#modules

"top 10 news today" might be from a "newsprovider.php" page accessed like https://blabla.htb/newsprovider.php?source=cnn etc

many thanks for the help, i appreciate it, have been pulling my hair out for days

(there would have to be some javascript magic going on then, so one thing you could also check is what websites are being accessed in the Network inspector in your browser by pressing F12)

are you doing the skill assessment?

yes the skill assessment

ok

the last one, right?

yes the store website

ok

@valid oxide did you learn about blind SQL injections in the module?

If so, you're in luck

well...

@valid oxide A way to look at it when searching for injection points is to remember how webpages work with databases. For example if you are browsing a store and input how many items you would like. It has to communicate with a database to do that so those inputs are going into a database. Products, number of items etc. When you selecting items and adding to cart and inputting your shipping details. Those are all going into a database. Thats why using a web proxy is very handy as you can have it running in the background and comb through the site and see all the points at which data is being sent to the backend. Start at the home page and click every link and then test every single input for sql vulns. Visualize what is happening behind the scenes when you browse. That helps me to spot the chinks and potential exploit points.

true ^

if this step requires what I think it might require though, it's mean 😂

No, I remember doing that module months ago and when I found it, it was obvious. The answer is in the modules so its not super sneaky or mean, it just requires finding the input

Honestly its the assesments I get stuck on that I learn the most

They are the ones I never forget the lesson haha

what does format 1.22.3 mean

ah then perhaps I am instead the one who's blind

"I aint wasting another week of my life because of that!"

🙃

i gotta find the kernal version

of the linux on the machiene

how i do that

uname -v?

@high zinc I found it via combining with a web proxy if that helps.

@sudden summit how do i find the kernal version in format 1.22.3

I was just trying to see if I could help trouble22 before my bedtime, but it turned out to be a bigger task than "just like that"

so maybe what I found isn't the easiest approach

check the man page for uname

@sudden summits thankyou for the help and methodology. Guess I'm moving to burp for this and clicking every button.

google the manual for uname

i did

(or type man uname)

and i got it

@high zinc you helped me to think a little more outside the box good sir

but idk what to type

all good. Now I gotto take my dog for a swim!

the question is find what kernal version the system is using in format 1.22.3

wait, did you log in?

no i just left for dinner, I'm going to restart the assessment and start poking around with burp

ah ok

@sudden summit can I DM you about my theory? It might be overkill but I'm rather curious if it's the right approach now lol
edit: you seem to have left already, never mind then 😄 I have to go to bed - have a good one

@sudden summits man, I found it....thanks so much man! This was stressing me like no other

@high zinc I cant give you any more info without giving the answer.

@valid oxide haha well done. Now you will sleep tonight

..

@valid oxide unfortunately no

I need do a GET from a website with 2 arguments who do the sum of numbers 668 669 to do 1337.

And he ask to me a password.

Are You the one I am thinking you are ?!??!?!?!?!!?!??!!???!!!!

I hope I feel that way after practices too

?

Cry0l1t3@htb

In the Linux Fundamentals Module?

yes

The one and only

Who can help me ?

Redo the section and read it carefully

I did that 5 times...

They have a code here but HOW ?

read about Basic-Auth

Thx :).

I don't understand how can I do it...

[Academy | Using Web Proxies] Repeated Requests - Can anyone give me a hint on how to do this? I know it is not in the same directory, but i cannot seem to find the "other flag". Help!

arghhh...... i found it.... thanks guys!

i think theres something wrong on broken auth module in bruteforcing cookie question 1 , not sure if im doing it correctly

I haven't done that yet but it looks like you are using the wrong cookie?

My vpn is still not working whats going on

Do you get any errors?

i get tls error

Can somebody help? I'm on "Using Web Proxies" - Skill Assessment. And I'm stuck with lucky.php. I erased "disabled" on button, and got getflag=true, but still isn't showing any changes on the page. Any nudge?

As the question mentions, you have to click it many times until it reveals the flag. To do so, you'd have to find a way to have the button automatically shows with refreshes

Thanks for the guidance!

Hi folks. Sorry to bump this. Still stuck. I must be doing something wrong as the effort doesn’t seem right on a easy module?..

Any tips for the XSS assessment? Can't seem to find the vulnerable parameter..

if i remember this q right, try to make a custom word list for passwords instead of rockyou

Use a proxy to find out where a vulnerable parameter is hiding

DM me if you are still stuck on XSS module

which part of the module is this under?

yo guys

im on the login brute forcing module

username brute force section

Try running the same exercise on the question from the previous section, to learn how to brute force for users.

this is the querstion

the password i obtained in the last section was ||admin||

so all i have to do is

||hydra -L names.txt -p admin -u -f 139.59.183.98 -s 30966 http-get /||

right?

bruteforce for names and put the password there

this isnt working

i randomly tried entering ||admin:admin|| in the ansewr it worked

but for command

it doesnt work

also i checked the names.txt it does have ||admin|| in it

dm

Proxies were not used in the module, so it's a bit weird to use it for the assessment

Hi I am on the intro to network traffic analysis module. I am in the last chapter - live capture and analysis. I captured the traffic in the lab and found the name of the employee. But I do not find the name of the image. Is there anybody who has a hint for me?

Not sure how to proceed but the very first "instance" you interact with on Web Requests - Requests/Response in Getting Started. The FoxyProxy Firefox extension doesn't have any preassigned Burp proxy ip as per the assignment. Just shows three buttons. Any advice?

I'm having the same problem. Can't even retrieve the flag. Nothing makes sense in this exercise. Can someone shed a light ?

Yahel105 found the solution for the urlform not being removed but else to retrieve flag what did you try to do atm? Can pm me if u want

You can configure a (new?) burp proxy setting in the plugin by adding a web proxy and putting 127.0.0.1 as the IP and 8080 as port

I solved this issue and I HATE this problem lol

Now I understand what they meant by "chance to get"

hm

Thanks for this! The proxy you suggested worked. 👍

coding...

Hi, i am having issue with hydra bruteforce module, in skill assesment website. Need to bruteforce http login with b64 but not sure how to define the parameters.

@hexed tartan Did you mean "Login Brute Forcing module"?
If so, do not care about that B64 field and do what was taught in the module (hint: remember the http-post service that Hydra can brute force).

that module yes, first question. it's using basic auth I guess so i am going with the http-get module. I assume the request gets converted into b64 by sending plain text bruteforcing to the /

@hexed tartan DM me

Skills Assessment -Service Login - I have also here problems. I did everything like in the module described. Does anyone can help me?

@obtuse terrace DM me

hi, could someone give me a hint with local file inclusion please?

@modest trench DM me

Hello, I'm having a technical issue with my Openvpn configuration, could a staff member perhaps helpme ?

You'd have to contact support on the main platform through the "chat bubble" thing, in that case

alternatively try asking in #613049811481919508 and see if anyone's able to help debug the problem

Thank you very much.

hey

is anyone able to help me with the firewall and IDS/IPS evasion

I been stuck for about a day

o.o

some one can give me a hint in the question of "Using Web Proxies - Skill Assesment"

Should I intercept the response with each cookie generated with the reverse method?

did you manage to decode the cookie to uncover the methods of encoding?

this cookie?

once that is done, you can use that 31 char as a prefix to the seclist. and then encode them as part of the attack.

hey bro thanks i get it! i am happy

can anyone help me with a question?

its a simple one, i keep trying to ssh back into the target since i have had a break in college classes and decided to continue studying htb and i keep messing it up

i thought it was $ ssh htb-student@(insert target ip) then press enter, then press yes, then enter password but i keep getting it wrong

any help would be highy appreciated, because i just finished the networking module, and i need to remember how to ssh into target to finish the nmap module

if you are connected via vpn do a ping at the target system ip. If the ping is succes maybe is the way you put your ssh command and if no conection in the ping is your vpn

by chance do you have the time to dm and walk me through barnie style so i can un-fubar myself?

o.o

anyone

😦

not looking for the answer

just some guidance

id help but it is way beyond what i know, i am sorry

Firewall and IDS/IPS Evasion - Easy Lab

in network enumeration with nmap

what is Your problem?

the OS dectection

for the easy lab

its like nothing I learned in the seciton is he.lping

*helping

so far, the flags I've used

are -sS -A -O -sT - sC -A

often times together

utilized them one the open scp-config port as well

tried to netcat connect as well

its clearly a Linux

OS

but the answer section isnt taking it

btw have You tried -sV?

apologies guys

i figured out

i feel stupid lol

it was ubuntu

the whole time i've typing in Linux Ubuntu

broken authentication - predictable reset tokens

where i am doing wrong ? any nudge pls

@gentle herald It sais it can be within a second or two give or take so you may need to brute force the cookies within those times

but md5 hash of htbuser should match to that of website right ?

yeha.

You wont ever get millisecond perfect precision on two computers

hence always adding buffer to payloads that work with millisecond accuracy

ok

got it

hi i am in linux fundamentals and the workstation i spawn does not allow me to follow through with the module such as install using sudo command as i dont have the permission to do so.. can someone help? am i doing somethjing wrong?

in broken authentication , for cookie tampering , i was unable to get the flag

pls help

import requests
import time
import base64
import binascii

timestamp = int(time.time())
cookie = "user:htbuser;role:superuser;time:{}".format(timestamp)
sessid = base64.b64encode(cookie.encode().hex().encode())
#print(cookie.encode().hex().encode())
headers = {
    "Cookie":"SESSIONID={}".format(sessid.decode())
}
#print(headers)
url = "http://188.166.173.208:31544/question1/"
r = requests.get(url,headers=headers)
print(r.text)

It its telling you, you dont get a flag with the role superuser

Hi guys, i need some help in the "Skills Assessment - Using Web Proxies" here what i tried to get the flag from the /lucky.php page :
1-enabling the button using javascript.
2-intercepting the POST request using burp proxy
3-send it to intruder in order to repeat the request and wait for the length of the response to change indicating the flag has returned
but doing all that resulted in nothing and after 400-600 POST request the target crash

why do some but not all exercises have the SHOW VPN KEY thingie

/ are those keys for specific exercise or academy wide

do you mean "GET VPN KEY" ?

ye

For some modules its necessary to connect to HTB's network either from the pwnbox our via academy.ovpn

some machine allow access from the internet as long as you have the IP and port number while some machine are hosted in a private network which require a vpn connection to be accessed , so they provide you with a vpn key to establish a vpn connection

didn't realize the exercises without VPN key were publicly accessible

You need to make a match automatically change on request part. And keep on clicking with faith. It gives you ‘chance’ to get flag.

You don’t need to use javascript to enable it. Just use Burp to change response automatically as you learned on module.

yeah i figured it out , i was using intruder thinking that if i keep sending the same post request i will get the flag but it turned out i was crashing the machine , so i did it manually and got the flag, thanks for the response.

Good to know 🙂 good job

module Web Requests Task in Post Method.
I have no idea what I'm supposed to do here
||I found the username in the token, but dunno what to do with the other half||

Hey, any1 there who could help me out with the last question on Active Directory LDAP

What non-default privilege does the htb-student user have?

Not sure what i am looking for, at least not for userAcountControl or User's domain privileges ..

I'm stuck at the same point and have no idea what to do

Not even sure what to post in the flag

did you get any further?

@uneven parrot @rustic urchin DM me.

Hello! I am stuck in the Hacking Wordpress module, Remote Code Execution (RCE) via the Theme Editor section. Successfully done the RCE, but I can't find out how to open the "flag.txt" file in the home directory for the "wp-user" directory. Could someone help me with this?

Guys hello

I have a problem, I faced a problem in xss module chapter session hijacking

I can’t spawn the target

It’s keeps saying that target is spawning for 5 minutes now

I think that is a bug. Where can I ask for help ?

Did you try refreshing the page and then trying to spawn it again?

Yeah I tried multiple times

I also change chapter and tried to spawn target for the specific sub and was working like normal

Anyway I log out, login again and I spawn finally the target

I am trying Stack based buffer overflow Windows module, as per the question the program in document directory should run as admin, but after running it I am unable to encode the exploit wav file generated ... is anyone else facing same issue? ... any suggestion of resolving this?

Follow the instructions in the section, and only use the admin one when you have a working exploit and payload

the module itself provides a working exploit ... I can update it but the problem is when I click on the encode button the window doesn't display the wav file which got generated after running the exploit

I see.. it's probably displaying the administrator folder not yours, so just place it in a different folder that is accessible by both users

Also, make sure that the exploit does work, as the one provided in the module will not necessarily work on your specific vm/situation

ooh ... thanks for this ... didn't think of this 👍

Thanks for the help @mortal basin ... your advice was to the point got the flag

hey! did u manage to get it? i'm pulling my hair out on this one:((((((

would really appreciate a hand with Bruteforcing Cookies q1 of Broken Authentication please....

hi, i have a problem, i find the erika credentials, i try a reverse shell with backend editor in wordpress and with metasploit the same, but i don't know how resolve this question: "Obtain a shell on the system and submit the contents of the flag in the /home/erika directory." someone can help me? 3 days on it and nothing 😦 p.s. sorry for my english

and another question is "Submit the contents of the flag file in the directory with directory listing enabled." i don't find this flag i searched in all directory of the vulnerability plugin but nothing, what's my error? thank you so much

Hello, I have a sneaking suspicion there is a misconfig in the Academy LDAP course. Who should I talk to about it ?

If you’re still stuck, DM.

The author should be listed on the module.

hey. anyone working on the Windows fundamentals? I'm having issues with the skills assessment adding the new user and security group becuase I dont have the required permissions.

Thank you sir.

Can anyone help me with "Intro to bash scripting" module? I'm quite terrible at this, which is why i need to improve. Already struggling at this first question.

You can DM me if You are still stuck

@rustic sage I'm stuck at the same part. Any clues to push me in the right direction? I'm sure I'm missing something obvious but I can't find the other flag.

still stuck , will try today

sure
today will try , if stuck, will dm u

The wording of the exercise is "a super user", not "the superuser". Did you try another type of role like "admin" or something?

yeah tried admin , htbadmin

will try super user

Odd... I wonder what it expects

@inner breach This question is better suited for once of our other channels. #hacker-lounge #red-team #homelab-sysadm

I didn't get you

Ohkay! Got it

Ask your question in one of those channels

Okay

But that was a question from htb academy. Am i not supposed to ask here

It did not seem like an academy related question.

Well it was i asked that in my way and didn't actually copy paste the question directly. It was of Windows Fundamentals last section

https://academy.hackthebox.com/module/49

stuck in the last section of Windows Fundamentals. 1st, 4th and 5th qn. See if anybody can help! Thank you

Hey im doing #Login brute forcing with hydra - skill assesment service login, i cant seem to access the machine i spawned

im supposed to brute force ssh but i cant seem to access the machine through cli ssh

check ur vpn and make sure u use -t 4 flag so not to overload ssh with requests

im using the pwnbox

do u get any errors or anything? could you pls elaborate on “can’t access”?

Ping fails, cant access the website through web requests (404), ssh not responding

the spawned ip is a public one

ok probably a stupid suggestion buuuuut did u try resetting the machine……. mb couple times, coz it rotates ips i think

and if that’s the ssh q, there won’t be a website

Yes i did, tried it yesterday and the day before

and when u say ssh is not responding u mean something like it just hangs on u when u try to login right?

so no errors at all

i have a username i found on the previous section, the question asked to use the before obtained username to login to it

yeah, but when u try to login, do you get something along the lines of “invalid credentials” or does it just hang?

oooookay

my bad..

i didnt use the provided port to log into ssh

i thought its on the default port

thanks j00mb

ahahahhahaha

no worries

again, make sure u use -t 4 flag with ssh and feel free to dm if u’ll need help✌🏻

thanks 🙂

but the -t 4 flag is just for "faster" brutforce, no?

u use -t flag to specify the number of threads (requests in parallel) to run, i think the default one for hydra is 16 (u can check in —help)

the problem with ssh is that most of the time (by default, pretty sure) it allows only 4 simultaneous logins, so if u’ll send 16 requests, 12 of them will hit the wall and u’ll get a bunch of false negatives

so in this case it’s a “slower” brute force haha

Ahh i see! didnt know hydra had that as default, thanks 🙂

anyone having problems establishing a VPN in the Academy

I get the above screen

have u tried redownloading the vpn file?

i have tried several times, i have been using vpn for months in academy

i have no problem using vpn on HTB main site its just the HTB Academy its not working on

Any issues with the Wordpress Module, one minute it responds the next it doesn't, very erratic behaviour at the skills assesment

can't spawn a target the XSS module, on the page about phsihing. Have tried multiple times today, as well as yesterday.

Im stuck at Brute Forcing / Skills Assessment - Service Login can anyone give me a hint

Skill Assesment LFI Got RCE but can't find flag any hint

I have an account on, hackerone, how do I get,domain @wearehackerone.com, from hackerone

In XSS Phishing, i'm getting an error saying "Issue in sending URL!"

My payload url works locally

Skill Assesment LFI Got RCE but can't find flag any hint

RCE you can apply command

Read page phishing another one

I can't find flag

Search with command find

is any one on Web Attacks:Error Based XXE?

In Network Traffic Analysis, all images appear to be unavailable (and i get a 404 not found if i check the url of an image)

Bypass filter , In order to use it

Hello - Do i need to use pwnbox for Academy module learning? Can I not use a VPN similar to HTB?

Yes you can

same

a week already

I dont see anywhere to download vpn like in HTB, anywhere specific?

That I don't remember sorry :/

I would expect it to be in your profile

Or maybe on HTB platform access page

Thats where I thought it would be, but nope.

The HTB one doesnt give access to the Academy targets

Do note though that the docker containers can be accessed without a VPN

if you can use vpn it looks like this

E.g. targets with ip:port

cool, thx!

you're welcome

Unable to get flag

Got it😂

https://academy.hackthebox.com/module/77

anyone hint?

im on second flag

tried logging in using -i

i can read /root/.ssh/id_rsa

cant download it either

tried chmod on id_rsa

daaaamn

this was nice one

I'm having trouble with the File Transfers module. I am on the Linux File Transfer Methods and its not accepting my final answer after i use " hasher upload_nix.txt". everything seems to be right and it worked fine on the windows machine. Did anyone else have problems here?

OMG! I didn't know this until I read it from you! This is a bloody game changer....no more buggy slow pwnbox!

cat the file and copy it to your own machine??

I'm doing the Linux Fundamentals module through a VM on my own machine

I'm asked to SSH into a box

but the IP is not provided

How do I find this?

It's the Service and Process Mgmt section, if it matters

There should be a "Start Target Instance" link or something you can click which will start it

I'm using a VM on my own machine

I still need to do that?

?

Yeah you need a target spawned that you can SSH to

Not the Pwnbox

okay, I've spawned it.. so I just find the IP via the CLI now?

Like here:

Are you on the VPN? If so, yes

Man, I'm confused

I have VM, I downloaded the opn file, launched it via CLI on my VM

I've launched the box in the browser

You need to be on the same network to SSH to a machine. One way to be this is through a VPN

I have the vpn key and am connected

It will look something like this if you're able to download and use a VPN file to connect, when doing the exercise:

I just don't know what IP to connect to via SSH

Yes, I've spawned the target from the web page

I have my VM active

I've connected via openvpn

I still don't understand where I'm supposed to find the IP address to ssh into

Ok, the target IP is at the same place where you clicked to spawn it, the text has refreshed to an IP

Connected to htb-jmxghsyx28fdfddmfn.htb-cloud.com:1 (user296318)

?

You see where it says "Click here to spawn......." In the pic i shared above?

I see no IP address

Yes

That will change to "Target:" and then the address

There's no IP address anywhere on this page

Just that address I listed

That's what the target button area changed to

Can you share a picture please e.g. In dm?

Yes, thank you for your help

yap i got it eventually

I had issues and I know my url to submit was correct, but what i did copy the url to paste into a new browser screen, then I copied the url from the browser screen and pasted into the input field and this worked for me. I think if the url have has any hidden control character like colour coding then it will fail. Give my method ago and hope fully it works for you.

Did you find answer...I also try like you many combination 🙂

try with sudo

Anybody there?

I need a help

Academy ; Getting Started: Privilege Escalation

--help

I'm totally confused how should I escalate my privilege from user2 to root

Stuck since 2hrs

Nevermind! I got it!

Hum

Stuck on Login Brute Forcing - skill assessment, service Login. On cubb, I just set ||"Harry" and "Potter"|| as they advised, and then proceeded but seems like its not working. Taking way too long. Could someone give me some advice if I'm doing it the right way? I'm just not sure whether I should just give variation on cubb or on the totally wrong path.

im doing exactly the same as u depth

also keep in mind to mark spoilers

Thanks birdd 🙂

Did you got through?

no problem, no i did not yet 😦

@bright drift ill just add this guy cause he helped me already with it

i dm u real quick

Hi guys, Please help me, I am stuck 🙂 module Bash Scripting - Comparison Operators

Create an "If-Else" condition in the "For"-Loop that checks if the variable named "var" contains the contents of the variable named "value". Additionally, the variable "var" must contain more than 113,469 characters. If these conditions are met, the script must then print the last 20 characters of the variable "var". Submit these last 20 characters as the answer.

I got it, had it backwards >.<

Hi guys, i'm trying to run freerdp, but i have an issue, someone knows how can i solved? MacOS BigSur 11.6

so hey I did a complete file list of the second module of using web proxies...

I am NOT seeing a second text file at all

Try using request repeating to be able to quickly test commands. With that, try looking for the other flag... and I know from the hint it's elsewhere.. doesn't show in a recursive listing.. am I missing something

ip=2; ls -ltR /var/www/ | cat * | grep HTB{ No strings even match the HTB format even checked recursively

Thats why I was trying parse all strings thru grep... I will see what shows up in root

got it

good job 🙂

I saw it.. was trying to cat it out of / root thinking thats where it was

Hi everyone! Got stuck on Skills Assessment for Hacking Wordpress module. The very first question asks for WordPress version number, however the target provided is not running WordPress. I found a link to blog.inlanefreight.local in page source, but that link is not working. Any help will be appreciated

Was able to resolve the problem by editing hosts file

Hello

You will end up editing hosts file a lot for Vhosts

It's s a common task for resolving machines

and setting up your environment to work on targets

I need help with phishing section on xss module.. I know which payload to use but I am just having a little trouble with it. Has anyone complete that module ?

anyone help me with this

still pretty stuck here. If anyone could give me some nudge, I would appreciated it.

Which module is this ?

I keep trying to reset target however, it keeps telling me target is not available

You are connected with htb vpn ?

It seemed like an issue with the target host IP, i closed out page and reopened and spawned a different host layer3 address and it worked 👍

great

Did anyone encounter a problem with the "Command Injection/Identifying filters" module question ?

I am stuck on this question in "Intro to Network Traffic Analysis Module - Section - TCPdump Fundamentals"

This question

Can anyone help as I have answered all the other questions and just stuck on this one

I have tried
-r /tmp/capture.pcap -X
-r /tmp/capture.pcap -XX
-r /tmp/capture.pcap -nnvXX
-Xr
-X -r
Many others also

Yoooo. Did you get through. I'm doing the exact same and nothing is working. I'm going batty trying to think of what I'm missing.

nope. still stuck.

@rustic sage @tidal compass DM me.

Just got this! Thanks!

Thank you all kind humanbeings 🙂

just to check, did you try with “sudo tcpdump” as part of command?

Thank mopikao your suggestion worked !!!!!!. Bloody awkward question !!!!

Hi ya, I'm stuck on the last question of LDAP ENumeration course. It's asking for the non-default priv on my user

I'm quite confused of what it's looking for here

I'll appreciate any help

Did anyone find the answer to this question ? I'm stuck too.

Hi everyone, im kinda stuck on the LFI/Dir Traversal module in the first questions, i managed to get the name of the user that starts with 'b' but on the second question asking me to find the flag in the directory usr/share/flags i cant manage to get to that directory using any kind of path traversal they showed at the intro to the module, if anyone can help i would much appreciate it 🙏🏻

#rules

??

hay

help me

Token Authentication Error!
Please Contact a Discord Staff Member for Assistance.

You should maybe write in #613049811481919508 Here you'll only find help for the HTB Academy modules.

You can DM me.

Sup dudes, can someone help me with this question? I think i know the answer but i don't know if im formatting right
Ping/PM me

I will give you a hint in Lotro terms, you have no power here gandalf grey

Did you figure it out?

I had the same problem with the same question

can't spawn containers on WEB ATTACKS course

anyone experiencing the same?

Hi! give me some hint pls. My md5 result is not matched for site result. I do not undesten why.
07-10-2021 10:32:17PM

md5('htbuser1633645937000'.encode()).hexdigest()
'0e6a211611ead90eadfad8887685b430'

Site:
Your token is: a050d796375d388090dc6b1175b54e06
And has been created at 2021-10-07 10:32:17pm

anyone have trouble with the getting started module? been trying to connect to the smb service for logging in as bob, the password listed in the page is not working for some reason.

With the wevtutil, are you just passing in commands to ideally be undetected by the SOC?

because, from what I am reading online, it's just covering your tracks and disabling the event logs and so forth.

you done with it ?

i could give a little hint

If taking down the DNS and asking the client for permission, you would require the client to agree and sign wouldn't you? (Windows Priv Module)

I'm still stuck on the ssh brute force module. I ran cupp, then username generator. Then ran the hydra ssh brute force command, annnnd every time I get a "could not connect to ssh..... timeout connecting to (ip)" error. I'm sure I am missing something . I'm using my own Kali machine and did not see a vpn key for this module which I swear I've seen in previous modules. Any suggestions/hints would be appreciated.

Just tested and everything is working as expected. Are you still having the same issues?

Hi I am doing brute foricing module. Anybody knows if the last two questions assume that the employeer comes from previous tasks or we need to find out via enummeration?

Nope, it was just a temporary glitch.

yes, did you solve?

Stuck on the Broken Auth skills assessment could use a hint.

Yes, you can DM me for hints.

I'm stuck with the command injections module skills assessment. Anyone willing to give some hints ?

yo guys

im doing the login brute forcing skills assessment - website

i did the first question

for second one

everytime i run the command it generates a new passowrd

||hydra -l admin -P SecLists/Usernames/commonAdminBase64.txt -f 139.59.183.98 -s 31511 http-post-form "/admin_login.php:username=^USER^&password=^PASS^:F=<form class="form" autocomplete="off" action="" method="post" name='log-in'>"||

i checked login parameters from network tab and checked the <form> tag as well

Hi guys, do you know where can i download this "common.txt" ?

the F parameter should be literally as appear in the web. Is not required the entire line. Just the relevant text that makes the difference to identify a failure.

hi, if you have Kali you'll find preinstalled at this path. However you can download SecList which is nuch better. If you use parrot I'm not sure.

Guys , i am in the skill assessment test - web Fuzzing , and i am trying to get the extension of the domain and the subdomains but when using two words one for the name of the directories and one for the extension it takes too long. is this how it suppose to behave or am i missing something because i have 3 sub domain and the box will terminate after 80 minutes

if you try a simple ssh can you connect to the machne?

in this module the ssh use specific port. Not the port 22.

Perfect thanks mate

Hi guys I am currently doing windows fundamental and I have spent more than 1 hour on 1 question that is in the skill assessment part. List the SID associated with the user account Jim? and i did not get anybody named jim in the sid user list

wmic useraccount get name,sid I have used this cmd

can anybody able to help me out please

Hi, Bro! Pls, give me some hint... Why my md5 result is not matched with site result? I use md5('htbuser163364593700'.decode()).hexdigest(). Date is 07-10-2021 10:32:17PM. my be timestamp wrong? 🙂

Nope, still stuck😕

Its pretty much the same as the first question, but you're not trying to view the directory, you are trying to view a file on that directory

I only have user name, not password so I wouldnt be able to ssh into the machine.

I ment if you try it (ssh user@<IP>), server response by requesting password?

Just got in. I have this habit that launching this hacking journey is quickly breaking. lol. Skipping over details. I've been trying to brute force ssh the server with port 22. Because...well...that's what I've always known. It didn't even occur to me that possibly the ssh port could be non standard on that server. wow. I feel dumb. I ran hydra again and used the port given in the target that's not 22. 18 seconds later, password found. lol. Thank you everyone for your help. This community is awesome

Learning to think outside of the gox IS KEY

and I skip details

i just copied the entire <form> tag from page source

it still gives the same thing

Any one is working on "Login Brute Forcing" Skills assessment - Service Login? DM, please. The question is quite ambiguous, for me. Need clarification. thank you

Hope you got through this, but if still stuck, dm me

I did, i just used the box provided in the academy and got it

good job bro 🙂

Hi. Im stuck on a challenge where im requested to answer how many total packages are installed on the target system. Im logged in via ssh. I've tried thesw commands: apt list --installed | wc -l .. dpkq-query -l | wc -l .. dpkg-query -f '${binary:Package}\n' - W | wc -l .. apt list --installed | grep systemd | wc -l .. They all show different results witch are all wrong. Anyone wanna help me? I appreciate explanation as well. Thx 😄

which module are you in?

Linux Fundamentals @rustic sage

sorry can't help ;-; not there yet

Okok thx anyways 🙂

Try subtracting 1

it's my guess anyway

apt list --installed prints a Listing... message before dumping the output, so wc -l on that would be 1 off

(or pipe grep -v 'Listing' in between the two commands)

I got it using apt list --installed 2>/dev/null | grep / | wc -l

Thanks for answering @high zinc 😄

lol

nice

U are right though.. Makes sense to. Even if I used another solution it would have listed the correct answer. Got a bit smarter by your answer!

Hello everyone! Can anyone help me with the broken authentication module Predictable Reset Token? I can't calculate the md5 hash for htbuser. My md5 hash result is not the same as the site's result. For example, site result:
Your token is: e764bc6a669ed0c140b0cd59415d4686
And has been created at 2021-10-08 04:52:40pm**
My result is:
2021-10-08 04:52:40pm = 1633711960000 (calculate timestamp)

md5('htbuser163371196000'.decode()).hexdigest()
'a96ae9bfd818dd8ad0fc27b54f0f9caa' I need help 😩

anyone willing to help me a little in phishing XSS module i figured out the payload but i am confused on what should i send in send.php i am getting an error "Issue in sending URL"

sure dm me

Hi, is this Question bugged? Everything I answer seems wrong, there is no way that all of my answers are wrong. Its also new thats why im asking

☝️ Its the Task 4 in the "Appointment" Machine in Starting Point(Tier 1)

Hello, did you manage to solve it eventually ?

Ye i was malding

No, I stopped doing that "Machine" and did the next 2 "Machines" which were ez af anyway

its all about that god damn question

I found the flag but it's not accepted. Strange. Has the right format though...

I've got it now, everything's fine.

huh

i join this server for no reason

Please if you provide me with a hint as well i've also tried for awhile now and have attempted many modes

any hints you could provide for this problem??

I am also stuck at this question. Not sure what they want you to type there.

Hi, for the flag.txt en directory listing, you have to search in the directory "target/wp-content/uploads"

for erika flag im in the same situation looking for it, if you find the way please tell me

Hi for thats people thats are doing "Skill Assessment - WordPress" and dont find any wordpress instalation in the target, you have to look the source code and find other domain that reference to a blog, you have to configurate the hosts file adding this domain to target ip, then access to that url and you will see the wordpress. Hope this info help you

it exist, but it is hide try with this "wp-content/uploads"

im trying to find the flag for this "Use a vulnerable plugin to download a file containing a flag value via an unauthenticated file download." anyone have some tips

Sure

Search on google, is the first result for the vulnerability. Sorry i am drunk

hi

i will

Copy and past, but with target

use "super"

**Q)Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.
**
This question from Academy Nmap module is confusing for me! idk why! --help!

i tried the http-enum,vuln,discovery but found nothing useful.

Module: Windows Priv Esc
Content: DnsAdmins

Issue that I am facing is, when I use the reg query command, I'm getting an access denied although, I ran without admin and admin access.

What is the answer of What does the acronym PAM stand for? on Setting Up module ??

i dont see any employee name given in the para or question D;

just do -sC

It still won't work! Nvm, i found the solution

oh ok nice

i tried using the username i found when i logged in to the ||admin_login.php|| in the last website skills assessment it was ||harry potter||

i made a pass list and username list

its still not working

Morning all, I don't know if anybody can help me understand something. I'm on the Network analysis course and it's states when identifying the first 3 way hand shakes and conversations on a pcap file using tcpdump use the -S switch because it will help. But I don't understand why? All it does is change the sequence numbers from relative to absolute. Does that also sort them too? 🤔

Google was no help

[HTB Academy | Getting Started | Privilege Escalation ]

Dear all, need a nudge in this portion:

" Once you gain access to 'user2', try to find a way to escalate your privileges to root, to get the flag in '/root/flag.txt'."

I have managed to use the "/bin/bash" as user1 to access user2. From user2's directory, i generated the ssh-keygen. But I am unable to write the key.pub into the /root/.ssh/authorized_keys

Am I on the right track? Can someone give me a nudge?

Thanks!

Even i was stuck here for a long time. But i didn't expect it would be that easy

Hint : You can see, you have read permissions on user2's id_rsa file

Hello everyone, can someone help me for the module "NETWORK ENUMERATION WITH NMAP". I have a problem to enumerate the hostname of the target

I don't understand what I have to do

Who can help with XSS Skills assessment? I'm stuck 😦

Nevermind, solved

thanks! solved it! really appreciated your help!!!

Great!

Can you specify more details?

Where can I learn for free Hack The Box in Spanish?

Thank you for replying me. I resolved my problem few minutes ago.

Ah! Great!

This one took me a while to figure out. You need to change the timezone of the timestamp to your own time zone

CROSS-SITE SCRIPTING (XSS) - xss discovery - the first question ... i was able to find the answer using xssstrike but cant do this manually. Am I supposed to be able to find this manually?

@mortal basin ^^

Yeah it is possible. Try to start with a working request then try to exploit its parameters

Did you solve it eventually ?

Not yet. but I know that only by iterating over all possible timestamp combinations can you find the correct value. Up to this point, I've tried to manually search for the timestamp, adding or removing one second at a time.

That's what I'm doing but so far, nothing. I mean, the question says "+/- 1 second". I really don't know what I'm doing wrong. Converted to milliseconds, syntax seems right in the code. Anyone willing to help ?

which question is it? module/section/question

not that I can tell you how to do, but maybe I can figure it out

¯_(ツ)_/¯

Help needed in [WEB REQUESTS | POST Method]
Hi everyone, I need some help with the question in the section POST Method of the Web request module. Honestly I don't get what exactly I am supposed to do. I logged in with the guest credentials. I then refresh the logged in session in order to get the request with the guest user's cookie. I sent that in Burp to the repeater. I then put in the new cookie for the admin user. I send that request and it works. But it seems this is not what the required answer is about. Can someone please tell me what EXACTLY I am supposed to do here?
You can PM me with any hint. Thanks.

Thanks, I appreciate it. It's the "Broken Authentication" module/Predictable Reset Token/Question 1

You have to become admin not admin_blablabla

if it's the one i thnik it is

Does this have to do with the json requests?

hmm maybe it's not the one - modifying a cookie value?

or is that "GET"?

it might be GET

Yes. that is the one. Even the hint states that I need to manipulate the cookie. So I believe that is what I did. But it is not the answer to the question.

if you send me a DM with what you tried I'll see if I can help 🙂 @chrome kraken

@high zinc Did you get a chance to look into it ?

yea, still messing with my script

Think I've got it

just need to generate a truck load of values 🙃

In what ranges ?

Can anyone help me with the very last part of the sql injection skills assessment

no luck - hangover brain thought it would be a nice idea to generate 1 B hashes, but it's not needed

I just don't get it. In the question it's mentioned +- 1 sec. You convert the timestamps to milliseconds and you try it out in the script. Right ?

that was my idea too yea

given the same input values (time value and username) my python script and the php script generate the same hash - so I know my code works

it's a matter of fiddling with the ranges I guess

I never get to this point. I used the script given in the lesson, I used another script. Nothing.

HA

I know what's up

@knotty flare the time you see on the website is in UTC

but the time of the token you get back is in localtime

+2 hours in my case

Yes, I figured out there was a time difference

for me too, +2

wait

hmm

but my admin token doesn't work

ah

wrong admin username 😛

maybe?

I used htbadmin, as mentioned in the question

Quick question - I am doing the Web Requests module - specifically the Request and Response section - My Firefox (using the instance provided) doesn't include Burp as an option for some reason.

In FoxyProxy that is

I'm getting wrong token but my code looks right

@true whale DM me

I think it has to be set up manually - just add a new proxy setting in the plugin using IP 127.0.0.1 and port 8080

ok thanks!

Just got it thanks tho

{HTB Academy Nmap Module}

Q) Our client wants to know if we can identify which operating system their provided machine is running on. Submit the OS name as the answer.

Hint : Remember, you don't need to provide a version of it. Think about which services can give you information about the operating system. After interviewing the administrators, we found out that they want to prevent neighboring hosts of their /24 subnet mask from communicating with each other.

Expected -O to work but it didn't. I don't understand what it wants to relate with /24 subnet.

--help

Question regarding the "Web Requests" Module, specifically the Section "PUT and DELETE Methods" - Not sure what I am doing wrong, but when I PUT the "flag.php" file, it shows up, but when I try to GET or DELETE it, I get "Internal Server Error" - Is there a different method for a php file?

hellp

can u explain a bit more

Hi all! I'm doing the XSS module for fun. I'm a noob so sorry if this is dumb, but in order to CTF, HTB requires to change the script given this one <script>alert(window.origin)</script> to show a cookie instead of an URL. I tried <script>alert(document.cookie)</script>, but it doesn't work 😦 I'm kinda stuck here

Can someone help me ?! I've started yesterday with starting-point an made some machines and questions .... now i have no answer ... can somebody tell me the answer for "What does the OWASP Top 10 list name the classification for this vulnerability? " in the Appointement Challenge ?

The Hint is "It holds first place in the OWASP Top 10 list of most commonly met web vulnerabilities. Use the complete classification name." ..... I have no Idea o_O

You aren't supposed to guess but to Google and find out

i google since 5 hours ... .oO

hoorible 😄

What are you searching for?

classification of sql injection OWASP Top 10 List

The numer 1 is A01:2021-Broken Access Control

but this is wrong

Did you try "Broken Access Control"?

the answer is like "**-**n" ...

with stars in front and back from -

two words

Which module and section is this?

starting-point .. appointment

In Academy?

jop

labs

https://app.hackthebox.eu/starting-point

this link

at this ...

STARTING POINT
Learn the basics
of Penetration Testing

its the first machine at Tier 1

Ugh i spend forever logging in on my phone only to be told I have to use a computer 😭

😩

Anywho... This isn't from the Academy though it seems. We have a #starting-point channel you could check out

I recommend that you get your Discord user verified so you can type there too 🙂 see #welcome for info on how to do that

SteveHH — heute um 09:53 Uhr
++identify

HackTheBox
BOT
— heute um 09:53 Uhr
Error
Please specify your token.

o_O

i'm weird 😄

success ...

I want to say special thanks to @mellow ember and @high zinc who helped me a LOT solving the Broken Authentication/Predictable Reset Token/Question1. Without their help I would still be banging my head on the wall. If you're like me, i.e. you don't know yet how to script, make sure you take @high zinc 's course on Python3 scripting. Thanks guys, that's what this community is all about 👍

got through?

Yeah i completed the nmap module just before a few minutes 😄. It was fun. The last section was a bit tricky

👍

The question is to create a file named "flag.php" with certain content using PUT. Then I need to request the file to get the flag. I am currently trying to use GET - such as GET /flag.php etc. But I am getting an Internal Server Error. If I follow the same process for a .txt file it all works, the PUT creates the file and the GET displays the contents, but doesn't seem to be working for .php

make a put request first, and then place the <?='cat...... At the end

You'll get the flag in the response header

Hello - I think a noob a questions. How did we know we are running a cron job based on the below :

From the above output, we can see that a cron job runs the backup.sh script located in the /dmz-backups directory and creating a tarball file of the contents of the /var/www/html directory.

the was the comment in the module referring to this output.

hello

Just a friendly reminder for anyone stucked at phishing XSS module. Better use chromium or chrome browser because for some reason the mozilla browser cannot accept that request in /phishing/send.php

for whatever reason the assessment on the XSS module seems to not be working for me. When I submit a basic comment its not longer making it to the page. I've reset the instance twice.

Many modern browsers have built in protections against xss, so it's best to use burp and it's built in browser for testing

It'll take a few second to submit, this is normal

Anyone wanna nudge me in the right direction for the "Introduction to bash scripting"?

hi all - need some help 🙂

I'm stuck on DNS enumeration module

how to find "inlanefreight.htb" domain?

Thanks! It worked when I did PUT and GET straight after one another. Initially, I was first letting the PUT complete, then refresh the page, and then use GET, but that wasn't working.

Need some help for Web Attacks Skills Assessment. Stuck there for a while

Hi guys, i have problem when i tried to reach IP adress target machine on different browsers (PC). Perhaps it works perfectly on my Mac. If someone have informations, thanks in advance 🙂

ps: I already tried to turn off my firewall

@burnt haven DM me I might be able to help.

Did anyone manage broken authentication skill assessment? I need some help 😆

Anyone tried the Intro to python3 module .. what website do they want me to use this python program on

Can someone help me with two of the questions on the Wordpress skills assessment

Never mind I got it

Can someone give me a hint to get flag7 from module SQLmap essentials ? Don't know what i'm doing wrong

/bin/bash /dmz/backups/backup.sh is in the process list and it is appearing more than once, indicating that it is being run on a timer. aka: cron

@civic sorrel

run psypy and setup a cron and you will see it yourself for further confirmation.

Anyone around for a nudge on the Windows BOF Assessment? I have control of EIP; just figuring out what memory address to jump to for my shellcode. Going through local exploitation on my commando VM before sending it remotely

Has anyone completed command injection module? I don't know what to do on skill assessment

Sure DM me

@fallow delta DM me.

I'm FFUFing lol

Man the assessment for this one is interesting... Im stuck on question 3... Ok I might need help with this one. Jeez I take so long my target timed out lol

So, I've recursively FFUFed the heck out of these domains and I am not getting the answer

on the STACK-BASED BUFFER OVERFLOWS ON LINUX X86 final assessment is there no bad chars in tehre ?

Look at what a bad char is. Are you given a hex dump?

nope i tried doing the previous lesson for finding bad chars and adjusted my buffer to get a segmentation fault but the bad chars was not there so i can assume that there no bad chars needed ?

Anyone available to give a hint about the Broken Authentication skills assessment ? I've hit a wall, it's a brutal one 😄

I've figured it out

I'm also stuck on the skill assessment, any ideas? I think I found a vulnerable parameter but can't go beyond that

Hey guys, could someone give me a little hint? I going through SQLI fundamentals and try to solve this task: What is the last name of the employee whose first name starts with "Bar" AND who was hired on 1990-01-01?
Why my response is not working...
||SELECT * FROM employees WHERE first_name LIKE 'Bar%' AND WHERE hire_date = '1990-01-01';||

SOLVED... just deleted one redundant word

You don’t need multiple where’s, I think

Oh nvm

:))

😄

anyway ty:)

dude... could give me a little hint:))
Task:In the 'titles' table, what is the number of records WHERE the employee number is greater than 200000 OR their title does NOT contain 'engineer'?
My request: SELECT *|| FROM titles WHERE title != 'engineer' OR emp_no > 200000;||
But it doesnt working...

I mean its working but my answer always rejects

anyone?

Try with %engineer% @frigid vector

@humble kestrel can I help? I haven't done that module yet but I would like to try help you

that would be great @flint moth , thanks

So can I dm?

yes, no problem

@frigid vector DM me. Your query is wrong thats why your answer is wrong.

Still got a question on flag7 of sqlmap essentials 🙂

Try uname -a

why is https out of the scope of most academy modules and ethical hax?

try doing -sC it runs all the NSE default scripts and shows a lot of extra info which might be useful

Because when you start working with HTTPs you will need to account for the encryption used (TLS, for example) and ways of going around that, which is not trivial.

but isnt that what nearly every webserver uses?

Yes but you start simple then go sophisticated, such is the case with the modules.

oh i see nice so do some of the machines over at main htb platform have https?

@hollow flame I genuinely do not know.

mhm np

@hollow flame All the attacks that you would launch at targets will not differ if its http or https, for example, if you found an SQLi in Facebook, will it matter if its http or https (if Facebook is up)?

(If anyone wants any help on the "Hacking WordPress" module I will be at your disposal.)

HTB community: I need some guidance on the following question please, despite my best efforts, No answer has been found,

What is the name of the tool that we can use to initiate a desktop projection to our host using the terminal?

Just FYI, it ends in "P" and I have|| tried rdesktop ( which i thought would be correct! its not, and same with freerdp!)||

xfreerdp?

ohh thank you v kindly man!

ive been on it for the past 45 mins!

LOL HA!

hey i've a problem with web application question I have the target ip it want me to find the password how can I do it?

question

silly q: but have you checked source etc?

checked

someone did the sql injection module ?

the password is there

||admin:HiddeninPlainSight||

@tiny compass

it says wrong awnser

*answer

got it thank you

perfect

?? i'm stuck at this question : Try to log in as the user 'tom'. What is the flag value shown after you successfully log in?

can you screenshot the tasks please?

i'm all the time connected at admin but not at tom

did you checked the hint?

it's Check the cheatsheet for the payload needed.

it's good I have it

Anyone able to help me with the command injection module? Kinda having a hard time with the skills assesment
ping me or dm me

what part ? @plucky nimbus

Hint is not exactly helpfull

@naive citrus DM me.

I'm not at this point sorry i'm stuck at Login as the user with the id 5 to get the flag.

I dont think we are at the same module

can someone help me make sure I am ffufing parameters correctly?

What am I doing wrong? This is a wrong answer

hello Everyone,
Has anyone done the Stack-Based Buffer Overflows on Windows x86 Remote fuzzing section? I am doing the step by step part to build a python script to remote fuzzing but I can not get the script to connect to the target CloudMe part. Could it be the script is outdated? or anything? (its the section "Fuzzing Remote Port")

I am trying to fuzz parameters on the FFUF module, but I am not coming up with anything at all no matter what list I use

can someone point me in right direction for Q: What is one luck-based method of exploiting login pages?

can someone help me finding the "inlanefreight.htb" domain? what is that?

you may need to add the domain and ip to your /etc/hosts file and then try visiting it

ok, thx, I'll try and see

I am going to try with the xato dup wordlist

@desert moon DM me.

Thanks again for your help - that helped! - I've just managed to finish the "DNS enumeration lab" 🙂

ok even with the bigger list I am getting nothing

You are more than welcome, and im glad you have completed it. best of luck on your next task

what wordlist should i be using for Attacking Web Application with FFUF? Particularly for the Last Skills Assessment Question where I have to Fuzz Values

depends on the task

if doing dir fuzzing, use /SecLists/Discovery/Web-Content/common.txt

if you DNS use the /Discovery/DNS/top_million_5000.txt ( or something like that)

ah sorry I misread the Q, you mention the skills assessment,

ive used a few different ones, but I am not getting a single hit

is it where you need just a number?

value

I'm not sure the parameters aren't like before where we had id and generated a numerical list.. I thought it was going to be a word, but perhaps I am using the wrong parameter

unfortunately i had gota shoot off now, but if i get chance tomorrow morning , il drop you a DM if I can find a solution

i cannot remember if Ive done that particular task as of yet.

Ok. I wonder if I am overthinking

Yeah I am just not getting a single hit no matter what I do

Ok.. I give uo

up*

Anyone around for a nudge on Windows PrivEsc module section Server Operators? I got the flag but I'm not sure its the intended method

Oh interesting I can't even hit the webpage

Ok I am getting hits but they are all the same size

2 hrs of using Firefox and failing and I find this lol. Ah tomorrows another day it's the exact part I'm stuck at, well around there :/

You can DM me.

ugh finally got it guys lol. Turns out that it just kept timing out.

I was doing it right, but the target kept timing out lol

can I get some help on SQL Essentials - Skill Assessments?
I suspect that I found the php to inject, but I seemed to be missing some steps, maybe like tamper settings?

kept getting mysql syntax error when running sqlmap

Hey quick question, am i supposed to be able to ping the ip addresses once a target gets generated?

nm managed to get in

yes please very confused about this area!

some machines timer is running so fast
90 min to
86 min in 1 minute lol
its decreasing lot faster

is it me or for everyone ?

Solved it. If anyone needs hints, feel free to DM.

Need help

Ok in Cross Site Scripting in the Session Hijacking part I am getting a request but I am getting (null) script.js instead of the cookie and stuff

is it returning null?

ok the script is definitely returning null

but I am not sure why it is not moving to the next step

Can anyone help me out I am following the module correctly, but it I keep getting (null) script.js on my request

We will be implementing a platform upgrade on Academy for better user experience and service availability. This will affect all running Academy-related instances per user such as machines/exercises/pwnboxes, which unfortunately will need to be restarted after the transition is completed. We apologize for any inconvenience! The change will take place at 12/10/21 13:00 UTC

Can I have a hint concerning sqlmap essentials skill assessment ?

ya, i was having some issue here too. asked for help earlier, but didnt get a response yet

screenshot-zap-hud

using web proxies > ZAP Scanner - HUD not working?!
maybe need to change config?

Keep going and get high privileges first. You should find an interesting apps that relate to ldap installed. The Config file related to the apps is somewhere on one of the users dir

I am working on "Intro to Network Traffic Analysis " Section "Analysis with Wireshark" and images are not loading, I have tries in different browser and differnt PC and different OS Windows and Linux and I get the same problem:

You can see the broken image . I have spoken to support and they said it on my side. It was working fine yesterday.

Can anyone replicate my problem ?

Can anyone check if they are having the same issue

take a look at your network tab in the dev console

it all working again by itself

Anyone got a hint to give on the commands injection module? Im at the final question (Skills assessment)

No

@elfin valve No

nvm , i thought that you were doing another module

Can somebody help me for skills assesment for web attacks?

i'm stuck .

You can DM me

so i'd like to retake a module but all of my correct answers are saved. is there no way to "retake" a module from scratch without spoilers in the answers?

Hi all, so I am new so please forgive me, the current request I have on the module I'm studying asks, SSH to 10.129.30.198 with user "htb-student" and password "HTB_@cademy_stdnt!". The problem is it won't let me type the password, where am I going wrong?

you got your academy.ovpn going? ssh htb-student@10.129.30.198, yes, input pass

The password will not be visible as you write it. Just type it or copy and paste the password and press Enter.

DM

try with sudo

anybody working on or get through the windows priv esc module? Seem to be having an issue with the DnsAdmins portion, can't seem to execute the exploit the way it is outlined

I've been through that part. Feel free to DM.

where is the VPN config file in the "SQL INJECTION FUNDAMENTALS" module?

#modules message

will look something like that

yeah its not there..

Working on Pennyworth in Tier 1 and for some reason I cannot get the jenkins script to connect to my machine. I have the listener running on port 8000 as instructed and filled in my IP address as well, but I get the following:

Here's the full error

I can successfully ping 10.10.16.4

Nvm, complete user error -_-

It was working, I just read it as an error.

can anyone help me with the ssh in to target?

I just bought silver to make it easier because i did not want to figure out how to vpn yet

ssh htb-student@(target IP)
HTB_@cademy_stdnt!
first line i add target ip after, no issue, it goes straight to asking for password, second line is password i put and it isnt right

am i getting the password wrong?

just bought the silver a few minutes ago so maybe its just not in the system yet to be able to ssh in without vpn, not sure, desperately need help on this

I needed help last night, but for some reason everyone else gets help before I do.... I don't think I have done that one yet though

you seem to be working on a module way ahead of where i am at, if i knew how to help i would, but i do not know how to. i havent done that module yet.

Hello @jovial pivot are you just entering the password and hitting enter?

i do the ssh htb-student@(target ip)

then

I enter password and it says its wrong

HTB_@cademy_stdnt!

is the password i am using for the target

Just tried it again and it is working

the password is?

Which module are you on?

HTB_@cademy_stdnt!

Getting Started

also having issues on windows module

restarting instance cause it crashed, i will post a screen cap if it continues to fail

I am on Introduction to Linux and there seems to be questions they haven't covered;

hmmm... I will have to go back to it then.

I know I had issues as well

@jovial pivot make sure you refresh your target when its time runs out and update the IP

• 0 Which shell is specified for the htb-student user?

it hasnt, i havent been on that long

What is the path to the htb-student's mail?

I don't see where this is covered

is there a way i can drop the screen cap in the chat?

i did that through file directory, just cd into the right path, took a bunch of youtube videos on the file structure to figure it out, i think it was around /var but i cant remember

You can upload the file

Surely it should tell you how to do this?

ive only done a few so far like linux and networking, want to do windows and start working on the first pathway since i have some downtime because college will not yet let me start a masters in international relations

i honestly dont remember finding how to do it in htb instructions, i had to figure it out by looking it up

That's not great...

i got you in direct message, ill try to help with your issue also, send my screen cap there

@jovial pivot Throw me one too and I will see if I can remember

New module just published! 👀

someone can help me with windows fundamental please ?

sure, how can I help?

Whats this server for

The server itself? A place to discuss/learn about infosec stuff, as well as a place for support for HTB

Oh oke

all good ^-^

I am stuck on 2 questions for the Introduction to Linux module.

What is the path to the htb-student's mail? And +Which shell is specified for the htb-student user? Can anyone assist?

sure, i'll just have a check for you. I remember the mail one being an odd one

I can’t figure out the commands to get the answer, I have reread the sections and can’t find a mention of it anywhere

@tawny pulsar Looking at the environment around you might lead you to the answer 😄

@main vapor please elaborate 😆

@tawny pulsar|| Have you checked the environment variables by any means?||

Sorry I don’t know how to do that also I’m not logged in at the moment

that might be a good next step then

works for both your questions

I have found the command 🙂 I will check later when I get home! Thanks!

@tawny pulsar|| grep for what you are hunting for to find it faster.||

wow hi Depths

lol

should change my nick

hey

anyone on network enumeration with nmap

yeah I'm giving that a try atm, whats up?

oh im a bit behind that, but I'll give it a try. give me a sec 😁

I tried this

have you tried using the scripting engine?

Can someone help me with the "SeTakeOwnershipPrivilege" Module, please?

i am not sure if there any for the os detection

not os detection itself, but ||the header of the website|| and ||the service banner|| both have the os

there is one for smb protocol but its not running on the client

ok lol

it was right infront of me

lmao nice

sorry for the ping @mint karma, but did you happen to get past the sections where you needed tcpdump?

np

which one do you mean?

when I try to do the tcpdump/netcat pair to get the flags, no matter what port i do the nc on, the tcpdump doesnt receive any packets

ill just grab the command i used to see if I've done goofed

||sudo tcpdump -i eth0 host [machine ip] and [target ip]||

then in another tab i have

||nc -nv [target ip] [port]||

and i've just tried all the 6/7 open ports in that nc command

i havnt tried that part yet

the Service Enumeration task thing?

if not, im just a dumbass and doing the wrong thing 🤦‍♂️

oh

I though ur on another module

let me check it back real quick

alg ty

I remember you need to use port 31337

that one has the flag

oh cool thanks

and after connecting it takes a bit of time to show the flag

oh icic

ive been waiting like 5s then cutting connection, so thats prob why

great that worked, thanks so much 😁

ur welcome

Haha I’m sure there is room for 2 😂

stuck on Intro to Network Traffic Analysis -> Fundamentals lab... What filter could I use to filter out ICMP traffic from out capture? I tried proto, icmp and many other filters but they didn't work.

Web attack i need help skills assessment

I don't found file flag.php

Because I have two days and my subscription expires

Got question on ATTACKING WEB APPLICATIONS WITH FFUF - Skills Assessment - Web Fuzzing

Q2. Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains? (Write the extensions as '.ext', in alphabetical order separated by spaces ".ext1 .ext2 .ext3")

They are asking for other extensions, but I'm not finding anything through recursive fuzzing.

Can anyone give me some nudge?

i'd like to retake a module but all of my correct answers are saved. is there no way to "retake" a module from scratch without spoilers in the answers?

is the academy vpn really slow for anyone else?

its fine with me

are you connecting to a VIP+ ?

for some wierd reason it dosent connect for me sometimes

using the pwnbox would be just fine

a high speed connection would also help

Not connecting to a vip+, and I'm on a gigabit connection. Pings to the target machine were like 150 - 200 ms. nmap -p- said it was going to take about 3 hours. basically unusable for me atm.

had this problem like 2 weeks ago I went off for a couple of days could be from HTB side

I'll check back later today or tomorrow, maybe it will fix itself

good idea I would suffle between tryhackme and htb if any service becomes slow

Hey could some1 help me with NTA Module? im currently filtering with tcpdump and im stuck