#modules

i can't register in thes url https://app.hackthebox.com/invite

just pop up network error

@eager merlin i don't know what to tell you

https://www.youtube.com/watch?v=LMCKbR_wWds&t=241s

any suggesstion?

Hi! I'm struggling with the Attacking Common Services - Hard lab. Anyone can help me?

Works for me

I can access to || rdp || with || fiona || user but I cannot use || mssql with sqlcmd ||

can anyone tell me please

I can impersonate || john with sqsh || but I cant go in through there

i would suggest to clear cache and cookies, try again

Take a look around. ||Are there linked servers?||

just pop again ,network error!!!!

Check your DNS
dig app.hackthebox.com

Yes! I have found || LOCAL.TEST.LINKED.SRV || and I see some info executing || EXECUTE('select @@servername, @@version, system_user, is_srvrolemember(''sysadmin'')') AS LOGIN = 'john' AT [LOCAL.TEST.LINKED.SRV] || through sqsh but I'm stuck here

app.hackthebox.com. 1 IN A 104.18.21.126
app.hackthebox.com. 1 IN A 104.18.20.126
have the's

So I'm trying to access through || sqlcmd in fiona rdp session || with no luck

@eager merlin cmp_seq=3 Destination Net Unreachable when i use ping and ip from HTB

screenshot?

You do not need RDP
You can do everything with sqsh

So how can I impersonate || testadmin || executing commands as || john ||?

i can't send

read and follow #welcome

J* has all the rights you need

I sent you a DM

Okey, everything done... thank you so much!

You included the : to the emote in your copy paste, it fucked up

But proud of you my boi

https://academy.hackthebox.com/achievement/710422/path/16
🥳

No
Read the #rules

bruh havent you asked this question about 5 times now

As that's explicitly illegal: no

what was he asking?

some ddos stuff, that dump dump spam here before but last time someone try to help him so he just come back and ask the same thing

wtf

Hey @vital adder do you think it's enough to do the modules and exercises or is it a must to have VIP and do the extra boxes

Everything on the exam is in the modules

for what? the CPTS exam??

Which retired htb machine involves AD?

there is a filter for this but it's kinda ass

For the exam and for Pro Labs & End games

that's why I like to ask people. It's a better filter

if you are asking is only doing the modules enough for the CPTS then yes

but if you want to go a bit further then the prolabs

@vital adder I think you need to some htb machines to fully understand cpts concepts

I want to finish the course, then do only the Pro Labs. I think that will prepare me to the max for the exam

if you can do offshore you can do the exam

If you can do Pro labs, I don't think you need the course

not going to lie i think that too but the AD box's is either too easy or too ctf like

CPTS is in between dante and offshore

So if I beat this guy then I will pass

yes but trust me when i say he is going to kick you in the ball

how do pro labs work, do you need a subscription for that?

Pro labs is a separate subscription its like 50 dollars a month

https://app.hackthebox.com/tracks/Active-Directory-101

Do they work like a real network?

@acoustic owl oh. Thank you, bro!

just read the description

A ProLab? Yes

just counted all of the machine you will for the prolabs subscription and it's 113 it's steal for 50 buck

That's great

I will get it in 1-2 months when I'm done the modules

Nmap Scripting Engine
Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.
Web servers are among the most attacked services because they are made accessible to users and present a high attack potential.
I ran this command:
sudo nmap 10.129.2.49 -p 80 -sV --script http-enum
And got:

|_http-server-header: Apache/2.4.18 (Ubuntu)
| http-enum: 
|_  /robots.txt: Robots file

I went to robots.txt and found a flag.
FLAG{XXX}
But when I submit this flag it's the wrong answer. Did I do something wrong?

Solution: There was a space behind the flag which prevented me from answering correctly

You should not post flags here. Please delete it

DOne

hey im new here so i dont know if this is the right place to ask.
im having issues connecting to the VPN with my Kali, who can help with?

Maybe you just say what problems you have

Should we keep the openvpn tab active? or we just only need to run it once to connect to the htb vpn? thank you

no keep it open

Alright, thank you

Recommend utilizing one of the other workspaces in Kali for persistent things like your openvpn connection, and another workspace as your default "working" area

didn't understand what did you mean, i just started this, any keyword i could search for so i can read more about it?

Ah, one moment, let me grab a screenshot

So on the top bar of Kali, there will be the numbers 1, 2, 3, and 4, you can think of these as almost different virtual monitors. I keep my openvpn connection up on "monitor" 4:

And by clicking to 1, 2, 3 I can begin working on a different "monitor"

guys dow you know maybe how can i get pass this section (password attackes/ linux pass the ticket section)

when i get the hash for svc_workstation it gives me aes encrypted only as far as i know there is no chance that i can get it cracked

is this the right way im going do i need to crack it or is there somthing im missing/

The svc_workstation hash is crackable

f.....
ok thats pretty much all i needed to hear xD

Thanks man!

No problem, that's from my notes but I think I'm gonna spin it up just to verify

I see, thank you so much

the way I was scanning the wrong IP for half an hour and wondering why it's not working 💀

Why when i changed tab back to my terminal, i can't type but suddenly after a random time it just writes all these stuff i just pressed earlier like htb-student@nixfund:~$ ls ^CsdsdsdzxcasdqwewewewlllkjhkhkjhfffS

Okay, yeah, sorry this took me a bit. If one keytab file gives you problems, try another.

That seems like a lag issue, you might want to make sure you're grabbing a VPN file for the region closest to you

I see, sadly there isn't an asia server, should i pick US or EU server? im currently on EU server rn, i think US is closer to asia?

Ah, yeah, that does factor in a bit. I'd say if you are closer to western Asia, EU would be better, but if you're eastern Asia, particularly southeastern Asia, US may work better for you.

Alright, thank you so much

No problem

im struggling with the last step of the Web Attacks - Skills assessment for several hours. I didn't have any problems on the other items in the module. I even tried setting up the pwnbox because others suggested an issue with routing. Still doen't appear to be communicating to either the public or private IP address from the application. I tested pinging communications from a different machines and that seems to work find. Anyone willing to help direct me a little ?

***NETWORK ENUMERATION WITH NMAP ***
Firewall and IDS/IPS Evasion - Medium Lab
Question:
After the configurations are transferred to the system, our client wants to know if it is possible to find out our target's DNS server version. Submit the DNS server version of the target as the answer.
I've tried first: sudo nmap -p 53 -sV $IP
Because they want the version (-sV) name of the DNS server which is open on port 53.
Output:

53/tcp open  domain  NLnet Labs NSD

The version NLnet Labs NSD is not the correct answer.

I have also tried
sudo nmap -p 53 --script dns-nsid $IP
sudo nmap -p 53 --script=dns-service-discovery $IP
sudo nmap $IP -sS -Pn -n --disable-arp-ping
sudo nmap $IP -sA -Pn -n --disable-arp-ping
sudo nmap $IP -sA -sV -Pn -F --version-trace --disable-arp-ping -D RND:5 --source-port 53
& even netcat
nc -nv $IP 53

But nothing has provided me with a correct answer. Please help as I've been stuck on this for hours and it's no longer a learning process

Any ideas u can help me with please sir @wispy aspen

Try it in the PwnBox, not with your VM.
If I remember correctly, there was a problem with the VPN

Okay will try now

On the exam did you go against IDS/IPS and get blocked from the network?

Everything discussed in the modules can be tested on the exam.

Thanks btw it worked on the PWNbox

The same is holding true for XXEinjector as it just times out. None of the local file disclosure seems to work for me and since everything else requires some kind of callback. It seems im out of luck.

I also had to use the pwnbox for that, which is mighty inconvenient

Have you checked the SMB service?

On this module rn lol...hint: it's possible to get stuff from ftp server even if you can't log in

that's still call a type of authentication 🤣

why? the session is about ftp?

you may want to remove this due to spoiler also if the thing you blocked out is the -p then try without it

so what exactly is the issue? connections issue?

Its not unusual that the question is about one service but ypu have to work through another one to get there

sound very unusual to me 🤣 either way that's not the right path in this case

Idk idk

https://tenor.com/view/splash-puddle-shock-shocked-deeper-gif-22493379

Xd

I believe so.
When I try Local File Disclosure that doesn't seem to return anything. So I figure I need to move onto the advanced File Disclosure.

I setup everything including the python3 server but when i send the request I get a response without information. Checking the python3 server nothing connected to it. If I try connecting from another browser, that browser will connect. But of course we want the app to connect. So I move onto blind data.

Setup the php server. Again requests lead to responses, but nothing contacts the PHP server. I can connect to the PHP server wtih another browser.

With XXEinjector it never connects either it just keeps asking if I want to wait.

I have tried different IPs, on VPN andoff VPN, with Kali and Pwnbox.

If anonymous is not working, try to find another username

shoot me a dm with your request

also no idea what you are trying to do but this assessment doesn't involved any type of call back

also, for what it's worth, there's a username list in the button for this module

using those wordlist is actually wrong for the first part of that section

he needs to find the correct username, as he is using anonymous.

using @ to login as anonymous in the last attempt doesn't work because that isn't how ftp authentication work 🤣

there will be ||brute forcing|| involved but not with the wordlist in the module Resources

Earlier i change the vpn region from EU to US, after that i connect to the new htb vpn, but unfortunately i can't access the target shell like this, is there any step i miss?

first make sure both of your vpn and the pwnbox isn't on at the same time and after each vpn change you will have to reset your target machine

I didnt start an instance, and i have refreshed the target too. I tried to restart my machine, then it works (idk why). thank you so much

Disregard what both @vital adder and I have told you in previous responses. I recommend refreshing your target (yellow arrows next to the IP address on the academy page), giving it 60 seconds, then try ftp <ip> <port> like you were doing before.

I spun up this module and confirmed it's working for me.

the only thing i've suggest is to not use the -p which i think he did screenshot

It worked both with and without -p.

That did it! Thanks https://academy.hackthebox.com/achievement/820185/134

can i dm you about that?

If you feel it necessary

Did anyone manage to land a reverse shell on the File Upload Attacks skills assessment box? I'm thinking its pretty well isolated due to K8 but wondering if someone knows of a trick I'm unaware of. I've scripted a psuedo-shell, but it would be neat to land a real one.

In this module what you like the most..

Someone can help me? - Pass the Ticket (PtT) from Linux

hello

i like enumeration and making burp go brrrrrrrrrzt

Hello

This channel isn't the general channel read #welcome to see how to access more of the server @muted charm @rustic sage

The Windows Box's for the Active Directory Enumeration and Attack keep on staying pure black screens when I RDP into them. Is it something that can be fixed by simply resetting them?

Try clicking in the window and pressing space

Well ... that was a simple solution

It worked, thanks

I am confused - https://academy.hackthebox.com/module/147/section/1328 - Trying to find the MySQL creds in here and I went to the default creds github and tried the following combinations. I also tired Sam's ssh password with all the users on the machine being: ||sam, kira, and will||:

||productvendor username password MySQL admin@example.com admin MySQL root <blank> MySQL (ssh) root root MySQL superdba admin Scrutinizer (MySQL) scrutremote admin||

What am I missing?

I added all the defaults to a password list in the following syntax also username:password in hydra and tried them manually.

1. one of those works
2. the mysql service is running locally

So it's not accessible externally

I know I'm like 99% sure I tried them all

Staring at the right answer rn

I'll try again it's that 1% that works lol

thanks

Also as it says, "from the previous exercise" so you need to log in using the previous user you found first

RIght, I am sshd in as sam

Let me try again, ty

omb i'm impatient, I got it

Like I said I was staring at it lol

I thought I tried that combo. I must have "tried" it in hydra and thought I tried it locally

anyways ty!

Glgl

For who are stuck here, just use your own machine and not the pwn box

Hi all, I'm working through the web requests module and trying to find the flag in the network tab of dev tools and I can see where it is requested in script.js, but the console is saying that document.onload is not a function and so in not returning the flag. Any ideas?

Hello all, I've been stuck on the Skill Assesment - Website, 2nd question, of the Login Brute Forcing module (https://academy.hackthebox.com/module/57/section/515) . I'm running the command ||hydra -l admin -P /usr/share/wordlists/rockyou.txt -s PORT IP http-post-form "/admin_login.php:user=^USER^&pass=^PASS^:F=<form name='log-in'" -t 64 -I || for different usernames ||(admin, b.gates, m.gates)|| - all without success. Would anyone please take a moment and point me in the right direction? Been stuck here for a while...

im at the linux modlu rn and i have no idea what to do someone please help me

You're gonna have to elaborate on your issues

i dont have image perms

I'm aware

Read #welcome on how to verify your main htb account with discord and get image perms

can i not just dm

can i not just dm

No

why

Because I am not accepting dms

¯_(ツ)_/¯

If you want to upload pictures here, you have to verify your account

^

it doesnt work

for me

why?

idk i fill in my email and pass but doesnt let me in

PayLoad Bunny

Read and follow #welcome

Main site and academy are different logins

Stop hopping around for once

i did that

look please its urgent

Just describe your error or post the error in backticks (`)

this is an example

https://tenor.com/view/funny-bunny-confused-bunny-great-job-bunny-gif-25289971

its not a damn error i just dont know how to complete this question man

https://tenor.com/view/hunt-hunting-on-the-tunt-elmer-fudd-bugs-bunny-gif-4712569

Well what section are you on

system information

Oh

That question has been busted

what

Because the command they give you to use doesn't give you the answer they want

(The uname question)

so whats the answer then cuz idk how to do this stuff

What have you tried so far

And what output did you get

Hello hope you don't mind I've been stuck on this question for 30 mins in the HTTPS fundamentals course: To get the flag, start the above exercise, then use cURL to download the file returned by '/download.php' in the server shown above. I'm getting "wrong version number" error when typing "curl -o https://94.237.49.11:45547/download.php"

ssh (target) then it needs a password but idfk what to do

Look above the first question it tells you how to authenticate

how man

i see it but dont know what to do with it

ssh <user>@<ip>

Then paste the password in the terminal with [ctrl]+[shift]+[v]

i cant paste it for some reason

https://academy.hackthebox.com/module/details/77 I recommend this module if you haven't already checked it out

yeah thanks but im busy with this one rn

and i cant paste it

Hit enter

After doing the paste command once

It's not showing what you're typing, this is intended, it's a security feature of linux

Hi all, just needed a command i forgot, is there a way to search on the academy?

i did it but it says connection closed

What command?

can someone help me with my account identifier please I can't find it in my HTB settings 😦

It's on app.hackthebox.com

I was looking for a Telnet command, i have seen it in OS fundamentals or getting started module

For connecting to?

does this search all text because i could not find it like this

I believe the syntax is telnet ip port

Short answer tho, take better notes

bro it says permission dennied

Then you're doing something wrong :)

Paste your ssh command here

what the fuck could i be doing wrong man

im following your instructions

i know you love notes haha, but cant search them lol. need better ones yeah

Brother take notes on your compyutah (most people here use obsidian)

ssh htb-student@10.129.157.18

will check this one

And you copy/pasted the password that's given to you (note in terminal you NEED to add the shift key to the paste combination)

i didn't copy paste it manwdym by shift key

you mean space?

No

Highlight the password from the webpage

Right-click, copy or ctrl-c

In terminal do right-click paste or ctrl-shift-v

https://en.wikipedia.org/wiki/Shift_key

yeah ik what the damn shift key is i just dont see where its used

i did that man

And when you hit enter it tells you permission denied?

yeah

ahh I have an academy.hackthebox account... damn. Anyway I'm stuck on the first interactive exercise on HTTP Fundamentals, does anyone know anything about cURL and "using cURL to download the file returned by /download.php in the server show above". I believe I am doing it right however I'm getting a "wrong version number error" in my terminal. I am typing curl -0 https://94.237.62.195:34787/download.php

In just the terminal [(without doing any other command)] just do a paste

Just to see what's on your clipboard

the password

HTB_@cademy_stdnt! should be the password

yeah ik but it doesnt work

It should

Are you using the browser pwnbox or your own vm

browser

now i cant even paste bruh

Yeah the browser pwnbox is trippy sometimes with copy/paste

permission denied again-_-

this is making me mad

Take a step back and breathe

First: try restarting the box using the reset button (the two arrows)

And try again with the new ip

Is there another chat that unlocks when I verify my account? I don’t see any other in off topic sorry for messaging here

Yes the rest of the server opens up go yiu

Okay thank you 🙏

i cant even respawn it cuz only once per day bruh how stupid

Unverified only have access to the academy section, community-help, and welcome/rules

Brother i meant the target

Not your pwnbox

you said try restarting the box

box = target

man im so stupid i hate myself

Just set up your own vm

or buy like $5 worth of cubes and you get unlimited spawns ¯_(ツ)_/¯

i dont know how to do any of this shit

I refer back to the getting started module I linked earlier

maybe im just too stupid for this shit

Hi, Anybody doing ''UNDERSTANDING LOG SOURCES & INVESTIGATING WITH SPLUNK'' module?

37 people have completed the module

why so little

The module is quite new

I did stuck on this one ''Access the Sysmon App for Splunk and go to the "Reports" tab. Fix the search associated with the "Net - net view" report and provide the complete executed command as your answer. Answer format: net view /Domain:_.local''

Have you downloaded and installed the app?

yep

I'm missing something in the search

search for net view

sysmon process=net.exe (CommandLine="net view") | stats count by Computer,CommandLine

my idea was sysmon (CommandLine="net view") | stats count by ComputerName,CommandLine

Try it very simple.

Specify the logfile and what you are looking for

Sorry but maybe my brain is not working today. Do you know how to to do it?

Send me a dm

Dude this page is huge

Pass The Hash page ?

U can barely see the scroll bar

Which page is this lol

It's all just "SMB"

Attacking common services SMB?

Footprinting

Ohh Damn

Yeah man I agree

ah, that, it's just a lot of terminal output

Dude thank god

I was getting the heeby jeebies

Meanwhile, I am waiting for John to complete it's John stuff so I can finish module

U know that feeling when u go "do I really need to pursue this career"

been asking myself that every day

gotta push through

It is not so bad

🎵🎵🎵🎶🎶🎶

So i have just finished the skill test for tunneling an pivoting. my question which i cannot figure out is how do i download a file from a windowshost when i have accessed is through a ssh -D from a linux pivot. I could not get a meterpreter shell to work. I had ssh acces to the windows host as well as rdp.
next question which remains is it possible to create chain through a linux machine to a windows machine to the next windows machine, in a way that i can start something from my attacking machine pivoting through 2 machines at once?

If you have a RDP connection, you can easily mount a drive with xfreerdp
/drive:share,"/home/user/share"

2. Question
   Yes, it is possible, although not easy.
   You could for example go through the first Linux machine with sshuttle.
   Then go through the second Windows machine with chisel and then, for example, open ports with netsh to access the third Windows machine.

I'm sure there are other ways, but I often solve it this way.

amazing! great answer to my question!

ill have a try on this one, thank you so much for taking the time to answer my questions.

This would actually be the fourth machine.
You can reach the third one through the Chisel Tunnel.

-> Your VM -> sshuttle (1. Linux) -> chisel(2. Windows) -> netsh(3. Windows) - > 4. Target

By the way, you can try out and play around with such things in the ProLab Offshore.

currently i am trying to finish the course first, i found out by doing the boxes in the labs that i miss some advanced understanding which takes the joy out of it. I will try to do it in the academy skill assessment enviroment and for the future i will take offshore on 😄

Windows Priv Esc (Pillaging): Did anyone get cookieextractor.py to work on their Kali or PwnBox? Im getting this problem on Pwnbox:

I also cant get cookie extractor to work on my Kali because Python shenanigans (no win32 module --> can't install pypiwin32 or pywin32 for some reason)

can you provide more hint please ? I don't understand

How can I go back to see the recommended machines on academy? I am referring to the list in the bottom right of the screen that appears whenever you complete a module.

I think I didn't do the assignment the intended way

It's a log of events that happen in sequence... So like... The next event is one above, right... But that's not what they actually ask for

You should be able to view the summary page again yes. Try clicking the last section and then "Complete" it again (it's already filled out if you did it once)

So how to do the research properly from what they ask for? I created a filter per hour with the event id as the person who asked the question at the beginning. Did you just look at the previous event?

Yea that's what I did, which isn't the way I think

Little confused on the last step of this module:
https://academy.hackthebox.com/module/158/section/1434

It suggests using:
||proxychains firefox-esr 172.16.5.135:80||

Which doesn't seem to work, which I think would imply we need to:
||python client.py --server-ip <IPaddressofTargetWebServer> --server-port 8080 --ntlm-proxy-ip <IPaddressofProxy> --ntlm-proxy-port 8081 --domain <nameofWindowsDomain> --username <username> --password <password>||

But we don't yet have access to the internal machine domain/creds/etc 🤔

Am I misunderstanding the instructions? Or is the expectation that we would pwn the machine first? Or am I just getting something wrong with the first command?

You don't need credentials

What about the --username and --password flags? 😕

I feel like something obvious in the instructions just isn't clicking in my dumb morning brain. Haha.

You're not authenticating with a HTTP proxy

Forget that last section for the exercise.

In my case client.py didn't work due to a python package issue I was too lazy to fix it so I used ssh dynamic port forwarding to solve it. So if you want to just solve the lab you can try this way or another method

Appreciate the workaround, I'll keep that in mind. Are you saying the first command should work?

Oh wait

I believe You don't need to run client.py at all

With the credentials I mean

Wait, what? Isn't it required to establish a connection with rpivot? My brain hurts even more now.

Forget that last section do the rest did you get the new connection message?

I did.

Now what is your proxy port

9050

Did you set the same port in proxy chains config?

Yes.

Connection:
python2.7 server.py --proxy-port 9050 --server-port 9999 --server-ip 0.0.0.0
New connection from host 10.129.198.38, source port 46492

proxychains.conf:
socks4 127.0.0.1 9050

Just to be sure you used this command in you attackhost right?

Correct!

On the pivothost:

python2.7 client.py --server-ip 10.10.15.22 --server-port 9999
Backconnecting to server 10.10.15.22 port 9999

Can you send a screenshot of proxychains Firefox command

That's it?

That's it 🤷

Should there be more output?

Yeah like in the exercise

Yeah, that's all I get. Firefox opens, but it fails to connect.

You are on the right path ig the only problem is with you proxychains

@high zinc Ok that did the trick. Now I can see which boxes to practice on. Thx!

Alright, thanks. I'll try a reboot or fresh proxychains install I guess 🤔 Weird silent failure.

Didn't have any issues with the previous proxychain labs.

If you did the previous labs with proxychains you should already be familiar with the output you get when you run proxychains, it will clearly tell you whether you connected to the server or not

Was Firefox already open when you using command? Maybe you could proxychains curl to get what you want ?

Previous labs only had me running it against nmap, so the output looking different when running directly against a browser didn't seem all that unreasonable 🤷 Thanks though.

It was, great suggestion. I do get more information in the output with curl 🤔

[proxychains] Strict chain  ...  127.0.0.1:9050  ...  127.0.0.1:9050 <--denied
curl: (7) Failed to connect to 172.16.5.135 port 80 after 0 ms: Couldn't connect to server

how do i make my own pwnbox if i cant use my 1 free one anymore?

What does your /etx/proxychains4.conf file look like?

Literally the default here: https://github.com/haad/proxychains/blob/master/src/proxychains.conf

Is recommended going around the issue nar3dra suggested dynamic ssh

Yeah, did a workaround to curl it, even more confusing is I'm getting what looks like the flag but it's not being accepted as the answer.

Will be a formatting issue I suspect

Ah, yeah, something about the copy-pasted characters. All good now.

Still very confused regarding what's blocking me.

But I'll make a note to check my proxychains installation I guess 🤷

Just seems odd that nmap was working without issue.

/etc/proxychains4.conf
Or
Etc/proxychains.conf

Yeah, maybe I'll just do a purge and re-install of proxychains and proxychains4 with fresh conf files and see if that resolves anything.

Appreciate all the help.

🙏

I found a vulnerability on the HTB academy webpage, nothing too critical but it worth addressing. How can I report it? HTB is not on HackerOne (nor in any other responsible disclosure)

iv run into this exact problem in that module some time ago
Glad you got it

Thanks, me too.

Most of the module flags are variations regarding the techniques used

Yeah, just felt particularly comedic given then issues I was having 😛

Has anyone completed this course WINDOWS EVENT LOGS & FINDING EVIL? I cant seem to get past the first part, it doesnt explain what and where to look or am i missing something

Email us on security@hackthebox.com with details, steps to reproduce etc

SIEM Visualization Example 4: Users Added Or Removed From A Local Group (Within A Specific Timeframe) - Followed instructions to a T, got a date but is not valid ?

Good evening! Hows everyone doing?

great how are you @livid pier

im having trouble with one damn module

Feeling pretty good.

Which one?

siem visualization example 4

ooo, havent done that one yet

can u see if u could do it

im following instructions to a T

but no luck

I dont have it

have you asked gpt?

its using a custom dataset within an SIEM

My commands are not working for the web request module

Session GET

Basic authorization = access denied ?

And showing error HTTP/1.1 401 Authorization required

What does it mean

It still may be able to help with what command you need, im guessing you are having to filter something

It means you are denied, it told you

I used curl -v with user@pass and ip:port

Then also denied..but how

I dont have the mod up, i cant remember specifics, if you are still stuck when im done with the question im working on ill pull it up

I'm right but in the os there is a problem

Hello admins....!
Here is one issue in matchine

Try the --user parameter, username:password

In the web request i have entered the correct flag but still it was incorrect

I got the flag

But while submitting it was incorrect...how it is possible

There is some problem on my matchine...requesting to solve it please

DM me what you are submitting as the flag. I just checked it, and the flag works.

Ok

Academy flags start with HTB 🙂 Sorted

Yea I'm doing it based off the instructions, I'm supposed to filter by date, I get the date but invalid

can somebody help me get started pls

Hit up the free modules on https://academy.hackthebox.com @rustic sage, they guide you 🙂

oh ok thank you

True

My bad

If you're asked for a flag, it'll likely start with HTB

If you're asked for something specific.. well.. it's that thing

hello, I am confused with js deobfuscation. first question " Repeat what you learned in this section, and you should find a secret flag, what is it?" I have found the flag in the script but it won't accept it. Am I supposed to do something else to decode the flag?

I did put it into jsnice and I have it in HTB format

DM me what you have @wind juniper

Sorry whoever I pinged by mistake before 😅

Hi, I'm stuck on Introduction to c# modules libraries sections
I'm able to add reference library-question and run my code (I'm using visual studio 2022)

class Program
{
    static void Main(string[] args)
    {
        Flag.GetFlag();
    }
}

after I run it, it gave me this output :

To automatically close the console when debugging stops, enable Tools->Options->Debugging->Automatically close the console when debugging stops.
Press any key to close this window . . .

anyone know why?

You want to output the flag in the terminal
Try it with ||Console.WriteLine||

thx a lot bro, it actually works 👍

Hello, everyone! I'm doing a simple HTTP Requests and Response module, and it says: "Send a GET request to the above server, and read the response headers to find the version of Apache running on the server, then submit it as the answer. (answer format: X.Y.ZZ)". However curl 94.237.62.195:58288gets me a connection refused status. Can you help me guys?

Is the Target still online?
Restart it and try again. Wait about 3-4 minutes after the reboot to make sure it has booted up correctly.

Oh, yeah. Thanks, I'm able to get HTML response back

Thanks. I solved the assignment

hello, I'm on Introduction to c# module skill assessment sections, I can't actually understand what it ask me to do, and what's the ip for?
and why did when I write Words.GetWordList(); it gave an error?

The DLL gives you a list of possible file names.
Your program should now search for http://<ip>/<entry from the list>/flag.txt.

what do you mean with entry from the list?
is it the net6.0/win-x64?

The DLL provides you with a list
Something like:
new List<string>() { "dir1", "dir2", "dir3" };

sorry, but I still can't understand

Collection is the right term
https://academy.hackthebox.com/module/228/section/2427

Hey guys, does anyone have experience with windows server hardening ?

Please avoid from posting any potential spoilers for Academy modules over Tier 0 - feel free to ask for advice, but do not post specifics

Spoilers for Academy modules over Tier 0 is against the ToS you agreed to 🙂

ok sorry

can someone help me with broken authentication module first exercise

its been 2 days and i cant solve

i dont know what to change in the python script they gave us

wrong place to ask....

Also wtf is this slowmode for

it's like 2 seconds like, it's literally the time it takes to type

What section are you in?

It's a spam protection

It takes you so long to type. That's okay, too.
But a bot does not need so long and is thus kept away

Ah, is it for all other channels or is this one been raided lately

I think it's only certain channels that are protected like that.

in the Linux Privilege Escalation module, LXD section, I followed the instruction in the section but I am getting an error... what is the cause of this error?

||**htb-student@ubuntu:~$** lxc config device add privesc host-root disk source=/ path=/mnt/root recursive=true Device host-root added to privesc **htb-student@ubuntu:~$** lxc start privesc **htb-student@ubuntu:~$** lxc exec privesc /bin/bash Error: Command not found||

default credentials

You don't need Python.
You only need to find the username. Google helps you with that

it says i need to brute force though?

Inspect the login page and perform a bruteforce attack. **What is the valid username? **

i found it but it was with luck lol

i opened a random scada default credentials list and wrote them one by one

Yes, that is also a way to find the solution.

but seriously what was the actual way to find it

But you could also have asked Google

ask what exactly?

A GitHub repo is referenced in the module. You would probably have found what you were looking for there.

Read the Hint from the Question

yeah

but how am i supposed to use a csv file as a wordlist

There are several ways

1. the GitHub repo
2. look at the hint on the page and then search for it in Google.

With both techniques you would have found what you are looking for.

Whether you find a csv, txt or any other file, it doesn't matter.

how?

if i want to use a csv file as a wordlist how would i go about that?

in case i need to do it sometime in the future

i would like to know

I'm at Attacking Common Applications in the Gitlab - Discovery & Enumeration section. I am supposed to find the version of gitlab running. According to the module I need to log in for that and look at the help section. The credentials provided in the text are not working and I can't create my own user (everytime I try to log in or create a user I get a 422). I doubt I'm supposed to bruteforce yet (that seems to come in the next section). Any hints?

You can convert it to a txt file.
Depending on the csv, replace tab or comma or semicolon with a line break

You should be able to create a login. Try it again, otherwise restart the machine.

i still dont understand im sorry

some passwords are left blank

You're looking for a name, not a password.
A csv is nothing else than a text file. You can handle and reformat it exactly as you like.

oh ok

thank you

hm okay it works on chrome, but on firefox I kept getting the same 422 error

hi i'm stuck in Attacking Email Services question 2
login with user m, didn't get flag
i got 2 suspect another user, but try brute force imaps,pop3,smtp cant get the password
any hint what should i do with this 2 user ?

Attacking common services?

yes

Login with the user m*
You should find the Flag

m* is the right user

i try login in imaps and don't get the flag

• pop3 invalid command current state
• smtp auth fail

Try it with an Mailclient like Thunderbird

Did you try pop3s or just pop3

i just get pop3 in port 110

Weird that imaps would be available but not pop3s

sorry i mean, i got 143 imaps and 110 pop3

Do you mean imap and not imaps?

The [s] implies the secure version

ya i got imap not imaps and pop3 not pop3s

Ahh

The logins should work. I could have sworn imaps and pop3s was running but it's been a minute

And there's no folder in imap for you to check?

oh my bad, i try login using base64 in pop3

Lolwat

Wew okay I put this here in case someone else gets the same error as me. In Attacking Common Applications, Attacking GitLab and Gitlab - Discovery & Enumeration I kept getting error 422 on user creation and login. The same happened with the gitlab_13_10_2_rce.py script. The error was that the clock on my VM wasnt set right. Runnin sudo ntpd -qg fixed it

Attacking Common Services - WordPress - Discovery & Enumeration. Can someone help? I literally cannot reach any VHOST at all. I can reach the spawned IP, but no virual hosts. /etc/hosts file is edited properly, even manually I cannot reach it curl -s http://10.129.68.21:80 -H "Host: blog.inlanefreight.local"

FOOTPRINTING
SMB
QUESTION:
Find out which domain the server belongs to.

I got the domains using
impacket-samrdump $IP

 . DEVSMB
 . Builtin```
But none of the domains provided the right answer.

This is only my 3rd or 4th module but I have already found this pattern where the question is not properly formulated and the answer is too rigid and poorly programmed to be cap-sensitive and limited to one specific answer. I highly doubt that the devs provided this course to a new person in order to understand where these flaws are.

Very frustrated with the course as I had very high hopes that this would finally be the one I could learn from.

Is that the only tool you can use that's documented in the section?

You're missing method with one of those tools

Just face it this question is fked and should be changed or properly reworded

Can u give more details please? I got these commands from the module itself

I'd say look over the example outputs for the tools above, one of them has output different from the others

I can't give anything more direct than that, sorry

If you are really at the very beginning, I recommend you not to do CPTS path, but to do Information Security Foundations path first
https://academy.hackthebox.com/path/preview/information-security-foundations

There you will learn all the basics that are necessary to properly understand the content in the CPTS path.

The answer is in the section content

I mean, the command you need

I tried all of these as well

I don't know what to say, the command you need is there.

I could be stupid but I just entered the same answer I entered before except this time its correct ?

This bug also happens in offsec modules so I wouldn't be surprised

Trailing space perhaps?

Anyway, glad you got it

Thanks

mabye blank space after answer?

Is there an echo in here? 😅

I even got it in my output right here

I swear learning cyber security is less about intelligence and more about emotional control

VPN was the issue

Yes. Even with a background in IT, cybersecurity will have you questioning yourself. You have to be able to handle many things not working, and you have to be able to find comfort in being uncomfortable.

hey guys

do we have to pay to use this app?

like for the cubes....

does cube reward is more or less?

@shut wraith

can u pls tell me?

You're right. I feel very ashamed for losing my cool even though I'm still a beginner so there are many things that I don't understand. I hope I dont once again forget this fact so I don't say something here and get banned. Or say/do something in a job in the future and lose my career

If you're a student you pay 8 US dollars for a monthly subscription. and once you're ready you pay 200 US dollars for the exam

Even like this i dont get any result...

without any filters, the even right above the one you were told about has the answer

Yes i found this without filter

||<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege</Data>||

and no process name

oh no i found

but i dont understand...

this is waht I kept telling: it's not the intended way

KEKW

Can someone DM please. I am on the Credential Hunting in Linux, I have been able to ssh in and can't seem to download or transfer the tools needed to find the rest of the credentials. I have tried to use wget and cURL as well as a python server and I can't seem to get the tool over there.. Any help would be much appreciated. Thank you

Could someone please provide some advice for module: using the metasploit framework
Section: sessions

Metasploit keeps giving me an output of machine not vulnerable

I hight doubt this though as it's elfinder exploit for php connector

I remember this one. When you run the first metssploit exploit look at what you can do with the sessions...

I haven't even obtained a shell yet though @restive hound

One sec let me go back to that module and take a look for you

@brazen apex are you on the Sessions&Jobs or Meterpreter box?

Yeah sessions and jobs

Good morning!

Also it did something else this time give me a sec

Good Morning!

Now I get an error instead that the exploit aborts due to a failure

make sure you are using the right exploit, it won't be the same number as in the reading info..

Idk what you mean by that

I'm using ||elfinder php connector||

I'm setting rhost to the target and lhost ||tun0||

wrong one

Wrong exploit?

ya take a look at the available exploits again.

Alright I'll take another crack at it thanks for the advice

I believe there are 4 right? and you used 4...

Okay I got it immediately that's embarrassing i thought I tried that one already

Thanks

No worries,has been happening to me the whole time too

I will overthink it and get stuck for way too long

Days... Weeks

Lol ya weeks for me not gonna lie

lol me too

I started in July of this year

like 18 months

what is your completion percent in the course?

100%

Oh nice, have you attempted the final?

I finished a while ago, half the time has been review

I spent a couple months going to HTB and applying everything to the boxes there

This is my plan too. I want to rush through the first time and then go through a second time and refine my notes

❓

lol

I saw that

natiala 666 = Fracuz
Never forget

😄

Thor saw, Thor knows

Ive really worked on my notes too

ive tried to compile them into a hacktricks format

Good idea, I had something similar in mind

I feel like the organization of the notes is instrumental, when trying to fit things together it becomes clear where the gaps in knowledge are

Ya I am still really new to all things red team so pretty much all of this is new to me, lol. Can be overwhelming at times

I feel that

Dang! got me beat. I started last year in November during the Advent of cyber from THM

Ya THM is definitley more beginner I think. HTB is like, okay here is how to do this now do and here is a twist, lol

How far are you @rustic sage in the course?

I am only 31%

You guys do the SANS kringlecon?

I did last year, but I will still so new that I felt so so lost. I can't wait for this year

Me too, thats what got me into cyber 2 years ago

after i did that I was hooked and came here

Nice! YA last year was fun, I kept having to google everything and try my best to figure it out. Same! I did that and THMs advent of cyber which is what got me hooked. I was able to get to the top 1% in THM and at one point had a 118 day streak, lol. Then I heard about HTB and here I am.

GPT came out right before it hit, that ws my first time seeing its power

LOL so true

I felt like I didn't know anything when I came over here.

Back when it wasnt nerfed

So true

It feels so nice to struggle with PICO at first, come here and train for a year then go back to PICO

https://tenor.com/view/mixed-emotions-i-want-my-cocomelen-gif-26439485

Lol, I remember I tried Picoctf as well

Okay so who doesn't mind giving me some hints on the Credential Hunting in Linux

Starting to get off-topic from the channel

Try resetting your target. You generally shouldn't have issues with file transfer

will do

If you want access to more of the server read #welcome

--local-auth

Take that off and see if it makes a difference

That hurt my eyes

Thanks Marcie, for helping 🙂

I forget the syntax I used to get it to work

heyyy

actually i need a help

do_connect: Connection to failed (Error NT_STATUS_NOT_FOUND) im getting this error while doing dacing machine

@rustic sage can u help me

read #welcome and #rules after that use /verify at #bot-commands and ask that in #starting-point

THX

I got this error message, Footprinting -> MSSQL

how could I install this module?

I'm curious if there is a problem with the metasploit module. I'm trying to answer "Which version of Metasploit is free and can be used only through a CLI? " I've tried every combo of Metasploit Framework I can think of. Am I missing something?

Should be pre-installed in Kali.
Try it like this:
impacket-mssqlclient backdoor@10.129.44.152 -windows-auth

The solution is right in front of you in the module
https://academy.hackthebox.com/module/39/section/383

thank you, its working:)

I have tried every single highlighted word in this module. Is it something completely different than Metasploit Framework, Metasploit Project, Metasploit Framework (MSF), msfconsole. I'm confused the answer seems obvious

have you tried to use metasploit from the CLI? What command do you execute to open the framework?

msfconsole

msfconsole -q

this is only if you don't want the banner to be printed

right, I swear to god I've tried that hundred times

just worked, apparently I can't spell or type like shit

thank you!

often i get wrong then realize it’s because of extra spaces on the right or left when i copy paste the answer

You're not the first 😄

Welcome to Club Buddy 😂😂

Doing Introduction to Malware Analysis and I am in the Code Analysis section. It asks to download a zip and put it in the section's target. Howver, I am not sure how to do this. This is a common issue I have with HTB - I try opening the page in the box and downloading the zip from there but then the box crashes, I try curling it but it doesn't work, what am I meant to do to get the zip into the target?

Use xfreerdp with the share option

xfreerdp /v:<ip> /u:<username> /p:<password> /dynamic-resolution /drive:share,"/home/username/share"

What does this do?

It mounts a share drive.
With it you can easily move data back and forth

Ok understood, will try this. Thank you

When you say the box crashes, do you mean the Pwnbox instance?

(downloading from resources in the top right)

Or do you open Academy on the Pwnbox and try to download from there?

Yes, the pwnbox instance crashes when I try to open the HTB academy website inside of it

hmm

At which point?

Like, can you enter your username / password?

Or it just falls over right away

I can enter username / password, but when I navigate to the module page it crashes

Ohhhhh

Ok

Hm maybe not, nvm.. let me see

Yeah I’ve had problems w that that prevented me from finishing other modules as well

hahah I see

The window just keeps shrinking?

Yeah keeps shrinking and then it dies

I assume it has problems with the fact that the page also loads the instance

Loading the instance inside of the instance

It's due to the Pwnbox trying to render the Pwnbox in the Pwnbox in the Pwnbox, that's odd for sure

Yeah

Instead of navigating to the module page

Copy the link to the resource

Then you can proceed to work on it as intended 🙂

(you can paste from the host tab to the Pwnbox shown on the screen on the host)

As soon as you open the module page that displays the Pwnbox, it just loses its marbels though of course

Ahh got it, now I have it in the box and I’ll use the share option with xfreerdp

Thank you!!

Ok cool, that works too 🙂

Cheers PayloadBunny

Hey @ocean night

Can u help me out for the one timeskies?

I think others here can help, I just got in to bed

No module specifics please, that's a tier 2 module

Ask if someone can help you, without chucking that lot out there 🙂

I see. that's very nice of you @ocean night.

but maybe not, can't recall what grants that

I have no access sir

All I have is pain

How do I word my question so that I don't leak information

Honestly, I do not know. @carmine kiln are you able to have a chat?

I have seen your question

First of all, you should understand DNS correctly.
Just because you have seen a command somewhere and think that it is correct, does not mean that it is really correct 😉

You can write me a DM, then I can surely help you further

Thank you again 🤗

hey

about what

No problem

Payload is handling it I believe

I'm just gonna lay back down 😄

Yes, I was able to help him

I am at the SQLMap Module, "Attack Tuning" at Case 6. I do not understand how you would get the prefix from the hint on your own??!?

xD

Google the man page, weird it's not included there

But there is an option

Might feed that one back to the team

👍

Feeding back to the team to update the section

Oh

The man on the pwnbox has the details regarding the option

But yeah, it's not obvious

It's resolved

Wow, well I was struggling at this one the whole evening. Well at least I did the right things, just from the wrong machine... Thanks for pointing that out and thanks to @shut wraith for just asking that exact question! 😉

Welcome to suffering friend! Any questions?

IIRC some FTP servers introduce delays before refusing auth, like SSH does

g0blin go to sleep

I'm in bed watching a film and helping here

I'll be asleep once the film is done 🙂

Which film

Sherlock Holmes: A Game of Shadows

Do u wanna watch a comedy? Ill tape myself trying to learn cyber

hehe

Theres no climax

Awh

No

The scene of this film has just landed on a naked Stephen Fry doing what he does best

Being himself

I'm just gonna keep going

Check your connection settings

His role in V for Vendetta, all be it short is awesome

Dm me

Oh yeah.. 30 in 5 min, I read that wrong

Yeah that's not right

It's almost certain it's a connection setting that's bad

Sleep setting 3s seconds by default between tries, so you should at least be getting 60/3 per minute, or something close to that

Dependent upon latency etc

If still confused, get some verbose output on the go 🙂

Hail Hydra 🐙

medusa does have some delay and concurrency options mind

Not saying it'll be better, just saying as I saw it this time in the docs 😄

or maybe no grep just more

😄

Goblin starting to enjoy life in the academy channels

I like to help if I can

Its legit like a revision for me helping people, its lit

Hey can someone help me? module getting started, section privilege escalation. Now read /root/.ssh/id_rsa, save and chmod 600, use ssh to log in and prompt "invalid format", I don't know where the error is, or what I did wrong. please help me

Google will help you with that

what is the full command you entered?

i didnt know it was supposed to write the code for the vuln...

got it, thanks

After getting id_rsa through sudo -u user2 /bin/bash /root/.ssh/id_rsa, kali saved it with vi id_rsa, then chmod 600 id_rsa, and then tried ssh root@94.237.49.11 -p 49728 -i id_rsa, prompt "invalid format".

Looks like you're on your pwnbox, not the target

Perhaps?

No never mind, that's the target, ignore me.

thats target box through pwnbox

oh my God that worked... was googling this since yesterday

I got the same issue actually, it's probably because in the module the container is ubuntu (which has bash), but in the target it's alpine

tried bin/zsh and was like naa

Cheers @trail depot 🙂

🧹

check the content of the id_rsa

I tried to remove all spaces in the content, and also tried to fix the -----BEGIN OPENSSH PRIVATE KEY----- at the beginning and end
----END OPENSSH PRIVATE KEY---- But still no success.

dont fiddle with the key mate ... use it as you got it

you probably messed up the format while beautifying it (which is not needed)

When using sudo -u user2 /bin/bash /root/.ssh/id_rsa, the content returned by line is: /root/.ssh/id_rsa: line number: content: No such file or directory
/root/.ssh/id_rsa: line 20: F9hwG/dmzqij4NiM7mxLrA2mcQO/oJKBoNvcmGXEYkSHqQysAti2XDisrP2Clzh5CjMfPu: No such file or directory

I used awk -F ":" '{print $3}' id_rsa to filter out the content and copy and paste it, then chmod 600 for ssh

sudo -u user2 /bin/bash /root/.ssh/id_rsa
Looks like you're trying to execute id_rsa as a bash script here, which is why it doesn't work
First just do sudo -u user2 /bin/bash, this will get you a shell as user2
Then you can display the full contents with cat or vi etc.

Thanks a lot for the help, it worked.

hi i'm in Attacking Common Services - Easy
already in webshell /xampp/htdocs
i can't find any flag, there is folder called flags but no flag there
is this correct way ?

You got a shell? Look around 🙂

😆

Hi everyone, i Have a problems with this module
https://academy.hackthebox.com/module/147/section/1318
What credentials does Bob use with WinSCP to connect to the file server? (Format: username:password, Case-Sensitive)
As I understood after reading the module, I will need to transfer the file to the rdp host, everything turned out fine.I also checked the integrity of the file and everything is fine.But there was a problem, I can't run the exe file because of this error.I tried googling but I didn't find an answer

The system cannot execute the specified program.

type "locate flag" or "find / -name 'flag'

or Invalid access to memory location

Is the file you downloaded in the same directory that you're in on the command line?

Like, if you downloaded it to the desktop, but you're in C:\Users\Bob

no, i downloaded exe file to Desktop, and run from desktop

i tried to run from powershell and cmd also using gui,i can't add here a screenshot to show you exact problem

you can type ".\your.exe"

You can verify if you checkout #welcome

Then you can send screenshots

Yeah do what this guy said

.\LaZagne.exe all will work

i guess

same

also runned with admin privileges

its kinda weird tbh no idea about this error

hmm

I also have an assumption, maybe the problem occurs when transferring a file.

You said you checked the integrity though?

yep

i used ftp to transfer

This is a dumb question but worth asking: Is the file actually a windows executable? Sometimes people download from GitHub and accidentally grab the HTML instead of the actual binary.

Because usually LaZagne has the PyInstaller icon as well

oh true lol

i downloaded this one

where can i link my account to the discord again? sorry

everything works, thanks to everyone, I'm a fool I didn't transfer the file correctly

not a fool, everyone has run into an issue like yours before 🙂

now you know what to check for when you run into it

its windows not linux,
already find the flag, stupid eyes miss flag in white screen webshell 🥲

Read #welcome

hi, performing the attacking common applications module. wanted to know if there is any way we can configure aquatone with firefox. cause by default it works with chrome and the HTB browser doesnt have chrome installed

Unfortunately no as far as I'm aware, it's built around chromium

tried to install chromium using sudo apt, but it cant find some ip to download chromium

Yeah, I think you need a subscription for internet connection

https://www.youtube.com/watch?v=_y2IKGXMMGU

^ should cover whatever the question is asking for

thanks @trail leaf

np

works with firefox, just put in the firefox path :p

I feel like you won't get the screenshots correctly if the tool does what it claims, which is use chromium

because firefox isn't chromium-based

I need help on mounting Backup.vhd
has anyone completed this module?
Password Attacks Lab - Hard:
https://academy.hackthebox.com/module/147/section/1356

Mount it on a windows host or try: https://itsfoss.com/mount-encrypted-windows-partition-linux/

this one help me
#modules message

That's the method described in the article I linked lol

hello guys, can some1 please help me in "Pivoting, Tunneling, and Port Forwarding " : "Web Server Pivoting with Rpivot"

In terminal you can use csvkit package - it parses out specified columns from csv file (it's easier to use cut, but it doesn't take csv string values in account). This is how I did it (with some extra filtering and few manual fixes):

# Grab all cred pairs     | Search for USER:PASSWORD pairs         | Remove wrappings | Sort and remove duplicates
csvcut -c 3 scadapass.csv | grep -Po '[" ^][\w\s\d]+?:[\w]+?[",$]' | tr -d ',"()' | sort -u

i thought its linux

Gm

If you're getting to that point, you're going beyond anything necessary for modules, or anything realistic.

Yeah, but this is extreme overkill for modules, and you're more likely to just crash them. You wouldn't be doing that in a real engagement anyway.

you can always skip -sC and -sV on a large scale scan and then perform them on individual ports as necessary later.

hello friend is it already okay for you regarding this question ?

Also, disabling DNS resolution with the -n flag speeds up scans. You can also use timing templates with -T <1-5> depending on how aggressive or stealthy you want to be

Morning guys! I have a question regarding the sqlmap module, the first cases numers 5,6,7, can someone help me?

especially number 6

https://academy.hackthebox.com/module/58/section/526

Hi. Doing the server side attacks module and I'm on the following question:

Replicate the steps shown in this section to connect to the above server's "hidden" Tomcat page through the AJP proxy, then write the Tomcat version as your answer. Remember that the port you will see next to "Target:" will be the AJP proxy port. Answer format: X.X.XX

I am stuck on this:

curl http://127.0.0.1:8080
<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.21.3</center>
</body>
</html>

use mssqlclient work for me

or try sqsh -S (ip) -U htbdbuser -P 'MSSQLAccess01!' -h

hint it's not in the DBs, go through each method of the section again and you need a hint for that then you are look a ||different user||

I'm working on the file upload module assessment. I have read the hint tried to follow the steps best I can but I know I'm missing something, I think it has to do with the content filters, can anyone give me a hand please and thank you

Please need help on attacking email services questions I've tried runnin this command "smtp-user-enum -M RCPT -U userlist.txt -D inlanefreight.htb -t 10.129.221.177" but no results....https://academy.hackthebox.com/module/116/section/1173