#modules

hey, im confused on the post method section. ive been going at it for the past hour and a half any direction would be much appreciated. i understand how to get the guests cookie but dont quite understand what i should do with it.

What are you working on?

@unreal niche

Thanks for the hint! I figured it out finally.

Can ffuf be used to brute force psswords? And if so, what wordlists can we use? It's not covered in the module but just mentioned once in the web-fuzzing section

You can use any password list you like

It can. But there are better tools for it @shy flower

Ok thanks.

There is a hydra module which covers logon brute forcing

hey guys, im stuck at fuzzing module: Parameter Fuzzing - GET. Am i supposed to add the Target IP to /etc/hosts as academy.htb? then fuzz admin.academy.htb? i cant browse to admin.academy.htb on the browser

you have to add the IP and all domains

ah ok got it, thanks

@tawdry ermine #774648101318819890

Hello.. I desperately need some help with the POST Method challenge. I've tried to use the hints on this channel, but no luck. I've spent at least 3 hours on it and I'm going in circles. I've tried using the guest/guest cookie and using the REPEATER. I tried GET, POST, I tried with admin:password and without.

Perform a normal logon as guest. See what the flow is

Then see how you can modify something in that process to escalate to admin

anyone doing the linux fundamentals?

missing a 2 questions and have no clue wtf i am doing wrong

which questions?

find the mail path for htb-student

i tried just "locate mail"

what does the environment say?

there are many hits but tried googling about and it says it should be in /var/spool/mail/$USER

I tried. I've tried messing with the cookie, the method, the URL, the credentials.
Do I need to get back a PHPSESSID like it shows in the screenshots, because I don't get that

but the directory is empty

@dry warren where can we define such things?

No it should be an auth cookie iirc

Messing with the cookie is the right way

define location of mail?

oh nvm i got it

thx 🙂

now last one 😅

go ahead

i am struggeling with "What is the name of the file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?"

i filter correct afaik

but i must be making a mistake since i get many hits

Do I supply the guest/guest cookie + admin:password creds in the same request? Cuz that's not working either

can some one explain me what this could mean? Identify one of the non-standard update services running on the host.
should I be looking in the task manger of the RDP

dm me if you need help with that

I'm having the same problem. I think the issue is that I can 'find' based on last modified time, but can't figure out where to find CREATION time. I didn't think debian/ubuntu stored file creation timestamps

I'm perfectly happy using Linux and I get multiple results that fit this criteria, so I'm not too sure what's up with that particular question. Up the page I did ask Cry0l1t3 if this was supposed to return a single file and he said that it was.

🤷‍♂️

yoi have solved it tryrefreshing the page there was a mistake in the question

dear F#$%^&* lord. thnak you for telling me @dry warren

🙂

i had that page open since last night

just skip over then mate if you are stuck

or ask in here

HTB is fast on the fixes. way to go y'all

@mellow jay If you just have a look at the commands on the System Information page, one of them will give you quite a bit of information about the environment that your user is operating in.

nice try on tryna phish us

DO NOT CLICK! WTF, you spamming?

Grrr.... I spent hours on that (I don't like losing). I felt like I was answereing what is 2+2? with '4' and being told I was wrong.

Thanks for the heads up.

yeah dont click on that link

I think I broke my keyboard from bashing my head against it

clearly

i'm trying the file on my vm 😄

can some one explain me what this could mean? Identify one of the non-standard update services running on the host.
should I be looking in the task manger of the RDP

yep

they word it so weridly

well, I am dumb so...

yes it is an update service

try searching for the keyword update

ok. should I be looking in task manager?

no

they give you a command in the section to list services running on the machine via ps

like this?

Get-Service | ? {$_.Status -eq "Running"} | select -First 2 |fl

yes now modify this to find your update service

ok?

i tried this but it did not work. Get-Update-Service | ? {$_.Status -eq "Running"} | select -First 2 |fl

did i modify it wrong? @dry warren

yes

"try searching for the keyword update"

I am learning linux fundamentals and i cant find Which kernel version is installed on the system? (Format: 1.22.3). When i use uname -v it shows me that the version is 5.5.17. I also don't understand the What is the name of the network interface that MTU is set to 1500? bc it shows that it is eth0 but it is wrong answer. I also dont know how to find htb user's mail path

I am sorry, I am so confused. Where would I do it?

google it mate

where you can do that?

k

@mellow jay any hints?

use the commands they give in hte section and you will succed

ok, thanks i will use that

@dry warren when I look it up i get nothing usefull. Only how to remap keys and things like that

@pliant pewter you can dm

make sure you're sshed into the target box and then check the network interfaces

ok i will try that

i can find it in 1 google attempt first hit

👍

feel free to dm

k

Is there any possibility to use burp suite on a specific tab instead of using on a whole brower

don't think so

I tried to post this question to "easy-modules" channel but I don't seem to have permissions. Anyways... I am doing the final section of the 'ffuf' module and I am stuck at this " In the page from the previous question, you should be able to find multiple parameters that are accepted by the page. What are they?" I have tried the burp param wordlist, raft big list but I am only able to find one working parameter... Any hints what am I missing?

@twilit fractal you can play with the scope to not intercept the urls you don't want

but once it is setup on a browser, the requests made from the browser flow into burp

looking for some assistance on the linux fundamentals . questions doesnt really make sense to me

i can help

@green mason thnx

For post request module

I'm able to get into admin_some number

But what should I post the answer to the question

I converted into base64

Too

@round flame why would a guest need a uid 😉

Ohh ok

bruh i just cant get the right answer no matter what

i tried every command

i need help

network interface, kernel vesion and mail path

i did it

maybe i am just stupid

can i send you screenshot on pv?

Anyone who figured out the answer to "config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?" I have a find command that I think should work theoretically, but in practice it returns many results.

any advice would be appriciated

spoiler alert! this is the find command that seems not to work

find /home -type f -name *.conf -size +25k -size -28k -newermt 2020-03-03

actually it's:

find / -type f -name *.conf -size +25k -size -28k -newermt 2020-03-03

I'm literally reading about that right now! thank you so much for the suggestion!

it's in the next section of the linux fundamentals module

you know more than you think

Is it normal that I can't complete a single question in the Linux fundamentals module? I feel really stupid lmao

we all gotta start somewhere c:

The content should give you the info you need to get the answer

Its down to you to apply the knowledge in the best way

I can't either lel

the mail one, I have no idea

I know that its supposed to tell me

But idk

Head empty

Ive not done linux fundamentals yet. So cant help specifically

for the mail one I swear it should be /var/mail, but there isn't anything there 😂

oh come on

well, I got it

ignore my dumbassery

Hahaha

I was really confused with the kernel version

but I can't say it was mentioned in the thing

@ember fern 👍

it says 5.5.17 but the answer is wrong?

@uneven dock seems like you're on pwnbox

Running command on wrong target?

you running on pwnbox?

I get a different one

Pwnbox is the workstation right?

yeah

Ooh

Okay

where are the modules

thank you

i haven't done them

@cunning ether https://academy.hackthebox.eu

ah cheers

for Working with Web Services under the Linux Fundamentals module, perhaps allow the user to submit localhost rather than require 127.0.0.1

Uh how do I ssh to the target i am confusion

ssh username@ip

Yea got it i just had typos in the password

Thanks though lol

np

for Linux Fundamentals > Navigation, kinda misleading, htb-users makes it sound like there's another user

did you see any other htb-users @ember fern ?

nah, but I spent a bit too long wondering if there was a hidden home directory 😂

probably just me though lol

im currently on linux fundamentals service and process management and there is Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer. that question, the only unit with that description that i can find is apparmor.service but it is wrong answer

did you try just apparmor?

No, but i will

You have to login via ssh - I made the same mistake

Hello all.. I am hitting a wall with Q2 of the JS Obfuscation Skills Assessment. I've solved the other questions, but this one is giving me a hard time.

The question is: Once you find the JavaScript code, try to run it to see if it does any interesting functions. Did you get something in return?

I found the JS code and ran it through jsnice. Not sure how to run the code after that. The hint says: HTB{...}. I see the flag but it doesn't solve the question

just run it in the Firefox console or something I think

im stuck in Linux Module at the curl exercise , someone can help me?

Thank you!!! Got it.

i loged via ssh and typed systemctl list-units --type=service command, and the only unit with description load apparmor profiles is apparmor.service

Hello guys, i am struggling with cat /flag.txt. Can anyone help?

@reef void can you explain a bit more?

in the web requests module

Helo guys

I am new to hack the box

Can anyone tell me how to go through the process?

#Windows Fundamentals - could someone give me a clue, as I`m doing something wrong. Host is my parrot machine right? I run PowerShell but commands do not work. What am I doing wrong?

See the bit above the question? You need to rdp into the target windows host and run the commands from that

when i scroll down there is no other unit whit load apparmor profiles description

nice i got it

I have a problem on the same question, the site don't accept my answer. Btw i think that i found the right one

did you succesfully ssh?

Sry my bad i'm referring to @loud dew question on windows module.

ok

Got it, you have to add the executable extension

Hey guys, silly question here.. am working on the Web Requests POST method content, and am having a hard time with this one

I understand that I can use burp to alter the post request, but don't understand how that would allow me to escalate permission to admin

have a look at what gets sent back on the response, especially how the server knows who you are

Can I PM you so I dont spoil anything for others?

yep sure, go ahead

i'm on the web requests module, and can't figure out how to send a get request to flag.php with the parameters num1 & num2 with their sums adding to 1337, every time i try it, the website says Parameters not found

In the linux fundamentals, is the kernal question bugged?

I think i'm running the correct command, but I keep getting wrong answers.

are you running it on pwnbox or the target you ssh to?

ssh into the target

and running the commands provided in the content material.

• others with a little googling

which point me to the same answers.

not done that module so not sure tbh

it's the only question preventing me from continueing.

ohnevermand

nevermind*

i got it

the hint was a little obscure.

i've been stuck on the get method for a bit here

any one got any hints

I can. DM me

I’m struggling with the “how many services are listening on the target system on all interfaces?” Question, I’ve tried multiple permutations of both netstat and ss and can’t seem to figure it out

I’m assuming that listing the ports doesn’t help me as a service could be listening on multiple ports ?

Hello
I am new to HTB
From.last week trying to solve some challenges getting stuck
Just able yo solve one
Can anyone guide how to go about it

ya i can try pm me @granite jay

I'm on the same issue. I also used both netstat and ss.

@earnest rover @prime pier fixed

refresh and try again

Cheers ! @drifting knoll

refresh target system, or module page?

just the section page

hm, than I'm doing something wrong with my query.

I think the bracketed part of the question means something different than I thought, maybe we are meant to exclude local host and ipv6 results @earnest rover

yeah i figured as much. Just need carefull reading of the question.

Got it

When I did my line count it also counted the line containing the column titles

In the filter contents question of Linux Fundamentals; one of the question stats to filter unique paths. Does this mean the http paths, i.e. src? or what else could it mean?

It might be my lack of knowledge about the definition of "unique paths" could anyone point me to a right direction?

I’m in this question and assuming they mean all the paths to other pages on the inlanefreight domain, it’s a difficult question

yeah, I was wondering the same.

I thought of using regex to filter the curl output, but it might seem a little exessive for a fundamentals course, so there might be an easier solution which I might overlook.

hey guys

i've problem with that "What is the path to the htb-student's mail?", i did ls in home but cant see any folder related to mail

$echo mail

try that

its says that command is not found and need package installation, its rookie task, so i think they dont require installing anything

@rustic sage you should check your environment variables

what you mean

@rustic sage if you dont know what i mean you should read the section again carefully

ugh, i'm very weak in web requests and not sure what i'm missing on the post request (hint: cookies). I see the cookie, understand what it is for, but not sure how to manipulate it.

@digital path go back to the Headers section again and search for cookies and read it carefully

👍

@drifting knoll which type of header should i focus on? i've re-read the headers page and also the headers section on the POST Method page. I know i'm missing something simple

nvm, i got it

POST method I am confused about what the question wants. If I put guest into the credentials it logs me in to the Admin panel anyway so what does the question want?

it wants you to be logged into the admin panel with a username of admin

I thought it meant include ALL interfaces not just just ipv4 and localhoat, but apparently it means exclude local host and only count ipv4?

When I did that "path to student mail folder" question, the actual mail folder didn't exist on the system, so I guessed the two places where it "should have been" and one of the guesses worked.

/var/mail?

/var/mail/$USER or /var/spool/mail/$USER

replacing $USER with the actual user, of course

thanks

I am having issues with POST method. It will not take the flag I get from admin dashboard

I'm also having issues with that section. It's driving me a bit mad now. I've re-read the headers section as suggested but I can't work out what I'm missing.

@winged bison @atomic coral what results have you had so far?

I can log in as the guest, I've accessed the guest cookie. I've followed the POST section successfully but I'm not sure how to elevate to admin.

Have you inspected the cookie?

I've stared at it a lot 😄

I know I'm missing something really simple, I guess I'll keep trying till it clicks!

what does the cookie say?

I've messaged you just in case I inadvertently spoil anything for others.

cookie says:

sorry, that was too perfect not to send

turns out I was adding an extra character

At least you figured it out 🙂

hi,

need help in linux fundamentals question: How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only).

kinda confused about the PUT method section of the web requests module

I have the login.php file uploaded with exactly what it suggests putting but flag is not being displayed

does anyone have any idea what is happening there?

have you requested it after uploading it ?

and why are you calling it login.php rather than flag.php like it says ?

@atomic coral I sent you a DM if that's cool. I'm having trouble with the same task.

Good Morning All

Having a problem with the request and response section if web requests, I’ve spawned the target multiple times but am not getting any response from it

Nevermind I used my high level computer problem solving skills and turned the proxy off and on and it worked 🤣

I need help with the POST section of the Web Requests module where I need to modify the cookie to get admin. I modified it the way I thought I'm supposed to, but I'm not getting the flag. Please hit me up in DM if you could assist, please. 🙏🏾

hello, could anyone help me with Windows Fundamental? whenever i input the Windows version number the answer is incorrect

any hints for What is the index number of the "sudoers" file in the "/etc" directory? and What is the name of the hidden "history" file in the htb-user's home directory? questions?

@quaint igloo you should read the content carefully

i already did that 4 times, but i will try again

Hi, got a problem with a question Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option) Answer --login doesn't pass 🤔

why do you try to login? @white dagger

Thought that's the correct parameter

read the question carefully

Ok, so I missed the point 🤷‍♂️

thanks

Ehmmm in the Ffuf final section, 3rd question...
I seem to be able to find all pages (With either code 200 or code 403) But I can't seem to find one with the text "You don't have access!"...
Sidenote: Asking this in the fundamental section since for verification I need to solve the sign-up challenge, which I haven't tried yet but I wanted to polish up my skills first

The only pages with any 200 are index's

that was a typo on my part lol, I called it flag.php - I also requested it and it is returning a blank page. I got a 201 created after uploading. I'm assuming the only other thing that could be wrong is that the contents of the file are messed up but I don't understand what could be wrong with the contents

the contents is just:

<?=cat /flag.txt;?>'

right ?

bah, sorry, my paste messed that up, its the same as in the question?

yeah lol that is exaactly what I have

wait

there's back ticks in the thing too

Sure you are doing backticks and not single quotes

' vs `

yeah I'm using backticks I already checked that unfortunately :/

yeah, paste removed the backticks in my example, try using another method to put the file, eg. if your using burp use curl or vice-versa

Ok maybe I'll try burp because I was just trying to use curl

I mean curl -X PUT -d @flag.php http://ipaddress:port/flag.php -vv is giving me a 201 so it should be there when I'm requesting it, right?

in theory 🙂

you would think lol

humm, just tried with curl and it worked fine

we all solved/

Hey mate.. i got stuck at the same POST question.. hope you had unlocked the secret and can pass along some hints 😉

Check DM @urban berry ;)

Sorry if this is repetitive but I'm stuck on the same POST method question. Any hints on the location of the flag?

Nevermind, read the messages above and figured it out 😆

thanks mate.. managed to solve it thanks to your little hints 😉

Any chance you can DM those hints? 😄

can someone help me with the get method?

I worked all day to fix web request- post method, thanks all! i have solved it reading old message

Good job, I've been at this for days, starting to feel really stupid 😦

I was working the Web Requests module as well and it seems that something might be wrong with the Burp version and the Firefox browser version -- the examples in the follow along don't seem to work

are you following along with the target you spin up at the bottom?

Oh man, that's a dumb mistake. Thank you for the quick response.

no problem

Hey guys

i'm stuck trying to get the string on on the flag.php

Can anyone provide any insight to this question? " Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer."

is that a new question as I don't remember that when I did it

Sorry this is under the Linux Fundamentals module in Tilter Contents section

Filter COntents*

ah, not done linux fundamentals yet

it's on my list atm

long list!

!rank

hi there, I'm trying to complete flag.php challenge. I created file with content and when I execute it, something happened. But I guess it's not showing me the flag hash. Someone can tell me if I have to do other things after execute?

did you include the single quotes in the file's content?

^ they’re back ticks @dim flame

I tried different versions, with quote and not. And I had only a respond. I don't know if I can write here...anyway tell me it's wrong

@dim flame use cut&past

!rank

Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.

need help

any suggestion?

or hint?

well thanks because I didn't know about back ticks😅 I'm using italian keyboard and I haven't highlighted .
But still have some problems, but maybe it's because I don't know how to use curl properly. To add content in flag.php file should I use -d flag?

i got the flag on the post method, but it is telling me that its incorrect

did i do something wrong?

i figured it out

you have to take the exclamation mark off at the end

@dim flame I used Burp for that lab. Maybe try it that way first. I found it easier to see everything in front of me, and you don't have to worry about whether or not you have your command line syntax correct. Then you can practice using curl afterward.

Regarding the GET Method module and Burp: Did anyone have the issue where the VM's browser just sort of hung up and would never really load the page unless you clicked Burp off?

this solution works, but the HTB module makes it seem as if it will just work: https://www.youtube.com/watch?v=G3hpAeoZ4ek

sounds like you had intercept turned on in burp

so im new to all of this been looking at code and things since i noticed i was getting mitm attacks for packets a few months back due to some thngs. so now im starting from scratch.

im working on linux fundamentals myself. stuck at getting ssh path from target using username and password

Hey guys!, I kinda got stuck at a stupid question, but i can't figure out what's wrong. It's in linux fundamentals module in system info section; The question asks for the path to mail. I found it in /var (i can see the directory 'mail' in /var by using 'ls -la') But it says the answer /var/mail is wrong. Any help? I'm starting to think that the question has a problem.

what's wrong?

i think i may have just figured it out..

one sec

nope...im so green..idk anything

anyone have advice on where i should start?

The modules marked "fundemental" should help you on your way

Ow wait Nvm didn't read the messages before that one

@rustic sage check your env

Hey guys!, I kinda got stuck at a stupid question, but i can't figure out what's wrong. It's in linux fundamentals module in system info section; The question asks for the path to mail. I found it in /var (i can see the directory 'mail' in /var by using 'ls -la') But it says the answer /var/mail is wrong. Any help? I'm starting to think that the question has a problem.

The question is asking for something slightly different

I believe

Ive not done this module myself

It asks for path of mail for HTB-student user

Yeah. And /var/mail is just a generic path for mail. Not for that user

i guessed it, but apparently the answer is in the env like Agent_Tiro said

Yeah thanks for advise, so I did it. But only with copy and paste the content. I don't know why didn't work writing content. Maybe something wrong that I can't notice. But I did with my own kali linux machine, because I can't copy and paste using academy's VM. So ranked!! Thank you all guys

Oh, right. Tkanks!

After webrequest and jsdeobfuscation modules, any advice on the next module?

Try either 'File Inclusion / Directory Traversal' or' Stack-Based Buffer Overflows on Linux x86' Module

👍 i will try all tree 😅

Hey! I know I'm stuck in the system info section of linux fundametal, (I know its stupid but, here I am!)the question says; "What is the path to the htb-student's mail?".
I found a directory called mail in /var/mail, but looks like thats not the answer.
someone help me

@shy flower check your environment

I got it, thanks!. But what was wrong with just using /var/mail?

for the POST method question on the Web Requests fundamentals module, is the admin creds (admin:password) not supposed to work on the target machine?

nope

it tells you to login with guest:guest and then escalate to admin

mind if I dm?

sure

Yeah, as a fellow Italian, backticks and the tilde are very well hidden. In fact, I ended up getting a US keyboard just because of those (I would strongly suggest that you also get one, or a UK keyboard).

/var/mail isn't the path to that specific user's inbox is why.

Okay for real though, in the Linux Fundamentals Module, should curling the inlanefreight.com site and filtering the result be as ridiculous as it seems to be?

i've just started that module so will let you know

Alright, thx

@spark halo did you manage to get it?

Anyone available to show me what I’m missing on the Linux fundenemental question around interfaces?

Yeah you're right. In fact I purchased an old thinkpad T430, to practice in some hardware changes and US keyboard is one of these. Thank for the advise. I really apreciate that!

So guys the question asks for the index number of the "sudoers" file in the "/etc" directory. Right now I'm in the /etc directory and typed "ls -i sudoers" but the index number I submited as answer is somehow wrong

Hey! Can someone give me a nudge? I'm doing the Web requests module and I'm on the POST Method bit. I think I get the idea but when I login as 'guest' I cannot get a 'PHPSESSID' returned. Instead I get is: auth=Z3Vlc3RfNWI0MGQ4NWFiNzQ2YTRhNTgyOTI%3D
anyone willing to have a chat with me about this and help my understand why I'm not managing this?

Ehmm, sure thing, feel free to DM

I might be able to help DM me.

No

hey guys, i am not able to solve the questions about counting the services. may someone can help me?

Under POST method under web requests, the first step is not working for me. Says that username/password is admin/password, but that does not work. Any ideas?

It tells you to login in with guest/guest and escalate to admin

First thing is: The admin credentials are admin:password, which lets us into the dashboard. Let's go back to the login and clear any existing cookies by clicking on the lock icon followed by Clear Cookies and Site Data. However, that fails immediately. I will try with guest:guest and see if that works.

So that part is an example. The target exercise is a bit different

Look at the note on top

It says you can replicate it with guest credentials

Can someone give me a nudge on the Linux Module? I am unable to find the correct ammount of total packages, tried it using apt and dpkg, Same result, but not submittable...

dpkg should give you it

i did it not that long ago

hey guys, im a bit stuck getting the unique paths for inlanefreight if anyone has any pointers?

oh man, that one was painful

i did it not long ago and it was a huge mess of regex, grep and cut and sort

I think I have a decent grip on it but im not sure if what point the path makes it unique

Oh dang got it 🙂 pog

So I just started learning how to hack i know absolutely nothing, and im stuck at the "Web Requests" Module. Im in the "Request and Responce" Section. I just follow all the steps but when I click "Forward" on Burp in the Proxy tab there is no response from my target. I did it like 3 times am I doing something wrong?

DM me the answer or ping me here

@onyx lily you're trying to hit 206.189.25.23:30147 right?

Yes

I dont think its accessible

I mean I’m trying to hit the target that is generated in the questions

Is it the same thing?

the instance will be unique to you

Yeah I just wanted to make sure you're not using the ip from the tutorial section and that you've spawned your target

@onyx lily you can try mine 178.128.166.212:32406 intercept and response worked

I think I tried like 2 different targets already but they don’t seem to work. Idk if that matters but I’m doing it all on MacOs.

wait are you on your pwnbox or your local machine?

Local I think

I mean I just clicked on the screen on the website

And did it there

just want to confirm you opened firefox and set your proxy to burpsuite and then hit the url from firefox right?

@robust lava if you get a sec, could you look at my question in #774038216239349820? I probably should've posted it here, but my b

@stark fossil im not there yet, ill probably get there later tonight 🙂

oh my b, I just assumed you were further cuz you seemed so knowledgeable XD

Yup

Maybe it’s just a update or something but when I wanted to start burp there was no “start new burp project” or “start new project” there was only “start burp” or something like that.

But I don’t think that’s why.

Hi all.

hi

I'm having a spot of bother using the npm command, the package manager is not installed on the spawned taget and I'm unable to install through lack of privilege, can any help please?

did you figure out ?

you can use powershell filter but there is a small trick in it

Can someone please help me on module 18? Linux fundamentals... i have problems to get the right number of listening services.

I am stuck at very first Section where it asks what was the first section 😅😅😅. Please help me

ma

can anybody help on the question "how many services are listening..."?

sure I can help, dm me

i am new what do we do

need a bit more info than that

a specific module? or what

can anybody help on the question "how many services are listening.. and "Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer"

Hey I’m on the Linux fundamentals module and I’m having some trouble. Am I supposed to run that IP address in the browser VM? Every time I try to open in a different browser like EDGE it doesn’t work. I’m trying to answer the questions like the OS version using uname -a (parrot 5.5.17) and when I put my answer in it says I’m wrong?

have you tried chrome

owh you're close

look at you answer again

No I haven’t tried chrome but I’ll give it a shot! I swear that’s the OS I’m seeing 🤔hmm

You are meant to ssh into that vm

Then commandline should give you the answers

Are you grabbing the output from target machine ?

Can Anyone give me a hint abt what should I find out in the post module

I am not understanding hint??

I’m having trouble sshing into the target? I’m typing “ ssh 10.129.45.57”
then it asks for the password and I type in HTB_@cademy_stdnt! and still no dice? I also didn’t get the option to enter in username htb-student. What am I doing wrong? 😱😱😱😭

because you didn't specify the user

@brittle kraken

@drifting knoll that makes sense 🙈thank you

Can anyone help me with post module ??

@twilit fractal I can help you

Sorry, I notice as curl have -v for verbose, but I can't find what is -vv at the end of, for instance, PUT/DELETE modules. Can anyone tell me please?

@dim flame that usually increases verbosity level?

oh something like double verbosity...it make sense, but are you not sure on that?

thats typically what it does

lol I was super overthinking the fuzz /blog question LMAO

ok, it was because I can't find that on man page, but maybe it was me that not seeing. Thanks guys, I appreciate your very fast help.

feels weird that the academy is asking us to fuzz hackthebox.eu

Hey, can someone please help me with the module WEB REQUESTS. I am an absolute beginner so I'm finding it hard to understand what I'm supposed to do. GET METHOD is the sub section.

"Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337."

@night palm Message me if you need some help

can any one provide an insight to this question

Login with the credentials guest / guest and try to get to admin.

from the i tried to intercept the cookie with

burp

i pasted the admin's cookie from the example

but it is returning "Welcome, o�9�h��ww�|�_*y�f�!"

Play around with the cookie. See what it is / how its made. Check what it looks like if you decode it

i have done that

still no positive result

So if you decode it. It should look very similar to something when you login

Try modifying it and see how things change

still nothing

Ok. Do you know what encoding is used on the cookie?

i think url

am i right

No

Look at common encoding types for cookies and try them. See which one makes the most sense when decoded. Then play around with what you find and re-encode it

wow still stuck

please i neeed helpppppppppppp

Did you find how it was encoded?

And have you done the deobfuscating javascript module?

no i havent

i just did the introduction to linux then came to this

ah fuck

@limber birch find out the encoding method and it will make more sense. Its a very very common one

Thanks alot i was able to fix that @tough fjord

Cool

@tough fjord could i dm?

Sure

can someone help me wit module System Information in Linux Fundamentals

i can't solve 4 questions, I asked some fiend who knows alot about linux and he doesn't know to solve mz problem

@rustic sage dm

Hi, I got stuck and looking for help. When I am logging to the target with ssh htb-student@hostip I am receiving a message that ssh is connected, but port22: no route to host . What am I doing wrong?

what command are you using?

-l

now I have received another message port22: broken pipe

which module you doing?

I was encountering these issues the other night

no worries I have fixed it, it was related to my macOS

i need help with the web requests module since when i try to upload the php file it says 500 Internal Server Error

nevermind, found out the problem

could anyone help me with a question I have on the skill assessment for the web fuzzing module?

Welcome to dm

@robust lava pog, im afk rn, but I will in like 10 min

Where are the fundamentals modules located

@rain briar filter at the top https://academy.hackthebox.eu/modules

Hello guys. I need just a bit of help in 'Linux Fundamentasls' module and section 'User Management'.
In the last question "Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)", I was very sure that the answer was '--login'. I have tried every argument that 'su' command can take and still I haven't gotten the answer. Is there a chance that this question has a bug or something or is it just me making a mistake (if it is the latter I don't really mind. I will continue my try)?

Thanks in advance!

Hey @brisk meteor have you completed the previous section of this section. I'm stuck at htb-students path ,htd-student mail ,version of kernel and and network interface

The version of kernel in my case is 5.5.17 but it is showing error and network interface eth0 I gave it shows error. Please helpe with those. Thanks in advance 👍

gopichandu you have to connect to a remote pc using ssh. Have you done that or are you getting all this info from your host pc?

Do I need to spawn and login there with the given credentials

indeed you do 😉

@brisk meteor the key word in that question is command 😉

Thank you very much sir!

@brisk meteor Thanks it worked👍

Hi guys, can anyone share any tip about: Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain?

Hi
In Web Requests module i answered to this q Create a file named "flag.php" with contents '<?=cat /flag.txt;?>' and request it to get the flag via curl
is it possible to use Burp or ZAP for this too?

Yep

Its only.web requests

Anyone can help me out?

I did it. But it was a mess of regex and bash-fu to get there

Lost in solving ctf
Can anyone guide how to go about.
Want to learn but stuck up

Hi all, can anyone help me with the POST Method web requests section? I'm not seeing set Cookie when sending to the repeater. When I send to the repeater using admin:password I get the HTTP/1.1 200 OK response not the 302 response.

Use guest/guest credentials like it says in the text box 😉

Can someone give me a nudge on network enummeration with Nmap questoin 2. It says 'Enumerate the hostname of your target and submit it as the answer. (case-sensitive)'. My understanding of this quesiton is that I have to query with [servername].com instead of ip?

I therefore tried to find the server name. I'd expect it to be in this line of the Nmap scan:
Nmap scan report for [server name] 10.129.2.49
but its not. Then I tried explicit reverse DNS look up. didn't work. Then I tried interacting with the services to see if they might reveal something. finally resorted to nbtscan, netstat. I think I'm over thinking. Anyone help?

Not quite @topaz granite - the hostname is going to be the computer name / FQDN rather than the domain name. You can typically find this from smb / nbt ports

mind if I dm you. I've got the computer name from the netbios

sure

Can anyone point me in the right direction to start on the final challenge of the LFI module? Having trouble seeing where to start, since there's very little feedback

sure dude dm me

can someone help me with one of the questions in fundamentals... cant figure out what im doing wrong here

@burnt pivot make sure you understand everything in the sections
once you understand it, the questions become easy to solve

Hmm for whatever reason I am misunderstanding the question seems very simple but the answer is not right

then maybe you're overthinking it

suuuuuuper productive day today!! only thing to do now is the skills assessment in the Attacking Web Apps with ffuf lab!

super fun lab to do if anyone has some time on their hands! Solid lessons, and super fun tool to mess with!

awesome! glad you are enjoying it

Sucks it costs more money to do the stuff

I’ve spent enough on oscp and elearn course

🤷‍♂️ costs money to build content to this standard

tbh money probably better spent on academy than the elearn ones

Hi
Linux Fundamentals
Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080.
is this webpage https://www.npmjs.com/package/http-server related to the question or i'm wrong?

and still i'm looking for the correct answer

did you search on google for alternatives to start the webserver?

yeah bro and i found this article

ain't that good enough?
i need to search more?

cuz i think the answer is there
am i wrong?

which option is needed to specify the port the server listens on?

-p or --port Port to use (defaults to 8080)

ok, how do you start the webserver?

got it bro
thank u very much

you're welcome

hi im need help in Login with the credentials guest / guest and try to get to admin

can anyone help me with the question in linux fundamentals in section service and process management

systemctl list-units --type=sevice

i am unable to find a unit name with description Load AppArmor profiles

@brisk meteor have you solved this question

Which option needs to be set to create a home directory for a new user using "useradd" command? pleaser provide hint for this question i tried useradd -m and and also with useradd -m -d still im stuck in it , im new to linux please help

useradd -h should open the help file. Look for the option that creates a home directory

@dark portal only enter the option in the box for eg:- instead of useradd -m type only the option

@rustic sage thank you very much , I had no clue , now i got it

@dark portal you are welcome👍

please look into these questions and help me out

break the code 2dn challenge

help

i am @sick fulcrum

@rustic sage use systemctl -a --type=service , you will find it

you wont be able to scroll down with mouse use the direction keys @rustic sage

@dark portal thanks i didn't how to move down now i got it

@rustic sage welcome!

Linux fundamental
What is the index number of the "sudoers" file in the "/etc" directory?
it means Inode number?

yeh

so i entered the number as answer and it said incorrect 🤔

are you on the target machine?

ssh in?

yeah

@ember heart yes you can find it by adding -i for ex: ls -ali /etc

ls -ali /etc/sudoers

ain't it -r--r----- and equal to 440?

no it isnt it

no

those are permissions

before permissions will see a number inode number

try this

got it bro
never heard about it
tnx a million

try learning new everytime(i too never heard about it but learnt using google)you are welcome

Linux fundamental
How many total packages are installed on the target system?
dpkg --list | wc -l
apt list --installed | wc -l
both incorrect 🤔

does it have a title line that runs which isn't a package?

wdym?

do dpkg --list

and see if the first line is something that isn't a package

like binary version number, date or some random stuff like that

and same with apt

apt list --installed | wc -l
incorrect answer

Hi can anyone help me in web request module specifically in POST method section im stuck at getting answer for the module.

Im stucked at getting the cookie

@sweet plaza When you login as guest:guest, then refresh the site, you can see the cookie in Burp suite right? Try to decode it with Base64. That should give you a hint in the right direction

Thanks @vital laurel ill try that

Does anyone know how to do "How many files exist on the system that have the ".bak" extension?" I am missing something i guess. Help me here.

use the find command

i did it says .bak not found.

are you wildcarding the name

*.bak

otherwise it will literally search for files called .bak

okay i did find again with some modifications and it showed me path of the files that end in .bak but now how do i find the number of files?

look back over how to chain commands to get things like that 😉

This command modification is pissing me off now lol. Do you know the command?

yes

bash can be used to chain multiple commands together by piping output from one into the next

if you search for linux tools that can count you can just pipe output from previous command into that

i believe this example is even covered in the module content

I am aware of that but it isn't helping at all. wc -l just prints out 0. And the answer isn't 0. Please give me the command if you have it handy or if you provide. Sorry for the trouble

providing the command won't help you to learn how to use these tools at all.
I highly recommend you to read the content again, read the help pages, read the manpages and/or experiment a bit.
it is essential to understand how to work with it otherwise your next steps become even harder @rustic sage

Well thats true. I will read the pages again. Thanks.

if you still have trouble with it, try to figure out why.
the Learning Process module will help you with it

The burp mission isn’t working. I cannot see the request. Please help me.

Is foxyproxy turned on?

@west rampart if you get a chance, could I pm you a question on Linux fundamentals? (I thought about skipping this module cuz I thought I kinda had a wrap on Linux basics, but apparently not XD)

Agent_Tiro i just clicked at foxyproxy on burp

@stark fossil yeo

Hello. I am stuck for some 5h already, trying to resolve POST request method exam.

@rustic sage dm me and I can help

Linux Fundamental
Q is: How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)
as long as it has to be on all interfaces -a , grep LISTEN for the listening part and wc -l for counting
netstat -a | grep LISTEN | wc -l
incorrect 🤔
any hint pls

@ember heart key is NOT localhost and ipv4 ONLY (ie. not something with tcp6)

netstat -l is also a quick way to get listening only

Hello everyone, someone please help me with the following, I have started to make the WEB module, section "POST Method" where two users and passwords are shown for the exercise like this: guest / guest and admin / password, I am trying to enter with admin / password but it tells me that "Login Failed!", and I think that for the exercise at the end I must enter with those passwords, or maybe I misunderstood and I must enter with guest and become admin?

@raw hornet you need to log in as guest/guest (that is the info you have) then find a way to become admin (escalate)

ahh ok, F0xc I appreciate it, which means that initially with the credentials admin / password, it cannot be entered, correct?

correct those wont work

use the tools in your disposal that you've learnt about so far to get yourself to admin from guest

F0xc you are very kind, thank you!

For those asking about the "total number of packages installed on the target system" question in Linux Fundamentals. Here is a hint.

1.Make sure you look at the output of 'apt list --installed > installed_packages.txt'
2.cat the file and look for the desired pattern, in this case 'installed'.
3. What command can be used to output a specific pattern from a file?
4. Once you find the desired output how can you count the specific occurences?

Hello, can you please help me with the Web Requests POST exercise

stuck on How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only) Tried netstat and ss but nothing helped. Help me out here?

I cannot find the answer for this question: What is the method used while intercepting the request? Please help

What http request types are they...which one is used

hello

i dont understand a question in the linux fundamentals

how to find unique path after you have the source code from curl command

you have to start filtering these paths

by using the commands and examples shown in that module

looking into the help pages and manpages of these tools and make you familiar with them is the goal of this module

hello Guys, how work the access to other modul's channel? 😅

you need to have an account on the main hackthebox.eu site

then use that to verify here to unlock the full server

the web requests and deobfuscating javascript modules will give you the skills you need to complete the signup challenge

Ok thanks 🙂

ok iam stupid 😩 from hackthebox how i can verify ma discord account

@agile ore The process is described in #welcome chan 🙂

tnks you man

looks like you sorted it. welcome to the server!

idk what im supposed to submit here

Target: http:// the ip address


Time Left: 54 minutes
+ 2 Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337.```

i did sent a get request with the url /flag.php?num1+num2=1337

not authorized tho

im not sure what it wants me to submit in here

@raven mulch check your notes for the correct way to specify two parameters

with & ?

@raven mulch test it

im not even sure what it wants me to submit in the text field

what does the response look like

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.4.41 (Ubuntu) Server at ... Port ...</address>
</body></html>
[1]+  Done                    curl http://.../flag.php?num1

i know im really slow at these things

im not getting someting

@raven mulch https://tools.ietf.org/html/rfc1738

I cannot find the answer for this question: What is the method used while intercepting the request? Please give me the answer because I cannot find it

Hi, please avoid asking directly for the answer, but rather try to explain what you are doing and what do you think is going wrong

I know

But I read the text several times and cannot find the answer. So maybe give me a clue

usually taking a break and coming back later helps a lot

Ok I am on this question like 2 days but I try your idea

look into HTTP request methods

is anyone about to give me a hand with the "How many total packages are installed on the target system?" in linux fund module. I've tried a ton of things. made apt installed into txt file and cat with -n . just dont seem to be getting it atall

have you checked to see if the output has any additional lines in it?

like a title line / info line etc

that should work , remember subtract 1 from end result. you'll see number in the first colum of cat -n, don't you?

Hello, I am writing in here since I do not have an account in order to post this question in the #774040372966981644 .
I am working through the JS obfuscation module and I find a flag "var flag = HTB{...}" after deobfuscating 'secret.js'. This flag does not seem to work though. DMs open if needed.

Hi All, I'm doing the linux fundamentals module and under system informations section at one point I should ssh to a server, but the ip of the server is not shown on the screen, missing.
This is what is shown: SSH to with user "htb-student" and password "HTB_@cademy_stdnt!"

Is there anything I can do about it?

I am doing the Linux Fundamental module and am under the section System Information. I cannot find out how to find the path to the htb-studdent's home directory, or anything to do with the htb-student.

Did you manage to ssh in with htb-student user?

no I did not

i'm not sure what to put after the ssh

ssh htb-student@target_ip

what is missing for me is the target_ip, cant find it on the screen

well mine shows up above where you enter the questions

it says Targer: then something along the lines of CLick this to create target

and then it loads the ip

In this case replace target_ip with the IP shown

and then enter the password

I sent you a dm

I have a problem getting the .....How many files exist on the system that have the ".log" file extension Question.

Any Hints???

@rustic sage try ..... locate *.bak | wc -l

Anyone able to give me a nudge? I am working on the skill assesment for fuzzing and got to the following question:
Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains?
I found 5 of those and entered them in alphabetical order, in all lowercase yet i am getting an error that the answer is not correct.
Anyone that can give me a hint?

There should only be 3

ah, well time to go back to the drawing board.
Thanks

I have a problem I am stuck at Web Requests in Post methods I can't find that cookie

I have pasted it many times but it show it is incorrect

the cookie get requested when you log in

when you load a page the cookie should be visibile in one of the request headers

Bro I am pasting this Cookie: auth=Z3Vlc3RfM2EwZjlkZjU2NTI3YjgzY2RmNDg%3D

did you check what is in the cookie?

anyone about for bit of help on the LF mod " filter contents" ?

yep it guest name I pasted that also

But that didn't work

What is the question of the module?

Hi, i'm stuck in the Linux Fundamental module, section "System Information". Question: "What is the path to the htb-student's mail?" The standard path as described in section "Linux Structure" isn't the right answer. I searched for every occurrence of mail using find and tried them, without luck. There are no clues in the home folder. Do you have a tip what my mistake is?

Try checking some variables

thanx

Login with the credentials guest / guest and try to get to admin.

hint is cookie

well if you know that guest is in the cookie, why not change that to the user admin

hello guys im new

im doing the linux fundamentals but im stuck to find the home directory ....i think was cd /home.......but no

someone can helpme?

if you ls -al /home it will show you a list of home directories

hi I'm doing the same, I checked for var/mail, but it looks be empty. with ls -a too is empty. Is not listed in mail folder?

check env

I am on Linux Fundamentals User Management and am on the question "Which option needs to be set to lock a user account using the "usermod" command? (long version of the option)" what does it mean by long version?

instead of "-l" " --long-version" .

good day, could someone please help me, I am stuck in the Web Request module in POST, I have entered with the guest / guest credentials, I captured the cookie, I decoded it and what I did was change the part of the cookie that corresponds to guest , but it does not work for me, something that I am missing, help, thanks!

@hybrid timber I'm still lost but thank you, It's just not clicking or something in my head

Edit: I am dumb, nvm, thank you!

try to encode cookie with other user and put it in request / u can pm me also

The second part of the cookie changes when you log in right? Why would that happen, is that to track guests?

Can somebody please just point me to the right direction. Im stuck for 5h already at PUT request lesson. I think it should be easy one but..... damned....
I intercept connection to my target, send initial GET request to repeater, Make a PUT /flag.php HTTP/1.1 (at the bottom I added <?='....?>)
File is successfully created. I checked on FF, it is there.
But Its only "cat /flag.txt" text
Even when I do GET /flag.php HTTP/1.1 , I get only text "cat /flag.txt" on a repeater. The same as it really appears on the page.
Please point me to the way of light 🙂

i bet you are using single quotes ' instead of backticks `

O my god...... yes ! So its php syntax problem ?????

I cant find backticks

copy paste from the example

I didnt even know about it 🙂

I cant copy past nothing outside of VM. I dont know why, but it doesnt work on my side. like mouse-pointer, lol 🙂

o.... i will browse there hehe

if you switch to full screen

there should be a clipboard on bottom right. you can copy paste via that (if you are using pwnbox)

i needed to reset.... yeah, but how can I reach outside to copy something, when Im on VM Full screen ? What do you guys actually advise, working inside that VM or on your own FF and burp ??

using the browser pwnbox?

or your own vm?

if its own vm install guest additions or whatever they call it these days

my god ! 5h I was doing this really child-simple lesson ..... And I knew all the time that here, there is just an simple solution, and I didnt want to ask here, I sad to myself, I will grind more, more..... after 5h @tough fjord tells me about BACKTICKS :):):):)

I of course found a flag

well done

but believe me guys..... If I will have a bomb here now.... I will pull out the trigger, swallow it and watch my own PUT /hell.php HXYP/6.6.6

dont be afraid to ask for help if you feel you've exhausted everything you can think of

ehehhehehe

odds are it just needs a little nudge 😉

man you dont wanna know about my acrobation for 5h and what all did I try

jesus

tnx

bet you learned lots

OU YEAH 😉

we always learn more through trying and failing than getting it right first time

my god..... where's my bomb 🙂 damned ..... But yeah.... Feels goood now

😎

Ok can I ask 2 more things ?

@tough fjord ?

sure

why all afternoon , each time when I intercepted request, the first line of GET request was always GET / HTTP/1.1 , then suddenly, last 1h it was always GET /robots.txt HTTP/1.1 ??
Everything else regard to that lesson worked fine, it was creating file all the time only thing, I couldnt delete it. DELETE request wasnt worked.

this in burp repeater? or just via the browsers?

burp repeater

on pwnbox

it was probably set to /robots.txt and not changed

yeah, but I couldnt understand why 4h like that, and than changes

Im just curious what is happening behind.... to understand

but I dont wanna spam with my curiosity here 🙂 cause I dont know if it is appropriate topic here for that question ?

in repeater it shouldn't change like that. unless it was being redirected to that page

repeater didnt change that..... I just intercept with repeater....

I mean with burp

and send it to repeater than to work on it

what is actually request for robots.txt ? Cause when I was looking on FF, when I hit forward, I was the same as always...

or maybe better, why requesting robots.txt ?

what do you want to get when requesting it ?

robots.txt is just a page that list stuff search engines shouldn't index

hm..... but why when I hit forward in burp, I got the same index page with my flag.php file as always before, when the request was just GET / HTTP/1.1 ?? So in front-end there is no change, but what happened in back-end ?

i'm not sure tbh

ok...... I will google later..... one more question......

so, my primary and only one OS is Parrot Sec. As it is in pwnbox. But I am doing HTB academy in pwnbox for now. what do you suggest, pwnbox or working on my own machine (we are talking just for HTB Academy) ?

cause I tried both

and its actually not just the same

sometimes, some values, are different, of course...... and I just dont wanna stuck someday for long, just because something on my machine wont working exactly as in pwnbox, regard to some file which HTB Crew need to prepare in advance for us in pwnbox, Im just curious what is advise for smooth operations ?

so academy is designed to work with pwnbox

so anything you need to complete a module will be there, or you will be told how to install it

using your own vm it's down to you to make sure everything you need is there. which is ok if you are experienced and ok with doing that. obviously it can be a bit harder if just starting out as you have the whole conflict between is it your command or something that is wrong, or is it a problem with my vm

I am stuck I have the question "Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer." I used systemctl and found where it says apparmor.service but idk what to do with it.

yeah..... i understand yeah..... it makes sense of course..... so pwnbox..... its cool and I like it, but its just that square my god. instead of a mouse pointer.... I know, I know, I need to send a ticket to the support..... Thanks @tough fjord ! 😉

yeah that is really weird. I've never seen that dude

@small moat submit the answer without .service on the end

oh ok

thanks

it did not take it

lowercase

yep I just entered apparmor

Systemctl has an option to list particular units defined as "--type=<type>" this is the hint is there a command to put after systemctl to get it to show like this?

sorry I'm just trying to learn and understand

I found it I think

nah it still didn't work

Make sure you are connected to the target via ssh

I made that mistake

so I need to be connected then run the commands?

yes. Because the name of the service on the target is different

hi to everyone, i'm doing in the web request module POST and i'm stuck. I take the cookie but
i don't know what to do next. I'm a dumb sorry ahah

Hi @pearl karma . I just recently completed that one myself. Look into common encoding techniques for cookies.

i did i decoded it in base64

i have guest_*randomnumbers *!

try to escalate it to admin

play with cookie value

i also changed guest with admin and decoded but it doesn't work

try encoding it, instead of decoding the "admin"

question, this is my question "How many total packages are installed on the target system?" , I am running this command while ssh'd to the target, "apt list --install | wc -l", and I keep getting 738 but it's not the answer, what am I doing wrong?

this is in Linux btw

wc lists every output line. is every line listed an installed package?

wc *counts every line I should have said.

Morning guys 🙂

Wondering if someone could tell me what to paste in the questions block of the POST module? I've made it to the admin page, but when I try to paste my encoded cookie it fails

You havent completed the challenge. When you complete the challenge you will be given a flag to paste into the question block.

Oh thats confusing. I'm not even sure where to go from here.

I'm not expected to be using the browser right? I just used repeater to post the new cookie after the redirect and see the html reflecting that I'm admin @sudden summit

Youv got the correct idea. When your cookie is correct it will give you a flag

crap! Thank you man. I checked befor for other Q, but I didn't notice there was. But why if I'll go in /var/mail folder I can't see the htb-student file or folder?

Anyone about that has completed Linux Fund ?

Hey guys
I need help to find the NT version of Windows X, in Windows fundamentals. Tried powershell and cmd, still i cant find it.. plz help!

Finished linux fund a few days ago

hi guys im new how hack lo;

.

Do academy.hackthebox.eu and work through the modules @left mountain

oh

Hi can someone please hint me for doctor box, i got struck at root privilege escalation

Best place to ask for that is #boxes. You'll need to verify. Directions are in #welcome.

not sure,why i don't have access for that

you need to verify like nightwolf said

hey, anyone here that can help me with the "web requests" module?

ask your questions and someone should be able to help

im lost on what to do to obtain the flag? i follow the guide beforehand but i am not sure what to do to finish the module?

on which section? there are multiple parts to complete

oh right, sorry

the admin panel POST request

ok

so you need to use the guest credentials to login, then escalate to admin privilege

when you are logged in as an admin you will see the flag on the page

the guide beforehand never talks about privilege escalation though?

or am i overthinking this

You get a cookie, try and see what is in the cookie

yeah i b64 decode it and its the username basically

but i have no clue how to use this information for privesc

what does the first part of the cookie represent?

like you said its a username, so what account do you need to get?

admin, yeah

but what about the hash after it?

did you notice something about that part? what happens each time you log in as guest?

hello can anyone help me with this question

from the Windows Fundamentals module

under "windows services and processes"

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

do you have an idea

Hi, you have all the necessary information which will help you answer this question in the module.

but i am stuck

Take a break, come back, read again.

Read through running services and check for the keyword "Update"

okay i will thanks

thanks ill check

_< cn anyone point me on how to use cURL to obtain the source code of a website and then filter all unique paths of that domain? bn stuck reading mans/help/google searching for an hr nw

curl the domain - put it into a text file

look at what is common in the domains so you can filter on that

look at ways to remove the junk surrounding the domain

regex can help

gotcha, i was overthnking.. lme try that

thnx @tough fjord

you got it?

slowly getting there lol.. i got the number for the flag but trying to figure how how to clean it up w.o using python

yeah, my command for it was a mess

I did a lot of cleanup after the curl itself before piping it to file which made my regex slightly less messy

=/ im new to regex so still figuring it out

hi there, I'm trying to do the linux fundamental, and I'm doing something wrong with npm question. can someone help me in DM?

imagine you've already downloaded the package via npm

what command would you use to launch the webserver

I guess http-server isn't it?

I mean, I saw some command on google tells that you haven't to specify option when running command only start server. Is it right that?

your guess is right - now to match the criteria they ask for

ok got it. I really don't know why now it work. I'm sure I wrote before the same command with port parameter but got fail message. Maybe it was only a writing mistake. That because I was going crazy 😅
Thank you so much Agent_Tiro!!

no problem

question, this is my question "How many total packages are installed on the target system?" , I am running this command while ssh'd to the target, "apt list --install | wc -l", and I keep getting 738 but it's not the answer, what am I doing wrong? Is the command line wrong?

I posted this earlier but didn't really get an answer that I didn't already know i guess

@small moat I have a feeling you're not ssh'd into the target box

I am

I ssh'd to the target but it's not taking the number I get from 'apt list -install | wc -l

is there another way other than apt? Jst a heads up it didn't take that # as well for me earlier.. so jst gotta tinker around

Oh yeah I remember now, carefully check the response of that command, you might need to adjust your number accordingly.

pipe it into a file and check the content

ok brb

Some programmes ave title / version stuf on first line

do I still use apt?

yes

I am still confused I guess

I use the same command yes but I don't have my head around how to pipe the file

im just not sure what to put after the pipe besides 'wc -l'

Seeing as there may be some lines printed other than what is installed see if you can use a tool to filter out only lines with a certain keyword.

ok I will try

Got it!

Thanks for the hints guys

Hey , im trying to do Linux Fundamentals to refresh my memory

I'm doing this question

Find a way to start a simple HTTP server using "php". Submit the command that starts the web server on the localhost (127.0.0.1) on port 8080.

so i ran http-server with php and

||-a flag for address which is 127.0.0.1 and -p for port which is 8080||

and typed it like this :

||http-server php -a 127.0.0.1 -p 8080||

looks that there is a syntax issue , because it's not correct

Look at simple php web server commands

Okay

Done!

thanks

😛

seems easy when you do it lol

I hope HTB adds more content to Academy

and makes it much cheaper to afford

More content is in the works

They are just keeping the quality high rather than rushing

True!

Very impressive

HTB is my favorite stop

the rating of the boxes is not accurate though

something which is rated easy , isn't that easy haha

I guess it's because of the users rating

Thats because hacking isnt easy

True

And it gets harder all the time as apps have more security applied to them

also the cyber mayhem is an amazing mode , it's just very sad that i could only play two matches

makes me feel disappointed

even though i always subscribe to HTB VIP

Vip gives you 20

but still a committed hacker like me wont be satisfied with 20 only

Its only 20 while in this phase of testing

Yeah the beta

i figured

that's why i was waiting for the beta to finish !

Plus unlimited matches when tournament is on

something that bothered me when i was playing cyber mayhem is attackers on the other team are doing broadcasts to troll on the machine

so we get flooded by echo's

maybe that can be taken into consideration?

Also seperate ranks in the game mode

to make it fair , even though rank doesn't matter in Hacking = HTB

I think a report function is being made

And fine tuning of match making

👍

Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080. This question in linux fundamentals does not seem to accept any answers. Anyone got a clue? I tried http-server, local-sever, npm start, npm run

none of them work

look into what npm actually is.

@karmic tangle I actually was facing the same issue , it turns out it's just syntax issue XD

try to double check if there is an extra space or something

try not to copy paste

I tried typing the thing too

still does notwork

is it http-server?

with the rest of the command it is

Hi me and a friend are stuck on the Web Request Post methode.

Login as guest. Inspect the cookie you get. Play with the cookie with and make new requests and see what happens

yeah I was trying that : 1. Log in with the browser with guest guest (no burp proxy)
2. start burp proxy and refresh page 3.send this request to repeater
4. delete the cookie and forward the request
5. now re-add cookie by CTRL+z and forward the request

Overly complicated

Have burp turned on. But turn intercept off. Login as guest. Check http history. See the logon flow in the request history

Send the request to repeater then play with it there

You can also highlight the cookie value then right click and send to decoder

See if you can figure out what it is. Then play around. Re-encode it correctly and copy paste the new cookie value into your repeater tab

Submit request and check response. Keep playing till you know what is happening. Then think about how that can be used to become an admin

On succes what should be returned? something like Flag:xxxxxxxxx?

it will tell you that you are logged in as admin and give you the flag

Hmm when I decode the cookie from base64 in the decode. It will tell me guest_xxxxx%3D I changed the guest to admin and encoded it back to base64 but then it just tells me welcom admin_xxxx%3D

so what do you think that xxxx is after guest?

and what happens to it everytime you login as guest - does it stay the same or does it change?

ehh it changes

so think about a guest account - multiple people are going to use it and you need a way to differentiate between all those individual users on a guest account don't you

now think about an admin account and what is different about that vs a guest account

I got. I was simply thinking way to complicated. Thank you very much!!

no problem

Yes but i think its a collection of commamds like grep | wc | .....

it is a collection of them. the purpose of the exercise is to get you comfortable using what is available and chaining them together

Somebody has error as me ? In pwnbox when they use powershell with the module windows fundamnetals???

The powershell doesnt know the commnad Get

have you xfreerdp into the windows box?

hey all, im working on POST method module and they want you to Login with the credentials guest / guest and try to get to admin. i followed along with the module each step but im not sure what the question actually is looking for, im logged into the admin panel of the target but theres nothing to submit as an answer? am i overlooking something?

the hint just says "cookies"

if you look at the message from Agent_Tiro just up here, you should have a idea what you should do

oh lol they were just talking about it, thank you

I got it as well, thanks @tough fjord and @rustic sage for pointing out the conversation, i guess i didnt think to play with the cookie as i was so focused on how the module was showing how to manipulate POST request content types

good day all, how do I seach for services listening on a targets system, and how do I make it look on all interfaces?

Nmap?