#cyber-security-101-path

I love the raccoon!!!

give me 5 minutes to start it up and get to where you are

ok

please tell me again which Task and Question that is?

task 4, question 2 is the one I am on right now

did you export the file?

this is what I get when I do

yes

you can enter a name

and then hit save at the bottom right

should append it with a jpeg?

not needed

picture

sorry,

alright. Now open a terminal and use the command to get a md5 hash with the name of the file you just saved

took me back to wireshark

ok

keep in mind that you need to be in the same folder as the image

how do I do the hash command again?'

I just did hash and the file

what kind of hash are we looking for?

what variant

md5

what is the exact command to get an md5 hash?

let me look it up

basically we're looking up an md5 checksum

hashfile is n't working

what are you entering exactly?

I have tried several. hash picture MD5

hashfile

no no wait

take a step back

with and without the dash in front of it

we're looking for the command that prints the md5 hash of a file

its a single command thats 6 characters long

certutil -hashfile

I'm not sure if cryptography already came up or was before

but what you're looking for is hidden in here:

.

if you need more direct help, let me know and I'll just spoil the answer lmao

now I am getting this

nono

drop certutil

ignore it

you're looking for a md5 checksum (the bold marked might be a command if combined together) + filename

Now I either gave you the hint you needed or completely threw you off the topic lmao

let me know which one it is so I can actually give you the command

this is what I get

drop -hashfile as well

6 letter command

ok so its

||md5sum|| + filename

obv not the + but a space

try that

That finally worked!!! I have never seen it done that way before. I am still new to this cybersecurity thing. I would have been at it for hours if not days and weeks. LOL

dw it will get explained in Cryptography in more detail

which should come after networking I believe

I have definitel been redoing rooms with this new path. Doesn't hurt me to redo them

I take copious notes though, LOL

thats the way

I think I burned through 20 pages on notes for the network fundamentals alone

Lol, that's good

They have crptography after this section

They should have crptography before networking, lol

yea. I mean I think its the only time you need anything cryptography related

but that knowledge may have not hurt beforehand

definitely wouldn't have but I still can't find question 1

help me out please, which one is that?

the question before that one you helped me with

same room

if you look for the string r4w, you get thrown onto package 33790

inside the html is the artist name

it should already be highlighted in blue if you searched the string

and as mentioned, its a bit more to the right inside <h3>

I don't see anything

you can drag the window to the right

move that slider to the right a bit

or press on the > arrow at the right side

well thats too far

your answer is hidden somewhere inbetween

all I see is a bunch of code and websites

if you press find again

it will take you to the exact line

on that, just go a bit to the right

I was looking for a name not a friggen code word, lol

xd

Not sure what to think of this question, lol

They could have worded it differently

I guess I should then prepare you and let you know that the second task wants you to find another artists name? 😄

First you have to find the .txt file, lol

Not sure I am liking Wireshark, lol

it takes some getting used to

when I hit the find button it goes between two different packet numbers

then what you were looking for is in multiple packets

depending on what you're looking for obviously

wait till you use metasploit

I am ok with Metasploit, SO FAR, LOL

but I am not finding the txt file but I am looking in the html/text

section

I think I am done for awhile. I am not seeing the .txt file in either packet. I'll either get back on later or tomorrow for sure

Thanks for all your help!!!

Take a break! It's fine. The Wireshark room as a lot of input

I'm sure you'll get it tomorrow easily. If not, I might be here

otherwise someone else is

I'm on the struggle bus. I working on Windows Command Line in cyber security 101. Task 4 What are the file’s contents in C:\Treasure\Hunt?

Could someone help? I just keep getting a access denied error.

Can you provide a screenshot ?

You first need to go to C:\Treasure\Hunt directory || cd C:\Treasure\Hunt ||

Than use the || dir || command in it to list files

You can than read the file contents with || more || or || type || command

Thank you you let me try.

I'm sorry idk what I'm doing wrong. If I type more I getting syntax of command line is incorrect

same thing with type

What's your full command ?

user@WINSRV2022-CORE C:\Treasure\Hunt>cc

sorry not the cc

user@WINSRV2022-CORE C:\Treasure\Hunt>

now type || dir || . You should see files that're in that directory

I'm sorry I got it

I'm a dumb ass. I was looking at the wrong thing. Completely user error. THANK YOU so much for your help.

You're doing good , keep going 😉

I am not sure what packet to be looking in. Wireshark: The Basics task 4

I have looked in the r4w packets, both of them and didn't see a thing

File > Export Objects > HTTP > You will find an interesting .txt file there 😉

Press save to save it on your machine

Which packet number?

Press File in the upper left corner of the Wireshark app

You can sometimes export files from unencrypted pcap which were transmitted during communication

it give me a bunch of objects but no text files really. I see wireshark.desktop

There should be a plenty opf objects . Sort by filename, you're looking for .txt files or sort by Content Type, you're looking for text/plain files

I don't see any text files

ads%3fclient=ca-pub-2309191948673629&random=1084443430285&lmt=1082467020&format=468x60_as&output=html&url=http%3A%2F%2Fwww.ethereal.com%2Fdownload

I see text/html. And then when I save it, it saves different things when I click on different lines.

Thank you, that was more confusing than it should have been

now where do i find the expert info section?

Nvm, I found it

Only three are displayed

Wireshark: the basics task 5

Your filter isn't good

I changed it slightly now I am not seeing anything

Delete everything from the filter bar and apply the file just like in my screenshot

I will do it again like that then I'll send what it gives me

Cause I did it that way but I couldn't find how many packets. The number at the bottom of the screen was wrong

I don't see the number of packets

56820 was wrong

Delete that frame.time filter

58620

and apply http filter

and see how many packets are displayed

The number you're looking is the total number of packets in the pcap file

and where do I find the pcap file, lol

You're already inspecting it 🙂 . Exercise.pcap

well the answer is not 58620

1089

that's right

nope

yep, I had it in the wrong spot, lol

I am beginning to really not like Wireshark, lol

You're doing good , keep going 😉

I am almost done with the room

I have looked at this file before and now they want us to find how many artists there are and the names? Lol

I am not seeing anything but the first artist's name.

search for || artist=2 || and || artist=3 || in the find bar

won't do it

neither works

Follow the http stream

for packet 33790

Thank you for your help tonight

I really do appreciate it. I may repeat this room this weekend.

cd To change Directory
dir To list the contents of the directory ( ls in linux )
type To display the contents of the file ( cat in linux )

How would you retrieve the items in the current directory with size greater than 100? [for the sake of this question, avoid the use of quotes (" or ') in your answer]
Get-ChildItem | Where-Object Length -gt 100

Youre missing something
Hint:

What is Length of an object ? 🙂

It is its ? 🙂

property

Yes

🙂

Just add it to your command

thank you @woeful jungle @quaint plover 😃

Gave +1 Rep to @woeful jungle (current: #102 - 74)

Are the laptop tickets and THM vouchers over already?

I am keep completing rooms and only getting CYBER Crusader and Streak freeze tickets 😄

Same, i've done all the rooms and I didn't get anything other than these, I was hoping for a shirt but maybe next time 🥲

How many prizes left?

infinite amount of Crusader Titles and streak freezes.

What's a Crusader Title?

Cyber Crusader Title that will show on your profile or even here on discord (instead of your level), for aslong as the promotion campagne (4 nov)

That's... Useless 😞

Also I got only 2 rooms left (not subscribed). Just gonna do it for fun now.

Good luck , maybe you find something 😉

I'm doing the web application basic, but i don't get the flag for the POST command, it just says "user 2 is successfully updated", is there a problem?

i havent done it, but hint says to watch for case sensitivity, maybe not Country but country?

I did that (in the screenshot)

automatically changes to a capital C?

what do you mean, i changed if after looking at the hint

You have to click the save icon then proceed.

nope

I just got the flag that way. In your screenshot the country:US is not saved yet.

thank you for help. The issue was with my eyes. I just used password as a username... I should probably wear glasses.

Gave +1 Rep to @lavish trellis (current: #29 - 295)

Yes, i saved it but nothing change

when you click GO no flag shows? then refresh the room i suppose.

Still no flag

then refresh the room maybe. I can click Go 100x and the flags will show every time..

I try that...

nothing x)

Got it, it was supposed to be lower-case...

I believe API requests should always be lowercase, Might be something to keep in mind

i forgot to say thank you @civic tartan !

Gave +1 Rep to @civic tartan (current: #32 - 254)

Hey guys... I am stuck here...

What is the IP address of the host that sent packets larger than 15000 bytes?

Can anyone tell me

this is the filter I am using

tcpdump -r traffic.pcap 'ip[2:2] > 15000'

Hey Darth, i used tcpdump -r traffic.pcap -n -vvv 'ip[2:2] > 15000' -c 1 | sort | uniq ( I am new, so not sure of the rules around helping etc)

Let me know if that solves it for you.

thank you so much man... i will write it down in my notes...

Gave +1 Rep to @sharp ferry (current: #2326 - 1)

really helpful

Helpful if it works :-), I am on the journey too!

me too

all the best for your journey

👍 Thanks, if I can help, let me know.

sure thing

i will..

Tcp: The basics. I am not getting anything back when I put a command in and was wondering why

or does it take a long time to get results

show the command please?

ah sorry

which task is it?

Are you still there? I just saw this message

The command is in the screenshot

It's not a specific task. I'm just trying to get a response like the examples show.

Traffic needs to be generated for tcpdump to capture it

^ there is a pcap file saved in the machine named traffic.pcap
This is useful for answering some of the questions in the tasks.

Sorry I was already sleeping 😴😪

if you do port 22 instead of port 53, you should get plenty of traffic, as that is the port used by the ssh connection to login to the target VM:

In the Blue room, how do I confirm if the exploit has run correctly?

@gentle shoal for the Recon part?

No, the Gain access part

I keep getting the Failed message.

I tried restarting the target machine too.

You should see the result in metasploit

if you don't have a reverse shell, it's a failure

What could be the issue?
I got the "exploit completed but no session was created" message

Eternalblue is a very unstable exploit, it often takes a few tries before successful. Could you show screesnhots of the options that you set, just to make sure everything is set correctly.

Um.... I got fed up with it and shutdown the VM

I'll try later

finally jus one remain

Congarts 😉

thanks sir, your great!

Gave +1 Rep to @woeful jungle (current: #76 - 95)

I'll try that, thank you

Gave +1 Rep to @lavish trellis (current: #29 - 296)

In the Hydra room, it's showing 16 correct passwords for molly. This can't be right. Has anyone else encountered this?

I am trying to get the ICMP traffic. I am typing it the way the example shows but it doesn't give me anything

Tcpdump: The Basics, task 3. Why is it not filtering out the ICMP traffic?

are you generating ICMP traffic?

Lol, good question! How would I know or how do I do that?

I am new to this cybersecurity thing

ICMP traffic is generated typically with the ping command
so you could do ping from your attacking machine towards the target with ping <IP of target>
you stop the ping command with Ctrl-C

How long would I ping for?

you could do ping <IP of target> -c 5 to generate 5 ping, i. e. 10 ICMP messages if you prefer that instead of starting by default an infinite ping that you stop with Ctrl-C

you would get that if you put the wrong path as parameter in the http-post-form part of the hydra command
I find the room material is a bit confusing
you get the right path by looking in the Network tab of the developer tool, or by intercepting a login attempt with Burp

Ah. I see now. It is a bit confusing. Thanks!

Gave +1 Rep to @lavish trellis (current: #29 - 297)

FYI: here is what I get when I do that ping command with my instance
I like to use the -n option with tcpdump: I get the IP address, intead of a domain name

When I ping it, it still won't give me anything in the target box

it just resets the terminal

I have tried starting the tcpdump before I ping it and it still doesn't give me anything

before you showed this screenshot for your tcpdump command, which was different from what you just post here:

basically it just goes back to the prompt and the tcpdump command doesn't show

when I try to run the command again, it just listens

should I be putting the name of the file in there/

in the command

what is that 10.100.1.28 IP address?
there should be only 2 IP addresses involved here as there are only 2 machines involved

did I just post that? or is that an old one? Because that is not the IP address of either box

I see it now. I don't know where that came from. That is on the target box

Should I close it out and open another target box?

I figured it out. It was the wrong command that I was using

I am trying to complete task 4 of the tcpdump basics room. I tried tcpdump -r traffic.pcap greater 15000. The results look correct to a newbie like me, but the site does not like the IP address 192.168.124.137. Any tips would be helpful. Thanks!

the question is about the source IP

ok... can I get a bit more info? this question has thrown me thru a loop.

I got it.

Thank you

your screenshot shows traffic between 2 devices:

• one that sent traffic
• one that received traffic
  the direction of the traffic is noted by tcpdump with the > character
  this means that the device before the > character is the source of the traffic and the device after the > character is the destination of the traffic
  back to the wording of the question: What is the IP address of the host that sent packets larger than 15000 bytes? From these words, you should understand that THM are after the device that originated the traffic, i. e. the source
  Final thought: consider using the -n option with your tcpdump command, so that IP addresses are not resolved into names; without the -n option you will not see the IP addresses properly

Thank you!

Gave +1 Rep to @lavish trellis (current: #29 - 299)

help me

What's your command ?

nvm my command was also right i was just writing the wrong output

this was it

Ok 😉

Do I have to change the value of LHOST too? I kept it in default.

lhost it's your attacker machine ip

https://tryhackme.com/r/room/cryptographybasics typo in task 6

23%6 = 5 because 25 divided by 6 is 3, with a remainder of 5, i.e., 23 = 3 × 6 + 5

25 should be 23

huh? are u sure 25/6 is 3? xD

Meant to say mod not divided by

ah nvm

I see the typo u mean

The line was copied from the room and it should be 23%6 = 5 because 23 mod 6 is 3

Ok. Got it

Finally done with the path. I would say around 75% of the course-load I had little experience with prior. It is a really beefy path with a lot of good information. I really enjoyed the tools and appreciated that there were hands-on exercises.

Anyone giving their premium vouchers?

Guys, i would have a question about CAPA task-4, i don't understand this question

Doesn't nmap by default run a tcp scan? I assume -sT flag is just for more clear specification or do I have my understanding mixed up

By default, nmap runs a syn scan (-sS), -sT completes a full TCP connection

ah ok that makes more sense. Ok so then lemme rephrase the question since it really stems from if there is ever a need to specify the flag for what is already default in this case being a syn scan

Well, if you don't specify a flag, it will fall back to a TCP scan (-sT)

it gives you more granular control over the behavior, and a variety of other things that you might want to adjust when it comes to running scripts with nmap, and what not

im a lil confused cause didnt you say that the default was a syn scan?

yes by default it is, but a syn scan requires admin privileges, so if it doesn't have that then it will fall back to a TCP scan

but if you specify a syn scan with -sS it will simply fail

oh ok so if your not under elevated perms it will default to a tcp scan?

that's right

very interesting. I was like I swear I heard tcp being default, but didnt realize how the permissions affect it.

yeah, you can observe it with wireshark

just nmap 8.8.8.8 or something with an unprivileged account and see if you are setting up full tcp connections or just responding with rst when the server rplies synack

-sS

ye im doing the nmap room rn in the new path and it shows the connections in wireshark

oh i see

that was just me running nmap 8.8.8.8 as an admin account, no -sS specifier

yea cause of the rst

right

makes sense

if I was not an admin, it'd complete the handshake

and if you write a scanner to do a syn scan and forget to send rst, then you've made a slowloris tool lol

yea so a normal tcp scan rather than a syn scan. I suppose that is another way to determine if you are on a account that has elevated privilages or not but obviously there are more straight forward ways

nevermind on this, I was mistaken, that'd not be slowloris. that'd be sending partial http requests

yeah, I mean the reason it needs it is a good way to check, too. It will try to access your adapter and will be denied

so you could just use that to check as well, on a code-level

makes sense

https://linux.die.net/man/7/capabilities#:~:text=listen to multicasts.-,CAP_NET_RAW,-*
https://linux.die.net/man/2/socket#:~:text=input system call.-,SOCK_RAW,-Provides raw network

Here's the links to the man pages for the linux capability and syscall that's used to do a syn scan, if you ever wanted to implement that idea yourself. Have a good one =)

tyty

active directory is really annoying

finally finished all 🙂

Congrats 🥳

Hashing Basics task 2. Why is it not giving me the file like the example shows?

cat show you the content which is letter T, see next to user@ip-10

Good morning, i get 7 days streak, but i've some doubts about how it works. Let me explane better... when it is activated, will it have to be 7 days in a row or can it be 7 days in different periods? for example one day today, and the next day if it happens next week etc etc until reaching the threshold of 7? I hope I explained myself well

it didn't show me anything for some reason but I did the hexdump command and it worked

Hashing the basics. I use the answer I found online and it says it's wrong, I don't get it

the question refer to hashcat mode which you will find on https://hashcat.net/wiki/doku.php?id=example_hashes

also on your own screenshot you can see letter T next to word user@

Hi guys, Im currently on pre security after having completed intro to cyber security. I was going to do complete beginner before moving to jr penetration tester however now I see a new cyber security 101 path.

Where would this fit in?

Cyber 101 is like an upgraded and more up-to-date version of complete beginner

Go with Cyber 101

so is complete beginner essentially a waste of time after these 3 starter paths

It's still worth checking out , but I would recommend you to go with Cyber 101 first as its more beginner friendly and more up-to-date

I am pretty sure you cannot split a 7-day freeze
in addition, my understanding is that if, during your 7-day streak freeze. you start answering questions, your freeze terminates, as per this message from Scrubz: #site-support message
you have this document from THM on streak freeze: https://help.tryhackme.com/en/articles/7843540-streak-freeze#h_30ee9f6488

how do i stop getting streak freeze and discord role tickets

Thanks 👍🏼

Gave +1 Rep to @lavish trellis (current: #29 - 300)

you can't because there's nothing else left to win

:(

have they confirmed that all the prizes were won already?

no they won't confirm it. They want people to participate still

guess i'll finish the path to inflate my rank

i'll probably hit top 5k when i'm done lol

that's great! keep it up 🙂

https://i.imgur.com/0mS1GZQ.png who else has had a tickets page like this for the past 10 rooms?

✋🏼all room two tickets, haven’t got the final one for any except 1st row. Finished all the rooms

Did anyone get a prize besides streak freezes? I have 2 of every single one of them, yet I keep getting streak freezes. I also uploaded a video, and nothing. I feel 😪

Same same

🥲

has anyone posted their prizes yet?

Metasploit: Exploitation room task 3. Why is it asking me to run as non root user when the example shows it as root user?

Just use sudo

thanks dear, what about u?

Gave +1 Rep to @woeful jungle (current: #69 - 114)

Hello guys, im stuck on a easy room on Hashing at this question

use || hashes.com ||

I crack it alone on my kali but still not working

Type || hashcat --show ||

it works wtf

why the hell i find another password with John the ripper 😫

|| hashcat --show || is used to display cracked password after running a hash cracking session.

https://tryhackme.com/r/room/socfundamentals
What is the way i should format the answer on task 3, 1uestion 1: Alert triage and reporting is the responsibility of?

Soc analyst level * is not accepted but i cant imagine one of the other roles.

SOC Analyst (Level *)

Replace * with the actual level

Did that but it does not accept my answer...

What is your full answer

Had to use the ( ) ... sill me

Yes , you need to use () 🙂 .

Maybe your answer is right but formatting is incorrect

For some reason i've kept missing that option. Solved 🙂 Thanks!

Gave +1 Rep to @woeful jungle (current: #64 - 122)

I'm also going through Cyber101 . You were faster than me , congrats 🥳

Do we have to clear all to get gifts ?

No, you only need to collect 3 same tickets to claim the prize

Thank you

More rooms you complete the higher the chances to win something 🙂

Yeah but i have not enough time to clear 😦

ahah u r ahead of us 10 years lol

how can i connect ti rdp ?

You can use Remmina or xfreerdp

u know man i love u, thank u so much

Gave +1 Rep to @woeful jungle (current: #62 - 128)

Love you too , bro 🙂

IM STUCK STEPBRO

i don't know why maybe the syntax ?

|| Az"[A-Z]" ||

Use using different font for " double-quotes

||cAz"[A-Z]"||

it works

but..

You were using different font for ""

anybody on to help?

let's just start 🙃

Lol, I just finished the room and can't remember what I needed help with now but I was able to figure it out. Thank you though, I just saw this. Not sure why my notifcations are quiet on me.

Gave +1 Rep to @lavish trellis (current: #29 - 305)

In the Blue room, everytime a click on something this pop up keeps coming up

do not press anything they're investigating

do not allow anything nor click any of the links

I have just had the same experience with the new room Whiterose

@hasty scroll

Thank you

Gave +1 Rep to @violet orchid (current: #640 - 7)

I did once by mistake

more than once for me

Hopefully it's nothing and an easy fix

just closed browser clearing cookies and logged back in: no more pop-up for me on Whiterose

check this in case you're not following #site-support: #site-support message

ok thank you

laptop stock over?

😦

??????

wow so crazy how I completed 100% of the cyber sec 101 path and have gotten all of the tickets x2 from the start and like last 20 rooms all I got was streak freezes...

I was hoping to get a tshirt but oh well 🙃

Well , Advent of Cyber is just one month away 🙂

right

and they didn't review my video that I uploaded to yt and submitted on like day 2 yet

I'm gonna assume you're not the only one that submitted a video. Patience would be a good thing. ^_^

I mean it has been more than a week but yeah probably

I have completed some rooms, if I buy premium now will I get tickets for those completed rooms also??

I think that you can't obtain tickets twice , once you complete the room that's it.

No I'm asking, for premium users we get 2 tickets n for free users only 1 right for every room, so my question if I buy now will I get that extra ticket for completed rooms

Well I'm premium user and I can confirm that I get 2 tickets , so I think you should also get 2

Finally finished whole path it was fun!

Congrats 🥳

Hey how long did it take you to finish the path? I just finished the pre security one and moving to cs101 tomorrow.

No. You will only get 2 tickets for uncompleted rooms you complete after subscribing.

would a voucher

of 10$ help ya out?

its pound actually, so a 10pound voucher of any use to you?

Does anyone know if this pathway will stay free after the event? I will definitely not have enough time to complete before the ticket event closes but would like to

Path will stay

Thank you:)

"-" lol the same and still have only 3 rooms to complete :"))))) sadness!

I wish you luck into winning something 🙂

Idk I ws doing it since the beginning of the prizes so like a week

Probably yeah

Networking Core Protocols, I don't think this is supposed to be hard but the instructions said use telnet to get the flag.html file but it keeps telling me bad request

like ?

you need to issue 2 commands after getting the prompt back from telnet:

• Get: you've got that one
• host something: you seem to be missing that one
  For the details, check back Task 8 of Networking Concepts: https://tryhackme.com/r/room/networkingconcepts

yeah in that room you use GET, press enter, and then use host, but it just immediately returns bad request for me here and closes the connection before I can specify host

Because it's not GET /flag.html

okay yeah apparently because it's case sensitive lol thanks😓 😩

is there any one who did gobuster?

Yes, do you have any issues ?

In Intro to SQL I'd be interested to know if there's a recommended one liner to extract the answer on the last question of the penultimate task, since the two items have nothing in common to group and concatenate by. The only solution I could see was to create a new boolean column for items with an amount not ending in 0, and then group by that, but I feel I might have misunderstood something.

ty, already solved, but it was pretty time consuming at first

this is how I did: #subs-room-help message

OK, thank you. Interesting. I was getting errors if I missed out the GROUP BY clause but maybe there was something else wrong. Cheers!

Gave +1 Rep to @lavish trellis (current: #29 - 306)

Some help Cyber Security Advanced Roadmap

Give Recourses

when are the tickets over and done witg

4th Nov.

in the webhacking room, if you find the flag by accessing the /admin page with SSRF, is there a place to redeem that flag anywhere? Or is it just yours to hang on your wall in your room?

Above your bed preferably.

Say I won't

Monikerlink room, it says if I have an authentication error to check i've entered the IPs of the target and attacker right, but I can't tell what's wrong about it

I don't think you were meant to change the smtp server IP

and then sender email you set as an IP, but it's not supposed to be

that's supposed to be an email address

no, it said to put the attackbox IP there, and the server was MAILSERVER before I changed it which it said to do

so do they need to be done today, or do we have tomorrow at it too?

You have timer in the blog post

https://tryhackme.com/r/resources/blog/new-cyber-security-101-path?utm_source=linkedin&utm_medium=social&utm_campaign=cybersecurity101

after completing multiple rooms, i'm getting repeated tickets of 1D, 7D streak freeze or cyber badge

Coming from JS Essentials.
So when I find obfuscated JS code in a browser it doesn't immediately mean that's it's from a bad actor?

No . It is usually used to speed up the page loading time and make it faster. Minification/obfuscation also make job harder for bad actors because the code is harder to read .

But your 2nd sentence, isn't this a kind of invalid point. This would just be security by obscurity.

It is if it is used as only protective measure, it's meant by just an add-on to other security features . Also there are more robust ways of obfuscation than those presented in the task .

Thanks for explaining.
At least I now know that minification and obfuscation is kind of the same thing and when I see obfuscated code, it doesn't necessarily mean that's it's a bad actor.

No, it doesn't 🙂

Network concepts task 7 what flag did you get

Which problem do you encounter ?

It ok now i got it

i got a swag shop voucher. how i do redeem it?

You should receive it on your email

alright, thanks. I'll wait a moment then

Can I gift a month Premium Membership to a friend?

I won from Cyber Security 101 Pathway.

Ive been told that its possible.

Thanks. Do I need to forward that email to a friend or is there something else?

Gave +1 Rep to @civic tartan (current: #32 - 264)

I think if you click the button in the email you will receive a voucher code on your THM account.

I received a LInk. Not a voucher.

in the email theres a green Get voucher code! button right?

Yes I have got it.

Thanks

Did you participate? @civic tartan

🤷‍♂️

They did not mention expiry date does it mean that It never expire. @civic tartan

What has gone wrong? did you email them?

Is it laptop or DEFCON33 Ticket? @civic tartan

That I dont know.

DefCon Ticket.

Sweet.

I hope you get it.

Are you a working professional or student? and Are you in UK?

both! 😄

Nice

Cool

I am nearly finish so I will send you once I achieve CERT.

Is the result been announced?

hey guys, how can i get voucher prize?

If you've received 3 same tickets, hover over them and click "Redeem Prize" 🙂

i did but nothing hppena

You should receive an email 🙂

When did you get the last ticket for the voucher?

i didnt

nuh mate not last, its just $

wdym?

You said you got a voucher prize

and im asking you when you got the last ticket for it

mate, from the beginning of event, i got $15 or kinda like this

i might be dumb but how do i use rdp for the ad task in the winad room?

Use remmina ( Application > Internet > Remmina on AttackBox ) or xfreerdp

thanks <3

hello

Hello, welcome 🙂

How can I get verified?

Follow these steps 🙂

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

I searched for settings on the tryhackme site in my profile but couldn't find it

Thanks

Gave +1 Rep to @woeful jungle (current: #35 - 232)

@woeful jungle bro thanks

Anytime bro 🙂

Sorry for disturbing your time😔

We're here to help , feel free to reach out , whenever you need 🙂

Okay bro, that's great

hi

Hi

Hi

Hi , Welcome 😉

Thank you! I'm trying to figure out how to get the subscriber role. Kindly point me in the right direction

You need to be a subscriber 🙂

https://tryhackme.com/why-subscribe

I am a sub 😄

Ah. I got it. Came across an article named "Discord: How do I verify my TryHackMe account?"

I got it from here!

And you need to verify your account

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

🙂

Thanks! ❤️

Anytime , mr. Trump 🙂

😏 Orange 4 eva!

lmao. even my account color is orange

I completed some room cyber security 101 but I cannt clamin the ticket. How to get the ticket?

The event is over 😦

It ended on November 4th

oh sorry, I updated late. thanks so much

Advent of Cyber is coming soon , don't be disappointed 🙂

Hi, don't know if anyone knows this. I am on last task of sqlmap room. I can see data in all fields of the db, but the password data is all \n\n\n\n....it's not even a hash that I could try to crack. How do I get this password? Please and thanks for your help

What's your command ?

Sqlmap -u 'the-url-i-got-from-headers' -D ai -T user --dump --level=5

I can see data from all other columns of this table except the password

Try with || --dump-all ||

Tried dump all as well....it's still \n\n

KGB vi sprashivute Ruskin?

I learnt a bit of Russian back in the day

Loved it

I am also happy that I can type the whole sqlmap command on my phone....I already shutdown my laptop and thought let's ask around on discord...I m new to all this

What is your URL path ?

Http://SQL.../ai/login/includes...user...password

I think url is not the issue as I can see the rest of table data..

This seems wrong

I forgot the exact url as I shutdown my laptop and I m just on my phone

It should be something like || sqlmap -u "http://<machine-IP>/ai/includes/user_login?email=test&password=test" -D ai -T user --dump -level=5 ||

Oh yeah....ok I will try again and report back if any issues...thanks a lot Chief

Try it and give us an update boss 🙂

Hello guys, what happened with those users who won a DEF CON tickets ? from CyberSecurity10`

Anyone want to swap codes for a swag £20 baseball cap and a thm t shirt with thm premium coupon?

guys i ddint get code of 20 euro swag? how can i get it?

You should receive it on your email 🙂 .

im not 😦

what should i do?

Try to contact support || support@tryhackme.com ||

thanks sir, big salute

Gave +1 Rep to @woeful jungle (current: #24 - 365)

More like Cybersecurity 1-0-DONE! 😄 👍 Really enjoyed this one.

Congrats bro 🥳 , you're doing great , keep going 🙂 .

Hello, i am learning the REMnux VM to analyse the malicious files. When simulating a fake network, the task uses attack-box to open a fake page. But all other commands/actions are done inside the REMnux VM. So why are we using attack-box to open the fake site? thank you

We're using AttackBox to simulate a network traffic from different user 😄

Thanks Chief. Sometimes i can't get to the simple things. Much appreciated

Gave +1 Rep to @woeful jungle (current: #21 - 422)

Ok so I'm on the Metasploit: Exploitation room
I've tried using eternal blue but it keeps telling me The target is not vulnerable.

Which task?

Task 5

Did you terminate the machine for task 2 and start the target machine for task 5?

Yeah it's a different machine

Isn't task 2 just scanning?

Just checking because the message about target not being vulnerable often happens when the wrong machine is still active.

I'm using the VPN

It requires SMBv1 to be enabled, if it's patched or disabled it won't work, you can run a SMB version scanner to check it

Also it must run on vulnerable OS version, and to see if it's vulnerable do nmap -p445 --script smb-vuln-ms17-010 <target_ip>

Says windows 6.1

It may have already recieved MS17-010 patch so it renders it immune but it should be vulnerable

If unpatched

Wait do you mean the target system not the attack box?

Yes. New target machine for task 5.

ok

Terminated it and started a new target machine

The one in task5?

Does your LHOST and LPORT match with your network setup?

ok

I'm in

So I found the Hash for user Pirate
But it won't accept my answer

Did you get correct hash?

I'm I supposed to include pirate: in the answer?

It says pirate then a long string

Paste it here.

Ok, you're giving toooo much info.

One of them, is the NTLM hash, I'll allow you to research it 😉

is it normal to have this long of a machine time?

it's from the wireshark room

First time that i see this 😄

the machine isn't working properly and lagging here and there

and giving outrageously long times like this

Try to terminate and start it again 😄

did

same thing

Which room ?

Wireshark-TheBasics_PROD_v0.6

can you try running the machine and see if it works on for you

maybe something is wrong on their end

Works fine for me 😦 . Try to restart your browser 🙂

Works fine for me 😦

i tried a different browser and the tryhackme website isn't even loading

although it opens on chrome

Both work fine for me 😦

Try to access my machine it works

|| https://vnc.tryhackme.tech/index.html?host=proxy-4.tryhackme.tech&password=TryHackMe!&proxyIP=10.10.165.63&resize=remote ||

Does it work buddy 🙂 ?

its loading

Works fine on my side 😦

yeah this one is working a lot faster than mine

thanks buddy

i'll use this one to complete this room then report the issue to support

Glad to hear that , enjoy the room buddy 😄

I'm on the Active Directory Basics room
It's telling me to remote desktop into the windows machine
How do I do that?

What task is it?

Task 4

Ok never mind I figured it out
https://medium.com/@laupeiip/how-to-rdp-into-a-tryhackme-windows-machine-with-your-kali-vm-f637cf7422d1

phew done with wireshark room

next tcpdump

https://tenor.com/view/virgo-dance-florence-winters-shuffle-archives-gif-12096569760353435252

Great job , keep going 🙂

Out of curiosity, are there any certs people plan to take after finishing this path? Like ceh or any CompTIA ones?

Check out this path if you're interested in Comptia certs 😄

https://tryhackme.com/r/path/outline/pentestplus

I was planning on taking all the paths (or at least as much as I can during this holiday break), trying to make a break into the security field, I have a lot of IT experiences, just not specifically security

And it seems like I need to get pass the hr recruiters

Good luck on your journey 😄

Thanks 🙂

it is not haha

||Hey, I'm struggling with answering the OS version of the Windows VM. Using systteminfo cmd spits out; OS Version: 10.0.20348 N/A Build 20348. It doesn't accept my answer. Tips?||

Could you provide a room link 😄 ?

https://tryhackme.com/r/room/windowscommandline

Task 2

Could you provide a screenshot of what you're doing on VM 🙂 ?

||I figured it out. The answer format gave it away. It wasn't the same from "systeminfo" compared to "ver". The OS Version from "ver" is what was required. Sorry for the confusion!||

Glad to hear that , great job , keep going buddy 😄

I haven't done the pre-security path, is it bad if I do the Cyber Security 101 path before ?

because i don't feel like I need to do it

Idk if the pre-security path contain knowledge that I should not miss

Yes , you can jump straight to Cyber 101 , they're both beginner friendly 😄

ok thanks

Hi

Hi , welcome 😄

Hi, can someone help me with this question ? "What flag did you get when you viewed the page?" Networking Concepts module "task 7" Telnet.

What exactly do you need help with?

I wasn't able to get the flag earlier, but I have it now. I just forgot to type the command: Host: telnet.thm

Gotchu, glad you got it sorted. Good luck moving forward 😄

Could you provide a screenshot 🙂 ?

Thanks.

Gave +1 Rep to @wooden rock (current: #2486 - 1)

Hi KGB, I managed to fix the problem. I realized I forgot to type the Host: telnet.thm command earlier.

GET / HTTP/.1.1 made a lot more sense to me personally a bit further down the line, as I understood what the "/" after GET actually did in practice. You should be just around the corner if you keep going 👍

Oh , sorry my bad . Glad to hear that , keep going buddy 🙂

Thank you ♥️

This really made me grasp what I was doing in practice 😄

https://tryhackme.com/r/room/networkingsecureprotocols
Task 8, how are you expected to search for the answer to the task in Wireshark? I had to manually browse for it and it wasn't a very pleasant experience lol 😅

Right click on a packet and follow a stream 🙂

||The packet in question was like number 360~ are you expected to manually look for it or are there better options?||

Any HTTP packet 🙂

Like this?

Yes 🙂

This leaves me with the following, and none of those have the flag

There're multiple streams probably , click on packet 366 as Task suggests and follow its stream 🙂

The task is; One of the packets contains login credentials. What password did the user submit?
I manually browsed for it. My question is if there is a better way without manually looking for it?

I hope that make sense 😄

You can follow streams instead of inspecting packet by packet , but there will probably be multiple streams so you will still need to invest some time 😄 . You can also perform wildcard searches for common patterns that you're looking for ( For example : frame contains "username" which will check if the string username is present in any of the frames - of course traffic needs to be decrypted beforehand ) 😄

Would this be correct?

Yes , it would , but this looks exactly for string pass , for example string password wouldn't be catched by that 🙂

So how come there is nothing in the result list?

Try with frame matches ".*pass.*"

Delete all present filters before that and exit packet stream search

Same, nothing.

I also tried frame contains

Try with http contains "pass"

or http contains ".*pass.*"

||Thanks. Worked with http2 contains "pass"||

Thank you ! 😄

Gave +1 Rep to @woeful jungle (current: #7 - 1247)

good evening fellas, I'm new to Cyber Security 101 and want to warn you, that I 'll have a huge amount of question in spe don´t be too hard to me 😉

Welcome , feel free to ask anything 😄

how can I enable the modules that I solved before to answer the questions in the end of each module again ?

🙂 ?

You want to restart the room 🙂 ?

I don't know whether it's resart but i want to be able to answer the question again ..

I can tell you how to restart the room ( erase your progress and make all questions in that room unanswered again ) 🙂 .

Thank you, I just saw the opportunity the erase the progress

Gave +1 Rep to @woeful jungle (current: #6 - 1354)

Click on Options > Reset progress 🙂

Guys, I can't msfdb init for setting up the postgresql service because i'm root user. Any ideas ?
Room: https://tryhackme.com/r/room/metasploitexploitation

You don't need to do that on AttackBox 🙂

It's already initialized 🙂

Oh yeah, you're right. Thanks

||Am I not correct saying the name and detected version is lighttpd 1.4.74?||

.

Which room are you on?

https://tryhackme.com/r/room/nmap Task 4

Tried copy-paste and typing it out manually

Strange, it's the right answer.

lighttpd 1.4.74

Try that one, copy/paste it

Eh.. I did a refresh of the page, works now 🥲

I got it on Stream if you want it as a bug, if not I'll just move on

Is there a way I could've found this instead of taking the hint? Nmap -sV [target-ip] doesn't really show exact service versions

add -sC also

yes you are but look at the format

Yeah, that gives much more info, thanks!

Gave +1 Rep to @woeful jungle (current: #5 - 1404)

Have a look in to the vuln script with nmap 😉

Metasploit also checks.

All good after an F5. Had to re watch my stream just to be sure. It was a fun little situation 😅

On average, how long does it take a person to complete this path ?

Maybe a month 🙂

ok

What should I be able to after finishing introduction and cyber-security-101 paths ? Is that the point considering certifications or would it be to earlier at that moment ? Thanks in advance

I think it would be too early to pursue certs 🙂 . If you're blue teamer continue with SOC1 and SOC2 paths , if you're red teamer go with Jr. Pentester path 🙂

Whta do you think about solving all paths, makes that sense ?

Yes , but read them slowly and with understanding and don't mix paths 🙂 . Do one path at a time .

in average, how much time it could take to ssolve all paths ?

Don't worry about time , it's important to grasp the knowledge 🙂

Time depends from person to person

Hi, in Windows and AD Fundamentals-> Active directory basics: task 4 , How do i connect to Phillip account with RDP ?

You can Remmina or xfreerdp 🙂

Ok thank you, but why did this path did not taught me about that earlier ? Does i was supposed to guess and research on internet by myself ?

Gave +1 Rep to @woeful jungle (current: #5 - 1467)

And how can i do that on the THM windows machine ?

You're right , it isn't taught in the pathway beforehand which is a problem 😦 . You aren't supposed to run it on Windows machine , you're supposed to run it on your machine/AttackBox in order to connect to Windows machine . If you're using Windows OS , you can use Windows Remote Connection app to connect via RDP protocol .

Yes ok finally i had used RPD on the THM Windows machine by myself and it worked fine. It was simple as that.

Great job buddy 🙂 , keep up the good work 🙂

Thanks👍

Anyone else do way longer over the metasploit rooms than any other previous ones? even though the blue room was pretty simple

Yeah , it should take longer . Metasploit is a big topic 🙂

Oh yea, it took me longer. Pretty awesome room though. That tool rocks

Bought annual subscription to finish this path, along with participating AoC. Did learnt a lot more than I expected, guess I'm still a beginner...

Congrats 🙂 🥳 , great job . Keep up the good work buddy 😄

Hi, does anyone know if try hack me attackbox in some rooms have kali Linux automatically on it when we open the attackbox ?

You can learn more about Kali Machine here 😄

https://tryhackme.com/r/room/kali

Loving the THM platform. Keeping me out of trouble these days.

Same, been grinding this path for 6 hours and took mad notes

@solemn wyvern @quasi bridge Great job guys , keep up the good work 🙂

Appreciate that! Done with the Pre Security path, giving this one a try. I like it.

https://tenor.com/view/fist-bump-anime-secret-kirito-eugeo-gif-27160656

You're doing really great , congrats 🙂 🚀

Is it possible to get a job if someone finish cyber security 101 ?

No , cyber101 will only teach you cyber security fundamentals 🙂

Guys I've tried editing the payload value username from admin to guest and then pasting this JWT string into the POST request for /flag. Everything feels like im doing the right thing but I get the message saying it's not right.