#modules

@rustic sage you still have a space/new line character there - rendered as a space between admin and !. I was stuck with other challenges already when using https://www.base64encode.org/, where I had to click on Perform URL safe encoding. The best is to use || $ echo "admin" | base64 || to get the proper value.

Or you can use burpsuite decoder tab

Thanks to all of you guys helping me to understand the part where I was stuck. Now it is passed. Cheers !

Hey, I'm doing the Windows Fundementals module rn and I'm on the first assignment thing. It's asking me to connect to the windows machine with the command xfreerdp /v:10.129.3.198 /u:htb-student, but when I do that, it asks me for a password...

oh I see it now... nvm

I passed that if you need any help you may DM-me @pseudo basin

I'm having some trouble connecting to the rpd through the vm. I tried both in my kali and in the parrotos that is there by default. It always says that the connection failed. I did get it to open one time but it crashed like 2 min after

if doing it from own vm are you using the vpn?

I tried doing it from my own kali VM with a vpn, and I tried from the htb parrotOS

it worked before idk why its not working now

also, the parrotOS is increadibly laggy. Is there anyway to speed it up?

i think they are currently eu based for this - whereabouts are you?

also were you using the specific vpn for that module? not the normal htb vpn pack

I'll try using a vpn tho, I think I might've been connected to Canada when it worked

no... nothing is working

I tried to vpn into the uk, I restarted the parrtOS and the ratget IP but it's still not working. It also didn't work in my kali

Where are information about how you earn cubes? I got 30 without buying, is it something everyone get in beginning and then you need to buy to get more? Or are there other ways to get cubes?

upon signing up you get 30 cubes. As of now the only way to get cubes is by buying them. However completing courses rewards you with cubes back (e.g. the tier 0 will cost you 10 cubes, but reward you with 10 cubes for completing them)

I dunno How I typed that. Sorry

Haha. Its ok. I do that all the time on mobile

I'm not on mobile..lol I am leaning over one laptop to work on another, which is running 2 VMs..

Yo, currently doing web requests module. At the "POST Method" , I have tried to enter admin:password and keep getting login failed. reset the target 4-5 times and still getting same "login failed" I can intercept but cant get any futher as it wont let me get cookies . any help would be appreciated man

you have to login with guest:guest

and then escalate to admin somehow 😉

yeah , got it think im getting close 😄

haha thanks

cool

I solved that one last night

i should read stuff more clearly then ask for help 😄

lol

dude Philo i was the same last night. once it finally hit me what i was doing wrong....face palm

This saved me just now... I was getting super frustrated and feel so much better now that I know it's intended to be that way. lol

hey can I get some help on the Windows Services & Processes section?

I am trying to find the non-standard service running on the host, but there are way too many services and I've looked for a while

How do I know if it's non-standard?

Found it. Not sure why it was that one tho...

can you dm me reasons Nokline - will pass it on to the team to see if something needs clarifying

I know birb has done that module

hey boys! I just finished the registration process and I'd like to note the link the bot gives doesn't work if you don't switch to classic

Jesus are there really 4k people in this?

In what?

and then escalate to admin somehow 😉
@tough fjord wait what? That's great on actual htb boxes, but on a basic module on web requests, I would expect the example to behave as the description says it should.

the module gives you all the info you need

to apply to that exercise

I completed it the other night

I will look around. 🙂 Just found it a bit puzzling because I wasn't expecting it.

yeah. the aim is to get you thinking about what was covered, and then applying it.

But that's also a good lesson.

if you need any more help shoot me a dm. But try to explore it a bit and don't over think it

it's not as hard you think it might be

Even if it was, I like banging my head on the wall a bit to learn.

me too 😄

sticks in the memory better

I would just suggest some kind of disclaimer on that page, to make it somewhat expected that something may require some extra work.

Otherwise it's likely to generate an inflow of "hey something is broken" requests for the foreseeable future.

thanks for the feedback - the team do monitor these things and we pass recurring items on around clarity etc.

Hello, may i ask a question about executing exploits over ssh tunnels

which module from the academy is that in? If it's a generic question try in #general

Ok this is actually why i asked, wasn't sure if this is the right place, i'll go head over there thanks

no problem

doing the PUT mod on web requests now , getting the OPTIONS and its working fine ... but then when I PUT /hello.txt .. im getting 500 internal server error.. anyone help ?

are you giving it the data it needs as well?

How do I submit the flag correct when it says "key=DECODED_KEY"?

Tried "key=actualdecodedkey", tried "actualkey=actualdecodedkey", tried HTB{actualdecodedkey}

@cobalt trench which module & section?

JavaScript Deobfuscation within decoding (page 9)

I have tried 7h15_....... etc

and also the B64 encoded value of that string

JavaScript Deobfuscation within decoding (page 9)
@feral ferry
solved

do I need a new account for academy ?

I can't just log in with my htb account

@rustic sage yes you have to create a new account

very silly

but ok

Htb academy is like tryhackme

0auth for HTB is sites is coming at some point. Just not hear yet. @rustic sage

whats better?

whats better?
@pseudo basin same question

honestly either way I'm sticking with HTB cause I dont wanna switch to a diff platform

Well this is the HTB server... What do you think our answer to that question is? 🙃

i don't understand the question

lmao

@hard epoch Where is that from?

I think I answered that but looking at it now it is kinda confusing lol

@urban sage Learning Process modules

The whole cubes thing is really complex, can’t there be a monthly cost

@full vigil have you worked through any of the modules yet?

No I have not

I just hope I have enough money to pay for it

Need to check the cost out

@hard epoch

now this makes a lot more sense lmao

Everyone has a certain amount of access free. All of the tier0 modules. I’d like to hear your feedback after you’ve tried it out. These modules go quite in depth with accompanying machines and labs

Everyone has a certain amount of access free. All of the tier0 modules. I’d like to hear your feedback after you’ve tried it out. These modules go quite in depth with accompanying machines and labs
@blissful verge oh, okay

Sure

thanks @drifting knoll @rustic sage i solved it

dunno if this'd be the place for it... but I went to sign up on Academy and it's complaining about my name having "illegal characters". My name is João. It's 2020. Srsly?

Will pass it on - but i know sometimes depending on how it is done sometimes it gets flagged as zalgo rather than a standard character

I will pass it on to the team

thanks @tough fjord !

@feral ferry
solved
@drifting knoll how to send the flag??

7h1.......

@cobalt trench read the question carefully

I'm doing s****=7h1********

ay got it

@drifting knoll thanks

you're welcome

can anyone give me a hint (web request module - POST Method) ?

anyone able to assist on the web request got a question

its about the GET request part

HOLY SHIT I DID IT NEVER MIND

but can someone message me i still have a question

@rustic sage whats up?

And well done @spare crane whats the question?

@tough fjord I read the chapter 5 times and worked trough but still not getting admin access. the hint "cookies" did not helped me , can you give me another hint

Did you inspect the cookie? Decode it? See what it is etc?

yes, I did decode it. I dont know what I should do with it

Dm

wow, no available instances for now

how many instance does it support? 😄 does anyone knows?

anyone else had problems on the LFI module?

I'm using the command given in the tutorial but I get an error in the log file

don't know if I'm being stupid of if it's not working for some reason

@green mason whats up?

fine Alhamdulillah, guessed the answer without running the instance

unable to launch instances?

yes

let me check with the team

ok, thanks

anyone else had problems on the LFI module?
@rustic sage i haven't solved the module, but did you provide the cmd param?

I just used the command in the first image

didn't define anything before

other website show the same command

but it just gives error messages in the log file

so isn't it obvious?

system function is not taking any param in your case

you should add cmd parameter into url

but I'm providing a param

I'm using user agent

I just used the command in the first image
didn't define anything before
@rustic sage it is what you have said 😄

you are not providing the cmd param

you create the webshell but never feed it a command

need to be like that

AAAAAAAAAH

Getting into spoiler territory

i wasn't know that

yeah sorry

removed

no problem dude

I didnt see that the param was provided in the url

if you don't know about web requests i advice you to have a look on it.

it was only us who saw it

there is a web requests module as well which covers things like that

yeah I did that

looks like I'll do it again

lol

I just didn't understand that the injected php code interacts with the url

thought it would be standalone

my bad

yeah. Have a read up about log poisoning attacks

yeah

I'll look into it

thanks a lot guys

I understand now that I can pass parameters with a get request to the php script

but I feel like it's thought around the corner isn't it? I can just put whatever I need directly into the php code without using a variable

if you created suitable php code

it's just a question of "do I want to inject php code again and again or use the paramter"

well the code will persist - it has been added to the log file you are calling

so you only need to enter it once. Then you can just keep using the param in future requests for whatever you want to do

Yeah that's true. Probably that way is more "silent"

depends on who is monitoring

hello can anyone give me a hint for the last quiz of LFI module. I tried everything and i stucked a little.

@past scaffold dm

wow, learning process was hard than i thought

wow, learning process was hard than i thought
@green mason i think the same, but without solid bases don’t will be successful i think

Im soo noob in it. But i want to learn and progress correctly

Sooo I have the flag for Web Requests POST, but it's not being accepted as the proper flag. Any tips?

The page literally reads as "The flag is *******************"

FFS

The last character is not part of the flag.....

Isnt the last character a punctuation mark?

I'm looking at file inclusion, and it tells me "When following along, swap the IP address and port in the URL to match your spawned Docker instance." and I don't see where the IP and post are to connect to the target web page.
Any suggestions?

i don't understand the question for Learning Progress .-.

can someone pm me i need help with web requests

I got my issue figured

Isnt the last character a punctuation mark?
@tough fjord Yeah, but I had been working for about 11 hours prior to getting on and had a massive brain fart on that one.

i don't understand the question for Learning Progress .-.
@unborn pond easy game easy challenge

think simple inshaAllah

@green mason i legit don't understand what it wants from me. it says what's the difference i put in the differnece but still wrong

😄

the difference

only the difference

find the difference own yourself

i am sure 7 year old people can do that 😄

nice

it is a hint

not a humiliation

just more confused.. xD

you don't need text @unborn pond

is it enough now?

i know :p

nah still can't

#774038216239349820 message

@unborn pond

Hi guys, I'm new here and noob!. I've been trying the "Web Requests" module and I'm stuck to "POST Method" section. I tried Burb and also curl, getting the cookies but none is accepted as correct answer. BTW, I have finished the next sections and this is the only left! Any hints please? Thanks in advance!

Have you examined the cookie?

For some reason I'm not getting a "PHPSESSID" but "auth". Is this the problem?

That doesnt sound right

Sure you are going against the right target

Yes, target as shown above the Questions

same problem with the POST

and the hint is very poor

what is the problem with the flag?

hello, i just finished the learning progress path in HTB Academy but there is a problem with the last question i can't find the answer, can any one help me here?

Look at the maths sum

Its the literal difference between them

yeah i know but i can't know what should the answer look like

37.6 or whatever it is. Minus 1

i am stucked a little in LFI last quiz any help will be appreciated.

I just want to know if anyone completed the "POST Methods" section in "Web Requests" module and I will keep trying....

I just want to know if anyone completed the "POST Methods" section in "Web Requests" module and I will keep trying....
@tulip minnow yeah mate , I completed it

Took me a while , and I was over complicating it a lot as-well!

@tulip minnow i completed it a few days ago

don't you need to do something with the ||cookies|| on POST? any hints?

Yeah , maby find out what the cookie translates to ?

i can change it...

but it doesn't matter much

it just || says something different||

Thank you guys.. I will keep trying

@tulip minnow so the POST work?

Broski

@tulip minnow I have the same problem

Idk how to solve it wth

so whats the point of the academy if the lesson doesn't actually teach you how to do the practical, is this once again one of those, oh yeah you have to figure it out by yourself thats how you learn things? cant see people paying for that

the first fundamental lesson goes on about session cookies, but then the server doesn't send one, no doubt you have to do something to decode / encode the cookie that is sent and change the payload, if thats the case why doesn't the lesson talk about that?

Nvm

@tulip minnow I got it @rustic sage @tough fjord It isn't about a number I don't think

I didn't understand what it was asking...

Oh wait nvm @tough fjord

@tulip minnow Here is a hint: You see that the page says welcome guest_"etc"! right. So you basically have to get it to say welcome admin! ||The cookie plays a role in changing the text. The current guest:guest cookie is encrypted in some way as to encrypt the guest_etc part of the welcome guest_etc! text into the cookie...||

even if i change it to say admin nothing changes

It does

Yea you have to use burp

Try using repeater with the new cookie

i used zap ...

And I think that may be an unnecessary space

Can you get it without the space? ||Im not sure maybe you did something wrong with the encryption and decryption part...||

@faint geyser how are you supposed to know what to encode the payload part of the cookie to? this is what im saying they dont discuss any of this in the lesson, you can change the username, but how do you know what to change the code to?

I knew this from before, but in burp there is a section called decoder where you can decode and encode text...

Another hint (spoiler, seriously don't look without trying:)): ||try to figure out what kind of encryption is being used to convert the guest_etc text on the page to the cookie... Then use this encryption type to encrypt the word admin.||

yeah pressing smart decode does nothing, i normally use cyber chef, but its not getting anything other than getting the suername from it

does it only work on burp?

Ok then try this. Add the cookie into decoder and figure out which decrypt type changes the cookie into the text on the page the "guest_etc" text.

@rustic sage I doubt it, but burp has this functionality

i mean the intercept part

after you got the cookie

No use repeater to send a get request with the cookie

You can also use curl

Basically you are sending a get request with the new cookie

@faint geyser i already know how its encoded, what im asying is changing it to say admin_whatever on the page doesn't get me a flag

i give up, this is broken, not working with curl or zap or browser

Welcome, admin_||917cec9798d1030d3d3c7.!||

obviously you can change any of that to whatever you want, so im not sure where the flag is

No dude

@rustic sage relax youll get it

i tried, admin, Admin, ADMIN..nothing

can someone just say if once you get it right there is a thing that says the flag is [whatever] and not just you have to stick whatever cookie you come up with in the submit box?

you probably have a newline character in ur code

@rustic sage

ffs it was missing the final char, thought it was useless

ok got it

Did u get it @unkempt geyser ?

really if they want people to pay for this they really need to teach you how to do the practicals in the lesson. If you had never done anything like this before there is zero chance you would get past these early lessons

@faint geyser yeah

They did state that the cookies are encoded in base64 for some login forms which was kind of a clue

What was the problem @unkempt geyser ?

without giving it away i was having problems with the payload after the username

Oh

i was overthinking it

i was trying to figure how it was encoded....

So it's just base64 decode then change guest for admin encode base64 and resend?

|| yes ||

Im confused on the next section

The put and delete methods one

I generate a request with a custom file I created but every time I get a 500 internal server error

nvm

got it lol

in the PUT and Delete methods section I've created the file and requested it several times but don't see a flag. I tried it with curl and burp. any suggestions?

@summer vigil ||try creating a new file named flag1.php instead of flag.php. using GET for flag.php ended up returning nothing for me.||

Can anyone help with the windows fundamentals please? I'm trying to find the non-standard update service running? I've looked at Task Manager process & services and Get-Service in powershell and have a huge list of services and no idea which one the non-standard one is! Any help would be appreciated

anyone can help with web request get methode?
i just try it with multiple param value "&" but doesnt still show anything

The values you give to num1 and num2 have to add up to 1337

anyone able to help me with the post req portion got a question

The values you give to num1 and num2 have to add up to 1337
@tough fjord like this?

anyone can help with web request get methode?
i just try it with multiple param value "&" but doesnt still show anything
@quasi bloom consider putting the parameters in the URL

@tough fjord like this?
@quasi bloom It doesn't say they are equal...

@quasi bloom why are you using port_code? It tells you to use num1 and num2 as params

oohh i get it ! thank u @tough fjord @tulip minnow

need some help with post req plz dm

why am i not getting cookie anymore for this post shit

asdfklashjdlfahsdfjshdf

How do I submit the flag correct when it says "key=DECODED_KEY"?
@cobalt trench im stuck here as well, getting the same encoded string back even with that. did you solve this?

im hjaving an actualy problem with the post req box can a mod pm me

@cobalt trench im stuck here as well, getting the same encoded string back even with that. did you solve this?
@tawdry ermine I've done it

im not getting a phpsessionid im gettingh auth- is that normal?

disregard

i am the dumb

figuresd it out

Havin some issues with the cat command on the put file if anyone can assist.

Hey I've been doing the Windows Fundementals course rn and I'm taking a lot of notes, however there is so much information there that there is no possible way for me to remember everything... What are some of the most important things from there that I should know? I will be studying everything there anyway, but I want to know what I should be paying most of my attention to

It is a little bit overwhelming I have to say...

Is there anything specific that is good to remember?

that is used a lot or is very important to know

I think the most important thing is to practice and powershell is good to know

Knowing the fundamentals of Windows is important

Its going to underpin anything else you do with Windows

I am stuck on the POST request exercise, trying to login with the admin credentials, but it keeps telling me that the credentials are wrong.. I don't get it 🤔

Login as guest/guest

Then escalate to admin using what they hint at

Oh, ok! So I am not supposed to try to login directly via admin:password credentials? I guess I didn't understand the exercise

It does say login and escalate to admin and gives you the guest credentials iirc

Try not to overthink this bit. 🙂

True, but at the very beginning it also says to try and login with admin credentials, and I couldn't.. That's why I got confused :/

Ah i think that bit is referring to a different target than the exercise one

Try not to overthink this bit. 🙂
@tough fjord That's always been my weakness, I tend to overthink whenever I am not drunk haha

Hahaha

I finally managed, but it honestly wasn't as easy to understand what the exercise wanted me to achieve.. I imagined that "getting to admin" meant something completely different.. Oh well..

Gin always helps I guess 😄

The PUT and DELETE was easier, yet for some reason I could not delete the file after creating it.. Not sure why :/

I had a hard time deleting also
Just reset box

Do you have to use their window terminal to complete the modules, can you use your own machine?

Hi all, for the file inclusion / Directory traversal, it says:

tart Burp Suite, intercept a request to the page, and send it to Repeater. 

However, I've never used burp suite. Is there some tutorial on how to achieve this?

start burp

make sure the browser will fo thru burp

via 127.0.0.1:8080

set intercept on

load the page so burp will intercept it

right click that request that burp intercepted and click send to repeater

make sure the browser will fo thru burp
via 127.0.0.1:8080

Do you mean that I set the target in the Repeatert ab to 127.0.0.1:8080, and not the IP of the target machine?

no

https://portswigger.net/burp/documentation/desktop/getting-started/proxy-setup/browser

this is correct, no?

I have my intercept button on, however when I navigate to the target IP with a logfile parameter in the URL, the intercept tab shows nothing. Can anyone help me further?

I'm pretty much stuck here, and I can't figure out why burp isn't intercepting the website when I refresh the page, or when I navigate towards it.

Anyone has an idea what I'm doing wrong, and how to correct it?

Try:
Click >> Options >> set Title "Burp" >> Save

Burp

then, navigate to the following address: http://localhost:8080 and install the CA Certificate.
move over to the settings menu in Firefox. Search for 'Certificates' in the search bar >> view certificates >> import

How can I get more cubes?
Is there any way to get more without paying?

@earnest rover the web requests module gives a quick overview of burpsuite

How can I get more cubes?
Is there any way to get more without paying?
@faint geyser As far as I understood it, the only other way to get cubes (other than completing modules) is to pay.. It's not much money, and I'd say it's worth it

[Web Requests - curl]
Gang, quick check, am I supposed to actually use
"curl http://inlanefreight.com"
Or am I supposed to spin up one of the previous target and use that IP address instead? Because using the URL with curl results in this for me, as i t goes out on internet to resolve the domain, while in the module it resolves it to a local IP address..

@vocal lake the exercises have you spin up a target to complete them against

Not in the curl one, cause there is no "exercise" per se..
But since I want to practice everything I'm learning, I am spinning up previous targets to go along with the curl module 🙂

Curl is just web requests module isnt it?

suggestion to improve the wording of the following question in Web Requests:

Original:

What is the method used while intercepting the request? (case-sensitive)

Proposed:

What is the HTTP method used while intercepting the request? (case-sensitive)

without specifying HTTP, the question is too vague - one can try all kinds of things such as MITM, HTTP downgrade, etc etc

Thanks CawCaw. Will pass it on

{
Module: "Windows Fundemantals",
Content: "winlogon.exe": "Responsible for handling the secure attention sequence, loading a user profile on logon, and locking the computer when a screensaver is running.",
Question: "What does that mean 'locking the computer when a screensaver is running'?"
}

Hi, I'm doing the web fundamentals module, and the example says that the burp intercept should look like this:

But mine looks like this:

are there some parameters which I've missed? I've done everything according to the walkthrough, also put all settings on according to the walkthrough, but I can't get the respondse as in the examples of the module.

you are getting only requests but not the responses

I've put the server responses on in the options.

hmm

so you can see that content type should be text to intercept the response

text/html

could work

if I edit the condition to text/html it doesn't change the intercept tab when I foreward the request.

But this means I also can't answer the question because I can't see/get a server response to see which version of apache my target is running on.

So I'm pretty much stuck at this point.

you can send your request to repeater

then you can see the response in there @earnest rover

how do I send my request to the repeater?

action->send to repeater

or just copy the request and paste it to repeater

ah, sweet. I can indeed see the apache version. Thanks, atleast I can continue.

However, this doens't change the fact that I didn't actually perform the task as intended. Do you per chance know what I did wrong? Settings misconfig?

if you did change the content type to text/html and the response you get includes content type as text/html, i don't know what else you can do

but i have solved 72 labs using burp and i have never felt a need to get the response in intercept page

it is bad to get the response every time

when i need it i send it to repeater

that's all inshaAllah

Hm, fair enough. I just want to do it correctly though, for the learning sake. But thanks for the feedback.

yeah, i understand you, np 😄

yw

{
Module: "Windows Fundemantals",
Content: "winlogon.exe": "Responsible for handling the secure attention sequence, loading a user profile on logon, and locking the computer when a screensaver is running.",
Question: "What does that mean 'locking the computer when a screensaver is running'?"
}

@green mason any idea?

@green mason https://docs.microsoft.com/en-us/windows/win32/secauthn/responsibilities-of-winlogon

could i ask something about a powershell command? @blissful verge

Ya, shoot me a dm

Dont know if its a problem only to me, but in the windows fundamentals course, the windows machine taskbar is low enough to be not visible

and i change it to the right sight so that i can see it

if its a problem for other people too maybe there must be a fix for this

Hi All.

I'm currently stuck on Web Requests, I don;t seem to have a connection to the target machine, keep getting failed to connect error on firefox.

Burp is enabled on firefox and I've completed the first part of intercept and get the request to display in Burp. When I click on Forward thats when I get the failed to connecto to 206.189.25.23:30147 message. Can anyone help? Thanks

Is intercept on in Burp?

Yep, Intercept enabled in proxy options with the firefox extension also enabled.

Refreshed the browser?

I get the first part of the intercept, code shows in the Raw display. When I click on Forward to forward the request to the target I get the error message.

What part are you on?

Yep, refreshed the browser, port 30147.

Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337?

You can DM if you'll like so we're not flooding the chat channel.

I'm really struggling with "Create a file named "flag.php" with contents "<?=cat /flag.txt;?>" and request it to get the flag." on the Web Requests module, anyone free to help me out?

@rustic sage feel free to DM me

can someone who has completed the " Windows Fundamentals" give me a DM please 😄

Has anyone here completed the post web requests challenge? quick question

I have, feel free to dm

cool ty

anyone help with windows fundamentals mod ? surely someone ?

Which section?

"windows Security"

Havent done that one yet

lol, yeah I thought this module was plain sailing till i got to this part

@green mason https://docs.microsoft.com/en-us/windows/win32/secauthn/responsibilities-of-winlogon
@blissful verge thanks

Hi. I'm trying to follow along with the Web Requests - GET Method. I've spawned the target machine and opened up FireFox on My Workstation. When I type http://inlanefreight.com/ it redirects the browser to https://inlanefreight.com/ and doesn't open the authentication page.

This is before I've enabled Burp to capture traffic, I can't see what I'm doing wrong on something so simple 🙂

@wild beacon because you have to navigate to your spawned target

the inlanefreight.com is just an example in this case

Ok, thanks.

Hi, I've a question regarding the web requests: I've managed to get to website of the dashboard.php, with the admin panel. However, I'm not sure what the answer to the question should be? As in, the question is:

Login with the credentials guest/guest and try to get to admin. 

Which I think I've done? I assume some answer in the form of "Goodjob! flag is : XXXXXXX" should be shown but isn't.
Could anyone point out where I am wrong?

if you've escalated to admin it will spit out a flag on the page similar to what you say

Yeah, I figured it out. Was a bit of a puzzle, but I got it eventually.

good stuff

I have same problem of CroqDog

I have escalated to admin and i get the flag but isn't correct.. what i am wrong?

Same problem here, I did the same thing and I took everything. The problem is that I don't understand which is the answer. Any help?

Solved!

Hi, it's a little late I know, but is there anyone who can offer some hints for Web Requests - POST Method? I'm getting all the way through the walkthrough to the end and get the welcome message on the admin panel but the answer detail isn't accepted.

One thing I did note is the cookie for me was set as Auth= instead of PHPSESSID= don;t know if this should make a difference?

I've just solved: just follow literally what the question is telling you

Ok, sounds like I may be over thinking things. Brain is burnt out so I'm going to sleep on it and try again tomorrow, I know it's possible 🙂

i got the same issue

except rereading the question 20 times didnt work

"get to admin" what?

i still dont get it

In Web Requests module POST and DELETE methods section I've been trying to get this last flag to complete the module but nothing is working for me. I create a file, put the contents in it and upload it, and then request it. The only thing I ever get back is cat /flag.txt. I get the same with curl and burp. I got a suggestion a couple days ago that I tried with no luck. Just curious if anyone else had the same issue? Any tips? Thanks for any help.

that suggests that the cat command is not being run on the system

did you enclose it apostophes (') instead of backticks (`)?

aside: typo in Advanced Obfuscation: **remanence ** -> remnants

^ two occurrences on the page

the text in Rot13 Decode is incomplete:

There isn't a specific command to

In Web Requests module POST and DELETE methods section I've been trying to get this last flag to complete the module but nothing is working for me. I create a file, put the contents in it and upload it, and then request it. The only thing I ever get back is cat /flag.txt. I get the same with curl and burp. I got a suggestion a couple days ago that I tried with no luck. Just curious if anyone else had the same issue? Any tips? Thanks for any help.
@summer vigil same issue

replaced the apostrophes with backticks and same thing

Ah, wow, I can't believe I missed that. Thank you!

did it work for you?

It did

XD its still not working for me

nvm

i made flag1.php

saw a hint from earlier and the new doc worked

Nice. Glad it worked.

🙂

🙂

ty cawcaw

i need help with POST Method for the guest:guest

nvm i did it

I keep getting stuck in the web request POST method questions. I did everything as explained in the section but instead of PHPSESSID= <cookie> in the Set-cookie header, it said Auth= <cookie>. Does this mean anything? because I tried using that cookie as the answer too, but it turned out to be wrong. So someone please help me out

You probably noticed ||The cookie changes each time||

You can dm me if you need to @shy flower

im having trouble with the JavaScript Deobfuscation module

ive decode the message but the post request doesnt work

I have tried everything I can think of to get the POST method section of web requests to work. I finished the rest of the module and have come back several times. Would someone please DM and help me out?

whats up?

im at the step when you have to decode the string that you get sent in the post request and post it back i decode it but it wont post back

I have tried everything I can think of to get the POST method section of web requests to work. I finished the rest of the module and have come back several times. Would someone please DM and help me out?
@hot swallow i can DM

stuck on the following question on Windows Fundamentals:

Use WMI to find the serial number of the system.

got the serial || VMware-42 39 99 [...]||, but answer doesn't seem to be accepted

what am i missing?

even though it was discussed several times, I also have some issues with the POST guest:guest login thing. I also got the auth cookie thing and I understand what it is, I also tried to change it and convert it back but still have not the results I'm looking for. Maybe someone has another hint for me? Feel free to DM me

Nevermind, I found it -.-

Lol I invested way too much time on POST

really wondering how much hard the web requests module is

%68 of the questions are related to web

its not hard its just BS imo

not as direct as it should be

takes guessing syntax

most ppl asking for hints already understand how to do it but dont know what to type

I didnt think there was any guessing there

It was pretty straightforward

The module assumes you know what youre looking at

And also assumes you know what to do with it

Should've had a section before the last flag to explain things more

But it explains those things

lol, yeah I thought this module was plain sailing till i got to this part
@cobalt nest idk that part also seems easy(security one)

even though it was discussed several times, I also have some issues with the POST guest:guest login thing. I also got the auth cookie thing and I understand what it is, I also tried to change it and convert it back but still have not the results I'm looking for. Maybe someone has another hint for me? Feel free to DM me
@upper lake Yeah I've been smashing my head on this one for a little bit.

Hi all, Im doing the windows fundamentals and I need to find a non-standard update service. Do I need to find this using the task manager, or how should I approach this. I've read through the module, and I assume I need to use Process Explorer, but I can't download that on my remote desktop. Could anyone push me in the right direction for this one?

@earnest rover how can you detect an update service?

You mean in the task manager, or in general?

in general

In the task manger under processes? I can't find how to find update service in specific

The hint says to use powershell, so I assume I need to use the command Get-Service, and find the non-standard update services from that.

I've tried using powershell command Get-Service, but I can't get any matches.

findstr can be used in place of grep in batch if you pipe it into the command. i just found that out

Anyone who can give a hint with "What non-standard application is running under the current user ? (The answer is case sensitive)." under the Windows Security segment under the Windows Fundamentals module?

you can run a search for running services in powershell and use findstr to narrow. thats not how i did it but i did it the "wrong" way 👀

Where can I find an example of how findstr works greping the outcome of Get-Service with -like isn't working for me. So I'm kinda stuck.

by nonstandard it just means one that isnt a default microsoft service

i referenced the module screenshot

it shows you how to list the running services

by nonstandard it just means one that isnt a default microsoft service

how can you identify this from Get-Services?

i think you just have to be able to tell whats not from microsoft

and is also a running update service

Yes but for example:
how can I know if this is from microsoft or not?

well its not an update service

where can I see that>?

in the name...

i used task manager

So you need to search for names which contain update?

thats what i did

Alright

@valid whale thanks

yw sorry i didnt give straight answers about powershell i didnt even look at hint or use it so i dont know the "correct" method

It's still not working for me. Powershell is returning 0 results., and shutting down the RDP when I try to enter a query.

copy and paste the command from the screenshot

then you can pipe after that

The command from the screenshot shows no service with update or anyhting related.

What? Idk how thats possible

I don't know?

Just to be clear, you mean this command: Get-Service | ? {$_.Status -eq "Running"} | select -First 2 |fl

even Get-Service

yes thats the one

yes when I run that I get two results, and neither contain the name update.

in DisplayName or Name

the commands should display similar results (the exact same results for the module)

yes, I indeed get a similar list.

you just have to sift through that list and i recommend piping to findstr string

but if I use -like "string" I get 0 hits.

i got 3

when i piped to ||findstr Update||

maybe you didnt capitalize it

I also get 3 hits, but still get incorrect answer.

you need to put in the whole exe i believe not just the name

add the .exe afterwards

yeah it's taking a while because my RDP keeps throwing me out after I run a command in powershel

thats weird

add the .exe afterwards

God im such an idiot

thanks so much for your patience.

yw we all been there

its the burnout

||i just scrolled down task manager when i did it||

saw it and was like "the heck is this?"

I had no idea how to identify which process wasn't a windows one. and I figured it wasn't very efficient to list all the services..

or just bruteforce all possible services as answers.

practice helps a lot

i use task manager like daily for closing tasks. Call of duty world at war never closes for me properly

ctrl + shift + esc is the hotkey i use

hi there

somebody can help me with web requests

I'm doing the Post Method section

and I can not pass it

@shut remnant What is the problem you are having with it?

@shut remnant I've been working at it off and on as well today.

is that i track the cookie

I'll go and do that module now and see if I can pass and help dude, let me know if you get it in the mean time 👍

i've got the post section boys

(hint:remember the javascript obfuscation module)

Well, I'll have to do that one first then.

Nice @shut remnant good work

I give up on the POST module... It's probably staring me in the face but can't process at this time 🙂

Why don't I have permission to talk in the easy module?

Oh I guess I have to verify first

who wants to help me? i am in the fundamental modules and need the answer of the Learning Process... i only want to know is it 1 word or is it complete sentences because i tried both bot it wont work. i look on the internet for words and differences both everything i tried was not good. i even tried the difference between 1 and 2 😂 just to think out of the box so who can help me a bit

See it as a mathematical problem.

@rustic sage there is hint

i saw the hint but my math is so bad 😂

i will look for the math on the internet o wait you woulkd not meen its 37 right hahha

37.7 - 1.00 = ?

i have it hahaha

i noticed thanks

i tried 37 and 36 but not the point .7 after it haha so never make that mistake again 😂

you are not the first, and wont be the last

I'm burnt out today

I managed to join when there aren't any real beginner boxes ofc

When do they cycle

New box every week

Difficulty varies. If you want easy boxes do starting point or get vip and do the easy retired ones

Hi all, I know Ive asked a smiliar question yesterday. But im trying it again.

I'm in the windows fundamentals module, and I again have to identify a non-standard application that is running. However, I have no idea how to identify a non standard application. This time there is no hint either. Could someone point me in the right direction?

not done the module but i think it means any 3rd party services running on the system that a user has installed

Yeah, I figured it out. I'm just not that familiar with which applications are user installed and which are not on Windows.

Thanks for the help though!

Hello Guys...
I'm stuck in the POST section of the Web Request Module.
When I intercept the login page request with wrong credentials and send it to Repeater I always receive a 200 Ok code with a Login Failed message. I never get the 302 Found code. Besides that there is no PHPSESSID cookie, only the auth one.
I do not know what do do anymore.
Could somebody help me please?

https://i.ibb.co/r26BVdz/burp.png

it doesn't always have to be PHPSESSID

that was an example

in this case it's Auth

it doesn't always have to be PHPSESSID
@dapper belfry Thanks. But how about the 302 Found code?

that's not necessary as well

different applications handle it differently

what if you use correct credentials?

what if you use correct credentials?
@dapper belfry I can reach the dashboard page only using guest/guest credentials

Hi, I'm doing the ffuf course, and it tells met go to academy.htb:PORT, but how do I find the port?

the port of the target only?

when I use the entire IP of the target, I get 0 results. Could someone point me in the right direction?

have you read the earlier course content?

where it explains how to get domains to resolve locally in /etc/hosts?

yes

and the port will be the port from the target instance you spin up

you won't get any results from just the IP because of virtual hosting

it needs the domain, which is why you need to set it up as explained in the module content

I'm awere of that, but when I run the example in the course with the :PORT changed with the port of the target, I don't get any hits.

Is it correct that I get a major list of VHosts?

are you configuring your fuzz correctly?

I've absolutely no idea. I'm very confused about what I've done correct and wrong. I get results resulting from boom to jasper. I've added my target to my etc host, and i've changed it with the port. Yet, no flag seems to work when I try to submit it.

look back over the content and see how they do subdomain enumeration

make sure you are doing the same and updating the relevant bits

I've done it all, three times I believe. yet still i get this major list of possible hits.

I've no idea whatim doing wrong.

I've added every possible combination of IP and port to my host file.

could someone help me?

in your host file just add ip and domain with out the schema

not port

ip domain1 domain2 ect

yeah so I do:
sudo sh -c 'echo "143.110.169 admin.academy.htb" >> /etc/hosts'

and then when I browse to:
admin.academy.htb:30468, it can't be located.

then visit admin.academy.htb:PORT

make sure the ip in your host is same as the target ip

I have it all, ip in host file. yet still the ffuf giving 0 results when I use the correct port.

sudo sh -c 'echo "143.110.169 admin.academy.htb academy.htb" >> /etc/hosts'

and when I use the same code as in the example, I get a gigantic list of results.

can someone help me with WINDOWS FUNDAMENTALS?

👀

huh?

No never mind i was trying something

k

hey everyone, we've added a short module called File Transfers it can be seen as a reference guide and should be extremely useful if you are having trouble transferring files to/from Pwnbox or target VMs. loads of handy tips throughout for all sorts of file transfer methods

I've fixed my issue. I was a major idiot and overlooked a detail. Thanks to Sneaky.

hi, i have a problem in Web Requests module, particularly in the first task Request and Response.
Burp doesnt pick up my target in Proxy list. instead the thing is clogged with some "detectportal.firefox.com" thing.

forward it

click on forward

interesting, thanks

it's just holding all requests that are made until you deal with them whilst intercept is on

In Windows fundamentals how do I find the NT version? I tried system settings in the GUI, and a bunch of powershell commands that give me tons of info for system info and whatnot, but nothing is correct when I submit it. Coulda swore this would be pretty straightforward, but I'm stumped.

(check the table of the windows versions)

Yeah that was the first place I looked.. I got it now. I was trying to submit too much info. Smh...

🙂

good

POST Method exercise. Stucked on the "Login with the credentials guest / guest and try to get to admin."
Hint says "cookies" but i still have no clue 😄 . Any tips?

Hi, is anyone available for a dm. I'm on Web Requests - POST Method. Just want to run through my process, it looks like I'm there yet the answer I give isn't accepted. Thanks

@opal blaze focus on auth cookie

@wild beacon you can dm

So i tried to set aut cookie = admin

it worked but

what then

understand how the cookie encoded and decoded

damn

so close xD

thanks

Hi, i'm at the last part of the ffuf module, where the hint says I need to replace the port of my target with the string 'PORT' but this seems highly unlikely to me.

Furthermore, when I do so recursion gives no results.Am I seeing something wrong here?

wait me until i arrive there 😄

I know the sub-directories, and the files which I have correctly answers before.

one section remained

alright.

inshaAllah

@earnest rover last part

hm, i keep finding the hint hard to believe, that you have to replace the port of your targed with "PORT".. yet I can't find hits with recursion to be fair.

Hi! I've been trying to work out the GET request in the WEB REQUESTS module. I understand that I have to use something like http://flag.php?num1=X&num2=Y Do I just use any two number for X and Y to make 1337? Or is that not what I'm doing wrong?

you are right

but dont forget to add the ip of the website into url

you mean subdomain?

or target?

it was pointing to bearsurf

oh sorry

@green mason The IP I should use is the one I spawned? Right?

yes

@earnest rover which questions are you trying to solve?

the second one?

3rd one

just arrived there

let me check

look at the hint

Alhamdulillah

ok

hmm

interesting

I've tried all permutations

oh ok

by saying PORT it means when sending the answer

nothing else

you know every instance have different answer

to make it static they give it a name of PORT

yes I know

oh damn

fuck

stupid

lol

I've tried several versions of this http://<my spawned IP and portNumber>/flag.php/?num1=1330&num2=2 Can't seem to get it right.
Side note. On Slack you can reply to messages in a thread. Can you do that on here? I feel like I'm interrupting a conversation.

you can

it is 1332

not 1337

and also why to put / before ?

flag.php? would be better i think

This is my question. Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337.

so they are not summing up to 1337

just check your parameters

I've removed the / before the ?
Sorry the last number is 7 in my answer not sure how I managed to change it to two.

with ffuf recursion do you always have to give a depth, or can you leave it out?

that was not ment as a quote, btw.

dont know but 1 is fin

e

if it would not be then we can go deeper

how can we filter status

do you know?

-fs

it is for size ?

not for status afaik

fair

btw, im still on the 3d pard. each command takes approx 5 min, is that normal?

don't know

fair

@green mason Thanks for your help I got there in the end.

yw

I was being a complete dumb ass. I wasn't putting the GET request in the VM to get the flag I thought the answer was the correct request.

Hello everyone

Why you guys don`t sleep yet?

hey

Hey i am on the module 'Web Requests' and section 'POST Requests' i can't login to the admin account with the credentials they give are you guys having issues as well

Yeah I just found how to do it

Here's a hint: cookie is the way to reach admin, not URLs

i get that but seems really weird that then then explain prior to it that we are able to logon to the account with admin:password

Did you login using the credentials mentioned in the question?

You'll get cookie only if you use the right credentials

they specify two credentials

'guest / guest'

admin:password

and the guest account works perfectly
but the admin account according to the post you should be able to login to as well

'guest / guest'
@dry warren You had to use these credentials. Now you have a cookie. ||You need to edit your cookie to reach admin||

i know but why does it say this then initially https://gyazo.com/ecc8840b6a7c53537832d240c48e8b42

Let's talk on DM

cool

@dry warren

look at the note

i know but why say other thin below

that

that's the section

you literally do the same thing with the guest account

okay maybe now i understand

so they user admin:password on their side for this exercise and we were just supposed to follow along with guest guest

indeed

as for the question, look at the hint

i have solved

np i was just confused and di not move on because i thought i should be able to login with admin:password credential on /login.php as well

anyone got time to help me out with the POST question, i got a guest/guest cookie and i am struggeling with the randomized second part of the cookie

Cookie/ admin-wise - Me to, set it, using it, the page even says welcome admin_ but missing something

so the randomized second part is just a unique identifier for the guest account

why would a proper admin account need a unique identifier......

ah

@tough fjord thank you very much

@tough fjord Lightbulb 🙂

Hello ! I know it's been a lot of questions for this specific module (POST Method) but I'm stuck and idk why.

I managed to connect to the admin by modifying the guest cookie. I have a sweet "Welcome, admin_!" as a Response, but I can't find the flag. I've been struggling for hours now, what am I missing here ? 🤨

@rustic sage you have extra thing but not missing something

it may shine without an underscore

Omfg I'm such a stupid ass

Thanks a lot lol

One more thing : it wasn't clear for me that I needed to edit the cookie. Tbf I would never have thought of that if I hadn't come here. Is that supposed to be obvious ?

@rustic sage i have solved many labs related to web, but i also couldn't figure it out directly

so it is normal

Okay that's a relief then, thank you !

can someone help me?

@rustic sage it's all part of the hacking discovery. play around with things and see what they can do. The web requests module makes more sense if you do the javascript deobfuscation one as well (they are on the same path) as it will tell you about cookies and doing things like this

Yeah I'm currently taking this path :)
The thing that worried me is that I didn't get what I was supposed to do in an entry-level module, that isn't what I'm used to with online courses. And that's great !

can someone help me please? I have been suck on this one thing for days

which bit?

which bit?
@exotic current I need help with WINDOWS FUNDAMENTALS, Introduction to Windows!

Not tried that one yet sorry :/

damm

I'm having a brain fart about javascript flags

Is there a way to get Burpsuite on command line only ? I keep getting lost in this GUI

Or maybe there's a console hidden somewhere to understand what's going on

i think there is

no there isn't.

for the purposes of this the main things you need are the proxy tab and maybe the repeater tab

and it would be hard to use

really, I thought you could

re the POST module, im intercepting/editing the cookie being on the POST request... am i on the right track?

i logged in successfully as guest/guest to create it

(the cookie)

yep

so close 😭

hi, i'm doing the js deobsfucation, but when it comes to page 9, no matter what i try, it doesn't give me ✅ on the question. I tried everything.

i found the flag but its incorrect 😮

Then its not the flag

ah man is said admin and here is the flag....

decoy?

@fair vine if it says here is the flag make sure you are copying it correctly or the right bit

quite sure i did but will ahve a nother go

it says the flag is "then the flag"

i copy "the flag" but says incorrect

😦

thought id cracked it!

ignore me found my error 🙂

good stuff!

Im stuck on the GET method
I thought I had it right but I have been trying and it still says i'm wrong
Will you tell me if i'm close?
||GET flag.php HTTP/1.1 num1=1000&num2=337||
or
||flag.php?num1=1000&num2=337||

@fair vine The flag is not always the same flag

you are close

but why is the HTTP.1,1 in the middle of of the request

oh whoops, it is supposed to be first

I think

no

that is the very last thing, seperated by a space

ok

thanks

hi, can i dm someone for Web Requests Post Method.

hey everyone, now there is another new and free module out there called Linux Fundamentals. It covers everything to work with Linux efficiently and comfortably and some nice tips and tricks for experienced users. Check it out!

@rustic sage - where you stuck?

@drifting knoll Nice

not quite sure i manipulate the cookie but don't know if im right

The bit that threw me, was look at what you're actually setting

ty i got it .....

ohhh new module

struggling to keep up with all this new content

||GET / flag.php num1=1000&num2=337 HTTP 1.1||this better? I still haven't figured it out

@fringe compass better, look at how the url and variables are combined

If you post in the browser with variables, Burp will show you how it's formatted

k

thanks

my turn for the headache, done most of the Javascript one but the serial= bit for decoding still throws me, done curl and burp, so know I'm missing something subtle (and probably obvious)

Nevermind, being dense, JS solved

Question about File Transfers module and the Linux File Transfer Methods segment question 2. I managed to upload the file by ||sshpass -p "HTB_@cademy_stdnt!" scp upload_nix.txt htb-student@10.129.33.197:||. However, when I then run the hasher command it gives an invalid flag even though the contents of the file is the same as the one downloaded?

I am working on Cracking into Hack the Box. However, none of the services are running. For example, I am supposed to go to http://206.189.25.23:30147, but that doesn't work. Later on, I am supposed to go to http://inlanefreight.com/search.php, but that page doesn't exist. http://inlanefreight.com only redirects to https. Any ideas how to get past this? As it is, I cannot get past the GET Method section.

you have a target instance you spin up yourself at the bottom

Am I being thick or confusing stuff? npm is a packet manager for nodejs AFAIK. How is it suppose to run a simple server?🤔

@tough fjord I have the instance running. I can even get to https://inlanefreight.com. None of the other pieces are working.

no you target your own instance

those are examples - you apply it to your target

I am trying. I did an ifconfig to get my IP address and that's not working either.

*I targeted my own IP

And the inlanefreight.com pages are not working properly. I should be able to get to /search.php and that results in URL not found

Oh s**t...I see what you're saying. I feel like a dumba$$

@gray ginkgo i am running server with npm

@tough fjord I was able to get past the part with the IP address. But the :80 version of inlanefreight.com is redirecting and the search pages are not working. Nor are the get statements.

@midnight aspen lanefreight is an example only for the tutorials, the "spawn your target" at the bottom of each page provides the same functionality

Good lord. I think I need more sleep.

how do you access the modules? im only seeing machines and challenges

academy.hackthebox.eu

gotcha, thanks

Am I being thick or confusing stuff? npm is a packet manager for nodejs AFAIK. How is it suppose to run a simple server?🤔
@gray ginkgo no this is pretty much where I'm at too

i am running server with npm
@green mason a hint would be much appreciated, I can't see anything documented in the man page

since "sudo npm install --global http-server && npm start http-server" is not the answer

nor is sudo npm install -g node-static && static -p 8080

I'm getting really confused with the POST method and the question Login with the credentials guest / guest and try to get to admin.
I get that I have to play with the cookie using burp suite but having not used burp suite until yesterday I don't really get what play means. I've followed the example instructions using guest guest but I'm a bit lost.

so what's the sequence of events when you authenticate as guest? what's happening in each of the request and responses?

looking at the Proxy /Intercept on burp I get
POST /login.php HTTP/1.1
Host: 165.232.47.168:30846
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Origin: http://165.232.47.168:30846
DNT: 1
Connection: close
Referer: http://165.232.47.168:30846/login.php
Cookie: auth=Z3Vlc3RfOGYwNzMxYmMxNWI4YmViZDE2MGI%3D
Upgrade-Insecure-Requests: 1
Sec-GPC: 1

username=guest&password=guest

I then send that to the Repeater

Hit send

looks like you're already authenticated as guest there though

Then I get the response 302 found with the Set cookie shown.

So do I need to clear the cookies?

yes and no, seeing how the cookie changes each time you re-authenticate might help you

I think I'm going to have to do some training on burp first. I play around in burp and the actual web page just looks like it's trying to load all the time from the login page. The only way I can get it to do anything different is to drop and turn off the intercept.

Hi everyone, I'm having some issues in understanding what is the answer requested in the POST method part of the WEB Requests room

I got to admin, but I don't see any flag there...

I=If you got admin the flag should be displayed in the page

all I see is "Welcome, admin_%randomstring%!

So I'm wondering if I'm missing something...

that's the problem - that's not admin - 'admin' is admin 😉

DM and I'll help you out

i haven't solved the module, i have stated that it is possible. we are doing that when developing apps

Hello ! I'm working my way through the fundamental Web Request module and I'm currently stuck on the PUT and DELETE methods since yesterday noon. I think I understood the vast majority of the course, but some elements are still vague to me. I'll be quick.

**Context **: I managed to PUT and DELETE the hello.txt file without a problem, but when it comes to a php file it seems different and I don't understand why.

• The PUT method works like a charm (did it three times), but the DELETE method seems not to work : DELETE /flag.php HTTP/1.1 answers with a HTTP/1.1 200 OK and shows me the Headers and content instead of deleting the file. Why is that ?

• I noticed some requests could'nt be processed by the server (or the client ?) if there is not the right number of line breaks at the end of the request. i.e DELETE keeps Waiting without a Response if the request stops at the eighth line (Cache-Control : max-age=0), but answers if I add two line breaks after the last Header. Is it abnormal ?

Sorry for this long message, but I'm really confused and I know there's something I misunderstood somewhere.

DM me. I'll help

Despite our good will, @shy flower and I could'nt understand why I can't DELETE a .php file while a .txt file worked fine. Does someone have the time to dive into this with me ?

Just finished JavaScript Deobfuscation and had already completed Web Requests, this made Cracking into Hack the Box say 100% but is says i have not completed any paths.
Am i missing something or does it just take time?

can you send me a screenshot @rustic sage ?

mine took a minute to refresh

try refreshing page

Thanks @warm quiver just had a chat with @drifting knoll and after going back into JavaScript Deobfuscation and pressing finished again it added a complete path to the dashboard.

In case someone is wondering the same, the last section of the module Web Requests covers cURL, which can be used in this way 🙂

I am stuck on the GET method ||GET /flag.php?num1=1000&num2=337 HTTP/1.1||which is closer?||GET /flag.php?num1&num2=1000+337 HTTP/1.1||

first

ok

Will you tell me if I have all the info and just have the wrong order or if I am missing something and need to go look again ||GET /flag.php?num1=1000&num2=337 HTTP/1.1||

that looks ok to me, so odds are something else is wrong with your request

for me too

@fringe compass check the url and make sure you set it properly

whenever i put in a url it is blocked and won't work so burp won't show me anything

is there a way to submit creds in a url?

idk

then you should go through the section again and read it carefully

ok

stucked to POST quiz. in "Welcome admin_hash!" is this hash something?

it's a unique identifier for guest accounts....

my bad i thought was more difficult than that. thank you

np

for the get request am I supposed to put the request in the browser?

Yes

But only the url, not in the form you see in burp.

ohhhhhhhhhhhhh

ok

thanks!

yw

I got it!! I feel so dumb that I didn't realize that it wanted me to put it in the browser LOL

In get request module inlanefreight is converting directly to https

I am not getting http

@twilit fractal Use the IP address instead

Ohh ok thnx

Adding it to your hosts file should fix it too if you want to use the url

I'm sorry I didn't get u

I dont how to add hosts file actually

I will surf the Google for it

Thnx for helping me out

I've been at this for an hour now and can't figure out why this doesn't work for the Web Requests: GET Method lab. Any one know why?

http://[spawnedIP:port]/flag.php?num1=1300&num2=37

maybe you forgot to add something

damn

use proxy to analyse req&resp

kk ty

Hi there. I am having the same issue except that I could not get to admin on Web Requests module , POST method section. I believe I followed the docs, but I just can't understand what do I do to obtain admin. Can anybody help?

I get guest authentication OK, with page displaying Welcome, guest_<hash> . But I don't know how to get to admin.

Inspect the request flow in burp

What do you mean by 'flow'? As I understand, there's smth to do with changing the Content-type header to bypass authentication, but does not seem to work for me.

SO i'm having a bit of an issue with web request POST method lab...

actually same thing with elkampa 👀

Flow as in what all it does from the moment you login

I got you. I understand the flow: POST request with sending form, then I get 302. Then the next is GET to the /admin/dashboard.php with the cookie set from previous request.

Did you look at the cookie then?

Yes. I get a cookie 'auth' which is used in the GET request to go to /admin/dashboard.php . That is guest's auth cookie.

Well, see what you can make out of the cookie

Stuff from previous sections should help

facepalm I forgot to use the provided login creds.

TY! perfect hint

Sure thanks. The hint says also smth to do with the cookie. Now I get , 'Welcome admin_<hash>' . Now what?

Make it just admin :)

Oh...thanks. This was hard! I thought it was to do with changing the Content-type header json or not json. Confusing.

++identity i'm stuck hereTarget: http://178.62.0.100:32673
Time Left: 39 minutes

• 2 Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337.

++identity curl 'http://178.62.0.100:32673/flag.php?num1=668&num2=669'

here is my answer

should i include the credentials?

yes

curl -u admin:password 'http://178.62.0.100:32673/flag.php?num1=668&num2=669'

idk, I did it in the browser

look right to me though

@rain valley that curl command worked for me

👍

this what i've been trying to submit but it won't accept it

my brain right now trying to figure out the post method section

i've been at it for 2 hours

how come?

i had issues with it, too . was a bit hard 🙂

hi

have no clue how to get admin and it's slowly hurting my brain i'll get it eventually

it's very easy. do you have the flow when you pass the login page with guest/guest, you get the cookie?

yea, the guest cookie?

yeah

yeah i got that

ok. see the next request that will get the dashboard page. you'll need to see what you can do with the cookie.

get rid of the extra _ and the rest

do i actually need to do the json thing for this?

@wise badger ^

no, that was confusing to me too. nothing to do with the json or manipulation of content-type header

Hey guys I'm trying out File Inclusion / Directory Traversal : LFI to Remote Code Execution (RCE)

The first question : Using the LFI to RCE vulnerability run the command 'uname -a'. Submit just the Linux Kernel version number as your answer (i.e. Debian 3.19.42-2)

I tried using GET /index.php?language=/var/log/apache2/access.log&cmd=id HTTP/1.1 just to make sure it's working

but it's not

also tried to uname -a in the User Agent :/

Maybe i misunderstood the goal

i thought it had something to do with the json for 2 hours, i feel stupid

thats what i get for trying to think too hard

Anyone can help ?

with File Inclusion / Directory Traversal : LFI to Remote Code Execution (RCE)

looking for a hand on windows fundamentals

@spare crane Whats up?

Just overthinking i got it lmao. Thanks tho

Hey @magic bough , it looks like that's a medium level module, here this channel is for fundamentals

Oh okay thanks for telling me

I didn't notice

🙂

i cant get a response in burp on the request and response module

anyone got advice?

Got stuck at the "Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080.", any hints, please?

i'm close to throwing my pc out of the windows

i got this for the POST module

Admin panel

Welcome, admin_248421c3c0e8a23832a8!

by intercepting the response to the request and forwarding it then i modified guest by admin

this is what i try to submit 248421c3c0e8a23832a8!

but it doesn't work

help

Does admin need the unique id like guests? 😉

Am I even close with this npm question in Linux Fundamentals? ||npx http-server -p 8080||

why npx?

to run it without install

how would the command look like after you have installed it?

npm run i gues

did you read the hint?

yes, hence the non-install npx

do you really need to use a package manager to run a server?

🤦‍♂️ got it, thanks

I've spent waaay to long overthinking that one, thank you @drifting knoll 🍺

you're welcome

Since you're right there, mr Cry0l1t3, is this query supposed to return a single file?

@trail sleet yes