Official Academy Discussion

Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to “http://academy.htb/” but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?

@Megatron404 said:

Port 80 is open on the machine. When I navigate to http://BOX-IP it redirects to “http://academy.htb/” but I am unable to reach that domain. I do not get any server response. Am I on the wrong track here?

Then allow you system to resolve that name :wink:

just rooted the system…Things are right infront of your eyes.

Just got user. Wasted around two hours digging through the wrong place. If you feel you’re looking at the right stuff, but have information that doesn’t work, maybe try looking around for something similar to what you have somewhere nearby.

Beating my head against the wall on foothold. Found a couple possibly relevant exploits to get RCE, but nothing I’ve tried is working. Would someone be able to send a nudge as to what I’m missing on the exploit?

Well, I’m back on HTB after a year and a half break and I am apparently really out of practice. I’ve gotten the Ll debug page and have found a corresponding exploit via searcht, but the exploit isn’t working and I can’t figure out why. Any nudges?

@honorbound said:

Well, I’m back on HTB after a year and a half break and I am apparently really out of practice. I’ve gotten the Ll debug page and have found a corresponding exploit via searcht, but the exploit isn’t working and I can’t figure out why. Any nudges?

Double check the options you have selected.

Rooted after a few days. In hindsight not complicated if you enumerate well enough.

PM me for nudge.

SMB1 disabled – no workgroup available
help pls guys on my kali terminal

@Dessalegn said:

SMB1 disabled – no workgroup available

Is there an SMB port open? If you are talking about the Academy box (i.e. this thread), you might want to double check your nmap output.

help pls guys on my kali terminal

Maybe try a different port.

Nevermind! I got it! Foothold was probably the most awkward due to the paramter that’s easy to miss and/or misunderstand. Awesome box! Path to root was pretty great.

uid=0(root) gid=0(root) groups=0(root)

Got lost in the thread when I posted what was originally here XD

Rooted.

Academy is one of the most funniest box i ever did. So congrats to its creator.

I have one question about the root path : is it possible to exploit the B**** S****** ? i try but it seems not vulnerable even if the version of the command seems. Maybe i did something wrong or the exploit i used was not the best.

That was a battle of will. Pretty easy box till you try to get user2. Missed what I should have found, but found it in the end. User2!, pay attention to groups and search google where things might get logged, then X*D will be your friend. Thanks egre55 and mrb3n, learned one valuable thing. Cheers

SQL Injection module:

Q: In the ‘titles’ table, what is the number of records WHERE the employee number is greater than 200000 OR their title does NOT contain ‘engineer’?

A: 404791 (wrong)

My query: select * from titles where emp_no>200000 OR title!=‘Engineer’;

Edit: nevermind I got the solution.

Hi,
In Section: “Interrogating Network Traffic With Capture and Display Filters”.
Module: INTRO TO NETWORK TRAFFIC ANALYSIS

There is a question about which ports the host and server are using.

“What are the client and server port numbers used in first full TCP three-way handshake? (low number first then high number)”

I have found the answer but I do not agree with it. What I can see in the answer it is not a Full TCP-handshake. It is SYN,SYN-ACK, RST. I was expecting a ACK in the end? Have I misunderstood it?

Isnt a FULL 3-way-TCP-handshake: SYN,SYN-ACK,ACK?

Lets say correct port is Y
“My” port is X.

The first occurance (what I can find) of port X is
[S]
[SYN.]
[.]

And Port Y is:
[S]
[SYN.]
[R]

Greeting, I’m a noob, I’m stuck with a question on Linux Fundamentals. What is the path to the htb-student’s mail? Can someone help me?

Anyone else not able to get Burp Suite to work with this machine? I updated my /etc/hosts file and can get to the site on port 80 using my regular browser, but I cannot get the Chromium browser within Burp Suite to work. I tried Burp Suite with other machines and it works without any problems.