HTB Academy : Footprinting Skills Assessment Lab - Hard

i got stuck too, extracted the key using pop3s and it failed, did the same thing using imaps instead and worked right away after adding the key.

Saved the text as “key” and converted it to id_rsa.conv using puttygen

puttygen key -O private-openssh -o id_rsa.conv

use the ssh -i id_rsa.conv to connect and should work like a charm

Im not sure where to find the database you mentioned, any help?

(solved it!)

Look in the home directory you’ll find the log file for database.


Yes, try to connect to db and check for the entry of the user.

Ok, I’m stuck here as well.
I’ve found the ssh key, but when I attempt to access the server using the key, I get the following error

ssh -i id_rsa tom@
Unable to negotiate with port 22: no matching key exchange method found. Their offer: curve25519-sha256,,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

I already changed the permissions
What am I doing wrong??

Did you find your way through this yet?

Yes, I decided to try Parrot OS and it worked.

1 Like

Hi, am also stuck on medium part of footprinting module. I just found some tickets by mounting nfs to my host. So, what to do next please.

What’s odd about any of the tickets when you list them?

I am not even sure where to start at this point. I completed a scan of services and found 5 ports open which are 22, 110, 143, 993, and 995. I attempted to log in with credentials given and obtained from previous labs (Easy and Medium) and none seems to work. I noticed in the threads that SNMP is targeted but those ports are closed from the pwnbox. What am I missing? Where did the Tom credentials come from?
Thanks guys

Check the top of the thread. GuyKazuya put me on the right path - ended up taking a break for a few days but came back kicking myself.
Onesixtyone was hanging me up because I was not reading the output carefully to take the next step.

Hello friend, let’s make it clear that you need to forget about past labs. This is new lab, also most people forget to UDP scan. Wanna start from here? Oh also some people dont read or dont care about a lot of useful links like pls save this link and use it when you are stuck. There you go, if you have difficulty please write my discord: zzerolifee . i would be happy to help but I will not directly say what is flag, because I also stuck for atleast 1 hour and did it myself. Good Luck!

Hi, i checked every method by following modules sections DNS,SNMP, IMAP/POP3. But when enumerating IMAP/POP3 we need creds. Otherwise its not possible to search inside. And there is no port open for SNMP. i reset the machine. but found nothing. i know about queries for IMAP/POP3. see the attachements.

are you there ?