#modules

|| i have found 5 different extensions and tried to do fuzz the 3 subdomains with those extensions (added ip to etc as hinted) but no go||

Did you manually add common extensions? you probably didn't cover the one that is needed, there is a file with extensions on parrot that contains it

an extension is a filename.extension , watch where you place the FUZZ parameter

total facepalm teachable moment, used . in the fuzz command when file had dots

Unlike gobuster , ffuf doesn't add . as prefix to the extension

One way to debug ffuf is to use -x http://127.0.0.1:8080 as proxy, then you can see all the requests from burpsuite

Has anyone here had issues with the VPN on the Pwnbox? I almost can’t complete any module because of it. I was wondering if someone who was having connectivity issues already figured out how to fix it

has anyone done the XSS module? I'm having trouble find a working payload for the Session Hijacking. I've used XXStrike has recommended, but it did not show any valid payloads that work.

nvr mind, I figured it out

@mortal basin any word when all the modules for the bug bounty path will be released including the exam ? Are we looking at over the next couple months ?

Hi guys I'm new CS student
I want to learn lot of skills about cybersecurity

Most have been released already, the rest are coming very soon.

hi i am working on the question in the section "Advanced Command Obfuscation" on the module "Command Injection". I am managed to inject the command and get some info back based on the command provided. But when i submit the answer, it is an incorrect one. I would like ask for some assistance. I can show you what my commands are. I dont want to put them here to spoil the fun or violate the rules

Can anyone help me with the skills assessment of Web Attacks? I know how to change all users’ passwords, but I cannot find an XXE.

I remember you need to ||use the new password to login as admin||

Oh, I enumerated the user accounts and so far haven’t found an adimn.

Hello, I kinda need somehelp since I have tried many answers wrong. The question is: If I wish to start a capture without hostname resolution, verbose output, showing contents in ASCII and hex, and grab the first 100 packets; what are the switches used? please answer in the order the switches are asked for in the question.

My answers are: sudo tcpdump -nnvXc 100, -nnvXc100

I don't have any idea anymore things get me impatient, but I really appreciate if someone could point out my wrong doing. Thanks 😢

Shouldn't it be n instead of nn

As nn will not resolve well-know ports as well

Thank you I got clear a bit about this.

Are you guys students?
Or working in company

In most of cases,uid=1 would be admin user. But it's been a while since I did this assessment, so I can't say for sure

You my need to do some fuzzing to locate admin page

No uid matches an admin account and fuzzing with ffuf didn’t find any admin page.

Can anyone provide a nudge for what user and/or password list to use for Login Brute Forcing Skills Assessment Website (step #2 -- bruteforcing admin page)? Thx.
EDIT: Big thanks to @main vapor for helping me thru this (and improving my syntax). Even with that though, the system DID NOT WORK until after resetting everything.

So you got the username right?

@fossil crescent Dm me.

Anyone have a moment for some help on the SQLMap Essentials Skills Accessment? I've made some progress I think, but am running into a brick wall on what I should be doing next.

DM me the assessment.

Following up on this. I am specifically trying to connect to the VM target in the Active Infrastructure section of information gathering

like using vm on pwnbox or just using pwnbox?

Nvm, support has helped me out on the site. Thanks though!

quick one, I create a list with a bunch of sha1 hashes, when running hashcat -a 0 -m 100 hashlist.txt /pathway/to/rockyou.txt
I get "No hashes loaded", " Token lenghts exception" , what am i doing wrong?

@candid swan bro You still stuck in sqlmap dm ;)

I got it. Luckily @pearl birch helped me out.

;)

Thank you though!

sorry for the ping

@odd parrot You are not supposed to be sharing answers in here.

sorry, lemme delete it

Hi stuck on skill assessment 1 of in Attacking Common Application any clue please ghostcat is the way ?

I’m still stuck at the skills assessment of Web Attacks. I can change all users’ passwords, but cannot find an admin account. Apart from the password, I cannot change any other details of users, neither can I create a new user. Any help would be appreciated.

Hello everyone! I am trying to understand what kind of answer does this question wants. I have tried to answer based port number used for the TCP three-way handshake in pcap file given but it seems I answered it wrong.

Anyway I'm on Intro to network traffic analysis analysis on Interrogating Network Traffic With Capture and Display Filters module. The question is
What are the client and server port numbers used in first full TCP three-way handshake? (low number first then high number)

Thanks to @mortal basin I realized my oversight.

Hello

I have question about Active Subdomain Enumeration ( Information Gathering - Web Edition )
I missing two answers.

4) What is the FQDN of the IP address 10.10.34.136?
5) What FQDN is assigned to the IP address 10.10.1.5? Submit the FQDN as the answer.

To find FQDN from an IP, we have to use PTR no ?
I do not understand why am not finding nothing with this .
Advice is welcome

Tech support required for the win buffer overflow module. Every time i hit restart in x32dbg it crashes and the RDP session dies...tried generating a new target but no change

@sullen oar I think I had that also. Just hit Exit on x32dbg and open a new session, how about that?

Thanks, yeah i've just resorted to closing the debug session and going again....

Can anyone help me with "Assess the web application and use a variety of techniques to gain remote code execution and find a flag in the / root directory of the file system". I stuck at the very beginning and cant find a way to view any source code. I've tried all the ways given in the module (at least i think i've tried them all correctly) but i cant seem to figure it out. I've read previous posts about using php filters but nothing i have tried has got me anywhere

Re-read what the three way TCP handshake is, then the question as well. It's asking for the port numbers involved in it, the answer needs to have the lower then the higher number listen. I suppose there's a space between

E.g.: 11 15

Hey everyone, I'm stuck on the skills assessment service login page for login brute forcing, the wordlists I generate all take far too long so I'm wondering if anyone has any helpful hints they could share.

@hushed hornet DM me.

Module: Web Proxies
Section: Zap Scanning

I scanned the site multiple times but I just don't get a high-level vulnerability. Just Medium one. Can someone help me out am I missing something? Do I have to run the Spider before running a Scan?

@keen fulcrum -- Not sure if you must, but I did. It can take a while for the whole scan to run... but while running, you can exclude certain segments (which speeds things up)

Thank you I understand the answer format finally.

Can anyone help me with INTRO TO ASSEMBLY LANGUAGE Skills Assessment 1 I'm stuck on this for 7 days

Thanks solved it 🙂

Could anyone who has done "File Upload Attacks" help me in the assessment? I can bypass black/white lists, but I can't execute code nor read files remotely. I think I tried all techniques described in the module.

Quick question on the HTB Academy module Attacking Common Applications. On the wordpress section, the text says to try http:// <snip> ?p=1. what does the p=1 do on a wordpress site. it doesn't say

i think it could be "page"

p in this case just refers to a variable in the code. But it's most commonly p for page yes

Hello guys i am stuck with this "Submit the FQDN of the nameserver for the "inlanefreight.htb" domain" i added this inlanefreight.htb in my hosts file and i don't know how to find FQDN . I searched online and they are saying that hostname is your FDQN.

"of the nameserver"

Not sure if that helps but the question doesn't mention the Web server but the nameserver (DNS)

Try to analyse the file TCPDump-lab-2.pcap, find the three-way handshake of the HTTP protocol, and write the answer in this way: ServerPort ClientPort

How i can find the FQDN by bruteforcing the subdomains?

If you do that then you already got the FQDN

haha thanks dear i got it

FQDN is subdomains.domain.com

Etc

yup i got it i will find the answer

@sly nebula if you haven't solved it yet you can DM me

@faint hamlet -- sounds like you're good, but if not, feel free to DM me

Ok i will try it first if things goes wrong i will

what they want?

feel free to PM

Has anyone completed "Linux Privilege Escalation " Module, I need help with question in section "Privileged Groups"

PM, if you haven’t figure this out yet

Any help please with INFORMATION GATHERING - WEB EDITION: Active Subdomain Enumeration
I cant solve two questions

Nevermind, solved

sorted now. thanks!

why cant i rdp? oh never mind problem solved

HI, I need help in the web attack skill assessment module, I found the user s.applewhite, I suppose it is the administrator but when changing the pass it does not let me pass, what steps do I have to do?

pls make sure you don't ping staff members when facing situations that are not solvable at first glance
before we release a module we have tested each exercises multiple times to ensure they work as expected

Sorry, fix it

& I am stuck on this question for a week...did you find solution?

So I'm trying to answer the question "List the SMB shares available on the target host. Connect to the available share as the bob user. Once connected, access the folder called 'flag' and submit the contents of the flag.txt file." in the Getting Started module.
The command smbclient -U bob \\10.129.114.152\users doesn't appear to be working, or at least I can't understand why it doesn't even ask me the password. It just says: do_connect: Connection to failed (Error NT_STATUS_NOT_FOUND)
Can someone help me? Thanks!

Be sure that you escape the backspaces

So in reality you have to type:

\\\\ipaddress\\share

Also be sure the target is alive

@analog hatch , if you still need help, dm

pinging it shows its unreachable from my VM even though I'm connected to the VPN. I think that my problem is VPN related. I've already regenerated it and changed server, but it still doesn't work

Currently stuck here too, I keep getting nxdomain with nslookup

hey can some one help me with Skills Assessment - File Inclusion/Directory Traversal

im really stuck

@primal terrace post ur question

what do i need to look for

I am stuck at the very end of File Inclusion / Directory Traversal and trying to get the flag. I am able to get a shell and successfully use the id command, but i cant seem to find the flag

hey

can you look at dm's?

Feel free to dm, if you haven’t figure it out yet

You too

thanks. I may have just figured something out but i'll DM if this doesnt work

i need help 😥 Necesito ayuda, puedo cambiar los pass pero no creo que por ahi sea la cosa 🥺

I've got a problem on "Getting Started", I'm supposed to use metasploit and an exploit to create an session but I get ```-] 138.68.161.230:445 - Rex::ConnectionTimeout: The connection with (138.68.161.230:445) timed out.

@rustic sage ^^

Hey guys, How can I connect via openvpn the web attackbox is really slow

You download the .ovpn file then type in terminal "sudo openvpn filename.ovpn"

yeah ... i can't find the .ovpn

Command injection ?

hello guys, I am trying the Service Authentication Brute Forcing module but although I could gain access to the b.gates user through ssh, when I use netstat there is not an IP I can find to use so I can get into the next flag. Does anyone have a hint?

If memory serves me correctly, it's the local box you're ssh'd into

https://application.security/ Place to learn whatever. Keep hacking pentesters! 😄

||hydra -l b.gates -P william.txt -u -f ssh://178.62.4.31:31013 -t 4||

tienes que generar el archivo william.txt

HTB getting started privledge escalation help. So far I've
||1. got access to user2 account
2.found rsa private key
3. copied key using cat, copy paste into nano
4. chmod 600 file
5. tried running- ssh user2@178.62.4.31 -p 32721 -i id_rsa
6. but it prompts me for a password still
7. halp||

@eager crescent|| Is it asking you for a SSH passphrase or a password for the account itself?||

https://academy.hackthebox.com/achievement/264064/57

helol

Hey

@pearl birch this isn't that page

||Not sure my I don’t have either. Trying to login with an account that’s i took over. User1 > user2 found user2 ssh private key ||

hello all, having issues cracking the web request put and delete module... any help would be appreciated

thx

Can you share the question?

===================================================

**Module **: Login Brute Forcing
**Section **: Service Authentication Brute Forcing

--help

===================================================

yes

yep sorry I was trying to work it

Jesus. Why can't I just send a screenshot

Create a file named "flag.php" with contents '<?=cat /flag.txt;?>' and request it to get the flag.

I do this and use burp and I get to a page that is http:// xxx.xx.xx.xxx:xxxxx/flag.php that says " cat/flag.txt "

no flag

kinda vexing

mental

i can tell there may be an issue with this module

but some in the past have been able to get it to work

there's are bunch of folks with similar issues trying to crack this last "web requests" module

Hi all, I'm doing the Linux Fundamentals module, "Working with Web Services" chapiter.
Two questions:

1. It describe how to install apache2, so why it's already installed on the HTB workstation?
2. Why I can't start the apcahe2 service?

$sudo systemctl start apache2
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

$systemctl start apache2
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to start 'apache2.service'.
Authenticating as: ,,, (htb-ac326771)
Password:
==== AUTHENTICATION COMPLETE ===
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

That maybe a bit confusing at first but its really very simple. All you need to do is to make a PUT request by creating a file named flag.php and add <?=cat /flag.txt;?> as content. Next you need to make a GET request to get the flag. (read the PUT and GET part of the module once more)As simple as that ! 🙂

Try it once more! ping me if you're still confused!

Make sure you do this on the Repeater

yep pretty sure I did it, but i'll do it again

GET /flag.php HTTP/1.1
Host: 46.101.21.240:31354
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Sec-GPC: 1
Cache-Control: max-age=0
Content-Length: 20

</='cat/flag.txt';?>

HTTP/1.1 201 Created
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 05 Nov 2021 15:01:46 GMT
Content-Length: 0
Location: http://46.101.21.240:8080/flag.php
Connection: close

ah! yes! everything's good, you just need to follow the first step!

PUT instead of GET

then remove the content and make a GET request

and you got the flag

yeah, the first one is incorrect because I was already done creating it was originally PUT

something did change this time, but still not flag

cat/flag.txt is replaced with nothing

did u place a GET req after creating?

after you've created the file, just replace PUT with GET and remove the content

and send

This is all you need to do

GET /flag.php HTTP/1.1
Host: 46.101.21.240:31354
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://46.101.21.240:31354/
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Sec-GPC: 1
Cache-Control: max-age=0

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 05 Nov 2021 15:09:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Content-Length: 20

</='cat/flag.txt';?>

DM if you are still stuck

This looks messy! I'd advice you to restart everything with the steps i said!

okay. I'll knock it out again

thank you for the help

I know people are getting it, but I must be doing something to mess it up

I'll try to pay attention to your details exactly as posted

if you're still facing the same problem just dm everything u have problem with

yeah! that's important. small things are the ones that mess up everything

will do. thanks @inner breach

👍

Any help please with Command Injection - Skill Assessment

Has anyone completed information gathering module? I'm working through the active subdomain enum section and for the life of me I can't understand how to move forward

Did anyone here complete the OSINT:Corporate Recon module? Would love to hear your thoughts on it

Dude, I'm still not following you :(

Nvm got it

If you have a better way to word it, do so and I'll remove my post

So I got the answer to question 1 and 6, but I'm still not understanding how to leverage nslookup with different zones apparently

Dm bro, I got you

Has anyone else had issues with the nibblesblog page timing out basically all the time ???

**Login Burte Forcing **

Service Authentication Brute Forcing

             *Confused which wordlist to use for ssh passwd bruteforcing*
              *rockyou isn't working, not even william.txt*

Solved, thanks :))

I got he following captured virus message when I downloaded cheatsheet33 in SQL Injection cheatsheet

Seem s the cheetsheet has a backdoor php reverse shell

I have messaged support and hope they can update us soon

? ????

???

the file is safe

Birby I download the file from your link and again windows defender thinks its a virus

U know.

u can't trust av everytime. Sometimes av think it's a virus but it's not.

Think about it. Do u think HTB would put a backdoor in the md file

they need to let Microsoft know if its a safe file

I don't think so

I trust NO-ONE

HTB is a big company. Imagine if they had put a backdoor behind their file. Imagine the scandal that would create. Plus you can analyze the file.

I am paying for my av

2 element analysed
0 risks
0 risk resolved

I understand that they most likley honest but what if they have been hacked ???? 😩

send me ur file

in dm

i am going leave the file in Quarantine

i think defender is reading the contents of the file and as its all SQL Injections statements and has decided to Quarantine

the following statement in the file is causing the problem

cn' union select "",'<?php system($_REQUEST[0]); ?>', "", "" into outfile '/var/www/html/shell.php'-- -

windows defender

is a troll

lol 😆

Windows defender is weird sometimes

I can assure you that we don't put any back-doors in our content.

Also, just do in a vm and you're fine

Windows Defender works based of signature detection. It has a huge list of known "bad" things and compares that against other files. In this case, it's flagged on a section of PHP that can be used as a simple web shell.

This can happen in notes. If I put a certain powershell reverse shell in my notes for future reference, Defender freaks out about a Trojan in my system. It's not dangerous, just text in a Markdown file. But Defender can't figure that out. It just sees it looks like a thing on it's list of known bad. Same thing is happening here.

@rustic sage I'm not able to DM you the instructions. Please check your Discord DM security settings and try again.

@rustic sage #bot-commands

Yes, had figured out that the php statement was causing the problem with windows defender.
I have learnt something new today

Excellent! Happy hacking!

Guys, help, I'm a beginner and want to know how to set up OpenVPN at level 0, give instructions or a video on how to do it, sorry for the stupid question (((

At level 0?

well, when you register there, the first task is connected with vpnwell, when you register there, the first task is connected with vpn

if something is wrongly written, I just don't speak English very well myself and use a translator

Linux or WIndows?

Can anyone help with file upload attacks assessment? Can't seem to figure out the last steps

Want DM ? Am at the same step

Hey can someone give me a hint for the last question for the** Bloodhound Skill Assessment**: Find the percentage of users ...?
ah got it. If someone needs a hint pm me

I just finished the module. Dm if you are still stuck

WIndows

Currently stuck on the Privilege Escalation module:-
||I currently got the root id_rsa and proceeded to ssh root@localhost -i id_rsa||
||although for some reason its giving me "Cannot assigned requested address" error||

You're trying to SSH into the same computer you're already on? I don't remember the PrivEsc module but should you maybe SSH from your box to the target IP that you're trying to get into?

Ah yeah, was doing it on the computer itself, makes sense now!

Hi everyone! I wanted to ask for help with the following question on the sql injection module-sql operators.
In the 'titles' table, what is the number of records WHERE the employee number is greater than 200000 OR their title does NOT contain 'engineer'?
SELECT * FROM titles WHERE emp_no>200000 || not title='engineer';

i read above that some people tried changing the OR to AND or listing all instances or engineer but idk how to, can someone help me?

hello guys, im stuck in LDAP module, section "Credentialed LDAP enum" and i havent solver the question "What is the password history size of the domain? (How many passwords remembered.)" Please help im going insane

Hi iougiri! Did you ever figure this out? I'm stuck as well, and I have tried several things.

This is IMPORTANT: Do not accept a friend request from Alex sa#9999 or Juan.#6924 or Max!#0001 They are hackers. Tell everyone on your friends list because if somebody on your list adds one of them, they'll be on your list too. He will figure out your personal computer's IP and address, so copy & paste this message where ever you can. He is going around sending friend requests to random discord users, and those who accept his requests will have their accounts and their IP Addresses revealed to him. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately report it

this is a warning

remoob kO

go ahead.. if u don't believe me

that's what i thought

anyways, how do you redownload the academy vpn? There's meant to be a "Get VPN Key" button next to the cheet sheat button, and its not appearing for me

Has anyone else had connection issue me with the webpage in the Nibbles - Privilege Escalation step?

@fading briar I had trouble further in the module and somehow restarting my vm resolved my connecting problem. If someone knows why, feel free to enlight me

@Nuits yeah I tried using the HTB web box and my own…same issue I noticed my box can reach the main page, but not the blog. I got my shell all the way to the root flag and lost connection and couldn’t get the page to reload to get the shell back I was so mad !!! Lol if anyone knows how to fix it, guidance would be appreciated I have tried to start over a few times in the last few days…connection keeps dropping…only to the blog, main page is fine ughhh 🤷‍♂️

anyone solve the zap fuzzer issue for using web proxies that can give me a nudge?

lmao nvm... apparently the page just didn't load the header correctly the first time I visited it.

credit to the course author for this tip - hope it leads you in the right direction : "try looking at domainDNS and domain object classes in your LDAP search filter"

I had the same problem as everything worked through Pwnbox but not through my Htb vpn connection, I pulling my hair out for days as I had the same problem you are experiencing. I then tested by switching off my ExpressVPN on my router and then everything worked again!!!
I changed my oracle virtual box connection from NAT to bridged connection. Configured my router VPN to bypass traffic from oracle virtual box IP. Then I switched on VPN my Kali Linux with in oracle virtual box.
I hope this works out for you and let me know how you get on.
Simplest way is to switch firewall + VPN + antivirus Off and see if it works.

Hi, Can someone (maybe @blissful verge :)) explain to me hint for module: Linux Privilege Escalation > Privileged Groups > LXC/LXD

I tried to search / grep for the flag.* and /var/log/ for secaudit user. Also I have root rights to search entire file system.

Question: Use the privileged group rights of the secaudit user to locate a flag.
Hint: Grep within the directory this user has special rights over.

Friends who can help with Windows Local Privilege Escalation? The last two modules.

I did. I’ll DM you.

hi, I am trying to run the very first exercise from the Linux LPE module, which is exactly the same as the module example (compiling an executable and running it). Whenever I try compiling and chmod +x, I get a permission error whereas the permissions should be correct to run it 😦 is that a bug ? I would not expect further protection since this part of the course was very simple ..

have you tried running as sudo?

yeah same ! But the course does not use it, and it says that the first example should consist of reproducing what was shown, which does not include sudo

Yeah I haven't done that module yet so I don't know the actual question or steps they give. What if you move it to /tmp or something?

thanks for trying to help !

I have tried that already, no effect ..

rough. Good luck!

Can i have a better explanation or a nudge about 'lightshow-staging.githubapp.com' name server question? - Information Gathering Web, skill assessment. I don't understand that one

Edit: done the domain was just down. The question is clear

Did you figure out what you were looking for?

Iv wanted to ask if the 18$ subscription is enough to learn the bounty Hunter course normally

About 3 sections a day

*Modules

@tranquil carbon -- Check out my comment on this here -- https://discordapp.com/channels/473760315293696010/858470491676737536/905222400654864394

#modules hi everyone i'm stuck at SQL INJECTION FUNDAMENTALS in Find the flag by using a webshell can you help me ????

Hey guys. I'm just going through the basics of the academy and I am unable to proceed because in Burp when I click the 'intercept' tab to view requests and responses, the page is filled with links for information on the embedded browser for Burp. When I attempt to click any of these links, because my "current configuration does not support running without sandbox". Any advice would be greatly appreciated.

Is it just me or is Academy poorly setup? I

Its better than some interactive labs that I've seen but there is definitely room for improvement.

I'm attempting to work through the Linux Fund. and there isn't a lot of data given on how to acquire the asked information.

It does often seem that what you are expecting to see based on the module and what you actually see on the VM don't quite match.

Well I'm glad it's just not me. I was hoping to get a good understanding of what is going on with the Academy subscription as I'm interested in Cybersecurity jobs but some of this just has me puzzled and scratching my head.

Hi David, how's the File Upload Attacks assessment going? I'm also stuck there

I found it easier just to use Kali and vpn in rather than their ParrotOS. I'm half way through the basic tools path and it all seems pretty good so far. A few parts where i've been a bit stuck, but a little searching around helped. All the information is there, just have to do some self initiated learning. I think a "follow-the-bouncing-ball" approach can only hinder your learning rate, as you're just copy and pasting commands.

Hi Falco, How's thing going with File Upload Attacks assessment? could you give me a hint if you solved it

I have this same problem

yeah, i can upload some files. that's it. stuck there

I tried to make a server and it did not let me download

Can anyone help me out for login issue to HTB?

can you give me a better explanation of your problem?

I am trying to login to HTB with my credentials. It’s asking me the Authentication codes. I recently formatted my mobile device which was having the Authenticator

And now i can’t put the authentication codes because of this

Even I didn’t put the backup codes

Can anyone please post support email id of HTB?

Hi

I need some help

I need some career advice. I can't send any messages in any other channels

I had finish the module.
Feel free to dm :slight_smile:

hello,

im new to this like super new no background at all in this

so any suggestions as to where to start from?

thank you!!

Module : Web Requests
Module lesson : POST Method

Question: I don't understand what I should do
Attempts: I tried logging in with the same cookies as admin, I also tried looking trough the server's files as I might find a flag.php or something

Ok, hands up. I understand SQL well enough. However, I feel like a complete fool when it comes to SQL Injection. My issue is that I'm stuck at understanding how a sql statement relates to text entered on a form. Are there any resources out there that can help me to help me from losing all my hair? Thanks in advance.

What is the SDDL string for the HR security group's permissions over the Company Data folder? (Format: x;xxxxx;xxxxxxx;;;x-x-x-x-x-x-x-x, no parentheses in final answer) I don't understand this shit, how can you display sddl string for a directory in context of a group? It's supposed to be used for things like services afaik

thanks a lot

cool 😄

thanks @tranquil carbon

I am on the Web Requests module, in the 'POST Method' section. In there, it is written that we see a Set Cookie header with PHPSESSID, as shown in the picture. However, when I tried the same thing, after clearing all cookies as mentioned, and signing in with default creds 'admin

and 'password', I got something different, instead of the PHPSESSID cookie, it was 'auth' as seen

Is this normal, or am I doing something wrong

Searched for this online several times didn't get any responses,

@west rampart could you help

Wait a sec, so is it that I have to do it with the guest creds?

Since in here, the creds they have used are of admin, and yet got the PHPSESSID header, whilst I did not

So I don't think thats an issue

this is an example

Ah I see

So it doesn't necessarily have to be 'PHPSESSID', if I am not wrong?

I see

Yep, the task is already done tho,

:D

can i ask for some with module "Web Attacks", i am stuck at "Bypassing Security Filters". I have got the content of the flag, but when trying to submit, it keeps telling it is the wrong answer. I have tried all verbs in the options, running out of ideas. please give me some directions

thanks

Further on, in the PUT and DELETE requests section, am not able to create a new file using the PUT statement, even thought I double checked if the statement is allowed, by using OPTIONS. It throws me a 409 conflict

Since this is pretty frustrating, the picture shown doesn't have any such problems

maybe try coping all from the picture

PUT /hello.txt HTTP/1.1
Host: 178.62.18.46:30145
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 14

Hello world!

does that work?

modify the host]

Hmm I see'

Hello! I am working through the Network Enumeration with NMAP module. Specifically, I am working through the Firewall and IDS/IPS Evasion - Medium Lab. If someone is available, could I PM you a question about the module, please?

feel free to PM

Thank you!

@noble stirrup make sure you're doing it right.

Had a problem with a question, couldn't get it right, I eventually just called it quits and typed something random and I got it right. Still have no clue what made it right?
Q: Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.
A: Still have no clue but I got it right????

Thanks for the help. In my case, i have managed to do that. I get the "Welcome , admin_xsxasxcas" message but no flag... Is there something more here?

admin_blahblahblah doesn't sound like an admin user account to me

it's a little silly this one ^

How thing going about it? The hint says check source code. but my xml/svg payload never worked

that question doesn't have a hit

Upload the attached file named upload_win.zip to the target using the method of your choice. Once uploaded, RDP to the box, unzip the archive, and run "hasher upload_win.txt" from the command line. Submit the generated hash as your answer.

this is the question

sorry, i guess we're talking about different module?

I mean this "Skills Assessment - File Upload Attacks Try to exploit the upload form to read the flag found at the root directory "/"."

hasher upload_win.txt

yes XD

File transfers

thanks

I thought I had to send the file win_upload.zip to the machine

try uploading a php shell

i heard the XXE payload should work for /etc/passwd

Can someone give me a hint, by the LFI/RFI module. It's the last one where you need to gain the flag the /root directory with an LFI vullnerabi. I tried out many possibilities including some wrappers, but completely have no idea. I also thought it was something with traversal, because it was in the title, but I also came to any results in that.

@opal vapor DM me.

@west rampart please remove the spoilers

sorry 😄

Now I get what was wrong, it was just another '/' which got overlooked.
Thanks for pointing out

I'm stuck at "Credentialed LDAP Enumeration"
I have figured out the LDAP request I need to send but I can't remote login with the credentials provided

Could I get a hint?

Were you able to solve this? I actually went through every folder and found nothing

Im stuck at the Skills Assessment - Service LoginModule Lesson in the Login Brute ForcingModule. Can someone give me a hint? I don't quite know how and where to start. The question states that we know the name of an employee but i don't get it. If i scan the Target i get many open ports with services that are challenges in itself for example the FreeLancer Challenge from User IhsanSencan.

Anyone know how to format the .md cheatsheet files. ?

looks crap in test editor

Is someone available to discuss 'file upload attacks'/'whitelist filters' ?

hey anyone give me answer of first module of What is the name of the first section of this module?

Hey guys I need help in this question.
I am stuck since 4 hours ...

Cracking passwords with hashcat, can someone give me another hint ? Maybe the destination hash algorithm ?

HTB Hint:Use hashid to identify the hash, and then use one of the Hashcat built-in rule sets or hybrid mode to help you crack it.

I did it and there are like 8 hash modes, and like 20 rulesets ...

Cracking: Cracking common Hashes

Just popped in here for the same reason. Getting auth instead of PHPSESSID. Thankyou @noble stirrup and @west rampart

got the solution now

hey mate, i think i remember finding the name in the previous section when you log in to the web page... its a book character... dm if you want help

Anyone I can PM, I dont wanna give answers away but am having issues with the last question. Working on the PUT method for bug bounty program. I have decrypted the cookie, changed it, encoded it, got admin access, but the flag is wrong

nvm, I got it. That was a trick question! Literal as ####

i need help with the info gathering module about the lightshow-staging.githubapp.com (its unreachable)

Anyone on here willing to help a newbie/mentor I'm looking to get into ethical hacking/pen testing and I know guidance is the best way to learn.

Hi there, I've been following the cracking into HTB path and I'm currently doing the Web Enumeration Section but whenever I spawn the machine i got an IP like this: 138.68.131.63:30691 if I try to ping it I just get "name or service not known" and if I try to remove the numbers after the IP, it gets stuck with:
PING 138.68.131.63 (138.68.131.63) 56(84) bytes of data.

in this exact same page, I don't have an option to download our VPN key, so I've been using the academy.opvn from the previous page (Service Scanning) I am not sure if we are supposed to download different keys for different sections of the courses over the academy but if I try to ping the box from the service scan i have no problem at all but in the next lesson, I fail to connect to the box, any ideas on what could be happening?

I would suggest to combine hack the box academy, which is by far the best cyber security academy on the web and portswigger.net

Portswigger.net offers a learning path, when followed with hack the box modules you’ll be catching up with the elites in no time.

thats because its a docker instance

would you mind to explain a little bit further?

that target is only available on provided port and you can interact with it through your browser

ohhh i get it now, feels stupid now lel
thank you very much!

Is anyone else having issues with Lightshow-staging.githubapp.com? I've had several others message me as well that they cannot reach it... is it me?

why when I try to connect to the server where I have the win_upload.zip file it won't let me connect and I get an error saying "Invoke-Webrequest: Unable to connect to the remote server" the module is called file transfers

Is someone available to discuss 'file upload attacks'/'type filters' ? Stuck again...

😈

im currently doing scf file + responder to sniff filehash or password (module 67) and I cant find the writeable share where i'm supposed to put my exploit. Can anyone help me out here? Would really appreciate some help ❤️

DM, if you haven’t figure it out yet

Is it possible to inject application that is using prepared statements

I'm having issue with the first question in Intro to Network Traffic Analysis - Tcpdump Packet Filtering, What filter will allow me to see only traffic coming from the host with an ip of 10.10.20.1?

I am 100% certain the answer is src host 10.10.20.1 @mellow whale

Nonetheless it does not take my answer as correct.

Could someone dm me about Active Directory LDAP? been stuck for some days

Parameter Fuzzing - GET
After running a recursive search, I have only four .php pages. Running a parameter search on them did not return any postive result. Any hint?

Dm, if you’re haven’t figured it out yet

Hey everyone. I'm somewhat stuck on the attacking web app with FFUF, paremeter-GET module. I'm missing something I know it. I make it all the way to finding test.academy.htb, and admin.academy.htb pages. Added both to local dns records, but when I attempt to pull up the coorisponding pages I get a page can not be found. Can anyone give me a nudge on what I'm missing? Also, when I run a recursive scan on admin.academy.htb:PORT I don't get anything returned.

Can anyone help me with this question as I have tried all combinations in Burp

the LS part is working as you can see in the response index.php and styles,css but I cant seem to get the $(PATH:0:1) to work

hey, shoot me a message please

You’ve injected the new-line injection operator twice... you’re suppose to bypass the space character (+)... the module did mention how to bypass space.

Hey guys! Can anybody help me with the "command injection skills assessment"? I'm stuck there for a few days and running out of ideas...

I'm stuck on intro to bash scripting comparison operators,
I have this:

var="8dm7KsjU28B7v621Jls"
value="ERmFRMVZ0U2paTlJYTkxDZz09Cg"
num=133469
for i in {1..40}
do
        var=$(echo $var | base64)
        if grep -q $value <<< $var ; then
                len=$(echo $var | wc -c)

                if [ $len -ge $num ];then
                        echo -e $var | tail -c 20
                fi
        fi
done```

But I don't get any matches for the value, can I get a hint?

i can‘t get my shit api

trash

This issue is solved as what i was doing was adding a carriage return at the end of my burp statement, so a good note remember is ensure their is no CR at the end of the line

could someone help me with the SQL injection module? Subverting Query Logic section

Same here, think there is a miss understanding of the question from my side.. 😄

@storm summit I inserted dummy code into my script and it ran just fine

But it seems to struggle with the value provided by htb

yeah, i thonk it is a easy little thin there, because next questions are totally ok to solve..

think*

I'm stubborn and I want to solve it..

i know, and this feeling at the first question

I'm asking around for help and if I havent solved it by tomorrow night I'll continue with the rest

Doing the 'Skill Assessment - Service Login', wanted to ask, how long the brute force attack took you. Cant get the right combo (maybe created a bad wordlist)

Hi, I am working on Module "Web Attack", section " IDOR", according to the question, there is a "flag.txt" could be found within first 20 uids. I have done manual way and using Burp, and bash for loop to check, but I cant get the flag.txt. Can anyone give me some directions please

can someone help me with remote file inclusion in File Inclusion module please?

i have started the python server, the connection between client and server is correct

but when i try to execute a command

the site gives me this error:

Warning: system() expects parameter 1 to be string, array given in http://myIP:myPORT/shell.php on line 1

check your URL

check it, in fact in the shell i can see that the file contact the server

i have made the same request as HTB

you're on the right path but pls be careful with spoilers

sorry i m new

https://tenor.com/view/sad-baby-cry-tears-cute-gif-17855976

don't abandon me please

savage xD

It is super slow for running sqlmap for it. I don't know it's a bug or not

i have not found the answer, months, MONTHS LATER.

Module: Windows Privilege Escalation
Section: Interacting With users

Could someone help me with enumerating shares where I can write my exploit to? This is what I have tried ||smbmap -u htb-student -p HTB_@cademy_stdnt! -d inlanefreight -H scf.htb -R 'department shares' || but that shows that there are no folder on the share where I can write to : (

Would love advice on the 'Privilege Escalation' section of the HTB Academy 'Getting Started' Module.
Having trouble with the second flag. I'm following the instructions to a T however can't seem to get past this.
I ssh'd into user1, jumped to user2, got the first flag.
Get to /.ssh/ in user2, copy the id_rsa key to my own machine, chmod 600, then try to login to the target:
ssh user2@xxx.xxx.xxx -pxxx -i id_rsa
and it asks me for a password, which I don't have. Then target denies any further attempts at connections.

why ssh to user2 if you managed to jump to that user already?

Can anyone help ?

I have found that the character ; and space is blocked

i passed this through Burp but it does not show me whoami

Surely this should work as I get ping response ?????

I should see whoami - www-data in the response

Im trying to get the final challenge for windows module and I struggle with that final step:

I shared folder with 'advanced sharing', removed 'everyone' group, added hr group with full access, went to the security tab, added hr in 'edit' button with full access too, clicked on the 'advanced' button, added HR group with full access, clicked on 'remove inheritance' then on 'convert' option, and my SDDL of that shared folder is

A;OICI;FA;;;S-1-5-21-2614195641-1726409526-3792725429-1005

Which it says is wrong and idk why 😿

If still stuck feel free to dm

Would appreciate a nudge on the broken authentication skills assessment, been stuck for quite some time

hi. im in the login brute force module at the login form attacks. i have the usr:pwd pair but when i try to connect to it through the browser it just drops me back at the login page. any guess on what could be the problem?

tried to check it with burp to see if it shows something but didn't see anything useful in it

It gives me same exact sddl unfortunately

I did reset 10 times already. You can actually derail this so bad that you won't be able even to delete this 'company data' folder lol, I guess I just won't do this bonus task.

Am I losing something by just clicking 'Reveal Answer' ?

I've been stuck here for some days

Module: Cracking Passwords with Hashcat
Cracking Wireless (WPA/WPA2) Handshakes with Hashcat
Perform MIC cracking using the attached .cap file.

I am a bit stuck here.
I converted the cap file to the hccapx file like in the guide.
Then I tried to bruteforce the hash with hashcat and the rockyou-pw list but it always exhausts.

What I am doing wrong ? 😦

here are screenshots: https://postimg.cc/gallery/KjnP9QX

hi,Im stack on knowledge check GetSimple can anyone help

Hi,

I am doing labs Tier 1, STARTING POINT, lab Appoitment, level very easy.

There is a question ""What does the OWASP Top 10 list name the classification for this vulnerability?"

I tried to answer all the possiblities but unsuccesful. I think it maybe the bug. Do you know where I can ask for this?

Thanks

I'm having a problem finding the right answer to one of the questions in
Module: intro to networking
Q: Split the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.
A: ??????

your in the same boat as I am and it's sinking LOL 🤣

I'm not sure this is the right area for starting point, but i've done this before. The answer is here --> https://owasp.org/www-project-top-ten/

Make sure you copy all the text, including the colon and hyphen. I think the flags are also case sensitive.

I pm'd you, but the output says the 5 hashes were found, you just need to use --username and/or --show, as hashcat doesn't output hashes that are already in the potfile

when there is shell.php\x00.jpg

how does the server treat it

i know in shell.php%00.jpg - the server treats it as shell.php

Has anyone done the LDAP module, I am stuck at this question

What I have tried is:

but the result is not the answer. So do I miss anything? Please feel free to DM me

Hey guys ! I'm stuck at the third question into the information gathering module, last page, the question: Perform active infrastructure identification against the host https://lightshow-staging.githubapp.com. What server name is returned for the host? I've try many things but i'm struggle, someone have got a hint maybe please to a better understanding?

can you open this site? As I can't access it.

Finally completed File upload module... this was fun I can’t think of any real world example lab than this. Enjoyed it. Thanks to the creators, I learned a lot of stuffs.

Need help with Bash Scripting

`var="nef892na9s1p9asn2aJs71nIsm"

for counter in {1..40}
do
var=$(echo $var | base64)
if [ $counter -eq 35 ]
then
echo $var | wc -c
fi
done
`

I dont understand why my answer is not correct

Im getting 800981 btw

I got it. The base64 encoding is different in Linux and Macos

/verify (I didn't figure out, what that means, but I have to write that for some reason)
Hello, I have a Windows related issue (File Transfer/Windows): There is a challenge in which we have to RDP to the target. However, there is no xrdp or other tools installed on the Parrot OS (at least I tried some and I could not found them), there is no connection to the outer world, so I cannot even install one, but the target is in the subnet (10.129...), so I cannot access it from an external Windows. How should I RDP there? There is an FTP service running on the target, but the given credentials do not work on that.
thanks

I cant help you with your problem but do /verify and a bot will send you a DM, where it gets explained how you can verify yourself to write in every channel here

Can anyone give me a nudge on "Command Injections - Final Assessment"

Can someone that has completed the LDAP module dm me?

Hi can any one explain me where to find user.TXT file in cracking into htb course and getting started module and knowledge check section .I have gained reverse shell but unable to find user.txt file

Dm me

hey. could someone help me a bit with a brute force login skill assessment? i done the first part of it but have some issue with the 2.

Hi, Im trying to do this question "Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section." in the POST requests section of the "Web Request" fundamentals module. Im not sure what i am doing wrong. I have edited the parameters and then decoded the cookie, but that doesnt seem to be the answer. Can anyone help point me in the right direction/let me know what im doing wrong

Hi, I have two questions regarding the correct answer on the Network Traffic Analysis module... Anyone I can dm?

The Real NicoF 😄

DM me

@inland hull

glad you figured yours out I'm still stuck on mine 😕

WLAN would be wireless local area network right???

Thanks you for clarification

Could someone help me, which software can be used on Parrot OS spawn to RDP to the target? I did not find any (Module "File transfer", Section "Windows", second question)

Stuck on the last two questions in the last section (skills assessment) of information gathering web

When I attempt to curl it or use any other tools for active infrastructure enumeration, it apparently can't resolve it? What am I missing?

I'm stuck here

Sorry, can't help. I only have like 135 cubes lol. Building up to 1000

@sudden harbor I haven't done your module either

(Get-ACL "AD:$((Get-ADUser htb-student).distinguishedname)").access | Select-Object ActiveDirectoryRights

I tried this but none of the permissions match the answer

I googled the codes of the extended rights and that isnt correct either

if you were logged into the box and wanted to look at your userid and privs from the command line, what would you use?

Get-ADUser -Identity htb-student -Properties *

(Get-ACL "AD:$((Get-ADUser htb-student).distinguishedname)").access

@pallid gulch

I tried whoami /priv

hi

can anyone give me a hand with Gathering Information - Active Infrastructure Identification using wafw00f is saying that the target site is down.

.

Bros excuse me i am stuck in traffic analysis could you help me out. Is in Tcpdump Packet Filtering "What filter will allow me to see traffic coming from or destined to the host with an ip of 10.10.20.1? " I try a lot of combinations but nothing.

bro i don't know where you need to execute tcpdump, anyway you can try tcpdump -i <int-name> host 10.10.20.1

or you need to collect information on wireshark?

https://lightshow-staging.githubapp.com is indeed down. It didn't work for me or others when we tried it earlier. Not sure who to inform

bro i think i have to use the filters only the filters are src host

yes but in that way you will filter the IP only as a source

bro i also try that (src 10.10.20.1) and is not 😢

ok i got it bro thanks

i was writting worng the filter but it is not src is the other thank you very much.

in the brute force login skill assessment some help pls

i solved the first part but stuck with the second

I'm playing Gathering Information - Active Subdomain Enumeration,
can someone help nudge me on how getting finding other zone on target nameserver ?
I could only find zone of "inlanefreight.htb"...

im new to this and the starting point stuff isnt really helping me connect to machines. is there more i should know?

thanks

Still stuck in LDAP last question

I tried both and they don't work

Hi, I have problems with the skill assessment 1 question for attacking common applications. Do you have any hint what to do? Could not find any cgi folder or any other vulnerability which works on tomcat, except ghostcat. But with this I can read only the web.xml which does not contain interesting data.

Anyone who can help me in the skills assessment File Upload attacks

Hi. Im stuck in the nmap module Firewall and IDS/IPS Evasion - Hard Lab. Can anyone help? thx

DM me

I have now completed "Command Injections" module... That final assessment took me 2 days to complete.

Hello everyone, I have a quick question about | module Information Gathering - Web Edition | Section Activate Subdomain Enumeration | Questions What is the FQDN of the IP address 10.10.34.136?. Is anyone available for a quick dm?

I contacted support for this issue they said it should be resolved by Tuesday

Ok cool. Thanks. And ya, feel free to DM me if you have questions about that module

nslookup -type=NS inlanefreight.htb <DNSIP>

Thanks but I was looking for something else, grail helped

May I ask how did identify the injection point? I was struggling with this step when I did that module

can you give a little hint about the final assessment

I can't go forward... what is the answer of "What is considered to be one of the most essential skills to possess as a Penetration Tester?"

I just finish the traffic analysis module feel free to DM me bros

found my mistake with the help of @lucid venture. The word list I've used was not the best for this case.

I'm sorry but what would be the way forward before doing the practical part? I don't find where to read the theory

Last exercise of “starting point”

Friends who can help with Windows Local Privilege Escalation? The last two modules.

Has anyone been able to complete Active Subdomain Enumeration in Information Gathering - Web Edition? I’ve been stuck on it for days now…

I did not find any info on 10.10.34.136 or 10.10.1.5 after performing the zone transfer, and my nslookup -type=NS <IP> <DNS> is not working for these two IP addresses

hi

have a problem with htb academy

Trying to do the first fundamental

but i'm running into a few issues

https://academy.hackthebox.com/module/35

first of all

the burp app isn't directly accessible from the home menu on my terminal like it is in the images

i can find the burp app but i'm never usre if it's the right one or not

and from there, my foxyproxy is also different to the one displayed in the article

in the terminal i'm getting an empty pop up menu, while the one on the article shows a burpsuite button shown

i've been trying to work my way past this very basic step for a while and i'm completely stuck because i can never make it past foxyproxy as a result.

idk what to do and there's seemingly no support on HTB for this.

this server doesn't seem to be all that active so i hope that someone can get back to me, i've been dabbling in programming/cybersec for a while now but never really put any other effort in, HTB Academy seems like a great place for me to start but I don't want to be instantly prevented from doing that because the first actual step is limited by the fact that it's nearly impossible for me to actually complete the steps listed because they're not as shown in the actual article

:|

finally figured out that my problem was probably just a misunderstanding but now i can't spawn another pwnbox today.

Hi all, could I please get some help with command injection skill assessment part..?

Can Someone help me with Skills Assessment Windows fundamentals

I need to complete the question 'What is the name of the group that is present by default in a newly create share' and 'list the SID associated with the HR security group'

Can someone help me how do I get to the /root/flag.txt on the Getting Started - Privilege Escalation

Why am I not able to connect RDP to kali linux. Do we need windows 10 or 11 pro to connect that.

Hi, I'm kinda stuck at the following question in the Information Gathering - module: Which CMS is used on app.inlanefreight.local?
I tried it with ||WhatWeb whatweb -a 1 10.129.220.134 -v|| and ||Wappalyzer|| but had no luck. Does anyone have a hint for me?

I am having problems with “Attacking Common Applications: osTicket”. I tried the provided passwords for both users from the dehashed example and the password from the screenshot in the module with no luck. Can anyone give me a hint?

It's been a while since i did this module, but i do remember you need to log in with found credential from here

Oh man, thanks! I was using the client login page all the time when I should have used the agent login!

First of all, I would suggest you upload a php shell manually if you can log in wordpress as admin, so you know the whole process; Secondly, if you are going to do it with metasploit, set up the proxy option in the module and check what got sent by metasploit in burpsuite. So you can debug this issue

Not sure what is going on with this. Did you modify the 404 page in an unused theme? any error message?

So you can have a web shell right?

Okay, feel free to DM me

Did you figure it out? I had a bunch of issues connecting my Kali VM to rdp but found a solution. What result are you getting when you attempt to connect? There's a couple different problems that can be resolved but it depends on where your error is

Anyone pls? 😬

Im getting bad decrypt message in Introduction to Bash Scripting - Flow Control Loops

Does it have to do only with my salt variable?

bad decrypt
140307046462784:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:

Hi all, can someone help me with the question in the module: introduction to web applications - > development frameworks and Apis

Netcat issue:
I can establish a nc connection running a VM but not on my Linux host. Any clue?

Anyone that could help me with nmap enumuration? Im currently stuck on the last IDS/IPS detection module. Im supposed to find what service is active on the system without getting detected. I only get 2 open ports and all other filtered. Ive tried different options but can't figure it out.

Where are you stuck?

DM me.

No need to use search.php. All you need to do is change a parameter value 🙂

I get the same output , can u help me?

Using -iter or -pbkdf2 would be better.
bad decrypt
140064467105088:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:

Bash scripting - Flow Control - Loops

Pls. I am pretty stuck

Thank you for your response. I tried the parameter option without changing index.php but I was doing in the comment section instead of doing it in the spawned target. I got the flag from it and then pasted it in the comment section and it worked :)

You're on hack the box app domain. We're discussing hack the box academy here. Htb academy is the reading or learning place before doing the practicals on hack the box app. Starting point is a series of basic level boxes on hack the box app domain.

Sorry that was for @somber dome

So when I finish the starting point, the right way to learn is read before on the academy and then try the practical on HTB

But there is another subscription for the academy?

Exactly

Yes it is. But trust me it's worth it. I'm at the starting point too. And I'm doing the starting point boxes as well, just finished the free boxes in tier 1 and got the subscription .

I bought vip+ for HTB

Academy gives you the option to learn a topic of your choice. The length of content of your topic will be valued by coins.

Hi, I have some problem with module 27 (DNS and python), can someone tell me if he did it without any problem? thanks

Hi, i am on the hashcat module wpa section second question. I can't extract the pmkid hash required to crack it. When installing hcxtools to extract it I keep getting this error:
"hcxhashtool.c:19:10: fatal error: curl/curl.h: No such file or directory
19 | #include <curl/curl.h>
| ^~~~~~~~~~~~~
compilation terminated.
make: *** [Makefile:105: hcxhashtool] Error 1"

Ofc I am trying the suggested ways to fix this dependency issues but it has no result. I am on the pwnbox and unable to resolve this issue to move further. Any suggestions?

@hexed tartan Give this a try https://hashcat.net/cap2hashcat/

this is great and resolved my issue, thanks!

I’m stuck at the same point. Did you solve it?
Edit: Nevermind, I solved it.

Anyone having issues connecting to the academy vpn? specifically Linux Fundementals - System Information

@crimson path No, I was able to pull that section up with no problem and access the vpn via the website.

tried a couple ovpn's throughout the module and just getting the same... found a comment on the help threads saying to submit a ticket.

Can Someone help me with Skills Assessment Windows fundamentals

i need help with using the get method

i havent done much academy but maybe i can help? wym "get method"

its like

uh

the question asks send a GET request to flag.php using to paramenters num1 and num2

Try to google how to put parameters in your request

It's with curl iirc

^^

society is right

thanks

anytime

anyone has connection issues? did windows fundamentals, windows security and im currently having problems with rdp connections.

Does anyone want to join a hacking team?.. Or should I say.. Pentesting?

i do

Can anyone help me with the skill assessment part of the Broken Authentication module? I'm a bit stuck.

Give more details

dm or here?

Nah there so anyone can help

I've enumerated the users and I can forge a valid htb_sessid cookie. I've also figured out the password rules. First I tried to brute force the password of the support user by greping the rockyou.txt password list for legitimate passwords and try those to log in, but did not find any that worked. After this I've tried to forge a cookie and replace my own but I'm getting an error message from the site: User support cannot have that role.

@unreal patio - yep, that's it! what priv shows up that's not standard? (even though it may be "disabled")

Having issues yesterday and today with the academy.ovpn posted a screen grab a little up. Same issue today.

could anyone help me with the brute force login skill assessment? i got the first flag but can't find a usr:pwd pair for the admin login page. stuck on it for like 3 days now

Sent you a PM 🙂

Look for a way to bruteforce even more usernames!The support page gives you a good clue. It seems like you are doing well so far!

Practicing XXE on Markup box and can't get it to work, even by following the Walkthrough, anyone fairly comfortable with XXE?

looks like you've declared you entity "test", right? but i don't see where you're calling it in your code.

reference here : https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity

You're right, I was actually hopping between the Walkthrough and Hacktricks and I guess I got messed up reconciling the 2 payloads

Thanks!

quick extra question if you don't mind, does it matter what variable you use after DOCTYPE?

not in my experience

in the Walkthrough they use 'root' and Hacktricks uses ;foo'

https://xmlwriter.net/xml_guide/doctype_declaration.shtml

Can anyone help me with the final lab in the nmap module? I'm stuck.

saw your screen grab. i am suppose to connect to vpn even though im using the htb instance?

Negative, pwnbox instance is stand alone. Different problem :(

windows fundamentals, windows security module 49. unable to rdp to target host. im using the htb instance

try downloading the VPN profile and connecting

where can i download the vpn profile?

should be on the section page

hovered over "Get VPN Key" and it mention it is already installed in My Workstation? but i could not find any .ovpn file inside the instances

Having an issue sshing into a box with the private key and I found a fix on the HTB forum which apparently helps HTB boxes, but it still won't take the private key:

• What I found on the forum:

In order to avoid future issues in htb lab boxes etc I’d advise to either create or edit your .ssh/config file to look like this:

kali@kali:~$ cat .ssh/config
Host *
PubkeyAcceptedKeyTypes=+ssh-dss
PubkeyAcceptedKeyTypes=+ssh-rsa
HostkeyAlgorithms +ssh-dss,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519

Or you can edit the system-wide config file /etc/ssh/ssh_config so that sudo ssh works for tunneling purposes to accept multiple hostkey types by adding the same line:

HostkeyAlgorithms +ssh-dss,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519```

┌──(kali㉿kali)-[~]
└─$ ssh -i id_rsa daniel@10.129.198.115 -v                                                                      1 ⚙
OpenSSH_8.7p1 Debian-1, OpenSSL 1.1.1l  24 Aug 2021
debug1: Reading configuration data /home/kali/.ssh/config
debug1: /home/kali/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 10.129.198.115 [10.129.198.115] port 22.
debug1: Connection established.
debug1: identity file id_rsa type -1
debug1: identity file id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.7p1 Debian-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_for_Windows_8.1
debug1: compat_banner: match: OpenSSH_for_Windows_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.129.198.115:22 as 'daniel'
debug1: load_hostkeys: fopen /home/kali/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:v2qVZ0/YBh1AMB/k4lDggvG5dQb+Sy+tURkS2AiYjx4
debug1: load_hostkeys: fopen /home/kali/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '10.129.198.115' is known and matches the ED25519 host key.
debug1: Found key in /home/kali/.ssh/known_hosts:9
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: id_rsa  explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: id_rsa
Load key "id_rsa": invalid format
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
daniel@10.129.198.115's password: 

I've ssh into many other boxes before and never had that message

I ran into this problem the other day, it is a box from starting point right?

The key issue is Load key "id_rsa": invalid format. After i copy the private key from burpsuite again, the issue is gone. So I assume it might be caused by some extra space or line

Thanks for the help, I'll try it!

Anyone can tell me which wordlist you used in the "Login Brute Forcing" Moudle . Skills assessment

@faint hamlet If you are still stuck DM me.

Hey, can anybody help me with the module Hashcat - Working with rules. I get everythime "Status Exhausted" and "Approaching final keyspace" and this after seconds...idk why

@obtuse terrace DM me.

How can we evade ips and ids and scan for target os using nmap

I'm in nmap module easylab

Firewall and ids evasion

That's what I did I copied the key from Burp and indeed it's the Markup box... I even generated one myself to compare the format and they look the same to me

I have no idea what is the issue here. If you are in vim, I would suggest you try :set ff=unix. It may work

hey guys

anyone here?

Does this mean anything or is it gibberish 🥲

Can anyone help me to how to verify inthis server?

https://help.hackthebox.eu/en/articles/5193100-gs-welcome

Did you resolve this? I keep getting the same error. I'd much rather use a own box

Busy at work haven't had time to check again. If you can let support know on the site when they're active they might be able to resolve it but I'm currently working through any available hours. The error appears in their support section you can find followed by submit a support ticket.

It was fresh day of error

Re downloaded 3 or 4 times and following day.

Strange! I'll give it a shot this evening

Will try making a ticket. I compared the .opvn to the ones HTB usually serves and its missing a bunch, dont know if it should or not but anyway its just not connecting and keeps giving the same error no matter now many times i download a new one

the <cert></cert> part is empty compared to the htb-lab ones atleast

Have not had a working academy cer though so nothing to compare to

Yeah that's what I saw.. you can find the blurb on the help page that basically says the issuing server messed up -> send ticket. Hope it fixes up soon for those having issues though.. lemme know if you figure it out!

Will do, thanks

I sent a ticket and they fixed it and yeah the <cert></cert> part got fixed so I suggest you do the same. Only took 20mins for the reply

10-4 good stuff 👍

I'm having trouble with the Archetype box;
I've connected to it through xp_cmdshell, reversed shelled it, ran winPEAS on it, but now I'm stuck with two file paths to .DAT files, but I'm getting a repetitive access denied or this file is used by another process that is hindering me from finishing this box.
I've obviously configured the Administrator after finding it's password (net use T: Administrator blah blah ), and I have no clue how to continue.
Can anyone point me in some direction? Google has been devastating the past 2 hours

you ran this? python3 psexec.py administrator@{TARGET_IP}

this command is new to me, what does it do?

check the walkthrough

coloca esto al final !

In english? 😬

Anyone else have issues in the Hashcat Module: Cracking Wireless? Specifically after converting the .cap file to .hccapx. I have successfully converted the provided file to .hccapx and per the instructions I am using the command:

sudo hashcat -a 0 -m 2500 /home/kali/Downloads/q1.hccapx /usr/share/wordlists/rockyou.txt

But this doesn't seem to be working. I don't think i have an incorrect hashmode #, and i tried out different Rule sets but got the feeling it was a rabbit hole.

Hey Guys

I’m in the knowledge check section of getting started and I’ve found already the root exploit using LinEnum, but I don’t know how to sudo that file and append a reverse-shell

Someone can give a hint? Pls

I’ve already used the < echo … tee “file” > but I don’t have the permission to do that

Sorry bud I haven't done that module yet 😦

I just found out there were walkthroughs.. damn.

Hi anybody who is responsible of academy? the hashcat module has an error in the hcxtools part (WIFI). Looks like the developer make an update and the tools has different name and syntax.

In webproxies module repeating requests section.it is asking to look for flag in other directory using command injection.qmd I found the flag which is 2 directory back but I'm umable to open the flag file no matter which command I try

Any help is appreciated

Are there anyone who is gonna help me or just watching messages.community is menat to help to each other

hey. im doin the brute force login module and im at the service brute forcing skill assessment. i made the personalized pwd and usr name list but when i try to do the ssh bruteforcing i get an error: [ERROR] Unknown service: ssh://178.62.96.143:22 even if i try with the target port number. any idea? pls help

Syntax is ssh username@ip

Check if ssh is installed

@west canopy DM me.

Haha, that took me a while either

hi I need help in web requests module I can't figure out post method question. I changed cookies admin and guest but it didn't work what can I do?

DM

Hi, I was considering on purchasing the student subscription for a few months in order to do all the modules that I'm interested in up to Tier II, but I was also wondering whether I will be able to access the modules that I have completed once the subscription expires. Thanks in advance!

Yes you still will have the access, I know it from my own experience

Had the same issue. And the pwnbox doesn't allow you to install it via apt or snap. Also, there are no VPN keys for the Academy exercises to do them with your own VM. So do the following:

1. Go to https://www.zaproxy.org/download/ and download the package for Linux (not the installer! it doesn't allow you to run it either)
2. Open the terminal
3. cd Downloads
4. tar -xzvf ZAP_2.11.0_Linux.tar.gz (notice that the filename may change)
5. cd ZAP_2.11.0/ (idem)
6. ./zap.sh

Now ZAP UI will open

Can I DM you about an earlier stage?

I used to purchase cubes with giftcards but as of now it wont let me anymore, is a subscription needed now?

Yes pls

hi

am new

Hi

I was struggling with this question, but now I got it thanks to your tip. Thanks a lot 😆

Hi

what does Submit root flag mean what im supposed to do?

you need to find root.txt on the box

ohh

on the website?

still new to that

hello guys

Hello

There are two type's of flags

user flag and root flag

user flag (user.txt) its the "first" flag you will find

and the root flag (root.txt) its the "second" flag that you need to figure out how to get it

going more further

Hey there, been having this issue for the last 3 days. Working through Linux Fundamentals / System information and when trying to ssh into the htb-student using the pwnbox it just seems to timeout. Can't see what I am missing & cannot proceed without it.

If you open the openvpn log file on the desktop, is there any errors you can see in there?

sorry not sure where I would find that info

No sweat. Im new too lol.
On the pwnbox, under the trashcan theres a file called htb_vpn_logs.log
i've been having problems with my one connecting to their openvpn, and the log file has some lines thay say 'fatal error'. Just worth checking if you've got em too

Ah gotcha. Last 2 logs are cannot load inline certificate file and exiting due to fatal error

Yup same here. Thats the problem if i had to guess. The pwnboxes can't connect to their openvpn, and so we cant connect to the target

Well least its not just me 😅

Guessing since its the same issue the last 3 days its an ongoing issue?

Yeah i think so. Not a great look when i just got myself a subscription lol

Ouch. yeah was about to do the same then hit this wall and decided it might hold off on the sub till I can complete a module 😫

does anybody do voice chats for ctf beginner's ?

Re the RFI/LFI module, I'm following page 5 - Remote File Inclusion. I can't get the first php script (<?php system($_GET['cmd']); ?>) to work. Investigating further it doesn't seem like the server is rendering php properly because when I try to open up the php script on it's own, I get a download request. Am I doing something wrong?

morning guys, anyone who want to help me with the ffuf end module?

Also pyftpdlib needs to be installed on the attacking machine.

Hello

I'm CRACKING PASSWORDS WITH HASHCAT currently Working with Rules im trying to crack the hash with the rule but it seems not to work

Hi, I just finished the module "Web Attacks", but didn't get a result in the example of "Advanced Exfiltration with CDATA". I've copied the example data and can see that the request to my box take place. Is the POST address "/submitDetails.php" correct or is it a different one like the one of the example below ("/error/submitDetails.php")? Does it work for you? Any hints?

hmm, I found 5 extentions in the FFUF skills assessment, did anyone found more? Just added them as asnwer like .ext1 .ext2 but it says the answer is wrong 😦

Do we hack?

I only found three, and they were right 😕
(Not all subdomains have ALL extensions)

Just finished going through page 5 of LFI/RfI and it looks like none of the examples work.

Did u manage to find the flag?

@floral nimbus if this helps then all good https://pdfhost.io/v/Hq5PEVrih_FileInclusionDirectoryTraversal.

@frigid quail DM me.

@spring skiff hi

Thanks @main vapor I'll check it out

i am new to the world of hacking

i want to get to a high level in it

so can u help me out?

to learn hacking

Hi All, I am pretty new to windows operating system, i was trying to complete Windows Fundamentals from HTB academy. There is a section which discusses about NTFS vs Share Permissions, as part of that there is an exercise which requires us to make an smbclient connection from PwnBox to target windows computer. However it fails with the following error. smbclient -L 10.129.183.149 -U htb-student do_connect: Connection to 10.129.183.149 failed (Error NT_STATUS_IO_TIMEOUT) This is what i have tried:- some threads on stackover flow suggested to add this line in /etc/samba/smb.conf client min protocol = NT1 I tried but failed. And the last thing i tried was add an entry in /etc/hosts file as someone were suggesting its a DNS resolution problem. This also didn’t work. The only working trick is to completely shut down windiows firewall. Hints? 🙂

Start with the Fundamental modules.

I am having trouble with openvpn can someone help?
2021-11-18 05:22:44 OpenSSL: error:0909006C:PEM routines:get_name:no start line
2021-11-18 05:22:44 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib

What?

@rustic sage

i didnt understand

Running as sudo?

yes I am in root

Free discord nitro for 1 month!
https://discord-gg.com/nitro @everyone

You tried to download again the VPN key?

This looks similar:
https://forums.openvpn.net/viewtopic.php?t=30408

yes, I have flag but not remeber what I did to find 😄

yes I tried but didnt work

my openvpn version is 2.5.1

so I need to download 2.4.8 right

I am not sure, as this bug described there was with 2.4.9
Try updating your OpenVPN to 2.5.4

In the "Intro to network traffic analysis" in chapter 2, there's a question "What addressing mechanism is used at the Link Layer of the TCP/IP model?" Has anyone made this work? I'm pretty sure I have the answer, but it won't accept it 🤷‍♂️

Worked like a champ! Thanks

Can someone point me in the right direction here? I'm on the hashing vs encryption module. I was able to do the first question generate an MD5 hash... However, the second has me a bit tripped up. I'm using a Kali vm, not the pwn box. I can't seem to figure out how to encrypt with Kali. The examples given are all for the pwn box. The question is Create the XOR ciphertext of the password 'opens3same' using the key 'academy'. (Answer format: \x00\x00\x00....)". Am I just over complicating this question?

Perhaps pwn isn't installed in KaliOS.
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade pwntools

wow. Annnd I was thinking import pwn, was the pwnbox sys. similar how I'd start my python code with import sys. Thanks a bunch. very much appreciated.

Hey, so I've gone through Linux Fundamentals and had some problems here and there but eventually I solved them. But one task I just cant get right. In the section "File Descriptors and Redicections" I dont know the answer of the question "How many total packages are installed on the target system?".
I tried a lot of methods but it was wrong everytime.
So could anyone help me with this?

Please share the last method you tried.

May have to send a support ticket and they'll reset it for you. Few of us with this issue last couple days.

i tried dpkg --list | wc -l
and apt list --installed | wc -l

and some more I dont remember

Check your DM's brother 😉

Check the output of apt list --installed if it only contains apps' names. (Check the first line 😌 )

Anyone out there that I can PM about Firewall and IDS/IPS Evasion - Medium Lab? I am stuck on this.

@vivid sentinel Send me a DM

If you're still awake

Thanks for the reply! I actually just figured it out. LOL

Congrats 😄

thanks! Now working on Hard mode

Has anyone finished the Skills Assessment - Service Login for the Hydra Bruteforcing module? I need to bounce some ideas off someone because I've been stuck for a while.

I haven't done that module yet

Can anyone help me out with the last skill assessment for Nmap?

@west canopy DM me.

Resolved! Thank you so much!

@small panther Are you on the Firewall and IPS/IDS Evasion - Hard lab?

@west canopy Yes, I am on the last skill assessment. I have hit a road block and have not worked through it yet.

I could use your help here! I’m stuck as well

@small panther Check your DM's bud 🙂

Anyone completed the Windows Privilege Escalation skill assessment? Stuck on the question of finding the ldapadmin account.

still having NT_STATUS_IO_TIMEOUT. I think is not related to wrong params used in smbclient, but Windows Friewall's blocking rule... maybe smbclient listing is not allowed in WF ruels?

pwnbox, in which a xfreerdp istance is running

Would anyone be able to help out on the "intro to network traffic analysis"? I've done all assignments, except that one question in the first section XD which I argue is MAC-Addressing, but apparently not

did you figure this out? if you did pleaseeee lmk it’s driving me insane, i friended you!

Hey there 🙂 im new to HTB and currently doing the academy. Atm i'm stuck at (Skills Assessment - File Inclusion/Directory Traversal) any hints here?

i tried everything i learned in this section so far but i can't find a way to print files/run commands via the browser.

Thanks 🙂

@brisk viper https://pdfhost.io/v/Hq5PEVrih_FileInclusionDirectoryTraversal

Figure this out? Running into the same problem myself

thanks, will take a look at it!

it could be educational to figure out which rule should be added to firewall to make it work again 😛

Please remove the spoilers.

@pearl birch What spoilers? Writeups fill the entire globe on the Internet for Tier 0. If you dont want spoilers dont view the file.

SMH.

@pearl birch Read the FAQ of the Academy then SMH your head how many times you want. I don't care about that.

found a workaround solution. temporary enable Netlogon Service in WF

Otherwise, we would delete the message and maybe warn the guy who posted it 🙂

Is there a way to jump to the end of a program with GDB GEF?

Hey guys

I'm stuck in the 2nd part of the Knowledge Check in the Getting Started HTB Academy module

According to the hint, I'm supposed to use LinEnum and LinPEAS for privilege escalation, but the file I try to append the reverse shell text to gives me a permission denied error.

I'm starting to think that I may have fallen into a rabbit hole, but surely the hint the module provides isn't wrong?

Module: Login Brute Force
I was working one week ago and now I am back at the last task. Skills Assessment service login.

The task is to bruteforce a ssh Server with a known User from the Last task. I dont remember the username… Can somebody just tell me the username quick?

question - is there a specific vpn for academy?

i try to rdp to boxes and they always crash after 1 minute

and stop responding to pings

What command did you use? and what error message have you got?

Make sure your academy vpn is not connected by multiple devices at the same time (e.g. your workstation and pwnbox). Because all these devices will share the SAME IP; Then you will get packet drop issue

Permission denied

and I used echo 'reverse shell text goes here' | tee -a 'filename'

Change the | for a >

can anyone help with the privilege escalation for the root flag on knowledge check in getting started

i am completely lost

Linux or Windows?

linux

you can DM me the screenshot of the question / module you're so so it'll refresh my memory and I can try to help.

Hello everyone, I solved all the questions in the Skills Assessment section in the JavaScript Deobfuscation module, but I couldn't understand the 3rd question, does anyone know what I should do?
3.Question:
As you may have noticed, the JavaScript code is obfuscated. Try applying the skills you learned in this module to deobfuscate the code, and retrieve the 'flag' variable.

Working on the Login Brute Force module Skills Assessment. Feel like I am missing a little bit of magic to get this finished. Found the user first and last name from the previous exercise. Built the usernames list...built the custom password list using info found online and Cupp. Then adjusted this list to meet the password policy. It has been running for several minutes now.... Did I miss an extra bit of info in the Cupp file perhaps?

@lyric cosmos DM me brother 🙂

Have you "beautified" the code and looked for any functions that might print this?

When I try to run openvpn it gives an error. How can I solve it?

Got in touch with support, turned out they needed to regenerate my VPN key, probably worth opening up a chat with them about it

Which Error?

Thanks for the nudge earlier!

@lyric cosmos anytime bud!

Make sure you have write access on the current directory for this command to work

I'm starting to think that Archetype is impossible!!!!!!!!

I've literally been trying all day

Hello, I'm new. New to discord and to HTB. My eMail-Request doesn't work. The site freeze at 1 Sec.

Pls ask in -> #613049811481919508 this is not the right channel for this

Hello everyone, I have a question
Why the nmap output is different if I select all ports vs a specific port?

**ALL PORTS (-p-) **

$sudo nmap 10.129.2.47 -sV -p- Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-20 10:27 UTC Nmap scan report for 10.129.2.47 Host is up (0.0034s latency). Not shown: 64562 closed ports, 971 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

JUST A SINGLE PORT (-p50000)

`sudo nmap 10.129.2.47 -sV -p50000
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-20 10:30 UTC
Nmap scan report for 10.129.2.47
Host is up (0.0034s latency).

PORT STATE SERVICE VERSION
50000/tcp filtered ibm-db2
`

Why with all ports (-p-) this filtered port did not show up in the results?

According to the nmap docs:
"open|filtered and unfiltered may be condensed into counts if there are an overwhelming number of them."

can anyone help me with the "Broken Authentication " module?

got stuck with a weird issue

Bot won't let me send the error message 😄

Send /verify in #bot-commands

Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-11-20 01:33:26 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.

Thank you for your help

@green skiff please open a ticket for this issue

Anyone else having issues to connect to academy vpn with the openvpn below the pwnbox?

For the windows boxes, it's needed as far as I know

I sent a message to support and they just got back to me. They created a new VPN key and it's working now. Thanks

Don't thank me, thank the support 🙂

I thanked them too, thank you everyone 😄

why the infrastructure in the academy is so bad?

literally unusable

servers and containers constantly crash

Can you elaborate?

i'm trying to finish the File Inclusion / Directory Traversal module. In one section (Hardening Tips) I need to ssh to an internal container (with 10.0.0.0. class A Ip). Every time i do that (either through VPN or pwnbox) the container crashes after 1 minute and i need to reset it

same happened to me on an Active Directory module where I needed to RDP

Hi! Can somebody please tell me what is the "root website" from module "File transfers, part 1"? Is it http://localhost or not?