#site-support

Did you get help, or do you still need assistance?

If you are using virtual machines (VirtualBox | VMWare | etc.)

Ensure that you have "Shared Clipboard" => Bidirectional & "Drag'n'Drop" => Bidirectional

That should help if you are running virtual machines

where is that found (firefox)?

It will be inside of your Virtual Machine settings.
Are you using a virtual machine?

I am assuming that you are using;

Windows 10 -> Host Computer
Kali Linux -> Virtual Machine

No I just used "Start Machine" on the room

Gotcha. So you are using the built-in computer inside of the browser.

Try this;

Copy the text you want to paste...

CTRL + SHIFT + V

That should paste it.

Nope

Pastes whatever I have on the clipboard of the machine itself

Hmm. Not 100% sure then. I use the OpenVPN and use my computer to connect to the servers from THM

Well Im just finishing Jr Pen Test Path and my planw as to start working off my own "attack" platform and then doing CTF's

just annoying as heck when I need to input a bunch of code haha

I know the feeling.

Copy/Paste is really helpful in almost every circumstances.

Thank you! And thank you for fixing my streak recently. Much appreciated.

Gave +1 Rep to @bronze vale

I contacted support with this question and got a response of "It should be explicitly stated by the room that it can be streamed. If the room does not say it can be streamed, then streaming isn't allowed." So I've been looking for rooms that say in the room that it can be streamed. I did notice some rooms saying that they can be streamed after writeups are approved.

Hi, yes, I am support, I’d love to see a screenshot of that in-case I made a mistake

Can I DM you?

Mhm

Thank you for asking

hi. I would like to change my username.

Contact support for this, they'll help out.

!email

im here

Run the vpnsscript in general and tell me what it gives you

!vpnscript

Saw I was too late

All good

actually it says that the operation takes longer time than required and then doesn't do anything

is like rarely my VPN works now

Send screenshots

K sure

And where are you located?

Hi, I am in this room right now ' Walking An Application' , on this task: Viewing The Page Source, and trying to open the link : https://lab_web_url.p.thmlabs.com/ , but getting 504 error( it worked 30 minutes ago, but not now) could you check it, please? or should i just wait till they get it up and running back?

Egypt

Your machine has run out, press the green button that says "start machine" in the task

Can you send a screenshot of the output of the script

here u go

Okay, vpns aren't banned, so that's good

Yeah it used to work

Send a screenshot of running the normal VPN

No tun0

k

It gives a better troubleshooting, please add verbose mode

-v ?

Oh, then it's new

My bad

That's why it ain't working then

UDP is

Egypt requires a TCP connection, of which we do not offer

Ahhhh

Yeah, that explains a lot

@spare laurel are you able to use attackbox?

Lol fr?

yeah but it's not the best practice

also i wanna work on HTB

Htb has tcp

oh , lemme try it then

I think if you use TCP on openvpn it should work

Tryhackme doesn’t offer a tcp connection

Ahh was thinking of HTB

Yeah, htb has TCP option

nix box in CSP then 🙂

LOL IT WORKED

the TCP works perfectly

Nice

HackTheBox, should work, depending on where you are in Egypt sometimes it's a full blacklist on the OpenVPN service and other times it's only a blacklist on UDP connections.

So what am i supposed to do with the THM VPN

What's keeping you guys from adding tcp connection? The speed?

Why there's blacklists on UDP tho

Ask the Egyptian gov

Unfortunately, until we offer a TCP alternative, your only option is to use the AttackBox.

Sadly, it is against the law to circumvent country blocks which is why I can't offer any further advice.

While there’s a site mod here. If someone uploads a machine intended for koth can it get added for koth

OH NO

I'd have to ask, I can't provide a definitive answer.

thanks! I've done it, but no luck 😦

Gave +1 Rep to @pastel tinsel

No worries, looks at the half written cover letter for an application

THank u so much for the details of the issue

Gave +1 Rep to @bronze vale

Try ctrl+f5 should clear cache, see if you can start it again

Currently, we do not accept community KoTH machines due to the setup requirements per machine.
You're welcome to contact the community KOTH staff in the KoTH channel ( @lilac ocean, sorry Discord won't let me ping Holmes so it's just you for now ) about possibly contributing to KOTH

Thanks

thanks a lot!

Gave +1 Rep to @pastel tinsel

Bruh

i got scared when i solved the first startpoint challenge

there's an output sound idk where did it came from ahahahahah

Bro i think i need to go to a doctor

You may try the tcp ovpn route in the Exploiting Active Directory network room. That ovpn file uses tcp (for that network). 🙂

so i can use it for any other rooms on THM?

Only to connect to that room, but that way you can check whether tcp works for you.

i checked it on HTB and it works perfectly for me

I like this discord

Hey guys, I am connecting to tryhackme vpn box using openvpn in kali wsl and I can access the machines inside the kali terminal but not on my windows. What can I do to have access to the machines/ips in both my windows and kali

Wsl is not that good to use when it comes to working with thm vpn, i would suggest a vm instead, but to answer your question give the windows machine the vpn instead of the wsl machine, then both machines can access, but you’ll get some troubles with reverse shells

my idea is to not use a vm instead finish all the necessary steps to solve the machines only in windows and my idea is to use kali wsl

You can port forward wsl, so if you want you can set that up

can you help me with this ?

This shows a little on how to set it up, i can’t personally help right now

https://www.hanselman.com/blog/how-to-ssh-into-wsl2-on-windows-10-from-an-external-machine

Thanks @pastel tinsel this should be enough

Gave +1 Rep to @pastel tinsel

Just skip the ssh part and just do the port forwarding

okay I will do that

https://i.imgur.com/jutxESe.png

It is working fine thanks

I am able to get a reverse shell without a problem

Nice!

Is there a way to change the country of my account? Mine was set to England and idk why

#site-support message

thank you

🇬🇧 != England.

United Kingdom ik sorry

The filter "Hide Completed" on the My Rooms page doesn't seem to work. It remains displaying all rooms.

Yes, it is a known issue 🙂

the team is aware of it and IIRC they are working on a fix for that

Hello

Morning everyone

this type of msg would belong in #site-bugs for future reference 🙏

How do u guys set a GIF picture on THM

you need nitro for that but this is not a tech-support question 😄 tech-supp is for THM site related issues

I mean the profile on THM

not discord

ooh

I have issue with ovpn

after finding ways to make it work from the Terminal, it doesn't load the desired IP address from the browser, It doesn't connect from Burpsuite alsp

Firstly, are you sure FoxyProxy is turned off while you are trying to enter the desired IP from browser? (As the packets go intercepting in Burp Suite)

I do not have FoxyProxy extension

Can you send a screenshot of the vpn connection

That's a screenshot of the ovpn instance on the Terminal

And try ping 10.10.10.10

the VPN is running in tun1 and it's 1500 mtu

Mtu isn’t a problem, but tun1 is

!vpnscript

It's a problem, take a look at this message

Here's ping 10.10.10.10

Yeah, run the script i linked, it’ll fix the problems

Okay. on it

Does vpn script fix extra tuns?

Yes

Kills all running openvpns

Here's the error message I got

Sudo killall openvpn

done. restart the troubleshooting script?

Yes

It looks like It doesn't even work at 1000 MTU

It’s “failing” cause it’s above 1000 it’s a script problem

If it’s still broken just run vpn and give this command in a different terminal
sudo ip link set dev tun0 mtu 1200

it still failed at 1000 MTU

run the openvpn after this command

okay

OpenVPN should be running at the same time as the command

Jabba, doesn't that script checks connection while decreasing the mtu?

It does yet, if it doesn’t break first with the message that emperor shows

Ok, thanks for response.

Gave +1 Rep to @chilly pike

Yeah, i have read through the code like 15 times 😄

Hello! I want to view my certificates that I achieved completing subscription rooms, now that I do not have access I can press the button "Certificates" because it ask me to subscribe. There must be a way to get my certificates since I have completed the room. Any help?

Well not script script, but the mtu checker yes, i’ll play around with it myself

I ain’t sure which is why i want to play around with it, i haven’t had time lately to do it 😄

Kind of feels like cheating, but is there a way to get a streak back?
I just moved before the holidays and with all the stress lately I forgot to do a few questions yesterday and only realized after midnight. The same happened to my gf, but unlike me she is doing Duolingo and there she has a streak saver (with which she is now taunting me).

Contact support

!email

I think there is something wrong with the static THM badge, originally and then after regenerating, the rank and completions don't match and aren't accurate. Anyone else?

Mine is acurate.

Hey! Could one of the mods please remove the token from my old account? Would be nice!

How do i set up burp suite to capture traffic coming from other browsers than burp chromium?

You can set a proxy with FoxyProxy extension in firefox

Or any other browser.

Not limited to firefox.

I see, yeah

https://null-byte.wonderhowto.com/how-to/use-burp-foxyproxy-easily-switch-between-proxy-settings-0196630/

Thank you 😄

Foxy Proxy is one way. For other browsers, you have to set the proxy setting to the BurpSuite proxy port.

What happend with this error?, I don't understand:

fire.windcorp.thm’s DNS address could not be found. Diagnosing the problem.
I edit the /etc/hosts

I send a ICMP with ping to the host and I don't have response**

in the LinPrivEscNFS room, task 11, I have to run a compiled binary on the target machine. But the target machine can for some reason not run the binary I have compiled because it needs a version of GLIBC which is not present. Nor is gcc or any other alternative for compilation present on the machine. Does anyone have an idea on how to solve this?

you do not need to use a compiled binary..... also if you want to use that you gotta make a static binary that has all the libs built in or cross compile...
a better idea is to live of the land idea of using a binary that is already on the target and changing that to have suid bit set.... shadows recommendation would be the /bin/bash binary which then after can be run with ./bash -p to get a root shell

so i should move a copy of bash with SUID onto the NFS?

nah move a copy of bash into the nfs folder.... then follow along with setting suid bit on the file in the nfs share and setting owner and group to root... it kinda goes over this in the task text

or maybe it doesnt..... one of the older linux priv esc rooms use bash binary with nfs to get a root shell and it is most definitely the easiest way to get a root shell from nfs

aight thx, ill try and give it a shot

good luck

@plush bay my version of bash also requires the GLIBC_2.33 lib :( i would have a source a bash version that matches the box GLIBC version

you should be able to copy the bash on the target machine to the nfs share folder

hence why shadow refered to living of the land

i am, but the target machine cant run it because it doesnt have the lib

its incompatible

you mean to tell shadow the target machine can't run the bash that is from the target machine and already on the target machine???

no no 🤣 i cant do anything with the bash on the target machine, no permission

am i just missing somthing or is the room bugged?

on the target machine where you got a shell cp /bin/bash /path/to/nfs/share/folder
on attack machine
chown root:root /path/to/nfs/bash
chmod +sx /path/to/nfs/bash

then finally on the target machine:
./bash -p from the folder where you copied bash too

:(((

how the hecks do you not have write perms to /tmp????

I have issues with connecting to exploitingad network. It says that I am connected with the VPN, I have also set the DNS as needed and yet I cant reach http://distributor.za.tryhackme.loc/creds or ping any of the machines

i should have🤔 i think i dont have perm for reading the bin directory

are you using the general tryhackme vpn or are you using the specific one for said network

the specific exploitingad vpn

use the command which bash and copy it from there instead

for the network

and it says that I am connected to it in https://tryhackme.com/access?type=networks

Sorry if this isn't the right place, but how does the try hack me prize distribution work? Is there someone I can email?

yet I cant ping any of the machines idk

welp dunno then icebreak

they are windows machines... most of those don't tend to respond to ping

its random, but if you won anything dm over twitter or you can use the forum

oh true right

ok I ran nmap -sn -pn $Ip and it seems that the host is up

but still I cant reach the domain idk

uuhm shadow, if i run the copied bash i dont get elevated privs even throug it has suid??

did you forget to set the owner and group to root???

your so smart

Thanks, I'll try the twitter DM.

Gave +1 Rep to @lyric tree

they should also have contacted you through the email attached to your tryhackme account which you should reply tooo

i dont have permission for that either, maybe you need to tell a dev to look into it, since it seem's quite complex for a room that shouldn't have been

you need to do that on the attack machine

They did. I replied, got a reply back, but that's where it stopped. Haven't gotten any other follow-ups or emails.

yes, no perm "changing ownership of 'bash': Operation not permitted"

sigh

😭

I'm still having problems with configuring the DNS, I have the nameserver IP in resolv.conf, I have restarted NetworkManager but still it no work idk

on the target machine where you got a shell cp /bin/bash /path/to/nfs/share/folder

on ATTACK MACHINE
chown root:root /path/to/nfs/bash
chmod +sx /path/to/nfs/bash

then finally on the target machine:
./bash -p from the folder where you copied bash too

i.e you can change the permissions of the file in the nfs share that you have mounted on your attack machine

but you can't change them on the target machine

have you checked that you are on the right server, and not a different one like wrath#2 or somthing?

huh?

whats wrath#2

idk I am connected to the network vpn

I am using my own Kali machine

it should have been really easy but shadow has no clue where you are getting stuck geo

geo is refering to the wreath network there probably

could you send a screenshot of you running the chown and chmod commands....

idk, it worked like an hour ago. But then the network got reset and now I cant reach the domain. The IP of the DNS did not change tho

chown root:root ./bash
chmod +sx ./bash

as what you were trying was for some bash in some other place

you need to specify the right path

@plush bay

same on the target machine

use sudo

okay have no fucking clue what is causing said issues... this process has worked for everyone else

oh yeah sudo

obviously

everyone else ran kali in root user mode

thanks @tribal mason

Gave +1 Rep to @tribal mason

still doesnt seem to work🤔 the command does seem to work, but the bash binary still doenst elevate my privs

because you assigned it to root...

yes just run it with sudo..?

/tmp/bash -p

but you better check ls -lah /tmp/bash on the target machine too

yeep, ill do that and if it doesnt work i will restart the vm

I don't think you need to restart it.

i think, i have messed somthing up along the process

is this some room that you are doing? sry I havent read the whole conversation

Yeah, what is bash file doing in your VM?

is it supposed to be in the target machine?

ye?

it is a nfs share stuff drheap

im doing a SUID bit set exploit on a file share network, but the target vm's compiler is outdated

oh it's mounted, got it

and so i cant run any bin from my own vm

Oh that's really bad

it is the living of the land by copying the bash and setting suid bit and owner of the file through nfs to get a root shell

like the old example priv esc room

this newer priv esc room explaisn it terribly sadly enough

as it tries to instruct you to cross compile

@plush bay im litteraly out of ideas at this point

can someone tell me the process of configuring dns on Kali machine. I've done this many times but for some reason I can't get it to work rn after the network got reset

maybe someone is doing it differently then me idk

seems you got the right perms on the bash binary now... if you also have the sudo chmod +x ./bash too

rm -r /etc/resolv.conf
nano /etc/resolv.conf

When the text editor opens, type in the following lines:

nameserver 103.86.96.100
nameserver 103.86.99.100

He wouldn't be able to run the other way though

then after sudo chmod +s ./bash
then on the TARGET MACHINE
/tmp/bash -p

shadow feels like they are running in circles here

OK, I'm getting confused just right now

it litteraly just wont work

no errors and nothing

but just doesnt elevate

on the target machine can you do ls -lah /tmp/bash

and show the output

@plush bay

I did it with the proper Ip addresses but still I cant reach http://distributor.za.tryhackme.loc/creds

idk man it literally worked like an hour ago

hmm, maybe somthing or somone messed with the server. Can you prompt it for a restart again?

ye I need 4 more votes for that

https://tryhackme.com/room/exploitingad

right after it got reset I couldnt reach the domain

and the IP hasent changed

dang, i dont have much experience with dns bc i hate it. AND IT ALWAYS GOD DAMN DNS

can you try sudo chmod 777 ./bash in your machine

yeep still notting :(

type whoami then type id

can you guys do me a favor and click the reset button xD

seems you already got the root shell just did not notice

or at least you are launched into some shell with bash

still karen

🤣

yes

type exit

but its like the suid didn't play its part

then type /tmp/bash -p again

you need the -p

and show screenshots again after doing that

also you have just made shadow wanna quit helping now but don't worry they wont

its like the bin wont even work now that i execute it again.

trust me i wonna quit aswell

but i aint no quitter

i will find another way if this doesnt work

lol

what the hell happened at the /tmp/bash -p line...???? did you exit the shell directyl

hmm?

ls -lah /tmp/bash again please

somewhere you must be doing something weird but where the FUCK shadow is starting to be annoyed at

also probably use id instead

ah

makes no sense

you somehow lost the suid bit perm for /tmp/bash

BUT ITS STILL THERE

?????

on the file perms

nope it is saying 777 not 04777

omfg

why

or rwxrwxrwx and not rwSrwSrwx

so sudo chmod +s ./bash on the kali machine again

yeep, just did that, and still karen after i execute it

ls -lah /tmp/bash again

-rwsrwsrwx 1 root root 1.2M Jan 3 20:34 /tmp/bash

how many times shadow got tell you to use commands to check the perms is a good question

okay now the perms are right... so now do /tmp/bash -p then id

bash-5.0$ /tmp/bash -p
bash-5.0# id
uid=1001(karen) gid=1001(karen) euid=0(root) egid=0(root) groups=0(root),1001(karen)
bash-5.0#

if everything worked it should tell you euid=0(root) egid=0(root) somewhere

ah there we go

that is a root shell

lol yea just saw it egid

and euid

well there we go then

thx for the help and sorry about ruining your night

finally got what we wanted

lol

guess it is relax now

indeed

Is it "normal" for some commands to not work on TryHackmMe? For example I used an nmap scan on a target and the expected results don't show up. I watched a walkthrough of someone inputting the exact same commands and the results appeared instantly for them. Is there sometimes issues with the target machines?

Which room?

I'm on the Nmap room specifically the portion labeled "Practical" I used the "Attack Box" instead and all the commands work and the scans are really quick, but when I use my personal Kali Linux VM the nmap scans take very long to scan and when the scan finishes they dont show the expected results to answer the Q's

I presume you're using the exact same command?

Yup exact same command, it could be my VM or I could try downloading a new VPN profile I'm not sure if that would make a difference

If you could send your OpenVPN output log here, I can check it for you

You will have to verify to send screenshots

!docs verify

probably also make sure you are not running multiple instances of the openvpn

I think this is the log you mentioned. Not sure if this matters, but I ssh into my VM using the Mac terminal "iTerm2"

Where is your VM located?

So I use an application called "Parallels" which is stored locally on my Mac

Mhm, I'm familiar, aren't you using the Parallels GUI?

My bad by Parallels GUI do you mean using the Kali Linux GUI?

Yes, potato potato 😆
You shouldn't need to SSH from your Mac.

Open parallels, select the Virtual Machine you are looking to start, and then start OpenVPN from within the virtual machine.

From the screenshot you have provided, you are not connected to the VPN successfully

Oh right 😅 I just ssh into it so I can still use the applications that are on my Mac, like Obsidian to takes notes. It's just a convenience/luxury thing to be honest.

This is a screenshot of the vpn connection that is on the VPN without using SSH. Also how can you tell if the connection is successful?

It should say "Initialization sequence complete" at the bottom if it is successful

Does this Virtual Machine have an internet connection?

For example, can you use ping google.com

I am getting replies when pinging 8.8.8.8 also I redownloaded the vpn and got the "initialization" message you mentioned. I think we're good to go now

Awesome sauce, try completing the room again (or at least the nmap scan) and let me know if the results differ

It works the scan was super quick, thank you for the help!

Gave +1 Rep to @bronze vale

Not a problem:)

Hello, not sure if this is the appropriate place to report/discuss this but I'd like to verify something.

I'm in the Introductory Networking, Task 6, Question "What switch would you use to specify an interface when using Traceroute?"

I'm using Ubuntu 22..04.1. When I do a 'man traceroute' I don't see the -i switch mention to change the interface. I took a guess at it and got the answer correct though and I'm not sure how/why.

Why isn't this switch documented in the man pages that were displayed to me?

how to update time for events

Can someone help me installing tmux??

there's a lot of stuff in the github idk how to follow along

This channel is only for thm support, such as vpn etc

oh

wait i always get confused so where can i ask for help with something like that?

how do I change from monthly to anualy?

Cancel and wait until its run out.

You'll still have sub benefits until the point it runs out.

Are you sure that FoxyProxy is off? (It's a browser extension used for burp suite most of the time)

Can you access http://10.10.10.10/ over browser while VPN is turned on?

Then you may try this command:
sudo ip link set dev tun0 mtu 1200

No problem

The command simply turns down the maximum amount of data that can be sent across the VPN tunnel. The default value is 1500 and we are turning it down to 1200

why?

It's fine to inquire about the command you just entered

perhaps

tun0 is the interface

you can see the interfaces with the command : ip a

How do I get my certificate to show my name?

I think because the client can't handle too much packets, correct me if I'm wrong

In your profile, fill this

I have done that?

After receiving the mail?

I didnt get any kind of mail ?

Don't you receive the certificate in mail?

nah it downloads

Oh my bad, I don't know how it's updating

after the first time you hit that download button to download said cert the name on it can't be changed..... sorry

guess i will photoshop it then....

or could reset progress on just one module reset the certificate?

just make sure to set the full name variable now so the next cert you get will have the name you want

nope that won't reset the certificate... it is stuck the way it is now

Can the staff fix it?

nope staff can't fix it either

Anyone know if TP Link archer t3u plus have monitor mode and packet injection?
Idk if i should get t2u or t3u

it is a common problem and so far there is no neat solution

https://deviwiki.com/wiki/List_of_Wireless_Adapters_That_Support_Monitor_Mode_and_Packet_Injection

All of these work with kali with drivers for adapter?

What about the whole path ?

you can't reset the generated certs in any way possible... unless you make a new tryhackme account

does this count as a bug bounty haha "You need a check to force name field to be filled to print a damn cert"

Hi Everyone, I'm not able to connect to the AD network even after configuring DNS from Network manager and setting up the VPN in Kali.

Can anyone help me out in this?

is there a way to disable the glitter that rains down whenever you finish a room?
I really, really hate it and the time delay makes it even worse.
I've tried using a cosmetic filter in ublock, but it disabled the whole overlay including the fake pop-up, making it impossible to navigate the page after it is triggered.

question: do anyone else have problems using python3 to connect to the brainstorm machine for the buffer overflow??? shadow gets that it always fails to connect

Can you cat /etc/resolv.conf

And post the out put.

Did you reload the network manager after making changes?

rolls head on keyboard why no wanna connect stupid python

thm vpn troubleshoot script finds no errors...... nc to the ip and port for it works

but somehow python can't connect to the socket

well that is interesting.... rewriting the exploit in python2 on the attackbox and running it from there made it meeping work

Hello, I'm working on the Internal Penetration Testing Challenge but I can't access to internal.thm/blog/wp-login.php as it's resulting to a timeout request. But I can access through <IP>/blog/wp-login.php. I can't login - using the creds found in scanning - or "lost your password" ==> timeout request from either internal.thm/blog/wp-login.php or with the <IP>/blog/wp-login.php. I tried through the attack box and VPN on my host machine with same result. At this point, the internal.thm result in a timeout request. Any help to resolve this? Thanks

I got it sorted out.

Set the method in Network Manager to "DHCP (Addresses only)" it works

you need to add internal.thm to your hosts file

you can use this command for shortcut:
sudo echo "<TargetMachineIP> internal.thm" >> /etc/hosts

Does anyone know to change the country that your account is set too?

https://tryhackme.com/api/user/update-timezone

this

thx <3

(This API will change your country to where you are presently located.)

the supprt on thm website is too slow

You can contact support with email, It should be faster

how long until one's ticket is resolved?

!email

The support ticket is an email.

yeah, the email i received is the same i received when i applied to a job posting on their site. That i will receive a response within 2-3 days. But i guess I am not receiving any response back.. because i never got any response back from their team. Even if suppose the application was rejected, they never replied.

Did you send it to the right address?

Which job posting was it?

Hi there, I am trying to do the "Upload Vulnerabilities Tutorial room" I have set up the hosts file on my attack machine and when I try to enter demo.uploadvulns.thm it redirects me to Rick Astley's video - Never gonna give you up https://www.youtube.com/watch?v=dQw4w9WgXcQ

I have tried to restart the machine but it seems that it is automatically put back, can you take a look at it please, Thank you.

lmao

This is intended behavior - there's a giant red box that says not to actually go to demo.uploadvulns.thm.

the rick rolls strike again

I have to do the room to learn to read. Thanks and sorry

well thankz for the laughs

yo @plush bay in thm can i change/update the discord token cuz i lost the old acc

well yes you can ask a moderator when one of those is around to remove its link to the old account so you can use it on your current one

bet thanks for the second time

Why does the completed room still show in My Rooms tab even when I checkbox the "Hide Completed Room"

could anyone help me out ? its been like this over a week and i've tried everything like refresh, recheck etc? anyone else having the same problem?

yeah the issue is known, you're not the only one. THM is aware 🙂

Aaah oki, I thought I was the only one so i was worried

then its alright!

@chilly pike thanks

Gave +1 Rep to @chilly pike

The buffer overflow 1 room is not giving me "EIP contains normal pattern : ... (offset XXXX)" like it should

anyone else having issues?

changed string length to 400 and everything

Nevermind, the server crashed

Must be problems tonight, bummer

Got it back up, now all the program tiles are out of place

Alright 5th time is a charm. Just have to keep trying, terminated machine and started a new one. Got my EID

*EIP

Any other OSCP courses on THM that explain in more detail what is actually occurring without having to supplement with outside reading?

Good Morning. I'm having trouble with the Metasploit: Exploration room. When I run db_nmap -sV -p- xx.xx.xx.xx on my own kali system it just sits there. but when I do it on the attack box it works fine. Any advice would be appreciated.

@slate geyser

Did you start the machine with the green button?

yes i did

Are you on the attackbox or a vm?

i use my computer because these two are so slow

Windows?

no ubunto

Are you on the vpn?

no i don't have any vpn

!vpn

Go through that room and it will show you how to get on the vpn

This is needed so you can contact the THM machines.

thank you

what should i do after downloading the configuration?

suddenly openvpn path/to/file/filename.ovpn

is that a command that i should run in my terminal?

i keep getting this error after running it in terminal:
Options error: In [CMD-LINE]:1: Error opening configuration file: path/to/file/yousfi.wacime1.ovpn
Use --help for more information.

Are you literally using path/to/file.

Or home/user/Downloads ?

lol i'm a noob dude ^^ , this is my first week in all of this

what is your user name on the system ?

it's Ely_wac

then it should be '''openvpn /home/Ely_wac/Downloads/yousfi.wacime1.ovpn'''

thank you, and after that i'm good to go?

Gave +1 Rep to @neat mural

if you can ping your target box you should be good

on kali you see a new ip on the top right when it connects

test

i'm using ubuntu, and i still can't connect to the ip giving to me on content dicovery path

what do you get when you run ip a

Firefox can’t establish a connection to the server at xx.xx.Xxx.Xxx

are you keeping the terminal open after you run the openvpn command ?

yes

that is the last line:
2023-01-05 09:50:29 Restart pause, 300 second(s)

oh its failing to connect

Are you on an org Internet, or your own?

on my own i guess

yesterday i finished the first path without any vpn i was able to access the adress given to me

On the attackbox?

Or not connecting to a VM?

no not connection to VM

i used my browser

open your open vpn config in a text editor, look for the remote ip on line 6. see if you can ping that ip.

dont include the port at the end

what is supose to happen after doing that?

well you will either be able to ping it or not

64 bytes from xx.xx.xxx.xxx: icmp_seq=74 ttl=41 time=107 ms

alot of these lines one after the other

so it is reachable

and what now?

morocco

try this
cd ~/Downloads
sudo openvpn yousfi.wacime1.ovpn

i guess i close the previous one

if you dont get any errors do
ip a
and see if you have a tun0 interface.

yes

ERROR: Failed to apply push options

ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

Im not sure how to fix that. Have you tried regenerating your VPN config ? or change to another vpn server?

no i didn't

https://tryhackme.com/access

change your server

then regenerate your config

delete the old config you downloaded

download new one

then try it again

a reboot might also help, you never know.

okey thank you ^^

Gave +1 Rep to @neat mural

let me know if you don't win

by simply disconnecting and reconnecting again i will change my server?

no

how can i do that then?

pick a server from the dropdown

don't pick any of the ones with VIP in them

i still can use the vpn

not working?

no

same error

im not sure then

thank you so much for your time any way

Gave +1 Rep to @neat mural

any time. I would recommend using the attack box, or downloading kali live and booting into that from a usb. that's what i do and it works well

i would like to do that, but using the attack box is so slow, is it the same thing if i download kali live?

no if you live boot into kali its like its installed on your system

use rufus to make your bootable usb then you can have persistence.

Hi 🙂 Could you try clicking on "regenerate" and waiting ten minutes before downloading the config file? Sometimes it needs a bit of time to generate fully.

will i loose all my data if i do that?

only the data on the flash drive not your workstation.

and after i live boot into kali will that make me loose my computer data?

no, just make sure you select live boot and not install

okey thank you i will try that before before live booting

Gave +1 Rep to @glacial hound

noted

happy hacking

thank you, to you too

Hello people, I am having trouble with accessing the network for AD enumeration room (https://tryhackme.com/room/adenumeration#). I was progressing normally and everything worked fine then I suddenly got disconnected and I cannot reach the machines anymore, I rebooted my machine to be sure but nothing changed. To be precise, I am connected through the VPN, I added the DNS config as specified in the room's first task (I can see the interface "enumad" has correct DNS server and domain with systemd-resolve --status), I have the route set up, but I cannot even ping the machines... Do you have any idea where the problem could be ?

Can you

cat /etc/resolv.conf ?

search hack.lan
nameserver 127.0.0.53

In the name serve you need to replace that with thr dc.

The*

you mean add a new line like thmdc.za.tryhackme.com 10.200.8.101 ?

You don't need the thmdc

Just

nameserver 10.200.8.101

Place it above 127 etc

So it will be

nameserver 10.200 etc nameserver 127 etc

well isn't this the point of the command systemd-resolve --interface enumad --set-dns $THMDCIP --set-domain za.tryhackme.com given in first task ? Plus I cannot ping the machines, it does not seem to be a DNS pb

Sometimes it doesn't work.

Rarely if even, but it does happen

Is the network running?

Yes, I see in Wireshark the traffic goes to the gateway but there is no answer, the problem seems to come from the network

It is only two votes from resetting btw 🕵️‍♂️

You can reset it every 30 mins or an hour.

Can you link me.

?

https://tryhackme.com/room/adenumeration#

Ah, wrong subnet.

I can't help.

OK thanks for your help anyway 🙂

does it work if you disable your firewall ?

then its not your firewall

have you tried another browser ?

you can also ping 1.1.1.1 and google.com
if you can ping 1.1.1.1 your internet is working if you cant ping google.com your dns isnt working

can you ping google.com ?

it might be messing with your DNS

🥳

might not be on the default port

nmap it

🤣

Using the web based Kali attack box, Foxy Proxy extension seems to be missing now?
I'm trying to do Upload Vulnerabilities room, Task 7: Bypassing Client-side filtering and noticed FoxyProxy is missing now.
Burpsuite also showed a warning the installed version was released over 3 months ago and might need to be updated: running Community v2022.8.5?

I think I can progress using Burp's inbuilt browser, but wasn't sure the BURP Proxy settings to create a manual Proxy profile

I also got stuck there

just dont update burp

Gave +1 Rep to @neat mural

Any time

Happy Hacking

https://tenor.com/view/piano-bruce-almighty-keyboard-keyboard-warrior-fast-typing-gif-3416345

Hey, sorry for the delay. No I am using my host running with Mint

There is but "for Kali" so I ignored it so far. I will try but I did the 5 first task without touching networkmanager

Ok, I did the network manager thing and it works now thanks 🙂

But it works also when I remove it from the Network Manager now haha, I think there was a pb with on the network side

adding dns should not impact ping connectivity

looks like its your AV

if you dont have one installed its windows defenter

Nice

sorry was still looking

✌️

im not sure. I only use windows under duress 🤣

yoo, i've install kali live, do i need always my USB to access it?

yes it lives on the flashdrive

and nothing will be saved i guess

thats why you need to write the iso to the flash with rufus and tick the persistence box

then when you live boot select live boot with persistence

you can also encrypt the persistent volume

if you want

and how ca i do this?

gime a sec

okey

https://devanswers.co/kali-linux-live-usb-persistence-encryption-windows/

this is the link i used

you only need to go up to step 3

the encryption part is optional

nice

and the data will be saved on my USB or on my disk drive?

it will be saved on the usb. I used a 16GB flash , made my partition 8GB

i have a 16GB to, do you think that will be anough?

yes, you just want to save basic things in there for now

like your open vpn config, so you dont have to se it up every time

yep just for tryhackme

thank you so much

is there no way of copying from a windows attack box? when i am in a linux attack box the clipboard thingie appears, but it isnt on the flare vm one

If you click the arrow on the left hand side of the attackbox, it should give you box you can use to interact with the AttackBox clipboard (i.e. you can copy things out of the box into your system clipboard, or copy things from your system clipboard into the AttackBox clipboard).

There isn't one on the windows box. and CTRL+SHIFT+C doesnt work either it seems.

windows box? split view rooms?

Yes

task 17, day 12 advent of cyber malware analysis

Can you check clipboard permissions for the tryhackme website?

it's on ask by default

Are you using google chrome?

Chromium

https://chrome.google.com/webstore/detail/clipboard-permission-mana/ipbhneeanpgkaleihlknhjiaamobkceh

Check this

I will, thanks @tribal mason 🙂

Gave +1 Rep to @tribal mason

Hi, I'm trying to enable 2FA for my account and once the QR is scanned and added to the Google Auth, the code provided not accepted by tryhackme to proceed, Iget the error message "Uh-oh! That authentication code is not valid." and in the network response {"status":"error","message":"Two factor authentication is not enabled!"}

There seems to be another issue in "My Rooms" page where "Hide Completed" check box not functionating

hello team, was playing with a simple ctf (i am a newbie) and was trying to connect to an FTP server and getting this, am i doing something wrong?

L.E. - i see it worked after 5 minutes, i thought it was stuck or something

hello, can someone help me regarding vpn issues? My vpn stopped working. I already tried to switch servers and the issue remains. I ran the troubleshoot script and it redirects me here to the discord support :/

hi 👋 , is this on linux or windows ?

Linux

do you get any errors ?

If you are running it from the terminal you should be able to see them.

I sent you pm

For wifi adapters, do i need to install drivers on both virtual machine with kali and my windows machine for it to support monitor mode or just windows?

https://nooblinux.com/connecting-a-wireless-adapter-to-kali-linux-virtual-machine/
this should hep you

Okay, thanks so much for fast response

Im getting tp link archer t3u plus today and will try to test it

Nice

I didn't like cheaper one everyone is recommending because it so big, well this one is too but its just antenna that is big

it looks minute

maybe you can swap the antenna for a smaller one, to no get noticed...

Yeah it would be little suspicious to have it in public haha

But someone with zero knowledge what this is wouldn't even bother probably

Im not so sure. How often do you see someone out in public with one of those?

Well never really saw one haha

So if you get seen with one youll stand out

Yeah that's true

Is the THM 2FA Working for you guys ?

I tested 2 auth apps but nothing

2fa is released?

works on my end

im using aegis

@tawdry orbit is this currently in A|B testing?

@bronze vale Do you know?

Hey, could you please send us an email to support@tryhackme.com, or create a ticket through the THM chatbot with as many details as possible (Username, auth app, environment, etc..)?

Not that I'm aware of 🙂

Ah, are you able to tell me where I'd find it?

Oh, I've found it.

I noticed that the "Hide Completed" option doesn't seem to be functioning on /rooms anymore, it only works on /hacktivities?tab=search (at least for me, today)

if i change pages then toggle it, it just sends me back to the first page

it's a known bug which is being worked on

ok thank you

Thanks for the quick reply just let me test a little bit more to see if i did something wrong

Gave +1 Rep to @glacial hound

How can I verify in this server ?

!docs verify

follow the link 😄

Thank you so much sir!!!

not a sir

Hi support team, I recently have an issue

Hydra runs extremely slow on attackbox. I can only check around 60 possible passwords per min...

Is it normal like that? What are the workarounds?

in discord says that im 0x7

but i am 0x8

can i update saying something to the bot?

The bot takes up to 24 hours to update itself, but you can force it by reverifying

thank you sir.

just !verify?

thats it?

With your token

alright

thank you sir.

Same command as the first time you verified

kyooty one more thing

when i click on ppls in discord they have few thing on it

kind of certificate i dont know

what can i get that?

how*

can i get that

If you have a certification that you would like to get as a role, then if a mod is in the chat (usually #general ) you can ask them nicely to add the role

ah thank you sir.

You're welcome

@chilly pike can help you, she is around right now

May I DM you Zeero?

yes sir

thx @pastel tinsel 👍

Gave +1 Rep to @pastel tinsel

No worries

i cant reset my password and need help

the system dopesnt send me the link for the reset... 😕

did you check your spam folders etc?

sure 😉

nothing

maybe it is a problem with gmx?!

After i press "Start Machine" i'm trying to start the attack-box and getting "Uh-Oh! You can only deploy a maximum of 3 machines at a time".
Tried the other way around but then i can't press "Start Machine" for the same reason.
Didn't happen before.

maybe you still have a machine running from a previous room?

I thought about it.. but i can't see it o_0

how long since you did a room ?

a little less than 2 hours 😦

you might need to wait for the other sessions to time out then

yeah i figured 😦

sorry I cant be more help

https://tryhackme.com/api/vm/running

Might be too late, but that link will let you see which machine are active.

Thanks! will be useful if i repeat the same mistake 😄

Gave +1 Rep to @weary spindle

Can anyone please help resolve this issue? I am trying to do 'Upload Vulnerabilities', but I cannot get the Task 1 setup to work. I am using Kali Linux VirtualBox, my openvpn connection is fine, I have disabled my personal vpn. I navigate to /etc/ and use sudo nano hosts to edit the hosts file, and add the required line with the correct IP for the machine and overwrite it. Apparently at this stage I should have access to the server but I am still met with the 'Please read instruction in task one' screen. Am I missing something?

send a picture of hosts file

Solved my problem, thanks!

Gave +1 Rep to @cobalt crown

hi. can anyone help me? I need enter with ssh, but My Machine and Intro to Offensive Security's servers doesn't show the IP.
My Machine shows the user and password, but the room intro doesn't show anything.

Could you show a screenshot ?

I can see the IP just fine?
Beside that, the target machine is already opened in split view and you don't need more than that target machine to solve the task

It tells you the error

I think that this &; is problem

If you need to set MTU every time you connect to the VPN, you can edit the file.ovpn file and put tun-mtu 1200 in it.

Try and just put it down on the other line and not use ; or & &

I need login with PuTTY ssh client because I am blind, and nvda doesn't read the web based terminal.

Remove &;

Oh okay, well I'm not sure if there is even ssh set up for that target machine

Have to go afk for about 10 - 15 mins then I'll check

Glad it worked, have fun hacking

Gave +1 Rep to @tribal mason

Yes, then just add & and not &;

so, what is the solution?

+rep @pastel tinsel

Gave +1 Rep to @pastel tinsel

You're welcome

Though remember with removing the line of setting mtu from your script, if you regenerate your VPN you have to manually add it to the config again

Give me a second and I'll make something for you

#!/bin/bash

if grep -Fxq "tun-mtu 1200" /home/kali/Downloads/*.ovpn
then 
    true
else
   sed -i '1 i\tun-mtu 1200' /home/kali/Downloads/*.ovpn
fi 
sudo openvpn /home/kali/Downloads/*.ovpn &

This should make the first line of the file the correct mtu in the config, and then start 😄
Please try it out and tell if it works or not 😄

@daring aurora

Do you have your own attacking machine with all the necessary tools for that task? Like gobuster?

Because if so, I can send you the wordlist that you need for that task via DM, then you can just do the task from your own machine and using the target machine IP instead of "fakebank.com"

Gave +1 Rep to @pastel tinsel

Hey everyone, does anyone know why i'm not able to catch any communication in the attack box. I did a few rooms and every time I neede to open a listening server to catch something, it never catches it. Am I doing something wrong? Dio I need to use VPN or anything? The "netcat -vlnp port_number" never works

Hard to tell without seeing what exactly you are doing, so you might want to verify in order to be able to send screenshots, then show what you are doing exactly

!docs verify

Thanks!

Gave +1 Rep to @crystal marlin

Is this a normal? the [0.0.0.0] feels like it should't be there

That's perfectly fine like that, means it's listening for an incoming connection

The 0.0.0.0 is there to tell that it's listening for all ip adreesses and not a specific ip

So when I do a basic curl command- in specific I did it in this room- https://tryhackme.com/room/rrootme
I tried the curl with a file (reverse shell) I uploaded to the website, and the listening server caught nothing

When you check the uploads directory, is your shell file even there?

Yes

So what's the output you get if you try to open it in your browser?

WARNING: Failed to daemonise. This is quite common and not fatal. No route to host (113)

Looks like you put the wrong IP in there

I tried to put in my IP in the php file and the target IP

So more like a typo

both gave the same error

Well the current IP in your screenshot is neither the attackbox nor the target machine

Oh I see, I re-do in a sec

Ok, the curl command works

But the listening server didn't catch anything

🤷‍♂️

So what IP is in your rev shell file now?

And what is the output you get in the browser when trying to open the new rev shell

The same IP that is written in the top of my terminal, which is mine if im not mistaken lol

Thanks for helping btw 🙂

Gave +1 Rep to @crystal marlin

I wouldn't change the ending to php56, rather than changing the filename itself, not sure if the webserver will interpret that extension correctly

Also you might want to get a fresh rev-shell file, maybe you messed up the beginning of the file somehow

A fresh file should fix that

I have to change the php as the webserver blocks php files, I tried 5 and also didn't work.|
I looked in the answers and they did exactly that (tried also yestersday but it didn't work).

Maybe I skipped something basic that I have to do when working with the attack box and a listening server?

VPN or something

Yes, as I said, leave it with php5 instead of changing to php56

No, other than that you had the wrong IP in the file as well as your rev shell file might be messed up somehow, there is nothing wrong

Ok, I'll try again with a fresh start

thanks!

It works!

Thank yoouuu

Cool, gz 🙂

So what could've been the problem?

Much appericiated

appreciated*

Wrong IP, extension php56 maybe not appreciated by the webserver, or your rev shell file has been messed up

Other than that, I think everything was fine

yes, but what about the other tasks?

You mean other rooms?

Hi ,, I want to ask how can I get touch with the finance teams of tryhackme

I couldn't find an email

Is there an issue with your payment or something?

yes

You can email support from here

can I DM you?

I'm not a staff, neither moderator

Thank you

Thank you again

Gave +1 Rep to @tribal mason

No problem

Guys i have a question related to the connection to the tryhackme network via open vpn. I saw a lot of posts over the past year from people advising in securing or hardening your host machine or vm to prevent other users that could potentially "attack" you via the tryhackme network.

Today i saw a post on reddit with a guy linking a script that prevents incoming connection from anything excepting tryhackme machines.

I understand in general how it works, but could somebody more experienced and preferably from the team share more insight about this and if some actions are actually needed from the users etc

I can't seem to get the dns for the LateralMovement network to.. well work. I've tried using the networkmanager GUI, nmcli and at one point modifying /etc/resolv.conf manually and have not been able to connect to the distributor. I've restarted NetworkManager and NetworkManager.service, /etc/resolv.conf did update off the nmcli or GUI edit so I think that's progress, but I still can't connect to the site. I am on the openvpn network for Lateralmovement, I can ping the DC server, I just can't get the DNS working. I have not tried to add the domain to /etc/hosts which I'll try now as a last ditch effort. Edit: Just realized /etc/hosts won't work because there's no IP for the distributor x.x

System info: Kali Linux VM (My own, not THM's)

Format of things tried:
-NetworkManager GUI
-NMCLI con mod <connection id> ipv4.dns "1.1.1.1 <THMDCIP>" (I used the IP, not the words)
-sudo chattr -i /etc/resolv.conf -> sudo vim /etc/resolv.conf -> adding `nameserver <THMDC IP> -> :wq -> sudo chattr +i /etc/resolv.conf -> sudo systemctl restart NetworkManager (Which I think undoes what I did and loads the gui/cli settings from before)

Solved my issue: The DC IP was not above the tunnel's IP in /etc/resolv.conf as Munra showed in his message
#lateral-movement-and-pivoting message

Heyho, is the challenge Bounty Hacker working as inteded? The FTP seems to be in passive mode while the writeups i peaked seemed to had an active ftp?

Try typing either passive or active

Hardening could be a good idea, there has been some users, although the number is low, have banned due to this.

Think about what the risk is. What ports are open on your VPN-connected machine? Is it bare metal or a guest? Do a risk assessment for what you think the actual security topology of your devices is before you run down the rabbit hole of achieving security

I just use a dedicated VM for THM.

If anyone hacks in what they going to find? documents, files, hashes etc related to THM.

Thanks guys, yeah thought kind of the same, i use a VM also, delete is at a click distance don't see what could be achieved if compromised, wondering more about the possibility of pivoting from it on the network but not that well versed into this unfortunately, will inform myself more about the subject.

Gave +1 Rep to @weary spindle

Your VM should be operating in a NAT network mode, not bridged, if that is a concern.

It is in NAT but didn't know if it's enough.

wait tun0 is in down mode???

not running

jordan