#modules

in Linux Fundamentals , at what Sections are you ?

the fifth, system information

I am creating a parrot vm now and try it there again

try my target 10.129.145.159

the same

hmmm, then i think you have a network problem

are you using a VM ?

and you can ssh into your target? Im asking because on hackthebox labs vpn everything works

I can ssh in labs machines like im used to but on the academy its not working

yes
ssh htb-student@10.129.145.159
The authenticity of host '10.129.145.159 (10.129.145.159)' can't be established.
ED25519 key fingerprint is SHA256:PHsjpBEAl6hSCzjVohppUybupbLXdBZy8FqtwlMpmjU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.129.145.159' (ED25519) to the list of known hosts.
htb-student@10.129.145.159's password:
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-123-generic x86_64)

i can try you target, if you want ?

yes I am using a vm, kali linux

okay, me to

are you using bridge mode for network ?

because NAT can sometimes give problems.

ah ok, im using nat

will try to change that

thats it

thanks alot @untold kiln

that would have taken me ages to find because I was so confused because its working on the rgeular htb labs with nat

no problem, i had the same problem, happy to help.

Can some one help me with NMAP Medium Lab Assessment?

This took me a minute to get right but I figured it out using the example in the module.

DM me

I have found the login info in the 'Important.txt' When i try to access the server it says Error 0: No process is on the other end of the pipe.

well look what kind of other options you have

To log in to the SQL server?

where else do you wanna try to log in?

No where, the hint makes it seem like the SQL server is where the flag will be

feel free to pm @livid pier

Hello everyone, I could not solve the question of the "Identifying Filters" section in the COMMAND INJECTIONS module. I used all the command injection Operators, but I still couldn't find the answer. Can you help?

did you URlencoded ?

yes

can you give more info ? DM if you want

I found the answer 😄 but I think it's ridiculous that he made a mistake at first 😄

Hello everyone, I'm stuck at SQLMAP ESSENTIALS -> Skills assessment
I found the attack vector, but I am unable to exploit it.

Do I need to find an uncommon --prefix or how do I proceed?

That is the Attack Vector

Thanks in advance

👎

Good afternoon colleagues, I am in the final evaluation of LFI, I have tried to apply some of the suggestions of the classes, as you will see in the image, but I get lost a bit with some concepts, and also trying other techniques but without success, some suggestion or guidance to move forward? From already thank you very much

I would like to learn from your experiences. Thanks

i cant beat the hard lab on "network enumeration with nmap"

basicly im doing this command: sudo nmap -sA -A -sC -p21 <target-ip>

and nmap returns: 21/tcp unfiltered ftp
Too many fingerprints match this host to give specific OS details

i tried with decoys "-D RND:5"

it tells me the same

im stuck

😭

any help?

@civic wraith DM me

I can assist you

hi

sure

DM me

ok bro

Please can anyone help me with a couple of questions on what I am doing wrong on the footprinting medium lab?

Hi guys, I need some help to solve and answer the last question of the Skills Assessment of INFORMATION GATHERING - WEB EDITION. I trying anything and don’t found the correct answer, I tried with ffuf and gobuster subdomain enum, with the next syntax:

For gobuster I used for a some pattern:

 gobuster dns -q -r "dns1.p08.nsone.net" -d "githubapp.com" -w "~/seclist/fuzzing/1-4_all_letters_a-z.txt" -p ./patterns.txt -o "gobuster_subdomain.txt"

And the pattern I used is:

glb-{GOBUSTER}-public-internal.githubapp.com

For ffuf I used the next syntax:

ffuf -w ~/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.githubapp.com -t 90 

With ffuf I found some subdomians but, none one of this subdomains is the answer. I don’t know if I using the wrong wordlist or even the patter I guess is wrong too. I’m so exahust to try found the correct answer without success. If anyone know where I failed pls telling me.

Need help with Windows Fundamentals. Xfreerdp is not connecting to the Remote Desktop... please assist!

is anything wrong with this command

Can some one help me with NMAP Medium Lab Assessment? For some reason the port is always filtered no matter how stealthy my command is

For some reason the IPS always drops my packets

try refreshing the ip address

Hi everybody , i am on the File Upload attacks Limited File Uploads with the second question Try to read the source code of 'upload.php' to identify the uploads directory, and use its name as the answer. (write it exactly as found in the source, without quotes) , just don´t get it , try use the php wrapper syntax but that crash the page if anyone could give me a hint.

Thought a little too hard on the Active Directory LDAP module. On to Powerview!

Struggled a bit with that myself. Not sure if I can tell you what made it work on mine but DM me and I will try and help.

I solved that one already 🙂

DM if anyone needs help

Hello

hello can somebody help me with the wordpress module

Search for "WordPress xmlrpc attacks" and find out how to use it to execute all method calls. Enter the number of possible method calls of your target as the answer.

I use burp to list all the methods but it seems xlmrpc.php is not here

i got 404

Can I get a hint on the skills assessment 1 for common applications on how to get rce on the vulnerable application?

I am stuck as well Brother. What did you do?

Nm got it. -A aggressive scan. The one I totally overlooked 😂

Hi all - I'm trying to finish up the JavaScript de-obfuscation lab, but I can't get any responses from the PHP file - am I missing something? ("curl -s http://167.99.89.198:30621/keys.php -x POST" returns nothing)

you have to add the secret key found in question 4.

Ah, I seem to be missing something; I can't see anything that looks like a secret key (other that the 2 HTB flags in questions 2 and 3)

Just a piece of advice for everyone. Don't overthink it. Don't make it more complicated than it needs to be. I spent days on a module because I was trying to get too complicated when the answer was actually a fairly basic command.

Quick note @drifting knoll (made the module) the sudoers file required for the question isnt actually the file but the folder

Oh nvm

Mistake sorry

Thought it was a folder because no file extension

There was a sudoers.d but it was wrong

Hey, I'm trying to spoof my Source adress in nmap for the NMAP-MODULE, but it tells me

setup_target: failed to determin route

What am I doing wrong?

Nmap works when I don't use the -Scommand but I think I need it:

How many cubes do I get from subscribing? Enough to unlock a path?

You can find it under:https://academy.hackthebox.com/billing

okay, let me have a look see, so the cubes are additional to unlocking a path?

I don't think so but maybe someone who has that subscription can clarify.

I believe you only get the cubes.

@muted kite

You get 30 to start with and then 10 by completing "Introduction to Academy"
You can get the Skill Paths "Cracking into Hack the Box" cost 30 cubes that you get back.

I have done about 7 fundamental modules

Each Skill Paths cost differently, and each subscription gives different amounts of cubes.

so I know you can earn them

Around 18 modules are free and it a good start to learn.

so skill path is all upfront modules

skill patch is just a collection of modules

Im going to try and do all the free ones, but you still have to earn cubes to unlock the other free ones

the free ones cost 10 cubes and you will get 10 cubes back at compliting the modul

thats been my experience, I have 7 modules complete, I am stuck at the end of one of them, and I have the last fundamental module for 10 cubes open. by my count there are only 9 free ones

all Tier 0 is free

what are you stuck on? i can try to help you.

Go here : https://academy.hackthebox.com/modules
and press "Tier 0"
it will show all free

not only fundamental are free, some Easy (2) and Medium (6) is to.

Well knowledge check, privalage escelation of Getting Started. I cant obtain the root.txt file

I need to switch to my other HD with my virtual machine

I have done that one, so how long did you get ?

I got to knowledge check

sorry had to do a linux update in order to use discord

no problem.
so how long did you get in knowledge check ?

The final question: After obtaining a foothold on the target, escalate privelages to root and submit the contents of the root.txt flag.

Litterally the last part, I once got in to root and could not escelate the privies and it froze up on my so I ctrl+C out and ran out of time

Okay, i will send you a PM.

alright

Thanks for the help

I wonder if I would be able to do the Windows Fundamental Lab from my linux VM, or do I have to use a Windows VM?

You can do it from a Linux VM

Great, do I need to install anything?

@surreal rain

so I tried xfreerdp /v:Target IP /u:htb-student /p:Academy_WinFun!

but it says error failed to connect

so im doubtful it works on linux side

perhaps I just need to respawn machine and try a different target IP

Im trying to do update/upgrade in kali linux twice when it gets to unpacking exploitdb it freezes up

xfreerdp should work fine. are you connected to the VPN

that's the only reason you should get that error

download the VPN profile, run it with openvpn then try again with the machine you got

having trouble What does the acronym PAM stand for? on Setting Up module

I am really new to security and stuff, going through buffer overflow module, had a doubt , is this the right channel to ask questions ?

yes but you most likely wont get a response @meager lantern try the forums

oh okay thanks for the info

can someone can help me with the final assesment of the wordpress module

?

hi fellow HTB. Can anyone give me a nudge on footprinting -> DNS first question? (Interact with the target DNS using its IP address and enumerate the FQDN of it for the "inlanefreight.htb" domain.) -> this might be caused by my limited English, but I don't understand the question. I have answered the rest of the question on DNS module, only the first one that I couldn't understand. Appreciate any nudge/explanation about what is expected

what is a FQDN?

fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the internet.

Full Qualified Domain Name. I understand this part, [hostname]. [domain]. [tld]

But I'm still at lost with what should I do related to the question

"...FQDN for it..." (DNS server)

Thank you @drifting knoll . I got the answer

i thing the question means, what is the dns of an ip, ex. 8.8.8.8 = dns1.google.com

That's my initial thought. So I tried to get ptr record for the ip, etc.. But obviously it's not the answer

Can I get some help with this question in the hashcat module Crack the following hash: 978078e7845f2fb2e20399d9e80475bc1c275e06 using the mask ?d?s ?

Anybody pls help me with this question on Broken_Authentication Reset the htbadmin user's password by guessing one of the questions. What is the flag?

Hi all, I have a question about the final question of the module SQLMap Essentials ?

DM.

I am doing the final assessment question in Buffer Overflow module. I am able to obtain a reverse shell as explained in the module, but whoami shows that I am htb-student and not root, this prevents me from accessing /root/flag. I am confused, any help is appreciated.

@meager lantern Is it the Windows one or Linux?

Linux

Oh nvm then, I only did the Windows one.

Hi guys, I need some help to solve and answer the last question of the Skills Assessment of INFORMATION GATHERING - WEB EDITION. For context, the question is the next:

Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word 'elephants' in the name?

I trying anything and don’t found the correct answer, I tried with ffuf and gobuster subdomain enum, with the next syntax:

 gobuster dns -q -r "dns1.p08.nsone.net" -d "githubapp.com" -w "~/seclist/fuzzing/1-4_all_letters_a-z.txt" -p ./patterns.txt -o "gobuster_subdomain.txt"

For gobuster I used for a some pattern:

glb-{GOBUSTER}-public-internal.githubapp.com

For ffuf I used the next syntax:

ffuf -w ~/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.githubapp.com -t 90 

With ffuf I found some subdomians but, none one of this subdomains is the answer. I don’t know if I using the wrong wordlist or even the patter I guess is wrong too. I’m so exahust to try found the correct answer without success. If anyone know where I failed pls telling me.

hi guys. learning bash->comparison operators. have answer but it not more than 113469 - it is equal it. And no more matches. Key is not fit to the answer. What iam doing wrong?

i can't use sudo because of the password. How do I handel that? Please help me!

don't know my password, not the same than htb itsself

ohhhhh. it was 19 symbols, no 20 as in question.

Somebody have a some hint for what I'm doing wrong?

Hi I struggled like you but I give u a little hint

you can use python outside the debugger

is it something related to SUID ?

read what I said 😄

hmm ok I'll think on that

feel free to ask any questions

if you steel struggle

I mean when u runned the program it was with gdb. But you know that you can run the program outside it

😉

thank you so much got it

makes sense now too, so when I was using gdb the program was not being run with escalated privileges, but running the program outside gave escalated privileges and all I had to do was pipe the python script output to the input of the program !

DM me

@scarlet finch Thank you so much once again, gave me more insight and helped me solve the problem that has been bothering me for hours! ❤️

Hehe np ❤️

Im still working on that one.

like you

❤️

🐦

Thanks so much bro, telling me if you found some solution🙏🏻

Nobody to help me ?

hello

hello

@grand grove -- for SQLMap Essentials, feel free to DM me

Hi anyon able to do login bruteforcing module?

am stuck for the username. I got the username but answer is incorrect. Everytime i ran hydra, i got a different user for some reason

hey in cracking into htb , page 7 service scanning, when doing the last question I need to enter the pass for bob which is bob:Welcome1 , is there any way to see what pass im entering cause it's invisible. I do smbclient -U bob \\\\ip\\users it asks me for the pass after this, when I type bob:Welcome1 it says wrong pass.

try username%password

ok

not working

is users supposed to be lowercase?

yes

users is a folder

on smb

a share or a folder?

share

share and folder is same?

lol idk

lol

How do you know you have the right pass?

k give me a sec I will try, its been a minute since I did that mod

ok

lol

cracking into htb is the path, what mod is it?

how to check mod ? lol

page 7

scanning services

77 mod ig

\

getin started

yee

YEA

Why we happy?

its good to get stuff done

feels good*

lol

Poked around on google, the pass is Welcome1

?

ok

just a sec I'mma finish this question

yee! you good?

YEA

I did it +1 cube

thnx

np

hey can someone help me with the ffuf skills assessment question #2

i added the subdomains to /etc/hosts from question #1. i ran the extension fuzzing scan on each of the subdomains and got 3 extensions in total. i am getting the question wrong though.

the extensions were just in the wrong order. oops

Can I get some help with this question in the hashcat module Crack the following hash: 978078e7845f2fb2e20399d9e80475bc1c275e06 using the mask ?d?s ?

has anyone done the brute force module with ssh?

Did the brute forcing take long?

mine has been over an hour

anyone?

It shouldn't take that long

Hi all, I'm stuck on the last question of the SQLMap Essentials module : OS Exploitation - the hint says that the flag should be on a very common directory but I cant use cd command to change to any other directory. Can anyone give me a hint pls?

May be u can try ls to see files and directories or find

I did us ls -la to see any hidden files. tried to cat the robots.txt but nothing, I saw the vendor directory but I can change to it. also used find but i saw only the flag for the first question. so im not sure what im doing wrong

• I cant change to the vendor directory

ok I found it. thanks. but that was weird... must have missed it the first time

DM me, I can assist you.

Hi, I am a vip user at htb. How can i acces to htb:serious discussions channel

?

HI! Can someone assist me with the last flag of Footprinting - DNS? Stuck in here.

hello

how good is bug bounty track?

htb password forgotten in the terminal, what do I do????

(Hack the box) htb

Does anyone know when the Pillaging and pivoting/tunneling modules will be open?

Yop it me again but this time about the lesson Login Brute Forcing Skill Assessment. 🙂

hi

does anybody know why xfreerdp keeps disconnecting while I'm trying to complete the module?

Everything else on the internet is still connected

But I keep respawning new machine after new machine and it makes no difference

its a pain in my time @$$

@muted kite i have consistently had connection problems with windows targets in HTB Academy

Especially with nomachine

okay well as long as I know its common,

Im connected again, but I dont know how long it will last

I think i had about 1.5 minutes each go at it

yeah how to fix that?

wish I knew

is that how it happens in real life?

I really couldnt answer that

I mean theoretically of course

Instead of pentesting the client, tell them their network sucks and charge another $3000 to troubleshoot it for them

I just connected 3 times in a row and had problems as soon as I open CMD or powershell

Im using virtualbox, I wonder if you have better luck with pawnbox

worth a try.

I run a hyperV server with Kali installed.

Re I find anything about the 2 last question. I see there is a link with the previous but the bruteforce is too long for an exercice. Maybe I miss something ...

I am still stuck on the last question of Information Gathering Web Edition. I have enumerated githubapp.com 20 different ways and I cannot find a subdomain containing the word elephants. I have used dig, nslookup, gobuster, zap, nmap, zone transfers, sonar, ctfr.py.

Is there a module that that teaches you how to setup a HyperV server?

no, I just happen to work in the IT Dept. at a school and have access to 2 hyperv servers running multiple virtual servers. I utilized the space for a kali distro to work from

You're doing something more advanced I think. I wish I could help you, it sounds like you have tried everything you can think of. What about the one thing you don't want to try?

I have literally tried everything in the modules. Based on past experience its something small. Like a flag or something in the wrong place.

what section of Windows Fundamentals is giving you trouble?
i will try and spawn a machine and test it ...

its literally just the part where you login, xfreerdp logs me out in error constantly

nothing more

it logs me out after a couple of minutes each and every time

it says I have 60minutes, but that's a lie!

machine spawn
rdp connected
login on
...

powershell

powershell started

icalcs c:/windows

c:\windows

slash is the other way

icalcs c:\Users

icalcs c:\users /grant joe:f

It's just that xfreerdp logs me out in error constantly

i can not find icalcs , just a sec

once you enter powershell

into CMD

than it should recognize icalcs

nope

its probably just an error in the module

but you see what I mean?

it is icacls 😄

oh yeah

C:>icacls c:\windows
c:\windows NT SERVICE\TrustedInstaller:(F)
NT SERVICE\TrustedInstaller:(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(M)
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
BUILTIN\Users:(RX)
BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(OI)(CI)(IO)(F)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX)
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)

Successfully processed 1 files; Failed processing 0 files

I cackles muahahahaha

no problem here, you want my machine ?
feel free to use it
10.129.92.188

Y

im logging in once again

i am of it now

PLSSS someone about Login Brute Forcing I totally stuck

Sorry, don't know that one. I can try my best effort, if you tell me the problem ?

No if you don't realize the lab you can't because it is very specific about the link between two module but thanks man

The bruteforce is sooo long 😄

No, problem. Best help is to Google it and look for forum/reddit posts and write ups.

I don't find any write up and the forum just say it is a strange exercice 😄 😄

FIle inclusion module > skills assesment i am able to get RCE but i cant get the flag any help pls Solved

I can help

Anyone here available to give me a nudge on the Active Directory LDAP module? "Find the number of users in the IT OU." I have tried modifying all of the various commands provided in the sections, such as:
(Get-ADUser -SearchBase "OU=Employees,DC=INLANEFREIGHT,DC=LOCAL" -Filter *).count
by adding OU=IT to the queries, but I keep getting errors. I also tried manually enumerating the IT OU but cannot find the answer.

Edit: Solved

Has anyone got any tips about the Footprinting module and then the DNS section, last question? I understand from tips in the history of the chat that I need to find it via a tool like dnsenum, but I keep getting the same few results that are in the Subdomain Brute Forcing image on the page, and trying those in the same way as is shown with internal, gives me the Transfer failed error. Where am I looking wrong or where am I misunderstanding this?

check the Dangerous Settings of bind9 and think about how it could prevent you from seeing information and which settings would allow you to see results anyway

Also need a little help with this one

stuck on hashcat module Cracking Common Hashes section if anyone can help pls dm me

Can someone help me on the last question for ffuf skills assesment? I think i just need help choosing the right wordlist. I have the parameter i just need the value.

@shadow pendant DM Me

@coarse mango DM me brother

Did something change in the FFuF module? Pwnbox is different and I'm not able to write to /etc/hosts (unable to use sudo as it's asking for password). When I did this module the first time around this was not the case.

yes, you need a password for sudo option, you can find the file with credentials on the Desktop of the Pwnbox.

but we're not able to check these settings since we don't have access to file-system of the machine

Yeah I am also very confused

Think part of this module needs additional information

Can I ask you some questions about it?

& @rose crest guys do not overthink this. check the Dangerous Settings part of this section and you have to understand what each of these settings does and how it affects the DNS server and its results

I must be missing something obvious, because I understand how it can affect the results based on which host you use, but I have tried every host I could find and they all gave the error I mentioned before. I basically tried all the commands which have been shown in this section and tried them with all the (sub)domains that I have found, but no results except for the internal subdomain. I imagine there is another one like that which you can then use to see its hosts, but with subdomain bruteforcing I am not finding myself getting any closer.

feel free to pm

solved

Currently working through Login Brute Forcing on section Service Authentication Brute Forcing.
Earlier in the section it said cupp was pre-installed on the pwnbox and when I run the cupp -i command it says command not found. I also visited the github and saw the command python3 cup.py -i and tried that but got no such file or directory.
I do not think we are able to download tools without the password on pwnbox so stuck on next steps

hi everyone, I am a newby here.

please can somebody help me with a question from the Linux course. I cant seem to find the answer to the kernel version question

ive tried everything and nothing works

Yes ?

its one of the commands taught in that section.

Hi Thanks for your reply. I know I have tried, uname -a and uname -r as well as hostnamectl to get the kernel name and version. the problem is that the answer is exact and therefore if i put 4.15.0-123-generic or add Linux to the front or add the x86_64 to the end, it is not accepting anything

I know the commands and i have set up my own virtual machine, with kali and have done other courses too

shorten it to x.xx.x

uname -r is correct

so 4.15.0?

yes

ok let me try

OMG!!

after 3 hours

THANK YOU!!!!

I have a phd in education and i never set questions usually that are ambiguous, but obviously I am still learmning

Who learn python?🤓

I have done the intro module and DNS enum with python

you are welcome

Gm Frens 🙏 Assalamualaikum 😇

I am in the Nmap module and stuck in the script page trying to find the right script for the flag. My clue is that "Web Servers are among the most attacked services because they are made accessible to users and present a high attack potential"

I am trying $nmap -sV -Pn --script=http-enum [target IP]

Or

$nmap [target IP] -sC

No luck. At nmap.org/nsedoc/index.html this could take awhile so I thought I would ask for help.

is it the question - Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer.?

@untold kiln Gotcha, thank you for getting back to me!

Yes!

DM me

GM

Hey anyone doing or Done the Horizontall machine

@lethal atlas you saved me a lot of hassle. Thanks Brother!

Good to go now 👍

still at enumeration fuzzing not working for me

stuck there

Module Stack Based Buffer Overflows on Linux X86 - Generating Shellcode

What does the question want from me?

I almost despaired of this question as well.

You can't see the settings, but you know which ones there are.

allow-transfer
Defines which hosts are allowed to receive zone transfers from the DNS server.

So if no transfer should be allowed, what are your options?

HI do i install git

sudo apt install git

so idk if this is a stupid question or not but how do you find out the password for sudo when using the machine on HTB academy?

on the desktop there is a credentials text file

awesome thanks

Can someone give me a nudge on the last skills assessment for Login Brute Forcing. The question starts, "As you now have the name of an employee, try to gather basic information about them" but there is no employee info. Unless they mean the username from the first skills assessment question. Anyone know? NM Found it!!

thanks u r the best

i am in linux fundamentals modules

theres a question: Submit the command that starts the web server on the localhost (127.0.0.1) on port 8080

i submit: php -S localhost:8080

and it says its incorrect

thats a correct question 😒

what ip is localhost 😉

😅 yes i wrote the ip and it worked

thanks

no problem 🙂

I am on the SQLMAP Essential - Attack Tuning - Case 5.

I managed to get the flag but when I submit the answer it says it's wrong. Do I paste it with the HTB{} format or with what's inside the curly braces?

Any way I do it says it's wrong.

JavaScript Deobfuscation had some of the answers with HTB{} , so if it is in the answer/flag/file/output, you need to include it.

Hi can anyone help me with the question submit the unit name with the description "Load AppArmor profiles" as the answer. I tried using the code systemctl list-units --type=service | grep AppArmor but i only showed the output not the unit name

tried apparmor.service

try "systemctl list-units --type=service | grep AppArmor"

i did

arh, sorry. you need to include "snapd" in the answer

snapd?

yes

snapd.service?

Sorry Tox i dont understand?

Check PM

Working on Login Brute Forcing - Skills Assessment - Website and getting 2 different sets of password for the username. When using those passwords for the login page it fails.
Not sure if I should be getting these two passwords and stuck on next steps

Try a different username

Not sure if that would work, but if I found 2 passwords and they didn't work with a username I found than I suspect they serve a different purpose. Definitely hold on to them though.

Any Kali users here able to successfully use windapsearch.py? I get a "ModuleNotFoundError: No module named 'ldap'" and when I try to run: pip3 install python-ldap , it fails to build.

Edit: Same error(s) occur on pwnbox as well.

struggling with something

at RFI vulnerability

should i not be able to open target on browser

pinging it didnt work either

wait im not supposed to do that 😵‍💫

mb forgot to connect to vpn

I found the error.

sqlmap was changing a single character (q for a b) on the flag, not sure why. After researching I decided to use --fresh-queries to run clean scan. Flag came back with 2 characters encoded. Decoded them and it was solved. If you need help PM me.

anyone around to answer a jave obfuscation question? - nvm I got it

is there a module on ascii ?

same happened to me

Using rockyou-50.txt as password wordlist and htbuser as the username, find the policy and filter out strings that don't respect it. What is the valid password for the htbuser account?

how to bruteforce

stuck on hashcat module Cracking Common Hashes section if anyone can help pls dm me

guys

anyone done hashcat?

oh you're stuck too

I am stuck with rules./

my status is exhausted. But I'm sure I used the right flags and flag rules

Can anyone helppp

For the hybrid and rules I found that the HTB academy spawned instance wouldn't crack the hash for some reason. I used the same commands on my kali VM with hashcat and it worked there for some reason...

yeah, I am using my kali VM

Don't like their instances. Really bad latency

If you modify the rules example the way they suggest in the question it should work.

i did set a rules.txt

with $20$0$2$0

that is the right idea but the formatting is a bit off....

i also tried with spaces inbetween

$2 $0 $2 $0

haha

or is that still off

that should work if you combine it with the example in the write up

yeah ..

hashcat -a 0 -m 100 hash.txt $HOME/Desktop/Stuff/rockyou.txt -r rule.txt

still doesn't work

always exhausted

sent you a dm

Hi, I am doing modules in the HTB academy and in the last two sections I have found something very strange. Since I started in the academy I have always used my VM and VPN and everything is fine. But in the exercises of the last two sections I can't ping with the target or nmap, basically it doesn't connect. I've downloaded the VPN configuration file again but nothing, it's still the same. Does anyone have any ideas?

anybody pls help me with broken authentication module

Find the valid username for the web application based at subdirectory /question2/.

on bruteforcing usernames

Hi have you got it i am stuck too

Yes, feel free to DM

Hello, I bought a course, however, I am not quite satisfied with it. Is it possible to return?

i am literally running the command and it says 0

nvm i found the way

how tf will i find this

stuck on hashcat module Cracking Common Hashes section if anyone can help pls dm me

lmao

Stuck on the brute force Skills Assessment - Service Login.

I was able to ssh and found the other user. Trying to clean up the provided wordlist but says permission denied. Are we supposed to clean up the provided wordlist or just wait hydra out?

Finally found it lesgo

nvm figured it out lol

When we subscribe do we get access to walkthrough for everything in the academy?

or is that just for starting point?

I'm talking about the walkthrough

You should write a DM to a senior moderator to find out. imo it is not possible

Whom can I DM about DNS? I'm going around in circles. Already read all hints and still the same.

what DNS question?

footprinting - DNS

Has anyone done the Introduction To Bash Scripting - Comparison Operator Module on HTB Academy? I am having an issue and was curious if someone could look over my code and point me in the right direction:

var="8dm7KsjU28B7v621Jls"
value="ERmFRMVZ0U2paTlJYTkxDZz09Cg"

for i in {1..40}
do
        var=$(echo $var | base64)

        if [[ $var == *$value* && ${var#} > 113469 ]]; then 
                echo ${var: -20}
        fi
done```

im completely stuck at File Inclusion/Directory Traversal

no clue what to do

at the last part

on Skills Assessment

@stuck loom DM me brother

Hey guys anyone else having issues with the Fire Wall/IDS evasion Hard Lab?

I can get the service name but not the version

nmap Fire Wall/IDS that is

@white moss pls be careful with spoilers

ok sry

is it an academy related question?

yes it is the nmap module

Has anyone completed the nmap hard lab?

if you read the hint carefully, you will understand what you need to do

It say I am looking for a database as does the name of the service but it does not help me find the version and the name I use does not give me the right answer

guess you're not using everything you can

everything I can or everything possible?

Hoping someone can answer a why question for the Live Engagement portion of the Shells & Payloads - || why does the reverse shell only work for the internal network address and not the external address? In other words, got the war shell to work when I set LHOST to the internal network but not the external - why?
||

https://tenor.com/view/crickets-crickets-chirping-silence-awkward-silence-gif-5319192

@white moss - are you trying to complete the lab on the pwnbox?

no I can not get it to function on my pwnbox so I am using my kali VM

when I try on pwnbox it will not accept my password for sudo commands

alright - my issue was with the pwnbox since there was a conflicting service running when trying to obtain the service

But I can confirm that the process is discussed within the Bypass Security Measures portion of the module

ok will give it another look

@white moss DM me if you need a nudge brother

Has anyone done hashcat cracking common hashes?

anybody pls help me to solve broken authentication module " predictable reset section"

@summer lake DM me dawg

hellokittyislandadventure what does grep "^ii" mean?

Wordpress Module is messed up.

On the Academy.

You can't upload screenshots?

wtf

Fix the Wordpress Module, please. Can't identify the version number.

Final Module

If it's some convoluted crap like doing something to the hosts file, you need put that shit in the description

really?

@narrow nexus Works for me, check you discord settings that sending pics isn't denied.

wtf

kk

OK well how come there's no instructions on doing that?

I mean that's such a waste of time.

Jesus

I mean they could easily at the top put:
add this shit to your hosts file: bs.thm.local

Or something

Thanks

That's frustrating as hell

I hope they read this message. Cause we are paying for this shit.

🤣

Alright off soap box

Thanks @stiff stream

Okay, let's start with the first thing, what do you mean by "cant identify version number", what have you tried to do so far? afaik the module works fine, and as for the htb academy modules, most of them wont guide you through by your hand, you have to learn and that learning comes from doing stuff

I spent hours

scanning

googling

brute forcing

researching

nothing

I mean I'm pretty sure I worked my ass off

but the HOSTS file?

cmon

That sub domain never comes up even on nmap scans

Let me take alook then

Unless the Parrot VM is different

Regardless, they should have both bases covered no matter what.

• If you're using you're own VM: ADD TO HOSTS FILE
• If you're using Parrot: YOU'RE GOOD

Or something like that

Alright I'm gonna stfu and try this hosts shit

No not, really that's how you learn to understand about stuff

OK

I disagree.

The module is covering Wordpress.

Not /etc/hosts files.

I mean it takes seconds to add that so students aren't going down stupid rabbit holes.

Life is too short to spend hours guessing on random stuff.

@narrow nexus Okay I found it, dm me if you need hints for that

Yea I got it

Thanks man

It was the sub domains

But you need to also have patience, i have been stuck with problems for days, even weeks

and finally figured them out

you won't become hacker in a a month, what's the rush?

It's really nothing to do with patience.

I just hate not having any clue on why shit isn't working. I mean hell they could have easily thrown in some topics about subdomains and stuff like that.

Like throw small clues in there so that we could actually research the RIGHT things

lol

I would have never figured that out if it weren't for that screenshot.

Then again now you understand the value of stuff, value of networking and how it links all together, it's big lesson tbh

yea

Did you get passed this? I began this module last year and never finished the entire thing. But I did get through the verb tampering section. I dont know how though because im trying to re-do it and cannot get that flag.... Its driving me crazy because I literally have the flag from when I did it months ago but cannot remember how.

Hi ,

Is a date of AD Enumeration and Attacks to be available ? 🙂

Alright I finished that wordpress

see that shit was easy after that small ass detail

🤣

thanks @stiff stream

slap that box silly

But wordpress is a good topic

I'll be sure to take notes on that small lab fix

I think anytime we do VM stuff thats a good rule of thumb if stuff gets dicey

I'm not a big fan of /etc/hosts editing, because I pentest on web app stuff for my job (just a baby junior pentester)

Unless you remember to snapshot a clean VM or reset that hosts file, it can mess you up

So best practice is really not to edit that hosts file, but yeah for quick resolves or VPN connections inside an internal network, maybe.

It just depends I guess.

Different strokes for different folks.

Thanks again dude, really appreciate it.

i need hel

ppelase

i can't ping any any machines, i paid 15$ for VIp

Hi, I am stuck the module Linux Privilege Escalation on Privileged Groups. I am able to escalate to root and checked all directories associated with the "adm" group but have been unable to find the flag.
Would be great if someone would have some hints for me regarding that topic.

@viral meteor DM me bro

Hey, I am stuck at "Command Injection - Bypassing other blacklisted characters" with this payload: 127.0.0.1${LS_COLORS:10:1}${LS_COLORS:14:1}${LS_COLORS:1:1}${IFS}${PATH:0:1}home. Can someone who have already solved it give mea hint on where I might be wrong?

I had a question about buffer overflows. I'm doing the Linux x86 buffer overflow module, but I was just wondering in general, is there a reason we don't make the whole buffer a giant NOP sled instead of doing just the 150 bytes worth?

For example in this case, we have 1036 bytes we can use plus the shellcode length. If we designate 100 bytes for the shellcode, is there any reason we can't make the NOP sled 900 bytes instead of 150?

Doing attacking common applications, how does one connect to splunk?

nvm i got it

If you have 1036 bytes, you can use a 900 byte NOP sled, no problem with that.

I personally like to keep a smaller NOP-sled because then I can reuse it for other challenges which have smaller buffers, but it's obviously something you can change within 1 second.

Is anyone able to confirm that the Nibbles target in the Getting Started module isn't behaving correctly? I opened a support ticket last night and they tried "assigning me to another server in hopes of its connectivity," but I'm still having issues, and there's been no response from support for 14 hours. Requests to http://<target IP>/nibbleblog/ and ||http://<target IP>/nibbleblog/admin.php|| are timing out, but requests to other locations, including http://<target IP> and even ||http://<target IP>/nibbleblog/content/private/plugins/my_image/||, are working fine. I just want to make sure it's not something I'm missing from the module and that I'm not the only one having technical issues with this target machine.

you can but it won t be useful

150 bytes of NOP is enough

or 90

or 50

I was just wondering in theory if there was some sort of reason they were leaving some of the buffer

buffer and NOPS arent the same thing

Right i mean they used 150 hex characters for the NOP but left the rest of the buffer as wasted space. I didnt know if that buffer had a function

0x90 isn t a random Hex number. It stands for xchg eax

If you didn t have the buffer you couldn t overwrite eip

I understand the concept of the NOP instructing the CPU to move to the next space in the memory, but I was wondering why they used x55 to fill up the buffer instead of just using x90 all the way through

u need 1036 bytes for overwrite it. Imagine in this case the buffer is 90 if you 1036 - 90 bytes the next 4 bytes won t overwrite eip

Before the start of the x90s

try it and u will see

Try it yourself

I'll give it a shot and see. Ultimately I didn't understand the point of the x55 instead of using x90 for everything up to the shell code

I was just curious to see if it would work using x90 for the sled all the way from the beginning of the buffer to the shellcode

both work lol. It s just for illustrate

Ah gotcha

Thanks!

no

for some reason I am unable to SSH into any module machine...I enter ssh 10.129.125.209 and it just thinks until it times out. Am I missing something?

looks like some network problems, i keep getting kicked off my rdp machine

must be I cannot ping the machine either...I will try again tomorrow

?

I was replying to someone who sent a profanity but it looks like they got deleted

oh ok

Anybody else contantly disconnected from xfreerdp? I am trying to complete the windows fundamental module. I'm disconnected after a couple minutes each time

Ive even tried the pawn box

its no use, im moving on from this module and will leave it incomplete for the time being

Login Brute Forcing module. I found the password, logged in, found the flag, but it's rejecting it.

These end of module assessment and knowledge checks should be removed in my humble opinion

They are filled with tons of technical issues

Ive had 0 tech issues with skill assessments and ive completed every module for the Bug bounty path?

are you saying it has something to do with my network connection?

why am I constantly disconnected every 2 mintues?

there must be an issue

I didn't say anything other than Ive had consistent results. but that sounds like a likely possibility

what can I do to trouble shoot?

pawnbox wouldnt allow me to xfreerdp at all

from virtualbox, i can eventually connect, but it kicks me off before I am able to get step one complete

im frustrated

this is the 9 fundamental module for me to complete, but im stuck on this last part for 5 days

because of connection issues

Kind of sounds like a network issue, if you don't mind me asking are you on wifi on directly plugged in, also have you for your own sanity tried another rdp tool like remmina

Im on ethernet

nope, I did not think to try that, does Kali linux have remmina?

I guess I could look that up

if not it should be a apt get command

for some reason, my kali linux has not been able to upgrade for a week, it will update but gets stuck on upgrade

might be time to scrap that box and spin up a fresh one if you are having multiple issues.

sure, but even when I spawned an instance today and tried to connect to the target IP, it also didnt work, but I see your point, perhaps its connection issues, let me try one more time to upgrade. If it doesnt work, I will make a new box.

it just got stuck at the same part again

I haven't done the windows fund module what task is this?

Just spun up a task in that module and was able to connect, :/ think it may be a network issue

Thanks for the clarity. I know where I need to go with this. It's a problem from my end

Anyone able to help me out? Hard stuck on the nmap module hard lab.

What's up?

Is it cool if I DM so I don't give out spoilers?

Sure.

Anyone have any insight on the Academy Login Brute Forcing Module? I logged into the server, then the web page, found a flag, but it's not working as the answer.

Was the flag there when you logged in? I see a flag, got the username and password, but it won't accept the flag.

Which section of the module are you having issues on?

Login Form Attacks

dm'd u

Has anyone done the LDAP module? Kinda steep at 1k, was wondering if anyone has done it and liked it. I see that ippsec co authored it so it seems exciting

@vestal spruce Working on it now. Not sure if its worth 1000 cubes though.

@vestal spruce Covers "living off the land" powershell LDAP queries, and tools like ldapsearch , windapsearch.py , and ldapsearch-ad.py.

Useful for OSCP do you think? With the new changes

Definitely wouldn't hurt. To be fair I can't really think of an alternative, besides maybe looking at write ups for retired boxes based on AD/LDAP.

On a scale of 10, what would you give it thus far?

I would say 7/10 so far . Only ran into one question that made me bang my head against the keyboard. I am on the second to last section right now. I took a peak and the Skills Assessment is 10 questions , which kind of terrifies me lol.

I might sleep on it, thank you for the insight. Kinda a steep price but it's hard to find somewhere where that info is condensed nicely

I'll be taking this module soon

Yes! Do the module, that way I can message you when I get stuck 🙂

Actually it's pretty neat . Sort of like having two or three actual domain controllers to practice tools and queries against. Also I was concerned there would be performance issues (like RDP disconnecting) but luckily I haven't had any problems.

confusion: doing the Working with web serivces mod gives me an error 405?

Any hints for how to start a simple webserver on port 8080?

can anyone help me with learning how to hack?

The idea seems good, but the followthru on some of these acad modules are flaky

are you talking to me

nah

k

but could u help me

but could u help me

I am about as clueless as you are :/

dam

https://www.hackerearth.com/practice/notes/simple-http-server-in-python/

To be honest, it's probably best to start with the "Starting Point" rooms on HTB and Try Hack Me as well

I thought this was a starting point mod

It recommended it to me

Yeah setting up the server isn't too bad

python -m SimpleHTTPServer <port_number>

Just a one liner

Lol, nowhere in the mod did it mention that

is acad one where you use outside help or is it all inclusive?

You will need to do some googling on like 95% of the modules in Academy.

hey someone could give a hint on File Upload Skill Assessment? how i found the upload directory

First you should learn basic things like network technology, Windows and Linux.
There are many courses on YT, Udemy but also here at HTB or TryHackMe.

Then just learn step by step. E.g. how to crack passwords, how to analyze webtraffic, etc.

Hey Guys

I’m stuck on the FFUF module

What's the workaround for our PwnBox that don't have sudo allowed, yet the module requires commands that need it?

how can i get 10 cubes without spending 10 cubes

Buying ‘em

Someone knows how to answer this?

You have to FUZZ the parameter, when you found it, that parameter is the answer

@thorny crow They changed the pwnbox recently. Check for a file on the desktop of the pwnbox , it should have your user password

Would do if there is mobile option

But isnt

I know the answer and when I test it on the spawned system it's working fine

but I cannot submit it

does anyone know who I can contact?

you can not submit your answer or you get an error?

I cannot submit it

I just saw the erratum channel, should I have posted there?

that is weird, try to close your browser and try again...

that is for error correcting the modules

oh okay give me a moment

Yuuup it worked, thank you!

Happy to help 😄

loading up a fresh copy of kali linux on VB, once it's complete I will try the assessment once again in WIndows funadamentals.

hey i am stuck too can you help

Solved?

Solved?

Yes, I solved that section. Currently on the final skills assessment.

Thank-you!

I am required to enter a password to install OpenSSH on one of the Linux Fundamental modules. Is there a default password to use?

Hey guys. I know that I am probably posting this in the wrong place but I have a question about how to go about doing so. I am having issues with one of the HTB boxes and would like to post my question there but it says that my discord does not have permission to post there. How do I go about getting that permission?

For Footprinting Lab - Medium, I am admin on the box; I can see the table schema, but when I try to query, it comes back empty. Am lost (and feel like going way beyond scope of what this module is supposed to have taught to have gotten to where I'm at) -- Can anyone DM me a nudge? Thx.
EDIT: Alright, I found sa creds (which did NOT work), ended up changing sa creds to what they should have been, but STILL can't seem to query the table...
EDIT2: Alright, restarting the box (after fixing sa creds) solved the trick -- what a PITA!!!

I couldn't get it figured out. Hope you have more luck

Hi fellas!! Am just a beginner to HTB academy.. right now, I have completed INTRO TO WEB APPS, ATTACKING WITH FFUF, RFI/LFI MODULE, BUFFER OVERFLOW MODULES.. but the thing is am having only 53 cubes with me.. I wish to unlock modules which are 100 cubes worth.. Wont I be able to unlock it?? or should i wait for any free cbues issued by HTB ?? Please guide me on that

Also need a extra hint!

Hi, I am stuck on the knowledge check for getting started. I know it's probably something stupidly easy, but I found the user name and password, and then I have tried to run an exploit on the system, but I don't know what I am supposed to put for the TARGETURI. I am assuming that's why it isn't working. A nudge in the right direction is all I am looking for 😄

Guys

Guys

HELP ME PLS

I sent someone my webhook url by mistake

CAN THEY GET MY TOKEN USING IT?

what webhook? what token? is the token in the url?

also this isn't a support discord for whatever app, this is the channel for help on academy modules

Idk Im so scared

You know discord webhook url?

I sent someone that

Im scared can they take my token

And get into my acc

Changing your password does reset your account token. It's done this for years.

Ok

and take this opportunity to activate MFA

also next time go to discord's support 😄

Whats MFA?

Multi Factor Authentication

its in settings?

https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Two-Factor-Authentication

Eek

Im scared

yes life is scary, now change your password and activate MFA. You'll be safer and it'll be less scary.

hi

can someone help me using the program ZAP? id like to encode a usernamelist to md5 while fuzzing

ah nvm found it

Hey!
Just started academy, first the fuzzing (ffuf) module.
I have some technical difficulties, can you help me?

1. I did'nt found the VPN package / .ovpn file anywhere. I'd like to use my own computer rather than PwnBox.
2. However, if I use PwnBox, ffuf is not installed. The module says it is. I need sudo to install by hand, but I don't find sudo password anywhere, my user password does not work.

Any tips?
Thank you

hey, the root password is under my credentials on the desktop.. vpn package should be on top of the module under resources for example

How did you got 53 cubes

Hello, trying to finish up the getting started module. I found the user.txt, but i'm a little jammed up on escalating privileges to get the next one. I used sudo -l and I know that i'll need to exploit php somehow, but kind of stuck there. Been on gtfobins, but not really sure what I am looking for. A gentle nudge would be appreciated.

You can DM me

anyone here for fthis Q ; What is the FQDN of the host where the last octet ends with "x.x.x.203"?

Footprinting Module

DNS Q4

Can I ask someone questions about the Footprinting lab - easy? I have done a number of things, but can't seem to make progression?

I keep getting the "permission denied (publickey)" error, and I have tried some things without result

You have to put proper permissions on the public key file

DM if you want

You can DM me, if you want

thank you. i get the password and its do the job. however it seems that this module cant be done via vpn

Solved

hi

👋

wget didnt seem to work, any ideas of how i could do this?

which module was that?

linux fundamentals

oh yeah. this one was a pain.

true

I used curl as stated in description and just count and clear duplicates from that domain. You must have some duplicates in your query - try to identify them visually if you have sorted results.

okay

you can do it with cURL and some piping

In the Footprinting module the medium lab you are supposed to find the Admin credentials to login to the MSSQL server. Can anyone give me a hint on how to find those? Do I need to get them with rpcclient or via another service?

File Upload Skill Assessment. Guys, I found the folder where the downloaded file is stored, I was able to open it, but for 2 days I can not figure out what to do next. Need help(
Sorry for my English

Module: Using Web Proxies
Section: Skill-Assessment

Could use some help, think im doing it right but Burp is only returning errors.

Module : basic tools (1st module)
Section : FIREWALL IDS/ips Hardlab
Any help with this ?? Stuck already 4 days can’t find the flag 🙈

im trying to only FUZZ a part of the cookie, how would my request look? when i only §§ the last part, i wont recieve a succesfull response : (

(edit): use the right encoding methods

Upload file attack, last question trying to find where files are stored. please help

Feel free to DM me

hey i really need some help with the windows fundaments module

anyone up for helping me?

dm me

still looking for some help if anyones not busy

did anyone here know the password of htb academy machine? oh man i can't modify /etc/proxichains.conf in modules using web proxies.

If your run the below, you'll find password for machine:
cat ~/Desktop/my_credentials.txt

oke thanks

I'm doing the Linux Priv Esc modules and have a question on the Privileged Groups section.

hi

sus

Use sublist3r

HI

@tight glen Hi bro, for no spoilers, you need read and following careful the hint of this question.

If you still stuck DM me

Hi, i'm stuck at module 18. File Descriptors en Redirections. The total amount of installed packages. I can't get the correct answer. What i've tried: apt list --all-versions | wc -l ---- apt list --installed | wc -l ---- dpkg --list | wc --lines

funny thing. i get every time a different amount 😄

try using dpkg

that what is did.. dpkg --list | wc --lines

amount incorrect

PM sent

I wonder when the pillaging module will be available 😄

I'm kinda excited. All I know is how to backup and exfiltrate databases lol

will be nice to see more 🙂

Hey, I'm trying to solve the questions of Knowledge Check section of Getting Started module. I reached the user.txt flag with an initial foothold and without metasploit. Now, I'm trying to do the privilege escalation. I know www-data user can execute with sudo /usr/bin/php and I tryied to execute an reverse shell script but I hadn't root identification. Am I in the correct way?

https://gtfobins.github.io/

Thanks! I saw this page and I used this code:
CMD="/bin/sh"
sudo php -r "system('$CMD');"
But maybe it's wrong or I don't use it correctly

Can you just make sure that the path to sh is correct?

I will try, but must the code be in a php file?

No. You can look up php --help to see what the -r flag does.

Wow! Thank you so much! I solved it!

Skills Assessment - File Upload Attacks
Please help me, I don't know what I'm doing wrong anymore. I was able to read the etc/passwd file. I was able to find the download folder. But I don’t understand what to do next, I’ve been sitting with this for 2 days.

hmm im trying to remember what I did lol

there is an extension that you might want to look into for your file your uploading

p**r hehe 🙂

also, /etc/passwd wont be of much help for this challenge

i suggest maybe trying to disclose source code 🙂

module : Getting started
section : Knowledge Check
anyone who could help me with this?

i'm not able to enumerate it further

SecList lists do not have this p**r extension, I did not write it so as not to spoil it. I got it)))) Thank you very much.

I can, what/how much help do you need ?

check dm

in Windows fundamentals module last section Assessment, creating a shared folder, but with who? There appears to be a variety of options.

makes no difference, remote desktop connection failed in 60 seconds

Did you solved it? I'm on the same boat: I can upload files, can read files, know where the files are, but can't figure out what I should upload.

what is the question ?

Its an instruction

but xfree rdp kicked me out again, I'm currently downloading Remmina and going to see if I can stay connected with that, I have a whole knew linux VM installed

then i think it is anonymous user

Thought my install was the problem, because I can't upgrade due to a lock on a file,even know

The instruction is Create a shared folder called company data

I create the file, than went to give it access, it said bob.smith or mrb3n, home or homegroup. I wasnt sure, than it disconnected

FOLDER, not share 😄

You know what i mean

I hand typed it

the share comes later with the user/group

Well I dont see create a shared folder option, so its just folder than

no problem! glad I could help 🙂

Hopefully Remmina installs successful and hope it works without connection issues

is it the Skills Assessment ?

yes

Im having more issues just staying connected

so i cant get through the exercise

again ? i feel sad for you

Yes, everytime. Its xfreerdp or something, gonna try Remmina

so, it is create folder, user, group and then at 6. it is share the folder.

i can try and spawn a machine for you ?

I dont think its the machine ip

wonder which format I'm supposed to use with remmina, it's not like freerdp

not sure how to use remmina, every time I try to remote in, it just says event not found

Enybody knows how edit this command to get name of member Protected group with servicePrincipalName using this command ? Get-ADUser -Filter "adminCount -eq '1'" -Properties * | where servicePrincipalName -ne $null | select SamAccountName,MemberOf,ServicePrincipalName | fl

ACTIVE DIRECTORY LDAP

Active Directory Search Filters

I figured out how to open and use remmina. But it's also having connection issues, I can try and see if your target machine has fewer problems

Ive spawned 6 targets with no luck, I tried with remmina and it simply cannot connect

I can't finish this module. moving on.

looks like my spawning is taking a long time to

Module: SQLMAP-Essentials
Section: Running SQLMAP on HTTP Requests

||Can somebody help me to edit my JSON payload in order to retrieve the flag? sqlmap clearly tells me its vulnerable but i cant seem to figure out how to.||

sqlmap result (care spoilers)

I have some trouble with some questions in the Information Gathering module - Web Edition, Active Subdomain Enumeration section. I'm not sure if I'm wrong or the boxes area broken. When i do the nslookup scan gives me all the other answers except this two, help

Case4 @tight glen Let me know if you still need help.

About DNS - ZONES(If i am not wrong)

Zones are groups for admins to control their network. MOSTTT of the times, the zone names, are equal to A subdomain that contains info for more than itself. So, when It is asked from you to find the zones, It really means -> Which subdomains contain more info? aka which of them are vulnerable to transfer, so you will be able to see the extra info.

This means that you need to account for ALL the subdomains, like a.b.c.d.TARGET.com .(d,c.d,b.c.d,a.b.c.d)
There are tools such as dnsenum that find potential subdomains(brute forcing).
Now I think this is enough for you to guess how to use the tool PROPERLY and what is happening with the questions.

hmmmm. how i should find the flag in the WEB REQUEST -> POST METHOD? i change cookie from guest to admin, and got access without login form, but what flag should place as the answer?

hey, I'm on the Linux Fondamentals for Filter content and I don't understand how are we suppose to answer the question with the content on the webpage
I'm stuck at "How many services are listening on the target system on all interfaces? (Not on localhost and IPv4 only)". Could someone give me a hint ?

pls... do not overthink it...

its not that complicated

i highly recommend you to reread the DNS section again and understand how it works precisely

You can use netstat for that.

Can you give me a hint on where the files are stored? Once we find that we should be able to upload a php webshell right?

That's the idea, but I couldn't figure out the necessary bypass to the white/blacklist rules in place. I will DM you about the location of the files

I've been struggling for a while on the footprinting DNS .203 exercise and still cannot get the answer after re-reads and multiple attempts. Please could someone DM me and see if my understanding is right and what I am missing? Thanks.

did you figure out this issue? I am having the same one

You did one single, successful AXFR, right? ||There's one more you need to successfully do||

dm'd

could you pls dm me too?

idk

Did anyone complete the ACTIVE DIRECTORY LDAP module Credentialed LDAP Enumeration section? Trying to figure out question 3

@devout galleon Stuck on that question too dawg 😦

hey guys, heres to hoping i dont get hacked xD i guess were all in learning curve here?

well im assuming everyone asleep, the first module im doing is linux fundamentals, some of the questions arent very direct, and seems a bit counterproductive for me at least to learn this way, i guess im answering my own question here but i guess the more deeper i go the more easier itll be to understand how to look for things or identify them faster right? lol sorry super noob

im new too, Im doing the starting point but im not doing the academy stuff

In my case though I use linux for work so I figured I skipped the fundamentals, idk how it would be for you

solved

I try with netstat and use grep to filter the result but I can't figure out what am missing, the answer is always wrong.

Hi Guys

New here. Complete noob in programming

I have started the Linux fundamentals. When I try to use the "sudo," it asks me for a password. I type there my actual password, which I use to log in on HTB, and it's incorrect. What can I do?

I'm assuming you're using pwnbox

In that case the creds are on the desktop

In the file named credentials

Thank you. I'll check that.

that's it. Thanks 🙂

I think the question is not phrased right. What they want is all listening interface, IPv4 only, not localhost.

yeah, I try to exclude localpost from the result but i got 0 when I look for ipv4

@dry pumice Can you post your command here? (perhaps wrapped as a spoiler)

yeah, give me a sec

||netstat -l | grep -c -exclude=localhost ipv4||

@dry pumice So if you run netstat -l do you see any line that includes the text "ipv4"?

not really

If you want to filter out "ipv4", you have to be first sure that this parameter exists.

@dry pumice The same applies to "localhost". And look more into the option of how to exclude a string of text.

ok, thank you

@dry pumice And you can use a flag in netstat to include only IPv4

oh ! ok thanks

@dry pumice Look into what -v does in man grep

Hi, All! Can you give me some link to start training?

https://www.hackthebox.eu/blog/learn-to-hack-beginners-bible

otherwise use #resources-tools and all the serious topic channels.

You’re a lifesaver! 🙂

The questions and modules are designed to teach you basic fundamentals, and then have you expand on them. I have found the answer in the modules 99% of the time. Very occasionally I have to google but I usually find that even then had I read the module carefully, checked the links contained in them, and read man and help pages, I would have found the answer.

I LOVED the Footprinting module. If anyone needs help with that one, feel free to hit me up.

Hello, new to the community here. Intent on learning EVERYTHING! Love the site's set up. Hope everyone is doing well.

Hi all, I'm doing the "Using Web Proxies" module and on the ZAP Scanner question it says that I should get a high level vulnerability which I should use to read the flag but I'm only seeing medium alerts. I'm using the built-in browser of ZAP. Can anyone pls give me a hint? am I missing something?

BTW - not sure if it matters but for some reason the "Active Scan" HUD option is grayed out but I cant still start a scan if I choose a requests from the history...

Hi I have a small question why pwnbox is only one time use per day in modulus

Because it's like that as a regular user, VIP got 24h per month and VIP+ unlimited time

Hello, i'm having issues getting the -S switch to work while doing the Network enumeration with NMAP module. I type it in the way it shows, however, it always tells me setup_target: failed to determine route to target IP. Is this just a pwnbox glitch?

I can send what I am putting in for the command, just didn't want to clutter things up. I am pretty sure getting this to work will be the key to finishing the hard lab, so I am trying to get it to behave itself.

NM, I figured it out a different way. Just had to hold my mouth correctly.

i believe this is their way to make money or get u to subscribe

is there a way to download parrot or kali into a USB via mac or is windows the easiest for that?

What does that mean

You can make a bootable USB regardless of your host OS

that what im trying to understand, i know its easy with windows from what ive seen on videos, but havent seen anything clear on macOS

i have both but i prefer to learn on macOS

No idea I haven't used a mac in a decade

SO the section doesn't tell you which account to ssh in as... This is the Linux Priv Escalation Module, and the Misc Techniques section. I tried the secaudit account, but they don't have rights to mount the drive.

anyone around to answer an intro to bash scripting question?

'xfreerdp /v:10.129.149.38 /u:htb-student /p:Academy_WinFun! 147 transport_write:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[15:15:42:690] [3558:3559] [ERROR][com.freerdp.core] - freerdp_post_connect failed'

Anybody know why this keeps happening to me?

It's much longer, it says System Error 32. Which is a windows system registry file that is required. But since I am trying to get into a target machine, from a kali linux machine, why is that error coming up, unless the target machine is affected by malware or something else?

is the target still up? are you connected to vpn?

I just copy pasted your command and got the same error, I spun up a box and input the new IP and I connected fine

Im connected to a vpn, are you saying a proxy is running?

from my end?

not that i'm aware of

every IP address I use, gives me the same problem, I think the issues is IP related myself

Maybe try starting your machine, that works about half the time for me

sometimes, it works, than it disconnects

Im hoping it will be fixed, it would appear that not all the target IPs are configured the same in windows I get a system 32 error which is a windows registry file that if corrupted you cannot connect.

Im not using windows, but the target machine is a windows machine.

ive spawned 6 machines in a row with the same error, can someone give me a target machine that is working?

so I can see if I can access?

from Winows Fundamental Module

I dont want to kick homie off, but it seems like I can access it

are you connected to the HTB vpn using OpenVPN?

you can also restart the attack host and see if that helps

Im saying restart too

yes fully connected, restarted 6 times

I wonder if a lack of update and upgrade on kali linux can affect my connection

redownload a new vpn key and try that?

you spawned a machine 6 times or you restarted your cpu 6 times?

respawned machine, I didnt know I could restart my CPU

Is that easy to do?

oh a reboot

haha

I just updated and upgraded

Im using kali linux

Im about to do a reboot and log back in, can you gimme a second?

Anyone around to answer a question on intro to bash scripting or login brute forcing?

lost the question

post**

I will try again, if it doesnt work, I will move onto something else

I keep saying I will quit, but I can't just let it go. hahaha

still haven't tried a fresh install of kali?

yes, it didnt fix anything

@lost kayak

hmmmm

still have the connection issues, I even tried Remmina

installed it and cant connect

Im just not sure what the issue is

I think it has to do with a range of target IP addresses, but in my minimal experience, I usually end up being wrong, only when I find out what made me wrong

Range of target IPs?

can you send a screenshot of the specific module and a screenshot of the terminal output you are getting

let me log in again

shoot me a DM with the screenshots so we don't blow up the channel

sure

What's your question?

On the for loop section I am getting an error

I think my for loop is right, I think the error is due to the decrpyt function