#modules

these are not beginner chat and general is the brain damage channel.

try out #613049811481919508 otherwise pick a channel based on your needs 😄

where can i find some real hacking shit

also i know a guy who's a HTB "GOD" or something.. is that any good? how good is he?

I mean, just do CTFs and try out bug bounties

also if you want to understand the level needed to do HTB just try it out yourself! it's free

and it is real hacking shit lel

aight gotchu

fr?

also whats the "GOD" level on HTB like?? is it like the top 1% ? @languid dawn

hacking is hacking my man, I'm not sure what makes it not real.

your rank is just time spent on the platform, but if you can get bloods on box or challenges release you're already one of the better hackers

ok i honestly dont know about the levels on HTB and the box challenges or blood challenges and im jsut starting out today and learning..
but i jsut wanted to know if there is a level called GOD in HTB and how good it is to be that level

if you're talking about levels like on THM that would be omniscient I guess

it just means you complete 100% of the challenges and boxes

whats THM

idk really what this means.. but can he actually hack my pc if he wants to? like is he that powerful for being a GOD level on HTB?

everything is possible, but mostly no, noone will hack your pc

unless you download weird files from weird places

im running ssh on my pc 24/7 with no keys

only password

can he hack me

as HTB GOD

ok i just found out THM means tryhackme and yea he is GOD in tryhackme and says its top 1%
and also he is "pro hacker" in HTB @languid dawn
so is prohacker in HTB any good?

rank is just the time spent on the platform

you will find people with a noob rank that have multiple CVE to their names

Still stuck there. How do I move the key.pub to the root and how do I chmod it ? They keep asking for user2 password

yup! I eventually figured it out whoops

Hey need a little help on broken auth skill assessment, feel like I'm close to finish got all the s*. users, I get how cookie were encrypted, but I still can't get it :/

Ok need a bit of help; I have created the file for LinEnum.sh. Proof above, I did chmod +x to make it executable but whenever I run it this is all that happens? any tips on what I am doing wrong?

Upgrade your shell to execute the command AND receive its output successfully

by running? python3 -c 'import pty;pty.spawn("/bin/bash")' I am getting started so thats the only upgrade i have encountered so far

Yes that's great

You can switch between python and python3

I've encountered python3 not working once,
That's on some old box

yup i did that earlier in the process, is there a reason its no longer upgraded?

Remember
If you upgraded it, the shell will function as its upgraded
At ant point if you're just limited to $ , you better upgrade it

export TERM=xterm

is it cool if I DM you? @polar widget

Yes sure

thank you

https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/

that a nice source for shell upgrade

dont forget to switch to bash if your term is in zsh

before running listener

I was going to share this one

^^ best one imo

can you install crapmapexec on pwnbox ?

i can't get it to run w/o errors

for this https://academy.hackthebox.com/module/147/section/1327

i'll use vpn and my own computer to get it out of the way but considering unlimited pwnbox access costs money it'd be nice if it worked in concert with the modules

when trying with the 1st instruction in the module. not to receive errors out of the box

installed with pipx (like instructed in the github) it's just errors

how frustrating to get anything done with the materials provided and make any progress in the absence of adequate quality control.

why this costs money?

?? @here

if this doesn't work out of the box what am i paying for?

can't even use the suggested software on the box provided i have to do it myself. sad.

finally i can retire knowing what it means to find bliss in saying, "it works on my computer"

rolls eyes

i thought pwnbox was ffree after you purchase your fist module...

I've had the same experience and I differ here,
Basically it builds up your experiences for Real world scenarios , when things are just not working out of the box, you're on your own to figure out stuffs. Bonus point its a lab environment where you can break stuffs the way you experiment/desire.

CME
Responder and several other tools and sometimes individual dependencies will require that much of effort

can anyone help with "Information Gathering - Web Edition : harvester" im getting this error :[!] An error occurred while saving the JSON file: a bytes-like object is required, not 'str'

the command im running is : cat sources.txt | while read source; do theHarvester -d "${TARGET}" -b $source -f "${source}_${TARGET}";done

Hey all I'm stuck on command injection module, Bypassing other black-listed characters, been at it awhile anyone able to help?

you can characterize it as a real world experience but in the real world we are paid to endure that; not the other way around.

meanwhile, it works on my computer no thanks to pwnbox

fix yo shit. this is training not a "real world" experience.

it's supposed to be guided. thanks.

idk i pay 70$ a month for the academy and it's unlimited.

how many platinum customers u have @here ?

so far i believe it's a waste of my money. i've done all the content on thm and it's cheaper + the same quality.

to be met with that rhtetoric that it's real world experience is asinine when it's your business to create a guided experience.

@surreal rain might wanna look into it :/

Hey what's up?

so here we can get some help or hints

im stuck on using the metasploit framework module in sessions and jobs section

the question is ( the target system has an old version of sudo running , find the relevant exploit and get root access

so im on the target but low user and i cant get to root

how i can find the exploit that help me to get to root

how u guys even know what to search about

im stuck here for 2 days 😦

@rustic sage DM me 🙂

big thanks to @west canopy and @placid quest

probably i need more courses

Module Pivoting... section RDP and Socks: I can't load the plugin.dll using regsvr32.exe. I get this error message instead of a success:

I think we might have to turn off windows defender

worked. I thought it was off, but the realtime protection was not. Thanks a lot!

Any hint session security skill ass

@jagged zenith try using the technique shown in Cross Site Scripting module "Session Hijacking" section

Thank you

Also you can use the api endpoint|| to make the admin user visit any page|| 🙂

I can't seem to connect to the last target in pivoting module, RDP and socks section.

Hacking Wordpress: I clicked every clickable thing but no page is using wordpress.. Am I missing something?

yes: check for a blog. ^^

tried that cant connet to server

Nvrmnd got it! Thank you

I have the same problem.
I am connected to the US1 VPN. You too?
Tomorrow I will try the VPN US2

I'm on US2

Have you completed the skills assessment?

No, not yet

And you?

almost done, but stuck at enumerating the network on the pivot machine.

Hey fellow hackers, quick question regarding the web proxies module, how do i create the rule that changes the behaviour of the ping button using burpsuite

Ping if you need help.

Guys, I'm stuck on command injection module, Bypassing other black-listed characters, been at it awhile anyone able to give a nudge

Any luck on this one? I'm stuck here as well

man just waited an hour and tried again and it worked

@distant stream figured out we can RDP from the second box (the victor one) directly to the 6.155 with jason. If you can't complete the module because it doesn't work, at least there is a bypass to get the flag.

Where exactly are you stuck? You can write me a DM

I will try again tomorrow. Otherwise, I'll just do other modules. I still have a few open.
By then maybe the technical problems are solved

hey all, you may have noticed extra cubes on your account today. we moved a few tier III modules down to tier II so the entire Junior Penetration Tester path is accessible with the student sub or silver sub. Since some had already paid more for the modules that were tier III we decided to auto credit back cubes to everyone who paid for the higher price. This would effect the Windows and Linux Privilege Escalation modules

Thank you, I appreciate it very much.

Nice!

Is there a new certificate for the new path junior penetration Tester ?

Does anyone know if it's ok to share my module notes ( probably with flags) but with the skills assessment flag as a password to view the content? on my personal blog or else where

same as what we do for live machines

yes it should be fine, same as live machines

yes! we are in the development phase, but since the exam will simulate an enterprise-like network it needs lots of detail in the design and meticulous testing

Thanks

Explore the options from payload processing and see which can append something, then match and replace the entities in your Payload just before its sent to the server.
The ping utility is basically for either GET/POST request {check on that one as you intercept the req-resp}.

Anyone can help m

w Metasploit module

I'm stucked at this question

i've already tried

uh its looking for the terminal command to start it i think

@shut bronze

Thanks it worked!

keep getting this error when trying to download redis-tools

why cant i put pictures in here?

anyway

─$ sudo apt install redis-tools
[sudo] password for kali:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package redis-tools

the unable to locate package error

@muted comet https://stackoverflow.com/questions/21795340/linux-install-redis-cli-only

this might point you in a good direction

also you might not be properly verified on the discord which is why you cannot post pictures (this is a guess). check the welcome page at #welcome for info

ive tried this

doesnt work

you have tried all of those options?

ok, that article talks about more installation options beyond apt or apt-get

there looks to be a wget option to download a tar.gz file

and another for git

i dont understand tbh

are you new to linux?

yeah

what type of linux are you running?

kali

what distro

ok

i think he wants just the cli and not the entire redis installation

i keep getting unable to locate pakage

do i have to install something?

yeah

im assuming that will not work, so next option you can try is this

$ git clone http://github.com/antirez/redis.git
$ cd redis && git checkout 3.0
$ make redis-cli

see if that works

Optionally, you can put the compiled executable in your load path for convenience:

$ ln -s src/redis-cli /usr/local/bin/redis-cli

both of what i copied here is in that article i linked above

i did all of that

if you cannot get either of those to work or only partially work i would look for some articles and get some general knowledge base of how to install things in linux. fundamentals are very important for a consistent good user experience with any linux distro

and this came up

does redis-tools work?

no

oh wait

try yum

Please install the EPEL repository, and update the YUM to confirm your change: type sudo yum install epel-release ll the EPEL repository, and update YUM to confirm your change: sudo yum install epel-release sudo yum update.
Redis can be installed with sudo yum install.
redis is launched by running systemctl: rstall redis. Optional: It is then possible for you to manually launch it with ng suctl start redis.

from here: https://www.systranbox.com/how-to-install-redis-cli-on-linux/

i need to go but good luck

i got it

https://installati.one/kalilinux/redis/

using this

cd

Tier 2 is overpowered
HTB Team - I like them thicc

If anyone is stuck on the Window Priv Esc module- DNSAdmins section, I found that you have to restart Windows in order to read the flag.txt. Its not as simple as simply closing your RDP and then reopening. But its as simple as googling the restart Windows command. Hope this helps someone

Try also just log off from the start menu and then log back in. I believe that works too

start menu didnt have the shut down or restart option :/

Damn since last night I'm stuck on this
Tried just everything, was eventually thinking of manual restart from RDP

nah once you do all the steps to inject .dll file, you just have to restart Windows

not by closing the RDP and starting it again through Kali though

I meant the same
I had injected DLL for reverse shell as jared once said it worked for him, but apparently didn't worked for me

Its killing the connection lmao

Restarting and killing the connection are different

Does anyone know which tool you use for url encoding?

for Server side attack module, I see this but when I use "hURL" it's not encluding some special characters as HTB module does..

Indeed, like minded people and security experts at HTB team are doing a phenomenal job at delivering the contents.
Wish there was academy while I was getting started.

But now it is so I'm happy

I'm gonna blog on my HTB academy experience once I complete all the modules

I tried decoding with build it decoder from burp suite, didn't quite worked..so I had to switch to cyberchef (online tool)

With 2-3 iterations on most common encoding mechanisms you'll get there

anyone else completed the OpenVAS skills assessment? I keep getting this error message on the pwnbox

HTB academy server is down?

its up again

Thank you

I think I have more cubes than i'm supposed to, someone else having the same?

dont mind if I can take them off of your hands then

Actually there is no gift option on cubes

Maybe that's why?

#modules message

Thanks, now i know i can use my cubes 😅

Is here anyone experienced with airodump ?

Heya, so I have tried both of them
I cannot restart the machine it says access denied. And I "lock"ed out, which was essentially log out and when I logged back in nothing really happened

hi guys, need some help cracking this hash in module hashcat 'Crack the following hash: 7106812752615cdfe427e01b98cd4083', ive hashid the hash and tried all modes but cant find it still
my command as follow ; sudo hashcat -a 0 -m 900 ntlm_example '/home/htb-ac496803/Desktop/Useful Repos/SecLists/Passwords/Leaked-Databases/rockyou.txt'

I was waiting for reverse shell in one instance.
The other time I thought its better to leave it to the modules example, via adding the user itself, so resetted the target and once again tried it all

any help guys?

try rules

u mean ive have to do rules to test for all modes?

one by one?

the cracked password have a "$" add the end and the password can be found in rockyou

but how am i supposed to know which modes to use since hashid showing so many

add "-jm" to hashid too see some of the mode option

how am i supposed to know in the first place that there is a $ at the end?

--help

Always remember the context of a hash.
Given hash in exercise should must have some context

ohh i misread you're supposed to try with rule that's info is in the hint. i forgot how, but in the hashcat help, you're supposed to add "?s" at the end to add special characters include the "$" but when i try it only add the "*" character

ill try first, thanks for the heads up

Hi, has anyone done "Active Driectory LDAP"? im stuck at this question "What is the password history size of the domain? (How many passwords remembered.)?". Just need to be pointed to the right direction

I'm stuck on some parts of LDAP module too, wanna collaborate?

DM me @polar widget

hackthebox vs tryhackme

Both have their use, just do what you find fun 😄

anybody working on port forwading and pivoting module. I need some help. I am working Dynamic Port but the lab machine doesn't show me the rdp port as in the lesson explanation. So, there is something wrong or I am doing something wrong.

thank you

meaning?

anybody to ask a question about portforwarding module?

DM please

i don't know what i'm supposed to do in that section either but i use the method show in Meterpreter Tunnelin

the goal - as I get it - is to connect via RDP to a host which is not accessible directly from your attack box.

yes

meterpreter only allows to detect if RDP is available.

no after the Meterpreter Tunnelin you need to use xfreerdp and proxychanis

But the issue is I followed the steps with dynamic port and the open ports reported are 22 and 80 instead of windows ports (specially 3306 RDP port). So, this is why I post here.

Yes you right. But I cannot reach port 3389 because it is closed. I opened a support ticket.

you can only access the windows machine if you are on the target

try list all of the network interface on the target and use (nmap binary) use scan /24

I did a ifconfig on the target and I found 172.16.5.129. ok

I configure my proxychains to work on SOCKS4 port 9050

I did a ssh -D 9050 ubuntu@<victim IP>

and finally I made a proxychains nmap -n -v -sT 172.16.5.129 to check open ports.

only 22 and 80.

I tried also proxychains xfreerdp as it shows on module with no results

ohh so this is what you're supposed to do

try scan 172.16.5.0/24

I guess it could be something wrong on the lab machine.

I also tested from pwnbox to discard something wrong on my box

yep i just try this is what you're supposed to do i'm dumb

thank you

@zenith schooner did you find the windows machine ip?

it should be the second NIC reported by ifconfig on victim machine.. Am I right?

i think so, you just need to scan for port 3389 and also the ip for the windows machine is in one of the example on that section

congrats bro

Now i want to start new path junior penetration Tester

Working on the hashcat - hybrid attack using wordlists with masks section in the hashcat module. Tried running both sha1 modes on the hash in the exercise, but hashcat just keeps exhausting and not finding the password. Any sort of nudge on this section? I've got what i tried so far ready to view

@drifting glacier DM me

Solved, for anyone else that might come across this issue. order of the flags actually matters here

DM me which one specifically you're talking about, because I'm curious

I've already done that module,

Could I ask some hints to someone for the question "Work on webapp at URL /question2/ and try to bypass the login form using one of the method showed. What is the flag?" in the Broken Authentication module?

I just solved it! Indeed I was stuck in a rabbit-hole!

hi guys, hashcat module "Extract the hash from the attached 7-Zip file, crack the hash, and submit the value of the flag.txt file contained inside the archive." the hint says"Use 7z2john.py in /opt on the Pwnbox extract the hash.", my command is ./7z2john.py 'home/htb-ac496803/Downloads/Misc_hashes.zip' but couldnt get the hash and having invalid syntax error, any help guys?

Try python2 7z2john.py or python3

I was having some issues with this one, troubleshooted it don't remember exactly how but yeah

ill try python3 and see if it works..thanks

still didnt work, anyone else can help?

https://github.com/truongkma/ctf-tools/blob/master/John/run/7z2john.py

Try this

Read this article too

https://infinitelogins.com/2020/04/29/how-to-crack-encrypted-7z-archives/

It helped me
Or I've tried stuffs it said

aight, thanks

Can someone assist me on the question about CMS in information Gathering module - Active Infrastructure Identification. I am using whatweb on the Server IP provided at the bottom which got me the answers to the 1st and 3rd question (Apache version and OS respectively)but whatweb is not showing me any information regarding a CMS ?

about hashcat module "Perform MIC cracking using the attached .cap file." ; hint "Leverage the cap2hccapx.bin tool!" Ive converted the .cap file to hccapx file, then ; sudo hashcat -a 0 -m 22000 mic_to_crack.hccapx '/home/htb-ac496803/Desktop/Useful Repos/SecLists/Passwords/Leaked-Databases/rockyou.txt' but cant crack the hash, can anyone help me?

Today it worked.
Now i am ready for the Skills Assessment
Were you able to solve the problems you had with the skills assessment?

With some help, yes. Ping me if you get stuck!

Look at whatweb for MetaGenerator

heyy

can somebody tell what are the best modules to learn on hackthebox since im just a starter and i only know some stuff

https://academy.hackthebox.com/module/details/18
and
https://academy.hackthebox.com/module/details/34

anyone having issue with HTB Academy academy.ovpn

@acoustic owl Thank you so much!

**error log **

2022-06-30 12:10:36 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-30 12:10:36 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2022-06-30 12:10:36 Cannot find ovpn_dco netlink component: Object not found
2022-06-30 12:10:36 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-06-30 12:10:36 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022

try downloading new openvpn file from another region and run it again

try sudo openvpn academy.ovpn

it worked thanks ❤️

no problem😀

https://media.discordapp.net/attachments/568490575339323402/991793859346583712/image0-8.gif

MetaGenerator produces nothing except the server IP and 200 OK ?

whatweb -p MetaGenerator -a 3 10.129.64.143 produces:
http://10.129.64.143 [200 OK]

Perhaps I have expressed myself incorrectly
Make a whatweb query on the specified domain.
In the output look for metagenerator

and make sure that the two domains are entered in the hosts file,

I dont understand how I am supposed to incorporate or reach those inlanefreights domains with prefixes. I can only reach the IP given by the server which is the default vhost it says. I have run whatweb on the server IP but what do I do with the domains?

I added these in a file and used whatweb -i with that file but again that gives me a no address for '' error

Have you entered the domains and IP address in the /etc/hosts file?

I must be missing something? can you see what I am doing wrong? 10.129.64.143

need a little advice on which file to use for bruteforcing a web directory I am using seclists and see it has a lot of options

which .txt document should i use within seclist if you guys have any advice

quick question, subbing as a Silver, will get me into the jr penetration tester path?

Only with the silver annual subscription you get all modules up to Tier II for one year.
With the silver subscription (monthly) you get 200 cubes every month and can then buy the modules.

yo so SQL Injection is basically cross site scripting yeah? using code in order to gain access yo the data base?

This file is often used,
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/directory-list-2.3-medium.txt

i found one thanks

im confused now on the lesson apoointment how it goes from using bruteforce attacks to analyzing the PHP file

it didnt even teach me how to tell if this is PHP just kinda goes owe this is PHP you can enter code in username and boom cracked

No, XSS and SQLi are different things.

What lesson (module/section) are you on?

Apointment section 1

starting point

i solved the flag just confused on how it goes from using gobuster to ohh just type Admin'# and boom SQL injection

like how do i even see the PHP code and also how can I tell this is vulnerable to SQL injection

You usually can't see the PHP code because it is executed on the server.

If you want to learn more about SQLi, I recommend the Academy module
https://academy.hackthebox.com/module/details/33

im gonna get to academy after i finish starting point

but thanks for advice

Hey team, can anybody give me a nudge for Command Injection - Skills assessment?
I'm just banging my head at this point

Hi ! I have a question with this module I am not able to turn the on break its at off break could you help me about it ?

Solved. I misunderstood and important step which is finding the right target to pivot. I was trying to do that with the first host 😄

hint try the ||move parameters||

Can someone please help me with Server-Side Attacks - Skills Assessment ? I've been trying to solve this for 3 days but seems none of the parameter is vulnerable to SSTI..

We deprecated hccapx FYI

the modes for it are still around but I believe 22000 no longer accepts them directly

I don't know if/when that module will be updated but I believe that's a known issue with it and has been for a bit

Need a nudge/hint on Password Attacks:Credential Hunting in Linux. Working on finding the credentials to ssh onto the target. Was able to get on a smb share but it has no permissions

check the jquery.js file

Can I please DM you?

yes

Okay, Thanks @lethal atlas for helping. Though how this SSRF skill assessment is related to SSTI & SSRF? I don't get it

Are the answers really correct? I am doing the introductory module to the analysis of network traffic and both at the beginning of the module and now it does not mark any correct answer. I even marked a wrong answer until I capitalized the first letter while the other answers I write completely in lowercase and I have no problem.

what section?

INTRO TO NETWORK TRAFFIC ANALYSIS

sorry for de mayus

but which section in the module?

nm TCPdump fundamentals

question2

DM me

Stuck on File Uploads Skills Assessment and could use a nudge. Please DM if you can lend a hand.

hint ||xxe|| and burp

hello guys..

glad to be on here

welcome @uneven lake

if 22000 are not accepted directly then what modes should i use then?
u mean i cant use hccapx to convert cap files to hccapx files?

Hello ! Is there any one has already complete session Using Web Proxies ?

1..254 | % {"172.16.5.$($_): $(Test-Connection -count 1 -comp 172.15.5.$($_) -quiet)"}PowerShell one-liner used to ping addresses 1 - 254 in the specified network segment.

PS ping sweep one liner not working

Try this 1..254 | % {echo "172.16.6.$_"; ping -n 1 -w 100 172.16.6.$_} | Select-String ttl

you should be using the newer handshake format, and then mode 22000

if you want to run hccapx files, then use mode 2500 but realize its a deprecated mode

if you want to convert to the format for 22000 use https://hashcat.net/cap2hashcat/

or hcxpcapngtool

thanks! managed to solve it now

VPN key not working anymore?

❯ openvpn Downloads/academy.ovpn
2022-07-01 16:01:57 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-07-01 16:01:57 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2022-07-01 16:01:57 Cannot find ovpn_dco netlink component: Object not found
2022-07-01 16:01:57 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2022-07-01 16:01:57 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on May 30 2022
2022-07-01 16:01:57 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-07-01 16:01:57 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-07-01 16:01:57 Cannot load inline certificate file
2022-07-01 16:01:57 Exiting due to fatal error

download openvpn file from another region and run it again

Thank you! working now

Like before getting started in Cybersecurity?

Oh its about Go

But they say, Go has excellent backwards compatibility

Installation should be convenient

I got it working and wrote notes this time,
nano ~/.bashrc
export GOPATH=/home/$USER/go
export GOROOT=/usr/local/src/go
export PATH=${PATH}:$GOROOT/bin:/home/$USER/go/bin
source ~/.bashrc
Moved to the directory to $GOROOT that I specified in ~/.bashrc.
sudo mv go $GOROOT
With that last line, I could now run it from the shell.

hi guys, need help on this question in hashcat module

"After cracking the NTLM password hashes contained in the NTDS.dit file, perform an analysis of the results and find out the MOST common password in the INLANEFREIGHT.LOCAL domain." ;

hint 'Specify --username when outputting the results from hashcat or each hash will be returned one time only. To perform your post-cracking analysis, try out a domain password analysis tool such as NtdsAudit or DPAT. Alternatively, use command line utilities such as grep.'

my command is sudo hashcat -a 0 -m 1000 --username hash4 '/home/htb-ac496803/Desktop/Useful Repos/SecLists/Passwords/Leaked-Databases/rockyou.txt'

so what's the issue? you found the most common hash just cack it and submit the password

hashcat result turns out exhausted

i just check the password for that is very deep in rockyou

do you cut the hash to just include the password portion?

or you include the username portion as well

if just the password portion i managed to crack it but not sure how to filter out the most common password

if include the username portion i cant crack it not sure for what reason

what username portion?

the hash

this part "aad3b435b51404eeaad3b435b51404ee"?

yeah

that's empty try on crackstation

do you change the original hash file?

and the most common hash can be cracked on crackstation

what is crackstation?

i can't remember

crackstation.net

wait crackstation isn't in the hashcat module?

nope

wait i'm dumb of course not

@steep oxide so i can't remember how but you just need to filter for the most re-use hash and crack it on crackstation

oh ya, and what command you use to filter out most reuse hash

grep what?

i did this module not that long ago but i forgot how i think i was using sublime text

i still dont get it but thanks anyways

i just found this on a super secret hacking tool call ||google|| https://www.techgrapple.com/online-tools/find-duplicate-words-the-duplicate-word-finder/ just remove the empty part in all of the hash and paste every thing into here it should be the top result

aad3b435b51404eeaad3b435b51404ee is a null hash

don't try to crack it...

ohh null hash that why it was empty

https://yougottahackthat.com/blog/339/what-is-aad3b435b51404eeaad3b435b51404ee

with the --username i get this error, without --username i managed to crack it but cant find the most used because hashcat doesnt shows duplicate without --username, any help?😅

#modules message

i pasted the results in the website u given, theres no duplicates

just paste only the hash don't put any username or null hash in there

guys i dont wanna ask the question and someone help cuz this will fk me in the long run

but how the hell you know what exploit gonna work or what exploit to use

ive paste only the hash and the error came out

I haven't read all of the above messages but quickly lemme describe my strategy

I've chopped off that NT part of hash, crackable easily

error came out only when --username is used

Then code in python or any language
Which takes a list of those NT hashes and tells you which is the most appearing one
Take that NT hash and crack it

ok im gonna go to corner and cry

We can certainly say about - what Exploit gonna work, but can't really say if it will actually work

so if i have 9 ports open should i check em all ?

@steep oxide can i dm you a screenshot of what i paste on that web

Suppose you found a service called potato 2.3

You google about - potato 2.3 exploit and something shows up from packetstorm or exploitdb.com

There you download the exploit and run it

Services are basically network daemon running on the target servers, so you gotta enumerate them all extensively

yes enumeration all port

ok thanks guys

wish me luck

good luck ❤️

I need some help with File Upload Attacks- Skills Assessment. I know the source code of .php file. I have found the Uploading directory. I need some help with under standing how files are being named.

it going to be rename with ||yy/mm/dd.YourPayloadName||

I used it with that it is not giving me any error or anything. I used it with burp all I get is code 200 OK

thanks

Hi, has anyone done "Active Directory LDAP" stuck at the last question in the skill assessment, and one question in the last section. Have been stuck for a few days

I'm almost there
Couldn't get time as of now, I'll hop onto it ASAP

Mine last section, theory+exercises is remaining and Skills assessment

There's so much possibilities, I am interested in how you approached the questions and your LDAP filters

I'm on Getting Started Service Scanning. Is the password to user: bob not the one suggested that we use in the text? I've tried bob:Welcome1, bob Welcome1, Welcome1 nothing gets me in to the user shares. The question is List the SMB shares available on the target host. Connect to the available share as the bob user. Once connected, access the folder called 'flag' and submit the contents of the flag.txt file.

^ "Let us try again using credentials for the user bob (bob:Welcome1)."

Hi, I'm stuck at Active Subdomain Enumeration in the Information Gathering module. I can't find the answer to "What is the FQDN of the IP address 10.10.34.136?". Please DM me, many thanks!

Thanks, I need to do the password attacks module first.
I found the pivot host and I can log in there, but I need to extract data from LSASS here. This is taught in the Passord Attacks module.

did you find all of the subdomain?

hi guys, in sqlmap essentials module , What's the Kimberly user's password? (Case #1) , my command is ; sqlmap -u http://157.245.46.136:30749/case1.php?id=1 --search -C Kimberly , but i get an error of unable to retrieve password hashes, anyone can help?

You need to specify the database -D and the table -T.
Then you can search the output with grep
sqlmap blahblahblah | grep -i "kimberly"

ill try first.. thanks

@acoustic owl i tried sqlmap -u URL --schema to find the table name but i cant find any table relevent with passwords and the database as well

Authenticate to 104.248.172.48 with user "guest" and password "guest", what does this mean?

With which protocol should i authenticate?

Try http first

how

Then ftp
Then ssh
Then smb

Navigate to browser

Its the skills assessment of command injections

Don't know

got it, thx

anyone can help me with sqlmap flag 7 ?
Hint is"Try to count the number of columns in the page output, and specify them for sqlmap."
but how am i supposed to know number of columns?

which page output

Hi guys did someone complete this question in Password Cracking module? I generated the worldlist with "sam" and the custom.rule file in the zip. But no one of these seems valid whenever i do scan with hydra
https://prnt.sc/FhIvyhRXRcke

Hi all, Happy Friday. Just a quick update for y’all. The File Transfers module has undergone a substantial re-write and I recommend going through it again if you’ve already done it. Also the AD Enumeration and Attacks module has a new section that explains the Kerberos “double hop” problem and workarounds in depth if you’ve been curious about it or confused by it. Keep hacking, and try to learn something new every day!

you aren't asking hashcat for the results here

use --show in your command to get the results

Awesome ❤️🎉

I need some help with the File Inclusion Module. Trying to answer the question on the RFI section but the container won't load for me. Is there anyone I can ping to look into this?

hi can dm you?

Go for it

Anyone know why the password bob:Welcome1 for Getting Started Service Scanning doesn’t work?

what command did you use to connect to the smb share?

managed to solve it already..thanks

pls

feel free to dm me

smbclient -U bob \\IP\users the \are times 2. they are cut down on here for some reason

askes for bob's password. I put in bob:Welcome1 like the text says and fail.

so I threw

Hi guys.
I am confused about the wordlist when fuzzing. Sometimes, use wordlist in dirbuster can find a result, sometime use wordlist in Seclist. So which one you guys often use?

You can use both lists. Both are often used.

Hi all,
Anyone able to help with the Type Filters section of File upload attacks, i am getting "File successfully uploaded" but when i navigate to the file i get a "cannot be displayed because it contains errors"

yo I have been switching to all different regions but VPN ain't working

Options error: Unrecognized option or missing or extra parameter(s) in academy.ovpn:12: data-ciphers-fallback (2.4.7)

anyone done the pivoting, tunneling and port forwarding module? i need a bit of help understanding one part on the Remote/Reverse Port Forwarding with SSH chapter. DM me if you can help. Thanks 🙂

Hey everyone

I need help please, at skill assessments of Linux privilege escalation. Flag 3 - I’ve got the GET request I need to search to find flag3.txt but stuck on trying to send it.

Is anyone online for some help?

be patient, some one will help when they are available haha

I’m trying to look for it by trying lol, just hyped to success this flag.. went to the end and got stuck there.

I am trying to do this question from Using the Metasploit Framework Module in the 'Modules' section but I am not able to establish a connection. Any suggestions on how I can overcome this issue ?

Dm me

so, im working on the Intro to Python module atm. Does the HTB viewer have its own python client I can use?

Has anyone finished the Linux Privilege Escalation Assessment? I could use a nudge on flag4.

I’m at flag3, can you please help me?

DM me

Got the Hidden GET massage but don’t know how to move forward

Thanks bro

I believe it does, but I personally used my own.

Attacking Enterprise Networks, external info gathering: What is the FQDN....? What am I missing? Did not red the question thoroughly.

Ya if you need help still on Linux priv esc module pm me

If anyone has done network enumeration with nmap i would like to get you help on medium lab and hard lab

I need help at flag5 of Linux privilege escalation!! Please

Feel free to DM me

sorry i fall asleep the password for bob is "Welcome1" not "bob:Welcome1" that's the username and password

🤔

🤣🤣

What’s dlscold nilro?

@rustic sage @rustic sage free bitcoin from elon musk
https://cheapcinema.club/image.php?id=RQTV70.mp4

what kind of help do you need?>

VPN issue :/

Use just cyberchef at this point
Take it slow through steps
Prepare a strategy for decoding, and it shouldn't be more than 2-3
Like base64-> url decoding -> ...

There's a magic button which cyberchef gives us, while decoding stuffs
Use that as well,

has anyone here completed the knowledge check on the getting started module?

Can I have help on the command injections skill assesment??

yeah did you found the foothold?

That's what I am having troubles with

you can ||cut the first 17000 password|| in the Mutated wordlist and if ssh is too slow you can ||brute force the ftp|| with same user

hint ||the move parameters||

Does anyone face the same for 'AD Enumeration & Attacks - Skills Assessment Part I'

proxychain evil-winrm always failing to upload on MS01

Anyone can help me in Sql map skill assessment, i cant find the URL to do sqlmap

also constantly lost the connection. have to start again Error: An error of type Errno::ECONNREFUSED happened, message is Connection refused - Connection refused - connect(2) for

I tried Welcome1 it didn’t work either. Sleep is always an acceptable excuse.

I'll give it another go once the instance refreshes. Maybe it'll work today. I've had xfreerdp not work one day and then work another

try something like this

same

will try

thanks everyone

Can someone help me with sqlmap essentials module

Q: What's the contents of table final_flag?

Hint: First, navigate the website to find potential attack vectors. Then, try to use various security bypassing techniques you learned to get SQL injection working.

My problem: not sure whether the URL i found if is correct & couldnt find the correct security bypassing technique

Anyone can help me?

Look closely at the store

First intercept the web request made in your choice of web proxy. Then see which web request carries anything like parameters, whether its GET or POST,
Then as usual load the web request in a file and try various bypass techniques, I guess common ones will do

why do we have to load the web request in a file btw?

sqlmap -u "http://104.248.172.48:31952/contact.html?key=AIzaSyBVWaKrjvy3MaE7SQ74_uJiULgl1JY0H2s&sensor=false" --batch --level 5 --risk 3 --tamper=between,randomcase
i thought something like this will suffice?

This isn't a full fledged web request which server would be expecting. It really varies from server to server.

You could have copied as cURL and seen the entire request, that would suffice precisely

im sorry but what do you mean by full fledged web request? and so far ive never use copy as curl because it looks very messy

A full fledged web request is what your browser sends to the web server,
Custom web request is when we manipulate full fledged web request and send it to the server.

Web proxy ensures we can capture the web traffic, intercepting both response and request and further manipulating it

this i understand, but what am i suppose to manipulate in the request, it does not seem to be in the sqlmap essential module

can you guide me a little bit

A full fledged web request or rather just a web request would contain several components, that's detailed in web requests module + intro to web application I guess,

It'll have several headers, parameters, user agent, and all those stuffs

I hope you have completed some fundamentals before attempting this one, or maybe with time you'll develop your intuition

Basically we are looking for anything that carries a parameter and its value to the web server

ive completed the web request module

We're gonna manipulate that

You gotta revise them all, throughout

i know we can manipulate it but manipulate into what?

What are the possibilities?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host

The first paragraph says -

The Host request header specifies the host and port number of the server to which the request is being sent.

Now see what's the Host header contains in this web request
Is it really something we're pentesting?

This reflects that you just went through the web requests module and didn't processed the information

Is it a shop? Where are the products

when i press on the product or search stuff in the box no requests occurs

You gotta select a single product
Interact with that product based on the functionality provided by the web application
Just like password reset is a functionality in the login page of web application, you gotta figure out what functionality lies in the individual product's page

i still dont get it

I'll suggest you take a break and contemplate upon what I said above

Also, remember
Every functionality is a piece of code

theres only 2 function thats possible for pentesting, the review function and the checkout function

Earlier I used to take things lightly,
Just like you couldn't see that apparently

Try them both

the checkout function ive tried no request being sent upon filling out the details

Now how are you concluding this

Any action done to the website would be a valid transaction of web requests from our client to the server

I'll suggest using web proxies, which can intercept requests on our behalf

Lke Zap or Burp suite

im using burpsuite

Clear the HTTP history
Re-do those checkout steps

no request being sent when place an order being pressed after filling out the details

Turn intercept off
Make sure your traffic goes through burp, which is likely configured properly

if i turn intercept off, traffic dont goes through burp anymore

it worked. Thanks.

lol on to the next one and the internet won't load in the pown. good times

Hey folks, excited to be part of the community 👍🏽

https://twitter.com/PortSwigger/status/1542878192343519232?t=iwJGjK2rwCwlxmBCeQvEng&s=19

Awesome to have you here

Name this module

It’s SQLMap essentials skill assessment question

In the Footprinting Easy Lab, there don't seem to be any files on the ftp server (2121). Is it supposed to be this way, or am I doing something wrong? 🤔

Anyone available to help with the file upload attacks -> type filters?

hi, could you give me a hint on this, the hint on that section suggest to use Kira cred to login via ssh on somewhere but when i scan the box internal network it give me new ip (almost every time) i'm i supposed to do that? is that other people box ip

yeah what's the issue?

Can I pm you?

ok

any zsh autosuggestions user here? why is it not working over ssh

ok im back to ask other question cuz it appears im trash

so they asked me to find exploit and get a shell on target - took me 3 days but i did it

and then they told me to get NTLM password hash

i used run hashdump but didt worked

Guys. I’m at flag5 of Linux privilege escalation and upgraded my shell. But how can I locate flag5?

use find

so i used other exploit and get the hash but it says its wrong when i try to post it

any ideas ?

No such file or directory

@rustic sage what module are you on?

using the metasploit framework

and which section

find / -name flag.txt

something like that

meterpeter

did you try ||post/windows/gather/hashdump||

yup

use mimikatz

and i got 4 hashes for admin and htb-student

i post the hash they say wrong

and did you dump hash as user NT AUTHORITY\SYSTEM

Well just threw a lot of permissions denied files

And no flag5

arf

idk i didnt do this module

maybe the flag will apear if you use "the intended" way to privesc

yea and it give me a error

and tell me to use the hash_d8mp exploit

all the 4 hashes i found litterly the same

and since they asked for NTLM then it means the last hash after :

oh i remember now did you privesc

wait what privesc

i didt do that xD

Privilege Escalation

nope

so did you get NT AUTHORITY\SYSTEM ?

but im already on root

yup yup in NT / AUTHORITY

witch is root for windows i think

wait what

yes

how the hell this module easy

dm me the error

ok

Man I cannot locate that flag5

Did anyone have done this? Can give a hint? I just upgraded the shell

On Linux privilege escalation skill assessment 5

I’ve doneeeee

Finally

Guys

I am stuck at enumeration with nmap

Medium and hard lab

subdomain enum?

Nah like it's a module

oh my bad

I have student subscription

So got it with that

Need help

@rustic sage are you using pwnbox?

Nah running vpn key on Kali

I have dual booted

I will try and help you. I know on the hard lab my method doesnt work on pwnbox but does on kali

dm me

use nc to connect

It says timeout

@brisk geode you might have to ||spoof your source port while connecting with netcat||

K tysm

I also had tcpdump running and ran the nc command a couple of times

Removed my text someone was trying to solve the lab using my result...

hey guys can anyone give me a nudge in SQLinjection skills assesment ?

Hey guys every install i do in my kali they tel me « E:Invalid operation …. » i change the sources.list and i do update and ubgrade but it’s still the same problem, what i should be do? Heeeelp

post a screen shot of the error and the command

dm me and lets see where you are stuck

why is this port filtered

not sure if this is supposed to be here or not since i know nothing about this, but what do you do with your starting point file?

#starting-point

i cant see the channel

lemme verify

then start at #welcome

@lethal atlas bro i send u in private

ok waiting there for you to send

Ok

Can anybody give me a nudge in the Using Web Proxies skills assement? The cookie decoding challenged has me stumped. I've tried every method of encoding and nothing I've tried seems to bring it down to the 31 character cookie.

dm me

Has anyone finished the web proxies skills assessment? I've done all of the questions except for the first one, which clearly has something I'm overlooking. It would help if someone could spot check me.

DM me

Done 🙂

someone for Windows Privilege Escalation Skills Assessment - Part I ? I have questions

Has anyone finished module the "network enumeration with nmap"

DM me

Look at DNS again. Which protocol is used by default?

I could use a hand with the Web Attacks Module:Bypassing Security Filters -

It seems like the ||HEAD|| verb may be the right one(?), but when I forward the tampered request I just get a blank a webpage, or "Malicious Request Denied" or I'm redirected to the HTTP AUTH portal.

I've tried tampering the requests for /admin.reset and /index.php as others here have suggested, but no luck so far.

DM me

Who works with FatRat?

can i get some assistance with AD enum & exploit module: questions regarding skill asessment 2, please

i dumped the hashes for a user however that hash does not work to pivot to the next step

Is somebody available to help me get he double pivot working to MGMT01 on Attacking Enterprise Networks module (post exploit section). The handler on my host doesn't catch DC01 payload even tough everything is set up ok. DMZ01 even confirms it's listening on port 1234

Dont forget to add routes to your sessions and maybe even do some remote port forwarding through MSF 🙂

specifically this question: Submit the contents of the flag.txt file on the Administrator Desktop on the MS01 host. What i have done so far. -Got admin access -dumped lsas with mimikatz -used lazagne.exe -used snaffler.exe

the hashes i received i cannot use to psexec to ms01

You are suppose to upload lazagne and find a cleartext password (I was never able to get it on my own attack host... A bug or something, maybe from the pwnbox). If it's broken, DM.

yeah its still not working

lazagne didn't work for me either. I use the mimikatz to find the cleartext credentials

Also I think the instances are broken right now.

restart won't help. I already contact the support team

hi everyone , i am trying to find out the FQDN of ip address 10.10.34.136 , i just understand it is something like PTR record , i tried dig -x 10.10.34.136 @dnsserver_ip but found nothing , can anyone suggest?

Which module you're on

I'm stuck at the lesson Active Subdomain Enumeration at HTB academy

Under which module this section comes from?

Information Gathering Web Edition - Active Subdomain Enumeration

I'll look into this module 👀

Haven't tried yet

everything was so easy until this question 😦

Hey @blissful verge
I wanna talk to you about something, can I DM you?

have you tried doing a ZoneTransfers for ||internal.inlanefreight.htb||

no, I just zone transfer for domain inlandfreight.htb

did that review the subdomain ||internal.inlanefreight.htb||?

I haven't tried anything with this domain yet

well then you have your answer

Thanks for the suggestion, I'm trying it

what's the use of HTB and what's the use of THM?

thought they were supposed to be the same?

To help you learn about security and to challenge you

HTB stand for HackTheBox and THM stand for TryHackMe

I understand that's what they both are for, but I am asking the difference

HTB vs THM

both are for learning security, I agree

Its more like HTB and THM

but I'm confused on which one I should start with

At least on the learners side

You can get started on both of the platforms
They're amazing in their own ways

Just try them both, you'll see they are quite different, and only you can say which you like best

But if you really want to learn security, do CTFs

Absolutely don't neglect ctf, it's really the best way to learn

I'm going to fully focus on the final choice as I can only work on these occasionally whenever I get time over the years so I'm really confused on which one to pick and worried about the opportunistic cost of picking one over the other

aren't HTB and THM full of CTFs?

or do I have the wrong idea

They are full of walkthroughs, CTFs, boxes, rooms, dedicated AD labs, and just everything

I mean we do have challenges, but it's not the same as a 48h competition

oh you mean an actual compettion

where does that happen

@sweet heron ping if you need help

Ctftime will show you all ongoing and future ctf, there's a ctf nearly every week/weekend

I'd need some hints with the last part of the linux lpe skills assessment I believe I know how I just don't get it to work

Unable to poison logs
LFI not able to pass the php shell command it's getting filtered out
can someone help, sure that I am on correct logs as when passed a demo string it's getting reflected

anyone available to help me with sqlmap essentials? i'm having a real braindead moment here and can't see what i'm doing wrong

sqlmap -u http://IP:PORT/case2.php --data='id=1' --method PUT --dump --batch

nvm got it

Can anyone please help me with Broken Authentication Bruteforcing Cookies - question 1. Look simple enough and ive changed the role to every admin role I can think of but nothing spits out the flag. can anyone be kind enough to help me please?

In which format am I supposed to write an answer for SQLMap 1st question?

Okay copy paste it works

I need some help with the Attacking Web Applications with Ffuf module on the section Filtering Resultes. I need to scan for some VHosts on the domain academy.htb, but this domain seems to not exists. I also tried to scan for the target mashine, but there was also nothing. Has anyone any suggestion or ideas what I could try?

Anyone able to help with hashcat? I’m running a kali vm, and when I run hashcat the last line says “Initialized device kernels and memory… Illegal instruction”
I’m not sure what the problem is here, is this a memory issue or simply a hardware problem? Any help is appreciated

Connect to the Vpn

I also did that

the question is "...give yourself access as a ||super|| user"

I also have tried it over the pwnbox, but that also didn't worked

maybe add the domain to hosts file

what command are you running exactly?

I also tried that out

paste the command you use as well.

So rn I’m doing this:
Sudo hashcat -a 0 -m 0 -o hcr.txt \ “hash” hcl.txt

I put the md5 hash I generated where the “hash” is

````ffuf -w SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://academy.htb -h 'Host: FUZZ.academy.htb'```

Or ffuf -w SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://SERVER_IP:PORT -h 'Host: FUZZ.SERVER_IP'

And for the host file, I just added the domain with the IP manually

can someone help me with the first metasploit question i get "exploit sucessful but no session was created"

which section?

metasploit framework/modules

yes that's the module but which section (under "Table of Contents")

modules

oh sorry

@strange aspen what metasploit module did you use for the eternal blue vuln?

i tried eternal blue and eternal romance

ok did you try ||exploit/windows/smb/ms17_010_psexec||

yes

hmm, not sure if your command is right, I've modified a bit and it works for me. Try:
ffuf -w /usr/share/SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u FUZZ.academy.htb

can you dm your error and your metasploit set options of that module

If you need to enumerate virtual hosts, its probably better using a DNS list like SecLists/Discovery/DNS/namelist.txt
I would add academy.htb in your /etc/hosts as the target IP you are spawning if using pwnbox and running a command like below
ffuf -w /opt/useful/SecLists/Discovery/DNS/namelist.txt -u http://192.168.10.10 -H "HOST: FUZZ.academy.htb" -fs 612

That also didn't worked. I can't even access the domain if I try ping academy.htb I get name or Services not known

Then whatever virtual hosts you find with different responses use curl -s http://192.168.10.10 -H "Host: virtualhostfound.academy.htb"

Try resetting the target and updating the /etc/hosts with the new IP

what hashcat version are you running?

It seems that I have general problem with the target mashine. I can't even ping the mashine, but I don't get any response. I use the academy-regular.ovpn or EU Academy 1, but I am not able to even ping the target mashine, but I can access the IP over the browser, wich is really confusing.

How many connections are open when you run 'ps aux | grep openvpn' in your terminal? I have had the problem before that many connections were opened which hindered me in connecting to the vpn properly

Killing them with 'kill -9 [connection number]' and then reconnecting with the .ovpn file fixed it for me in that case

where I can find the connection number?

Can someone give me a nudge on Information Gathering - Web - Skills Assessment Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word 'elephants' in the name? yawn

Hello, sorry for this question. I'm a new HTB user and progressing through the academy lab in the getting_started module.
I think I don't quite understand what type of flag should be found in the section of Web ennumeration.
can anyone help me understand this question better ?

DM Me

It should be the second value in the results, so to the right of 'root'

hello everyone . can someone please help me with Firewall and IDS/IPS Evasion - Medium Lab ( Network enumeration with nmap )

wrtie me in privte

Anyone who did active directory bloodhound module?

I need help with 2 questions

From skills assessment

You can list all subdomains with the tool shown in the module.

Then you can search the output with grep.
Your command | grep elephants

@rustic sage So I killed two of three openvpn process but, one was with sudo and one without the other one was just the ps aux | grep openvpn command. Anyway I killed the two from openvpn and I restarted the connection, but it still dosen't worked. I also looked up for the ps aux | grep openvpn again and the two processes that I killed earlyer was back again and I was again unable to ping the target mashine.

Did you set the right LHOST?

can anyone help me with sqlmap essentials. i'm a little confused with specifying a location for an injection mark

DM

sent you a request

I'd need some help with the last flag on linux lpe skills assessment

You will need to run the kill command with sudo regardless afaik, they should be gone permanently once you use kill -9, try to do that and re-run ps aux | grep openvpn to confirm, if theyre gone, reconnect to the vpn and see if the connection is working. Again though, I dont know if this is the problem you are experiencing, it is simply a fix that worked for me when I was struggling with the VPN

@rustic sage Ok that didn't worked for me now. I aslo tryied it on my host mashine, I was testing it on a ubuntu VM before, but that also didn't worked. The main situation is that I can access the IP's webserver over a normal webbrowser but I can't ping or make any kind of scan on the IP and the problem is on my ubuntu VM as well as on my windows host mashine. I am not sure how it is on the pwnbox but I can also not test that out, because I already used it today.

hi

AD enum & exploit module: skill assessment 2: Submit the contents of the flag.txt file on the Administrator Desktop on the MS01 host. What i have done so far. -Got admin access -dumped lsas with mimikatz -used lazagne.exe -used snaffler.exe
the hashes i received i cannot use to psexec to ms01

dm if you still need help

what happened to the pillaging module that was supposed to come out??

FFUF the skills assessment.
Q.Before you run your page fuzzing scan, you should first run an extension fuzzing scan. What are the different extensions accepted by the domains?

so I have found my 3 sub domains and added them to my /etc/hosts
code I'm using :
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://archive.academy.htb:31968/indexFUZZ -v
the result are .php and .phps
However these results are given for every subdomain and not getting the answer.
I have tried to combine two wordlists however takes too long for any results to come back and manually replaced index with other popular pages such as admin, but not getting any solid hits.

can someone explain where I'm going wrong please

Im stuck on information gathering - Active Subdomain Enumeration. The main thing I dont understand is ow I determine how many zones there are on the target nameserver? I have completed the first question where you find the name server but from there Im largely at a loss. Anyone able to help?

Hey
anyone know what is looking for with that the only one I'm missing. From the module Intro to analyze network traffic.

What are the client and server port numbers used in first full TCP three-way handshake? (low number first then high number)😃

Have solved it😃

I'm stuck on footprinting module. Anyone able to help me

Sure, DM me

Im stuck at the vpn connection, i cant get any further, ive tried alot of things but it didnt work.. anyone able to help me?

@dawn tapir using openvpn?

Im using protonvpn

you're trying to connect to the htb vpn? doing academy or starting point? I haven't used protonvpn, I'm not sure if the packs they give you are compatible with proton

should i dm you?

Nah, I don't know enough about protonvpn, I'd check the forums, but pretty sure the options are openvpn, or using the pwnbox

You need to connect to the VPN of the HTB service you want to use.

Its weird, bc i need to download something, and then i cant open it...

You can't 'open' it, its used as an argument for openvpn

an example would be 'sudo openvpn academy.ovpn'

Oh okay Thanks!

np 👍

hey guys , I need help with the firewall and IDS/IPS evasion - Easy Lab in the nmap module

I'm kind of lost on how to start. My best thought would be to see which ports actually are filtered, however when i run sudo nmap 10.129.2.80 -p-, the filtered ports are just shown as a whole number , i am not given the filtered ports, any help?

You should be "quiet" for this scan.

ill try that thank you

If you get stuck, feel free to DM me

Tadaaa! 🎉
Path completed! Took me 3-4 months part-time to complete (as a hobby). It wasn't easy, but I now know a hell lot more than I did back then! Special thanks to @distant stream and @west canopy , and all the others without whom it would not have been possible!

Congrats! 🎉

Gratz!! 🎉

in the firewall and IDS/IPS evasion - Easy Lab in the nmap module , is it really as easy as navigating to the web server to find the OS version?
it kind of seems weird that the entire section is about IPS/IDS and firewall evasion and then there is a challenge that requires you to put the ip into your browser

Before I begin to ask a separate question, am I allowed to ask questions or send my thoughts here other than this one?

Maintenance is July 6th, at 6:00 - 10:00 UTC HackTheBox

nice work bud!

Congrats bro!

congrats. hard word will pay off .

https://tenor.com/view/congrats-congratulations-you-did-it-gif-15190617

@sweet heron Way to go!

Hello!, i'm stuck in 'Attacking common applications' - osTicket, the challange is "Find your way into the osTicket", but in the example is used dehased.py script to get some password leaks but i cant found some version to use, Someone who has done the module and give me some advice to get the credentials?
i already tried creating new user and ticket to get mail, but I have not succeeded

Well done. Its not easy and requires significant commitment to get through it! 👏

hey im kind of lost on where to start in the hard lab in the nmap module

Hi! I 've just started the linux fundamentals. In the part of linux components I can't understand what exactly is the graphics server component and how it differentiates from the Window Manager (GUI). Could someone recommend me more material to get main idea?

I believe I have tried this, are you able to DM me.

Bot Messages Empty?
@vestal thistle makes use of message embeds as output for most commands. Please note that having "Link Preview" disabled will not make these embeds show in your client. Enable User Settings → Text & Images → Link Preview → Show website preview info from links pasted into chat. to fix this.

Sure

can anyone give me a nudge on SQLMap module?

Little stuck on case 5 question

Help , with Network enurmation with nmap ( medium lab ?

someone for Windows Privilege Escalation Skills Assessment - Part II ?

look into the scripts feature of nmap

anyone available for a quick sqlmap question? i've got the http request copied into a text document and added the -r flag, but saying it's not a valid http request XD

anybody willing to help on this question?

intro to network traffic analysis

What is the context of the question ?