#modules

that is way better

now find the microsoft documentation and search for a cmdlet which will narrow down to the only services which are running

This should give the current services that are running

the command is correct

now use the hint and go through the output of the command and you will find it

please remove the command as others who are doing the module would not want to stumble upon a potential spoiler

sorry

dont pipe it to search for an exact name

Can someone help me?

the key is service

With this

Resolved

Hello im new. Currently doing Web Requests module..Stuck at POST section..pls help..i dont understand what to do...
What ive done so far : login as guest:guest, start burp and intercept..sent it to repeater..changed content type header to application/json...wrote json code as follows {"usernam":"guest","password":"guest"}..hit send..get back 302 ok..how do i login to admin..do i need to use curl??..hint says to manipulate cookies..pls help:'(((

Hey can u elaborate more?..u press ctrl+r in burpsuite right?

+1

yes

and then what?

uuuuu
How did I write here so everything was decided, how so ??
I've tried this ...

thank)))

I decided

bro ive no idea what this is..i assume its cpied from repeater..im trying out curl functions from the cheatsheet..will post if i find anything

I decided

curl -H 'Content-Type: application/json' -d '{ "username" : "admin", "password" : "password" }' cURL specify content type

might be useful

while writing here

I pressed it but nothing happened

noo

catch cookies and redo them to admin

1)open firefox turn on proxy which is an extension on top right
2)open burpsuite, go to proxy tab, intercept on
3)load the page u want to load
4)see some info pop up in intercept tab under proxy tab
5)click anywhere inside the intercept tab and then Ctrl+R or just right click and send to repeater

can I write here in Russian?

idk man..prolly cant rules said only english..also

https://portswigger.net/support/using-burp-to-hack-cookies-and-manipulate-sessions

see if this helps..trying this out

EDIT:DID NOT WORK

I decided! I asked if I can communicate in Russian in this chat?

@lavish glade Sorry, we only allow English here.

Also, for ease of reading you should put your HTML in a code block

@burnt stone pls can u help/guide for the web requests module

Sorry, I have not done it.

I can help

POST?

https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fuser-images.githubusercontent.com%2F29077634%2F46558615-b1123480-c8bb-11e8-9c00-8cc3d1b53e6e.png&f=1&nofb=1 @lavish glade

Just replace js with html

i deleted

could have just edited the formatting, all good!

POST Method ???

I realized that I decided and there is no longer any need for codes

@tribal fog still need help?

yes im sorry i still need help with the POST method @mint lava @lavish glade

have a closer look at the coockie

console.log("Hi i'm portuguese!")

i dont get it maaan..i got the cookie when i sign in as guest:guest..tried to change parameters in burpsuite and send to repeater but response is 200 @mint lava .

the cookie that you get as guest is in base64 right?

so try to think what can you to to login in as admin

decoding base 64 gives me guest_7f6d0d7e91747bba926f7..meaning everytime login as guest a cookie is generated which gives the string guest_7f6d0d7e91747bba926f7. I can modify this cookie in order to login as admin but i dont have admin password and i dont know how to modify this cookie and send post request

I am struggling with Skills Assessment - File Inclusion/Directory Traversal can someone DM me please 🙂

ALSO in the tutorial/lesson the cookie param is PHPSESSID whereas when i login as guest the cookie has param auth instead..is this of any significance?

no

check IM

YEESSSS I DID IT 😭 thank you soo muc @sick trench @lavish glade

AND @mint lava XD

@sick trench how can I help ?

Although the module requires an answer...what should i answer i mean im already in

is there a FLAG somewhere im missing?

yes there is a flag

Do i curl to get the flag once im on admin page?

@tribal fog I just got it form the webpage or form Burp suite

nooo

ohk got it

gonna learn russian soon..thnx mah man @lavish glade

👍

=)))

i was setting cookie : auth=admin..but instead of admin i had to write the base64 version of it..after sending that to the repeater it gives flag

yeeeeeeees

good

🤝

so PUT and DELETE module...task is to make flag.php and get it..i made it..but when i use GET /flag.php i get 500 internal error..pls help

i cant even DELETE/flag.php

@tribal fog what is the question?

why do i get 500 internal error when i send GET/flag.php to repeater..i should get the flag instead

my php script is <?=cat /flag.txt;?>

should i instead use '<?=cat /flag.txt;?>'?

i removed single quotes

@mint lava

are you trying log poisoning?

Create a file named "flag.php" with contents '<?=cat /flag.txt;?>' and request it to get the flag.

is what the question says

can you DM me?

h

I need help with windows fundementals

yes?

Ok im a student going for my bachelors in cybersecurity i feel very passionate about cybersecurity but no experiance im stuck 0n the RDP section of windows fundementals. Im using and ipad pro for all of this

Ok im a student going for my bachelors in cybersecurity i feel very passionate about cybersecurity but no experiance im stuck 0n the RDP section of windows fundementals. Im using and ipad pro for all of this

ok

hmm

i have no idea about it

so sry......................

Connect via Remote Desktop (RDP) using the following command:

xfreerdp /v: /u:htb-student

Where do i enter this at

at the Bash terminal in the Box provided to you by HTB

Need help in Linux fundamental module
What is the path to htb-student home?
I need help

FInally, finally, just completed the Nmap Module. I learned tons of good stuffs. Big thank you to the creators of this module.

Does anyone here familiar with installing necessary packages to run xerosploit tool on parrot OS !

@random swan how can I help?

I try all the possible answer but all of this is incorrect

@random swan take a closer look on which command returns working directory name.

Pwd

great

@random swan Dm me so we wont spoiler to anyone

#modules #774040372966981644 i have no idea what this means srry im dumb "What is the index number of the "sudoers" file in the "/etc" directory?"

first change the directory

then try the ls command

ye ive changed to many directorys and i did ls -la

look at ls --help again

look at it carefully

index number is also known as inode number

where do you think i should cd into bc ive cd'd into alot

its in the question

ik etc but i cant find it

its in a diffrent directory

The command is ||cd /etc||

oohhh it was that easy?

damnit I always overthink everything

||so it said 18467 in sudoers and 18468 in sudoers.d but neither work||

Have you spawned the target

it wasnt a ssh problem it was a in this machine one

oohh not yet im an idiot

after you fix the ssh prob, try the command again.

thx

i got the number 🙂 *of sudoers *

#modules #774040372966981644 so I completed like 4 more challenge things and I now have " Determine what user the ProFTPd server is running under. Submit the username as the answer." and i have no clue what to do

Check for processes which are running it might help

Can someone help me with the linux fundamental user management module "which option needs to be set to execute a command as a different user using the "su" command " I tried with the --login and other commands but none is working

Do problem require you to do ssh with target?

No

It's like finding which option does what for su

Read manual for su

i still dont understand ....... i did pwd it was just home dir

Check running process and find proftp

Or similar

ps aux to check running process?

pretty close

ohh nvm i accually got it by doing ps aux

i just went through it and found the user ||proftpd||

hi guys I am doing Windows Fundamentals: windows security section.
It ask: What non-standard application is running under the current user ? (The answer is case sensitive).
I think I have to find an application that it isn't included in the windows standard application.
I have searched in the task manager but I have no idea what do to do and there isn't a hint.

You got another piece of info. It's not just non-standard. It's running under the current user. That should help you narrow down the list a bit.

is dpgg online i need help with somethin

or any other person online

i will ask on medium actually

Hello! i'm having troubles with Web Request modules, i tried to change session cookie using base64 and replacing guest--->admin, and i got a new cookie but still is not working. I need to gain admin user login in with guest user. Does anyone has a clue??

If you did everything correctly, ||when enter the page as admin, you should get what you are looking for||

Thanks Lanasso, still not working but i'll get it, in a year or two

how are you writing "admin"

https://youtu.be/82IbFeHheKg

Bro, thank you) I could not understand for a very long time why I could not log in as an administrator, but you helped me) I didn’t even think about changing cookies

Can someone help me with the web services module in linux fundamental "find a way to start a simple http server using npm" and we are to ssh to htb student but the htb student does no have npm Installed I can't understand what I am suppose to do?

Try to make google your friend...😀

I'm not understanding the question so I guess searching the Google won't be of any help

how do u start a server with the npm ?

and then enter the answer without the npm

Yeah got to install a http server for it right

if u want more understanding then yes

i install npm on my vm and try all sorts of things

till i got it

but the answers can also be found in the internet

u just have to know what u searching for

If I remember right we don't really need to install a npm server

im doing this now too lol

u dont

.listen maybe?

Ok so that figure some things

Ok thanks for the help I'll try to figure it out 👍 👍

I got it Neem 😆

read the hint. no need to specify package name

Nice 👍🤟 I'll try to figure it

Ok I'll try that way thank you

OMG this was so easy, I was trying to figure it out since yesterday 😆

Hi all, I am new here so apologies if I am posting to the wrong place. I am stuck on the "Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section." it's going over my head and I seem to be unable to get the cookie as shown in the screenshot on the exercise. Is there any sources i could use to do a bit more reading to get a handle on this concept? or if anyone is will in to ELI5 to me?

the example shown is just an example. the web app the exercise on is different - hence the different credentials

cookies can have different names

look into what the cookie is and what it represents it. if it doesn't look readable maybe it has been encoded, if so decode it or try to with common encoding methods.

then look at what happens if you modify the cookie

I'll give it another go a bit later. Thank you

hello

am new here

👋

Hello people! I'm stuck in a question and I am 200% sure I am in the "good" path of doing it....

can anyone give me a hand?

The question is: "examine the registers and submit the address of EBP as the answer"

so i run into gdb, start the program, look into the frames, and just print $ebp (or info registers)... no luck

gdb> help

well guess he doesnt need helpcanymore

help anymore8

**

can u help me out

?

well... i don't want to sound rude or something... but I think gathering the $EBP address is simple as that?

its about getting familiar with GDB. Everything is easy if you know how to do it

wise words 🙂 but...the thing is I'm afraid the "module" is broken, as any valid answer returns an error

tried resetting the machine too

Try to follow the example of Segmentation Fault on the module There is nothing wrong with the module I just did this section know.

damn... man then the question is so misleading.... Thanks a lot

Always remember to think outside the box.

@drifting knoll I didn't even had to open the instance, it was talking about the stack in the theory explanation (but not specifying it...)

thanks a lot, own u a beer to both of u! @drifting knoll and @mint lava ❤️

No problem man, glad I could help

Just like you did .. "admin"

which http method are u using to send admin?

also dm me

Bro, check on "Hint", there you'll find useful information in order to pass the section! (:

did u solve it???

i asked cause u said "u would solve in a year or two?"

Not yet, i'll put hands on work right now 💯

ight just making sure 👍

sorry, didn't see this!! i used GET and POST methods (both) using responder in burp. POST is the default method and tryied using GET in order to see what was the server response, but i didn't find anything. Also tryied injecting JSON request as in the example, but nothing. That means i am a little bit close

yeah IGNORE THE JSON

no clue why they teach it and has nothing to do with module

yo can anyone help me with connecting to a target ssh in linux fundementals

hey whatsup Bsteezy

can someone please help me with the question: "Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337." ?

ssh [username]@[IP] in a Bash terminal

Please don't post direct answers to Academy questions. 🙂

Sorry, does somebody knows if Web Request-->PUT and DELETE section is broken? After creating the file and bla bla bla, server returns datetime and a two digits number, it doesn't look like a flag at all. I even tried hashing that info, but got nothing.

it's not broken, I can assure that. Although I wonder what two digit number you are talking about is, I don't remember recieving one. You can dm me if you want

i feel like my brain is fried on Linux fundamentals....

lol.
why what happened?

staring at the how many services on target system on all interfaces for awhile now...hoping that if i stare hard enough the answer will jump into my head lol

and it worked....

is anyone else having trouble with the vm on windows fundamentals. I'm in power shell and its lagging pretty badly

HI guys i am stuck at this question can anyone help me Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer.

i use this command systemctl list-units --type=service ANSWER apparmor.service Load AppArmor profiles managed internally by snapd What should i do ?????

your very close. i had trouble with this one but the answer is in the information above the question. look at using a command that searches for specific results

any hints on this one ?

I am doing everything correct its just not working

try explaining more your methodology rather asking for the asnwer on a x,y,z question

you and the others will benefit more

I thought I might spoil it for someone

I tried

and few other combinations

you are almost there

do I write whole html ?

nope, just the command

look at the eaxmple above and see the structure of how the code is written

does formatting of code matter in answers ?

maybe

okay I'll try

Thanks for your response

Brother i been 6 hours i trying todo can you give me a hint or something

Dm me

Thanks @brave wigeon you guidence really help me with the question i really appericate.

still need help?

I do need help with that one

DM me

Can someone DM me an approach or even the solution I am stuck at this question for more then 1 week now. - Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section. - I tried "admin" and also "welcome admin", but nothing works.

the hint is cookie !

can u read the cookie ?

I dont know if i got it right the cookie tells me Welcome admin

but the user is apparently not admin

I need to do this with Burpsuite, right?

@timid grove I dont know, its not working. I am doing something wrong here.

yeap !

How did you manage to reach here? I'm stuck on the same problem for hours now. Any tips would be really helpful.

For this one, your current directory is /var/www/html. You need to go up one directory level and list out the contents in that directory with linux commands.

Thanks so much! I think I got it.

I am in the 3rd fundamental-module - Linux and I am stuck. I am a beginner

When I am doing ssh htb-student@ip

This is the question under System Information - Linux

ssh: connect to host ip port 22: No route to host

have you spawned the target and are you using the ip from the target

I am using the ip from the target

and you are using the provided pwnbox, correct?

in the my workstation area I am trying to do this operartion

Yes - myworkstation as the name given

i can successfully connect to the target from the provided pwnbox instance in the section

of the module

🙁 I am again starting the instance, I terminated it and I am starting it once again

I am also resetting the target

shell got opened and a new target ip is getting displayed

let me try this one

👍 @autumn pilot I am also able to do now

Does the target ip expire after some time?

💯

Hey y'all I'm looking for some help on the web request module. When I utilize burp suite and set it to intercept a response, i can't navigate web pages. Problems w/ certificates and the target won't load. When I turn intercept response off the target loads but then I don't know how to get the answer. I am a super beginner and not sure if there is a workaround to getting the response I need for the module.

The question I am trying to answer is Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337.

@solemn tiger I'm stuck at the same place. I completed Linux Fundamentals on my own so I don't know how to Google.

@urban sage I don't want the answer. Just point me in the right direction please.

Break it down pieces and research how to do them.

Thanks

@urban sage I did it!

@solemn tiger You have to do a step before what you posted

after 24 hours i have finally figured out that im stupid and overthinking when using commands such as tree in windows fundamentals..

help pls?

stuck in Linux Fundamentals

This question comes under System Information

What is the path to htb-student's mail

when I am putting /var/mail it is not taking why ?

wow I am loving the learning process fundamentals course, it's a nice break from all the technical stuff i've been doing. But extremely important and essential. Well done 😆

i have the same problem

I will give you a hint ==> Environment @midnight goblet and @red kernel

thks

@falcaoo you got the answer?

eh

Hey, did you ever resolve this? I get the same error as you did and haven't been able to figure it out.

Hi All, I'm a complete noob and I'm stuck at my first hurdle. I'm working my way through the Windows Fundamentals and i'm stuck on the second question on the introduction page. The question says "Which Windows NT version is installed on the workstation? (i.e Windows X -case sensitive). I have submitted the answers from the commands in the screen shots but it's saying incorrect. Am I missing something? Thanks

i found a bug where is instane terminating itself

No worries, I figured it out.

What is the name of the last modified file in the "/var/backups" directory? guys i am stuck at this question ... i need little help or guidence .

try readin man page of ls

okay

hello people! i have problem with the flag in the Post method question. I managed to login as admin and found the flag but when i try to submit my answer i get the wrong answer message, any i ideas if it is my fault or it is from the website?

Hey, the hint is "Environment"? I have the same problem, not only with mail but i can't also locate the htb student home directory. /Home doesn't work

okay, I haven't run ssh htb-student@

How did you go about it? Are you sure you have the flag?

Yes it sed hello admin the flag is......

You have the commands you need listed in the top of the System Information lesson.

I'll pm you

I hate how some of these are easy enough to make you think its way harder.

Did you ever figure this out?

so when i use Burp suite when trying to figure out the problem for the GET section on web requests its like the internet is dead altogether. is this a result of using Burp?

I get the same problem

Ok thats good im not crazy

Thanks for giving the hint and I have done it. I want to ask one question.

I have used the command printenv which gave the path

@flint moth I am extremely new to Linux and my query could sound very idiotic. We use Gmail, Yahoo and other mail types. In Linux the mail that is being discussed here - Q1: Is it a different kind of a mail Q2: Is this same in concept as Windows Outlook mail Q3: Is it possible to access this inbox of mail using a browser or installing a Linux mail application. Q4: How to read the mail because when I am giving the command as sudo less /var/mail/userXYZ

/var/mail/userXYZ: No such file or directory

Anybody can answer this. It would be great to get a clear explanation of this

no

Try the printenv command

@red kernel I am also a beginning like you , I also have the same question

But I could think is this path could be of Linux's Inbuilt mail app or something like that

👍 No issues, we all have to start from some point and that is why we are in this group and getting stuck. However I have taken your point. I am searching a more elaborate explanation. If I get that I will get back to you. Let us cross all the barriers

@red kernel 👍

thks i have completed them now

Yes. Burp stops the traffic for you to investigate/tamper with it. You need to hit the forward button to let the traffic through.

Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)

help ?

Try reading the || su --help|| command.

I am doing the web requests module. Cant seem to answer the "Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337." question.

Not sure what type of format is wants. If it wants the full URI

of just the part after the /flag.php.......

Have tried multiple variations none have worked so far

Nevermind turned out i had to spawn the target system and actually do the command to get a flag from the website.

by command I mean the URI

nothing works

The question states to use the long version of the option

Type the option without the command

How are you making the GET request? I don't mean how you are writing it but what method you are using.

So initially I was typing the entire uri that I thought would work into the answer box. Turns out I had to spawn the website actually send the get request through the website which would then result in a flag

The flag was what I needed for the answer

I thought you hadn't solved it yet that's why I was asking to see if I could help but from what I read you already have it solved.👍

I appreciate it anyway. Thank you!

Hey, I'm doing the learning progress module, and for the question I've tried a bunch of variations, and since the answer isn't a fixed thing like a flag I'm not typing in the correct answer, I am, but not the word by word correct one

anyone could just tell me what it is?

Nope. We can't just give you the answer. That kind of defeats the point. Keep trying. You got this.

I know the anwser. I'm just not typing the word by word thing.

I just saw it last night and was like"Oh cool let's read this and answer it"

I think I'm answering correctly. but its not the exact combination of words

and its annoying the heel out of me

*hell

What question are you talking about?

The only one on the Learning process module

Unfortunately any hint I give will give it away

Man. Its just that i know what it is. Like something along the lines of: Even the smallest effort everyday makes you evolve way more than not doing anything

See if you can type it another way. Maybe the words are the problen

exactly

i just dont want to spend an hour typing different combinations of words

Your answer is so different to mine that I think we got completely different questions.

well then i might be completely wrong as well ahahah

ill figure it out eventually ig

Might want to delete your previous comment just to be safe and just out of curiosity what is your question

Can you copy paste it

sure

To get the cubes back from this module, answer the following question. What is the difference between the two numbers of the learning progress mentioned above?

wait

am i just looking at this stupidly

is it just the actual mathematical difference?

Try it?

well thanks

i shall now think how i ever finished middle school

Yeah was confused when you were trying to use words to answer it

my brain transcends human stupidity sometimes

Our minds play funny tricks on us sometimes!

thx for the help

No problem keep at it!

Hi together

hope that is the right channel...

I am current doing the File Inclusion / Directory Traversal Learnings and I am
struggeling with the path to the php.ini, even with the Hint no chance...
Any hint on that to guide me to the right way?

Welcome to cibersecurity 😜

it cant all be luck based can it?

It's not.

@last sluice what is the question?

I'm on the Linux Fundamentals Module. "Working with Web Services". I can't install npm on the remote box. I've restarted it with no luck. Any ideas?

htb-student@nixfund:~$ apt install npm
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?
htb-student@nixfund:~$ sudo apt install npm
[sudo] password for htb-student:
htb-student is not in the sudoers file. This incident will be reported.
htb-student@nixfund:~$

try to find the vulnerability spot and once you do ,you will see what you need to put there

@dawn ice you don't have to install , answer is which command will you use

Ok. Thank you. That helps. I must've misunderstood the question.

@subtle willow have a closer look at the hint and try to do what is explained in this module

Ok ill keep messing with it thanks!

Hello I want to buy the Linux Privilege Escalation module, but I see that it requires "Networking Fundamentals" and a lot of other modules require this module as well, but I can't find it anywhere in academy

How can I get access to the "Networking Fundamentals"??

It's still in development

Then why a lot of modules are requiring it?

No idea, I guess they want to make clear that a basic networking understanding is helpful for that module, I hope they release it soon

Hey everyone, I kinda hit a roadblock at Linux fundamentals > Find Files and Directories.
From what I've looked at, my command is working perfectly, but instead of getting a single file, I get a bunch of them with "Permission Denied"
(This applies to the first and second question)
anyone know what is happening? (dont wanna type in the actual command cause, spoilers)

@steel cave what is the question

What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

Not sure if this counts as a spoiler, but you can avoid those "Permission denied" messages by redirecting standard error (stderr) to /dev/null

Those messages are part of the standard error (stderr) stream

ok thx.Ill try that

Np, happy to help

@outer sequoia Thx so much. u just save a couple of hours of finding commands that wouldnt work until i went to the second page of google

You're welcome! I'm glad it worked, I recently learned this too and it's been very useful

to think i could have just went to the next module ahahha. 😭

oh lol rip

Got stuck with this Q: Which option needs to be set to lock a user account using the "usermod" command? (long version of the option)

I have been able to solve

guys, at the Windows fundamentals, how do i open the powershell at the target desktop?

Still stuck with this one: Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section.

Can someone please help me!

No one?

Hello, can someone help me with HTML Injection, I can't get any further with the question. I hope someone can help me here. The question is " If you wanted to inject a malicious link to "www.malicious.com", and have the clickable text read 'Click Me', how would you do that?". What do I have to do? thanks in advance

BUMP!

Can we do practice on our own machine instead of HTB Virtual box?

Hi take a closer look at the cookie

Should be able to most of the time yes.

formulate a question on the methodology you don't understand

Do you need to use burp for this??

Hi, you must make your own payload with the indications given in the question.
check the hint will give you a help.

Someone that helps me with the question of learning process

Ask your question

your question has nothing to do with the topic of the channel

I am stuck with this question Q: Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option). As answer when I am giving -user or -username the system is not accepting. What is my mistake

Can someone help me with Web Requests and the POST Method, I found whats wrong but i think im doing something wrong
@me or pm me

Can you indicate the module and the page? to see if I can help you in something.

It is coming under Linux Management - User Management - Q3

Tell me about it, maybe I can help you with something.

Can i pm you? @lapis stump

Yes

guys

are we hacking this box

fuck

What do i do in this server

Ok, as far as I see it is Linux fundamentals/User Management/3rd cube. if it does not accept your current answers maybe you should try another one, you can document yourself on the internet, analyze the question well and try not to post answers here because they can delete the questions because it has already happened to me.👍

hlp?

what is the question?

Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)

try to use man su or su -h, its pretty straight forward and easy to find it there

i have tried

i tried al the commands

its not only about trying but understanding

the long version?

yes

did you tried man su? and understand what is explained?

yes

dm me

Hi, im new in the server and i'm not american also british, so sorry by the spelling mistakes, but, can someone help me where I can find somone to teach me better about simple code and this type of thing, I´m new in that too kk.

Can someone help me in the web request module for the GET method, i am not sure if i am doing it wrongly or is it the system

I tried to follow along the example steps given and it was not the same/ and i had some errors

i do not know lol

ok so on javascript deobfuscation when i try to visit the target ip and port its like its dead...

also stuck on this

@tired perch I just finished that module PM me and ill see what your problem is about

ok

You don’t

I need your halp "Which kernel version is installed on the system? (Format: 1.22.3)"?

Have you found a solution to your problems?

Hi how do we hack

I'm new here call me Sniper

a good place to start learning is https://academy.hackthebox.eu/ @keen whale

it's important to start with the basics so academy is definitely a great start

you can do the tier 0 courses for free

thank you

@loud dew ok ill readjust and loom at it thanks!

In Software fault isolation techniques a process’s virtual address space is divided into multiple segments to ensure security. One such segment ranges 0xfeee0000H to 0xfeeeffffH. Which of the following instructions that are used to access the memory can be unsafe?

I. JMP *ebx
II. MOV r0, ffee1200H; Load [r0]
III. MOV r1, feee1200H; Load [r1]
IV. INT $0x80

how do i " SSH to {IP} with user {username} and password {password}"

--linux fundamentals

nvm

ssh username@ip

ye i Googled it

thx tho

im struck with Firewall and IDS/IPS Evasion - Hard Lab. done both udp and tcp scan with version.
Found 3 Porta but struggeling.
any hint?

read the hint carefully and try to imagine how companies would probably manage it

Hey all - I have a question on the SQL Injection Fundamentals -> SQL Operators section...

The problem reads in a certain table, what is the number of records WHERE the employee number is greater than 200000 OR their title does not contain 'engineer'...

I have laid out my query in about 20 different ways but no matter what number I get, I'm getting the wrong answer.

NVM - I had to include ALL instances of the string 'Engineer', not just the title of "Engineer"...

question on the HTTP module - the part we you have manipulate the cookie using POST

What is your question?

1 - The method described to replicate the escalation to admin is not very clear to me.
2 - when I refresh, I removed the cookie header and i get the 302, to the login, then I do the CTRL+Z to add the cookie header back. It still shows that I am the guess

(all done using Burp)

any ideas?

never mind I was able to figure it out

"How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)"

can someone help me? i tried this but the answer is not correct

Can someone help me in Filtering result of Ffuf module , I am not getting any result after scan

can you give me a nudge on this, I`m stuck in the same place

sure

Good nigth/
Did you find the answer?

Anyone completed Java script Deofuscation(page 9)

i'm stuck at the moment

@sand arrow what are you stuck on

if you want to pm me i can give some hints

@true whale I already got the decoded output but I dont know what they mean by"set the data as "serial=YOUR_DECODED_OUTPUT".

ok look at the cheat cheat and see how you can pass data into a post request. so you will want to do the same post request you did before but add data to it. if you need anymore help dm me.

Alright im going to test that out thank you

no problem!

I dont know why but my Instance is not starting?

@true whale Is HTB like THM where you can only get the VM a hour a day if you dont have a Subscription?

no you should have unlimited access to the workstations. i would try closing and reopeing your browser.

I got the same error

huh what dose it say.

huh ive never seen that before on the dashboard theres a support option you could try asking there.

alr

i just tried and got the same error. they must have a overflow of users atm.

Yeah, I'm probably going to come back later

same here 😩

Im getting thst as well

💩

i am gettin same error

me too

trying with VPN

I`ve tried - no luck

f*c

Can someone help me in Filtering result of Ffuf module , I am not getting any result after scan

it`s working again 👍

let's go!!

Any ideas why I can`t submit the flag on web requests - Post Method??
Nevermind all sorted now

Can anyone help with this? "Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)"

Anyone can help me I'm in the Linux Fundamentals - Working with Web Services and in the lecture you install apache2 using apt install apache2 -y and then open localhost to see the default apache page but my service appears as inactive (dead) and when I tried to start or restart the service it just fails.

Tried a few things like looking up the syntax and its fine also created a log folder

And I'm getting this error for both start and restart
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

Have you tried su -h??

@cerulean vine

thank you man that helped me

hello does anyone know about web requests?

Hi all, I am currently pretty bad stuck at following exercise: Web Requests - GET METHOD - Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337. I dont really understand what it wants to know from me as I already tried following things. Burping it via Browser on: Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337 and also with cUrl which tells me 401. Unauthorized. Can someone please point me in the right direction of what exactly needs to be done. Thanks in advance for any help. P.S. For the sake of the overview I would really prefer a DM. Thank you! P.S.S Its a copied message but i need help

SQL server isnt really responding to any commands in the starting point box, any clues?

Me tooooo

hii

hello everyone

How are you

Hey all, I'm at the Web Request Module - POST Method, I'm trying to get the flag to answer the question. I've manipulated the cookie at the /admin/dashboard.php request and the system is greeting me as admin_... BUT i can't find the flag. Am I missing something?

hi folks, I'm working on fundamentals - web requests, and I'm stuck at POST request - I logged in as guest, and modified cookie to admin value, and the site greets me as admin, but no flag (I'm guessing that a flag should be there). I tried json method shown in the course text, but no success... Could you nudge me in the right direction? I'm using ZAP, and I'm using burp provided in the course machine, but the result is the same. Any hints?

have a closer look at the cookie you used try to use admin!

@mint lava gawddammnit 🙂 had to see it in python 🙂

Thank you

It worked this time, but would swear that i've tried it before but didn't work. Thanks for the help!

@thin gull @rustic sage No problem

hi

anyone down to teach me?

Hello!

Can point you to some resources but learning is up to you. Check out HTB Academy. academy.hackthebox.eu/

I need help on this question: 👉 Which kernel version is installed on the system? (Format: 1.22.3)

I have used the command uname -r and uname -v but both results 5.5.0-1 and 5.5.17-1 are incorrect. PLZ help!

thank u alot

If anyone is lost at Windows Fundamentals > Introduction to Windows, use the program Remmina. Also just enter the target IP you get, the command used in the example didn't work for me but only entering the IP does the trick

I get a blank page when I GET the flag.php file on the Web Requests module on HTB Academy. What am I doing wrong?

Can anyone point me how to complete the firewall evasion hard lab? Upto now i was able to get the port, but when enumerating the service version i see its tcpwrapped. Also i am unable to connect to it using ncat with the source port option.
Please help as i have been stuck on it quite a while.

@ancient elk It looks like you haven't used ssh to connect to the target system. Spawn the target system by clicking the green text labeled Click here to spawn the target system! . Use ssh htb-student@(Target System IP without parentheses) . It will have two prompts; type yes on the first one and HTB_@cademy_stdnt! for the password prompt.

@chilly scarab How are you sending your GET request to flag.php?

I got the same

hey i'm stuck on FILE TRANSFERS module

in the section windows file trensfer method

at the second question

i don't know how to upload the file

i tried this

but i got http 403 error

anyone?

look at the cookies

curl -T ... then try find the rest

curl -X PUT -d @test.txt http://<url> -vv i just saw this on the cheat list

@ims87 have a closer look at the Firewall and IDS/IPS Evasion one of the method will work

sa

no i fous where i was wrong I put the port 80 instead of 443

it is port 80

Are There Any Turkish Members

443 is https

Türk varmı

Can someone help me with Get - parameter Fuzzing !!! Please

dm me

i signed up for it

@urban sage thank u just signed up whats next

Check out the Intro to Academy and Learning Process Modules.

anyone know how to hack 1v1.lol

Hi guys I'm going through enmap Service Enumeration and could solve the question for more than two hours :0 for some reason I can't connect to any of the scanned ports

what is the question?

tcpdump doesnt capture anything when I try to connect ot the specific port or even when I run command like this one sudo nmap [IP] -p- -sV -Pn -n --disable-arp-ping --packet-trace

this is the command I run for it sudo tcpdump -i eth0 host [IP]

in two separate consoles

are you using the ip of the instance box?

as the host of the sudo tcpdump

target IP

and did you manually connect to the SMTP server using nc

as the modules explains?

the thing is there is no any smpt services has been found after a scan

PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
110/tcp open pop3 Dovecot pop3d
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp open imap Dovecot imapd
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
31337/tcp open Elite?

so the port is closed

why are you trying tcpdump in the first place?

at the and of this page I have a question (Enumerate all ports and their services. One of the services contains the flag you have to submit as the answer.)

so I wanna check the flag

DM so we wont spolier anyone

guys i need help I can't understand what it means with : What is the name of the hidden "history" file in the htb-user's home directory?

i've tried any command

all*

I don't remember exactly but I guess that file could be hidden in home directory

Good luck and see you in the Easy Modules👍

can any one help me with this please>?? can i use the above command to do the following """ What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

nvm i solved it. thkns

it is required/recommended to do all fundamental modules before diving to Labs?

hi yall ive been struggling for a while with this question

Which Windows NT version is installed on the workstation? (i.e. Windows X - case sensitive)

like ive been trying all the cmdlets and yet the answers still wrong

var aga

i'm also facing the same issue

why i can't ssh?

i try many times and same result

Typo in the password??

yes

done

In the linux fundamentals you get asked to find the kernel version i do the uname -r to get the version and it give me the wrong answer, i have tired every possible way i can think off and google to none of them working. Also next question is "which MTU is set to 1500" - there's multiple MTU's set to 1500 none of these are the correct answer i used ifconfig to find the MTU. Any ideas what im doing wrong?

Do you remember to give the version in the format 1.22.3?

i might be getting the version format wrong

the format is not making any sense to me

Ok. What answer does uname -r give you?

Who is on the modules tonight?

hi just wondering what the answer is to the web request module where you have to elevate from guest to admin, because i did it, got to admin panel by changing the cookie value....

@tepid apex dm me

5.5.0-1parrot1-cloud-amd64

Ok. That's from the box you're sitting on. You need to run uname -r on the target.

nvm

i figured it out

Good

Just gotta read the question properly.. thx alot tho

np

can some one help me one this one

a bit help?

try --help & man

All,

Hey, how do you paste images in this channel? My message bar doesn't have the plus sign to add files

Nvm. Apparently i was filtering "-name *.config" when i should have filtered "-name *.conf" so dumb...i wish the Academy lesson would have indicated that .config and .conf are configuration files that exist

guys can someone help me with the javascript deobfuscation

I`ve done this module last night{great module btw, I really enjoyed it} do you still need help?

Can someone help me with a question?

what is the question?

I have to send a get request to flag.php with parameters num1 and num1 and their sum has to be 1337

So this can be done in address bar, simply add the path and correct query string after target ip:port. The value of num1 and num2 can be random as long as sum of both will = 1337

When I come back to desencript base 64 it doesn't appear the admin password

can some one help

Maybe ? what do you need!

i am one Linux fundamentals

the question is What is the path to htb-student's home directory?

Don't just seek for the answers, try to formulate a logical question or methodology

agree

it will take less than a second to give you the correct answer, but what will you learn from it

I haven´t done that module but, is there any command that might help..?

i tried to switch the ssh but when i put the ip that it gives me it takes me to a different user

you have to ssh into the given target

thats what i did but when i put the password that they give me it dose not work

hello i have a question, im trying the command: find /etc/ -name *.conf 2>/dev/null | grep systemd | wc -l, to get all .log files in the system but always returns 0

the password is between the double quotes

when i put the target instead of the user being htb-student it is user64304@

you have to ssh htb-student@ipofthe server

have you gotten the first two answers @rustic sage

there was one question but i got that one

it was Find out the machine hardware name

it requires to ssh in the target

if you have done that steps successfully you can proceed with the others

SSH to 10.129.185.187 with user "htb-student" and password "HTB_@cademy_stdnt

but when i put the target 10.129.185.187 it say user 64304@

instead of htb-student

did u use this command? ssh htb-student@10.129.185.187

i dont know

thats what it was thanks

np

thank you man i got it

how would i find the path to the htb-student's mail

Follow the white rabbit 🐇

i am new to this so i have no clue what that means

😆

I wonder if Keannu Reaves have hacking skills in real life...

Dunno, I doubt he has

i need help

shoot

no one answered my question

Im trying to do Web Requests, im on page 6 and i need to make a request to http://inlanefreight.com but its a normal website when the academy shows it should ask for a password.

Anyone completed Linux Fundamentals - Filter Contents? I'm currently on the questions and they're pretty nasty

First question reads: "How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)"

Any help or pointers would pretty stellar!

Hi, how do I do the invite challenge in Hack The Box , can you hack this box?

Can you guys teach me

++academy

Do the cracking into hackthebox path

Thank you and noted

pls read the content carefully

Hello, I've tried this for some time, but now i'm not sure what it asks for. I get the services running on host on powershell, but i cant find which one I need to enter

Hello new here as well, going through linux fundamentals

Currently going through linux fundementals: find files and directories

having trouble with the first question finding a file in config with a certain time created and is smaller than 28k but larger than 25k

I thought I found the file as it fulfills those requirements but it is rejecting my answer.

got it

use two -size params. like find <...> -size +25k -size -28k <...>

How many total packages are installed on the target system?
I run:

dpkg-query -l | wc -l

But the answer is incorrect. What's wrong?

Try a search for services with a display name containing the word "update".

Ah I see there are some lines which are not pkgs

sry

i did, there's one that pops up, but when i type the name in (not the display name), it's not right

I got that one thank you Vos

Currently on how to find all files with .log extension in the system

having trouble figuring out the right command

It's easy. What's the problem?

How many files exist on the system that have the ".log" file extension?

(I don't want to make spoilers, we are all learning here)

corret and thank you

Briefly read man find

will do

can you use grep for file extensions or just file names?

This is what I am using now with 0 results

What module is that aquas?

!rank

Windows Fundamentals

Nice. is the instance that runs one with windows on it instead of linux?

instance is linux

omfg im having a hell of as time finding the kernal ver Linux Fundamentals i see the format its asking for and im pretty its parrot 5.5.17 any direction??

make sure that you have ssh'ed in the target

oh yeah thats right i came back to this module so i right thx ill try

Greetings all. If someone could give me a hint I'd appreciate it. I'm on the question "What is the path to the htb-student's mail?" located under the System Information portion of the Linux Fundamentals module. I can see where the mail directory is located but that isn't the answer. I'm SSHd in. Thanks 🙂

test all shown commands in that section and read their output carefully

kk thanks

Hello guys, I am new to HTB, but I have been enjoying it.. Im stuck on this question right now, you can find it in the web requests module under the POST method section, I have literally tried everything, but I cant seem to figure out how to solve it. The hint says that I have to use the information from the previous section, but I also cant manage to find anything helpful there. If someone could help me out, it would be appreciated.. (btw, I dont need a huge explanation, but just a hint or at least some instructions on what to do)..

Oh, this might be handy to know, in the cookie header, I dont get a 'PHPSESSID', but it just says 'auth'. I dont know if this prevents me from finding the solution, but I figured it might be handy to add real quick..

Ok well I got it, but that directory is empty is that how it should be?

the question is asking for user's mail path - it doesn't mean that it's actually exist

oh lol ok thanks

knowing how to look into that env variables might help you later 😉

right

dm me

can someone help me please

Hey guys, can someone help me in this question ||" Find the non-standard directory in the C drive. Submit the contents of the flag file saved in this directory"||, i have already ssh into the machine

Find the folder that isn't there by default.

I am not really sure with the commands though..

HI, I'm new to Hack the Box and have less experience in penetration testing. Unfortunately, I don't know whether I have the necessary skills or knowledge to solve the challenges posed. Can you give me tips what I should can / know?

Hi everyone I'm stucked on the POST requests section of the web request module, I've tried everything that I thought of but I still can't get the admin privileges

Dm me bro

?

bro how to use this app

?

im stuck

Good morning/day all. I'm on the question, "Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer." I have all services showing, and the unit name for the answer. Apparently it's not that service name because it's wrong. Any pointers?

oh wait I'm assuming I need to tunnel into the target box then do it there I'll try that real quick

wait ok no lol I'm stuck I suppose, thanks in advance for any hints

oh ok I was right the first time about being SSHd in, nvm!

may I speak with someone about brute force module?

can you make an account in the first place

if not, go to https://academy.hackthebox.eu/
don't be discouraged if you feel weak

make an account

is any admin here?

what is the issue

I got a question about brute force module Skill assesment - website I would like to make sure that I'm doing everything right

cause I couldn't brute force the login param for the second part of the assesment and maybe I gor some wrong params

I don't do the acedemy stuff

are you trying to brute force a hash

a common tool is hashcat

oh login brute forcing

then it's not hashcat

Im using hydra

try using the wordlist in hydra

in weak passwords, there are common words

like for example "shadowpotato"

if you don't use a wordlist, you'd end up using random combinations like "38JF##88fn3!ffe"

@bright stirrup

that's the best I can help

cause I don't use the academy

I use list of common passwords but the thing is that it takes ages 🙂

are you trying to crack a hash

or is it remote authentication

well anyways the lesson instructions tell you to attack with a wordlist

good luck

it's remote authentication, the thing is that non of the passwords from the wordlist was right, anyway thank you

I am doing the sql Injection Fundamentals, any hint with the id 5 login?

@last sluice try to understand what is explained in the module and then understand the query and add the necessary request to the sql injection

your pfp is underated man

Hey everyone, if you haven’t seen yet we released a new module “Introduction to Networking” first in a series of networking related modules that will be released at a later date. Thanks to ippsec it’ll have you subnetting in your head like a pro in no time!

Hi everyone, I got a basic question about linux fundamental. When I try to ssh into the target (ssh htb-student@ip) and put the password (no typo error) I can't access to the server : "Permission denied (publickey, password)". Is that related to publickey ?

are you using form the instance machine ? if not you need to download the vpn key and use openvpn on your VM

Hey, yes, I'm using instance machine , I just success to do it this morning but I did exactly the same thing yesterday 🤷‍♂️ .thank for answer 🙂

hi, i was doing the "windows fundamentals" module and i got stuck at "Windows Services & Processes"

i have looked the services around 10 times already

through powershell

cmd

task manager

looked the hint

and the only thing that seemed to me like the solution wasnt it

ps: i didnt use the display name

🥲

im also stuck in this for days

you still are? xd

yea, not sure what im looking for anymore

despair

the funny thing is

"ok let's just look the hint"

"related to a pdf editor?"

sees the name of the same service i've been inserting

and it still isnt it

my experience exactly

did you manage to solve it?

i sure didn't

@wanton knot @west coyote well guys the answer need to include service name and .exe

I stuck at linux fundamentals, filter contents , i cant find the no of services listening, i tried ps -aux , ufw , netstat, what m doing wrong?

"Why did a porn scan originate from the printer network?" What is this printer scanning for

wait why the exe xd

that how the service run

oh

thanks xd

oh well at least that problem is over XD

that should be the hint, ngl

thank you so much

@wanton knot happy to help

hi guys could somebody help me to finish brute force academy task, could ind proper login credentials for the second day 🙂

hello there is somebody spanish language in this module

guys did somebody complete brute forcing module?

Hello everyone, I was wondering if someone could give me a nudge in the right direction on the "Web Requests" module, POST section?

So how to start hacking

Hello!
I am a stuck on the "Working with web services" module, it says to start it with npm but not to install npm..

I feel like I am missing smth on the instructions but I am not quite sure

Still stuck ?

Hey y’all. I am working on the web requests module, stuck on the GET method. Could someone point me in the right direction?

What was the question ?

Or with what do you have doubt*?

@ivory bough I think I got the answer right to the question, but maybe my syntax is slightly off and I can’t seem to get past it. I can PM what I put down.

What do you mean with PM?

Private message / direct message I didn’t want to put the answer in chat for others who maybe haven’t taken that module yet.

aahh yess sorry

Write mee

I didn´t know the abbreviation sorry

anybody about to give me a bit of help with the last question on Skills Assessment - Web Fuzzing?

still didn't find the answer, guys, give me a clue.

I am almost there, maybe we can figure it out 😄

yeah? Where u at?

Starting Find Files and directories

Hurry up, then😋

I will try 😄

👍

how can start with #modules

Are you wondering how to get to the modules on HTB Academy?

++academy

Stuck on POST Method 😦

For Web Requests?

Yea

Same

Able to login to the admin account from the guest guest but I'm assuming a flag is supposed to show up but doesn't

One of the times I did it I saw something different but my target timed out not sure if that was the issue.

I am actually stuck in the escalation portion just before that. I think I'm improperly using Burp.

What step are you at?

PM me real quick

need help at something

Based on the commands you executed, what is likely to be the operating system flavor of this instance?

im stuck at this question

Halp

Anyone on?

Where you stuck?

in the question i dont know the answer

I'm stuck on the Web Requests POST. I'm still trying though.

Like 8 hours I've been scratching my head. Only hint I have is there is a difference in the HTML code.

Don't think that's right though.

@tame blade @small sand DM me

anybody about to give me a bit of help with the last question on Skills Assessment - Web Fuzzing?

oi

im the newbie here

where should i start?

I guess you can go join the Academy of HackTheBox

ok this is fun

good luck!

thank you

@sick trench DM

hell man should i use linux console?

ok i did what now?

and from now on im the greatest noob(lol)

Just completed the Java Obfuscation module on the academy, I actually didnt use any hints and just took my time and worked through the questions, I did have to reference back a few times to the material, going to do the Intro to Web Apps next, im doing these in a view to getting into Bug Bounty's is this a good track? any advice?

@sick trench did you find the link of page

Hi everyone! I'm noob on Hack The Box and I am doing the Linux Fundamentals module, and I'm stuck on chapter "Find files and directories"... On first question "What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?", I already got the file but I don't know what is the name that the question refers... I already answer the path of file and the "something".conf, and my answer is always wrong. Someone help, please?

is it free or paid?

Life is free, but very expensive.

wow metaphor

Tell me a jargon word.

can any one tell me..academy.hackthebox.eu is free or paid

the fundamental modules are free

the fundamentals modules are free, Tier 1 and above are for cubes where you can purchase or do a monthly subscription

hi guys, can someone help me with file transfer module? I don't know how to download archive to pwnbx(

Stuck on the very start of the SQLi Fundamentals "Skills Assessment"... Any nudge welcome...

Like, really...

@crimson sand how can I help?

I can’t seem to get past the login... I’m not sure if it’s typos, or I am over thinking it (like I have a few exercises).

@crimson sand look at the cheat sheet for Auth Bypass Payloads try some of them until you find one that get you in

Thanks; I will.

hey guys, would this be the place I can ask a question regarding the Linux fundamentals module?

I can't seem to get the path to the htb-student's mail.

How do I get back to the modules portal? I seem to have lost my way 😫

Hi! I'm a noob. Can you give advice on where I should start? Should I finish all fundamental modules first then move to easy? Or do you know a good module or lab or box that's good for beginners?

As another noob I would say go for the basics! We all need good foundations in order to become great

Hi, canI get some advise with the Working with web services 'npm' question ?
I've been stuck with it for so long and I have no clue

@ivory bough I recommend googling npm commands that involve "http server"

@ivory bough it's likely that you will need to use additional options to fulfill the questions requirements

Thanks a lot!

you bet

Hacking the WordPress, anyone wanna team up? Im on skill assessment rn

Yes, I am also doing same lab and having hard time. We can team up

@oak obsidian ill message you

sure

Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download.

I have every question from WordPress assessment, found the vulnerable plugin, but I have no idea what file im supposed to download.

Hey, can somebody help me? I‘m stuck by a question on in the Windows Fundamentals course.
The Question is „Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the Display Name) as your answer. What should I do ??

Read the hint and go through the processes

i did read the hind, but i have no idea what i have to do now

There are couple of ways that you can use, one is explained in the section of the module