#modules

you might be used to 3 octets for permissions rwx

ah

owner/group/others

but there's a hidden 4th

SUID bit ftw

special/owner/group/others

SUID -rwsr-xr-x
SGID -rwxrwsrwx
STICKY/restricted deletion rwxrwxrwt

Thanks for the advise, I did a whole section with no help.

you won't really need to worry too much about SUID/SGID/STICKY for a while

I have a quick question

I ran apt list --installed | wc -l and it said its not a stable CLI interface, but when I did apt list --installed 2>/dev/null | grep -v "^Listing" | c - l it did work. Howcome?

instead of piping to wc -l pipe to head

and you'll see exactly why

this tells me you looked up the solution if you don't know why this worked btw

Wait, nvm.

apt list --installed | head

that'll output the first like 10 lines

if you compare the two you get off by one

told you to be mindful of extra outputs

you also don't need the ^ in your grep

also 2>/dev/null really didn't suppress anything

as | only pipes stdout

not stderr

or stdinfo

but why do we use 2>/dev/null in the first place

2>/dev/null sends stderr (file descriptor 2) to the shadow realm

so that when there's an error it doesn't spam our terminal

for find any time we don't have permissions on a file/directory it will output an error in stderr

suppressing errors

yep and that happens a lot if you're searching from fileroot (/)

Thanks guys

go 30 mins without asking for help now 👀

i don't recommend relying on it as sometimes you want errors to tell you why something broke

i.e. you typod

chomd instead of chmod

that's what 2>errors.txt is for

haschat instead of hashcat

well, imma take a break, ive been at machines and stuff for 18 hours.

you've been at academy for 18 hours

machines and labs are a different beast entirely

you don't get a rundown of what to expect for it

You don't know what it's like to be at a machine for 18 hours *ehem* darkcorp *ehem*

just a vague hint based off the name

https://tenor.com/view/war-vietnam-ptsd-shell-shock-moment-gif-3022747568394546158

No, ive been doing machines for 10 hours and the academy for 8

I swapped

which machines 👀

bold strategy doing machines first then realizing how lost you are

easy ones

That's how I started

HTB easy is other platform med/hard

unlike THM HTB says, here's a box -- goodluck

and you really gotta do research if you're green to the field

That's the fun part 😄

ye

i learned about an interesting service thanks to it

Not for everyone, but certainly a way to get started and learn

You really gotta do research when you encouter something unfamiliar to you...

also learned some simple js commands

I like that I learned something from the newest box but... it is still just a shameless plug by the creator 💀

So long as you learned something.. sellers gotta sell, and if the content team saw it as ok, hey ho 😉

fetch(https://hackthebox.com/all_Flags).then(response => response.json).then(data => console.log(data))

mans getting paid for his own shameless plug is crazzy

Maybe I should do that

speaking of i haven't plugged my tutoring in a hot minute

I honestly know nothing about it

(the most recent machine)

I just trust our content team

I mean it's a good box nonetheless

but it has a tendency to confuse everyone which path is intended as there seems to be so many branches that all lead to user & root

all roads lead to rome

This is #modules

🤣

no place like 127.0.0.1

I know, I know.. we all gone off topic

Put the box in a module, problem solved

We can talk about nibbles here cos it's in the getting started module

by a sharp technicality

i'm sure there's plenty of retired machines floating around the modules; i mean the Common Apps thick client is based off Fatty

well "based off"

Is the skill assessment for the getting started module based on another box?

hey for this question i got r*****32.exe but it doesnt say correct when i submit it did it fwork for you

I have been stuck here for a while

That's not a question - include the module, section. Do not post spoilers for content above T0. Read the channel subject @prisma turtle

in module 19 section 101 I need help finding os I have looked for like 30 min

Yeah... need the names not the numbers

network enumeration with nmap

The last paragraph gives you a hint that it's not in the module/section

oh ok ty

So, how much hacking and IT knowledge do I need to have to start the academy?

0

Good to know, thanks!

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

@spring charm

You could also start with the : Information Security Foundations path

Thanks!

Hi sql map module page bypassing waf question 3 ik I have to use random agent but when I checked the traffic I dint get error codes 500 but I got 200 with connection close

I checked the solution they just gave the command that's it

No explanation on why they used this

Based on traffic

Someone explain why

some wafs silently filter instead of blocking, that could be why

So if I get connection close when I use sql map but in browser it works normal so I default to random agent?

Nuts help

https://letmegooglethat.com/?q=Tor browser access hackthebox new site

Nvm

Dark web on phone is hard

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

@cloud urchin how was my name offensive?

My name was Dokno

@cloud urchin

Encountering multiple issues with trying to RDP to an IPv6 address in the Windows Lateral Movement Skills Assessment:

1. xfreerdp thinks the IPv6 address dead:beef:df::3 is a hostname (it isn't)
2. The /port:43389 switch is ignored by the xfreerdp command whenever an IPv6 address is specified

How does one get xfreerdp to recognize the IPv6 address as the IPv6 address that it is? What command line options do I need to pass?

@ocean night

what about wrapping it in brackets

Already tried that. Had no effect.

@fathom pendant

@cloud urchin

They won’t answer

is that not the solution?

Y my name was considered as offensive, it literally said Dokno

The full command used here:

xfreerdp /6 /d:inlanefreight.local /u:Arturo /p:'<REDACTED>' /w:2880 /h:1620 /dynamic-resolution/cert-ignore /drive:'backup',$PWD /port:43389 /v:[dead:beef:df::3]:43389 /timeout:99999

The command is ignoring the port flag and trying to connect on port 0 despite my explicit mention of the port number twice. Why?

please don't ping random people

Ok Srry

Update: so using xfreerdp3 instead of xfreerdp did solve the port problem but it isn't solving the foolishly-thinks-IPv6-is-a-hostname problem. Anyone else?

Not sure, never used it with ipv6

considering the vpn is only ipv4 how are you connecting to ipv6? is that even covered in the module?

hey girls i wanted to know if anyone could help me with this

• 2 What's the contents of table flag6? (Case #6)
  SQLMap Essentials
  https://academy.hackthebox.com/module/58/section/526

I’d reply, but I’m not a girl

oh im sorry since im a girl i just got used to sayin that to my homegirls

What’s the problem?

lmaooo

ummm

so i run sqlmap

for flag6 and i still cant get any good results from honeslty ive beating eating my 100$ nails so

ive been running this is there anything wrong with it

You can dm me 🙂

So to not spoil content for others

Yea it's the solution but I wanna know why tbh like I checked the traffic It was just connection closed and 200 ok not 5xx error

was it throwing a 500 or just not giving results?

It was throwing 200

But in description it said connection closed

Just compare it to a normal request

hi im so lost in the website

Have you tried using the search function? 🙈

hmmm

It does help to mention what you’re lost on

i just dont know if the things are free or no and does the intro toacademy count as a course a bit lost

https://help.hackthebox.com/en/articles/5272936-introduction-to-htb-academy

That should answer your questions

read this bit: https://help.hackthebox.com/en/articles/5272936-introduction-to-htb-academy#h_6ac6f773e1

thank you

https://tenor.com/view/chill-guy-my-new-character-gif-2777893510283028272

https://tenor.com/view/chill-guy-my-new-character-gif-2777893510283028272

i got you

This skill assessments I'm stuck since 3 hrs haven progressed at all

lvy bro

I am facing the same issue, have you found a solution?

Guys, i have a questions about the modules, i m doing the CPTS learning path as a Student, the modules i complete will remail available after i end the subscription?

Yuh

You did you also start learning?
I started learning cyber security a month ago

you have access to the module for life & even access to new updates to the module

I need a learn partner

you may #1318239802931286066 here

Thats pretty crazy for price

https://tenor.com/view/sasuke-sasuke-uchiha-naruto-naruto-shippuden-fortnite-gif-23813515

Why not, i started 2 week ago, but as im also studying at university im actually at footprinting module

@inland grove Are u also interested in CPTS?

I don’t know that

Studying for Cisco ethical hacking

Also doing the overthewire challenge

Cisco is a great company for certificates, i did the cisco CCNA

hi, I got this question and I don t understand what it is asking me , Try running a VHost fuzzing scan on 'academy.htb', and see what other VHosts you get. What other VHosts did you get?

I did to find vhosts in the scan but I don t know what to submit, every answear is incorrect and I don t know where to look

Which module and section?

Attacking Web Applications with Ffuf

Filtering results

specially cisco packet tracer is the best tool to work and set up networks and learn about them

You using the same wordlist used in the module?

yes

and I get at every 200 code

but when I submit, it is not the right answear

provide your command please

ffuf -w subdomains-top1million-5000.txt:FUZZ -u http://academy.htb:38540/ -H 'Host: FUZZ.academy.htb' -fs 900

am assuming it's in your host file, correct?

correct

What happens if you don't filter out s 900?

ffuf -w subdomains-top1million-5000.txt:FUZZ -u http://academy.htb:38540/ -H 'Host: FUZZ.academy.htb'

I still get code 200

show output real quick

here is a part ,

Ohh, gotta be more specific with your filter size

that I don t know how to do :/

What's the exact size that every vhost seems to give you?

Visiting the vhost might give a clue as to what's happening, why it's returning 200s
remember to add the vhost to your host before you visit it

I did add the vhost and also the ip

did you try to visit any of the vhosts in your browser? what's the result look like?

This feels crazy
Can’t learn to be a higher hacker

We can’t connect to the server at www.academy.htb.

the weird thing is that I added vhost and ip with sudo

show hosts file:
cat /etc/hosts
and screenshot the page

If you got no questions about #modules please head to #general
You need to verify your identify first, instructions ---> #welcome

you need to add the vhost's subdomain as well e.g:

94.237.53.147 academy.htb www.academy.htb

ohh..

after which try to visit www.academy.htb and see what's what

You'll know why they're all 200s

connection time out

still did not understood what did I miss

did you add the port at the end? when you visited?

yes

The connection has timed out , http://www.academy.htb:38540/

the target still up?

yes, I get reply from 94.237.53.146

did you copy paste my thing? cos I think I misspelled the ip

double check the hosts file

Unable to connect

Firefox can’t establish a connection to the server at www.academy.htb:38540.

What are you trying to do

now it is working

ip was ip

knew it

Guys I wanna learn 😭

but still not the right answear

:/

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

so I still don t know where to look for the right answear

Yeah I know it's not the right answer, what did you see after visiting it though?

welcome to my htb academy "

Hey Guys!
Im stuck on this module, which is code analysis from Malware Analysis https://academy.hackthebox.com/module/227/section/2499
Can someone please tell me how to connect with the xfreerdp command? im using this command from the solutions, i have also approached support team in hack the box. they are not able to help. If someone has passed this module, please let me know how to debug this issue.
└──╼ [★]$ xfreerdp /v:10.129.33.33 /u:htb-student /p:HTB_@cademy_stdnt! /dynamic-resolution /drive:share,/home/htb-ac-594497

Oh... I really thought it was gonna be a custom 404 page... which would result in 200s to try and teach oh well..., here's what you need: -fs 986

allright

worked like charm

@inland grove this btw if you didn't see it already

You understand why it works?

I used to filter

right ?

yes but why we're using that filter specifically

to filter the size 🙂

ffuz skips the response also

and skips response of 986

now I understood

Yeah so essentially we notice that almost every response has a size of 986, which could indicate some redirection shennanigans (probably what we have here) or a custom 404 page(you might see in other labs), which is why we filter it out

thanks for clarifications now it makes sense to me

Was someone here able to pass the Common Session Variables (Account Takeover) lab? I was able to change the admin's password but got stuck on what to do with the MFA part.. would really appreciate some help

is anyone up for a DM about AEN? I've been stuck for too long now, starting to think there's something I don't understand fundamentally. I don't want to get spoiled by the walkthrough

Okay I would begin
Hope it doesn’t cost much

Sure

hii

Hi, I'm working on Windows Privilege Escalation > Further Credential Theft
I found the answer to the first question which was the password for the sa user, I have no clue what to do from there. I tried every tool from the C:\Tools directory, I tried connecting with the credentials I found to no avail, I see no mention anywhere of the WEB01.inlanefreight.local domain. May I get a hint on what to try?

Hi i am advanced sql injection module reading and writing section , if anyone here can give a hand i would appreciate that...

Hi i have a question about dns subdomains and Vhosts.
i wonder whats the difference between bruteforcing Vhosts and bruteforcing subdomains because the result will be the same
For the domain example.com both will try to bruteforce it for example dev.example.com
So whats the difference between the two enumeration methods?

Hi everyone, I tried searching but wasn't having much luck. In the intro to malware analysis module, has anyone had issues with Noriben?

Doing attacking common applications: WordPress - Discovery & Enumeration
There are three questions, 2-3 are about the plugins. I found that and answered the questions. Question 1 says "Enumerate the host and find a flag.txt flag in an accessible directory." --> Accessible, for me = something I can enumerate and browse to without exploiting the application (otherwise, it's not Accessible). Am I right?? Am I supposed to browse around and look for the flag file, or how am I supposed to address this? I am not looking for a solution, just someone who can explain what they ask about. If I need to get access to the authenticated part, please just let me know because I'm confused. Thank you!
Btw, the sections is somewhat unstable/buggy.

dns subdomain bruteforcing is only possible if there exists a dns server that you can ask.The DNS server would know that example.com belongs to ip A and dev.example.com belongs to ip B. In development environments (and pretty much any htb box) there is no DNS server available that knows of all the subdomains. So in these cases subdomain enumeration via DNS is simply not possible.

With Vhost enum you already know/assume that all subdomains/vhosts are on the same ip address. The one webserver running on that ip uses the host header to determine if it should show you example.com or dev.example.com. You enumerate by just sending every possible subdomain and see if the webserver responds differently. There is no need for a DNS server here, because you can tell by the response of the webserver if you got the right subdomain.

Whats important is, even if there is a DNS server available and it lists you 10 subdomains, that does not mean that there aren't another 5 vhosts also available. Especially in development environments there can be webapps running on the webserver that are not yet linked to the DNS server.

What you should do: if you see a dns server available, try to perform a zone transfer to get all the subdomains the dns server knows of. But even then, still perform a vhost enumeration to see if there are any other subdomains available

You won't find it by browsing around, it won't be accesisble directly via a link. But you can use tools to enumerate folders and find one that when you manually browse it in the browser shows you files, and one of those will have the flag

Ok, so basic web enumeration is what to do?

I'd think the section taught you a way to enumerate wordpress specific folders

and probably some plugin folder is accessible and has the flag or something

Ok, I'll work some more on it. Thanks! Got a bit confused by the question...

Thanks!

hello guys, does anyone else has been experiencing issues with the vpn of the academy or the connection ,I have 2 days all my hosts are down when I try to work on them and I have change numerous vpn and restarted the machines, can someone tell me how could I fix this please ?

hello sir i am new to HTB and starting my journey but when i try to answer it got incorrect answer please help me answer this question it’s from Components of a Network module from network foundation

What type of network cable is used to transmit data over long distances with minimal signal loss?

a-b

It's given in the reading

i tried fibre optic but its not working

I gave you the expected format

also fiber not fibre

thanks. just the hyphen was missing

IPv4 is easier than IPv6 ?

Wdym "easier"

And what module is this in relation to?

Nvm

Sounds illegal

I suggest not talking about illegal activities :) #rules

It’s not illegal

Since I had his approval

Sure and I have permission to slap the King of England, he said so

You a funny guy

Either way, it's unrelated to academy modules, I suggest reading #rules and #welcome

Thanks but since I can only type here…

If only one of those tells you how to access more channels

"Think twice before typing anything stupid"

Ik how but I can’t remember my password

And I don’t have access to a computer rn

Then suffer

¯_(ツ)_/¯

It's doable on mobile

Well well well

Why are my nmap scans getting this reponse ? "Host seems down. If it is really up, but blocking our ping probes, try -Pn". I am doing a routine scan on the target machine.

hello

if you know the target is up, use the -Pn switch like the message is telling you

Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains? at the module web aplications , I got this and ran out of wordlists, what should I use to get the right answear?

Windows machines will usually block ICMP ping, resulting in that message. other machines may be configured to do the same

gobuster dir -u http://xxxxxx.academy.htb:34979 -w raft-large-extensions.txt -t 50

I tried this wordlist and every result it gets me 403, I tried a different wordlist and same result, any sugestion ? 😦

Not sure with gobuster but ffuf has -ac to autocalibrate the scan as it runs

hi i want a help with ARP Spoofing & Abnormality Detection in the academy. Can anyone help me ?

What's the module name?

ttacking Web Applications with Ffuf

Intermediate Network Traffic Analysis

what should I change at the command ?

I don't recall to much but I believe i used the burp extension list

The username list has that username, and the mutated password list has the password

Also spoilers for module content above tier 0

i find the problem nevermind. thank you

Yeah i know that , but it will take years for hyndra to look through all of them

48 threads goes brr (if you're not attacking ssh)

I forget if there's a linux host before that but they reuse the windows and linux hosts in that module a fair bit

i am attacking ssh i think

Don't tunnel vision

😉

Don't assume the question is giving you the direct first step

gobuster dir -u http://xxxx.academy.htb:34979 -w burp-parameter-names.txt -t 50

I tried and no results :/

any advice ? :*)

every results is with 403

also on web estensions or raft

You're mistaking my advice for someone else for yours

The 48 threads advice was directed towards the one asking for help with password attacks

You're not telling it where to FUZZ but I'm not familiar with gobuster fuzzing

ohh..

I'm not sure what the gobuster output is telling you

I solved with ffuf

ty ❤️

Evil-Tweans module Skill Assessment anyone to ask a thing or two?

Why I m not able to msg in general chat ?

read and follow #welcome

https://academy.hackthebox.com/module/57/section/3209
-I'm having an issue getting a username, nothing seems to work and hydra is giving "[ERROR] Child with pid 178413 terminating, cannot connect" and stopping the search. this is a newly added section so checking if its messed up or am I missing something?

I am currently doing the AD enum skill assessment and I was wondering if there is an easy way to write nxc output to a file?

I used to just copy it to vim and then search and replace a lot but there has to be an easier way right?

Hey everyone, having some trouble on Password Attacks - Network Services. I was able to get everything except RDP. I was able to find the user with some recon via powershell, but tested out the password.list file (with and without the computer domain) and got nada. I've used hydra, crowdbar, and tried crackmapexec and it errored out before even starting. Also tested changing VPN connect, just in case. Is there something I'm not getting?

You can use --export <file name> to export it to JSON format

Hello everyone, I'm working on the HTTP Attacks module and trying to get RCE via log poisoning, but my payload isn't executing.

I sent a POST request to /contact.php with the following payload:

Host: 83.136.248.16:32509  
Content-Type: application/x-www-form-urlencoded  

name=testuser&email=testuser%40test.htb&phone=123&message=<?php+echo+'pwned';+?> 

When I check /log.php, I can see my payload in the log, but it doesn’t execute. It seems like some characters might be getting filtered. Am I missing something? Do I need to encode it differently, or should I try another approach? Any hints would be appreciated. Thanks in advance!

--export does not seem to be an argument :/

any one woking on Attacking Applications Connecting to Services ?

it worked fine on my end

ahh, i believe it was for CME, maybe they didn't carry it over. You could try the man page or --help function, or alternatively you could just pipe the whole thing to a file with like nxc > file.txt

I think I used only the redirector > filename

I tried it on nxc and cme

I also use the redirector but I always strugle to find the correct find and replace commands in vim

so I thought there maybe is an easier way

do I just need to reset the box for a new IP? mine is just terminating every time

yeah

or you can use mine i'll dm it to you (fresh spawned box and should be reachable, literally got it in .5 seconds)

yes please dm me, cuz my new one, i ran the same command its saying itll take 4500 hours lol

shouldn't take long

also i dislike how they changed this section

previously they used sed to do the editing and not a mess of grep chains 🤮

100%, I already did this all in the CBBH stuff, this is the only new part lol

they changed this section, it's not a new section per-se they just added an interactive element to it

previously no lab for this section, only the http-get section

🤘 you rock

im stuck at the Password Mutations model,

Ive tried BF FTP and SSH, FTP had 0 results and SSH says its going to take 6 hours...

what am I doing wrong?

I followed this exactly,

Take password.list and custom.rule to create a mutation file hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
Bruteforce FTP hydra -l sam -P ./7000mut_password.list ftp://10.129.202.64 -t 64

Doesn’t it do that by default?

Or you can use nxcdb

Actually I’m just thinking about creds here

I also just copy the other output to obsidian

password attacks module, password mutations section

Maybe someone can create a pull request for an output argument 🙂

module is the overarching thing, sections are the pages in the module

nxc has an output argument

got it, but yeah stuck at that section

I cant find it with the -h flag

you can use --log

some modules within nxc may also have their own separate output things

what do you mean "stuck" as in it errors out? or?

also 64 may be too many threads try dropping to between 48 and 52

that seems to be a sweet spot for this module and services

saying "you're stuck" isn't particularly helpful as that can mean a multitude of different things going wrong

ill try 48 but i let FTP run and had 0 results, SSH runs longer then the box lives for

don't touch ssh

ssh is unbearably slow to bruteforce

What is the main channel in here?

#general you need to read and follow #welcome instructions to access it

Ok

Still not letting me join💔

because there's instructions that you need to follow it's not just click the "done reading, go here" button

literally the last thing in #welcome is instructions how to verify/link your account

Im not tryna do all that twin

well this server ain't about that life

so i suggest reading #rules

since it's clear you don't know what hackthebox even is

does this look right?

└─$ sudo hydra -l sam -P mut_password.list ftp://10.129.251.7 -t 48

[STATUS] 824.00 tries/min, 824 tries in 00:01h, 93220 to do in 01:54h, 48 active

just gotta have patience

👍

Solved this by just going through pwnbox. My methods were all correct, but there had to be something that openvpn was likely drawing issues with. Solved in less than a second with the same methods via pwnbox.

Help please...
nc 10.129.233.197 21
220 Microsoft FTP Service
USER anonymous^M
331 Anonymous access allowed, send identity (e-mail name) as password.
PASS anything^M
230 User logged in.
PASV^M
227 Entering Passive Mode (10,129,233,197,194,13).
LIST^M
150 Opening ASCII mode data connection.
550 Data channel timed out.

no idea why they have you running through nc method, but did you try connecting to the data channel (as the method describes)

its an exercise in network fundamentals, going step by step for some cubes 🙂

connecting to the data channel? this was not mentioned in module

it's mentioned in the steps you're reading from for the assessment

imo just use ftp anonymous@ip

but it doesn't hurt to know alt methods

oh, you mean this, sry
nc -v 10.129.233.197 49704
10.129.233.197: inverse host lookup failed: Unknown host
(UNKNOWN) [10.129.233.197] 49704 (?) : Connection refused

you need to have the passive mode running; but you also need to calculate the port number

passive mode is running and I calculated the port number

¯_(ツ)_/¯

just a bit silly to use nc here

sigh, ok i will try alternative

also

NC is supposed to be the alternative

^

don't know why they decided to go through the convoluted mess of using nc for this

Looks like parrot's PS1 var logic also a bit broken, weird ahh coloring

i riced mine a long time ago ¯_(ツ)_/¯

I mean I use kali and a custom PS1 variable without all the colors

it's either that or I dive deep into oh my posh again

its all factory believe me, I didnt mess up with colors lol

I know

You think kali is better

?

Better? Not really, it's just personal preference

I only use Kali cos I'm wayy too lazy to fix Parrot's weird ahh VM image issues

I have to try Kali then lol

tommorow, GN

and thanks

ok, my stubbornness killed the tiredness! I just changed to extended passive mode (EPSV)

Whats is

Hey

Ya?

Guys give me your personal favorite tools for network sniffing

is this module broken for anyone else? everytime i spin up the target it doesnt contain documents.php for me to even to attempt to get the flag: https://academy.hackthebox.com/module/134/section/1186

web attacks module, mass idor section

I get it

why?

I just want to your experiences on that tool

https://tenor.com/view/gun-shoot-kill-you-love-selfie-gif-12788157

Alr bro

https://tenor.com/view/epic-embed-fail-embed-fail-fail-embed-epic-gif-22512028

💀

https://tenor.com/view/oh-my-god-eric-cartman-south-park-pandemic-s12e10-gif-22776126

You need to link your account to embed

Bro is a pro

Anyone able to provide assistance on the last flag for IMAP/POP3 in footprinting?

I've gone through a big list of IMAP commands and cannot for the love of god find this supposed flag. The mailbox that is supposed to have it has no messages.. there is nothing to intercept unless I'm doing something wrong

Are you logged in?

yes

Vidal BTC is trying to nab my account in dms :/

@waxen totem ^ lmao

Send a screenshot of this so I can get it to the mods

Show results of your command

i cant dm you or send it here lol

sent a friend request

it just says search completed with nothing showing

let me check that i didnt accidentally signout

What command are you using to search for the mail?

After selecting, 1 SEARCH ALL

have you tried using FETCH instead?

When selecting an inbox it'll tell you how many mails are in that inbox

When you select the inbox, do you get a message regarding how many mail entities exist?

Also search requires a bit of syntax to properly utilize

Yeah search only works in the currently selected folder

oh ok that makes sense

says 0 exists lol

if im new

what do i start with

You're connected to the imaps server?

Information Security Foundations path

and after that

Whatever interests you more

ima try and do everything

yes

You generally wanna start with one focus then spread from there

Maybe choose another inbox

@unique ether @wild rapids this ain't #general go get verified (Instructions --> #welcome ) and take it there if it ain't module related

The fact they blocked me the acces and you say that to me is wild

They didn't block your access, you need to get verified to access it

Me and lattice were talking about module but ok

instructions here: #welcome

I can’t💀

You getting an error when verifying? (/identify) take the error and contact a mod

can someone just tell me how to use FETCH im going according to documentation and still getting invalid results there is 1 stored message in the current folder im in and nothing is letting me pull it out

nvm

what the hell was that solution

<PFX> FETCH <ID> <CLASS> <FLAGS>

In case you were wondering

Yes it's a pain

That would be how you access email through IMAP commands, most people use a client

i dont think i never want to access an email through imap commands ever again

I mean you could code a client yourself too, there is an api

that honestly sounds preferable

i just feel a bit fried after blazing through everything except the last question which took about 3 times as long as reading the whole page and doing the other questions

i cant wait till the day that most of this makes sense and im not confused about half of everything

I mean tbf they don't really dive deep into the commands in the section so it is understandable

well i did digging and found a site full of them

and i did find fetch but i just dont get why that command gets me the result im after

ehh ill gpt it

The fetch command IS in the module though

yes

the many paramaters, no

because i couldnt get the result referncing the single id in that mailbox

tbf this and a second fetch command is all you need

well i got it i just dont want to post it to avoid spoiling for others

Think about how I felt when I missed the creds when doing that section last week

LOL

I went knee deep into unauth imaps exploits

oh man thats actually horrible

I went back and read the module and went:

https://tenor.com/view/fuck-darn-damn-aw-man-disappointed-gif-16002155

btw get verified (instructions here --> #welcome )

actually it's <prefix> FETCH <id> <class> <flags>

all is a shitty fetch class

use body[] instead

and yes the [] are necessary

i used body[] to pull the contents of the message.. i think

body[] pulls everything

and doesn't leave you with the weird NULL nonsense

well the prefix is the command ID but yeah good to clarify ig

not really, it can literally be ANY string of characters

i forget the upper bounds of it

Yeah idk what it's really used for then

yoink I used RFC822 but ig this is it's equivalent

yep

in the ancient times i posted a link to a couple articles detailing IMAP commands 😉

what I don't understand is why ALL doesn't include BODY[TEXT] 💀

because ALL is a different classifier/class

yeah... that's stupid all should be all

it's more like all [metadata]

Calm down Bob

also: it's FLAGS INTERNALDATE RFC822.SIZE ENVELOPE

That's why clients exist IG

but yeah ALL basically grabs the metadata of a message
Flags set
Date
Size
Structure

if you wanna be sneaky: body.peek[] doesn't set the \SEEN flag if it was previously \Unseen

https://www.atmail.com/blog/imap-commands/
https://www.atmail.com/blog/advanced-imap/

if you're curious about the status codes for smtp: https://www.atmail.com/blog/smtp-reply-status-error-codes/

sql map skill assessment every form has form action as #

not post and i dont see any get variables as well

am i blind

Whenever dealing with web apps I'd suggest using a web proxy, clicking on every single link on every single page, and inspecting what's happening through the web proxy.

Thx

ok

thanks

Does anyone know if I can access htb without a GUI/browser? I have a Linux machine that I’m SSH into with my phone, using Tailscale and Termius, which I want to use to access htb, but it doesn’t seem like there’s a way to use without a browser. I was thinking one workaround would be to download the .ovpn file on my laptop then just scp it to my Linux machine, and connect there, but I still have to interact with htb through the browser to activate the individual machines I’m trying to attack and get the ip.. anyone know a workaround?

you probably "can" but it would be tedious and difficult..

if you can curl the site you should be able to log in etc but you'd have to figure out a lot of stuff

There's a CLI tool [community] for the main labs, but not for academy

Read and follow #welcome and you'll likely find it in #resources-tools or #community-content

Security Monitoring & SIEM Fundamentals - SIEM Visualization Example 1: Failed Logon Attempts (All Users)
I keep getting SSL errors on this box. Anyone know how to fix this?

Genuinely, immediately after sending that message i was like "wait a minute, i didnt try http..."
I fixed it...

As merciee said, there are tools out there currently like this

@brave field please try to ask your questions without spoiling anything from the modules. That said, "not working" isn't a great description either, is there an error you're getting for example?

My apologies, I'll be careful next time more. May I DM you? Thanks.

ok

talk about that in general bro

bro trynna drag me too 😭

if im going down im taking u with me

let's keep the convo related to academy modules =_=

anw i finished sqlmap essentials is there anw i can practice more of this one

i feel like i just tried bunch of options and got the flag with trial and error

kinda want to know when to use which option

Can practise on DVWA , they have a few sqli flaws

https://tenor.com/view/will-smith-shades-mib-men-in-black-neuralyzer-gif-17328155

Can someone help me with the Windows Attacks and Defense module for Kerberoasting ?!

I have gotten the first answer, however when I spawn the windows 🪟 for the given Ip (using the first windows machine to use RDC to open another windows machine(with New given IP and login) I cannot find the webservice and it’s service pid

Hi I am a beginner and needed some help with the linux fundamentals quiz:
I am using the exact same parameters, the ip is also the same, so why is it giving permission denied

i can tell you right away that's not the right IP

spawn target != spawn instance

target == thing you're attacking
instance == in-browser vm

So how to get the target's ip

nvm, got it, thanks

https://tenor.com/view/jedi-creepy-psychic-lucifer-crystalball-gif-5100650

What am I doing wrong here, it's mail, why is this a wrong ans

that's the system mail

try checking the env variable

Ok

Anyone able to chat about the skill assessment for the Intro to Whitebox Pentesting module? the challenge description says there's two ways to obtain RCE. I have managed to exploit it in one way and I believe I can spot the second way but I can't figure out how to get my input into the sink, when I try to send a request to this function the local app errors

https://tenor.com/view/ive-seen-it-before-captain-kareem-moore-mayor-of-kingstown-thats-not-unusual-seems-familiar-gif-24227726

Kill me now... Doing info gathering web skill assessment and the scan taking forever 💀

Hi i am new here

Hi! Please read #welcome for instructions on how to get verified so you can access #general

is this something to wtih hackthebox challenges?

hi, yes it is under Dedicated labs / blockchain.

#challenges
If you don't have access read and follow instructions in #welcome

Ah, so now as Im verified, can I ask about my issue when solving one of the cahllenges?

you can in #challenges <---------------------

@coarse terrace use the channel linked above for your question please

Need python resources ¿

Yooo guys I am doing the AD Enumeration & Attacks - Skills Assessment Part II and I try using bloodhound. I run into a problem when trying to upload the json files collected with SharpHound.exe into my bloodhound on the pwnbox. It just doesn't seem to upload, it's just stuck at 0%. Anyone knows how to fix this?

If you're using SharpHound use v1.0.2

as an alternative use bloodhound-python and specify the ns and --dns-tcp

Yes this works thnx! 🙂

Hi, I'm having trouble with a module in Introduction to Windows Evasion Techniques -> Static Analysis.
I compiled the binary, put it in the static directory and I'm waiting for the flag to be generated. In the logfile it states "OK - Undetected by Microsoft Defender Antivirus". I have waited for quite long + I tried to reset the machine without any luck. Anyone who have experienced this?

Did you follow the module exactly?

The checks it does are very specific.

Do you know what checks? I did the AES encryption.. I feel like i did it exactly 😅

DM me

i only see a vbs script on the SRV09 in Intro to C2 Operations with Sliver module, I still don't find a ps file on it

Hi, I'm working on ffuf module, "skills assesment" and I don't know what to think about the hint in third question : "Use 'PORT' instead of the port shown above".

There is one. Can’t tell you explicitly where cause it’s a spoiler, but there is one
Elevate your session in SRV09 and search for it

I am currently going through the File Inclusion module skill assessment. I am attempting source code disclosure. However, using the base64 encode filter on any existing source simply waits on the response and times out. I would much appreciate a pointer in case you have one 🙂

This means literally your answer should have the word PORT in it and not a number like 12345 as a port number (relying on community members to mark this as spoiler if it is considered one)

Hi im in the middle of attacking common services > email services
And im unable to dig the MX server from the domain "inlanfreight.htb"
any ideas why?

i found it! thanks

Thanks for making it clear.

can any1 spot the error here? can't get it output any commands

Hi fellow hackers,
I currently stuck in Whitebox Attacks module Data Exfiltration via Response Timing of CWEE
The code I used is

import requests
url = "http://83.136.255.47:42674/filecheck"
wordlist= "/usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames-dup.txt"
THRESHOLD_S = 0.15
cookies = {"session":"eyJsb2dnZWRfaW4iOnRydWUsInVzZXIiOiJodGItc3RkbnQifQ.Z8XR4w.5EP3X7dklt-a7w32tocrTkviZCo"}

proxy = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}

with open(wordlist, 'r') as file:
    for usernames in file:
        usernames = usernames.strip()

        res = requests.get(url,params={"filepath":f"/home/{usernames}/"},cookies=cookies)
        if res.elapsed.total_seconds() > THRESHOLD_S:
            print(f"valid username in the file system is: {usernames}")

and no matter how much threshold_s I modify it keep give me the false positive system's username.
Note: I can make it work on local testing but not the real lab. (also tried wiith pwnbox just in case it has issue with network connectivity).
Appreciate for any help! (already tried email to supporter for help but he asked me for guidence here instead)

@jagged arrow

The payload itself looks correct. However, this requires that your access.log has php payload to execute commands correctly. I was able to debug that by reading carefully through https://book.hacktricks.wiki/en/pentesting-web/file-inclusion/index.html?highlight=lfi#lfi--rfi-using-php-wrappers--protocols

awesome resource thank you. Apparently with an access.log file you can send a request to it and modifying the User Agent: <?php system($_GET['cmd']);?> and it should be echo'd to the bottom of the access.log file and therefore give RCE but I could never get this to work

There is a zip file you need to download, from the Resource

Can anyone tell me about the skill assessment of Active Directory Trusts? I'm stuck on question 2. PM me

Having some issues with the module VMs not loading. Is this known? Stuck on fetching status

keyboard is not working in instance

Hi

Hi

@true urchin

Can I DM anyone about abusing http misconfigurations - hard skill assessment?

For others struggling with the first part. You can find an unkeyed parameter by clicking about the site.

Hi, could someone please on Windows Lateral Movement - Skills Assessment - Question 5 What is the password for VNC?

I've tried everything like in the writeup, but i don't get a reverse shell connection
Also the WSUS update is stuck at 50 (sometimes 0) Install (2/2)
How much should i wait? > 5 mins?

I've tried restarting the lab and doing it again - didn't help

Update: for those struggling in the future - it took me like 10-15 mins to receive connection. After receiving connection, it's still 50% Install (2/2). But as it was written in the course - status can have a delay

Hi could someone help me with Q8 of the AD Enumeration & Attacks skills assessment II? I have admin access on SQL01 and have to get admin access on MS01. I have read some past messages and have tried to ||dump hashes with secretsdump.py from the SAM, SYSTEM and SECURITY hives. But when I try the hash of the Administrator user using evil-winrm, I don't get logged in||. Could anyone give me a hint?

IMO it's all about enumeration.

Alright, I guess I'll enumerate some more, thanks

If you still aren't getting anywhere after some enumeration you can DM.

Thank you!

<@&861185840277487616>

also in #cape at least

Hello, I am on Windows Privilege Escalation module, Skills Assessment 1

I saw the user has|| SeImpersonate|| privileges, and I used, ||RoguePotato,JuicyPotato,Printspoofer,Meterpreter getsystem||, nothing worked. Can anyone help me??

@acoustic owl they're back...

<@&861185840277487616>

Bro its supposed to be steamcommunity.com not steam'e'scommun'u'ty

You can DM.

I just figured it out, thanks though.

anyone available for a hint on dacl attacks ii - skill assessment q3? i've been stuck on this for days and feel like i've tried everything

i found the rights i have over 2 objects with the t* user, but i'm not seeing how to leverage that to compromise the DC

Hello, i am on https://academy.hackthebox.com/module/147/section/1327 and am running crackmapexec winrm and selecting different lists, it doesn't look like the lists have the correct usernames or passwords in it. did i miss something in this module that tells us what list to use for target ip?

Does anyone know wifi hacking?

Does anyone know wife hacking

Wifi*

i do not know wifi hacking, i do infact know wife hacking though.

same

No I wanted wifi I already have 3 wife though

i have a general question, is the SOC path the unit that covers tablets, cell phones , social media and the like

man is winning at life and tryng to hack wifi

Yes do you know how to?

no, only wife

No need thanks

Do u know

What happened @proud pine

You've been told about this already. Verify your account, read the #rules and #welcome, and you can access the rest of the server. This channel is for discussion of modules, so stop spamming people.

or does SOC cover something totally different

no, it covers SOC operations such as SIEM operations and threat hunting. you may read more about the path here: https://academy.hackthebox.com/path/preview/soc-analyst

Hi, I do have a question about the module "Security Monitoring & SIEM Fundamentals" section of Skills Assessment. I have completed this section but I want a better understanding or a overview of bassicaly why these answers are correct and how you are supposed to see that with in Kibana. I know that the annual subscribers will have step by step solutions but money is kinda tight and is there any other way to get a better understanding as to why my answers are correct?

hi Linux Priv Esc module - Cron Job Abuse. I completely forgot to check if it had access out to the web because I couldn't see the pspy on the box but it was running. were we supposed to get the binary across and execute it that way? some of the lab boxes don't allow you to access outside, thanks.

Hlo guys . Does that tool named saphyra still works ,??

or should I have downloaded it to my VM that is connected on the vpn then copy it across that way? thanks

wdym -l is taking longer?

I think that one takes a while

SSH is not the best service to try to bruteforce.

because you're brute forcing SSH, which only likes 4 connections at a time

increasing attempts with -t speeds it up too

you have to add a value

try it multiple ways I have done the module, literally looking at my notes lol

can someone help with my brain fart question above ^? I couldn't get pspy to run so I don't want to move on to LXD until I have it done... many thanks

Ignore me I scrolled up I will redo it thanks

took me 15 minutes on hydra so it can take time

bump

Does anyone have a recommendation on what modules to start with

I do know a bit but still need to learn a bit

I can't give spoilers but you are close and you are thinking the right way.

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

ok so if 2/3 don't work...? also investigate the -t flag with hydra youll thank me later lol

dm me if you want

smb isn't the fastest service to try to bruteforce.

😉

dam , i was looking for an exploit for like 2 hours haha

Hi HTB Team, I'm a uni student and I have an HTB academy account with my personal email is there a way to have both my personal email and my uni email on the platform ?

the last module,its for maldev?

Daer all

i need help for this HTB Academy model

Info to assembly language

Download the attached file, and find the hex value in 'rax' when we reach the instruction at <_start+16>?

you reminded me of the IT "Just..do...the...thing" moment; thank you

i got your point

however i am not good at Assebly Language

hence assistance for the task

your gdb may be in hex, so +10 may be where it's at

my reply wasn't to you

ohh noted with thank you

if possible some can help

anyone available for a hint on dacl attacks ii - skill assessment q3? i've been stuck on this for days and feel like i've tried everything. i found the rights i have over 2 objects with the t* user, but i'm not seeing how to leverage that to compromise the DC.

oh you are here as well. :) Which module did you do here?

did you download gef?

you should be able to jump to that _start+16 instruction and just check the rax register

count 16 bytes down from _start and print the value of rax at that point

hello guys, my name is Yousef I'm from Saudi Arabia and it is a pleasure to be here among you.
if you don't mind me asking, i just started Linux Fund and i got stuck to initiate VPN connection between HTB and my VM kali. i got everything as mentioned in the guides and i can ping the target buuuuut, i can't use ssh htb-student@ip adress.

if anyone faced this issue and give me any pointers it will be highly appreciated.

Note that SSH to the Pwnbox is possible, but not is not neccesarily possible towards the target IPs.

Unless the module / section specifically states SSH access to the target for the evaluation is possible, or part of the process being taught, it's very likely you will not have SSH access to it.

It's not immediately clear which you are trying to access, but you do mention target

hi i have a probleme with a module network foundation please

With the Linux Fundamentals you should indeed have SSH access.. so what IP are you trying to SSH in to?

...and if it's a VPN issue you should include any logs, although if you can ping it, you should be able to connect to its services

..and include any output from the SSH command if it gives an error

@humble aspen

Hey guys,
need help on Pillaging, I want to share a screenshot but I don't understand this Tier 0 rule

The Tier 0 rule means you should not share content / spoilers pertaining to modules over Tier 0. Ask your question in such a manner that it does not do this, or simply state the module / section you are having trouble with, and somebody may reach out privately.

Hello

Its CPTS Windows Privilege Escalation - Pillaging.
Extracting the cookie with Firefox works but does not work with Chrome, Command runs but no extracted cookie shows up

Not done that one I'm afraid, and can't discuss further here, hopefully someone can give you a nudge in private 🙂

@humble aspen .. did you want help, or no?

yas please, sorry for the delay

Yes, I need to understand why its not working

Can I DM

this is the generated ip ( 10.129.219.236 (ACADEMY-NIXFUND) )

i installed the VPN and i get Initialization Sequence Completed

Ok, and what happens when you try to SSH in to it?

i can ping the IP adress but when i try to SSH to it is sayes connection closed ( ip ) port 22

What hostname is in your ovpn file, the one you're using to connect to Academy?

sorry i did not get that ?

Ok, let's make it easier, re-download your OpenVPN config file from HTB Academy and try again

help for module network foundation please

(I was asking what was in your ovpn file, a line like this remote edge-eu-academy-5.hackthebox.eu 1337)

i did that many time and i swetchid from UDP and TCP and EU and US

Ok, what server are you connected to currently then please?

EU Academy 2 UDP 1337

the file name academy-regular.ovpn

Sorry @humble aspen, experiencing iso issues ATM.

You may be better raising the issue with the support team

@ocean night no worry at all, thank you for taking the time and help me out 😄

Do you see the port open with nc -v <ip> 22 ?

10.129.219.236: inverse host lookup failed: Unknown host
(UNKNOWN) [10.129.219.236] 22 (ssh) open
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3

Ok, so what happens when you ssh in? Any output?

Connection closed by 10.129.219.236 port 22

Weird, I'm able to access it fine from the same VPN

ssh htb-student@10.129.219.236 this should give me access and asked for password

Yes, it should

i have been trying for hourse now xD

Maybe force password authentication?

ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password htb-student@10.129.219.236

ok i'll try it

hello. working through the end of module exercise for the Local File Inclusion module. A little stuck. So far I have:

1. found two parameters to investigate
2. tried to use a file with a list of payloads with the two parameters to identify an LFI
3. tried to find other parameters that may contain LFI vulnerabilities
   However so far all I've managed to do is to identify two parameters

I think i know which parameter will contain the LFI

did not work

The error you are getting doesn't say much I'm afraid

i think it is better to use Pwnbox to avoid this issue

Anything of interest running it in verbose mode? ssh -v htb-student@IP ?

The instance is working fine, I've confirmed

what u guys up to ? trying to ssh into a machine across the internet?

No @mighty olive - helping with SSH access to an Academy module target.

ye not my stuff havent started out HTB properly cant help

Not sure I follow you, sorry

i thought maybe i could help if its something im familiar with and its not

Connection closed by 10.129.219.236 port 22

How long of a delay is there before it closes the connection?

it take some time almost 20 to 30 sec

sometimes more

Any other output after the last line?

Because that last expecting output is weird to be the last

@ocean night this is the last line

Connection closed by 10.129.219.236 port 22

I meant the line before that, the last line in the output you shared, is that expecting... ?

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 10.129.219.236 port 22

hm

i got it like this

Idk if this is a thing but it looks like its looking for if your machine trusts cert but not prompting you if you wanna trust it

Try typing yes and enter during the delay?

That sounds possible, but weird yeah

ok i'll do that

or add -o 'StrictHostKeyChecking no' to your SSH command

anyone have any gentle hints?

nothing happened

What about the option I mentioned?

it will be like this ( ssh -o 'StrictHostKeyChecking no' htb-student@10.129.219.236 )

That said, if it's not prompting for the key, maybe it wouldn't prompt for the pass. Have you tried opening a fresh terminal session, or running reset in your existing terminal?

Yes, that's right @humble aspen

ok this one did not work , i'll try and reset the terminal

nothing happened

You mean nothing changed with the SSH command, or nothing happened with the reset command?

both i tried and got the same result

That delay definitely suggests an issue with the client promoting you, never seen that before..

Do you see different output with both the above option flag and the -v flag?

Prompting rather, not promoting

i'm using a virtual box kali version, could this cause an issue

Sorry typing by phone lol

No it shouldn't

( ssh -o 'StrictHostKeyChecking no' -v htb-student@10.129.219.236 )

As in different from the previous output with -v

no diffrent there is a delay

after sometime connection closed

You're sure the output was exactly the same withg the -v flag?

That tells the client to output verbose logs

i'll copy the outpot

Connection closed by 10.129.219.236 port 22

Ok.. last thing.. try ssh -v -o KexAlgorithms=ecdh-sha2-nistp521 htb-student@10.129.219.236

ok

the client version is 9.9p2

Honestly I've no idea then

Random StackOverflow post says maybe -o MACs=hmac-sha2-256

But this is really weird. If that doesn't work, I'd suggest reaching out to support for assistance

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

you could perhaps also try installing a different ssh client version

@ocean night no worry, thank you so much for the amazing support

i got to go now but i'll try this again and give an update

Some other posts mention MTU on the NIC causing issues

https://www.reddit.com/r/linuxquestions/comments/197xn1t/ssh_hangs_changing_the_mtu_value_fixes_the_problem/

...but unsure on that one, outside of my knowledge as to why that would impact

Ok, well sorry I couldn't help. Good luck! Support will hopefully be able to help further

If it gave me to much issue I’ll just use pwnd I think it is more convenient

I'm doin the end of chapter exercise on the Local File Inclusion module. A little stuck. Can anyone provide a gentle hint?

yeah dm

@ocean night i got to work as you sayed it is related to MTU

Ah nice one

i used sudo ip li set mtu 1200 dev tun0

tun0 it the vpn connection

thank you so much you have been a great help

Odd that it's not mentioned in the help articles, honestly likely a rare occurance

No worries, enjoy!

at least now we know if someone else faced the same issue

Yep! Also mentioned in our internal support channel, so we can update our help articles

Are you talking about the questions at the end of the Local File Inclusion section or skills assessment at the end of the File Inclusion module?

yes r1icky

Which one?

You can just DM

Tip: Take 10 minutes to do it by yourself no rush, it helps

@safe star gave me some good hints. it's the skills assessment. I'm workin thru the hints of @safe star thanks guys

did you try password mutations

please some help for this https://academy.hackthebox.com/module/85/section/877

Download the attached file, and find the hex value in 'rax' when we reach the instruction at <_start+16>?

hi guys seeking help on the skill assessment for whitebox attacks. im on the second part where there is potentially a race condition with type juggling, however i can't think of a race condition that could be malicious to even start. i've been reading the add_user() and delete_user() functions all day QQ

My is idea is to get the ($user_data['role'] != 0) by influencing the fetch_user_data(), if a user exist, it will return False, but then you still can't login as the user with admin priv

did our responses not solve it?

please help what step need to follow

@heavy forum

in connected seesion what command i have to givve

i have download the file and kept on pwnbox

post that what i have to do

as i am new to assembly language

not able to sense it

@heavy forum the module and section will have the information you need

the module teaches you what to do

the only thing i've noticed is that sometimes gdb is loaded in x16 (hex) mode so you'd need to translate decimal (+16) to hex (+10)

thats an intresting trick, good to know

iv had issues with reverse shells going to my kali vm on the vpn

that is not a problem 16 bytes is always 0x10 in hex

can anyone please help me with Kerberos Attacks final question on skills assessment, THank you 😀

?

Hi

What is about this group

Are you hear me

Well it’s okay

im having a problem with SeImpersonate section from the WIndows privilege escalation module, when i rdp, i get this error message

Connection reset by peer, i have tried connecting from my box and through pwnbox with different VPNs but nothing worked..

Use single quotes, instead of double quotes.

are you able to rdp? if not then i've tried everything

hey

ive been on the filter contents section of the linux fundementals module for a while now trying to do the first question and ive tried alot of netstat and ss commands but with no success

whats the first question

How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)

Provide the module name and section...

i did in the previous message

use regex for that

ok ill try ty

getting rick rolled by an HTB module in 2025 is crazy work

trust no machine

😂

I’m currently working on improving my reporting skills by creating a report based on the AEN module. When writing the "internal network compromise walkthrough" section, should I also include the exploitation details of the DMZ server? Or should I start directly from the point where I obtained a shell on the DMZ server?

The wording is misleading. Include everything.

Hi , help me for a network foundation module please , I'm locked for the last question of skills assessment please 😭😭

Someone who did the abusing-http-misconfigurations-hard-skill-assements-lab and can assist?