#modules

Different tool

There's a reason the link was to the module content repo, not a GH repo

Though I think a requirements.txt should be added to the zip, it just takes reading the error to figure it out @vestal wing

I can't give too much help as its the skills assessment, but re-read the brief in the skills assessment section. When it doubt, go again

I'm revisiting this module and I didn't record my steps that well for this module. So now I'm trying again to retrace steps, but even with ReconSpider my json file is empty. I've tried 5 different ways to crawl inlanefreight.htb

Remember to add subdomains to your hosts file as you discover them.
As I said, read the short brief again, it contains several very big hints 😛

I've got ziltch subs right now, I tried finding them and got nothin

i got one with gobuster but not sure if its correct or just a phantom one

ill run it in the background while i carry on with another module. Dirb didnt find anything with the common list

ill try Gobuster and see if i get anything from a larger list

try a different seclist discovery wordlist 👀

fk em

Run your vm in bridged mode usually makes ISPs not care, if you're referring to your rate dropping

I mean I can add one but its a single package

People can't read errors, sadly

Yeah, I think I just got confused because they had the same name. Now that I think about it, I thought it was weird there wasn't any github link for the tool (the other modules usually had the link), and that the wget link was for academy.hackthebox.com. It should've tipped me off that it was a different tool. It was probably from the lack of sleep. Lol

😛 welp disaster averted at least lol

Is it mentioned though that scrapy is required? Might be good to add that

For our error non-reading friends

it does but I'll look on monday if I can make it clearer, anyway I'm off to bed, 4am here lol

Night rest well knowing your code isn't on fire (yet)

hi guys im a total beginner and i wanted to access the windows fundamental but for some reason it wont unlock can yall help me T-T

Disable adblock

mannnnn

you are my savior

thank you

Alright, now working on Exploiting SQLi via WebSocket. I set up the middleware script, with the victim IP, but running sqlmap against it doesn't identify or exploit a vulnerability, unlike in the module. I am using ?username=htb-stdnt. I know I am missing something. Anyone got a small nudge?

how would i speed up hashcat?

You either need a dedicated GPU or more CPU cores. Are you doing this off your own VM? And if it is a VM how many cores are allocated?

i moved it too off to speed it up i added the GPU from the nvidia control panel

ur able to use both cpu and gpu correct?

went from 9 days to 9 hours lmao

You would use either but not inconjunction

btw whats the issue with using inconjunction

Hashcat can use both CPU or GPU to scale the workload, but I don't think it runs together. It would change accordingly. But if you can use a GPU you would always want to use that

From a forum discussion in similar context "Option -D 1,2 will tell hahscat to use CPU+GPU (GPU only default)"

thank you

👍

i have 4cpu + 8gb ram assigned to my VM. is this generally enough for hashcat?

also, is anyone else having issues with maintaining a connection for the credential hunting/password attacks module? i keep getting disconnected in the pwnbox and on my VM

It depends what you're trying to crack also

true. at this point, i am more worried about doing things quick enough for the CPTS when i'm ready lol

but my computer is relatively new. i made sure i got 64gb of ram as i knew i'd be using a lot of VMs for various projects

Is this for CBBH?

Or I've forgotten burp was used in a module

I will have a look back at my notes unless someone jumps in b4 i do

Shells & Payloads?

Roger

Ahh you're ahead of me, my bad

I get you're trying to bypass file extension allowlisting but I haven't seen that content

im not up to that yet either. im on password attacks

so i just googled how to passthrough gpu to virtualbox vm, and apparently they dont support it. is this a good push to then rely on cpu instead?

What if you setup hashcat on your host instead of the VM and crack it with your own GPU instead?

you should be able to grab the hash you're cracking through drag&drop from guest to host

yea true. ill keep that in mind

im sure HTB wont be giving us stuff that will take a whole day to crack for the exam lol

well for some of them, it was taking me an hour or more though more with cracpmapexec

I doubt it, I haven't run into any cracking issues either through pwnbox or my own VM

crackmapexec seems to be more time consuming right now ....

but my connections to target boxes has been shit

spent more time reconnecting than anything else. i guess there is a lot of ppl using their sunday to study

#modules blind sql injection skill assessments. i dump the admin email and password hash and able to crack that, but why those not works for login . I tried multiple times but unable to login. just getting the same /login.php page returned. what should I do ?

Have you tried respawning? Feel free to dm me

https://academy.hackthebox.com/achievement/1343525/74

thank you

Great job

Hey, just completed intro to AD. I completed the whole lab with the MMC GUI Console and NOT with powershell. Is it okay ? or should i complete the wholw lab with powershell again ?

Thanks 🙂

I’m not sure but I think it doesn’t matter as long as you get the desired result

I'm confused because in real world, we would often get a shell on the machine and not a gui mostly. So.....

would u say 10 min for 100,00 is good or nah

What type of hash?

bycrypt

According to this post:

"bcrypt is very slow. A 2080 Ti can get around 28,640 H/s for one hash (iterations: 32)"

Module: AD Enumeration & Attacks
Section: ACL Enumeration

I was just going through the section when I begun wondering how I can obtain the username of a domain user? There are several instances within this section where they just state the username but it's not shown in any of the output. I'm assuming it's 'cause of the pattern from the CN. For example, if the CN of the object is Dana Amundsen, the username is damundsen. That's just been the pattern of usernames followed in the module so far.

Is there a way to obtain the username of the user from the following output?
||```
ObjectDN : CN=Dana Amundsen,OU=DevOps,OU=IT,OU=HQ-NYC,OU=Employees,OU=Corp,DC=INLANEFREIGHT,DC=LOCAL
ObjectSID : S-1-5-21-3842939050-3880317879-2865463114-1176
ActiveDirectoryRights : ExtendedRight
ObjectAceFlags : ObjectAceTypePresent
ObjectAceType : 00299570-246d-11d0-a768-00aa006e0529
InheritedObjectAceType : 00000000-0000-0000-0000-000000000000
BinaryLength : 56
AceQualifier : AccessAllowed
IsCallback : False
OpaqueLength : 0
AccessMask : 256
SecurityIdentifier : S-1-5-21-3842939050-3880317879-2865463114-1181
AceType : AccessAllowedObject
AceFlags : ContainerInherit
IsInherited : False
InheritanceFlags : ContainerInherit
PropagationFlags : None
AuditFlags : None

With https://github.com/urbanadventurer/username-anarchy?
./username-anarchy "Dana Amundsen">dana.txt -> damundsen should be in the list

(It's a tool from the CPTS path)

Do you happen to recall where it's mentioned? I'm already at ACL Abuse and haven't come across it.

It's from Password Attacks and we see it later in other module(s) too, after the AD module

Are you sure? I didn't see it in the Password Attacks module.

Nvm, it is there.

But this method just generates possible names, isn't there a definite way to get it if I already have access to another domain user?

Yes there are a few that you can find in the cheat sheet, but I think that the best is
enum4linux -U 172.16.5.5 | grep "user:" | cut -f2 -d"[" | cut -f1 -d"]" or
enum4linux-ng -U 172.16.7.3 | grep "username:" | cut -f2 -d":"|cut -f2 -d" "

The IP being the DC
Otherwise you have:
ldapsearch
crackmapexec/netexec
windapsearch.py

Ahh, okay. So the only method is by enumerating domain users and then looking for the name in the list? No way to just get it from the DN.

I think I didn't understood your question from the start (I shouldn't try to help when tired)
1)
If you have the CN you can get the username using several powershell functions
Get-ADUser -Filter {CN -eq "Dana Amundsen"}
Get-DomainUser -Identity "*Amundsen*" (PowerView)
2)
You can also get the username from the ObjectSID (from your input)
$u=Convert-SidToName "S-1-5-21-3842939050-3880317879-2865463114-1176"; echo $u
3)
In that case, we already saw that the accounts all use the pattern firstletter of firstname + lastname, so we can guess it

#modules message
Also for this kind of question I would highly recommend this, it has been posted yesterday and the help part is really helpful, it explains the thought process to find the command you need, then how to use it.

Thanks, this was the response I was seeking.

hi guys
im new to hacking and im really stuck on the ACADEMY-NMAP-MEDIUM (https://academy.hackthebox.com/module/19/section/118). i feel like i tried out every solution on the internet and still nothing works
im trying sudo nmap <IP> -p53 -sSU -sV --script dns-nsid but the only version i get is "NLnet Labs NSD" for 53/udp and this doesnt seem to be the solution

You need to use one of the solution in the "Firewall and IDS/IPS Evasion" part

Also you can use the -d flag to see if the dns-nsid script worked

Try running the command in pwnbox, turn off the vpn on your own machine

This is one of the few labs that's weird between vm and pwnbox output

damn thanks a lot

how does it come that there is a difference between openvpn and pwnbox?

¯_(ツ)_/¯

You can get it to work on your vm, but it's inconsistent

I'm trying the exact same command that worked for me and it doesn't anymore

Best exercise 👌

this Password Attacks module is taking me forever .... lol

I am currently doing intro to c# and am stuck where I have to get flag from a Library-Question.dll, the problem I am faacing is I have dotnet ver 8.0.101 and the dll file I got supports net 6 and 7 so I am getting a architecture error any way to resolve it?

sorry mate, wish i could help :/

i wish i knew c# lol

targets are taking forever to spawn ... ive had a lot of trouble with this today tbh

you can select the .net version when you create the project in VS

nvm sovled after resetting 🙂 🙂

https://tenor.com/view/ohhh-duh-why-didnt-i-think-of-that-gif-21849807

Hey guys. I need some help with the Skills Assessment - Snort " There is a file named wannamine.pcap in the /home/htb-student/pcaps directory, which contains network traffic related to the Overpass-the-hash technique which involves Kerberos encryption type downgrading. Replace XX with the appropriate value in the last content keyword of the rule with sid XXXXXXX within the local.rules file so that an alert is triggered as your answer. " Tried to delete the whole "content" for the related IoC, got some alerts and when search them i only find 02 for the unknown value but this doesn't work. Tried to use the 12 as this is the value for RC4 and again i get some alerts here too, but still doesn't work. What should be the correct answer? Is i just don't understand the question i guess.. EDIT: found the 17 as value but idk what the answer must be ...

yeo guys why isnt pwnbox isnt working

anyone experiencing down pwnbox cant spawn vm

For htb academy? I am, just started to use the site yesterday but not able to today even after troubleshooting (clear cache,restart pc)

I got an error message

ok thanks for update they must be going through something atm

its a scam

i watched like an hour lojng video on this exact scam

someone ban this loser

<@&861185840277487616>

idk why bro came here to phish people

Why am i unable to spea in general channel

speak

you gotta verify

How do i do that

use /verify in bot commands

and the bot should dm you

then go to app.hackthebox.com to get the code to verify because its not in academy

Thank you, you are so kind

Does anyone have any tips? This is the last assessment i have left for this module ..

<@&861185840277487616>

Anyone finish Skills Assessment II of INTRODUCTION TO DESERIALIZATION ATTACKS ?
Could me DM you to get some hint?
Thanks

anyone still experiencing errors when loading pwnbox

Yes man

ok yea its lame

Hello anyone can help me?

i am getting this error

when i host something in hosting websites

To post pictures, you have to verify your user.
Read and follow #welcome

does anyone know what it could be thats not loading the pwnbox. has anyone tried the parrot os version?

Send me a friend request, I finished this module, can help you

also status says everything is up

Hello everyone, I am taking the Introduction to Windows Command Line module and I have a problem when running Get-ADUser -Filter *

Winrm?

It means your user doesn't have access to do Get-ADUser

Thank you, I am supposed to ssh as another user

Are you told to ssh? Or rdp?

ssh

What section?

User and Group Management

it's working now. ty

https://tenor.com/view/i-aint-do-nothin-j-alphonse-nicholson-john-robinson-self-made-inspired-by-the-life-of-madam-cj-walker-didnt-do-nothing-gif-16892174

Also that section has you ssh in with user "mtanaka"

Look just above the question

yeah I am blind smh

Also your filter is kinda broad, you might want to narrow it down

There's a GivenName field for AD users

And there's an example command above that shows searching for email

I did thank you ❤️

Gl!

Hey guys why do i always have this?

Try deleting the cookies and then trying again

i never had that before

Reach out to support

happening to me too

but im using a vm so it doesnt matter

i believe the pwnbox server is somehow tied to the vpn or the vpn's region, maybe try changing regions to see if the pwnbox spawns in another region

I tried that still not working. I will take a break from academy for now and use a VM later if the problem persists

I have similar problem 🫠💔

i think its everyone

Hi there. I'm stuck on the Web Enumeration section of the Getting Started module and would like some help if possible. I've used gobuster to enumerate subdomains but I can't seem to access any of them at all, neither through the web browser or curl, etc.

My PWNbox also fails to start

How do you ise you vm with htb? With vpn or?

yeah i have a parrotsec vm

and i use the vpn files from the modules to connect

Ow oke i have a linux vm im gonna try

yeah make usre that the files are on your vm

like log into hack the box on the vm and download

i can help you if you need it

Yeah it would be nice i never tries

want me to stream or send images or just message to help

messages are ok i just have to install it again on virtualbox give me a sec

how are you guys completing these modules? I'm currently on silver Plan but not got enough cubes for most of the CPTS job role path, are you guys just buying the modules?

I was on the silver subscription but changed to student, all modules up to an including tier 2 are included with that

ah okay cool i will have to look into the student plan

Did you complete the Getting Started module?

I bought a platinum subscription to buy the majority of the modules. I think with a platinum and a gold subscription you can buy all the modules

Yeah, I've completed getting started

Could you help me with the Web Enumeration section?

Go for it, what you stuck on?

I have a question for the Skills Assessment Web Recon lab, if anybody could give me a hint

I discovered subdomains of inlanefreight.com but I can't access any of them, no clue how gobuster found them if I can't access them through the browser or curl, etc.

Send me a DM bro, and screenshot if you can

did you write the domain+ip in /etc/hosts?

he should be able to resolve inlanefreight.com without adding it to /etc/hosts, if not then it's a problem with his dns or something.

i had to write the subdomains in /etc/hosts. But afair it is described in the module. So there could be another problem

I m following pentester role path and having this problem in Getting started module, do anyone know what should I do to fix that ?
is it a temporary problem ?

Is it really .com?

i have this problem too, sometimes. Hit F5 to refresh the page and you see the instance

yes

yeah its .com

yeah they are down for a lot of people

use a vm it shoul;d work

ohh okay thanks

thats what im doing and i can still do stuff

Which section and which question exactly are you on?

I m a pretty beginner, do you have any tutorial to connect HTB to my vm ?

i am also but i can help you set it up

section Web Enumeration and the question is " Try running some of the web enumeration techniques you learned in this section on the server above, and use the info you get to get the flag."

get some resources on an oracle vm

I have tried everything from that section.
gobuster dns
gobuster dir
curl
whatweb

under ur profile go to vpn settings there is a step by step there

great thankss

Im stuck in the Web Recon Skill Assessment Lab, as the web crawler doesn´t seem to work. I can´t seem to find the "admin" directory that you are supposed to find. Any hint is welcomed

You have to start the target. The website inlanefreght.com is not the target.

Inlanefreight is the example

It's started but not accessible either. I cant ping it, or nmap it or anything

that could be the instance issue

i might be an idiot but does the certificate have somethijng to do with it

No

ok

You'll almost always get a certificate error on targets, since (if they're using SSL) they're using self-signed

@rustic sage im ready

I get a connection timed out error

huh

Then that's a connection error

I'm trying to enter my ~/tmux.conf file, but it says I don't have permission to access. I have tried to use YT and ChatGPT for this issue, but to no avail with all of their solutions, none of them worked. Anyone that can help in this regard?

Edit with sudo maybe?

also there is a tutorial on app.hackthebox.com for using the vm instead of a pwnbox

Could you check if the target in that module works for you?

Not rn

Probably won't be at my computer for several hours

ah okay

Can I only use OpenVPN when I start PWNBOX?

It works for me

You don't need to run openvpn when using pwnbox

Pwnbox automatically connects to the vpn

you only need openvpn if your using your own vm i think

yeah what marcielee said

You can run openvpn without running the pwnbox

Is PWNbox fixed now?

@rustic sage do you ahve the article?

I can't ping it or anything even after resetting

no

i just tried

it was a video

ill get it for you

its very annioying its not the first time that those vm's are down

sudo openvpn /path/to/file.ovpn {replace /path/to/file.ovpn with the filepath to the openvpn config you download}

Run this in your own vm

I see what you mean

But I failed to start pwnbox

This isn't for pwnbox

I don't want to use my own host connection right now

It's for your own personal vm, not the in-browser vm

Ok, I'd like to use an in-browser VM right now

Well then you'll have to wait until it gets fixed

Ok, thanks

Likely several hours to a day or more

I got the same issue and same error

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

Reach out to support

The HTB support team doesn't monitor the discord, they aren't paid to

i think its happening to everybody, or a region

hi, its the right channel to ask about a module quiz ? i think i get the right answer but i dont understand if i missing something

It is a docker container. You cannot ping it

What module, also be mindful not to spoil anything

Okay that's good to know but seeing how it's a web enumeration exercise, I should be able to use gobuster on it or at least access it via the web browser?

http://ip:port

Or if you have a domain in your hosts file

it times out

http://domain:port

Do you have a proxy running?

Local vm + htb vpn

sure i try to keep the secret , i was doing JavaScript Deobfuscation all good until i get to decoding, i have done a decod, and find the decoded message, when i enter the response i get the worng answer error

Then you're likely moving too far ahead

The flag will be in the decoded js code flag =

If it looks weird with a bunch of + then it's not fully decoded

flag=HTB{..} with no + in it

Always pay attention to the steps they want you to do

If you link to the section I'll be able to help you more

https://academy.hackthebox.com/module/41/section/445

Mm ok I see what you did wrong

i did get it, sorry

In your curl request does your -d flag have the decoded secret from the previous section?

You're not literally putting the text from the question, you're replacing whats after the = with the decoded secret

The answer would be HTB{j..l}

Another common thing is having extra whitespace in your answer so make sure there's no extra whitespace before or after your copy/paste

yes i miss the fact i should have done a http request with the decoded message, sorry but english its not my first language and sometimes i miss something, btw i'm using postman and other tool to get this done bc i'm having issue with the pwnbox

I use my own vm for these

i try to use as many tools as possible to learn other things too, btw ty for all the help

Has anyone advice regarding webdav? I've completed File Transfers > Windows File Transfer Methods but webdav just wont work for me.

$ sudo wsgidav --port 80 --root /path/to/share/directory --auth=anonymous

Powershell doesn't seem to switch over to webdav as described in the section

PS C:\Users\htb-student\Downloads> dir \\10.10.14.244\DavWWWRoot
dir : Cannot find path '\\10.10.14.244\DavWWWRoot' because it does not exist.

So turns out I couldn't access the target site through htb vpn. I thought all access to targets was to be done through the vpn

Public IP access is restricted for free users

On the pwnbox

The htb vpn shouldn't be rerouting your whole traffic

It's split tunnel, if you're on your own vm

I have a silver subscription that's due to downgrade to a student sub in a couple of weeks and I'm using a local VM not the pwnbox

The htb vpn should not be re-routing your main internet traffic

It is a Docker container. They are publicly accessible

If it is, there's some weird setting in your network manager

you don't need a VPN for this

Well yeah, but the vpn shouldn't be restricting his VMs internet access anyway

I spent quite some time troubleshooting the issues I've had with this module and by accident, I killed the openvpn terminal session then it all loaded 🤦‍♂️

Just odd that your vpn is restricting access in general

Anyone having trouble spawning pwnbox and target ?

I had no clue some labs are to be accessed without the vpn

Pwnbox is having issues for many

If it's a public_ip:port vpn isn't needed

Where’s the hacks

As well, if you don't see a vpn download next to the questions, it's not necessary

Read #rules and #welcome

If you're looking for game hacks or stuff like that, these are not the droids you're looking for

Noted. Thanks 🍻

We're looking into it

We are currently working on this Pwnbox issue, please use a personal VM for the time being to connect to HTB VPN, I will let you know once this is resolved guys, sorry

When will the problem be solved?

Yes I had the same issues, so I raised it with support to unlock the answers so I can correct them. A notice if a module is going to be updated in advance would be useful going forward.

I have no ETA on this sorry, the team will fix it as soon as possible

Few hours maybe I'd say

Help, I can't spawn a VPN instance.

I tried refreshing the page, clearing my cache, changing my VPN server, and rebooting my laptop.

@slender violet Its something from our side. Please allow us time until the designated staff deal with this.

Thanks for confirming it's an issue on your end, I was going crazy haha.

Support on point even though its the weekend.

did someone solve web recon skill assessment ?

What module is that? Can you send the link?

https://academy.hackthebox.com/module/144/section/1311

That's the new one right? I haven't solved it yet but I paid for all the solutions.

https://discordapp.com/channels/473760315293696010/1232354387288920064/1253383129226285156

Not new, changed

"Paid for all solutions" also

Ok it says "New" and "Updated", I guess it just means updated.

They likely don't have a new writeup yet for the changes

It's new because they changed the name, then reverted the change

That makes sense haha.

Hence why it still says "Web Recon" Skills assessment instead of "information gathering" skill assessment

Yeah, i asked about that lab some hours ago. Something has to be wrong (me probably haha)

Ik you're referring to the walk-through for silver annual, and I suggest not using them unless you're absolutely stuck

yeah the lab is kinda of weird (if I am not missing something )

Likely you

Your comment really helps

I highly doubt they would have released the skill assessment without testing it first

I'm using the solutions because I'm taking the OSCP in 2 weeks. My main focus now is to get as much extra notes as possible. I struggled through all the exercises in PEN-200 lol.

That's a bad way to do it

The walk-through basically uses knowledge that you would have gained from actually reading

You're gonna find yourself in a worse off spot by blitzing through content

https://forum.hackthebox.com/t/web-recon-skill-assessment-question-3/316239

If you struggled with Pen-200, then you're gonna struggle with CPTS, it's how you deal and learn from the struggle that will define your success

Nah he's afraid of failing an exam

I get what you're saying about learning through struggle like with PEN-200. That was tough but I got the basics down. Right now, with the OSCP coming up fast, I'm using the HTB solutions to stack up on extra notes. It's like a speed run for me—I know I might miss some learning depth, but I think having solutions from 12 modules will help me more than just doing one module slowly without looking at the answers. It's all about maximizing my prep time. Thanks for the advice though!

Which imo most people fail OSCP on their first go

hey everyone I am new to Linux but want to learn Kali, what would be the best resource that would work for me?

Again you're going about it wrong, I suggest actually reading the content

kali linux

Google

Kali is just a Debian linux derivation, if you know linux basics you know Kali basics

Alright well hopefully I prove you wrong by passing on my first attempt in 2 weeks lol.

You're gonna fail. I know this comes off as rude, but you are. I suggest reading the content to further improve your understanding rather than your copy/paste skills

The CPTS modules tend to emphasize the understanding of underlying vulnerabilities so you know why they work and when to use them

Hi. Does anyone remember the module in which we get "wley" hash?

Rather than having a list of copy/paste commands you don't understand

Why would you assume that I'm going to fail, given that I did all the PEN-200 course material without solutions.

HTB Academy is just in addition to the training that I actually needed. So I don't know why you would assume that I need to work through HTB Academy modules without solutions to pass the OSCP.

Probably the ad enum module, unless you mean section.

You said you struggled to barely do them

Sorry yeah i mean section.

Working through them and reading the material might give you a different, and perhaps better understanding of the content

I didn't say "barely" and of course I struggled while learning new skills. Doesn't everyone?

And even if you pass OSCP, you'll bomb CPTS

That I can agree with. Looking at all the solutions would be a horrible strategy if I was preparing for CPTS.

Either way, just using solutions is cheating yourself from learning

Even if you "know" the content

If you're using academy as practice, you shouldn't be using shortcuts

That's my point

If I had more time before my OSCP attempt or if I were preparing for CPTS, I would definitely do the HTB Academy modules the right away.

still do it the right way, if you actually know and understand it, then you won't have many troubles ¯_(ツ)_/¯

Can anyone drop a hint for the Snort skill assessment from the Working with IDS/IPS module, please? I tried so many things but don't understand what the asnwer must be.. https://academy.hackthebox.com/module/226/section/2462

But my view is:

PEN-200 and no HTB module notes < PEN-200 and notes from HTB modules without doing it the right way < PEN-200 notes and doing HTB modules the right way

It's better than not having notes from HTB at all.

Yeah your take is bad, but good luck

I hope you at least go through the modules the right way after

We'll agree to disagree

Imo if you are just planning to use the solutions do it this way:
Spawn target, attempt for an hour, fall back on the solutions

As the solutions don't generally explain why a tool is used

Just that a tool is used, and you should know why

Or a technique is used, and the reading explains why

I got most of the knowledge I need for the OSCP from PEN-200

HTB Academy is just on top of what I actually need.

Then don't do academy. Just study your PEN-200 notes

If you fail, then do academy to increase your knowledge.

That's the plan.

I have until December for my second OSCP attempt.

No. Your current plan is just using academy to practice your copy/paste skills because you're doubting what you actually know

I wouldn't say I'm doubting what I know. I'm doubting that I know enough.

Well PEN-200 preps you for OSCP, you shouldn't need to know more than what they teach

In theory, yeah.

The reason people say CPTS path crushes OSCP prep is simply because HTB teaches it better

And gives you a more solid understanding

Yeah I heard that too.

(And the labs aren't as jank, usually)

But plenty of people pass OSCP off OSCP prep, PEN-200

It's definetely easier to revert the VMs.

Also having the VM built in to the platform is a better experience.

Well, it's a crutch

I suggest everyone, if they can, to use their own VM ¯_(ツ)_/¯

Or just SSH in from your host lol.

Not to mention OffSec states to use Kali for the exam, and any technical issues won't be helped with if it isn't Kali

True

I still suggest using your own vm

You have more control over software versions and such within your own vm

And you aren't reliant on a third party to be functioning

I.e. the current pwnbox outage

So you're saying there's a way to connect to the lab from my own VM, right now with the pwnbox outage?

Oh wait pwnbox is working now.

The issue seems to be fixed for Pwnbox, can you guys please try now?

CONFIRMED

I cannot connect back to the Academy, only to the Labs

it was working an hour ago

Using Pwnbox or the VPN file?

works for me thanks

the website kicked me out completly and not accepting my 2FA - I recently migrated under SSO

my VPN is OK

Dming

I am getting an error "Something went wrong" when clicking start pwnbox for Academy.

Can you change servers or location and check again please?

I am on a dedicated server and changing locations gives the same error.

Dming

why wont my proxychain nmap work? i set it up using ssh dynamic port then i edit the config file for proxychain then i do proxychain nmap and it says host r down use -Pn if block, then I do -Pn and it says hosts r up but al lports r filtered but in module it doesnt need -Pn

sounds like you misconfigured proxychains or are targeting the wrong ip.

or aren't on the vpn

i am

i can nmap -Pn

and it shows me 4 ports but they are filtered

whats up my people, anyone working in the Information Gather - Web Edition - Skill Assessment? cannot for the life of me get my local kali box to resolve inlanefreight.htb while on the VPN, added vHost to /etc/hosts, can pull up the page using the box's IP/Port, but all enumeration tools come back null. Im certain its an issue with my DNS but unable to determine where or how to fix

there's a vpn for this exercise ?

someone previously had this issue i think, for IPs not 10. I don't think you need to be on the VPN to resolve

I see a lot of ppl complaining about that (including me ) , idk if it is skill issue or something wrong from the exercise

have you added the hosts in the host file?

ie the subdomains hosts aswell

did you solve it ?

awhile back yes

@limber river @jolly raptor @old oasis its been updated as of last week if Im not mistaken, use to be githubapp.com but now uses an on network domain of inlanefreight.htb which is why I've been using the VPN. adding <targetIP> inlanefreight.htb allows us to hit the page using the targetIP:port but if I try to hit inlanefreight.htb in a browser I get nothing. I can ping inlanefreight.htb without issue but, for example, if I use dig, or even curl, I come back empty handed

even tried from the HTB machine in browser, nothing

after the changing ?

should be the same concept though. I remember I had the same problem and it was fixed after I double checked that I had all the hosts

not the same , I completed the old content

I am going to eat now will take a look at it after and see if I also run into issues

thanks man, Ive been at it since the update and cant wrap my head around it. everything lines up, even went as far as cloning my VM and borking it by what I can only describe as a full assault on the DNS settings. hoping its user error and not a problem with the module

I'm also still stuck on it

I also think it might make sense for the next module past it (attacking web applications with Ffuf) to come before the info gatherng web edition

I solved it earlier today. Took me quite a while as subdomain bruteforcing did not give results and/or got a lot of errors even with the correct wordlist, tool and command. So I had to circle back and finally got it.

Are you able to run ffuf on <targetIP>:<port> like mentioned here? #modules message

what would be the equivalent of "find / -name flag.txt 2>dev/null" for windows?

thanks for suggesting this, it appears so as previously I was getting only errors.

as it goes, only after coming here did I recall the VPN on my router. since then I've added a rule to allow the traffic to bypass and things are starting to look up although Im not getting what I need just yet. results from ffuf:
└─$ ffuf -w SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u http://94.237.52.167:42931/ -H "HOST: FUZZ.inlanefreight.htb" -fs 120

    /'___\  /'___\           /'___\       
   /\ \__/ /\ \__/  __  __  /\ \__/       
   \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\      
    \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/      
     \ \_\   \ \_\  \ \____/  \ \_\       
      \/_/    \/_/   \/___/    \/_/       

   v2.1.0-dev

:: Method : GET
:: URL : http://94.237.52.167:42931/
:: Wordlist : FUZZ: /home/null/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
:: Header : Host: FUZZ.inlanefreight.htb
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response size: 120

:: Progress: [4989/4989] :: Job [1/1] :: 195 req/sec :: Duration: [0:00:13] :: Errors: 0 ::

@limber river @jolly raptor @old oasis

u getting a bunch of 380s-400s for filesize

nothing, actually, but the lack of Errors is reassuring lol

Try a different wordlist

for sure, was just about to mention to @dusky gyro thats my next move. I'll come back once I get somewhere, share the progress

If you end up really struggling you can PM me for a hint, I had to go back and do it today also, I think you you'll be able to do it though.

socks4 127.0.0.1 9050
proxychains.config file my ssh └─$ sudo ssh -D 9050 -i root root@abc

but then i o proxychains firefox ip but it doesnt work

why

will do, thank you, gonna bash against this wall a bit more before i buckle haha. I'll hold you to the offer though if I do

why wont my proxychain wprk i deleted and reinstalled how do i get my flag o.o

Are you trying to run proxychains from the ssh connection or a new terminal

You shouldn't need to reinstall

Part of it is likely just a you issue

from a new termina

in general the proxycahin dont work

i tried to proxychain curl 1.1.1.1 but no work

┌──(sam㉿kali)-[~]
└─$ proxychains4 -v curl 1.1.1.1
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
proxychains: can't load process '-v'. (hint: it's probably a typo): No such file or directory

└─$ proxychains curl 1.1.1.1
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Strict chain ... 127.0.0.1:9050 ... 1.1.1.1:80 <--socket error or timeout!
curl: (7) Failed to connect to 1.1.1.1 port 80 after 0 ms: Couldn't connect to server

Well you won't be able to curl 1.1.1.1 through the target, it can't reach the internet

└─$ proxychains smbclient -U ssmalls '//172.16.8.3/Department Shares'
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
Password for [WORKGROUP\ssmalls]:
[proxychains] Strict chain ... 127.0.0.1:9050 ... 172.16.8.3:445 ... OK
session setup failed: NT_STATUS_LOGON_FAILURE

ik ik just in general it wont work

Hey guys im trying to run an apache server test but by following this https://ubuntu.com/tutorials/install-and-configure-apache#5-activating-virtualhost-file i dont have the final output

Logon failure, you likely have incorrect creds

i was able to use crackmap for like a minute and give proper and then it stoppd working and disconncted

nope i double check with the give answer

can i mp someone for my problem so we dont border other people?

It also helps if you provide the module name and section

Ask in #web since it's not directly module related dude

proxychains crackmapexec gives stuff till SMB 172.16.8.3 445 DC01 [+] INLANEFREIGHT.LOCAL\ssmalls:Pwned123 SPIDER_P... 172.16.8.3 445 DC01 [*] Started spidering plus with option: SPIDER_P... 172.16.8.3 445 DC01 [*] DIR: ['print$'] SPIDER_P... 172.16.8.3 445 DC01 [*] EXT: ['ico', 'lnk'] SPIDER_P... 172.16.8.3 445 DC01 [*] SIZE: 51200 SPIDER_P... 172.16.8.3 445 DC01 [*] OUTPUT: /tmp/cme_spider_plus SMB 172.16.8.3 445 DC01 [-] Error enumerating shares: The NETBIOS connection with the remote host timed out.

Also

For fucks sake, idk how many times I've told you

Wrap your output with triple backticks

soz

```

Like this
So it
Gets formatted

```

i used proxychains crackmapexeca nd it works for like 2 seconds

timeout
So try increasing the timeout flag

¯_(ツ)_/¯

how to increase timeout flag

Google

how many seconds i did it

how many secs u think is good?

Just guess

Try 5 or 10 or 15

I'm not some wizard

I tried fuzzing didn't work

its socks4 right

Follow the module

i am

i did everythin in moule but dont even work

yes i am sure

Did you try increasing the timeout

yes

could other proxy mess it up

but ive no other proxy open

socks4 127.0.0.1 9050
└─$ sudo ssh -D 9050 -i root root@abc

And you get the connection to the host?

Btw you don't need root

same, even removed the filter to see if there was anything I missed but hasnt worked for me either but giving amass a run for its money now

Hi guys, is the sa user creds that on important.txt misguiding or it's right ? talking about Footprinting Lab - Medium

It's not misguiding

Think of default accounts on Windows

so why i can't login with those creds on mssql data base ?

Think of powerful local accounts on Windows and try using the pw to log in

bruh i made text file then i renamed it pwn.bat

but its still a text file why?

Because it's still an underlying text file

If you run it in windows, it'll treat it as a batch file

it doesnt

its pwn.bat but its full pwn.bat.txt

Oh you mean in windows?

Just go into the thing and delete the .txt portion

Or in linux mv file.bat.txt file.bat

i cant delete the .txt portion

tis name is pwn.bat but its actually pwn.bat.txt

an yes its in windows

You should be able to, windows might give a warning

In file explorer

i am in file explorer it dont change...

weird ¯_(ツ)_/¯

Also when you save in notepad you need to change the filetype at the bottom when you save as so it doesn't append the .txt

@sleek moss As long as you select All Files as the file type, it should save correctly.

finaly.. i am done.. the pen tsest path...

Hi I am doing the SQL map case 5. Somehow the flag printed is .....0{7...} and submitting this results in the wrong answer. I manually changed it to ....0R7.... and it's correct. Seems there's a bug there, I've tried with --no-cast option as well and no difference.

Hello everyone!

I have a question about the API CRUD section.

I am trying to get the city to change to "New_HTB_City" using the POST in the Heder method with
curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

Ive edited it look like
curl - X POST http://admin:admin@94.237.52.66:46886/api.php/london -d '{"london":"HTB_City", "UK":"HTB"}' -H 'Content-Type: application/json'

The comand error is
city details missing

Im confused. what im I doing wrong?

I'm having this exact same issue.

Module is not completed, I can connect to VPN, but it will not allow me to start the machine to progress

"waiting to start" is all im given

hi, i hope this is the right place to ask
I am at penetration tester > getting started > knowledge check section

getting frequent disconnection issue with the target
even after repeated resetting if IP

try a tcp vpn instead of udp

<@&861185840277487616>

Hey everyone. I am stuck on the limited file uploads on the "file uploads attack module" specifically reading the upload.php source code. Can anyone offer any help?

What do you need help with

I am trying to get it the same way i got the first flag. I keep breaking the box over and over though. what am i doing wrong lol

ok let me just read your mind to see how you did it last time..

sorry. Didnt know if i would break any rules by posting

is this the skills assessment?

no

you should include the section too

I did the "limited file uploads" in the "file upload attack module"

this is how i got the first one.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg [ <!ENTITY xxe SYSTEM "file:///flag.txt"> ]>
<svg>&xxe;</svg>

saved that as a svg and uploaded. it printed the contents of the file to the page source.

you should state the section you're having trouble with along with the question at the bottom you're struggling to answer. no one can give help if you don't at the very least give those two things.

i said i got the first flag?

there is only two questions

there are 11 sections in that module my guy.

so you're on the "Upload Exploitation" section since you got the first flag from the first section you can get the first flag from, "Absent Validation"?

bro...

you're doing it totally wrong, no xml required

the

limited

file

uploads

okay, did you find the upload directory?

no thats what im stuck on.

you can find it with the XML code provided in the XXE section

that shows you how to read php files on the server

thank you

I need help in the AD enumeration and attacks module: Section: Privileged Access.
I already did the first and third question
I just can't get right the second question:
What host can this user access via WinRM? (just the computer name)

I already tried with the IP from which we got the flag from.
And i also tried with the name of the Academy DB...
Also damu..../bd..../

Without looking at my notes you can find that information in bloodhound

Thanks for replying. I am using the Pwnbox through browser, not downloading vpn file and configuring in local vm.

According to bloodhound bd... can only RDP to:
ACADEMY-EA-MS01 and is the wrong answer.

Working on the Modern Web Exploitation Techniques -> Exploiting SQLi via WebSockets module and I am not quite understanding how and what payload to pass to grab the flag. I identified the SQLi vulnerability with sqlmap, like in the module text, but now I'm kinda stuck. Any help would be most appreciated.

what cypher did you use

1: .\SharpHound.exe -c All --zipfilename ILFREIGHT

2: Then i run bloodhound and search bar i enter bdavis.

3: Then the one that says can rdp

Should i use custom query?

Oh man i hate this, i just can't get the answer right

You already said you used one. Which one did you use?

Hello everyone!

I have a question about the API CRUD section.

I am trying to get the city to change to "New_HTB_City" using the POST in the Heder method with
curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

Ive edited it look like
curl - X POST http://94.237.52.66:46886/api.php/london -d '{"london":"HTB_City", "UK":"HTB"}' -H 'Content-Type: application/json'

The comand error is
city details missing

Im confused. what im I doing wrong?

I'm just revisiting INFORMATION GATHERING - WEB EDITION since the module has been updated. The Skills assessment now has a different set of questions, but my original answers are still in the answer fields and marked as correct. Only the final question is blank, so I'm assuming that if I answer that correctly I can move on. Does anyone know any different?

That is correct, but I do recommend going through the motions for the other questions

Just to be sure

Also a handful of sections suffer from this quirk of them updating the content

Hi guys, i have lost acces to my 2fa app and no response from HTB, can anyone here assist me please? Thank you

Wait for htb support to respond

No one can help you except support

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

I am repeatedly getting connecting timed out when access target machine from web-based Pwnbox
Penetration tester > getting started

knowledge check

tried resetting both pwnbox and target machine multiple times

hey
I am stuck at information gathering skill assessment
any hint?

were u able to solve it? I'm stuck aswell

is it okay to use port and ip together??

@spark spruce nope

then ??

ugh. took me far too long to figure out how to enable custom scripts in ZAP's payloadprocessor. finally, WEB PROXIES is done!

remove the port

look at the previous lines. those are already examples on how it should be configured

im trying to do 'Attacking Common Services'. any suggestions on how to speed up hydra for brute forcing ftp and ssh?

okay understood

Can anyone help with
https://academy.hackthebox.com/module/84/section/1747
Using CrackMapExec Skill Assessment

|| I am doing ntlmrelay attack with drop-sc but i cant dump hashes with ntlmrelay||

Hi ! I'm enrolled in the penetration testing path currently in the Post Exploitation module and something is starting to drive me mad: The module ends with 2 questions one of which being: "What is the name of the security standard for credit card payments that a company must adhere to? (Answer Format: acronym)" to my knowledge this is the PCI (or Payment Card Industry) standard, I tried the full acronym: PCI DSS to no effect. I asked google / ChatGPT.. whatever for confirmation and they answer the same... feels dumb but kind of stuck. I would appreciate any help ! EDIT: Finally found the solution... A simple 'PCI-DSS' worked, '-' was all i missed ...

ntlmrelayx is for relaying, use another tool

||i tried responder as well||

Password Attacks Lab - Medium
I've gained access to ||jason||'s account but unable to move to root.

Can someone give me a small hint? I believe the only thing I havent actually tried is to use LaZagne since i get errors

you would've unpacked a document

it may list a usr:pass for a service that jason has access too

Maybe I wasn't clear enough. I've gained ||SSH|| access to the machine using ||jason||'s credentials.

And unsure where to go from here

yes, and there are services which jason has acess too

it may give you a nudge to a lateral move, to someone else who has the abilty to gain root

Hey good folks! Sorry for a total n00b question here. But I'm at the Setting up - Linus stage.

Using a Mac M1 so had troubles installing parrot os on VMWare Fusion. Got it to work on UTM. So I guess that's what could be causing the problems.

Because when running the first command "cat /etc/apt.sources.list.d/parrot.list" it says the directory does not exist. Altough I can find it in the explorer.

Also cannot install tools with the sudo apt install commands. "unable to locate package.. snip... "

Should I be using UTM or is there any other way to install Parrot on a sillicon machine, or should UTM work?

where can I find api endpoint??

module : information gathering
section : skill assessment
last question

Gotcha, thanks. How would I make up in my mind that I'll have to look though services?

in the document you broke the password on, it mentions the service

sql

so try poking around there

there is only 1 other user on that machine too

hey, if I buy Platinum sub, will my 1000 credits expire?

on month end?

I am learning cybersec through htb academy for some weeks now. I also have htb labs subscription. But the problem is when i start a module in academy, i get so into it that i dont get time to do the boxes. But I am new to this so I should solve boxes also. So what to do in this situation ? How to manage both, learning and solving boxes ? Sloving boxes takes time for me because at often look at walkthrough and try to understand how the author did what he did. So, in your opinion, what is more important to daily, boxes then the remaining time to modules ? or comlplete some sections of module at the start of the day and then remaing time do the box solving ? Suggestion for optimum growth with best learning ? Thanks in advance 🙂

can someone help me out with the web attacks module - Advanced File Disclosure

i was able to read /etc/hosts using error based XXE but with /flag.php it says not found, any idea on how to find the correct dir?

no

Did you solve it?

so it's like once I purchased 1000 I can use 1000 credits?

yes

directly

ok great thnx

I've tried it and it gives me this in response: remote host file access not supported. but when i try an random invalid dir it says: failed to load external entity "file://pathoffile" in http://host:8000/xxe.dtd

Try to install Debian and then use this script
https://gitlab.com/parrotsec/project/debian-conversion-script

Doing Login Brute Forcing, final assessment. When it says usernameGenerator, does it mean username-anarchy? Also, I'm getting no SSH hits on the outputs of cupp and username-anarchy, even after 15 minutes of running

"What is the API key the inlanefreight.htb developers will be changing too?"

Anyone has any hints for me

Time to enumerate again

DM me

holy shit dude
SQL injections are hard bru

pause

No, I don't recall that as of a few weeks ago.

Is this in the pwnbox? I'm firing up to test myself. I used Kali, however, and didn't have a problem connecting without any options.

anyone else having issues with ffuf not working properly?

Pwnbox doesn't have any issues. Kali didn't for me either. It's a WSL thing, apparently.

works fine for me

How did you even come to the conclusion which MAC your client supports? I see how to enumerate what's advertised by the server, but not the client.

nevermind:

$ ssh -Q [mac|key|others?]

Hey, guys I am new here, can u guys actually say what should I do, I have no prior coding experience and I wanna learn hacking for fun if possible u can DM me

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

hey guys, dump question:
I´m in the Active-Diretory Module Skill Assessment Part 2. Is there a good way to set up bloodhound? In the modules it was already set up. So far i did everything with powershell, but was wondering if you know a good resource for setting it up

Nothing to "set up" just drop the collector into the windows host and let it run. I copied all the tools from the module to my own so I can have them

And then just copy the zipfile to my host again right?

Yep

As long as you're using a compatible version of sharp hound you're fine

anyone know what the 'threat spotlight' and 'targeted cyber ops' sections are? tried clicking on them but nothing showed up:

hopefully :)

Likely something they're planning that relate to those topics

The recent t3 windows modules would like to say hi

Thanks 🙂

Why do the work to compile when HTB did it for you

hi guys im doing module Information Gathering - Web Edition im in section Skills Assessment try to do 3rd question, i add line in /etc/hosts and installed finalrecon, I executed the command i go to /dumps/inlane and almost folders r empty, someone can help me.

Enumeration is key
Try other techniques that were shown in the module

Anyone help me with file uplad attack module in that type filter part
i am not able to complete that module

Try harder. It’s all in that section 🙂

Trying and its 2 nd day

not getting answer

Also what have you tried?

atleast provide hints

tried fuzzing whitelist and blacklist filter with the link that has been provided in module

also did fuzzing on content -type but only one message is shown in intruder "only images allowed"

Have you identified an allowed extension? And what about a php extension?

and in type filter there are two content-type header fuzzed both the header but still not result

yess for php extensions i have used the payload that has been provided in module still getting error of only images are allowed

Is it the skill assessment or type filters?

type filters

Try with all the content types there are

Also , if using burp, it can be useful to disable url encoding

In intruder

yes done that but one more question

that should i fuzz both the content type at same time?

yes u were right when i disable url encoding i am getting extension not allowed error

anyone can tell why to disable thal url encoding what does it do?

It encodes the slash. And burp does that with payloads

Sorry I was having dinner

not yet, Im finding that ZAP or Burp might be a better solution than some of the terminal tools. Ive gotten absolutely nothing from very lengthy fuzzing attempts as well

you must be doing something wrong then I solved it today without issues

using Ffuf

for sure, easy for me to believe I'm missing something silly but I'll give ffuf another go now

let me know if need a nudge 😉

i used gobuster

in advanced csrf, xss does the bot visit our uploaded files?

Module: INTRODUCTION TO WINDOWS EVASION TECHNIQUES
Section: Process Injection

There seems to be a problem with the lab, there is no .exe file being run from C:\Alpha\ProcessInjection. The log.txt doesn't get updated. Is it possible for someone to have a look?

Hello everyone!

I have a question about the API CRUD section.

I am trying to get the city to change to "New_HTB_City" using the POST in the Heder method with
curl -X PUT http://<SERVER_IP>:<PORT>/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

Ive edited it look like
curl - X POST http://94.237.52.66:46886/api.php/london -d '{"london":"HTB_City", "UK":"HTB"}' -H 'Content-Type: application/json'

The comand error is
city details missing

Im confused. what im I doing wrong?

Because it's "city_name" as the key value

@fathom pendant I replaced the code with
curl -X PUT http://94.237.50.63:52932/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

now the error code says

Unknown column '' in 'field list'

Its new and now i dont know ht changed

Try escaping the "

Can someone help?

Where would i erase that from?

You're spoiling content for AEN since many people do it blind

Didn't say erase, I said escape

Ah, sorry

Dind know about it

Where can I get help then?

ok. I am not aware of hat you mean or how to perform that action.

will you please explain?

And if you can't do AEN with the guide in front of you "the actual module itself" then I suggest rereading the material

I did it, there is something with the command. I really dont get the error.

'{\"text\":\"value\"}'

The error can be one of many things, it all depends on what the error actually says

Usually in powershell and cmd the error tells you what's wrong

Came back to finish the information gathering - web edition module, on Fingerprinting module.
Cannot access the target.

Things ive tried:
added vhosts and ip to /etc/hosts
reset vpn connection
downloaded a new vpn file to connect to
reset target machine
tried curl with custom header curl <IP> -H "Host: app.inlanefreight.local"

What am i missing here?

E: just did it from pwnbox, not sure why it doesnt work on my machine.

The error stating that the 'identity' hasn't been specified, even though I have already done so. I've followed the module's instructions step by step, just confuse.

Need help with Advanced Deserialization Attacks module. I'm having issues loading TeeTrove w3wp.exe on dnSpy. Followed all the steps provided in the course, but anytime I attach w3sp.exe process I get an error "The JIT debugger was launched without necessary security permissions." and then it prompts me to open Visual Studio JIT

echo $group

Is that the value you expect?

I added the "escape" function you suggested.

curl -X PUT http://94.237.50.63:52932/api.php/city/london -d '{"city_name":"New_HTB_City", "country_name":"HTB"}' -H 'Content-Type: application/json'

nothing showed up in the command after i pushed enter

Yep, is the exact name it was supposed to be. Thats just strange.

So it didn't error

what section

Try resetting the target or resetting the variable

I will have to do all that pivoting again, shit 🤡

Try resetting the variable first

I also suggest deleting your comment with the username and command, since spoilers

Did it

They should do a channel JUST for AEN if we should not talk about it here

They're not gonna do that

AEN by many is considered a mock exam for CPTS, if you can do AEN blind, you can do CPTS fairly competently

Also AEN is one of the few modules that shouldn't require help, because the module itself is the walkthrough

In future, instead of providing the full username, you can substitute with first initial * [t*] so it doesn't fully spoil it for others

Right, I got it. But it is a module like any other in the end. If you have a problem, you should be able to get some help

Right

The difference is, everything is directly laid out for you

no error. but nothing showed up. I was expecting something.

I just tried to call for london and again, nothing shows up when I push enter

It's not like some modules where you have to extrapolate errors

Did you change back to post?

But is almost always like this

They almost always give you step by step

Not really.

They give you most of what to do

Nearly really

And the examples don't always match up

In AEN everything is explicitly told what to do

Password Attacks wouldn't have so many people asking about it if it was just right there

there's a huge difference between the content in a section and the walkthrough for the questions in that section

AEN is laid out as a walkthrough that you can follow. this differs greatly from all the other content presented in the path where it provides you with series of commands that you can use to achieve something

Also you may have misconstrued what I meant by blind

By blind I mean, not looking at the questions or the reading, just going from boot to DA

if u reset target machine the ip in etc/hosts is diferent

I know, that list in not in the order i tried

Hi, I'm doing the FOOTPRINTING module and I'm stuck in the SMTP Question Enumerate the SMTP service even further and find the username that exists on the system. Submit it as the answer.
I tried to use Footprinting-Wordlist and it didn't work
I don't know what to do so I would appreciate some help

I used smtp-user-enum

And set the timeout to like 20 seconds

I have in my notes for that section After a lot of messing around, uninstalling the default pentestmonkey smtp-user-enum script as it just times out the SMTP server and installing a new using using pip, I managed to find the info.

No need for reinstalling tools. SMTP is just slow to respond

I think the updated one might have a longer default time out then

I had to manually adjust the timeout

Iirc its -w for timeout, don't have a terminal in front of me to check

Where can i ask for help on specific modules?

Here

Just ask your question here in the channel

Lol provide module and section name, what you're stuck on, and what you've tried

You can wrap commands in backticks `like this`

Large code/text blocks use triple backticks

I am working on information gathering - virtual hosts (https://academy.hackthebox.com/module/144/section/1257)

I am stuck on the question "Brute-force vhosts on the target system. What is the full subdomain that is prefixed with "web"? Answer using the full domain, e.g. "x.inlanefreight.htb""
I have tried using gobuster from the cheat sheet using namelist.txt and other wordlist from SecLists/Discovery/DNS.
I have also tried using ffuf and filtering the default size that is being returned.
I am unable to get any subdomains.
gobuster vhost -u http://94.237.53.91:46067 -w ./SecLists/Discovery/DNS/namelist.txt -t 100
ffuf -w ./SecLists/Discovery/DNS/namelist.txt -u http://94.237.53.91:46067 -H “HOST: FUZZ.inlanefreight.htb”

The module was just updated so I wasn;t able to find anything online for other people getting stuck before me. Any hints are appreciated

```

like this

```

I didnt mean to hit send but i can provide more details

I wouldn't really recommend unless it's like 20 lines

Use subdomains top 1 million, the 100000 one

okay

The cheatsheet likely hasn't been updated to reflect new/changed content

The section I believe shows this wordlist, not namelist

A different list has been used in the module. Try it with this list

Try --append-domain in the gobuster command

Single dash

Double works

It wasn't working for me

I was using pwnbox so I don't recall what version it's using

But when trying with --append-domain it said that wasn't a valid flag

I use a kali vm for everything so that might be the reason

Also your ffuf command is using 10.129.x.x where your gobuster is using public_ip:port

typo, they should both be IP:port

Yeah pwnbox uses 3.1.0

You said you were on 3.6.0 for gobuster

Yeah that is correct

But yeah using the right wordlist will get you answers

gobuster vhost -u http://94.237.53.91:46067 -w ./SecLists/Discovery/DNS/subdomains-top1million-110000.txt -t 100 --append-domain
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:             http://94.237.53.91:46067
[+] Method:          GET
[+] Threads:         100
[+] Wordlist:        ./SecLists/Discovery/DNS/subdomains-top1million-110000.txt
[+] User Agent:      gobuster/3.6
[+] Timeout:         10s
[+] Append Domain:   true
===============================================================
Starting gobuster in VHOST enumeration mode
===============================================================
Progress: 114441 / 114442 (100.00%)[ERROR] Get "http://94.237.53.91:46067/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

[ERROR] Get "http://94.237.53.91:46067/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[ERROR] Get "http://94.237.53.91:46067/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[ERROR] Get "http://94.237.53.91:46067/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[ERROR] Get "http://94.237.53.91:46067/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[ERROR] Get "http://94.237.53.91:46067/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
[ERROR] Get "http://94.237.53.91:46067/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Progress: 114441 / 114442 (100.00%)
===============================================================
Finished
===============================================================

Fuck

Do this: add the ip and inlanefreight.htb to your /etc/hosts file

Because gobuster doesn't know the domain

Then use http://inlanefreight.htb:port

okay thank you, I tried doing that before hand but maybe now with the different list might get it going

Ill report back

You don't include the port in the /etc/hosts file btw

Thank you! 😎

just had to put it all together

That's what academy is all about

Why do I not see any Labs related category in the left-side panel containing available chats?

I've got an issue with an active machine

context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Does anyone have an idea why this error occurs? I see different possible issues on google. Is it just server overload, because we are fuzzing a datacenter in Finland? in this case just lowering the thread count would be a solution. I also see issues related to golang or docker.. Does anyone have access to the logs…?

Read and follow #welcome

https://tenor.com/view/tommaso-ciampa-orgasm-entrance-wwe-nxt-gif-12275806

organization

It involves not knowing how to resolve a hostname

If you add the domain to your /etc/hosts it works fine

I am connected

Your account isn't linked so you can't see other channels

It's as simple as that, that's why you can't see #boxes

Bruh, it says connected on the web, I've done the procedure. Let me re-do this.

Identification error, please contact moderator or admin. Who's up for some support xD

I'm in need of some guidance here. Is the Blurry box patched or smth. Have the Linux kernel changed how permissions are applied to files/folders. I've got rwx on a folder, can't modify stuff in it. People who've done the box says it should be done this way and I can't get it to work somehow

Read and follow #welcome to access more channels, this channel isn't for box help. The only place for support is contacting them via email/website

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

This channel is for academy module help

If you need help with identification then dm an online mod/admin

As stated in the message

How do I find one?

Through the members list

Any discordian way to ping all online moderators/admins? xD

No

@moderators wake up

Just dm one

Alright. Thanks @fathom pendant

There's plenty online since it's mostly midday across where all mods are

(Global)

ye, the bunch of them accepts DM's ...

Because it's part of what they sign up for

<@&861185840277487616>

You know where they spam by now

I want to believe you but I’m not sure that’s the issue. I had of course added the ip and vhost to /etc/hosts. But with the longer top100m wordlist even ffuf got a reduced rate. After several attempts and resets it worked, when I added the domain flag and a longer timeout. I guess we’ll never know.

gobuster vhost -u http://ip:port -w /opt/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain --domain 'inlanefreight.htb' --timeout 20s

Much appreciated, Marcie!

Use http://inlanefreight.htb:port instead of ip:port

Since you have it in your hosts file

I already solved it with that

Then the issue is you're thinking how the tool works wrong

I guess I help the tool by not asking it to resolve the dns in my host file by giving it all the infos like with this ffuf command

ffuf -w /opt/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://ip:port -H 'Host: FUZZ.inlanefreight.htb' -v -fs 120

yeah ffuf works differently

With ffuf you're giving it a host header

Help :S
Assembly Language - Skill assessment task 2

"Optimize 'flag.s' for shellcoding and get it under 50 bytes, then send the shellcode to get the flag.
(Feel free to find/create a custom shellcode)"

Can someone DM me.

• i used smaller registers where i could and remove exit code

And that’s not what gobuster do in vhost mode?

It does not

It grabs the headers by first connecting to -u

Then uses that to do header manipulation

that's all that you need

Ok thanks I’ll check that tomorrow