Introduction to C# - HTB Academy - Skills Assessment - Simple tips

Tutorials
, ,
1

Your task is to create a C# application that will iterate through the wordlist, using each word as a potential path on the target host. You will make HTTP requests to these paths and check for the existence of flag.txt. The program will output the paths where the flag.txt file exists.

Since I have not found any post about this in the forum I will give a few tips to whoever might try the module and have problems.The skill assessment is quite simple.

If you try to overcomplicate it you will just have more trouble finding what you want, which is the path to the file.

Keeping it as simple as possible, try to replicate what you learned about Async and also a way to iterate through the wordlist, a good idea is to have the request response being printed so youā€™ll have fun watching the code iterating through everything (or not). No need to use StreamReader either, it would make you work a little bit more to obtain the same result but I guess its still an option if you want an all-in-one solution

1 Like
2

There is a lot of caveats for getting this lab to work. Have to use an IDE in the pwnbox VM on the browser, install .NET, and apparently have to be connected using the EU VPNā€¦

3

I canā€™t get the lab to work. I tried now for 5 days to get it working. Normally I use my own kali linux Visual Studio Codium in Python, but for C# it is a struggle with the libraries import ??? I did all the sections, except the Skills Assessment. I also tried Visual Studio Code and even installed on my Windows machine Visual Studio but I keep getting stuck on library Assessment.dll.
I need this for knowing the paths to smuggler the Apache server because itā€™s vulnerable.
With Ffuf I did not succeed.
Furthermore I tried to parse the .dll for the wordlist but no success either.
Please help me to get the last flag to finish this HTB module!!!

4

I managed to extract de wordlist from Assessment.dll with dotPeak (JetBrains) and used also the decoding part of it. Wordlist of 999 lines. Iteration of these words resulted in 998 times 404 (Not Found) and 1 resulted in a 403 (Forbidden). That was string h******s, but no success either.
Please help.

5

http:///h******s/flag.txt

6

@minTwin I recommend using the Visual Studio IDE(community), as for the libraries you wont need something too complex. The steps were all explained, you need to make a loop that sends something and until that something is found it will keep running. I also recommend having some ā€œConsole.Writelineā€ so that youā€™ll see how many attempts were made as well as knowing which string was the correct one

7

so iā€™ve figured out you need to import the dll, iā€™ve checked the dll with c# code to verify the method exists in the assessment.words but I donā€™t know how to call it from MY program.

8

You have to iterate through the list using a loop that will make one request at a time with a different word, this is the simplest method, I also recommend having it print the word used and the response from your request so that youā€™ll be sure it is working as you intend it to

Iā€™m trying not to give out too much here but it was all taught in the previous pages of the C# module, its a bit too simple so its hard to not give spoilers

Also, donā€™t forget that if you try the wrong protocol it might not work at all

9

Can you help me please?

The name Library-Question give me a error in fase of compilation, I am sure that this depend of character ā€˜-ā€™. I have tried to change the name with underscore ā€˜_ā€™, but isnā€™t possible change the reference internal.

How I can solve?

using System;
using Library-Question;  //Error: Es001.cs(2,13): error CS1525: Unexpected symbol `-', expecting `.', `::', `;', `<', or `='

namespace n_Hello
{
class Hello
{
<SNIP>
10

Ok I have resolved!

11

can you help me,if you can please give me your discord account.thanks.

12

Have you resolve? Do you steel need help?

13

yeah,I need,can you tell me your discord account.

14

I have the account but I generally not used. Also I couldnā€™t speak English.
I try to help with a private message, you can find me on Discord with my account name: thorelveneyes

15

I have sent you a friend request and am waiting for your reply

16

My English is not very good either, I translated it through Google Translate,Waiting for your friendā€™s reply.

17

Try to follow the indication that I have send you, now you have every answer.

18

I will try to give a few more hints that take into account the problems that have been pointed out by others in this thread.

First: The library, try to use a simple name if you will change the file name when adding the library to the code, remember that you will have to access GetWordList() inside the Words class that is inside the library
using Assessment;

Personally I recommend creating a List that will receive the contents of GetWordList

Second: The target. The target is an HTTP domain, it will not work if you use
https://[Target-IP] instead, use http://[Target-IP]

As I explained before, I used Async and Loops to iterate through the wordlist and make HTTP requests
HttpClient

Third: The environment. I personally gave up on doing this exercise on the attackbox, I downloaded the OpenVPN configuration files and connected to it using my own computer. The connection is not very stable and sometimes it will not be able to receive the responses. It might require several tries

Fourth: Async requests allow you to make several requests at a time as it was explained, it makes the whole process a lot faster so I do think it is extremely important that you find a way to use them. I would recommend Parallel.ForEachAsync

Fifth: I did not use StreamReader, I do not think it is necessary despite being something useful, I simply read the content of the flag by accessing the HttpResponseMessage

19

Total lack of google help. Donā€™t think many tried this module.

This is my code to stop you from killing yourselves.
Figure out the dll stuff on your own.

using System;
using System.Net.Http;
using System.Threading.Tasks;
using Assessment;  

class Program
{
    static async Task Main(string[] args)
    {
        string baseUrl = "http://10.129.205.211";  // Replace with the actual target host

        var wordInstance = new Words(); // Create an instance
        var words = wordInstance.GetWordList(); // Call the method on the instance
        var httpClient = new HttpClient();


        foreach (var word in words)
        {
			Console.WriteLine($"Word: {word}"); //Optional - see it running
            string fullPath = $"{baseUrl}/{word}/flag.txt"; // Construct the URL
            if (await CheckForFlagFile(httpClient, fullPath))
            {
                Console.WriteLine($" Flag found at: {fullPath}  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<");
            }
        }
    }

    private static async Task<bool> CheckForFlagFile(HttpClient httpClient, string url)
    {
        try
        {
            var response = await httpClient.GetAsync(url);
            return response.IsSuccessStatusCode; // Check if status code indicates success (200-299)
        }
        catch (HttpRequestException)
        {
            // Handle any request exceptions (e.g., connection issues)
            return false;
        }
    }
}
20

similar to what I did but Iā€™m not sure if weā€™re allowed to straight up post the solutions here

HTB in general does not allow full on solutions and walkthroughs to be posted so be careful, I tried providing them with steps to solve it, there are so many ways to do it that I think theyā€™ll be able to do it