you're a life and time saver, you earn a sub. BTW I'm new to cybersecurity.

Thank you for these!

Thanks! The HTB Note 1: Don't forget to add "admin.academy.htb" to "/etc/hosts". is willingly misleading.

I was stumped! I appreciate you posting this :)

Great!

helped thanks!

This was the first one I did all by my self. Every time I get so close before giving up and coming here. This time it was because I changed the flags country I couldn't get the flag. Thank you man please keep posting these!

Cheers I had a pretty good idea this was how I should solve it but the search bar on my website would not let me interact with it strange dunno if anyone else ran into this issue

how to kill multiple programs with command prompt?

For anyone getting the "Invalid JSON" error, you need to format the data after -d like this: ^"^{^\^"search^\^":^\^"flag^\^"^}^" ^ So for example: curl -X POST -d ^"^{^\^"search^\^":^\^"flag^\^"^}^" ^ -b [sessionid] -H "Content-Type:application/json" [url]

I have to say so far HTB is very unprofessional and aggravating. It feels like it was made by very technologically illiterate people who don't know about computers. The fact this lesson had a target machine you basically never interact with then it just says stuff like "oh do this to this page" it is so broad and unspecific that it quite literally is unusable they need to annotate and explain things better. Also the adding to etc hosts via echo is also very very annoying as there is not even one single scenario that that would be necessary all you need to do is use the tool how it was intended who tf would make a tool that doesn't even work unless you add every site into etc/hosts no that's not how it works. HTB is very poor setup and TERRIBLE at teaching ppl cause it is literally explaining things like an uncategorized caveman. Also it never once explains to completely disregard the target ip, in this case they need to remove the target ip if it isn't being used for the exercise. VERY VERY infuriating and pointless I am so upset and discouraged to keep using this platform it is so unprofessional. And it also never explains to disregard the entire target EXCEPT for just magically the port! lol what the actual FUCK!? SO we are attacking htb has NOTHING to do with the IP but somehow does have to do with the port? what the actual fuck is this thing trying to teach us? It is quite literally teaching us nothing and teaching us incorrect info FUCK HTB!

I keep receiving “A Valid Cookie is required” I don’t understand what I’m doing wrong as I provide the cookie I get

Thanks for this bud, all of this stuff was totally standard, but for some reason HTB kept rejecting my answer for MAC address. Even though I was 99% sure it was the answer it kept rejecting it and I was going insane. Which lead me to your video, turns it I had to put in MAC-address. You saved me a lot of pain

thanks man

My nose was right on it. the file path flag is what I overlooked.

thanks so much, really helpful

great video

thanks so much ❤

doesnt work at all there isnt a dowload file anymore 2024 nov

fucking clickbait bullshit video

Really helpfull ❤

i was just about to try this but i give up and seached on google

<3

Awesome. Been stuck on this lab for a while till I came across your video. Thank you.

Hello, if I search through curl I get the flag from the terminal, but when I want to see the search.php in the developer tools in the requests it does not load

thanks

Thank you for providing a step by step process and clear explanation!

You can also use "sudo --version" in the session.

How do I vpn into the HTB academy servers from my linux environment.

Hey, great content you have been watching some of your videos and explanations when i'm stuck on one of these modules. Do you have or would you consider creating a discord community? That would be great to get to talk with people more knowledgable than I am in IT and cybersec and learn from one another

thank u

incredible thank you, was so stuck

My jpeg files dont show when i filter the capture to http

using what you learned in this section, try to deobfuscate 'secret.js' in order to get the content of the flag. what is the flag? :::::::::::::::::::::::::::::::::::::::: Can you answer this question? I searched a lot and did not find a correct answer. I did everything that was correct, but it did not work. Is the laboratory wrong or old? I hope for an answer and thank you very much❤❤

they updated this module.. hoping this technique still applies

it is not taking me to there as it sasys coming More documentation is coming, in the meantime consult source files

Like a bossssssssssssss!

lmao, I left out the version number and for that reason there were lots of exploits and I just randomly used one which didn't work obviously. thanks for the help

Huge help man. Thanks!

Great Videos, I was lost on either using the pcap or spawning the machine

So nice! Thanks

Awesome content. Keep going!

for me it doesnt show that have saved any file even if i set FILEPATH to /flag.txt

Grazie !

Do you offer 1on1 zoom sessions at all? I'm just starting out in this industry and could use the help when stuck. I'm in Australia so the time difference may be an issue? Get back to me when you can. Cheers.

never clicked for me that i needed to add in front of the numerical IP. thank you!

Thankyou legend

when i do de request in the search bar i dont see nothing in the devtools but yes when i reload the page, could someone help me??

Thanks for posting this, I too, got stumped at the same place!

А можно так же описать прохождение Privilege Escalation следующей главы, потом что понять логику товарища который написал руководство к этому очень сложно.