#modules

Ok im lost if the user mail directory isn't /var/mail or /var/spool/mail then where is it?

hello , where can i find the module Networking Fundamentals ?

Hi moesaid, please be specific to see if I can help you, which Module? Which page?

Im mean linux fundementals file descriptors and redirections

Couldn't you check the log files by running a wildcard search through the root directory?

Im new to this

Hi sleepybot, I don't think that module exists.

I am too, I learned about wildcards in college for basic command line usage but that would be your best bet probably

Alright i Will search for it thanx

No problem

No problem, I'm new too

i couldnt find it and required in some module like web requests

Anyone know where the user mail directory is?

Have you tried playing with the lesson commands and filtering out what you are looking for?

I have tried but i Guess i need to try more

Ok I understand what you mean, the same thing happened to me seeing the content of web request I saw that it was necessary Networking fundamentals and I also looked for it but I think it refers to having fundamental knowledge in networks because as a module does not exist in the academy.

Do you mean the htb-students email?

"What is the path to the htb-student's mail?"

You are on the right track, just pay more attention to the environment.

👍

dang haha i didnt even think to check that, and it has most of the other needed info too

thanks

We are here to help each other.👍 And learn together

env | grep mail

I’ve made that module yesterday and realized almost all the information is under env , including the type of shell

ok so in linux fundementals i am completely stumped, and ive tried every comman under su and even some in useradd and usermod and i'm lost

the question is

Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)

so I ran su --help got the list and tried every command in it

Am I looking in the complete wrong place?

@quiet owl did you found it after a close inspection in the help?

i've tried every command in it and nothing has worked

Read the question again, the argument is there but you interpret the task in a slightly different way!

happy friday! We just published a new module SQL Injection Fundamentals!

Thank you @blissful verge Looking forward for that module!

See the help there is a —command option

👍 😎

I was stuck on the fundamental modules

I dunno how to start http server using npm

Anybody's who passed in that question pls gimme any hint

Hi everyone. can i ask about linux fundamentals?

Sure @stray oyster

a few minutes ago I successfully completed the module Linux Fundamentals. Thanks @rustic sage

When it ask for which version of windows NT it has? What does NT stand for ?

@stray oyster Great!

so, say I wanted to find out what mail client a user used. is there a command I can use to return this information? I am able to see that a process is running on port 25 but not what program it is

I digress, env | grep mail did it for me

I am going to get Linux fundamentals done today

start covering academy

Dewit.

am I going daft, the web requests modules, A question asks for the apache server version, but the response I intercepted only shows nginx

never mind. I am the worlds stupidest person

Hello Hakers! I am stuck in Web Request / GET method / when I activate Burp in the browser the urls do not navigate / connect, it is as if the connection is dropped. /Forget it, I already solved it.

same here i am stuck

i am gusseing you can download this package sudo npm install -g http-server and then http-server -p 8080.

i've tried http-server -p 8080 as an answer but was wrong

sorry this is the answer http-server -p 8080

i had a silly mistake by putting a full stop at the end

anybody on linux fundamentals navigation part

cant find the hidden history file

Play around with the commands in the lesson and you will find the answer. You must run a command that shows you the hidden files.

ls -a showed the files that start with a .

what do they mean by history here

are you in your home dir?

yes

i think i am in a different user

there should be a file containing history

user52153@htb-wo6s96hxnn

thats the user i am logged in to

i dont remember the user but just reset the box and open the shell and hit ls -la and you should see the file

thats what i got . https://i.stack.imgur.com/jwlHo.png

ah, yea you need to ssh to the target

SSH to with user "htb-student" and password "HTB_@cademy_stdnt!"

thanks

Stuck on Linux fundamentals : Navigation

and i have seen that ls -l gives an extra line at the beginning , so i tried submitting 176 as answer
but no number from 170-180 to works as an answer
if anyone can point out a mistake, it would be so nice of you

can you help?

you need to use ls -i

-i, --inode print the index number of each file

oof :( sorry i didnt even check it

thx

anybody on Find Files and Directories part?

htb-student cant be a sudoeors

sudoeor*

ya i did it just now

How did you find the .config file between size 25k and 28k

I tried find / -type f -name *.config -size +25k -newemrt 2020-03-03 with ls -sh to show the file sizes

But no file was between 25k and 28k

try: -size +25k -size -28k

i did i got nothing https://ibb.co/GRvynhh

i tried in htb-student but many of the files permission was denied since I cant sudo

running it on htb-student https://ibb.co/GdqJw16

@all hi guyz...I have exploited the stack based buffer overflow vulnerability in the leave_msg binary...but when shell is spawned it shows the htb-student as user not as root..does anyone know the reason?

i guess htb-student cant be a sudoer

hi Thanks for replying...yes its not in sudoers. but the owner of the leave_msg binary is root then it should execute with the root privielges according to the concept of setuid as setuid bit is set

check if you search for the correct extension, take a look at the example in the section

got it know thanks, it said config file idk why use conf

yo lads is the networking fundamentals module removed?

why can't i speak into medium-modules cchat?

i cant too I am not sure

you have to identify to the htb bot

work in progress !

hello everyone, happy Sunday!

Aight better bring that stuff back ASAP then

?????

It was never there to be brought back. Its in the works

I'm running into a problem in web requests

I should be getting a base64 code but I got something completely different for auth

try using curl to post make a post request.

Cmd?

It wont should in burp

Show*

Hi, I need help with Window Fundamental
"What non-standard application is running under the current user ? (The answer is case sensitive)."

I tried all process that I found using Powershell and Task Manager ....

if i remember correctly i used Get-Process and it was a vpn service

omg >.< I was looking for something like "dangerousApp.exe" not something legit

for the web requests module- Get method. http://inlanefreight.com is not prompting for username and password

what do i do?

i know that this should work

curl -u admin:password 'http://inlanefreight.com/flag.php?num1=1000&num2=337'

are you making the request to the actual page inlanefreight.com?

should be the spawned target

but i am not able to get the cookie with burpsuite since firefox directs me to https

i did spawn the target

theres no password prompt in the browser though

you don't need the cookies, just enter http://<ip>:<port>/flag.php?num1=1000&num2=337

in firefox

ok ill try that but it didnt say anything about using the ip in the steps

in the examples sometimes there's an actual website but the exercises are always against the spawned target

oh

sweet. thanks. that worked i got the flag

Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)
I tried using su --login

Hello everyone! I´m new on this , i have 1% knowledge. And I was wondering if I can complete all the modules using Windows 10?

ehhh yee any help?

ik you type ´´´

´´´bash

wtfrick

uname -v

you need to run uname -a and then find the format corresponding to this format

this is right

ye but idont understand the fromat

ohh

to match the sample format given

yes

lemme know if it works

ok

still can't do it

I tried ```bash
1.22.3-1parrot

nope

lol i'm stoopid

We dont give answers here

U have to ssh in

@timid grove sorry

And then get the version

ssh in the?

from the last step?

In the target network

ok

oh frick

lmao

thx for the tip forgot that I want sshed into the server

opps forgot #774038216239349820 exists

how do i find the total packages installed on the target system? I made sure to ssh, but it's telling me neither 738 or 748 are correct...

@night osprey what command did you use?

apt list --installed | wc -l and then I used dpkg-query -l | wc -l

wc -l counts the lines

I assumed it wanted me to try and sudo those so I mistakenly used that

figure it out from here

oh

I thought wc was a recursive system wide thing

@night osprey You got it?

Lol no

Can I DM you what I'm trying?

sure

thanks

Damn we all on that problem tonight 😂

i need help with linux fundamentals

please 😭

what

i dont understand the system information content

i dont know what i need to do

the Pwnbox is pretty slow

i need to find somethings, but i dont know the commands to find they

tip to```bash
man uname

@rugged sierra

anybody on web requests module part 7

POST method part

@round dock i do it, what i need to do know?

x86

i need to find the home directory

it put x86-64

x86_64

what is the code for the home directory

?

im not english so it is not too easy to understand it at all

you need to access the home directory?

i need to say what is the path to the home directory

do you know how to do it @mint karma ?

cd /

then cd home

it puts that there isnt any file or directory

thats strange

try cd /

then ls

tell me if you see home

it change one thing

the brackets where is supposed to be the home directory is filled whit this (/) and not with the usual thing

i see home now

it puts home and three more rows down of it

what i need to do now?

cd home

ok, now what?

which task are you in

im in the system information from the linux module, i need to put the paths to find some things

What is the path to htb-student's home directory

this is the question i need to solve

you can access directories through cd/(directory)

sorry cd /(directory)

so you need to go to home then htb-student

this dont work

it put me sintax error near unexpected token

anyone around that can help me with some bash scripting?

i need some help too really quick if anyone is on

on web requests module- Post method. i have tried changing the content type to application json. then i used the json format for the login and password once i could see the cookie. i even tried changing tha login password to gretaer than zero like the instructions said.

but i an unable to loginto admin from guest still

i also tried decrytping the cookie with base64 but it says guest_7618c4466762984986MWM%3D

so that must mean its a guest cookie. so i dont know how to get the admin cookie

now i have tried replacing guest_ with admin_ in the cookie and re encoded it with base64 then pasted it back into the proxy page but when i step forward as far as i can its just says admin panel Welcome, admin_7fba67718ff20ec8abMDQ%3D! but theres no flag. so how do i get the flag please?

nevermind. i found a redit page that helped me. i got the flag. i had to replace the gibberish with admin and encode it as base64. i was so close lol.

GG mate

I on the other hand got a problem on the system information in linux fundamentals

for the kernel version i used the command -a -r -v copy/pasted the answers but none work ... what am I missing ?

Hey guys I feel really dumb asking this but I am stuck on the User Management module of the Linux Fundamentals course. The question I am having trouble on is "Which option needs to be set to execute a command as a different user using the "su" command. I have tried su --command su --login . I just can't seem to figure it out. If someone can point me in the right direction I would appreciate the help.

Using --command should render the same result I think

it says option @orchid pawn , not the whole command

holy shit if i am that dumb lmao

Has anyone done the filter content section of Linux fundamentals?

@rustic sage thank you so much lmao

i feel like an idiot

wow

Nah, happends to all of us!

Yeah some of the questions, you can have the right answer minus a space or something, makes you feel dumb until you figure it out

Has anyone done the filter content section of Linux fundamentals?

Got my head stuck on the filter contents section

Any pointers?

I've tried finding the user for proftpd but all I get is permission denied

the inlanefreight ?

Yeah that's it, and the other question about the profits server

Needless to say I've never heard of curl , I tired running it with the URL but it said it wasn't able to resolve host

the module u doing now has no example of curl ?

I can't see one, it just asks to use curl from your own box and obtain the source code for inlanefrieght

I'll go back through the module and see if I missed it, or forgot about it 😅

yeap

u definitely missed it

Found it, I'll try the cmd

nice ! okay

try to filter as much as u can

Yeah same thing,could not resolve host, thanks man I'll play with the filters

@oak jetty pm me ur command

Will do, just going for my food I'll play around with the filters before I

I did it in the lab not pwnbox, think I've got it now

okay !

this question really seems like a puzzle

Directory Fuzzing

https://ibb.co/h7kxmKY

nvm got it

Hello, I am in SQL Injection Fundamentals Module and I can't connect mysql server.
bash: mysql: command not found
How can I solve that problem? My Workstation Parrot doesn't have the mysql.

I solved it:

apt-get update
apt-get install phpmyadmin

hmm install it then

it could be not installed on the system

sudo apt-get install mysql-shell

I need help bros. With fundamental question i Been stuck for many hours
” how many files exist on the system that have .log file exstension” ??

Tried everything i could

If i type http://<ip>:<port>/flag.php?num1=1000&num2=337 firefox wants me to login. What i am doing wrong?

try using curl in the bash terminal with the login at the start

curl -u "admin:password" etc..

im on javascript deobfuscation module- skills assessment. i have the flag but i was not taught how to stich it together

HTB{n" + "3v3r_" + "run_0" + "bfu5c" + "473d_" + "c0d3!" + "}"

hello in linux fundamentals how start the service 8080 by the comand npm?

Linux Fundamentals / Which page?

working with web service

look at http-server --help

i wasnt able to figure that one out muself either. i had to google the answer

oh, right. i remeber the command did not work. that is why i was stuck

i had to put the answer in the answer box at the bottom of the module

i had to google how to start a basic http server on linux

Search for the command to start servers on port 80, I also googled it like @nucrea did.

you mean port 8080

also to specify a port is --port or -p has stated in the in the help file

ok thank i'm finished

nice

👍

G'day all. Tryin' to solve POST question. I'm not quite sure how to correctly act via browser. Obviously toggled developer tools, win storage "renamed" cookie with admin in base64, updated GET request (after having reloaded before) with the correct cookie name.

I can just see Welcom admin ! And nuttin' else. Any hint?

what module and section?

Web Requests - POST method

you don eed to change the request to get or post

after you change the garbled text in the decoded cookie, then encode it, then user burp suite to step forward if i remember correctly

I'd like to do it via browser. Easier IMHO

And it's the browser itself with a Ctrl+R that change it with GET

the answer will show up in burp suite. im not sure if you can do it in the browser. you could try viewing the source in firefox after youre logged in as admin

ctrl r send the page to the repeater

then in the repeater tab if you click send. it show you the response

but you dont need the repeater since you can just step forward in the proxy tab

ctrl r in burp suite i mean

burp suite reads from the browser firefox

Yes, tried to see if something was hidden in source code. Nothing. Ok, I'll try with Burp. In the meantime, many thanks @atomic light multumesc

welcome

@rustic sage Be careful. When I tried to install it, a warning came up that Simple HTTP is vulnerable. With a lot of research I discovered the command is http-server -p 8080

Do NOT run it! Do NOT install simpleHTTPserver

it was not allowing me to install http-serevr without root on the pwn box anyway

Also, I recommend installing VirtualBox and mounting Parrot OS Linux on it because sometime the Instance doesn’t work right.

thats why i had to google the answer

Try to understand why that is the answer even if you didn’t come up with it.

i wasnt able to find http-server since it wasnt isnatlled. so i was not able to run the man page or --help command. but i understood the answer

it wanted to know the short form of --port

Good

Googling is great but also try to do it yourself by reading the man page of the commands. Develop those troubleshooting skills

yeah

can you help me with one?

this

nevermind. i figured it out. i just needed a break and came back with a fresh head

You’re more advanced than me. I’ve only completed Linux Fundamentals.

can someone help me?

i have completed this section, and it gave me the flag but it work work when i put in in the HTB acadmy website

try removing any unwanted characters e.g Exclamation marks and etc

who did the page fuzzing excerise

how can i filter the results

so that only the status 200 is shown

ffuf -h

well i iam trying to filter out the http 200 response so i used -fc 200 and output that to a file results.txt but there is nothing

-fc 200 would give you all the 200 responses if there were any. if there are none you won't get any output

well looks like there is none is there anyway to filter out the working http link I am trying -v true now

on the website its showd this as the result https://ibb.co/1zwFhGh

but there is no option used I wonder how they got the result

my solutions scan through all different 87649

what's the command you're running

and yea he's not filtering in that picture. but i can't see the full command either

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php , thats the command they are running

and i am running this ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php -v true -o results.txt

http://server_address:PORT

try without the slash /

got an error

thats the command I am running https://ibb.co/qM1Jb1T

and this is the output its going through all links can I just output the working links? https://ibb.co/Y2pvfKr

ok i got it

I finally looked on Task Manager, and looked at startup Tab. This program pops up sometimes when first going loging on to windows.

🌚

hi all

heyy everyone just new today hope 2 learn alot from hear just starting out on cyber sec and eth hack

Web Requests->Post Method question: I get to the Admin page and the message stating "the flag is" and the flag, but I even tried hand typing it into the answer and also tried the format HTB{flag} and its not accepting. Do I need to do something with the flag after the server coughs up that flag?

Hmm @gaunt crane have you tried to remove the last char?

@rustic sage that did it! Thx! Tried a bunch of combos but I guess I didn't try that one.

👍

hey guys

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://159.65.87.50:31955/FUZZ -recursion -recursion-depth 1 -e .php -v anybody knows how I can output just the working links from this

Status: 200

yup I tried -fc 200

i got this output

https://ibb.co/dDvq38g

ive been using -o test.txt && cat test.txt | grep http://000.000.000:0000/

but i need a better way

none of them have a flag unfortuntley

i fuzzed through /blog and /forum

the output file seems hard to read

I cant read it

At which challenge ar you at @mint karma ?

I see that your /blog/ found you 2 pages!

ATTACKING WEB APPLICATIONS WITH FFUF module / recrusive fuzzing

yup one is empty and the other was the answer to the previous question

@mint karma no need for filtering just scroll up in the terminal you will find what you looking for

make sure to remove the annoying copyright things

Did you do a subdir FUZZ first?

yup i found /blog and /forum and then i fuzz through forum and found forum/index.php and then found blog/home.php and blog/index.php when i fuzz through blog

what do u mean by copyright thing

oh i figured it out

-mc 200

your question helped me find the flag

oops im in the wrong thread. im done with fundamentals. that was for easy tier 0

hello, i'm following the sql injection fundamental course, i tried to log to mariadb but i get the error :mysql: command not found

can anyone help me please

Install mysl

its on the vm

?

What you mean

in the "myworkstation"

I don't understand you sorry

in the academy u get a linux instance,

i opened a terminal

Hello if anyone finished attacking web applications with ffuf module please dm me asap! thank you.

Hey, I need help in the decoding section in JavaScript Deobfuscation. I am working on it for too long and re-reading here I see many had the same issues I have. i just can't seem to wrap my head around what I am missing.

I'm not getting anything from response if I run the repeater

@coarse escarp try to get the cookie of the guest/guest login, and check it out!

I got the cookie for guest

Running the cookie in repeater didn't work either

You need to do something about that cookie! Work with it and try to understand it

I'm running it through curl

The application/x-form thing

I'm either getting cannot resolve host or bad/illegal format or missing url

No need to run it through curl. Take the cookie string and inspect it

When something which first is a clear text, and then results as a string mess, that's usually encrypted

The cookie seems like it's encoded

Yes!

Now play with it and make sure you send the right data to the repeater!

It's a base64 code

Add Cookie: auth=Decoded?

And my VM froze

Still nothing

@rustic sage

Great job! Now you know how it is constructed. Tthe guest string, which you typed and an unique ID

But you need admin.....

I'm guessing i make my cookie do a privilege escalation by using the commands

Play with that cookie now that you know how it's constructed.

What is the bad math error?

Can anyone DM me for help?

@true flume I guess I can try helping

I can't send a direct message, so I'll try to ask here.

The issue, which I've seen that quite a few has stumbled upon is regarding the POST method. I did the decoding correctly, but I can't seem to POST the data.

you

you mean sending the data with POST request?

Yes.

you can do it with curl or burp

I tried many variations.

I am using burp, but I can't understand curl enough. I passed the Web Requests module without the need of using curl.

And in burp, I get the same respond which is not the flag.

ok, so you can send the POST with the repeater

I did that, and I am stuck in that point.

what exactly are you doing, as currently I am not sure what are we talking about 🙂

I am trying to send the data of "serial=<the decoded message>"

at Web requests?

No, at the decoding section of JavaScript Deobfuscation module.

Using what you learned in this section, determine the type of encoding used in the string you got at previous exercise, and decode it. To get the flag, you can send a 'POST' request to 'serial.php', and set the data as "serial=YOUR_DECODED_OUTPUT".

yeah I am looking at it

so you are sending a post request to serial.php with the message of serial=<the decoded message>, but you don't get the flag?

Yes, I am getting a different encoded output which is not passing as an answer.

are you sure you decode the message correctly?

I think so.

this is the string we need to decode ?

N2gxNV8xNV9hX3MzY3IzN19tMzU1NGcz

No, that's the output I recieved after I am doing a POST request with the decoded string from the pervious exercise.

And I decoded that too, and it's not the flag.

just did it

worked for me

how do you send the post request

You decoded that and sent as the flag?

it tells you to take teh string from previous exercise, decode it and send it as post

Wait, you sent the POST request with this string? N2gxNV8xNV9hX3MzY3IzN19tMzU1NGcz

no

you decode it first

Yes, I decoded that already. And sent it with POST, and I got back the same string.

hoe do you send the post request? with burp or curl

With burp.

I used POST /serial.php HTTP/1.1

and tried to sent the data in the body

can you show me the screenshot of burp where you send it

Well, I don't want to spoil the decoding.

I tried also using curl with

i did it with curl

curl -s http:/159.65.87.50:30229/ -X POST -d "serial=<decoded message>"

and just did it with burp and it worked

curl -s /server.php -X POST -d "serial=<decoded message>" HTTP/1.1

you are sending it to wrong location

So what am I not getting?

how does the full url looks where you want to send it?

What do you mean?

URL where you need to send request to

http://server_ip/:PORT/

you are missing a part in this url

they are saying to serial.php

http://server_ip:port/serial.php

I think I tried that, but maybe I missed something in the syntax. I'll try now.

The instances are offline at the moment :\

Hi, is there anyone who can help me with reading rules of iptables?

@true flume start a new one

"Error: There are no available instances. Please try again later."

Ha, never saw that

Weird.

i've got it to

same here

🙏 Thank you.

a

Hello

I'm now

what's going on in general, how to get around, etc.???

Sql injection anyone

@Staszek#7204 you need to verify to access the rest. Check #welcome for details

From the top, make it drop...

thanks to eucrates 👍

Windows Fundamentals

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

Is there any easier way of solving this than just typing in powershell and looking thorugh all running proceses

Get-Service | ? {$_.Status -eq "Running"} |fl

im using this rn

i have the answer but still is there easier way to search for keyword like update

anybody around that can help with the ffuf module?

@worn ridge i might be dm me

@snow sky maybe look through the task manager?

not sure but that might help

How do I go about finding the non-standard directory in the C:\ drive??

It wasn't all too clear as to what the difference was between standard and non-standard

@night osprey what module

Windows fundamentals

which section/page

operating system structure

im stuck on linux fundamentals again*** Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080 (use the short argument to specify the port number).***

I mean I know standard must be the C:\ drive

i tried everything i could find on google about npm commands and i only get errors

Can I dm you?

yes please

Having trouble with the Web Requests module, the target IP won't load in Firefox as per instructions. (Request & Response) section

Hello, I managed to to all the GET section of the HTTP module, now I wonder how do i get the flag from the virtual machine to my real computer. I can't copy it from the clipboard in there, when I take an image of it and try to use an image to text converter, it messes up, any easy soultion? I don't want to look how to type all those special characters

Unless... (spoiler, giving away part of the solution)||the flag is just a base 64 code that can be decoded with Burpo, right?||

Edit 1: Also, I tried ||decoding the encoded flag with an online page but it did not output the same result||
Edit 2: [solved] oh, I just had to put the letters and numbers and not decode it...

I'm stuck on 'Linux Fundamentals' Find a way to start a simple HTTP server using "php". Submit the command that starts the web server on the localhost (127.0.0.1) on port 8080.

its the right answer limpylegs helped me aswell! thank you

do you have an answer for the next question in that segment. All the attempts I make seem to be wrong

the one with php?

the answer is in the question php -s *************

Thank for the answer

Not sure it helps. I keep getting an 'incorrect' message

That's the right answer

you just have to add the ip and port

spoiler alert

Yups dont using localhost but using the ip adress of localhost

im stuck again

How many files exist on the system that have the ".log" file extension?

htb-student@nixfund:/etc$ locate .log wc -c
273

i cant find the right number am i looking in the wrong directory?

The command is php

i sent you the answer in private

I'm also stuck in that question

ill ask on support

I mean I've been answer that question

But I stuck on the package that been installed on the system

Thanks AeonArchon. Appreciated

hey guys, i just started htb and i wanted to ask how to like find path to htb-student's home directory? [i am a total newbie

hey, on a left side you see options, click on Education > Academy

What is the number of records where employees number is greater than 20.000 OR title does not contain engineer???? Im stuck

i mean like in the linux fundamentals module in system information there is a questions that says "Which kernel version is installed on the system? (Format: 1.22.3)" how do i like solve that

try looking at help options for uname

uname --help

Already did that uname -v but the ans is incorrect

check your answer format

as its character sensitive

@tired perch what section/page

The shell > system information

don't overthink it!

Um how do I do that 😅

Will try to

Hi there, noob question - was just started the Windows fundamental section and started to interact with the rpd - then updated win 10 and now when I click to start the Instance on the rpd but literally won't do anything/load/start. Would the upgrade effect the interaction with the rpd? any ideas welcome. Thanks

hi i have a test tomorrow and i have to download a doc and upload a doc and i want to get the doc before it opens and get it can anyone help

Hi after running the cmd for the rpd it ask me to key in the password however when i tried typing and copying and pasting nothing appears

make sure that you don't copy the quotes, but rather the content between/inside them

yep i did that but the problem is not the password is wrong but rather i cant key anything into the password blank. Is this suppose to happen? Sorry i'm new😓

which is the command that you are using

Have you spawned the target?

@limpid wharf @mystic edge dont go type the answer here or in the DM . dont spoil for those who really want to try and solve it

yep i spawned the target alr

its xfreerpd /v: target address /u:htb-student something like that

xfreerdp /v:target_address /u:user /p:password

thanks it works!

How do i run commands in the rdp? I can only see the recycle bin and the file explorer😓

I'm having problems with the linux fundamentals ||in "System information", at the kernel version question, i copy and paste the results of uname -v, uname -r, etc. but literally nothing works. Same thing for the last question when i type eth0, eth1 and so on..||

Hi HI, can I get a sanity check with the SQLi fundamentals module please

slip into ma dmz

o.O

make sure that you have ssh'ed in the target

find where the command line and powershell is

and an important thing is to read carefully the material

ah yeah about that, when i do the ssh the password doesn't work

it must work

verify it carefully

||"HTB_@cademy_stdnt!"|| should be the passw no?

read above what i have mentioned about passwords

and for your ease its colour codded

one more thing, please use ||spoiler tags|| when mentioning information which could be considered as a spoil

you mean this?

probably, probably not who knows if you don't test

|| i tried running the powershell from the powershell profile file but it just closes straight after||

try to troubleshoot it then, why is this behaviour and etc

but i never put the quotes :/

||i cant troubleshoot the file. Im opening powershell by going to the script and right clicking and clicking run with power shell is this correct? or am i suppose to try to find the .exe||

i have no idea what is your task and what is your logic that you are trying to follow, nor do i know the question

im trying to find powershell and run it in the rdp but i can only find the file in the documents

have you seen the icon of powershell

nope cant find it

only icon i can see is recyle bin

try smarter then

hahha okay found it

you have enough information to find the vulnerability plus you know the user

thanks

use whats given in the question and try the methods explained in the section

how do i find sid of bob.smith hint says get-wmiobject but it says nothing in the material how?

im so done

there is win32_sid

im such a big brain why always when i ask support i solve it by myself

nevermind

Get-WmiObject : Provider is not capable of the attempted operation
At line:1 char:1

• Get-WmiObject -class Win32_SID

•   + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

how do ifix

google has nice examples

try to find them

you can also use the cheatsheet

@stone slate are you connected to the remote machine?

Hi everybody. I have a couple of questions: 1) why can't I post in easy-modules channel? 2) Module "Attacking Web Applications with Ffuf", section "Recursive Fuzzing", tried many txt lists to test against webserver, but still no luck (found blog, forum, index.php, .htpasswd, .htaccess....and so on). Am I missing something in the question? Am I using wrong list?

Depends on your FUZZ command @rustic sage

Yeah, I know, as Andy Pipkin would say. (you mean ffuf or FUZZ, meaning whoch txt file I use)

FFUF

Same thing! YOu get the point.

Hello! I am new to this server and i was wondering how I...get started idk if its the right thing to say

i think the first thing to do will be to check pinned msgs 😉

hey did you ever get any help with this, i find myself stuck as well

hey going through old threads attempting to get assistance did you ever figure out how to answet the HTTP method question in the web request module?

So my error, possibly yours, is don't use the target from the instructions, generate a new target and use that. Unfortunately, the way it is done is a lot of scroll up and down between things which causes the confusion when following directions. P.S. One of the targets that was generated didn't work for me, heads up so if it doesn't load, regenerate your target.

@rustic sage in the end someone else helped me in DM

@stone slate Great!

🙌

Hi, some can help me with some problems i got? i dont know how to solve the "POST METHOD" in "WEB REQUEST" module, if someone did it or knows how to do it he or she can explain me how he or she did it?

To login with the guest/guest credentials @north lance ?

And then try to obtain admin?

yeah

@rustic sage

Did you login with the guest/guest and captured the stream in burp ?

yes

Did you find anything of interest there?

the cookie

Good, good! And did you analyze it?

yeah, i decoded it in b64

Ok and what did you get out of that?

but after that idk how to continue

"guest_numbers"

But you need admin not guest

Play with the cookie and see where you end up

As I always say....get that admin cookie'd

I am stuck on that too

You need to send the admin credentials to the server.. @honest creek , that's how you connect with any user. That's how you connected with guest

I don't get it 😆

nothing seems to work that I've tried

Well, you sent the guest username and guest password to the server and got a cookie right?

yes I did

Did you inspect that cookie?

yes, the format was guest_xxxxxxxxxxxxxxxxxx

in base64

Ok, and by analogy you need to do the same to the admin credentials, send them to the server in some shape or form

Since you don't have a password provided, you must manipulate the cookie and send that "token" to the server

Try different combos and send them to the server, see what you get

I think I got the admin cookie

but nothing much happens when I send it

maybe you didn't send it in the correct form

oh I logged in as guest and saw welcome guest

now I need to do the same

You need to work with the cookie....

I don't get it

there seems to be a username & password

on the request

you don't have password

for the user admin

Work on the cookie, make the server (or trick the server) into recognising you as admin

I'll give that a try tomorrow

thanks alot for the tips

I think familiarity with Burp is what I'm missing

No problem! 👍 Practice makes perfect

awesome thank you

Can someone help me with this question

run su -h and you will see

Tried all options but showing incorrect answer

are you sure? 🙂

it asks you to set as an answer the option that you need to add to su command

the long version of it

someone can help me with "FILTERING RESULTS" in "ATTACKING WEBSITES WITH FFUF"?

i tried a lot of request but all have full error message

first, can someone help me to add "admin.academy.thb" to /etc/host?

I get that I am supposed to get a cookie, but I am never seeing a cookie supplied from a "successful" login.

RE: Web Request module, in POST Method section asking: "Login with the credentials guest / guest and try to get to admin.

From https://academy.hackthebox.eu/module/details/35

Hi I am new to HTB.

I noticed everyone has roles. How do i get roles?

#welcome message @tropic cove

Above that message also are red/blue roles if you want them

I needed some help with one of the linux fundamentals questions

Which part

Can anyone shed some light on the topic of non-standard services/application on a Windows machine. I'm currently going through the Windows Fundamentals module in HTB Academy. It has a few question about identifying the non-standard update service on the host machine . . . I know how to look up services but don't know how to distinguish if it's non-standard or not. The question reads: "Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer."

how to see listening service on the target machine? is that ipv4 only or include the listening service on localhost

@mystic edge I think the question is referring to the Get-Service command in powershell. They haven't talked about listening ports. They just want us to see the services and processes running on the host machine. And my problem is figuring out with service/process is non-standard or not

Hi all. I'm having trouble with Linux Fundamentals. I'm on the Find Files and Directories module with this question: What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k ... I have tried using find $ find / -type f -name *.conf -user root -size +20k -newermt 2020-03-03?
I keep hitting hurdles with it. Any help would be appreciated

I am doing fundamental linux course. I am getting this wrong: "What is the path to htb-student's home directory?". Isn't that supposed to be /home/userxxxxx?

user is htb-student - try that

your on the right track

/home||/htb-student||

I don't have htb-student under /home. Because my instance is created automatically with username = userxxxxx

I didn't either but I managed to work out the answer they wanted from the info. You need to just fill in the answer as above. Like I said you're on the right track

@mystic edge Did you figure out the answer to your question "How many services are listening on the target system on all interfaces"?

Ah I see. I am supposed to ssh into victim machine and then answer question. I was confused because they never mentioned about ssh command before this exercise. But got it figured out now

Yeah - I had to google that one. Sorry I took it that you knew what the ssh command was. You all good now?

Yep. Thanks

use -size -28k and -size +25k

I'm using the command "find / type f -name *.conf -size -28k+25k -newerct 2020-03-03" Does that command sound right? I keep turning up blanks

I get a message 'unknown predicate'

use -size before +25k

so the command will look like
||find / type f -name *.conf -size 28k +25k||
?? I feel so lost with this question.

you have the command as an example in the section

use it

on the target machine

I agree. I have tried that and then some an dI get pages of errors.

next time someone posts a spoiler will get a warning

guide him rather posting the whole command

use the cheatsheet

😜

Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337

I need help please

please read what i have said above @grizzled moth

I just need a guide

Hi everyone

give that 2 parameter a value that will add up to 1337

look at the pictures or re-read the page to understand it better @copper plinth

hey guys, where I am supposed to install my apache2 on this section ? no permissions to install it in the ssh-client and the first machine from HTB-Academy

Screenshot: https://postimg.cc/1nFqyPSW

its telling u that u can download that the apache using that command on ur VM

or personal PC

but in the instance, it should already come pre-install

yeah using my VM right now for this

Z

Can someone help me with these questions

use what u learn and apply them

look at the command example in the page too

and u can always read the man page of the command u want to use

if u are using ur own VM then u should be able to download and install it

Already tested all commands and options not getting the correct answers

u shd test and also try to understand what u are trying to executing

dont copy blindly

I am not into blind copying applying after reading only

Why would I even ask if I can get the answers by copy pasting

@peak juniper ath the second one I can help you if you want feel free to dm 🙂

what im trying to say here is that the examples are there to guide you, but u need to change accordingly on what u trying to achieve

@peak juniper apply the knowledge and theory that is demonstrated in the module to the problem you are given. Answers aren't provided and like f5p4nky said - the examples guide you, you just need to fine tune it to solve the problem you are facing

thank you i now have roles

Got it I apologize

np dude

hi guys, i doing the web request module, in particular the POST method... i ve done the final exercise.. i am in the admin panel but i cant understand what i av to submit in the answer to get my points. may someone help me?

i ve got the same problem with the task in PUT and DELETE method

@tropic cove dont spoil answers!

Look for the user inforamtion ...

also have a look at the cheat-sheet

sorry i forgot to mark as spoiler

it wont happen again

Hello! Could someone help me on Linux Fundamentals please? I'm stuck in the 25k to 28k file question and my command doesn't do what I expect.

Can I put my command here or I am not allowed to write It?

k

I would suggest you to try to explain the logic you've put in the command you are using

Hi David99, If I remember correctly you must send the flag that the server response gives you once you are already admin. How do you know you are already admin?

Have you followed the exercise with the Pwnbox?

I have used the find command with the size options and with the option that only takes files newer than the date submitted, however the output us just a bunch or files where every line ends with persmission denied.

Try to find a syntax which will send this unnecessary data to a place

It was mention in one of the examples

Ok tysm!

for the "Linux fundamenals", i am having trouble with "What is the path to the htb-student's mail?"

Any help for How many total packages are installed on the target system ?

Hi acreppy2022, Using the commands explained in the lesson and observing your environment you can find the answer.

Hi dof-awfy, which module? which page? please be specific to see if we can help.

File description and redirection in Linux fundamental

I have tried eveything its because im stuck that im asking. I tried. Can u help me?

Try using "find" and add the other commands in the lesson to filter "target system" and also to enumerate the packages.
Hope that works for you, good luck!

Thank you I will try

no help for me i guess

Believe me, if you had used all the commands you would already have the answers, come on! play a little with the commands in the lesson! 💪 and you will see that there is the result. and read well what I answered above there you have a slight clue. good luck brother!

oh i see

thank you. I was getting frustrated but now I understand, it depends what command im using

im finding even the linux fundamental is kicking my ass. some of the answers are not as obvious to me , im wondering if there is a more basic video i can watch to fill in the blanks about command options or proper format

the only way to make you familiar with linux is practice. it is intended to challenge you a bit, so you start to experiment with the commands and take a look what those can do

oh i see

i was confused as to where the lessons were

but the point is u have to figure it out yourself

if u want we can do dm so we can help each other out. two noobs working together is better than one.

You can count me too three Noobs will be more fun😀😀

lol should we make a discord?

or can we do it here

hey

I am having issues with . . . getting from POST to see the
cookie named PHPSESSID through the Set-Cookie header.

In the htb, **Web Request **module, the question under the POST Method section asks:

"Login with the credentials guest / guest and try to get to admin.

i just downloaded kali linux and oracle virtual box and when i go to the installation process in the menu as soon as i open it at the end it goes to a grey screen and i have to reboot my laptop any clues why???

dont know if this is the right forum but i thought id try

when i hit esc it goes to what seems like terminal

im trying to test my system for vulnerabilities

Can anyone help with a linux fundamentals question?

because there are no such username/password

try to log in a valid user credential

u will recieve the cookie

because its valid

@proven arrow logging in with admin credentials doesn't give a cookie because they are invalid credential.s

Log in as the guest. Then see how you can abuse the cookie to become the admin

hello

was the inlanefreight domain changed? because I'm getting a different page than the one showed on the academy's lessons

The domain is there for demonstration purposes only

because I'm doing the web requests module and it says to navigate to the inlane website to be prompted with an authentication box. After the authentication seems like you'll get access to a database and stuff. But when I navigate to the domain I get no autentication box

If I'm not wrong you have to spawn the target

im using netstat -l -46 | wc -l to see listening service but the answer isn't correct

pls gimme any hint for that

ok thank you. looks I have to browse to the targer's ip and port instead of inlanefreight.com

*looks like

are you passed the listening service question?

what module is that?

linux fundamental

what chapter?

chapter 18

did you know the command options

chapter/page 18 is linux security

and it doesn't have any exercises

no no im sorry that chapter 15

there's question right there to see all listening service on the target machine

You need to filter it by criteria it says

here's the command options that im using but the answer isnt correct

can you please gimme any hint

the question asks you for how many services are listening not on localhost

you can see netstat output puts the string localhost in between the addresses

try selecting the services that don't contain that string

which option could I using for that?

ive been using -46 to see the IPV4 only

you are using netstat -l -46 aren't you?

Yes I did

plus, what is the 6 for?

for showing the listening service on IPV6

Looks like the exercise is not interested in ipv6 connections

got it. thank mate

😉

quick question. I've researched a bit on the internet but couldn't find a response. In the academy there's a lesson that shows that you can use /dev/null as a cookie-jar for curl. I thought /dev/null would delete anything sent to it. Hence, wouldn't the cookies be deleted and rendered unavailable for later curl requests??

How many files exist on the system that have the ".log" file extension?
Submit your answer here... How many total packages are installed on the target system?
Stuck on this for a couplke of hours

any help would be appreciated

hello i have a little problem on file tranfers module, i dont know if it is my fault or the machines. but i cannot upload files in windows machine (on windows file transfers section). i tried all the ways and it seems that the windows machine never completes the download

ok it seems that there is a problem with netcat. i used python server and it worked. (sorry for the spam)

You need to look for files with certain extensions. Also, do some search for line counter. There is a command for that in linux, but I do not want to just give you an answer.

What is the htb_student email

?

uhm im doing windows fundamentals operating system structure and i have no idea how to find the contents through the tree command. ||I found the flag.txt but idk how to view the contents so I just searched it on file explorer. How do i figure out the proper way?Or is this the proper way? Can i open the file through the commands?||

Yes, you can use the copy con command, followed by the name of the file you want to open, and it's extension. Like: copy con myfile.txtI know it's not in the module, but it's the way I used at least

thanks!

;D!

Yours xrdp working?

i've got bug called RESOLUTION

so proceed to use remmina

Hi there. I got stuck on this for a while too. You need to look at which system the ".log" files are under. When you have established that it becomes a bit more straight forward. Use the "find" command and narrow your search with ||"-name *.log"||. If you apply the 2>/dev/null it will narrow the error messages (permission denied) and it will give you a list. You can then count that list by applying a (pipe) | and the ||wc -l.|| See how you go

stuck on windows services and processes went through the list of services running but i cant seem to find anything pdf related?

Hi, in the "linux fundamentals" module, in the "system information" section, when I enter the ip address, a page appears where it tells me various information and that the site may be under maintenance, should I just wait?

Hey guys i need some help. I am at the nmap-module and specific in the Nmap Scripting Engine Section.

I tried some things but I dont know where I can get the information I need for the answer.

Question: Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.

my command:
nmap 10.X.X.X -p 80 -sV --script vuln

What the mean exactly with flag ?

the TCP flags or the flags/arguments for my command ?

Flag: HTB{XXXXXXXXXXXx}

I did nc IP -p 80 -nv

(UNKNOWN) [10.X.X.X] 80 (http) open

first find ports and services and then a related script

there are 7 ports open and the hint says "Web servers are among the most attacked services because they are made accessible to users and present a high attack potential." So it must be related to the port 80. I seached in /usr/share/nmap/scripts for http-scripts and tried several regarding apache/http ... I dont get it -.-

Hello im working on the windows fundamentals and i have to find a non standard update service for a question, now the only logical answer seems to be the foxit reader but if I fill in the name "FoxitReaderUpdateService" it says it is incorrrect. Does anybody know if I'm on the right track or what to do for this question?

@undone garden What does the question ask exactly

"Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer."

ok, now let me rephrase it

"Identify one of the non-standard update services running on the host. Submit the full name of the service EXECUTABLE (not the DisplayName) as your answer."

And now you have the last 1% of your correct answer

Ah yes that definetely solved it, thank you!

👍

can someone help me regarding my question?

Have you discovered everything? Try going through all of the IPS/IDS firewall evasion one at time to see what you can find. (also its not port 80 youre looking for)

@silk moon okay I will do

hey i nedd help

to use hack the box

hi guys

in introdiction to web module and html injection content

i write "<button onclick="window.location.href='https://www.malicious.com';">" html injection like this

and its work

but i write to htb cube input

hole site freeze and do not answer

how ironic! in html injection content 😆

"<input type="button" onclick="window.location.href='https://www.malicious.com';" value="Click me" />"

this is my payload

Can someone explain what a "non-standard" directory is ... or is it the name of a certain directory I am looking for. HTB questions are ambigious

Its a directory that isn't installed by default, home is a standard directory

How many bytes in total must be sent before reaching EIP? Can I get some tips, this is the final assessment of this module. I solved this easy in the section about EIP, but now I can't get it when I make pattern it gives me a that message is left for administrator, and inferior 1 process exited normally

Send bigger payloads till itcrashes

Can I dm you for explanation?

There isnt really an explanation. You've not crashed the program. You havent overwritten EIP

by any chance you were able to solve this?

Yep. "Submit the full name of the service executable" I was missing the bloody extension.

Got you, Thanks

After SSH login and password im getting a permission denied error on the Target system

Hi all, Module "Attacking Web Applications with Ffuf" I have tons of questions. First one, section "Parameter Fuzzing - GET", I'm able to find thousands of valid parameters (exit code 200)...how am I soppused to answer the question "Using what you learned in this section, run a parameter fuzzing scan on this page. what is the parameter accepted by this webpage?"??? So, the real quesion is: what have I misunderstood this time about the question?

can someone help me with the POST request question from Web Request Module? I have tried login using guest and intercept its cookie from burpsuite.

i had also observed when login with any account other than guest set-cookie auth is not generated any hint or help would be appreciated. I am stuck on the same question for more than 5hrs now.

you need to make cookie for admin

how can i login without credentail of admin

*credentials

i am using
{ "username" : "admin", "password" : "password" } but output is not showing any cookies

as it is showing when logging in with guest

take a look at that plz

go to mozilla/chrome and "inspect" the cookie
cookies are encoded in base64 may be if you decode it you will see what to do

i am stucked too in the same condition, once that i have the cookie of the guest guest login what i have to do with that?

Hi, I'm on Nmap module in section - service enumeration part. Have been trying to find the flag for 3 days now. Have tried enumerating all services and ports, have a deep read about the services on the network yet I'm not about to get the flag. However, after looking at the scripting engine section it only took me a few seconds to find the flag for that assignment. But I'm stuck on service enumeration, I don't want straight answers just need a clue on the services that is vulnerable or containing the flag or something I am missing. If anyone has finished this part please DM me please. I wanna know what I am doing wrong.

hello?

i need help

Use the method that doesn't include nmap, its in the section as an example

Be more specific

Hi there, I'm working my way through the Introduction to Web Applications module and have hit an issue with the question on HTML injection. My intended solution works using just basic HTML but it's apparently not what the author intended. Can anyone give me a nudge torward the correct answer? I can provide my answer if it helps but trying to avoid spoiling it for others.

Hi, question about the Web Request " Login with the credentials guest / guest and try to get to admin." I have the admin cookie, I have the message that said "Welcome, admin_...." I just don't know what is the answer to get the cubes xD. I tried the cookie, the admin_... nothing work.

@earnest glacier @peak juniper cookie are encoded in Base64 😉

@opal burrow yeah you have to sub the admin cookie

This did not work for me, updates and upgrades kept crashing my instance. I had to use the mycli command instead of mysql

Edit: I had to install it first:
sudo apt-get update
sudo apt-get install mycli

Os!

@rugged oak and for some reason it didnt work...

Have you figured it out yet

well I have the admin cookie, I have the page that said Welcome, admin bla bla bla instead of guest bla bla bla

how?

did you get the guest cookie ?

yes

and you know, cookie are encoded in base64

yes

so what you should do from there

you need to find the secret

howw

o i got it

I'm doing the same assignment as you guys. But when I follow the lesson, I get login failed using admin:password as credentials. Guest:guest works fine.....

hey guys how do i get started......

The whole point is to find the vulnerable path with the credentials that are given in the question.

Yes, the question. I get that. But I'm just trying to follow along on the lesson leading up the question. 🙂 But I see your point..... I can't do that on the spawned machine, if that's the target of the question... doh... my bad 😆

Am I going crazy or is the Truth diagram on Subverting Query Logic from the SQL Injection Fundamentals module incorrect for
SELECT * FROM logins WHERE username='notAdmin' OR '1'='1' AND password = 'something'

Doesen't False OR False = False?

Also on the Subverting Query Logic page, I'm having trouble with the question. I can get admin login, but not tom. Can someone give me a private nudge? I can show you what I'm using.

Edit, had to read the next section to get this one. Is there a way to do it without using ||comments||?

anyone able to offer any clues on Skills Assessment, Java Deobfuscation?

specifically As you may have noticed, the JavaScript code is obfuscated. Try applying the skills you learned in this module to deobfuscate the code, and retrieve the 'flag' variable. I cannot seem to figure out what the question wants - I can see a flag but it won't accept my input

Thanks Ramzey XD

Sorry to ask, but I just figured out the POST Method through Web Requests and decrypted the Cookie auth base 64 and got into the admin dashboard, but all I'm presented with is a "Welcome, i٢!" . When putting in the administrator name I am told that my response is incorrect, did I screw up or is there more to look for?

Wait no, figured it out

Had to convert the cookie back to base 64

Now I need to figure out what to do with the flag.

hang it

Lmao

looool

So far, I have enumerated all services and ports, dovecot, samba, apache and open-ssh. I could communicate with dovecot services but need credentials to proceed with dovecot imap, pop3 protocols. With samba, I was able to interact with the service but could not find any files on the target system besides IPC and Printers. That also didn't yield any results. I enumerated the apache services and found nothing as well, for Open-SSH, I know I may need credentials in order to authentictae. So if you say, I should try the example in the section with tcpdump example what services, are we targeting specifically! I hate to get straight answers, give me a hint. Maybe with the service containing the flag and I will dig a little bit about it further my exploit. Thank you.

i just did that and i got it to work somehow lmao no idea how that worked but ill take a win when i get one 😆

really stuck on the POST Method exercise. I literally changed the cookie with the appropriate one but still keep getting failed...am I not using the right creds? I'm truly lost

I even changed the referrer...location, etc

yeah I didn't even get a flag despite doing all of the above. That's the frustrating part ugh

OMG THANK YOU! uuggggh that was so irritating

Flag isn't the answer btw

Now we are in the same boat 👍

take the exclamation mark off

If that works, I'll feel extremely retarded...

we'd be legit equal then cause I felt like the dumbest person in the world for that

I'm such an idiot I had the flag this whole time, thank you.

no problem fam, you helped me, I helped you. Who says 2 idiots can't win together lol

you're using search.php, if i recall correctly try using the file that it's asking you to search in

Thanks MisterHyde125. I'll try the flag request. Appreciate the tip. I think HTB need to rephrase their questions somewhat ??

I just finished that one today, I know what you mean haha

OMG -I'm still drawing blanks. HTB throw obscure questions out and expect you to decrypt the question and then reverse engineer an answer. It could be made so much better with some clear terminology. - urgh frustrated

in filter contents section of linux fundamentals the 2nd question is, "Determine what user the ProFTPd server is running under. Submit the username as the answer." ive gone back through the path and to all the different sections and cant seem to find a way to answer this question . am i missing something? under what section should i start with to answer this question (as im fairly certain i will have too use multiple tools and such learned so far in this path to get the correct answer

@bronze plume proftp is a service. Check the thing thst lets you view whats running. Then work out how to view which user it is running as

Look at the ps command

returns user htb-stu+ blah blah blah (proftpd accepting connections) but htb-student is incorrect answer

I feel like I've run these commands 1000 times with the essentially same output every time and still nothing seems to work is my input wrong am wrong, is there something I'm not understanding in the question is my syntax wrong about to pull my hair out on this one lol it's been a full 24hrs on this one question

Deleted command as it is basically gives you the answer

so it's the correct syntax but I am inputting the answer wrong?

No you are submitting the wrong answer

You are submitting the answer for the process you are running to find the user running as proftp

I'm not getting anything from the response tab like I'm supposed to.

I can't even find any help in searches.

because you need to click on the "send" button

I did

Wait

That's the wrong send button....

My stupidity gets me again 🤦‍♂️

I'm getting code 200: ok

Instead of 302 found

And admin:password won't work as a login

because you haven't read the question

The question is login as guest/guest and try to gain admin

That's what I've been trying to do

huzzah! you have credentials

use them

??

I've been trying to

admin:password is not the credentials that you must use

don't follow 1:1 the tutorial

but rather think

Wait...

Hi ! Anyone to help with last LFI exercice please ?

I'm not getting a content type from my raw proxy i can eddit

Dm me

I even tried to eddit it in to the page request.

I still get a 400 erroor

Error

Oh wait

I was supposed to edit it in

But still a 400 error

I have the same struggle. I don't really get it. If I log in using guest:guest, I receive a cookie, I get that much, but from there on, having the lesson in mind.... I'm pretty lost.... 😳 Been at it for 2 days now.....

decode the cookie

figure out what the relationship is between the cookie and the value you see printed on the screen when you login

then play around with the cookie and see what happens

then think how that can be used to achieve the aim

start thinking critically and piecing information together. Make a hypothesis then test it.