#modules

alright I will do the mutated list

just don't attack ssh

and should I do it on ssh or ftp protocol?

ftp

ftp is locking me out

ssh is slow as balls with cme

restart the target and wait a few minutes before trying

it shouldn't be locking you out unless you're doing some dumb number of threads

like I said though, i've had luck with 48, some people have had luck with 64

i used
`crackmapexec ftp 10.129.x.x -u "kira" -p 'mut_list.list"

alright I will do it with 48

i believe i used hydra for it

if crackmap isn't working for you

Can you provide me the password as its a task I have already done and not part of the current section. I am linking my original question

or is it out of rules?

here's a [link](#modules message) to an early post that has a tool for bruting ssb

take this as a lesson to always save found credentials somewhere

¯_(ツ)_/¯

this section reuses credentials a LOT

yea I am doing it rn. I just started to do it late. like from pth section

iirc it's the question that asks you to get Will's password that has the hint for kira

if that's any consolation

thanks a lot I can do it from there

it gives you a more precise list to brute

I just hate this module. brute forcing takes a lot of time

patience is the name of the game ¯_(ツ)_/¯

specially wills one

but fortunately I have will's pass

well that wasn't the point i was making

i meant the hint directly points at a string you should mutate

with the custom.rule

yes I get it in this line patience is what will make me mr.robot

mr.robot is cring

ngl

well I never finished it and watched it way before

so not a clear memory of it

spoiler: ||it's revealed a lot of his interactions were from Schizophrenic episodes||

but at that time I never understood anything so it might be cool

oh and ||he falls in love with his sister||

thank spoiler tags

👍

not gonna blow up a good memory

the show is decent around it's midpoint

its getting scarce these days

but falls off towards the end

💀

I finished just after the ecorp hack

then I stopped and never resumed

but there's a reason most people dunk on the people that come in with unironic Mr. Robot profiles

On the web attacks module on idor part i was able to do it because of the writeup but the thing is when i access the url the uid doesnt show unlike the one shown in the writeup and module. How should i be able to do this?

by dunk you mean troll?

you generally shouldn't be following a writeup for academy stuff

@fathom pendant

listen

im sorry

sometimes UIDS will be different based on what's running the command; what is the goal of the question?

but anyway

LMAO

cyber tech

fuckin not even masking the IP grab link

yea u are good

nice

btw i didn't delete it, either automod or an admin deleted it

ik that

Hello

Omg is that the real admin

oh nice that's the legit Admin

but my file get dowloaded

here to save the server

hey anyone here that does modern web exploitation techniques module?

i would need a companion

Yeah but converted to base64 and used as a blob source for a jpeg tag

I have problem my Facebook account

well that's too damn bad, contact Facebook Support

Can you help me?

read #rules before saying anything further

how can she?

for a fee of $800 i will only pretend to help you, and instead scam you

My account disable

she studies in htb she doesnt works in facebook

that sucks, but nothing we can do about it

do you ever shut up?

no just like u

lol

we literally cannot help you with it, as hacking anything facebook related is against ToS

:P

and just to help some dumbass get their account back isn't worth any bit of trouble

Calm down. You don't want me to have to call my big brothers, do you?

no

hi payload, you missed it - he tried to send a grabify link in chat earlier

funny stuff

Then don't spam the channel

literally didn't even mask the link

and she irritates me

i know 😉

even when i dont argue with her

for the rev shell did you remember to change it to YOUR tun0 ip?

haven't done that module myself yet - but that's often my common issue is forgetting to change something

well then i wish you luck in figuring it out :D

can anyone tell me that it would be good if i unlock this module for 12k cubes
crest cct inf preparation?

it's not a module, it's a whole path

if you click the "x modules" button in the bottom left it expands what all modules it covers

yea but should i get it for 12k cubes

That's your decision

i bought it

you don't pay the 12k outright, you pay it as you unlock and do modules ¯_(ツ)_/¯

should i send u the pic?

I do not care

no u dont believe me

wait

For instance I enrolled in cpts when I had like 40 cubes, it didn't charge me the 1900 cubes

And currently there are no modules that cost 12k cubes, tier 4 is like 1k

i cant send in this channel

Read and follow #welcome

Alr

I sent the pic to marcieLee

I did not consent

https://tenor.com/view/anime-meme-gif-24369793

in the privilige escalation module User Account Control section how can we know which methode we need to use cuz they didnt explain this part

I believe the reason why so many people that are following the course are having issues with the DNS section is twofold:

1. in the course it says to "echo "ns1.inlanefreight.com" > ./resolvers.txt", I don't know why it says that because it should be an IP. It is irregular because resolvers.txt should contain an IP address and therefore that would make it easier to understand.
2. (and this is perhaps the most important reason) People are blindly copying and pasting the commands without first truly understanding DNS.

So I believe it is a mixture of both. SOmeone that truly understands DNS would notice that a resolver takes IP addresses and therefore change that command, but also HTB could change that in the course

It can take both, the example uses a public website as the resolver

Which adds to confusion

aaaah okay okay, I thought it should only take IPs

fair enough, thanks for that explanation

@fathom pendant why dont u straight tell me that u are being jealous

now can I ask you somehting, why does puredns not find the subdomain and subbrute does... using the same resolver and names list

I am trying to use puredns more because it seems ton be a nice tool

I guess they use different methods

thought so too

anyway, I can now finally say I fully understand DNS

it was always a bit weird and confusing

bro dns is a lil confusing

i agree

Nah you just think you do [the error is always dns]

If you continue to spam the channel here or continue to harass marcie, then you have the honor of being my premiere. So far I've never had to give anyone the boot.

phone book for the internet helped a lot ahhaha

dont u see that she is also harassing me

if i give any link to anyone she starts shouting

u dont see that right

I've been correcting you throwing chatGPT answers at people

And misunderstanding what someone was asking for

Xer0uS even this guy was here

hahah fair. thannk you anyways

he didnt tell me

can someone help

?

marcieLee doesnt know anything thats why she posts this u carry on..

Let’s just both end it okay?

You're correct, I don't know what they're asking

yea

So clarifying will help

Move on

so like can i dm u

ofc

What do you need help with

pravate can i just dm u

If you can't state it here then it's likely against the #rules

And I'll decline based off that

@prisma harbor saw that, askin her is always goin down

lol

XD

btw leave her

don't wanna deal with asking for help hacking a social media account ¯_(ツ)_/¯

Follow the #rules of the server and behave or you'll earn a swift ban

Which is what happens in 99.99% of the instances here

This will be your only warning.

yo i still need ur help

with what though?

can i dm u

Please stick to the #rules . Nobody here can help you with private problems

can u help me then

If it's a question about the modules in the Academy, then maybe. Otherwise, no. Just ask your question here.

And you might be directed to the right place to ask

Save your braincells before its too late

hi, why might the answers from pvnbox not match the correct ones? I can’t match the answers from pvnbox and I can’t understand what’s wrong with the pvnbox course by entering it into Linux

Again there is no pvnbox course

There's an intro to linux module that has you ssh to a target and run commands to get the answer

yes, I connected and entered the commands but the results do not match

Sorry to ask this in here, but is there anyone here who can DM me to help me with a problem I keep having in Kali? It is keeping me from making progress on the modules.

So you ssh to the htb-student@ip?

yes, I connected, but the answer doesn’t match here

you need to at least explain your issue here, and if we can help we will. Anything other than that won't run

Then perhaps you're misunderstanding the question

so I gave dming him a chance out of curiosity and my guy is asking me about getting his roblox account back...

no, my answers don’t match with pvnbox, I even found a guide on YouTube for completing this course, I use the same commands, but pvnbox gives the wrong answer

Why are you saying pvnbox lol

It's pwnbox

Then you aren't doing the right things: what module and section are you working on?

section linux navigation the second question pwnbox tells me that the file is on line 287 and the answer has a different number sorry for the translator, he was a little mistaken with the name pwnbox

Ah translation issues

Link?

Nvm found it

Well, small, do you understand Russian?

The question about index number yes?

No, it's not on my list

yes

This question requires you to be connected to the target ip. It does not work with just the pwnbox

The "instance" is a workstation. Not the target

can you please help me in remmina password in footprinting I am unable to connect on rdp for mssql

???

I fond alex password

You need to click the green text

Enumerate the server carefully and find the username "HTB" and its password. Then, submit this user's password as the answer.

so I connected to the IP via ssh and entered the required command, but the answer varies

this one

Ok? And I'm assuming you're trying to rdp as alex

ls -li /etc/

yes I can access alex via rdp i also found important file

Yes, now open the sql app as admin

ok

Yes, you do have the password

Before you even say it

I have heard alex has not the permission to connect to mssql

That's why I said "as admin"

ok let me try again

got it thank you very much

Either way, the answer doesn’t match, I entered this command, the serial number is wrong, I got the command 1360934

Because that's likely the one on the pwnbox, not the target

Which is what it's asking for, the sudoers file on the target

I connected to that IP via ssh and entered this command and the answer is incorrect

No, you didn't, I literally just sshed in and ran the command and it retrieved the right number

The 1360934 number is the index in the pwnbox

Not in the target

Your commandline before the command should read htb-student@nixfund:~$ if in the home directory of htb student

If it reads [vpn region]-[tun0ip]-[htb-ac-(numbers)@htb-(random string)]-[~] then you're running it from pwnbox

Shrimple as making sure you're actually running the command from the box

And not from your system

To connect PWN Box via ssh
I have simple step

1. start instance
   2.open credentials from desktop and copy them into your desktop
   3.open terminal in in pwn box type command
   Command: ip add
   and find the address something 94...
2. Now go to your machine in which you want to connect type

This isn't about connecting to pwnbox with ssh

ok

It's about connecting to the target ip that does have the right answer to the question

Like I said: I just did this via the pwnbox and it gave me the correct answer, so I'd like to think I know what I'm talking about

sorry my bad

I am logged in but unable to find credentials from database any hint

just look around

just click on all the databases that you can find; they have table icons

ok thank you

once you find the right one it's as simple as right click and view

My command line looks like this ┌─[eu-academy-2]─[10.10.15.184]─[htb-ac-1101886@htb-e2gymvfkss]─[~]
└──╼ [★]$ ls -li /etc/

then you aren't ssh into the target

you need to run that command from where you're ssh into htb-student

which is what i've been telling you

Done thank you for helping means alot 🙂

thank you very much you helped me a lot

Password Attacks-Protected Archives: I'm having trouble getting the Notes.zip file onto my Kali. I've tried using python http server but it did not work. Any suggestions? Update: Understood why it wasn't transferring. File path in my wget syntax was wrong.

redo the file transfers module

Footprinting Easy Skill Assessment - I have the ||.listing|| file, I'm just not sure what to do with it... any hints would be great

what do you mean by .listing?

I used ||wget -m --no-passive ceil:qwer1234@<ip>|| when I went to where it was installed there was nothing but I checked hidden files which gave me
||drwxr-xr-x 2 root root 4096 Nov 10 2021 .||
||drwxr-xr-x 2 root root 4096 Nov 10 2021 ..||

I'm just not sure if I'm supposed to put that somewhere

strange

login to the ftp server with valid creds and try ||listing hidden files again||

Hello guys, can someone help me how can i speed up my vmware (it's so slow & buggy)

I've tried logging into ||port 2121 as a proxy|| while also being logged into 21. I use ||LIST -al LIST -a LIST -all|| and I only get Unable to build data connection: Connection refused. Am I missing something

dedicate more ram

more space

use the port number 2121

yeah, i put 8gb ram and 60gb storage but still slow :/

When using ||LIST -al||?

could always try dedicating more of your cpu for it

log in to the ftp server running on that port

I am

hmm?

I use ||LIST -al|| to try and show all files but it refuses connection... I'm just a little lost, I don't really understand what it is I'm doing and I've gone back through the FTP module a couple of times... so I really don't know what I'm missing and I'm trying to understand

ftp ip port

Hello! How can I turn off the real-time protection? I’m in Miscellaneous file transfer methods and, I’m connected through RDP but I can’t run ncat.exe because of real-time protection and I’m not Administrator:(

Actually it deletes the ncat.exe

you can do it from the security menu in windows settings

How can I do that if I’m not admin?

https://www.windowscentral.com/how-disable-real-time-protection-microsoft-defender-antivirus

did you try running powershell as admin?

Thanks! I’ll check out

Yes and it asks me the password of admin

try using htb-student password for admin

I’ve already done, I used htb-password (HTB_@acad…) and the url-password of pwnbox but it doesn’t work

url-password?

your pwnbox password is never gonna be used by any labs

have you tried making sure you didn't miss the admin password in either the question or in the section text?

or it's somewhere on the RDP desktop/system somewhere

Hello there I'm stuck with password attacks module, in specific network services part, I found an NFS Shares but when I try to mount I can't access it even with root user, my thoughts was in the share will be more info about what username use before start to brute force, or brute force is the only way for this section?

Hi guys, i'm stuck at Attacking Common Services - Medium, found an FTP port on 2121 but anonymous login does not work.. Any hint please?

How do I crack faster with john. I wanna use my gpu too

I’ll look for the password on the desktop/system on RDP, because I’ve already checked if the password is somewhere in the section but it isn’t

can someone list me a syntax?

it will automatically use your gpu if it can

if you're using a vm; it generally won't

I am using wsl.

and how to mention threads?

Ok, I managed to find ||authorized_keys, id_rsa and id_rsa.pub|| I've tried putting those in the ||.ssh|| directory and using ||ssh -i <file> ceil@<ip>|| and none of them work it keeps talking about ||WARNING: UNPROTECTED PRIVATE KEY FILE|| in which case I'm extremely lost on where I'm supposed to go

Actually at the beginning of the section it says how to execute ncat like ‘nc …’ but it doesn’t say anything about any kind of admin password

wsl is also going through a hypervisor, run hashcat on your host if you want to use gpu

^

wsl is also (in general) a mess

ok

when it's working fine, it's great

but i've found it breaks more often than it works

I like the minimal terminal experience in windows terminal better

and that's ok that you like an inferior option

¯_(ツ)_/¯

just started using it other than installing all the tools its good

@fathom pendant quick question on Attacking Common Services - Medium. Is there a port besides port 21xx? because i'm really lost, -p- scan never ends

Check to make sure you only have one vpn connection running ps aux | grep openvpn

All working fine.. Besides i'm not using a vpn file, using the parrot HTB machine

But lemme restart it just in cae

Ah

Then I suggest restarting/changing region then in case it's being silly

Alright, will do. Thanks!

For some reason am getting this error while trying to solve bash module and the question goes Create a "For" loop that encodes the variable "var" 28 times in "base64". The number of characters in the 28th hash is the value that must be assigned to the "salt" variable.

so I sshed into the system, but when I do ls to find other directories, I see nothing... and I am trying to answer this What is the path to htb-student's home directory

your ssh key file needs to be a certain permission to be used, search it up

thanks

that just means your salt value is wrong

@fathom pendant changed region, all worked perfectly, found the new port, thanks!

How?

anyone have an idea about this? I think its something simple I am just overlooking

env

Or echo $HOME

I dunno, you tell me how you got the answer wrong

never mind I found all the passwords with some other enumeration about usernames...

When you mount the share did you add -o nolock to the end?

yeah

Alternatively you can su to root and browse it

already did

neither with Kali and root user it show always permission denied

¯_(ツ)_/¯

Weird if it showed perm denied as root

maybe was not the aim of the challenge but nevermind I figured out in another way

Congrats on finding an alternate way

Gandalf the stinky

😦

what u mean ahah

wireshark not working for IDS/IPS, Suricata rule Development Part 1

any idea why I cannot find files that are there in my system

I have used sudo too

It says no matches found, so maybe it's not there?

try ls on the directory you think it is, might be, default

/ means the whole system right

when using find, yes, it should

updatedb

its taking time I guess its working

can you tell what does this actually do?

Hi there, I am looking for some help with the Whitebox Attacks Authentication Bypass using Type Juggling if anyone can help?

which module are you talking about?

locate uses a populated index to find files, updatedb just saves all the files in the system into the index db file, find is live search, that's why locate is much faster than find

ok

thanks

Module 205 on whitebox attacks, theres a section on type juggling and the challenge is to bypass authentication

@next bronze I want some advice on cpts after I complete the path can we get in a vc so I could take some advice and pointers?

for the exam

no I'm not here to do ted talks, you can ask in #cpts and we will be happy to answer, there are also a lot of existing resources/discussions on how to prep

ok thanks anyways for the help on find

written ted talks lol

its still not working

I'll try resetting later and see if it fixes it, otherwise, maybe I'll try to scp copy the wireshark to the pwnbox

then perhaps it's not in your system? is this a self built vm or pwnbox?

can you try running find on that folder?

*rockyou*

locate does partical match by default anyways, there's no need for wildcards

so it worked... try using the absolute path of the folder and then slowly go a folder backwards until you got back to / which is what you originally tried.

interesting behavior.

like I said, locate does partial match by default, there's no need to use wildcard, if you use wildcard it will try to match it with the stored path, which is the full path, so you need to have a * at the start and end

yes its working without the wildcards

and it looks perfect

beautiful

yes I could date it if it was so easy irl

sorry for not being of much help, glad you got it sorted 😅

well you got me a step closer so thanks

and thanks to you xreous for the help on this matter

I will get back to the grind now

Hello. Sorry for the inconvenience in advance. I am very, very new to this world but I am very fascinated by it since it is something that I think is in great demand in the work sector. I'm starting with the modules to get started in Linux but many times I get stuck on simple things and I spend days on it. I would like to know if I have complete freedom to ask questions here without being discriminated against for my lack of knowledge.

just ask the question

People will be happy to help, just specify the module and section and what you've already tried, it's the most efficient way to get proper hints and help

scp htb-student@10.129.176.157:/home/htb-student/pcaps/eternalblue.pcap ./

To bring file to pwnbox

any idea why its not working? It worked in the section example

I tried without sudo too and the result was the same

I checked the file using file utility and found there was no openssl use

Try using the password lists (or the mutated one) from the module resources.

ok

thanks it worked

As i stated earlier: you use the mutated list pretty much all the time once you create it

I have a question in the IDS/IPS module Suricata.

The offset field is the n byte after... in the payload... does this mean after the tcp header information?

So, would offset start couting based on the blue highlighted, which is the section right after the tcp header info?

Not a direct module question, but rather a question about modules. Is it acceptable to do write-ups of skill assessments? I was going to put these on a portfolio to show growth for future employment opportunities, but was not sure if this was allowed

not allowed unfortunately

Ok, not a problem, thanks

You can do whatever for any tier 0 modules, write-ups, videos etc., but those are also fundamentals, so likely won't make much difference, anything above tier 0 is not allowed though

That blows, wrote a whole write-up and went to post it, but figured I'd ask first because it's academy

It would defeat the point of learning and skills assessments if there were write-ups for everything

Anything above tier 0 is considered paid content, therefore it's barred from having any writeups

Yeah no absolutely, that's why I thought to ask first

Tier 0 they consider "free" due to you getting the cubes back

It's also listed in their ToS if I'm not mistaken

It might be, I just figured I would ask here because people respond quickly

good thinking to ask though, some people post first and then get reported and banned 😬

yeah no we don't want that lmao

Then post in #1024429874246590575

lol

https://help.hackthebox.com/en/articles/5188925-streaming-writeups-walkthrough-guidelines

The best thing you can do is contact the authorities. We cannot help you. Please keep the channel on topic.

Keep the channel on topic.

Please read #rules and #welcome.

xD

#general

There is if you verify your account.

Is this a good channel to ask questions like these?

If its related to a module. Yes.

WORKING WITH IDS/IPS

Snort Fundamentals

There is a file named wannamine.pcap in the /home/htb-student/pcaps directory. Run Snort on this PCAP file and enter how many times the rule with sid 1000001 was triggered as your answer.

Run snort on it w -A cmg in the end, there is a section in the end that says number of alerts (that's the right answer), but how how I be sure that all alerts were from the same rule, unless I manually count or use some other text matching, anyone had a more official way of doing it other than finding number and trying it?

it's probably to do with what that sid is sniffing for; if so you can probably reverse engineer a way to do it in powershell and event logs

That's trough snort, i can probably think of a way to do it using grep and wc... I was just wondering if there was a built in snort counter thingy.

Thanks for answering

I guess it's more of hitting the "i believe" button for most of it

I am having trouble moving my lsass.dmp file from my windows machine to my attack machine.

||proxychains xfreerdp|| /||v:172.16.5.35|| /u:||mlefay|| /p:'||Plain Human work||!' /||drive:linux,/home/htb-ac||||-767577/Desktop /dynamic-resolution||
I also tried to physically copy the file and that did not work.

are you copying it to the network drive that's created in windows?

under "this PC"

redo the file transfers module

also even though you spoiler tagged the username and password it's not necessarily hidden, and still spoils

the internal ip is fine i believe as that's a given address? if not then yeah

common tactics would be replacing username with first letter then * similar with the password

IPs can be hidden just by doing the first octet then the rest are x

172.x.x.x

for example

No , I was trying to move it from the Desktop on the Windows machine , to the Desktop on the attacking machine. Should I have moved it to the network drive?

Cancel the xfreerdp session and execute it again?

that's not what he said at all

by attack host do you mean your vm?

Oh I reread it

because if you're doing proxychains you've already got your vm linked to the victim machine

if you go to "this pc" do you see a folder called "linux"?

that's where you need to drag and drop it to

you can't just drag and drop directly to the vm desktop; xfreerdp doesn't work that way

no . so I could just remove that or create a linux folder

...

when you do the /drive:linux,/path/to/whatever/ it should create a share on "This PC"

oh okay

it'll be titled whatever you put before the comma

and have a green icon at the bottom of it

Hello

I see it now

Module: Password Attacks, Section: Pass the Hash (PtH)
"Using Julio's hash, perform a Pass the Hash attack, launch a PowerShell console and import Invoke-TheHash to create a reverse shell to the machine you are connected via RDP (the target machine, DC01, can only connect to MS01). Use the tool nc.exe located in c:\tools to listen for the reverse shell. Once connected to the DC01, read the flag in C:\julio\flag.txt." i managed to get the flag but i am confused about the julio user.

"Invoke-WMIExec -Target 10.129.204.23 -Domain INLANEFREIGHT -Username julio versus Invoke-WMIExec -Target DC01 -Domain INLANEFREIGHT -Username julio . i am able to execute code using julio account on both target DC01 and MS01

julio is just another user

that's why

it's not much more complicated than that tbh ¯_(ツ)_/¯

i am confused because the MS01 allows julio to execute code since the net users command in MS01 doesn't show julio inside. is it because julio is a domain user and not a local user?

yep

domain user overrides local user

net users /domain i believe is how you'd check for domain users

so i wanna confirm that if the MS01 host is connected to DC01 meaning it is part of the domain. then any domain user can execute code in MS01

i already did that

limited code; it depends on their domain level rights

how can i tell if hackthebox connected to my vm

sorry i honestly didnt know where to ask

did you run the sudo openvpn /path/to/your.ovpn?

yup

well i didnt do path but it looks like it worked

and if so; when it finished did you see Initialization Sequence Completed

if that's the case: you're connected

yes thank you so much 🙂

sorry i have another question if thats okay

the openvpn thingy is for the victim machine? or the attacking machine

openvpn allows you to connect to the victim machines

it creates a tunnel to the htb network

otherwise you're not able to access the target machines

okay so the attacking would be from the virtual machine that open vpn is running on?

yes

thank you, i just got started on htb and i dont have too much experience with any form of linux

if you're doing the main platform you'll need to verify your account by following the instructions in #welcome where more of the server will open up to you

im doing the academy, seemed more beginner friendly

this channel is for assistance with the learning modules on academy

if you're encountering technical difficulties that don't seem to be a personal skill issue: you should message support

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

you mean something like this? even though julio not inside the local user.

also sometimes things are funky when doing pth like that

also check C:/Users

sometimes it's dumb

Working with IDS/IPS

Snort rule Development:

There is a file named log4shell.pcap in the /home/htb-student/pcaps directory, which contains network traffic related to log4shell exploitation attempts, where the payload is embedded within the user agent. Enter the keyword that should be specified right before the content keyword of the rule with sid 10000098 within the local.rules file so that an alert is triggered as your answer. Answer format: [keyword];

I got the rule to work... but not liking the answer.. put http_uri; before content and it worked... but htb not considering a valid answer...

EDIT: got it, it's in the right track, the "right" answer is in the same area.

I need some help with the password attacks module, specifically the question "Use the user's credentials we found in the previous section and find out the credentials for MySQL. Submit the credentials as the answer. (Format: <username>:<password>)" (5th section)

I have to use the credentials from the previous section, however I completed this a few days ago and have completely forgot what the password to user sam was. It wont even let me re-attempt the previous section to gain the password again. Could someone potentially dm me it?

simply crack the users password again

for the current section

I tried a hydra script to bruteforce the ssh/ftp service (as required in the previous section) but it returned the error "Unknown service: ftp://{box ip}

So i'm lead to believe its a new box for this section that doesn't include the services that were used to gain the password

from the instructions you can tell the user is still valid for that machine

good point, but i'm not sure why I keep getting the error when I attempt to re-bruteforce it

nvm it looks I got the command working, thanks

for the Password attacks lab easy. I tried brute forcing it using the lists given in the resources did I do something wrong. it took arount 2 hrs to complete the attack and no result. Please help

there are only 2 services present ftp and ssh I tried doing it on ftp

Ive heard using 48 threads instead of 64 is better, as apparently sometimes with 64 it can skip over the correct user and password pairing

not sure if that is the solution or not though

strange

doing the sql fundamentals lab and suddenly halfway through the Union injection the syntax is now injecting the characters cn before the single quote without explaining why?

does anyone know.

did you ever get an answer to this?! it's driving me insane how it's suddenly introduced with no explanation.

look at the first picture in the section

thank you

can I pm you a question regarding the sql section, it's not a hint just trying to clarify if my understanding of something is correct? If not, all good.

you can just ask here

Hi guys, I'm new on hack the box and I was wondering why is nmap so slow? it can take 30 mins to scan a machine some times and it really slows me in my learning.

I usually use -p- -T4 -A

well that's why

you are scanning all ports with -p- and running all checks with -A

the port I have to endentify is over the first 1k

10 *

but if that's the reason I will try to solve it I thought it could that I'm scanning through my machine directly.

if it's over the first 1k ports you could use -p 1000-2000

you will need to check syntax though

if it's part of the top 1000 ports you can use

--top-ports=1000

you may be best to just run a nmap -p 1000-2000 initially and then enumerate the ports after the first scan

I didn't know it was possible tyvm for your help!

that way you can narrow down your target

I will try that.

👌

https://nmap.org/book/man-port-specification.html top hit in the manual, scan a select range.

🩵

how to contact support about subscription

onsite, green box in bottom right, if you have adblock on allow the page until you have finished your enquiry

why in the most of the time when i try connect to the windows with the xfreerdp command its display me this error "reerdp_tcp_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_FAILED [0x00020006]" its worked me seldom

Okay, so here is the question: On the union clause page it states that data types need to be compatible to be displayed at once, it also says that we have to export all the columns but to get the answer we can run ||select dept_no from departments UNION select emp_no from employees;|| which has an INT datatype and char/string datatype so conversion on the fly is happening and we are also not outputting all the columns, so what is actually happening?

My understanding was we had to specify all columns but we don't have to with the command above so is the text just incorrect or have I missed something fundamental in it?

Has anyone done the math for gold annual yet? If not, I can do the calculations later.

you're selecting a column from one table and combing with a column from another table, and that's a perfectly fine thing to do, you don't have to select all columns from a table in a union select and I don't think they've said that in the section either

and yes char and int type will be converted for the output

Module: Attack Web Apps Section: Other Notable Apps ------- cant solve this task, because the connection is very unstable - dont think my internet is slow as it worked well in the previous tasks ------- can anyone starting this box to see if the ping command is stable? -- I know i mentioned this problem already

Actually tried different vpn files and also different internet connections (mobile and home), but problem persists!

Doing it with pwnbox -- no other solution

Hello, I'm new to the academy and I'm working through the Cracking into Hack the box module, I'm having issues with the HTTP lesson using eURL. I got the flag, but submitting it, I keep getting told it's incorrect, I chatted with the bot and reset the target, my machine, and my VPN but it keeps giving my the same flag and telling me it's incorrect. I have a ticket submitted, just curius if anyone else encountered the issue

which module is that? and make sure there's no extra spaces in the answer, or you can dm me the flag

messaged it to you

hey guys needed help in module: password attack , section : protected files ... i am not able to crack kira's password can any one help me with the wordlist i have to use✅

22 tier 0 modules
12 tier I - 600 cubes
35 tier II - 3500 cubes
24 tier III - 12000 cubes
4 tier IV - 4000 cubes

Total cost up to tier II/III/IV= 4100/16100/20100 cubes

It's an infinite sum, (20% rebate = 1 cube is really worth 1.25 cubes), so divide the amount by 1.25.

Adjusted cost: 3280/12880/16080 cubes.

Tier II: 3 platinums + 1 silver + $10 = $232
Tier III: 13 platinums = $884
Tier IV: 16 platinums + $10 = $1098

Silver Annual (ignoring the cost of the cert): $280

You get back 22*10+12*10+35*20=1040 cubes. That's $68+$5=$73, so you will really be paying $207. You'll be saving $25, so it's not worth it.

If you had already done tier 0, you would be getting back 820 cubes. That's (820/1000)*$68=$55, so you would be paying $235. (Note that I use fractions here because you would otherwise you get into really weird scenarios because of the jump from gold->platinum. Ideally you would want to multiply everything as a scale of the platinum price in order to give a more accurate cost instead of one that makes HTB's offer look more favourable. I will be using this method from now on. )

Gold Annual (ignoring the cost of the cert): $735/$1050

You get back 22*10+12*10+35*20+24*100=3440 cubes. That's (3440/1000)*$68=$234, if you follow what I wrote above.

If you had done tier 0, you would be getting back 3220 cubes. That's $219.

If you're starting out from scratch and you have done tier 0, you're spending $516 with the discount price instead of $884. Go get it if you can't get a student subscription. You can use your remaining cubes on three of the four tier iv courses (to make things perfectly clear, the cubes you get back are baked into the price you paid. That's the $219/$234 above). This is a great price.

The non-discount price however, is awful. You would be paying $816 or $831. Are you really looking to save $53 or $68 so you can be forced to rush through things?

Should you upgrade if you're a student?

It costs $660 for the tier III modules, and you're getting back 2400 cubes. That's (2400/1000)*$68=$163. So it's still worth it at the discounted rate ($572), but not worth it at all at the non-discounted rate.

tl;dr: Go get gold annual now before the discount is removed. The price is hot garbage otherwise.

Could someone help me with

Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through an SPL search against all 4624 events the account name that made the most login attempts within a span of 10 minutes. Enter it as your answer. 

Currently I've tried bin, streamstats but I can't figure out how to use range(_time) <= 600

Thank you for your service

If you're worried about not being able to complete all the modules in time, focus on the tier III modules. The discounted price is already worth it for students who have already done tiers 0-II

I didn't have this error yesterday when creating 'lsass.dmp' and I have no idea why I have it now. I am creating it on mlakeys machines of the skill assessment for the pivot section .

I tried googling the problem with no luck

I think I see the issue. I may have the wrong PID

silly subscription question: I currently have Silver annual, signed up just this July. How will they charge me if I upgrade to Gold while they have the discount? Is it Gold - Silver, ie 945 - 490 = 455?

It's best to ask the support team

I asked the support about this, I still haven't gotten a reply.

where do i ask for support with connecting VM to htb?

i ran openvpn academy-regular.ovpn

run sudo openvpn /path/to/downloaded.ovpn (note /path/to/ is placeholder and downloaded.ovpn should be replaced with the ovpn file name you downloaded)

it says exiting due to fatal error

Hi Guys, can i ask between the "Intro to whitebox pentest" and "Whitebox Attacks", which module is a good progression overall to oswe?

what is the fatal error?

shit it was js cause i didnt put sudo thats my bad

Indeed, it's good for those that already completeded most of tier 2. Since I still have plenty of tier 2... it doesn't make sense to upgrade from $8 a month to $900 a year 😅

i need help 😅,
im having trouble installing crackmapexec while doing the password attacks modules

i used pipx but im getting:

    ERROR: Could not find a version that satisfies the requirement crackmapexec (from versions: none)
    ERROR: No matching distribution found for crackmapexec```

and when installing it from apt it's not working due to some python dependencies

did you consider: installing the python dependencies

yeah, but they cant be installed? like it gives me an error (due to wide system packages)

https://github.com/byt3bl33d3r/CrackMapExec/wiki/Installation

have you considered updating/upgrading your system then>

To quickly resolve stuff, check out NetExec, they have a good and easy installation candidate. It's an exact replica of CrackMapExec but updated with new features.

^

some of the devs moved over to NetExec

oh

thanks guys, gonna check it

https://github.com/Pennyw0rth/NetExec

appreciate it ❤️

Anyone? Anything is fine 🙂

Can I dm someone regarding a question on the skill assessment from the pivot module?

In "Footprinting - SMTP" "Enumerate the SMTP service even further and find the username that exists on the system. Submit it as the answer. " I am using the correct wordlist and I have set out the timers from 5 to 10 to even 60 seconds with the provided wordlist.. still no user

restart the box and try again

15-25 is the magic number

also are you using smtp-user-enum tool? or are you fighting with nmap scripting

Tried metasploit scanner and smtp-user-enum^^ I´ll try reloading the box

hello everyone, put an asterisk on the repository if it's not difficult for you https://github.com/Ttunay/game
I will be very grateful!!

Ty, worked 🙂 @fathom pendant

Only 59 modules for tiers ii/iii. It's a bit more than one once per week.

Hello, anyone working/worked on the Game Reversing & Modding Skill Assesment ?

Hey guys, i currently stuck on the last question of the "Pass the Ticket (PtT) from Linux". I have a root shell and found the keytab file, but i keep getting the error ||"kinit: Keytab contains no suitable keys for LINUX01INLANEFREIGHT.HTB@INLANEFREIGHT.HTB while getting initial credentials"||.
I´m running the command: ||kinit LINUX01$@INLANEFREIGHT.HTB -k -t /etc/krb5.keytab||

im on the skill assesment in pivoting and tunneling. How do i get the lsass.DMP file from the internal DC to my attack machine? I tried to base64 it but the performance is just 2 bad and wont finish ....

guys im doing the linux fundementals module, the question is locate the path to the victim's mail

i did locate mail

and found /var/mail

and thats not it n idk what im looking for

Hey guys today i got many problem with the pwnbox and the openvpn. All time when i try to do remote with the xfreerdp igot error message and one day ago it is worked excellent today it didnt work even not once . And the problem with the pwnbox that ive got some traget ip i was should need to do nmap and it didnt find the hos and the version service. When i did nmap with no flag it work its show we the only port i need but when i add the -sV it not worked at all and i try many combination and many time and i also try it in the openvpn and the same problem i also try open nordvpn and change my state and nothing….pliz help its drive me crazy i pay for this web and i stuck with many problem!!!

cd to the ovpn file

then do sudo openvpn academy-regular.ovpn

sudo openvpn academy-regular.ovpn

check env variables.

idk how to do that sorry

i dont see it in my cheat sheet

||env|| or ||echo $MAIL||

the second one got the answer, but im not sure how

like i dont understand

It doesnt always have to be in there, sometimes you need to google-fu.

cause when i cd into /var/mail and do ls theres nothing

but when i did the second command it gave me ||/var/mail/htb-student||

im not sure how i was supposed to find that

oh it was js supposed to be ||env||

Thats an environment variable - one of many, some are defined directories for a user - Others serve other purposes.

I need a nudge o webattack module final skill assesment i already found all 100 users . I know one of them is admin.

My problem are:
How would i know who is the admin on those 100 users.

How can i change the password of other account i know i need to change the request method to get but the problem is it says invalid token and i cant reverse the token so i can reproduce it for other user.

You couldve also done that and grepped

what does grepped mean

hello , can someone help me i can't access to the pwnbox . Every times i try to access it says that "You have used your pwnbox allowed time"

For the last question of the pivot module, "Submit the contents of C:\Flag.txt located on the Domain Controller.", once I find the internal IP address for the DC, I tried to do a proxy chain nmap on my attack machine. Would that work?

https://vnc.htb-cloud.com/?host=proxy-us-east.htb-cloud.com/bird/htb-z9zhape26d.htb-cloud.com&password=pJovxkZx

I asked because thethe command is still producing results. I am running that command to find what ports are on the IP address of that DC

I know how to connect to the openvpn os not the problem the problem is when itry to remote the windows desktop

Ever figure this out?

https://explainshell.com/explain/1/grep

you mean when you try to connect to the victim machine?

No, i doing the begin module (windows fundemental) and i jist need find the alias command for ipconfig.exe, im already know the answer but it still annoying that is not worked. And also the nmap in the starting point in HTB at the sequel machine

For the ACL abuse tactic module section - to confim we are trying to get adunn's hash cracks not damundsen - correct?

Just found the admin now i need to find a way to change his password/get his valid token

what is an index number?

Can i ping someone for a bit of clarification on: ADVANCED XSS AND CSRF EXPLOITATION -> Enumerating internal APIs

need a little help with active directory attacks and enumeration module . im in the living off the land part , final question . the question says Utilizing techniques learned in this section, find the flag hidden in the description field of a disabled account with administrative privileges. Submit the flag as the answer. . i have found the user but i can not get the description of the user

Hey @molten prawn , I can help you

Can someone give me a hand with this issue for the ACL abuse tactics section? I have the hash, but when I try to run hashcat I get this error:

Hashfile 'hash.txt' on line 1 ($krb5t...73157395E492836B63EAF21830809B7F): Separator unmatched
No hashes loaded.

hashcat - hashcat -m 13100 hash.txt /usr/share/wordlists/rockyou.txt

alright , can i dm you ?

Sure, I am actually working through the skills assessment now. I have my notes from the modules.

thats great . imma dm you

make sure the format is correct

https://hashcat.net/wiki/doku.php?id=example_hashes

has someone do the maths for the new Path?

gold sub is the best here right

but even with the discount is too much xd

#modules message

Im on the last question of the pivoting and port forwarding skill assessment. Can anyone give me a hint how to get to DC ?

@sly dome got i - dived depper into it..I must have changed the format and removed a "$" in the midst of it

thanks

any advice for the password attacks easy lab?

MODULE: AD Enumeration & Attacks - Skills Assessment Part II
QUESTION: (7) Submit the contents of the flag.txt file on the Administrator Desktop on the SQL01 host.
HELP: I get this error message. What is wrong with this?

I did the math in the post right above the one @hallow kiln. If you have any questions, feel free to ask.

what kind of math are we talking about?

Whether or not gold annual is worth it.

The analysis is probably the same if you switch to euros.

lemme see what they are offering its a new tier I guess I have never seen

btw can you help me with my practical

I tried to brute force in Password attacks and it did not work

this one

Module Pivoting and Port Forwarding - Skill assesment
I started the SocksOverRDP Server on the ||172.16.5.25 ||machine and tried to pivot to|| 172.16.10.5 DC||. However i get a conn refused. Any hints?

Proxifier output:
[12.17 12:22:31] mstsc.exe (4820) *64 - ||172.16.10.5:3389|| error : Could not connect through proxy 127.0.0.1(127.0.0.1):1080 - Proxy server cannot establish a connection with the target - Connection refused

thanks

im not interested in a web advanced one but in internal pentest one, like cpts+

not for 800 bucks i meant

i hope they release also a discount with the cpts+

Do you mean an advanced version of the CPTS? I think they're calling it the CWEE.

yes

for the cpts we dont have a name yet xD

but its 99% it will be released

can someone tell what is the differnce between [M] and [E] in the output of windows-exploit-suggester.py

It's 6000 cubes + cost of cert then if it only uses the senior web penestration tester modules

So somewhere around $618.

we dont have that info for the advanced cpts xD

CWEE is for the advanced WEB not advanced pentesting

I'm not following.

web penestration tester

yes advanced WEB

CPTS is about AD/lab, not web

so CWEE is advanced bug bounty

advanced CPTS will likely include the t3 AD stuff

In the footprinting module there's a ton of information regarding enumerating domains with tools like dig and crt.sh, my question is in regards to the TXT records you find, what exactly can you do knowing that info, like is it possible to spoof the value in the TXT record or something?

thank you so much

i missed that whle reading in the github repo

it's not really possible to "spoof" that as it lives ON the DNS system itself

the TXT records generally are some informative record

If it uses all the tier iii modules, and you are only doing the tier iii modules, it would cost you 10000. So 10 months of platinum+$210=$890 as some sort of maximum cost. But if it's anything like the CWEE, it'll probably be closer to $618.

and there's no point of spoofing a txt record

there is if you want to troll people in ctfs

ah okay.

i guess the intent behind looking for them is just to find out what third party services the target is using

or generally just to gather information 😉

Hey, does anyone know how to use pacman for blackarch?

I'm trying to go through the fawn thing and I can't seem to install ftp

Password Attacks- Pass the Hash (last question): if anyone is having trouble with the reverse shell, use Port 443 instead of port 8001 as shown in the example. 8001 is not working for some reason

Working with IDS/IPS, ayone ever done the skills assessment Suricata?

Add yet another content keyword right after the msg part of the rule with sid 2024233 within the local.rules file so that an alert is triggered and enter the specified payload as your answer. Answer format: C____e

I didn't need to add anything to the alert and it already worked... Then I went to wireshark, looked based on the current rule... and looked for anything that was C___e

That doesn't feel like the right way

if you're new to linux then don't use blackarch

I would follow that up with don't use arch anything if you new to linux

I'm not worried about the learning curve, I'll be fine. I've worked with linux distros in the past

Is AD Enum/Attacks the longest module on HTB Academy?

CDSA has a 5 day module, but still less than the 7 day one

windows priv esc is 4 days but it took me 3 weeks lmao

yeah thats a trend with these modules lmao

Hi there 👋👋

does any of u know how can i hack a bank

No

#rules

Not possible

Don't ask for illegal stuff

It's possible, not legal

I'm new

don't think so

So I suggest reading the #rules and #welcome my guy

Before you earn the boot

straight forward

I should go through this room to see if there are any discussions of how long each tier iii module takes.

Stop pushing it :)

MarcieLee, you're always around, what does it take to be a mod?

Examine the target and find out the password of the user Will. Then, submit the password as the answer.
Password attacks - Linux Credential hunting.
I found the password of kira, did an SSH, got trouble transfering the files, any ideas?

Definitely not a braincell

I saw payload being upped to a mod, so I got curious

Firefox_decrypt

So I gotta transfer it and run it on the target?

Yes

I tired to, but there was some error code.

With the python.

I will try again.

You gotta specify python2 or 3

¯_(ツ)_/¯

💯

How do you correct skill issue?

Get gud

Or sit around and passively learn new things. I'm not afraid to try something as a "fuck around find out" if my thought was correct

Get answer: think of other ways to get answer faster, test, fail/succeed

command python2 not found, I suppose I gotta transfer the python2, as I cant install it?

No

try python 3 I suppose

^

will try

Btw you didn't specify what the python error was

:|

sudo

Aint got the pass.

• the account isnt on the sudo list.

type object is not subscriptable is the error

You're kira, you do have her pass

but she isn't on the sudoers list

lemme try, still.

Hey, I always wondered what was the intended time per day for the modules?

What do you mean?

I dont recall having many issues with it

If you feel like exploring, theres a metasploit module that works exactly like firefox decrypt with less stress.

Nope, she ain't on the sudoers file.

especially since it says 8 hours... and then 2 days... if a day was 8 hours... then it would just say 1 day? so is a day more than 8 hours?

Like when a module says 7 days how many hours per day is intended

👀

Honestly, I don't know

There ain't no msfconsole installed.

I'm not really involved in the content side of things these days

Corporate training stuff

I'd venture it depends from person to person and the amount of knowledge you have... maybe it's just an estimation of the avergae

I mean remotely dawg.

If something is not installed, in this case a python module in the target. The smartest way to approach it is to adapt based on the situation

Msfconsole from your system lol

Oh bruh.

Understand what you need to extract and what files you need for the extraction

^

I am working on the academy module for JAVASCRIPT DEOBFUSCATION :Source code and I have found the flag but it is not accepting it. Any advice?

aw man, I kinda wanted to see if @brisk hemlock was going to get kicked

rip

Yeah, I have 0 idea how to transfer them, http.server is a no, ssh is a not, rsync doesn't work, sftp is a maybe.

Are you sure it's right, and 2 read the question carefully

lemme try the msf thingy

There is a file transfer module that showcases a few techniques to move files across machines

netcat.

Usually the simplest one is the most reliable, and it could be under your nose

bruh, out of all I forgot about netcat,

The swiss knife.

@fathom pendant i followd the article step by step and copied and pasted, also tried replacing | with {}

Also 3, make sure no extra spaces

? There's nothing to replace iirc

really

You're just viewing the page source

@fathom pendant confirmed no extra spaces, the flag i got was in format of HTB|XXX_XXX_XXXXXXX

firefox_creds.rb?

The flag starts with 4 after the first {

Yup, thats the one - Have fun.

omg, single character spoiler

😢 am banned forever

My guess is they unpacked the js function

All good, just being silly.

Np

I have a theory on what they goofed

@fathom pendant still not taking it

Did you view the source? (Literally all you gotta do, nothing extra)

I just checked and yep, no obfuscation goin on

i am looking at the source for secret.js

Have you tried looking at other sources?

😉

well then rtfm

not hard, get used to it when using anything arch based

*faceplam

@fathom pendant thank you!

😆

I speak id-10-t

PEBKAC

The later parts have you explore that code

You just did it prematurely

i swear thats never a problem XD

That's what they all say

(The skill assessment will have you feel the same)

funderful

Does anyone else have this weird discord cache should I say false positive detection from windows defender?

It's just defender hallucinating

i wonder if that is related to discord being a datamine lol

99% of social apps datamine

It could be that it's a cached line of code that is a backdoor that someone was showing you

Literally why you have to put your notes in an excluded folder for defender

Cause your rev shells will get flagged

Yes, I thought this too, Im assuming its from a discord channel.

Worth researching and playing around with tho 😅 thanks

Yeah, you can likely fetch the cache file

yeah, atp I keep my notes on a kali vm and backup to a google drive weekly.

I keep my notes on host, in the event my vm dies or I need to rollback

Recently lost a note that had important commands because I changed the folder location and forgot to add it to the exclusion list 💀

You can tell defender to undo

Iirc

Yeah, unfortunately there was no "restore" option for this one note - luckily I have it backed up.

Planning to migrate to my Lenovo laptop I got from a school. Its got win10 pro on it: so big bonus to being able to do more; I have a software license through school so I can mess with Ms Suite stuff

one of the best perks free ms office, cheap adobe

Literally got a new laptop because I dont wanna imagine how horrendous it would be to write a report with Libreoffice Messed with the old one and wiped windows off.

Fortunately now theres sysreptor.

Installing windpws is alot easier now

with usb

still gotta deal with license stuff

ohh

speaking of I need to copy my win10pro key somewhere

You can copy it to my dms 😉

I'd sooner walk on broken glass than keep it on digital media tbh

might write an obfuscated code to type it out though, sounds like a fun project

Module Web Attacks Section; Other Notable Apps ---- cant get a reverse shell, what am i doing wrong?

guys

sudo updatedb
[sudo] password for htb-student:
htb-student is not in the sudoers file. This incident will be reported.

my module mentioned the locate tool and i wanted to try it to find the file that my question requests but i got this, is it gonna get me banned or anything?

that's just a standard message

it's not actually being reported to anyone

i don't think you need to do sudo updatedb you can just do updatedb

Doing Medium Lab on Footprinting and I'm lost, the hint says ||to use SSMS, but MSSQL is 1433, which isn't a listed port|| I have no shame in saying this lab makes me feel like this is the wrong career for me lmfao... can I get a hint for this

i have nothing useful to say, but good luck 🙏

'ppreciate it

imo, if you feel burnt out that way, maybe go take a break, just lay down and watch netflix till you can fully problem solve again

i know thats not what you asked for though

it's only accessible internally iirc

yep just checked the hint: it's accessible internally

gotta get foothold first then access it

Hi, I was wondering if anyone is having issues getting the proper output when trying the example on Module: XSS Basics section: Stored XSS? I can not get <script>alert(window.origin)</script> to work properly on http://SERVER_IP:PORT like it shows...

im getting confused on the linux fundementals section 💀

File Descriptors and Redirections on this section at least

Okay, cool at least I'm not going crazy, do you have any hint you can give me for foothold? I have tried everything that I can think of... I've ||mounted nfs shares, tried every smb tool I can think of, and tried to enumerate rdp and rpc|| I wasn't getting anything but I don't know if I'm missing something

you're definitely missing something: check open ports and think what's open and how you can check them

what are Input/Output (I/O) operations

i believe nfs is the right start

eli5

...what does input mean

what does output mean

input from where tho

the command line

where you input things

oh sorry

and receive an output

i dont understand how that relates to File Descriptors and Redirections though

maybe i havent read enough

you probably haven't read enough

the section kinda explains it too

it sounds like you read the first few sentences without reading the whole thing LOL

you're more than right sorry ab that i was struggling to focus

don't ask questions until you've read the section - that way if anything is still confusing you're not told "it's right there"

take a break if you have to

no one says you HAVE to complete a module same day you started it

Page just hangs then fails out.

Marcie, I've ||mounted the nfs share that was present, I've had it for a while, knowing something would be there...|| but my problem is being able to access it cause its locked I've tried using ||chown and chmod|| and neither worked... am I missing something

okay i finished reading and i have a question

How many total packages are installed on the target system?

what does it mean referring to packages

like what is a package, how do i search for it