The ad module assumes you're comfortable with pivoting.

right yeah, thats what I mean, from the box with the internal network that can hit ms01 and the dc

learning the hard way on the pivoting, but i assumed that id see the box on the internal, but i also only checked /24

Clearly I'm stupid. File Inclusion "Fuzz the web application for other php scripts, and then read one of the configuration files and submit the database password as the answer" curl ip:port/index.php?language=php://filter/read=convert.base64-encode/resource=configure.php, en.php, es.php, index.php, flag.php, and config.php do nothing.

blank box

if I change the first index in index.php? it's all blank.

Which assessment are you doing, 2?

1, took a break since i couldnt seem to find sql01

Only ms01 and the dc can see sql01

@candid zephyr thanks, that helps, thought i was going insane comparing what i found in bloodhound vs what i saw on the network

ill pick it up tomorrow

@Pwning#6898

Hey! I’m totally desperate with mutated passwords

Have run everything… hydra, medusa, Crackmapexec, ncrack

Have removed thousands of lines based on attempts and nothing!!!!!

Any help pls?!

Isn't that the one where you need to remove like 90k lines?

The mutated list has 92400 aprox

Hi everyone! in the Footprinting - Medium Lab module|| i found alex's credentials and sa knows by connecting in rdp, unfortunately i can't with these credentials access the MSSQL database and i'm in a dead end||...help! Thanks!

Remember, every windows machine has an administrator account. What have you logged in with? Where else could you try those credentials?

OK! Thx for help... now i'm Administrator but i need to found HTB password and i can't access to databases...

If you have logged on as administrator to the box with rdp, you should have access to the SQL Database and it's tables.

OK thx a lot... first time i use Microsoft SQL Server

Hi
im busy with theJavaScript Deobfuscation module, (cracking into HTB)

on the decoding section, where ive sent the server a POST request, its given me an obfuscated text.
ive confirmed its Base64, and decrypted
it with the base64 -d command, which gives me the below flag:
7h15_15_a_s3cr37_m3554g3

but the module wont accept this as the answer, am i doing something wrong?

What does one do if their academy account got so messed up to the point that they cant contact support there?

... you reach out to the support in discord.

What channel

.i thought maybe the community-help channel would be correct, but confirmed on the welcome and rules, that its prefered to used the support chat bot on their site.

if your accademy accounts messed up, you should still be able to get support though the HTB site.

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

Hi everyone. Can anyone direct me to the PROLABS APT HTB GROUP?

nvm, ive re-read the question a few times again, seems once ive got the flag, i need to send another POST to the php file with curl, with the deobfuscated flag, and itll send another flag, which is accepted.

Hey everyone, I have a question regarding the Attacking Common Services, SQL part. I've stolen and cracked the hash for mssqlsvc, but cannot figure out how to enumerate the flagDB. I tried using the credentials for mssqlsvc to login to the db and rpd, but login fails for both. I can log in as htbdbuser, but this user cannot impersonate :/
Any nudge?

You need to remove spoilers from your comment.

?

can anyone help me with the Bloodhound module skill assessment?

sudoooo

#prolabs-aptlabs

I'm doing the Virtual Hosts module, and I think I have a conceptual misunderstanding about IP-Based Virtual hosting.

The question says that different servers can be addressed under different IP addresses, but if you have a separate IP address, would you not also have a server for that? And therefore it wouldn't be a virtual host...

The name based virtual hosting makes sense intuitively but I am struggling with understanding the IP based virtual hosting.

I ran sharphound on windows domain controller and collected data, but how to transfer it to my kali attack box to view it in bloodhound ?

With whatever file transfer method you choose?

Any method

I just want download it from the DC

Well I mean, assume you're doing the modules in order you shiuld have already done the file transfer module

You should have a bunch of file transfer methods in your back pocket

Pick one and transfer the file lol

I can't find that in the list

@floral sandal use uploadserver script
https://github.com/juliourena/plaintext/blob/master/Powershell/PSUpload.ps1

You need to verify

You need to verify your account

How do I call the bot? Can I?

That's what I'm looking for, thanks

Ok thanks. Let me verify now

Thanks for the help

Verified now.

But still cant find PROLABS APTLabs

You are still not verified, check out #rules and #welcome

Ok thanks. Got it now. Will have to do it from HTB website

Happy New Years everyone!

wow wtf sliver creates 16mb payloads

Lol

guys im new to programming which language should i learn first

C

srsly tho what do you want to even do?

well im just trying to learn rn i was thinking i should start with python since people say its the most beginner friendly language

Virtual hosting is basically hosting multiple domains on a single or pool of web servers using either Name-based or IP-based. A web server may have multiple IP addresses and serve multiple names on some or all of those IP addresses.

but what do you intend to do with it? like do you have an end goal for why you want to learn to code?

Ahh thank you, I didn't think that a server would have multiple IP's

just learn ethical hacking and maybe progam for companies or write code for games i dont really have an end plan

just tryna learn the basics

well define your goal first. If you want to learn ethical hacking just start there. you can learn a language later when you need it. don't get hung up on learning to code as your first step, because you might hate it without a point to use it.

ok thank u

You can by all means start off by learning programming. Lots of people in cyber security start off studying computer science. But Luke cack said, it's very very important to have an end goal. Cyber Security is an absolutley massive, and ever growing and changing field. It's is absolutley impossible for one person to learn all of it and thus it's very important to define your end goal before you really start studying

Otherwise it'll feel like you're running in circles and constantly not making any progress

ok thank u this is very helpful

Np

You'll come to a point in your hacking career you need ot learn some language. You'll learn to read languages long before you can write in them. You'll probably finding yourself wanting to script in something like bash or python. Maybe you'll get super into windows exploitation and want to learn c# or c++ or something. Maybe binex will be your thing etc.

What are your favourite attacks in hacking?

My fav is MITM

Yea. Windows exploitation is a lot of fun with C#

bonus points because powershell seems less like nonsense too.

NTLM Relays. They're basically just giving a big "FU" windows

Powershell is also very very useful lol

Hey guys please suggest me a C|EH V11 course which is not too expensive. i know a lot about hacking but not that much

I'll send you my course outline where i have taken the course

So you can suggest

I can't attach file

This looks cool, is it something that the academy covers?

The Active Directory module has a bit of Responder/Inveigh

hey can anyone help me with the What is the admin email address? IMAP/POP23 in foot-printing module? i have no clue how to get that i have completed all other qustions

Hey everyone, I'll repeat my question regarding the Attacking Common Services, SQL part, because I still cannot solve it. I have cracked the hash for mssqlsvc, but cannot figure out how to enumerate the flagDB. I tried using the credentials for mssqlsvc to login to the db and rdp, but login fails for both. I can log in as htbdbuser, but this user cannot impersonate :/
Any nudge?

This is the absolute truth

So I just need help , I learn cause of mony , on the other hand I don't know what I need to learn so I start with learn some network and programming language Java, the I go to tryhackme and do solve the machines

But I feel like script kiddy

And I don't know how to out of that

Also is problem solving skill is important in this field or not

Hope some gave me answer

It is this field.

OK, I was able to connect, but only with sqsh. Now however I get no output. Like I type a query, type GO and it's giving me 3> and 4> and so on :/

EDIT: ok, for some reason GO was not accepted, but go (lowercase) was -.-

When I say problem solving, I talked about things like codeforces, hacker rank, leetcode,..

It's just programming

yes, coding is a useful skill. We were just talking about that above. I love coding, but that's what I started with, you don't NEED it to get into cyber security.

It's been eye opening as to how little that knowledge has helped me as I learn more through the modules.

So when ever I solve in HTB why I need to see write up??, This make me feel like script kiddy

hey there is something i am not gettin right in Password Reuse and Default Passwords

so I log in with the ||previous credentials found for sam||

I create a list for the users i find when i connect to ssh and add ||root and admin with the previous credential and without password for each of them||

next step is ||running hydra against mysql with that list||?

I am confused appreciate some help

If you're trying to use mssqlclient you need to add the --windows-auth flag I believe

Because you don't have the knowledge required yet lol. Everyone starts out reading writeups.

Look at the title of the section

yeah 🙂 I am going through it to see if i am missing any default creds

How did you get those boxes behind the individual notes?

is there any way around to install crackmapexec without troubleshooting 1 day?

its not possible to install this tool on parrot

ok solved. uninstall parrot and use hl-livecd from compass (for me the best) and crackmapexec is working without issue

There is proper installation instructions in crackmapexec module

unfortunately not working. i got 20 python error messages

tried also with pip and pip3

but in kali no problem

but thanks for the help

Did you use instructions from crackmapexec module?

yes tried everything i found

my vm crashed today 😦

did you try poetry?

yes and after starting the poetry shell i got the same python errors

tried to fix it but no step helped

it works fine for me

just installed it

Super awesome module, had a blast going through this one.

Can someone give me a hint on the Footprinting Hard box. ||I've got the ssh key and got into the box but can't find the mysql password for tom anywhere. Based on bash_history it looks like it should be in an email in the Important folder but nothing there. Nothing else in the mailbox folders. Email headers referred to a missing mailbox and domain, but no other users on the box have a mail directory. what am I missing here?||

Have you found the sa credentials?

only tom's creds

i'm assuming in need this dude: ||Admin tech@inlanefreight.htb||

or bob

apologies, I misremembering the box sa is for the medium.

yeah, that was the medium 🙂

I'm sorry my memory is woeful and apparently my note-taking while doing that box, have you tried his credentials on the sql server?

yeah they are a no go

omfg

it worked when i hand typed it

FML!!!!

fucking HHHHOOOOURRRRS!

I've just re-done the box and was going to say. Man you had me confused lol

Hi, this where we ask for help? 😅
I'm running the blue machine for eternalblue but it's buggy as hell, the exploit sometimes work and sometimes don't and meterpreter commands doesn't work

annnnnnd box done

Yea. Welcome to eternalblue lol

has anyone done the sqlmap module? Need a bit of help on Case#10

Case 10 wasn't anything strange, did you try ||user agent||?

yeah, but I've probably got it wrong. Can I dm?

sure

trying with the exe version of proxifier seams to be working

Hi all. I hope you are well... Im currently stuck on a question from: Active Infrastructure identification

Which CMS is used on app.inlanefreight.local?

I got all the other quesions but I cannot figure this out

What commands have you tried?

I was trying with WhatWeb

What was the output?

Can I PM so I dont spoil?

sure

Hi everyone! how you doing? Happy new year!

I am stuck in the assessment of the file upload attacks module.
I cannot find the files I upload.

I believe I am constructing the path and the filename right, dunno whats happenin

Thanks in advance!

Hi, I need a little nudge on 'Attacking Common Services' - Easy skills assessment - I found a username via SMTP brute forcing but thats about it

Guys, I'm a bit confused : what is the address that I'm supposed to give to metasploit so that it gets back to me with a reverse shell when I'm listening with nc

What is my 'public' address

You're not connected to the Vpn

I am, if I use ipconfig on windows I am given an IP address and I am connected. But I'm working with the WSL2 and Kali, and I believe the problem may come from here

no

In Linux do ip a

In metasploit the reverse IP is going to be LHOST option and if you're using nc you wanna specify the LPORT

I know, but my question was : what is the IP address that I should give as LHOST

I believe it is the 10.10.14.116 that I've been given by the VPN right ?

But why doesn't it appear when I do a ifconfig in kali ?

Again are you connected to the VPN in Kali?

Also in Linux you've done the ip a command yeah?

I believe I'm not, I thought that a connexion through openvpn on windows was enough so that WSL2 would also be connected

No, the boxes are meant to be accessed through the VPN as they are "offline" boxes

With the only access being the VPN tunnel

Because the box you're using does not register you're routing through the VPN if you're doing it on your host machine

I see, so that means I need to connect to the VPN not on windows but within kali itself

Yes

The only reason to do it through windows would be if you were attempting to run these exploits as a windows user i.e. using the command prompt... Which that is not fun

Terminal is nicer

Or if you're doing some advanced red teaming or evasion and need to blend in to the environment

Also there are some things that just generally interact with windows better than linux

I understand, thank you very much for all of your responses

Anyone here finished shells and payloads module?

Should have went to Jared

LOL You are everywhere my friend. I love you

https://tenor.com/view/doug-maclean-doug-maclean-nhl-hockey-gif-26096168

A portrait of @west canopy

Im pretty sure part of his actual job is academy community liaison or something like that lol

anyone here done file upload whitelist filters?

It's called an educated guess

oh wait miss remember the cred was nip*

sure what's the issue

I'm on the Information Gathering - Web Edition module (144) Active Infrastructure Identification Section (1255). What is this vHosts tool they are referring to? I see a lot of different referernces online for this. Its mentioned passive section that "Bing virtual hosts search." Is that the correct tool? seems odd for an domain that is local

yeah unfortunately it just hinges on guessing the password. Not a fan either myself, but somehow thats just how it is

or maybe this? https://pkg.go.dev/github.com/graniet/operative-framework/modules/bing_vhost

nope that isn't the correct tool and the local thing is because those website are host locally on academy target machine

it's abstracting the logic that this is a practice box and 'nibbles' is the name of the box alongside it being referenced in the setup config.

they just mean adding the vhost to your /etc/hosts configuration page

ahh, never done that, i'll look it up

ye

it's a useful thing due to how often it's used

think of a vhost as just being another domain an IP address can have. A webserver checks the vhost when receiving queries and may serve up entirely different webpages and applications based on the vhost. This is how shared hosting servers work.

https://docs.rackspace.com/support/how-to/vhosts-basics/

basically add (target ip address) (domain name or subdomain name) into your hosts file (without the brackets of course)

fixed (i'm dumb)

ahh

kk

I thought it was (target IP) (domain/subdomain)

adding a provided vhost to /etc/hosts is a common thing for ctf boxes, because often ip addresses are internal so a public dns server couldnt resolve it, and spinning up a whole extra dns resolver box for a ctf lab environment is a ton of extra unnecessary work

oh sh!t it is let me fix that

cool

thanks all

imagine blocking out localhost :^)

well... its literally a chat group of hackers so.... never can be too careful

bruh

127.0.0.1 is localhost/loopback 127.0.1.1 is also a localhost

one of them is my host name for my computer 🤷

127.0.1.1

anyway

either way neither are public IPs

aware 🙂

can I get any nudge on footprinting labs - easy? Got the Username, but can't get the password out of it ||trying to crack it but tried all the password lists in the folder with no luck, and bruteforcing would take days||

I can do it with the hint, just trying to figure out where that info comes from

yeah that's something i need to spend time on when I revisit it

I would love this information as well

have you tried using the provided list?

not sure if the footprinting provided list is just usernames or not

just usernames yes

But I already have the username, and "know" the password. But not sure on the intended method to get it

oooor if I just fucked up my commands somehow 😅

A question can be made a brute force attack on a hack machine the box?

hi everyone!

Just got it but thanks 🙂

@atomic ruin how did you find the username??

PM to avoid posting spoilers here

ok

If I remember correctly, the password is included in one of the SecList lists, but most people from what I've seen just use the hint.

Hum, I might have fucked up the comand then. tried literally ALL lists, no hits

There was an argument being made that the 'hint' should just be moved up into the the question prompt

I never confirmed that for myself, it was just mentioned in the discussion.

Anyone give me help on PW attacks medium lab? I've cracked to docx..... Im not sure where to go from here. I've smb'd into IPC$ but can't figure out what to do.

you're not giving much info for what you're asking

opss sorry

and it's also on rockyou, was just checking that with @uncut meadow

so I messed up somewhere

i'd say this is spoiler but it's also a headscratcher lol

A question can be made a brute force attack on a hack machine the box?ç

because I'm not picking it up

good point, i've deleted just in case, I thought it might've been safe because they actually give you the creds in the hint.

because the hint needs to be interacted with; i'd still say spoiler -

What box; if it's not in the modules then you should ask about the particular box in #boxes , what are you trying to brute force; we cannot help you unless you give us any info on what you're trying to do

Hiiii

Happy new yearrr

Stuck on my first question for the new year haha

Perform subdomain enumeration against the target githubapp.com. Which subdomain has the word 'triage' in the name?

http://dontasktoask.com http://nohello.net/en

Do you know what im doing wong

Im trying to use NSLOOKUP

There are lots of ways to do this, I found it with VirusTotal

Hmm havent tried it

Let me seee

How does someone decrypt a docx file if they have the password?

Running out of ideas of where I messed up, if someone can get the pasword somehow please let me know

Hydra can apparently do it, but that hasn't been covered in the modules to that point so I doubt that's the intended way of getting it.

which module and section are you on?

open it 🤣

Footprinting Lab - easy

Yeah i try opening it and it just opens the file encrypted with no password prompt

with microsoft word?

shoot me a dm wait you can just check the hint for this

They are trying to figure out how to do it without the hint

Yeah that was the point. We know how to get the username, just trying to figure out the intended way for the password

i think with stuff like this that's unintended because if the intended way is brute force the section didn't give you any thing (not even a hint for the wordlist)

so without the hint you have to blindly brute force with random wordlist until you get a hit

You have word on your vm?

all i have is subl vim and gedit.

Tried downloading openoffice but i cant seem to get it to work.

how tf can you open a docx file with vim or gedit 🤣

cuz i'm an idiot

but try with firefox it worked on my main host

using firefox to download word or opening the doc?

yep

oh wait i don't think i did try with docx

it work fine with pdf

Yes. Hydra works, it finds the password in the aforementioned list in just under 2 mins.

so i just give this a check and you can brute force the cred for this

lol same

@atomic ruin shoot me a dm i'll recommend the wordlist (for the both username and password)

also because this is htb you can still kinda make an educated guess (based on htb pass stuff) for the wordlist

I already got the wordlist, but the software I'm using is not picking it up

Shall I dm you the hyra command and output?

still didn't try hydra, was trying with hashcat first, but yes please

For the life of me i can't get libreoffice to work.

WHat OS?

kali

I think i messed something up. I tried getting openoffice to install. that iddn't work. installed libre.. it installed but would never load. Tried uninstalling openoffice and trtying to install libre one more time.

Could someone help with the last very part of SQLMap ? Flag 11. Just think i might have gotten a bit mixed up with syntax or calling a wrong script.

||sqlmap -u http://167.172.55.94:32207/case11.php?id=1 --tamper=space2comment --batch --union-cols=9 --dump -T flag11 -D testdb --level=5 --risk=3 -v 3||

Returns: ||[ERROR] unable to retrieve the number of columns for table 'flag11' in database 'testdb'||

Who knew install a word program could be harder than the password attacks module itself

RIP

Ya I managed to do it on kali VM. Kali already has the program in their official respository so should be easy

sudo apt-get install libreoffice

if the file doesn't have any thing important or it's for a ctf you can just search for some thing like open docx file online a you will get a bunch of website that you can just upload and open your docx file

hint wrong ||tamper scripts||

Will this prompt me for a password?

maybe but i'm note sure

Hey i know this is a random and dumb question but how do i change my pfp on hack the box academy

@vital adder what program/app do you use to take notes?

i did do some ctf in the pass where i have to crack a word type file cred and get the stuff in it and i remember did use some stuff online so there is a big chance it will

notepad

like Windows notepad?

Use libreoffice

I just use a normal notebook tbh

Notion

i kinda like having a physical copy

i don't think you can for the academy

thought so. Could i steal a hint please ? ^^;

sure shoot me a dm

I've pretty much made a huge mess trying to download openoffice and libre. I downloaded libre but it will not open up.

I used to use notion. Decided I'm not a huge fan of all my notes being in the cloud. Now I use obsidian with everything stored on an encrypted external harddrive

jesus christ what what would you do if you have to noted down some code???

All you have to do to install it is apt install libreoffice

How'd you mess that up???

Then you can open the word files with Libre office writer

So i first installed open office

That wasn't working

Then i attempted to download libre

Then tried removing open. reinstall libre

nothing is working but i got the file to open via a free online editer. I'm going to have to get some help later to fix this libre/office problem I think im going to call it a night and hit the bar up... Happy new years yall

think it needs sudo for admin permissions

https://www.javatpoint.com/install-libreoffice-in-kali-linux

^^^

Boys ive told you before. I'm an idiot. My only experience with linux was HTB. When it comes to installing things. I'm special needs. Theres something definetly wrong. I followed the offical instructions. Got it to load. I tried opening it with libre, tried opening libre write gui style. Just wont load. it's like something is broken in the settings and i couldn't really figure out how to uninstall. I've been working on this module for 12 hours day. Made some good progress but my brain is shot and i don't think i'm able to think clearly anymore so i'll call it a day. Thanks for the help everyone.

HAPPY NEW YEAR! Hope all of you get laid or crack a box! Peace!

I mean, you could always just copy it to your host machine and open it with word

I could have. but im stubborn and despite it being a headache... It's a learning experience.

True

i just mean like simple stuff

basic linux commands and stuff

aww man

I am the creator of linux. Ama

Interesting...

Congrats on your creation!

I like your tech-tips channel, but you're not great with Linux on there.

How do i delete openoffice and libreoffice completely so i can reinstall libre again?

Ez dubs bro

rude

if you actually work on the linux kernal. Something wrong with the latest debian kernal. System wont shut down properly on modern amd processors.

The kernel team is currently working on it.

I use obsidian

lol dont actually do this for the noobs. This will wipe your whole linux system

Lies

Gives you more ram

😃

Please see your DMs for instructions on how to verify your HTB account.

I am trying to crack a hash on pwnbox but it looks like I don't have enough memory on my machine

Please read the #rules. Any more of unsafe commands will result in a mute.

Got it.

Can I ask you a question?

You said i can ask you anything.

Yes. I'll help for reals instead of trolling

Who hurt you?

That's my question?

Oh shit. Did you actually do it

Was it your dad? Your grandpa? Your uncle? Because you should see someone about the trauma you experienced as a child.

No i googled it first....

But seriously please go seek help.

Ok good. That would make me feel bad haha

That kind of abuse will catch up to you in the end.

Agreed. Sorry was being a dick

@novel matrix Why wouldn't you ban this guy right away?

I'll behave. If the Hackthebox team bans me for reals I will see where they are coming from tho.

cause they show grace?

Will just shitpost. not troll.

promise I will abide by rules. Am sorry for pushing the envelope.

Keep this on topic please and this can be taken to DM's.

Gotcha

Can I message you?

Sure

Tun0 is your VPN ip

Then you want to setup a listener
nc -lnvp 8443

You

Yeah

Go back over the section of the module

Well guys tell me smth i dont want to be banned

If i ask someone to hack someone roblox account i Will be banned?

Okey ty

I want to learn but idk how to start

Ty

You’ll be removed from the server. I’d highly recommend reading server rules so you don’t get into trouble

it looks like your actual script is busted

hard to say for sure

also is this a cronjob thats being executed or do you just have sudo perms to it

cause if youve got sudo perms, no need to reverse shell, you can just drop directly into a shell

You need to focus more on understanding why, and less on rote repetition

Did you create a copy before you appended? Check the script and make sure it just has the one line you want to add at the end as the difference

The lab says revshell but thats utterly unnecessary in this scenario

Well I point it out cause dropping into a regular shell would be easier than getting a full working revshell

but a revshell would be more appropriate for say a cron job

just a simple

echo "/bin/sh" >> monitor.sh

ought to do the trick off the top of my head

cause with a cron job you dont have control over it starting, so you wouldnt be able to interact with it unless you did a revshell. Though, theres other payloads you can do too.

As for why not revshell everything youve kinda already stumbled into why. Sometimes theyre not stable or they can be finicky. Its also an extra network connection going out over the wire, which can have opsec and detection considerations.

I just personally dont like creating unnecessary extra connections.

Can anyone give me a a hint on medium lab on PW attacks?

I ssh'd as the J user. Can't seem to find anything of value. The i tried oing to the urls in the docx and nothing showed up .

It's always important to check what services are running locally on the machine

systemctl?

No

Some ports are only open locally

🙂

Thanks boss

Np

Man this is the hardest thing ive ever done in my life.

You got this bro. I believe in you

What module are you on?

The last question from the "Password Spraying" section in the CrackMapExec module wasn't responding as expected. I'd only get errors. Is it possible for someone to confirm the mssql query can be done?

It error's with confirmed credentials, NULL session and failed credentials.

HEEEY

Password attacks

I'm on medium lab... Got logged in and D... Got a PW from his key... Not sure what to do with it at this point.

I should say PW attacks has been the most enjoyable module ive done but the hardest thing i've ever done in my life.

Oh bro I havent done that one yet

What are you working on?

I was doing AD enumeration and attacks but I think I am going to take a break from it

It’s lots of information to absorb

lol

I'm using redoing my notes as a "break" from progressing in the path as it lets me kinda walk back and refresh/strengthen my knowledge

I think they should split it up into 2 or 3 modules

Well I heard its tough. I'm surprised you skipped over PW attacks

hi

im new, how are you guys doing?

studying is just a mix of the words 'students dying'

oh

never though of that

either way this channel is mostly focused on the #modules found on https://academy.hackthebox.com ; the chitchat is usually over in #general

Mods will get mad if you go off topic for 2 seconds

Happy NY.... I'm off. I've been working on this medium lab for about 8 hours straight.

Damn dude!!!

That’s some dedication

Take some healthy breaks bro

sometimes the answer comes after you step away for a bit and refresh yourself

Well actaully. I did two sections starting easy lab, halfway throught this lab. Total 17 hours today

Holy shiiiiiiii

yeah you either need a break or a can of monster energy

Lol I buy them by the case at Sam’s club

I asked the manager at my local Dollar General to order an additional case for me :) easiest $60 ever (24 to a case)

Just take lots of notes. It's a good module.

after hours of mistakes, i managed to get Enter-PSSession to work in the AD skills assessment

is the powershell session when using Enter-PSSession any different from normal? the regular commands dont seem to work the same way but sounds like they should

wow after redoing the nibbles test box my notes made things super easy p =p

So figured out how to get the initial foothold on the easy box for Footprinting after going back. ||There is a password list that has the creds (which i'm guessing there are quite a few lists that have it given what it looks like) so my guess is a brute force attack is needed. The picture is an example method of how it would have been done. I put in the proper creds, but the user would have been gathered from the port 2121 enumeration via nmap which showed the possible user name for the server name (Ceil's FTP). The tool accepts a list as well for both user and pass. https://salsa.debian.org/pkg-security-team/patator||
||```
└─$ patator ftp_login user=ceil
password=qwer1234 host=10.129.42.195 -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500 --timeout 120
01:08:43 patator INFO - Starting Patator 0.9 (https://github.com/lanjelot/patator) with python-3.10.9 at 2023-01-01 01:08 PST
01:08:43 patator INFO -
01:08:43 patator INFO - code size time | candidate | num | mesg
01:08:43 patator INFO - -----------------------------------------------------------------------------
01:08:51 patator INFO - 230 19 0.168 | | 1 | User ceil logged in
01:08:51 patator INFO - Hits/Done/Skip/Fail/Size: 1/1/0/0/1, Avg: 0 r/s, Time: 0h 0m 8s

https://salsa.debian.org/pkg-security-team/patator

does HTTP Proxy Post Request Relaying vulnerability comes under VRT Server Security Misconfiguration > Web application Firewall (WAF) bypass > direct server access category?

Hello, can somebody help me in file upload => skills assessment. I have found the right payload, but I can't find the upload directory and can't see the answer for my payload. There are only base 64 encoded code

hey cant help you with your question @quasi moth but have you completed pwd attacks by any chance?

Nope

ok thx

are you referring to the first half of the challenge or the second?

cause you may be accidentally trying to do the second half while missing out vital info on the first half

I have searched in forum and find out hint to XXE, and I could look for /etc/passwd

But now i don't really know where are path to upload.php

occams razor says its likely to be in the same directory or one close. Dont need full path.

hey @thorn urchin I have a question on password attacks default credentials? By any chance can I get some help from you? Thx!

I don't know what role that is. Did you spell it right?

not the channel for this

idr the specifics for the sections, I only really keep practical notes for the skill assessments

Ok, I'll try it out

but you can always just ask your question anyways, lot easier to get an answer from someone that way

sure

so basically i can ssh with the creds that i need into the target... it asks then to find the MySQL user and creds and in the section there is a githug repo link for default credentials.

now when I am connected in ssh and I try to connect to ||mysql with the 3-4 default credentials it says it's unsafe to write the credentials in clear text||

I have also tried to use ||hydra not being connected through ssh but port 3306 is not opened||

so im kind of stuck

have tried a couple of different things too with ||smb and ftp and get a zip file though is password protected and can't unzip it||

and the user with whom I log in to ssh is ||not root||

and not included in ||sudoers||

Does anyone has a clue why on windows privelege escalation does accesschk does not work any longer on target machine?

Hi, can anybody help me? Doing lfi skill assesment module 23 section 253, and done log poisoning, || ....ilf_admin/index.php?log=../../../../../../../var/log/nginx/access log&cmd=ls || works now but cmd=cat/flag.txt gives no flag, what am I doing wrong??? Thanks Ok I found it finally

Hey folks, has anyone here completed The Live Engagement on the Shells & Payloads module? I'm having a hard time getting the ||50064.rb|| payload related to ||blog.inlanefreight.htb|| to run in MSF. Keep getting the following error...

Edit: Ignore that. was the lack of the VHOST parameter (even though it was marked optional )

Hi guys, I'm kind of stuck on the 2nd host on The live Engagement from the Shells & Payload module, I found the exploit mentioned in the blog in msf but have an error when running it. Anyone could give me an hint ? 😄

See my post literally above yours ^

@ripe terrace Already specified the vhost unfortunatly

What's the error you're getting?

Have to restart the machine cause it just crashed, will tell you in a sec

@ripe terrace "unexpected reply: Unexpected json response"

Hello am a beginner here
Where do I start

https://academy.hackthebox.com/course/preview/introduction-to-academy

Hmm, I didn't get that when running the exploit. I'd triple-check all your MSF options (RHOSTS, VHOST, etc.)

Hi All.. I am currently trying to get through the Using Web Proxies module on HTB academy, but am having difficulties with the ZAP Scanner sub module... It seems to me like there is no High level vulnerability when i use my own virtual machine. When i use the pwnbox instead i cannot seems to get the site i am visiting within scope, which hinders me in commencing with the scan. Has anyone else encountered this issue ?

Currently having loads of issues with the shells and payloads module, disconnects and machine timeouts, etc. Are there any known issues with the environment currently?

hello everyone, I am stuck at the last question footprinting - IMAP/pop3 . There is only 1 e-mail I found on the IMAP server and there is no flag in it. It asks "Try to access the emails on the IMAP server and submit the flag as the answer.". Do I need to bruteforce admin password or sth from here. I am totally lost. Any help pls?

https://www.youtube.com/@Techrd920

Alright anyone able to help with password attacks medium lab? I've got creds for J and D. Unsure where to go now.

Try using ||FETCH||

You're not looking for a flag in the email, but there is something in the body of it.

@graceful rampart I'm looking for you bud lol

Ngl the last part was intuition for me. There is something to set you on the path in d's ||
history||

For me it just clicked after I looked there

I think i did this. I got a pw but i'm unsure of what to do with it.

Dm me

yoooo I have a question about the sudo -l command. If I run it and get this: User jaeger may run the following commands on shoppy:
(deploy) /home/deploy/password-manager

what does (deploy) indicate? because whatever I try I can't run the command it says I can run

It means you can run that command as the user deploy not as root

how would I run that command as that user? su deploy /home/deploy/password-manager ?

So you'll need to do something like sudo -u deploy /home/deploy/password-manager the -u is for user

Also, this is the modules section. You shouldn't be asking questions about HTB Boxes here

#boxes exists for a reason

Guys, is there a way to pay hack the box subscription without PayPal and those things?

Wrong channel lol

people barely answer on boxes

thanks

What

Np

This channel is for HTB Academy modules. Your question dosent relate to that and thus you're in the wrong channel

What is the correct channel

#1024429874246590575 probably

Ok thx

On attacking lsass did you guys get the dmp file using the rundll32 method?

got the answer already but wanted to check if rundll worked for you guys? Thx

Hi all! in the Footprinting - Hard Lab module|| I found tom's credentials and reading his mail in imap I found a private ssh key but using it gives me error "Permission denied (publickey)." Obviously I have given permissions 400 to the key but I don't understand if it is my ssh setting problem.|| Thanks for the help

@heavy dome use 600

Yes

Let me see your ssh command

i have issue with academy machine its not working . its responding for 2 mins and not working until reset where should i report this issue

Please SomeOne Help me out

I am trying to set up hack the box and I am very new to everything! do I need to set up a VM with Kali Linux to run hack the box or can I do it on my normal web browser?

You can just run through the "pwn-box"

Ok I am having trouble doing that for some odd reason but ill figure it out thank you

pwn box is also giving error

Oh??

dont confuse i am @umbral ruin with another account

actually target machine is having issues

I'm having issues answering the questions in system information in shell module for the intro to Linux. I'm also super new

@umbral ruin I am having the same problem when I download it, it doesn't open giving me a believe a zip file

same here i have issues with module Shells & Payloads and cli windows room

i am changing rooms if there are issues are you guys doing somting other than me

I know my answers are correct .. like "which kernel versions installed in the system?"... I know I'm putting this in correctly and yet still receive 'incorrect answer' message

yahh

same in Shells & Payloads module

who are going to help us out 😩

The first question was right and then the rest of my answers aren't working for the rest of the questions in the module...

Like..."what is the path to htb-students home directory?"... Super simple answer right?? Well it's not working lol

@queen hatch & @cunning drum are you guys opposed to hopping in a call I dont even know what i am doing wrong Ive looked up youtube videos and I am doing everything i have been told and I am still not able to get into fricken meow!

I can't jump into a call right now unfortunately 😑

its okay

i can help you dude

It looks straight forward

but i dont know if i am just an idiot

msg me private

just did

yah

I'll try this module again after a little break... I know my answers in the questions I can answer are correct. I nailed the first one and some of the other ones are just as easy lol 🤦

ok i've risolved... the key file need to run with sudo... i'm very noob sometimes... 🙂

HackTheBox - Hacker, forgets sudo. You have given me home sir.

*hope

f*ck

Local hacker needs a home, will you support them:^)

idk which channel to ask this question but, where can I learn about how data passes through ports and network and learn how it all functions in the grassroot level so that I can start writing my own exploits and auxillaries rather than relying on the existing ones?

For anyone whos taken CBBH is there any recommended material to try once CBBH modules are complete?

I would assume the web focused stuff on HTB? challenges?

There are networking modules on http://academy.hackthebox.com if you click on the module tab and type in the search bar you'll be able to find stuff. Also a quick ask to Uncle Google provided me this: https://www.practicalnetworking.net/index/networking-fundamentals-how-data-moves-through-the-internet/

It's been a minute since I brushed up on my network stuff

Footprinting done

Hey guys I’m at the last question of Windows Command Line module. Can’t get the username right I’ve literally tried all from event Id 4625

Any help please ?

hint you need to run the command to find it on the ||domain controller||

Thanks I completed it now

https://www.youtube.com/@PowerCertAnimatedVideos
These guys make pretty solid content

Every module has reccomended HTB boxes to go along with it

I must have missed that ty

I'm trying to mount the .vhd in password attacks hard lab. Ive been trying tons of guides. I keep getting stuck at figuring out the windows partition

Step 3: Get the partition info which needs to be decrypted

I can't figure out how to mount this baby. Spent almost two hours on this. Anyone have any nudges? I was going to use my windows host but I have home edition and bitlocker doesn't come installed.

if you got the vhd file onto your windows host then all you need to do is a bit of research for the a tool that can open bitlocker on windows (i found multiple in 1 google search) or if you want to mount it in linux there also a lot of gui tool or you can just use losetup with dislocker
#modules message

hint wrong cred

I deleted that i forget their was creds in there

yeah but the cred are still wrong though

Right

you are right

This might be a spoiler

Thanks

fuse: mountpoint is not empty
fuse: if you are sure this is safe, use the 'nonempty' mount option

i snapped my vm before this incase of something bad. but is this concerning?

Nothing is concerning if you have a good snapshot 😂

This look good MRtom?

i never got that error so i got no idea but in this case you are just making a partition from the vhd and mount that partition as a directory so what is the worst that can happen

yep (i think)

or do i need to add the .vhd file at the end of /bitlocker

It's crazy to me now that before I started I was debating whether I should use a full Linux laptop or a VM that you could snapshot 🤣 , I dread to think how much time I would have spent re-installing everything lol

no that command is for mounting a partition (that was make from the vhd file) so no

Yea

my .vhd file is located inside that dir

Before i even completed my first module. I tried dual booting kali on my laptop.... What a fucking nightmare

oh so i think the error you got was because of this

just move the vhd to a different directory

I still have a dual boot on my main machine, but I haven't used it in months

Before i knew to check everything i was entering. Someone gave me a command to run and it really messed up my laptop. Almost bricked it. couldn't use the keyboard. couldn't get anything to load... even my windows.

i had to system restor

sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount

this last command... the dislocker-file would be the .vhd?

Wouldn't it need to be in the directory before i run this?

nope also for the name thing i think i copy the command from some blog or article so i got no idea about that

hmm

not sure what to run then

ok..

did that.

and the 4 file at the end should be your next and last step for this assessment

wow thanks what a nightmare

Do i need to unmount? I'm trying but states target is busy

you can just use umount for that

└─$ sudo umount /media/bitlockermount /media/bitlocker
umount: /media/bitlockermount: target is busy.
umount: /media/bitlocker: target is busy.

just make sure one of your terminal isn't in that directory

lol

there we go

┌──(ruderaph㉿kali)-[~/Downloads]
└─$ losetup -d /dev/loop0
losetup: /dev/loop0: detach failed: Permission denied

hint ||sudo||

exit

I'm having some trouble in dns footprinting questions

The first question is "Interact with the target DNS using its IP address and enumerate the FQDN of it for the "inlanefreight.htb" domain." I don't understand what the question is asking for

It wants the fully qualified domain name for the name server I believe.

have a dig through the notes

right I'm running dig as:

dig any inlanefreight.htb @TARGET_IP

Which gets any records related to inlanefreight from the specified DNS server if I understand correctly

You can return just name servers with dig also.

But none of the fqdns that show up are the answer

DM me what you have submitted.

For the final question in DNS footprinting, I had to use the dnsenum script. However, I didn't expect it to work because I wasn't able to ||zone transfer the correct subdomain||. I looked in the source code but I'm not familiar with Perl, so I'm having trouble understanding how dnsenum was able to find the FQDN that we're looking for but I cannot with zone transfers and dig queries.

this would be considered spoiling

As would any of the other hints/suggestions regarding the same topic

hints are to nudge forward; giving a zone transfer domain is flat out telling people where to go

there's a difference between "have you tried this tool" versus "I got the answer and it was under this domain"

Hmm

There

Any idea regarding my question though?

not sure; have an idea, but I'll test it out once I actually get to that point

redoing notes

Hey! Could someone help me understand the Linux Privilege Escalation LXC/LDD? Do I need to install lxd onto my system or alpine? im confused lol

Module: Active Directory Enumeration & Attacks

Section: AD Enumeration & Attacks - Skills Assessment Part I

Question: Hey everyone, I’m currently on question 5 and am on the MS01 host and I can see other users but unsure of the direction to go to receive the clear credentials for another domain user. May I dm someone regarding this? I don’t want to accidentally provide a spoiler regarding my finding.

my out in the open hint is enumerate for any documents or whatever your user can access

Finally finished PW ATTACKS. phew.... Talk about difficultly but also so much fun. Best module so far. Thanks for everyone's help.

Thank you 🙏 @fathom pendant

Remember pentesting isn't linear :) sometimes you have to go horizontal to go vertical

- What can we see?
- What reasons can we have for seeing it?
- What image does what we see create for us?
- What do we gain from it?
- How can we use it?
- What can we not see?
- What reasons can there be that we do not see?
- What image results for us from what we do not see?

Understood. Thank you for reminding me. 😃

Yea, amazing way to think about it

In my obsidian notes where I'm doing practice/lab my arrow directions go horizontal for lateral access, and vertical for priv-esc

And color coded for the type of access I have

And if a particular access point gets me nowhere I drop that line by deleting it.

That way if I revisit it I know I can just follow the flow reliably

nice

I just started looking at the canvas

thats gonna change how i take notes completely

Absolute Game changer

Instead of just "run this command" it is "credentials" -> login via (whatever access portal is my opening) -> what can I (su)do /access

Keeping the actual path succinct and followable, while my notes for the section are verbose. Commands have their own section as well where I include the options and their explanation

Especially if I had to do some mild research into things

Hey! Could someone help me understand the Linux Privilege Escalation LXC/LDD? Not sure what to do for this section. Thanks

most of what to do should be explained by the module/lesson.

Right, typically everything is self explanatory, but this section doesnt explain ti too well. It started with installing Alpine and initializing lxd, but im not sure where to get the alpine.tar.gz and the lxd init isnt working on my local

dm me with the question it is asking you

That sounds like a great system. Wiould you mind showing it to me in a bit more detail? Would love to see it. Currently trying to figure out a syustem to use myself

Yeah I just redid the Nibbles box so I can DM you what the layout/flow looks like

That would be awesome! Thanks!

any help with footprinting hard lab // I have nothing and no ideas. Right now I am trying to bruteforce pop3 with meta. Not to mention it is painfully slow, I also think I am going to wrong direction here. There are 5 open ports with syn scan and looks like 1 snmp with UDP. Well, I cant do anything with snmp because the only feedback I am getting is timeout response. syn ports are ssh and IMAP/pop3.

review the module for snmp again

think about how an admin could use snmp to interact with the server

hmm let me think about it. hahaha

what tools do you have to gather what you can; also if you're getting a timeout - make sure you're connected to the vpn; if you need more assistance with the foothold; DM if you need more direct assistance as that would be a spoiler; but think about the tools/commands you were given in the module and their purpose :)

would you mind sharing it over here as well? I'm having some over complicated thoughts on documentation and note taking

Hello, I need assistance in the Credential Hunting in Linux section under Password Attacks Module. I am instructed to fine the password for will, and I have no initial foothold, I'm unsure on how I should proceed.

Have you tried everything the module has shown you?

so far*

I'm unable to actually try anything in the module itself without having some sort of credentials to access the host.

then attempt to enumerate the host

what can you find out

you have a username; has the module so far talked about trying to find a password with just the uname?

The module is about dumping credentials while you are on a linux host, I do have a user but no way to access the host. I have tried brute forcing with the user, but to no avail.

I don't believe we are thinking of the same section.

That one is a little BS because you need to check the hint in order to get the username

Okay, I have tried to do it without a hint, but ill check it out now.

Yea unfortunately its impossible to get that username without checking the hint

i think

actually, you can do it cuz the user is in the provided username list.

but it would take a very long time

Okay a small hint here would help save me time now that I know what I need to do. Is SSH the service I'm trying to bruteforce?

🤷‍♂️

You should always enumerate before trying any attacks

Sounds good, I will enumerate the host just weird I did not expect all this when it comes to this specific section...

i mean enumeration is always the first step of any attack

Generally the sections have been made so that you are trying to do what the section taught about. I have tried bruteforcing ssh, ftp and smb. SMB is giving me a strange response, its saying everything is a correct password but I will attempt to run nmap scripts against the service to see if its vulnerable to anything.

What do I do if a question is not accepting my answer but I'm 100% certain I'm correct??

Lol

check to make sure there isn't a space character at the end of your input

Done. Still is incorrect?

what module are you doing?

Now I know I'm a total noob because I'm just getting involved, but I know I'm right.

I'm on...

System information in the Linux Fundamentals

Finally answering some questions...

I'm lost, I don't understand how the hint is useful.

Hint is useful only for the first question

I have tried manipulating the hinted user.

Are we talking the same module?

you can dm me and we can chat about your invalid answer if you like. I might be able to help

I mean the answer is almost literally in the question... Even the 3rd question....

I'll dm you thank you

On footprinting - hard lab . I ve found a ssh key. made a file and paste the key. set permission to 600. and use command 'ssh -i id_rsa t**@10.129..' I am getting connection closed. Am I doing sth wrong. I ve checked the file triple times.

I think the permission I gave it was 644

Try that?

Are you running the command as root?

Your given a username. Think about how you can use that. Think about things youve learned through the entire module

Okay, thanks.

nope didnt work :((

instead of manipulating the user, I will manipulate the password list with a custom rule and bruteforce ssh.

I'm gonna mutated the password also that says the user was using. Hopefully this works.

Oh. Okay that worked haha.

rsa needs to be 600

Ohhh I see

I believe the module tells you

I have found the solution, thanks for the help @graceful rampart

can you help me with this section?:
Mounting a Linux Folder Using xfreerdp
I didnt really understand it.
/v:10.10.10.132
the /v: = Target yea?

That what I was doing but I started to try everything when it didnt worked. hahaha. Well, weirdly enough ssh still giving error and I connect with remmina no problem

I don't think ssh port was open on that, which is probably why, or you did something wonky

I connect ssh port with remmina. It is definetely open. Probably my PC wants to sleep now, it might be that. hahaha

Remmina is a Windows RDP program

well it is a bit more then that hahaha

I can dm you in a moment to explain why Remmina actually worked

sure. would be nice

Thank you so much Marcie! Will go through all of these this month

sure will go through these! :))

if you want a more structured order the normal paths should give you a handful of modules to do in order (if you want), the modules that most of the people here are referring to with their issues is job role path ones

but the modules exist within the job role and their own mini paths

the normal path is where i should start with ig. i have a lot of time with me before next semester starts

I have a question

I just joined this server because my server with a lot of people got hacked and im scared that I will lose it

And it took me very long to get to my spot

We are not a server that offers hacking services like that; it sucks; but take it up with discord support

Ah ok fair enough thanks

hello guys

i am so sick of hackers

i want to get them back

can someone teach me the step to step guide to finding their addresses?

???

i will pay you back in gratitude and positive attitude

first install DN

this is not the type of server for that read the #rules

what's DN

deez nuts

my friend told me what kinda server this is ;)

i won't snitch

well your friend lied LOL

Bro?

my friend is @modest kindle

I don't know this guy

He added me and I added him back but idk him

I'm just here to see what cyber security is like ygm

nothin malicious

https://cdn.discordapp.com/attachments/726624326132170783/1059313664588521502/image.png

lol

he added me

told me exactly what you guys are

and do

inspect element

that's literally not me

Idk you

you're all disgusting he said but he will put up with it to bully kids on roblox

Ok

what you do with the information you learn from http://academy.hackthebox.com is on you. The services are only for learning ethical hacking; which does not generally dive into retrieving an IP from any target - but rather being hired by a company to test their security in place ¯_(ツ)_/¯