#modules

dont think so

its just an ip and port

let me dm you

ok

Use the udp vpn

Ok thanks

Hello! Is anyone willing to help me with Question 3 from the CrackMapExec Skill Assessment? I've been stuck on this for so long. I will really appreciate it! If I can DM someone or discuss some hint here, any support will be appreciated!

In the DNSAdmin privilege escalation module I can start dns service, and also don't have the permission to remove registry key. Am I missing something as the provided solution also does it the same.

@solemn prawn Please take care not to post content from modules above tier 0

If you go over the section again you'll see you need to run it under a certain context

Somehow, in DP-SGD Challenge of Ai Privacy Modules, uploading models always return {'error': 'Evaluation timed out. Model may be malformed or causing issues.'}. Even the given solution as well. Is this possibly a platform-side problem, or are there specific constraints that might cause this timeout?

can some one nudge me for this.

API Attacks -> Broken Object Property Level Authorization -> Exploit another Mass Assignment vulnerability and submit the flag.

Hello. Windows Lateral Movement skill assesstment. There is no way I can get a reverse shell in question 5. The solution proposed by HTB does not work and using my own PS shell does not also. I can ping the machines, so they see themselves, I can execute PS, but something fails. Thanks

Hello, Im struggling with

Check the /tmp directory and find Julio's Kerberos ticket (ccache file). Import the ticket and read the contents of julio.txt from the domain share folder \\DC01\julio. of Password Attack Module

Ive reached till here but I cant figure out whats next.

Ticket cache: FILE:/tmp/krb5cc_647401106_HRJDux
Default principal: julio@INLANEFREIGHT.HTB

Valid starting       Expires              Service principal
10/07/2022 11:32:01  10/07/2022 21:32:01  krbtgt/INLANEFREIGHT.HTB@INLANEFREIGHT.HTB
    renew until 10/08/2022 11:32:01

Now trying smb ```root@linux01:/tmp# smbclient //dc01/julio -k -c ls
gensec_spnego_client_negTokenInit_step: gse_krb5: creating NEG_TOKEN_INIT for cifs/dc01 failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
session setup failed: NT_STATUS_INVALID_PARAMETER

gets me to this error

tried to ip too

Hey! Is anyone able to give me a small hint for Question 3 of the CME Skill Assessment? I’ve been stuck for a while.
I got the NTLMv2 hashes for DEV01 and SQL01, plus 4 accounts. Would really appreciate a nudge in the right direction.

yey another module bites the dust

thatw a ssome fuzzing fun

only completed it becaus eof my completionist mentality

but learned some new tricks thorugh

I test the skill assessments with ligolo work fine.

looks like that ticket is far expired maybe there's an unexpired one 😉

Let me try again

Hey! Is anyone able to give me a small hint for Question 3 of the CME Skill Assessment? I’ve been stuck for a while.
I got the NTLMv2 hashes for DEV01 and SQL01, plus 4 accounts. Would really appreciate a nudge in the right direction. Tried responder + drop-sc on DEV_Intern share; captured only the hashes of the DEV01$ and SQL01$ machines, never got James. Tried Responder + scuffy on DEV Intern, same results. Responder + slinkly -> access denied on share. I have Jte, in30, Al, and sqev creds so far.

Ticket cache: FILE:/tmp/krb5cc_647401106_muRVgr
Default principal: julio@INLANEFREIGHT.HTB

Valid starting       Expires              Service principal
03/01/2026 15:00:00  03/02/2026 01:00:00  krbtgt/INLANEFREIGHT.HTB@INLANEFREIGHT.HTB
    renew until 03/02/2026 15:00:00```

```root@linux01:/tmp# smbclient //dc01/julio -k -c ls
gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in NEG_TOKEN_INIT```

Again tried with the valid ticket.

I tried the IP too instead of DC01

moving the ticket from /tmp to /home worked

how about you try -A

Not matter, I try the same command on pwnbox and works good

so you get the flag with the same command then?

Yep

guys, i need help with the first question of esc4 attacks..Abuse ESC4 to change the configuration for the template ESC4. Afterward, submit the value of the property Certificate Name Flag.
it doesnt accept any answer i input..could someone help me out on this?
nvm i got it finally

Hello! Can I DM anyone about the CrackMapExec Skill Assessment Question 3?

the machines on the "Introduction to the WIndows Commandline" module won't start

is anyone experiencing a similar problem?

guys for adcs attacks module..the ntlm relay section. i am not able to coerce the authentication. and when i ping the 172.16.19.5 it shows this $ ping ws01.lab.local PING ws01.lab.local (172.16.19.5) 56(84) bytes of data. From 172.16.19.19 icmp_seq=1 Destination Host Unreachable From 172.16.19.19 icmp_seq=2 Destination Host Unreachable From 172.16.19.19 icmp_seq=3 Destination Host Unreachable From 172.16.19.19 icmp_seq=4 Destination Host Unreachable
did anyone face this issue?

nvm i got a shell! lol

wrong channel

Hey , i need help in solving nmaps firewall bypassing labs i stuck at the hard lab i can only get the 53 port as filterd i cant bypass the firewall dont know whats to do can pllease anyone help me?

Are you still stuck on this one?

did you scan both udp and tcp? there's a port that you may be missing (don't specify -p 53)

Anyone having issues with targets spawning at the moment?

nvm came up, just took a long time

hi I am doing the automatic modifications section of web proxies module. I need some help with following along with the tutorial. I tried setting it up according to what the instructions said to do but it still requires me to enter in a number each time I refresh the page or go back. Can someone help me out here?

I'm following instructions but its not working. if someone with a CPTS, CWES or CWEE is available for a DM that would be splendid

please let me know

I need this so I can continue with the web proxes module

I heard there had been some problems with EU servers. Maybe they're fixed now

the user agent requests won't update either

can someone help me out here?

please DM if you are available

how is it possible that ntlm relay works without a responder?

I am currently working on the NTLM Cross-protocol Relay Attacks module, last question (Use impacket's SOCKS server to hold NPORT's relayed connections and abuse them to access the MSSQL service at 172.16.117.60; query the 'flag' table within the 'development01' database and submit the flag). I had errors with the responder, but after turning it off, it suddenly worked

hi, just started on my linux module i came across the question which kernel release is installed on the system? i found out just how but it doens't give the green light. tried multiple command all came at the same answer too??

are you ssh into the target system (note that "spawn instance" is not the same as "spawn target"

i just changed my target spawn and it worked i guess it had been over the time limit.

Hi team, I am having an issue with "Network Services" within the "Password Attacks" module.

for some reason the "flag.txt" file is empty.

As you can see in this screenshot.

Can you please let me know if this is something from your end or I am just being stupid please?

Ah ignore this, I was being stupid.

it's a small file therefore the size likely didn't register

Hi is anyone able to help me via DM with the automatic modifications section of the web proxies module tonight or preferably tomorrow? There’s some stuff I’m not getting. Tomorrow I’m gonna try one more time after I get some sleep but then I am gonna need some help if I don’t even get it right then. Please let me know.

DMd you

Thanks

I didn’t get message hold om

@shell glacier Please take care not to post content from modules above tier 0. You're showing a lot of info from the module there. Anyone who has completed it and can help doesn't need all that extra stuff. Just ask your question without revealing sensitive info please.

my bad, i got the issue, i was on WSL and i guess that has something to do with the virtualization? im not sure

my only questions is now, why does WSL affect whether i can crack the pin with reaver or not?

Because; tl;dr WSL sucks

hi @cloud urchin can I DM you tomorrow to ask some questions about the Automatic Modifications section of the Web Proxies Module?

what time are you available?

I'm gonna attempt it one more time tomorrow and we'll see I think I can get it then

but if not I was thinking I could message you

or is anyone else available for DM anytime tomorrow?

You'll have to ask me tomorrow, but it's been a long long time since I did that module so someone else who did it more recently may be able to better help.

guys, I am wondering about the very first section in Linux Privesc of CPTS, the "Environment Enumeration" one

I did manage to go into /root and grab the flag but it's incorrect for some reasons

is that a bug or I am missing something ?

watchout for unintended spaces before and after the flag while entring it

pretty sure there isn't, can I share the flag here or somewhere ?

nope not here

so a private DM maybe ?

TBH i haven't done that module yet so I'm not so sure if I can help out

that's fair, thank btw, I will just wait for someone else

Paypal was removed as the billing option for academy? I wanted to get the student monthly plan but only shows credit card as the payment method, kinda defeats the point.

defeats the point? no it doesn't lol. just pay with your debit instead.

i don't recall paypal being an option there but that doesn't mean it wasn't

File Inclusion module log poisoning - Server log poisoning I am modifying my user agent but it is not visible in the response?

Well it replies to the request before it appends to the log so you'll have to send multiple requests,

1. With a modified user agent
2. To get the logs after it was logged.

can't do it at the same time

yes i scanned all ports in tcp and udp

hello

i have a question

i stuck in Broken Authentication Brute-Forcing Password Reset Tokens
in that question "Takeover another user's account on the target system to obtain the flag."
can anyone help me

Have u created a reset token?

yes

seq -w 0 999999 > token.txt

I think the question asks for 4 digit token

really?

Yeah, try for yourself

solved it

thx

np

Oo I thought since I am poisoning the UserAgent, the response would contain updated logs with the manipulated user agent 'Apache log poisoning'

anyone from asia experiencing lag from academy ? is it the same for the exam cus theres no other vpn than eu and us only ?

it depends but generally HTTP logs will be written after the response to the request, so you need a follow-up request to read the logs to see the previously written event after its response is complete

that seems a bit weird for some reason

well if you take a look at some log entries you'll see that one entry will usually, for example, include the http response code - 404, 200 etc

consider the primary purpose of the logging being to track functionality of the webserver. It doesn't assume that you're handling authentication events or sensitive data - it just wants to log each request and its outcome

if you logged every response separate to the request, you would immediately double the size of the logs (almost). At scale, that's very bad for storage costs and CPU thread utilization

they'd also be much harder to analyse as you'd have to correlate the two separate parts

Anynone else also problems with spawning targets? Cant spawn targets since 30 Minutes. US ans EU VPNs

Need help with Password Reset Poisoning section
https://academy.hackthebox.com/module/189/section/2014

I'm able to acces log page.
I'm able to log my requests.
The link admin should click is not logged.
What Am I doing wrong?

NVM, solved

Does other ppl have this too ?

Yes

I am using Firefox, I tried with Chrome it works...

Web Attacks Module - Bypassing Encoded References;
The question says either use contract parameter or .pdf file name. I've solved it by using contract parameter and now trying to get the answer by using file name.
I made a list of pdf names by hashing but just can't find where do i fuzz them.
Need some help pls.

Seems to be fixed on Firefox

Yup! Indeed 😁

according to claude/GPT

WSL doesn't have real WiFi adapter access — it can't pass through wireless NICs to the kernel in a way that supports monitor mode or raw packet injection
No nl80211 support — WSL's kernel lacks the wireless stack needed for tools like reaver, airmon-ng, and airodump-ng to work properly
EAPOL packets never actually transmitted — what you were seeing was the simulated lab AP, but reaver couldn't complete the handshake because WSL was dropping/mangling the raw frames

A VM (VirtualBox, VMware) works because:

You can pass through a USB WiFi adapter in monitor-mode-capable mode
The full Linux kernel wireless stack is available
Raw packet injection works as expected

as I tl;dr -> WSL sucks

well now...i think both answers are suffice

Is anyone having trouble installing the "sqlcmd" command on the new Parrot OS? Or can someone help with how they did it?

sqlcmd isn't installable on ParrotOS; it's not in the repos

hello guys
is it normal that it takes forever for subbrute to find a subdomain in attacking DNS(on attacking common services) !!!
I don't get it

I am facing issue in Active directory Module Skill assessment Part 1. Issue is with proxychains. Can someone help me !

I am getting this error

even nmap scan says host is up but all ports are filtered.

Is your SOCKS proxy running? Check using netstat -lntp | grep 1080

It's running i am using metasploit module

run autoroute -s 172.16.6.0/24 and check with route print

For the windows attack and defense: AS-REProasting section, I perform the attack and when I check the DC1 server to find the log for svc-iam, nothing is logged in the event viewer for svc-iam... what am i doing wrong.

It's working now. I was using socks 5 in metasploit and in proxychains conf i used socks 4.

Thansk for the nudge

Probably the 10th time I've asked. Working through AEN, can't seem to get the Priv Esc to work. It worked once before, I'm using the same syntax as I was previously, but the reverse shell isn't working on DEV01 --> DMZ. Can anyone lend a hand? Please @ with replies

having some trouble w/ the Attacking SMB section of Attacking Common Services, could someone give me a hand?

Guys i just did the section 3, about interfaces of the Wi-Fi PT Basics Module, i would like to know if the fact that the ||txpower wasnt changing in the iwconfig but still worked to find the requested ESSID is normal or not||

i have tried logout login, refreshing the page changing my network nothing helps

Might be a bigger issue. I cannot spawn target on Advanced SQL Injections > Error-Based SQL from the CWEE path. I had no issues couple of hours ago.

targets having issues spawning on new ui?

I'm on old one still

logged a ticket with support

alright must be just in general then, guess ill come back to academy in a bit

status page shows no issues tho

Same for me

same issue

Same

not sure if it has fixed for others but mine has been fine, on Kerberos module. I terminated it a respawned it and its fine.

same issue here

I actually ran echo flag.txt which over write the exiting file with 23bytes size (resulting in the zero in question) but terminating and respawning the target resolved it as the flag got regenerated.

+1

is this assesment bugged ? HTTP Misconfigurations - Skills Assessment - Hard i restarted 3 times and followed the steps in solution but still not runnign, sorry if this is not the correct place for this

Is this a bug? It said "Targets are spawning" but 20 secs later it turned back into "Click here to spawn the target system". I've tried changing my Pwnbox's locations and VPN Servers but it did not work.

Try changing regions instead of just servers. I'm seeing a lot of people mention issues spawning targets so probably a server issue.

hi,
yes we are aware of issues with targets, this is affecting eu servers

try using other regions for now

Ive tried UK and AU, nothing working

you need to change it here

yeah, I've just noticed that, im doing that now. Thank you

sure!

bet ill dm

cwee should be as a prerequisite to file inclusion skiils assessment fml

i have the same issue, tried

lol

idk why it is not starting

i click many times but it doesn't give me any ip to test

Still struggling, anyone?

for those struggling try switching to the US vpn servers

my machine is not even starting

https://tenor.com/view/first-time-meme-first-time-the-ballad-of-buster-scruggs-gif-24656975

nah bro but idk what is happening with me

even claude is down

htb as well as htb assistance provider both r down

oh that's the case

They are also having issues

I am unable to rdp into the target machine . Can anyone help here

Can anyone help explain why I've ran into this issue? For the last 2 days I've been trying to hack the 'Firewall and IDS/IPS Evasion - Medium Lab' module, but I kept getting a useless result from the scans. I was sure I had tried everything in the module, so I went looking online and found someone that said that using PwnBox instead of a Kali VM worked for them. I tried the simplest command I had used on kali on PwnBox and voila: immediately got the flag. Why is this happening and, more importantly: what is the risk of this happening when doing the CPTS exam? I don't want to somehow get stuck because of a weird networking bug with the VPN. Also not keen on using PwnBox instead of a normal Kali VM with VPN.

Try maybe what it's telling you to Use /relax-order-checks to ignore.

To add insult to injury: the only way to solve the hard lab is connecting with it using a specific tool and port which are not usable by default on the PwnBox instance. I had to kill running services to make it work. I really find it hard to believe this is intentional right? Or am I just being silly.

I am going to assume there is a bit of a general networking issue with academy at the minute? my instances are loading but my rdp sessions keep being kicked out whether via pwnbox or via vm over vpn.

anyone have solve this?

currently having the same issue

Anyone for this?

I'm wondering if this is why my reverse shell isn't working currently

Can someone tell me why this is not working . I am doing AD Enumeration & Attacks - Skills Assessment Part II.

Anyone else having sudden issues with academy?

well USA vpn seems to work, while EU is down

this is becoming recurrent....

Hi all, having issues with "MSSQL, Exchange and SCCM Attacks" module. In the "Exchange" section, "Enumeration", I can connect to the OWA but when I try to login with given credentials, it returns a 500 error...I looked at the answer and it is exactly what I am trying to achieve. The lab is up for more than 10 minutes. Anyone else encountered this issue ?

Switching back to EU solved the issue...

In Windows Attack and Defense, why doesn't anything get logged on the DC1 server, I look for the logs I am supposedly making when performing attacks but they don't get logged. Anyone can explain why? Do I actively have to RDP to the server first then perform attacks?

seems like this has been an ongoing issue with the module, people in this discord has had this issue since 2025 as well.

Just some feedback for the new UI for Academy. Copying code blocks from the new UI does not format it properly in Markdown, the old UI works great. For example, copying this code from the new Academy UI to Obsidian looks like this

I'm all good with EU

What question is this for

In "Attacking Drupal" topic lab, you need to explicitly enable PHP code for your user (even if it's administrator). Configuration -> Content authoring -> Text formats
From there you will be able to enable it and then PHP will show in your options.
Pls note that you also have to enable PHP filter module for the site and install it if it isn't there.

Can someone give me a sanity check for Attacking Common Applications - Attacking Splunk? The instructions make it seem like it's just --> scan to figure out Windows vs. Linux --> edit the script in /bin to have your IP and Port --> tar (or spl) --> listener --> upload --> shell. I've tried both tar.gz and spl, I've tried editing the apps permissions on Splunk, disabling and reenabling, and restarting the target, but no matter what I do my listener doesn't catch the shell. Maybe I have to edit the config file? I'm probably just missing something stupid, but I can't seem to figure it out. Any pointers are appreciated, thanks!

From what I remember, the first step in the skills assessment doesn't use a double extension

try to think of ways to get more information

@soft moon
Please take care not to post content from modules above tier 0..

sorry

No worries, you can just ask your question without the pics. Someone who has done the module doesn't need that extra context.

really ive done the other extension beginning with a S

Bypassing Flawed Validation
https://academy.hackthebox.com/module/189/section/2016

I'm trying to follow module, but fail at identification script. Any nudge will be helpful
NVM, solved

ok through problem solving i figured it out instead of creating my own i just used and edited a image already

Working my way through the DACL Attacks II skill assessment (Question 2 of 3). I am trying to obtain credentials. One set I have, the other I am trying to catch via a method not covered in the module; but it's going nowhere. Anyone who has done the module available for a DM session to discuss / help with a nudge in the right direction?

Enumerate everything covered in the module.

I would never have thought....
Seriously though. If anyone has done this module and is willing to have a brief DM exchange that would be appreciated.

Think of easier ways to obtain credentials.

Have you tried mimikatz?

I have dumped local admin yup.... with secretsdump.... but a DM session is way more appropriate than public exchange

You can DM

Hi, I'm stuck on Advanced SQL Injections in Part 2 of the Skills Assessment. Could someone help me? I'm out of ideas for attacks.

Hey guys question about the NetExec tool. as you can see in the picture I do a bruteforce attack against a DC, what I saw online(and what you can see in on the picture) the DC is associated to the dac.local domain. What I want to understand is the follow: Why does the bruteforce happen on inlanefreight.local (since the domain of the dc is dac.local) + how does it know that he need to attempt the bruteforce against the inlanefreight.local since the domain is not specified in the command?

command:

Spritzouu@htb[/htb]$ netexec smb 10.129.201.57 -u bwilliamson -p /usr/share/wordlists/fasttrack.txt

SMB 10.129.201.57 445 DC01 [*] Windows 10.0 Build 17763 x64 (name:DC-PAC) (domain:dac.local) (signing:True) (SMBv1:False)
SMB 10.129.201.57 445 DC01 [-] inlanefrieght.local\bwilliamson:winter2017 STATUS_LOGON_FAILURE
SMB 10.129.201.57 445 DC01 [-] inlanefrieght.local\bwilliamson:winter2016 STATUS_LOGON_FAILURE
SMB 10.129.201.57 445 DC01 [-] inlanefrieght.local\bwilliamson:winter2015 STATUS_LOGON_FAILURE
SMB 10.129.201.57 445 DC01 [-] inlanefrieght.local\bwilliamson:winter2014 STATUS_LOGON_FAILURE
SMB 10.129.201.57 445 DC01 [-] inlanefrieght.local\bwilliamson:winter2013 STATUS_LOGON_FAILURE
SMB 10.129.201.57 445 DC01 [-] inlanefrieght.local\bwilliamson:P@55w0rd STATUS_LOGON_FAILURE
SMB 10.129.201.57 445 DC01 [-] inlanefrieght.local\bwilliamson:P@ssw0rd! STATUS_LOGON_FAILURE
SMB 10.129.201.57 445 DC01 [+] inlanefrieght.local\bwilliamson:P@55w0rd

ey guys i need help with machine of box i don't have any listenning ports

and i don't know why

unified machine

Best to ask for help with boxes in #boxes

Can anyone lend a hand with the sliver modules

Got a couple outstanding questions that ive missed

I've also tried various ACL rules and stuff, but to no avail

The privilege doesn't have to be an enabled one.

so I tried the other one too and now I'm kinda like?? (neither works haha =/ )

PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                    State
============================= ============================== ========
SeChangeNotifyPrivilege       Bypass traverse checking       Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled

See if you can spawn it as an admin

Module: Active Directory Trust Attacks
Section: Skills Assessment
Question: Gain access to the DC03 (Apexcargo.ad) and submit the contents of the flag located in "C:\Users\Administrator\Desktop\flag.txt"

|| SID History Injection I believe is the right path, but it is not working at the moment ||

Any help?

you know what, I haven't been able to find admin password (or haven't cracked it via hashcat lol), but I can give another try!

You can shoot me a DM

Hello y'all. I've been working on the module "Windows Event Logs > Logging Basics", and i confused with the exercises. I have two questions:

1. The correct .evtx for the exercises is "DLLHijack", right?

2. Is needed to use the security logs and not the sysmon?

**Android Application Static Analysis **

Disassembling the APK

what is the right answer format here. I am struggling on this question

https://academy.hackthebox.com/module/221/section/2392

Hi i'm finding some troubles with this exercise https://academy.hackthebox.com/module/21/section/135 basically it looks like is falling because it is deprecated, does some body know how to solve it ?

the question

Create a "For" loop that encodes the variable "var" 28 times in "base64". The number of characters in the 28th hash is the value that must be assigned to the "salt" variable.

@copper dune the module is above tier 0, avoid sharing things from it

whats wrong with the sql injection skill assessment" site?

@fathom pendant my bad, sorry, do you know which channel or channels can i use to get some help about this and possible future similar issues ?

You can ask here, but posting the code is a no-go that's all

People who have done the module generally dont need all of that info

Also you're using the wrong thing to count @copper dune ; the module expects echo $var | wc -m

Not the built-in feature to count length

Thank you so much @fathom pendant

it's $var not $salt

but the principle is the same

use https://

Is there any ongoing issue on the platform that does not allow for the targets to be spawned by any chance, or it is just me?

Does anybody have a reliable way to rdp to the module boxes? I keep getting disconnected and now i am just stuck at the last 3 modules (attacking common applications)

I couldnt quite get an understanding of whitelist filter in file upload attacks module specially the double extensions and reverse double extension part

we just reversed shell.jpg.php to shell.php.jpg

r they trying to say we should try the reverse of all double extensions while fuzzing?

A weak whitelist filter sometimes only checks whether an allowed extension like .png or .jpg appears anywhere in the filename. Because of that, a file like shell.png.php may be accepted since the filter detects .png even though the server later executes the .php part.

This new UI is gonna make my eyes bleed

Damn me too

Why do you guys change the UI? It's so unnecessary.

This evasion module having me create 564 C# executables 😂

just finished the first 3 modules, about to start footprinting

been hearing its LONG

the UI sure is a downgrade :S

it's not null session, it's guest session try:
nxc smb ip -u "something" -p '' --shares

Yup I figured it out thanks 🙂

bring back the old UI please or make this "table of content" smaller and remove progress bar from below,the actual content of the module has less space of the screen.

This is fire

more empty space=more scroll
any way it's just my opinion

anyone else having issues spawning pwn box?

Was it a guest session because Null Auth:True wasn't shown in the banner, meaning null auth was disabled on that target?

yes the flag is missing

you can also enable guest flag but it's not by default, on nxc.conf

I find a pretty useful point of the new UI is that now it doesn’t bug out when I create another tab and zoom the screen to 100% to use pwnbox. but new UI very slow

Cool! Thanks for that tip.

it's been 4 days i'm getting this much Latency on all the server i've tried changing my own network but the issue presist ??

this have been the case for me for all the academy modules

I need the old UI back so bad T~T

agree old ui was good

The worst part is we can’t copy the code blocks anymore and its more scrolling less reading

yeah

Why have you changed the UI? The previous one was perfect...

They got inspired by THM

I am at "Introduction to Windows Evasion Techniques". Regarding the Skill Assessment I.

I managed to get a revershell with some spaghetti C# code, I would like to know how can I make it better, if someone completed the module, please let me know. I can share proof of successful exploitation so no cheating here.

https://academy.hackthebox.com/app/module/185/section/1941

I am having problems getting the machine to start. I been trying all morning and its not available. Anything going on? I have tried a few pwnbox locations

How can I get the "old" UI in the HTB Academy back? I dislike the new UI. The "old" UI was perfect.

I think it's no more

No rollback

I am running into the same thing. Getting the error "there are no instances available"

yes that is what im getting as well

Hi guys, I'm really struggling to get promox to connect to the web page, it keeps saying "refusing to connect" no matter what i try. any suggestions on what to do? im still new so im learning how to set up vm's but i cannot get it to even open the web page url

it is easier on the eyes. I prefer it, only the code sections need to work like before again.

sticky header + sticky footer + huge whitespace on left + table of contents taking up half the screen = 25% of visible screen is actually useful. maybe it's easier to navigate on mobile than before but desktop is slow unpleasant. usernames and passwords are easier to copy so that's nice at least.

Is Pwnbox down rn?

I can’t access it rn it says “no available instances right now”

There shold be a option to use old UI

New one is not lit as previous

Seems like completly vibe coded

same here! Cant connect despite clearing cache, trying different regions

more like a social media less like a learning website

Once I drop the section I cant evern close it

I have to click the other section close, to close that I have to click the other section, to close that I have to select the otehr section.

Hi,

I was wondering if I can reset my progress for a module. Like, if I can remove the answers I have given and do it all over again.

Thanks

No, that is not possible.

Thanks.

Am I only one facing this issue on academy

Tried multiple regions

Same error here

ive been having the same issue

ive found that when this happens, I usually have to wait a day to be able to spawn the pwnbox

really a whole day? wow thats a long time. I hope not cause i would like to get more done today. @violet umbra can we find that out and how we can get this started. Its a real bummer 🙁 thanks

yep usually, its a bummer everytime too, Im an enterprise user and also having the issue there. so it seems to be for both academy and enterprise users

Oh ok i guess something is up with the server side of things in the cloud where they host the machines

Thats what I think is going on, im not sure, I noticed though that at 8:30 MST is when I wasnt able to spawn the pwn box anymore. so thats before the ui update, but i was on the new ui as well. So maybe something on the backend like you said

Can always use your own VM, unless that is outside of your ability with where you are accessing things from or whatnot.

🙁

where can I download the vpn ?

Looking at the new site - very nice - is there any reason why you can search for "Not Completed" in the status

We are having issues with our upstream provider that is impacting PwnBox, we are looking into the matter

Ia that why PwnBox is greyed out on ProLabs?

Got the same issue, did you figure it out ?

You found the reason for the timeout ? am at the exact same Timeout

/feedback

on any page with the private target, should be a button to download the vpn

could someone help me with Q4 MSSQL, Exchange, and SCCM Attacks please?

Alright nevermind guys, I figured it out

The script timedout when multiple .ps1 scripts where chained

Executing the VBS manually works with bypasses and all, but when the bot runs it, it fails

the sectionI thought was too hard two days ago when I was sick turned out to be easy

now I'm doing the next section which is harder but I'm gonna come back to it tomorrow

SCALE is going great

gonna attend a workshop at 2PM

The old version(htb academy) is better than this one this version is very slow compared to the previous version.

I am facing a problem due to the website’s new update every minute, these annoying messages keep appearing.

Have you tried relogging? Otherwise reach out to support

The website is slow after the update.

Its been fairly responsive for me so idk

The old version is better and easier to use.

Staff dont regularly check the discord, thats why I said reach out to support. Perhaps something funky is going on with your account thats creating a niche issue

I am used to the old UI !!! so simple ! I feel like i can't study in this new UI >.<

Does the new UI affords viewing the paths that include some module? I could see it in the details for the module before.

Payloads are no longer copied in code format when pasted into Markdown 🙁
That was amazing :(

Have anyone faced an issue while starting pwnbox.I've tried different locations but it didn't work

Yeah there's an upstream provider issue right now. VPN only till they fix it I guess.

#academy-announcements message

Thanks

Congrats

Hello everyone, I have a question regarding the Attack DNS section in Attack Common Services.
What is the difference between Gobuster and Subbrute that allows me to discover hr.inlanefreight.htb using Subbrute, while Gobuster cannot find it ?

wordlist gobuster have "hr" (but why this tools cannot find it), resolve DNS (same)

Hey, can we tell someone to make the "next" bar at the bottom of the new academy ui to be hideable or less obstructive? i cant see half my screen when its there cuz i need to zoom in.

Try /feedback

Where can I grab the Academy VPN file since PWNbox is down? (RIP pwnbox)

You cant get more time on boxes anymore? I just cant find the button

I only see "reset" as well.

ye

https://downloads.intercomcdn.com/i/o/awwxrc0h/1806620450/e470c9225e780f23365ddd0fb0a4/image.png?expires=1772863200&signature=296119ff7c89dc8192435ba6c02900e0a54a34a550a5f54f5022915f866080fa&req=dSgnEM98nYVaWfMW3nq%2BgQY6CSK91Bu3YBwhPrmrldtOes0jM9p%2BTRm1As0R uG13sJiAzrf7QpYNvbxWFMDLeDg%3D

This picture from the Connecting To Academy VPN help article shows a button to extend the machine, so maybe its just not working right now.

The VPN tab only appears in sections that require a VPN connection to access the targets. Other sections use Docker-based instances that are accessible without a VPN, and you will only see the Pwnbox tab.

is academy down? got "Target spawning..." now for a while, using USA VPN

yes

i'have too that's why i said yes xD

https://status.hackthebox.com/

It seems EU VPN is working now, but USA is down

yesterday EU was down and USA was working

Let's try with EU

broken pwnbox broken UI

Give it time, it'll improve.

there was no need for changes in the first place

Man I just downloaded the USA one yesterday for today

Sorry, but seriously, read the question carefully, and the information provided... and for the third time, this is the appropriate channel @feral thicket

Is cross compiling binaries covered in any module ?

okay it can be ctrl+c but its still incorrect

Read the question. Look at the Hotkeys section again, read the Hotkey description column carefully. The answer is there, I promise

done

Well done 🙂

I wish it still is :(((

hey guys anyone's active ?

i just need some help

can you not easily access next module in a path anymore? 💔 or am i missing smth? like when youre on the completed module screen

yes, I can't too and can not even download the source code file anymore 🙁 the button's just gone

Do you think that the legacy thing will stay as an option?

no, it's difficult for them to manage two UIs.

I'm not exactly sure what you're asking or which specific hash you were expecting, but it's important to note that you extracted credentials from the SAM, which only stores local accounts within machine.

What you're seeing is actually expected and correct — nothing is wrong. lsa_dump_sam dumps the local SAM database, which only contains local account hashes. The domain is showing as SQL01 (the machine name), not INLANEFREIGHT.LOCAL, which confirms these are local accounts.

Use creds_all to dump from memory

okay thank you, perhaps i need to enumerate more with the mssqlsvc account found

both of these articles break HTB's ToS for writeups as they are both tier 2

what does that mean?

means using them is the same as cheating

ohhh I didnt know that

https://help.hackthebox.com/en/articles/5188925-streaming-writeups-walkthrough-guidelines

I need help with attacking tomcat from attacking common applications. I identified the creds to access manager-gui but suddenly now it doesn't let me login. like the creds worked some time ago and i spinned the lab again and now the lab isn't accepting the same creds. i've tried burte forcing but no luck.

@fathom pendant can I ask wld this be the correct direction then?

i haven't done that module in a minute; i suggest going back over all the enumeration strategies presented by the module

i also wouldn't rely on meterpreter to do all the heavy lifting, i often avoid MSFconsole wherever possible in place of running commands directly on the machine

Hello, everyone! Who can help with the task “Use the Heartbleed vulnerability to obtain the server's private key. Send the first 10 digits of d.” I am using the module from msf, scanner/ssl/openssl_heartbleed. Set the KEYS action. But for some reason, I am unable to obtain the private keys. Can anyone suggest how to solve this task? Module HTTPs/TLS Attacks - Theory Heartbleed Bug

okay thks for yr advice

it helps to provide the academy module name for assistance, if it's not part of an academy module then you're in the wrong channel

Thank you! I understand. I added the module name and section.

HOW

try various things to discover information from the module readings. There's a way to discover what happens on upload

only mentioned way is to check the source code, which i have and i noticed a file that was named in a certain way, but still i could'nt find my uploaded file even though i tried all the possible renames and uploaded dirs

Can a member of staff help me out with my ticket at all, I submitted it a week ago and still have not gotten a response

Support staff do not read Discord messages. Please contact support.

https://help.hackthebox.com/en/articles/5987511-contacting-academy-support

I did that last week and my ticket is in the 'Hivemind will pick this up soon' When i go to the chat it says the conversation is closed

you can test out different things with php -r in your terminal to see how it's manipulating the file

note that you should replace direct variables with something else

Hey guys, im at shells & payloads module at php webshells. Just found put the .gif file’s name in question 2 but it aint working. Anyone please? Maybe a bug?

dm me

Can't use XXEInjector tool.
Web attacks module - Skills assessment;
I have completed the assessment manually, now trying to get the flag with tool but can't make it work. Idk if my injection point or parameters are wrong, help pls.

I need help with this question under Network Services: Spraying, Stuffing and Defaults Password spraying.
I have managed to ssh into the target but cannot seem to find the MySQL credentials, I have used the tool discussed in the module but those passwords haven't worked. I have also travessed through the different directories to see if I can find them but still no luck.
Anyone to help?

See the scripts and files it should be there

Under Sam?

am i going crazy

It could be anywhere I don't remember exactly

Okay... let me look

Is anyone else experiencing modules displaying 100% but not being perceived as "completed" in paths?

Make sure you have no spaces either side, if that’s what hashcat gave you

If you're using the 2.0 version you need to click on "Mark as Complete & next" button instead of just clicking "Next"

They were already completed prior to 2.0 push

Now they've reverted to not say completed and just say 100% progress, as well as the seemingly impossibility to overwrite said status using "Mark as Complete & Next"

Mine one also shows a 100% completed one as well it's a bug most likely

Also seems like the "contact support" button is a dead link.

Good to know I'm not alone :D

there are going to be bugs as they migrate things over to 2.0; so things will be a bit messy for a couple days, why they chose friday as production day who knows but i'm not paid by them

Fair and understandable, my only main gist is the fact that it seems to have lost widescreen support. Which I think is the only sad change

if there is a feature missing/removed that you'd like you can always submit /feedback. that goes directly to the staff slack and, importantly, the teams that work on these things

speaking of you just reminded me of one

Can I still use the old UI ? The new one is very uncomfortable

nope. old one is retired

I feel like I'm missing where to do this

Anyone have advice for Introduction to Windows Evasion Techniques Skills Assessment 1 with Regasm. Can't quite get a loader going (have minimal knowledge in building these.) Any help is appreciated!

anyone around for a question on XSS & CSRF skills assessment?

You just use the command in Discord

someone can help me with Advanced SQL Injections Skills Assessment 2 part? I have no ide how to save data to file without privilege

Hello, guys! I am currently on my way to finish the HTB Academy Linux Privilege Escalation Module (I am at the skills assessment) . There is a note over there stating the following:

"Note: There is a way to obtain a shell on the box instead of using the SSH credentials if you would like to make the scenario more challenging."

I tried multiple ways to get a shell, but none of them worked so far.
Has anyone here tried and obtained the shell? If so, please give me a hint if you can. Thank you!

Research themes

There are a lot of wrong things with the new UI. Like the module I want to study is 6 clicks aways. Old UI only thing you have to do was dashboard and go. lmao

Yes. I'm having the same problem

On https://academy.hackthebox.com/app/module/19/section/102 it asks for the host name but the default nmap scan is not showing any. I also tried with -v and -A flags. Is there a different flag I need to use?

Try with -sC

-sV

-sV is a version scan, a script scan (-sC) runs default scripts to gather some enumeration details

That may yield better results 😉

-sV is service version ( correct @ Marcielee )

Not service version, just version

-s (scan) then any combination of uppercase letters (like TVCX) will result in their corresponding scan types, my example is TCP, Version, Script, Christmas (read the docs to figure out what they do)

-sTVCX would be the tag, and yes they are order agnostic

Hellow All, im currently doing the Advanced XSS and CSRF Exploitation module and aI am in section: Bypassing CSRF Tokens via CORS Misconfigurations, im traying to do the lab here but no matter what i try, i cant get it to work, i know the vulnerability but the exployt just dosent seem to work and im pretty sure itsh the right exploit
Any help would be much appreciated

the header in the server response adds Access-Control-Allow-Origin: null and Access-Control-Allow-Credentials: true

therefore im using a sandboxed iframe

but no luck
also i have tried viewing the exploit on the exploitserver.htb and i can see the request it is making, so it works and its getting it done, but when delivering it to the victim, nothing happens

Doesn’t -A include that?

@plain hare Please take care not to post spoilers from modules above tier 0, like code etc. If you feel like you need to show more info you can ask to DM someone.

Ah, noted. Sorry

anyone having problems spawing targets

It is usually slow this time of night, peak hours

man that bar is huge as fuck

this feature would be appreciated if they do it.

I can targets to spawn but I cant run commands successfully.

in section 7 of getting started I'm told to run an nmap scan and find the version of the software running on port 8080 but when I run the commands nothing is happening. I've even opened the hint and put the same exact command the hint says to use but no response

what does your command output look like? can you ping the host?

Hello. Please can anyone help me with the advanced sql injection skill assessment? I am having a tough time for some days now trying to bypass the login

Issue resolved. On the mobile application it never specified it needed to use VPN while the previous module didn't need it

https://profile.hackthebox.com/

why does this not show boxes completed or anything just certifications and pro labs

seems lackluster for what is supposed to be a n overall profile

because boxes completed is kinda moot and would get overcrowded with people that have been on the platform forever and have hundreds of boxes under their belt. Also box completion isn't that much of a flex

but also that's not really related to academy modules maybe you meant to ask over in #general ?

Try brute forcing some sql auth bypass payload using burp?

That's what I have been doing for some days now. It stills giving wrong password with the admin user. Can I dm you?

Is anyone able to help me with DACL Attacks 1, specifically the 'AddMembers' section.

what's your question

actually ... i think i solved it.

is it ok if I dm you?

hi guys, how to download vpn for academy I can’t find 😭

In 2.0 UI the VPN download moved, it's available only in the interactive sections, you'll see it at the bottom just above where you spawn the target, from the Pwnbox tab click the VPN tab.

can someone help in the Hard machine, 3rd machine, in the footprinting module?

dm

sent, ty

Cheers everyone 🙂 Could someone briefly outline the relations between "Footprinting", "Attacking common services" and "attacking common applications" ? Is some kind of order recommended here? They are all Tier-2-modules but read fairly overlapping ^^"

I have fully completed information security foundations but I can't get badge two modules are like that, but I completed everything, what to do?

Footprinting ---> attacking common services ---> attacking common applications

maybe show the overview of your 100%-module that does NOT read "completed". It's odd that some modules read "100%" and some "completed" . Maybe 100% is not REALLY 100%?

thanks 🙂

can I reset module progress by any chance?

Is there a way to use Ligolo-ng in the Using CrackMapExec module’s Skill Assessment instead of the provided Chisel to access the environment? Scanning with nmap via proxychains is extremely slow due to the SOCKS proxy architecture, and Ligolo-ng's TUN interface would allow full-speed scanning without proxychains.

Anything you can do with chisel you can do with ligolo

True, but Chisel forces proxychains which turns nmap's sockets blocking - Ligolo's TUN interface bypasses that entirely, giving you native scan speeds. The scan is pretty slow.

lol wtf for me also the exact same modules are marked incomplete but 100%

It's a bug in the new UI, can't really do anything about it for now

So use ligolo, noone's stopping you...

Sure

That's the reason I asked since they've already provided us with the environment that's running chisel on the target machine.

You can use nxc to scan instead of nmap for the most part since you understand the skills assessment is for CME/nxc. Once you get to s certain point, you can upload an agent and execute it, just using netexec.

Hi everyone, the new UI in the academy is a bit strange, I can't find where can I download the ovpn file.

only the pwnbox option is here

Ive had this problem from the old ui aswell some modules you can download it and some of them you cant

I always went for the AD Module in CPTS for the section kerberoasting and always found the option to download it

I saw from previous messages, there are many people encountered an issue with Signature Wrapping Attack in SAML section. I wonder if anyone know the solution? cause' before SAML raider there is a RAW MODE which we can tick and get the payload working properly, but now it removed. I wonder if anyone know the solution for that?

I'm working on "Windows File Transfer Methods", Question 2. It says RDP to MS2 using the credentials on the page. I can ping the VM, nmap says 3389 is open but I am unable to connect via xfreerdp or remmina. Before I troubleshoot further, I am meant to be connecting via RDP, right?

^^ I can RDP from the attack box. My local Parrot OS cannot. Perhaps because it is running the latest OS. Should I find a fix, I'll post it for your reference.

What in the skin slayer is the new UI theme doing? I got these completed months ago.

I'm assumming you have the OpenVPN config running?

Yep. Nmap says the 3389 is open.

Is the Parrot OS bare metal or pwnbox?

I run VMware Workstation Pro. Not bare-metal. I can RDP using the HTB attack box (Pwnbox) - no issue. The attack box is running Parrot 6.4 and xfreerdp 2.10.0. I'm guessing it is a compatibilty issue.

That's likely the issue then; I am running bare metal on a disposable laptop for that reason.

Either use Pwnbox or find a expendable laptop laying around and install Parrot on it. The issue is likely NOT xfreerdp version but somewhere in the networks communication.

HTB Academy recently updated their UI and now copying code blocks into Obsidian is a mess — no language tag, broken formatting. Made a Chrome extension that solves this with a one-click hover button and right-click menu option, giving you a properly formatted Markdown code fence every time.
https://github.com/serenity646/HackTheBox-Markdown-Clipper

I installed rdesktop and it connects. I suggest others use this as well if you face a similar issue.

sudo apt install rdesktop
rdesktop -u htb-student -p 'password' 10.129.x.x

which command were you using with?

i just need a little help

actuaally i m stucked in Firewall Evasion Section

is there any write up or something else ?
https://academy.hackthebox.com/app/module/19/section/117

i am unable to understand well this section

?

Don't overthink things, sometimes a version scan reveals more information than you think

Nice Hint SIr

Our client wants to know if we can identify which operating system their provided machine is running on. Submit the OS name as the answer.

is it gonna work for the above quiz ?

.

That was the hint for the question

i got it

Thnx

can I switch to the old Academy somehow?

i miss the old format 2

dashboard panel was great

and why is the big "Congratulations Exam Passed!" the main dashboard? i dont care about my done certs, why would this be anyones main focus when logging in

thank you sir

yeah lmao exactly

idk

None of the logic makes much sense same with the overall profile

Not even hating bcuz it’s new

hey, i started the windows fundamentals skills assessment target, but its been spawning for the last ~15m anyone can reset this?

/feedback

Secure Coding 101 : Javascript , skills assessment, anyone with a hint on the /Patching task ?

i deofuscate vuln.js and patch de vulns but when I upload the file but I get errors.

who thought that this was a good idea for the UI? a bunch of unlabeled icons and a table of contents that takes up as much space as the entire old one while hiding most of the information?

i warned you about all of these issues exactly during the beta, and you didn't listen, so i'm no longer going to assume that private feedback will be taken under consideration anymore. this will affect my recommendations to other people going forward.

How do you guys make notes for the Documentation & Reporting module? I seem to find little to zero stuffs to include in my notes! All I am doing is read along the module

Make a report

I tried downloading the ovpn file from the kerberoasting section but it does not seem to work in the SQLMap Essentials module when I try to access the skills assessment.
any idea on how to fix this ? I have been struggling with this terrible update for about two days now and I can't progress.

┌──(unknown㉿kali)-[~/odat]
└─$ ./odat.py all -s 10.129.205.19
15:54:20 ERROR -: Impossible to load local configuration files in conf/ and to set driver_name: DPI-1047: Cannot locate a 64-bit Oracle Client library: "libclntsh.so: cannot open shared object file: No such file or directory". See https://cx-oracle.readthedocs.io/en/latest/user_guide/installation.html for help
Traceback (most recent call last):
File "/home/unknown/odat/./odat.py", line 798, in <module>
main()
~~~~^^
File "/home/unknown/odat/./odat.py", line 792, in main
logging.debug("Oracle Client Version: {0}".format(cx_Oracle.clientversion()))
~~~~~~~~~~~~~~~~~~~~~~~^^
cx_Oracle.DatabaseError: DPI-1047: Cannot locate a 64-bit Oracle Client library: "libclntsh.so: cannot open shared object file: No such file or directory". See https://cx-oracle.readthedocs.io/en/latest/user_guide/installation.html for help wtf

this has been a pain in the ass to download, pip was bugging out and i had to use the force command for it to work and now it still tells me something is missing

You don't need the VPN for the assessment, it's a public docker container.

any idea about my problem

did yall download the necessary oracle enumeration tools on a vm or just used pwnbox

start a virtual environment:

python3 -m venv venv

source it:

source /venv/bin/activate

then install it with:

git clone https://github.com/quentinhardy/odat.git cd odat/
git submodule init
git submodule update
wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-basic-linux.x64-21.12.0.0.0dbru.zip
unzip instantclient-basic-linux.x64-21.12.0.0.0dbru.zip
wget https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip
unzip instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip
export LD_LIBRARY_PATH=instantclient_21_12:$LD_LIBRARY_PATH
export PATH=$LD_LIBRARY_PATH:$PATH
pip3 install cx_Oracle
sudo apt-get install python3-scapy -y
pip3 install colorlog termcolor passlib python-libnmap
sudo apt-get install build-essential libgmp-dev -y
pip3 install pycryptodome
pip3 install pyasyncore```

btw i believe the reading addresses the shared library not found error

I’ll try it out thanks

oh, and the new UI breaks itself if it can't load google analytics?

how did this possibly pass QA?

This channel is for discussion about the modules, no one's going to see this to change things here. You should use /feedback for that.

i've already sent feedback

Then you can rest assure your concerns have been heard by the right people

cx_oracle

does not wanna be downloaded

error: subprocess-exited-with-error

× Getting requirements to build wheel did not run successfully.
│ exit code: 1
╰─> [20 lines of output]
Traceback (most recent call last):
File "/home/unknown/venv/lib/python3.13/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 389, in <module>
main()
~~~~^^
File "/home/unknown/venv/lib/python3.13/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 373, in main
json_out["return_val"] = hook(**hook_input["kwargs"])
~~~~^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/unknown/venv/lib/python3.13/site-packages/pip/_vendor/pyproject_hooks/_in_process/_in_process.py", line 143, in get_requires_for_build_wheel
return hook(config_settings)
File "/tmp/pip-build-env-e_jufslg/overlay/lib/python3.13/site-packages/setuptools/build_meta.py", line 333, in get_requires_for_build_wheel
return self._get_build_requires(config_settings, requirements=[])
~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/pip-build-env-e_jufslg/overlay/lib/python3.13/site-packages/setuptools/build_meta.py", line 301, in _get_build_requires
self.run_setup()
~~~~~~~~~~~~~~^^
File "/tmp/pip-build-env-e_jufslg/overlay/lib/python3.13/site-packages/setuptools/build_meta.py", line 317, in run_setup
exec(code, locals())
~~~~^^^^^^^^^^^^^^^^
File "<string>", line 6, in <module>
ModuleNotFoundError: No module named 'pkg_resources'
[end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed to build 'cx_Oracle' when getting requirements to build wheel

Been around 2hours, can't wrap up w this question What is the FQDN of the host where the last octet ends with "x.x.x.203"? IDONT UNDERSTAND

the hints dont help me guys

oh yeah i also couldn't get that

i've just been ignoring it until i'm done with the rest of the module

and dns scanning is so horrifically slow

That's what happened with the instructions I gave you?

yea

everything went fine

except this one

which doesnt let me run ./odat.py all -s 10.10.10.10 without it since it splurts out an error message about needing it

I have wasted like 4 hours trying to troubleshoot this shit

okay yeah i'm now done with the rest of the module and i'm weighing if it's worth redoing all the dns enumeration for this because it didn't work out the last two times i tried that...

i tried using different wordlists, but it takes so long to try everything i'm not sure when to give up

ohh i just found something interesting look here https://forum.hackthebox.com/t/what-is-the-fqdn-of-the-host-where-the-last-octet-ends-with-x-x-x-203-i-dont-know-what-do-anymore/273242/8

ah okay i was just about to try with paste -d '\n' /usr/share/seclists/Discovery/DNS/*.txt | awk '!$x[$0]++'

that's really a lot of overthinking for this question

this question is broken down into multiple steps:
step 1: Identify all the possible subdomains from a base dig
step 2: run a tool that checks something like second.sub.do.main

yes, but if only one list has the domain i want then it's an issue. how am i meant to figure out which list to use?

start small go big

don't exhaust large wordlists, instead start with smaller wordlists

okay

well that's why i was trying that

ls -lSr should list the wordlists in ascending size order

i figured interleaving all the wordlists while stripping out duplicates would yield okay results

the answer will be in the format of second.sub.do.main

since they're generally ordered by frequency, no?

no

that's not what I'm meaning by size

i'm meaning the literal filesize

i know what you meant

but no, different wordlist authors have different methods that they create their list in, some are frequency, some are alphabetical

is there any kind of documentation regarding purpose and methodology of each list?

no

or even where the list is from?

most lists are generally self-explanatory, and SecLists does a decent job of segregating the lists into their various types i.e. web enum, fuzzing, etc

SecLists is a repository that aggregates a bunch of different wordlists I don't think it has all the wordlists, but it definitely has the most popular ones

i had good luck with top1million until it didn't work for that last one. it's really unclear besides that one what each list is meant to be good for

and running them sequentially is likely to have duplicates

so that's roughly why i chose to try that method

i gave you a good idea on the kind of methodology to use for wordlist hunting

you won't always be able to use the same wordlist for everything, that's why this is there to throw people off from just copy/pasting the same wordlist throughout

i guess i'll have to research where they came from to better understand

you're overthinking this

you really are

they came from people doing enumeration and seeing hostnames and sub domain names from different locations

some of them are the super common ones (dev, mail, app, www ... etc ... etc

yeah that sort of context is completely missing from seclists

i'm not going to get good at this if my understanding of my tools is surface level

SecLists isn't a tool, perse, it's a resource. You don't necessarily need to fully understand where all the lists they gather from come from-- it's just a resource that can be utilized with tooling to speed things up

@jovial walrus Take care not to post content from modules above tier 0 please. The blacklisting section itself goes over how to find out which char isn't working.

I did go over the section

it explains how to do it

well I didnt get it right...?

re-read the section then

so whats the point of asking for help ?

it explicitly tellls you how to manually discover which char isn't working

I'm not going to spoonfeed you the answer

never asked u in particular

I gave you good guidance

fine then don't take my help

for characters that are not working it print invalid input
but this time it didnt print anything

I added a spoiler to my image, it wasnt necessarily from the content

yeah you're missing something pretty important

spoiler tag doesn't do anything

no posting content if you feel like you need to reveal more info you can ask someone to dm

I just checked, sorry, it's actually coverted in the "Interactive Identifying Filters" section

May I dm you?

re-read that section

Sure

not sure i understand the distinction, but i'd prefer to build a deep understanding of whatever i use

tools: commands you use to accomplish a task
resources: things you can use to either figure out a tool to use or use in combination with a tool, such as a wordlist, to get results

okay, i don't think commands are the only kind of tool but i can understand your ontology now

urgh I keep getting rate limited

To check for command injection is it necessary to give a newline operator before listing contents in a directory?

Think about the the command you're executing after the key/parameter name

try running that in your terminal and see why it doesn't work

if you have command injection you're essentially executing the command at the cli/terminal

does work here

you have a misunderstanding of how the webserver is executing the command

the webserver inputs the ping command for you, that's already done

so start with the 127.0.0.1

you need to try various things until it works, follow what i told you.. re-read the section i pointed out early it tells you EXACTLY how to find out what's wrong

if you followed that you would have figured it out by now

what you typed after the ping command didn't match up at all with what you put into the terminal

then think about how a webserver decodes that input into the terminal

hello - Im brazilian im sorry for a bad english
i started learning a basic commands for linux in module of linux fundamentals and a stoped in this exercise

Ask your question

https://imgur.com/a/t9FmlaM

i try using find with a filter size

best to say which section you're on too

section 9 - linux fundamentals

i solved question 2 and 3

what section is that

that's the module name, not the section name

Find Files and Directories

he said linux fundies

need the section name

section numbers don't mean anything really, as they don't ascend numerically in the url anyway

module 18 section 81

lol cmon

those numbers don't mean anything realistically

those are more backend numbers

that section is called "Find Files and Directories"

Did you try the locate command?

Read over the Locate section I believe it tells you how to find this

There's also a "find" command you can use

find is the expected command but there's NEI to tell where the issue lies

Find will probably work better

is it a simple syntax error, is it the classic case of not being connected to the target, is the man on the moon all out of cheese

i can filter a date with find ?

i connected with a vpn

running local vm

the section gives you an example command for just that

my page in this question just say off Vim and nano

?

nothing to do with vim or nano

just as a note, the -size command has you specify + for greater than and - for less than, so a filesize in the range of 5-10k would be -size +4k -size -11k

the question gives you a size range; smaller than 28k but larger than 25k

If I could DM someone for this would be amazing, super lost on it.

You can DM.

i do it but on my page there was nothing related to the exercise below

https://imgur.com/a/eY0M6St

is literaly my page and exercises

is anyone facing issue with "Intro to C2 Operations with Sliver: Probing the Surface"? The web application is not loading but the source code can be read

should be a heading titled 'find'

but it looks like your thing may be messed up, i suggest logging out and logging back in to see if that fixes it

looks like it's loading the page for the previous section > editing files

has been stuck loading for more than 10mins

I already solved the questions, but I do it to check.

worked, now have a examples to resolve the questions

https://imgur.com/a/k6CE3eS

No, not necessarily. A newline (%0a) is just one way to chain commands. You have multiple options depending on the context.

i just spend 1 hour in this exercise

kkkkk

how to upload pics here

like others

you can upload files by clicking plus sign at the left of your typing space and then clicking on upload a file

ah nice

oops

application of AI in InfoSec Section 14 Model Evaluation (Spam Detection) i am getting a File not found error.. can smeone help?

specify the complete path for the file ?

i am ask to copy and paste? not too sure where to get the file

connect via openpvpn, just go to that link mentioned at bottom and u can upload the joblib file there

thats how I did it

where do i get the file?

didnt u follow all the sections prior to this?

they taught how to create a model and get the corresponding joblib file

i fly through it asking copilot to explain the content to me like i am 5.. i think i have to redo the whole module lol

thats not how it works sadly

thanks for your help.. appreciate it

and claude is miles ahead for coding related tasks, use that instead..u will notice the difference

is it better than cursor?

never used it

can you send link of that claude? i wrote on google i see many options

by chaton?

.....

just go to claude.ai

i just downloaded it and tried it. it doesnt have system integration like cursor ai, it isnt as good

can anyone help me with
module: Attacking Web Applications with Ffuf
section: Skills Assessment - Web Fuzzing
question: 3
I've ran this scan on all of the sundomains but didnt get any results
ffuf -w "/home/kali/word lists/DirBuster-2007_directory-list-2.3-small.txt":FUZZ -u http://subdomain.1.1.1.1:PORT/FUZZ

use medium instead of small now

ok

Hey people, I don't use an adblocker at all, however, when I open the HTB academy website it immediately tells me to turn off adblocker, what is going on?

it's just automated. it doesn't detect. just ignore it.

Yeah you can try metasploit

Or burpsuite

same

Some browsers come with a built in ad-blocker

i turned off the shields in my brave, but still getting it

miss the old UI

is it just me or is xfreerdp not working on pwnbox i just get black screen it did load once https://academy.hackthebox.com/app/module/143/section/1421

For how long are you temporarily blocked? I refreshed a couple of times as the new design was not loading properly

Good news is that it's not for very long, bad news is that I just get ratelimited a few seconds after again

Oof. That Dacl II attacks skill assessment was nasty. Glad I survived the ordeal.
Question: in the new HTB UI where is the student transcript? Or has that been phased out/obsoleted?

u can find the student transcript in here

The "Streak" interface in the new design. It clearly states that I have not completed this weeks streak, however I have (with the good old UI). And the api call to the streaks interface says I have as well (image attached).

Does the streak interface not work at all, or does it operate with logic disparity? Such as the first day of week was Monday, but has now been set to Sunday?

Hello, I’m new here and I have a question. Service Scanning module the first question about Nmap on port 8080. I see tomcat but no version is showing. Any help greatly appreciated. I already tried -sV. I dont get what im doing wrong

dm please

hey guys

I got a question. In linux fundamentals, they asked to get the type of service of dconf.service

i ran systemctl show -p Type dconf.service and got this

systemctl --user cat dconf.service

ahh

why didn't the type command work?

I think you need a user to show that, at system level it doesn't exist

ohh

it's path is in the user directory

yes

Hi guys, I'm having some trouble with the module Attacking Common Applications > Attacking Thick Client applications. When I run the Restart-OracleService.exe at first, it works. But after I change the permisisions for the "Temp" folder as the lab says to, I run the .exe and I get an error message:

"Windows PowerShell terminated with the following error: The type initializer for 'System.Management.Automation.Runspaces.InitialSessionState' threw an exception."

Any help would be appreciated, thank you!

I cant seem to find where to download the VPN file for the academy in the new view can someone point me in the right direction please ?

If anyone has the same problem you have to go into another module and find the option where you spawn pwn box, there should be another tab for VPN if its not there try another page or module currently I got mine from https://academy.hackthebox.com/app/module/19/section/102

Anyone can help me with Advanced SQL Injections (Skills Assessment) second question? I used correctly lo_put to insert data but I have no permission to use lo_export. Someone help me or explain me how to write this data to file?

Yeah it only shows up in modules that have an interactive section now

Hi all,

For the AD ENumeration and ATtcks Bleeding Edge Vulnerabilities PetitPotam (MS-EFSRPC), Petipotam works but ntlmrelayx says "No route to host". How did you solve this, please?

Ensure you can reach the internal network

um actually, both failed see the: ERROR_BAD_NETPATH

I tried to ping the DC and it was successful. I will try again

I will try again. Have just done it the same way it was done in the lab. The other two attacks in that section worked for me but not Petipotam

I am having the same problem if anyone can help. I've used my privs to get access to the right group and machine, but haven't been able to move forward. there's something im missing ...

Has anyone completed DACL1 and can help with Q3 of the Skills Assessment?

I have a question regarding the module progress display on the new dashboard. (I apologize if this is not the right place to ask.)

Some modules are showing as "100% (In Progress)" instead of "Completed," despite the fact that I’ve finished all the exercises (all marked green) and clicked the "Finish" on the last page. I would like to know the difference between these two states.

That seems to be a bug. I have already reported it to support and they wrote back saying that they are aware of the problem and are working on it.

Thank you for your quick response.🙇

good morning everyone

Hey, I'm on File Inclusion module- Log poisoning;
Currently doing RCE via Apache Logs to execute "pwd". Problem is the output is too long and i can't figure out how do i filter it.
Need some help pls.

Solved

Morning I'm quite new to hack the box and got cyber security cousera, working on boot dev and well hope we can be friends and help me within the community.

why is it like this, that after i finish the module, i cant view it? those that marked completed are not clickable anymore

It's best to ask support. The new UI has a few bugs.

hope we get the fix of the new UI before GTA 6

Use the magnifying glass in the top right corner and search for the module. On the home page of the module there is a revisit module button

Hi guys, that one maybe can be a stupid questions, during the academy modules studying im forced to use the pwnbox where its not possibile see the VPN tab to connect my own Vsystem?
Or i can just connect anyway my Vsystem to the academy VPN i already have downloaded and ping/scan the target spawned?
Or also i can without using the VPN cause its an exposed dedicated istance? Was thinking about that cause the ip of the target is 154.57.164.82

For some reason the windows fundamental module says its still in progress when I completed it weeks ago

Its at 100%

same

how can i enter as user3?

Are you still having issues with this?

https://academy.hackthebox.com/app/module/221/section/2392

Android application Static Analysis
there is no apk file that i will use to answer question

hello everyone

i have a question

click on all next page buttons from section one to until end

I am solving
Skills Assessment - Broken Authentication and i get the username and password

can i brute-force OTP?

guys there is key for user3

how can I conned to the target

i need password

i solved it

linux priv esc
elevated and got flag.txt but its not working
Enumerate the Linux environment and look for interesting files that might contain sensitive data. Submit the flag as the answer.
https://academy.hackthebox.com/app/module/51/section/1592

I have a question related to NTLM Relaying SA, who can I pm ?

You can send me a DM.

Didn't work

anyone??

has Gold annual subscription two exam voucher now ??

academy having issues?

I am having issues to access it

app.hackthebox works fine.. just academy not

good to know

just very slow

Yeah one for CJSA and one for any other cert

Can barely load anything as well on Academy, Enterprise side will load no modules at all it's been trying to load for about an hour :[

same , the "start learning" button in academy hangs

come on revert this last UI update already

I'm having difficulty loading Academy, it's awfully slow...

swear to god, none of this happened this often before academy V2

it still happened, we're all super sensitive now because of change.

hi does anybody also having an issue accessing the academy platform?

V2 is just poor

yeah can't get to anything at all atm

I hope they would add an option to which Academy UI to use.

Yeah they might now be discovering load issues after switching everyone over. Hopefully it will get smoother as time passes

I miss the feature of the previous version where I could click the module and just open it in the new tab :<

anyone running into issues with the academy web app ?

Yeah

Yeah, I asked in the general also, it's down

Can't proceed to the module itself

yep same here

Why is there no search function on enterprise

Everyone is facing Academy issues, too, right?

yes

I was about to say

ask*

Time to touch grass 🙁

insane suggestion

I just sat down after being busy all day haha

I thought it was my ISP acting up again

im just going to sit here and refresh for hours until it comes back

haha same, I was switching IPs

tried in different browser and somehow got page loaded

weird

Was about to blame mg ISP lol.

Well, it's midnight from where I'm at ... So, Imma go to touch something instead 👀