#modules

I made a video on how to access local services with ligolo. If you'd like to see if that helps you you can DM and I'll send you the video link.

yeah it's the same concept as the double hop section

i'm watching as we speak haha, it's still so tricky to me though, but I think once i've got this second agent on COMP_2 pointing to COMP_1 I can access the localhost ports on them with the ligolo 240 CIDR

trying to do the first bug bounty exercise, curl keeps hanging and not connecting and I can't figure out why. I can ping the inlinefreight address and get a response but I don't get what I'm missing. heres the problem https://academy.hackthebox.com/module/35/section/219 and I just try to do curl -O inlanefreight.com/download.php

Can Compromised Accounts being considered IOCs?

You can DM

ty

.

Does someone remember the module and section where it talks about how to set up evil-winrm with chisel or socks proxying?

Hi, I'm doing the PT path, just started. first time I face with question in module, the ask to find service version with banner grabbing, I use netcat (ip address) 22 , copy the service and it said wrong answer, when I revel the answer it showed "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1" and the service I gave was "SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u4"
why its like that? can be way that it not update? I want to know if I'm on the right way If I do well
I'm on module PT path academy > Getting started > Basic tools

It might be. You can post this error in #1234357888114364508

@jolly oasis Please don't post spoilers for skill assessments, just ask your question and take it to DM's if you feel you need to reveal a little more to ask your question

also applies to any content from modules above tier 0

What's the correct way to ask a question about skills assessments? On most Discord servers I'm in, you get in trouble for directly messaging mods.

I thought I was doing that the correct way. I had spoiler tags on all my screenshots and configuration details.

Just ask here, no need to post screenshots from the skill assessment or reveal details of it. Anyone who has completed it knows what to do and can give you hints.

If you feel the need to reveal more info you can take it to DM's if someone offers

Ok...can anyone point me in the right direction regarding question number 1 for Skills Assessment - Using Web Proxies?

I'd recommend going over the Intercepting Responses section again

That's what's throwing me for a loop. Turning on response interception is super simple. I turned it on and did what I think I'm supposed to do (trying not to give away any details).

DM me

i believe that section gives you an ip:port

Hi, are you mentioning the third answer?

I believe the first two are easy

What was the command you used for the first two?

Nono nvm, for the third answer did you try using the last example command where it references Mask Attack?

And that gave nothing?

Are you only trying rockyou?

Try to use *.txt

For your wordlist, in the leaked-databases/ directory

change 'rockyou.txt' to '*.txt'

• means it'll use every wordlist in the directory with a .txt

Please take care not to post content from modules above tier 0

My apologies

ahh yes correct

I used that command shown in the example before it was deleted, shown in the "Masked Attack" example

yeah I didn't know what else to tell ya XD all good

np bro

Guys i need help

With what?

in the span of 1 minute? dam

Dude what yall yapping about

Academy modules. Please read the #rules and follow the instructions in #welcome to gain access to other channels like #general.

Bro ain't no one care

#general

K, well stay on topic here.

anyone here who has completed the Attacking WPA/WPA2 Wi-Fi Networks module? I'm stuck at what should be the easiest question (q3) of Enterprise Evil-Twin Attack section

It seems that it was a bug in crackmapexec. I solved it with another tool.

cme is no longer maintained you should be using nxc

Facing issue:- I am facing some issue in CPTS module :- network enumeration with nmap, I have the answer but HTB not accepting it !

Make sure there are no whitespaces etc. Maybe manually type the flag. If that doesn't work, you likely found a flag for another answer.

I have the answer ( the version of DNS )

It's VERSION OF DNS not flag, can I send it to your DM ? Because HTB academy not accepting it

no need to dm. which section and question are you stuck on

Section :- firewall and IDS/ IPS evasion - medium lab

Module :-network scanning with nmap

I have the DNS version but, i evaded ! And found it but nt accepting

Can I send the scan results after Hiding answer ?

You can try resetting the machine or changing servers or something if you think it's the box, but it's most likely you just don't have the right flag or need to manually type it.

i'm doing the ACL DCsync section and i'm trying to do the attack using mimikatz but i'm getting this error any idea why ?

[rpc] Service : ldap
[rpc] AuthnSvc : GSS_NEGOTIATE (9)
ERROR kull_m_rpc_drsr_getDCBind ; RPC Exception 0x00000005 (5)

i tried it but i was getting incorrect password but now its working for some reason thanks

yup its was the flag no idea why its used in the command shown in the section

oh i see i think i will note both of them in case one of them failed later

I think you should post it on #boxes and maybe dont include hashes and replace domain and ip with $DC-IP, $Domain, etc. As of now this post can be considered spoiler.

wait is it true that you get money upon getting certified

No, you don't get any money just because you have a certificate

password hack help me for a test

I'm having a really hard time with the "skill-assessment" section in the password attack module . Is there anyone who could help me out?

sure where are you stuck?

Can i DM you?

yep

If anyone has a bug bounty course, please share it.

https://academy.hackthebox.com/path/preview/bug-bounty-hunter

Brother, I am new to group E, so how long have you been learning hacking?

You'll never finish learning. So it doesn't matter when you start. It will be a life's work

Yes, I know that hacking changes with time. There is no end to learning here.

But how many years have you been in this hacking world?

the academy boxes are too slow or crashing and wont work properly , whats the issue ?

@admin ?

Try to change the VPN Region

did all that thing

even twice and thrice

i cant ssh

Then reach out to support

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

Im doing the module hashcat and there is an optional question to "crack" the ntlmv2 hash and you got a list with different ntlm hashes.. I read somewhere that the ntlm hash is the base for the ntlmv2 but i can't seem to find the answer that I'm look for. Can some explain me how to do this with the right commands?

i've found a ticket and unable to crack it, ad module cross-forest trust abuse windows section: $krb5tgs$23$mssqlsvc$FREIGHTLOGISTICS.LOCAL$MSSQLsvc/sql01.freightlogstics:1433@FREIGHTLOGISTICS.LOCAL$D8F7EB318............<rest of encrypted data>

I know.. but if do a hashcat -a 0 -m 5600 ntlmv2hash ntlhash-list it doesn't find the one i'm looking for

I will have another shot in finding the answer :).. thankz for the input

hi all, someone got problems with RBCD from Linux module in Kerberos Attacks ?

did you use the right hashcat mode?

🥲 i was using 18200 ig so i used hashcat --help and then switched to 13200

it worked

I think it will be 13100. but it worked anyway

yeap 13100

Always check the hash mode with hashid -m HASH

smtg on 18... didn't work and on 13... worked

yup i'll make it a ground rule next time

thanks!!

welcome

perhaps simply ask your question in #red-team

Hi!
I'm currently doing Password attacks/Credential Hunting in Linux , trying to discover the user Will's password. In the module there is extensive explaining on using LaZagne, especially concerning the decrypting of some firefox credentials i've found. however, LaZagne is not on the target (or the other tools discussed in the module) AND there is no file transfer mentioned in the module / in the cheat sheet to get it on the target. am i wrong to think i should do file transfer (eg via python server) to my target to check this or should i stay in bounds of the module ?

perfect ! then i know what to do , thank you 🙂

Guys how do i hack?

https://tenor.com/view/just-do-it-shia-la-beouf-do-it-gif-4531935

oh im so sorry

got the password 🥳

Hey guys

I'm trying to complete the answer in the section parameter analysis in the attacking web application with fuff module

it doesn't have any hint nor it does have any output after the command 😭

after running ffuf it just gives no output

i appreciate a little help guys

ATTACKING COMMON APPLICATIONS: Attacking WordPress

Problem: While trying to follow the guide I am not getting the username of john to have the password of firebird1, when navigating to the /wp-admin/ of blog.inlanefreight.local and trying the username combo it says john is not registered. Is the box messed up or am I fundamentally messing something up? Suggestions?

Figured it out: The online walkthrough information does not apply to the questions, only the process. Hope this helps someone ..

I have been bashing my head against the wall now for some time and I don't see what I'm doing wrong.
Module: Abusing HTTP Misconfigurations
Section: Host Header Web Cache Poisoning

For the lab I have succesfully found which overwrite host header that is unkeyed and updates the url in login form to point to interactsh.local:port. I have verified with a bogus login try that log in requests are sent to interactsh. However the admin never seems to try login so a request with the password is never sent.

What could I potentially missed?

hello, do u know why im getting this error using minimakts, im in pass the ticket windows module

🤔

Can you send your full mimikatz command?

okay. i was missing a :

ahahha, thanks, i think im turning crazy

hey guys , am struggling with password attacks skills assessment " What is the NTLM hash of NEXURA\Administrator?" am trying to get into the network and i tried to make a list with possible usernames with the provided password + i made a list for other possible passwords , are there any hints? thanks

https://media.discordapp.net/attachments/1294380382661116045/1383594478304104509/1.jpg?ex=684f5c45&is=684e0ac5&hm=b77aec7f4028da9936db944f4569c4fdb559d12107c6dece49acb1ae7a70cc59&=&format=webp&width=726&height=968 https://media.discordapp.net/attachments/1294380382661116045/1383139966846107688/2.jpg?ex=684f0679&is=684db4f9&hm=8fff3da8256bdd1db93722fc584c21b12a5202f8022de881671ee3508081a854&=&format=webp https://media.discordapp.net/attachments/1294380382661116045/1383592647654113301/3.jpg?ex=684f5a91&is=684e0911&hm=0a3784e1bc602851bd59d049fee2a9d0ffd44c45d8ccbcdc4f1840c264cc8476&=&format=webp&width=648&height=864

Got it, can you help me with it?

Dm

Hey guys, using Kali Linux 2025.2, I now getting an error if I try using NetExec as "kali" user (regular user) with this error :

┌──(kali㉿kali)-[~]
└─$ nxc
Traceback (most recent call last):
  File "/home/kali/.local/bin/nxc", line 5, in <module>
    from nxc.netexec import main
ModuleNotFoundError: No module named 'nxc'
```|
Meaning Netexec binary is not being found, so I have to switch to ROOT user : 

┌──(kali㉿kali)-[~]
└─$ sudo su
[sudo] password for kali:
┌──(root㉿kali)-[/home/kali]
└─# nxc
usage: nxc [-h] [--version] [-t THREADS] [--timeout TIMEOUT] [--jitter INTERVAL] [--verbose] [--debug] [--no-progress] [--log LOG] [-6] [--dns-server DNS_SERVER] [--dns-tcp] [--dns-timeout DNS_TIMEOUT] {ldap,wmi,vnc,winrm,smb,ssh,rdp,nfs,ftp,mssql} ...

 .   .
.|   |.     _   _          _     _____
||   ||    | \ | |   ___  | |_  | ____| __  __   ___    ___
\\( )//    |  \| |  / _ \ | __| |  _|   \ \/ /  / _ \  / __|
.=[ ]=.    | |\  | |  __/ | |_  | |___   >  <  |  __/ | (__

/ /˙-˙\ \ || _| ___| _| |_| /_/_\ _| _|

Are you experiencing the same thing since the new update ?

To make sure I tried to reinstall it as regular user but same behavior, gotta switch to ROOT to use it. It's not a big deal but I'm just curious cuz I've been using it as reg user in the past

If I recall properly, Nxc was already installed with Kali Linux. Then I tried to reinstall it following the installation procedure on their wiki

pipx install git+https://github.com/Pennyw0rth/NetExec

I also tried to install it from the Kali linux using apt

I'll try again,

Yea, I think I might have mismatched both env

apt / pipx

I did not run the "pipx" command as root. When I try to install through "apt", system says "Netexec already installed"

Yes, I'm going to try that, cheers

Hey guys, I am stuck at module/password Attacks , section/Writing Custom Wordlists and Rules. Can anybody here give me some help with that? I'm having a really hard time with this

I am using that but it's not working, I tried it and generated more than 5000 words, and it tried all of those combinations but still not being able to crack. I think that the problem must be with wordlist being generated. I don't know for sure

hi

can someone help

i am a student i bought htb academy but i didnt know you cant share them after solving a question

they banned me how can i get my account back

@everyone

Don't ping the entire server please, thanks.

Your only recourse is contacting support on the site, or email, no support for the website is provided on discord.

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

is there any chances that my account can get back

Did you read my message?

yes

i mailed them but got no response

be patient, it's the weekend

its just i was prepping for cpts and this happend and i bought subscription from my savings

No one on Discord can help, only support

just asking you guys that something like this gets fixed or not

Don't know and this also isn't the channel to discuss

ok thanks

||have done it alone but looked at the guided solution, it uses the rockyou.txt wordlist, how/why would this be a presumed wordlist to use? Or is it just a convenience for this lab. As trying this way myself was much faster than the wordlist/hashcat command I'd used the first time round||

Question regarding IPMI footprinting lab^

Ah fair, guessing this is touched on in the password cracking module?

noted, cheers mate, nice 1

hello, i have a question about pass the ticket ( linux)

i have acces with root and nows i need to copy the ccache of julio, and i dont know how to do it

@south marten Please take care not to post content from modules above tier 0

sorry, can you help me btw

yes, i already list /tmp , but i dont know what i need to do now

the exercice copy this ccache

cp /tmp/krb5cc_647401106_I8I133 . // i dont know from where he got I8I133 .

okay, i do it

but, btw, from where he got _I... in the activity, only curious

Can someone help me with the Password Attack Skills Assessment? If anyone can help me, I'd really appreciate it. DM me if you're interested.

Im stuck

Hello All! I am working my way through the Linux Fundamentals and need help understanding STDIN, STDOUT, and STDERR for Terminal. I learn best by applying operations to use cases, so what on earth are these actually used for?

STDIN; input, literally what you type and hit enter
STDOUT; the regular output, not errors, of the program you're running
STDERR; the error output, i.e. permission denied errors, file not found, etc

they are already predefined in linux, you don't need to manually specify or do anything

stdin will always be the input;
stdout will always be the (non-error) output;
stderr will always be the error output

Hi

Okay, so programs use these to link things together? IT and Security Professionals should be checking them for potentially sensitive data moving between programs?

yes

it's why you don't really ever want to put your password on the same line as your command

and you input the pw after

👋

this isn't #general if you have a question about an academy module, ask it. Otherwise read and follow the instructions in #welcome to gain access to general and the rest of the server

Understood

has anyone had this hashcat error? cant seem to fix it.

https://hashcat.net/forum/thread-8097.html <-- no devices found/left means that something is up with your hashcat install/drivers

Hello.... I'm just a kid who got termux can someone enlighten me cuz i got many errors 😭

what does that have to do with htb academy?

I thought I'd learn to protect myself

read and follow instructions in #welcome to gain access to more of the server, you'll need an htb account

termux isn't going to protect you

it's just a terminal multiplexer meaning it allows you to split the screen up within the session

but again sounds like it has nothing to do with htb academy learning modules :)

I saw "red team" and clicked discord 🤷🏽‍♂️

and i'm telling you how to gain access to more of the server

If you read #welcome it explains that this server is about the Hack The Box website and it's various services

I am working on the skills assessments Advanced SQL, got all the users information and can make a secretkey from the provided java script based on email + something + email. But it not working. Tried to decompile with fernflower but got the following error: java.util.zip.ZipException: zip END header not found Can someone help me?

Without looking closely, I think that email + something + email is wrong

Can someone please help me, I'm lost. I'm in the Password Attacks module in Skills Assessments and I can't get past the DMZ and I don't understand what to do. If someone can help me, please send me a DM. I would appreciate it. Thank you very much.

its a bit weird how they structured it but you have to setup a pivot. you can go 2 - 3 modules ahead to the pivoting tunneling a port forwarding module and read the section on Dynamic Port Forwarding with SSH and SOCKS tunneling, or watch a video on ligolo-NG

https://academy.hackthebox.com/module/147/section/3714
why no mention of being lazy and use --dpapi with netexec 😦

To force you to use other methods

mean

Eh

kidding

I wouldn't rely on one tool all the time, it leaves you in the dark when it stops working

yea, of course

hey anyone have completed the python3 module ?
The type of foo from question 1 is <class 'set'>. What is the type of x_coordinate?

its answer is tuple but still showing me incorrect!

i have tried <class 'tuple'> too but still didn't work!

x_coordinate = (42,) this is the code snippet!

x_coordinate = (42,)

print(type(x_coordinate))
<class 'tuple'>

i don't know why it is showing me that it is the incorrect answer?

I've been struggling with the Firewall and IDS/IPS Evasion - Hard Lab for over an hour in my own box, but like I'm pretty sure I'm doing what I should be. I spawn a Pwnbox, run the same command as in my own VM, works immediately. ok cool lol

Im struggling with the first task of the final assessments of introductions to assembly language .
I all ready disassemble the binary with objdump
Then I rewrite the code and added the loop to
Decode the stack using the rbx and xor .
I used rdx to iterate the stack then call rsp to run it but nothing happened im not quite sure what im supposed to do in the task

nvm it worked after sometime i don't know why it was showing me incorrect previosly!

Hi, I'm stuck on "Skills Assessment Using Web Proxies", task 3. I'm fuzzing the final ||hash|| and re-encoding it in the correct order 3 > 2 > 1, but it's still not working.

I'm not sure what I'm doing wrong or why it doesn't seem to work, any help would be appreciated.

Are you re-encoding the right thing? You need to be sending the fuzz in the value=§fuzzhere§
Did you add the prefix to your fuzz?

Yes, I think that's correct, but idk why all the answers are 200, something I'm doing wrong

You're not doing anything wrong, instead focus on the response sizes

200 just means page exists, and yeah the page exists.

Ok, I'll check it

Now I have more problems

Oof

Can I dm you to give more details?

Been a minute since I've done it tbh

Oh

Likely a case of what i mentioned earlier, you messed up one of the steps or don't have it set up right

I don't see it, but if it exists, the problem could be related to the value=? ||When I submit the request, the tool sends a very different payload than the one I originally configured.||

The payload will be different, after all it's getting re-encoded

I.e. if your payload is sending the md4 hash of what you put in, it's gonna send the hash - not what you input

Ok, I'll try something following what you say

Well I tried

Oh, I'm blind, it's just to answers more closely as you say

Thx anyways :))

You specify the prefix when setting up the processing

Hi

this isn't #general read and follow the instructions in #welcome to gain access to more of the server

Just wanted to say hi

yes and i'm informing you that this channel isn't for idle chatter :) it's for help with the htb academy modules, assuming you came from just searching "hacking" in the server search

Hello. In the "File Uploads Attack" skill assessment. I'm looking for an upload.php file in the source code to use for xxe exploit. All I see is submit.php. I've managed to upload the svg and get the base64 encoded message but it doesn't show me any directory where images are uploaded. I'm using the correct php file right?

it should be near the top of the file; alongside how it renames the uploaded file

When you say "it" you talking about the "directory"?

yes

I'm not seeing any "target_dir"

I see <title>

Oh wait

I'm looking at html output

Does having the /contact directory matter in that xml xxe exploit?

I have to hit the gym before it closes. I'll try after and get back to you @fathom pendant

why not just ask for the submit.php

also the module is above t0 iirc so let's try not to spoil

I am kind of clueless as to what to do right now on nmap enumeration page 6

I got the htb flag but its not wrong someone told me theres a different flag and now im just stumped

what's the name of the section

connect to the port via netcat

remember that servers may output a statuscode then the response

i.e. 220 [banner here]

all ports?

no

yeah thats what i meant

thanks wizard man

wait no

this is wrong question i meant to say page 7 with using nse and scripts to find flag

i found the flag twice and apparently its the flag for the OTHER page

robots

no no i did page 6 already

also please for the love of god say the name of the section not just "page N"

okay jesus my bad

it'll help others help you in the future

what

that's the hint

you may need to reread the section to understand what it means

okay

the example command will get you somewhat closer to what i mean

also: nmap may not enumerate everything, you may need to manually search through

Is that hinting at netcat

netcat was for the previous section

eh the script may not pull the info; but can point in the right direction

I found the flag

it was wrong i thought i was tweaking then i figured out i just needed the } thingy

thanks marcie and zerodaybug

any ideas how to fix? I'm on Oracle TNS

i'm assuming you went to install sqlplus

following the "setup.sh"

that sh file regularly breaks and doesn't always go through everything

ok i'll try again and report back

i suggest going through line by line instead of copying it as a .sh file and running with sudo

ok

Still nothing:

according to the script it seems to have downloaded

yeah you'll just need to run through the script line by line

Corrected Syntax

it's a pain in the ass

also instantclient isn't sqlplus :) it's just one of the libs for it

Ok i'll try line by line thank you for the help thus far

(also Odat is in the parrot repository now)

it worked line-by-line huge thank you

Roger

is there any way to download files from the pwnbox to host machine?

it makes it hard as obviously its on a seperate network to my host machiune

? you mean from the in-browser vm to your own system? or are you referring to using a vm on your own system

pwnbox is the term exclusively for the in-browser htb vm

https://tenor.com/view/key-and-peele-great-example-horrible-idea-bad-idea-good-example-gif-4470750

Hi im trying to do "attacking enterprise networks" without the guide
Im at the point where i have "hporter" credentials after dumping lsa
Im trying to access shares with smbclient but i get logon failure
Same when i try to use winrm
Any reason why?

I not sure what I am doing wrong with the password attacks module, do have to priv esc again do Administrator??
section Attacking Windows Credential Manager

You need to bypass the UAC

ok thanks I will have to search up on how to do that hahaha

I started reading this 1 but many thanks will have a look/crack if current link not working
https://infosecwriteups.com/bypassing-uac-1ba99a173b30

if u still stuck let me know

sure I have a feeling I should of done the windows priv esc before this module hahahaha

nope its not needed

i did it before too xD

dammmmmm

Hint : try other tools (if you still dont figure it out dm me for direct solution haha)

yeah I saw the module also mentioned other tools

try them haha

Gigacahd Doofenshmirtz MVP rn hahahaha
https://www.youtube.com/watch?v=vsqfjUiQ2TA

Anyone down to dm me about attacking enterprise networks?

sounds like pain but good luck joemda

u had it ready it seems lmao

well I try my hardest as I love learning
plus this dopamine is up there with driving fast

the only issue is I could never realistically use these skills unless I obtain a pentester job so its good fun

yea thats so frustrating. i am on the same boat rn

such a goofy way to get to power shell cheers @rustic sage and @wooden seal

u sure u got the answer by this?

but you know what be helpful having it in x64 instead of x86 hahahhaha
(was messing around and testing...)

i got error using this i remember good luck to you

brain absolutely fried

bro hes messing around lmao

How is that a horrible idea? I’m from Australia and I’m doing AEN rn so without pwnbox it’s quite slow. I often have files that I want to keep from the lab to reference or crack and the pwn box only lasts two hours. Was just a question don’t see how it’s a bad idea…

oh I used locate and went to dir and the cp the x64 ver

was just thinking to myself and testing

you have to download tools or install tools yourself ig you cant download files from it

Its ok I also didnt see the hint and it was the same on HTB but you guys gave me some links xD

that was horrible advice not horrible idea i would say ignore it

go man get that password haha you can do it

yes I am just messing and waiting for the transfer

you are insane

or I live on a big fuck off rock

hahahaha

idk if thats a insult or joke xD

using mimikatz x86 on x64 arch?

its a joke

dang, learning has become a joke.

:U its you I've see mr cybersimon around the teams
before I joined 1

I'm having a hard time with the "skill-assessment" section in the password attack module . Is there anyone who could help me out?

de way

me

see what I have to put up with @wooden seal

@wooden seal Can I DM you?

brooooooooooooo try other tools for gods sake lmao

yea sure

@naive sagethis guy @soft moon is chaotic

what do you mean

your chaotic means you are chaotic haha (well you i am chaotic too) xd

good

its a needed as everyone has a little crazy inside, its up to the individual to display it or not xD

@whole stagare u dming me? i am waiting (i m about to hop in game) lol

There is only one Khaotic,
but hey, let's stick the topic if this channel.

then u r broadcasting for sure

I mean, no IT job and really let me go hahahaha

Guys, I'm currently doing the PenTester job role path. Do you recommend me giving it 2 loops before trying CPTS? I had 0 knowledge before, started with it, I can handle some easy/low medium boxes and I'm taking a bit of notes, but my idea was running it again after finishing, going full blind and documentating everything.

all I can say is good luck you can do it 😄

Thank you!

if you did the Path, took notes, made good undestandings yes you can do it.

dont give 2 loops instead do windows and linux fundamentals modules too (as you said you had 0 knowledge before) and try to do crackmapexec module too it will be helpful

nice free tips xD
noted

how many modules you are in?

Doing the InfoSec path truly gets you further.

I just did 8 of the full path, I'm following the exact order of the path

htb's pathway
https://academy.hackthebox.com/path/preview/information-security-foundations
or
another organisations certification???
https://www.infosecinstitute.com/courses/cissp-boot-camp/

Would rec. InfoSec path first.

gets you good grasp over general fundamentalist knowledge of things.

Sorry, with 0 knowledge I meant 0 red-teaming knowledge, I finished a degree on Sysadmin, no work experience but plenty of knowledge

YOU GOTTA BE CLEAR GNG.

i have a question , in hackthebox academy when i buy student subsciption , i will have access to all tier 2 modules and cbbh and cpts and soc l1 paths , so my question is this :

in modules i know that there will be theoritical part which explain to me the moudule or topic , and there is something called interactive which has the htb icon , is this interactive a machine ? or just a questions ?

still that's a knowledge refresh, but yeah keep going.

like is this a machine like htb machines ? or just a question to apply my knowledge ?

interactive machines + questions related to machine (you have to do practical to get the answers)

some are htb-retired boxes and some are to teach u how to implement

yes, modules are designed in such way that you do theory and piratical along the way.

mmmm , and is this machines from htb or machines designed for htb academy ?

machines from htb

i got it yeah , thanks man

thanks mate

but this machines doesno't require a separate subscription right ?

like i have access to this machines since it is inside the mudules right ?

Yeah, also you will have pwnbox (just for the academy tho) with the student sub, so you can do all the practical exercises inside it. Anyways, if you prefer to run them on your local vm you can download the VPN and do them also!

yea you can access modules machine if you bought the modules with cubes or u bought annual sub

thanks bro

Just be careful and don't run pwnbox and the vpn on your vm at the same time, otherwise the vpn will "overlap" and pings will stop working :P spent 2h thinking why my pings didn't reach the target and it was bc pwnbox was up AFTER my vm connection, so it overrided

if i have a student subscription , i cant solve machines ?

you can

thanks for the tip

Yeah, but just the retired AND free ones, since your sub is only for academy

it gives access to CPTS CBBH AND CDSA and tier 2 modules

for the rest of boxes you would need to purchase VIP on labs

but the exercises inside the modules require no extra sub

if u need any extra help about it, i'm on the same page, student subscription doing the CPTS path :P

mmm i got it , so when i purchase the student subscription i have access to the modules and only the retired or active boex inside the paths i have access to since iam student which are cbbh and cpts and soc l1

Yup, your student subscription covers:
All modules up to Tier2
Full pach CBBH CPTS (not sure about the soc l1 didn't see it)
Unlimited PWNBox usage inside academy modules

But that's for the academy part of HTB, labs is other site, other subscription... also it's other "scope"

i will but it in july , untill them i am studying js + php and mysql , so that i know a little about web programming

alrighty that's nice

yeah i know , but the interactive parts inside modules is also machines right ?

Yes and no. It's interactive parts inside the modules so you are covered for it. Since it's academy.hackthebox.com. The machines you can't do if they're not free is on app.hackthebox.com

So, if you unlock a module (via cubes or via your student/any other sub), you can do ALL the interactive exercises inside with no extra cost, as you already unlocked it

mmmm , so that means even if the lab is on app.hackthebox.com i have acces to it even if iam not a subscriber on app.hackthebox.com , but i have access to it since i already purchased the module and this lab is inside this module

No.

You only unlock modules on Academy with the student plan, so you have access to the interactive exercises INSIDE academy, nothing outside it.

and does interactive exercises consist of machines like htb ?

Some of the interactive exercises are app.hackthebox.com retired machines, but they are INSIDE academy, not on the other website. Imagine the machine Nibbles, it's retired but it's on one academy module. You can do it in academy since you have the plan, but if you wanted to do it through app.hackthebox.com you won't be able to do it. Understand?

Yeah, some of them are "full boxes" like the Nibbles one on... getting started module? not sure if was in that. Others are just steps, depending on the module you are covering

thank you so much for explaining

no problem mate :P

so i get it now , some of interactive exercises is machines but i only can do it in academy not the htb if it is retired . :)

Yuppity yup.

yeah, it's like.

Each section might have an exercise to apply your learnt knowledge. At the end of the course/module you will be given a mini box type lab to solve so your knoweldege sticks.

thanks bro :)

thanks bro :)

if you want to practice more you can search up box in Academy x HTB Labs or 0xdf's blog.

thanks mate

FINALLY i ended footprinting module it has been a pain

not really a pain when you do it twice blindly, apply irl or on a box.

That module is 1000% worth it ngl.

yeah, but running it for the first time with 0 prior knowledge took longer than expected

I struggle on the footprinting module too but it made sense and really enjoyed it

anyways i feel like i learnt a lot, when I do the second loop on it I will feel really good, but it's because each time I didn't understand something, or never saw it, started researching about the services etc etc so I have a clue of where I was

same here, I'm doing dfir stuff and feels like freaking pain but after I would learn it would feel much easier.
"Learning phase is the hard, rest feels more fun"

Hi
In this module: https://academy.hackthebox.com/module/18/section/75, can someone confirm the command I use in MP ?

Answer seems to be incorrect, however, I am 100% sure of the command

The one on Index Number

Okay answer worked. My index command was running on another instance 😂

Thx 😉

god mimikatz was painful but got the onedrive password with it hahahaha

https://academy.hackthebox.com/module/110/section/1054

I am stuck on this modules last question. Can someone help me

I havent done web proxies before you got it Anon

remember to add the .html extension in the request you're fuzzing and use the wordlist they recommend

I tried that but the community version of burp suite dont allow me to brute force

well you should be able to use it it's just pretty slow

it's called intruder

Hello everyone, how can i become ethical hacker from scratch ? I'm 18 now and I'm also confused which path should i choose in cybersecurity? Can anyone guide me

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

didn't you say you were 17 in another channel?!?

@crystal edge

section - virtual hosts I'm stuck at the question idk if im using wrong command

but the results aren't showing

https://tenor.com/view/squash-pvz-gif-650929961302119079

same happened with ffuf yesterday but tried restarting pawnbox

now this information gathering 😭

idk

@jolly hemlock what’s the question

bruteforce vhosts on the target system. what is the full subdomain that is prefixed with "web"? answer using full domain, e.g."x.inlanefreight.htb"

Dm me your payload

okay

Hi guy I'm new

*inhales in dad* HI new I'm W1ld

💀 dang

In all seriousness go read #rules and follow instructions in #welcome

https://academy.hackthebox.com/module/110/section/1054

can someone help me in this module?

I am not able to complete the question

Where you stuck? What you tried? How can we help if you don't explain what go wrong

Burp suite is not allowing me to fuzzz

It should. Did you follow the modules instructions

Yupp

You can DM

check DM

Hi everyone, I encountered some problems while playing Prolab Rastalabs. Which channel should I ask or communicate on? It's not related to spoilers, but rather a special situation that is confusing me

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

^

if you believe it to be a technical error and not a skill issue

if you believe it to be a skill issue:
read and follow #welcome instructions to gain access to #1263635449335910531

thanks

Hi

Hi, I am doing the windows fundamentals, and here is the question I am stuck on

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

I put this from an llm , what did I do wrong

Get-Service | Where-Object {$_.Status -eq "Running"}

am I doing something wrong

can someone help please

@waxen totem can u help please

what makes you think you're doing something wrong?

exercise patience, don't ping random people

Looks right to me

sorry

there are soo many non standard ones and whatever one I put it says wrong

wdym so many "non standard"

this doesn't discriminate between standard and non-standard

it shows all running services

ok let me try something else

you don't need to necessarily try something else

but you need to understand what "non standard" means

non standard => not baked into windows by default

i.e. wsus is standard, it's in windows

thats what I thought and tried to put in VMWARE Tools and it still didnt work

also consider that if it's running in a vm, then the tool pack is standard

which is weird

oh

also

Hi everyone, I'm working on the "Active Directory Enumeration & Attacks" room on HTB Academy, and I'm a bit stuck.

I already clicked "Spawn Machine", but I'm not sure how to find the IP address for the ATTACK01 or MS01 machines. I want to connect via SSH or RDP as the htb-student user, but I don't see any IP listed.

Can anyone help me figure out where to find the IP or how to properly connect?

Thanks in advance!

it's specifically stating "update service"

spawn machine != spawn target

there should be a button that says "click here to spawn target"

i didn't found it

also, not a room -- rooms are THM, modules and sections are htb academy, boxes are main platform

should be just above where the questions are

spawn machine spawns the in-browser vm

I tried this
Get-Service | Where-Object {$_.Status -eq "Running" -eq "update"}

and still not working, there is no way I can distinguise update and non updates if there is no name

because you can't chain the -eq

also $_.Status is the status property

Seems like I am the dumbest guy on this server since I cant answer a question as simple as this one

Hi MarcieLee,
Thanks for your help!
I couldn’t find the “click here to spawn target” button you mentioned. The only thing I see is my workstation.
Could you please clarify if that is the target machine or how I can get the IP addresses to connect?
Thanks again!

its above the question

Connecting via SSH
We can connect to the provided Parrot Linux attack host using the command, then enter the provided password when prompted. there is not nay password or username

the spawn target button

what section specifically

what is the name of the section at the top of the page

the first one

i cant find it

https://academy.hackthebox.com/module/143/section/1262 ?

"the first one" isn't descriptive

u see there is an tartgt spawn where there is an ip

yes

because there are sections that are just reading, without practical elements

hahaaaaaaaaa

if there isn't a practical element, there won't be a spawn target button

i am working "Initial Enumeration of the Domain"

also the password would be the same as the rdp one

where i can find it

scroll down

=_=

Hey guys, i just finished up getting started module - public exploits section in the pentester job role path. The question in that section revolves around searching exploit either using Metasploit or Searchsploit on a vulnerable plugin. My question is, since the plugin used is very much disclosed when I open the web, how do I gather info on what plugins does the web use if they are not disclosed? Are there any scanners out there that can do that?

where the questions are

as was stated earlier

you would generally use a scanner tool to try and dig up the info

and the answer regarding if there are scanners that do that, there's wpscan for wordpress instances

plugins like the one you see in that exercise are specifically for WordPress, which can be picked up by WPScan

marci, what do I do to differenciate update ones and non update ones

read the description of them?

This is discussed in the attacking common services module wordpress sections

none of the description specifically mention that if its update or not

also sometimes the name can allude to it being an update program

i.e. someprogramupdater.exe

Hi MarcieLee,
Thank you so much for your quick and helpful responses! I really appreciate your patience and guidance—it means a lot to me as I’m learning and working through this. Your support makes a big difference. Thanks again from the bottom of my heart!

I see, i got ahead of myself haha. But if the webapp is made using Springboot or Django for example. Are there any universal tool that can scan the plugins? Like a swiss army knife for vulnerable plugins?

lol no

Recall there was a tool also mentioned in attacking common services for scanning other CMSs like Joomla

the exe may also say something like updateservice update in it

I haven't got into that point yet iirc

pretty sure those are just frameworks

anyways thank you guys

WordPress is a CMS

i would just keep it in the back of your mind for now

btw
do u need to have a specific role inorder to type in htb - off-topic

noted

you need to link your account via instructions in #welcome

only one that says update in descriprtion is this Update Orchestrator Service

and thats it

not just descriptions

probably some manual enum can find any kind of plugins/templates in use

oh alr thanks

literally reread what i said; the exe may also have the word "update" in it

nothing has word update on it

are you sure

screenshot will be many so no point

ah

add | fl to the end

| Select -Property Name,Desc or something also might help

seems that WPscan didn't output any plugins. But i managed to find that the vulnerable plugin is in the webapp by manually modifying the URL (start searching from /wp-content/plugins) and curl-ing

been a while but i think you need to pass your API token to WPScan if you want it to do a thorough scan

i see. so it's not an entirely "free" tool is it

it's free

wtfff, how did u know, now its giving me more description and all

iirc fl is format-list

it is free, until you run out of API calls

but they replenish every month

and unless you're attacking a bunch of wp websites, you're not running out

That's good to know. First time trying out 'attacks' on WP. I haven't had any WP challs in any previous CTF encounters haha

thanks again guys

if you wanna minimize the list to relevant information you can do what @waxen totem suggested

you can also use statements within the object braces ({})

{( $_.prop1 -comparitor "value" -and $_.sameorotherprop -comparitor "value2")}

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/where-object?view=powershell-7.5

Damn

I was wrong, there was soo big of a list that I skimmed through this one

yk the problem is, Idk what I am doing is correct and I dont get results so I go crazy

you can heavily shorten the list; the "DisplayName" property often is what describes what the process does 😉

with no way of veryfing if I am right

well once you start limiting what you see, like utilizing more filters, you can easily find it

-Contains is better than -Like

the only thing you may need to do to submit the answer is add the .exe at the end

also how you can verify what ones are and aren't windows standard: google

"what is <service name here>"

and the AI overview may save you time
"<service> is a Windows Service"

with -like you may need to do "*value*"

doing some testing it seems like some portions really dislike -contains of -like

HAVING ISSUES WITH vpn file no progress after this
using parrot os on VMware

I’m using snaffler.exe on the password attacks module is there something I’m missing or incantation I’m missing ?

1. it looks like you have multiple openvpn processes running

2. the "freezing" is normal behavior

not any i am aware but let me kill and try

it's meant to do that; you just open a new terminal and you'll see you're connected to the vpn

sudo killall openvpn

sometimes a process may not terminate properly

i just installed the distro so pretty sure

but let me try

well i'm seeing in that output tun1 meaning that tun0 already existed so it incremented to tun1

unless you're running another vpn program in the vm

nope

let me check still

@fathom pendant

cool now run it again and it should give tun0 if not just restart the vm and do it again

got tun0 but the freeze

is there any advantage of using ZAP over BURP? I have professional version of burp!

I was thinking of skipping the ZAP thing

it's not actually freezing

just open a new terminal and you're good to go

found it

but another poped up 🥲

no real advantage, if you have burp pro then that's gonna be better

?

nothing got it figured thank you so much for the help i have been banging my head trying to connect it in my ubuntu machine

good luck

Hi. Looking for some advice on the Password Attacks module. I am on the skills assessment and I can't progress from the first box. I don't know if I am meant to escalate privilege on the first box (DMZ01) or try to move directly to JUMP01. Apologies if this is the wrong place to post - let me know where if not.

hello, you found the h... credentials in DMZ01?

yes, but where they suggest doesn't seem to be accessible from the DMZ. I tried using the creds to escalate locally or log on to the jump box but I don't know what i am missing. (For one thing I don't know what I am meant to do about rdp - I went as far as trying to compile standalone versions of xfreerdp and rdesktop but couldn't get them to work)

maybe use netexec :)

feel free to open dm

thanks - I will try netexec

okay, if you have more problems feel fre to open dm

Thanks a lot. Will do

any experience with web scraping?

As this user, search through the additional shares they have access to and identify the password of a domain administrator. What is it?

Password Attacks
Credential Hunting in Network Shares

need help to do this, i got the creds for the previous question but i cannot find the password of a domain admin

use --spider

Spidering gave me passwords but none of them worked

you prove different patterns?

Wdym?

when you use spider you are using a --pattern "x" no?

im using the docker command given i'll send cmd

okay

'passw' maybe is not the good keyword

what keyword would u recommend?

read again the question, you can found 3 keywords

Curious, anyone here with AT&T? lol

Hello everyone. I am struggling with this question? Android Apps & Development/Native Code/What is the name of the function that returns the string inside the cpp file? (Format: FunctionName()).

MY answer— return stringFromJNI() is wrong. Please help me get this one roadbump in otherwise pretty straightforward module. Thanks.

Hi! I am trying to make the splunk exercises on the soc path and I get this message: "Unable to load app list. Refresh the page to try again."

hii

hello @median ocean please read #rules and #welcome - this is not #general chat

@young gale Please take care not to post content from modues above tier 0

What if I have a question about File Upload Attacks skill assesment?

tysm

Then you simply ask your question without revealing content from the skill assessment. Also make sure not to spoil info from skill assessments especially, anyone who has done them knows what to do and doesn't need context. You can also DM someone if they give you permission if you feel like you need to reveal a little more.

Ok so im trying to upload my .svg to get the encoded64 of upload.php. yesterday I ran intruder with the a wordlist that had permutations of svg. I got one that worked. I had to log off, I didnt save. I'm running the same way today and intruder just gives me only images allowed with every permutation. What's going on?

@thorny karma Please take care not to spoilt content from modules above tier 0

Anybody have any suggestions?

oh mb if i need help where do i ask

Yo, can you help me out?

Hey ill ask once more. Ok so im trying to upload my .svg to get the encoded64 of upload.php. yesterday I ran intruder with the a wordlist that had permutations of svg. I got one that worked. I had to log off, I didnt save. I'm running the same way today and intruder just gives me only images allowed with every permutation. What's going on?

This is for the File Upload Attacks skills assessment

If you got one that worked then just keep going with the next stage

I logged off yesterday without finishing it and dont remember.

Im doing the exact same process and every itteration of svg is returning only images allowed. I have no idea what's going on. I'm also using GIF8 above my php echo request in the content.

My steps were upload legit jpg, capture request. Replace content with php hello world. Send to intruder set the position to shell.php. add my wordlist payload with different permutations of .svg and then run intruder

What did I miss thats not giving me upload successful like yesterday?

hi guys I'm gonna do the last question of the skills assessment for pivoting, tunneling, and port forwarding module again

I'll let you guys know if I need help

i think i need the creds to access to the spawned machine (ip: 10.129.90.149)

dont just send random permutations, try to identify Black list filters and white list filters, always go from simplest to complex

only images allowed is an example of white filter, bypass it

@lime cosmos Please take care not to post content from modules above tier 0

@median gale Please take care not to post content from modules above tier 0

ok sorry

hi guys I'm doing the last question of the skills assessment for pivoting, tunneling, and port forwarding and I actually think I'm gonna do it right this time

but I'll post on here if I have any trouble

I think I see how to do it

@im not using random permutations im using from the provided bash script. Yesterday I ran intruder no problem and it returned a few .svg.jpg variants with successful file upload but now all its doing image only

https://academy.hackthebox.com/module/35/section/219 I'm trying to do this very simple module, is it normal I can't get a response from the target machine via ping? does using curl with the url versus IP and port make a difference?

Is there anyway around the account restrictions popup when trying to RDP to the Administrator account for the Pass the Hash exercises in the Password Attacks module? It says to RDP to the host and provides a user/hash but I get an "Account restrictions are preventing is user from signing in" response, but I was able to do this module previously

OMG man that script generates a lot of combinations more than needed, try with one of the another wordlists they give you

doesn't the section directly tell you how to do that if not i know one of the modules/sections prior to getting to that point does

Oh whoops you are right, I was coming back to this one after a while looking at other stuff and skimmed by that section in my notes

Thanks!

Anyone else done Command Injection Module recently? I'm finding the questions and answers a bit odd, and its not accepting the answer you'd expect

In this one https://academy.hackthebox.com/module/109/section/1035
theres three options as the answer, none work

HI, Starting point > Pentesting Basics > Service scanning
I have mission to scan with nmap and give the service of the port 8080 .
I tried so much scans, and so much versions, and banner grabbing, I have tun0 in the netweork, This is the thired time Im restart the target machine to get new IP
nmap -sV -Pn (target ip) -p8080 and nothing
Please help?

it's only expecting one singular answer

it's just expecting what nmap puts under the "version" section

Like &

But it doesn't accept it

or new-line

I know, but It filtered

it shouldn't be filtered

it requires a dash

as in as a command injection

Bruh whatbim saying is I used that script and only had .svg as extension. It doesnt return that many but the ones it does did yesterday. For some reason its not now

This is what I get

are you running the pwnbox and your vm at the same time?

ammm I dont think

I use VPN conection

it's expecting the word as it's written in the parenthesis

Im use my kali on VMware

try restarting your kali and doing it again?

otherwise i'd reach out to support ¯_(ツ)_/¯

OK

i just checked the other day and it worked just fine for me

I will try

also to be clear when i say pwnbox i'm referring to this window

if you hit "start instance" that starts the pwnbox

No Im just revel the target machine IP

"click here to spwan bla bla bla"

ye

So I clickek

just kinda going over all the bases

To get IP .

as "these are common problems"

thanks again @fathom pendant

hi so for the last question of skills assessment for pivoting, tunneling, and port forwarding module, I am able to reach second pivot, including IP on subnet on the second pivot that the third pivot is also on. however, I am unable to reach the third pivot. I know the third pivot is theoretically reachable because I can rdp from double pivot into triple pivot. However, I cannot reach third pivot from attack box.

on local machine in my kali vm

can someone help me out with this?

I know its theoretically possible to reach it by LOL

I know I can use attackbox through the web, and second option to connect with my VM with vpn file configuration

and then can get it to reach it

i answered how to find this previously

@fathom pendant untill today I used VPN and everything work fine

you're on the box you got the second-to-last answer with yeah?

check shares

ok

ya I got the second to last answer but you know it still won't let me port scan its ports from the local machine. I found some stuff on the pivot that would be useful that's fair. I don't want to say what because probably a spoiler.

@fathom pendant hey so yesterday if you remember I was asking about the uploads.php directory for the file uploads skill assessment. I had to log off and didnt save which svg payload worked. I'm running intruder again today but its not returning any file successfully uploaded. I'm getting only images are allowed for each permutation of .svg.jpg

Its the hint !!

wait got ping to work from local machine

After restarting my Kali
same reply
wrong answer 😦

reach out to support then ig

How I can reach out the support?

what is "ig" ? sorry 🙄

Its all new for me

It's the small green box at the bottom right of screen if you logged in to htb

It'll will bring up support and they will respond via chat

Oh thanks!

can you ping it ?

messgage them ?

reach it

yes

Yes it will open a ticket and someone will respond

@fathom pendant u able to see my question?

Oh nooo wait I can't @median gale

Thats your problem then

I dont think you are connected with the vpn

OMG but Im in the scope.

ip a what ip does your tun0 int have?

I try to restart the target IP three times, and 1 time my kali

ig == "i guess"

you can try changing vpn regions and spawning a new target

Are you using the wrong vpn file ? Changed region and used the vpn from the last region?

i saw, i'm choosing not to respond to it atm

at this point you have all the ways to get it to work, don't forget about Content-Type:

There is defferent between this VPN file

To this?

no

but still change vpn regions; and reset the target

I fixed it sorry I almost spoiled something but I deleted it.

but now I can reach from attack box

It worked !

https://tenor.com/view/omg-yes-crying-happy-yas-gif-14697238

hi I found the open port on the final target for the last question of pivoting, tunneling, and port forwarding. I found one way to log in but I don't think that will get me the flag. I am trying to crack the password for the suspected username using a tool from a previous section. can I DM someone to make sure I'm doing the right thing?

If you're on the host you got the second-to-last flag on: check shares

I got the flag

before I saw your message

but thanks anyways I actually solved it myself this time

@opal cape please don't reveal info about the skill assessment

The format is a valid image filetype, you don't need to do any shenanigans with it

Then I must've been hallucinating lol. I really thought I did that yesterday. Sometimes doing this all day can have a toll

Anyways thanks

Hello can I have some help for HTB CDSA in skill assessment for Suricata pls?

I found a TCP segement where the data is interesting, with execution of powershell command but I don't find the flag...

dm

hi. I'm stuck on the Password Attacks skill assessment and can't really get anywhere else. i've found the passwords for the other users but can't find where to use them. is there anybody i can dm?

Hello, as lot of people, I am stuck at Credential Hunting in Network Shares from the Password Attacks module. I cannot find the domain admin password in the shares. I already used the tools and tried different word pattern to search with. Can someone help me please ?

Anyone having issues with the AI in InfoSec final assessment? I seem stuck at 88% no matter how I tweak my parameters. I'm Using MultinomialNB like in the spam classifier and have run out of ideas.

choose well the pattern word

hi

@proud tusk don't dm people without permission. This is the channel to ask about module related questions

Well technically ssh only needs one command and it's also easier to remember for me

and you can do it straight from the ssh session you would already have open

https://youtu.be/dZjd4XTms7E?si=OLK3fc3BFlFW_w1w&t=2617

It's good to have multiple ways of doing the same thing in case something doesn't work.

you can do it all in one command

Also if you learn enough you can simply do stuff like:

ssh -w 100:any htb-student@10.0.0.0

which creates a tunnel to device tun100
-# basically a VPN, keep in mind that you'd have to setup the tunnel interface so it's not REALLY 1 command but it's a really nice connection, almost as if you're in the same network.

And yet it's the only one that I kept using during the SA of that module

multiple hops with chisel and ssh is just much harder

-# this was before I learned about the ssh tunnel trick

I've tried it, have had some issues with it, moved on

curious on the issues you had and which version. IK the latest versions have some QOL stuff

Yeah I've seen but I've caused multiple tools malloc failures thinking it was the tool, it was Ligolo

ah

¯_(ツ)_/¯

But ligolo is a tool

I personally like it

Yes which allows you to route other tools through its tunnel

Like proxychains but in a more convenient way ya

Use whatever you want I'm not discouraging anyone from using it

Proxychains is good tho for routing individual tools through their own tor connection if you want to do that

That’s my take

Including maybe ligolo? I don’t know

You shouldn't route ligolo through proxychains cos it limits the traffic to only TCP iirc

Ok would using torctl to route all traffic through tor be better?

Or is routing everything through tor just a bad idea?

And if not how do you be stealthy using ligolo?

Like for red team stuff

Just with a tls cert?

I advise not routing any traffic through tor
unless you REALLY need privacy

Ok

also routing traffic through tor still isn't anonymous either as whoever's in control of the end nodes can control the traffic

True

So do you believe in tor over vpn?

Ok got it

Hi! I'm in Dynamic Port Forwarding with SSH and SOCKS Tunneling section

Is it normal that the 172.16.5.19 doesn't have the RDP port open? if yes, how I supposed to get connected to the RDP port just as the module ask?

I believe both are useless unless you're on an insecure network

Ok got it thanks

I can't get the deobfuscation of the Crack into HTB for the life of me. 🤣 🤣

Freaking spaced. Got it.

#cdsa Module: Finding Windows Evils
Problem: Was trying process injection through PID spoofing . Wanted to inject cmd.exe process into spoolsv.exe but child Process get created underneath powershell Every time i enter given commands.
Conclutions : i am missing something but even though after rereading multiple time, i am not getting it. Facing same issue on my local lab and htb's lab.

It doesn't even look like you're getting past spawning the new instance of powershell to me. Maybe try opening your first PS with -ep bypass then running the rest of the command in that first window.

it looks like the rest of the commands aren't getting passed into the new session

Hello. Stuck on Attacking common applications - wordpress.

msf6 exploit(unix/webapp/wp_admin_shell_upload) > run
[] Started reverse TCP handler on 10.10.16.34:4444
[] Authenticating with WordPress using <REDACTED>
[+] Authenticated with WordPress
[] Preparing payload...
[] Uploading payload...
[-] Exploit aborted due to failure: unexpected-reply: Failed to upload the payload
[*] Exploit completed, but no session was created.

besides this, editing the 404.php -> Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.

HELP

fixed with malicious plugin https://hacktricks.boitatech.com.br/pentesting/pentesting-web/wordpress#php-plugin

has anyone finished the FFUF module? during the skills assessment, I found the page that says "You don't have access" but the answer is incorrect?

Sir i am an 18 year old teenager , i want to lear cybersecurity and ethical hacking can anyone please guide me towards my first path of this journey as i don't know anything about this and i am keen to learn from your experience and guidance . Thank you

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

guys im stuck at section Web Archives where im stuck at unable to load that snapshot as it just directs to other date showing add about godaddy

Check format of answer in module

New here i have simple question
https://academy.hackthebox.com/module/143/section/1265

in that module we have 2 question before there is mentioned lets find a user

• to find the user we have to ssh machine that is mentioned in question 1?

Hi im trying to use ligolo for double pivoting in attacking enterprise networks
But When i add another interface ligolo-double, adding the routes and starting the tunnel
Its like i cant reach the first pivot network and everything just collapse
Am i doing something wrong?

Hello everyone! I am struggling a bit with the XPath injection module. I think I am missing something, and I find difficult to even confirming the XPath Injection in some sections. Are there any good man willing to help me out, please? Thank you in advance 🙂

yes

Please 🙂

please read the #rules and do not engage in illicit stuff

heyo im kinda new here and even I knew that was crazy, but Im wondering where do I go to on this server for a little bit of help with a box?

read #welcome and then #boxes

ty

hello!did you solve it? Also i don t reach it through the Dynamic port forwarding after tunneling with ssh -D. 77 hosts up, and 5.19 seems down.

Hello, for Abusing HTTP Misconfiguration: Premature Session Population (Auth Bypass), the flag is missing, I was able to bypass the admin but no flag or username found. Maybe rabbithole or something?

can i request a feature of search engine within the owned modules?
because a lot of the times i find my self losing details of a specific topic, but i don't remember in which module/section i read it before, a search engine dedicated to the modules will be an absolute savior

by search engine i mean an information retrieval system, like elastic search from microsoft

new to hacking?

well so am I xD
but almost hitting 50% on CPTS

hi, im currently stuck on the skill assessment password attack. need some hint to move forward. i've got the password for ||betty||, ||william|| and some admin pass that does not work on the server where I got it from which is the ||jump server||.