#modules

How long ago did you start the target?

15 minutes,

Hmmm... Interesting. It should be up at this point.

I entered the Burp options menu

I see in Proxy Listeners the loopback address

Shouldn't there be another interface

Yeah but if you can't access the site without burp that doesn't sound like a burp issue.

Ok, the error was on me, i did not respawn the target system. I was just resetting the machine.

Burp is functional and i could get the response from the server along with the Apache version that it is running!

Ah nice. Happy hacking!

Hey everyone, this may be the wrong channel but I am trying to download CherryTree. Is the Guispen.com/cherrytree the correct website for download?

thanks a ton, I'm not sure where in the instructions it said anything about using the ssh command but once I had that the rest was exactly what I had been trying.

Hola

@tough fjord ok i try

@tough fjord yes its done

I am stuck with the same issue. Would you please let me know what you had to do?

Hi, where you able to figure this out?

web application already got the answer ... just do step by step what you ask

I am stuck with the extensions. I got all the five and pasted them in alphabetical order but cannot get the right answer.

There are only three

Can I DM you the extensions I got so far?

We are doing it wrong, we will have to review this question ... mine gave 5 extensions too but it is wrong

Hello! Why if i Repeat the POST using the admin/password credentials, i don't get the cookie PHPSESSID?

And i think that to solve the challenge i must swap the admin cookie ID with the guest cookie ID..

because there are no admin/password credential

the idea is there

Oh. ... thank you. Some challenges need to be reformulated

Thanks for the tip @timid grove

I ended up with the idea of generating a SHA2(user+ip+pass). Does that have any sense to the challenge in hand?

But that seems a bit SF for the task in hand

@rustic sage overly complicating it

Inspect the cookie when logged in. Think what it represents then have a play

the cookie, if i base 64 decode it

i get a guest_string

guest_<some string>

Yep

should i swap guest with admin?

and encode it?

A unique string that changes each time you login - to identify individual guest accounts

Have a play around thunderdome

Thanks @tough fjord

I am stuck at File Inclusion in the section
LFI to Remote Code Execution (RCE)

I used both methods to run the command uname-a, but I get nothing back. Its empty. What I am doing wrong?

Im working through windows fund and am stuck on "list alias for ipconfig.exe command." I run ||Get-Alias|| and there is no ipconfig in the list. I also run ||Get-Alias -Name "ipconfig"|| and it does not exist. Is there somewhere else I should be looking?

So you just needed to encode the user, i thought you have to append it to the rest of the string and compose a complete cookie.

Still interesting stuff though..

Hello room

I have a linux fundamentals query in relation to the Filter Contents section, the last question "Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "hXXps://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer." First to ensure I'm assuming correctly, when they are looking for "all unique paths of that domain", do they mean all unique paths that can be found within the file returned by the curl command to the index page

never mind, as usual I was narrowly defining what was being asked for. I assumed path meant unique directories, excluding file names...

Is there any way to give feedback as to the wording of questions?

Try applying what you learned in this section by sending a 'POST' request to '/serial.php'. What is the response you get?

Can I get some help with this one

Hello @rain pasture. What seems to be the issue?

I'm having problem with the web requests - PUT and DELETE method. I create the file flag.php with PUT method, but when I request it with GET method it won't display the flag for me

could perhaps someone guide me in dm's ?

After you use PUT does the file appear in the webpage?

yes, as flag.php

And did you add the appropriate content to the flag.php file?

well, when I use the GET method, the response gives me its contents ||<?=cat/flag.txt;?>||

make sure you use ` and not '

yes I made sure

and there is a space between cat and /

oh fuck me, that's it

Hello @rustic sage What I should put in my post request, cause I see that flag says always check the source or something like that.

Hi guys need some help

I’m in Linux fundamental session

But when I try to connect target by using ssh it not get connected

After some time get connection Time out

ssh -l htb-academy <ip of target system>

pardon, ssh -l htb-student <ip>

Ssh <ip> -l <usernames>

I will check your command also wait few minutes

Same thing happened

Do you have a non expired IP address of the target system?

Yes can I dm you ?

sure

Good morning, can someone put me in the right direction ?
Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)
u think i used all known to me sudo commands
but none is accepted

Have you already checked su -h ?

found the answer

it was kinda nasty one though 🙂

Windows fundamentals: Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

i have found the non-standard service but whenever i submit the name it doesn't work

it says the executable

If you found it that is good, but you must submit the executable service there

thank you mate

Hello everyone. sorry if I'm asking a stupid question.
i got the decoded flag. but the system doesn't accept my answer. please can you tell me what I might be missing?

Using what you learned in this section, determine the type of encoding used in the string you got at previous exercise, and decode it. To get the flag, you can send a 'POST' request to 'serial.php', and set the data as "serial=YOUR_DECODED_OUTPUT".

it's questions in js deobfuscation

Anyone , i got the serialnumber from WMI but answer is not accepted:

"Use WMI to find the serial number of the system."

The question is not that clear. You could this to reffer to the system as hardware or as software. Try them

Must be me but i dont get it 🙂

System as hardware, you usually have the serial number of the part in BIOS

correct thats what i asked of it 🙂

OK, that's hardware. How about software

are we talking about license keys now ?

You used cmd or PS to get your serial?

Yeah win32_bios

ok, but you searched for the machine (hardware) serial. Why not try to get the OS serial

done

thanks.. i

feel kinda stupid... i would never ever figured this out without that OS hint..

I think he said system intentionally, so that you try both commands

yeah it is probably to make you think 🙂

Hey guys, I request for your help with the Web Requests module. The final task says that I have to use the guest/guest in order to log in and solve this challenge. I'm fairly certain it has something to do with the cookie, but I'm not so sure at this point. I have taken the cookie from the Set-Cookie field that the server is sending. I have base64 decoded the cookie and it looks like guest_b6281e731a281896c13b. Now, I just modified that into admin_b6281e731a281896c13b re-encoded into base64 and changed the Server Response in this way. However, I do not think this is the procedure. Can someone please guide me further on what needs to be changed on the cookie? What's the final stuff "encoded" as after the "_"? thank you

sha you are 99% there

You need to play around with the base64 of the admin credential

I see let me think further on this, thanks 🙂

whatever comes after the guest_ -> how's that being "encoded"? It doesn't look like a direct base64 encode of the word "guest"..

no it is not. it's just a random seq generated each time you login!

gotcha

Nope, I still can't figure this out. I sent the credentials as guest/guest, but in the "client" request on the Cookie: auth header, I changed it to admin_<random> and then forwarded. I received the Server Response with the older cookie, I changed it here to too admin_<random> it lands me in the "admin panel" as before but that's not the answer..

Think think, in order to authenticate you the server must receive the exact base64 string of the cookie. For guest you have a username and password. For admin, you don't!

@pallid yacht you need to do something about that random in admin_<random>

You must send something that has nothing to do with the random generation of strings!

And what @flint moth said is very true. Do something with that string..play around!

That random string is a unique identifier for each logged on guest account. To tell them apart

Would an admin account require a unique identifier adding to it when it isn't likely to be a shared logon for visitors

I got it now, found the flag! Thanks for all the hints @rustic sage @flint moth @tough fjord 😁

try to copy it

Pinkyo 🙂 Copy was not the answer

copy is a good start.. understand the code, and modify it to your needs will get you the answer, or closer to it.. 😉

how do i find a user's mail path?

check the directory @stark aurora structure

hmm, let me see

Check your environment

It tells you all sorts of wonderful info

how do i do that, i'm kind of new to this thing

is it /var/mail

got it

thx

is anyone available to help with linux fundamentals , find files and directories ?

hello, I am in Windows Fundamentals dealing with the Security Section, I have to find the SID of bob.smith, I already tried ||whoami /user, but that returns the SID of the htb-student account, I even tried all the SIDs of the Registry Editor||, but none was correct. Is there a command I should be using to get it?

Yep there is

[solved] I saw the hint that says ||I should use Get-WmiObject, but as far as I know with that command I may not see the SID of a user, instead, things like serial number, windows version, a list of processes, info about the bios or a list of the services||, so I looked it up and found ||wmic useraccount where name="<username>" get sid||, but when I try that, the remote computer crashes saying error 1359

Can I get a hind for 1st question in working in web servers session?

Without installing npm how can I start http server

same @opaque tusk i am equally confused

i tried ||npm install http-server|| and ||npm install simplehttpserver|| and i tried things like adding 8080 after those commands, and it dont work

I think we don’t have the permission to install npm

I’m also tried some command but it’s also not working

Im running into an issue on the linux fundamental module. The question is asking me to retrieve the kernel version I ran uname -r command and entered the version it spat out for me. But it keeps saying I am incorrect? Am I looking in the wrong place?

uname -r should be correct, isnt it ||4.15.0||?

Yes me also face that issue

@orchid pawn Kernel Release or Kernel Version?

Use uname -a

Use this command

Because those are two different arguments to the command!

hey guys i am new, it says SSH to with user "htb-student" and password "HTB_@cademy_stdnt!" how do i ssh without having it locally or the ip?

or do i need a vpn

open the terminal of your machine and type : ssh -l htb-student <target_ip>

And by machine i mean the module pwnbox

ohh

Any help for this question anyone plz

I have the same issue, I decoded content in base64 but is not correct and I also tried others that are explained in the module, but still no luck

Just solved it

When you using curl, do what it says in the question with decoded output and you got it

Read the terms and conditions carefully. I didn’t mention to some details of the task. I thought it and decided

Yes, I got an answer

Ok, sorry just tried to help

cat << EOF > stream.txt, can someone explain the process of what exactly is happening?

what happens in what order?

hello guys, can you tell me how to list all files in directory with index ?

i cant find the bash thing help plz

can you copy paste your question?

What is the index number of the "sudoers" file in the "/etc" directory?

thanks, im find

ls --help

ls -i

Find a way to start simple http server using “npm”?

Any help

i help too

what is inode ?

i cant understand this thing

if you found the way, please write we bro

Yeah sure

But I’m searching that for almost a day

im too, i think npm have a deal with node.js. But i dont know JS

Ohh

Unfortunately im just skip this

Me too don’t know much about js

i hope good guys will answer and help us

Oki I will search in google if I find answer I will tell you bro

thanks a lot BRO

Np we will help each other bro

Look at the commands needed to start the npm http server module

Actually we don’t have permission to install npm on the target machine

Its not asking you to run it

Its asking for what command you would use

Oh

I will check

I have a question about how many total packages are installed on the target system. So I ran the command ||"dpkg --list | wc --lines"|| and got ||748|| but it says it is not correct I also tried doing the ||"apt list --installed | wc -l"|| and got a different result ||(738)|| that is also wrong. Can anyone help me?

how can i send a image ?

i cant find the *.conf file, cause permission denied

find / -type f -name *.conf -user root -size +25k -size -28k -newermt 2020-03-03

and i was tried find / /home -type f -name *.conf -user root -size +25k -size -28k -newermt 2020-03-03

bot nothing

what should i do ?

maybe try removing -user root?

im tryed

find / /home -type f -name *.conf -newermt 2020-03-03 -size +25k -size 28k

nothing, again permission denied

admins? can you help me ?

What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

Content: Linux Fundamental - Find Files and Directories

I think you might be missing the part where you filter the files || -exec ls -al {} \ ;|| ||2>/dev/null||

@hidden knoll try to see if you can find a way to filter it so you only see files you can access 🙂

thanks, but which command ? Can you tell me?

🙂

im find conf files on /usr

and try write all of *.conf files but i think its bad idea

oh

thanks !

@slow fulcrum maybe check the output of those commands. maybe some of the lines being counted are things you don't want to be counted

🤦‍♂️ Listing... Done

Thank you

Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.

what is path, who can explain to noob ?

https://url.com/path/to/dir
https://url.com/another/path/to/dir
https://url.com/another/path/to/directory

thats an example of 3 unique paths for the url.com domain

aaa

thanks !

stop putting answers to questions in here

stick it in the response on the site

ok

What is it

are the virtual machines quite secured?

Where should i start? Cuz i dont know shit about hacking.

Is there some kind of tutorial for hacking?

https://academy.hackthebox.eu/

Thanks!!!!

having trouble finding the total number of installed pkgs on target system

im using dpkg-query but that answer is not accepted

You are on the right track, browse that output first and see what you need to do next to the command

ok

You can always use the manual of the commands you are trying to write. Just type man <command name>.

man dpkg-query

Hi, I'm stuck in Linux Fundamentals/User management, Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)I typed several syntaxes but I couldn't get it right I assume that to execute a command with SU I must put the user and its password right? Thank´s a lot for your help.

To execute a command as a different user using "su" you must run su [user] -c "command". After that it'll prompt you for a password that you must enter to complete the command. You can also do this with sudo by doing sudo -u [user] <command> where the same password prompt will come up. Also by leaving the user flag empty you are assumed to be running those commands as the root user.

Man oh man I wish I had done the Linux PrivEsc lesson ages ago! Some 🔥 tips throughout the module thatr wouldve made life sooooo much easier with some of the easy/medium boxes! Stellar lesson folks! Only thing left to do is the final capstone! Cheers!

🥳

I think the NFS portion was my favorite by far! Its funny with a couple of em...brought me back to Laboratory & Luanne, though not gonna say which portions of the module👍

Glad you liked it!

i figured it out

@native gyro great, but let others enjoy the thrill of discovery 👍

I am trying to fuzz through the subdomains and when i run the command i only get the full list of the dictionary that I'm trying to apply. The pair IP NAME is in /etc/hosts

I don't think the name resolution works as intended.

Me too

im stuck in " Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer."? How should i found a path ? I know about with grep, we will find all of the lines that include a path of the domain (https://www.inlanefreight.com/*). But i dont know HOW ?

curl https:www.inlanefreight.com/* | grep ...| wc -l

Hi Aboom, start with cURL

see what the output of this is, and then think of a way too find the unique urls

after finding the unique urls count them 🙂

thanks! i will try

outputs is code

if you want to filter content you will have to pipe the cURL command to grep. Use grep arguments that will help you obtain a clean list of domain URL's

Hi guys, I have a problem that is simple but I can't find it. In the process of learning linux in module 2, section 3, second question, I use ls and pwd and it doesn't work. It freezes

i can't get good or bad response, only freeze..

Module "FILE INCLUSION / DIRECTORY TRAVERSAL" why remote file inclusion is not working ? I have tried with http and ftp but same result, gained flag with different method but wanna know why RFI does not work

rfi does work when I did it

hi, I am new to all of this and I am stuck on a very simple command 😉
I want to find how many total packages are installed on the remote machine.
I have tried
dpkg -l | wc -l
dpkg --get-selections | grep install | wc -l
apt list | wc -l

Nothing from above is correct and every single of them has another result.
Has anyone an idea what's going wrong?

they are all different commands returning different results

you are on the right path with piping to grep

just play around more with initial command choice

thanks @tough fjord i ve got it 🙂

np

@tough fjord I started http server with "python3 -m http.server 8080" created file, and when I am trying to include keep getting "failed to open stream: Cannot assign requested address" error

What am I doing wrong 😦

someone hav this command sudo usermod -L but in long version ??

i try evrything pff nothing works

Hey, i started Linux fundamentals tutorial and there is a task "Find out the machine hardware name and submit it as the answer."(I have an ip adress, target). What am i supossed to do with it?

anta connect to this adress in ssh and look environmental settings manual

what is ssh?

aaa

understood

srr, i really dont know anything

look in youtube how connect ssh server

very simple

ssh *user@*adress

someone know this command in long version sudo usermod --lock

I think you need to use port 80 to start a webserver. You can also use apache instead of python with sudo service apache2 start and all the webserver files will be under /var/www/html

guys i have a really silly question. i'm on the decode section of the javascript deobfuscation module.

i've decoded the prior flag and i'm getting something that looks to be the actual answer, but when i submit the answer i am getting a response saying it's incorrect

UPDATE
just figured it out, I was a step shy haha

Thanks for your help ColbyJack, I had put exactly that syntax in the answer but it gives me error, I will keep trying.

@lapis stump What are you trying to decode?

oh to answer the actual question it is only asking for the option that needs to be set not the entire command

ok! you enlightened my mind I already answered the question correctly, I had not understood the question well what happens is English is not my native language and I am translating the whole course step by step maybe that is why I did not understand well the formulation of the question. Thank you again for helping me!

Thanks for your help Thunderdome, I already solved the question.

In windows fundamentals, im trying to "Find the Execution Policy set for the LocalMachine scope." I run the command and the execution policy is set to ||undefined||, yet when i put this in the answer it is incorrect.

Are you writing the LocalMachine or MachinePolicy?

In the Parameter fuzzing - get challenge it says "run a parameter fuzzing scan on this page. what is the parameter accepted by this webpage?" Does it reffer to the spawned IP/name or to the actual module page? I've tried lots of combination and i cannot get the parameter.

Could you tell me anyone.
About STACK-BASED BUFFER OVERFLOWS ON LINUX X86
I'm doing a "shellcode generation" module.
How do you calculate NOPS 124 with the code below?
Buffer = "\ x55" * (1040 --124 --95 --4) = 841

I tried subdomain scan, vhosts scan, then applied get fuzzing to all of them but still no luck. Do I miss something in this challenge?

Finally....

Tricky challenge this, the key is to be organized and write down all your findings. Otherwise you end up doing the same thing twice!

at the HTTP
in post method
am confused in what to submit hint says cookies and i did that as trying to refresh and all
still i can't get it what is the answer

hi guys, i'm having some difficult with the Linux Fundamentals - Find Files & Directories. I've figured out the last 2 of 3 questions, but I'm stuck on the first one. I'm using the following command and not sure what i'm missing:

find / -type f -name *.conf -size -28k && -size +25k -newerct 20200303

any feedback??

why is && in there?

because I'm looking for smaller than 28 and larger than 25

but why &&

i figured that was necessary since i'm using the size flag twice

nope, look at what && does in linux cmdline

oh

it isn't used for multiple arguments, but chaining multiple commands

right

got it, ok

that makes a lot of sense

i guess im still struggling. so im using the same command minus the &&, but im still getting a lot of files with "permission denied"

redirect stderr to /dev/null

got it

thank you

Hello everybody. I'm almost done with Linux Fundamentals, Just missing 2/3rd of questions 'bout Filter Contents

I dunno if I can post the questions here to ask for explainations (maybe my english doesn't help)

hi

Ok, saw above. First question is "Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer."

Installed lynx and dumped main URL, than played with grep/awk/sort, but still getting Incorrect answer.

So I'm here to ask...is the question about finding all unique paths like

https://www.inlanefreight.com/

https://www.inlanefreight.com/something1/

https://www.inlanefreight.com/something2/item1

https://www.inlanefreight.com/something2/item2

? Or what? Do I have to consider just path or objects?

find all domain path , compile them , run a command that will remove the mutiple entries of domain path

does anybody know the answer to the last question of the learning process ... the difference between the two numbers

36,7

is literally the difference between that two numbers

@orchid pawn srry i didn't tagged u

Hi guys I am stuck on page fuzzing , The given hint is to remove copyright from wordlist but It seems I am not getting how to do it , any hint please !!

now one question, i'm in windows fundamentals, and one of the questions says:

Find the non-standard directory in the C drive. Submit the contents of the flag file saved in this directory.

the thing is that i don't know what is a non-standar directory, and i can't recognise it too when i use the command "tree". can someone explain to me what is it and what i need to do?

dont forget about 2</dev/null

ok nvm i actually know which file is, the fact is that the command "print" doesn't work, i type "print flag.txt" and dont work, any recommendations?

Look at what commands can be used to read a file

man, read doesnt work on Linux, its incorrect command

you can look at nano, vi, vim or cat for print on console

good luck !

Nono, i used another command in linux to enter in Windows, so i'm in Windows rn

I am a bit stuck at the final fuzzing challenge. It asks me to list all the known extensions used in the domain. I get a number but it's wrong. I also fuzzed in all the subdomains that i found.

Should have 3

Well indeed 3 are distinct, but i do get some weird variants for them, which gives me more

There should be 3 variations on 1 really

@tough fjord mind if i dm you?

Sure

Yo guys.

I am trying to do the web request> POST method but the exercise seems poorly described. I have now idea how to get to admin using the guest/guest credentials

I intercepted the request/response and it didnt come with an admin cookie or soemthing

What did you do so far @loud halo

@rustic sage I logged using guest/guest

But I dont know what kind of input the is expected for this one

everything I try it says it s the wrong answer

That's a start! What did you get from that login in Burp?

I got a cookie

and was redirected to the dashboard

I pasted the cookie value and wasnt accepted as a valid answer

So when you log in, you get a cookie! So to have admin rights, you also need a cookie but not the one from the guest!

That is right

But it says that I should use the guest credentials

Login with the credentials guest / guest and try to get to admin.

See more about that cookie....play around with it! The cookie always tells you something, you just need to decode the message

oooh maybe there is something encoded

I dont't know, try it!

gimmie a sec

I decoded the cookie:

guest_78cd9f9ad5038fbce7f97

pasted it and still got the wrong answer

That;s progress. But you need admin, not guest

I really have no idea what to do 😦

guest that guest string in the decoded cookie, what do you think it is?

I thought it would be the password but it is not

I made it! thanks for the help

Thank a even wiser man that helped me once! You are welcome! 👍

hy everyone im new on HTB and its my first time on this channel , greetings from italy

I am currently doing HTB academy the fundamental module I am stuck at this one part called system information and I want to know how do you find the "Which shell is specified for the htb-student user?" and "What is the name of the network interface that MTU is set to 1500?". In conclusion, Please help me(many thanks in advance).

<@&486603600085123073> hey I think there is something with the box for Linux fundamentals for system info

@proven grove I disagree, you should probably read closer.

@shell scaffold Really why

@proven grove I will give you hints 1. Environment 2. Network you will find your answers with them

I feel stupid but I can't figure out how to ssh to the other user

any hints?

@flint moth be more specific

u have creds or private key?

commands u using?

hey um i cant find the damn apache version .-.

it says that the answer format is X.Y.ZZ but the apache version i found is 2.4.7 which says is incorrect so im stuck

@proven grove use command to see parts of env and command to configure network interface

Greetings ,am

doing web request ? the answers can be found in the page pictures, if u want more practical u can follow closely in the example using burp and still can see the apache version

Hey, I'm on linux fundamentals module, "Working with Web Services" section. I'm using a remote workstation on my browser. I'm trying to run the apache server but it errors with no log. Here is what I'm doing (it is a fresh workstation btw)

it doesnt work with sudo either

apache2ctl configtest says config file syntax is ok

Any help will be much appreciated, I suspect it is something particular about HTB because I tried every solutioin possible i could fin on the internet

@amber herald what are you trying to accomplish?

i was trying to create an apache server, but i ended up skipping it

create it or start it/

@amber herald I guess Apache server is already installed you just need to start it using command *****

In pic you shared , command is there where it says invoking

when i run the command " find / -type f -name *.conf -size -28k -size +25k -newerct 2020-03-03 2>/dev/null"

it shows me the file but when i leave out the -newerct 2020-03-03 option it doesnt show me anything

well it still shows to me

thnx

curl https://www.inlanefreight.com | grep 'https://www.inlanefreight.com/*' | wc -l
result : 49

but still incorrext

*ct

what i should do ?

thats 49 inclusive of duplicate

the question ask for unique domain path

curl https://www.inlanefreight.com | grep 'https://www.inlanefreight.com/*' | sort -u | wc -l

dont keep pasting here . try it . dont keep guessing

okey man, sorry

Can anyone help me I am doing page fuzzing in Ffuf, hint is to remove copyright from wordlist but I don't get it

what page is that again ?

i take a look

Fuzz ' /blog' directory one

whats the order directory u found besides blog when u did the scan >?

I don't recall this task in Web Fuzzing

Usually you were guided on how to fuzz for files, extensions, (recursion), subdomains, vhosts, etc

Hi all ! I'm getting stuck on Web Request , on the last module about PUT/DELETE methods. It says to create a flag.php file with a command to get the flag. I created the file with the syntax "<?=cat /flag.txt;?> , but when i GET the proper flag, It shows a string that is not correct.. Any tip?

make sure you put a space between cat and /flag.txt?

Yep , but stills..

hi, im new to cybersecurity. I'm stuck on the academy's javascript deobfuscation. i found the flag but cant submit it. The hint says the format should be HTB{...}. but thats not working.

What challenge?

i used "/usr/sbin/apache2 -V" to try to get the apache version but it still says im wrong......i have no idea what im doing wrong

why that complicated?

wym?

is the command wrong?

well you need the version of an application. usually it's the name of the app followed by a -v or --version

Same as well, the hint says cookies but I can't get past that

i am still stuck in it
even tried with base 64 decode with and without auth = still confused what it really wants

hello, was hoping for some help with a beginning module. I'm in Linux Fundamentals under system information. I am on the question "What is the name of the network interface that MTU is set to 1500?" I used ifconfig to find the network interfaces but multiple have MTU set to 1500 what am I missing?

@timid grove I got home and index after scan

Submit the contents of the flag.txt file located in the /exercise directory. Can I get some hints? I found Kernel version

So I need to find out under which user the ProFTPd server is running. I do "ps aux | grep "ProFTPd" and it shows me that the user running this process is htb-stu+ But the htb-student does not get accepted as the answer. What do I do wrong?

Are you sure that one isnt the process you ran - i.e the ps aux one

Yeah, you are right. that is the ps process. I figured the answer out now. thanks 😄

to see how many installed packages on a system i would use the command " dpkg --list | wc -l " right ?

Have you tried the command @vapid flicker ?

yes but the number i put in the box says incorrect

Hello, I working through the Web-request fundamental course and I've managed to get the admin screen using a modified guest cookie, resulting in the "Welcome admin_"a-number" but if I use either the modified cookie or the "admin_number" I get the wrong answer.... please tell me what I'm doing wrong

Well, the challenge asks you for the INSTALLED packages @vapid flicker. What you do there is list them all

@unborn violet admin don't require any random number

Hi Amrit, I've successfully gained access to Admin but modifying the Guest cookie but I'm trying to answer the question and I've submitted the cookie that successfully gained me access but its says this is the incorrect answer... what information is the question asking for ?

Did you submit the admin cookie?

yes

or should i say....admin cookie'd

I submitted the encoded admin cookie, the one I used in Burpsuite

admin cookie'd that sounds kinda bad LOL.....

not quite..!

Cookie is not the answer

ok I'll have a think

As I said. Admin cookie'd

That;s your answer!

You logged into admin_'x' you are almost there you need to log into admin

@rustic sage have you done Ffuf?!

Yes

Can you help me in Ffuf I need a hint

Shoot

So i did " apt list --installed | grep installed | wc -l " but that also gave me the wrong answer. what am i doing that is wrong

It's asking me to find flag in /blog directory and hint is to remove copyright but How to remove do that I mean remove copyright?

@vapid flicker try without wc-l and check if there any unwanted line in starting , because it usually works

Postal you used dpkg --list, you need to develop that

@rustic sage Please give me a hint too

Lol i guess it would help if i sshed into the target machine lol, but i still get the wrong answers

That will help a lot @vapid flicker, but one you are into the machine run a simple dpkg --list and inspect the output

well I got the answer lol.. I am assuming that the ii means its installed then right ?

yes

fuck it

is there a difference when using quotes in the grep command ? ie grep -v "false|nologin" VS grep -v false|nolgin ?

I think there is

I exactly dont remember what

Maybe its between single and double quotes

Btw always use single quote

is there any significant difference between gobuster and ffuf (or dirb, dirbuster...)?

Being both written in GO i think they're pretty much the same, speed wise

yo guys i have 40 cubee

what modules should i enroll in

Which ones have you finished?

first one

I gueest you follow the path shown in the modules. Fundamentals, easy, medium, hard

sugest*

ok

im on linux fundementals but i dont understand it

Hello channel. I'm incredibly stuck at Linux fundamentals for a foraign language matter. I've been able to solve the easy one on services listening etc, after correctly understanding what it meant. Now the last to pass, it's the one about curl. I don't get it. Curled, filtered with grep to show lines starting with base url and show just unique paths, excluded homepage and counted. Still incorrect. Any suggestion? Thanks in any case

Ok, found the answer but disappointed. Now I'm missing just on in Windows: Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

With PowerShell you'll get Name and Display Name. The second it's not as stated in the quetion. Name doesn't work. Is Full name something different? Tried also concatenation of Name and DisplayName. Thanks for any help in "understanding" the question

Hey, how do i answer this question?
How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)
I tried using netstat -l but it doesn't seem to be it

Look for a way to see all services, like the ones specified in the section

the questions only want ipv4 ports only and how many are there

anyone got any hints for "Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080 (use the short argument to specify the port number)." i tried "http-server -a localhost -p 8080" but http-server doesnt work

@fossil narwhal #774038216239349820 message

refer here

i tried http-server -p 8080 and httpserver -p 8080 and still wont take it

They ask for port 80 or 8080 ?

The meaning of the question is: "LISTENING services, NOT on localhost, JUST ipv4". So, add some other options after -l. See output and act accordingly to what you see (listening services, and so on). Then make sure you have unique ports, then count

Maybe you're missing a pre-requisite. Have you installed the server you want to start? 😉

Any advice on this? Command run is correct, but can see just Name and DysplayName, non of which works

anyone got any pointers to filter out the unwanted lines for " Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.
"

i know that i have curl and use grep but how to remove the unwanted lines

There's a grep option that let's you output lines, starting from a string you specify.

i must be doing ssomething wrong. I have tried just about all the command within grep

What I did when i came across this challenge was to do pattern matching and specify an end character. All those url's end with the > from the html tag. That way i could get the lines that contain the http://.... and after that, a simple count did the trick

I think i've used the -e ad -o options

Hello, I've been working for several days on the POST method where you have to access the admin with the guest/guest logins however, I still can't do it: I can access the admin with these logins but I can't find any flag.
Thank you in advance for your help
(Ping me if you answer me)

@ionic quest What's your progress so far?

I'm stuck there

Let me rephrase it....what did you try so far?

It is indicated in the hint to use cookies what I have done however no success.
To be more precise, I recovered the line of the cookie and I put it back with another login without it working.

hello

i need help

What's up?

Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)

Hi
I'm learning module Web Requests and stuck on POST Method
I try repeat it step by step by what I see in my BurpSuite and what I see in module is differences things
How pass it module?
Thanks
I read and follow but on exercse I see

But in Burp I see

@rain surge

I also need help on the post method of gaining admin access with guest account

The ideea behind the "connect as guest but gain admin" is to play with the cookie. Study it and try different things with it. Eventually you will get the answer! @ionic quest @maiden wind

ok thank

hi can i ask some thing ?

Ask..

Learn some modules from HACK THE BOX Academy, perform at what you do, then try to regain your lost account...by talking to facebook suport!

@rustic sage Thanks, will try again

@stable vortex please read the #rules , any illegal discussions are prohibited

check ur man page for that

Hi guys. So im on the HTB academy and im stuck on file transfers. It is asking me to upload a file from my local machine using openvpn to the target. Then RDP into the target a run a command. I'm confused because how am i going to upload the file from my local host to the target. scp isn't working.

@rain surge im having the same issue, the su man say sudo I have tried that and everything else I can find and it does not accept it. Any help is appreciated. The question is "Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)"

hi, i need some help with a question in linux fundamentals. the question is What is the name of the hidden "history" file in the htb-user's home directory? can't manage to find it anywhere, i'm using the command ls - a to list anything

Have you listed the contents of the home dir?

What is your pwd?

/home/htb-student

that is your pwd

that's the result

htb-student@nixfund:~$ ls -a
. .. .bash_history .bash_logout .bashrc .cache .gnupg .profile

its right there 😛

but i need a hidden "history" that i can't see

really? UHMù

you see it there

it has it in its name lol

it's there, in front of your eyes

guys, it was a typo

ignore everything

aahaha

lol

it says hidden history file. not in history as the name but in history as it's type of file!

i'm dumb sorry for this question, anyway thanks for the help

np 🙂

Nah, it's cool! But even if you see something like that, try it, submit the value.

Hi everyone! I'm noob on Hack The Box and I am doing the Linux Fundamentals module, and I'm stuck on chapter "Find files and directories"... On first question "What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?", I already got the file but I don't know what is the name that the question refers... I already answer the path of file and the "something".conf, and my answer is always wrong. Someone help, please?

@smoky roost You have your answer in the lesson, just adapt that to your task!

Thank you very much @rustic sage for you attention!

hey, to learn mac os fundamentals I need to click on academy on the htb page right?

I'm sorry I speak spanish so my english isn't the best, please understand me

can anybody tell me what I am doing wrong with this question? it is asking me What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

I am trying find / -type *.conf size -28k size +25k newermt 2020-03-03 2>/dev/null | wc

it keeps telling me 0

it is actually *.conf with the slash behind it

@rustic sage , I've been able to get to the admin page by doing changes to the cookie, but after inputing the flag it still says incorrect answer

What you got after logging in admin @maiden wind

@rustic sage
Welcome, to admin !

The flag is 607f8f*****! Sort of flag

It seems right , you coppied it with '!'?

Still even after removing the '!' mark and only copying the rest still doesn't work

It has worked , I omitted "The flag is " and only keyed in the other part without the exclamation mark

So true, I guess I was thinking too hard while the trick was to easy to see

So I have this question . I got the answer finally, but i think i did it the hard way lol . will someone tell me the right way of which is should have used ?
"Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer."

Hi, quick question on Linux Fundamental - How many total packages are installed on the target system?

can someone DM me so I don't spoiled the answer

I tried dpkg and apt, 2 differents numbers cames out, both are not good...

@opal burrow dpkg is ok. First list with dpkg then inspect the output! After that do some filtering

But pay attention to the output of the command!

If you type "tree /?"

Hey I'm new to discord, so I'm not sure if I'm posting in the right place. I'm working on web requests, I'm in the POST method section and I'm having trouble figuring something out. Is this the place to post, or can someone direct me to where I should be posting questions regarding this module. Thanks.

Yeah...ask!

test

K so here is the thing . I read at the top of the module that I can use guest:guest to log in, and that works fine. Then it reads the admin credentials are admin:password. When I type in those credentials I get Login failed! I don't see the 302 found response in burp like it shows in the module?

That was just an example. Not something to follow along with

I gotcha. Thanks.. Thunderdome was just explaining that to me 🙂

I recall i could not get this to work either...more like to learn on how to spot the cookie and to decode it. Which will come in handy later on

I think -type *.conf is the problem, type should be f and name should be *.conf

thx, I tried 2 filters, I will work on that 🙂

@opal burrow did you queried with dpkg?

If you type dpkg and touble tab, you will see a list of all your available commands that start with dpkg. What you need to do is query the package list and retrieve the packages list.

Hello hackers !! I'm stuck on Linux fundamentals / Filter Contents in the question, How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only) I used the command (systemctl list-unit-files) and I added (| grep enabled | wc -l) to it so that it would list / number them all but when putting the answer I get an error. I also used (netstat -tulpn | grep: 80) but it didn't run because I'm not root. I have tried some others and I have been pulling commands to test but I could not find the answer, thanks for your help.

I also used the search engine here to go through old questions from people who were stuck on the same question but have not been able to resolve the question.

Hello i need help with Web requests - POST Method
The question is Login with the credentials guest / guest and try to get to admin.
I've tried decoding the cookie guest_XXX and playing with it nothing works

@charred basalt how did you play with the cookie?

editing guest to admin then sending a repeater request

Good! You're 90% there

alright lemme try somethings

Go ahead! You need that admin cookie'd

@rustic sage idk if its the right way but i got the site to welcome me as an admin but still no code/flag to put it as the answer

idk if i have to do something with burp

new to burp

Did you cookie'd the admin?

if you mean that i encoded the admin with base64 yes i did

Be sure to encode exactly what you need, nothing more!

When you get it right it will tell you the flag

If you get it wrong it will just welcome you as a user

Möglicherweise können Sie

the question only wants ipv4 ports . dont include all other ports

Ok copy! thanks for your help.

could someone help me with a windows fundamental question please

the question is " Find the non-standard directory in the C drive. Submit the contents of the flag file saved in this directory."

i have tried re-reading the articles given using rdp that was given and etc

like the question said, the flag is in the C drive

Hello everyone! 👋
I've been stuck in the "Linux Fundamentals" module (Filter Contents) in the question "Determine what user the ProFTPd server is running under. Submit the username as the answer."

I've tried ps aux | grep ProFTPd and submitted htb-stu+

But it looks like that is not the correct answer. Can somebody help me figure it out?

Try playing with the "ps" command options to filter out what you're looking for, Greetings.

Gain command execution using one of the PHP wrappers discussed in this section. Submit the contents of the flag.txt file located in the /secrets directory.

Can I get some hints

I tried how was explained in the lecture but I'm missing something

Hey there, i could need some help in the path "web requests". There are 2 questions at the module "introduction" at the section "request and respsonse". The second questions asks what kind of Server stands behind the first link. I did as the instructions told me, and wrote down the Servername. They ask for an Apache Server, but Burp says the Server is a nginx. May someone can explain me my misstake ?:)

@rustic sage check the corelation between the retrieved server and the address. Maybe nginx is for something else

Nginx is a webserver software

What I mean your Apache Web Server responds to the spawned address in the task and the NGINX is for another address

Yes, i am sorry, i misunderstood the question all the time. I was thinking much more complex as needed, it was an really easy question. But thank you very much for your help!

Great job! Good luck! 👍

Hi all, i'm stuck on: " What is the name of the network interface that MTU is set to 1500?" of the section 'system information' in 'linux fundamentals'. I can't for the life of me figure out what the answer is, I've exhausted every uname option in the workstation but to no avail. Can someone guide me in the right direction?

uname?

The lesson talked about another command in order to display Interfaces and TCP IP info

I'm sorry, I meant ifconfig not uname

I tried eth0, eth0:1 etc as network names but it keeps telling me those are incorrect

But these are the network names right?

network interface names

I can also distinguish the MTU variable when I input ifconfig -s for example, so my gut is telling me I'm in the right place, but still not correct though..

Are you looking at the spawned machine or local machine?

I'm looking at 'my workstation'

You should first connect to the HTB spawned machine and run the command there

oh 😫

Hey

I love your website

@violet slate That's why the target IP is offered, so you can run your commands on

@rustic sage Yes, I understand now. I didn't know how to SSH to an IP but I looked it up and got the correct answer now. I was able to answer all the other questions though with the help of my workstation. I just replaced home/MYUSER with home/htb-student. Same for the other questions. But this also explains why the kernel version answer wasn't accepted based on my input from my workstation

ssh -l <username> <ip>

after that it will ask you for the password. Those credentials you have next to your spawned IP address

@rustic sage SSH'ing wasn't explained in the lesson so I didn't understand what to do there. Should I have known that already?

well....if you type ssh and tap the TAB key twice it will show you all the SSH commands. after that you can document the commands and see your available options

But always look around for methods to accomplish your tasks!

Will do! Thanks for your help, trying my best but this is all very new to me so I'm struggling haha. I'm going to continue now!

Practice makes perfect @violet slate

Hello everybody
maybe I'm doing something wrong, but isn't it correct answer for "Windows Services & Processes" ?
And how do I have to find answer ?

It is correct!

it just need something extra after that name

If you read carefully you will have your full answer

ahaha
The answer was so close)
thank you

How do I start http sever using npm?

Type that exact same sentence into google.

Not being rude btw

Okay thx

curl -s http:/Server_IP:Port/ -X POST -d "Param1=/serial.php" is bringing up the get request sample. Not the serial.

What am I doing wrong?

Can I get some help?

@dapper belfry sorry to bug you again.

I'm just kinda stuck

sorry, I don't understand

I'm doing the Obfuscation course and I'm stuck on the HTTP request section

I run curl -s http://SERVER_IP:PORT/ -X POST -d "Param1=/serial.php" but it's coming up as the home page.

As if I did curl http://SEVER_IP:PORT/

curl http://sever_ip/:PORT/serial.php

it'll go there

Blank

Even the source code

Is that supposed to happen?

Haha!

Nevermind I figured it out

New problem, it's not excepting my answer even though its right.

The code was a base64 which I tried to enter it in plain text and the decoded text

how do u know its right, or detemined its right ?

Because it makes a coherent message

hmm

what is the question ?

are u doing the assessment or ?

Decoding

It's a base 64 decoded from the serial.php message

okay

so what did u get ?

give me the first 3 letters here

Fuck my Session terminated hold on

alright .

7h15

yeap

It's not accepting though

thats not the answer

its asking for flags

hi ım hacker

?

ım hacker

to get the flag, u need to send a post request to serial php and set the data that u found

do u know how to do that ? @coarse escarp

No

hello hacker

hello my friend

are you shit?

have u solved the prev question ? the http request ?

Yes

hello friend, do u feel big saying that online ? 😆

yees!!

ım porn stars

if u done that, then its the same concept but u have to send the data this time

congrats man .

The last one > curl http://sever_ip/:PORT/serial.php
Though I used this method

Because I couldn't figure out what I was doing wronf

Wrong

curl http://sever_ip/:PORT/serial.php

mhm . im on the HTTP request page right now. and i see an example on how u can send a POST request

Yeah I followed that. And it took me back to the main request page

Several different times

have u decoded the string u recieved ?

Yes

alright now u need to send the post request

Ok

the example are on the same page too

u just have to change a few things from there, and put in ur decoded output

and u get ur flag

its even in the cheat sheet .

use it , it helps alot

I got back the coded message

Was that supposed to happen?

New error

Curl (5) could not resolve proxy: POST

i just did a hands on

it work for me

So did i

I'll send you a screenshot

okay pm me

Are you shown off-line?

what u mean ?

Nvrmnd

dont have to add as friend

nvm

Sent a request

saw it

the reason why u didnt get ur flag

is because u are using the wrong parameters

ur decoded output is correct

I'm learning basic of terminal. how do you guys find the answers on the questions? any tips do you google it or you keep reading and try to solve it yourself?

if possible, try not to google for the answers but google how it works and how to use it

most of us here sometimes refer to google too, its not wrong .

guys what should i do to get free credits in a game

Still trouble with SQLmodule in the Assessment with the last question can someone give me a little hint regarding json Bypass waf?

Hey guys, i am trying to solve a question in Linux fundamentals, but i can't solve this. The question is which kernel version is installed on the system. i know the command to see the version and stuff, but what's the syntax? just give me a hint, not the awnser. thankyou very much!

if you know the command why don't you try to pull up the help information

I did, but i can't figure it out somehow

let me check again

its even written in the section

jupp, i know. can't figure it out. im gonna leave this question for a few hours. Thanks anyway

this link might help - it covers the various items of the output https://stackoverflow.com/questions/6943803/understanding-uname-output

I dont think u are connected to the ssh ..

Am i right ?

i am using the web to interact with the machine, i can try use ssh.

okay i got it, lol.... 🤯

let me check what i did wrong

yea,, with ssh it works 🤯 thanks guys

issue resolved lol

thx

np

Hi guys, I am trying to solve a question in the Linux fundamentals, in the section Workflow - File Descriptors and Redirections - the last question: How many total packages are installed on the target system? -- I am connected to the ssh target machine and I am using following command dpkg-query -f '${binary:Package}\n' -W | wc -l, but apparently 743 is the wrong number. Can someone please help me out.

Got it, by myslef, but thanks!

i'm doing the windows fundamentals module and having issues with RDP if anyone could help

when trying to log in from my vm i get this error

and then when i try through the instance on the module page i get this

any help would be greatly appreciated

try to switch the negociation security protocol using the /sec: option

ok will have a go thanks

i tried logging on normally through the instance on the module page and its working fine now....

thanks for the suggestion tho

np

C:\Windows\System32>Get-WmiObject -Class win32_OperatingSystem | select Version,BuildNumber
'Get-WmiObject' is not recognized as an internal or external command,
operable program or batch file.

hi guys i ve started the windows fundamental section... but i am stucked at the very first section .. i am not able to use Get-WmiObject ...it appears this: C:\Windows\System32>Get-WmiObject -Class win32_OperatingSystem | select Version,BuildNumber
'Get-WmiObject' is not recognized as an internal or external command,
operable program or batch file. may someone help me ? ❤️

Where do you run that command @earnest glacier ?

PowerShell or CMD?

cmd

Hmm, have you tried PowerShell?

those Cmdlets are specific to PowerShell

so i have to remote connetc to windows target and than i use linux poweshell to get information?

You need remote connection to the Windows machine, then run Powershell in that remote machine. That's all

how can i run powershell in windows?

i thought that there is just cmd in windows

Nope! Windows has CMD and Powershell

You just press the start button and type PowerShell, you will find it there

oks i ll try, thanks a lot 🙂

Good luck! 👍

How do I send a GET request to flag.php with parameters num1 and num2 that add up to 1337

I have tried the ff:
GET targetURL/flag.php?num1=1000&num2=337 HTTP/1.1
targetURL/flag.php?num1=1000&num2=337
flag.php?num1=1000&num2=337
GET /flag.php?num1=1000&num2=337 HTTP/1.1
GET flag.php?num1=1000&num2=337 HTTP/1.1

I'm out of ideas cos ik it has to contain sumn like "flag.php?num1=1000&num2=337"

any help or hint?

How do you send those two name:value pair to the server?

name:value@targetURL

i think

oh wait, i see

GET http://num1:1000&num2:337@178.128.40.217:30341/flag.php HTTP/1.1 didnt work

YOu use the Burp Suite right?

isnt burp suite how you use exploits or do u use metasploit? .... im a noob idk

He can also send the data via Burp

am i supposed to do that for this? https://prnt.sc/xb1nmi

Nah, you will get a flag after you send those 2 values correctly to the server!

ahh i see

Thanks

No problem!

I thought they wanted the method to do it and not requesting me to do it on the workstation

Usually they don't require to type commands as challenge

The commands give you access to resources and flags mostly

oh ok ic

@rustic sage Are you at the lesson where you need to post to get a serial?

this is the one

Using what you learned in this section, determine the type of encoding used in the string you got at previous exercise, and decode it. To get the flag, you can send a 'POST' request to 'serial.php', and set the data as "serial=YOUR_DECODED_OUTPUT".

Exactly!

Because it is a POST method, usually the name:value pair comes after the name of the page lik this:

http://ip:port/serial.php?serial=YOUR_DECODED_OUTPUT

you can use curl to get that

oh i've tried it

but

didnt get thing

so thats why abandoned that method

u mean like this right?

@rustic sage it works as expected!

try with ur inverted comma

Hi Hackers, although I already answered the question of Windows Fundamentals/Windows Services & Processes I would like to know why the answer is considered a non-standard service.
I googled the standard and non-standard services on windows while trying to solve it and I didn't find the answer.
However, thanks to the hint and some comments here I have been able to solve it.

@lapis stump it does not come with Windows by default

Umm ok, I should have searched as default services and not default.
Thanks for the clarification. I wrote "non-standard"

It was that VPN service right?

It's a pdf related service in the hint that gives you that clue.

Oh yes! True. Got it confused

👍

Can someone help me to ssh im stuck

Im new to tjos

This

ssh -l <username> <spawned ip>

type that into the terminal, then it will ask you for the password

of course you replace <username> with htb-student and <spawned ip> with the one provided by the page ! @floral leaf

Thanx so much

how can i start a http server using npm?

many of us including myself shared a link or give a tip about it . search using the search engine in the discord to find it 🙂

any help

Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)

I got it😆

Hi all. Wondering if there is someone who might be able to give me a nice slap to get my brain moving in the right direction on the POST method module?

i understand that the cookie is the data that I should be working with, but moving forward into the JSON part is tripping me up

can u read the cookie like in human format ?

i ran it through the decoder in burp, which gave me something human readable but im thinking it isn't enough

still have 24 characters that are not readable

ahhh

now compare that with ur the string u recieve once u log in as guest

@timid grove mind if I shoot you a DM?

alright shoot me

does anyone have the same problem with ssh? its resetting after 1 minute

everytime i am logged in

@halcyon copper lets not share any answers

hello !! @autumn pilot

haha

buffer overflows module was very satisfying

i found the key in JavaScript Deobfuscation but it says incorrect

Could someone help?

first part

Nevermind.. was blind.. standing in the forest and could not see the trees

XD

mhm

@tough fjord can we do something about this guy

you sending an ISO file

and saying it's a tutorial

are you quite ok

did I ask

Pure brain damage

Also what are you trying to achieve with a dead link lmao ? @spare turret

Thats evident lmao 😄

++ban @spare turret don't troll

Noice

Very noice

++rep Agent_Tiro

That would be cool , a ++rep bot where you can give in discord rep

thanks agent

tyty

Hey guys, I just started on HTB... I am stuck on a question in the Linux Fundamentals. It is asking me to find the unit name in the "Service and Process" section by using the systemctl command with the description "Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer." I used: systemctl list-units --type=service to find: "apparmor.service" but it is saying that answer is not correct? What am I missing here?

btw im signed in as root

and ssh is running

there's no way u can sign in as root as far i remembered

ssh to the target ip address bro

I am absolutely new to all of this

I dont think its asking for the ip address just the unit name which is: apparmor.service

I also sent HTB a message to advise

would it be "apparmor" without the .service?

also if I use the command "whoami" it comes back as "root"

Making Java Section.. is nice.. >D

I had to move on from Windows Fundamentals lol

!rank

gotta start somewhere

Hello

hello

I'm new to all of this. What courses are best for a beginner and should I learn basic java script before trying this?

I just started as well on HTB going through the fundamentals first... gotta have that foundation

I know but it doesn't seem to teach java or html or anything. It more seems to teach how to use those skills.

Am I right in thinking that or not?

I don't know, but a good foundation cant hurt. Theres a JavaScript Module but im not sure if that is what you are looking for... see below: https://academy.hackthebox.eu/module/details/41

Also has anyone here hacked the box yet. That's my goal

If so how difficult is it?

Also check out: https://academy.hackthebox.eu/storage/modules/38/logo.png

seems to be JavaScript 101

!rank

good talk

Okay

Thank you

np

The delivery box is a good place to start . That is my first box after learning in the academy

@brisk basin #bot-commands come here to check ur rank next time ! 👍

thank you just checked it out

!rank

#bot-commands

After completing the "Web Requests" and also "Javascript Deobfuscation" the invite code is very easy to find

You actually just apply what you have already learned, without any difficulty or attempt to confuse you

!rank

You are an absolute beginner in the computer science and/or IT field?

if so, then you might want to practice some coding to get a grasp of the fundamental principles

i would suggest python, you should check some free courses in learning portals such as Udacity, edX and Coursera.

!rank

I’m new to HTB, have done many courses of Python including on edx , but how or where it could be applied?

have you completed the cracking into HTB module>

?

Nope, just starting with Linux fundamentals , just to refresh

it introduces Javascript with concepts like object creation, variables, script execution. I imagine it can be overwealming for an absolute beginner

i come from a computer science background,

There is a Starting point but couldn’t connect through smbclient

Nice !

linux fundamentals is my next module

just for refresh 🙂

There is also a bash scripting I want to move next .

Have you done yet?

nop, but due to my background i know most of the concepts introduced in the fundamentals

just doing them all for the sake of completeness

before jumping into HTB

i have cracked the login page, but not attempted anything yet

Wow , well I had some help

have you cracked in to HTB? before you told me that you didnt enroll in cracking into htb module

you should have enrolled in it, then htb invite code is a piece of cake

!rank

Cracked the HTB means get the invitation code?

yep

Oh

Yes I did but I got some help

there is also a HTB academy module called "cracking into htb"

Afterwards it isn’t too hard

which introduces the knowledge needed and the tricks

There were some tricks I didn’t know

!rank

Hi Guys im doing the Fundamentals now and im stuck at the system info section. I was able to ssh into the target and was attempting the answer the questions when i prematurely closed my terminal and lost connection. Now when i try to login with ssh im getting a permission denied . i have even tried the reset target button with no luck

if you're using the vpn connection pack, check your connection there didn't die

hello everyone , i have a question how can i use hack the box targets with my own linux distro ?

Hi, I'm busy with Web Requests, Post Method. Please help.
||-I've logged in as guest/guest.
-taken the value form the cookie and decoded it and trimmed it until there was no error
-changed guest to admin
-re-encoded it

• pasted it in burp and the cookie||

but i'm still not getting a flag as it feels that this is simply 'n text change and not real admin

yes

how can i do that ?

https://www.hackthebox.eu/home/start

you can DM me if you want some help/hints 👍

check dm

Can somebody help me . What is the inode number of the shadow.bak file in the var/backups directory

Can not find it

Hey all, showing my inability to google shit, however within the linux funda academy course, i'm stuck on the user management questions (literally the first one), asking me "Which option needs to be set to create a home directory for a new user using "useradd" command?" i'd looked under "man useradd" and "useradd -h", and I can see the option to set is "-d, --home-dir HOME_DIR", however when I user -d, --home-dir or --home-dir HOME_DIR, it says incorrect response. The question doesn't specify a username, so i'm not sure what other options it wants me to provide, given the question is pretty specific.

Never mind, thanks all, for those looking, I can tell you it is as simple as a single letter (like "-d"), but "-d" is not the correct answer.

@zinc pollen are you sure you consulted the help with attention?

There is a slight difference between -d and the command you seek! Read carefully and you will find the answer!

where to write that unam -a

help me

You aren't ranked yet. Send some messages first, then try again.

@zinc pollen option -d is for home directory of new account... keep looking at that list and see if another option works better.

same list, just different answer 😉

Avoid using bot related commands rank and etc and use them in the specified channel for the purpose #bot-commands

Still trying to figure out this MF question in the Service and Process Management section.... to reiterate... Question: "Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer." I used the command: "systemctl list-units --type=service" which brought up the units and the ONLY one with the description: "Load AppArmor profiles" is "apparmor.service. It's still saying it is the wrong answer... somebody please help before I put my face through the monitor. This is like hour 7 trying to figure this out 😫

hi guys, i'm stucked at module Attacking Web Applications with Ffuf,

you are very close! @brisk basin you need the unit name that has that description.

under unit it only says: apparmor.service

then the statuses and the description

@brisk basin Are you sure there is no prefix to that service you mentioned?

I have a screen shot I can send you if you wouldn't mind...

hi guys i'm stucked at Attacking Web Applications with Ffuf parameter fuzzing -get, at the question Using what you learned in this section, run a parameter fuzzing scan on this page. what is the parameter accepted by this webpage?....when i post this command: ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php?FUZZ=key -fs xxx i got a very big list of parameters....i have try all but it didnt work....help me!!

Did you filter the list based on it's size @clear bough ?

yes i filtered the list in every way!!

i solved thank you!!

Great! 👍

You are doing well, you just need to pay more attention to the formulation of the question, you are looking the other way.👍

Hey guys how you doing!! Someone can help with windows fundamental, with non-standard service?

Im stuck can find service in powershell 😅

Can’t

hey everyone, hope youre having a great day/night! I had two questions.

How do I gain access to messaging in medium-modules and other channles, is there some sort of validation I need to do with my discord username?

2nd Question:
In the DNS records with ffuf section. It mentions that academ.htb is not a valid public domain, and suggests using the command:

sudo sh -c 'echo "SERVER_IP  academy.htb" >> /etc/hosts'

to add it to our host file.
To clarify, where it says SERVER_IP , that is simply a stand in for whatever the ip address is of the host machine we spin up, correct? Meaning if I use this command I should substitute in that IP address,
I am confused because the documentation makes it sound like running that command will make academy.htb accessible from any machine.

If you want to have access to #774040485748539423 and the other channels you will need to verify your HTB account

To talk in other channels you need to verify yourself first:

1. Send ++verify in the #bot-commands channel
2. Follow the instruction you will receive in PM (i.e send ++identify <Account Identifier> directly to the bot
   (The instructions are available in the #welcome channel)

@cerulean ridge Thanks for clearing that up

you will need an account on the main hackthebox website

right, ok which I wont have until I break in 😂 gotcha. Might you have any insight on that second question

yes

academy.htb is not a normal domain like hackthebox.eu or google.com for example since it can not be resolved in a DNS

so /etc/hosts is basically a lookup for your computer to see which hostname refers to which IP without contacting your DNS

so in this case your system will see that academy.htb is in /etc/hosts so it knows to go to the given IP

right, and I would need to plug in the current IP of whatever machine is serving up the content correct? So my host file would look like

10.24.34.66 academy.htb 

for eg

A more detailed explanation is given on https://unix.stackexchange.com/questions/421491/what-is-the-purpose-of-etc-hosts/421500#421500 for example

if you want academy.htb to point to 10.24.34.66 then yes

perfect! I understand now, and thanks for the detailed documentation

you're welcome

A non-standard service is one that does not come in the system by default, now, you must filter those that are running and see which are non-standard and place the name of the executable in the answer. in the module you have the command. Good luck!

Got it! I’ll try to filter with get-services

Im stuck help me if u can. ” how many filés exist on the system that have .log file exstensions ”

??