#modules

Nevermind, i was just stupid as fk, i got it

hey guys ,
Which shell is specified for the htb-student user?
in linux fundamental
what's the command should i use ?

If you go through the sections you'll learn how to find users with shells. At this moment, it will be confusing, so try going through the sections and later you will be able to figure it out easily.

do you prefer learning linux command's before anythig ?

No, what I suggest is, if you can't figure out the answer for the assignment "which shell is specified for htb-student user" - just go through the sections and you will get the answer. However, the answer to the question is very simple but you must understand how to find users on target system then you will know what shells are set to each user.

Ok i'll try it , thank you

I am getting this error when trying to connect windows machine from terminal. Working on windows fundamentals module. Kindly guide me where I am going wrong

Are you connected to the vpn?

i cannot connect to VPN it is giving me error

Imodified the cookie, it showed me on the portal instead of Welcome guest the Welcome admin but if post the cookie value with or without encoded it does nto accept it as being good. In what format should it be posted ?

run openvpn with sudo

I dont understand what you mean

I modified the cookie so I see welcome admin_ , now i do not know what i need to submit as answer. I tried the encoded cookie value, without encoding . all submissions are returned error

When logged in as admin.properly it will give you a flag

ok then i am on the wrong path 😦

Hi guys, I am on Java Deobfuscation skills assessment final question. I've decoded the key and done a post request but I just get a 404 error

must be doing something wrong

@waxen escarp you are close

admin_ is not the same as admin

also no luck prabbly thats the reasonit provides 2cubes 🙂

STUCK - PUT/DELETE for some odd reason I'm not even able to DELETE the files let alone get the flag. I'm using the following string (after like literally 10 other options) <?='cat /flag.txt';?> can someone please help?

The server you spawned, is it still up?

yep

can you do a curl <ip-address> ?

and use the GET method there?

If you fx write curl -X OPTIONS ip:port that will return the options you have on the server. One of those should be POST

Also, if you have a look at curl --help, you should note the -T option.

so I did the above and still nothing. I made a bunch of flags lol the one I'm trying to get I'm using curl ip:port/flag8.php, press enter I gots nothing champ

Ok. So you made a file called flag8.php having only the string <?='cat /flag.txt';?> in it?

I did it like the tutorial. I posted several times and changed the name of the file I was posting

But I'm going to try creating a file and do it via curl

is there a space btw cat and /

The question says "Create a file named....", so do that. And yes to space between cat and /

@ashen hinge there is a difference between backticks and quotemarks

` vs '

ah, thanks it didn't even register in my mind

Thanks @visual spade and @tough fjord I winded up getting it. It was the back ticks that got me

hey everyone, I am trying to ssh in as another user, can I use the spawned target if the username isn't working? or should I add the user and password first?

im trying to find the kernal version for a different host btw

Hi! help/guidance with the POST Method, I'm stuck exactly after we get the cookie from guest user

Hi Hackers! I am stuck in INTRODUCTION TO WEB APPLICATIONS/HTML INJECTION the payload works but in the answer it does not accept the HTML coding. Is there anyone who can help me?

@supple cosmos check this message and the message below for help

nevermind I figured it out lol

thank you!

So we need to modify the cookie in plain text or in based64? I'm confused in that part. Thanks by the way

base64 - hint it tells you in the lesson (that sounds more snarky than it is intended) np

Kinda stuck. Trying to find the password for SQLI with PHP. It's asking me to check the imported page due to $conn is not defined. Not sure how to go about this. I am able to see the php/html code after running the union select query.

Disregard. I figured it out.

anyone got a second to help me with the nmap module, specifically the NSE section?

did you figure this out?

did you figure this out? I can help with service enumeration

Anyone have a moment to assist me with the SQLI fundamentals in the PHP webshells section? Not quite sure what to do.

Help me to solve determine what user the proftpd server running under in content filtering session

Any help bro

Linux fundamental

Have a look at the ps command and its options

I found the answer

Thanks bro

I'm doing the last assesment on the Login brute forcing. The question states 'As you now have the name of an employee...' but the thing is I don't have the name of an employee and when I go to the adress for the target machine its down. Triee scanning with a browser, then nmap and getting it with cURL. 8t says its down and I've reset the target box 3 times Am I misunderstanding something?

@topaz granite you do have a name from your previous brute force attack on the web page!

Thanks! oh dear, in that case I dont. I did that yesterday and didn't think the two assessments were related so didn't write it down. I remember the password not the username. Better redo it. Thanks for clarifying 😊

How do I ssh into htb?

ssh username@ip

the same way you ssh into anything

Its only giving me the login credentials

man ssh

click the link to launch the instance and get the ip

Thank you I didnt realize I also had to spawn a target

I am stuck at a question at linux fundamentals:
What is the path to the htb-student's mail?

Hey guys, I'm kinda new on the HTB Academy and got stuck on the first lesson in Linux (System Information). The question is "Find out the machine hardware name and submit it as the answer." And the only clue above it I have is - SSH to 10.129.133.65 with user "htb-student" and password "HTB_@cademy_stdnt!". What do I do with this?

ssh into the target

Aha, and hypothetically - how would one do that? 😄

Actually, where? In the Workstation?

spawn the target and spawn your pwnbox instance

Kinda stuck on writing files for SQLI fundamentals. It's asking me to find the flag using a webshell. I can create the webshell but not sure where to go from there. I know the shell works due to ?0=id pulls up information. Any suggestions would be helpful.

But where do I enter these credentials ("htb-student" and password "HTB_@cademy_stdnt!") in order to start diagnosing the "htb-student"?

in a couple of comments above you will find the necessary command

Found it, thank you so much dpgg!

@rustic sage make sure you do the intro to academy module. It will explain much of this

Found a debian-10.3.flag file but not sure if that is it. Can't open the file either.

I am stuck at a question at linux fundamentals:
What is the path to the htb-student's mail?

Nvm figured it out.

Help me for how to filter all unique path of the domain ??

Linux fundamentals

Content filtering session

😳

I didn’t see fully

Hi hackers! I have already finished the Introduction to web applications module but I am still stuck in HTML injection if someone can give me a hand I would appreciate it, the payload works perfectly but when I put it in response it gives me an error. Thanks in advance for the help that you can give.

For Windows Fundamentals, somebody has a hint to get the SID of bob.smith?

I used google to point me to the microsoft docs

Where I found the syntax/command

Hey guys, I have gotten stuck on Windows Fundamentals > Windows Services and Processes. It says to "Identify one of the non-standard update services running on the host." I have tried every running service that was listed but nothing seems to work can anyone help?

Try to separate them, e.g. standard you know and non-standard

thats the thing I don't know which is which

You can use google

I tried googling there was nothing that helped me

Take a break then, it helps

I have this is my 3rd day attempting

Sorry not trying to shoot down your suggestions but I have tried a lot of various things except hopping on here for help

The hint is self-explanatory

Yes but looking at all the running services there was nothing related to what the hint said

There is

can I message you a question about the command im using

You can use the Task Manager if the powershell is too complicated for you

Thats not what I asked but oko

Lol

task manager doesnt help either btw

Hello guys. Got stuck on Linux fundamentals here module File descriptors. How many files exist on the system with the .log extension?

I tried locate *.log | wc -l

Which gave the answer 24 files but its not the correct one I guess....

Try to use the find command. In the find command you need to specify the name you are searching for similar to what you have already stated and don't forget to narrow the scope of the search by filtering the errors. You are almost there KoelhoSec - just need to add some more commands to your search.

Nice it worked I had to cd to / and then did the 2>dev/null

Good work. The 2>dev/null command narrows the search and gives you what you're looking for. Happy it worked for you. 🙂

I'm working on Web Applications and trying to access the website from the Parrot terminal however I keep getting URL not found. Is there a problem with it or am I doing something wrong

What I am liking about this KTB is that they make you google and learn new stuff while you do it is really hands on go out there and figure out on your own. Im liking it so far

*HTB

I'm still not having luck with intercepting stuff with BURP suite. I have tried to enable the proxy but I keep getting error messages. Any help would be appreciated

@rustic sage watch some videos on burp they might help you

👍

Hey Guys, I am so excited to start my journey in hackthebox! I have minimal experience with Linux and have been working in IT for about 3 years now. I was just wondering how much should I grind on HackThebox and other resources to really grasp the knowledge. Thank you!!

hello guys im new here

Hello guys, i am stuck in the "linux fundamentals" module,i am unable to get 'What is the path to the htb-student's mail?' does anyone know please help me

if i use env will i get it?

@vague sonnet hey 😉
i am new here but completed this last week. i dont know if this the best help but i want to try it.
you can list the tree from "/" and try to search (function for search in command line for example: find, locate, findstr) for "mail". if you do this you should find the path fast i will mean. hope its helpfull ! 😉

Hi everyone can someone please help my I'm stuck on the Linux fundamentals the question is "what kernel version is on the system?(format: 1.22.3) I've tried the uname command in different ways to get the kernel version but when I enter the version it says it's incorrect am I just not understanding the question or what cause I'm serious stuck Google hasn't been very helpful thus far so yeah?

make sure that you have ssh'ed in to the target

and use the examples in the section

Thank you so much

hellow

Hi, from what I understand in cybersecurity you never stop studying / learning so there are no study limits because you always have to be updating.
Are you already at Hack the box Academy?

Play with the lesson commands there is the answer to that section. Good luck!👍

hello. I'm stuck and I think its cause I don't exactly know what I'm looking for. (to be clear im not looking for solutions, just some clarity) I have to find a non-standard directory in the c drive. with the info I got from google I assumed I was looking for key words like "lost&Found" "CD/Rom" or "Run" now i think i just dont fully understand what its asking me to find. can anyone offer me some clarity? (Windows Fundamentals )

None standard as in not present by default in windows iirc.

THANK YOU! I was over complicating this for myself. I appreciate the reply.

No problem. Happy hacking!

🙂

Thanks Degabyte! Yes, I am in hackthebox, INE ( for learning purposes and certifications), and trying to get more involved in different events like capture the flag. I guess my question goes more towards how many hours should I put in hackthebox until my brain is fried. I have created an account but havent done much yet.

SOLVED! If anyone have problem typing the special characters such as " ` " , the special-characters.txt file has all of them.

Just use lower case for the text

Hi can you help me with PUT method in WEB request?.. I think i have your same problem: i create the follow command:
spoiler
||curl -X PUT -d '<?=`cat /flag.txt`;?>' http://64.227.43.192:32406/flag.php -vv||

but the only answer is:
<?= cat /flag.txt?>

The back ticks like the person who helped me said

I tryied also creating file with BURP, changing the file with <?php ....

backtick inplace of '?

` not '

And....that's not how you do it burp

||curl -X PUT -d <?=`cat /flag.txt`;?> http://64.227.43.192:32406/flag.php -vv||

in this way you mean?

Give me a sec to show screenshot

Or actually, if you look on the example for hello.txt replace hello.txt.
And at the bottom of that same request where it says "hello world " insert that cat code.

i send it to private chat

hack for roblox??

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

I have Foxit Reader Update Service as my answer

but it refuses to accept it

did you add ".exe" at the end and write it all in one word?

well i ran get-service -Displayname "<display name>"

it didnt print the whole thing since it was too long

so there is a .exe at the end right?

i'll try that

it worked

yay

do u have any advice on how do fix this?

https://social.technet.microsoft.com/Forums/scriptcenter/en-US/6ad142a6-e270-478c-b02c-65ae2d3fa7db/preventing-cutoff-getting-full-output-from-powershell
this may help

thank you

i'll try it

hmm it didnt work

https://mcsaguru.com/how-to-fix-truncated-powershell-output/ perhaps this then, if not, try looking it up

ok i have looked it up and have not found anything good

i will try the link u just sent

@tropic cove The challenge says service executable

hey guys, for the network enumeration with nmap starter module, the service enumeration has a working example on a target with smtp enabled. My spawned target does not have the same services as the example. Is this normal?

@ocean hound yes, they're examples how of command outputs/results for you to adapt to the target environment to complete

Hi I’m an idiot, I’ve never done any real training or coding or programming but I was bored so I decided I’d take this course, I’ve completed the post method and put and delete methods in the academy training but I can’t figure out GET method, I know it’s not hard I’m almost there but it was never explained what a flag.php is, I’ve looked everywhere and I don’t know how to send a request to that, and also am not sure where to find the parameter numbers 🤷🏻‍♂️ if anyone wants to send me a message that would be cool, I think it’s because originally the site was supposed to block me out, but I didn’t use Burp right away because I knew how to log In using admin:password, then after setting up Burp I tried to complete the last steps of getting the parameter and sending theGET but I’m lost

@silent bobcat flag.php is a PHP file used to run code and display a more dynamic style of html, to access it on a webserver just put it in the address bar
eg. instead of http://some.website/index.html use http://some.website/flag.php

You then use burp to modify the html headers for GET and the get variables the course describes

Thank you very much!! It’s been like 40 minutes and the module is mocking me 😂

I very much appreciate you

It's fine, I've cooked my noodle a few times since I started, looking for a more complex answer than the one actually required 🤦‍♂️

Absolutely, especially in this program, I was applying cUrl methods and Get method is way before that so i don’t really know what I was doing 😂 everything and anything except what I was supposed to do I guess

Can someone give me more hint on the windows services & processes question?
The question: identify one of the non standard update services running on the host

Is there anyone can help me about Linux fundamentals?

omg this is my first day of discord.This is kinda complex

not particularly. Most of the server is closed to the public and only available for verified members

Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080 (use the short argument to specify the port number). can anyone please tell me how to do it

not without giving the answer

look at the http server module in npm. then look at how to launch a webserver on port 8080.

then give the command to do that

i don't know bro how to look for the server module can you tell me more

google

npm http web server module

Thanks👍

Could anyone help me on PUT and DELETE section, ||I’m on the part where I need to get the flag, I’ve made the flag.php and inserted the cat command, but when I look at it, I only get <?=cat /flag.txt;?> ||

Try to formulate a question on the method rather seeking for the answer

I’m not sure I follow.

Nevermind, I just had re-read what you said

Thank you.

Backticks vs quote marks

Hi, I´m on the Module "Web Requests" and trying to setting up a Burp Suite. But, I get the error message that the Burp Suite Community Edition server is closed: http://206.189.25.23:30147/ . Can anyone help me, either with an other server adresse or restart the server? Thank you!

I would really appreciate any pointers in PUT and DELETE section in Web Requests: I created the file flag.php and made sure that backticks and spaces are in proper places as suggested by others but I just get back the code in the php file.

how do i list all lines in a text file that contain the same word using grep?

so that i can use | uniq -c after

@atomic light You can just put the pattern you are searching after grep. Make sure to put quotes around it if there are spaces, quotation marks or regex in it.

i dont know how to make a pattern for grep since a password can be any pattern

i need to find the most common used line in a text file

some how grep needs to display only lines that are similar so cant be unique lines

IPS and IDS evasion medium lab, anybody who has completed this assignment. Do I need VPS in other to scan for service versions of installed application on the network.... In section "Firewall and IDS/IPS Evasion", the author explains a scenario whereby, individual subnets would not have access to the server's specific services. So we can manually specify the source IP address (-S) to test if we get better results with this one.

I have tried scanning the network with some of the methods listed in the section, my scan hasn't been fruitful so far, I'm wondering perhaps the IP assigned to the pawnbox would is not allowed to access specific services and I might need VPS. Anybody who have completed this assignment, I just need your advise if I am gonna need a VPS to scan the network in order to find additional info to complete the lab. Thank you in advance.

Lastly, someone please send me an invite to discord channel. Easy-modules, medium-modules, hard-modules, or perhaps there is a way to join without invites please share.

hey im kinda of noob learning Linux on the Linux fundamentals but im having problems with the question of finding a units name... I searched on the internet and asked on the forum with no answers. Please help

What is the question?

I cant find the units name i used the systemctl --type=service and a bunch of other commands but it always said wrong i even used the hint and it was --type=<type>

Also i apolagise for my bad grammar if u cant read my messages properly

Inbox me the question

Sent it

i solved my problem

Hello, I'm in the put and delete section of the Web Requests module, I was wondering why sending an OPTIONS request through the repeater doesn't return the Allow header, but just an 200 OK with no extra info. And also, when I create the flag.php, it doesn't let me delete it nor gives me the answer as i request it with GET. Is the repeater not the appropiate way of doing it?

Just figured out I have to change the target to the target's IP and port, perhaps that will solve it...

Hello

for the linux Openssh

we i do the command

systemctl status ssh they ask me for a password

but i don't know what is the password

I have a problem. How to start a server with npm on port 8080?

Estou com um problema. Como iniciar um servidor com npm na porta 8080?

Snoopy I had to google how to run a basic http server and just put that command as the answer because I was not able to install anything since I was not in the sudoers file or something.

Snoopy here you wil find the solution for your problem https://www.npmjs.com/package/http-server

Greetings all! Newbie here going through the HTB academy. I am doing the Linux fundamentals, noticing on the package management portion that some things I didn't have permission to get or they were missing. Is this just do to the fact that they maybe outdated?

Well, you do not have permission to open every file. The resources that you're gonna work with are gonna be discussed in the module.

So was it more of a demonstration of what could be done rather than actually grabbing the packages they were talking about?

Were you able to solve it? If so, can you help me with that? I am stuck.

can someone help me out with the exercise included in thepost module in web requests? I've been trying everything for the past half hour and I can't find the solution

I've tried both SQL injection and the cookies thing which is in the text and referred to by the hint

nope, I'll notify you when I do

Lol I am in the same spot, I get a jquery response when I repeat the request but i have no clue what to do

@bitter turret @rustic sage best advice I can give for the POST method is: login as guest and gain your way up to admin by manipulating the cookie, there is actually no need to use the json stuff mentioned in the section, nor the SQL injection

so I have the guest cookie

how does that help me get the admin cookie?

aside from just brute-forcing values for it

the solution is pretty specific, I will say this: ||"try to look like you are the admin loggin in"||

If you still can't solve it after trying and thinking about what I just said, you can dm me

Sounds good 👍 , thanks for your time @harsh pine

Glad to help :)

how can i find the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

the answer is in your lesson! You just need to adapt the command to your task

But if you need a more in depth look, try here : https://ostechnix.com/find-files-bigger-smaller-x-size-linux/

i try this but there are hundreds of results

Do you need to search the entire system for config files?

i forgot where does the challenge tell you to search!.

'try the different utilities and find everything related to the netcat / nc tool'

it's just written like that

How do I do a get with num1 and num2 that the sum is 1337?
I'm a beginner.

Como que eu faço para fazer um get com num1 e num2 que a soma é 1337?
Sou iniciante

@bold herald What are the first two numbers that come to you mind which their sum is 1337?

668 other 669

Ok, you thought of a half value simmetric approach

Something else which involves nice round numbers?

I'm using a translator. I do not know English very well

could any one help i am new to linux

Then its time to learn linux.

i am stuck on the linux fundamentals

If u are stuck on a specific question then ask your doubts on the specific question here.. People who have done may be able to help ya. And if u are just struggling to work with linux as u are not familiar with it then there are a lot of resources on google which could help learn linux.

Problem is. What parameter do I use via get?

thanks

overthewire's bandit is a good resource to start with linux. have a look at it.

thanks

Thanks indeed

I put the server IP into /etc/hosts as admin.academy.htb but when i opened it, only white screen shown. Why so?

Hi Guys! I am still stuck in HTML injection if someone can give me a hand I would appreciate it, the payload works perfectly but when I put it in response it gives me an error. Thanks in advance for the help that you can give.

Any one completed SQL fundamentals

Hello, can anyone help me with the Web Requests module ? the guest/guest credentials are good, but when I try to log as admin (admin/password) it doesn't work..?

Hi, I dont know anything about hacking.

@pine sleet Have you checked Burp?

Got it 😉

Thanks very much

But now my instance is dead and I can't reboot it

I'll do it thru VM I suppose

How? I still can't log in with admin/password

You can extend your pwnbox

How do you check the console? sorry lol

@craggy kettle you must first check Burp and see the result of connecting with guest/guest

After you figure it out what's in there, you can connect with admin

I won't say too much but you don't need admin's pass, it's all about the cookies

So I got ||guest_(code)|| so I tried replace it with ||admin_(code)|| but no luck

nvm i got it

||there are many guests but only one admin, catch my drift ?||

Got it Thanks

Got It if anyone needs help just DM Me

Anyone can help with PUT / DELETE section in Web Requests? I creates the file and made sure backticks and spaces in place but I get back the code when i request flag.php.

I'm stuck on Linux Fundamentals, specifically "Working with Web Services."

The issue is after I ssh into the target, it won't let me install the apache2 server as my account isn't in the sudoers list.

Can anyone shed some light on how to get past this?

You don't need to install apache for that section.

You just need to use two installed packages

Oh really? I assumed to answer the question* you would need to do that first.

*Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080 (use the short argument to specify the port number)."

The keywords here are npm and php

Ok thanks for the heads up. I'll change my approach.

hi everyone, why can't I spawn a target system?

I can't do it, either

I can't even start an Instance right now.

same here

is there an admin here which can help?

Same here

Does it matter that I can't even connect to localhost?

I am also unable to start an instance currently. Trying to knock out the Linux fundamentals which I have been thoroughly enjoying thus far.

Nope. You are looking for something along the lines of || python3 -m http.server ||

Can someone guide on POST module of Web Request? I don't quite get the requirement / format of the answer.

If I understand your question right, guest / guest means the username is guest and the password is guest, too.

@frosty grail as @rustic sage said, use guest as user and guest as password. Intercept the server's response, see what you get, analyze the response, then try to login as admin!

I keep getting this error "There are no available instances. " whenever I try to start up an instance. Any ideas?

same thing here

anyone?

Same

00#

?

Any idea to escalation ?? Video or similar

No need for a video on that Burp Intercept. You just need to try and sent the guest/guest credentials to the server and see it s response, then analyze it. You will figure it out .

Yeaaah you put Get method when stay on the admin panel and after introduce a code . Json?? I don't understand this part the hint say the cookies but i don, t now

in the web requests module, im not getting an http response in burp suite, anyone got a clue?

ip: 206.189.25.23:30147

only getting the http request then nothing appears after forwarding

never

mind

actually

yeah

still no reponses

and yes i have intercept responses enabled

I can't connect to script kiddie box

I downloaded the VPN from the release of the box. Connected to it. Spawned the box. But it says problem loading!

What am I doing wrong?

WEB REQUESTS ----> PUT and DELETE Methods

I can successfully PUT the "flag.php" file in the website but when I go and GET it (which should return me the flag) it doesn't actually return me the flag. It either freezes completely (both on burp and on the browser) or just spits me back the raw content I inserted in the file itself. I feel like there's something wrong with the way i'm inserting the content but i'm literally just copy pastying it from the website, i can't see what's going wrong. Pls help before i throw the PC out of the window lol

I have exactly the same problem ! probably something we're doing wrong

Hi, some hints please?
Context -> File Inclusion last test "Skills Assessment - File Inclusion/Directory Traversal"
Spoiler
Found/retrieved
-- Source code of the following pages index.php, welcome.php and main.php + the source of the admin index, ||using the php filter thing||
-- no access the to ||/etc/passwd file|| 😦
Now searching for a way to list the files in the root to be able to find the flag.

So i'm stuck, tried --but possibly wrong-- the ||data://, php://input (with post data etc)||

@pine sleet if you find out what's wrong feel free to hit me up xD

@outer otter You too 😂

anyone can help me? I'm stuck.....
If you wanted to inject a malicious link to "www.malicious.com", and have the clickable text read 'Click Me', how would you do that?
I tried multiple format and no one works....

@pine sleet @outer otter Had the same problem yesterday tried everything and the end I just moved to another module xd

@craggy kettle i did the same now but i'm gonna have a seizure if i don't see the green bar full xD

Ikr I just want my 2 cubes lol

@outer otter @craggy kettle same I need that green bar 😂

In Linux fundamentals what is hardware name?

I tried Linux but it's not working 🤔

Try using uname options

What is the path to htb-student's home directory?,,,i tryed "pwd"...."/"...."cd ~"....nothings works ....can u please , guys help me ?

@peak raptor .....and i used all options on "uname "

ssh <ip> -l htb-student

It's not working. I tried uname , uname -a, uname -s 😕

ok then ...so is an imposible question ....how can an super/mega nob as me can unswer?

Can someone help me on Web requests GET Method. I really dont know what parameters they mean and the 1000 and 337 i tryed aswell

imagine it's a login and a password 🙂

why can i not post images

also

are the servers down or what

i cant submit any answers

actually, i can submit any answer and it gives me "incorrect answer" but the one i think is correct, the submit button just holds

im referring to PUT and DELETE methods in the web requests module

answer which i think is correct: ||<?=cat /flag.txt;?>||

bro it's literally wrote in the question, read very carefully and check the cheatsheet 😛

@outer otter ...bro ....can you (or anyoane )help me with the unswer on the question " What is the path to htb-student's home directory?".....I tryed so many things ..have hours and still cant do it ..starting to be exagetared annoying

I do think after few hours ...to be able to find somewere the unswer (I understant ...I am very stupid) ..but still

I dmed you @craggy mountain I will help you work through it.

There's a comment in the first index page which leads to the admin page. From there I'm stuck as well (for the moment).

Next things to try (for me)
-try to access ngnix log file and use log file poisoning if this works ==> works, ||but ensure to include enough ../, the next step was logfile poisoning|| via ||the agent||

• if not try something else 😊

BTW, you can use the ulr with the filter in burp (intruder), owasp zap or fuzz to find out all other pages (eg: main etc)

Greetz & good hunt!

I'm having an issue with HTML Injection in the Intro to Web Apps module (Insert hyperlink that reads "Click Me" but leads to "www.malicious.com". I'm using a very basic href command, and it WORKS in the test box but it keeps telling my answer is incorrect. I'm inserting "<a href="http://www.malicious.com">Click Me</a>" as the username.

@twilit wyvern I found the solution.... after all , was very simple... <//a href="www.malicious.com">Click Me</a//> just remove //

I guess /home/student ?

SQL funadmental challenge anyone?

Cant upload a shell anywhere

I could have sworn that was the first thing I tried. Apparently not though! Thanks!

check the examples in the same page, is clear... check the number columns maybe is your issue.

Hello, for the working with web services in the Linux module when i try to do apt install apache -y they told me no and if i try with sudo they told me taht i don't have access and that it will be reported. And also i don't get it with npm, like i've tried website like stack overflow, etc.. but don't now how to start the simple hhtp server

You should use a package installed with npm ||and the solution doesn't involve npm in itself||. php has its own server option. Simple googling would reveal it

Stack-Based Buffer Overflow on Linux x86 I am trying to get the flag. I have an exploit that will give me a reverse shell in gdb but when I pipe the python code into the binary it gives me a seg error. Any help?

hi can someone help me i am stuck at the first question on Linux fundamentals

sure what do u need

do u want to do dm or can we do it here

i dont care

bruh

ok what is the question

try "uname -a"

hardware name is usually x86_64 or x64 or x32

look for that

if you dont understand some stuff do some research

if u are still suck then you can ask here

i did not get that

Haii
Linux fundamentals , system information question how to find tha answer
How to do it with ssh

are you on the first question on Linux fundamentals

whats the question?

What is the path to htb-student's home directory

I assume /home/student

Yes

how do you find the path

but you can check by doing cd .

cd /

or pwd

pwd (print working directory)

cd / brings you to the core of the computer

or if that does not work

find / -type d -name "student" 2>/dev/null

type for directory name for name 2>/dev/null for permission

Haii
Linux fundamentals , system information question how to find tha answer
How to do it with ssh

did my answer help?

whats the question? @tame ermine

i am stuck on number two

what the questino

@tropic cove which modules did you finish?

it's What is the path to htb-student's home directory

i am halfway through the linux undamentals

oh oh

okok

home/htb-student

gobi are you born in 2003

?

how do you get it

pwd

ok im going to bed now

System information
Machine hardware name question how to find

uname -m

uname -m

No 1997

awhhh Im 2003

Oo iam college student

nice!

did uname -m work>

How to find answer

work?

uname -a | shows all machine info

uname -m | should show machine hardware

that dose not work

copy and paste the question

The answer not working

plz

What is the path to htb-student's home directory?

/home/htb-student/

Find out the mission hardware name and submit it as the answer?

i tried pwd it said it home/user

instead

oh cuz u in that dir

but it wants a different one

you can see by doing cd /home

then doing ls

@tame ermine does hostname give the right answer

maybe the kernel?

No bro

hmm I dont wanna waste the cubes lol

hi try x86_64

Can anyone help me with the POST request module? I feel like I'm missing something. I've gotten the session cookie and modified it to read as Admin, but I still can't find the answer to the question.

you put uname -a

yea sure @tame rampart

web requests?

It's the POST Method module.

oh thats the worst one

I completed it

let me review for a sec

It doesn't look like the screenshots.

I know

i still cant find what find the answer for What is the path to htb-student's home directory?

But, I feel like I'm working my way around that, until I hit the question at the end. What am I looking to do once I get that cookie?

@tame rampart I know the answer

the cookie is just b64 encoded username

decode the base64 cookie and see and make sure it says guest

Okay. I've done that. Where do I go from there? So far, I've tried to swap "guest" for "admin." That didn't change anything but the name on the site.

and that didnt give you the flag?

can you help me

#JD

@tame rampart go here https://www.reddit.com/r/hackthebox/comments/jzefz8/post_method_issue_help/

they will explain it better

as for everyone else I gotta do my thing sorry 😦

Thank you! I'll give it look.

doing the linux module but been stuck on this anyone help please?
Which option needs to be set to lock a user account using the "usermod" command? (long version of the option)

i tried sudo usermod --L and sudo usermod -L and sudo usermod --L** but nothing is working

i think you are missing this
(long version of the option)

the thing is i dont know what the long version i cant find anything online

There is.. tweak your googling terms perhaps.

again im still a newb so a bit of help maybe?

tbh i have not done this module.. so i cant help.. just bcoz u asked the question and showed what u have done i thought u might be missing the long version..

but try reading the manual of usermod

that might contain the full version of the option

is it in the linux manual?

man usermod

alright thank you!

Download the file flag.txt from the web root using wget from the Pwnbox. Submit the contents of the file as your answer. I'm stuck on this one. So, where is the web root in Windows 10?

Hello guys. I have been stuck for a while at the web requests GET excercise and I don't understand what I am supposed to do, what does flag mean?. I have entered every possible answer and all are incorrect. Also burp makes me press forward a thousand times for some firefox requests. Can somebody help?

It is my first time doing any of this. I am a complete beginer

So you got any progress 😄 ?

Dear HackTheBox academy

I need to say, your instances aren´t working properly.
I need to use burp, but wen i switch and going to hack site, site won´t load.
I was happy when i found this academy, but it is now useless.
You should FIX this

Thanks
Adduck

You understand that you have to adjust the proxy via the foxyproxy addon in the browser?

The goal is to proxy the web request to burp for you to examine them

#774038216239349820 message

https://portswigger.net/burp/documentation/desktop/tools/proxy/intercept

big oof

https://tenor.com/view/hide-the-pain-harold-gif-10576512

quick question

this is the question

Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080 (use the short argument to specify the port number).

and my answer was npx http-server localhost -p 8080

yet its still wrong

why do you use npx?

isnt it the same as NPM

?

when i tried tho in the vm it worked

do you really need to use a package manager to start a webserver?

well i was learning from the module as thats what it required

haha

i normally use apache2 or python3

the module didn't tell you to do it like that 😄

Find a way to start a simple HTTP server using "npm".

no?

im still a noob at this dont get angry at me haha still learning

np at all, make sure you understand what npm is used for and if you really need to add "npm" at the beginning of your command

ah okay from a quick search of google npm is is a tool that use to install packages. Npx is a tool that use to execute packages.

i found the solution its the same but without the npx at the start

Hello everyone! I have some troubles on the POST Method exercise. It seems that I cannot access to the admin panel through the username: admin password: password. The login failed each time... Do you know if it is normal?

whats the command your writting ? @amber crystal

Actually I'm just trying to follow the beginning of the lesson before even turning on Burp.

oh then i cant help you much haha

Haha np I just wanted to know if there was a bug or something that is known. Thank you 🙂

is it normal that i can see you in the terminal?

i can see cry0l1t3 and mrb3n

yea thats normal

awesome didnt want to be doing something wrong haha

Hello guys. I have been stuck for a while at the web requests GET excercise and I don't understand what I am supposed to do, what does flag mean? I have entered every possible answer and all are incorrect. Also burp makes me press forward a thousand times for some firefox requests. Can somebody help?
It is my first time doing any of this. I am a complete beginer

The flag is like a key, a string of random characters, you need to "capture" that flag to finish the exercice

it will look like gibberish

Also burp makes me press forward a thousand times for some firefox requests. Can somebody help?
Go on the page you're looking to intercept the packets for, then turn on the intercept and refresh the page, you should mostly get the target page requests

Oh ok. Thank you very much for your help and time

Can someone point me in the right direction about the Linux Fundamentals - Filter content modules ?

Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.

What are the unique paths exactly ? Every single link on the file ? I've counted all links but I can't seem to get the right answer

I understood this as all paths with the domain www.inlanefreight.com (including the trailing stuff)

ALso, ensure to sort unique 🙂

For some time now I have been trying to capture the flag at the web requests GET excercise and it just tells me incorrect answer

Thats what I do. curl http://104.248.168.9:31288/admin:password?num1=1&num2=1336

It also wants me to send two parameters where their sum is 1337

For the GET exercise how do you get flag.php? I tried changing the web address to say flag.php instead of search.php but it didn't work.

flag is a string with gibberish characters. You can highlight it and hit ctrl+shift+B and it will translate it

I just pressed forward in burp, then I hit ctrl+r, I went to the repeater and it showed me

oh, thanks i have been stuck on this for ages

Me too. But now I can't find the answer because I don't know what to write

(sorry If my english is bad, I am greek)

Can somebody tell me why in the GET excercise this is wrong: curl -u admin:password http://104.248.168.9:31288?num1=1?num2=1336

???

missing something

So it is partly correct?

I didn't do it that way but this command should return the right answer, given the right parameters

Oh ok I understand. Thank you very much

Yes, what are you meant to submit? I finished the task but it didn't give any result as none of the ports can add up to 1337.

Dude I'm just going to give up. I can't understand it

i didn't get a result but did what the task said so I think it's ok

what did you do?

i managed to log into the target website and i put in the parameters it asked me to - i didn't get a result because none of the ports can add up to 1337 but i put in the parameters and got in so I am happy

i know it isn't helpful to actually get the cubes from the question but oh well

Oh so you haven't solved it. You just logged in/

yes

Good job

i also put parameters in but yeah

Ok I understand

Ports? This has nothing to do with ports. The question says "Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337.".

oh, so I should just put num1=1 and num2=1336 right?

Basically yes

yo im having trouble in the java deobfuscation module

in the source code part, the exercise is a bit odd

gives me a page and tells me to check the source code, sure, i find a secret.js file

which has

sure, i try to console.log it, gives me undefined

the flag is supposedly somewhere in there, but i cant find it

avoid posting spoilers please

how am i supposed to get help at a later stage of a problem then lol

by explaining your logic

I can easily give you the flag/answer, but that is not the point behind Academy. The point is to learn. Sometimes you may struggle but that is the path to become successful

What is the path to the htb-student's mail?

/var/mail

i think

use the locate mail command

cheers

did you get it?

in a min

invalid answer

nah

wdym

/var/mail is a invalid answer..to me at least

for the q:What is the path to the htb-student's mail?

use the command "locate mail"

i use it

gimme a sec

it is like u said ....but from reason ...when i put the answer ..it sayz invalid

because its wrong

u have to add htb-student

at the end

just like for the home directory question

i am on : htb-student@nixfund:

@craggy mountain i suggest to use the shown commands and try to figure out which one shows you the right answer

go through the cheat sheet

@tropic cove pls, dont publish answers here

ok

@drifting knoll ...i keep doing that man ....

bro i literally gave u very hint

i do thing ..i am close ....but ...i will see

do u want to dm

@tropic cove i did exacly as u sayd...put those answer there and still it say invalid

i wanna learn to hack

???

yeah htb deosnt teach how to hack

wrong place buddy

😭

hmm i may have said that wrong. Why do u want to learn hacking

if u want to learn it do good then this is the place for u

Yooo anyone can DM me about the PUT and DELETE methods, I can't seem to solve this exercice but I don't understand what I'm doing wrong.
flag.php just returns the raw code for some reason, I would need clarifications

I also has the same problem 😦

You can dm me

rn?

Sure

I cant dm you, you’ll either have to add me or change your privicy settings.

can someone teach me how to use hack the box

@pine sleet @buoyant ruin How Can I help?>

Start with https://academy.hackthebox.eu/faq and then with https://academy.hackthebox.eu/

i have the program but i dont know how to use it

I got help, thanks very much ))

many architectures, especially for huge web applications, are designed to distribute their load over many back end servers

https://tenor.com/view/friday-nod-oh-yeah-jeremiah-johnson-gif-13730953

lol

Can somebody give me some tips about this

Good night guys

Someone already completed the linux fundamentals ?

yup

me

it was rough

I imagine hahaha

I stopped at a part

if those are so hard then the easy module will be harder

You help me ?

sure

join

Hi Hackers, I'm stuck on ATTACKING WEB APPLICATIONS WITH FFUF / Page Fuzzing I can't find the flag, I've already tried with some options that I picked up in ffuf -h if someone can guide me I would appreciate it.

try #774040372966981644

im doing the web app fundamental module and i'm stuck on 'To which of the above categories does public vulnerability 'CVE-2014-6271' belongs to?' in the common web vulnerabilaties lesson. Ive tried literally everything and cant get the answer. any advice

👍

try internet there I located it.

ive literally spent 30 minutes reading everything about it but i dont know the correct format

can I DM u??

Yes

Can you dm me if you solved it? I have the exact same issue.

@hybrid dawn did you get any help?

@rustic sage hey google and read about the CVE-2014-6271 which I believe is shellshock. The way its executed is the answer. Don't think too hard.

@wintry cipher thanks but is this tip about PUT and DELETE section in Web Requests module? I know this vulnerability but I don't see how it relates to the solution in that section in particular.

@rustic sage No. Its something to do with 'injection' attack. After reading about the cve is it html injection, sql injection, command injection ...... Try to figure it out.

what's wrong about curl -X PUT "http://46.101.10.169:31416/" -F "file=flag.php"?

it returns a 409

^webhooks PUT module

response with -v arg:

*   Trying 46.101.10.169:31227...
* TCP_NODELAY set
* Connected to 46.101.10.169 (46.101.10.169) port 31227 (#0)
> PUT / HTTP/1.1
> Host: 46.101.10.169:31227
> User-Agent: curl/7.68.0
> Accept: */*
> Content-Length: 147
> Content-Type: multipart/form-data; boundary=------------------------b84de6ddc78ca2eb
> 
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 409 Conflict
< Server: nginx/1.10.3 (Ubuntu)
< Date: Wed, 10 Feb 2021 11:14:03 GMT
< Content-Type: text/html
< Content-Length: 176
< Connection: keep-alive
< 
<html>
<head><title>409 Conflict</title></head>
<center><h1>409 Conflict</h1></center>
</html>
* Connection #0 to host 46.101.10.169 left intact

nevermind, I forgot to use -L and specificy flag.php in the URL

but now when I get request the file it shows junk about files and it doesn't show the flag:

Content-Disposition: form-data; name="file"

flag.php
--------------------------30464bf3afe7e325--

Hi. Did you figure out how to solve "Skills Assessment - File Inclusion/Directory Traversal"?

hello everyone, in introduction to web apps module in HTML injection subsection how can i get the flag? i already made the injected link but i cannot figure out what to write on the flag.

Hello everyone! I'm currently working on the web-requests post method section in the htb academy. I'm having some difficulty finding the answer to : Login with the credentials guest / guest and try to get to admin. I've been trying many different variations with cookies and cant seem to figure this out. Any suggestions?

@rich pulsar i can give u a hint in PM if you want

a

anyone who can tell me what exactly this means/does?
<?=`cat /flag.txt`;?>
<?=cat /flag.txt;?>

yeah that module is broken

when u request the flag you only get what you PUT

i ended up getting the answer on reddit

if anyone has actually completed it then they can call me out for being wrong. If not, then im right and that question needs to be fixed

Hi all, Im having an issue with what looks like my browser timing out when doing the GET Method within my workstation. When this happens, my target IP I've entered into the browser changes in BURP to http://dectectportal.firefox.com and I'm then left with a constant refresh in the browser along with responses in burp from dectectportal.firefox.

would anybody know what it is I've done wrong?

I just got the flag for the above method, but without the use of burp. I'm unsure why BURP was, what looked like, timing out. perhaps I did somthing wrong, unsure!

u dont always have to use burp

u can use the bash

or the brower itself

sometimes

ok, thats good to know, thank you. Im still confused why the target IP kept timing out when using burp as proxy. are the workstations sometimes unresponsive?

try resetting target

to get a new one

👍

it worked?

It hasn't. I renewed the target multiple times but the same issue kept happening and instead of getting a response from the target IP, it was detectportal.firefox.com responding. Really odd. Regardless, I got the flag. Will see if it continues on other methods. Thanks mate

no problem

Hey there boys, i don't know if i'm missing the obvious here but I can't possibly find out how to answer this question:

LINUX FUNDAMENTALS ---> FILTER CONTENTS ---> "Determine what user the ProFTPd server is running under. Submit the username as the answer."

i feel like i don't possess the knowledge to do this

even googling i can't find commands that would get this done

did u get the command right?

if so scroll through and you will find proftd on the far left. then follow the line to the right and the user name is there.

it is very obvious trust me

no i most definetely didn't, that's why i say that i feel like i don't possess the knowledge to do this. Everything else so far came pretty naturally and quickly but here i feel like i'm missing something

I'm not totally sure about the detect.portal on Firefox in burp but I have noticed one thing. If you have extensions on your browser, burp detects some of those extensions. Sometimes turning them off helps.

good to know thanks

are the fundamentals the easiest modules?

also how do i change my name in the server

I would say they are and yet still challenging.

Not sure what you're asking exactly. Like how to change username on your host machine?

your name on the discord is the same as your name on the main hackthebox platform

reverify your account

Do files get saved in the interactive instance? If not, why does the Fundamentals of Linux Module ask you to install "evil-winrm" on the interactive instance? For the Package Management Section, are we supposed to try installing packages on our own local machine?

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer. I need help with this for the Windows Fundamentals

Nvm...i got it

for get method am i supposed to be sending get on bursuite or cmd line

either is fine

Guys, I'm learning Linux Fundamental module and I'm in section user management. My question is "Which option needs to be set to create a home directory for a new user using "useradd" command?" The answer I have entered is "useradd -d". Is this the correct answer??

im trying to use ffuf to find a flag in the HTB academy but my ffuf isnt giving me a output on the matches , but it does show its doing some work ,any idea what im doing wrong?

Hello guys. I have been trying the POST excercise at the web requests and I am at the point where I have logged in the admin dashboard with the guest/guest credentials. It says welcome, guest..... I enter that name as the answer but it is incorrect

What format does the answer have?

Every time I log in from the admin/dashboard with the same credentials a different guest appears

(the name of the cookie is 'auth', not 'PHPSESSID')

Hi all, I am currently pretty bad stuck at following exercise: Web Requests - GET METHOD - Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337. I dont really understand what it wants to know from me as I already tried following things. Burping it via Browser on: Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337 and also with cUrl which tells me 401. Unauthorized. Can someone please point me in the right direction of what exactly needs to be done. Thanks in advance for any help. P.S. For the sake of the overview I would really prefer a DM. Thank you!

You have to search the link with the parameters to your browser

And then it will show you some letters. Copy and paste them into the answer box

Just in case people are still stuck in PUT and DELETE section in Web Requests. Seems like it is fixed. Try it again.

Did that and the authentification window pops up

You mean in the source code window?

I did it in google chrome

Do you want me to show you what you will have to google or not?

Yeah please.

it's a flag, a sequence of numbers and letters. Yeah, not all things in that section show up like they show us in the images, but you gotta get the cookie and manipulate it

I'm doing the "Linux fundamentals" and I'm stuck with getting the unique paths of the domain "https://inlanefreight.com" but I cannot get the right answer. I've gotten the answer from googling it but I have no idea what is wrong with my own method

I've put 'curl "https://inlanefreight.com/" | sort -u | grep "https://inlanefreight.com/*" | wc -l
Can anyone who has done this recently tell me what I'm missing?

Hello, i'm still stuck at the linux fundamental at working with web services. I tried this ||require("http").createServer().listen(8080)|| didn't work, also this ||"start": "http-server -a localhost -p 8000"|| + other stuff and all of them didn't work. Any tips of where should i look ?

I need some help can anyone help me with a linux fundamental module specifically the "Working with Web Services

Quick Question about File Transfers module and the Linux File Transfer Methods segment question 2. I managed to upload the file. However, when I then run the hasher command it gives an invalid flag even though the contents of the file is the same as the one downloaded? anyone else with the same problem or is it just me??(´Д⊂ヽ

Try googling npm http server

I'm trying to fill the answer to Cross-Site Scripting (XSS) in the introduction to web apps but the submit button is unresponsive. Not giving me wrong or correct answer notification. Reset browser etc. Any ideas?

ignore me im a twat.

hi i am stuck at the javascript deobfucation

@coarse sun dont share any kind of flags

sorry

i thought somebody could understand better if they see the point im stuck

then you should explain what you want to achieve and where you got stuck

(without sharing contents of your target)

i need to get the flag of the deobfuscation sections however i keep getting the same base64 answer despite using different serials

which section?

javascript deobfuscation

thats the module

sorry

the sections is deobfuscation

obfuscation - deobfuscation

i recommend you to read it again

everything you need is explained
you have to figure out how to use/adapt it

did a little research and found this guy that had the same problems as me

it was curious, for me, this did also not work in Burp, but worked perfectly with cURL

would you mind to explain how you did?

i did curl -s http://206.189.18.188:32549/serial.php POST -d "serial=<serialgoeshere>" HTTP/1.1

it would surprise me if typing "POST" like that would work, I think you have to do it like: "-X POST", with "-X" defining the method, and also the last part (HTTP/1.1) is unnecessary

Hope that helps, @coarse sun

got the same result 😦

what does it give you as output?

idk if i can post it here can i send you as a pm?

yeah

dm

Guys, I'm learning Linux Fundamental module and I'm in section user management. My question is "Which option needs to be set to create a home directory for a new user using "useradd" command?" The answer I have entered is "useradd -d". But it says wrong answer. I have tried all possible options to answer the question. Need some guidance please

Look at useradd --help again. And read the wording of the question properly. 😉

Is the user has been created or I need to create a new user and the home directory??

It says: "Which option needs to be set to create a home directory for a new user using "useradd" command?" It says to create a new home directory for a new user. It says FOR a new user. Not AND a new user. And the question only asks for the option.

linux kernel versiuon

Kernel -- info or -h, all you search is on this man

@rustic sage its a question?? ☝️ ☝️

im having the same doubt

Are these modules helpful for pwning machines???

@lucid veldt what??

After finishing modules, have you returned to live machines and noticed your skill levels has increased?

yes

I even learned more then from online courses because they give you tasks where have to think alot and read manual pages and documentations

*online video courses

v

@lucid veldt thats my opinion, but you need to test how you can learn best. I started with video training with my own labs but I think books and labs are better for me

can someone pls ban this guy lol

Very cool, I may join. Thanks for the reply

LOL at that spam block above

i'm currently doing the web requests POST module and I've managed to login with the admin credentials but still don't know what the answer is

i dont know what the flag is

actually i may be mistaken

when you successfully login with admin/password does it still say welcome, guest...?

whenever i change the value of the cookie to the hex string after guest the page just reloads but the guest part is replaced with gibberish

I like how everyone ignores the huge spam block above and just talks about cookies and shit

lol

yes, but could you please help me?

yeah

let me read what u need

lets go in DM to avoid spoilers

how many of you here understand javascript or php properly? Im struggling to know if i should stop and go learn basic javascript and php to make things easier on myself and understand the vulnerabilities and attack methods.

can u code in at least one programming language??

@hushed anvil no. ive learnt enough over time to be able to read hmtl and css and understand what it's doing but I dont know the basics of any language.

you should learn at least one...

ok thanks

i would suggest c or c++ but i am not a good coder , neither a good pentester

better ask anybody

Thanks for the advice. The red name and hacker tag says otherwise though

how do i get a network interface name?

could it be eth0

??

on which os??

Hello

123

Im on the last question for "Stack-Based Buffer Overflows on Linux x86" and I've managed to get up a reverse_tcp_shell using a python string in GDB, outside of GDB however I just get "Segmentation fault (core dumped)". Im assuming im either passing the string back wrong or I need to adjust the EIP address due to stack differences inside GDB vs outside. Quick pointer would be appreciated 😄 P.s. fairly newb to buffer overflows so happy I got this far without help

Update: worked it out

Hi all. What aboutIntroduction to web application? I'm stuck to HTML injection. I'm sure about the answer cause it works, but it still gives me error. Maybe I have to enclose answer in quotes or somethin'?

Be sure to include the entire string, including <a href=xxxxxxxxx</a>

Same issue with the Intro To Web App. I've got the whole <a> tag with the href=xxxx in there. No bueno. It's not happy with that answer.

Works fine on the target. I get Your name is Click Me. And Click Me is link text that goes to the URL.

Also my <a> tag is closed with the proper </a> at the end.. 🙂

NVM, figured it out. Had to remove something to satisfy the academy gods lol. Still boooo though because the answer HTB wants messes up the link the way it should work.. 🙂

I'm all for these types of micro sized courses. But man, at least let the people have some variations in the answers. More than one way to skin a cat lol

Here I am again, this work during test:

<a href="http://www.malicious.com/" > Click Me </a>

Or <a href="http://www.malicious.com" > Click Me </a> But it's not accepted as a correct answer

Any suggestion?

Hey Guys! i'm stuck in the linux fundamentals part on package management. I'm trying to install evil-winrm but when I try to download it (one I have ssh into the htb-student, not even sure I was supposed to do this). upon using git clone i'm getting an error "fatal: unable to access 'http........." could not resolve host github.com.
Also, I tried to create a new folder like in their example using mkdir /opt/evil-winrm but getting an error permission denied

Any help would be greatly appreciated

I don't think you're supposed to ssh anywhere. It says to do it on your own interactive instance.

Well in that case I'm able to clone the repository on the interactive instance, but can't mkdir a new folder (getting error : Permission denied)>
And I can't seem to understand how to install it after a have cloned it

Hello everyone, Can someone help me, I am stuck in nmap module
Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer. Never mind got it.

try to use it without http://

This worked for me. Odd but eh ok.

Hi. I'm a bit stuck at "What non-standerd application is running under the current user?" in page 8 of the module on windows fundamentals. I'm using tasklist on the cmd to list all the running processes, filtering by username and status. I tried some of them as flag but that didn't work. Am I missing something petty or is it to be done in a totally different way??

Oh, ok. Looks like I just needed to remove the .exe part

Solved👍

DM'd you, your close

Hi there, I've been working on post method exercise several hours. I got the cookie. I decode it and changed the username id. I injected my admin cookie with js injection in auth parameter but in my brower console appears something like SameSite is none .

could anyone help me with someting

please

no need for the injection, you have to send a post request with a specific cookie and that will get you the flag

there is not cookie auth parameter in the login.php where is the post method. (Ive been 25 hours playing with code injection. At least Ive learnt)

@harsh pine I mean. When I log with guest I can see user and password parameter but not cookie or auth parameter

that's good, hmm, should return you the cookie when you send the request

are you using burpsuite, curl?

It returns the cookie's guest on base64 decoded. I tried to change the user name part and make my cookie admin for changing by burp

Even returns me the cookie when inject code on auth parameter. Even I put other cookie with admin_ and returns me but the console logs show something about SameSite parameter wrong

I'll give you this hint: There are many guests, but only one admin

thanks for the hint but I'm on the same point

I though some way to take the cookie's admin from the cache

I've been dreaming with cookies and base64 for few days

hahahah, well, I suffered for 4 days with the PUT and DELETE methods

if you enter the correct cookie it will return you the flag

Nice to read that for the next one.

I'm totally stuck.

I have to focus on login.php post method?

on sending the correct cookie, basically

yap. The thing is how I get the correct cookie

Have you already |learned to || encode and decode the cookie, so that you can make it say whatever you want ||?

||Sure hahahaha even for injection shoud be encoded||

use ur own vm or personal machine to download that and install

dont overthink . compare the cookie and ur login message . ask urself and try to change the cookie to a special user that u know

yea its way better @white smelt

try to think what request shows u the cookie

Oh noooo. And no spaces! Weird, because it does not work if put in login... Thank allot mate!

Isn't the whole purpose of the VM in the accdemy supposed to simplify? In any case would be important to know why I cant get it to work? I mean I'm going to need to be able to do install packages in future modules as well

i think u can do that but i never actually do most works on the instances.

Any spesific reason?

because when i read " on your intereactive instances ", i take it as my workstation/vm/pc

i feel i can troubleshoot more, play around without having restrictions

Got it. So no way really around this that you know of expect using my own VM?

i prefer doing it on my personal VM or PC or Laptop

but for ur sake buddy i test it

and yes we can install it in the interactive instances

its working here

so yeah just head to the github, read abit about installations and notes and u got it

Were you able to create a new folder as well? I keep getting an error that I don't have sufficient permissions

Same with the install every command I put in dosnt seem to work

i didnt do that. i just clone the repo, install dependencies and done

u include sudo in ur command ?

I tried that as well but It says Im not in the sudoers or somthing like that. Then have message that t"this will be reported״

hmm

try run id in ur command

So I used git clone. How do you install it after?

or sudo -l

u should see u are under the sudo group

and when u run this command u should be able to see this

if u cant then idk how to help u already 😂

just install the depedencies and run it

read the github page, scroll down till u see the installation & quick start

this is what I see

then yeah u shd be able to run all commands

hmm can't seem to upload images here

─[eu-academy-1]─[10.10.14.165]─[user64591@htb-ozazrtu25q]─[~]
└──╼ [★]$ sudo -i
─[eu-academy-1]─[10.10.14.165]─[root@htb-ozazrtu25q]─[~]
└──╼ [★]#

no no

not i

l

l for laptop

Damn I feel stupid haha

installed it using gem install. But the exercise explains to try and use apt or dpkg

treat it as guidelines

The examples there are to teach u , the concept is similar

and exercise didnt ask u to use apt or dpgk, it says different methods

and if u were to scroll up u will see they mentioned this

Got it. I'm just over complicating. Just want to make sure I'm not skipping something important

good that u are curious . u will learn more as u go so its fine

Thanks for the help man 🙏

no worries, happy learning

HI guys can u please help me with the htb academy web request I'm stuck with the get request and not being to understand the question

Send a get request to flag.php with two parameters num1 and num2 such that their sum is 1337

what are u trying to send to the server? what have u tried till now?

Send a get request to the flag.php? ... using curl... or firefox add in like hackbar you should be able to work out how to send the numbers

I will try again with the curl and report to u thank you

At first I had tried the curl method but I was not getting on how to do it so I tried with burpsuite . Can we do it with burpsuite??

yup.

but i prefer curl for beginners atleast.

so in burp you can do it via repeater or proxy intercept depending what your doing, but its easier to send the data via curl for that exercise as its cleaner and you should get used to using curl.

With burpsuite I had send a get request to a the target machine it redirects me to a login page and with the correct login credentials it just redirects me to a search.php location when I try to redirect my self to the flag.php by customising the Get /search.php HTTP it says parameters not found .

I will try with the curl method now

For the moment unless you need to inline edit a cookie, id, or session token use curl, for those things I mentioned use burp. You'll find it easier to create get, post, del etc. requests via curl initially. burps nice but why spend 10 minutes in burp when 30 seconds with curl will get the job done 🙂 curl will also let you practice with scripts and chaining commands.

Ok will do with curl thank you

for those who doing the web request, try to stick with burp suite. practise what u learn in the module.

try not to stray too far too curl because it can only make u more confused if u dont know what u doing

the reason is if u are new to the module or new to this, u can always refer back to the modules notes. there's plenty of guidelines in the module and also here.

for the curl its also possible, but only if u know what u doing .

my 5 cents bois

Hi I am doing the „Request and Response“ tasks. When I am looking for the Apache-Version it says at „server“ it is nginx.
Please help me

You can get the server when u get response from the server it should be stated as Server: Apache/2.4.46

Hey guys, I'm currently attempting the Web Requests, POST method section. I can login with guest/guest credentials, but when I try to change the credentials, it doesn't seem to work. I've tried using both json and x-www-form-urlencoded, but nothing seems to work. Could anyone guide me as to what I'm doing wrong? Thanks!

The hint says cookies so try manipulating cookies I was able to get the flag after manipulating the cookies but still it says incorrect answer don't know why

I tried manipulating the cookies as well, but I'm not too sure if what I'm doing on burp is correct or not

probably u copy wrongly

:p

I did copy the whole flag name and when that didn't work I even copied the text "the flag is " but it didn't work 😅 😂

so till now u havent cleared that section yet ?

No stuck in the post method

PM me

Yeah but when I click forward it didn’t say that

Try intercepting the package using burp send it to the repeater and look in the response u can find it there

how can i do that

How far have u gone

I use burp

@pearl birch I got already thanks anyway

You're welcome.

Yeah

Hey guys, I need a hint for the hard lab in the NMAP (Network enumeration)-module.

I found out tcp/21 is unfiltered and tcp/25 is filtered. I tried like every evasion technique from the tutorial but it didnt worked for me. Any hints ?

qualcuno da roma?

I'm having this same issue, can someone help? I thought I found the path, but it keeps saying it is incorrect. I am an absolute noob attempting to learn in my off time.

I can screen cap the issue if it helps

Cool fundamental module HTB. Onto the next one's.. 🙂

congrats!

can anyone help with the path to htb student email? /var/spool/mail is not working, and I am not sure if its case sensitive or what I am doing wrong. I figured out the home directory, yet I cannot figure out the email directory

You're close with the /var/spool/mail. It's slightly off, just look closer.. 🙂

and remember what you're name is.. 🙂

*your

i'll let you know if i figure anything out, i am still trying, thank you!

so far i tried running a whoami and put the username in as /var/spool/mail/usernameputhere, I tried a different variant with mail/htb-student, no luck, still tinkering

swap some items in the directory structure.. 🙂

and look at the directory structure on the target system

You are close!!!

anyone can explain me vhosts fuzzing? I add server_ip and domain inside etc/hosts, then i fuzzing with wordlist subdomain the -u domain:port with -H host:fuzz.domain...
now I obtain two subdomain.. "admin" and "test"
so I wanna explore these two subdomain. I start to fuzz "admin" subdomain so:
ffuf -w wordlist:fuzz -u http://admin.domain.port/fuzz ...... and here i get error....why???? i make me crazy
how i can add vhosts subdomain to etc/hsots

htb-student/var/spool/mail, tried swapping the directory structure to that order, but i think i am getting the username wrong. on a side note i figured out that i needed to re ssh into the system to get the kernel correct, i think thats what you're hinting at for the email so i'll give it a gander

so it seems like im not the only one stuck on windows fundamentals and linux fundamentals....

some of the quesitons are SO confusing

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

i cannot answer this no matter how hard, and i would LOVE a direct answer so i can figure out how the command works on my own

Hint - service is related to PDF editing

I feel like im losing my mind...

there should definitely be an answer sheet...

is there an answer sheet?

no this discord helps a lot. Ctrl-f an search for hits throughout previous questions.

well now i feel less dumb as i read more

but only slightly

Someone is doing the windows fundamentals module ?

ask more specific question on methodology

Identify one of the non-standard update services running on the host (windows 10)

hello

im stack on this Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.