#modules

if you do a ls -la you will see the S in the permissions

thats also why its highlighted red

oh thanks for the info, I was wondering what is the purpose of the whole module, i could just cat /root/flag.txt directly from the terminal. Now it makes sense, thank you

One noob question how should i pass the python string output to the leave_msg command, I tried running python and sending the output to a file and then send the file as input to the command but it didnt work

Can someone give me a hint what i have to do here with this question:
Determine what user the ProFTPd server is running under. Submit the username as the answer.

i found out lol

does anyone know how to bypass admin rights?

Which module

huh

idk

i just want help

@dawn vapor in gdb when you use the "run" command you are executing as if it was on the commandline. So everything after that is your input.

Hello again, I'm currently at the Web Requests POST and the cookie doesn't work. In what format would the cookie work?

It means you entering wrong cookies

But I can only see one cookie, it doesn't change whatever I do on the site.

Have you tried changing the cookie yourself?

Which option needs to be set to lock a user account using the "usermod" command? (long version of the option)

Hello Every one

check the man page

man usermod

I tried usermod -L its not working

I finally got it1

I got the POST request! Finally! Thanks to everyone here!

swepss?

thanks bro i was missing the $()

Can you see the finished modules after you finished it? If it is a Yes, how?

@wet swallow navigate to modules under which you will see modules that you own I think you might find it there

Yeah ty 👍

Hello guys! Could anyone help me, please?
I'm stuck at the third question of Linux Fundamentals. This is the one that asks for the full path of xxd binary

I used the locate function but the results show many paths

Got it!

good have fun 🙂

Thank you @rustic sage

ok im stuck at the lfi rce thing. i got the kernel version but its very cryptic and im not sure what format is required

the usual suspects did not work... Any tipps how i need to format the string so it is accepted ? Thank

+s

ok found it 🙂

ok i need some hints in the final lfi challange

i tried the normal traversl techniques and the encoded ones and i get invalid iput so i guess the server is protected against dir traversal. Is this correct or do i soething wrong ? i tested like this: 1/index.php?page=....%2f%2f....%

Thanks 🙂

Also there are no cookies prenset i just checked

hi

Hello, I am currently taking the Web Requests module, and I am on the Request and Response Section. I have followed the Burp Suite setup to the letter and whenever I’m trying to capture the traffic through the proxy, it gives me this error:

Burp Suite Community Edition
Error
Failed to connect to 206.189.25.23:30147

Is there something I could be doing wrong?

You need to change the proxy on the browser to burp

Thank you for your response @wet swallow, I did change the proxy on FoxyProxy to Burp, but the same error was flagged up :/

Oh ok, send me a photo

Thank you, I have sent you a private message.

My console did Freeye..

freeze

Hi everyone, Can someone help me understand the POST mini challenge for the fundamental Web Requests Module? I'm a bit stuck

guys how to start a simple http server with NPM

i am in the linux fundementals module, working with web services section

i tried npm serve but dint work

also tried python 3 web server didnt wokr

Look for the http server in npm

And then how to use it

Hey everyone I'm very very new to htb and hacking in general the most Ive ever done is a wifi deauth middleman attack and that was with following a tutorial

My question is on Linux fundamentals Ive been trying to find the "mail directory of htb_student" I have found two "mail" folders but they aren't correct anyone got any ideas ?

Check your environment variables

https://www.cyberciti.biz/faq/linux-list-all-environment-variables-env-command/

thank you so much

np

hey quick follow up question

ive been trying to work out the shell version

which I thought was GNU

but that isnt correct

oh it wanted the path of the env

that makes more sense

GNU is an operating system

Not the shell

oh

im dumb

thank you

nah np

haha

you got the correct answer?

yeah thank you 🙂

Can someone help me, i am stuck in nmap module
Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.

which service @dawn vapor

in the hint they mention the web service

hey im stuck with path directory at linux fundamental,can someone help me?

Use various scripts to find it slayer

Hi i started with the easy module fuzzing with ffuf but i cant post in #774040372966981644, can i do that ony after passing the first easy module or do i need to be manually added ? Thanks

You need to verify your account

@tough fjord how do i do that ?

Read #welcome and have an account on the main htb account

learning progress best module ever

omg

i love it

sum spiritual stuff haha

Hey guys

How can I count the number of packages?

I tried find command and apt list --installed

But every answer is wrong

With find I used -name *.deb and without it. Also tried grep systemd and without it

@shrewd edge read the content again and carefully

You say in the same page on the exercises?

I cannot install the npm command, the user is not part of the sudo group

read the hint

I tried everything

Can someone help me with the File Transfer module question: "Upload the attached file named upload_win.zip to the target using the method of your choice. Once uploaded, RDP to the box, unzip the archive, and run "hasher upload_win.txt" from the command line. Submit the generated hash as your answer."

It is the Windows module, so we saw only windows transfers, how are we supposed to transfer the file from the linux pwnbox then? Tried everything..

Hey everyone im i little bit stuck at web request.
Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337. Is the question.
do i have to preform this in my terminal? Because wenn im in the terminal and i perform the command:
curl -u admin:password http://thetargetip:some/flag.php ?port_code=1000&337
i do not get the result im looking for honestly....

Yeah in the terminal

and what do they mean with their sum is 1337

like the first parameter and the second must be equal to 1337

Yap

Yeas

Yes

oke and in the line port_code do i write it correct because then i dont know what i do wrong exactly

Don't forget me please :p

Idk that. I didn't do that module

Its not portcode

@shrewd edge think what could be the silly mistake you could have done... It's that easy... I was stuck on that for hours untill I realised it

Rdp into windows target. Then use the techniques it said

Really nothing works on my end, even tried opening a simplehttpserver with python on the pwnbox, en using a downloadcradle on the windows box

That should work

Ok worked thanks, so much tries for such a silly thing xD

Lol

Well done

It could be! I'm stuck in this for hours and I cant see what I'm doing wrong

You are using wc -l to count lines right@shrewd edge

Yup!

They displayed output may contain few lines that aren't relevant

And remember

That wc -l command count lines no matter what it is

Including the error ones

There are no errors

I tried this:
find / -name *.deb 2>/dev/null | wc -l

Just you can consider them illusion

No dear

You have to find Installed packages

Go to package management section

Revise it

I did. I tried using apt list --installed

Yaa

That's the command

In that output look hard

If you don't find write me in private

Ok! Thank you very much @viscid moth

Hello all

I am doing the linux things now but the question What is the path to the htb-student's home directory ?

/home/user<nr>/

doesnt seem to work

check if you're working on the right machine

jezus i feel so stupid now 🙂

thanks

got all except : Which shell is specified for the htb-student user?

was thinking the answer should be Bash

but it is nor correct

maybe you're not totally wrong

@vernal falcon no answers pls

sorry

i got a question for the POST METHODE

do i have to do this via BURP or TERMINAL

because i assume that i have to get admin login

both can be used, probably easier in burp

Oke but it looks like that burp doesn't work good in the vm

I do not get the same output wenn i follow the steps to the PHESS.... cookie

well it gives a different cookie

How many total packages are installed on the target system?

i get either 738 with apt or 748 with dpkg-query

but neither are correct

See if you can use apt to get the number

yeah i did

and?

what cmd did you try

apt list --installed | wc -l

wc -l will count the number of outputted lines, not necessarily the number of packages installed

Remove wc -l and take a look at the output

am i supposed to count them manually ?:)

No, you have to count how many lines in the output are NOT packages

You dont want Listing... to be counted as a package when you wc -l

and just subtract those

basically filter the output you initially get to only show the lines you want to count

ya

probably me but i dont get that really 🙂

i understand that wc -l count the lines, some packages have 2 lines

wc is dumb - it counts every single line of the output you are given

every single line of the output is not an installed package

i understand that i have been wrong there

so you need to filter your output so you only count the lines you want

i did that with awk

ok

haha still dont get the right answer

owh well diner time first 🙂

pff was one off 🙂

thanks all

Can you buy cubes separate or only with a subscription?

you can buy them in packages

What do you mean with packages?

And with what you can pay? I don't have a credit card nor paypal

You can buy them in bulks

100, 500 etc, you dont need a subscription

I think credit card is the only way afaik

Oh ok, I don't have a credit card. Unfortunately

in some stores you can buy one-time use debit cards with cash

Which stores?

depends on your country

gas stations has them here, wallmart in the US I guess

Oh ok. I think we don't have them here in my country

hi

Hey

How did you fix the post method

!rank

Do you need help with post method?

yes please

find / -type f -name *.conf -newermt 2020-03-03 -size +25k -size -28k

Im trying to find a file that is "created after 2020-03-03 and is smaller than 28k but larger than 25k?" When I run the above command I am presented with numerous paths that don't know what to make of. Am I running this command correctly?

linux fundamentals > Find Files and Directories

Do you know about redirections?

no, I think that that is the next module.

Yeah read that

And then make this

Question

Thanks! I was able to figure it out. I'm curious, shouldn't I have been able to figure this out without having to go into the next lesson?

Never mind, I missed something in this module

Idk

I had the same problem there

Brilliant ladies and gentlemen of the HTB discord, I am writing to ask for help with a simple question, but one which has caused me great headache. The question in question is on the Windows Fundamantals Module. If someone could give me a hint or a nudge in the right direction it would be greatly appriciated since ive spent a few hours now smashing my head into this

'Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.'

Check the hint

Use PowerShell! - the service is related to PDF editing

Failed to help me, I have tried filtering the Get-service command with everyhing I can think of

Very likely I'm doing something stupid

yes u can sir

So a non standard service relating to PDF

How?

look for the command grep

Oh ok I have finished already

But I was also stuck there

I have gotten this far but am now at a block, any hints?

You can use a command which shows you all installed program. Maybe that will help you

use a command that is similar to grep in windows

from there u filter

ive been using commands that look like this

Get-Service | where {($.Name -like "S*")-and ($.Status -eq "Running")}

trying to filter it to show something to do with editing or PDF's or updates

having no luck at all

search

grep in powershell

like : Get-Service | where {($.Name -like "PDF")-and ($.Status -eq "Running")}

in the browser

ok i will try that, thank you

Sorry but i dont get it. Which flag on the .php should be 1337?

on GET request.

The content length?

Content-Length: 1286

did do it with Curl

You need to send a get request with curl

i did : 301 Moved Permanently

You send a GET request to /flag.php with two parameters, num 1 and num2, with their values set to a total of 1337

The task is not telling you to do anything with content length

1000 and 337

that will work

but i dont know how i should write it in the answer..

SUCCESS!!!

https://tenor.com/view/yeah-baby-yeah-austin-powers-austin-powers-international-man-of-mystery-mike-myers-gif-7233287

The difficulty was to understand the Language to and to like [to like a thing and to like the direction.

evening all

wondering if there is someone around who can shift my thought process a bit on the GET request problem. Looks like the last couple messages were about the same thing I am bloodying my head over

Beginning to wonder if we shouldn't have a regex course here 🙂

im just trying to figure out syntax more or less

seems that my curl commands are not correct

whatever it takes to learn what I am supposed to be doing, the correct way

Sorry Serial, my post wasn't directed at yours, was just posting in general, seems like learning regex would be highly beneficial

no worries here m8. 🙂 I just want to actually learn the material. I'm willing to take direction

What part are you at specifically? Maybe I can help.

even if that means learning other material first

so I have gone through the module, used burp to follow the traffic, now I am working in the shell with curl commands

getting "parameters not found" regardless of the syntax i try

Yes but what course and section? There a few that use curl

gotcha, sorry bout the confustion

Web Requests -> GET Method

Ok, you can use curl, but you could also use burp as well

hey guys , I am stuck at a question (Determine what user the ProFTPd server is running under.) can anyone give me some hint ?

look for the processes running

Thank You !!! @rustic sage

no prob !

@opal condor look at how to make requests with a parameter via the URL. Then look at how to send multiple parameters.

The module covers this. Its just down to apllying what they explain

so im having a little trouble with finding a way to start a simple http server using "npm" I thought I had the answer right with "npm install http-server && npx http-server -p 8080" since you need to install http-server if you dont have it and then run it on port 8080 where did I go wrong ?

never mind I found the answer lol

I was way over complicating it

Imagine if the npm http server module was already installed

yeah once I realised I did the right one thank you anyway !

What is the command for seeing how many total packages are installed on target system?
Trying with: dpkg --list | wc -l, but getting incorrect answer... Please help!

it's an optional question, but still can't find the right answer 😦

same problem here. I tried all the possible things but no luck. everything i entered was incorrect

You have to use the apt command

Look at the output of those commands before using wc

Wc counts all lines. Maybe some of the lines being counted arent installed packages

hello

i need help with JavaScript Deobfuscation

how to download my HTB academy openvpn pack

Hi

plz help me

@true nimbus the vpn pack is available next to the exercises

where

i cant find it

send a screen shot plz

it's been sent in a different channel since you spammed this question everywhere

its a bloody huge button next to the questions

@rustic sage I googled for online tool and find a website to paste the code in. 🙂

yeah

i encoded it too

but the encoded line is <7

and when i tried to paste this in the comand it dont work

thanks, I appreciate the feedback. I was on the right track, ended up being my syntax... and bad math. 😅

Np

I feel like an idiot, but I must be missing something on the fundamentals POST module. I'm getting auth cookies, not PHPSESSID - is that why I can't figure out what I'm doing wrong? I've read every thing above that I can find and I'm not sure what I'm doing wrong. log in without proxy using guest/guest, turn burp/proxy on and refresh, and I'm trying to modify the cookie using the repeater but not getting anywhere.

try to see what can you do with the cookie

@rustic sage All I can do is remove cookie.. trying to change it doesn't seem to stick. Can I DM you?

yeah sure

does someone have a cool source online where i could learn more about "Linux Fundamentals -> Filter Contents"? "sed" "awk" "cut" etc. . I appreciate it

I only found standard stuff so far!

According to package management "apt list --installed" lists all installed packages.However when I count the lines with wc -l and submit the number as answer is not correct. Any thoughts about this ?

Wc only counts lines in the output

Not every line is an installed packages

Maybe filter it for what the answer is looking for

thx buddy. i was able to solve it

Hey @tough fjord in filter contents what does the word "services" refers to ? Is it referring to ports ?

No

Services are the processes that are running

Might be a server

Or a network connection

gotcha

Thank you

👍

👍

I'm having problems with this question "Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com/" website and filter all unique paths of that domain. Submit the number of these paths as the answer" could you please guide me on how you were able to find the answer
So far, I have used this command " curl https://www.inlanefreight.com | grep "inlanefreight.com" | grep -v "wp-content" | grep -v "https://www.inlanefreight.com/wp-inlcudes" | grep -v "xmlrpc" | awk '{print $1, $NF}' | wc -l" The number I get is still wrong.

Could someone please help me with this question. Thank you in advance.

I just solved it after lots of research

First be clear with the term path

Although I did it manually because I was tired from hrs using different command

Try sort to filter out duplicate

how were you able to solve it?

I was googling for commands that could help me. I'd tried many times

I'll give a hint

i was also googling, but none of them helped

7 different commands

You might be doing a very silly mistake@surreal tusk

the command I used starts with dpkg

In counting

dpkg --list | wc --lines

is not --list

take a look at it https://askubuntu.com/questions/17823/how-to-list-all-installed-packages

nvm , lel xD

dis xDDDDDD 🔥

yea i been there too. with time that knowledge will come. for now i solved it another way. i was doing half with script and half manually.

Any hints, with using grep, sort, wc, cut, tr, column or anything of sort bro. I'm getting same duplicate results. I have count them by their numbers filter wp-contents, wp-includes script because I don't consider these as directories yet still the answer I submit is incorrect. What script did you use bro, Java or Python to get your answer.

@rustic sage @pearl birch you don't need any scripts to solve that exercise
pay attention to what you see and determine which parts of the output you can use to filter the content you need

Can someone help me please with Ffuf Get Parameter.

I get a big list with 301 status, but how do I know which is accepted by the server

?

I don't get any 200 status

Question is:
Using what you learned in this section, run a parameter fuzzing scan on this page. What is the parameter accepted by this webpage.

So I used this command:

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://academy.hackthebox.eu/module?FUZZ=1

If I use the filter -mc 200 I got nothing

Filter by size

And maybe follow redirections

You may be missing something

Check the request and response in burp suite

Do you remember which section?

What does "unique path" means ?

Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080.

Any ideas

Tried researching it on Google? 🙂

Search google, it was fairly easily.

Well, no duplicate paths.

thx

hey Im trying work out how to list how many packages are installed on the system my current command that im using is apt list --installed | wc -l and gettikng 738

@mighty mauve Look at the entire output of of the --installed command manually and think about your piped commands

Your cmd is missing one ingredient... grep installed and you will arrive at the answer.

after hours of running around in circles, looking for the answer went through burpsuit sent post request and everything else, just for thr answer to be simple laying around in the main html code (´Д⊂ヽ got ahead of myself

im still having issues with this im not sure what I should be looking for I dont know what Identfies a package

im stupid

the answer was right infront of me

Web Requests - Post Method
Can anyone help me at this ?
----MY ATTEMPTS-----
I'd encoded in base64 "administrator" (without double quotes)
then I tried to replace the guest cookie both using burp and not using it
At the end it just displays "administrator" decoded, but when I inspect
the page, the auth cookie is the one for guest.

Command "#curl https://www.inlanefreight.com" is giving me the source code. How do I get this command to filter out all the unique paths of that domain?

@spiral egret means?

i overlooked the answer thinking it wasn't it (^_^;)

Ok

Nevermind ! I solved it

Hi everyone, I am probably very dumb but I don't know how to access to the VM target (I am at system information in Linux Fundamentals).

https://www.ssh.com/ssh/command/ there you go read it

look at the diffrent user section! enough hint. in the bottom of the Linux Fundamentals you see the target you can connect to with all its info for connecting

So I just write "ssh -l <new user> <target>" ?

It worked ! Thank you a lot !

awesome remember that command it will be needed on daily base

Im stuck at few hours on this question:
Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.

With curl i get only the HTML source code... then I try grep which counts all the 49 links... how to figure it out to filter the duplicates and then to count it down?

that sounds like a good process to get the answer bajastera

well yeah, I have tried now with sort -u to remove the duplicates and then with wc -l to count all the paths... still got the wrong answer

POST Method (Web Requests) is kickin my ass. Somehow i get all cookies and i fiddle around with it but no final result. My question is do i need to klick send in repeater or forward in intercepter? Any good website to read about it?

use repeater it is easier for sending many requests

instead of having to intercept and edit and forward

Ok thx. i guess i have to change something on guest_ ??? is that right?

play with the cookie and see how things go / what it does

im trying

you know whats funny i dont see "PHPSESSID"

Thats just a different name for a cookie. This one is auth

still didn't found the correct answer...
last command i tried was
curl https://www.inlanefreight.com | grep -o https://www.inlanefreight.com/.* | awk '{print $1}' | sort -u | wc -l
could sb help me out? hahaha

Question states, get into admin dashboard, if you play with the cookies a little bit you will figure out.

problem is if i clear cookies & cache and login to the page interceptor turned on i will not get an auth=xxxxxxxxxxx cookie

Google this, it will be a good start; How to use grep and cut in script to obtain website urls from an html file.

Can someone help me with ffuf get parameter. I am still stuck a few days. I tried everything. I don't understand

tried every code, some gives me errors, others give me wrong answer... i can DM you the commands and outputs

Sure.

hello

happy new year y'all

i am working on the windows fundermental module

and i am stuck on this question

" What is the alias set for the ipconfig.exe command?"

any idea please

Would be pretty helpful if there was a list of aliases somewhere...

IIRC that is a powershell question

in powershell you can use the get-alias cmdlet

I need a help on the task "What non-standard application is running under the current user ?" of Windows Fundamentals Module. I literally gone through every service both running and not running, and could not find it. I even found something, that google says may be a trojan, and that as well is not correct. So I would be grateful if someone can give me some strong nudge, direction whatever, if not publicly here then in DM. Thanks forwardly!

Can anybody help me with something pls?
I asked lots of people but anyone could help me, my problem is with Windows Fundamentals (second question)

If somebody wants to help me pls text me

What's the question?

Ive been stuck on "find the full path of xxd binary" in linux fundamentals for some time, and feel like at this point i'm going progressing backwards.

I am now sending "find -type f -name *.xxd | wc -l" and am not sure where else to go from here... any help?

just use which

or locate

wow that was a lot easier than I thought, thanks. I guess i didn't understand the question.

Hello everyone! New to HTB. Im stuck on the following question: Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer. I have tried scanning with every script option available and nothing. This is in the NMAP module.

I think you will find your answer in #774040372966981644

hello, the faq cannot be seen by new members 😦

also I too am stuck on the post method. I got into the admin panel after playing with the cookies, i just have no idea what to put into the answer box

also the onpage "cheatsheet" quite clearly lists a tonne of console commands yet never shows them in use or even mentions what program to use them in

nevermind, figured out the solution... I really hate that they dont teach you a step in the previous tutorials

Hello guys, im stuck on the following question: Login with the credentials guest / guest and try to get to admin(Web requests(POST method)). Don't answer directly just give a few hints, i've been looking for an answer for 3 hours

Decode the cookie..look at what it is and what happens if you modify it

I did it before with base 64 but it didn't work

i need the password for encode it

@tough fjord

No you don't

Z3Vlc3RfYzg2OTg0YzJlMzJiMWMwYjE3YTc%3D -----------> guest_c86984c2e32b1c0b17a77.

i have the name and one hash

I put admin instead of guest and encode

but dont work

@tough fjord

Doesnt work in what sense.

Does it log you in and say the username on the screen?

If it does then it worked. You've just not encoded the correct username

What do you think the string of characters is after guest_

Admin panel

Welcome, guest_c86984c2e32b1c0b17a7!

I get this when I log in

Cookie: Z3Vlc3RfYzg2OTg0YzJlMzJiMWMwYjE3YTc%3D when i decode it i get guest_c86984c2e32b1c0b17a77.

but i need admin cookie

@tough fjord help me pls i dont understand 😄 I've been working with this for 5 hours

I tried all the possibilities but it doesn't work

You can modify the cookie to be whatever you want

Use burp like shown in the module

i make it when I change the cookie, it gives me its decoded state on the home page

Yeah

And that decoded value is the username you are logging in as....

Someone any tips on the Skills Assessment - File Inclusion/Directory Traversal?

stop trying ../../ <-- this method

and use other method

one of the .php is very obvious but we tend to overlook it

@oblique acorn DM me

sqlmap custom boundaries. How do i find them? Been googling and testing some boundries, but i dont have a method on how to find them. Is there a way to find custom boundries ?

Are you talking about case 6 ? @halcyon bison

yes sir!

They are talking about prefix.. which isn't closed properly

I have a question about flag five @halcyon bison

so just some trying ' ) ] } etc?

@still violet ask away

I think I got the right flag it isn't being accepted.. can i dm you ?

sure

SQLMap case6.php ... any method to getting the right prefix and suffix?
.. kinda stuck

Or a way to review the php file would help too

does anybody did Windows Fundamental?

did that month ago.. @wary elm

I have a problem, can you help me pls?

yeah..

lol, i just discovered the "Hint" button 🤦‍♂️

@wary elm dont ask to ask .. just ask 🙂

Well I thought You wanted to find out prefix yourself

i did .. but i also value my time

man i want to say thank you very much ... i am not only solve this problem but I learn new things about admins and cooskies ... thank you from all my heart

i exhausted all the resources at my disposal before clicking it.

how much time did you spend on case5 for scanning @halcyon bison

@still violet i used the PWN-Box and scanned for about 5-10 minutes.

heavily depends on the selections you make y/n

Uhm hey x

okay thanks.. I was scanning from my own machine.. Its faster in pwnbox

yeah just leave me on read

):

Make sure you understand the output of SQLMap and the selections you have to make.

Otherwise it might take a very long time

Filter as much as possible

DO NOT look up George Floyd in the gifs

Just ask question directly

is it possible to reverse engineer a microwave

😂 Don't know

fair enough

it is

how

i installed parrot sec on the oven recenly btw

but how does this question fit in this channel?

yes

HTTP Status Code response 718

ofc

🤭🤭

Can someone help me with the skills assessment on the web fuzzing module, every time I do an extensions scan all i get is php 🤷‍♂️ Ive tried a number of different wordlists and added all the sub-domains to the hosts file... Can someone give me a nudge please!!

are you using the right delimeter character and have you tried all available options like gobuster dirb dirbuster etc ?

yes to the delimiter, and the module is about doing it with ffuf so i havent tried them

@quiet torrent my goto is dirbuster with the medium list

cheers! ill give that a go now

Hello, I'd like some help because I've been stuck for about a week with the web request module more precisely with the POST method. I can access the admin panel but I can't find any flag . Thank you in advance for your help

(ping me if you answer)

if you are logged in as an admin it will give you the flag

if you are not logged in as admin it wont

so if you aren't finding the flag then you've not escalated to the admin user 😉

Ok thank you

Hey, can anyone help me with a question on the Linux fundamentals course please?? i'm trying to find how many total packages are installed on the target system, and i'm getting a number but it apparently isn't the right one...

Someone having trouble entering in windows VM for windows fundamental?

@rustic sage use apt list --installed | wc -l

I tried that already, and "dpkg --list | wc -l", both give different numbers and both are apparently incorrect

Whats you answer using apt command?

738

dpkg command returns 748

have u checked the man page about it ?

hello guys, im here at first time. Sorry my English

i have, so unless i'm missing something i'm not sure what to do

sudo dpkg --get-selections

I got what's the problem

maybe like this ?

We need to use grep command too

dpkg --get-selections or dpkg -l

That did it, thanks!

i get it now

Yeah I used grep because I thought there might be some not usefull lines

Please don't just post answers

It defeats the purpose of people figuring out how to use the tools available to achieve an objective

The same can ve achieved with hinting at them filtering results

Why not help somebody out by posting an answer? I've been trying to answer this one question about LInux fundamentals for like 2 hours. I can't even seem to get the hint correct but I can make it work in the terminal

it still tells me "incorrect answer"

systemctl --type=service | grep AppArmor produces the result it wants but it's still incorrect for some reason

I need my cubes 😦

Hi folks, did anyone have a hard time completting the POST Method section in the web requests module? It seems simple, but I can't duplicate what the example is showing. Any help would be appriciated.

is it about the login as guest ?

yeah

I am not sure what I am missing.

the hint mentioned cookies, am i right ?

@night osprey being given an answer without understanding it won't help when similar problems are encountered and that exact answer doesn't work. Learning fundamentals is about figuring out what tools are available and how you can chain them together - yes it is frustrating to keep getting things wrong but it is part of the learning process. You'll learn more and retain the information better. For that exercise make sure you are ssh in to the target and try grepping without it being case sensitive

right, I have tried login as guest and then replacing the cookie with admin, but it makes no different. There most be something I am not comprehanding, and I do want to understand.

also in the start it gives you the admin:password, which kind of confused me lol. @timid grove

are you encoding the cookie? and what does it display once you make a request with the new cookie?

i understand . just scrap that . for the exercise there's no admin password given to you .

No, I didnt think I had too since I copied directly from the admin Post request, and when I refresh again i remain with the guest access flag. @tough fjord

Thanks @timid grove I figured that out after trying so many times lol. Just not sure what I am missing. I also tried login in as admin with the cookie I get from the guest access.

so login as guest. view the cookie, decode it. think about what it represents and what you see on the page when you are logged in

then play around with the cookie and see what happens. Then think how you can use that to become an admin

Ok, I will try that! Thank you guys so much for the help! @tough fjord @timid grove I'll let you know how I make do.

I've already tried that and it's still not working. If the point of the module is to teach me about process management then it has done it's job. I can produce the result it is asking me for. I'm just not producing it the way it wants me to.

best of luck ! remember agent words and try to play around with it

@night osprey dm me the answer you are submitting

i just did a re-run on the question of that module

the answer is like in the example

once enter the command

just scroll down and look for Load AppArmor description

u can find the answer there alrdy

I guess I just don't understand what the module is specifically asking me to do

maybe i'm thinking about this too hard?

from what you've dm'd me you've done it right. but you are doing it against your Parrot instance. you need to ssh into the target

I need to SSH into the target every time to answer all the modules correctly or just this one?

Majority of modules require you to SSH into the target system

it will tell you

Oh

I feel like an idiot

at the top of the exercise section it will list credentials etc

Lol

yes sometimes

dont worry you are not the first - but wont be the last

Thanks for the help!

Could I dm one of you guys? I must be missing something. @timid grove @tough fjord

sure

Thanks

I finally got my cubes back! thank you so much!

HOW do i open the RDP

ow never mind i did not pay attention

Now im in th RPD if i use a cmd. i get the output:
DNS server not authoritative for zone.
What is it that im doing wrong

I'm haveing problems with that too, welp, never used Powershell but I guess I gotta learn

and, question: https://ss64.com/ps/get-wmiobject.html in this site they provide it says that "Get-WmiObject" is deprecated, does the version on the workstation still work with it tho?

It should still work.

Alright, thanks

I am stuck at post method , whenever I intercept after refreshing after login I don't get the cookies!!!

What's the first step that you do?

I mean, what steps are u following?

I first Logged in with interception off then refresh with interception on in burp

from the way you've described it seems that you haven't set up the proxy from the browser (web) to burp

Yes I did

I mean I did setup proxy from browser

I am getting everything except cookies

If you are getting the request with header/body then the cookies are there

I think you must to login with interception on in order to change the cookie while loading the page

here are the steps that I follwed
1.open the target in web browser
2.started the burp and also setup in browser
3.entered the admin:password and hit enter
4.In burp I see the POST /login.php after sending it to repeater I am getting 200 OK login failed

you need to log in with a valid account

admin and password are incorrect?

yes

OMG thank you very much !!!!!!

I was ignoring that guest/guest this whole time

Hello guys, i'm doing Linux Fundamentals - User Management, on the first question i am unable to submit the answer, when i check the network it shows that the request is forbidden. How should i do?

refresh may

The answer isnt right

But refresh the page and make sure you are authenticated properly

what error are you getting exactly

Tried many times, same goes forbidden. I tried another section and it goes well except the user management section

@stable pagoda I was using wrong username and password so I was not getting cookies in Request

OOOh ok..

Ahh nvm, perhaps it's because the path answer, when i input the ||-m|| flag it goes correct

Good day, I'm looking for some assistance with one of the questions. Its asking ```What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

I tried this:
find / -type f -name *.conf -size -28k -size +25k -newermt 2020-03-03 ``` However, I'm getting back a list of files that are listed as permission denied.

You can add 2>/dev/null to the end of that to filter out all the ones you don't have access for.

@urban sage Thank you.

I got it! Thank you for pointing me in the right direction.

a small modification of the example provided in the class helped as well.

Seems a little silly to me that localhost doesn't get accepted as an answer, but 127.0.0.1 does 🤔

i am aware that localhost might become a different ip address, but anyway

/rant

yeah, the npm server defaults to port 8080, so just that command without -p should have been accepted as well...

yeah there was that too

but i figured that one out quickly, the 2nd one with php took me a bit more time because of the localhost/127.0.0.1 thing

the serial number on windows fundamentals mode can be found using the command ||"wmic bios get serialnumber"|| ?

figure it out

lol

I'm stuck on FreeLancer web application, does anyone know what area should I touch? I have tried SQL injection, bruteforce login, cross site scripting,..

I have tried over and over again in the linux fundamentals to list all the packages installed on the target host, and it is just growing tiresome. Is it something I am doing wrong? I have been using apt, dpkg-query, wc, 2>/dev/null, and tried other stuff yet I cannot figure it out.

your command won't work because you're redirecting to a text file, so nothing gets piped to grep.

It works. I get 35 as a count

I figured it out : ) had a few in the list that did not belong. Thanks for the help.

I am having the same issue now xD

Hi everyone. Can someone give me some hints for making correct GET requests with curl? (I'm having trouble in Web Requests -> GET Method). I've already searched in the discord chat and online, but didn't understand what to do. I have to send a GET request to flag.php with num1 and num2 (the problem is that i don't know how to do it with curl, but i know how to create the url string)

Does anyone know why the Linux Fundamentals is not completing? I assume it is something to do with the permissions management section of it

Did you answer all of the questions in each section?

I did

Everything is spot on

Hrm, i'll either have a suggestion, or the same problem in an hour.. 😉

Oh wait, figured it out.

@rustic sage It's just curl <url>

Thanks. It was a problem with the & character, now it works

Glad it worked for you!

I am taking Linux Fundamentals, Which kernel version is installed on the system? (Format: 1.22.3) I am stuck with this question. Can anyone help me?

Hey guys I’m new to all of this and I’m doing Linux fundamentals and I need help with the first question about the machine hardware name. I’ve tried using google for help but I just end up getting more confused.

same, buddy

I thought it would start off easy lmao

exactly

I mean I guess this is easy but since I literally am new to all this, this is already too hard lol

also, when you look informaton they are not include answers lol

Yeah they don’t. And google doesn’t help. It just becomes too overwhelming for someone with no experience.

quick question : I am doing the linux fundamentals. how do you find the info for "Which shell is specified for the htb-student user?"

for example, third question answer is /var/mail/htb-student but you do not know the "/var/"

/bin/bash from google
do not ask how lol

I would’ve never guessed these answers lmao

I’m not go far on this lol

lol i put bash in too

It can be checked by looking at the $SHELL environmental variable typically.

So that would be echo "$SHELL"

Yep!

can you help me on this question? Which kernel version is installed on the system? (Format: 1.22.3)
i tried uname -v but bot says incorrect answer

i thinks its asking for the version number not the command

^

how can i find it? lol

uname -v outputs SMP Parrot 5.5.17-1parrot1 (2020-04-25)

but it doesnt accept 5.5.17

it says answer incorrect

Im working on the same module.... So I am wondering why it doesn't accept it either.

I am stuck on this question like one day

I DID IT!

what was it ?

@vapid flicker you need to connect to the target to find this information

@tough fjord hey I appreciate your reply. I actually got it a little while ago. Thank you for reply tho and appreciate it

Just signed up to and working my way through the academy! I am good at Linux but need to develop my offensive skills!

guys im stuck at POST method in web requests.

How to I gain access to the easy modules room?

its asking me to get admin with a guest account but the response from the server isnt the same as in the pictures

no

its just a question that i am stuck at

@topaz lodge you need to verify your discord account with your htb id - read #welcome for full details

RGR thank you

Read the Cheat Sheet and Check for Google.

Hey, stuck at "Find Files and Directories" module, can't search for file because doesn't have permissions, when I try execute it with sudo keep getting "not in sudoers file This incident will be reported"

Bruhhh. Im sucessfull log in as admin in POST module, page return me a flag, but htb give me info, that my flag is incorrect

remove the !

or keep the ! in, one of those two

Does anyone know what's the problem, connected via ssh to target

Yeah, without ! is working! I tried this earlier, but didn't work. Now is great, thank you @tough fjord

@azure dune 2>/dev/null add that to the end of your command

it will redirect those errors to null so you will only see the info you want

Thanks that works

I am in linux fund module cracking this question, "Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer." I don't understand what they mean by filter unique paths. More specifically, I don't what is classified as a "unique path".

Has anyone here already solved the challenge of the hackthebox academy of the LFI module, to attack INLANEFREIGHT and get an RCE? it can be just a little light

Hey guys,
I am stuck on Linux Fundamentals (Service and Process Management).
I believe I have the right answer for
"Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer."
Any advice would be great

@green grove are you ssh into the target? As givint the full name should work

Yeah, I am using an instance

I am entering the command ||systemctl --type=service | grep AppArmor|| and giving the unit name

happy to dm you the unit name as well!

@dusty zealot unique path is a unique address. E.g.

Inlanefrieght.co.uk/hello/2
Inlanefreight.co.uk/hello/4
Inlanefreight.co.uk/foo

Ok turtle - dm me the name

instead of inlanefreight you should be using the target instance you spawn

Can someone help me with VHOST?

I got the information I needed through:

ffuf -w /home/dennis/SecLists-master/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://test.com -H 'Host: FUZZ.academy.htb' -fc 301

help

hi, im currently at web request --> GET and i dont know what should i submit as an answer

Read the question then

The question for GET is pretty clear. Read the question -> see if the section provides you with enough information to solve it(it does) -> if not, google it

You learn a lot in the process of researchinig

You spawn the target system, GET the page as the task is telling you to, and you will receive a flag, which is what you will submit

Hi,

I need help with this question:

Using what you have learned in this section, perform a parameter diffusion check on this page. what is the parameter accepted by this page?

I used:

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http: // IP: PORT / admin / admin.php? FUZZ = key -fs 900

However, without success

Help :/

why are there spaces between multiple parts of the URL?

hi guys

I have a doubt I'm not able to start my instance.
Any idea why?

When I do it I don't use spaces

For the Windows Fundametals, in the Windows Security module, it says Windows follows certain security principles. and then The principles are designed to make but checking on the MS site, it refers to these as Security Principals, so I'm wondering if it's incorrectly referenced in the course or if I'm just not understanding it correctly...

Web Requests: POST

I had made it to the screen where it says welcome admin... but I do not understand what input it is asking for. I have tried entering both admin_...... and the encoded version of it, and as well the decoded version. I read somewhere that someone was having issues but then did it without the ! at the end, I have tried all combinations with this, but still nothing. Any help would be appreciated.

can someone nudge me on the skills assessment for File Inclusion / Directory Traversal? I think I tried everything taught in the module but I don't get anything, most i got was something along the line of "invalid input"

try to read files you know exist and you know you can access

if you are just trying to read /etc/passwd then you will never know if you've got a working technique or not - because maybe this application has been hardened a little bit 😉

thanks, will try harder xD ...and work on my frustration management ^^'

you dont need to try hard but you should think smart
look around "the building" and find the door you can use in place of banging your head against the wall

Hi, I need help with Linux Fundamentals (System Information section). When it asks me "What is the path to the htb-student's mail?" it should be "/var/mail", but it doesen't work. What am I doing wrong?

look at my last message

Ok, I'm trying

I'm working on trying to "obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain." I am executing curl https://www.inlanefreight.com | grep -Po '(?<=href=")[^"]*(?=")' and it comes back with many paths, but i do not know how to identify the unique paths. can someone point me the way to go about this?

look into linux commands that can de-duplicate lists

thx

can u help me with this is in dm? i have made progress but dont want to share the code here

im working on linux fundamentals, service and process management, im try to start openssh but its asking me for and authentication password, is this right or im i in the wrong place

You want to ssh to the target?

i ssh to target and try to start openssh, and im promted for a pw

can someone please tell me why am i so fucking dunmb?

but not the htb student pw

Dm me

Can someone help me with the question of:

Using what you learned in this section, run a parameter fuzzing scan on this page. what is the parameter accepted by this webpage?

Commands using the correct wordlist do not return the required response: /

hmm i'm confused, i need to list the total number of installed packages on the target system, i've used both apt and dpkg, and neither are good answers 🤔

i feel like there might be some repetition huh

dm me

I'm working on Web Request POST method, I got the cookies and resend admin credentials, still report Login failed, not turn into dashboard.

Repeat what you learned in this section, and you should find a secret flag, what is it?

I have issues with this one

I found flag in js file

but whatever I submit it says wrong answer

I found |flag|HTB|14...|

I try all combinations of this

this is java obfus ?

kraaa removed that as it is very close to / or is the correct command

yeah i was about to ask that

bc i am stuck at GET method

what you posted looked good to me

so if i put that in the firefox and intercept that in burp shold i get the answer?

i did it

nice

thx for help

even without intercepting you should get the answer

hello

i'm new here

just wanted to say that the learning fundamental module is very nice

👀

It is ! Happy learning !

also just wanted to ask (since i don't have access to other channel) what is the difference between kali and Parrot ?

i am starting to learn kali for school and i saw that for htb it's parrot

Personal preference really. Bother are Debian based systems which typically come with a load of tools preinstalled.

Still on that problem?

hello

Hi!

thanks :)

Find a way to start a simple HTTP server using "php". Submit the command that starts the web server on the localhost (127.0.0.1) on port 8080.

nvm it was a noob Error 😆

lmao why does it say Admin panel

Welcome, i٢!**** , im at POST method

The encoding is wrong, encode the word "Admin" into the base 64 for the cookie and try again

ok now it says Admin panel

Welcome, Admin!

but i don't know what i should do next

Hmmm, what is a non-standard directory in C drive ?

do you have any tips on how to find non-standard directory with dir and tree ?

just explore using the rdp session you have

dm me

should i do just tree c:\ /f | more and explore the tree ?

@acoustic sentinel my friend try not to give obvious solution to the problem 😂

i think it would be easier if you use the gui

Sorry!!! rsrsrs

sup, can someone help me with using an openvpn file? trying to do an assignment but I keep getting an error

Hello everyone!

hello

i've finaly found the non standard dir (windows module)

but is it the good way with gui and not with dir and tree ?

like i feel like cheating

• what is a non-standard directory ?

What's the error?

Not default.

Sure. you can look at the same info. Dir and tree is useful though because often you don't always have a gui to work with.

sitnl_send: rtnl: generic error (-101): Network is unreachable

and i sudoed it btw

Hi, I'm stucked in " Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer. ". I've tried everything and my best result it's been with " curl https://www.inlanefreight.com | grep https://www.inlanefreight.com/ | awk '{ print $1, $NF}' ". Can you give me some hint to isolate the url. Thanks

spawn the target

But it said to work with https://www.inlanefreight.com

play around with different tools that have been shown in the section and find some pattern that are unique in the urls

that url's used a lot as an example

OK thanks

thanks

but just a question how to recognise a non-standard with dir and tree

so is this a legit bug or something i did wrong?

@urban sage ugh wrong ping lol

Regenerate the VPN file and try again.

kk

@urban sage still got it, i can send you the dump if you want

I won't be able to do much with it.

++support

You can open a support ticket here. If this is your first ticket, you will need to create an account.

kk, thanks

In windows fundamentals trying to find the build number of the target system. Every time I use the command the lesson tells me to, it says It's not authorized. Am i missing something?

hmm, did you ||Get-WmiObject -Class Win32_OperatingSystem in PowerShell after remote desktop connecting to the target?|| (in case you didn't already figure it out)

I figured it out, i was working in cmd not powrshell lmao. thanks anyways

Helloo I'm just starting with this academy (and Hacking) and I'm stuck on Web Requests - > GET Method ... I do not understand what should be the answer to the "Question" "Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337." like in what Format should the answer be.. is it a string? a number? two numbers? a URL?

Hello i'm stuck on this question for 2 days
Determine what user the ProFTPd server is running under. Submit the username as the answer.
i don't really understand english ( im franch )
anyone can help me ?

Hi Skwal, try to find a way to list every processus running of the machine (being connected to ssh), you'll see the ftp process owner name

I got this one by doing exactly what the lesson was about. I had to use the curl command and just googled the syntax of the command to send the parameters, if you don't get it I'll give you another nudge

Yeah man this one is killing me any nudges would help.

@vital bough dm me

thank you .. even though I can't try it because the workstation doesn't work...

on Web Requests - > GET Method
are the two parameters I have to define "num1" and "num2" ?

I am such a Donkey... I forgot to change "search.php" to "flag.php"

hey but you got it

yes.... but being stuck this long was unnecessary...

thanks for the help anyways

I know the feeling

I once searched for a mistake in my python code (for school) and it took me 8 hours to find i was missing one bracket.... 😕

you answer should look like "00 Bytes" (example: "15 Bytes")

is there a way to maximise the size of freerdp ?

i am trying to read a name of a service

but it's cut

hello guys ... in JAVASCRIPT DEOBFUSCATION i did not understand how we will do javascript functions on html code !!!

please help

are this server safe

how do you find the name of the shell that a user is using

cat /etc/passwd or if you're already logged in you can echo $SHELL

alright thanks, I was confused and didn't realize you have to do /bin/bash and not just bash

Please help me find:

Value Fuzzing

Which question?

In Linux Fundamentals it asks "What is the name of the network interface that MTU is set to 1500?"

I have used "$ip link show" but there are three different network interfaces all with MTU set to 1500 and none of them are the correct answer. . . is there a specific way they want the answer formatted? Thus far that has been my primary holdup.

@crimson rampart make sure you have ssh into the target

What is the path to the htb-student's mail?

how can i find answer

Aboom, you need to link to the directories that reside in root

there should be a path to a mail directory there

thanks! i will try, i have bad internet connection and my machine is very slow

is password true ? HTB@cademy_stdnt!

for into to root mode

Yes, ssh into the machine

ssh -l htb-student <ip>

ssh name@ip

thanks

i cant reside in root

i cant answer to last question What is the path to the htb-student's mail?

Check your environment

Can someone help me with the web attack application module, Value Fuzzing page

question:
Try to create the 'ids.txt' wordlist, identify the accepted value with a fuzzing scan, and then use it in a 'POST' request with 'curl' to collect the flag. What is the content of the flag?

When I run the command using lists from 1 to 100000 it doesn't return the correct answer, I believe something is going on and I didn't notice

I've repeated all the steps several times

If someone can help me

dpkg --get-selections | wc-l

Does that command return the number of packages installed in the target machine?

Not

Should i use the find command in this task>

But you are on the right track when using "dpkg"

Remember DPKG and GREP!

thanks! i will pipie it

pipe*

If you need more help, call me on dm

Thx, i just noticed that my command also lists the deinstalled ones

hehehe

this grep is wrong

sorry "install"

not "installed"

try again and let us know whether or not you can

why --get-selections?

I got the info from man7.org and for this argument it says: Get list of package selections, and write it to stdout.

hehehe

Thank you!

🙂

In linux fundamentals, Im working on the decoding section. The questions asks to send a post req to target/serial.php with data set to x. I send the post req and get an encoded response. I decode this and put it in the answer yet it is incorrect. Any hints?

What about submitting the encoded value?

I figured it out, the question was instructed to set data as 'serial=YOUR_DECODED_OUTPUT' and i din't realize i had to ||sub it for the actual value a i decoded.||

hi

Does this command retrieve the number of unique paths in that website?

curl https://www.inlanefreight.com | grep "http" | uniq | wc -l

sorry that is an old command.. htis one : url https://www.inlanefreight.com | grep "https://inlane" | uniq | wc -l

hi guys, i have a little probleme in the module "web request" with POST method, when i turn on proxy on mozilla and burp open, i do not see cookie for the account admin:password 🤔 on burp proxy:

Login with the credentials they tell you to use

Yes i do @tough fjord with admin and password like a screen

Those arent the credentials they tell you to use

That's not the right creds

Hey, I have a very quick query in relation to the linux fundamentals module, for example it asks "What is the name of the network interface that MTU is set to 1500?" and as far as I can see several interfaces are set to that MTU, but the answer box doesn't accept any of those as the answer, has anyone come across that?

@lethal lotus make sure you are connected to the target machine

^^^^^

oh fuck ... ok ok thanks guys. i keep going with guest:guest , thanks @tough fjord @west rampart 👌

I'm using the in browser interface for the machine

Should I be VPNing in for better results?

you have the credentials and the IP address below your machine window

You need to spawn the target

SSH into it and then run the appropriate command

ssh -l htb-student <ip>

roger, I'll try that thanks 👍

hi everyone, can someone help me to understand a thing in windows fundamental?

then it will ask you for the password which is the one marked in red

Necro-Thanking your comment from a month ago. effin backticks instead of single quote in php.... smacks forehead

Hahaha. No problem

I am a bit stuck. To filter all the paths from that domain i need to find something that matches all those links and use grep to highlight them. And i was thinking ....what those paths have in common is that they all start with https and end with the > tag in html. So that should identify them correctly?

thanks Thunderdome and Mickhat, worked a treat!

👍

I actually only just fully realised what you meant, I had installed to ovpn key on my local machine in order to ssh in, but I can just ssh into the relevant machine from the web browser workstation...

🤦‍♂️

Exactly

"you have the credentials and the IP address below your machine window"

yes, I used them, but through my local machine, daw to me

Now you know @lethal lotus

exactly! cheers

hello, i'm stuck at this question

What have you tried so far @night ember

i don't really know what to du but

itried Get-Service | ? {$_.Status -eq "Running"}

It must have something to do with what you learned

and search for someshing sus

yes but i don't know what

im stuck

Does that command return something?

Get-Service | ? {$.Status -eq "Running"} | ? {$.DisplayName -like "Update"}

Put the word Update between * *

I got 3 hits from that

i lready tried this but it returns nothing

Does this command return something to you ? Get-Service | ? {$_.Status -eq "Running"}

THe one you posted?

yes, all the services running

And do you see the "Update" keyword there in the name or description ?

@night ember did you manage to get the correct answer ?

yes thanks you a lot !!

👍

Hi guys Can you help me with The Post Http request. Am stuck

I know i won't get the answer. But why After decoding and all the stuffs... The code in "Welcome, admin x.x.x.x.x.x.x" is not working. Do i need to delete the cookie After that or what.😫

@graceful solar maybe there's a way to find out what that cookie says?

Ok, i will look at it!
Thank

In the Web Requests module is that first Burp exercise still active? I can't forward a req to the server

I get a failed to connect to <ip> in the Burp EventLog

And for some reason i also get a response from detectportal.firefox.com

hi guys, when i respond with the flag after i'm in admin dashboard with admin account, (module: web request / POST method) the response is incorrect 😔 , i tried encode the flag and decode but is always incorrect.

Is the flag in the form of HTB{xxx}?

no , is like this :" the flag is ************ " (my machine is close, i restart her for check the exact response)

the form: "the flag is ***"

You shouldn't need to encode and decode the flag when submitting the answer

yes but i tried 😔. thanks for you help @silk moon , i research on google if i forget a thing 🤔

just submit the flag puuuch

i can't remember if you need to include or remove the ! that is at the end

pfff my god ... yes ,it is the "!" . Thanks very much @silk moon and @tough fjord (i need more coffee , who want ?)

hello guys! "apt install apache2 -y" what is mean -y ?

i know, its fundamental things, i want to know from you

idk sorry @hidden knoll

ok bro

-y, --yes, --assume-yes
Automatic yes to prompts; assume "yes" as answer to all prompts and
run non-interactively. If an undesirable situation, such as
changing a held package, trying to install a unauthenticated
package or removing an essential package occurs then apt-get will
abort. Configuration Item: APT::Get::Assume-Yes.

sorry ahahaha, im forget about google

guys, i cant install npm

what should i do

Find a way to start a simple HTTP server using "npm

assume the npm http server module is already installed

what command would you use to launch it

Sad

guys please refer to #bot-commands if you are going to use the rank command

hi all, juste a dummy question, where in in ssh server htb-student i can found mail path , is not /var/mail.. where is this path please help me

check environment settings

yes i'm in but no folder mail here

what i search ?

ty

printenv i have all i need ^^ 😉

i dont know

sorry bro, i didnt do this too

Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains?

I found all the common ones, put them in alphabetical order and in capital letters, there was an error, what can it be?