#modules

i don't ni

no

@muted mist You should see the spawn nibbles machine on the sections now

Shoot me a dm @fresh walrus

Hello. I need some tips with the file inclusion/directory traversal skills assesment.
I read and practiced the module completely but i am unable of finding a path into the machine with the resources given.
My actual steps have been:

• 1. LFI --> /index.php?page=/etc/passwd with no output
     --> /index.php?page=../../etc/passwd with output "Invalid input detected!"
• 2. LFI to RCE --> i started a burpsuite against "/index.php?page=/var/log/nginx/access.log" with no output
     --> I am unable to find the PHPESSID of my session
• 3. I refused RFI because there's no VPN connection between hosts
     At this point im stuck and i would appreciate a bit of light, thanks in advance

YOU ARE THE BEST

Hi - New to HTB, i understand you can get CPEs for ISC2... Do i have to subscribe? I am probably looking in the wrong place. Any hints would be ace thanks.

On arch Linux trying to use burpsuite but it keeps telling me to enter some command illegal-access because I'm using java 16.

Anyone has any idea?

@glass oriole some hints would base64 source,Hidden file
For the first part

ty

wsggg

I might be over thinking this question, but I've tried about 70 different pairs that equate to the sum of 1337 and still get unauthorized. Even made a script for it lol

nevermind

I got it.. I did overthink it

I'm trying to delete the files I created on the docker after using PUT by using DELETE, but all it does is use GET instead

DELETE is allowed on the docker, so I'm wondering why it's using GET instead

PUT does the same, it doesn't overwrite, it just reads the file like GET would

I would suggest looking up the -X flag of cURL

I was using burp suite for it, but I'm checking out the -X flag now

oh, and you are changing GET to PUT on the "proxy" tab_

?*

I did it in the proxy tab and in the repeater

And had the same result from both, even after changing the auth to see if it mattered

If you are learning the request module i suggest looking up the header of each request, though the header for a GET request might be different from the PUT ones

let me try rn and ill confirm you

PUT will create a new file, it just wouldn't overwrite existing ones for me in that module. It would just default to a GET. Same for DELETE

you are stuck in the "PUT and DELETE Methods" page right?

Well, I got the flag. I just wanted to delete the extra flag.php I created because the original wouldn't be overwritten

Had to make a flag2.php to get the flag lol

if you want to delete it i know for sure curl -x DELETE path will work

if not, your target has something missconfigured

hahahah happens

I'll try it again later. I've turned off my vm since completing it. I should start using curl more often

Appreciate the advice on the -X flag tho

yw ^^

Can someone help me? I don't know why this is not working. Thanks

hi, can someone guide me through cookie manipulation? I got the decoded value but have no idea what im supposed to modify to escalate my privileges

try python2

😢

try prefixing the command with python3 instead.

That's what I tried at first :(

oh. the first screenshot you posted didn't have either interpreter prepending.

Yes yes, sure, but then I tried that

With this hint I don't know why it doesn't work

@spring oriole when you ran it with python2 it says the file is not a 7z file. is it already actually uncompressed? can you view it in plaintext?

Okay, thanks 😅

Solved <3

Good Evening,
Course: OSINT. I am stucked with accepting the gps coordinates... Maybe I am doing something badly, but this should be straight forward.... So for example if I would like to add: Budapest as an example, my format would look like: 47° N, 19° E
Am I right?

Hi, i cant find what the web requests module asks in the "A Dive into Methods" section at "POST Method":

• Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section.
  And then leaves an input box, am i supposed to find a flag or smthg?

feel free to DM me

So i am doing armageddon machine, and I was wondering when we use dirty_sock to privesc is it possible to use the first version over the second ? (is there any trade off )

It seems that v1 of dirty_sock requires you to create an account, while v2 just downloads a malicious snap

how do i use a cd command in<?php system()?> ?

i try '<?php system("cd search.php" )'

but it look like i doesnt change

can some one help me with the sql injection question?
Find the flag by using a webshell.

i already do the ls command

and find the 4 folders there

i dont know how to get into them

or how to save the result

alright, so on the Getting Started module Privilege escalation chapter, I have gotten the id_rsa and dud chmod 600 on it, but I am getting an "invalid format" error

ssh root@htbip -p htbport -i id_rsa
Load key "id_rsa": invalid format

@mental hornet you could have missed something while copying or while pasting check that the format is ok or not ! Like when I did it and pasted in vim it added some character after new line

Nah, the key is in tact.

-----BEGIN OPENSSH PRIVATE KEY-----
...SNIP...
-----END OPENSSH PRIVATE KEY-----

obviously not the actual key, but there's no extra whitespace or new lines

box only has 22 min left, maybe I just refresh it and try again?

Naa no need to refresh @mental hornet

I did

stat --format '%a' id_rsa                

and got 600

Do I have to go and like do the whole upload a public key?

Sorry I couldn't get what you trying to say 😅 maybe you can dm me

If we find ourselves with write access to a users/.ssh/ directory, we can place our public key in the user's ssh directory at /home/user/.ssh/authorized_keys. This technique is usually used to gain ssh access after gaining a shell as that user. The current SSH configuration will not accept keys written by other users, so it will only work if we have already gained control over that user. We must first create a new key with ssh-keygen and the -f flag to specify the output file:

like this

😯😯 I never tried this thing seems interesting but I don't know about this

yea. Doesn't work, so that's not the way.

Anyone want to help me on intro to Network Analysis; specifically the question from the wireshark section “which employee is suspected of performing potentially malicious activities in the live environment?” The hint isn’t really helpful. Pg 13 of the module.

@ebon wigeon

For win fundamentals

Are you supposed to follow the steps for the creation of the share file and connection from attack box?

Module:

Win Fundamentals

im struggling to connect via xfreerdp, is my command wrong?

I have had issues with xfreerdp before if that helps, i also spawned another box

You aren't supposed to space

thank your sir, been a while

can some one help me in Writing Files sql injection?

sqlinjection.txt

content: '

this is the quetion

now i try to move around but i cant

i try the command

cn' union select '<?php system(cd ./var); ?>','<?php system("ls"); ?>','<?php system("cat shell.php"); ?>', "" into outfile '/var/www/html/shell4.php'-- -

The above is not a correct webshell command. Try to refer to the cheatsheet

can you just pls tell me the command i already been two days on it

hello all, could someone help me with a question in "intro to network analysis" ?

if you provide the question sure

"Given the capture file at /tmp/capture.pcap, what tcpdump command will enable you to read from the capture and show the output contents in Hex and ASCII?" I believe it is -rX, not sure if i am putting the wrong order or what because that is wrong

I've tried -rX /tmp/capture.pcap, -r, -X, -rXX, everything

I think its -XX

I'm pretty stumped on the Getting Started/Public Exploits module Edit: I'll try to sleep on it and ask for help later

I know I have the right exploit, but I feel like I can't find the correct TARGETURI

tried -XX, no avail:(

Usually targeturi field has a small description of what is expected to be set

if you are looking for the webpage basepath i may not always be /

It says root folder for Wordpress. Which I tried ||/wp-content/, /wp-includes/,/index.php/ and /wp-admin/||

and did you try the "/" folder?

Yep

That’s the default option

dm me in order to avoid spoilers

@sick gull shoot me a message about the traffic analysis question

someone who has completed the file inclussion final assesment can help me with the second part?

aanyone available to help with the hashcat module

What is the question? If not module related maybe.... 🙂

Im stuck on cracking common passwords section

I have tried cracking the hash with several different builtin rules, and also with mode 0 and mode 1000

I would try using a hybrid attack, but were given zero information about the password pattern

Hi, im finished the bash scripting , but i cant complete the module because in Flow Control - Loops part when i launch the script it gives me an error

Any idea, i think 90% the script are correct

in this case I cant help 😦 That is module specific ..

ok, np 🙂

looking through the backscroll, looks like other people have asked about this, but theyve got no response

mode 0 is straight. Just guessing but if you would like to try hybrid attack maybe you need another mode. (if you menat in mode the -m in this case are you sure you have NTLM or MD5?)

yeah I meant -m. Pretty sure its one of those since hashid said that

I mean there were other suggestions, but those were the only ones mentioned in the module

Ah I figured it out. Had to use a specific rule

Thanks for your help @rustic sage

nibbles question:

||anyone know why I get this from metasploit when trying to run it on nibbles?||

This exploit may require manual cleanup of 'image.php' on the target

currently doing it the way the guide says, but I was curious to try this route as well.

hello all, im stuck (for 5 days) in the Skill Assessment - Broken Authentication -> if anyone could dm me i'd be very happy 🙂

Figured it out. ||Improperly set LHOST|| - nibbles

I'm having an issue with the Linux Fundamentals "Filter Content" section, on the last question regarding using curl from the pwnbox to obtain the source code of https://www.inlanefreight.com. After spawning the target host, I enter "curl https://www.inlanefreight.com" on the pwnbox and I get an error "curl: (60) SSL certificate problem: certificate has expired". NSLookup is showing an IP address of 134.209.24.248. Am I missing something, or is there a configuration error?

(Snipped from support channel to here). I tried doing a module page in the academy running an auxillary scanner. Using the same options, the output was saved in a loot folder in the ParrotOS provided by HTB but when I did it in my Kali box, the output didn't save. My Kali box is running metasploit v6.0.52-dev.

I solved it thx to your hint, thanks

Hi everyone, I'm stuck. Hashcat module, section "Working with rules": I can't crack hash, the hint says that I need to use rockyou and build a rule to append 2020 to every password in rockyou file. The rule is ok (I tested with --stdout), but still can't crack. Any real hint?

This is my output, above the "scanned 1 of 1 hosts" should be a save to the loot folder, but there is none. (I crossed out the module used in case of spoilers). But the information is correct and the same as info used in ParrotOS. I thought it was a msfdb thing, but I re-initialized the database just in case and it seems like there's a configuration out of whack and I'm not sure how to fix it.

Hello everyone, I am currently stuck on module Linux Fundamentals "Service and Process Management" https://academy.hackthebox.eu/module/18 The issue I am having when I enter systemctl start ssh to begin the ssh process it is asking me for a password and I dont know what it is.

Hi ! Are you sure you have enough privileges with your current user to run that command ? Just check back the "User management" part 😉

Hi. Could anyone help me with the question "Given the capture file at /tmp/capture.pcap, what tcpdump command will enable you to read from the capture and show the output contents in Hex and ASCII?" from "Network traffic analysis" module?

I found out, one must put 'sudo tcpdump' before the rest... the answer is:
sudo tcpdump -Xr /tmp/capture.pcap
🙄

Hello everyone, I can’t solve the following question: Find all TCP ports on your target. Submit the total number of found TCP ports as the answer.
Can you help me

nmap -p- ?

i try -Pn bcs it not <ork

work

when i try this command i have a msg and it tell hosts seems down

Hey guys can someone tell me what do i have to submit in the module "web request", "post method" section? I dont know what i have to submit, a flag, a admin username or some other stuff?

I've found the soluce for my prblms, i've just use HTB terminal and then i've use the nmap command with -sT and finaly it work

@desert saffron manipulating the cookie should get you something, this somethings is your flag

@rob#1234 heyyy

@finite thicket heyyy

could someone please help me with the first question of Linux Fundamentals --> Workflow --> Find Files and Directories?

I've been trying with the find command for so long but all it's giving me is tons and tons of files, some of which say permission denied

I'm going insane

the question is "What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?" btw

What command are you using?

@rustic sage pls be careful with spoilers

oh apologies!

||find / -type f -name *.conf -newermt 2020-03-03 -size +25k -exec ls -al {} \;||

For the permission denied you can use 2&> /dev/null

I don't understand the|| -exec|| part and I don't know how to filter by|| size less than 28||, only the ||more than 25|| part

ah alrighty, will try that now

-28k

thought so too but it gives some kind of error, afaik because it treats that like a seperate option or smth

You have to give the -size primary twice. Find will in general "list all files under the search root", filtered by primaries like "size", "newermt", and "name".

Grab a cup of coffee and read through "man find", it will save you time in the long run! 🙂

using the command|| find / -type f -name *.conf -newermt 2020-03-03 -size +25k -size -28k -exec ls -al {} ; 2&> /dev/null|| gives me nothing

makes sense, thank you

That should probably be "2>/dev/null".

probably when I have time haha, I did try that while looking for the answer but I only really looked over it very quickly and I don't understand most of the things

(Means "redirect stream 2 to /dev/null".)

ohh oops

thanks

read the manual of the "find" command and execute the command with adding one option after another

hell yeah it finally worked

thanks mate :)

Having a bit of a tough time escalating privileges on the “Getting Started: Skills Assessment” box.

Was able to retrieve the user.txt flag as “www-data”. From here I’m a little stumped. Couldn’t download an enumeration script since all writing is blocked on the account.

There’s another user, mrb3n, where the user.txt resides. Should I move laterally to his account some how— or go to root from www-data?

Only sudo permissions www-data has is NOPASSWD on /usr/bin/php. Haven’t had much luck searching where to go with that

I figured it out lol thanks for the hint 🙏

if you're already in a reverse shell as user www-data, can you see if you can find a place on the filesystem that allows write permissions and work from there with the enumeration script? ||Any temporary directories or shared memory spots? (remember, everything in linux is a file).||

Reading through man pages and digging in deeper until the tools are better understood is going to occupy a lot of your time, but it will be well worth it. Also if you hadn't figured it out, when viewing a manpage, you can search through it with the / and whatever you're searching for.

Thanks for the idea! That was my first though was to try and find any sort of writeable file and run my enumeration script instead for it’s contents. Another user gave me a great nudge in the right direction. I’m given “sudo” for the /usr/bin/php file. While it’s not writeable, I am able to play around with it and possibly exploit some of its functions!

gtfobins ftw! lol

Bingo! 😉

For windows fundamentals are we supposed to follow the SMB guides or just read an answer the question.

i read it

I tried following along but i can never connect to the share

why cant i message in general?

Hello!
I've stuck on "File inclusion" module -"other php wrappers" section.
I started with python3 -m http.server 8080 (in the folder with "shell.php" ) and wrote this url http://10.129.29.114/index.php?language=http://localhost:8080/shell.php&cmd=id but it doesn't working. I got this in my terminal and nothing more - Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...
and this mistake on my target ----- Warning: include(http://localhost:8080/shell.php): failed to open stream: Cannot assign requested address in /var/www/html/index.php on line 47

Warning: include(): Failed opening 'http://localhost:8080/shell.php' for inclusion (include_path='.:/usr/share/php') in /var/www/html/index.php on line 47

give me a little hint pls, whats going on?

Hi, what is the path where you ran the python3 -m http.server 8080?

and where is your shell.php script

All of these in the same folder

Hello, hackers.
Have a question about some blank moments for me in "Nibble - Web Footprinting" section. Next section "Nibbles - Initial Foothold" starts on a position that we've already cracked admin password with some tool, but I didn't found that process described in previous section ("Nibble - Web Footprinting"). The main question: "Is it presumed that we crack that admin password on our own?" The second question: "When I use hashcat, I have to provide some file with initial hashes of possible passwords. I understand that I can get initial variants of password with CeWL, but should I convert each of them to hash manually or some automated tool exists?"

As I guess i don't need to write a full path in the url, a, I wright?

no no, its the relative path

lemme try

ty, it can be related with that nginx is shutdown or not?

is nginx shutdown?

Try the other wrappers

And check if they work

I 've tried this python3 -m pyftpdlib -p 21
but doesn't working too.
I got this on the target ------- Warning: include(): connect() failed: Cannot assign requested address in /var/www/html/index.php on line 47

Warning: include(ftp://localhost/shell.php): failed to open stream: operation failed in /var/www/html/index.php on line 47

Warning: include(): Failed opening 'ftp://localhost/shell.php' for inclusion (include_path='.:/usr/share/php') in /var/www/html/index.php on line 47

Notice: Undefined variable: p2 in /var/www/html/index.php on line 48

and nothing in └─# python3 -m pyftpdlib -p 21
[I 2021-07-12 16:16:25] >>> starting FTP server on 0.0.0.0:21, pid=2386 <<<
[I 2021-07-12 16:16:25] concurrency model: async
[I 2021-07-12 16:16:25] masquerade (NAT) address: None
[I 2021-07-12 16:16:25] passive ports: None

you might doublecheck your url for the download link again. What host address is it trying to contact the python webserver at?

||specifically this area: language=http://localhost:8080/shell.php&cmd=id ||

yeah

i have the same url

i've got checked it many times...

/index.php?language=http://localhost:8080/shell.php&cmd=id

python3 -m http.server 8080
Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...

and nothing

I'll send a few screenshots...mb It will shed a light

You are issuing a command id which will return a value, don't expect it to download/upload something

yeah, I'm not trying to download something. I've tried to include a web shell and execute the id command:)

and I dont know whats going on

again, doublecheck that host address you're specifying for it to be downloading the script from.

||you've got it trying to connect to a link at itself on port 8080.||

hm

think of 'localhost' as referring to itself in the third person. your system would refer to itself as 'localhost', and the server you're trying to attack also refers to itself as 'localhost'.

exactly i did the same mistake

same kinda here, I've pasted scripts and forgot to change <IPADDRESS> I don't know how many times, then fought with it not working. lol

How are we supposed to follow the Creating a network share in the windows fundamentals course if we can't even get the share to connect?

check your credentials

I'm doing this from outside the web pwnbox from my own vm running the ovpn

Would i just use the credentials of my own vm?

@drifting knoll

Module [ SQLMAP ESSENTIAL ]
Chapter [ RUNNING SQLMAP on an HTTP REQUEST ]

Hey I'm currently stuck the first question, getting the flag from case2. I've followed the cheat sheet and even googled but I can't find a way to use sqlmap correctly 😕

If someone could just mp me to explain what I'm doing wrong that be great thanks 😊

Yeah idk i still can't connect to the share even withing the pwnbox and the credentials from the text file on the pwnbox

Hi i am a beginner in HTB can anyone guide me from where i have to start?

Welcome to the community, we are glad to have you! It would be good to start with the HTB Academy module called Intro to Academy if you want to start learning with Academy.

https://academy.hackthebox.eu/course/preview/introduction-to-academy

Hi im new to HBT where and how do i start?

@rustic sage @subtle igloo Check out Academy and or Starting Point.

K tks.

Tq👍

i personally would recommend to start with linux modules and some further research, because your pwnbox is also a linux destribution (parrot os) and also u should try to get familiar with virtual machines and setup a virtual machine (prefered kali)

Hello anybody can tell if I buy HTB academy subscription will I able to get access of all modules for 1 months or I will get onyl 200 cubes ?

youll only get 200 cubes

hey guys im just stuck on the question "Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080 (use the short argument to specify the port number)."
i started the server but i dont get what im supposed to do

also can anybody tell me if the htb academy subscription is recurring?

here @sterile hawk

73.123.183.104

Anyone complete the Dissecting network traffic with wireshark section of Intro to network traffic analysis? Struggling on the second question.

env

Hello ! i just realise they combine all the module into 1 group

Ok bro

I'm stuck in bash scripting module in this question:

Create an "If-Else" condition in the "For"-Loop that checks if the variable named "var" contains the contents of the variable named "value". Additionally, the variable "var" must contain more than 113,469 characters. If these conditions are met, the script must then print the last 20 characters of the variable "var". Submit these last 20 characters as the answer.

Only checking if var is equal to value returns nothing, so i don't get any output

I'm stuck connecting to the active directory machine

I've waited almost 10 minutes for it to boot

can someone explain what "flag" mean?

It comes from CTF(Capture the flag)

Which is a game in which you have to obtain an objective(flag)

ty

did you solve the issue?

@drifting knoll I resetted the target and I'm waiting, getting timeout still

Hi, just working on the sqlmap module, I have done the case #5, #6 & #7 flags however i was curious if anyone knew for future use how you determine prefix and suffix? i assume whatever you set for prefix is injected at the beginning and suffix at the end ... so would it be more just knowing syntax etc etc?

feel free to shoot me a message.

it means the same page as have been shown in that section but on your target you need to spawn
http://<target>:<port>/admin/admin.php?<PARAMETER TO FUZZ>=key

I figured it out last night, wasn’t looking at all the conversations.

Thanks though!

Awesome!

I solved the exercise but I don't get any output from the pipe

where do u type all of these commands?

cmd of what

is it a app?

k tks

hi

im new here!

👋

Team this seems to be the DUMBEST thing for me to be hung up on but .. I guess I am ... Im doing the Deobfuscation challenge in the academy... Using the jnice Web site i was able to deobfuscate however even putting the flag in as the answer in the format of the hint is telling me its incorrect. if any tips on how im inputting this wrong please DM

does anyone have any go to command to pull the flag from an ip and port

nmap maybe?

I am truly ashamed of myself... I WAY OVERSHOT This one...

what specific syntax for nmap? @topaz sun

still cant figure this out

Does anyone know why the browser in the spawned instance would not be loading web pages?

u try resetting it?

yeah ive reset the machine and ive restarted my browser and on two different modules in the web requests class i get infinite load screens that timeout.

Hi everyone ... i am currently doing "Intro to Network Traffic Analysis" .. but I am unable to solve one of it's section

if anyone can help .. I have tried most of the things I learnt in the blog but wasn't able to complete the challenge .. the traffic I can see is totally different from the what hint box says.

Shoot me a message

do u still need help?

Next time you post it, you will get a reward from me

ok i think im not doing right at some point, i have found the /index.php?page= , I have tried all variations of /../ and cookie poison, also tried to do remote (http server), this module is File Inclusion/Directory Traversal and i'm on the last page, ping me if you help, very appreciate it, already half a week into this

hey guys! I don't really understand the function "EOF" in this part.. Can someone help me with that? thanks

I don't understand "<<" sign also in fact...

@weary anvil They are "Here Documents", you can read about the construct in your shell's manual. (Example: man bash if you are using the Bash shell.)

(You might need to read about standard streams and shell redirection as well to understand what it does. But in short: the shell redirects the given command's input stream to read from the block of text in between the two "EOF"s.)

it isnt working for me too.

how to solve this

ohk tks a lot

ok tks

how to download fuff?

Morning/afternoon all! Currently stumped on the skills assessment for "sqlmap essentials" and genuinely struggling to find area to attack. I have tried || --forms || flag and this only appears to work on one of the pages ... on the || contact.html || page I don't seem to be able to do anything in terms of submitting sqlmap queries with any success. In burpsuite I see || the use of "etags" || which could potentially be useful, but then I have no idea how to use them (or if they are even usable in anyway) .... any pointers/hints would be greatly appreciated before I start going crazy 😂 ...... covered any potential spoilers, just in case 😅

how to download fuff?

|| sudo apt-get install ffuf ||

@blissful cliff send me a dm

Okay 🙂

have a closer look at the Shop and use Burpsuite

Gotcha, thank you & @unreal patio for your time & info!

Hey everyone, beginner here working through Windows Fundamentals -NTFS vs. Share Permissions. I am confused with the answer to the first question: "What is the exact name of the predefined firewall rule that must be enabled to connect to the share from the Pwnbox?". I have the correct answer input. But in reality its not until I enable the predefined rule -|| Netlogon Service (NP-In)|| - that I am able to connect to the Share from the Pwnbox. Can someone help me understand what is happening here?

Tanks

I can't seem to figure out the search syntax, the userlist is not verbose enough

Figured it out

Hello all!😀

o/

Hi! thanks for replying! I have the correct answer already....but I have experimented with turning all 3 of the SMB related predefined inbound rules to disabled. And I can still connect. The ability to connect or not seems to be related to "Netlogon Service (NP-In)" ? Am i crazy?

Can I use Linode to complete modules? As a free user I am only able to spawn an instance once a day, could I instead use Linode?

Yes you can even use your own virtualbox machine

but you need to connect with VPN which is to download on module site

and you have a .ovpn file

Thanks so much BeNo59!

sorry was afk

Is the same vpn file used for all the modules?

Nope you arent crazy. You are on the right track 🙂

I was doing on the same vpn all the categories of the same module so idk

I needed to connect to the same IP, so difficult to say

DM me if u still have the problem

How do I search with windapsearch by attribute id?

I'm stuck at the Password-History-Length(1.2.840.113556.1.4.2014)

I'm stuck on Getting Started - Public exploits I'm pretty sure I'm using the right exploit and have the right info but I'm not getting a loot save. I deleted metasploit-framework and re-installed it after a restart (restarted after that too just in case) and I'm still have the same issue. Can anyone help?

some one know what is the os here?

I've sent you a DM.

anyone here who could crack a xiaomi? o don t have the Mi Account

hello everyone,
I am new here. Please can someone give me a quick overlay of whats going on here if you dont mind so cause i am a beginner and a noob also.

hello there everyone, I am kinda new. Can someone please recommend me as to what I should first learn before I can hack a box, possibly something like a road map of what to learn. Thank you

Check out HTB Academy.

Try starting with the module Introduction to Academy and work your way from there. https://academy.hackthebox.eu/course/preview/introduction-to-academy

This has been asked a million times im sure but wtf is good with the 3rd lab for nmap

Hey,
Module: Getting Started
Section: Knowledge Check
Question 2: "After obtaining a foothold on the target, escalate privileges to root and submit the contents of the root.txt flag."

Issue: So I got a footstep inside the system, running "whoami" returns "www-data". Cool. I run the LinEnum.sh script, finding this (picture attached). I then try to approach this like I learned in a previous section in this module, but to no avail.. I can't figure out how to work with the php thingy, I get permission denied while trying to append the line that allows me to reverse shell as root into it , as well as it is a symbolink that goes back and forth leading to the php7.4 in the same folder, but I don't have permission to edit it.. Kind of stuck on this 😦

hello guys, does somebody has a little experience with troubleshooting aircrack-ng, if yes please dm me 🙂

i sent you a dm

what do you mean you cant figure out how to work with the php thingy?

the output from linenum I think you're talking about is telling you the programs that the user you're on can run with 'sudo', and the conditions allowed for you to run them. ||Do you need to authenticate as root to run any of the binaries listed with sudo?||

@tacit meadow You can check https://gtfobins.github.io/ for php thing

I mean, I am not doing something right, because I can't get to run the file. it just start a php command line and echoes everything I write

from what I understand, I need to get a shell with root privileges. I found out that I can run a binary called php as the current user, without the need to authenticate as root with password.

I tried, even after opening a php terminal, it just echos my commands (tried to look for php format commands etc..)

Look for a way to run system commands through php. You might need to look up basic php syntax @tacit meadow

Thank you, I will try.

I'm on the loops section of the intro to bash scripting. I've written the script for the question at the end but I keep getting

enc: Use -help for summary.```

Any suggestions? Is it an error with line breaks or something?

Am I doing something wrong? This is for Getting started/ Public exploits

I tried fiddling with the depth, <=2 would give me a could not download error, >=2 gave me the error above.

I can't see any reason why what I wrote should break the script

hi guys

i have a question. does the monthly plan charge recurring payments?

for htbAcademy

As in change once a month? Yes.

you can purchase cubes directly without a sub, but the sub gives discount.

Hey guys. Trying to perform an ssh connection to a target from my Ubuntu workstation. I keep getting a connection timed out output from the console. Any ideas on how this works?

are you connected to VPN?

No. Lemme try doing that now

Using the same openvpn file that was provided to me from the machine section of the site, right?

yes

Using the vpn key I generated within the module

did you use "sudo" ?

Oops missed that

Sweet, works like a charm. Gonna try and connect with ssh now

Do I also use sudo on the ssh command?

no

Just waiting for now

Output: connect to host 10.129.237.54 port 22: Connection timed out

Are you connected to the vpn? What do you get if you do sudo ifconfig tun0?

I don't have ifconfig installed on my machine

try ip a

sorry, ip a not all

I should be 🤔 I connected with the VPN key through a different terminal window

make sure you don't copy&paste the password

You have 2 different vpn connections

it shows you've got 2 tunneled connections

How do I close them? I thought closing the terminal I connected through to them was enough

neither of which appears to have netmask that will cover the IP of the spawned machine

killall openvpn should do it

The tun0 entries were the openvpn connections right? just ran the command and they are no longer there

Should I try to reconnect now?

If I were you I would delete all ovpn files and download it again

at least the ones named academy*.ovpn

I'm going to reset my target and redownload my VPN key

I'm working on the File Inclusion module, and I'm having trouble grasping the section about using the zip file to hide a web shell. Can someone offer a hint?

OK. Just connected. If I want to connect to my target, is there a specific port I should use?

No. It will automatically use the default one

If it doesn't say on the page it will be running on port 22 so you don't need to specify it.

Can you ping the target?

Yup

Gonna try and connect

It should work

Is there a way I can stop pinging or do I just have to close the terminal

control c

Thanks!

Ctrl-c stops a running program

Works like a charm, thanks y'all!

Hi, how can I find out what operating system is this? - network enumeration with nmap

Davho@htb[/htb]$ sudo nmap 10.129.2.18 -sn -oA host -PE --packet-trace --disable-arp-ping

Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-15 00:12 CEST
SENT (0.0107s) ICMP [10.10.14.2 > 10.129.2.18 Echo request (type=8/code=0) id=13607 seq=0] IP [ttl=255 id=23541 iplen=28 ]
RCVD (0.0152s) ICMP [10.129.2.18 > 10.10.14.2 Echo reply (type=0/code=0) id=13607 seq=0] IP [ttl=128 id=40622 iplen=28 ]
Nmap scan report for 10.129.2.18
Host is up (0.086s latency).
MAC Address: DE:AD:00:00:BE:EF
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

I am searching for it for like 1 hour, but cannot find it 😦

What scan option in Nmap allows you to enable OS detection?

-O i think

but I have to find out only from that output

"Based on the last result, find out which operating system it belongs to. Submit the name of the operating system as result."

check every piece of information in that output and ask yourself if you really know what you're looking at
otherwise feel free to DM me

I'm on the skills assessment of hacking wordpress and I can't find the wordpress site

Hi everyone, I'm new here. How would you rate the academy?

Thank you Cry0l1t3, I've solved it 🙂

making your actions/decisions based on others opinions equals letting others to decide about your success
everyone learns differently, everyone feels different about any kind of product
i highly suggest to try it out for free and make your own impressions
on those you can decide what is best for you

well done

thanks

I'm assuming wordpress is running the blog but I can't access it

I had that same issue

you need to ||add that url to your hosts file||

and then it will work

done

||message: ||

I still can't access http://blog.inlanefreight.local/

Very teacher-esque of you... I think this is going to be fun... 🤔

Are there any plans for full time moderators to support academy based issues? From my limited experience there is a lot of questions with very limited support. This is not to criticise as the platform is great, however when we struggle sometimes there is nowhere to turn :)

feel free to share all your questions with me

in DM pls

Thankyou that is great, and thanks for the reply. I help where I can and when I'm struggling Id just like an official channel to turn to, appreciated

all modules related questions can be posted here (just be careful with spoilers)

I've posted many questions with no spoilers and had no official help, occasionally I got community help, usually I figure it out for myself, but sharing knowledge and helping each other makes great achievements :)

I am working thru them myself.... they take time.. am doing SQLmap now

Its a cool well put together module

I just hope that the people with more knowledge/experience check this channel every once in a while and help with questions. In my experience it's simple issues people have. I help people if I understand what they're trying to do

My point entirely mate, official moderation rather than relying on Joe bloggs trying to explain what he/she thinks is going on

Even just a way to make it easier to see issues people have that haven't been resolved. I don't know how it could be implemented.

I had an issue before to do with bash scripting but my request for help has gotten a bit buried. I know it's likely to be a minor error, wrong type of brackets or something, but I can't see it. If someone checks the channel now at most they'll see upto someone having issues connecting through the vpn

See I can help you with that bash scripting issue, however I probably can't help without giving a direct answer where an official moderation could guide you, feel free to DM if you want the help on this issue

I try to help here and there when I see something I can help with, but I'm going through the modules as well. Sometimes explaining to someone to help them without spoiling the method or giving it away takes tip-toes around the answer. Sometimes its tough to not give away especially if they're right on the edge of getting it figured out themselves. lol

Whew! 12 hours working on the File Inclusion/Directory Traversal. Finally finished.

congrats

someone available for windows fundementals skill assesments?

thanks edit: im good thanks anyways

how to be a hacker

++academy

hello

Can I shoot you some DMs too? I feel like my question's been lost a couple of times in the sea of messages too

Hello. Welcome.

I don't know who wrote stack based buffer overflows on linux x86, it's just a gem, very marvellous this course ! ❤️

The knowledge check on the getting started module is insanely slow. Anyone have any tips on speeding this up. Each page is like 5 min to load.

That sounds like a network issue. Try accessing other sites and see if they are slow. If it doesn't seem like an issue on your end try #613049811481919508.

I'm using the built in instance. Do you think it would be faster to just vpn from my machine? My network speed is fine.

It might be. There migh be an issue with pwnbox

To Anyone who's doing the Windows fundamentals module and is stuck on the ipconfig alias question, DON'T USE POWERSHELL ISE!!!!
Use the normal powershell as powershell ise won't show you the right alias.
So much for "outside the box"....

I have a question about the introduction to python3 module? I am having trouble understanding what the question means by type of x_coordinate

Can someone give me a hint on how to get a shell on the skills assessment of hacking wordpress. I've tried checking the plugins for vulnerabilities and trying to get ssh keys using LFI. I'm hesitant to start bruteforcing for a login

Feel free to DM me. I have some time to give you some hints.

There is a command in python to find the type of a variable, try to see if you can find it through google

It is obvious when you know it

i got it ty

could someone help me with the LFI RCE for trying to get the contents of /etc/issue?
nvm

I am looking for help with the RFI section of the file inclusion module. I have set up my shell.php file and my python server, but I am unable to get the target to connect with my machine to get the file. No requests are getting logged. Any suggestions?

are you having it connect back to your vpn ip or public ip?

I still have to solve the final module ... can I contact you if needed?

good morning, can anyone help with the Bloodhound module?

nvm.

Is the academy free?

nvm.

Hey can anyone tell me windows fundamentals module what is sddl because i got sddl but it says it is wrong plz help

stuck on the same question

why is lab 3 for nmap impossible

Hello

I have a question

Can you help me?

Fortress - JET

Question 2: Digging in...

after use dig - dig @10.13.37.10 -x 10.13.37.10

You'er asking the wrong person. I don't really have a clue what I'm doing

The link does not open for me

Ok, I'm very Sorry

No worries

😉 🙏 .

hi, im doing the linux fundamentals module, but i ran out of spawn for the pwnbox and i need it for my excercies

can i use one of my vm instead?

and if so, how?

i really need help

you've to buy a packet on the platform , at least 20 € per month to have unlimited access with te pwnbox

can i use my kali linux instead

u need to access as ssh to the remote machine

Anyone stucked on the GETTING STARTED MODULE ?

?

so the only way i could learn

expecially on the PRIVILEGE ESCALATION module , i got access from user1 to user2 now i can't excalate from user2 to root !!!

is to buy the pwbox

hey mate i pay 20 euro per month , do you think i'm stupid ?

nop

ill buy it then

yes indeed

is the best thing u could make for yourself mate

trust me bros'

hacking is like flyng

and it's not enough 1 life to learn it

You can use your own VM and VPN into the academy network as well.

@tight glen and @rustic sage feel free to dm me for help on that challenge in Windows Fundamentals. Pay special attention to the object that you need to get the SDDL for.

Oh, is there a tutorial to do that on youtube

Im doing the module “Linux fundamentals” btw, im not doing the official hackthebox yet

Do you know how to set up a virtual machine?

Im not sure about the video walkthrough on YouTube but id be glad to help through DMs. If you use your own system I recommend VM as @quiet vault mentioned.

@rustic sage you mean you want to move your uploaded shell to some other location?

think he wants to call it via url

Just remove the ?0=I'd part

To activate the shell , you have path but from that screenshot in url parameter (?0=Id) at the end is changing the path or something , so I guess it should work <ip>/path/shell.php

appears you might need to work on the location of your shell for the url. Think relative to webroot, not file-system root.

I probably should have said relative to webroot base, not file-system base, but I think ya figured out what I meant.

Ohh ok so shell is uploaded a path which it cannot access 👍

I wonder if we could test LFI here to activate that shell too 🤔

not necessarily. Where they have it may be accessible, but the URL in the request is not pointed to an accessible or existent location relative to the webserver documentroot.

if the webserver documentroot is /var/www/html for example, it shouldn't be allowed to access anything outside of that such as /var/www or /var. The url needs specify the location relative to where its documentroot is set, so someplace like /var/www/html/myfiles/myfile wouldn't have the full filesystem path, but relative to where the webserver documentroot starts.

a url with something like /var/www/html/myfiles/myfile in it translated to a filesystem location would translate to /var/www/html/var/www/html/myfiles/myfile when the documentroot is factored into it. Hopefully I tiptoed around that enough without spoiling anything.

anyone can help me about the use of "chmod" in order to do the privilege escalation ?

thanks a lot in advance

Is it possible when I finish Jet that I reach or close to the level of Pro Hacker?

neither Kevin Mitnick , after all is a pro hacker ...What would you like to be ? Please come on...

Hmm , I'm a bit scared by the challenges STACK-BASED BUFFER OVERFLOWS ON LINUX X86 . I tried a couple of techniques to read the /root/flag.txt but it canceled by permission

I hope I don't have to rewrite variables or code over the original code in the text section?

I'm a bit afraid because I don't want spoil the final exercice

why is the working with web services module so hard to understand what they want you to do -_- or is it just me!

Try running outside of gdb

can someone give me a little advice as to why my nmap is not working

if so please dm me.

I tried but same side effects, this morning I've crafted a homemade shellcode but ...
the setreuid seems targeted on time for write and I guess after I can not use a second time. But it's not clear actually for me

Hello all

hey here need a small help in academy challenges sql injection can anyone help me out

Hello and welcome!

Find a way to start a simple HTTP server using "npm". what the heck :))

as far as i know, npm is a packet manager

can anyone hint me a little bit

You can DM me if you want to, although I'll probably need to redo it

But I had the same isssue as well

Yo

Read more about npm and http-server on the project’s official docs site.

Sure, PM me

Any tips for case6 for the SQLMAP

I can't seem to set the ID as a param using diff permutations and prefixes

I have the rest of it figured, stuck on 6

And I did use prefixes and suffixes, not sure I am looking at it right

I don't want an answer... just looking for reading material into that case

Privilege escalation in getting started made me feel so dumb lol

One thing I learned is try everything even if you don't think you have access to it lol

I also gave up on using my VM for HTB academy and started to use the Parrot OS provided, Some sections of the module aren't possible for me on my VM for some reason. I tried a new instance of kali linux as well as connecting to the academy vpn and keep getting server timeouts for some problems/challenges

hello.. may I have a support from the academy stuff.. I think I resolved an question but still say that the answer isn't correct

offtopic for this channel, I think, but has anyone else had firefox performance issues with the ParrotOS OVA? Nevermind, OVA running in vbox. I changed the graphics controller to 'vboxvga', and life is a little better now.

Can someone message me about getting the proper info for this question?

Identify one of the non-standard update services running on the host. Submit the full name of the service executable (not the DisplayName) as your answer.

it wants me to use powershell

thank you for your help, just got it

what would be 2 numbers that the sum equals 1337?

Hey guys! Does anybody know if module that classifies/explains all kind of vulnerabilities exists in Academy?

I have a general question, Where should you start if you have 0 hacking knowledge

Heyy guys, I' currently stuck in the Service scanning section of the getting started module.
"Perform an nmap scan of the target. What service is running on port 8080?"

it shows the service as http-proxy. But when I submit it as the answer, it's saying wrong answer.

Someone who knows about hacking could help me please send priv I take help has in relation to social networks

If you don't know much about linux check out the linux fundamentals course. You need to know at least the basics

If you have 0 knowledge, I would suggest watching BGS...

getting an idea of some of the flow, do pico puzzles

I would begin with all Tier 0 General modules on the HTB academy

Like a good few folks I'm also tearing my hair out trying to solve File Inclusion / Directory Traversal Skills Assessment and could really do with a hint. I've read through index.php and tried a number of the LFI/RCE techniques but all to no avail. Any help would be gratefully received.

^^^^^^^ im not even jokeing, i came here for this too. @floral nimbus the /var/log/apache2/access.log poisioning using <?php system($_GET['cmd']); ?> is just not working. i have no idea why

How do I go about resolving this issue ?

Okay I think I am going insane. I'm on the SQLMap Essentials skills assessment and I cannot for the life of me find a single request that I could even begin to exploit. Every link points to #. I don't know if I'm missing something obvious here but all the forms look like this <form action="#" class="...">. Either the box is broken (unlikely) or I am incredibly stupid (very likely). Could someone give me a pointer please?

bruh

strikethrough text makes that question a little hard to read and comprehend.

I figured it out and edited the message. The bruh was the result of me discovering that I’m a moron

if you were trying to hide spoilers, you can select text when its in edit and a menu should popup with one of the options being to mask the selected text.

ah ok. lol

Is anyone able to help me on the Stack-Based Buffer Overflows on Linux x86 module? Currently on the Identification of Bad Characters section and need some help. Thanks

Aloha brand new here. brand new to everything

Welcome. Its good to have you.

hi

i just bought the htb member ship

i am COMPLETELY new to this, any suggestions on what module/ path i should learn

Hi. I need help with Skills Assessment - File Inclusion/Directory Traversal module. I can read source code and I know log file path but I am not able to read that.

<?php if(isset($_GET['log'])) { $log = "logs/" . $_GET['log']; echo "<pre>"; include $log; echo "</pre>"; } ?>

I just need to bypass this I know it appends logs string to path. So I use forward slash to bypass it. Logs are already written with <pre> tag does that affect bypass?

can someone help me resolve the issue of not being able to connect to rdp via vm even though i've installed openvpn

also i'm unable to get this question : "What is the exact name of the pre-defined firewall rule that must be enabled to allow SMB connections to Windows from the Pwnbox?". if anyone could explain me a bit in detail

hey need a hint on question 2 on Managing Libraries in Python (Continued)

is in Introduction to Python 3, plz dm

I can help. DM me when you are ready.

can someone hemp me on this
ssh htb-student@ip says connection refused

I am on linux fundamentals services and process mgt, I have connected using academy openvpn and and also tried after resetting the target

Feel free to DM me for help when ready.

How do I even get started?

I recommend you start with https://academy.hackthebox.eu/course/preview/introduction-to-academy

do you guys teach from basics ..or any material

All fundamentals modules are designed to reach someone at a beginner level, though they are meant to challenge people to apply the understanding.

thank you !

How often is HTBA updated btw? What was the latest module added etc.?

Can someone check if this is intentional, the module Network Enumeration with Nmap medium lab asks for DNS version, however the answer turns out to be a flag

i think Intro to Network Traffic Analysis is fairely new, id say a module each month roughly? maybe less

Hi, is there an academy .ovpn file?

Hi, can anyone give me a hint for SQL module ?

Login as the user with the id 5 to get the flag

stuck on this question

i can log in as tom for example , but i guess i need to use OR to log in as user whos ID is = to 5

??

Yes you can find it right near the module challenge at the bottom of a section.

do you guys have any tips for getting the ssh session to stop crashing?

i'm able to connect a couple of minutes until it just stops responding

Hey I'm on the last step of the skills assessment for Javascript Deobfuscation and I cant seem to get this POST to work. Anyone available to give me a hint as to what I'm doing wrong?

nvm syntax error. I forgot the -d. F

Hello admin ..somone from this server has changed my nickname to 'Change me'

Pls dont do this

Thanks, I figured out. I think just the module I was in didn't have it yet? A later module had the option.

File transfers module… page 2 Windows File transfers: “Upload the file “upload_win.zip” using a method of your choice. Then, RDP, unzip, blah blah blah.” I’ve tried SCP but it’s not allowing the ssh connection. Any ideas what I’m doing wrong?

then verify. name must be taggable and in English with no ASCII character. We have #rules for a reason.

[Module Hacking WordPress]
{Skill Assessment}

Hi ! I'm currently doing the wordpress assessment and I'm stuck at the first question finding the version... If you can give me a little hint feel free to PM :)

Introduction to Python: First Iterations.

From what I understood from the question, I am supposed to take the code example and replace the PAGE_URL with the appropriate target and port, and then run the file. I have done that, but I am getting the following errors.

./py_test: line 5: PAGE_URL: command not found
./py_test: line 7: syntax error near unexpected token `('
./py_test: line 7: `def get_html_of(url):'

Is there a step I am missing?

Can any one help me with the active directory module?

Hi, can someone hep me to understand, am i right or no?
Trying to fight with "File descriptors" in module Linux fundamentals, there is a question "How many total packages are installed on the target system?".

I tried this:
apt list --installed | wc
dpkg -l | wc (minus 5)

Hi

I'm new in the group

Anyone to give me a pointer on how to find the answer on the last question on the Active Directory LDAP - Skills Assessment

As a hint, the 'wc' command is 'word count'. You probably aren't interested in the number of words from the apt command. You need to add a flag to that command to get what you are looking for.

Yes, got it, thanks

Hi, you are welcome

thanks

hi

anybody help me

I asked yesterday and then went and did the final, coming back to it... I know for SQLMAP essentials case col=ID and eve with elevated level and risk its not seeing it as injectable...

any tips or am I again overthinking this one

Thanks.. I am just not looking at it right I think

Any more tips on SQLmap case6 ?

Anyone help with a nudge on the Broken Authentication skills assessment?

I just want pointers..

I passed permutations at it... but still no luck

just a question that came up with the file transfer room

what do they mean that connecting to our smb share will give us the hash?

is it the one the user enters as the password or something else

Can you hack on mobile?

I would haaate trying to type out mobile

Probably, I think you can run kali on some phones and you can use termux. I would invest in a decent bluetooth keyboard. To be honest I would look at getting something else, laptop or desktop

yo

im doing the request and response module where you use burpsuite to intercept http requests, im having the issue where the embedded browser is not supported in sandbox

i think it is because it is running as a super user or something, how would i run it as a normal user?

its ok i manually added the proxy to the foxyproxy, im not sure if that is supposed to be done like that. the module never mentions adding it, just it implies that its already made and all you have to do is click on it

Hey everyone. I'm doing the Active Directory BloodHound module and need some help for the this question:

"Using the attached data find what rights the user andrew.page has over the user wilford.stewart."

I am tinkering around with BloodHound, but I'm not sure what they are actually looking for? Not looking for the direct answer, just help understanding what I should be looking for!

Ah, I figured it out. I will answer the question, just in case someone comes searching in the future:

You need to look for the "Edge" between the two 🙂

FYI I figured this out. If anyone needs pointers lmk.

Anyone have trouble RDPing to the target in the Active Director BloodHound Skills Assessment? I keep getting incorrect user or password and I'm using the one provided! I restarted the target a few times just to be sure there wasn't some random error.

how to hack

CODM

If you're here to "hack" a video game. You may as well leave. Please read the #rules

If you still need help, PM.

The VPN connection to academy is only for subscribed users?

I cann't find it anywhere

not every module has .ovpn file for it

if there is a docker instance in the exercise you do not need vpn to be able to reach it

I was looking at SQL Injection Fundamentals

Hii guys, I'm kind of stuck with Service Scanning section in the Getting Started module.
the nmap command that I run is not outputting any ports when I scan for all the ports.

but if I specify a particular port it'll show result

This is the nmap command that I use.

nmap -sC -sV -p- <TARGET> -Pn -v

Any idea why it happens?

@astral seal -p- & -Pn tags increases the time need to scan significantly

If I don’t use -Pn, it doesn’t scan at all. Says the host is down @flint moth

ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
nmap -sC -sV -p$ports 10.10.10.27

i found this in help section

@astral seal after executing the command you can hint Enter to know it's progress

Or sometimes hosts need some time to go into working State

can u ping the host?

Error #487: Your port specifications are illegal. Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!

This is what this one outputs

let me see

THe thing is if specify a particular port, it'll return the result

sudo nmap -p8080 10.129.86.200 -Pn -sC -sV

PORT     STATE    SERVICE    VERSION
8080/tcp filtered http-proxy

no response @wary inlet

@astral seal seems like some problem with host maybe

I feel the same. I have been spawning different target machine since yesterday. @flint moth

But this site can show the common ports (not all the ports)

http://www.ipv6scanner.com/cgi-bin/main.py

@astral seal you can also use the script that @wary inlet typed if you know little bash script , one of the creative way

.

@flint moth I have tried the script. it throws an error

Error #487: Your port specifications are illegal.  Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!```

In the section "Identifying Hashes" within the Hashcat module, could someone help me with my command for cracking hash? Its taking a while but i feel like i have it right? Or could it be that i am using rockyou.txt as my wordlist?
Nvm i just need to learn how to read.

what am i doing wrong here? I'm pretty sure this is correct

This is the section Service and Process Management of Linux Fundamentals

Try simply "apparmor"?

There are 2 services running with the same description. You have to sumbit the snapd version of the service apparmor

Anyone able to help me with File Inclusion/Directory Traversal? Page 6 - hardening tips, second question… I’ve completed the whole module except this question and it’s driving me nuts. Hint didn’t help.

@icy snow have you added the system() function in php.ini file ?

I think that’s my problem… I feel like I’m doing it wrong

I opened the file with Vim, added the ‘system()’ function, and then saved it.

You sure you added system at the write place?

I added it under ‘disable_functions’

Oka , then just execute any php code that contains a system function you can search on google for it

I’ll try it again. If I get stuck again I’ll PM you. Thanks!

Did anyone else in here have an issue with intro to python first itterations? I am unable to run the code from the module, and also as a test, I tried running the site through a python tool which does the same thing, which I tested on several sites, but when I try to run it on the target:port, it always errors out. Any help would be greatly appreciated.

Hi
I try to solve the path traversal challenge. i can use php wrapper and read the index.php but now, i don't know how to get flag because i can't read other file and i can't convert /root/flag.txt to base64.
plz help me.

@gray cypress base64 , read carefully index.php , directory

Thank you
I was able to solve it.
👍

Module : WINDOWS FUNDAMENTALS
chapter : NTFS vs. Share Permissions
question : What is the name of the utility that can be used to view logs made by a Windows system? (Format: 2 words, 1 space, not case sensitive)
I have tested several usernames with no spaces and by making combinations but i can't get it.

Its not a user name that you are looking for. Its a utility in Windows. You can find the answer in the reading.

nice i succeeded

Excellent job! Keep moving forward.

So am I just an idiot or does the free tier of Academy just not work for me?

I am testing the fundamentals modules to get a feel for how the courses work, but my workstation keeps failing

By workstation do you mean your personal computer or Pwnbox?

The Pwnbox

I am just trying to get through the intro to htba course and it has now expired twice and says I have 0/1 instances remaining

Feel free to dm me for more in-depth troubleshooting.

I'm stuck getting the last cube from the WordPress module. (Shell Upload) I'm sure I'm missing something really basic here. Cans someone help me out? This is killing me!

anyone solving knowledge check of SQL Injection fundamentals would like to know how they are approaching cause I am stuck after trying to get through the logon page + the site functions very slowly

@rancid holly DM me and I can give you a hand.

Hello guys, i am stuck on introduction to bash scripting at the module comparison operators. If someone can DM i would show you what i have done and maybe u can help

If I am going through modules on HTB Academy and running kali linux do I need to use openvpn ? or can does task be completed on my network . OpenVPN seems slow making some task incomplete

Can anybody help will the Skills Assessment - File Inclusion/Directory Traversal question "https://academy.hackthebox.eu/module/23" I tried all the ways given in that topic, but still no result.

Hi, I seem to be stuck on trying to start apache2, I use apt and updated before install but I keep getting a failure when trying to systemctl start it. There are no logs. Anyone encounter the same problem on pwnbox?

Hi!
Anyone who can give me a help with correct answer format in "OSINT: CORPORATE RECON" Module? Thx!

Hi can you help me with Linux fundamentals - Filter content, question 3 ? "Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer."
I don't understand what is "unique paths"

paths that aren't equal

feel free to Dm

can anyone help with the very last question in the file inclusion/ directory traversal? I must be missing something I have tried I think everything from the course and had no luck... Skills Assessment - File Inclusion/Directory Traversal "Assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as your answer."

Thank you! I've been stuck for two days. I could solve it with your answer, but I would never have guess it.

so for the cracking common hashes in the hashcat module, for some reason, hashcat is saying its gonna take 5-7 hours to crack the hash? I feel confident in my command and what im using but idk. Ive tried different hash types as well
Edit: Patience is key sometimes

HEY!!! I actually found the reason, I think I found why my apache server wont start! So port 80 was required to be open for apachectl, but was being used be something called python 26 or something. so I killed that process to make room for apachectl. Turns out that port 80 is being use by a program to do the remote viewing for HTB pwnbox. So I guessss that I'm not able to use apache while using pwnbox and I need my own computer with a Linux distro to use the apache.service so that port 80 is open!

what does this mean?

I have tried changing permission of the file , still it shows me this or am I doing wrong or does it mean something else?

have u tried accessing the file as sudo?

it is able to access but not write

not sure what ur using to edit the file but i suggest nano or vim

anyone can confirm, apache does not work with pwnbox?

Hi, I need help at the skill assessment - file inclusion/directory traversal. Can I PM someone about it? I don't want to spoil it here.

Help me plz. I can't login in into ssh. I type the correct network name and username and everything, but it doesn't want to connect. T^T

It says permission denied

both in the sandbox and on my laptop running Parrot

I typed ssh htb-student@htb-hbh8llzzfj.htb-cloud.com and then the password HTB_@cademy_stdnt!

same here

I type "ssh htb-student@[ip-address-to-htb]"....Connection refused

I tried both the SSH and the "Start instance"

nevermind. I feel sooo stupid.. I did ssh from a VM and not the instance you start in the browser.

I also did it on the instance on the browser

It doesn't work

Any on able to help with the active directory module?

The Active Directory LDAP? if yes feel free to dm me

Hey guys

Hi

How to learn

https://academy.hackthebox.eu/course/preview/learning-process

I have been thru a TON of command permutations for SQLmap example6 including multiple prefix iterations.. I am not seeing an injectable param

Including the prefix from the cheat sheet and using )

thanks

I am just not looking at it correctly I don't think

Anyone having trouble using pwnbox on Mac? 9 out of 10 I can´t even click in the pwnbox without triggering the "paste"-option.

EDIT: Looks like it is a safari issue. Works find on Chrome

Finally passed the login brute forcing module. the last skill assessment was a brainfk

Anyone know why i am unable to access or open the vm? keeps saying error, validation failed. any ideas why

never mind.

Anyone experience issues using FreeRDP with the boxes in academy modules?

I’m working on the Buffer Overflows for Windows modules, specifically page 3. Every time I RDP to the box, it connects for 2 minutes and then auto disconnects.

I used systemctl | grep "apparmour" and I typed the answer I got from this command, and then it says it's a wrong answer!? Huh????

There's no other answer to this, and why doesn't it work?

Is it a bug in the module?

Also what the heck?

lmfao

Hello, i am new here along with new to cyber security

I was going to ask the same question... Did you manage to complete it?

Would anyone be able to help me with a very basic problem that I can't seem to figure out? I need to figure out how to find a path

... using ls?

I don't get what you mean.

Do you mean the very first introduction?

I think he meant the first intro about student home path.

I can't even connect to the ssh.

oh, I passed that

did they read the intro?

Idk, he's new

I'm also new.

I'm new, in acc

but I have old ones

Shouldn't it be /home?

It says that it's the wrong answer...

no it;s not

I think

I don't quite get some of the questions

the first question, did you get it?

Some I'm even correct, but missing and "s" at the end

Yes I did

oh

tbh, one use of Linux isn't enough tho

Also, I typed uname -a and then type the kernel version, it also says that it's wrong.

it happens sometimes

Then how am I supposed to finish this course lol

I actually sometimes make multiple accs and reanswer them

Wha-

I have like 15

Omg

I need Linux lol

I have ParrotSec on my laptop, and tried to ssh through there too.

so I downloaded Parrot OS

I also have Kali at the same time

it's hard on laptop, it's lagging so much

I'm not running it on a VM

-_-

It's fast for me tho

good, for me I have low connections

I use Parrot to replace Windows 10, because it's too slow.

I use a lot of Linux for playing XD

I'm sorry to hear that.

nah it's okay, it happens times

Well I do have problems with the modules tho

For me, it's hard to ||understand English||

I speak tagalog

For me, it's hard to understand what the exercise is trying to hint me at.

Rather, the question is hard to understand.

(I'm not a native English speaker though)

mostly when you saw the cheat sheet tho XD

that triggers me

xDDDDD

yeah it was like the very introduction to linux fundamentals. I know about ls and used that but whenever I tried to put that as the answer it said it was wrong. I simply wanted to ask in case there was something I could've been missing

You have to be logged in into SSH.

I can't login tho. I don't get why.

right and I was logged into ssh

Hey,
I am stuck on the “Broken Authentication Module”.

I am about to give up on this module. I’m stuck on page 5 “Weak Bruteforce Protections” and can’t answer question 2: “Work on webapp at URL /question2/ and try to bypass the login form using one of the method showed.” Hint: “This web server doesn't trust your IP!”.

I get the hint and used the method described in the section to change what my IP looks like in the header. I rewrote the provided python script several times, tried with hydra and ffuf, but I don’t find anything. I worked on the scada cvs to make it work with the script, used rockyou and several of the default credential lists of SecLists.

what I was specifically having a problem with was finding the path to htb-student's-mail

The problem is with the wording of the question..

Oh really?

I think.

You got any idea what it actually wants?

/var/mail/$USER maybe?

idk

I'm confused as well

or /var/mail/

yeah, I mean from what it asks I assume that it implies the /htb-students-mail exists somewhere. As to where is whats killing me

Ill try that though

I think they are doing a bad job asking questions. It's not that the meaning is isn't obvious, but it doesn't narrow the target down.

yeah, I think Im going to have to agree with you on that. Im not exactly clueless with how linux commands work and how to use them. I wanted to do this to solidify what I know of linux

same

they also have an issue of case sensitive or only one answer works

for example, I was scratching my head why I can't pass the question. It's because I was missing an "s" at the end

ah yeah

They could've add a feature, like "Oooh! You're close!"

i mean case sensitive, I can kind of understand due to bash and anything you put in the CLI needing specific syntax

Yes, but some answer doesn't need to be

Thats true

for example I was typing "parrot" and it didn't work, when "Parrot" works

it's the same os name lmao

lol

right, I have to go to sleep

It's 0:26 now in my country.

bye

ah yes bye bye

Sorry, my English got weird there lol.

that is okay

I found the answer by the way

you were right about /var/mail

So they are bad at giving us instructions all along...

Bye

Have a nice day/good night

:)

Anyone willing to explain to me what the question in "Take Control of EIP" in STACK-BASED BUFFER OVERFLOWS ON LINUX X86 means? I tired reading the registers with gdb and stepped through the program using the different values as it progressed but no answer seems to be correct. I'm sure I'm missing something and would appreciate a nudge. Thanks 🙂

anyone who can give me some help with "OSINT: CORPORATE RECON": "Cloud Storage" or point me in the right direction?

Greyhatwarfare maybe

feel free to DM

Hi, I am stuck at Introduction to bash scripting - comprasion operators, could someone help me? I cannot find what's wrong in my code. I am trying to solve this question for 2 hours now.

I asked this a few days ago, but got no responses. Figured I'd wait to see if any errors were cleared up, but I still have the same problems. Original questions:

Anyone have trouble RDPing to the target in the Active Director BloodHound Skills Assessment? I keep getting incorrect user or password and I'm using the one provided! I restarted the target a few times just to be sure there wasn't some random error.

I'm getting the same problem... Completely stuck on question 2. I've rewritten the python script, tried hydra and several different PW lists, but I'm not getting anything.
Since the hint it This web server doesn't trust your IP!”, I would expect some message on the site saying that the IP is invalid (This is a training module after all), but all I'm getting is "Invalid credentials."
Can anyone give a sanity check or nudge for this?

tbh, it is wrong tho bc the question was supposed to be easy and understanding
keep reading the question and get the supporting detail of it

the first question got me fooled tho

Ah yeah, That's what I was thinking as well. Oh well, this stuff is good and all but I suppose there are still things that could be refined

have you found the answer yet?

yeah I found it

but there are many questions like that it seems within the starting linux modules

yep, do you have your own Linux?

hmm no not really

Ive got vmware and downloaded the linux vm but I somehow messed something up and gotta redownload it

Ok, got it to work. The username & password don’t matter at all. You can just use curl.

The answers are easily findable without guesswork

Hi, could someone please explain to me what do they want me to do in introduction to bash scripting - flow control - loops? i don't understand it. They want me to encode one variable 28 times, but how do i get the 28th hash? I am encoding, not hashing.

get it to print out the result of the 28th round of encoding

and then get the lenght of it, and assign it to the salt variable?

i did that, and it says error bad decrypt

but thanks anyway

confirm your script is working as intended

if you are getting bad decrypt then one of the values you are using is not correct

I still cannot solve it, i've even tried to bruteforce it, but still couldn't get the right salt, i am doing something wrong, but i don't know what.

Focus.. I just did it

Read closely thru the script, your for loop... Your encoding

Its doable

To anyone struggling with "Broken Authentication": PM me, I can provide guidance.

Anyone have trouble RDPing to the target in the Active Director BloodHound Skills Assessment? I keep getting incorrect user or password and I'm using the one provided! I restarted the target a few times just to be sure there wasn't some random error.

you have to wait 5 minutes until the target spawns because its loading an entire lab in the background

...For the password to work?

The RDP window launches fine, but I'm being told that the login information is incorrect.

targets need to be configured properly (by the spawning process) before you can use it. if you interrupt it or try to connect it might cause an error

I am waiting until the target launches.

you need to wait 5 minutes

@drifting knoll I've now tried logging in every 5 minutes from your message. Maybe I am not being clear about my issue.

The RDP launches and Windows says "The user name or password is incorrect. Try again."

did you copy&paste the password?

Yes

try to type it manually

I have done that as well

can somebody help me with using my own machine for the modules on HTB academy?

@glass quail You need to download the VPN key to use your own machine.

where is that located? I know how to do it on my HTB account but not the academy one I'm not seeing the option .

^^

It's usually on your account profile page, but you can also download it while you are in a module. There is an option in the "Questions" area that says "Get VPN Key"

can I take picture to show you what I see? I'm on the module javascript deobfuscation at the end and haven't seen it.

In my experience, some of the modules do not show the option. It's kind of lame, but I try to work around it.

Ok thank you it's kind of annoying because the machine isn't persistence

Hi hi! i need some help with Stack-Based Buffer Overflows on Linux x86

the skills assessment, im so stuck

:S

Without giving it away any wordlist suggestions for the the HTTP auth

for brute-forcing

The Default Ftp one was my next guess

Hi guys,
I'm kind of stuck at the getting started module in the section Nibbles - Initial Foothold. I see that the source code contains /nibbleblog/ in comment. But I can't navigate to /nibbleblog/ from my browser. Strange !!
But I can navigate to /nibbleblog/admin.php

Is the box buggy??
Any insight on the situation is apreciated. Thanks

No.. the box can be done

I guessed but can anyone explain how you can determine this because it's not explained in the module

10.129.196.113 Check this IP

Just need to be creative about getting your shell onto it

http://10.129.196.113/nibbleblog/

The|| ttl|| gives a clue about what OS is most likely used. Thought that was mentioned in the module..?

I didn't see it specifically unless I missed it completely