#modules

verdammt

VERDAMMT

AH T

h.

as many times as I have looked at it!

whelp, all good, appreciated, thank you millions.

I think it will explain it more later on in the module

alright

appreciated

was doing this explained in the module?

it's alright

i guess they give you docs, that's nice of them

:3

but, i did discover how to use cat and some other funky stuff to grab server files

so that's chill

Ya it would have been nice to know before, the docs help

shroog

ahwells, problem done, i can continue

-sC used for defualt scripts enumeration, and -sV used for the versions of the services on the target

i see

thankyou

Yeah always welcome

Hey listen

How could i get permission to Pwnbox Room? In this server?

I think you need to verify your account

Have you done that?

Im stuck on LFI, I followed the instructions and im still stuck on Remote Code Execution

I did everything it said to do and I am still not seeing the same results as the screenshots on Page 3 of Local File Inclusion

which section of LFI?

no worries, im skipping it

i dont want to touch it right now or im going to shoot a hole in my browser

lol

Not yet! 😂

Try that

Sure why not

hey Vivis ghost

i am up to learn on hackthebox

but not sure what to do

cuz i am a beginner in HTB

could you please guide me ?

@livid pier

btw i dont have premium account

Sure what questons do you have? Did you set up an account?

yes i did

i am on room called Dancing

ok there are 2 sites, related but different. https://app.hackthebox.com and https://academy.hackthebox.com

which one did you sign up with?

app.hackthebox.com

ok

pk?what?

typo, in the app.hack website go to the top and click settings

scroll down and you should see this

okk just a moment

well dont mind i am unable to find it

where it is exactly

profile settings

click your icon

yes

i am on profile setting

next what?

do you see you account identifier key?

yes i do

k, get that and dm the Noahbot

top right of this page

means dm the key right?

yes

send it the ++ verify (no space)

just like in the picture

it will walk you through the last step

then you should have access to the other rooms you were talking about

thanks a lot man

he said you are registerd

nice

try it out see if it works

your name changed colors

you should be good

yes

so now what to do next on HTB

I recommend either academy(that other site) or starting point

academy is a grind you will learn alot and it is free to start

i am ready to grind

so i should i go to academy

?

Yes

you will have to make another account

on that site, they dont cross over

ohh

discord will be the same, you wont have to do that again here

but it is good to have both accounts

ohh

think of academy as the training grounds and htb as the battle ground to practice what you have learned

thanks a lot my brother

Last piece of advice take good notes

every module has questions at the end to test your knowledge, keep notes of the process and commands you used to solve them

bro can i see some of your notes

to get some qualitive idea?

My one regret is I didnt take any!

I wish I would have

ohh no worry

Whenever I help someone I have to go back and redo the whole problem

HAHA

listen again

i see cyber security courses

?

? in academy?

yes

where to go in academy

to grind

start there

ohh

bro is it free one?

you have 50 cubes?

no i dont have

i only have 30

oh ok, start with the modules that cost 10 and you get 10 back, I forget which ones they are

I think that might be one of them

that +10 cubes is how many you get back once you finish it

there might be some that dont cost any cubes and will give you some back too

to start this couse you need to signup

even though i logged in

with the new acadamy account?

yes

oh, I guess try logging in with those same credentials

when i click on signup it get me to the dashboard

bro bro

hmm maybe try to refresh the page? Ive never had that problem

its asking to pay 10 cubes

to get inside the module

ya that is normal

should i pay for it?

you will get the 10 cubes back if you finish it

damn i am in

Ya keep doing the cheap ones that give you the amount of cubes back that you put in.

❤️

Should get a bunch of modules done

yeap

Alright get to work, let us know if you get stuck

yes thanks a lot dude

I'm going to tryhackme for a little bit. I'm tired if struggling on hack the box. I want a more guided experience. I'll come back soon if it's not what I expected

Thanks for all the help

@livid pier bro do you have some free proxies?i want to add them into my proxychains

and bro how FI could lead to RCE?

Let us know how it goes

Will do

?

i meant to say how File inclusion can give us remote code execution

Which module and section?

or is that just a general question?

i saw while reading in Introduction

If the website hosts files you can upload a shell to it to get an RCE

Don't randomly ping members please

@languid dawn

@languid dawn

@languid dawn@languid dawn

GO SUCK YOUR MOM

lol bruh

Thats not even really an insult, or its the first time ive heard it, i have now learned something new

I'm stuck on Getting Started/Basic Tools.

The Optional exercise at the bottom isn't working. Using SSH, netcat, ping, etc.

Nothing works

are you on pwnbox? free version?

I am, yes.

Connected over the browser

I prefer having money

so you cant connect to the internet with that

what are you trying to ping?

... the optional exercises target..?

I dont have them all memorized

thank you

It'd be kinda counterintuitive if I could use a pwnbox... but my tools were useless

you can use it to complete most things

It's almost like I can't reach out

Either way I recommend getting kali

nc, ssh, ping

they all freeze up

I'm running Kubuntu as my dual boot but I can't AFFORD a pwnbox

i understand

kali is free

Wdym "get Kali"

I've already got Kubuntu set up

and, also... how would that help me with this issue

https://www.kali.org

because you are going to be limited with the pwnbox

─[eu-academy-2]─[10.10.14.172]─[htb-ac407040@pwnbox-base]─[~]
└──╼ [★]$ nc 167.172.56.232:32199 -v
167.172.56.232:32199: forward host lookup failed: Unknown host

Okay, and what's your point? Can I use any OS I want for the academy?

Because this isn't HTB proper, this is the academy, in-browser

yes

Then how would getting Kali fix the in-browser connection to pwnbox

I just want to do this module

because you dont need pwnbox to do academy, you can complete the acadmey anyway you want

??? How?

The targets are

bro

i got stuck

The Academy targets aren't open to the internet, are they??

I can't ping them

If you wanted to inject a malicious link to "http://www.malicious.com", and have the clickable text read 'Click Me', what's the HTML code you would use?

what would be the answer

i tried : <a href="http://www.malicious.com">Click Me</a>

you need the vpn if you dont use pwnbox

its wrong

i am using VPN

and connected to the server too

lol not you

I'm so fucking confused

ohhkk

.

what module and what section?

?

introduction to web app

and in the HTML injection

alright one sec let me look at it

<a href="www.malicious.com">Click Me</a>

you do that?

yes i did

but its still showing incorrect

http://

what

you mean to say

add http to it

or remove www?

or what

damn

workeed

its correct now

now i can move ahead

@livid pier I figured out what you meant.

I don't need to use the pwnbox at all??

No

BASED

if nmap wants to work, that is

You can run kali on a vpn like virtual box and use a vpn to connect to HTB

I don't need Kali lol

Kubuntu is set

that will let you do all the modules without using pwnbox

I already set up Kubuntu for HTB

Whatever works for you

I'm connected to the Academy VPN

target isn't responding to pings

openvpn?

Yes

initialization sequence complete?

Yes

It was working

167.172.56.232:32024

Apparently, that's not a valid IP?

I removed the port and it just eats the pings

how do you ping a port?

spawn a new box and try again

A new box?

target*

I am, and it's not working

have you gone through intro to academy module dreamingazzy

it's literally mandatory to use the academy

ok, if you remember what you have read there

what the targets could be

???

there are two kinds of targets, this is a small hint

Yes, I know

"Once this image spawns, you can choose to interact with it from the provided Pwnbox, your own VM, etc."

I am using my own machine

It is not working

it doesn't matter

i'm referring to targets

and if you know the two kinds of target, what are they

VM and Docker?

good

Yes, I know that

and to which group your target corresponds to

Yes, I know

that was not a yes or no question

My target is a Docker target.

ok, if so how could you ping a port

? Why do I need to do that?

Stuck over the same question.

you are trying to ping the machine right, if you have a port how could you ping it

you are currently on an autopilot, think more

But I don't need to ping a port

I can just ping <target_ip> without a port

and you are saying that you cannot reach the target like this

I need to see if I can connect to it before I even do anything

Yes

I'm connected to the Academy network with OpenVPN

please, re-visit "Intro to Academy" module

What am I missing?

@autumn pilot Welcome I have never seen you here before. Are you part of the night crew?

you are missing the part that you can't ping a docker instance

? It has an IP

It has an existence on the internet

you are trying to ping the main docker hub, rather than the container which is impossible

with ping

I can connect to it

i give up

Solved.

@livid pier bro

i had completed the module

nice

but

i didnt get any extra cubes

You didnt get cubes as you answered the questions?

i got

i thought i will get extra 10 cubes over 10

no, just 10 back

yes

bro how can i earn more cubers

cubes*

there should be two modules that you can do for 0 cubes and get 10 back

you will have a total of 50, but thats all you get for free

which are they?

Im not sure I cant see the cube prices anymore since ive done them,

are you a premium user?

even if im wrong you can do alot of modules with those 30

ya

student

how much did you pay for it?

8 bucks a month

ohhkk great!

Now I'm stuck on Public Exploits in Getting Started

oh

Could someone help me in skills assesment 1 - Attacking common applications? I figured that I will need to use a certain exploit to get RCE , but for this exploit to work I need the path to a CGI file. I have been fuzzing using a few Seclists, but got no result for the file. I think this is the route and can't see what I am doing wrong or what I should try differently?

Hello everyone! Could someone help with module Footprinting / DNS last question

"What is the FQDN of the host where the last octet ends with "x.x.x.203"?"

I have sent you a DM

Going to look into it!

Take a good look at the configuration options. A zone can allow a zone transfer from everyone or only from certain servers.

hey

can anyone help me

which is more severity attack

XSS LFI RCE or phising

Hello, I recently started going through the "Hacking Wordpress" skill assessment; I answered the first seven questions without any problems and found the credentials I need to obtain the RCE but when i try to modify and save the newlt written theme i get the error Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.. Is this an inteded feature or am I having problems with my connection to the webapp?
I'm connected with the VPN file using openvpn and I added the right domanins to the /etc/hosts file with 10.129.2.37 blog.inlanefreight.local inlanefreight.local.
Thank you in advance for your help.

Good morning. I'm stuck on network enumeration specifically "Use NSE and its scripts to find the flag that one of the services contain and submit it as the answer. " . i have no idea what i should be looking for also I'm kind of confused on what NSE script to run. can someone point me in the correct direction?

I'm also looking for this answer (and I try to google it several time)

for the network enum?

just for the name of the service on port 8080 on two word

I know it's stupid but I don't understand what they want

dm me. i might be able to point you in the right direction. i did that one yesterday.

nevermind I think we might be on different modules. my bad

@sand yoke i would say RCE is most severe

Hey awesome people. Today we applied some changes to the Windows 10 target in the Windows Fundamentals module. These changes are in place to work towards solving the RDP connection dropping issue we have been getting feedback on. Ive tested this quite a bit and it seems like the RDP connection is staying connected from Pwnbox and a personal VM, the connection is even a bit more responsive now in my experience. If you have spawned a Windows target in Windows Fundamentals today it may be good to respawn it just to make sure you get the updated target. Feel free to reach out if you are running into any technical or content related issues. Keep learning!

Shells & Payloads Where is the Antak webshell located on Pwnbox? Submit the full path. (Format:/path/to/antakwebshell)?

Try using the locate tool. You can type locate antak

Ok ...I feel super dumb, but I'm looking at page 7 of the getting started module, the final question of which has you connect to an SMB share to retrieve a flag. I'm pretty sure I'm doing the SMB connection part right, but it asks for a password, the hint for which indicates that user bob likes to use weak passwords. I've been trying several weak passwords I can think of, but none of which seem to take which makes me wonder if I'm mesing up somewhere else 🙂

Lets go to DMs to avoid any spoilers

ofc

Look at the examples on that page, it may have provided bobs password already

🤦‍♂️ uhh ...yeah ...let's just forget this interaction happened 🙂 thanks!

This question gets asked all the time, you are not the first and wont be the last

I think they should provide it again

on second glance it's super obvious; the shares listing is exactly the same as the one you get in the scan, but the hint actually sends you down a rabbit hole as weak passwords are more things like "admin", "password", "1234"etc, not so much what the actual password is. Maybe the hint should just be "look up" xd

😂

I can help

ok let me log back in real quick.

did you find your answer yet?

naw i decided to walk away for a min. ive been at it for the past 1.5 hrs

nope...

hi

i don't know what I'm missing, it's a basic question

what the server

can i learn to hack?

hmmm hii

what does your nmap show? run it with -p 8080 to make things quick

DM me and we can talk about this

8080/tcp open http-proxy

Basically

what command did you use to scan? did you do a service scan?

someone remind me how to run a php file through curl please

ty. but dam saw it too late already said xss>rce>lfi>brute

u probably right

remote code execution is generally like a 10/10 in terms of criticality

yea

i just didnt know what xss is

Can someone help me a bit

How can i run a php file with wget

no idea

@west canopy can i ask 2 more questions?

or just 1

https://imgur.com/a/9qDODqu

which node do you think reports such packets?

@gleaming gate wget is for downloading files

and this packets hint towards attack?

what

to run a php file locally i think its: php -f script.php

oh ok

@gleaming gate not certain but it looks like 194.187.248.62 is trying to access the /etc/passwd file

looks like a trigger from a SIEM or something

so i would say yes it looks like a possible attack

what

what attack

?????

he tagged

wrong person

he meant me

😄

o

LMAO

oh my bad, sorry

lol

yea that was for expell haha

i freaked out for a second lmfao

Yea you're not under attack jim lol

at least i hope not

cool

lol

ty @west canopy

sql injection is related to WAF right?

i believe so

web application firewall should protect against it

by sanitizing user input . I could be wrong though

how do i block system() in php

i did what the section suggests and it doesnt work

:)

:):

restarted apache as well?

Anyone give me a nudge on the first question in the "Credential Hunting" section of Windows Privilege Escalation? I've already found three passwords and it's not accepting any of them.

Edit: Disregard, literally just found it!

I am doing the LDAP module and struggling with extremely long responses to clicks on the remote desktop from both the pwnbox and using a vpn with Kali. The delays are making this totally unusable. My internet seems stable and fast enough. Anyone had this problem & know of a way to improve it - are the certain times of the day or just hit or miss?

I had a similar issue. Support had be terminate the the target, then the pwmbox, refresh the page, start the target and once it is fully loaded, then start the pwnbox. That fixed the issue for me the majority of the time. Sometimes you may have to repeat the process twice.

Hope this helps 🙂

Thanks - I tried various resets of pwnbox and target (with wait of 3+ minutes) - I will try your exact sequence. Thanks.

Yeah I think the key is on a refreshed page, start the target and when fully loaded then start pwnbox.

@stiff tiger i experienced technical issues on that module as well

Refreshed page, restarted target, waited 5 minutes, connected with pwnbox => still deadly and frustratingly slow 😦

windows priv esc module > weak perm section > i cant access the administrators folder after being member of administrators group any one can explain why thanks ! solved

@stiff tiger send a msg to support

@stiff tiger When I have connectivity issues, I refresh the target ip (sometimes twice) then it works fine.

Thanks - I will message tech support and try refreshes and reboots.

can anyone help me on the Cracking Passwords with Hashcat module? Im stuck on the second section where it asks for you to make a XOR ciphertext via python3. In the section it shows using python 3 to do this but when i mimic the method it errors out: >>> xor ("opens3same", "academy")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'xor' is not defined

i have very very little experience with python3 so im kinda lost how to fix this. im guessing its something easy

Can anyone help with any of these?

Were you able to import xor from pwn?

@livid pier I haven't attempted any of those modules dawg 😦

These are my last 4

Then I am free to be a noob on the machines

No it errored out as well when i tried that step

Hello

Can anyone help me

My second discord account got hacked

It says something is going worng over here

I logged out and then logged in clicked on forgot password

And changed the password

Still I can't login

@livid pier @devout cliff sorry for pinging

I can chat only in this text channel

@mystic shoal sir can you please help me out I'm worried I had many old friends in my account

I thought people here must be knowing how to recover accounts can someone pls help me I would be grateful

That is your problem you need to donwload that library

That sounds like a discord problem not a HTB problem

Bro can you help me out in recovering my account

I have no idea how to do that

Ok np

I can recommend not to click on links

Oh

Sage advice 🙂

I wish I could recover my account

Wait lemme try logging in again

It didn't work

what is a root flag

@urban sage

The contents of root.txt. Usually on the Administrator Desktop on Windows or /root on Linux.

where do I find the administrator desktop

C:\Users\Administrator\Desktop

@urban sage

Where is this from?

I tried to open the place you told me to open

Right but on what machine?

Windows?

Windows is an OS. Is this your machine? The flag isn't there. It's on target boxes.

what do you mean?

Where can i get the root flag at?

I can't open the place you told me to open

On the box you are supposed to hack. In C:\Users\Administrator\Desktop.

What box?

This laggy thing?

You are using a computer to hack into another computer

No. That's pwn box. You are using that in place of your local machine. It's a cloud hosted attack VM.

Then where do I run C:\Users\Administrator\Desktop

Do you mean run the thing on here?

Yes. On a target box. You need to gain access and escalate privilege's first.

How do i connect to it?

The guide doesnt help

The walkthrough definitely helps. Read it.

Nightwolf can you run the :rainbowwizard:

Mk

?

@urban sageThis is all linux things

I can't install openvpn or whatever it is, I can't install linux because of that stupid errro

have you installed virtualbox or vmware? also that is a benefit of using pwnbox

I can't install VM due to how bad my computer is.

Pwnbox is Linux. That is what it's for.

Pwnbox is laggy af.

Every action I do is delayed for about 10 seconds

It doesnt sound like you have any other options

How am I supposed to learn to hack and things?

You can try picking a closer server for pwnbox. Based on the screenshot you sent in #583613644294717453 you picked US.

How am I supposed to learn to hack and things?
Again, you will problem need to setup your own system.

I picked the closest server.

That's just networking at this point then. Not a whole lot else I can suggest I haven't already. ¯_(ツ)_/¯

I am having issue with the Module: Shell&Payloads -> Reverse shell: The PS shell code is giving me errors after I run the PS cmdlet to disable the AV. I am not that great with PS syntax, and would like to make sure I am not missing anything. Any help would be appreciated.

Generally, helps to post the error.

is there any particluar way to post the issue? Text, screenshot, what is recommended way?

A screenshot with the command & what's going on exactly on the screen I believe

Good day! Could you give a "Server-Side Attacks - Skills Assessment" hint. The only thing I found interesting is <"'converts HTML.

@woeful oxide did you get the firewall evasion medium and hard?

is that a command in python i need to do or is that a git clone?

Hello everyone
I am in the Linux Fundamentals in System information, but I am stack

I cannot find the paths for htb-students mail, or home directory

I have tried it with env command, by checking the directories with ls, and ls -al

if you have any hint I will appreciate it

Did you try to ask google what is the path of the mail directory on Linux ?

I found 2 paths
/var/spool/mail
and
/var/mail

none of the 2 were accepted

Are there any directories under the directories you mentioned? 😉

^

I didnt check for directories specifically

but with ls -al there were 3 entities inside, files or dirs

but If they were dirs, I wrote them incorrectly

Ok, at least I am looking to the right place. Thanks!

It asks for a specific user in the question, so look for a sub directory that could have the same "name"

as your user

You should be able to distinguish by running ls -l if they are directories or files or even something else...

can't say more than that 😄

I know, I just didnt think to check it

The first character of each line indicates what it is. d = directory

I will keep that in mind as well

Don't overthink, iti's very very straightforward

Just look carefully into each directory you found

and you'll be good

just basic nmap, no flag

Hi, I don't know if I'm asking in the right place, hope you can point me in the right direction if not: I'm going through the linux fundamentals course in htb academy and have realized that all of a sudden introducing sudo plus something requests a password from the default user which I don't have. (it didn't before, not sure what I've done to trigger this behaviour change). How do you guys solve this, or how do you reset the machine (or connect to another one)?

@lime raft - password is in text file on your desktop in pawnbox

ok, didn't know that, many thanks, seems reasonable for noobs like me, thanks a lot 🙂

Hi all, someone to help me on LOGIN BRUTE FORCING Assessment Service, I don't understand at all how to pass it.

yo jared. I'm stuck on flag4 at the moment. I have the tomcat credential. Not sure how to proceed

@grand locust check DM's brother

Hey what dont yo yet?

I created a list of usernames for Harry Potter. I created a list with cupp with his first name the fleet and the symbols at the end of the word

It took me weeks to do this too. You are on the right track. numbers, symbols,leet

If anyone could give adive/help on any of these modules it would be apperciated

For the first one, message me to get my write-up, if you want.

For module Attacking Common Applications you can DM me if you want.

Hello everyone, is there a way to debug answers to module's questions?
I'm on taking the Web Requests module and am on the GET Method part of it. I'm unable to figure out what is wrong with my answer. I tested my answer on the parrot terminal in my workstation and it worked there.

i can help, which one of the questions?

'Send a GET request to flag.php with two parameters num1 and num2 such that their sum is 1337.' on the GET Method section of the module.

what url are you using ?

I tried a bunch of combinations, right now i'm using
curl -u admin:password 'http://159.65.53.42:30584/flag.php?num1=1330&num2=7' after checking out the cheat sheet.

try and use http://username:pass@ip and the rest

No luck there.

Edit: Tox helped me figure it out, i thought i had to type in the bash command into the answer box. Typed in the flag and the world spins once more. lol

Is there anyone who can help me with the SQL Injection Fundamentals module?
I am a little confused. I can bypass the login, but only as admin and not as tom.

Thanks for the nudge in the right direction - didn't understand what the question was asking...

yes, what string do you use ?

Which part of the SQL Injection Fundamentals?
I had problems, too.

Subverting Query Logic

username: tom
Password ||pw' OR '1' = '1||

But then I am logged in as admin. Not as tom. Why?

okay, pretty close, so you need to use tom and not pw

It's the same

Can I send you a printscreen via DM? I do not want to spoil here

Because username AND password return FALSE

Why would username return false?

No. Username is true but Password is false. So basically you have TRUE AND FALSE which equals FALSE

You can still login, because 1=1 is TRUE, so you end up with TRUE OR FALSE which is TRUE, but not as a user, rather as admin because it did not fetch any username

Okay, let me get this straight. Tom does not exist in the database. That's why my SQL statement returns false.

Username AND password OR 1=1 is in your case TRUE AND FALSE OR TRUE which equals to FALSE OR TRUE which is TRUE

It does.

Exist

But Tom AND pw returns false. Because there is no Tom with the password pw

@acoustic owl You can DM me, as I am afraid I am spoiling here

Yes, now I understand. A logic error in my SQL statement. The password returns false before I can query 1 = 1.
So I have to end the statement before I get to the password query.

I found the error. Thanks to you and ToxDK for your help.

Keep in mind that AND gets executed before OR. So this should help.

Hey People i could need some help. I´m stuck in the Module File Inclusion / Directory Traversal on the last chapter skill assesment. i already found the admin panel and since the server uses nginx i guess i have to some how Poisin the Log files but i tried every Path i found(/var/log/nginx/access.log; /var/log/nginx/error.log) but it doesent seem to work. Do you have any hints for me by any chance😅 🙏

Aloha, needing some help: Module: Shells & payloads/Reverse Shells - I am unsure of the syntax issue I am having with the reverse shell on the target box. I have set the IP in the shell code to my machine. any help would be appreciated

@unique wharf try putting that command into windows CMD rather than powershell

Hello please need help: What is the name of the first section of this module?

Can anyone give me a nudge on Windows Privilege Escalation "Miscellaneous Techniques?" For the life of me I can't figure out what I need to do. I found a creds.txt on a file share, but I need to escalate privileges to access it, and none of the techniques in the section are working.

How do we know what 'this module' is?

Have tried all possibilities I know, like "Sections" "Interactive" "introduction to academy" unfortnlly does't work

Where are you? what module?

It doesnt matter, whichever module you are in scroll to the top and look to the right, under the table of contents you will see the sections

Okay thank you

You get it?

Thank you for that...need to pay attention to detail

"Interactive Section" is what am seeing on the top by right. Not working

do you know what module you are in?

Hello please need help: What is the name of the first section of this module?

Focus on your question :)

Bruh

You got this

Additionally when you ask for help please let us know what module you are on

in this case you are doing introduction to academy

i tried "introduction to academy" not working

That is the module, not the sections

think of a book, that would be the title

you are looking for the chapter, the first chapter

also called the section

yes thatt is the section, but not working "Interactive Section"

interactive section is the 3rd section

"sections" is the second section

what is the first section?

Yes Introduction

Thank you

Answ: Introduction

ok i cant find this library. i thought it was xortools but apparently not?

I thought it said from pwn import xor, that would mean the libary is call pwn

i found it. it was pwntools

mfw

oh nice

i just wish the module talked about that step

since it has a question requiring you to do that

and neither the HTB academy box or parrot has that library as part of their builds

but i got it 😛

That is annoying

Excuse me

the module has 0 pointers as to how to fix that also

I an very new here

And I need help

They need to be more up on what is on the ownbox escpaially cuz free acounts cant install new stuff

whats up

So

Uhm

I am very confused here

We all are

And I barely know what anyone is talking about

i mean im not even a free acct and it wont let me install new stuff on an academy box, requires sudo for it and they dont give you that password

that password is on the desktop

in the credientals file

nani

What exaclty are you confused about?

mfw i couldve installed the universe. alright thanks.

Everything

And one thing

What is this place

I got a invite from a friend

This is the matrix

😱

This is the acadmey channel for HTB

What is HTB

HAck the Box

Ok

https://academy.hackthebox.com

This HTB place is too complicated for me

I'm leaving

Ok

is there a roadmap somewhere for when the "coming soon" modules will be released?

still need help

Quick question: when you gain shell access, can the user see what you are doing on the exploited side.

if they were to run netstat, they might see an active connection on whatever port you used for your shell

@west canopy great, thanks

anytips what one can do with a bin/bash ?

Not sure what you mean. That's just the binary for a bash shell. I suppose in the privilege escalation sense, if you're logged in as a user that has sudo rights to run anything, you could do sudo /bin/bash and get a root shell.

Or if you're connected via a shell without TTY functions you could use python to invoke a bash shell , to improve functionality

http://www.jsnice.org/ is there a problem with this site

it's not working

i need some alternatives for deobfuscating javascript

whats wrong with it?

is it working

it's not loading for me

ok i will check with some vpn

it's working now on chrome but on firefox it's still buffering

don't know why

disable any extensions you have running

anyone help me with Skills Assessment server side attacks

I've been reading though several threads on this and I'm still having trouble.

When I run a whatweb or nmap scan, neither of them return a CMS. I know I'm missing something...is this syntax correct?

whatweb -a 3 <ip>/<vHost> -v?

Appreciate any help.

I typically use nmap -sC -sV -v IP . let me know if that works

Yeah, I tried that and this is all I came up with:

How are we directing that IP to the vHost? Are we doing that via the /etc/hosts file?

Could you remind me of the module and section of this question?

Yes

Yeah, sorry...

This is Information Gathering - web edition.
Section: Active Infrastructure Enumeration
Question: (2nd question) Which CMS is used on app.inlanefreight.local? (format: word)

Thank you let me run it real quick

i appreciate the help!

I think I found it. I must have not typed the info into the host file correctly

Hey, if I unlock a module (tier 4) do I keep the module access forever even if i dont have a subscription or do I need to maintain an active subscription for this tier?

Need some help with the OSINT: Corporate Recon module. I'm 99.9% sure my answer is correct but somehow it won't accept it.

Only if you 100% it

Thanks

Anyone around to lend some guidance on broken authenitcation or command injections?

yep on broken authentication

I'm doing broken authentication weak bruteforce protections, but can't think of anymore wordlists i have tried all seclists wordlists with username,password combination.. what should i try next?

For your fail string why did you use “F=<button class=‘btn block-cube block-cub-hover” ? My string looks different and I still can’t crack it.

on which question

question 2

yes this one

try to understand the section carefully

it's not about bruteforcing it's bypassing

can i dm?

ok

Anyone completed the Broken Authentication Skills Assessment? Tried lots of things but I've hit a wall...

dm

Thanks @feral gyro I got it now :3

i figured that the page past the login screen might not have the same element as the login screen, so it might be able to be used as a pass/fail indicator. i dont remember if it worked or not.

Did you get past it?

yeah i completed the module

i just dont remember if i ended up using that string or changing it

which section was it?

oh the skills assessment right

Brute Force Assessment 1 part. 2nd question

what string are you using

I did everything your doing but at the end I did F:<form= “log-in”

I did that because when you inspect the page that’s the html code

right, so you are using that as your pass/fail indicator

i think there was something else i changed

Yeah

i would double check your parameters

just in case there is misspelling or a different spelling. or try a different string.

When I get back home I’ll send what I have

Friends i need help with working with web services section in Linux fundamentals module

Someone help me pls

i recreated what i did and figured it out.

fyi my string did not work, LOL

hydra -l ******* -P /opt/useful/SecLists/Passwords/Leaked-Databases/rockyou.txt -f 138.68.182.108 -s 31844 http-post-form "/admin_login.php:user=^USER^&pass=^PASS^:F=<form name='log-in'"

I essentially did something like this

I’m not driving anymore but that’s what it was

Hello does anybody work on XXE ? I mean using CDATA or Error Based XXE because none of this examples work

Hi all, quick announcement. We've gone and made some fixes in our labs. These fixes will affect Windows Fundamentals AD LDAP AD PowerView and AD BloodHound module boxes that require RDP + using tools like AD Users and Computers. If anyone was having trouble with disconnects or general slowness in any of those modules can you please check and see if things are improved? If issues still persist for in just those 4 modules please DM me . Also if you notice a marked improvement It would be good to know so you can DM me as well. We are constantly striving to put out top quality module content and make our lab experience as good as possible so thank you all for your continued feedback and support!

I was only able to get the error based to work for that sections

Hey Guys I remember doing a module that in the first couple sections had a tool that went through an nmap output and organized and ranked the attack vectors, I cant find what module it was in, anyone remember>

Nvm I found it. attacking common applications, eyewitness

Thanks a lot for the tip! 🙏

Friends i need help
Doing working with web services section in Linux fundamentals module
Didn't know answers for those two questions
How to start a http server using php and npm

For PHP, it's ||php -S 0.0.0.0:8000||

Thanks guys I will let you guys know after checking tomorrow

riotusss

It's 12.45am here
Time to sleep

Yes bro

?

nothing man have a good sleep

Mm

!flag sus @sterile hawk @languid dawn

Hello

Can someone help me?

I think your lost

Hey i stuck in the smtp section within the footprinting section:
Enumerate the SMTP service even further and find the username that exists on the system. Submit it as the answer.
Can sb tell me where i can find the right wordlist on the htb client?

hey

in the windows fundamental module at the Windows Security section when i spawn a target i dont get bob.smith user

to find his SID

Try /opt/useful/SecLists ? otherwise try find / -name andPartOfFIleNameYouWantToFInd or for the footprinting module look at resources button on the top of the page.

You can download the list here.

oh man thanks a lot, never saw that little ressource tab before ^^

i had to search too 🙂

You know what, there is almost no free stuff on tryhackme

lol your back!

well I never left, I started doing free stuff and didnt get far before it said that the next step is for paid members

I heard the same thing tho, someone here was like Im gonna go try THM and a week later they said the free content is quite limited

It's super limited

you get more free learning here

Did you feel like you had a good grasp of what they wanted you to do there?

AKA you feel like the lessons here are working?

mtp-user-enum -M VRFY -U footprinting-wordlist.txt -t 10.129.174.188 -w 10
Starting smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )

Mode ..................... VRFY
Worker Processes ......... 5
Usernames file ........... footprinting-wordlist.txt
Target count ............. 1
Username count ........... 101
Target TCP port .......... 25
Query timeout ............ 10 secs
Target domain ............

######## Scan started at Fri Feb 4 21:09:13 2022 #########
######## Scan completed at Fri Feb 4 21:12:27 2022 #########
0 results.
quite not sure where i might have the error, no results though :/

Oh yeah, I was blowing through there questions

Its far easier over there

THM is easy compared to HTB

Thats what I like to hear. When I was trying to figure out where to train thats what I heard

HTB is where the professionals practice

Its been hard in the beginning I think it will make for a better end tho

are you still stuck?

yeah i got the answer but only through stupid testing 1 by 1 in the list. The smtp-user-enum ouput showed nothing :/

maybe i got the wrong syntax?

I noticed in what you showed us the target domain was empty

I dont know if that was it

yeah i see, ok, i try it with inlanefreight.htb

But if you got it all is well that ends well

thanks a lot mate, i will try and tell you then

I would think that if that was the problem the program wouldnt even run, so idk

Feel free to DM me if you are still stuck on this.

okay also the domain name changed nothing in the output :/ but i got it, i will now go on to the next lesson ;D

Need some help with academy module 'Hacking Wordpress' -- send me a DM if you can lend a hang

For the NTFS vs. Share Permissions on Windows Fundamentals

Has anyone had to install cifs-utils?

@crimson crown i went through it again on the pwnbox a few days ago , i believe i installed cifs-utils but i still couldn't mount the drive like in the example. I didn't look into it too much though because it wasn't necessary to complete the section

gotcha

i tried to install the cifs-utils but don't remember the root password

are you on pwnbox?

yeah

there should be a document on the Desktop with the user's password

for when you need to sudo or switch to root

got it

thanks

i keep inputting the full path

but it's not working

Good evening HTB fam

Windows Privilege escalation - Skills assestments 1

Could someone give me a little hint with searching the password of the ldapadmin please?
I've tried all of the techniques of the module. But did not find it.
Thx 🙂

@devout pelican i am stuck on this too

Theres a really helpful tool that looks like its named after an Italian dish that might help. @devout pelican @west canopy

At least thats what I think of everytime I use the tool. Feel free to DM me for further assistance as well.

thanks bud 🙂

much appreciated

Hello, I'm currently trying to work through the linux fundementals, and whenever I attempt to start ssh it prompts for authentication, but when I enter in my password or the HTB_@cademy_stdnt! password I keep getting authentication failed. I'm not sure if I missed something before.

I feel dumb, it was on the desktop

is the pwnbox vnc down rn?

hey, i'm currently stuck at the windows fundamental module Windows Security section i cant get the answer to the two question for the first one i dont know how to get the sid of bob.smith as i cant do whoami bob.smith

and the second one i will try to do it right now i think its like the previous questions

Feel free to DM me for help if you are still stuck on that.

im stuck on 'common applications' on section 'attacking drupal' I want to run the druppalgeddon3 exploit but it's not available in metasploit and I dont know how to add it, please help if someone knows this

Feel free to reach out for a nudge on this one

Hi guys, doing the windows privilege escalation module right now

There's this module on SeDebugPrivilege

but when I RDP to the user as it says on the lab

I'm unable to see that SeDebugPrivilege granted to this user

Can anyone support?

more context:-

Do more enum on Jordan’s privileges and try running cmd as admin. Also feel free to DM

This is why I don't like THM

they give you partial free, but you have to pay to complete the module

real cheap shot

Hi Windows privilege escalation > Find the password for the ldapadmin account somewhere on the system > tried lazagne but not giving anything back any hint pls

Feel free to DM for a nudge

Anyone on that's completed the Footprinting module? This second SMTP question has me. I've found a couple different ways to automate the enumeration of the users but I'm not sure based on the hint if there's a txt file I'm missing or if I'm just supposed to be throwing one of the giant SecLists at it and waiting ages for it to grind through.

Oh god, nevermind I found the resources section after way too long

/stuck on Intro to Python: The type of foo from question 1 is <class 'set'>. What is the type of x_coordinate?

Did you follow the hint?

yes still stuck though

DM me the answer you tried

Focus on the example answer given in the question to get the right syntax @copper trail

Good evening!

Evenin'

Ohai

I want to make a meta-module. It would help people understand the exploit and modules from a birds eyeview.

Sometimes when I do a box I know I have a bunch of tools but it has been taking me a while to realize what to use where

It would also be nice to have a search bar in "modules I own". There has been times that I go to a box, know its using wordpress, go to look at a module that references wp, but 3 different module do so.

Evening guys, wanted to see if anyone else has connection issues when using the 'NoMachine' platform outside of pwnbox? I am working on shell & payloads Live Engagement, and I can't seem to keep a stable connection.
Update
NoMachine doesn't like being run in root. problem solved.

@unique wharf interesting. I did that module a while back and didn't have any problems using nomachine, but i've heard other people report having issues as well

As per my update, I think its because of it being run in root...so far as non root, I am not having any issues.

*Struggling at broken authentication - trying to generate the predictable reset token, can anyone help me with this? 🙂*~~ Solved

Hey
Quick question about one of the boxes I wanna hack
Am I in the right place??
Seems like I can't write anything on this server other than the module page

@twilit jolt Which module are you trying to do?

dm

Hi, I am working on the web-request module. For some reason, I can't connect to the webserver (anymore). I assume apache2 is running, but I only get 405 "Method not allowed" messages

It should be as simple as opening a website using the local IP-address right?

The strange thing is: I get the server"WebSockify Python" as server, instead of the expected apache

Good morning everyone. I'm working on the sql injection fundamentals module. No matter what I do I still get the error "ERROR 2002 (HY000): Can't connect to MySQL server on '178.62.43.64' (115)" . It will work once, and I'll connect, then I move onto the next tab in the module and I get the same error. Anything anyone can help me with? I'm using the command: mysql -u root -h 178.62.43.64 -P 30434 -p then entering the password. This is driving me nuts.

hi

im doing linux escalation module

im trying to wget https://vulners.com/zdt/1337DAY-ID-30003

and is not possible from the target

in fact is not possible any wget in any site

i think maybe the target box can connect outside HTB network

*can't connect

hello

nothing wrong with ur command , i think so

When I first did that module I had a hell of a time with nomachine dropping. I just got really quick at entering the commands once I had it running. However, since then I have had no issues with nomachine.

christrc

hey

i'm in web request seconde section and i dont get http server response

ok when i go to history i got them

Hello I'm a new user in this platform

welcome

@lethal atlas thanks

@true geyser welcome

@unique wharf thanks Dear 😘

@true geyser not sure if you're doing a European thing but I'm a dude, dude.

@unique wharf I'm from Pakistan but I'm a dude, dude

Its deffo a middle Eastern thing, my middle easten friends also talk to me the same way

Hello I am new to this group!

Hello, I am new too

as you can see my role is noob 😂, indeed I have some problem with the module of introduction

In the section "Interactive section with Terminal", I put the version of the kernel but it says that the answer is wrong

someone can help me?

i found the correct answer but i don't understand why it is correct

How were you going to find out the kernel version?

i tried to put all word of the command line's output in the questions 😂

With the command uname -r you get the version from the kernel.
https://linux.die.net/man/1/uname

but why i can't put the version with all the numbers?

why the answer is only that word and it isn't the the word with the numbers?

in which module and which question are you exactly?

in this module

Because the question refers to the operating system and not to the Linux kernel.

thank you

Gotta say "thank you to HTB for the Academy" !

Shells & payloads is a really good module, i'm on to the next one.

Is there anyone that could actually give a nudge regarding USING WEB PROXIES modulo ? I'm on the ZAP Fuzzer lesson

There is no flag here. Get back to hacking!

Hey all - just finished the nmap module and have a question regarding ACK scans. The module explains that ACKs are usually ignored by firewalls because the firewall can't determine whether the connection was established from the external or internal network. I can't see why it couldn't just track all incoming packets and hold state regarding existing connections. An ACK preceding a SYN would then be an indicator of port scanning, no? Is it just the case that doing so would be infeasible?

I love this question. I didn’t know the answer but I feel like I’m about to and this appears to be a relevant resource: https://nmap.org/book/scan-methods-ack-scan.html

Ah it does indeed, thank you! Looks like there are both stateful and stateless firewalls.

I can

Can I dm you ?

yes

hey guys i'm new here but i've been trying to get into exploit dev or pen testing any advice or cert, languages, etc I should focus on from you guys experience.

@cunning wraith what modules have you done so far on academy? If you're interested in exploit development they have modules on assembly language and stack buffer overflows

helloo

i had joined a module LFI

i got the flag via LFI

what kind of flag is this

when i try to submit this as a flag

it shows incorrect to me

@livid pier are you here?

The flag is correct, check for blank spaces before and after.

Please don't post the flag

damn thanks a lot dude

it worked

Sweet 😄

bro i had one more question

how LFI could lead to RFI

*RCE

not RFI*

SMB can/could be explotitet, like EternalBlue.
https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue/

hi, I'm on the System Information Module, last two questions. I've used uname -v and ifconfig -a but, none of the outputs are being accepted as answers

No such module.

Sorry, Linux Fundamentals > System Information

I can see the kernel version and the three i/fs but, it comes back incorrect. Not sure what I'm doing wrong

Ifconfig? Isn't that deprecated and it should be ip address

What's the question?

Hi, Im still new to this and was wondering if anyone could help with out with the machine driver, I know that I need to ||upload something into the website|| but I'm not sure what and how. Thanks

With uname -a you should get a full output

For starting point ask in #starting-point

Its not, its a machine, not in the starting point section

I think

Ah then boxes

ok, thanks

My bad I thought driver was starting point

all g

uname -a isn't what I need here, though. Surely -v is what will give me the kernel version?

uname -r

That's the release, isn't it? The q specifically asks for the kernel version. Confused

@surreal gate The question is a bit misleading. But follow the example format.

You won't get anything like x.x.x with -v

still incorrect when I use the output for -r

@surreal gate DM me your answer.

@surreal gate 1. You need to SSH into the target. They are asking for the version of the target, not of your pwnbox.
2. Follow the format (X.X.X)

Now I feel like a fool. Thanks!

Don't feel bad. In my case, I'm going through the Getting Started module kinda slowly. There's a lot of content to chew through when going through an Academy module. And in my case, I got stuck on the "Share" question halfway through Getting Started.

I was stuck for over an hour, and all I had missed was the password to the user I was trying to log in as. The text had told me the password in the middle of the paragraphs, and my dumb dupa glossed right over it, and tried hacking the spawned instance at the end looking for a hidden password. xD

Help me figure it out.
Broken Authentication:Weak Bruteforce Protections. https://cdn.discordapp.com/attachments/913517629631766570/940244272966406154/unknown.png
https://cdn.discordapp.com/attachments/913517629631766570/940244694145855498/unknown.png

Hi guys! I have a question about the last skills assessment of the module file inclusion/directory traversal:
SPOILER ALERT
Is there someone that can explain me why reading the source of index.php from the browser with ctrl-u and reading the source of index.php with php wrapper give me one more line in the output that help me to solve the question?

Shouldn't index.php have the same output also if readed with two different methods?

Didn't you get the flags?!

the problem is with the encoding

dm

Hey guys I'm doing Web Attacks Module and I am on the Advanced File Disclosure section. I am trying to reproduce the results they did in the example in that section and I am unable to do so. Has anybody had this problem yet? I copied the example and still having a hard time getting the same output they did. Let alone not finding the flag.php yet. Any help would be appreciated. Thanks. The image actually cuts out the <email>&joined</email> part.

how do i start hacking?

:)

@languid dawn

https://www.hackthebox.eu/blog/learn-to-hack-beginners-bible

@feral gyro I don't understand. On the server inside the main directory (/var/www/html) there is a file called index.php. Why if i read it using the source code function of the browser (ctrl+u) the output appears different than that if i use the php wrapper?

At the end the file that i'm reading is the same, right?

no

send me the file u got when php wrapper is used