#modules

Totally forgot of it. May have used only a couple of times

my query is
dig facebook.com MX

Why are you including the number in front?

It's asking for the fqdn

yeah sorry even without the number its incorrect

marcielee, the amount of people you help every day must hammer these modules into your head irreversibly.

https://tenor.com/view/asdf-movie-waffle-i-have-brain-damage-gif-14499099002329996994

It's all a ploy to help marcielee become master of all hackers

dude thats what im saying, i feel like i should do this once im done with the modules so i can remember it better.
no better way to learn than teaching in my opinion

even this question when i saw it i thought it will be easy but idk nothing works maybe its bugged

Hi I was on the command injection module where we have to bypass a filter for \ character I'm encountering something weird. i'll let the picture do the explaining:

The var with tr command essentially become \ character however when combined with the rest of command id the terminal outputs an error

But when I type i\d manually it works

Not sure what's happening here

I tried to change my shell to bash

and add an additional \ as well

But both didn't work

hi,
i am working on smb part of attacking common services
trying to bruteforce the password of a particular user
i have managed to get the answer but i am a bit confused about why my attempts with NetExec failed while metasploit got it immediately with the same password list, has anyone else ran into issues with different bruteforce tools giving different results? or am i doing something wrong with NetExec

Hi, I'm looking at the Active Directory Trusts module and I can read this:
Just like in an Intra-Forest environment, where Active Directory trusts exist within the same forest, Unconstrained Delegation can also be performed in Cross-Forest also known as Inter-Forest scenarios where trusts exist between different Active Directory forests
And also:
Even with default, modern configurations for Active Directory forests, the Unconstrained Delegation attack remains viable, particularly when a two-way forest trust exists.
Isn't that sentence false ?
By default you cannot abuse unconstrained delegation between 2 different forests no ?

Hey everyone, someone know if it’s possible to audit with hydra a website with dinamic token

Read and follow #welcome ask in #web

i know metasploit is better at negotiating with different smb dialects and auth protocols

so maybe it downgraded or switched strategies mid bruteforce

My best guess --local-auth

what

yes, it's misleading

https://tenor.com/view/captain-phillips-look-at-me-im-the-captain-now-gif-5038544

I mixed up the path name and module name, my mistake, all fine

finally

I dont think i did it how i was supposed to but hey, i got the flag

hmm maybe, i tried hydra first and that said it didnt support the version of smb, then i tried nxc and that just said none of the passwords were good, then i banged head on desk for a while before giving up and viewing the solution which suggested using metasploit so i tried that and got the password

this did it thanks

tip; if you need hydra for smb, use auxilliary tools like smbclient first to verify the protocol version

idk why i still go to hydra first for smb :p it never works for me

but i was confused why metasploit was able to find the password that nxc said gave a login failure, but it seems to have been that local auth flag so i will need to try and remember that

Please am new here

can someone please help me install parrot. i followed exactly as mentioned in the 'setting up' module.

for some reason im getting this error although ive entered the correct password

LUKS is broken on 6.2, install without encryption

thanks for helping!

Anyone have issues with InstallDate value for SRV02. Question2 on WMI. I got the value using 3 different methods all with the same output but did not accept as answer.

I would say to call Support.
I tried retrieving it yesterday and it differs from the value I have for the answer

Hey Will, after doing some reading, the course content is aligned with MS. Sorry, I haven't had a moment to test this scenario, but I recommend spinning up some AD boxes and trying various scenarios. It's worth noting that you'll need to tweak the trust configuration due to MS locking down this feature. Ref - https://support.microsoft.com/en-gb/topic/updates-to-tgt-delegation-across-incoming-trusts-in-windows-server-1a6632ac-1599-0a7c-550a-a754796c291e#:~:text=The trusted forest can authenticate,on behalf of the user.

so luks encryption isnt really necessary?

Almost sure that its not exploitable by default

Hello, can someone give me hints for Intro to whitebox pentesting skills assessment2? I get "Patch test failed. Please try again.", but the code seems to work and I cannot make it crash. You can DM me, and I can provide more information. Thanks a lot!

Anyone free to talk about the HTTP Attacks Skill Assessment? I think I understand what to do but im struggling to craft the correct payload

hello guyz, i am on the skill assesemnt 2 of Login Buteforcing i obtained from skill assesment 1 the username that i have to use on skill assesment 2, from the username its not clear to me what i should do next, i mean i cant derive a first and last name from it, so i can use the tools from custom wordlist part. I have a suspect first and last name but it does not have a date of birt since it is a psedonym

can someone help me

Can anyone start their pwnbox while solving module?

my pwnbox is not starting

Error
There are no available instances. Please try again later.

I am getting this error even though i am having student sub

Am i only the one having the problem or others are also having?

Change pwnbox region

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

okay i will try

It started, Thanks for the help

anyone who could help me out on dns footprinting?

have been stuck for hours now

Can anyone tell me how to practice hping3 ? Like a dummy website or some activities?

.

@fathom pendant have you completed HTTP Attacks skill Assessment?

Just solved. Thanks anyway.

On DACL Attacks II - SPN Jacking I got the flag from Windows. I'm trying to do it from Linux as well but I can't get it to work. Has anyone done this from Linux?

I'm doing the file inclusion php wrappers module and I got all the other modules to work but can't seem to get the expect wrapper to work. It says its enabled in the ini file when I read that but I tried curl -s "http://<SERVER_IP>:<PORT>/index.php?language=expect://id" and i just get back the html page with no command executed

all in one command lol

Hello, i need help with the windows pivesc module :
I'm not able to play the SeTakeOwnershipPrivilege part.
All i get is access denied error.
And i can't see the SeTakeOwnershipPrivilege in the whoami /priv with htp-student.

Did that work for you?

yeah

i remember struggling with the manual way

i did re-do it and get it done the manual way too though

Okay yes I did a reset and manual seems to work now.

Can I DM you?

sure

Here is the black dragon official install guide. From my Google search it is possible it might be giving errors due to kernal issues. Hope this helps.

https://www.blackdragon.se/index.php/articles/59-parrot-installing-with-luks

Luks is currently broken with calamares

Also the article is from 4 years ago

sounds like you're out of.. luks..

It's not kernel issues, its the way the installer handles it

Aka its being the big dumb

Hey who needs help with hacking?

Hello, i am currently following a pentester role path on HTB academy.
During one my enumeration with nmap i find out that the option -sA (for a ACK-scan) isn't working and do a SYN-scan instead.
I tried to troubleshoot via wireshark and i am indeed sending SYN flags instead of ACK flags...
Isn't the ACK-scan supposed to send ACK request only ?
Did you encounter this behaviour with nmap ? How did you fix it ?

Thanks in advance 🙂

This isn't a hacker4hire server

https://nmap.org/book/scan-methods-ack-scan.html

I don't recall ever needing to do an ack scan though

@fathom pendant do you know the correct | for crud api? I'm trying to follow the section for notes and doing it in my Parrot VM. Doesn't seem | jq works, do I need to install anything?

Module is Web Requests

Bro i did this so long ago at this point and didn't even take notes

| jq is just to read the jq response from the server in a neater manner

Otherwise it's all returned on one line

ok now i give up. i can't even spawn the target now.
i can't believe it is so accurate to windows environment that nothing works as it should.

how to ctrl + v in Pwnbox

in the lower right there's an icon you can click on to open a box, this box is the clipboard of the pwnbox so you can copy/paste from it

Terminal ctrl+shift+v

Hello

is it just me or is the information security path actually pretty hard and difficult for a complete begginer to understand?

Keep in mind it's geared toward beginners in infosec, not beginners in IT in general.

so it really depends on your starting point

on snap new module dropped

hell yeah it includes hcxdumptools, finally

TY for your answer, i'm just trying to understand why i am sending SYN flag if the option -sA only send ACK flag (cf. https://nmap.org/book/scan-methods-ack-scan.html). Is it a bug on nmap 7.94 ?

Hey guys, how are you doing?

I'm not sure if this is the right place to ask this, I hope it is.
I'm currently working on the Cross-Site Scripting (XSS) module. In the Phishing section, at the questions I have the following challenge:

"Try to find a working XSS payload for the image URL form found at '/phishing' on the above server, and then use what you learned in this section to prepare a malicious URL that injects a malicious login form. Then visit '/phishing/send.php' to send the URL to the victim, and they will log into the malicious login form. If you have done everything correctly, you should get the victim's login credentials, which you can use to login to '/phishing/login.php' and get the flag.

I was able to build a working payload with the malicious login form that sends the submitted data to my local netcat server. I was able to reproduce it successfully by myself (entering the malicious url and sending test credentials), but when I go to /send.php url to send the malicious url, it returns a message that says "Issue in sending URL!

For clarification, I'm doing this connected to the VPN (I've never had issues before), and I've tried using netcat for recieving the credentials, and also tried with a local php server (both cases are explained in this module section). I also tried "url encoding" the payload. In each case I get the same response.

I can share the payload I built if needed. I don't want to post it directly as it might be considered a "spoiler" for someone who hasn't reached this section yet.

Has this happened to anyone before? It's very strange to me that I'm able to replicate it, but I get this error when I try to solve the challenge.

Thank you very much!

Let me ask you what you need to do to become a real security officer who is suited to both offense (including pentest) and defense
I want to understand if it is worth to seek a huge amount of knowledge or to deepen only in my field (I am interested in cyber security in general)

Introduction to Web Applications
Public Vulnerabilities

"What is the CVSS score" -> What is the CVSS Version 2.0 score
I think such a change should be made so as not to confuse people

I'm probably not the best person to ask, maybe check reddit/youtube for this. but IMO what you need to do is have a strong passion for it. You need to be self motivated. You need to learn the basics of how computers and networks operate. You need to learn the fundamentals of network and security protocols, etc. Once you have a strong foundational knowledge you can move on to learning red/blue team stuff which can make you feel like you don't know anything all over again.

post anything you think needs correction in #1234357888114364508

You're looking at cvss 3.x

Also don't reveal answers

what are your guys go to wordlists when using gobuster or similar for directory/subdomain bruteforcing?

it's frustrating when I'm often doing the right thing, just using the wrong wordlists and getting no results

raft or directory-list in Sectlists

Anyone run into any issues on the Footprinting IMAP/POP3 module where after connecting and logging in there are 0 messages? I am logging into imap with the creds on the page and I connected to the mailbox I believe I need and it shows "0 EXISTS" for messages

if I remember correctly, you have to check a certain inbox

Thank you. I swear I went through each one but I went back and had a typo! Doh! Sorry for the silly question. LOL

No problem 🙂

what to do if you can't paste with ctrl + shift + v

lower right corner, there's an icon you can press. this opens the clipboard of the box and you can copy what's in there if you copied something in the box, or paste something in there then you can ctrl+shift+v to paste.

idk how it work

that's it. now that you have "test" in the clipboard you can go back into the pwnbox and paste it with the hotkey combo (ctrl + shift + v)

when you ctrl + shift + c in the pwnbox, it will show up in that clipboard as well

Ahhhh, got it now, thanks!

@fathom pendant do u think if cbbh is easier than cpts? I mean it has much less modules and it was the first cert if Im right on htb

Different domain of knowledge

If I pass the pathway, is there a fee to take the exam?

yes if you want to get the certification you'd need to purchase an exam voucher which is good for 2 attempts

So assuming a student subscription - I should take the modules for basic vulnerability hunting, try to find something and try to pass the exam?

you should do whatever your end goal is. you don't need to take the exam or get certified. you can unlock modules just to learn stuff. if you go for the exam, there are paths you need to complete before you can take the exam. look at the job role paths and you can see which modules are required for the various paths, then you can buy an exam voucher for whatever path you complete, if you want to.

What ColdFusion protocol runs on port 5500? i tried everything i didnt know

it says in the module

look under 'coldfusion - discovery & enumeration'

Need help on the critical flight ctf

excuse me...

i am unable to receive any ping from any server US one

hello everyone i need help https://academy.hackthebox.com/module/19/section/103

Enumerate all ports and their services. One of the services contains the flag you have to submit as the answer.

please tell us the module name, section name, what you have tried, ...

module: Network Enumeration with Nmap section : service enumeration

what have you tried?

Hello

#modules

Hey guys, anyone having trouble spawning a target machine in their modules?

I'm on the pentester path on one of the module and it's "Targets are spawning" forever. I switched to another previous section within the same module but spawned target without problem

on the page press ctrl+shift+r and try again

I am on the footprinting lab easy one, I am lost again.
There are 3 services opened, DNS, SSH and FTP.
I can connect to the server using FTP and given credentials but cannot create the ".ssh" directory to authenticate my ssh key.
Neither can i use the given credentials for ssh connection, it shows public key error.
I used the "sudoedit" command to change permissions within the ssh.config file too but that has been of no use again.
the hint shows that i should change some permissions for ssh keys but I can't find the keys as well.

How should i proceed ?
I am on the Footprinting Easy Lab in Pentester Role

hell, i'm in Pivoting, Tunneling, and Port Forwarding, Page 3, Dynamic Port Forwarding with SSH and SOCKS Tunneling
the walkthrough for the second question specifies using proxychain but its not installed on the target machine and i cannot install it

the walkthrough doesn't mention having to install it and seems to skip to just using it. i also tried using xfreerdp, not installed and cannot install

also the question is confusing because it specifies pivoting to 172.16.5.19 but the ifconfig from the target shows 172.16.5.129. i'm happy to try either but cant get to that point

the module examples aren't always going to have the ip of the pivot machine (the target you spawn). as for proxychains, if that command doesn't work have you tried proxychains4?

Why do you need to create .ssh? Just use the key

yes tried both proxychain installs: sudo apt install proxychains # version 3.1-8.1, or
sudo apt install proxychains4 # version 4.14-1

The targets aren't connected to the internet so you might wanna look around for a static binary

so you're saying proxychains isn't installed on the pwnbox?

i get that the targets don't ever match but it's odd that within the question they actually specify the ip to target with the target machine. i think it's a typ because they say .19 but the module when you read through and the scan doing it live show .129

to be clear, the target you spawn is the pivot box where you proxychain through, you don't run proxychains from the spawned target. you run it from your vm or pwnbox.

then thats my mistake, i'm trying to run it from the spawned target

there you go. you run it from your attacker machine.

it's 1am here lol, thank you

now it all makes sense, you're specifying proxychain to attack the new target but using the port thats been forwarded, or something like that lol

you are pivoting through the target. the target itself has a NIC that has access to the internal network

so you're using the connection to the target machine, from your machine, with proxychains which uses the target machine to route traffic through it to network that's inaccessible from your machine

https://academy.hackthebox.com/module/58/section/526
Hey guys! Need help
I am trying to solve Case #5, I can see sqlmap is able to successfully exploit but its not able to properly show table's content.

—no-cast or —dump 🤷‍♂️

not working

I reset the target as well multiple times, no luck

did you try all the parameters the module taught you?

all the parameters? bit overwhelming to determine. I chose what can be passed and it worked but not fully to dump the content

i also gave risk and level to max

you can combine parameters

also if you're able to enumerate more information about the tables you can make it go faster, the section explains how

I am lost, can't decide what to try

can I text you the commands which I have tried?

can you see how many columns are on the page?

yes

ok.. so did you tune the attack with the combined parameters about the knowledge you have, plus what tlattice said?

re-read the section, see how granular you can get with the info you have, provide as much info as you can to sqlmap

yes

I provided -
technique to use
cols
database
table
--no-cast or --hex
max - risk and level
--dbms

well you probably don't need everything but if it works it works

also some of those flags aren't on that section at all

focus on what's in the section, its all you need

When I tried prefix say -111 OR it does not reflect on the payloads

IDK, tried but still not working

hard for me to say more without straight up giving the answer, i kinda handed you what you need to do already. feed it the knowledge you know, tlattice gave some good advice on other flags, you can combine flags.

if you don't mind, can you try once see if the target is working as expected?

On the Introduction to Bash Scripting Module I am having trouble with the question that needs me to script an If-Else statement that requires the variable to contain the value and be longer than 113,450 characters. I think I have everything right, but I am not getting any output from the script

Edit: Contains not Equals lol. Note to others Surrounding the value in * makes it contains instead of equal to.

yeah seems to be working fine

just try some of the parameters provided in the section, did you try what tlattuce said?

yes

that's the target right, without that I cannot do anything

Which key ?

the private one

Hey everyone. I need help with proxies module. Nmap -proxies. It’s for CBBH learning path.

I can't seem to get Burp to intercept traffic when I use nmaj as described in the "Proxying Tools" section of the "Using Web Proxies" module.
I have ascertained that Burp is listening on 127.0.0.1:8080, and that intercept is "on" This is further tested by using curl with proxychains.
I do get intercepts that way.
I use the following command to scan with Nmap:
proxychains map --proxy http://127.0.0.1:8080
-Pn -sC-p 53756 94.237.51.209
the scan works, but nothing is intercepted by Burp. Nothing in the intercept window, or the hitp history.
Also, Using a proxy in metasploit (as shown in the section example) does the same thing. The scan seems to work, but Burp doesn't react.
PS: i tried to test it with cURL and Burp reacts and intercept the request normally.

Hey can i text you on private dm ?
I’d like to know a little more

yeah sure

Anyone I can DM about DACL Attacks II - SPN jacking, doing it from Linux?

Hey guys hope youre doing well , i had a question currently im in footprinting module in PENETRSTION TESTING JOB ROLE path ithink its way long to complete it , can i get some advices about how to do it faster and effectively

imo your goal should be to absorb the material and understand everything in it. doesn't matter how long it takes. i'd suggest first reading the module. then following along with the module and writing notes down as you go. then do it again but only using your notes.

focus on really understanding why you're doing what you're doing and what the commands are doing. again doesn't matter how much time it takes for this.

Anyine who have completed the final question on Kerberos attacks \DC01\Secret Share\flag.txt>

Yes I did it recently.

Thank a bunch 🙏

so the first line is always filled with * * *? just to demarcate the start or something?

Good Morning I'm trying to get the flag at the module attacking web applications with ffuz in Value Fuzzing but i can't doing. Does anyone know why i can't geit it?

In the module 'Intro to Network Traffic Analysis' -> section 'Interrogating Network Traffic With Capture and Display Filters' -> first question 'What are the client and server port numbers used in first full TCP three-way handshake? (low number first then high number)'

what format should be the answer? ports seperated by comma? space? something else?

space

Hi. I'm working on the SQLMap Essentials module, on the section Skills Assessment. I'd like to ask some questions regarding to the commands that I ran with SQLMap. So, is there anyone that I can reach out to DM at this time? Much appreciated

I think i finally figured it out why. I'm calling this off, thanks 😄

Anyone already done advanced xss and csrf exploitation skills assessment? Any clue on what to do after becoming moderator

.

verify

@ancient niche

i have verify

how virify

yes

@versed zealot

@fickle compass

Hi

I am new to HTB and I was trying HTB Challenge - Pentest Notes..?
But I'm stuck..
Can someone Please guide me and help me with this.

@low girder

Stop pinging everyone

Read #welcome

pls verify

.

this is ur ssh ip

Er

Operation not permitted

ss?

i have a question about ssh command. When I am pivoting and I execute this command: ssh -D 9050 ubuntu@10.129.202.64, I can use socks5 instead of socks4?

Sudo

try with sudo

Okay done

I entered my pass and no response

now connect the vpn academy one

Okay

and then ssh username@ip
ip and pass is there

Type yes

yes

and then it will ask for password
you will type it but for security reasons it wont show up
so just type and enter

you should see a new shell as in your prompt will change

Alright give me a moment i tried to copy and paste then it closed the connection

Use ctrl+shift+c to paste into the terminal

I got the elcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-123-generic x86_64)

Oh yah ctrl+c is end process

yeah ur in

Guys Simple Question

I'm working on the Advanced Deserialization Attacks module, specifically in the Identifying Vulnerable Functions section
I'm trying to answer a question but keep getting it marked incorrect

The question is as follows:

There’s another instance of deserialization in the assembly that’s not included in the screenshot provided above. Identify it and submit the name of the serializer used.

After decompiling the code, I ran this command:

$ Select-String -Pattern "\.Deserialize.*\(" -Path "*/*" -Include "*.cs"

Here are the results I found:

TeeTrove\MvcApplication.cs:44:                  session = (Session)bf.Deserialize(ms);
+TeeTrove.Authentication\RememberMeUtil.cs:28:                   RememberMe rememberMe = (RememberMe)JsonConvert.DeserializeObject(cookie, new JsonSerializerSettings
TeeTrove.Controllers\TeesController.cs:83:                              Tee tee = (Tee)xs.Deserialize(new XmlTextReader(new StringReader(xml)));

I tried submitting the following answers:

• RememberMe
• rememberMe
• JsonConvert
• JsonSerializerSettings

However, none of these worked. Could anyone help identify the correct answer or explain why my submissions might be wrong?

Yay, after so long it's done, thanks guys

Uh but theres no command prompt

Good luck man!

Thanks, but idk how to send my commands now lol

it should appear after a few seconds if not press enter

Oh okay it popped up after pressing enter

Thanks

Iirc the section gives you a couple of deserialization function for you to use in your grep
Try those, should find a couple

someone can help me?

pls

Hi, not sure where to report this but there is a broken link on the login brute force module (skill assessment 1). The link should be .../Passwords/Common-Credentials... , thanks

#1234357888114364508

thanks

Anyone here who could help me on DNS footprinting?

Am stuck for a while now

What exactly is the problem?
You can send me a DM so you don't spoil anything.

i can't find the flag 😦

Skill issue

probably but i'm tryied all

Well without knowing what you're working on it's hard for anyone here to help you

oke one moment pls

Is admin.academy.htb in your hosts file?

Your screenshot contains a flag

but ist error

helloo need help. Exploit failed: NameError uninitialized constant Msf::Modules::Exploit__Linux__Http__Rconfig_vendors_auth_file_upload_rce::MetasploitModule::RHOST
i keep getting this error in msf

Refresh page

Close and reopen msfconsole

Also make sure all your options are set properly

neither i think that i don't have host file

You do

but i don't know to doing

Every system has a hosts file

/etc/hosts

if i can access a link thru https://ip/login.php

where should i put login.php

in uri or targeturi

You shouldn't need to change anything like that

msf6 exploit(linux/http/rconfig_vendors_auth_file_upload_rce) > set RHOSTS 10.129.201.101
RHOSTS => 10.129.201.101
msf6 exploit(linux/http/rconfig_vendors_auth_file_upload_rce) > set LHOST 10.10.14.117
LHOST => 10.10.14.117
msf6 exploit(linux/http/rconfig_vendors_auth_file_upload_rce) > run
[] Started reverse TCP handler on 10.10.14.117:4444
[] Running automatic check ("set AutoCheck false" to disable)
[-] Exploit aborted due to failure: unknown: Cannot reliably check exploitability. Can't access the rConfig web interface ! "set ForceExploit true" to override check result.
[*] Exploit completed, but no session was created.

previously before i restarted msf, i set ForceExploit to true

hello, i'm in Pivoting, Tunneling, and Port Forwarding, Page 3, Dynamic Port Forwarding with SSH and SOCKS Tunneling
i've completed the module using the proposed methods but for shirts and giggles i wanted to try ligolo-ng. It's having quite a time and won't seem to work, even after connecting from the attack machine to the host machine, it's as if the target has no internet access. is this just due to the configuration/limitations of the target in this module or SHOULD it work

The target machines don't have external internet access

The only network access they have is internal

You'll need to transfer files

im stuck in this modulee for a while now i dont get the miconfigs

i used rconfig, changed the rhosts and the lhost

can get a reverse conn

i've transfered the zip file from the attack to the target successfully, got the machines to connect to eachother. are there other files i need to transfer? this is my first time using ligolo so i'm not exactly sure what the end result looks like yet

nothing brother i have error 😅

User error

the flag

Make sure no whitespace in front or back of flag

It should be a different flag than that...

probably but

i'm trying all

I am sure 😁

Did you try to fuzz id at the admin page?

got it to work, thanks

Well you see, the error .. proberly your hosts file isn't correct

mmm how can i put in good?

dm me

Wrong channel mate

Sorry

Ask in here I guess, https://discord.com/channels/473760315293696010/1263635449335910531

i tried installing 6.1 and then upgrading. luks is working now!

I am new to Hackthebox but have managed to capture some flags in the starting point labs and like what I see from the company as a whole.

My question is where should I go after capturing all the different flags in the beginner, intermediate, and advanced modules in starting point? I currently have the vip+ membership. 🙂

HTB Academy to fill in the gaps that Starting Point glossed over

or if you're already familiar with pentesting, you can move to doing the active easy machines

make sure to verify your account to get access to most channels -> #welcome

i can't doing

😦

yo im in academy on the infosec fundementals path and the setting up module is killing me. im on mac and none of the instructions on VMware, parrot, or anything is downloading right or looking the same

this gonna affect me moving through the path properly?

seems like this is a home lab set up and if thats the case i should just be able spawn in browser machines

https://tenor.com/view/ja-rule-respect-bucks-halftime-milwaukee-gif-13688389

It won't

Hey, sorry for being a bother, but can anyone tell me what im doing wrong with my find command?

I mean if you actually post it

sorry my snip and scetch is bugging out

To get image perms you need to read and follow #welcome

Just copy/paste the command here

oh

And wrap it in backticks (`)

thanks

find / -type f -name *.conf -size +25k -size -28k -newermt 2020-03-03 -exec la -al {}\; 2>/dev/null

What is the la -al? You mean ls?

oh

la is an aliased command iirc

Correct

Lol first time i know la is a valid linux command.

My other comment is. Are you running it on the target?

yes, i've made that mistake before

It's aliased ls -laH or something like that, I'd have to look at alias to remember

hmmm

still not showing any results

find / -type f -name *.conf -size +25k -size -28k -newermt 2020-03-03 -exec ls -al {}\; 2>/dev/null

Again are you sure you're running it on the target

yes

Surround with quotes the *.conf

like "*.conf"

ok

yea that worked, thanks!

What for?

There's a whole module on XSS in htb academy

So not a module 🙂 this channel is for help with modules. Might wanna post in #web

Or check out the modules like Marcie said

Are you meaning rce and not xss?

Best to ask in #web

#web is the place to be if not a module

It’s XSS either way

Read #welcome

You will have to research on google, the xss module I believe they are talking is very basic (The one that is on the cbbh path)

The filename is printed and not escaped properly, that’s a simple XSS. But often overlooked

@rustic sage , this channel is for module help only. Please continue your question in #web If you can’t access that channel, read and follow instructions in #welcome

wyo

Welcome. Please read #welcome and #rules it will explain how to get verified

hello currently in Pivoting, Tunneling, and Port Forwarding, Page 4, Remote/Reverse Port Forwarding with SSH. Though the questions don't have you go through what you learned in the module, I am currently trying to perform a reverse port forward for practice purposes. The issue i'm running into is, after sending the backupscript.exe to the spawned target and starting the python3 webserver on the pivot host (spawned target), the module then shows running a command in PowerShell but never walks you through how you gained access to that windows machine in the first place, what am i missing?

if you have creds there are a lot of ways. rdp, pssession, winrim

ok i considered rdp but totally blew off the creds i started with, let me try them

nothing seems to be working with the creds i have, i cant install any tools on the target

they wouldn't expect you to use creds from a previous page in the module would they?, tried them too, nothing

W

have you tried ubuntu's default creds

ubuntus default creds to log into the windows server? i have not if you mean the creds provided in the module, i did try those

ahh not sure then i'd have to re-read the module/section

i've even downloaded xfreerdp and rdesktop to the attack machine, sent them to the target machine but then the target machine needs some dependencies i can't find in order for those to work and i'm just not sure its meant to be this difficult at this stage lol

How can I text in the general chat ?

read #welcome

I did

It Brings me here

and did you follow the instructions that tells you how to access other channels?

you need to mcverify your account

I think I’m doing it wrong it keeps saying makes needs to be 60 characters long

did you get your identifier from your settings on the website?

Nope

well that's why... read the instructions again

My bad 😭😭😭

tried a few other ways, no good, strange

I can text now

yeah idk what the logon info is. you can complete the section without doing that and then just try it later when you get to a section that has a linux pivot host with a windows remote host that you have the creds for.

oh wait

it is there, it's the creds from the previous section, username is victor

worked for me i just tried it

I have been stuck for hours on the Abusing HTTP Misconfigurations -> Skills Assessment -Easy. I saw a forum discussion where someone seemed to hint they solved it without burpsuite, but I've tried with and without. I've tried all combinations of switching back and forth between the sign-in forms but to no luck. Has someone figured this one out?

Oh it was even simpler than the tutorial, but more tricky to find.

what worked? i tried everything with victor too lol

maybe i missed one

yeah victor. if you didn't, try wrapping the password in single quotes

hello everyone, i have troubles answering the second question of the "Print Spooler & NTLM Relaying" section from the Windows Attack and Deffense Module (SOC path). this is the question "After performing the previous attack, connect to DC1 (172.16.18.3) as 'htb-student:HTB_@cademy_stdnt!' and make the appropriate change to the registry to prevent the PrinterBug attack. Then, restart DC1 and try the same attack again. What is the error message seen when running dementor.py?", first, i dont know what it refers by "restart DC1" like restarting it like a normal pc?. and also, it seems to me that this question requires to have both the windows ws01 and the kali linux target active, which does not seem to work for me because only 1 works at a time

oh now i see, i had to do what i did two prior pages ago, ok thank you

hi I am on the hard lab for password attacks module. I am having some trouble logging in as a user I found via SMB. Can someone help me out with this? because I'm scared I might spoil stuff I feel like DMing is good. I have a specific command and I think there's a syntax error. I log in using the password I found but it doesn't give me a connection it just authenticates and then leaves me same shell as before.

I don't want to spoil anything. Is anyone available to discuss one on one?

Sure you can DM.

I'm assuming you're still using -L in your command syntax

no

you rdp into the kali machine and then from within the kali machine you rdp into the dc, so you only need the kali machine active, the DC will spin up together with it. And yes with restart it means a normal reboot of the machine

Thank you very much mate, i will try that as soon as i can 🙌

Evening all! Anyone on that could take a peek at what I am doing wrong for Footprinting Lab - Easy?

Pretty difficult if you don’t post it

Basically I am getting access denied when trying to use the commands from the cheat sheet to get the files I need.

Eh it's because the section doesn't really tell you that you need to actually move the backupscript.exe to another host on the internal network (or maybe it does). You can definitely figure it out, based on the payload created and other stuff, but yeah you have to do some other things that aren't super difficult to work through the example in the section. If you want help to work through it, you can DM me.

Hi

I am able to successfully authenticate and view the files no problem but either trying to get the files while directly logged into the ftp server or via the mentioned wget command I keep getting access denied.

How can I help you?

How can you prevent toast from falling butter side down?

You attach the butter side up to the back of a cat

You butter it up!

That creates a black hole though, I've learned that lesson before

https://tenor.com/view/antigravity-toast-butter-anti-gravity-gif-13644251

If you attach it a motor, you’ll get a perpetual motion machine which could end the World’s problem in energy

hi guys I solved hard lab for password attacks

now I'm gonna do next module starting tomorrow

attacking common services module is gonna be great

Hi, I'm doing the web proxies module and I like to do in my own VM when possible, the native burpsuite was giving me errors, so I reinstalled, but I want to call it and open thru the terminal too, how can I add it to the path and open with the 'burp' or 'burpsuit' keyword?

In one of the early CPTS modules I remember there being a section where they recommend a tool for capturing GIFs for including in reports, but I have not been able to find it again. Does anyone remember which one this is? I imagine it might be touched on again in the reporting module but I haven't gotten to that one yet

there are a few. i like sharex. there's also greenshot.

thanks, ill check them out

not sure you'd want to use gifs though

I was more wanting to use it for my notes than an official report, but iirc it was mentioned in the module for showing something in a report

I just can't find it again

Yeah, GIFs in PDF.. does that even work?

from the reader's perspective i'd imagine that's annoying. like if the just want to capture the command or one frame of the gif it can be difficult to get it.

i can't speak for how they'd handle it in a report but i'd avoid it personally

the dir that burpsuite is installed is in my path, but I cant call it from the cli

Have you reset your bash / whatever session?

Yes

Actually, it is a link, but I thing it was supposed to work

on the server side attacks module in the exploiting ssrf it says to uncoiver another endpoint

by endpoint we mean on the same web server roght?

in the context of web stuff, an endpoint is just the full path to the resource accessed. so this: https://example.com/products/shoes is an endpoint. it's a specific url on a server that applications use to send or receive data. for an api, same idea, ```https://api.example.com/products/shoes

Oh my mistake, it was about note taking, not reporting. I found it in the Setting Up module. The tool they mentioned is Peek

currently doing the SQL Injections fundamentals Assessment and I'm having trouble with the final part. When I write code into using
' union select "",'<?php system({Code}); ?>', "", "","" into outfile '{Path}'--
It gives me the error code of 500. Why is that?

Anyone have issues being able to pull files from the FTP server on Footprinting Lab - Easy? I can connect directly on the "other" port and see the files I want to download and I have tried the other method via the cheat sheet but I still get access denied.

so i should enumrate all other potential web servers too ?

Hello! For the File Uploads Skills Assessment, does this request look correct or should there be a POST request as well?

if i buy the annual subscription for the academy does that carry over to my plan type on htb proper at all? im using the same account

No

They are separate platforms

BROO

CTRL+SHIFT+V Into pwd

And it still says its wrong 😭

Type the password 1 letter at a time. It still could be you're typing the wrong password

I've not used pwnbox for a long time but are you entering the username correctly?

copy the password, paste it into a notepad, check for leading/trailing spaces, copy it from the notepad and paste it from there.

Try ssh htb-student@10.x.x.x

I'm legit practicing typing in the pwd 😭

Restart the instance

Try this username first

OOOOOOOOOOOO I USED A UNDERSCORE

😭

See

When I typed the correct username the first time this what I did 😭

This is not gonna work unless you have HTB_@cademy_student mapped in your /etc/hosts file to the pwnbox IP

anyone run into trouble with using PassTheCert? I keep getting ssl errors 😦

Has command injections module been changed recently?

ehem <@&861185840277487616>

no, contact TikTok support

mbb

i used a fake email tho so idk if they’ll be able to help fr😭😭

i’ll try tho thx

No one will help you

No one here for sure

U sound sketchy af

how do i sound sketchy if i was willing to give a stranger MY information for MY acc😂

but it’s alright

preciate the honesty

we don't do "account recovery" services, as they are illegal and nobody can verify that the information you provide is actually yours.. not to mention they are scams. contact TikTok support.

chat i get ittt. i said id try contacting them already😭 i was just responding back

thanks for lmk tho

Just copy/paste

Use ssh instead of telnet. Likely closed because insecure connection protocol

My question is more why my nmap scan is not showing anything. Despite the port being open.
Was it on purpose ?

I also suggest deleting references to internal machines because of the fact that you have to scan for hosts on the network

So you're spoiling content

Yeah, I know but It just for understading

🙄 likely filtered due to windows trust shenanigans

Filtered often just means that there wasn't a negative reply back

Not that there's an actual filter in place

So packet dropping, and things of that nature

Actually after doinf the assessment, if found a review with someone doing proxychains ith meterpreter and the scan was clearly producing results and mine under SSH not ...

does it change with sudo?

Anyway, deleted your message since it's heavy with spoilers

sudo proxychains

ah

Please redact ips ffs

https://tenor.com/view/courage-the-cowardly-dog-eustace-mallet-mallet-cartoon-network-im-getting-my-mallet-gif-1345440306645707299

Yeah thanks super that was the reason

I'm gonna keep whacking your messages

Lol

I would have just wiat to have a answer and then deleting it

And that leaves it open for others to just leech off your info

If you had to enumerate for it: redact it

No guarantee of a speedy reply

I know but there are plenty more on the internet ... But Okay no problem I would redact next time.

And those are against ToS for modules above t0

🙄

https://help.hackthebox.com/en/articles/5188925-streaming-writeups-walkthrough-guidelines

Pivoting is a t2 module

Utilizing a walkthrough for any module above t0 [that isn't the official one that comes with the annual subs] is cheating

anyone having issues getting targets to spawn on the US regions?

have tried swapping between a few diff VPN servers but constantly stuck trying to spawn the machine

yeah

i am @night crypt

hmmmmm it worked now tho

mine just fired up in the last 30 seconds too

it's been annoying me

the service been so slow lately

probably because how most people are in holiday

guys

I need help with module 49, section 454,

it's Windows Essentials guys

sorry for saying it like some religious freak would, basically I need to enter the builder number which I've taken care of, no matter how I input the NT Version (which is 10.0.19041) it doesn't work

even if I put 10.0

\

Read the question properly. 90% of the answer is already written in the question

Don't overthink it

Windows 98, 99, 2000

Etc...

Im struggling with linux fundamentals

navigation, cant find that hidden files

The file names have a . at the beginning there

the question pretty much tells you which file

all I missed was a dot........

Ik which file how do I acess it...

Helps to carefully read

why can i only type here?

thats not needed

Read #rules and #welcome

🙏🏻

Read #welcome

Still having some issues on Footprinting Lab - Easy. I don't want to post any output here so I don't share any spoilers but I am able to connect with the credentials that were given on a certain port successfully but when I am trying to download the files from the FTP server I am getting permission denied. I check permissions of the files I am wanting to download and the owner is the same user I am logged in as. Anyone willing to help point me in the right direction?

thanks bro, you too EverdaySparkling

that's helpful, I looked it up and it always said do thse cmds

and gave me OS Versions

I thought that was right but I was failing to understand so I give you my grattitude for heping me succeeedd

<@&861185840277487616>

almost a year later and I still tried to enter "previous flag" as the password 🤣

Quick question, in the "Setting Up" of Information Security Foundations, did you follow this step here and created a "Broadcom" account?

What is this error ?

Use single quotes, bash is tryna execute an expression

You'd have to for VMware, Oracle Virtual Box you dont

Perfect, thank you, I'll use the Oracle one as I have used it in the past

A broadcom account is required for vmware

But probably VMware is better for the course, since all the steps are given only for VMware 😥

You can still install on vbox

Your mind has to be flexible, and Google is an arms reach away

Doesnt really matter later on

Yeah I know, that's what I am doing 😄

Half the time you just remote onto academy targets

Hi

on the command injection module and doing the "Identifying filters" question, its not giving the right answer when I input it if im doing it correctly

am I allowed to share what Im doing to make it clearer? I dont want to give any spoilers away 😅

Hello
I'm trying to use metasploit on some easy boxes like nibbles,lame,blue and getting the same error "Exploit completed, but no session created". I have tried the following fixes but still no issues. Can anyone help me with resolve? - thank you!

Tried
Checked my settings
Followed walk throughs using Metasploit method
Updating metasploit
Checked db_status (shows connected)
Reset DB (deleting db, init, restart postgresql - still same issue)

Yo

Hi 👋

Why can't I chat in general

Read #rules

and #welcome

Done but it says done reading check out #modules

Read #welcome again and follow the instructions

You'll need an account https://app.hackthebox.com

Thanks

No worries 🙂

may I pls DM u about something quickly 😅

What is it about?

about this

Read the title of the channel

If it's above Tier 0, do not post anything that would spoil the content

I believe its tier 2

which is why Id like to DM someone from htb because I genuinely think the website is wrong or something

Then I'd advise leaving a message stating vaguely where you are having trouble, and perhaps someone will give you a nudge in DM

If you think there is something wrong on our (HTB) side, raise a support ticket

ok how can I raise a ticket pls?

oh no worriess i found it thanks

https://help.hackthebox.com

👍

I followed all the steps written here, the VM restarted as it says, but instead of seeing window that asks us for our passphrase to unlock the system it is asking me to Install again, I restarted it a few times and it is the same thing, should I again follow all the installation process? Something got messed up?

I selected Try / Install again and I am in the home screen again, so I assume I should re-do the installation

Just finished my Intro to Networking Module and to be completely honest, most of it was a refresher from College, but some of it I don't feel we covered very well in the classes lol

Dismount the iso

After installing it you have to unmount the .iso or it will just boot from there again instead of booting from your actual installation

I searched online, I tried but it broke completely, I deleted the whole thing and I will do it again

Or mess with boot order

My bad, I'll do it again

Search online, or use chatGPT?
One of these options will be better than the other. Choose wisely

Both

😄

GPT will fuck you over

More often than not

Hahaha

I'm assuming the 'solution' you tried was GPT

No no I played with the boot order but it didn't work, then I got stuck in a terminal tried to get out but something else got selected, not sure, I do it all over again, no problem

Hello, who have worked on nformation Gathering - Web Edition - DNS Zone Transfers questions. I put nameserver to /etc/hosts, but I still can't run nslookup

nslookup gives you what you asked for

Looks fine to me

ah ok

Maybe you're misunderstanding the output

Yeah I can do that 🙂

is this ok, because I can't understand

I should see subdomains

Just use the ip

.htb is not an official top level domain and therefore cannot be resolved by the root servers. Use the IP as a nameserver

@pastel lotus right here

good day, I'm new here
glad to be here

Hi

I'm stuck at the same part can I dm you aswell?

thanks, I understood

Hi

I dismounted it, I entered the key correctly, and then chose the first option: Parrot OS 6 GNU/Linux
Then I had the following 2 screens for a few minutes, which they make no sense as the passkey was correct.

Now it's stuck here

Don't install with encryption

Current iso version has an issue with the LUKS encryption mechanism

I just followed the steps on the academy

You don't need to encrypt unless you're a paranoid schizo

Okay then so I'll start all over again, no problem. It should still work though as I did everything correctly. Also it should be mentioned in the course to not encrypt it cause we might face issues.

The setting up module is old

Very

They should really update the windows section cos ain't nobody getting their hands on that windows dev iso anymore

Oh I didn't know, it seems pretty recent 🤣

Always bet on the documentation on the OS website being accurate, and their own discord

If you popped into the parrotsec discord for even a minute you'd know this is an issue

Right here @pastel lotus - show us

What time is it there? from my perspective you never slept

0917

G0blin sleeps?

I didn't join, no

We don't talk about sleep

(I know, ironic coming from me)

Are you sure that's what it has, or just what your data can contain

Unless you can have it pull specifics, calling bs

I've tried a lot and I'm stuck on module 57, section 516 Skill Assessment Part 2. I'm also pretty sure I discovered something that should not be possible and will lead anyone down a rabbit hole (cusswords in a working login).

I read the entire page, tried bruteforcing with and without the username from skill assessment 1 and not sure what to do.

If someone could reach out to me, I would really appreciate it

Module name and section name are better than numbers

Login Brute Forcing, Skill Assessment Part 2, Question: What is the username of the ftp user you find via brute-forcing?

Have you tried logging in to the server first?

It's a second order attack. Iirc the assessment is on a public ip and port

I am logged into the server where you can search something

You need to brute force from the inside, is all ill say

I'm not sure what do with this info, can you point me to the module section, or can I dm you?

Hello guys, i am new here, currently i am doing HTB Prolabs and i have already completed Dante and i am working on Zephyr.. Actually i am kinda stuck at the pivoting part, I tried using Ligolo and Chisel but it is not working… Can someone plz help me out…Thank you

verify your account to gain access to #1263635449335910531 -- #welcome

You can't bruteforce ftp from the outside of this machine

Finally it worked, thank you

Don't remember the section name. But there was a section regarding using netstat to discover a service running localhost on a machine

Should I still follow the rest of the steps in Setting Up or half of the stuff will not work since it's old?

Consider it a reference, not a guide

Sounds good

I'm struggling to get past the ssh. I'm having trouble with not being able to use a password

Well find the user and password, all relevant info is given to you from assessment 1

The password isn't gonna contain cursewords

Also make sure you specify the port

that's exactly what I'm trying but I can't bruteforce ssh because I keep getting target does not support password authentication error

Hi everyone, I just pushed a major update to all labs in the Advanced XSS and CSRF Exploitation module that removes any port-related issues. This should enable significantly easier debugging and testing of payloads, removing unnecessary complexity and potential for frustration. I apologize for any frustration caused by the previous lab setup. Let me know if anyone identifies issues introduced in the update 🙂

Kerberos Attack Module - Unconstrained Delegation - Users

Does anyone get the same error and doesn't get the ticket?

Never done that module, but you might as well try petitpotam instead of printerbug

Can I get the same result with petitpotam?

Try synching clock #modules message

both printerbug and petitpotam serve the same purpose afaik: coercing a machine authentication

Better try the time sync though, it seems like people have solved the same error by syncing time 😅

Or just reset lab heh

hello i have a problem at the first module of tier 1 i cann ot connect to the site where i have to do the sql injection

i use openvpn and not the virtual machine or pwnbox

please help me

Which module?

Learn the basics
of Penetration Testing on this on

the tier 1 and the exercise appointment

that's not a module that's a #starting-point box, go ask there

ok sorry but it s written that i don't have access at this server

Are you attacking the right port?

Read and follow #welcome

I got it

Remember public ip and port means only externally attack the public ip and port

I got there in the end, all I'm going to say is this I could have saved myself 2 hours

The same... But thanks! I used: sudo ntpdate dc01.inlanefreight.local

I didn't solve it syncing

Good Morning someone can say me why have i so error here?

try and not filter it and then you can see what the error actually is

and how can i doing that?

remove the -fs option

which filters by size

make sure you understand what the command is doing

Time is yet another can of worms. Your virtualization solution (VMWare, Virtualbox etc) tries to actively sync time of your VM to that of the host, and it is not desirable (we want to sync time with the target). That auto sync feature of VMWare etc needs to be disabled

i removed and the same

How can I disable the auto sync on VMWare?

On VMWare Workstation, it can be disabled by unchecking Synchronize guest time with host in Virtual Machine Settings > Options > VMware Tools

This was my settings. I think I already had disabled. Thanks! I didn't know this

That's nice

Also run this one:

timedatectl set-ntp 0

Is admin.academy.htb in your hosts file?

Make sure not to include the port in the hosts file

My other thing would be making sure the target is still alive

Do you recommend execute both commands always?

ok marciele i will try now

nope, this set-ntp 0 is one-time
That checkbox is one-time as well.
You'd have to keep running sudo ntpdate frequently though

Okay! Thanks for the tips!

Need to specify the target with the -t flag

Yes, I solved adding --target FQDN. Thanks!

i still have an error

Currently doing the Lab Warmup for Advanced CSRF & XSS Exploitation, but can't seem to access the csrf.labintro.htb site on both the Pwnbox as well as via the VPN.

Hosts file is configure correctly, and I am able to successfully access the xss.labintro.htb and exploitserver.htb sites.

Anyone else having issues with this? The server for csrf is not responding, and burp browser says:

Error

Failed to connect to csrf.labintro.htb:443

Could you show the hosts file?

Have you tried respawning?

Make sure you didn’t make a typo in your hosts file. I accidentally wrote crsf

This is the entry in my hosts file:

10.129.129.102 exploitserver.htb
10.129.129.102 xss.labintro.htb
10.129.129.102 csrf.labintro.htb

I did try respawning as well, but no luck

Which region? I’m on EU academy 3.

For the Pwnbox I used UK and for the VPN I'm on EU Academy 1

Just tried EU Academy 5 as well, and also doesn't work there

Working fine here on my end

Hmm, strange. The fact that I can access xss and exploitserver confuses me

Yeah. Try remove your record and put it in the same line as the XSS one. Maybe theres an ambiguous character somewhere

Hmm yeah now it suddenly works lol. Thanks!

Awesome 🤩

Now I can't access my exploit server 😂 . I will just come back to it later. Chances are it will suddenly work again hahaha

Try to put the exploit server in the same line too

There’s no point in having 3 lines for the same ip 😅

Then you need to update just 1 ip if you respawn

Will do! Indeed, idk why I put it on 3 lines 😅

hello everyone, i have troubles answering the first question of the PKI-ESC1 section from the Windows Attack and Deffense module (SOC path). this is the question "Connect to the Kali host first, then RDP to WS001 as 'bob:Slavi123' and practice the techniques shown in this section. What is the flag value located at \dc1\c$\scripts? ". the problem is that, after using the PS command ".\Certify.exe request /ca:PKI.eagle.local\eagle-PKI-CA /template:UserCert /altname:Administrator" as described in the section, this error shows up "[X] Error sending the certificate request: System.Runtime.InteropServices.COMException (0x800706BA): CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)
at CERTCLILib.ICertRequest3.Submit(Int32 Flags, String strRequest, String strAttributes, String strConfig)
at Certify.Cert.SendCertificateRequest(String CA, String message)
at Certify.Cert.RequestCert(String CA, Boolean machineContext, String templateName, String subject, String altName, Boolean install)", i really dont know why that is happening or how to fix it, and the steps are clear and easy enough to know that i am not doing anything wrong, but idk

Someone can help me pls?

help with what?

The question doesn't deal with subdomain fuzzing

Hi

i don't know because i cannot get the flag

Hello

How can ı take rol?

Read #welcome and follow instructions

Thanks

Create the file “ids.txt” as requested in the question.

i did bro

The endpoint is given in the example

Iirc

then identify the accepted value

mmmm

oh my good

L

Wwwwww

guys pls help what should i do here

pls help

@ocean night

use cURL to get your flag

how

i dont know

@acoustic owl

Well first time for everything

Good luck!

https://pentesterlab.com/blog/tricks-to-hack-with-curl

ok

Hello guys, I am stuck on this Skill assessment section of sqlmap esssential i don't see any potential attack vectors

Who can recover my hacked account?

No one but the company you got hacked from

No.

I have a question regarding module Linux Privesc, exercise Environment Enumeration, "Enumerate the Linux environment and look for interesting files that might contain sensitive data. Submit the flag as the answer.".

Which is the expected approach? Being honest I just grepped for the expected HTB flag structure, but that doesn't look like I was expected to do so.

I cannot get the flag oh my good

which

module and section?

okay, found it

attaking web applications with ffuf

why are you bruteforcing vhosts?

i don't know

then that's the point

try to understand what you are really doing, what is that custom wordlist? why would you use it?

why would you be bruteforcing subdomains like 1.academy.htb, 2.academy.htb... 100.academy.htb...?

basically i don't know i am a noob

Sometimes you just gotta throw a hail mary

Just to be sure

😄

dont worry, that is okay

section is telling you that sometimes there is some data that can be bruteforced contained in POST requests

if a POST request is requiring an "id" parameter and you have just created some "ids.txt" wordlist, it seems like you need to fuzz id parameter with it

but i don't know because i cannot get the flag

yo

Yeah I can do that 🙂

dont think just on getting the flag, try to understand what yo are doing
at this point you should re-read the section

then what i do

I have already given you an enormous hint (pretty much the solution hahahaha)

Cant provide you with the exact command. Would recommend re-reading.

thank you brother but I still don't understand anything xD JAJAJJAJAJAJAJAJAJAJ

I advise you go back over the module / section content carefully

Keep in mind the advise you have been given here

no worries, just re-read the section, take notes and try to understand it

snap

I'm saturated and I'm getting overwhelmed xD

Take a break if needed, it happens to me as well when I am tired, then I come back and it makes sense 😂

Then its time to take a break!

any modules related to AI prompt testing?

Thank you guys i love so much

There's a module regarding AI, but don't know if promts are included

I remember there is some online game where you have to scape the limitations of a chatbot and get some password prompting, played it a few months ago but cant remember the name🥵🥵

Tell us the secrets

hi

why I cant message in general

You need to verify your account

hack the box account?

Yes, check here: #welcome

oh alright

I had the same in the beginning 😄

thanks for the help

No worries

I got itttttttttttttttttttttttttttttttttttttttttttttttttttttt let'ssssssss goooooooooooooooooooooooooooooooooooooooo

uffffffffffffffffff

this is very hard xD

you see? sometimes you just have to rest a bit and think different 😉

the funny thing was that i didn't do it xDDDDD

I am very close to having finished the Abusing HTTP Misconfigurations -> Skills Assessment - Hard. I already have the xss payload working succesfully, as when I enter the page the xss executes. automatically. However, it seems like the admin is sleeping and never executes my xss. I tried various values for the Host field since the admin might not be using the public ip address but nothing changed. I would have expected the admin to use the vhosts given in the skills assessment instructions. I used the vulnerability from the module to make sure other keyed fields were not triggered and so when I just open the page normally it executes the xss immediately without me changing any header values. Does someone have a clue why the xss is never triggered by the admin?

on the server side attacks skills assesement sshould i be doing a blind jinja injection

Read the module / section, you will find it there.

dm me what u’ve tried so far, i can give you a nudge after that

i managed to do it

i was trying the wrong payloads

Did you figure out the assessment? I can dm you if you still haven't poisoned the web cache since I did get that far.

for a different template engine

Still need help?

What is the mention limit? There were 6 users who had unanswered questions on the Abusing HTTP Misconfigurations hard skills assessment, and I wanted to mention them all to see if they could help me or I could help them.

Yes.

Dm me what you got

It's also a good approach to check the forum. Many of the resolutions you will be able to find there and not in this channel

Excuse me,

i was stuck at the question on Learning Progress.

The question is : What is the difference between the two numbers of the learning progress mentioned above?

I understood the question, is something about 1% of our performance but where i write this, that tell me is the wrong answer :/

Does anyone know which character can bypass the space to make the following command work correctly in the Bash terminal? %09, ;, and %0a don't seem to work:
bash<<<$(rev<<<'dwssap/cte/ tac')

Hello. I am a little stupid. Can anyone teach me how to hack stuff ?

Bruh

IFS should work

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible