#modules

what?

@muted kite You are going to notice that all subdomains that aren't active return an error message of identical size/word length etc. Right?

just search virtual box and select your os

like there are so many things

and click install

Setting up is the hardest part

well a hard part

yea i am still unable to do it

but ik how to set up virtual box

It's a little difficult to read, its showing 2680 errors out of 2760 scanned

but the main problem is installing kali in it

does anyone know any videos for it??

There is a pdf on edx from nyu on penatration testing that is a good walk through

ill see if I can find it

k thx

its gonna take me like 15 mins

ill be back

kk

how do i screenshot btw

are you on a mac?

no windows

google that

im on mac

When you launch your search, you are going to notice it straight away as the list is getting longer and longer. Almost all will have an identical size or word lenght

here is your video for installing kali virtual box @vague axle

https://www.youtube.com/watch?v=umSTdjeCgqc&list=WL&index=1

https://www.kali.org/docs/virtualization/install-virtualbox-guest-vm/

k thank u 🙂

Sure, ive seen it before, but im in the assessment part of ffuf. I just dont understand why the additional filter command isnt working for me is all

@muted kite Once you figured out that parameter, you can exclude all those domains with like -fs <filesize> or other flags.

problem is I dont see a file size

it shows progress, job, duration, errors

https://drive.google.com/file/d/1xlV1-o7eoOzMmev9DmPV3bvuTlx2r_86/view

This is a easy step by step

I think I will just wait and see what the end results return this time and than include the -fs XXX

Which module/task is this exactly?

ffuf assessment

This is the full course, it is free.

Its a nice starter with some videos if you are super fresh

There is one difference with the walk through, kali isnt on offensive secuity site anymore, only kali.org

everything else is the same tho

First task?

last

my point is the commands are not giving me the output they are supposed to

First question of that last task?

yes

Let me try it out...

hey did anyone of you finished fundamentals of linux?

yes

ohh

i haven't and i am still learning it not fully finished yet

but i have completed networking

nice

yeah I finished it

hey can you tell me what more interesting things are there in fundamentals of linux??

thats a confusing question

lol

im trying to access kali and it wont let me on the website

Thanks Im currently letting the current vhost scan complete, it's almost done

hey what all did you did explain pls

whats the error, what website?

that link is for installing kali, you have to download an iso image of kali linux from the website, what I sent you, is how to install kali linux on virtual box step by step

its really weird every website is working for me but when i try to access kali it says it took to long

are their servers down?

because i could access it a minute ago

hey i have a 8gb ram pc with no graphic card ?? can i install kali too

lemme check it

no i can access it

you are talking about the download page right?

https://www.kali.org/get-kali/#kali-virtual-machines

scroll down until you see this

Have you added academy.htb to your /etc/hosts file? I am concerned that not...

see where my cursor is?

click that download link

no like it wont even let me on the flipping website

yes but now that you remind me, the vhost and port is from yesterday

but i can get on any other

thanks for pointing that out

new exersize, new machine

did your parents restrict your network?

nope cause it works on my phone

Cancel your scan, add academy.htb with it's IP to your file and run it again. Once you are going to see a list getting longer and longer once your scan started, you know that you did it right.

Boom, it's working now

I can't believe I didnt realize I had to change that again

i finally got virtualbox downloaded what now

now you need the iso image with the latest link i sent you

https://www.kali.org/get-kali/#kali-virtual-machines

are you not reading the tutorial?

i am but i cant get on kali

on my laptop juyst my phone

show us a screenshot

how do i put an image on discord?

drag + drop

or you can click the addition symbol to the left

k

omg it finally loaded

IM learning new things too!

after years

Vmware or virtual box ??

which one do you want kali linux on? which did you download?

virtual box

shakll i click the download on it

yeah

-mc 0

thanks

Spoiler alert :)

should i delete?

Better

ok done

wow it feels so good when you do it right and see the results though

user error

was the only error taking place

i downloaded the kali thing now what?

show us a screenshot of the iso image in the download folder

copy and paste it to your desktop

where is the iso image?

in downloads

internet downloads

k

@stardew can you do a discord call and share your screen?

sure

call me

here

is that right

thats virtualbox I believe

OVA image.

As you downloaded an OVA image.

:)

??

100% right :)

lets call it will be easier

Anyone finish

? Wanna help?

Sure, what are you stuck on

https://tenor.com/view/the-simpsons-mr-burns-youre-here-forever-dont-forget-stuck-with-me-gif-11236805

LOL

My God Network Traffic analysis is BORING

Someone helped me, thank you tho

lol agreed

I didnt have fun with that one

I also hate nomachine, made it extra painful

@lethal atlas lol

when you enroll in a path, are you supposed to do all the modules in a particular order?

Yes it is shown in the dashboard in order. However I dont always follow it. IMO its up to you 🙂

well some are easy and some are hard

im torn between bug bounty and junior pen tester

I mean some are easy and some are medium

spoiler alert

okay I can't find the parameter-names.txt

theres no spoiler, it failed

I need help locating the filepath

lol I was jk

must have elp

I dont have seclists/discovery/web-content/burp-parameter-names.txt

pull it from here: https://github.com/danielmiessler/SecLists

ah yes, thank you. I forgot about that

git clone?

wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip
&& unzip SecList.zip
&& rm -f SecList.zip

this one?

Know how I can confirm it's fully installed?

i still cant locate the file im looking for

certainly a big help in the right direction thanks for that

but im still having trouble locating the burp parameter-names.txt

what file you looking for?

I just found it by using find

Hey everyone, I am currently stuck on Hacking Wordpress - Directory Indexing. I did a wpscan and found some "stuff" however I am trying to use the html2text and it doesn't seem to work for me. I am working in the pwnbox. Would appreciate a nudge in the right direction

find / .type d -iname burp-parameter-names.txt

what question?

home/anonymous/SecLists/Discovery/Web-Content/burp-parameter-names.txt
/home/anonymous/SecLists-master/Discovery/Web-Content/burp-parameter-names.t

huge list showed up, bad news is the command isnt responding anyways

what command?

one sec I just realized something I didnt update my etc/hosts with the faculty in front of the domain 'ffuf -w /home/anonymous/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://faculty.academy.htb:32704/courses/linux-security.php7 -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -ms 780 2>/dev/null'

what command do you run?

?

sudo curl -s -X GET http://68.183.45.200:31948/wp-content/plugins/mail-masta/ | /usr/lib/python3/dist-packages/html2text/main.py

This is within the pwnbox

on pwnbox or ur machine ?

Im on OS

machine target

DM

its installed now

but for whatever reason, the command gave no output

show me the command

:rainbowwizard:

anyone here have nitro?

:rainbowwizard:

Noob here looking for help with the NTFS vs Share permissions of the Windows fundamentals module. Hope this is the correct place to seek help. If not please point me to it.Specifically

You are in the right place, whats up?

Specifically i'm having trouble mounting the windows machine from the Pwnbox. I successfully used xfreerdp to connect to the windows machine and created the folder on the desktop. But getting the following error after attempting to mount the directory from pwnbox.

im using the following "sudo mount -t cifs -o username=htb-student,password=Academy_WinFun! //10.129.201.57/"Company Data" /home/htb-ac397918/Desktop/

error(115) operation now in progress Refer to the mount.cifs(8) manual page and kernel log messages

is /home/htb-ac397918/Desktop/ the file path for the windows machine or the pwnbox?

pwnbox

also installed the cifs-utils per module troubleshooting suggestion

lol so that is one option to wait it out

try to wait it out

i have retried but not sure waited the full ten minutes 😉

can you reach it by smbclient?

that is the next step, i tried it last night after failing with mounting. it didn't work but i thought it could just be related

smbclient -N -U 'user%pass' \\IP\Company data

including % but not quotes? correct

wuotes too

space between ' and \ ??

yes

appear to get > prompt

Need to double the backslashes, or just use forward slashes with smbclient

this is the smbclient command in the module "smbclient -L IPaddressOfTarget -U htb-student"

smbclient -N -U 'user%pass' \\IP\Company data

discord is altering the command my bad just notcied

should be 4 and 2

the module smbclient command still fails "(Error NT STATUS IO TIMEOUT)

but your command appears to work, i get what appears to be a > prompt

hmmm

don't know what to do while there

neither windows ro linux commands work

ctrl C to quit

hmm I really dont know, this is outta my league

i appreciate the effort

are the moderators that i can dm ??

Ya I would start buy trying to find who made the box

or module

mods and staff are to the right

scroll down to staff

is it appropriate to dm them

Anyone around that can give a hint to the 'Web attacks - skill assessment'?

For this yes

try to get an answer with us then ask them

thanks for the help

always good to ask them if there is a technical issue

Check the firewall on the target.

finished the module, but will go back and look at firewall to see if i can then mount the share

thanks for the tip

hey can anyone of you help me ? my question is that if we use kali linux can we use this in all of our htb task? cause i dont want to use the lab that is provided by htb

can anyone help

??

yes

itnbob, r u still here

Anyone online completed the Linux x86 buffer overflow module?

I'm on the very last question and I've exploited the vulnerability to give a reverse shell but it spawned as the htb-student user and I am not sure what I'm doing with this suid bit on msg.txt to get the flag.

thx

Nevermind, figured out my issue, had to call the binary from the shell directly instead of running inside GDB because GDB doesn't have SUID, just the C program itself does.

Question for the HTB academy room for Sedebugpriv on the windows privesc course. It's asking for this hash and I've ran mimikatz and procdump but can't see that listed hash from my dump. Any idea why?:

:rainbowwizard:

Hi guys. Someone knows how to find the right tool's folders for exemptions in windows defender like suggested in setting up modules?

Hello, I have a problem with pinging given IPs by HTB academy. I have successfully connected to vpn, but if I type ping “some ip”, I get request timeout. Who have stumbled upon same problem?

a

hi

Ya Im here.

Hi ! Quick question : in the information gathering module, I'm being asked Submit the FQDN of the nameserver for the "inlanefreight.htb" domain as the answer. however the command nslookup -type=NS inlanefreight.htb does not find anything for that domain. Is it broken ?

Your request is fine.... Just add the server you wanted to use as DNS

Anyway I am stuck in the same module... in particular in the question "What is the FQDN of the IP address 10.10.34.136?". Can I DM someone for any hint? Thank you

Why do you think you need to do that? What question are you stuck on?

Ok I am stuck there too.

I need to apply for jobs then I will get back on that. I was unable to log into the admin page and the other explits didnt work I was thinking wtf mate? From your comment maybe first need to enumerate better.

:randowwizard:

:rainbowwizard:

Maybe not, idk, The ghostcat exploit works, nothing interesting on the page, maybe we would use it on different pages, is that what you were suggesting?

What do you mean to add the server as a DNS ? The target machine that they give ?

Try this

Hello I am on the linux fundamentals mod -- Here is the Question "How many files exist on the system that have the ".log" file extension?"
I have tried multiple variations of this command: find / -type f -iname "*.log" 2>/dev/null | wc -l
and the answer is wrong -- what am I missing or doing wrong

I would need further explanations 😄

I've just tried it, and it seems to work just fine. You can DM me if you want

hi, i'm stuck on "introducing to networking" module at the subnetting part

You would have to elaborate a bit more to get help here.

slit the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.

https://www.site24x7.com/de/tools/ipv4-subnet-zrechner.html

thank you got the right answer

@rustic sage I reset everything and it works now-- thanks!

Anyone do sqlmap essentials? How did you get the json format for flag 4?

can anyone help me i am unable to install the iso file for kali

idk why but other files are getting downloaded but the iso file is not downloading

can someone help??

Which task is that exactly?

I see this, but i dont know how to get it as a json

I'm stuck on broken authentication module section weak bruteforce protections, question 2. I think I need help, anyone? :3

Use F12 for that - easier

"Network" tab, find the POST request, open the "Request" tab and switch it to "raw"

@livid pier

Is that what the whole file will be ? just the {'id':1}?

Hi ! Quick question : in the information gathering module, I'm being asked Submit the FQDN of the nameserver for the "inlanefreight.htb" domain as the answer. however the command nslookup -type=NS inlanefreight.htb does not find anything for that domain. Is it broken ?

You don't need to create a file. You add this with --data '{'id':1} to your command

Keep it simple :)

THank you

use dig axfr {something}.inlanefreight.htb @{IP}

I don't get it, the command you propose involves a subdomain right ?

It seems that the command I used is indeed to identify the name server of a domain

You right I thought you were on a different problem

However it does not work as I get the result ** server can't find inlanefreight.htb: NXDOMAIN

did you add the domain to /etc/hosts?

No I did not, and I believe this is the missing piece of the puzzle

I don't understand that

I have to add the target IP as my DNS server, is that correct ?

If i am not mistaken, you need to open up /etc/hosts and add that to the list. IP inlanefreight.htb

on kali it looks like that. I use sudo nano /etc/hosts to access it

I'll try that, thanks

It seems not to work (same error message) even when I add the line 10.129.24.134 inlanefreight.htb to the hosts file :/

Hmm I noob again. Sorry

Hey all, is sudo ever required in the Academy modules ? Reason I ask: i wish to edit the /etc/resolv.conf however it requires sudo but ive no password it, and I cannot see another way to set the name server to the target machine to carry out the tasks

password is on the desktop

in the credentials file

thank you very much! my fault for the oversight, ive gone back to it after so long.... shortcuts clearly dont work

This is a highly asked question

no worries happy hacking!

everyones on the shortcut bandwagon hahah.. and thank you kindly

im still in process of doing that otherwise would have helped, sorry, but wish you luck with it

think it would be great if the mods could split the academy section by category as opposed to having it all in one place which gets abit polluted.

You get used to it

If anyone wants to try out our new skills on some medium boxes let me know

I am trying out Shibboleth...

Now? you finish sqlmap?

I started a few days ago with Shibboleth. Haven't gotten too far

Hey, does anyone know what this question wants from me? I'm unsure of what the correct answer format is.

It's from "DNS Enumeration Using Python - DNS Records and Queries"

Im in Javascript deobfuscation. I found the flag for this 'secret.js' question, but it's not being accepted by the platform

I know for a fact it must be the answer

Im going to post the flag in here to confirm it's correct...

whose ready?

You can DM to me

@muted kite The format mostly used in HTB Academy is:
HTB{flag}

must be a troll

okay let me try that

that format is not working either

:rainbowwizard:

Hi all. Working on the active infrastructure identification section of the info gathering -web edition module. Anyone here know how to resolve vHosts from the spawned target machines in something besides a cUrl dump? I have the ip, and the vHosts are "app.inlanefreight.local" and "dev.inlanefreight.local". I tried altering the /etc/hosts/ but doesnt seem to matter. For obvious reasons i cant use public enumeration tools to scope it out, as its not DNS accessable.

oh also, fun little tidbit i found out, wappalyzer will record and send up false 'positives' if you spam a site in browser with .asp / .js / .php, and show those services in use

do a *.com/index.asp and all the sudden your ubuntu server seems to run ISS, .NET and Windows

you try nmap?

@muted kite Moving it to here for the benefit of others. Use http://www.deobfuscatejavascript.com (since jsnice.org seems to be down)

The tool you used did not do the right job

this one didnt work either

function generateSerial() {
var flag = "HTB{flag!}";
var xhr = new XMLHttpRequest();
var url = "/serial.php";
xhr.open("POST", url, true);
xhr.send(null)
}

that is the full output

You try nmap?

@livid pier nmap the server? I could but it doesn't really solve my issue

@muted kite You are doing something wrong then. Go to secret.js, copy/paste the whole text

I just did it im looking at all 3 answers for that section

i did paste the whole text, it says flag!

@livid pier really? huh guess im a dunce

but it doesnt show it as the actual flag

@livid pier I've got the answers, well except for CMS, but I can tell that the vHosts are actually serving content, I just cant seem to get it to display in a browser

I did do something wrong

But I figured it out

thanks

it worked this time with the deobfuscation tool you sent me

How do you blur?

Using flameshot

oh thanks, thats good knowledge

@livid pier you could see the CMS from an nmap scan?

Yes

hey guys im on the skills assessment section of the login brute forcing module. im on the 2nd question but still coming up empty. this is my current command input for hydra, am i using the wrong password list or wrong POST field for failures for hydra?

hydra -l user -P /home/user/SecLists/Passwords/Leaked-Databases/rockyou-50.txt -f 159.65.53.42 -s 30302 http-post-form "/admin_login.php:username=^USER^&password=^PASS^:F=<button class='btn block-cube block-cube-hover'"

It starts with a J

hide the spoiler tho

@livid pier holy cow really? I needed the bang at the end? lol

@livid pier thx for the help dude. I'm gonna keep playing with this vHosts thing to get it to do things for me

Yee!

@livid pier I figured it out, thought I had added the ip to the vHosts file correctly, <ip> app.inlanefreight.local dev.inlanefreight.local , but I mustve done a .com somewhere. Pulls the page fine now

when i changed the header 'host:" to pull a specific subdomain, it dumped the index.php, but couldn't route it in browser

whew

lol nice

That module was a pain for me, I made similar errors

I'm working on the Network Enumeration with Nmap module, and I don't know what they want as the flag for a question. I don't even know the syntax the system is expecting. I looked over every service and grabbed every banner, yet I don't see "flag" anywhere. I also copied every service version and tried that as the answer without any success. Any help would be appreciated.

Disregard my msg above. Just so happens I got it. 40th time's a charm I guess....

Story of my HTB lyfe

then when it just appears it seems so obvious, but when you're running it again and again you feel crazy. lol

Im not in that module yet, last time I was missing an exclamation point at the end of my flag

I mean it was stupid

it didnt show it in every deobfuscation tool

:rainbowwizard:

just me or does htb disable icmp on their targets in the vpn?

ok nvm, still sometimes yes, sometimes no

i got a weird question. i got the answer for a module question but it wont accept it. what do i do?

Got a few dumb questions.

1. Why is it when I do a whoami /priv from cmd when not ran as admin vs admin I see more privs?
2. Why is it when I run the token enablement script in powershell I see all privs enabled but in the same cmd (ran as elevated) it does not?

Hello got a question about the Linux PrivEsc module if anyone is around.

i am on the getting started module. anyone able to answer ¨a question to help? rather not spoil it in here

@steel flume if its a flag, make sure you submit it like HTB{answer}

i fgured it out in time. weird spelling but thanks

np

had to google for a alternate spelling

@vestal spruce if you find out id love to hear why

I've been googling, no clue

@obsidian hornet I probably wont have an answer but what was the issue?

i got a question regarding using the smbclient

got a moment to assist me? its likely i am doing something dmb

I was able to figure it out, simple mistake on my end. Thanks!

@vestal spruce don't know about #1, but I'd guess #2 is related to what Powershell is allowed to do over cmd. They don't have the same abilities over the system, even with similar instructions...pretty sure

@obsidian hornet oh good, grats!

@vestal spruce I imagine the differences between cmd and powershell are similar to different shells in linux, bash, csh, ksh, all provide a terminal but have big differences

okey i can't figure out why i keep get a NT_STATUS_NOT_FOUND

Whats up? where you at?

getting started

been trying to follow along but i feel like i am missing something just not sure what.

supposed to try get access using smbclient but everytime i attempt i get that

what section?

service scanning

k one sec let me pull it up

Is there a question you cant? or just following along?

its about the last question

but i can't figure out why when i make the attempt i get that

and not a prompt or anything

onlytime i get a password prompt is when i use the -L flag

what command are you using to connect?

@livid pier have you done the active subdomain enumeration section on the info gathering web edition module yet?

yes

@livid pier hang on can I dm u? I can't figure on how to ask this w/o spoilers

ya

did you figure this out? running into the same problem

@swift carbon yea i was able to fix it by running: apt install python3-ldap

sweet that worked, thanks mate!

np 🙂

Hi everyone! I'm stuck on a question from the module "Attacking Common Applications". I'm in the "WordPress - Discovery & Enumeration" section stuck on this question:

"Perform manual enumeration to discover another installed plugin. Submit the plugin name as the answer (3 words)."

At first sight, it seam to be clear and easy but all plugins I found are wrong... I'm test manual enumeration, wpscan, ffuf fuzzing WordPress Plugins (13k) but nothing i find is correct.

Can somebody help me?

I'have finally found, it wasn't as simple as I thought...

😁

I have four modules unlocked: SQLI Fundamentals, File Inclusion, File Transfers, Intro to Network Traffic. Which should I do first?

Probably doesnt matter, I'll probably get stuck on all of them

It does not matter, but write me if you need help 😄

Sounds good

Hi ! Quick question : in the information gathering module, I am not able to find the FQDN of the IP address 10.10.34.136. Can someone give me an hint? I found the DNS zones but this IP is not in this list.

this is a tricky question if you didnt find all the subdomains.

I found 19 subdomains.... if there are more subdomains maybe I missed some of them...

DM me

sounds like you are really close

Network traffic is the easiest

Thank you, I will do that one. But man it's mighty long

what section of getting started ?

its traffic analysis, but yeah, just looking through it and it could really use a downsize, I feel like I'm going to be reading a book today

remove the space after -u and -p

so, rdesktop -uhtb-student -pAcademy_student_AD! IP

or else try xfreerdp like
xfreerdp /v:10.129.247.44 /u:htb-student /p:Academyxxx

try without password, and type it at the login

DONT PRESS THE LINK !!!

I have some questions about a couple of the questions on the OSINT course. Thank you in advance 🙂

where do i start

What addressing mechanism is used at the Link Layer of the TCP/IP model?

Ive tried every possible answer

Where is this question, is it in a module?

It in Intro to NTA

Second Page

||Do you like MAC burgers?||

I tried that already

Yeah just tried it also

Give me a sec

I even typed it out in full

Theres no point in making it any more difficult than it needs to be imo

Okay, I got it. I knew the answer, but it wants a particular variant

@muted kite ||Yeah, I should have asked you what is the address of your favorite Mac restaurant instead|| 🤣

test test | test test |

so how do we block out text?

asdfasdf asdfjasdfj

asdf ||asdf||

aha got it

I also want to know how to do that

you can use double pipes on either side, or highlight the text and click the rightmost selection

(| | boooo | | )

but without the spaces between the pipes

and no parenthesis

||Boooo!||

|| Pika-BOO||

nice

alright learned something new today

how to write spoiler alert of the top though

||:ranbowwizard:||

||thankyou||

|| ||

||😄||

Hi, I am interested in the htb academy subscriptions. But, they are quite costly for me. So, I was wondering how much cubes will be needed to unlock tier4 from tier1. Please give me a suggestion on which subscription should I take.

My advice is to complete all the free modules that you can first.

unless you get the student plan, you can acummalte the most cubes if you get plan and do everything up to tier 2. Otherwise ya do all the free stuff first

I agree with VivisGhost. If you can get the student plan like I did, you can complete up to tier 2 which will take you some time. after that you can just buy cubes instead of the subscription and keep moving up.

What is your suggestion in the case if I can't get a student plan?

the base subscription is only 18 a month and will get you as far as the student plan.

Yes

will 3000 cube be enough till tier 4?

1000 is enough to do 1 at a time

that will allow you to do everything.

Hi Guys, I am Bash

$100 will get you enough cubes to unlock any module. However at tier 4 you will only be able to unlock one at a time

I codde on advanced python, in Computer Visiona nd GUI

i am new to this gropu, would anyone like to see my content ?

not sure you are in the right room boss

HMM, so where should i go ?

maybe programming or general

I can't message in that

for some mreason

reason*

strange. Have you completed the intro stuff?

Ok, I think I misunderstood something. Let me get this right, if I get 1000 cubes and unlock a tier 4 module, upon completing it I get 1000 back + some more? Am I getting this right?

you just get the 1000 back

you never earn more

yeah, then i message the moderator, she siad that we need to make some acc and shit at app.hackerbox some thing like that /

but in the modules page, they say +200 cubes

for the tier 4 ones

correct. That will get you full access. app.hackthebox.com

ooh alr let me make in that

better look again. I see 1000

tier 3 is 500 cubes

Yes, 1000 to unlock.

Ok, so after finishing a module, I get back the amount of cube I spent. Is it correct?

and it looks as though I may have been incorrect in saying you never earn cubes. Looks like in the higher tiers you can earn some.

Yes, I think it looks like that.

it can also be read that you spend 100 at tier 2 but only get 20 back. I am a little confused now lol

Yes exactly, that is why I am so confused.

At that rate you need to spent a lot of cubes.

Ok, so I looked at the FAQ and went back thru modules I finished and I was completely wrong. If you just buy cubes, you will not get back what you spent so you will eventually run out. With subscription you get a monthly allotment of cubes and whatever is left over at the end of the month rolls over.

And, that is exactly why I asked this question.

So I recommend starting with the free stuff. then get the silver sucscription and work thru as much as you can before upgrading your sub.

So, I should first aim till tier2?

yes

work thru as much as you can for as little as you must spend

Ok, I see what are you trying to say.

Thanks for the help!!!

yw

I was having this problem earlier. xfreerdp seems to have very low tolerance for packet loss. if you're using wifi i would suggest moving closer to your router. you may also have to run the command several times before it works

nice, hope they fix it for ya

guys i am unable to install the iso file for kali linux can anyone help my internet connection is good all other files are getting downloaded but the iso file is getting stuck in between

pls help!!!

Given the capture file at /tmp/capture.pcap, what tcpdump command will enable you to read from the capture and show the output contents in Hex and ASCII?

I've tried -rX capture.pcap

and other variations

like -DXr capture.pcap

so confused

Did you try torrenting it ? If direct downloading isn't working

( or the other way around )

whoever said traffic analysis is easy is kind of lying. Most of it is, but there are parts I just cant find the right answer too

LOL I said it was easy

sudo tcmpdump -Xr /tmp/capture.pcap

that doesnt work either

What TCPDump switch will increase the verbosity of our output?

this question I also cannot figure out

I know -v -vv -vvv doesnt work

what section are you at ?

I got him squared away. He just had a typo

Cool 😄

What TCPDump switch will allow us to pipe the contents of a pcap file out to another function such as 'grep'? If i wished to filter out ICMP traffic from out capture, what filter could we use?

for the first one I dont know for the second one I typed 'proto'

im sure its right in my face

What TCPDump switch will allow us to pipe the contents of a pcap file out to another function such as 'grep'?
only type the switch

okay got the first one

-l

If i wished to filter out ICMP traffic from out capture, what filter could we use? ( word only, not symbol please.)
read it carefully ... filter out ICMP

oh literally type it out

NOT+traffic

I feel so stupid

filter out as in not show it

hello guys
i have an issues that make me can't connect on any server even i changed the tool it can't connect on the server ip and port

Looks like the SQL server I am trying to login to for SQLi is down.

for javascript Deobfuscation - JSNice is down for me, can anyone confirm this? I tried other web res. to Deobfuscate the flag, though they keep it as is. Is anyone able to advise on Deobfuscation task? Many thanks

is that recent or has that been for a while? Is there anything that actually replicates the JSNice output?

Anyone available to help on the webshell skills assess? Importing the module gets "NoMethodError undefined method 'split' for nil:NilClass'. Tried some port forwarding to get it to work from my attackbox but cannot seem to load the module from there now.

This is for box 2 on the skills assess

Ok I got it. For anyone else having the same problem in the future in the shells and payloads assessments, your msf is not broken. Be specific in the modules options. Minor error on my part sent me on a rabbit hole thinking ruby had some missing gems or something.

can anyone help with the network enumeration module? im just starting out and having trouble with this question "Find all TCP ports on your target. Submit the total number of found TCP ports as the answer." im trying to use sudo but it wont let me.. is there something im missing?

you shouldnt need sudo for tcp only upd I think, but anyway the password for sudo is on the desktop in the my credentials file.

running nmap -sS <ip> and getting "You requested a scan type which requires root privileges."

use sudo

now it wants a password... fml

bruh

thanks

Good day
I started HTB academy and at linux fundamentals first interactive session to to ssh to an ip address and get some basic system information,
I can use pwnbox or vpn key
I prefer vpn key ,pwnbox isn't that responsive for me,
The problem is after connecting to the vpn, i pinged the target ip but destination host unreachable,
I tried reconnecting to the vpn but i still can't connect to the IP, what am i doing wrong
Using vpn in htb machines as always been easy and i never had this issue

You using openvpn?

Yes

and it says its connecting?

No it's connected initializing sequence completed

ok well thats good

a first step

Yh

and you spawn a box like this?

Yes I have 26 minutes left

I evens reset the target just in case but i still couldn't ping the provided ip

is the opvn file academy?

Yes academy.ovpn

loll idk. restart your computer?

Was trying to avoid that, thanks I'll do thay, i hope it works

where i start ?? Anyone Answer please

got a question regarding using metasploit

you also New to Hack The Box ??

yeah

Mm How Many Modules YOu Finish ??

a couple am at getting started at the moment

Modules Name ??

getting started

Its Easy or not ???

it's more about mindset and looking at things

you are better of focusing on the fundementals like i am before anything else

Are You studying Or working ??

studying

same Are U from ?

wont answer that

i am looking for assistance regarding metasploit

hey

i cannot chat in other channels

hey

Then ask the actual question. :P

the forgot password doesn't seem to work on HTB

academy

hi

guys

Hey everyone, currently stuck on Hacking WordPress - Skills Assessment. I found the plugins I am able to enumerate though and look at files. However, can't seem to find the flag. Can anyone give me a nudge in the right direction?

Goodmorning

Lets hack some boxes

Why is it that every dam time i spawn a target on the Academy plattform, it just works when it wants to work? I respawn, i try to connect, nothing. Suddenly it works, and the next time again it doesn't work. It's like it is completely random when it is working and not. Honestly not worthy of my time

Hey all, fairly new to HTB, went through the first couple of courses and was feeling good, and did the "crocodile" module the way that i thought it should be done, and couldnt retreive the files from the anonymous FTP server. I looked at the walkthrough and it said to do the exact steps that i had already done, so i retried it, and again i kept getting permission denied when trying to GET the files from the anonymous ftp server. what would cause this, or how would i circumvent this? I'm sure its user error but i'm trying to learn! thanks in advance.

It sounds like you are working on the Starting Point labs. You can ask for help with those in #starting-point

im fairly new to everything, but do have a sidetrack question, why is there a vpn option?

Some people prefer to use their own VM instead of the Pwn Box

ahh okay, im starting with linux fundamentals

will do, i apologise for not posting there in ythe first place

No need to apologize. You'll just probably be able to get help faster there.

Hi windows priv esc > DnsAdmins > any help pls i cant get this to work idk what am doing wrong thanks Solved!

someone who has done 'attacking common application' please dm me

@slow bluff does it involve loading a dll file and restarting the DNS service? I'm pretty sure something changed with the box called "Resolute" where that is the solution but it no longer works, inexplicably.

Based on the traffic seen in the pcap file, who is the DNS server in this network segment? (ip address)

I checked the hint but the output from the pcap file is vast and I cannot find source port 53

yes its, the problem was not specifying full path for the dll,Thanks

@slow bluff Did you have any trouble downloading the adduser.dll to the target from your machine?

no

ok it must be a network issue on my end. Do you recall what directory you downloaded it into? \windows\temp?

its just hanging on "writing web request" , never finishes, file shows up in the directory but its 0 bytes 😦

\Desktop

or current dir

alright thanks bud. I'm just respawning the target and restarting my vpn , hopefully this fixes it.

no problem, mate i hope so

Did you find the flag?
Maybe there are other directories which are "wrongly" configured 😉

Yes I was able to find the flag. Thank you!

I'm stuck last question of wordpress section of "Attacking Common Application", can't get the payload to run properly, please dm me if someone has resolved this one

Is anyone else unable to download files to the target from their VM in the Windows Priv Esc module? I have my python httpserver up , and from the target in powershell it just hangs on "Writing Web Request." It works from the pwnbox though ...

Anyone finish intro to bash scripting?

hello, having some trouble with File Inclusion module > skill assessment section. any help would be appreciated

Whats up

Anyone here that has completed: Stack based buffer overflows windows || Broken Authentication | | command injections?

someone please just give me the name of the person Im supposed to find

No machine is terribad

yes so is xfreerdp as well

I cant get the answer

I was able to get the answer for the first question using the wireshark filters

but for the question that gives me 0 cubes I am spending more time on

ha I just manual brute forced common first names

and got one

pewpewpew

Coming back to academy after some time away. I can't find the VPN for academy! Button button where is the button??

It used to be in each module somewhere around the button to start the pwn box. I don't see it there anymore.

Not every module/task requires VPN access. Those that do, have a "Get VPN key" located as you mentioned.

So I should be able to access the target from the internet?

Yes.

derp, okay thanks!

some of the targets do not require VPN, thus you might or might not see the button for VPN download

i am having some problems in performing the man in the middle attack can someone help

Im very stuck on the command injection assessment. Any help would be greatly apprecited.
Im still not sure which parameter is injectable..

nvm got it. @livid pier your wizard helped a ton. TYSM!!

:rainbowwizard:

Im stuck on

wanna give so tidbits of knowledge?

have you been url encoding your requests?

...no

In burp you can right click in repeater and select “url encode as you type”
Keep in mind that when pasting from other sources into your request, you will have to delete some chars and retype them.
Or just use something like cyberchef

Who do we reach out to for technical issues? Currently not able to complete the "Windows Built In Groups" section of Windows Privilege Escalation. Trying to RDP into the target results in a black screen followed by disconnection from my VM. And from the pwnbox , i can RDP and stay connected for about thirty seconds before it boots me off. I have tried resetting the target numerous times.

Also unable to reconnect via RDP from pwnbox after getting booted.

Can somebody help me:
I am currently doing the moduel footprinting and i stuck at some DNS questions, e.g. Identify if its possible to perform a zone transfer and submit the TXT record as the answer. (Format: HTB{...))
So i have done the following:
dig any inlanefreight.htb @10.129.14.128
got some txt, mx, a, soa records and the ns1.inlanefreight.htb ns
so what must i do next, or what tools should i practice in order to solve this and the following questions..`?
thx for your help,
a beginner in cybersec

dig txt something.inlanefreight.htb

try something like that

Story of my life, I have problems with in in Pawnbox, VM and Bare Metals

@west canopy https://www.hackthebox.com/contact-us

thx for the advice :), but when i use dig with txt i won't get the htb flag... :/

any or axfr dont work either?

there are the txt records but cant use them properly :/

bruh use <something>.inlanefreight.htb

ok thank you ^^ got with that new entries

You get it?

Hi community i have some problems with SQLMap in this question, when i do my command i got a flag but when i paste it as answer it says isn't correct

@twin raft i do recall when i did that module , on one section it spit out the flag but it was missing a character. Super weird

Can i dm to you? @west canopy

yep

yeah, thank you very much, got the flag 🙂

so does the hackthebox thing cost money?

Did you lokk on the website?

yeah

dont be rude ffs

do the bare minimum

shit sake, type a few words on a keyboard,

no need to win every argument you start

Im not trying to win an argument, im suggesting you do some research yourself, if you legit look and cant find an answer come back and ask

i cannot find an answer, may i ask, how much does the hackthebox thing cost, if it does cost money of course 🙂

So hack the box or HTB academy?

HTB academy

you can do about 25% of the modules for free

thank you 😁

All HTB academy Tier 0 moduls are free, there is 17 of them.

ahh

soooo finally about to finish..

** Information Gathering - Web - Skills Assessment **

and I'm stuck on Q#3

3. Perform active infrastructure identification against the host https://gear.githubapp.com. What server name is returned for the host?

I'm assuming they mean the FQDN?

which i found to be || aquatic-cucumber-a8v3wu9jbll2hidkklzjvzc0.herokudns.com||

what'd i miss?

No, they mean the server name, not the FQDN.

Aha, whoops

yup had it all along

Feels kinda funny running any 'active' tools against a public service, like githubapp.com

anybody else having fun with file inclusion?

Once I've completed all the free modules I will have to visit this. Appears the price went up a little

Yeap, i am done with it 😄

Don't get all happy.. You are never done with it!

lol

ha ha ha , true

lmao

what a complicated sequence

well... a sequence is a series of something. So a complicated one, must be a difficult one to spot...

You only need cURL 😉

You only need ||whois, dig or nslookup, curl and sublist3r ||for Information Gathering - Web - Skills Assessment.
Other tools are not necessary.

'GET /index.php?language=/var/log/apache2/acess.log/var/log/apache2/access.log&cmd=cat%20/exercise/flag.txt HTTP/1.1
Host: 159.65.53.42:32630
User-Agent: <?php system($_GET['cmd']); ?>'

Im in Local File Inclusion module. I think everything above looks correct, but I cannot see the flag.txt

user agent?

I see the error

Your get statement looks a little overly complicated.

Ill come back to it with a fresh set of eye

Scooby?

Hi guys, could someone give me a hint on where to search for attack vector in sqlmap skills assessment section? Can't really figure it out.

open up burp, intercept requests and start clicking

you will notice one request is different from the rest

ok gonna try rn

Anyone here able to complete the "Server Operators" section of Windows Privilege Escalation? I am following the directions and have successfully added the server_adm user to the local administrators group, but I still do not have permission to access the flag.

That is a negative, those modules are too expensive for me 😂 . GL tho. I apperciate the sunday night grind

Save your cubes brother. This thing is riddled with technical issues.

Have you done the linux priv esc?

Yep

how was that?

When its all said and done I think I will be able to get 1 500 cude module

I want to sepnd them wisely

I mean, i didn't have to deal with being disconnected from RDP every thirty seconds , which is an improvement.

That is so frustrating

And the skills assessment requires using techniques that aren't covered in the module

There have been a couple modules using no machine that made me want to jump off a bridge

Yea I remember having to use NoMachine for shells and payloads

Im hoping they can iron out some of these issues soon.

IM starting to not be able to connect to servers too

Yea I have to use pwnbox also. Trying to RDP from my VM results in a black screen followed by an immediate disconnect. And in the few sections where i could RDP from my VM, i'm not able to download files onto the target from my python http server.

That is something that ive also experienced that super annoys me cuz I dont like pwnbox. I will use a command on kali, it doesnt work, go to pwn box same exact command(that I have to type out cuz i cant copy paste) then it works

Glad it isn't just me then haha

@livid pier I see you're color has upgraded, whats that mean?

HTB level

how do you prove yourself?

https://app.hackthebox.com/machines

Nice Job! 👍

Could anyone give me a hint on the last question of attacking tomcat in the attacking common application module? I have RCE, but am looking for the flag everywhere, but can't seem to find it

DM

Got it! Just needed to try some other ways to get RCE

Hey guys

How can i start?

Pls tell

go to hackthebox academy (website) and start with introduction module

Hello,
has anyone a hint for the skill assessment of the Broken Authentication module? I think I'm almost done just the last step is missing. || I can craft a valid token and login as a privileged user but i have no clue how to proceed now ||

hi

Hi

hey guys i am having problem in submitting the flag

in getting started

i got the flag but not able to write it

its showing wrong

can someone help

Yes

I can

ok

go on

ayo

XD

nice

I do a little hacking

I can change my whatsApp number

WOW

sir i inspire you

Nice

I wish more kids get inspired by me

sure sir thay will

what

what is this

Idk

No

Dont

looks like a bald guy

Write

Anything

ohkk

Yea boi

@limber dock

oh

wow

XD

can we not do offtopic chats here

Sorry brah

You deleted my hard work

#general for that

I can't chat there

sad

get verified

I'm working my way through the OSINT: Corporate Recon module and need some help with the cloud storage section. I feel like I've tried everything, but I bet I'm overlooking something obvious. Would anyone be able to point me in the right direction?

make sure if you are copying that you dont grab an extra space.

quiet today..

a little too quiet

monday blues i guess.

Anyone around to give some broken authentication hints?

Heyooo

Is there anybody present on DC?

We in this B

Bro can you suggest me some linux priv esc techniques?

The new one is legit, only working on old boxes, its a linux skeleton key tho

by onld boxes I mean like 2 months old

Do you about binaries?

https://github.com/ryaagard/CVE-2021-4034

Like escalate privileges with binaries?

You wont learn what the box is trying to teach with that one, but it gets the job done

Ohh thanks a lot dead

with binaries you are looking for something that you can use that has sudo privilages

Dm i was doin on THM

Do you know THM?

And recently joined HTB

Ive heard of THM, heard good things, never used it tho

Ohh thats fine

So can i get to know you? If you dont mind?

lol what do you mean?

I mean to say about cyber security

How did you get into hacking, red teaming

And stuffss

Becuz i also wanna get into this stuff

I am super fresh too, I started in december, I took the IBM cert on coursera and now im here

Well you are in the right place, start with some academy modules, the HTB starting point boxes

Have you done masters in any prog. Langauge

there are alot of resources here

Yes i have seen

I came from data analysis, i am good with python

machine learning, that stuff

I am just a beginner in python

Thats cool

My advice while here is take notes while doing boxes and modules, then after you finish try to help people, it will solidify the knowledge

I always do

A shit happened to my parrot

Its going into read only file system randomly

And i had to reinstall the OS again and again

Do you have any permanent solution for this?

No, I use kali and have never had a problem like that

Ohh i see

Kali lagged in my pc(low specs)

Parrot runs much faster

And smooth

VM's tend to just crap out in general from my experience. The drive for my kali VM randomly gets corrupted and I have to restore to a snapshot. Also it's not able to get an IP when i try and do a bridged network adapter.

Oh

Are you running it in VirtualBox? My Kali is slow, so I’m tempted to try Parrot

Apparently i am using bare metal and it works pretty fantastic

:

I may also switch to parrot, at least try it on a vm

Hi everyone some one know why when i want to take the cheatsheet i get a .md instead of a beutifull pdf like in the photo?

It would be awwesome if this is a pdf and not a md

@muted kite you finish web traffic?

LHI is what it's called, and no, I'm taking a break. Tired of getting frustrated

LFI

File Inclusion

did you get this answer?

from tcp dump? and where are you stuck? I am about to finish it

i cant get the flag

yeah i found that one

what format does it want to separate the numbers? i found the two ports it wont accept anything tho

Which flag?

do you want the ports?

just a space

|| 80 43804||

is that not it?

close

very close

arrgh

lies!

i thought that too

Why must they trick us like this!

thats what I want to know

it actually doesnt really make sense

lol

Submit the contents of the flag.txt file located in the /exercise directory.

Which module/section?

I input the code that it asked for in Burp. But the flag didnt appear after the new GET request and I got tired of messing around with it

LFI to Remote Code Execution (RCE)

Im not working on it right now though

so not a big deal

So close I cant taste it

Last 4

After that you still have lots of boxes to crack

This is true

I think I started this in December, but you are way past me

ive completed 12 modules and I have 4 unlocked as well

Once I complete the free ones, I will buy a subscribtion

But no point in paying if I cant finish the free ones

Ive been doing this all day every day for the past 2 months lol

If you have the option for the studnet account it does make sense to get it earlier

With that account you get the courses for free but get to keep the cubes

the earlier you get it the more cudes you an accumlate

I will look into it, and see if I can qualify,

Can anyone help me with a powershell command? I am not sure how I can make it into a one liner to get a reverse shell. I tried a bunch of things, but non of them seem to work

Its from the attacking common applications module

Which question are you stuck on?

The last one from the other notable applications

Can I DM you perhaps?

yes sure

Hi, can someone help me with the SQLi fundamental module? I can't connect to the database. Does anyone know this problem? I get the message: "ERROR 2002 (HY000): Can't connect to MySQL server ". Thanks to you

fixed

Hey! can someone help me with a simple GET request with two parameters?

Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337. This is the question I'm stuck on