#pt1

imho, no.

what else should I cover first?

this one https://tryhackme.com/room/writingpentestreports

yeah i found it, but it's strange that it got removed from the track

and i think there were some others that got removed

i found a really neat list the other day. hang on

like an entire portion of the exam is AD and I don't see anything for AD in the prep materials except maybe this one

Web: Pickle Rick, Billing, Rabbit Store, Silver Platter, AVenger
Network: Blue, Net Sec Challenge, Stealth, Loopback, Linux LPE, Windows LPE
AD: Reset, Ledger, K2, AD: Authenticated Enumeration

Those rooms. Apparently. (I did those, and that still wasn't enough) .

thanks!

dont know how i missed this but i found the list here https://tryhackme.com/certification/junior-penetration-tester/details

nvm it was on this page that i had seen it ^

the exam is not proctored right?

how long did it take yall, the full 48 hrs?

does this mean it's open everything except communication w others?

like can we consult thm curriculum during the exam

I gave up after 20

yep, plus chatgpt, google, exploit-db, whatever you want basically.

aw what :(

eh. PT1 isn't my vibe.

The pentesting stuff i'm good at isn't represented in PT1.

binary RE, AWS / Azure compromises, etc.

i'm dissapointed there's no linux section

there's linux challenges

ish.

but there's definitely, imho, a heavy windows bias.

also another thing that annoyed me tbh.

I'm of the age/experience/belief that windows is basically shite.

and not suitable for a server or desktop in a corporate/hosting/enterprise environment.

esp now that microsoft have linux toolchains for .net applications

sounds about right

everything is unnecessarily more complicated than on linux

I've had jobs where the whole basis has been "get us the F off of windows because the license costs are killing us"

and it's acceptable to replace their AD with a RHEL box with 389 server or openldap and freeradius and replace their Panasonic PBX with Asterisk or Freeswitch, and take this company that are spending Tens of Thousands of Pounds a month on licenses for software and hardware, and switch them over to linux and unixes and stuff.

i worked for a while for a company who had like 600 windows desktops
to run Putty
to connect to a mainframe environment

That was it.. Their sole reason for having 600 licensed windowses
was to connect to something running AIX.

@ebon creek

you shld pm him, pasting the request here is the same as leaking exam.

you should remove it

Passed it 🙈

I am not a staff member I can't help you with that , reach to official support channel on the email below

Congrats 🙂 🚀 🔥

Would you like the PT1 role?

hell yea

me too

i get Your session has expired

The SDK token provided in this verification process has expired. Please go back and try again.

For the web app section

Please do not mention any kind of attack and we require not to discuss the exam during your exam period.

Everything is on the website. If you don't find what you're looking for, then maybe it's because it shouldn't be here / doesn't exist.

Sry

guys is there some kind of free practice test for pt1 or eJPTv2? id like to practice for these exams

No.

😔

You're given two attempts though so you can use your first attempt to get familiar with the exam env. Its just a bonus if your pass it in the first attempt

During my exam the VPN server went down and I lost a lot of hours before support saw my ticket and I was able to regain access could I have another retake or at least a discount on buying a retake I was very disappointed by the whole ordeal

Hey all! I am getting session expired during ID verification, is there any fix for this? I tried reaching out to support on the site but it seems like they may be busy. 🙂

Hi, if there had faced same issue when clicked the start exam button like this
"Exam is under going maintenance, try again on an hour"

Well it's already 5 hour, so i can't start the exam

Not the channel for that. support@tryhackme.com

cc @rapid bolt / @plush vector Is the maintenance supposed to be happening? I saw no announcement about it.

i had a screenshot of it, but i can't upload it here maybe from the channel settings

ohh my bad

i need verification first

Thx

Gave +1 Rep to @keen sleet (current: #30 - 334)

Does it work now , it should be fixed

Alright, in here already late night
I will start it tomorrow

Going to finally start mine tomorrow - every day keep putting it off!

If we are having an issue with the PT1 is the structured process to reach out to the support@tryhackme.com email address or is there a more timely place we can reach out to support for exam issues?

Good luck 🙂

I don't think so 🙁

Check out the pinned messages if that helps.

Thank you! 🙂

Gave +1 Rep to @keen sleet (current: #30 - 335)

Looks like room for improvement on the customer success side.

Anyone know how long the provisioning of the test should take? I have been waiting ~20 minutes:

I've seen "almost there" for 4 hours. I think I'm almost there 😄

Yeah, I quit. Sent an email to support.

I also did this 4 hours ago 🙁

Can I check in today and start the exam later on?

Yes, it looks like you can totally do that. Once you check in it gives you a video to watch then you can start the environment. It appears that once the environment actually starts, the countdown starts. So you can checkin then leave and come back to it when you are ready.

Okay. I will try that later. Thanks

Gave +1 Rep to @quiet ember (current: #2012 - 2)

Were you able to get into the exam?

No, I closed out, sent the email and waiting for a response

Same! Good luck! 🤞

.

does a reset in pt1 mean a penalty?

i hit reset thinking it wouldn't deduct anything but it said "your reset has been counted" or something similar which is ominous

No you won't get a penalty for that , it's probably a measure to prevent too many unnecessary resets

hello, one question... is the AD portion of the training material enought to pass the exam?

I hope so, because I just finished the last challenge room (K2) and there was a lot to learn in K2, Ledger and AVenger, almost too much 😄

Probably need to go through them again before I take the exam

Yes.

soo who's idea was it to put partial flags in PT1 😭

do i get half credit for half the flag

annnd 90 mins later i found the other half 😮‍💨

Nice 💪

Till now, I still don't understand the concept of partial flag. Does it mean you found the vulnerability but it return no flag or does it mean that when you exploit the vulnerability but it only return you half of the flag.

I didn't see this when I am doing the exam.

you found and exploited it, but tryhackme feels you shouldnt get credit unless you bundle it with another exploit it seems

I see that special.

I alway thought the partial point is that you found a vulnerability but you can exploit it but it came with no flag.

WAYYY too close for comfort wow

When I try to do the check in for PT1 I get this error from onfido (Your verification is expired)
Is there a way to restart the check in process?

Congrats , great job 🙂 🚀 🔥 💪

Try to email support directly , use the address specified below

Thank you for this! This was one of the best pieces of advice after I failed my first attempt. I adopted this mindset, signed up for PortSwigger academy and did a bunch of their labs. Got it on my 2nd attempt! 🙏

Gave +1 Rep to @safe musk (current: #32 - 324)

Hello everyone, I am currently preparing the exam and I would like to know if the report submitting is included in the 48h or we have a bit more time ?

48hrs total

solving on ad-dc suddenly network cut I reset the machine still the same

can I get the PT1 role?

➕ Gave the role PT1 to mr_mph

What if I don't meet this requirement? @ebon creek

It's a recommendation to use a desktop PC preferably with a wired connection but you can also use your laptop

Hello, just passed, can I get the role please?

➕ Gave the role PT1 to flo2699

It is ok to wait an hour for this?

I'm experiencing the same issue.
I've been waiting for over an hour, but it still hasn't started.

I contacted support, but they are outside of business hours, so I haven't received a reply.

Have you tried refreshing?

Yes, I tried reloading the page and clearing the cache.
also tried it on both Chrome and Edge.…

Returning to the previous step and forth won't get it started either

😪

There were a couple of reports earlier in the week

Im planning on taking days off to take the exam...this doesnt inspire that much confidence

when writting the summary in the reports of the exam we have to follow the summary structure that says in the reporting module? overview, results, impact, remediation?

Yeah this room is supposed to prepare you for writing a report 🙂
https://tryhackme.com/room/writingpentestreports

Hello guys, can someone tell me I got a voucher via a giveaway from TryHackMe . Does that mean there are two attempts, or is it only one attempt?

You have two attempts

ohk thank you , now i can go for 1st one

Gave +1 Rep to @vast flax (current: #3067 - 1)

test

Hmm oh I have to ask for a role

I passed

Decent exam was fun.

Whatever the 10th flag was is kinda going to bug me though

➕ Gave the role PT1 to spooonge

Done.

How come that the AI missed to score my net pen flag in the user. I'm sure that I included it on the report and also I put it in the flag slot so my. 8/10 became 7/10 flags and I failed I did do proper reporting in detailed. Nevertheless I will not report on mail support cuz I have a friend who encountered same issue as me no score in the flag he reported it but took 2 weeks for the answer and a insurance of 'reassisment' so nevermind.
I'll comeback stronger on the second attempt next time.

Well the AI does not grade flags, so this is usually a user mistake.

The flag is static grading, AI has nothing to do with it.

The AI only grades the big text fields where you can type freely, nothing else like the CVSS, Vuln ID or flags.

anyone has tips for the web app portion? just failed my first attempt cuz of the web

I'm confused why my netpen user flag was scored as 0. I wrote a detailed report on how I found it and I'm pretty sure I entered the flag correctly. I'm wondering if I made a small typo or formatting error when I submitted it.

An extra space or a typo will disqualify it, yes.
Not clicking "Save and continue" before switching to another section will disqualify it too as it will not be saved.

I'm talking about "Save" button under the exact section for the flag, not the save button for the entire part (Such as Web, AD or NetSec)

Ah, okay, I see now. It might have been an extra space. I do saved button before going to other domains.
Anyway, my voucher expires on the 30th. Would it be okay if I retake the exam on August 29th?

Hey everyone, just passed PT1 🙂 How can I have the role? Thanks

Wouldn't recommend leaving it for last second to avoid problems.

➕ Gave the role PT1 to azkrath

Done.

Bro, the same thing happened to me as you. I got 8/10 flags and one flag gave me 0 points in the web hacking section... I got a score of 693/750 on the exam and they stole a flag that I did find. I really think they stole it because of that flag and because of the report, because I summarized it.

For the next attempt, I'm going to write EVERYTHING in the report. I'm prepared, but I wouldn't want them to steal the flag again...

Do you know if screenshots can be uploaded to the report? Or is that not possible?

• Screenshots are not possible.
• Stealing flags is not possible. You're saying an automated robot that compares chains of strings decided to go AI-Mode and stole your flag?That is not possible.

The possible causes - based on other users who contacted support thinking their flags were stolen or graded 0 by AI - turned out to be:

• User mistakes (e.g. an extra space, an extra digit, or not clicking both save buttons)

Perhaps it would be good for both exam takers and THM if there was a format validation on the flags?

HELP!! Hey everyone, any particular resource that should be completed in any case to pass PT1 ? Open to suggestions !!

i think to be fair, for such scenario, you could deduct some point from the user but not give that user 0 point for it.

https://tryhackme.com/feedback
cc @balmy canopy

1. Go to the website and read the entire PT1 webpage. Then find the recommended learning path, then do all of those rooms.
2. Read this entire discord thread. There are many many pieces of advice about the exam

I understand the points you're making, but I want to clarify that I carefully reviewed my submission, and it wasn't a formatting error or a mistake in saving. I'm confident I entered the flag correctly, step by step, and yet the system still marked it as incorrect and gave me a 0.

I know these automated systems rely on string comparisons and strict validations, but I also know from my experience working with AI and automation that these systems are not infallible. AI can make mistakes too, and when it does, it directly and frustratingly impacts the user experience

Moreover, I'm not the only one this happened to. Several other users have reported the same issue here on Discord entering the correct flag and still receiving a 0 from the system. This further supports the idea that the issue isn't necessarily on the user's side and deserves a closer review

I'm not sure what happened. As far as I know, I double-checked each flag. I submitted a report as the exam requires. Perhaps the AI is in a beta or trial mode or some glitch don't know. I can't complain since it was a free voucher. I will retake the exam and focus on passing. I read some of negative feedback on that AI grading so next time I'm aware and fully do a super 31337 hacker mans report.

I think the same as you, and I also got it for free and I have one more try left, for the next one I already know how to do it

do we get free months of THM if we buy pt1?

yep, 3 if im not missing smth

How do we claimed it

I dont get the free months

my friend got the 3 months automaticaly since the day he got the voucher for the exam

You should contact support using the bubble in the bottom corner on the site

did any1 take the PT1 certification is it tough?

The course is designed to teach you the skills and abilities you need to start your pentesting career. The certification exam is made to test your abilities to understand the role and to apply your skills in a realistic environment.

👍

Interesting I didn't get that, I've been paying for it LOL

@keen sleet Can you hook me up with the role?

Should confidential information such as passwords be included into the report when I describe the attack path?

Doesn't really matter TBH.

Hi, I'm taking the PT1 exam. After restarting the network, I can’t connect to any network in AttackBox and therefore can’t complete any of the tasks...I can't create a ticket because of the chatbot on THM

For a real client report, you would obfuscate/remove passwords in a report, just mentioning the account that was compromised, to reduce the risk of actual compromise if the report is accessed by someone unauthorised

Try through VPN from your Kali.

I don't have

Check pinned message.

Yup that's why I asked, I thought the AI would penalize me for that 😄

If I was working on a machine and after a reboot it stopped working and none of the machines respond to nmap -Pn or ping this clearly isn’t an issue with my enumeration or actions taken

What's your VPN region?

I use attackBox Eu-Vip-2

Where can I see OVPN connection?

Oh then probably support is your only option.

hi im in an exam now and im experiencing issues with the infrastructure but the report an issue button is not working

what should i do next?

@kindred oasis

hi guys, beside the recommend room is there another room we can practice for the exam?

Red Team Capstone challenge

👍

I’m little more than 24hrs in the exam and trying many possible exploits that is aimed to where I believe it’s located but so far only completed the AD section of the exam… Banging my head for a good minute now 😅

One question, if after 2 week (10 working days) and still did not get back the result for manual review, should I send a email to support and ask them?

Hi there

Hey can i ask one thing can i swap with pt1 and sal1

alright serious question, how do i receive the webapp flag after I know for a fact I found the vuln

hi mods i just passed the exam how can i get the role?

From what i understand theres many vulns but not all of them return flags

I think @keen sleet mentioned that on his guide

dang okay.... Im super stummed on the exam.

from what I'm getting at from taking the exam, you really do need a little more knowledge that what is provided in the recommended learning path

thank you @light token

Gave +1 Rep to @light token (current: #1228 - 4)

Someone recommended the web exploit path as well... You might glance at it if u didnt yet

I havent taken it yet...web part is scaring me lol

ive actually been going back at it as little reference and I must be missing something. both the Web fundamentals as well as the jr penetration tester paster I have been using quite a bit for reference but i feel the web fundamentals are very much just the very very basics and yes hence fundamentals but makes me question just a little if you truly need to go a step further and complete the Web application pentesting path as well which is not in the recommend learning path

I haven't tried the exam yet, but one thing that also worries me is that you probably need experience doing the techniques described in the recommended learning. If you just go through the rooms once, you might have seen the knowledge that are required, but you haven't developed the "sixth sense" or "hacker mindset" that you need to quickly understand what you should try at certain points.

I can feel this when I am doing, especially random medium challenge rooms, that I need to be exposed to more variants on how to enumerate or how to think about exploiting a vulnerability. So even though I have done all recommended learning, I still think I need to do more, before trying the PT1 exam.

The WebApp Pentest path gives you more experience, but perhaps you need to learn a lot of techniques that will not be used in this exam. But it is probably useful anyway. PT1 shouldn't be the last certification, it's just the beginning 🙂

@keen sleet

@kindred oasis

done

Hello ,I’m trying to set a deadline for learning and taking the pT1 exam what would the time frame would you suggest?

If I put the vulnerability type wrong but everything else is right (included flag, report, reproduction steps) do I get the points or will it be discarded?

I think you should get points for only the flag. Not sure about the report etc.

Or not since the flag doesn't match the vuln ID.

Hey i think the pt1 machine im doing is broken i guess, anyone i should contact, i dont wanna reset as i think i'd have to do all the expoits again to get the new flags

You can reset the machine, the flags will remain the same

I'm on my second attempt and reset the machine several times, but the flags are the same

Multiple resets will hurt the exam more than it will help. 20 is a LOT.

support@tryhackme.com - they do not work on week-ends.

My network turned off out of the blue

How much time should I wait to have it turned on again?

So, the network turned itself again but I can't reach the machines of my Assessment

Probably go for a reset. If you respected the RoE and have problems contact support.

how to submit a vuln without a flag

with a fake flag yeah ?

Yes.

……

One question …. I m doing the exam … but is it possible to use images in the report or we must use only text to explain How we exploited vulns?

PT1 - Im probably no where near ready to take it yet ...
But was thinking on the buy now and train up for it then take it scenario to make use of a discount voucher
On checking the FAQ says exam expiry should give up to 12 months to train BUT could be different if using a voucher and to check the terms of the voucher

The voucher is just a link though - there dont seem to be any terms anywhere with the voucher
Does anyone know if I will I get 12 months from date of purchase to train up first with this voucher ?

Text only.

Oook then i took lots of screens for nothing

I recently bought the exam and it said that it's valid until 10 august 2026 (next year)

just literally a couple hours ago

Is 8 flag enough to pass ? I m missing 2 web flags:(

Very risky.

@novel coral @keen sleet @ebon creek I am taking my exam in the web part while exploiting a vulnerability i got the flag paramater with flag value:Placeholder flag what should be done now kindly help

DM me a SS.

Sure

Did it end up getting fixed for you?

Yes, somehow it didn't happen when I tried another way

Only 1 flag remaining, I'm getting cooked for good

Good, it worked out in the end. Not sure why the network behaved that way. Did you respect the RoE?

780 points only for flags and I m not considering report

Ah sorry passing is 75%

Ok it is borderline

I remembered 70%

A flag is 40 points.

Actually, depends on the section. A flag in web is 40 points. In NetSec is 36 and in AD is 74.

So a total of 452 points for flags only, not 780.

In ad for 2 hosts compromises you get 220

So 2 flags 110 each

20 for the report on that sections

I m reading the scoring system

Maybe they changed valuation criteria ?

Hey guys, can you guys tell us what is really not allowed in the exam? Is it just AI that is prohibited?

IIRC from THM's Q&A webinar is that AI is allowed for your own research and maybe to help building your reports (but do not blindly copy paste generic stuff or, worse, hallucinations).
What is not allowed in terms of AI is "prompt injection to bypass the AI grader" as explained in this channel's pinned message.

Oh okay thank you very much

Gave +1 Rep to @wooden jackal (current: #1057 - 5)

Incorrect. Both flags in AD makes a total of 148 points, not 220.

AD Section: {2 Flags - 220 points}

• You have a perfect overall summary. (20 points)
• You got both flags. (74 each)
• You have a perfect report description on the AI's judgement.
• You have perfect remediation action based on the AI's judgement.

how many flags are there in PT1? 12?

The exam consists of 3 sections right each section contain 4 flags?

https://dragkob.notion.site/pt1-review-dragkob

wow what a organized way you wrote! thank you sir

Gave +1 Rep to @keen sleet (current: #30 - 349)

If I submit a report for a specific section, the exam ends?

The exam should only end once you submit the entire exam.

Make sure you have all the exam done before submitting entire sections. That's if you want to stay on the safe side.

I passed

Nonetheless, I also have to inform that AI tore some points out even if I reviewed my reports

Passed 😪 😃

Congrats! No bugs this time right? 😉

➕ Gave the role PT1 to putty_killa

9 1/2 flag i thought it was a bug but i read the scoring so i understood it after.

No, there's a half flag system.

Yeah. I didnt bother to get the other half instead focus on the report 😬

Would anyone be willing to share any extra rooms that would possibly help with the network and web portions of the test. I took the test once but I feel like I’m truly missing a technique on some findings that aren’t fully working. I’m looking for more training outside the recommended path that I need to be looking at. Any help would be greatly appreciated

I don't know if this may be useful, but you could follow Lainkusanagi's list of machines, which recommends a lot of THM rooms to do.
https://docs.google.com/spreadsheets/u/0/d/18weuz_Eeynr6sXFQ87Cd5F0slOj9Z6rt/htmlview?pli=1

Thank you @vast flax

Gave +1 Rep to @vast flax (current: #2026 - 2)

Any other information or tips would be helpful as well

Does anyone think taking the web app pentesting learning path is worth it? I read somewhere where they said to do it

Of course it is worth why wouldn't it be 🙂 ? I can't hurt to know more even if it's not necessarily needed for the certificate . But yeah in this case it is needed . Web App Pentesting is a big part of the pt1 exam 🙂

I see. But I do have to add that I’m in a time constraint. I have recently completed all of the required learning paths and would now go through the challenge rooms. I have set to take my exam sometime next week because of personal reasons. Do you think that’s a realistic goal? Thanks for your response!

Gave +1 Rep to @ebon creek (current: #1 - 5799)

I passed yesterday. Overall it's a good exam (if you don't think about the unrealistic user simulation) and definitely provides more value than eJPT. Can't say about other certs (PJPT, PNPT, etc.) though because I haven't taken them.

BTW, we don't really allow discussing the exam, and specially once you're doing it. If you have bugs etc. you should contact the support team, but discussing the exam overall is not allowed.

Well web app vulns are a big part of the exam I would definiteltly recommend you to go through web app pentesting path

Congrats on passing the exam , great job 🙂 🚀

My thought was that Web App Pentest path covers topics that are not relevant to PT1. Of course good to know them, but I think as a newbie (as me) that the topics in Jr Pen Test and Web Fundamentals are a lot to ingest on their own. And instead try to reinforce the knowledge by doing the rooms in Recommended Learning several times or finding similar topics on other platforms. Is it a mistake from TryHackMe not having the Web App Pentest path as recommended learning?

Hi, I have a quick question: Does the network reset during the exam change all flags, or does it just reset the lab to its initial status?

https://dragkob.notion.site/pt1-review-dragkob

reset the lab bro

Should I achieve the pass mark in each section of the exam? or it's enough to reach the scoring pass of 750?

It's enough to reach 750 I think

@keen sleet after sending for manual review, i passed, can give me the role when you are available. thanks

Done

thanks

Gave +1 Rep to @keen sleet (current: #29 - 353)

Just an overall 750

Can I get the role too, passed it this morning

Done.

hello, I am trying to start my exam but there is an error that says token expired and I am unable to check-in and continue further. Is there anyone who can help me with this issue? I wrote a ticket 3 days ago but there is still no answer and my voucher soon expires. What should I do?

Only thing you can do is wait for the support team to reply to you. Unfortunately replies have been very slow lately.

When should I start the second attempt after the retake is available?

Hii

I'm have mailed the support on the 25th July regarding pt 1 manual check and no response in return yet 🫩it's been more than 2 weeks. What should I do.

There's very little I can do, but I will try to escalate internally.

Thanks, Please do it 😸

Dumb question, but guess I should ask.
I got the voucher to take the PT1 for free, which expired by the end of Aug.
I just failed the exam, and I'm aware of the retake option. Does the retake option also expire at end of Aug?

Is there a chance to escalate mine issue as well? My voucher expires by the end of August and I am afraid I might loose it

Only if you have been waiting for over 2 weeks as this is standard time.

Ok. It has been a week since I wrote. Hope will answer soon. Thanks for the information about that. I had no idea about their standard time for tickets

Gave +1 Rep to @keen sleet (current: #29 - 354)

Is it still possible to get a free PT1 voucher by any chance?🥲🥲

Not for now.

currently on my second attempt. Results so far, I completed the Network portion and AD portion except for the report writing so far and I definitely would agree the WebApp portion is the most difficult of the three sections. I have enumerated and tried many exploits upon the webpage but only received 1 flag. Still have a good amount of time I just cant pin point exactly what I'm missing. Those that are prepping, really strengthen your webApp skills for sure. This coming from a person that holds a PWPA

Does anyone have tips and recommended rooms and paths for the web app portion of the exam? just failed my first attempt cuz of the web

Check out this one 🙂
https://tryhackme.com/path/outline/webapppentesting

Thanks! Another question: Is there a specific time frame in which I should start the second attempt?

Gave +1 Rep to @ebon creek (current: #1 - 5818)

it really is a tough one.

@ebon creek

I am not sure , I think that you have time as long as your voucher is valid . Maybe @keen sleet have some more info 🙂

Thanks!

Gave +1 Rep to @ebon creek (current: #1 - 5819)

Did you get the free voucher?

Or did you buy it?

to pass how many flag needed?

hey I want to know that PT1 exam ID verification needs web camera?

Yes.

You can also do it on a phone.

https://dragkob.notion.site/pt1-review-dragkob

The main factor is whether the AI grader like your report. I would say 9/10 flags with a "good" report should be safe, but if you get 8 flags with a "great" report (in the AI's point of view), maybe you can also pass with that.

Hello, I have a doubt regarding the reporting. If I chained x vulnerabilities to get a flag, which vuln should I report? The most consequential one?

if i passed the PT1 am i eligible to use my retake?

Is there any mod or team member that can help me with the xss poc? Returns xss failed

The hint is on the RoE. Read it carefully and check thorough

Is it necessary to be persistent/stored?

Yes.

Self DOM XSS doesn't count.

Makes sense but there is no information regarding that

Thanks

It's pretty obvious IMO. A self dom XSS isn't a vulnerability, it's like opening the console and changing stuff on the website client-side and claiming it has been hacked.

Unfortunately the second time around I still wasn’t able to pass due to web app section, however I did do better than my first attempt overall on the test. Funny enough I was able to even find a flag and finish finding report on the test literally 2 minutes left on the clock.
Recommendations for those studying, do the “Web Application Fundamentals” and the “Web application Pentesting” rooms as I did catch myself referring back to each one trying to fish out nudges/help

how can we get physical certificate?

I am going to be taking the PT1 soon, is there any tools that are prohibited on the exam? The exam FAQ page seems pretty empty

Also for AD do we expect it to be blind or assumed breach?

hello, I am on my first attempt on my pt1 exam but having really big issue. Cannot connect to ANY target. I tried kali linux and the attack box but the results are the same. This is the output of the commands ip route | grep 10.200
10.200.48.0/24 via 10.50.46.1 dev lateralmovement metric 1000
10.200.150.0/24 via 10.50.46.1 dev lateralmovement
root@ip-10-10-187-231:~# nmap -Pn -p- --min-rate 2000 10.200.150.100
Starting Nmap 7.80 ( https://nmap.org ) at 2025-08-16 09:52 BST
Nmap scan report for trybankme.thm (10.200.150.100)
Host is up.
All 65535 scanned ports on trybankme.thm (10.200.150.100) are filtered

Nmap done: 1 IP address (1 host up) scanned in 67.06 seconds tried to restart the network but again, it is not working. Please, help me. My time is running and I do not want to fail also the network says it is offline when I move from the dashboard and the machine. What should I do?

Hello yall,

Got the voucher for PT1 and I'm going to tackle the first try this weekend. From what I've heard the exam is pretty stable, but I want to ask if you experienced any issues with the environment and what will you recommend to use - the AttackBox or my own VM?

ofc VM

hey guuys, i just submitted the pt1 exam and im really confused about the points that were taken from me by the AI, is is possible to ask for a manual revision or smth?

from what I've read it is possible, make a ticket and explain them your concerns

How many point you get from the AI and how many flag you collected?

got 8 flags score 731, plus one vuln that i described but got no points out of it

I think 8 flag is very hard to pass but you can try. You need close to perfect reporting

Tbh, if you are using the free voucher, I will suggest to retake it again after the cool down as the manual review might take 2 week.

By that time, it might be too close to the expire date.

yeah i want to try, do i create a ticket or send a email?

Both is the same, it will end up emailing the support.

ok, thks so much

got stuck on the web, 1 vuln left

hi

Hello, when I go to check in for the exam, it says that my verification has expired. Does anyone know how I can fix this problem?

Hello, had the same problem here. Write a ticket to the support. They will reset it

thanks

any updates on physical certs or the special package for the first 100 to pass?

Whats the cooldown period if we fail ?

3 days ~

Anyone

Online

?

Is pt1 internationally recognized?

Like compTIA or ceh

No.

I'm experiencing a bunch of network timeouts on both the vpn and the attackbox.... is there a way to get support

This is actually ridiculous how bad the exam network is… I cannot connect to any machine anymore

also getting a lot of issues where after I take a screenshot the attackerbox just won't take inputs or defaults to holding command... this is actually a horrible exam experience

@keen sleet or @ebon creek any advice, this is actually impossible to work with now. My attackbox won't let me type or select, it has alt held down and won't let me do anything

Chat, I'm cooked, solved AD and network in 4 hours, spent the next 20 hours doing web only to find 1 flag... 20 hours left, hopefully a brain blast kicks in I CAN DO THIS

atleast your machines work lmao

My name has been printed incorrectly on the certificate in PT1. Is it possible to get it corrected?

Sorry but I can't help you with that I am not a staff member , I don't have control over the configuration of machines/networks . If you have connection problems maybe you could try with changing the VPN server and regenerating vpn file

Fingers crossed 🙂 🤞

Reach out to support on the email below

Hehehe

I've forwarded your message to staff channel , if somebody is available today they will respond asap

@whole beacon My Network Pentest reverse shell is really slow. Windows machine. Other labs just works fine

And yes, reseted it, regenerated config file, none of them didn't work. Same issue yesterday too.

Thanks, this is kinda crazy though that the cert exam is this unstable. I am wasting so much time on the exam just battling network errors

Gave +1 Rep to @ebon creek (current: #1 - 5831)

I haven't been able to access the web section at all for more than 10 minutes without the attack box freezing, network issues, lack of connecting to the vpn, etc

@keen sleet Update. Not working at all.

@ebon creek @rain raptor

I've only 5 hours left and have to travel in between too

Sorry but I can't help you I am not a staff member I don't have a control over network configuration

So I'm doomed

Yeah the network is cooked, idk why they have this exam out when it is so unstable

I have to reset the full network every ~10-15 minutes to make any progress

Well i forwarded your messages to staff report channel but they don't work on weekends + they may be in a different time zone than us

The exam doesn't seem to work on weekends either 🤷

@ebon creek if this is the case then what will happen if the attendee gets failed? Asking this out of curiosity. As I am writing a review on THM PT1 examination.

Shall the attendees not start the examination over the weekends?

You should reach out to support on the email below , they'll probably you with some solution/compensation for inconvenience

@ebon creek Thanks a lot

Gave +1 Rep to @ebon creek (current: #1 - 5832)

Did you respect the RoE?

Did they start shipping the physical certificates?

Highly doubt, I've been waiting for like 2.5 months now.

But it is known that the delivery of such stuff are very slow at THM. People have redeemed their prizes (On the profile tab) and haven't received anything for months. Disappointing, but that's how it is for now.

True, it's not even limited to just the deliveries. I've been invited to meet with them twice and both times they've never shown up for the meeting.

Hello, I failed my exam. Since I won the voucher from the giveaway and the voucher was valid till 30 August, does anyone know since when my retake voucher is valid?

Reattempt you will be able to do after 48 hours

eeeh finally passed my PT1

Congrats 🎉

I now have 2 flags on the WEB, 2 left and I'm done, WERE SO CLOSE BOIS

Let's go! Good luck peeps, I hope I will be doing it soon, too. Right now I don't feel even close to be ready

Gave you the role.

If the machines or the network don’t work during the exam, send them an email, they will compensate you with extra hours. I also couldn’t get it running for about 2 hours, got frustrated, and left. When I came back, they had replied and added extra hours to my exam.

The network, by the way, seemed to start working on its own after about 3 hours.

Today I gave the PT1 exam. I submitted the actual flag, but they gave me 0 points even though the flag was completely correct.

Only 1 Points needed to pass

@keen sleet thanks for the escalation, cleared it 😁

Gave +1 Rep to @keen sleet (current: #29 - 357)

Hello!

Ended up getting 3 of the flags on the web app, and I passed! The last vuln will haunt me for the rest of my days...

Congrats , great job 🙂

So far even with all the network instability and reset every few minutes I managed to get:

• 2.5 web flags
• all four network flags
• all ad flags
  Still got ~23 hours left but got to do all the reporting. Found plenty of vulns on the remainder of the web app just haven’t gotten the full 3rd flag or a flag for some of the other vulns

Think I’m in a good spot assuming the network starts behaving

Still probably should get extra time since the infra is super unstable

I think I’m cooked since I’m about to be on an airplane in a couple hours but we will see

For the reporting is there a style guide we should follow or any guidelines on things like writing from an agnostic threat assessor? For work we write “the offensive security team found X…” but wanted to check as we are an individual

You will need to reach out to suppport on the email below

Hello, I have received the pt1 free voucher. The email states that I have until August 30th to take the exam, so can I start the exam on the 29th?

This exam is crazy hard. It does not match the training provided by THM at all. Pretty upsetting honestly.

Everything in the exam is totally fair. Only part I'd say is unfair compared to the training is the Web part.

support@tryhackme.com

Gave +1 Rep to @keen sleet (current: #29 - 358)

Do we have to wait until UK time am 9? Are there no relevant personnel on duty now? Thanks

2-4 hours of overlap is the best you will get.

Managed to pass the exam even will all the exam issues 😎

AI grader sucks lowkey tho

@keen sleet How do I get the PT1 role? I passed the exam recently!

Done.

@proud gale @plush solstice Congrats guys 🙂 🚀 🔥

Shouldn't take more than a week

?

Support is only available on the email below

Alright. This AI has indeed affected the overall exam experience. But I appreciate your response.

Just to be clear, the AI grader does not touch the flags, these are checked by traditional matching

Flags are just basic string matching. There's very little place for error. It's most likely a user-induced error: an extra space, character, not saving the flags correctly, etc.

How do we get the welcome kit once we received our pass?

The welcome kit?

@keen sleet i've passed my pt1 i can see i can retake

if i retake and get failed i'll consider fail?

also how I can get physical certificate if you could tell

Quote from the website: Step 3
Get certified and get hired!
Access your digital certificate, celebrate your achievement with a Credly digital badge, and receive a physical welcome kit.

Oh that probably refers to the PT1 physical copy of the cert.

You can either order it or get it alongside other goodies for free if you are in the first 100 to pass PT1.

We have been waiting for around 2.5 months so I wouldn't get your hopes up for now.

can anyone answer this ? and mod staff members

support@tryhackme.com but they're not ready yet so no point.

cc @rapid bolt

QQ: For the ones that have the opportunity to complete PT1 before August 31st by having a previous cert like OSCP, does it also include the premium 3 months of learning? If that's the case I've never had the premium activated on my account and was met with a paywall whenever I tried to visit the training/rooms.

Where can we order the physical copy?

Hi guys, just why I can't reset the lab ? I asked to reset like some hours and go and still... not reset and can't click on the button agian :(.

Nvm finally reset I guess, rn I'm doing a break, I can click again on the button but yeah... +2h.

How can we request the real certificate of pt1?

I want to buy it

You have been asked to wait at least a week, please stop pinging all the staff members. Manual PT1 reviews can take up to 14 days.

Not available for now.

Hi, I passed a few days back I just wanted to know. Has already 100 people passed? Is there any chance for winning the physical cert( it looks awesome by the way)

what do you mean by winning the physical cert?

There was a reward for first 100 people

oh really

lol

how u know if u are first 100

😑

I am literally asking that

/is there a api

i see

Yeah

🤣

PT1 is awesome probably best among the junior certs

hmm

exam i think is good for like tech interview

for job

but the AI grading system...

I want PT2 to be on the level or above og PNPT/OSCP. Tryhackme is doing great

i have bad experience

Thats the only down part probably

yes

The AI grading

maybe a CPE system to renew the cert

also

Other than that.my experience was smooth. No disturbance of the exam environment

most exam can do that too

at least for my experience

Gave +1 Rep to @keen sleet (current: #29 - 360)

heya! did you take it finally?

@junior drum Not yet. I am doing a real pentesting assignment right now (my first!!!), so the study has been postponed a couple of weeks. My plan is to take the exam in October.

Take a high quality image file to a professional printer and have them do one up for you.
Select the paper, fonts n stuff.

Hi in verification process error saying your session has expired

How to solve it

@lime fulcrum

Anybody know how to verify for PT1? Do I need a cam on my desktop computer?

Ok, saw this: #pt1 message

What about your session is it working because it says to me your session has been expired I mean the verification session

Hello! I received an exam voucher for PT1 during the promotion (that expires on 30th Aug). Does that include a free retake as well or just one attempt? Would appreciate if anyone knows, thanks.

I'm not sure what you mean, but the cam is just needed for the verification of your ID. So, I guess if you already verified you self, it does not matter if the session is expired.

In the exam details you can see in one bullet point:

Attempts: 1 free retake (further retakes cost £100)

Does the expiration date apply to the retake as well?

ticket to the support is already submitted, but I wanted to check here if there is some faster way to resolve this problem.

found 2 vulns in the web part of the certificate, but seems that the script doesn't generate the flags correctly for the format the the report is expecting.. any thoughts on this?

I don't know.

I think that it's the same, for the voucher for sure is

any mod on here?

What is the issue 🙂 ?

support contacted me about this one and said to reset the env and wait 5 minute - did that 3 times and waited more (one time 30 minutes) - the problem with the flags is still there and no more feedback (probably flooded with requests,but yeah).

I want to know if there is something I can do at my end to resolve the issue?

hey, im getting

Your session has expired

The SDK token provided in this verification process has expired. Please go back and try again

during my check in process

what am i supposed to do

have you managed to check in successfully or not yet?

nope

still the same issue

the only time i got this is when i was too slow for the selfie, at which point you get this error?

as soon as i click check in

it shows up , by some onfido security

i am doing it on pc, should i try switching to my phone?

yeah try with the phone - scan the qr code and do it from there

same thing on phone

as soon as i click next step after typing my real name, it shows me SDK token provided has expired

Ahh man i was planning on giving it today because university starts next week, and they arent gonna reply till monday probably

pain

not sure then what to advise you, except to open a ticket to the support and wait for them or someone in here to answer with some resolution

yeah i sent a mail

nvm, they replied so fast it got fixed

and i'm still waiting

praying you get your reply soon my brother

all prayers your way

Anyone encounterd the "Answer is too short, ensure the answer follows this exact length:" while trynna submit a flag in the PT1, Report ?

It's expecting a format other then the flags given in Network section

exaclty my problem

found 4 (for sure correct vulns) and the flag is not in the format it should be

I emailed the support still waiting for a response

Same

please ping me if they give you a solution as from 12 hours - the only thing i got is "reset" and then "all is good, don't reset much" - but all is not great

HAHAHAHAHAH aight will do

I have the same problem

anyone can help???

i sent email to support but dont receive rely

their operate in a certain region/timezone

i can not connect to vpn

anyone can help me

Hi! I'm currently taking the exam, and I can't ping the workstation IP but I can ping the DC IP, anyone can help?

Will the new exam environment be the same or different one if we take the second attempt?

@snow stone 2 hours left for my exam and still haven't got an answer about this from support

any updates from ur side ?

absolutely nothing, it's sad..

got little more than 20h myself but...

man I miss TCM's support!

I have logged a ticket on a bug with the flag in my exam environment but have not receive a reply. Anyone knows how fast they would usually reply? Or if there is a support admin in the discord that would expedite or reach out to

I think i am in the same situation as u…

I'm talking to support rn they said the flags are expected to be uuid when i got them as a hash

so confusing

Mine is not even in a uuid format which is what it is expecting sigh

they are currently investigating @heavy gyro @snow stone

nice, love to hear this

Hope they compensate some time loss xD

would be really nice if it's possible

Yess support told me they will extend time

My ticket number is #29151599 if they want to group and resolve the issues together

I'm on a chat, can't see a ticket number

Ticket ID #28810105 if it will be easier

As long as you have proof of your actual flag values in your exam, so screenshots of the flag with the date, a manual review would give you the points. It looks like the flag generation system decided to not generate UUID flags for the network portion for one or two of the exam attempts. The team is investigating why. But as long as you have proof, the manual review will award you the points for the flag values. That's why we have the manual review process. But it can take up to 2 weeks for a review.

I have the screenshots but without a date, that means what ?

Means we can only use the flag value to verify that the screenshot belongs to you. Each flag value is unique, so that should be okay. But better if you include the date then it is correlated to your exam date as well.

And that"s gonna take 2 weeks ?, if so and the generation system is fixed I'll just redo the Network portion

I got the problem in all 3 domains - Network, Web and AD

😮

I authenticated into your network and checked. Your flag values are correctly populated.

I'm confused.. can you contact me in the ticket so you explain - as if they are correct then the report platform is broken

Your message was: I got the problem in all 3 domains - Network, Web and AD

So what I did:

• Authenticated into your control server
• Checked your unique flags and verified that all of them are UUID, which they are
• Authenticated into your webapp and confirmed that it populated the same UUID 4 flags, which it did
• Authenticated into your netsec windows box and confirmed the user.txt flag is UUID, which it is
• Authenticated into your AD WRK machine and confirmed the flag.txt is UUID, which it is

So I'm not sure how you got this non-UUID problem in all three domains? Unless you are facing a different problem that isn't related to this issue?

Maybe that's as of now, check his logs from when he typed the flag values to confirm

from my side I still have the same issue, tried to redo one machine and still getting flag as a hash format the same one i got in the beginning

Cause your flags are not UUID. So they won't change. As mentioned in my previous message, there was an issue in your exam with the flag generation so it gave MD5 instead of UUID. But as long as you have proof that they are your flags then you will get your points.

What's I'm trying to say here is that user's shouldn't just automatically jump to the conclusion that everyone is facing the same exact issue.

And if the system is generating md5 instead of uuid would that be my issue ?

u said if that's the case i can provide screenshots

but that will take 2 weeks ?

2 weeks for verifying the flags that the system gave it to me wrong

and to get my cert

??

It is confirmed to be your issue. Team already checked.

If you can't submit those flags via the automated system (which the team it trying to do a fix for), then yes, manual review. And manual review takes up to 2 weeks, since we get a lot of requests and need to work through each.

issue fixed ig ?

just retested on the windows machine

New values should have been pushed for both your Windows and Linux machine. So your two options is either just grab the four flags again and submit the correct ones. Or the manual review with the old flags

Flags grabbed

PT1 passed 🎉

Hello, guys, is there a chance to extend my voucher? To be clear, I won it in the giveaway and failed the first attempt.

support@tryhackme.com

congrats man!

About to start the exam. With all the issues we keep hearing about, wish me good luck 🤞🏼

What did end up happening with your flags?

nothing, still the same.. i just keep trying to find everything, need 3 more and then I'll hope for a manual review

they said my flags are not broken 🤷‍♂️

I took an exam 8 days ago, and still generating correct flags for the Network Section is not working? I have a second attempt, valid to the end of month, but I'm scared to use it, if problems with flags still exist.

anyone had problems when submitting the exam got 0 points in summary or something?

is the flag problem resolved ? i m planning to use my retake

Hey, everyone. I'm going to attempt PT1 exam in a day or two. Wanted to ask a few things before I attempted it.

-> I know the exam is 48 hrs long. Does that time include reporting or not?
-> If the 48 hours does include the reporting work, how long would it ideally take to get done with the reporting task?
-> Also, what will I need for verification process and how long does that take?
-> And, how soon can I reattempt the exam in case of failure in the 1st attempt ?

Thanks, and please wish me luck. I'm not too confident about the web-app part, but I hope I make it. Cheers 🤞

Includes reporting. You need an ID. 2 days cooldown between attempts.

Hi guys, I am having trouble with verification process

support@tryhackme.com

does it take a long time usually?

ah support will answer in 2 days , damn

Thanks. Any idea how long should reporting take ? I'm trying to plan out my time within this 48hr duration.

Gave +1 Rep to @keen sleet (current: #29 - 365)

Not before tuesday. Monday is a holiday.

Does PT1 include reverse engineering?

No.

i have question if i fail PT1 and do retake so i can do retake in next 12 moth. right?

HI, guys, I do have problem in starting in the exam, the id verification URL does not work porperly, showing your SDK token expired, already drafted mail to support team but I think they replies on monday to friday.
Can anyone help me on this?

@novel coral @keen sleet @ebon creek

I had the same problem , you will have to reach out to support only they can help you

You can do it before your voucher expires

so my voucher with expires in the end of this month and i failed today so i need do before 31/8

right?

yeah

yes thank you

Ok,thank you.

other than mailing them. is there any other ways to contact the support team?

Hi. I’m currently taking the exam and the AD Workstation is down. I have reset the network over 6 times. Is it from THM’s end or am I missing something?

i have prolem with web PT1

I triggered xss sucess but when curl reponse is fail

check the "Scoring" in the dashboard - maybe it can help you

Hi Good Morning Everyone

Currently writing my PT1

i need some help

anyone currently writing it ?

you shouldn't be asking for help in a live exam

I'm not asking for answers

I'm asking for tips

Hey I'm doing the pt1 now I am using attack box but can't seem to reach the trybankme ip i ping it it seems to be down I try to search the ip in a browser connection gets timed out anyone help

have you generated the vpn file?

make sure the file has a size (many have a 0kb size at first, had it this morning)

Im using attack box

oh i dunno then sorry 🙁

Unfortunately tips are not allowed either

run tryconnectme in the attackbox

It will tell you what the issue is if you have any issues

can i have question i see one xss vuln
the api when curl is http://ip/api/v1.0/xss
or another api ?

although web have vuln but i dont get any flag

Is there anyone from try hackme that can help

Anyone from tryhack me please help

@raw jay better get a kali vm i think

it's the weekend, not sure they're working

I downloaded the vpn file and tried to connect through that too using openvpn still cNt pin the target

I.p

did you check the vpn file size?

too bad the report doesn't take markdown

i am Facing issus on Verify your identity page

show error message
Your session has expired
The SDK token provided in this verification process has expired. Please go back and try again.

what to do Guys?

Can't even reach the target i.p what exam is this

shoot a mail to support

I Mailed , But No responce Get

My PT1 voucher expires Aug 31. If I start my first attempt on Aug 25 (ends Aug 27), and then do the retake on Aug 30 after the 72h wait, will both attempts still count even though the retake runs past the expiry?

hello, i was wondering
do the flags reset also if i reset the network during the exam?

In my case, it did not

I wonder how many started the exam and thought "I don't have what it takes"

If I submit my first flag will it grade my reporting on it or does it only get scored at the end?

scoring is done at the end

In the PT1 exam, I’m facing issues on the ‘Verify Your Identity’ page. What should I d0 ?

Error Msg
Your session has expired
The SDK token provided in this verification process has expired. Please go back and try again.

Try logging in again

I tried, logout and again login, i used diff bowers also

Please help me

support@tryhackme.com

im getting the same exact issue as you, were you able to figure it out? I tried all the solutions mentioned

I Sented Mail , but there is no responces

Yup same here, I emailed support, logged out, cleared my browser history and cache and getting the same issue too

It's the weekend; people don't work on the weekend.

No reply before Tuesday. Monday is a bank holiday as well.

Hi, is there any support for pt1 ?

NetSec servers are constantly going offline

AD servers are slow as hell too

Probs gonna give up on this exam... the environment simply won't stay up :/

Restarted 3 times, and half the machines are bricked. Hope support can supply something when they're back online.

https://tenor.com/view/never-give-up-fist-pump-motivation-motivational-gif-4892451

is it normal if I just shut down my pc ?

hello can someone help me how i can get fast support from thm team , i am facing technical issues in exam

Not such a thing, especially during the weekends. Wait until Tuesday and use the email (don't use the chat follow-up)

ok

What's the issue?

fixed

erm... my flag changed as i was doing the assessement (and now it's not in the right format anymore) Oo did it happen to someone else?

just saw that, i did get an md5 too on the reset...

Well i'm amidst my exam and tbh, i find it quite frustrating that :

• networks are unstable as hell (resetting the netsec again cause the machine isn't responding anymore... again and for no reasons)
• flags are not fixed
• report is buggy and the formatting is quite difficult
• reports are definitly missing pictures
• AD is slow
• verification process buggy (i think that might be the most documented thing around)

I get that it's nice to have a 48hours format exam as many others, but at the least it would be awesome to provide a fully functioning environment or at least stable ... it really feels like juggling with machetes, porcelain and a drunk sailor here to keep it all working at once

I exploited about 14hrs ago only to start reporting and now i'm seeing that the flag was not correct( was changed from the initial one😒😭) i had to exploit it all over again i hope it won't invalidate all my flags, exploting all 3 labs all over won't be nice

Let me guess...netsec?

Yess 😤

URGENT - any mods available to help with flag submission for PT1 exam?

The flag from my windows netsec machine bears no resemblance to the correct format.

Same...

Same for a lot of people, md5 generated flag instead of uuid

mine is literally just text, no uuid or md5

I almost submited a user flag as root flag because of this stress lmao

You may need to reset the environment

It's the same for AD too c'mon guys 😭

reset and it's now giving me an MD5 - this is ridiculous

The SDK token provided in this verification process has expired. Please go back and try again.

i am getting this eror can someone let me know how to solve it

Is the attack box down too ??

reset it again, i did and it turned back to uuid........................................................................................................

yes, had to do same

The SDK token provided in this verification process has expired. Please go back and try again.
i am getting this eror can someone let me know how to solve it

anyone

support@tryhackme.com

guys if i buy PT1 voucher do i get option to like set up date when i will do exam or does it starts in 3 months after i have bought voucher?

i am confused

you can choose whenever you want within a year, you don't have to set up a date prior to taking the exam

https://www.credly.com/badges/159dbe74-a771-487b-89f1-5bab50affe5f/public_url 🏃

Congrats mate

Thanks man 💪

congrats Egzy!

Thank you 💪

Gave +1 Rep to @snow mango (current: #835 - 7)

Quick question. Do you folks reckon I can pass the exam with 4 netsec flags, 2 AD flags and 2 webapp flags (assuming my report is decent) ?

sounds possible IMO

is this room enough knowledge for writing pentest reports

for pt1

The onfido site isn't working for me. tried several browsers

I would say try for one more web flag. If AI grades your report badly then this will be very important. If you want to pass with 8 flags then you need to be sure all your flags and vuln id are 100% correct and your report is on point following all the procedures detailed in the writing pentesting reports room

Unlikely you'll pass with 8. Rarely possible.

I am worried my network flags are not the correct format. Should any flags read just plain text?

It does looks like its in the wrong format

What do I do in this case?

If i reset the exam environment should i resubmit the flags?

I had this earlier, had to do a reset of the environment and exploit again to get the correct flag

Will I have to redo all 4 flags? Only 2 of the flags are messed up.

personally, I did just in case... up to you though

Were the flags the same or diffrent on the other set?

It was the network ones that were messed up for me... AD was fine

am i the only that have been cut from the network ?

is there an admin/mod that can help by any chance? i restarted the network, regenerated the vpn file and still nothing when i ping 10.10.10.10 i have a 100% packets lost whereas when i'm using the tryhackme general vpn file everything works fine ......

any staff member please?

does anyone know if I reset the lab enviroment of the examen (PT1) the flags change?

they do for some, and don't for others

This test has been super buggy

Not a fan so far

I already exploited a vulnerability on the web app but I dont get any flag, does anyone know why?

@plush vector sorry for pinging you, just to know if there's any support whatsoever or if I can just let it go, I've been out of the network for an hour, even the attack box is off of it and I have less than 10hours left, should I consider this failed ?

No worries 🙂 - No, how many times have you reset the network or have you tried resetting the network?

I don't recall tbh, I'm going to do it again

I've also regenerated the vpn file twice

Try reset it, wait 10 mins and see if the attackbox will load back up

Thx

still got nothing... i'm still out of the vpn connection, regenerated the vpn file, tried with the attackbox too...

I do not know what to think … i m going to retry this exam because i failed with 729 … and i think that i mis a flag for a bug …. Hope the next try will be successfull

@plush vector nothing at all 🙁

made a support ticket, it's going to be a wrap for me and that really is frustrating all the network issues, vms, flag bugs...

Try run tryconnectme on the attackbox

used the thm-troubleshoot script

shutting down my vpn i'll try on the attackbox again

not working :

We will have to debug that! Let me run some diagnostics....

ran the script twice

And on Discord, please provide the output from:
  /root/Desktop/NetworkConfigs/logs/pt1-network-3.log
root@ip-10-10-229-152:~# cat /root/Desktop/NetworkConfigs/logs/pt1-network-3.log
cat: /root/Desktop/NetworkConfigs/logs/pt1-network-3.log: No such file or directory

and even a third time ... still the same

They don't

AD section is kicking my but

At least you have access to it 😂

lol you asking for help on a certificate exam?

I messaged you. the web was also broken for me

You don't give a shit you're cheating in an exam?

??

Has anybody found that a user flag is missing in the exam environment that is described in the rules of engagement / deliverables? thanks

Anyone knows the intended way to submit a partial flag, as described in the RoE? It implies that that's a possibility, but then validation on the report fields actively block submission until it matches the expected format (which is a full flag).

You need 2 half flags to be able to submit the full flag.

You cannot submit a partial one.

Basically, a partial flag awards you no points.

What about an identified vuln with no flag?

If you identify a vulnerability but are unable to fully exploit it to receive the flag value, you can submit the vulnerability without the flag for partial credit.
For the same validation reasons as with a partial flag, it's not totally clear how you could "submit it for partial credit"

Could we get the physical certification after passing the exam ?

Hey, so, I found an XSS but i can't retrieve the flag, I've been stuck here for a few hours now

Nothing there

Not available yet.

That's reliant on the Vuln ID. If the Vuln ID is correct, but you couldn't find a way to get its flag, you'll get points. But it MUST be the Vuln ID that has a flag behind it.

It must be a stored XSS. Self-DOM XSS does not count.

Oh I see. thanks

Gave +1 Rep to @keen sleet (current: #29 - 368)

Hi guys can someone help me with the gatekeeper

https://tryhackme.com/room/gatekeeper

I passed that, but the web part is really hard, so I'm now doing the network pentest

Nice, best of luck.

thanks for the hint btw

thanks! 😄

Gave +1 Rep to @keen sleet (current: #29 - 369)

Is it possible to ask for or get a manual review on the reporting aspects of the report? Like CVE, description etc.

@keen sleet ib my man hahaha