#modules

The question is "login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section"

let me look at my answer real quick

Thank you dude

try only admin

thanks, I got it, damn

Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains? is that the question?

In the burp right ?

Yup

@vital yew Happy I could help

yes

Ok

delete it so we wont spoiler anyone, but that is the right answer

Did it

So am i right about that answer?

yes

that is what I submited

Ok so it’s some client issue, or network lag

Don’t know

Ok the important thing is the answer is right

that is the only one you didnt answert?

Thank you a lot

Yup

and did you solve it?

The others are dome

Done*

thats wierd

This one is the only one that miss

Soo weird 🤣

Not yet

👍 got it (finally) thank you

🥳 Happy I could help

Only took me 3 hours 😆 - enjoying the learning curve though!!

we all start somewhere, I am still learning

every day is a school day!! ... thanks again, off to try the next one 👍

Good Luck

Hello! Could some one give me some advise on the Linux Fundamental Module, I am only missing the Filter Contents part

I think I have an idea, but not quite right

hi,guys. in Learning Progress module, i want to get the cubes back from this module. What is the difference between the two numbers of the learning progress mentioned above? does anyone know the answer?

i know the meaning of the two numbers, but what is the right answer?

hello

im new

i will need help

Welcome @dreamy geode

hi

how do i do a module

On the Academy?

yeah

Well, without buying Cubes

you can only do a couple

cause obvi it will be my first one

where do i do them

or buy em

you should be able to click on "Intro to Academy"

ok

https://academy.hackthebox.eu/modules

thx ill be back

Goodluck

this is free signing up right

or na its ok either way but just curious

Its free to sign up and do a couple of things yes,

ok thx

once you move past the fundamental content you pay $$

ok

ill just do that

Sorry never mind, I managed to resolve the problem! Thanks anyway!

👍

Who ever finished the linux module.. I need ur help please

I've never been so stuck like this before

ask your question, and do not copy the question from the section/module

I'll just skip it and comeback to it later

Thx anyway

I'm confused as to what answer the question wants for Web Requests GET methods

does it want the output?

or the command

or something else

a flag

hmm

try to find it

do I need to use burp for this or can it be done with the terminal

just to check I'm on the right track

It's been a while since I finished that module, but I think u need to use burp

ok, thanks

welcome

yay I did it

If your next one is POST then I did that last night, enjoyed that one!!

indeed it is

Enjoy

So, in the POST requests part now, when I follow the instructions that return the PHPSESSID cookie, I get an auth cookie instead. Is that the same thing or did I do something wrong?

it shows this

but I get this

I also might be doing it completely wrong

decrypt and make some changes then encrypt and send

what does it want as an answer? does it want (adminuser):(adminpass)?

still confused

@astral cloak are you still there? can you give some more hints?

I really forgot

oh that's ok

I’m afk rn, u got this

I questioned this but it works fine with "auth"

hmm

Yeah, you are in the right path

ok, thanks

Need a spoily help?

yes please

A hint actually...

mmhm

did that

@topaz barn soo did you made it?

nope

how far did you get?

im pretty sure your are so close...

to the part where it tells you to change the application thing to json and put the code in

ignore the JSON. just stick to the cookie

right

follow the given hint

i mean the hint given with the question

Hello

<@&486603600085123073>

Hello @rustic sage

i am from spain

nmap www.youtube.com

upsssss

sorry

Hi @rustic sage from Spain

hello from the "other side"

@rustic sage Hello, i'm not from Spain

Linux fundamentals.... I feel silly asking this but why is this the incorrect answer? It is the only command i know to fire it up on port 8080 or am I being stupid :// :EDIT: Sorted that could be worded better that question.

you are so close

Can someone takes few minutes to help me with this exercise and explain me what I do wrong maybe ?

Currently I've done a ffuf with recursion on .php but I receive a lot of pages and one with flag.php but I don't understand what kind of answer they expect. I'm sorry but english is not my native language.

Anyone trying to filter "unique paths of the domain https://www.inlanefreight.com " in Linux Fundamentals?

going crazy with it, tried grep in almost every possible way but it seems that something is missing

Hey

hi

Dm me

I block to this question Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option) ( Linux Module)

Hey! Still stuck?

yes im stupid is not possible ! Xd

especially since the other modules are complete

Have you tried checking the possible flags ?

no flag no target on this module

I mean '-b' for example

Maybe they are not called flags in English, sorry
But there is a way to look at the options you have

i tried a lot of command

You are really close to the answer I think
Want to dm me ? Not to spoil the answer for others, i can help you to figure it out

yes thx renega

Np 😄

hello

Hi1

Hi, windows vm's are not working right?

"There are not available instances try again later"

I am not getting instances either,i wonder if their is a specific time for instances,i was still able to answer the questions tho and used my live tools for the example.

same problem here. is it happening when like servers gets crowded?

did you ssh into it?

Both, badly worded question, I got the answer.

ahh happy for you

Cheers

you're from london?

@lucid wyvern

No but UK

fairs

friend me?

I don’t even friend my friends but if your stuck sure just DM.

Hi guys we need your help with something related to the hacking

what is this group about

pls help

hi , is there anyway to get a help in one of the questions of web requests module , the one related to escalating the web user using cookies manipulating ,,so its either i am not understanding the question or there is something wrong, i dont think that there is more than bsae-64 decoding the cookies in the request and modify the guest to admin and re encode it again .. please help

nee help

Im struck on the same module @trim arrow

it kills me and i dont exactly know what the question required ,, i have escelated the guest to admin and i can see that in the web page but what the answer should be ?

yup I tried the same

and got Welcome admin_####

thats it ,, what else we have to do 🙂

i even tried to view the source of the page in case they hide some flag there but nothing

yes

Hope someone could help

i hope so ,,thats the first time i ask for a help

If you're stuck on the cookie manipulation message me and ill try and give you relevant hints (dont want to put spoilers in main chat)

and just so you know, the flag in the response will be preceded by "The flag is " <-- thats how you will know you have correctly manipulated the cookie

Can anyone help me with the ffuzzing module ?

✋

Hello, I am stuck on the Filter Contents part of Linux Fundamentals, could someone give me some advise pls

What are you stuck on?

I am trying to filter all unique paths of the domain (Filter contents part)

using curl, I've tried to use curl with a variation of grep filters but at this point i am not sure what am I looking for

I cant really understand you but i think you are looking for "uniq" command

Thanks! I will look at it!

So the question is to get the source code of a website and filter all unique paths of that domain, submitting the number as the answer

Thanks again for answering!

yea you can pipe the path and then using the uniq command you can see unique paths

Thanks a lot! I will try it

Just looking at the "Find a way to start a simple HTTP server using "npm"." question ... but when I try anything I get this: "Command 'npm' not found, but can be installed with:
apt install npm
Please ask your administrator.
"

Does the spawned instance not allow us to install npm?

No! You are not supposed to install it

have you tried sudo apt install npm , apt install npm or do it with python
python -m SimpleHTTPServer

If you try sudo at this part it would give you a warning

Just got a warning 😆

I memorized it as it took me ages to solve it

Knew it

it says "using npm" how can I use it if its not installed ... im confused

have you tried apt install npm?

yeh it literally doesnt let you install it

ok, thats what i thought

I would do it with python then or you can wait for somebody smarter to come here and give you a answer

Yes, it won't let you
You have to use the command "like if you have it"

I think that is the second question

Let's walk through this together! So don't give you the answer but help you to get it

First, do you know which flag do you need to use to set the port ?

if im honest, im not sure

I assumed it would be something like this:
||npm install -g http-server||

Noo

So.. the way I understand it
You have it already ("supposedly")
What command would you use to change the port ?

Btw, how did you covered the command ? that´s cool

did you cover *

Highlight the text and a little menu pops up with an eye icon

What command would you use to change the port ? - I dont know... im completely lost with it

hack the box sign in

Got it (finally)

wuuuu

i am still stuck on the very last question, filter all unique paths of a domain :/

I'll let you know when I get there 😆

What is tha HTTP method used while interception the requested?

Anyone that is still stuck on WEB REQUESTS > POST METHOD because you found the flag and it says its wrong. Delete the exclamation point at the end of the flag or just don't copy that part. For those still stuck on finding the flag. If you Base64 decode the cookie from Burp, you may notice that you get the user presented in the browser, guest_xxxx after successful guest login, is the same as the decoded cookie. The objective is to modify the cookie in such a way that it escalates privilege's to that of the admin user. For some reason the %3D URL enconding doesnt decode to = in burp . So if you decode with %3D instead of = , you get a slightly different value (ie. guest_xxxy instead of guest_xxxx) .........maybe this is how it is supposed to function??? Im not sure, still new to this. But this is just some stuff I learned over the last couple hours I spent on this section

Thanks for the hint!

The %3D as you say is URL encoded, "URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits."... This might help explain why https://www.w3schools.com/tags/ref_urlencode.ASP

In the Post Method in "Cracking into HTB" i was able to get a welcome message to admin by changing the cookie in base64

But i don't seem to get a flag

Hi 👋 everyone, can you please help me with a problem I have in the module Linux Fundamentals? The questions I don't know how to answer are 1️⃣ "What is the path to the htb-student's mail?". I tried ./var/mail, but didn't work. Another question is on 2️⃣ how to find the kernel version. When i type uname -v I get #1 SMP Parrot 5.5.17-1parrot1 (2020-04-25) and I tried to submit 5.5.17 but didn't. I also tried with the kernel release. Another problem is with 3️⃣ "the name of the network interface that MTU is set to 1550". I can get some information related to network with the command ifconifg, but can't figure out what is the name of the interface. Sorry for the long message.

Can't reply properly as on mobile but - - help really helped me work through those

pls read the questions carefully

If you don't see the flag the cookie is not right, dm me if stuck

What does ssh with user mean? I am using the integrated workstation

https://en.wikipedia.org/wiki/SSH_(Secure_Shell)

Ok, I read the wiki page on ssh, now I think that I have to connect via ssh with the ip address that shows, but I don't know how. I looked on internet and it says to use ssh ip_address, but then I put the password shown in red and it says Permission denied, please try again.

ssh username@ipaddress

Okay thanks, I am connected!

Hello, I need a nudge on ffuf module skill assessment, anyone available?

anyone was able to connect recently through RDP in Windows Fundamentals?

thats given me LOGIN FAILURE -.-

I connected yesterday successfully in other module with remmina on file transfers -> windows file transfer methods

I tested again and still working @midnight sable

allright!! thanks for that info! (:

Can anyone help me with the SQL Injection fundamentals module?

Specifically "Union Injection"

How Can I help?

we should probably go in DMs

ok

Hey all, I bet this is asked all the time...I just finished Linux fundamentals, should I continue doing other Fundamental Modules before I move on to more Offensive/Defense HTB modules?

I would recommend that

@topaz barn any particular heavy hitting modules you would recommend?

sql injection fundamentals

@topaz barn thanks!

Can anyone give me some hints on the webshell part of sql injection fundamentals?

I'm in a webshell, but I don't know how to get the flag from there

found it

hello

nmap

Im stuck at "What is the alias set for the ipconfig.exe command?" (windows fundamentals) i tried some cmd and got Get-NetIPConfiguration and its wrong

I have not done the windows fundamentals

@rustic sage

But there is Get-NetIPAddress command

which sounds more likely for ipconfig

Hey all, need a hand figuring out what I'm missing with the POST Method in the Web Requests module...
Can anyone confirm if the PHPSESSID cookie that is shown in the guide acts the same as the "auth" cookie that is retrieved with the intercept? I'm so very lost right about now.

Auth is fine, DM if you're still stuck and let me know what you've tried

Lol, I might have to - gonna try a couple more things but 'm probably stumped 😦

assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as yourAssess answer.

I need a help can some one give a hint

Hi, I'm stuck in the web request module, in the POST request exercise. I get it to welcome me as admin_xxx but I don't see any flags, any help?

@severe brook please try to decode the session and think a little out why the random no are coming in guest

@severe brook done??

no 😦

ohh

i get it

@severe brook good

it's easier than I thought

@severe brook yupp

thank you very much, I'm sorry I can't help you with yours.

^^

@severe brook 😂 np

haha

assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as yourAssess answer.

I need a help can some one give a hint

dm

Can anybody give me a nudge on uploading the file in file transfer , im stuck on windows

hello, im on Linux fundamentals and ive stuck on where to find the htb-student mail, i've used the cat /etc/passwd and got /var/mail and /var/spool/mail but none of them were correct, can anyone give any helpful tips

Are you using the find command?

when i do i get over 150 areas that contain the words mail

check your environment variable

NVM i got it

Just remembered the solution to this...

I tried to manipulate the Cookie but i dont know what to put in there. Has anyone an Idea?

Put data

Hi there, I've got a problem with "ATTACKING WEB APPLICATIONS WITH FFUF" module, there is a question " One of the pages you will identify should say 'You don't have access!'. What is the full page URL?"

I've found that page, but when I try to submit the full page URL it keep saying "Incorrect answer"... how comes that?

I'm sure that the url is correct, because I've found the parameters asked in the next question "In the page from the previous question, you should be able to find multiple parameters that are accepted by the page. What are they?"

Do you give the answer including the port number you use? Then that would be the issue. Remember that the port number is used in just your own current session. ||So replace your port number with PORT.||

DM me if still stuck

Yes I've pasted the url including the port number. I'm trying your suggestion, ty.

Ok using PORT it worked! Thanks again. Another issue regarding the second question "Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains?"
I made a fuzz scan on all domains found, and I've found some extensions. Pasting those with return code 200 does not work, I'm sure they are in alphabetical order... Am I missing something?

pm me

Hello

I was wondering if someone could explain a little bit different smth to me
I get the idea of it, but I am looking to get it a little bit better

The sentence is the next
Typically, the transmission medium is accessed sequentially from station to station using a retrieval system from the central station or a token. A token is a bit pattern that continually passes through a ring network in one direction, which works according to the claim token process.

It refers to a Ring topology

I dont see how im wrong. Can someone tell me if im wrong? Whats the answer?

@ivory bough Every machine sees the entire message, and then passes it on if it isn't for them. If it is for them, it acts on it, then sends an ack to the next machine in the network, for the sender machine.

So if the answer is for the one before, it would have to go all the way around?

Thanks a lot for answering me!

hi all, we just published a new module called Getting Started it includes a little bit of everything but is essentially a primer on penetration testing and getting started on Hack The Box with lots of hands-on and tips and tricks to start you down a technical path

Can someone help with Web Request module ?
With admin_xxxxxxx ??

I've tried all what i can

Itsn't works

You guys doing great job here. Thank you

same Problem, i cant get the 2 num for the sum 1337

easy

Not for me, im completly new here and started 1 week ago

😅

why doesnt it give me a IP 😂

how do you get a hashed password?

you need to spawn the target first

I'm in the Web Requests module, on the POST page. When I spawn the target, it says I should be able to login to the application with admin:password, but I cannot. I get login failed. I can login with guest:guest.

What's wrong? I checked Burp and my server response to admin:password login is 200 OK and Login failed, and not the 302 Found that the screenshots say I'm supposed to get.

Hey guys can you please help me In the Linux fundamentals I’m stuck on how to start a simple HTTP server using npm any hint?

Or help

There should be a link to click that says something along the lines of "Click here to spawn the target." Once you do, the pic will be "SSH to 'ip_address' with [...]"

yeah got past that now 😛

thanks though

had to wait 20 minutes for some reason, when i came back the spawn a instance appeared

Okay lol, I didn't look at the time stamp tbh 😅

In the POST section, you don't login with admin:password. At the bottom when you see the exercise section, it should tell you to login into the target with guest:guest

@west wharf @elder sail If you still need help, PM me and I can point you in the right direction w/o spoiling it.

You don't actually start it, as npm isn't installed and you won't have permission (if I remembered correctly)... You just enter the command as the answer as if you was going to

Hello!

I need help with a section on windows fundamentals

In the one that asks you to name a proccess that is non-standard, I found what process it is but I don´t know what is the full name of the service executable

If you find the process in Task Manager, you can right click on the process and click "go to details" and you'll see the full executable name

Thanks, I did it a while ago, I just had to search for the program in powershell and write the name with a .exe after it

hi

i have issue with linux fundamentals

wit the php webserver

can i pm someone?

nvm

but.. it says under "Examining a Request" -> We can log into the application with admin: password or guest:guest

guys a bit help

after i ssh to this machine how i start http server? 😄

@broken oyster When reading that section, it should say something along the lines of “We will login with the credentials admin:password. You can follow along by logging in with guest:guest.” I’m at work currently but if you still need help later on, I’ll screenshot what I’m talking about so it’s easier to see

The point of that exercise though is to gain admin access through privilege escalation from guest:guest though

if i try apt install apache2 -y with sudo i need pass

@north oar Im having the same problem too lol. I need to read into that section a little more because it seems a bit confusing on my first go at it

you dont need apache

@vital yew i need npm?

you can start a server on native php or with npm

but same for install npm i need sudo and pass...

I know I don’t need Apache, but I need to lookup how to use npm w/o installing it. I assume one of the commands in that section they discussed is needed to accomplish that

if you search in google there are a lot of examples of both, with python you can start a simple http too if you still needing help can dm me

You don't actually need to start it you just need to build the command

@north oar happy to hear that, but I suggest you to remove the screenshoot, It's a spoiler for other students 🙂

sorry 😄

now i try to understand npm

i m a bit noob

:S

Ahh okay. So we just figure out how the command would be if we were to run the command. After you saying that and rereading the hint, that makes sense now

npm really is a package manager for nodejs as the hint says, like apt for some linux distros or pip for python

so if you search about npm and a basic web server you should find info about what its the proper packet for this purpose and how handle it @north oar

@vital yew this i do now

@vital yew done

inlanefreight is not opening on htb instance can anyone help me with that i am learning post method

Spawn the instance, it will be an IP address

Like that

thanks got it

Who wants to test the virus I created on a virtual machine to see if it works please ? Virtual machines don't work on my pc !

what is the path to the htb-student's mail?

can some1 please help me with this?

hello can you help me in LINUX FUNDAMENTALS
the question is What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

why my command doent work :

2 hours that I'm stuck

Inb4 it's throwing bad arguments

That's my guess even without you actually telling us the error.

But having the error would confirm or deny my guess

@karmic cloak check your newermt value, your value passed seems not compliant and I suggest you to add 2>/dev/null to the end to ignore the permission denied outputs

like that?

hi

i'm new in these serveur

without the word add

Is this the expected output in Linux Buffer Overflows: Stack Based Buffer Overflows?
I was still able to complete the question on this section but it looked like I was supposed to be able to compile bow.c Removing the -m32 flag allowed compilation to complete successfully.

pls lerne me

@urban sage

I can point you to some resources but learning is up to you. You can check out academy.hackthebox.eu/

I ordered but there are a lot of files

@vital yew

check the newermt value @karmic cloak

look at the examples in the page with this param

try to look at variables..

i did it's now accepting the answer

Finally solved the question in the Web Requests module on POST.. The solution was incredibly simply (won't spoil), but I found nothing of relevance on the GET nor POST pages. This could really be updated, incl. removing the credentials admin:password.

It was tough but really gets people thinking in the right way, I thought admin:password was a relevant hint. Instructions said to use guest:guest to follow along, but knowing the other creds was useful information.
Real world hacking / pen-testing is never going to be easy or fed to us on a silver platter, it's all about thinking outside the box. I struggled but I genuinely thought it was a great learning module

any help or thoughts would be great

just not sure why I'm finding the same config file and it keeps rejecting my response

Is my command incorrect?

doesn't it say to look for the config file in a certain directory? or am I remembering wrong?

Yeah I just skipped that one, bacause it seemed like the description was off and in the middle of updating

I agree that OOTB thinking is important, but the POST challenge is not aligned with the challenges before and after it.

morning/evening folks 🙂 I am having issues pinging my target (all packets are lost) or even google from the spawned machine in the academy

@civic warren same

@civic warren @delicate ravine terminate your current pwnbox instance and re-spawn it

@autumn pilot that fixed it. Thanks 🙂

Hey guys, can someone help me in this question...I don't really understand it.

||What non-standard application is running under the current user ? (The answer is case sensitive).
||

Thanks for the hint 🙂

Nevermind, i found it.

i think the extension to the flag page is .php7

after that im stuck

couldnt able to find the flag anywhere in directories or pages

any nudge ??

got the flag

try without https://

... i feel idiot
thanks man!

Happy to help

hey guys I'm new here and a noob too lol and I'm stuck in this question

@rustic sage you need to use ssh to connect to a Target

i tried but I couldn't

yea me too

so how are we suppose to solve it then ?

I mean right now I am solving a different question but I need to ssh into a Target
Those 2 questions that you asked need ssh connection as well, 100%

I understand

for the first question I believe you had to use 'uname' command

but it wont work as long as you are not connected to htb-student

yep exactly

there was a problem with workstations a few days before, I think there is a problem with Targets now

yeah I believe so because I tried to ssh from my kali machine and I couldn't

same

sad

btw thank you for your time

Are you guys using the given vpns to connect to the htb networks?

I'm not !

no

should we?

I connected without vpn before

I have no idea how to use one nevertheless

Its been a little stince I used htba, theres normally a vpn to connect to but i think they changed it 🤔

there is still an available VPN Key

vpn is pretty to use though for htb, download vpn, install openvpn(should be installed already), run openvpn in another window with the vpn pack without closing it

and I suppose I should download it in the Workspace right?

Oh are you guys using your own machines or the workspace?

If you're using the workspace there shouldn't be a problem

"shouldn't"

I use the Workspace most of the time

same I use the Workspace

The parrot machines should be fine, might just be the server

I see, thanks for the informations

Thank you @silk moon !

Anyone can help with ffuf module

Man, stuck on this chall for a while in the fuzzing module. I can find two of the VHosts on the Filtering Results section but word on the the street is that there are three. Please pm if you know what I could be doing wrong.

Hi, I've a problem with the Getting Started module, The 'Public Exploit' server seems up but isn't reachable, i've tried to wait but nothing changed, plus if I refresh firefox page it asks me again 'start the server' ( I think that's an unusual behavior )

It works for me, I get a Wordpress page

Have you got any firewall on your network? I had an issue with my Skynet firewall banning the HTB ips for unusual behaviour (typical lol)

Hello, i have problem with sqlmap module skills assessment

maybes someone have any advice?

i didn't try reaching it by browser, it works, but nmap can't reach it. i'll come up with it by myself, thanks 🙂

No worries, glad you are sorted

hey guys i am having difficulties with web fuzzing skill assessment

i am getting these extensions but it is not accepting

ffuf -w /usr/share/seclists/Discovery/Web-Content/web-extensions.txt -u http://archive.academy.htb:30640/FUZZ

this is the command i used

nvm i found it

looked at the cheat sheet

sorry i am a noob

If you are using the browser based machine there is no need to deal with the vpn key. That is only if you want to use your own machine (I use a kali VM) and need to connect to HTB network

I’ve had to restart a target a few times today, connection just seems to drop out

we're working on it

Cheers, I’m just glad it’s not me not getting it lol

If you experience issues reaching the targets, please terminate your pwnbox academy instance and re-spawn it

in the wfuzz module final assessment the page is in /courses right?

I'm struggling with the following question (what is the path to the htb-student's mail?)
Can someone give me a hint

what moduak

modual

Linux fundamentals/the shell/system_information

so there is a locate command that may help

cat /etc/passwd ?

if your type "locate mail" you will be given many different paths

huh

never mind

I'll try it out

just as a tip since its a mail application it will probably be easy to access(short path) if your still stuck in a few minutes dm me and i can help out more.

thank you so much

no problem

@true whale I found it, thank you again

ok

ok i've been stuck on WEB REQUEST > POST METHOD for too long and must ask for help. How do I modify the cookie to escalate to Admin?

I've changed the content type to json and the request to { "username" : "admin", "password" : {"$ge":"0"} } and the repeater is returning login failed

You don't need to change the username:password used. You need to escalate your login from guest:guest to an Admin account. You keep the same login creds

Try to figure out how modifying the cookie could escalate you. I was stuck on this for a while as well. Looking back, the answer is very easy, but just starting out it's somewhat subtle and easy to overlook/overthink

Got it thanks!! Wow so obvious looking back

You're welcome! Told you lol. So obvious, but subtle at the same time

I struggled WAAYYY more than I should've with that and felt so dumb when I tried it and it worked lol

Yeah homer doh moment but hey at least burp is not scary anymore. I tweaked some configs in there trying to get this to work too 😅

I straight up was confused with the process of burp, but you right. Thanks to spending an unnecessary amount of time to get it to work I gained a better understanding of how it worked. So not a total loss! 👌

has anyone here done the getting started module

@tropic cove I'm in the process of going through it now. I haven't finished it so if that's a stipulation, I would ignore me

❤️ all the free tools your being pointed towards in these modules

pretty awesome

anyone else having trouble with the find command for the prompt: ** What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?**

I can't seem to enter any conf file I find

I could really use some help here -- last question of this module

No, it doesn't

are you using the|| -size +25k -size -28k ||options in your search?
Also are you accessing the spawned instance rather that searching on pwnbox?

yes, I'm on both, I'm tried it on the spawned instance and the pwnbox

I know -- I'll remove that from the log, but I'm stumped

@rustic sage ^^

I just find a single conf file on the target, but it's incorrect, everytime

is the bot broken?

i cant authenticate with my token neither can my friend generate a invite code from API

I've been stuck on Web Requests > POST Method for WAY too long, I really am not sure if I can figure this out myself
I would appreciate some help here pls

gr, I'm stuck

@graceful prism what you need?

https://academy.hackthebox.eu/module/35 this box here mate

hmm

you wanting to learn what post method is?

nah nah

just wanna figure how u do the escalation task given there

ill take a look in a min just doing a box

that's aight

The frustrating thing is that I can ls -lah and it fits all the criteria

Hi all , I'm also stuck on the Webb request post method , anyone I can ask some questions ?

I don't think I'm being a bother, but I'm stumped... if it's not going to work on this free box, I'm kinda skeptical it'll work on other deeper ones

perhaps I'm being a bit of a bother

DM if you want

its all about the cookies

I can tell, clearly, but I just can’t fathom on how to get it working :/

DM if you want

@ocean siren I just went back to that question/box and was able to recreate the query that got the answer in a couple minutes, if you want you can DM me and I can try to help see what's going wrong with the find query you're constructing. The one I just used that worked didn't even check for date of creation and still only returned one (the right) result.

hmm

does parrot OS have a mysql database client?

@ocean siren also be sure you're providing the filename as the answer and not the absolute or relative path

nevermind..got it 🙂

@ocean siren you can DM me if you want and I'll try to help

And thanks. Yeah, I totally missed that. Finally got it. Just had to read the question

Much appreciate the message

#fanOfHTB

From the end of module bash script

have you solved it? I'm stuck too

done, I've read what was said yesterday

@ocean siren I'm stucked at the same point (with the config file)... Did you find a way to solve that?

Hey there guys! I need some advice 😬 im stuck to skills assessment on web fuzzing, i answered well to all questions but 1 is missing , Try fuzzing the parameters you identified for working values. One of them should return a flag. What is the content of the flag? so anyone can help me with that?

do you still need help

I stuck the skills assessment sqlmap.... 4 days.. I've done every technique and nothing.

Hi there, I've a problem with ASSESSMENT SKILLS of the WEB APPLICATIONS/FFUF module. a question " One of the pages you will identify should say 'You don't have access!'. What is the full page URL?"

I have more than one results for 'don't have access', precisely with 403 code results. There is something that I've missing?
Tnks for help!

Hey I got the same issue, it seems @slow salmon has solved that using PORT, but I actually didn't get the exact: You don't have access! , only the 403 code, which I believe it is not the same. I believe the question is looking for the "Authorization Required". Anyone can shed some light?

Hey guys, so for Web Request > POST module. If modified the guest key, for the admin, encoded it back again, hit forward and on the browser I get the message "Welcome, admin_XXXXX!". I'm assuming that the answer is admin_XXXXX, but when I submit it = Incorrect Answer... I took note of the new key, the code I to generate it and the user, nothing works. Can someone point me in the right direction?

Solved! Thanks @cinder sinew

have a quick question on the web requests module. in the section headers section 2.entity headers it refers to media-type of being an actual header. I searched for this header online but couldnt find anything on it. I believe this is mixed up and media-type is part of the content-type header rather then being a header by itself. is this correct or am i missing something here ?

if this is really the case the way it is listed in the module is a bit confusing.

@viscid ruin also: you have to look for a page that literally says "You don't have access".

Regarding "PORT" word: when you are entering the page you've found, remember to literally write "PORT" instead of port number.

yes , please help me my friend

Hi everyone, I'm at Knowledge Check in the Getting Started module, I ran the exploit from metasploit and was able to get the ssh connection as www-data. Now I'm clueless as to how can I escalate further and where to find the 2 flags (I looked manually through some folders but couldn't find em). I tried running a php shell but on the other ssh connection it also logged me in as www-data. Any sort of help is much appreciated

@final snow try using the find command to find the first flag. the 2nd flag will require you to elevate your privileges to root. pay attention to the hint for the second flag, if you follow it, you'll find a way.

Can someone help me with the first answer of File and Directory inside the Linux Fundamentals module? I actually find a .conf file but it says that the answer is wrong... Thanks

which module ?

Linux Fundamentals module (page 13 "Find Files and Directories)

@crude obsidian remember to put just the filename as the answer, not the relative or absolute path.

there is only one conf file that meets the question criteria, so if you find it and submit the filename you'll be good. if you need more of a nudge i can help, but if you use the find command with the file size limitations given in the question you'll find what you're looking for.

Web requests module; Stuck in POST method - Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section.
Please help me

can someone help me whats wrong with this line? if [[ $var = $value && echo $var | wc -c -gt 113469 ]]

Hi! it is literally not working. I know there is one dir called ||courses|| under subdomain ||faculty|| and I know it is ||php7||. So I tried || http://faculty.academy.htb:PORT/courses/index.php7 || but it not giving me anything... It should not have another dir other than ||courses|| right?

Yes, that's the problem... I was putting the complete path... Thank you so much 😄

Remember that the course is about fuzzing, you have to fuzz harder! You're on the right way, just run ffuf again on that directory!

Yeah, I've been trying it for few days, not sure if it is the wordlist, I tried with big.txt and also rockyou.txt (not entirely) and under that domaind and dir specifically and with recursion-depth 2... Reddit comments said it could be a wordlist with special chars, hopefully the url they want is not with a parameter included. 😖

You have to search for a "normal" url, without parameters. But as you already said, it could be the wordlist, try another one. The subdomain and the directory you wrote are right. Good luck!

sounds good! many thanks!

Hello guys is this where i can start doing some easy stuff?

@brittle palm HtB academy is great! They have fundemental introudction (greatly recommended to do first if you are new to this) after that you can buy some cubes and start on other courses. I can personally recommend the 'basic toolset' path 🙂

yeah that would be great

finally found it! 🙂 thanks again!

@timid grove hallo man, can i ask you a question from sqlinjection(writing files)??????

great!

can someone help me with bash scripting pls?

hey how can I help?

comparison operators: the syntax is wrong i guess if [[ $var = $value && echo $var | wc -c -gt 113469 ]];

@strange aspen [[ $var = $value && $(echo $var | wc -c) -gt 113469 ]]

you need to wrap echo $var | wc -c in $() so it will evaluate as one term that you can compare to 113469

thank you so much..

👍 bash can be tricky

hey guys, i'm doing the Windows Services and Processes on Windows Fundamentals and for the life of me i cant find even one of the non-standard update services running on the host referred to in the section question. I've scoured the task manager processes to find any kind of updating service that's non standard (ie. not windows related). I've also checked the C drive within the computer, ran get-services in the powershell, and checked for programs in the control panel (uninstall list). Nothing. Anything i'm missing?

Hi everyone!!! I'm stuck in the LFI Skills Assestment. I have the source code of the index page. I have access to the admin console but it seems useless. Can someone help me pls??

@umbral basalt if you look in the Task Manager for a service with update in the name that seems like it might be an application related to what's mentioned in the hint, it's there.

There's not much more I can say without just giving you the name.

Like you, I went a bit overboard trying to find it at first but it's kinda staring you in the face, so if you go too deep too fast you'll miss it.

@rustic sage if I remember correctly, you need to review the techniques in the "LFI to Remote Code Execution (RCE)" page and one of those will give you the foothold you need

Guys who wants to know how to run a vuln module on a IRC Botnet

Hi, writing again

I have a problem with sqlmap module skills assisment. I have tried all possible options from the baypass module. and nothing .

Anyone have an idea?

Have a closer look Authetication Bypass methods on the cheat sheet

@rustic sage I found the updater and ive put in the full name and every other name combo i can find. Nothing. Thoughts?

@umbral basalt Did you include the file extension as well ?

Did you use the Intercept Request ? I suggest go back to review Custom HTTP Requests

@umbral basalt because remember, the prompt says Submit the full name of the service executable (not the DisplayName)

I did both to be honest

I assume they’re right next to each other in the task manager

(Also checked via the power shell; same thing)

(The exe was what i was missing, thanks!)

good night

could someone help me in the "Introduction to networking" module?

to the question "Submit the broadcast address of the following CIDR: 10.200.20.0/27"

page 10

I think it's some small detail that I'm missing

Hey, if you make a table with the ips, it should have the network address, then the range ips for the hosts, then the broadcast address... This last one is the one they are asking for

@twilit sphinx Try to do as the given example it is pretty straight forward

by my calculations, from 63 addresses
but I'm afraid the calculation is wrong

I'm trying, but I think I'm missing something

I solved the first question in a simple way, I thought the rest was also

Hello guys, im having a hard time with the "get started module", section "privilege escalation"
I managed to get user flag but i can't get my hand on the root one. I tried to run a bind shell since it seems target machine wont connect to my vm, but it wont work and i cant see what im missing. Any tip?

Hi all,
Could someone assist me with something I'm missing in the post module?
thanks 🙂

Hi guys! In LFI skill assesment I can access to logs. I try log poissoning in http.log but it seems that doesn't work because the log do not refresh...any hint???

sorry man ! i just saw this !

do u still need any help ?

hello, im on request and response on web requests, i've the burp intercept on requests, but im unable to intercept the responses, can anyone help or give pointers

proxy >options>intercept server responses hit the checkbox

hi everyone
I need help, i'm trying to aces to the flag for the post method in web request module. i connect with the user guest and i modify the sessioncookie with admin_XXXXXX but it's not the admin session and Ican't reach the flag.
Someone could help me please.
Sorry for my English I'm a french guy

check the content of your cookie

just make it simple

Yes I have guest_a lot of character in base64. But if I change the guest by admin isn't the response

Thanks for your answer

can someone help me with bash scripting-comparison operators?

What is your questin?

it doesnt work since 3 days can i pm u my code for a hint?

sure

it says wordpress, u can try the wpscan to scan for vuln

Can someone that finished the Getting Started course on page 9, help me pliz?

Someone ?

what do you need help with

i need help to explore the target

I tried scan with nmap

and I discovered a WordPress service

after i scan with wpscan, but I didn't find anything

can someone help me with bash scripting-comparison operators?

on the public exploits question?

yes

ill go take a look give me a bit

ok, thank you 🙏

look up wordpress exploits with the tool they give you and see what you get @tough mauve

can someone help me with bash scripting-comparison operators?

@true whale ill try

you should ask in the easy modula section.

can i send PM if i don't get?

yes

easy is blocked for me

i'm having a bit of trouble with the getting started module. i can't connect to the flag share folder in the service scanning section

hey, i'm new here, and have no idea where to start

any ideas

++academy

Hi, I'm working on getting started module. can someone help me for a small question?

Sure, pm me if you still need help

Hi, I need help! I'm in the WEB FUZZING skill assessment, in the last question. I trying a lot of wordlist of Seclist file recommended by the Hint, but don't have success for VALUE of the parameters that I found! Im trying using the POST method for this, but no success! I search for the wordlist based on the parameters. I don't understand why it's not working... 😟

Make sure you are fuzzing the correct parameter, also check the section that corresponds to parameter fuzzing, that might be useful

In the Linux Filesystem Hierarchy what "/" stands for?

yup

pm me

Oh I just reach this section too

Do we need to using exploit to WP?

Hi everyone, can someone help me unstuck from the second question of the "Privilege Escalation"

i don't know what to do: i got the ||.ssh|| file from the root using user2 but i don't know why it dosen't ... even if i use the ssh -i function

"Parameter Fuzzing - GET" - "Using what you learned in this section, run a parameter fuzzing scan on this page. what is the parameter accepted by this webpage?" << Quoting "ON THIS PAGE" what page is it talking about? the spawned page or the page I'm on reading the question, which is https://academy.hackthebox.eu/module/54 ??? And when I run a parameter scan on the spawned page, am I supposed to run it as 123.4.5.6/FUZZ because that would be the spawned page and that would be doing what the question asked, but when I do that, the results are home, index, blog and forum but none of those are the right answer and when I do what the lesson is teaching and running a parmeter fuzz, I'm left to guess that it wants a parameter fuzz ran on index.php?FUZZ=key but that doesn't return anything. I feel like these questions are formed by people with so much experience, they don't know how to teach someone with no experience.

I cannot complete Deobfuscation Examples - HTTP Requests. I send the request post, I get the answer, but they do not give me the answer as valid, and I do not understand the reason

So you get an output from the command you use and you get the flag but it's not correct? Whatever the output is should be correct.

if i understand correct the current htb-academy boxes use an older version of metasploit framework preventing to drop into a shell...Tried to update metasploit framework but i think i have no permissions

ok i keep trying

@dark flower If you want, PM the flag you got and I'll tell you if it's correct. Or I can tell you if the command you're sending is proper

I'm stuck in the second question of Working with Web Services where it asks "Find a way to start a simple HTTP server using "php". Submit the command that starts the web server on the localhost (127.0.0.1) on port 8080."

I tried the following:

checkout php.net im sure its on there

I have some troubles with the web request module. How can I send a get request with two parameters to flag.php? Would appreciate some hints 🙂

can someone help me with the second question of "Privilege Escalation" 🙏 i don't know what to do in order to get the flag.txt on the root

What's the correct syntax for this?
Access the SMB share folder called 'flag' and submit the contents of the flag.txt file.

I've been trying combinations for the past 50 minutes and have no clue

Dunno wtf to do with the admin:ftp@dmin123 creds found in the ftp server

Tried using them for the smb share but I don't know if its a cred problem or smbclient syntax problem. Im going crazy

Thanks

(https://academy.hackthebox.eu/module/77)

The creator should REALLY provide a hint for this one. At least a syntax hint..

Btw you guys should add how many times exercises have been solved so we can be sure stuff isn't broken

look at the example they used

hint bob

look at the hint

There's no hint

it is literally right in front of you

I give you a hint right now

I've tried the anonymous user as well it doesn't seem to exist

i've already got the|| root .ssh|| key but i can't log in with ssh -i in the root .. should i do something different ?

did you tried to do same as the example?

I've literally tried every combination I could formulate in the past hour

you over complicated it

do the same as the example!

Thanks for nothing

No need to get upset, take a break. try to read the hints that I gave you again.

I repeat look at the user bob that used in the example

ok nevermind i found out i nee the "BEGIN OPENSSH PRIVATE KEY" and the end of the ssh ... i used 5 hours only for that

Sorry, was pretty pissed at the time

I'll give it another try rn

@mint lava

I'm not gonna lie, this exercise was a total bummer to me

The hard part wasn't SMB nor smbclient syntax.. And it was supposed to be, right?

The hard part was getting hit by "Oh, I'm gonna try the username and password used as a goddamn EXAMPLE.. Because I've lost 2 hours and tried everything else"

Like.... I've found credentials in the FTP server, I was 100% sure I had to use those (or none.. and just login as anonymous)

But I lost a large chunk of my study time today -- and got pretty frustrated in the meanwhile -- because I was supposed to use credentials that were used in an example from the theory section... Sorry but it makes no sense to me, the practice section should be about "dealing with SMB" and not "luckily guessing stuff"

I'm doing the 'getting started' module. I know that I have to use the "47187.rb" to proceed. When I google it, it says that it requires msfconsole. Alright, my question is, how do I use this "47187.rb" from within metasploit console ? Thanks anybody who heps me in advance !

Im currently stuck at "Getting Started > Privilege Escalation" question 2: I have copied their id_rsa to my pwnbox and chmod, after that i "ssh -p port user1@target_ip -i id_rsa
them it asked password for user1 which given is password1 but i doesnt have root priv. what can i do

@rich orchid I totally agree.... I've spent about just as long as you did trying to get it and FINALLY got the dumb idea to try something from the example.... This section should've been made a bit better. Why it was set up like this when none of the others I have done have been done like this, is beyond me

I've completed "Privilege Escalation" yesterday, my hint for you is a question: who is the owner of the id_rsa file you copied to your pwnbox?

Hi I'm stuck on the Web Requests module in the POST Method section.
The question is: Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section.
The hint is: Manipulate the cookie as discussed in the previous section.
I don't understand what I have to do to the cookie header

oh yes thanks 😄

I could not get the flag last night. Woke up today,fresh look at it, 3rd double espresso and BOOM.

Guys, lemme ask you something.
Once I have found an exploit through ‘searchsploit’
how do I use it in msfconsole ?
It’s important to point out that the exploit, found through searchsploit, it states that it requires msfconsole.
Does anybody know how to do it?

msfconsole use nameoftheexploit

got it. But there's something that still doens't fit. For instance, the exploit I want to use is 12345.rb (👈 is this the name ?). I still don't get this.

i guess you do msfconsole 12345.rb in the terminal to load the file

@silent smelt I tried what you said but interestly neither trigered a error nor worked.

What I’m trying to do is that:

The following exploit (php/remote/47187.rb) it states that requires msfconsole, however I don’t know how to use that inside metasploit. But thank anyway for trying to help me !

@patent blaze As far as I know, Searchsploit uses it's own database to search for exploits (and not your /usr/share/metasploit-framework directory)

Are you sure the module isn't missing somehow?

Tell us what error message are you getting

If there's no error message, I'm afraid we'll have to look at the code in order to learn how to use it

Are you sure this is the exploit? I also thought of using it but I'm not sure how I'm supposed to get the credentials for the WordPress site

How did you get the username?

Anyone able to help out with the netcat part of "getting started"? ... I tried the command shown on the page but doesnt seem to work ...

Dm me

I have a clue. In the login page if ou try to login with admin:admin you got "unknown username". However, you browse through the website and go to the comment area, you actually see a name, which is 'mrb3n'. Then I tried that username (mrb3n) wirh admin as passwd, and I got "The password you entered for the username mrb3n is incorrect", so I'm quite sure that's a valid usename

Huh

I couldn't find a comment when I checked

Strange

I meant recent posts

my bad

Ohh

Alright ty

Yeah, thanks :)

hello, i'm new at HTB Academy and got a problem to answer the question in LINUX FUNDAMENTALS. For example the question "Which option needs to be set to create a home directory for a new user using "useradd" command?" -> i tried "useradd -d" or "useradd --home-dir" but it was wrong. Can someone tell me how to answer questions like this? thanks

try to put the option only

thanks for the reply but it does not work

try different options

yeah thank you 🙂 i tried -m and it works

@rich orchid Its ok, I completely understand the frustration. You need to understand that this is a fundamental module for people who just start, that why they try to make it a little easier

I didn't understand what you tried to say

And I still think that exercise is terrible

Because to pass it you have to GUESS CORRECTLY

The difficulty is in GUESSING, not in the SMB concepts or commands

That's why I think its simply stupid

I can understand what you are saying

i had exactly the same journey yesterday, today i read this and i solved it... man, you really have to go against your instinct. i've done way too many boxes and now i'm too dumb to figure stuff like that out. -.-

can anyone help me ?

With what?

@patent blaze

so

I'm at getting started module

to be more specific I have to find a way to exploit the simple backup plugin for wordpress

What I’m trying to do is that:

The following exploit (php/remote/47187.rb) it states that requires msfconsole, however I don’t know how to use that inside metasploit

Which section?

public exploits

Ok

Sec

@patent blaze dm me

alright

Can anyone help me understand the way of thinking when it comes to cracking a hash? I’ve been stuck on this cracking common hashes for a while. I’m using the prebuilt rules for hashcat but the entire scans take hours. I imagine there must be a better way! TIA!

I was sold on HTB.Academy.. but after that exercise I'm really starting to doubt the quality of the exercises

Lost 2 hours thanks to someone else's bullshit

I wonder why there is a login.txt file on the ftp server with USELESS credentials

Probably just to troll people

And waste their precious time

Like.. you have to EXHAUST yourself trying stuff until you think "Oh, maybe the credentials I've found on the ftp server are useless and I should try the credentials used in an example from the theory section" 🤦‍♂️

Was hoping someone could give me a nudge on the skills assessment for the File Inclusion/Directory Traversal. I've tried everything in the module without success as there is no place where the app outputs data to the user. I've directory bruteforced it to death without much success. It seems there is some sort of admin panel but I can't find it and almost everything returns a 200 response code. Please help!!

there seems to be a lot of inferred logic making me think it may be a course of attrition vs pure skill

almost like they're fishing for whom will remain persistent, given the qualifications and credentials of the organization

Similar frustration on this 😓

Ikr 😂

Man i love this thing

I think this is just the nature of the game. The course writers have been doing this a long time. I know it’s frustrating but HTB Academy is basically training you to play HTB, while it is teaching you the fundamentals it’s also trying to impart the mentality that goes along with this sort of thing I guess. This is very much a “think outside of the box” course, in the getting started it says as much. Just try to keep going forward but keep in mind this is trying to teach a mentality as well as skills

If sysadmins do their job and rotate credentials, yeah, you're going to find stale credentials in files like "passwords.xlsx". Welcome to the real world 🙂

To all the ranters: Keep in mind that Tier0 on HTB academy is essentially a free learning resource. I completely agree that the quality could be better (typos, odd sentence structures, lack of consistency between exercises) but unless HTB hires a QA/UX team to come in and fix those, this is as good as it gets. If you can't find it in your heart to be grateful for the time and energy someone spent to create this the best they could with the resources they had without meeting your quality standards: instead of labeling it as "stupid", just go elsewhere or create your own free cybersecurity training platform.

Woody1130 has the idea of it, you have to do researching and develop the skill of researching, you have to strive away from spoon-feeding. If you ask someone from the industry in which he has many years in, he will tell you the same that you need to develop the skills of researching and others as well. Spoon-feeding is until one point, after that you have to teach yourself things. No one is born with the skills, hard work is the key.

well in this case it was the very opposite. since we are not used to spoonfeeding, we failed to solve this one. we were spoonfed the credentials and found ftp credentials as well. so naturally we go for the cred which weren't spoonfed. to actually use the ones out of the example is something that only happens in this module. i've done a bunch of academy modules now and this never happened again.

which model and section is that, and what exactly is the issue

Hey I need help with the first question the "Find files and directories" lesson from linux fundamentals. here is my code: find /etc -type f -iname ".config" -size +25k -size 28k -newermt 2020-03-03. pls help

In the "Getting Started" Module -> Service Scanning
It's the third question.
on that machine you find a ftp admin account, but you are not supposed to use them. i don't think i am allowed to be more specific here on what to actually use.

ofc it is for startes, and i already did some (retired) boxes on HTB. it just seems to be very out of character for HTB. I do those modules for funsies and the completionist in me commands it. 🙂

Im wondering if somebody can help me in the very last question in getting started (knowledge check)..
Ive managed to run an getsimple metasploit to gain access and read out the first flag. However im still in the Meterpreter pseudo-shell which has limited commands. Ive been able to upload a LinEnum.sh script to the host but the execution doesnt work properly. Im looking for tips on how to escalate Privilege from here..

Hi

Any brazillians here ?

@timid grove hello man! tankyou but i did 👍 now im stuck in something different 😆

Oh, I can't complain about free stuff? Congratulations on being person 999,999 to use this stupid argument

🤦‍♂️

I'm complaining because I want it to be better and if I could improve stuff, I'd happily do it myself

Hello everyone im new here I was just trying the intro to networking and on subnets and I’m stumped on the last two questions could anyone help me??

I was expecting comments like those already, but I really don't buy into that crap and that's it. That's just my opinion.

I have installed Apache2 and started it on my VM but I'm unable to connect to http://localhost fixed

hey guys

i cant undrestand

in the fundemental modules, linux fundementals > find command

the question, What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

all files are Permission denied

all you need is the name

@timid grove Hey can i DM you?

ya

ik

all i need is the name

there are millions of files

on the scren

hi everyone, can anybody help me in Privilege Escalation ?

I understood the first question, but i don't know how i do capture the flag of the root user, can anybody help pliz?

which section?

hey all, i just reached the final step in the pentesting module
site cant open properly tho

stuck on "connecting to [ip]" forever....

who can help me with this

At what point in the academy am I ready to tackle easy machines?

I'm not sure if it's the website or if i'm doing something wrong but i'm doing the Linux Fundamentals on HTB and i'm trying to ssh to a target with the user and PW they provide but it keeps telling me permission denied

send screenshot please

@zenith vigil

of the terminal (you running the command)

@zealous meteor

It's in the screenshot

Through their lil web thingy

ohh

The Instance

I tried doing it through my MATE terminal but it wouldn't work

yeah you dont have to put the curly braces

do it without the curly braces around htb-student

Oh shit

I was using the Bash terminal

And I just used Powershell and i think it worked?

I am stuck on the Nmap scripting engine. I have done a -p- scan as well as a -A / -sV scan and am happy that i have all the ports, I looked at the hint and assume that i means port 80 due to the http. after reading some hint and suggestions on reddit on what to look for have tried to insert some scripts on the port but due to the amount of 'http-*' script dont really know what one. I feel like i am in the right area but am missing something i just dont know what.

After reading a looking at a few other questions and answers about this, notice i was looking at the right request but the wrong answer and found the flag

Anyone able to help with the Linux Fundamentals module, Section: File Descriptors and Redirections, final question: "How many total packages are installed on the target system?" I have tried to check against dpkg and apt, but can't seem to get the right number... I've looked up online other methods for looking up total # of packages installed but none of the #s I've found are correct.

you should use the dpkg command with an option that list all the packages and then the grep command with a specific option to count the selected files lines per file

I have done that. According to a suggestion I saw made by Tiro in another thread, he mentioned that some of the lines that get counted are usless. So I need to now figure out which those are. I know what the command to count the lines are and the count given, I just need to figure out how to filter out the useless info. If you could hint to that, it would be appreciated! Otherwise, I appreciate the response! I should've specified a bit more about what I have done

Hey guys. I'm on the Linux Fundamentals module. I'm on the question "What is the name of the network interface that MTU is set to 1500?"
So I use ifconfig -a
But none of the names I use are working?

hey man, you should read the man/ help page for ifconfig

you just used the wrong option, that's all

try ||-s||

Breh... I swear I used that before and it didn't work. But it did now. Thanks for you're help @tired perch

@tired perch Jesus I feel like some of these answers have to be so technical good god. So many options

@tired perch Do you mind if I DM you? I feel like i'm close but there's something i'm not quite understanding here.

Sure

MODULE: Linux Fundamentals
SECTION: Filter Contents
QUESTION: Determine what user the ProFTPd server is running under. Submit the username as the answer.
i tried nmap and i found ProFTPd on port 21 but how to see user?

hey man, i used this command ||ps aux||

it says ||user964+|| what does that mean?

not sure, have you ssh into the machine?

no

you actually should do that, First ssh into the machine

then you enter the command

ok

nvm i found now it was something else

ok then

For me, what is being shown on that same question says it is wrong. I'm actually struggling with all of the questions tbh. That same L.F. Module, same section. The last one I'm filtering out, but only a few seem to show and its not correct

I ended up just guessing the first and last questions' answers, but I'd like to know how to actually solve the problem legit. Googling hasn't yielded any answers yet, but hopefully I get some kind of hint

MODULE: Web Requests
SECTION: POST Methods

i am not able to login with "admin:password"! so how can i solve this course without getting the cookie from the admin user ? had anyone else this problem ?

the valid credentials are in the exercise

below, where you spawn the target

there are now credentials below where i can spawn my target

use them to get to the admin

oh, sry i had a typo:
i mean there are NO credentials!

Read the question then

i'm 100% sure that there are

there are the guest:guest credentials.
but in order to answer the question i need the admin auth cookie. and to get them i need to login with admin:password!
but this does not work

@frigid dagger good call, but let him try to find out the way by himself

Okay, sorry, I was starting to think that was too much. Apologies 🙂

No worries

This is what Erobus said: Those are the creds you need to use. You have to escalate your privileges to admin from those creds

Could you point me in the right direction for the Linux Fundamentals Module, Filter Contents Section questions? I'm right there for all of them (1st one I'm furthest from), but I just can't seem to get to the last steps. I thought I had the second question, but the user I grep'd from the service list was not correct. And for he final question, I just guessed the answer, but I can't seem to get matching results. I want to actually know the processes. I can post a pic of the questions if needed

try with the network statistics command

Okay, I’ll give that a shot later today. I just realized it’s 4AM here and I’ve got work at 2pm 😅 gotta get at least some sleep

Thank you

Hiya, I'm getting stumped at the first exercise for deobsfuscating javascript. I have parsed the js and found a var flag = "HTB{.....}" but it is incorrect. I have also decoded it using base64 and trying that, as well as encoding it again and trying that

Edit: NVM, I need to read through things before jumping through hoops

???

Use the find command

Tbh, if you read the page properly you could have found the answer cause the command is just there.

hi

Question: Nibbles box - is there any other way to get the password for admin user, or guesing it is the only method. I`m just curious. I looked at numerous walkthroughs and could't find it.

actually I was able to find the password in one of the directories, but I didn't really need that. The "TOOL" a used didn't require neither password nor username

anyone has problem with the Nibbles box target ? cant even PING the target

have tried to respawn the targert ?

yes multiple times

it seems there is problem with the vpn

for the instance box it seems to work

slowly but at least can ping

I have exactly the same problem

whenever that happens I rm the user.ovpn and download it again

did it several times

still not seems to work

are you using your own box or the instance box?

Is there any staff member that confirm that the target is live?

I deleted the ovpn and downloaded it again and it works now

did it but still have some issues

Hello, i'm blocking on a question in [Path] Web Requests -> [Module] POST Method. I don't know what to do. (I try manipulate the cookie, intercept with burp ...).

You can dm me

Ok

What have you done?

Hey, I have a question regarding the Getting Started Module... I'm on the question where I'm required to use the 'smbclient' command to login to the targets network shares and find the contents of the flag.txt file. I listed out the shares with 'smbclient -N -L \\ip address' and it is listing out a non-default users share. I have attempted to login to the users share via the 'smbclient \\ipaddress\users' command to no avail. That is the syntax that was given under the Shares section of the Module. Does anyone have any pointers?

@loud dew removed the academy.vpn and download it again

this is worried I had some problem with the vpn in the past where the Initialization Sequence couldnt complete but never where the Initialization Sequence Completed and couldnt enage the target

it seems that also form the instant box I could not ping the target

anyone had some problem with the vpn key? for the Nibbles box target form the Getting Started module?

@mint lava what kind of problem ?

@mint lava

@west rampart the target http://10.129.218.1 is constantly times out from my box

now it is up

but after sometime is down

now it is down

@west rampart ?

guys

im new here

what is this server exactly

@mint lava did you restart the target ?

Hi. Stuck at the same task. Have you managed to solve it? Drop me a dm please if you have a chance. Can’t get access to flag share too

I’ve got logins.txt from ftp but those creds doesn’t match neither smb, nor telnet

Yeah I had a hard time with that one as well. Look at the example above on the top of the page for SMB. Follow the examples.. it should help.

I just got in. I'll pm you in a sec

@tidal mango Thanks I finally realized I had to use those creds in the example, but the syntax was different

what is this server?

@west rampart Yes multiple times

no worries. It took me way too long myself to get that one. There is nothing is in the Pwnbox that indicates what user we should be trying to login as. It seems poorly written to me but trial and error got me there.

please answer my question

guys

anyone know where to find compilation of many breaches (comb) 3.8billion (public)

Im wondering if somebody can help me in the very last question in getting started (knowledge check)..
Ive managed to run an getsimple metasploit to gain access and read out the first flag. However im still in the Meterpreter pseudo-shell which has limited commands. Ive been able to upload a LinEnum.sh script to the host but the execution doesnt work properly. Im looking for tips on how to escalate Privilege from here.

Hi I'm stuck in the Learning Progress module I can't find the question answer "To get the cubes back from this module, answer the following question. What is the difference between the two numbers of the learning progress mentioned above?"

do the math

Pretty sure it is a number...

Thank you. But I don't understand why you have to change the decimal separator ... perhaps to get out of the box

Is a Site-to-Site VPN advisable from a security perspective?

Perhaps between two heavily restricted subnets?

hey all, working on the getting started module, and im getting a weird error. anyone up for helping

?

@proven jay what's the issue? Not sure if I know the answer but I can try