#modules

You can DM if you want

@unique star thx !

Can i ssh to htb target from my pc?

or need to boot htb istance?

because if i run :

ssh htb-student@target

it doesn't connect

if you're on the vpn yes

what do you mean? should i connect to the same instance vpn?

you should have a vpn file in the downloadables of your module iirc

yes, get vpn key

and i have downloaded it

should i configure it in my openvpn service?

Did it, nothing changed

used :
openvpn --config /path

Started the configuration

Ok, got it. was just :

sudo openvpn /path

how do i get root access in ssh sessions?

there is no txt file where su password is written

because if i try to list .conf files it says permission denied

got it...

first question on linux fundamentals is kinda confusing.. it asks about what options to select when creating home directory using useradd command..what is the correct answer to that? tried using useradd -m but didn't workl

The answer is the switch used, not the full command

hi short question to INTRODUCTION TO WEB APPLICATIONS, where i can spawn a target😂

It depends on the questions you're given to answer

and can someone recommend the Bug Bounty Hunter Path, so the full cource

i have to say the value of something, but for this i need a target

simply right sudo and than type your mchins pass

HTB Academy Module 35 : Web Requests > Post Method

I don't understand what to do now

https://imgur.com/a/ybqSQs6

I have logged in

@plucky crown I'm stuck at the same part. I swear i've tried every combination possible

I already have it
its only "admin" in base64

without this random string

im stuck in nibbles

what part?

well I closed it all down and going to start over just incase I missed something.

👍

so I get lost after it's revealed what the password is, nibbleblog/admin.php doesnt take me to a login screen

after that, on the next page it says to save a code, but doesnt say to what or what I should name it or what folder

alright, im going to revisit it tomorrow, logging off HTB for the night

I'm stuck on LFI last section and I've tried to use php filters and I know how the LFI payload is sanitized, but I still don't know how to get shell. Need help.

I kept on trying, got further, but still got lost again

-c

--command

Hi all

is somebody there and can give me a little hint for the last question in the Footprint Module -> SMB

"What is the full system path of that specific share?"

I only have one path but does not match as answer..

The SMB share is in a linux or in a windows machine?

this is my issue, i know it is in a linux -> Ubuntu machine but have an windows path

😖

Submit the size of the stack space after overwriting the EIP as the answer. (Format: 0x00000)

how to calculate the size of the stack depending on the EIP you have >

?

were you able to get root? Got first flag with ease, but cant get root. I've tried everything. Can you help with privesc? I'm not able to do anything with gtfobins.

With a gdb command

well i know that i need to use the info but i really dont know what flag with that

DM

Just use gtfo bins, look under sudo section and try all of them, there are quite a few options to try, you just simply copy commands from there and run them in user shell you got in

What username ultimately works with the remote management login prompt for the target?

i think root ryt

OMG thank you so much. I'm now root. I'm about to cry.

no problem men, keep it up

gtfo bins is useful so much

Stuck on SA shells & payloads host 2. Can anyone assist ?

What is the name of the share we are able to access in the end?

Hi

Can i ask a question which is not about ethical hacking. asking due to I've been kicked once

If someones thinking about taking the Footprinting Module, I can really recommend it. Do it! One of my fav. modules so far on academy!

...think maybe you answered your own question.

don't you know anywhere where i can do it 🙂

What exactly are you trying to ask?

look. let's say I have an application and I want to integrate it into another application so that the user doesn't even knows that my app has been installed

<@&861185840277487616>

sup

what does it means. hope you are not gonna kick me

@grave stream you cannot ask about illegal things and especially not in a channel meant for the HTB learning Academy

yeeeeeeeessssssssssss

It summons all the admins and moderators

because someone's being a bad boy

<@&861185840277487616>

sorry i didn't know about that

i'm not gonna do that again!

mr.rex got the boot!

One would have thought you would know not to do it again after having been kicked from other servers

that's why i firstly asked.

my apologies

now you know - please don't talk about illegal stuff in here. If in doubt, read the #rules

👀

Got a "simple" one

Doing the Active Infrastructure Identification part of Information Gathering.

The second question states Which CMS is used on app.inlanefreight.local? (Format: word)

I've ran a scan using Wapplyzer and identfied Joomla is the CMS but Academy says thats incorrect

Anyone got any ideas?

^ I've done the other two questions on this section, just not sure why Joomla isnt liked

Maybe it wants the version of the CMS with it, run whatweb and see if it tells you Joomla aswell

whatweb -a3 <target>

Nice... without spoiling for others, the whatweb output is slightly different from the output of wappalyzer

Nice, cheers dude! @rustic sage

Please see your DMs for instructions on how to verify your HTB account.

Please see your DMs for instructions on how to verify your HTB account.

Hi All! I am stuck on finding a version for a service in "Firewall and IDS/IPS Evasion - Hard Lab", I have not been able to find a version that it likes as a solution, is it true that the solution doesn't work on the HTB VM?

I did not do this module so it was a blind guess 😄 Anytime !

i have questions about the Stack-Based Buffer Overflows on Linux x86 module. Some things are not clear to me.

for instance why the payload becomes 124 bytes at the end. the total buffer is 250 and the shellcode 94!

also the question about the stack size is not explained anywhere in the module. even when i found the answer i was wondering how it was calculated.

Stuck on Intro to Web Applications - HTML Injection

it won't accept the correct answer

have tried multiple links

At Learning Process i got confused because 36,7 was wrong and 36.7 was right

@crimson crown about to send you a DM brother 🙂

thank you

@alpine vault gonna DM you too dawg!

@wary forum check DMs if you still need help brother

Hey guys just started / signed up for the academy, I see alot of stuff im interested in learning that are coming soon, do we have rough estimations on timelines for those?

(plenty of content to go through before i get there, but just curious

Can anyone give me a nudge on gaining foothold in Windows Privilege Escalation Skills Assessment - Part I?

@slow kayak Sorry brother I haven't gotten to that module yet

@west canopy all good. its been a struggle. I can execute commands on the host using burp just cant get a reverse shell command to work

hello,

I have question regarding Web Request Post method what is correct answer please ? What should I submit ? Base64 encoded string or ...

"Submit your answer here ..." and answer is what ? random strings or ..

@mild grove DM me.

thank you

Guys need little nudge in Stack-Based Buffer Overflows on Linux x86 module (Determine the Length for Shellcode chapter)

Sup man , Go aheaad ask

I'm stuck ...

It is the Getting started module about Public Exploits

Ping is not working...

on getting started, im on the msfconsole command and i cannot get it to check or run/exploit, im stuck

i dont know what im doing wrong, im following the commands etc... but it dont work, im also new, hiya everyone

Have you tried ping without the subnet mask?

yes

Hi im a noob 🙂

Please see your DMs for instructions on how to verify your HTB account.

Can we DM

Yeah for sure

Hi

how do I verify?

@little whale

& follow instructions

Hey btw

ightt

Vague one on
Anyone got any ideas on Active Subdomain Enumeration questions inside Information gathering - Web Edition

What is the FQDN of the IP address 10.10.34.136?

and

What FQDN is assigned to the IP address 10.10.1.5? Submit the FQDN as the answer.

I assume I need to use nslookup/dig but whenever I do a reverse proxy it doesnt work. I am missing something relating to zones?

Any help would be appreciated 🙂

I've gained the cookie that lets me to log as admin in the web requests's POST METHOD section, but as I'm submitting it I'm getting a incorrect answer no matter what I try.
Why is that? seems like an overcomplicated challenge for just a cookie manipulation

alright im back to give nibbles another try, this will be my fourth attempt, I literally have no clue what im doing wrong, perhaps not even what im doing right

@muted kite get it big dawg!

@dusk bronze about to send you a DM brother

Hey, someone know what they want to be submitted? Module Web Requests in the academy:

Login with the credentials (guest:guest), and try to get to the admin user from what you learned in this section and the previous section.

Heyo @shrewd sage

I'll DM you! 🙂

Anyone done the footprinting dns module? I am stuck on the last question.

What is the FQDN of the host where the last octet ends with "x.x.x.203"?

make sure you find all zones

pay attention to the "dangerous settings" part

Getting no packets when pinging my target machine for Getting Started-MEOW??? any help??

I'm doing my best

in nibbles does anybody know why when i run the gobuster dir -u target link wordlist filepath its literally going through every single file? out of 63,088 i was under the impression it was supposed to do this quickly

instant

i mean I only have so much time for the target link before I have to spawn another target machine

Hello all, I'm stuck on IMAP POP3 part of the module Footprinting someone in PM to help me ?

feel free to pm

anybody around to hold my hand through nibbles?

Ive made progress

but need more guidance

Im to the part where it wants me to add script to the myimage.php file and I want to know if I literally just copy and past

one per each line and leave the original line or replace the original line

I am stuck at getting the reverse shell part and could use some help

i ran the port listening command, but the link for reverse shell isnt working

i cant find user.txt there is no directory for /home/nibbler

i have 5 mintues left on target machine. im at a loss again

Greetings, I finished the asm course today, and would like some help in re-doing the 'Shellcoding Tools" skill assessment

I did the easy way by generating the shellcode with msfvenom, but would like to accomplish it myself

Here are two hypotheticals for the task (generating a proper shellcode that reads from a file called /flag.txt)

Both of those give me a segfault, and I guess I must be fundamentally misunderstanding something about syscalls.

Hi, everyone. I am at the "Getting Started" Module, and I am at this question: "List the SMB shares available on the target host. Connect to the available share as the bob user. Once connected, access the folder called 'flag' and submit the contents of the flag.txt file."

Here's what I did. First, I got access to Bob's SMB account share, and was able to see the flag.txt, so I used the "get" command for the flag.txt text. However, I don't know how to read it or open it.

Once you have downloaded the file, is it possible to read it once you have

if its a windows box you could try using the "type" command it's like cat for windows

type flag.txt

oh, ok. I will try that. I tried using the cat command, but it's Windows

Is the hash suppose to take a while to crack on IPMI part of Footprinting?

it might be 'get-content' in windows

or 'type'

Hello, can I please ask for some help on the “Getting started, knowledge check”. I am looking at sudo -l and see any user can access /usr/bin/php. I ran LinEnum.sh on target but maybe missed info. Could you point me in the right direction for this privilege escalation part, Thanks 🙂

im also stuck in Getting Started

wish it were a little easier, but its quite lengthy

nibbles or the knowledge check?

nibbles

Im about to do my sixth attempt at nibbles in Getting Started module

reverse shell not working?

I typed in nc -lvp 1234

it sas listening inverse host lookup failed

shows uid gid and groups

$

cant enter any command from there

@muted kite im available for the next couple hours if you want a hand through nibbles

im currently in, Im trying to navigate the reverse shell

did you get the nc connection back?

maybe move this to dms tho so we don't fill this channel

okay Im working on it

ok

Having a bunch of problems in the "Public Exploits" module

in getting started.

I've found the information i need and i'm trying to understand what im doing wrong with searchsploit

From my understanding of the module i should be able to
use php/webapps/44417.txt

@low vine Just posted soming on starting point for you

oh thanks looking now

Module: Using Web Proxies
Section: Web Fuzzer - Burp Intruder
Question: Use Burp Intruder to fuzz for '.html' files under the /admin directory, to find a file containing the flag.

Can somebody help me? im not sure if im doing it right and burps free fuzzer is really slow

use ffuf or something else

But thats not the goal, i finnished the web fuzzing module already

does this work in theory?

See the respponse of the server

yes it works, but arguably burp is not the best tool for that

Its a 404.. im fuzzing

i think the same but its requested in that module

yeah np, I get that

burp is powerful

If you own he professional version of burp it is as good as ffuf / gobuster.. maybe its missing recursive scanning tho?

all I know is that pro wouldn't rate limit you

guys need a little help with Stack-Based Buffer Overflows on Linux x86

Anyone for a nudge on the Windows Privesc skills assessment #1?

How can i cat a file in a directory when i have RCE like this "...404.php?cmd="?

...cat file ?

cat /path/to/the/file

sorry for confusion. I need to change the directory first with cd. I like to cd the directory assets and so i need to have a look what is inside assests. cd assets&&ls?

You don't need to if you know the path

And ls can take a path argument as well

could you give me an example? i dont know the path, i need to find a file first

Well you can also grep or use find

Using ls every where isn't very efficient 😁

ok, could you give me an example? i have RCE via "404.php?cmd=" and i need to find the flag.txt file and need to have the content of the file

find . -name flag.txt

so: 404.php?cmd=find . -name flag.txt will find the flag.txt and show the content?

Just find its location if it's in the current dir or a subdirectory

mh i get nothing out when i use 404.php?cmd=find . -name flag.txt

Hi, is this is a correct channel for a new module request?

Could you add something about more advanced exploit writting, ie. rop, aslr, egg hunting etc.

Hello! General question, in payments it says "+ CPE credits submission". What is that?

Hello everyone. I just have a question to ask you all about sending SYN packets using the --trace-packet command.

In the example given for the Network Enumeration with Nmap module, they showed that the target received the SYN packet by the RCVD line with the RST and ACK flag

What does it mean when you send two SYN packets, but don't received a respond on that port

Does that mean that the port wasn't set up on the target?

When I tried it in the lab portion, I didn't get a response, just my two SYN packets. I sent it to the filtered port 21.

is this supposed to take this long? Did I miss something? takes way longer than target is active

I had an answer for this question, however I could not find the correct "form" without searching here -_-
What addressing mechanism is used at the Link Layer of the TCP/IP model?

It would be nice and if the answer accepted in many form

It means you can link your (ISC)2 account to have HTB automatically submit Continuing Professional Education (CPE) credits to keep your SSCP, CISSP, or whatever current.

Can someone give me nudge with the SQL Essentials Case #10?

@patent sinew i got u bruh

Anyone around to talk about SQL Essentials?

for the module on Web requests for POST method, anyone know what the box is actually looking for? i follow the instructions to the tee and gain admin access with the credentials just as the instructions explain, but it keeps saying the answer is incorrect

i have no idea what they actually want me to submit

idk if they're asking for the session id, or a flag or what, because they don't specify

I think it is a flag

i can't for the life of me figure out what i'm doing wrong, i get admin access just as it requests, but there's no flag to submit

are you using burp suite>

?

repeater?

If you use the burp suite repeater and enter the cookie info to get admin look over at the response

I have a few questions about the nibbles walkthrough, I ran out of time so I have to do it again, but I did get the user.txt file hash, I just need to spawn a new machine and try it again

My question is that when I am doing the nmap scan am I scanning my tun0 IP address or the target machines?

In the steps and walk through, their isnt a clear distinction between the two machines such as what i do with my own machine and what i do with the target machine.

that confusion is hanging over my head

and i am prone to mistakes because of it

#modules

yep that's exactly what i did word for word

i ran out of time

i'll have to try again later

Next time you try it should say flag is xxxxxxxxxxxxxxxxxxxxxxxxxx

that's so weird, i got admin access, but it never gave me any kind of response like that

I'm stuck on the last question of the LDAP assessment. "What non-default privilege does the htb-student user have?" It is not accepting my answer. Not sure what is wrong. Can any one nudge me in the right direction?

Hello is there anybody who is available out there today?

I know it's a busy time of the year for everyone

Happy New Years Eve!

Thanks to all who have been helping me here, I just want you to know, it's much appreciated

Hey, am I getting insane. But shouldn't this be MAC?

Perhaps I misunderstood the question.

I don't know, but I also need help too

have you tried MAC-addressing

from that same course:

** MAC-addressing **is utilized in Layer two ( the data-link or link-layer depending on which model you look at ) communications between hosts. This works through host-to-host communication within a broadcast domain.

Yes, didnt work. Believe I tried different caps, Mac, mac-addressing, media access control etc.

I would go with Frame if it's layer 2

as it's the only addressing done at that layer

or does physical addressing count 🤔

im in a place where I dont even know what questions to ask

Ive been following things people did online, but they are not working for me

I need a breakthrough today

is rhost my tun0 or is it the target IP?

target ip

tun0 is your lhost (local host)

okay thanks for that, im trying to figure this out

anytime

Ok, I give up. I have tried every possible combination now in the text.

Where do I send a mail about this xD

my reverse shell keeps timing out when i enter commands it just sits there and I have to refresh the webpage repeatedly

alright i stopped curl and its back

Nibble-Privelage escelation

need help please

I dont understand how or where to download the LinEnum script too

LinEnum worked and im in but chmod +x LinEnum.sh doesnt give me any input

or output

i was so close and my reverse shell cut out

I know it was listed as Easy for Nibbles. But I am so glad I finally captured the root flag

it took me like 9-10 tries

stuck on the broken auth Predictable Reset Token question 1 any help please

not sure which module that is, but im certain im probably not in that yet

I am relatively new to these challenges and I am at the last stage of the Nibbles box, I have done everything correctly but I can't guess the root password. The walkthrough does not say anything about needing the password for root, I was under the assumption I was already root. I have read people change the password so not sure If I would ever get the password anyway. Please HELP!! I have spent a week on this last part and I do not know what else to do. See proof I am at the last part of it.

Happy new year! 🙂
If you verify your discord account (see instructions by typing ++verify in the #bot-commands channel) then you can post your question in the #boxes channel where more people who are doing boxes will look. I'm mentioning this so you have a chance of getting help as this is the channel for people doing modules on the learning academy. 🙂
A member notified me that the box is actually part of a module - never mind then, you're at the right place

Any way you can help me? I am at the end but can't figure out the root password.

Ok cool. Wish I would have stumbled on this server a week ago

Can I get a hint for the command injection assessment? I can't seem to find the injection site

Can I get a nudge for the public exploits question? I have creds but I can't access the service

nvm

perhaps, are you still around?

You don't need root password, you type 'sudo' in front of the command along with echo and you take root access. than you cat the root.txt file

I still have to do the knowledge test in that module, it also took me 9-10 tries before I completed nibbles

I read somewhere that HTB's Easy Modules are harder than other platforms Easy Modules

Hi guys, I am stuck on the skill assessment in server-side module. I have tried ssti with {{7*7}} on username, post title and body. It doesn’t seem vulnerable.

Can anyone give me a hint? Thanks in advance!

Also very stuck I found some information yet still need some help!

Hey can you help me with this question please i found all other question in this section but not this. please ?
module : INTRO TO NETWORK TRAFFIC ANALYSIS
section : Tcpdump Packet Filtering

Sorry for pinging but here's a hint that isn't a direct answer, when you use man tcpdump or tcpdump -hh what is the flag to single out one HOST

also unrelated to the question itself, if you wouldn't want to set a flag you could use a pipe to and grep to highlight it ex: tcpdump -i eth0 | grep "10.10.20.1*"

ok

I finally figured it out..I watched the ippsec youtube and followed along. I am more confused now than I was before I started but I can move on with my life. Bro, that was the hardest machine I have done by far, even higher level boxes were easier in other places. I was cracking some pretty intense ones in a SANS CTF so this one had me banging my head against the wall.

can you help me for this question please ?

bro the hint he gave you basically answers the quesstion

cmon

I can't find it though

Hey guys, I need help with a question from Intruduction to networking - subnetting.
Split the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.

In the "Shells and Payloads" module, on the Antak Webshell section, the first question asks for the location of the antak shell on pwnbox. I have copied the exact path from pwnbox, but it's showing an incorrect answer. I've tried multiple variations of capitalization. Has anyone run into this? Any insight would be appreciated!

@ionic summit DM me.

Congrats man, sometimes, you just have to look around online and find the right variation of answers. Ippsecs video was good, but he lost me at 'vim' and I had to look elsewhere

Bro I hate vim..it is the absolute worst environment to work in..especially for just creating a file. The commands are terrible. It will take me 6 months to learn that alone and I just do not have the desire.

Ok, I thought it was just me.

Anyone know a good daycare level how to for vim?? Not sure why it is so difficult for me to grasp but it tests my will to carry on 😂

Naw man it sucks..I cant even find a tutorial that makes much sense. Reaching out to try to find one.

Sure, its what coders use. I did The Odin Project up intil Ruby and than quit.

I think sublime is what we used in Odin Project

I def want to understand anything I can get my hands on..do you happen to know any good, dumbed down tutorials for it?

Thanks, its a Chochila from the Amazon

Oh wow, see I had not heard of a few of those. I am going to check out vscode..I have heard of that one. In module youtube tutorials, the person runs through vim in 2 seconds and I am spending an hour trying to figure out what they did. That has been one of my biggest obstacles.

Bet..thanks!!

I just really try to be careful what links I click on nowadays, because hackers attach so many harmful files to them, especially google drive, which gives them access to your google account

Always on the lookout for it..sucks we have to be so diligent but that is kind of the point of the journey to understanding how hackers think..it's gritty and I love it

You take the nibbles knowledge check yet? I am about to finish it and move on to the next thing

whats up guys

I'm about to start it soon. Was it easy for you @brittle lava

is it me? or is the active subdomain enumeration section of the information gathering module messed up?

not there yet

I twiddling my fingers with knowledge check

got a friend who wont shut up on phone, so I'm just trying to listen and be helpful

Are you working the knowledge check as well?

It looks like it is supposed to be a blind run through on a box similar or the nibbles box, just getting started and trying to learn good note taking

What up homie? What module are you working?

@brittle lavado I have permission to dm you

Yes

I'm stuck on a question "Perform an Nmap scan of the target. What service is running on port 8080? (two words)" I keep trying Http proxy. I don't know if I correct or wrong. Sorry if I broke any rules. I'm new here

On the server side attack module. Can someone help me figure out how to fill the nginx.conf file so i can to the nginx reverse proxy and ajp question.

It might be the name of an OS

or an application protocol

I can't remember which one

Hey guys I am new to htb and doing the Linux Fundamentals module right now. But I have since 2 days troubles to connect with ssh. I cant connect anymore.. and when I get a connection after 5 min I cant write in the console any commands

Im going to start that module pretty soon, but as of right now, i'm not sure

Alright thanks, I'll try it

https://unix.stackexchange.com/questions/446204/ssh-keeps-disconnecting-after-few-minutes-of-inactivity

Hi, I'm stacking on Attacking Common Applications - Skills Assessment I. I couldn't find cgi file even if use fuzzing tomcat server....Does anyone give me a nudge of this box ?

google what service can be run on port 8080. I got stuck on that one too, I promise you, the output of the scan actually tells you the name of it.

just remember that port 8080 is an alternative for port 80 and you will know the answer

I could not find it, I don't know if I'm just typing it wrong.

I sent you a DM

Hope that helps

Helped alot.

Hi could anyone nudge me on the directory traversal LFI skills assessment

I would really appreciate it

I have rce but for some reason whenever i try to run dir on the root directory it zonks my log file

ZAP scanner module HELP PLEASE!

figured it out hehe

had to do some traversal instead of absolute paths

is this normal? for web enumeration

nvm cant post photos

i stuck with the last question from Stack-Based Buffer Overflows. can i pm to someone?

https://github.com/B1rby/Stack-Based-Buffer-Overflows I did a writeup about the module at the end. If something isn t clear dm me

Anyone good at rpoxychaining?

Is Academy down? When I type my answer in the module, the whole page just freezes, this however, does not happen with other questions, am on the section 'HTML Injection' on the Intro To Web Applications module. Rest everything works fine, can anyone confirm this by going to this in their browser?

Nvm, now it started working

hello yall

can someone please tell about this server

I'm doing Active Infrastructure Identification in the Info Gathering - Web Edition module and know the CMS but it's not accepting the answer. Does it need to be in a certain format?

read

Katanø_Kushîkutø's name has been updated to Leah McVerify

When performing 'Knowledge Check' in 'Getting Started' Module what key phrases are we supposed to supplement in place of words like nibbleblog and initial nibbles scan?

Also so the target machine is a CMS homepage?

its super easy actually

did it

hard to find good dns servers that are free to use, just a couple free ones here and there, look up proxychains4

and supprised I got ir to work

it's so slow

ye

lol

to run a nmap throught it

lol

well 5 nmaps at once

yeah, I think it has a lot to do with the dns servers

got a DC that need KERBEROSTING now I think

but not sure

I did SSH -D.....then added the SOCK to PROXYCHAIN

and all dropped in

never done KERROSTING

I dont know Kerberrosting myself

did you also install tor browser?

or anonsurf?

well I used the TOR entery and changed port number to 1080

lol

yeah they work hand in hand

why change the port to 1080?

speed things up?

ye

made it easier

lol

I can ditch KALI when I have done this and build a new one

do you think Kali is over rated? I can't tell you how many times it's crashed

No all seems stable

I also use parrot

with the latest kali linux rolling. Whenever I do a dist upgrade, it crashes everytime

Hi, I am stuck in the Bash scripting Flow Control - Loops module. Create a "For" loop that encodes the variable "var" 28 times in "base64". The number of characters in the 28th hash is the value that must be assigned to the "salt" variable. also tried 1..28
for i in {0..27}
do
var=$(echo $var | base64)
echo $i
echo $var
echo $var | wc -c

done
gives me an incorrect answer. Any suggestions? Thanks.

Hey can you help me with this question please i found all other question in this section but not this. please ?
module : INTRO TO NETWORK TRAFFIC ANALYSIS
section : Tcpdump Packet Filtering

Did you use the exercise script? It gives the respnse if your part of the script it's ok

You have to write all the filter

salt=$(echo $var | wc -c)

i found thanks

👍

Hey i am on module : intro to network traffic analysis, section : Interrogating Network Traffic With Capture and Display Filters.
but i need make task but i dont find the file for do task. where is TCPDUMP-lab-2.zip ?

Into the resources zone

Up in the web

oh ok thanks you

lol, staring me in the face; I was submitting the wrong return. Have it now. Thanks.

Currently working on the Hack the Box Academy Module 'Firewall and IDS/IPS Evasion - Hard Lab' and found the hidden port. I am trying to use netcat but in the terminal it states bash: ncat: command not found. Is this a bug or am I completely off on trying to do this?

Hey i cant solve this question , i think i understand the question but i put the answer but dont work can you help me ? i put : 80,43804
module : INTRO TO NETWORK TRAFFIC ANALYSIS
section : Interrogating Network Traffic With Capture and Display Filters

Hey guys! Anyone for a nudge on the footprinting module / chapter DNS -> last question: find the FQDN on the host with last octet x.x.x.203?

hey! I was looking for some help with the academy module "using web proxies"
Section "repeating requests"
I feel pretty comfortable with using the Burp repeater, I get that I'm supposed to be looking in a different directory for the flag, but the "cd" command doesn't seem to do anything.

you need to find all existing zones

hi there

how can i access the modules section ?

???

i just joined the channel

there seems to be an academy including modules / challenges

how can get there ?

https://academy.hackthebox.com

thank you

hey super quick question i spawned my target but when i nmap scan against that said target or even ping it comes up as down

try using -Pn

if the IP shows a Port like this (x.x.x.x:12312) then you're dealing with a Docker target - those targets don't require any port scans

Can I get a nudge on the Web Attacks module? I am stuck on the 'file; cp /flag.txt ./' in the HTTP Verb Tampering question.

I have the correct bypass filter but I can't figure how to read the flag using the command that is given.

Hi, i saw you helped someone else with "login brute forcing" before. Therefore im writing to you
[7:51 AM]
im working on the second question on skills assessment - website. and it takes sooo long, im wondering if have done it the right way. here my commando:
[7:51 AM]
hydra -l admin -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f 104.248.168.109 -s 31226 http-post-form "/admin_login.php:user=admin&pass=^PASS^:F=<form name='log-in'"

Is there anyone I can go about sending corrections to the modules? (dead links, typos, etc)

#858470491676737536

Ah staring right at me, thanks.

^^

hello, i meet a problem on the module Web Request and the section Request and response, Foxy Proxy don't arrive to be connected with burp

i can help u

Is it configured on the same port?

ok you would like to go in dm ?

@cunning heart

sure

i don't know the exercice don't speak about a specific config

Anyone here who finished Footprinting module?

I finished it except for the DNS section 🙂 DM if you need help with other sections

I had a question exactly for the DNS, last exercise 🙂

Well, that's the question i'm stuck after tried everything

the fqdn of .203 ip?

I Must miss something

Yes

Yeah I am working on it now

I know where to search but it doesn't work

Yeah, its obvious what you need to do, but which "file" to use

i have to remove your message because of spoilers
read the reason why it failed

oke I'm sorry for that

I'm picking up HTB Academy after a year and I'm still not having much luck with windows targets: I really can't get to RDP to them properly either from my Kali or from the supplied Parrot workstation.
Errors range from [10:01:25:337] [2856:2857] [ERROR][com.freerdp.core.connection] - Timeout waiting for activation to just "failed to connect". I really don't see how this could be on my end, especially after all this time. I've tried on different networks, different computers, different VM's.

I'm working on the PowerView module if it makes a difference.

Does anyone else have any such issues? Support wasn't really able to help me much last time.

Best I've managed to get is connect for 30-60 seconds and then get disconnected.

Hi there, seams like the Skill Assessment (Skills Assessment - Using Web Proxies) with the cookie is not possible in Zap or? Seams like i don't have a hex encoder in Zap

well yes...but i don't have one in fuzz ?

Hi, someone here who can help med with the last assessment of Login brute forcing?

Hi there, my cube numbers became negative after l bought a subscription, can someone help?

Hi there! Newbie detected. I'm trying to connect to the first VM, opened vpn connection, made route to tun interface (set dhcp gw as next hop), but can't see any traffic from here. Host unreachable, try to reconnect to other - it doesn't work. What am I doing wrong?

Hey i cant solve this question , i think i understand the question but i put the answer but dont work can you help me ? i put : 80,43804
module : INTRO TO NETWORK TRAFFIC ANALYSIS
section : Interrogating Network Traffic With Capture and Display Filters

would anyone be able to help with Privilege Escalation in "Getting Started"

same problem - add the file name and .extension....

I have same problem - can you give me a hint on fixing it?

what IP are you using for the lhost?

DM me and I will assist you.

did you figure it out?

still need help? dm me

Yeah, I did. Thanks. One of the previous questions wanted the actual shell name with extension, and this one did not. ||Even when I tried without it, leaving the '/' at the end caused it to be wrong.||

thanks for the offer - still struggling...sent dm

Hi!, I'm doing the "Linux fundamentals", at the "File Descriptors and Redirections", there´s this question:

"How many files exist on the system that have the ".log" file extension?"

So I connect to the target and use "locate *.log -c", and I get a 24 as result on the console, but is not the correct answer to the question... any tips?

try other commands

(Module: Learning Process)
What am i even supposed to answer here

Like how am i supposed to express the difference

Got it with find!, the difference between find/locate in this case can be because the local database is not "updated" prior to using locate myself?

try to find it out, will be a good additional exercise 😉

Just above the question, there are the two numbers, the difference is the answer

how am i gonna write that difference tho

X - Y = ?

Oh that

lmao

🤣

I THOUGHT IT WAS MORE COMPLICATED LOL

Yeah i know that

i am dumb lmao

hey can anyone help me with the windows fundamentals skill assessment?

nvm i finished it 🙂

bruh

they need to update their pwnbox

Is it just me or it is going very slow the parrot instance?

son i hate when they can't specify certain things lol

What is the full directory path to the Company Data share we created?

I've been typing in the full path

Hi everyone! I was wondering if anyone had a bloodhound query for finding interesting potential ACL abuse

here is what im working with right now:

it doesn't seem to be returning any output for groups with things like ForceChangePassword

was wondering if anyone could advise 🙂

anyone available to give me a nudge on windows priv esc assessment part 2?

htb academy is awesome! I would love to see a module about deserialization

advanced sqli would be really cool too 🙂

Anyone around to help with a question with 'Intro to bash scripting'? I am getting an error on the Loops section.
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
140615492281728:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:

Hey i cant solve this question , i think i understand the question but i put the answer but dont work can you help me ? i put : 80,43804
module : INTRO TO NETWORK TRAFFIC ANALYSIS
section : Interrogating Network Traffic With Capture and Display Filters

Im stuck on that too, let me know if you get it

I've just checked my notes, the good answer is with this format : port1 port2

Same answer for you

look

There is a precision in the question

Look at the capture more precisely

ok

Hi folks. I am stuck on this Windows Fundamental/File System question:

What system user has full control over the c:\users directory?
I'm pretty confident that I have the right answer ||NT AUTHORITY\SYSTEM|| as I use the exact same method as described on that page, but it does not accept my answer.
I've tried various permutations to no avail.
I see someone else asked the same question back in April, but did not share the solution.
Any help would be appreciated 🙂

I've check my notes, and you don't have the right answer. You don't have to try more permutation, but find another user

ok thanks i found

Thanks for checking.
I must be missing something obvious here. From what I understand, there are only two entities here that have full control over the directory, but neither of them work as the answer.
C:\Users\htb-student>icacls c:\Users c:\Users WS01\bob.smith:(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) Everyone:(RX) Everyone:(OI)(CI)(IO)(GR,GE)
Can you perhaps give me a hint on what I am missing?

oh wait

It's strange, because I see three entities with full control in your message 😉

Yeah it is the way that the output displayed that caused me to miss the right answer

/facepalm

Morning!

I'm at Linux Fundamentals/ System Information

I'm a bit confused what I'm doing wrong here 😅

I also tried root, but I have no access there

I think you are a little bit too generalist. These questions talk about a specific user

I forgot to log in via ssh lol

thanks 🙂

I just confused to the SSH Attack in login brute forcing module. in the example code ssh port is 22 but in the target machine i got <IP>:30504. so I'm confused what should I attack with hydra?

Did you try to connect to this IP/Port pair with ssh ? SSH server doesn't always listen on tcp port 22 🙂

oh I see. thanks. I think SSH is always in port 22.

You're welcome. Always remember that a service could run on a custom port, and an open well-known port could lead to a totally different service

yo

hi can anyone tell me what is happening here and what have i to do?

can i ask about the vpn here

im having a problem connecting to academy through the vpn

should i use port forwarding to allow Udp connection ? or is it just something im missing here? cause i can connect to HTB without any problem but academy vpn is not working

Try to redownload it

i did

same

use the pwnbox

what are u using right now ?

a vm, windows with openvpn gui ?

im using the Pwnbox now yeah

vm

ok normally u dont need to connect to the vpn and it should work

all is working but the vpn from academy , its definitely because of the UDP

yeah weird. Do ```bash
killall openvpn

can u send the output when u run it then

yeah but i want to use my vm because the copy and paste there are awful

yeah agree lol

and the mouse is going crazy sometimes

do this

i will send it on DM when i try it again

dont need to send in dm but ok

yeah already did , i dont know if all the academy members share the same ip they connect to , i mean the credentials are different but ..... u know i was just worried

Hi, could anyone give me a hint on how to find the member of the Remote Management Users group on WS01 for module Active directory powerview - Enumerating AD groups? When I execute Get-NetLocalGroupMember nothing is somehow related to Remote Management Users.

BOF help with the last task of the module

at first it was really smooth and i had a connection but i didnt do what i should do after and the user i got was htb-student and not the root

and then the code stopped working after trying to open the msg.txt

i reset the machine and now the code just wont work idk why

anyone ?

ive been into this since long time , its all because of the stupid flag !!!!

im trying to get into my linux virtual machine, it's just showing a black screen

what mode you trying to open the machine , did you try to just resize the window or the screen

?

I give u a word

outside

what does outside means lol am i connecting this wrong ?

You dont need to run python in gdb

😉

it doesn’t matter where i run the program

does it matter ?

yes

i mean you running the same program right ?

okay

lol

I still need to do knowledge check in GS Module. After these upgrades to my machine finish, I'm gonna start on it

I wish I was as far as some of you

have you received any help on whatever you're doing?

maybe you have to go through htb-student in order to get to root

perhaps you need to have access before you can upgrade perms

Well from bird yeah ! She told me to run the program and the script outside the gdb and that worked , well idk why still , and I'm actually interested in the answer

so you finished?

I got the flag and finished the module, it was the BOF in Linux, fun stuff you should try to learn

linux advanced?

I was working on that for the past 4-5 hours

I need to do one last thing and I will start the linux fundamentals module

And I finished half an hour ago

Man, it took me 9-10 tries to get through nibbles

i need to do the knowledge check today

It's tire 0 I guess so it's actually fundamental, but kinda medium level

There's some real shit going around there , specially with the assembly language

What's that ?

I heard that was easy why it tool you that long

But at least you got it after 10 times , so hurrah 😀

yeah, it was ugly but i did it

im only confused about doing it without nibbles now

it should be easier though right?

Idk what you mean by that

But since you started with the academy then continue on this path , you can finish all the tire 0 modules

And then start a path

Or .... make your own path as you would prefer to , but I recommend sticking with the paths they have if you are not using the Academy for oscp kinda training lab because you ran out of lab time lol 😅

I ran out of time until the last time everytime

i dont know what i mean either

lol

Im just finding exuses not to do the knowledge check

cause I dont want to go in blind

can anybody help me with knowledge check in 'Getting Started'?

I cant seem to find any expoloits

I also dont know how to gain admin access to the target machine even though I found that there is supposed to be direct access through robot.txt file and index.php

set user ID?

what's wrong?

It needs to be the full name

set userS ***** id?

||It needs to be the full name "Set owner User ID"||

thx

gues imm on my own

Hey do you need some help ?

I'm getting lost in the Getting Started Module with Knowledge check, losing variables and the assurity of nibbleblog admin user and pass. I don't seem to know what to do without knowing those credentials and I cannot find any exploits for that apache version 2.4.41

i would like to help you but i didn't started that yet !

let me check

oh god you are on that last section

yeah viviv helped me through half of it, now gonna work through the rest later

god be with you brah , you need help from someone who has some Experience

thats good news

someone will always help here

to be honest im happy to be here

its really good community

awesome community

I provide cyber security training on Udemy. Can I share one room that Hackthebox publish for education in my classes? Are there any copyright agreements with Hackthebox?

Im trying LinEnum to try and gain root privelages, I need a little help with next step please

i see root.txt but when i try to to cat it goes back to terminal

I need help trying to figure out the correct format for the hosting provider and the location coodinates answers of the OSINT: Corporate Recon module. Tried a lot of different variations but no luck so far. Thank in advance!!

ive had enough for the night, will try to seek help tomorrow

the most interesting part of Login Brute-force module skill assessment is guessing what wordlist do you use lol. and I'm stucking because it's take a long time when I used rockyou.txt and until now I have no idea about the wordlist.

I tried to find the answer with Bloodhound now, but still could not find it. "Find the member of the Remote Management Users group on WS01." Do we need to enter a username (first.lastname) as answer? The few users I found for "Remote Management Users" are all invalid, and I cannot see a connection to WS01

Yeah, so far, none of the modules tell you step by step, their are in between steps that are missing. But I guess they want us to figure those ones out on our own, to get us thinking like an ethical hacker

hey, can you help me because i am blocked on this question please Can you say what to do because I have the file but I don't know what to do with this file and I don't really understand the hint?
module : CRACKING PASSWORDS WITH HASHCAT
section : Skills Assessment

Good morning 👋

I've got a general question about the way you solve the questions at the end of some sections. Do you use Google frequently?

Yesterday, when I was at Linux Fundamentals/ System Information I got the question below (attached) and it was very much outside of what I could do or even understand at that moment.

Even tho I was able to solve it with Google, I didn't like that I had to resort to that. I'm trying to understand and study the information that I'm given so well, that I can solve these questions without using Google.

Do you think this is unrealistic? Do you think these questions are sometimes meant to be so "complicated" that you need to do extra research to solve them? How are you doing it?

EDIT: Or do you think these questions indicate your level of understanding you should have after finishing the section?

Hello, I think that one of the most important part in the Ethical Hacker job, is to learn how to search efficiently for any information. On a real world scenario, you'll have to do some research to complete the information you've just gathered on the target. One of the fundamental module proposed by HTB Academy is the Learning Process, and the way to acquire informations

the questions are designed in such a way that you need to think about what you've learnt, create the connections, and understand the technology behind it
all questions are easy to solve if you know what you need to provide
digging into the questions you struggle to solve is part of the learning process independent of the topic and this also helps you to identify the "parts" you need to work on to improve your understanding
you can compare it to driving a car where in this case every service & tool is a different car that uses different mechanics - if you want to drive that specific car you need to understand how it works otherwise you won't be able to drive

Thanks Zgwyx and Cry0l1t3,
so I don't need to expect myself to know or understand the solution to all of those questions right away - or even the question itself (depending on what it is) - as long as I can come up with a solution?

Thanks for your perspective 👍

Exactly, for some modules, the final assessment can be straightforward with the informations learned on the course, and your previous personal knowledge. Other modules will require you to work on your knowledge just acquired, and find new ways to use it

cheers 🙏

no, you don't need to understand everything directly
after all, knowing the necessary components doesn't mean that you can make the connections between all of them
this often requires personal effort where you automatically train your analytical skills to make those connections faster in the process
with time and this type of training you will find that you will discover those connections faster and faster and that is one of our goals at HTB academy to help you develop these skills

If the guy create the course : Cracking Passwords with Hashcat can ping me in MP there is an small update on the lesson

btw, creating such connections based on information you obtain of the systems that have been setup by a company is critical

Fix needed have been posted in HTB: Academy/erratum chan. Agree with you, great course despite some errors in the wifi section.

Hi, Can anyone give a hint on broken authentication skill assessment . I'm stuck, I kown how to change to another user but I need to enumerate other users and everithing I've tried was useless

Ok at last I've found more users 🙂

Im stuck on this as well, at the part where i change user but i get the a user role error "user cannot have requested role"

yeah, I wa stuck there now I've found other users. DM if you want

sup bois

Who completed the Server-Side Attacks?

me DM 🙂

can anyone tell me another way to extract a zip file without using unzip?

7z

Importing zipfile Python wise is an option.

Thanks, I actually just found that a few minutes ago.

Hello mates, Is there anyone passed the live engagement of shells & payloads module ?

Can I DM you about this?
I am also stuck and need a hint. The hint, find all zones does not help me. I have found two zones.

I have.

Hello. I need some help with the Service and Process Management Section in the Linux Fundamentals Module. Should I post my question here?

Regarding the second host, more precisely the 50064.rb exploit, have you got the shell without any errors from the first try ??

I struggled with that quite a bit and was trying to help someone yesterday with it. DM me to discuss further.

Thanks a lot, I have sent you a message

Anyone who completed the Broken Authentication, token part? I am struggling with this all day long and can't seem to generate the right token...

@wheat shore DM.

Is this where I can post a question regarding the "Basic Toolset" module?

i think ^^ it's academy related

Stuck at the same spot, did you found?

Hey everyone 🙂 Information Gathering - Active Infrastructure Identification - The question about the CMS used. Does someone got the cube? I have both tried with Wappalyzer and WhatWeb but nothing came out! 😐

Did you find a solution? I am stuck on the same question. Do you have any advice for me?

@acoustic owl No I didn't. I have came back to it yet

Have you found? Got the same issue :/

I was working on that one earlier too. If either of you figure out the right wordlist, please let me know.

Hi, I had problems with this question too.
I'll try to recap and rephrase the question and hope it is ok without giving to much information.
When you look at the first picture on the DNS page, you can see the hierarchy of DNS with TLD, Second Level Domain, Sub-Domains and Hosts.
What you need to look for is a host, with an ip ends with 203. So, check your previous search results, which sub-domains you've already found earlier and then try to find the missing host.

I have now received a hint which has helped me.
Zones can be configured to not allow zone transfer from all (allow-transfer). One of the zones allows the transfer. You can find it with "dig axfr". The other zone you have to search manually. For example with DNSenum.

You can find the correct word list under SecLists > Discovery > DNS
Start with small lists.

isn't it correct path to store user's mail ??
/var/spool/mail/$USER ??

I am sorry that I am being dumb.
I am on the getting started module and Public Exploits. I have figured out that the plugin is vulnerable to the file read thing but I just cannot find path to flag.txt

When I try to use msf it cannot validate the vulnerable website

Figured it out

I needed to set RPORT

Is anyone there who has finished the "Active Directory PowerView" module and can give me a nudge on how to find the member of the Remote Management Users group on WS01?

hello, I'm new to the academy

I'm on the Linux fondamentals course and I try to answer all the question

but seriously, how are we supposed to find the path to the mail of the user ?

and why the answer for the shell question is not bash ?

||Try finding out the environment variables maybe?||

danke

(Module: Linux Fundamentals)
Ive been searching for an hour where tf is the students mail

NVM I FINALLY FOUND IT

LMAO

well done

Oh it wasnt correct

LOL

check the PATH variables

Wdym

read the section again

hi

{
"ns": "yt",
"el": "embedded",
"cpn": "t4tRSMotns-vlDcJ",
"ver": 2,
"cmt": "245.744",
"fmt": "396",
"fs": "0",
"rt": "897.861",
"euri": "https://robeson.instructure.com/courses/64017/assignments/1825811?module_item_id=3904315",
"lact": 9,
"cl": "419703423",
"mos": 0,
"state": "4",
"volume": 100,
"cbrand": "google",
"cbr": "Chrome",
"cbrver": "96.0.4664.111",
"c": "WEB_EMBEDDED_PLAYER",
"cver": "1.20220104.01.00",
"cplayer": "UNIPLAYER",
"cmodel": "chromebook",
"cos": "CrOS",
"cosver": "14268.67.0",
"cplatform": "DESKTOP",
"hl": "en_US",
"cr": "US",
"len": "527",
"fexp": "23983296,24001373,24002022,24002025,24002923,24004644,24007246,24080738,24082661,24094607,24102119,24129402,24141079,24143691,24146886,24149308",
"feature": "oembed",
"afmt": "251",
"size": "640:480",
"inview": "0",
"muted": "0",
"conn": "3",
"docid": "L2baeF2Bp9E",
"ei": "P_fWYaKbMtqXsfIPiPa8-Ao",
"plid": "AAXU6l46Q52t40Tf",
"referrer": "https://www.youtube-nocookie.com/embed/L2baeF2Bp9E?feature=oembed&rel=0",
"of": "99NLO3Is0TlMnLqZm7_3-A",
"vm": "CAEQARgEOjJBS1JhaHdCV1I4QXRKTlUxSUgxbXZkeG5LWU15b0lhUDhBNTVaT01JUjloaDJqODdlZ2JYQVBta0tETGFzOU5paGVBNmxmTkZpd0JXemllaE5nVm5ibUhkdXJfeGJ1Mzl2NkJUNGRvUHZkdGItMEJ1R0lpZ21OTm9wNVBFVDd0X0RTYkJwUkJKc19qaQ",
"vct": "245.744",
"vd": "526.801",
"vpl": "0.000-245.744",
"vbu": "0.000-368.368",
"vpa": "1",
"vsk": "0",
"ven": "0",
"vpr": "1",
"vrs": "4",
"vns": "2",
"vec": "null",
"vemsg": "",
"vvol": "1",
"vdom": "1",
"vsrc": "1",
"vw": "640",
"vh": "360",
"lct": "245.744",
RapidIdentity

what

?

Bruh

be careful with spoilers..

Wait it was correct?

try it and you will see

I tried it and it wasnt

stop guessing and try to understand the environment

Okay

maybe the folder doesn't exist yet because the user didn't receive an email yet

Oh bruh

So i have to wait or what

ofc not

there are ways to find the folder where those emails will be stored

Where do i have to read im confused

I am very dumb from birth

doesn't mean that you cannot learn it

yea im just asking how will i learn it

Like where do i have to search

everything you need is provided in the section of this exercise

And about the environment?

read the section again

giving you the answer won't teach you anything

True

Btw did you make the module?

yes

Nice

OH MY GOD FINALLY LMAO

Found it and it is correct lets go

hey I am on Footprinting Module on the DNS part, What is the FQDN of the host where the last octet ends with "x.x.x.203"? I just dig all zone and subdomains i found but no info for the host that ends with 203.

Hey, scroll a bit up. I've commented this today. Hope it helps

Does anyone know if there is an error when capturing the answer to the following question, the number does not accept me.: Use cURL from your Pwnbox (not the target machine) to obtain the source code of the "https://www.inlanefreight.com" website and filter all unique paths of that domain. Submit the number of these paths as the answer.

the question is in the linux fundamentals course.

the exercise is working as expected

ok then can you tell me if within these options 50 and 51, is any correct?

I can tell you. No

thanks

Hey guys, anyone here who completed the final assessment of broken authentication?

why cant I talk in general??

#welcome

I did the things to get in

it aint working

Did you DM @little whale

Yes

DM me and show me what you're trying

I need some helps please

Getting Started Knowledge check, trying to get root.txt

Man, this broken authentication is just killing me

im just going to move on without touching that until a later time

Shout out to the person who can help me with this! Information Gathering Web Edition - Active subdomain Enumeration Q: Submit the FQDN of the nameserver for the "inlanefreight.htb" domain as the answer. 🙂

DM if you want 🙂

use dig with "@Server-ip" and use the server for htb domains

Can some Help me with Web Requests and Burp Suite?
Im having a bit of Trouble catching the Request and forwarding it with the credentials for the website..

mind sending a screenshot?

here or in private? maybe its not just the type of request im sending, more like a logical problem of how the request is send and trough which proxy it goes

you can send it here

first of all, i thought in this exercise the authorization is BASIC user:passwd is this encrypted?

If the request from the website while signing has to be captured, i turn on the proxy 127.0.0.1:8080 and then it will show up in burp or do i have to configure burp to directrly intercept it from the website?

eh.. if you're trying to use burp, why is it turned off though?

nah not the problem i turn it on when intercepting

that works fine, but i dont really get behind the logic of why the website stopps working when foxproxy is turned on

what I diid to capture the signing in , while burp is already on, I click login, then burp captures the login credentials etc

it's not the website stop working but he's waiting the request blocked by burpsuite

If you forward the request it charge the page

thats what i thought, so what do i have to do in order to set it up right?

It's the scope of burp, (Intercept>Modify>Forward)

I don't understand where is the problem sorry

I think what im struggeling with is what the settings have to be in firefox what settings have to be in burp and what settings i need in foxyproxy

DM ?

Solved

I have some stupid question for HTB Academy. Some HTB Academy modules can be unlocked by Student subscription then what if I didn't renewal the subscription but the modules is not finish? is it became lock because it is only be unlocked if i have the subscription or it is still unlocked because I have been unlocked that when I have the student subscription? Thanks.

no you just can complete the module when u want subscriptions is for earning cubes cubes unlock modules if sub is expired your cubes keep in your account ready to be spent when you want

Hi guys, I am stuck at the WordPress RCE via theme Editor Portion, how do you execute commands? It seems like I can't put spaces in between, for example :
curl -X GET "http://<target>/wp-content/themes/twentyseventeen/404.php?cmd=cd .."

"Get-NetLocalGroupMember -ComputerName WS01" shows nothing which is somehow related to Remote Management Users

Which option needs to be set to execute a command as a different user using the "su" command?

I tried some options but not getting the right one . Could anyone help with little hint or anything ??

hello, im new to HTB academy and im not sure which module i should start with, is there a sequence of modules that i can follow or it doesnt matter on which modules i start with?

Hello, there is a tier ranking of the modules, so I suggest you to start with some of tier-0, like "Intro to Academy", "Linux Fundamentals" and "Windows funamentals". Even if you have personnal knowledge on these subjects, you'll learn important/Interesting things 🙂

And if you want to focus on some specifics skills, you can checks the Skill Path section

The question precise to use the "long version" of the option. Did you try to use the "--........." option ?

ahh, i see, thanks alot!

You're welcome 😉

Hi my friend
Please help me to solve tcpdump fundamentals challenge.
This question:
Were absolute or relative sequence numbers used during the capture? (see question-1.zip to answer)
I can see seq number but i don't know how to answer the question

Hi, in the course page, you have some informations about sequence numbers in a tcpdump capture. If you want more precisions about the differences between absolute and relative, you can try to google it, for example in this site : https://www.howtouselinux.com/post/understanding-tcp-sequence-number.

I'm not sure if the course integrate a deep explanation of this subject. If it's the case, I can delete the link above.

So if i have a student subscription and I want to buy cubes to study some stuff on tire 3 wouldn't be easier and cheaper if I just subscripe to the gold or platinum plan?

Thank you my friend for reply the my message.
This link was very useful for me.
but i don't know, for answer the question, i should write all seq number?

No, you just have to type relative if the capture is in relative mode, or absolute if it is on absolute mode

Like for example you get +1000 cube boxes to unlock with platinum, which is the amount of cubes you will need for privilege escalation or AD module , so I'm not sure what to do , both are expensive and not In the student plan included

Would the privilege escalation be available and I can unlock it if I got the platinum plan ? Because that would be cheaper than just buying the cubes !

Yes I did

I used several answes like --login but didn't find correct one

The question is about executing a command as another user, no to change the user

check the man page, or try su -h to see the options

Okay...I will check again but I tried most of them from help

I'f you're still stuck in a few minutes, you can DM me

Great thank you zgwyx....ryt now m outside will dm you .

Hey guys! I'm new here. I'm starting now with ctf, does anyone out there know of an easy challenge for me to start training?

Anyone provide guidance on the Live Assessment portion of "Shells & Payloads?" Currently stuck on the first box and assuming I need to obtain || a reverse shell via uploading a war file || However, I am not obtaining it and wondering if it is an issue of the Foothold having access to the internal network?

Hi otavio, this section is about the HTB Academy. I assume, when you're talking about challenges, that you're seeking for box challenges. You can start with the Starting Point section of Hack The Box. https://app.hackthebox.com/starting-point

You'll find the easiest challenges, with step to step indications, and well explained writeups

hi. iam noob. how can i install openssh on internal HTB VM if i have no sudo password? where i can find it?

Hi, I assume you're talking about Pwnbox. In this case, the box won't ask you for the sudo password

My bad, it seems there is an update on the PwnBox

hmmm. I learn linux fundamentals -> Service and Process Management ... and if i try to install openssh , i need sudo password

on my workstation

I'm not sure to understand the problem. When you say "on my workstation", you're talking about the web access to you PwnBox Desktop, or your actual computer ?

If it's the PwnBox instance, you have a Desktop file called "my_credentials.txt", with your personal password

I was having the same problem, within the fundamentals instructions it asks you to do a number of tasks that require root or sudo access on your pwnbox. Is this password in the .txt?

yea, thanks a lot

Yes, I've just try on my personnal Instance, and it works fine

stuck in empty place

Thanks.

Hello mates, I'm stuck on the sixth page of the network enumeration with nmap (service enumeration), can anyone help me ?

Hi, what's your problem ?

I couldn't find any flag !!

They said in the hint : Remember that Nmap does not always recognize all information by default.

But I've tried everything and i find nothing !!

ok! tks

Can I DM you ?

Yes, just a second, i spawn the target to remember the nature of the challenge 😉

Sure, Thanks

Hello

is anyone online?

Okay, I've find it

Just a hint : nmap scan for active ports, but you may want to interact with the detected ports

Hello, yes ?

With this statement - "Keep in mind that the Foothold host has access to the Internal inlanefreight network (172.16.1.0/23 network) so you may want to pay careful attention to the IP address you pick when starting your listeners," I am assuming I need to somehow modify the IP address that my listener is to be listening on? Any further clarification would be awesome. Thanks!

hey, did someone finished getting started? i managed to upload the php shell disabling js, but cant run it, and metasploit seems to fail for different reasons each day. please dm ❤️

The best way to save money in HTB academy is to buy cubes. Because if you stop your subscription you wont be able to access to the modules that you started with your sub

Imagine that you want to have a platinium sub for 1 years. You will have to pay 868$

if you buy directly 5000 cubes. It s gonna be 450$ but on 1 year you save the half of ur money

And you have access to the modules for life

forgot to mention

plat sub in the end you will have 12 000 cubes. But 12 000 cubes is more than all the modules

so

dumb to take lol

anyway...

I am dumb

well

it really depend for what time

Got a spare 25% off on VIP+ if anyone want it, @ me

Im working on getting through the fundamental modules before I subscribe. To make sure I am serious this time

U got this

hey someone could give me a hint on the Footprinting Lab-Hard, I'm stuck

Hey everyone,

I would love some help trying to solve SQL INJECTION FUNDAMENTALS - Skills Assessment.
The goal is to get the flag in the /root folder.

||I got RCE via sqlmap --os-shell but now I'm stuck because I believe I need a better more interactive shell to switch to the root-user. I believe I have the credentials, but I can't input them when I call su

1. Do I need to spawn a Reverse/Bind-Shell?
   1a) It tried a lot of Revshells from https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Reverse Shell Cheatsheet.md
   but somehow they all don't seem to work. How can I debug to find out why they don't work?

2. If it is possible without Reverseshell: How?||

Hi, I don't know where you are stuck, but if you don't know where to begin, remember that TCP isn't the only Layer 4 protocol

thanks

Sure, I've got this, I would really like a personal Mentor, but I can't afford one. Hahaha

Hi! I've searched through these threads and google hoping to find a hint but I think I'm stuck or missing something on the academy "Login Brute Forcing - Skills Assessment Website." I got the first question, but I'm stuck on the second part. I don't want to give away too much in chat, but I'm pretty sure I have both the hydra syntax correct and I'm running burp intruder parallel hoping one of them would work. If someone familiar to this could DM me I would appreciate it. Thanks!!

Does someone understand the awk part of this command? I do not understand the 1 at the end that is outside the curl bracket, but inside the single quote. What does it means?curl -s https://crt.sh/\?q\=tryhackme.com\&output\=json | jq . | grep name | cut -d':' -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;'

Just can say that you are on good direction.Try all techniques.👍

for my remaining fundamental modules, which one should be next: Web Request, Intro to Web Apps, Windows Fundamentals

??

Probably doesnt matter all that much

If I remember well, Web Request concepts are used in Intro to Web Apps

so does that mean, they are at an equally fundamental level?

@weary canyon

Hi all 👋 I have a question : in the module of web proxies, there's this question where I'm asked to configure Proxychains by editing a configuration file. Problem, when I want to save it, the VM asks me for a password :/

I think you should start with Web request, it should be easier to complete Intro to Web Apps after that

Did you try to use the credentials in the "my_credentials.txt" on the VM Desktop ?

Oh, I was not aware of that, so there's a file with credentials ?

Okay, I unlocked web requests. Thanks

On the Desktop of th PwnBox yes

It worked perfectly, I hadn't seen it, thank you very much

Is this channel a community support for when we're stuck somewhere in the academy modules ?

sure but do try to avoid spoilers

I have an issue with the module Active Directory LDAP on section LDAP Overview: For the Questions part, I try to connect to the target machine with xfreerdp /u:htb-student /p:Academy_student_AD! /v:10.129.22.173 from my pwnbox and through VPN but it fails. Can you test if one of you can use RDP for this module?

it seems to work now. I don't know why this didn't work but problem solved!

I have a question for the Active Directory Search Filters of the module Active Directory LDAP. Can someone help me on private message?

Where exactly are you stuck? Have you found anything yet?

What exactly do you mean by "I just dig all zone and subdomains i found"?
There are zones that allow zone transfer, but you can also configure a zone to allow zone transfer only from certain servers. For such zones you have to proceed differently.

i already got it. thanks for answer

Did you ever solve this? I’ve looked everywhere to try to figure out what I’m doing wrong. The only thing different that you I have is the username

Did yo ever figure this out? If so can you PM me? I’m so frustrated. ♥️

In web request module whenever I use foxyproxy and turn on intercept with burpsuite. The target web IP times out and it also cuts off the other websites.

to the point where I cannot access the web

does anybody know why this might happen and how to fix this?

One other thing I noticed is that my version of burpsuite doesnt have all the same tabs as the one in HTB. If there is, it's not something I am finding. I have updated and upgraded this afternoon before I started this module

nevermind, i turned off foxy proxy and just used burp suite and i was able to get through that part

hello everyone, im doing the lfi module. I tried installing with :

apt install phpX.Y-zip

but my terminals says : E: Unable to locate package phpX.Y-zip
E: Couldn't find any package by glob 'phpX.Y-zip'

Anyone faces this problem?

Hi, in the Footprinting Lab - Medium, I keep getting error 233 'No process is on the other end of the pipe', what am I missing here? got it

I am not sure about your problem but I have a walk-though of the module. If you would like to see it DM me.

Hey all. Need help in Stack-Based Buffer Overflows on Linux x86 module (Generating Shellcode chapter)

Hi. If you want you can take a look into this, I have put a writeup about the module, if you have any questions tell me