#modules

In other news, I am stuck in the AD lab Part 1 on finding the plaintext creds of ||tpetty||. If anyone has any hints, would be highly appreciated!

i directed you to the #rules that clearly explain what is and isn't allowed here

ok

Should I use sms bomber to disturb him...?

Oh my god.

my brother in christ

just shut the fuck up about it

period

this server is not for anything like that AT ALL

ik you likely found this server through the discovery feature

can you dm me the correct place to do that..?

but in future; read the #welcome and #rules channel

Not here is the correct place.

It's purely against Discord ToS as a whole to distribute information like that

Neither anywhere in this server.

hecker

Common bro you can Instagram me

you have the worng idea of what this field is about, you don't learn things to fuck with people

Out of discord 😹

Oh my god

Listen here mr chandra gupta

<@&861185840277487616> since you don't wanna read

some people did do that

U don't do that here

I going

Bye

bye

good, bye

bye

See, idk if that's just QA or some sort of FIC checking the integrity of the server.

bye

troll

indeed

I really don't think this semi-finished product got the wrong server.

no idea what you're talking about, unless you're talking about that dude from a few minutes ago ¯_(ツ)_/¯

if you are - then i really don't care lol, they're gone - it's no longer an issue

That's exactly what I'm talking about))

i don't care and i'm dropping the issue ¯_(ツ)_/¯

as it's dealt with itself

i did not invite you to dm

But I’m not cultured and don’t require an invitation

You still need to ask

it's

1. in the rules
2. just generally best practice

im new, hello

where's the guy that needed help with the AD module

this guy?

same

yes thanks

check what other lsa commands are there with mimikatz

I used that and obtained just the NTML of the user, the plaintext field is empty 🥲

mimikatz has more than just logonpasswords

check the lsadump module

It was something from the module itself? I have gone through my notes like 10 times, so if it was there I probably have missed it. Thanks for the hint, I will research that option now!

not in the module, but it's good to know more

mimikatz is also not the only tool that can do that

secretsdump ye?

yeah, and netexec

someone knows what is the forum for HTB support

hey guys and gals was looking for a distro that has all the tools i need for the academy side of htb ive run both kali and parrot security and pwnbox edition but it sucks having to stop the learning to try and figure out why and how to install a tool they want me to use I get that its good practice and all but im finding a module that supposed to take x amount of days or hours is taking me alot longer due to trouble shooting error messages

no there isn't. and being able to install tools yourself and get them working is an important skill, it's impossible to have every tool ever installed in a machine

You can get support here
https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

i get that xerous like i said i know its good practice getting my linux fu up but i keep hitting walls with packages no longer supported or incorrect libraries off my head the last one i needed python 2.7 but the distros ship with python3 i know i could build from source or get the deb package of the lower version but thats beyond the scope of the module i was on this being an ever evloving feild i understand that itd be tough but couldnt the pwnbox instance that you spawn have the prequistes or even everything there in that specific module that one would need

i know something like that would take a lot of time and effort

generally kali carries more tools than parrot, I can't say that I spend a lot of time installing tools and troubleshooting them

i'm working on the live engagement of the shells & payloads module, specificatily on the second host, the blog one, i know htb wants me to use a prewritten metasploit script but i was trying to exploit the webserver myself. there is a file upload vulnerability, there is actually a magic number check on the files which i bypassed simply appending a php payload (<?php echo "hello"; ?>) to the end of a legit png file. i managed to change its extension to php and access it on the server but the code just isn't there. i checked how the metasploit script does it and it doesnt seem any different from how i did it. what is wrong? (metasploit script https://www.exploit-db.com/exploits/50064)

thats true i switched cause i figured that the partnership with parrot that they wouldve done what ive been talking about

When trying to connect to the server I get this error message. I already confirmed that I have mssqlclient.py installed and I even tried it on the ParrotOS web shell and I get the same error. Is this an issue on HTB side or am I doing something wrong?

Beginners in Cyber Security

If you don’t know which tools you need yet or how to set up a hacking VM/OS, this is the answer on how to start your hacking journey.

either use just mssqlclient.py or impacket-mssqlclient.py

Thank you

Some tools only have installs from their github

marcie you think it may have been an licenseing issue

licensing issue? majority of foss tools don't have licening requirements

what are you trying to install

if this is a new kali install you gotta use impacket-$TOOL.py

Some tools do require licenses to use full functionality but most are open source and don't

Nessus, Burpsuite are ones that come immediately to mind

neither of those are open source tho

burp should be preinstalled in kali

I meant in terms of what's not open source

cme bloodhound windows exploit suggester ive made it through what ive ran into so far or found ways to do or get what i needed without them but itd be nice if when a module says use x tool to get x from user z that they where there and i didnt have to take the time troubleshooting

Bloodhound is constantly evolving and iirc is very limiting anyway. But cme needs to be installed either via pipx or poetry

pipx, poetry is for dev

it's just one command to install cme

Ye

And netexec is the new thing instead of cme

yall get what im saying though for simplicitys sake

imo you learn from installing tools, else no one would know or care how apt,pip,poetry,npm,pipx,cargo,gem etc work since everything is readily available and ready for you to use.

I mean really just read the docs of the tools and follow the steps, those work 99% of the time

most of the pre-installed stuff is good to go. And most tools are well documented to install ¯_(ツ)_/¯

💯

not from my experiance

some tools it's simply pipx install -r requirements.txt after cloning

idk what to tell you other than either your whole OS is broken or you're doing it wrong

i get it and i have learned alot from banging my head against a wall trying to get something up and running but itd be nice not to have to

Give an example of a tool you struggled with

Ive noticed when I struggle with installing a tool its usually due to lack of understanding of a fundamental thing like how gpg keys in apt work, or because I didnt understand what the installation docs were talking about. Its most likely the case here with him as well

In some cases you would need to add the path to your $PATH but I think installs with pipx you can do ensurepath

yeah pipx makes things piss easy, it handles all the vnevs and shit

Most docs are well written/copy-paste. But there are a few that have been stupid

Iirc installing sqlplus or w/e was a pain, and I'm glad i got it installed with relative ease

it could be lack of understanding or a crappy readme ill look into pipx the point i was trying to make is if im learning about one thing i didnt want to have to leave that to learn about something completely off the beaten path cause by the time i got back to what i had set out to do originally i found i had to go back and redo what i had already done if that makes any sence

I've tried starting from the beggining again and taking a day break im kinda stuck here on Oracle TNS in the footprinting module 😦

A lot of this is just basics

I keep on getting || bash: sqlplus: command not found || I am using the provided virtual machine from the HTB website

$sudo apt install crackmapexec
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
crackmapexec : Depends: python3-aioconsole but it is not installable
Depends: python3-lsassy but it is not installable
Depends: python3-neo4j but it is not installable
E: Unable to correct problems, you have held broken packages.

This section sucks. But if you could explain your issue more it'll help us point you in the right direction

Add --fix-broken

You need to install it

sudo apt install crackmapexec --fix-broken
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
crackmapexec : Depends: python3-aioconsole but it is not installable
Depends: python3-lsassy but it is not installable
Depends: python3-neo4j but it is not installable
E: Unable to correct problems, you have held broken packages.

Weird

Just go to the github and follow the docs

Try just sudo apt install --fix-broken

a simple clone of the netexec repo and pip3 install . would fix all of that

It downloads dependencies as well iirc

The docs are even simpler

It's like 2 lines iirc

the sudo apt install --fix-broken didnt work

because they are python lib dependencies and I dont think those are all in apt directly

The pipx install method should work

@fathom pendant I just get a 404 not found error when I run the download commands provided in the section

Got any ideas on how to get around it?

Weird

I know 😦

You're on the pwnbox and have paid for cubes yeah? Or still free

Bc free has limited internet access

Someone on here told me that because im trying to run python in a parrot OS its causing issues, Could that be it?

I paid for the whole thing

Thats the dumbest reason

I bought all the cubes and paid for it all

i can't unlock any modules anyone know what's the problem is ?

I'm glad im not going crazy

I can run python in my parrot just fine

Turn off ad-block

k

what are you trying to install

Likely sqlplus

thx bro

pip3 install
error: externally-managed-environment

× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.

If you wish to install a non-Debian-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have python3-full installed.

If you wish to install a non-Debian packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.

See /usr/share/doc/python3.11/README.venv for more information.

note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.

The module gives you a whole script

Add --break-system-packages

just use pipx

That too

pipx might also throw that venv error

damn even the wiki is down for cme

https://www.netexec.wiki/getting-started/installation/installation-on-unix

^

I guess in this case sqlplus

pipx install crackmapexec
Fatal error from pip prevented installation. Full pip output in file:
/home/liquid/.local/pipx/logs/cmd_2024-01-27_12.04.27_pip_errors.log

Some possibly relevant errors from pip install:
ERROR: Could not find a version that satisfies the requirement crackmapexec (from versions: none)
ERROR: No matching distribution found for crackmapexec

Error installing crackmapexec.

Did you copy/paste the script from the section?

Just install netexec

It's the same as cme but better

pretty sure the last time I check it those things aren't in the parrot apt repo

They may have been pulled

i cloned the git

I'd have to ask palinuro about it

this is an example of what ive run into

They were when I installed it

yep

Follow the instructions from the netexec wiki

It'll save you a whole bunch of time and effort

is the command structure the same as cme

obviously the only thing I would have changed would be IP address but they dont ask for that.

It's literally the same

There's an install script yeah?

The main contributors forked cme into netexec

cool ill follow your suggestion but do you see my frustration

Due to disagreements with the main dev/owner

We are talking about this right?

¯_(ツ)_/¯

Why are you always online?

Yes

https://tenor.com/view/you-can-sleep-when-you-die-jonny-cota-making-the-cut-get-to-work-all-nighter-gif-16988026

I'll re run it again :/

theres no beating that 🤣

That's a very wrong way of putting it.

I gUeSs IlL JuSt TrY HaRdEr

Yes.

try smarter

I mean you were told a dozen times to just install netexec

Don't try at all. Read writeups lol.

Buy exam writeups

Might as well switch to baking as a profession 💀 . Never skill depereciating to read Receipes lmaoooo

i didnt get my grade 10

?

baking is not simple my friend

Are you okay?

Take a break.

But you can always read a receipe if you're stuck 😉and it would actually make you better at baking lmao

I read and watch recipes but never actually bring them to existence lol.

it's not in the apt repo for parrot

At least for pwnbox

Which is dumb lol

So Pali or tissy must've pulled it for some reason

Now that I think of it, its a pain installing sysreptor because of this exact thing
I just used Bookworm's apt repo lmao

yeah adding another apt source should fix it but that's a pain

I didn't have to go thorough all this pain because my parrot got corrupted and I installed Kali Linux. Simple! 😄

Funny thing is it worked on mine

So thats the confusing bit for me

I use kali as well but I faced the same issues until I switched to bookworm

Personally I like parrot, it runs so smooth on my machine as a VM. Kali Linux is not that smooth but still playable.

The pwnbox is on 6.0 yeah? Does installing -t lory-backports add it?

which leads to the question of why the partnership with parrot if another disto is better supported

can i create horror fps games with unreal engine 5 ? (c++)

Probably, but this server isn't for that

anyways i love and appreciate yall if i run into any thing ill be sure to reach out

idk I just booted pwnbox and ran the command

may I dm you?

I'm not at mu computer to check

XD

ik i justed wanted to know thanks 🙂

sure 🙂

I think you can.

okay

I used Unreal Engine for creating grass.

Its when I run this command ||sudo apt install oracle-instantclient-basic oracle-instantclient-devel oracle-instantclient-sqlplus -y||
I still get the error

It's worked fine for me

So Idk how to progress

Try adding -t lory-backports

Also this

To the end?

cause you the best marcie

any easy way i can get gpu support on my vm or should i just switch to qemu

You are frustrated, yes?

Yes, I asked as well in the parrot discord if they pulled it

Mostly bc I know it worked previously, bc I installed it

Comes up as || 'lory-backports' is invalud ||

Hmm

maybe install from source but it's some oracle crap so good luck

Did you try adding sudo 🙂

Yes

I heard that sudo always works.

take out the oracle bits first and just install the lory-backports

lmao I mean its just not pulling the SQLPLUS

See if that resolves

Sqlplus is oracle stuff

I'm not a fan of oracle 😦

Only oracle I like is vbox

Like this? || sudo apt install -t lory-backports ||

I did not get it to work that way either

does qemu come with gpu support out the box?

I'm not familiar with doing via pwnbox tbq ¯_(ツ)_/¯

ahhh shucks 😦

dont know why but after i installed the guest additions my parrot vm bricked on me

Most virtual software requires you to do pass-through

Sounds like you may have done something weird in install

works on my kali machine

Funny

nah ive used the gui upgrade function so i suspect not

Idk about qemu or any software for macs

qemu works on windows

parrot works on my machine ¯_(ツ)_/¯

crazy

If you have an Nvidia card parrot has docs on how to get them to work properly

This is what happens when you don't sleep.

ive got integrated graphics on my cpu but even then its slower than my dead grandfather

How many resources does your host system have, and how much are you giving the vm

If you give too much, everything shits the bed

let the hate flow through you my friend

Hate?

try dual booting it gpu installs tend to brake cause the host is already using it in my personal experiance

8 out of 12 cores, 5gb of ram out of 8

im not very good but maybe try spoofing?

might have to be in the tools directory

sup

anyone else keep getting issues like these when using proxies? channel 6: open failed: connect failed: Temporary failure in name resolution

Breaks the proxy and takes a while to get it working again

prob shady shitty ssh proxy

might need to do more ligolo-ng to get it smoother

.

Hi, I am having trouble understanding something. My nmap scan that has the flag -p- does not discover port 50000 but my scan of port 50000 works. I am assuming its due to some kind of IDS/IPS? The flags on both scans were "-Pn -n --disable-arp-ping"

2 things, syn scan and source port

The Syn Scan should see it, -sS

Ok thanks, I'll try. I was just wondering why it didnt show on the -p- but did on -p

Because you're specifying the port, so it'll do it differently

Got it, thank you!!

If you look at the ids/ips evasion, dns proxying part if you replicated everything except the direct port scan, (switching it to -p-) you'd see it

Thanks, I did get the flag for all 3 boxes but I remember the last box my scan took forever. I am going through them again to write-up more detailed notes and I was trying to side step the long scan so I implemented the -p- to save time and the question struck me.

Np taking notes on alternate ways of doing things definitely helps

i want help

With?

Are servers exploding rn or something? When I spin up a VM I get about 15 seconds of alive time then just 2024-01-27 13:39:20 read UDPv4 [EHOSTUNREACH]: No route to host (fd=3,code=113) forever from the VPN output. Can't seem to access anything on any hosts, have tried in both US and Europe vpn

hey im doing htb starting point and my ping is high nmap scan takes too long. what can i do?

Same... Nmap scans on their servers are unworkable

my internet connection is good but in my opinion its the openvpn slowing it down

#starting-point

Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through an SPL search against all 4624 events the count of distinct computers accessed by the account name SYSTEM. Enter it as your answer.

SPL i used: index=* sourcetype="wineventlog:security" EventCode=4624 Account_Name=SYSTEM
| stats dc(Workstation_Name) as Distinct_Computers

got an answer of 1, but its wrong. can anyone help?

ive changed my vpn to eu1 today then it worked

I used a different command, in the reading there's a command to remove duplicates, thus effectively showing all the distinct computers.

I'm having issues with connectivity too. Exercise needs me to RDP on to target and it keeps dieing or badly lagging. Are there still VPN issues?

I'm hoping this isn't typical - I signed up last weekend and the labs have pretty much been unusable for most of the week!

this is definitely atypical, seems like the infra took a hit and hasn't fully bounced back yet

Anyone that Already did "INTRODUCTION TO DIGITAL FORENSICS" wanna share some ideas? I just ended the module assessment but I am pretty sure I did in a way not intended by the Module Creator

In the file transfers module, in the first section I solved every questions, and there is an optional question where we can simply train the techniques that were taught in the section.
I managed to solve the previous questions, but 80% of the section talks about setting up quick servers on the attacker host and I don't know how to do it.
When I try for example to set up a FTP server it seems that it creates it only locally, so when I try to reach my FTP server from the victim host it seems unreachable. When i search how to make it reachable it seems to come with a lot of problems such as "port forwarding" ( haven't seen this yet ) and lots of warnings related to "openning my computer to the internet". any help ?

are you making sure you use the correct ip assigned to your by your vpn? You won't be able to reach your ftp server via your "internet" ip, but you and the other host are connected via the vpn and should be able to reach each other via the vpn ip without any port forwarding

in the course section, when setting up the FTP server it says "starting FTP server on 0.0.0.0:21"
but on the victim side, when downloading the file they call it using the command : (New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')
And I don't understand how they got that IP since it says that the FTP server is set up locally ("0.0.0.0" IP)

0.0.0.0 is all interfaces, not only local

yea it means "all ips you are assigned to", you can type in ifconfig and check your (probably) tun0 ip, thats the one that should be reachable from the victim machine

well, from the victim, i can ping the attacker, so i guess it's there, but when i try to run the command shown in course i'm getting
PS C:\Users\htb-student> (New-Object Net.WebClient).DownloadFile('ftp://<vpn attacker IP>/upload_win.zip', 'C:\Users\Public\ftp-file.txt')

Exception calling "DownloadFile" with "2" argument(s): "Unable to connect to the remote server"

i'm probably missing something obvious, but it's such a new concept for me

and you are sure the ftp server is actually up and running? can you connect to it from a different terminal on the attack host?

yep, and i got all the files i'm expecting to see in its directory when loging as anonymous

^ the ftp server does need to run

and you connect to it using the same ip you used on the victim host? and not 127.0.0.1 or something like that

yes, starting by 10.10.15.XXX

hm, that sounds right so far, I'm not sure where the problem is :x

maybe i'm explaining things poorly, it's difficult only with text haha x)

well I think I understand your problem, it shouldn't say "Unable to connect to server" if the server is in fact reachable. You say it can be pinged and from another terminal you can reach the ftp server so all that sounds fine

I know nothing about hacking

can somebody give me the basics >

and tell me what to do

and what it is used for

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

I'm having trouble scanning through a pivot host using proxychains, for some reason I can't even ping/nmap the interface with the internal network through proxychains, let alone ping sweep the network, is that normal? I'm working on the assessment for the pivoting, tunnelling and portforwarding module.

I managed to get the target internal network host address using a one liner, but i would imagine that's not the appropriate approach.

i mean I figured the one liner would have to be the last resort option

Icmp doesn't play nice with proxychains

Why would it be a last resort if you have access to that host

well I thought the cool/professional way to do it was to nmap through the proxychains.

there's also other tools too. but hmm...

The cool/professional way is ligolo-ng, sadly that’s not in the path

There's no one true way

lol I'll keep that in mind

And ligolo-ng works way better than the tools showcased, it's new as-of when the module was written

kali has this tool called netdiscover too

You can try it on the module, it trivializes a lot of what you just learned

Maybe once it hits 1.0 they'll update the pivot module to include it

It's really simple and trivializes a bunch of the weird stuff you do for the others

I would've never guessed to use the one liner by the way, I guess the psychological factor comes into play, only thing is im not sure why nmap/ping doesnt work, you mentioned that proxychains doesn't play well with icmp but idk why that is, I was able to xfreerdp into the target afterwards

i'll make sure to check out ligolo-ng wrote it down

Xfreerdp doesn't use icmp

It's because it works on a similar network layer level and conflicts with the traffic

ah i understand 🙂

proxychains only works for tcp. it doesnt support udp or icmp

note socks5 proxies CAN support udp. proxychains just hasnt updated to include them yet

Does anybody take thorough notes on a seperate document?

I have a massive doc with screenshot examples with every concept/command I learn so I can always reference it very quickly but I feel like I'm moving at a snails pace because of it lol

I take notes on commands/attack chains. Anything I need to read I just leave in the module

I'm still on Linux basics, I'm just doing it in anticipation once I've moved on from tier 0 and into the higher tiers it might be annoying trying to find where some information is... but I dont even know if I'll have that issue or not

In other words I'm asking if this is a waste of time or not, I can't tell due to my lack of experience with this field

using a proper notetaking application would help a lot, give obsidian a go

From my experience, I can find information pretty fast. It's the commands/how to fix an error that gives me issues. Thats why I only notate that portion. But everybodys different

I'll give it a shot after linux basics so all the newer notes are on there, seems good from my brief search

For programming I usually know everything I need to look up but yeah I think I may be taking it a bit too thoroughly

it's fine to be thorough as long as it has the information you want and you can find it easily. but taking notes is very important

very true

Thats how I have structured it

gotcha

CTRL+F with a keyword will usually pull what I need with screenshot examples from my own practice or the modules

as your notes grow in size, ctrl f would find a lot of duplicate results, I would suggest splitting them into different notes with different headings

Heya, can anyone help me answering the second question in intro to bash scripting? I'm certain I've got the right answer/gotten the script to print the required result but it's still not accepting?

Answer I gave is ||redacted|| is this a formatting issue on my part or am I just way off?

input the full command

OH

I'm dumb

whats the command show a cracked hashcat hash again?

I keep forgetting (see this is why you need to notate commands)

--show

having issues waiting for targets to spawn for the Pivoting module, taking a long time, hasn't spawned yet (I'm on US EAST). Just noting this isn't the first time it's happened for a sitrep

It happens to me too, I think it's a target problem, try logging in again and restarting the VPN
If the issues persists, send an email to support

after 15 min it spawned ;c

going back to the proxychains nmap thing i was able to scan the target with the -sT option of nmap figured TCP is better than using straight icmp with -sn

nmap has many options, I don't know your context but you can look at firewall evasion and silent scans if your target is protected
man nmap

I don't remember -sT but -sn identifies devices in the subnet but i don't have a PC in this time 🤣

-sn isn't a ping sweep arg why do you compare it with -sT lol

How long did it take to complete “Information Security Foundations” path ?

what does takes blood mean in the channel blood

new to htb btw

-sn: Ping Scan - disable port scan <--- this is in the help idk what you mean by it's not a ping sweep arg, unless there's another im not aware of?🤔

I'm doing the nmap module, working on the easy firewall evasion lab.
I'm wondering if I found an unintended solve for it, and am curious as to the intended solve.
||Wappalyzer browser extension in firefox|| simply gives you the answer without you having to use nmap in order to figure it out.

Those are the first people to solve a newly released box or challenge

oh really, thats impressive considering how many people work on them

Any reason why the alert page on nmap module firewall evasion just randomly increments even when you aren't scanning anything?

No

#rules

I highly recommend deleting this, unless you want to get banned for it.

Demmnnnn

I though this is an hacker group💀

It is, you can find a pile of hackers here, but it's not a place where you're going to find people doing illegal stuff.

Right place to learn to hack. Wrong place to ask for help doing things that will get people sued.

it's unintended

Did the intended solve use ||netcat to connect to the ssh port to get the banner with the OS version? Nmap couldn't identify the fingerprint, only that it was linux.||

i believe the nmap i used was like -O and -sC

but it's been a minute

I see.

These are some pretty fun challenges they have at the ends of the modules.

is it possible to hack instagram accounts with linux, only knowing the username ?

with nmap or metasploit or smth

(i just want to hack my own acc )

to practice

lol

#rules ; even if it's your own account it's still illegal

what if i create an account and want to hack it ?

still illegal

how

you don't own the account, Meta/Instagram does

you don't own instagram, you cannot hack it and if you try you will be caught

(which is why they can just ban you for being a fuckknuckle)

And ofcourse, hacking Instagram is not something you can do with nmap lol.

there is a german youtuber he got hacked by an darkweb user a few months ago and im pretty sure he wasnt caugth

i hack instagram with my samsung smart washer

Unethical

"Hacked" or social engineered

that sounds fake af lmao

True lol.

he had access to his instagram

there was a fairly common Social Engineering trick to get people to download a malicious file which stole web tokens and shit

It's called social engineering

it's been floating around for AGES

so he clicked on hsi link to gain informations

?

he clicked on a malicious file which looked innocuous to the avg person, but ran a bunch of scripts in the background and sent data to a C2 server

tmm

kek

either way: this conversation doesn't belong here

What are you upto btw?

I suggest reading #rules and #welcome

what you do eab

what do you mean

ok

anything re: illegal activities is strictly disallowed

im just asking no one said im gonna do it

we don't do benefit of the doubt here

tamami

not to mention since you don't know what you're doing, you're quickly gonna ask for an IP ban from Meta/Insta if you even try

ok lets say

if you wanna actually learn

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

whats gonna happen if a would hack instgram

is it even possible?

https://tenor.com/view/yazarkeolog-gif-19419563

but hacking websites without explicit permission: is a quick way to get banned, and have the police sent to your home

what if i hack fbi

lmao if you hack fbi they might consider hiring you

hi Payload

what if hack us government

either way: this conversation stops here

Wrong channel for such question

hey help me with introduction to windows comand line skill assessment last question i not able to find it pls help me

this channel is for questions regarding htb academy modules

hey help me with introduction to windows comand line skill assessment last question i not able to find it pls help me

not asking skid questions

skill issue

alr alr im gonna stop really know

chill out kek

where i seek help

anyway what have you tried, and what are you stuck on

this question requires you to be on the Domain Controller

and run commands there

i can get event id 4625 but it gives me many i dont find out which is question ask about

ah i believe the module talks about getting a windows event log info

yes

so use that, just don't filter it with system accounts

the answer will be start with j

IN ATTACKING COMMON APPLICATIONS - Exploiting Web Vulnerabilities in Thick-Client Applications - I do the following steps:

• Add to hosts: C:\> echo 10.10.10.174 server.fatty.htb >> C:\Windows\System32\drivers\etc\hosts
• Extract files from fatty-client.jar
• Edit the file - beans.xml: change port 8000 to 1337.
• In META-INF/MANIFEST.MF - remove all hashes (file must end with new line)
• delete the 1.RSA and 1.SF files from the META-INF directory.
• Compile files to a new app: C:\Apps\fatty-client>jar -cmf .\META-INF\MANIFEST.MF ..\fatty-client-new.jar *
• Open fatty-client-new.jar with creds - **get login failed. **
  tried multiple times and restarted machine.. anyone please?

?

ah my bad lol, I thought that was one of the boxes lol

i wont be able to find name with flag in it

Read the Fatty walkthorugh

Checkout the Video from Ippsec

wait is that the one with the name with a flag?

yes

okay wait i type question here

What user account on the Domain Controller has many Event ID (4625) logon failures generated in rapid succession, which is indicative of a password brute forcing attack? The flag is the name of the user account.

yes username

it's not asking for a flag like htb{..}

nono

username

and like i said

j* is gonna be the answer

thanks I'll try

no pls tell me procedure pls

i do all but i stuck here i do go online about it but i cant find it

in the logs section it shows how to expand properties of the log

so it'll show the full thing

but in powershell how you expand

as i said

the logs sections show you how

Look at the log files on the domain controller, not on the client

i didnt understand

What user account on the Domain Controller has many Event ID (4625) logon failures generated in rapid succession, which is indicative of a password brute forcing attack? The flag is the name of the user account.

yeah but its shows many name

yes

and you should just be able to scroll through it to find it

it'll be fairly obvious once you see it

what that many name like 70 or something

that's really not a lot

especially since you only need to read the username part

okay thnk for great help

you can also google

there's like a dozen articles

ok last help can you send me command for event log id 4625

nope

you should be able to find it by looking back through the module

ok bye

good luck

i'm not a hand holding type person

most of the info is there in the module itself

ah i see

ok ok

The idea of the Academy is that you learn independently. If you get stuck, you can ask for help here and you will be given tips to guide you in the right direction. That's exactly what Marcie tried to do.

hey i want to ask about something but its photo how i should upload here

you need to link your htb labs account following #welcome

nah nah

unlinked accounts can't send photos; it's an anti-spam/troll measure

similarly; large codeblocks also get removed

i have photo of my event log but in that how should i take which is username

when I ssh to target from kali VBox machine, it just times out?

the one that obviously relates to a username

try changing vpn regions

how do I find student I.D.?

isit account name?

thanks

each timestamped log has a few sections of username

In virtual Box?

from the academy page

if you're not running the academy vpn: well that's your problem

ok i got it now

and how should i identify if which is indicative of a password brute forcing attack

so I open downloaded VPN with Kali virtual machine?

openvpn cmd

with openvpn, yes

a bunch of failed attempts in a row

okay

In the linux privesc module, Linux Services & Internals Enumeration
it asks for the latest python version, i found that version but it says incorrect

Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name: administrator is this username right
Account Domain: GREENHORN

is there any specific format?

something like that

but yes it's the account Name: portion, for which each log will have a few

Check the system to see which versions are installed. You can install several versions in parallel

ok

i checked the binaries and the installed ones, i found two versions ,but still WA

its not in the table i look into whole table

the answer isn't administrator btw

if you scroll through you should be able to see it

i know i check whole there is no flag name (The flag is the name of the user account.)

the name of the user account that is being bruteforced is the name of the flag

there's no section that's called "Flag name"

i know but there is only administrator,user1,user0,and other how i find diff one

I must be doing something wrong for this vpn?

each log has 2 sections for account name

so you're on the right track; but missing a step

wdym?

yeah but there no other name

it's just
sudo openvpn /path/to/academy-regular.ovpn
note* replace /path/to/ with wherever you have the vpn file downloaded

yes, there is, i'm looking at it right now

it's after "account for which logon failed"

in each section of the log

if you do | select-object timecreated,message | before the format-table command you can see the timestamps

and more accurately/better split each log

Get-WinEvent -FilterHashtable @{LogName='Security';ID=4625} | Select-Object -Property * i type this

it gives me nothing

you just need to manually review

it'll take a few minutes

you don't need to select all propreties

also add |Format-table -Wrap

like i said you're really looking for the section after "Account for which Logon Failed"

the "subject" doesn't matter

can u give one last hint

tbh i've given you as much as i possibly could

it's all there, you just gotta look

i m looking but theres no flag

ok, what do you mean by there's no flag

because we might be misunderstanding each other

because i said previously that the answer isn't a flag format

it's just a username

ok how i find that username beacuse heres too many

earlier i type all name but it got wrong answer for evry name

again if you look at the logs you're looking for the "account for which Logon Failed" section

not the "subject" section; and no, you didn't type every username :)

because i'm looking at the right name on my screen

i am looking them again

I'm having the same issue, it puts quite a tight time limit on getting an answer, I'm just sat refreshing the status page without doing anything and it gets to 100 in like a few minutes . Did you manage to find a solution?

No, but did finish the module.

OK, good to know. Maybe I'll come back to you for some hints 😉

ok so start again i set my connection with ssh user10@ip and then password of previous question answer the start powershell and then i type this

btw you can do ctrl+shift+f to do a search in the terminal; and search for "Account for which Logon Failed" you'll need to scroll down a bit to see username

Get-WinEvent -FilterHashtable @{LogName='Security';ID=4625} | Select-Object -Property * | select-object timecreated,message |Format-table -Wrap

you don't need to do Select-Object -Property *

ok

2 things you need to keep in mind

successive, meaning if another username breaks it up: then you stop counting and start fresh

patience

yeah thats why i am doing this for 3 hours

Read the question again. You have to log in to the DC and look at the logs there

also ^

you need to be on the DC for you to even get the right answer

are you ssh into the domain controller from the earlier question?

ok

bc tbh reading the instructions is really crucial to answering questions

i cannot get it to open\

no

elaborate, you don't need to open it with anything

then do that: that's the crucial part of this whole thing

as stated in the question

i cant start the vpn

can't start

thx great troubleshooting :)

how do I find student id for username?

you mean for linking your account?

academy doesn't have an ID to link with; it's only on labs atm

for username to ssh to target

oh

hey i forgot how to that dc thing where i can learn again

usually it's given in the question/instructions

if I spawn it gives it to me

the dc ip is given in one of the earlier questions

htb-student?

yes

yes there is

then just ssh with your current user/password

¯_(ツ)_/¯

"with user "htb-student" and password "HTB_@cademy_stdnt!"?

yes

if you're not connected to the vpn, you won't be able to connect to the IP

but how do we use that ip from earlier question

why I am trying to figure out how?

ssh user10@ip

from your current ssh session

so ip from where

ok you're gonna need to slow down and stick to one question at a time

which we generate or earlier question one

so: first you ssh to the target IP with the user10; then ssh to the Domain Controller IP from the earlier question

but there no password

it's gonna be your current user password

how did you manage to do it earlier

hehe

find it

thnk i lot today

learn*

key takeaway: read the instructions

yeah

MarcieLee

so how do I riun the VPN download file? How do I know if it is running?

Where are you from?

i swear i slept

I can't agree.

sudo openvpn /path/to/file.ovpn

do I have to use sudo as root?

if you're already in the folder that the ovpn file is in; then
sudo openvpn file.ovpn

i will whack you with a newspaper if you su to root on a regular basis

lol

you rarely, if ever, are actually required to su to root

yes first go to that folder where your vpn file stored at

that's the WHOLE REASON sudo exists

to prevent people from accidentally running a malicious command that requires root permissions

i.e. rm -fr / --no-preserve-root < - running this as root will nuke your system

maybe I will just switch!

before starting anything go learn setting up module its free

whoever/wherever you learned that you need to su to root for things is wrong

i will not stand for continued stupidity

wrong

I do, fight me

difference: you have braincells

also wrong

but also

I don't

this cmd dont run warning

🗞️

my brother in christ

https://x.com/seclilc/status/1643670546675113988?s=61

I TOLD YOU that the command is malicious

I TOLD YOU that it will nuke your system

lol

na no christ

yet you still ran the risk

i didnt i search guuglu

normally people meme that command as "this will improve your computer by removing the french language"

Listen, writing down such dangerous command is not a joke. I did rm -rf /home once and my system broke.

Since then, I never switched to root user.

thats good for lazy ones

¯_(ツ)_/¯

Some people think they're smart, but they're not.

if you know what rm is; and know how to do bare minimum of research you can find out how things are

that's kinda on you if you ran the command tbh

rm - remove
-r recursive
-f force
/ root of the filesystem

especially when it's said don't do it, it's bad

i think most fs now warn you about it

fs?

most

fs- filesystem

i should say OS

but i'm too lazy to edit

Are you human or ChatGPT sponsored human AI?

neither; just an idiot

Do you think having too much knowledge is harmful? What do you think?

why would having knowledge ever be a bad thing?

You say it, because you don't have it?

knowledge is power, power corrupts

home/kali/Downloads/academy-regular.ovpn

sometimes ignorance is bliss.

also knowing is half the power

didnt work

its not bad but people can manuplate it and serv as dangerous

you need to have the leading /

ohh

before home?

maybe, but not towards the things that I want to know

yes

otherwise it just goes based off the current working directory

just do cd to it and open new tab for other commands

once you get it to run, you should see near the bottom "Initialization sequence completed"

after that, just open a new terminal and you're good to go

Congratulations! You know openvpn!

sweet

i open a whole new terminal when i run openvpn, to prevent me accidentally shutting it off

finallythanks

hey i am getting this in vpn error : Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4788 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

sometimes it does that ¯_(ツ)_/¯

same i do as well

especially if you temporarily lose connection

even if it's just for a moment

so how do I find htb-ac-<number/i.d>?

bro dont go every where

just learn free module first the u get hold of it

my username is BubbaClutch, but it never works, and they make it htb-ac-numbers

my man how you explaining looking like u flying deathstar

solo

My name is Inigo Montoya

why do you need the number? it's just assigned when you spawn pwnbox, doesn't affect anything

if you're using your own vm, you don't need to worry about that

also: big tip -- don't run the pwnbox (in-browser vm) and your vpn at the same time

otherwise you're gonna have a bad time

well I just the number for pwnbox last time, it worked and that is nowhere on account

you're using a kali vm now; you don't need to worry about any pwnbox details

so I ssh to target, asking for the password and says access denied

yes: the target has it's own credentials

use what username?

read the question and it'll tell you

and usually it's right above the first question if it's necessary

i gor the password what it says to use

i know

also to paste into a terminal -> ctrl-shift-v

what username do I use ? kali vm username?

no

it says use htb-ac-student

no, it doesn't

it says htb-student

ssh htb-student@ip

how do I terminate current ssh ?

does it matter

wdym current ssh

what module and section are you working on?

linux fundementals

still didn't clarify current ssh

once you ssh into the target once; you don't need to do it again during that session

asked if I wanted to connect, typed "YES" and said the ip has added

but i did with a completelhy different username

i feel like there's a language barrier

or you're misunderstanding

if you do it with an incorrect username it'll still ask you to add the ip

then tell you no after you fail to login

htb-ac-111144450, is the username it allowed me access with?

no

not at all

not even remotely correct

read the question

so enter closes the connection

read it very carefully

I think they're mixing up spawning pwnbox vs ssh'ing into the target

they give you credentials to use

likely this

Spawning target is when it gives you usually a 10.129.x.x ip or a public_ip:port

the "spawn instance" is for the pwnbox

they are functionally and completely different

this is what you click to spawn the target

you should

1. terminate the pwnbox instance
2. read instructions

wasnt in pwnbox, thanks , im in!

you never need your htb account id for any module excersizes

i was understanding it like I had to put my student id in place, I didnt relize username was that vague

you are always either
a) given a username/password to use
b) given a username to bruteforce a password list with
c) given the tools/knowledge to get a valid username/password

i think to much into it, it is not that complex

it's not really vague, it's just you misunderstanding

username is the name of the user you're connecting as

very little to be vague about

especially when you're given the credentials (creds)

hey everyone anyone complete the intro to assembly language Im having bit of issues with loops has anyone completed? thank you in advance

explain what issue you have and what you have tried

I'm having an issue with the File Inclusion module. When you have to find the user who begins with the letter b, I know you have to put /etc/passwd after language= but it's not working for me

I've seen other people do the exact same thing but It doesn't work for me

I've tried using curl too

xreous is that for me or Lamp

your message?

So i edited the loop.s that u download to mov rax, 5

how can I reply to a message that has not been sent

instead of 2

runned the debugger

all hexes are wrong

then tried to run it without cause the rcx is 5 on loop already? maybe i reading the source wrong but the loop at the bottem with imul rax, rax I am not sure if i have to adjust that or the rax above

Finally MarcieLee slept.

look at the value of the rax register

is that through the debugger gdb

yes, that's where you find the answer after the loop as been run 5 times

so im doing it right change the rax to 5 from 2

no, you just loop it 5 times, don't change anything else in the asm code

so i dont have to edit the code

you have to edit the code to make it loop

so the part of the code im editing is the in the loop: part or above in the _start: part?

thats what im asking?

cause the source information above says u can change that number to loop it or am I reading it wrong?

read the section again, what is the loop counter? has it already been set to 5? if it already is, how do you make it loop?

thats where im having trouble mate and I have read it more then enough times

thats why im asking

then you're not understanding the section, read what I have asked

lol ok

anyone else on here done it that can actually help me and not give vague answers that state the obvious

I have read that mate and the previous over 4 hours now before asking on here

bro really out here just waiting for the answer to be given instead of understanding the materials

Im not a time waster so all good will ask someone else

not waiting for the answer

asking for help so i can understand how to get to the answer

but you do you mate i will ask someone else

whats the point in wasting time just to get the answer without understaanding these modules unless your learning are pointless

Need help with Common Session Variables (Account Takeover) section in Abusing HTTP Misconfigurations module, missing a step in bypassing ||MFA||. Can I dm someone?
Edit: nvm, finally figured out.

Hey XreOus go on to the page with loops mate have read yourself it says mov rccx, x Sets loop (RCX) counter to x
loop jumps back to the start of loop until counter reaches 0

lol making it loop and have I read it now can you understand the fustration of getting vague replies like read the materials mate when I told you above I tried that and didnt work?????

this is the closest I can go without giving you the answer, what is the loop counter set to?

thats the counter for rcx though so would rax need to be changed???

cause the question says loop it 5 times but needs the rax value

so wouldnt u want to loop the rax 5x I dont understand it

in the loop section I changed it to
loop loop

under imul

then just run the damn thing

you say I'm giving you "vague" answer but that's because you don't understand these sections, I'm not gonna teach you what's already been taught in the sections

lol ok mate so cause I have tried your answers and explained it why thats no good ok mate

if i didnt understand how have i completed the other sections

cheers for stating the obvious of the material though mate 🙂

How do we confirm that a zone transfer was actually done?
https://academy.hackthebox.com/module/144/section/1256

I can see this section in the zone transfer query response. Is this something we did or was it something already in? I need more explanation on this.

I have completed this module a while ago

I remember i had alot of issues running these commands with my own virtual machine even with /etc/hosts added

run it through there machine

when you perform the zone transfer; it'll tell you

zonetransfer.me is a public site; no need to add it to an /etc/hosts

What about the gibberish text I shared in the screenshot?

that's just the responses based on subdomains

Hey MarcieLee have you completed the introduction into assembly language by any chance

no

no worries 🙂

i suggest stepping away from the module for a bit and you might be able to get it

Oh i cant its kiling me I have spent hours and hours on it

Take a break

when you step away and do other things it allows your brain to background task thinking about it

and in the middle of you doing something else you might have a revelation

of "oh, i'm dumb"

Sometimes, these scenarios make me wonder. The target IP is the DNS server IP or inlanefreight.htb IP?

yes

What kind of response was that?

in some cases they're both

Oh wow.

Thank you for not sleeping when I needed you.

but the question is asking you to pull the nameserver of the inlanefreight.htb domain