#site-support

Thanks @crystal marlin

Gave +1 Rep to @crystal marlin

Hi guys

I've received a referral link from my friend

Got the voucher, but when I want to redeem it, it shows that it is invalid

are you entering the voucher in the correct place?

If you go to profile, then Subscribe select the use voucher option.

I've tried that

still, voucher code is not valid

You may need to reach out to support in this case, which is a 6-8 day response time.

!email

Damn

that's quite a time, I guess I'll just buy it at regular price

I am on that ADHD hyperfixation stage and it would be a suicide to wait a week, lol

Is there a way to buy it, write a ticked and have the $5 deducted for the next month?

If I decide to continue subscription?

I can't say for certain, this would be in the domain for TryHackMe Staff to answer.

:/

Aight

Thanks for your help!

Are you a student?

Yeah

!docs student

🙂

You're eligible for the student discount.

In case I finish my uni, can I later switch my e-mail?

so I don't bind the account to my school credentials*

Yeah.

You just log in to your profile and change it here

Cool!
So in that regard, my xxxyyy@edu.cdv.pl e-mail would do the trick, yeah?

It should do.

Awesome

I'll get you a beer sometime in a future :p

nah, not working

You may need to reach out to support for that too, some E-mails don't work first time, and can be done manually by THM

Hello , the THM vpn does not work on linux !!!

!docs verify

Can you verify and provide screenshots please

That's the problema, I have canceled VIP suscription several months ago, but I am still being charged through Paypal

hi , anyone can help how to convert eu from usd

Can't you use google?

lmao

Hello again, i have another question! I'm trying to exploit Telnet as the part "Exploiting Telnet" asks, but without any luck. So the command to type in the terminal should be "telnet [ip] [port]" so i type "telnet [ip]" and the for port i type "8012" because that's what a guy typed in a youtube video regarding this chapter on THM. I get the error message "telnet: Unable to connect to remote host: Connection refused". I am connected via OpenVPN to one of the VMs

Are you using the correct ip?

yes double checked it

Can I have the ip please?

Ofc 1 sec

10.8.160.4

Wrong IP. 🙂

That's your tun0

As in yours.

#room-help if this doesn't solve it, please

Is that the room i ask these kind of questions?

for room specific stuff, yes

Okey thanks

if it's a brand new released room, there's a category for RECENT RELEASES HELP

Got it!

Hello, please your kind help

You'll need to contact support.

!email

In the recent TryHackMe Email survey, when asking how someone discovered THM, one Option is "TickTock" instead of TikTok. I think its not a major issue but just wanted to let you know 🙂

Best way to report typos?

#room-bugs l

thank

Gave +1 Rep to @weary spindle

guys, i used the !verify but doesnt seem like it did anything...

DM the bot 🙂 @sour comet

yeah, i did it with him

but have no response

hello i wanted to know who i can contact to get back into my account. my username is unowkn1 with a itachi pfp

is that tryhackme account

I cant reach za.tryhackme.com even though I have restarted the machine and configured correctly the DNS (im using attackbox)

Yes

https://tryhackme.com/room/lateralmovementandpivoting

idk man try password resetting

maybe its about "/etc/hosts" ?

nah it's not

its weird

Tried it but never got a email

did you tried contact to support of tryhackme ?

I think the machine need to be restarted

oh ya

well it hould help a lot if someone just voted for restart

What the email

I tried to text them off discord

to tryhackme admins ?

someone...!

Yes

i dont have a idea man

!email

Thank you hopefully I can get back in

Gave +1 Rep to @chilly pike

Has anyone had difficulty establishing a remote connection through RDP using OpenVPN 3.4.1? I seem to be able to connect with 3.3.7 but not with 3.4.1. I get as far as entering the hostname and password, but then this error pops up:

Your remote desktop services session has ended, probably for one of the following reasons:

The administrator has ended the session.

An error occurred while the connection was being established.

A network problem occurred.

For help solving the problem, see "Remote Desktop" in Help and Support.

hey i am facing error in openvpn while connecting

DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.

Have you tried the troubleshooting script?

!vpnscript

its asking path i dont know which path should i give

The path where you saved the script

check dm bro pls

[Warning!] Connection process is taking longer than expected to complete
[-] Failed to connect
Failure to connect to the VPN can usually be solved by one of the following options:
-Regenerating your OpenVPN config on the TryHackMe access page (https://tryhackme.com/access)
-Switching servers, then regenerating your OpenVPN config
-Checking your system time. If your system time is incorrect then this can cause issues with the authentication process
If none of these methods work, please ask for further assistance in the TryHackMe Discord server, subreddit or forums.
[-] Exiting

again error bro

Which server are you using?

i tried every server when i got error

Which country do you live on?

Are you on your home network?

in

INDIA

yes bro home network

how to remove existing token

You'll need to contact a mod..

Can you verify and share screenshots please?

!docs verify

hi im trying to continue the lessons but it keeps saying that i have reached the maximum of three rooms is there a link i can use to shut down these rooms?

https://tryhackme.com/api/vm/running

This link will show you which machines you're running.

ty

Hello, I've had a ticket that's been open for two weeks be closed out due to it being "resolved". This is not true, I'm still encountering a bug where I am unable to access the "Lateral Movement and Pivoting Room". I have tried on multiple browsers, devices, cleared my cache, and confirmed it's accessible on another account. This confirms an issue with my account accessing the room. I am a premium subscriber.

Room: https://tryhackme.com/room/lateralmovementandpivoting

It won't be an account issue.

You'd need to tell us what you have tried, and what doesn't work for us to assist you better.

By us, I mean users of the DIscord, not official support from TryHackMe.

I've click "Join Room", confirmed it's in my "My Rooms" section of my profile as accessed, but also confirmed the "Join Room" button still appears and none of the content is accessible due to not "Joining the Room". I logged into my brothers account on my same browser and joined on his profile and it worked. Relogged back to mine and the problem still persists. I've tried on Chrome, Brave, Edge, and Safari. Tried in a VM and multiple OS distros, problem still persists. I'm unable to leave the room even though it shows I've joined it in my "My Rooms" tab.

Do you have a streak of > than 7?

Yes, I'm subscriber either way it should work.

Any idea what the issue might be?

Can you verify and take a screenshot?

!docs verify

check dm bro

I am on the advent of Cyber 2022 room, but the attackbox which I am using is very slow and the split screen view is also a problem.
I have connected the tryhackme server via openvpn.
But the I don't know how to download the file from the rooms. for example the Urgent.:eml file in the attackbox

I want to access those files from my system.

Check Linux fundamentals 2 or 3.

That will show you a way.

You're doing the steps right.

Now just take what you done in the room, and apply it to the attackbox

i figured out that the openssh server was not installed in my vm, but then after starting the service.
i was able to connect to the ip but the password given is incorrect, as you can see in the figure given.

You can get the attackbox password from pressing the i

Sir what is "i"

#general message

okay but since i am not a subscriber i wont be able to deploy it.(i have already deployed it)

when you hover over the icon it says what it is, like you want to be a hacker? click on buttons and see what it does

ok sir

not a sir

i know p5js, its fun

i have connected it

ok @distant citrus

isnt that the name you are going for?

now, since that i connected, should i use a new tab to access it?

idk what to say...

how do I run other command after this, in new line

It is stuck over here

It is getting feezed at this point, I am unable to proceed further

https://superuser.com/questions/875646/terminal-hang-after-entering-login-ssh-password-on-server-did-i-just-got-hacked
this is what i am facing

@boreal swallow where was the Linux fundamentals?

And what do they teach?

What do you mean?

I don't get you, i am trying to connect using my Linux system which ran into these issues

I too want to learn the fundamentals of Linux

Where is it?

https://tryhackme.com/room/linuxfundamentalspart1

Anyone please help me with this.

Is it the correct host or target IP?

sudo ip link set dev tun0 mtu 1200

Try that command whilst your vpn is running.

This will lower the maximum packet size.

Yes, it is

Ok I will give it a try

it finally worked, thank you @weary spindle

Gave +1 Rep to @weary spindle

should we also do the same for tun1 ?

...you shouldn't have a tun1.

That could also be giving you issues.

sudo killall openvpn

Then re connect once.

ok

done

I don't know for some reason my vm getting crashed, even after doing ssh there are some glitches

@weary spindle any help with that

I text the support at the website 3 days ago, I have no idea if the recieve anything, do they have a ticket system?

We have a 7 day wait time

Hi, I didn't get an invoice for July, how can I request one? - The message functionality on the website is useless.

You can request one from supprt, (check your spam)

!email

Hello Sir , Sir I am not able to connect to the openssh from my kali linux vmware i have trying from last 45 minutes but not able to connect kindly help me out

@sharp bison

What are you connecting to?

i have connected the ovpn file and connection is generated but the command ssh tryhackme@0.0.0.0 is not working

0.0.0.0 is just an example

like i am not able to connect the room address at my kali linux

can u help me out ???

!docs verify

Cna you verify and shar esxreenshots please

Hello I have similar issue

But can’t share screenshots I don’t think the server would let me

Hello, i'm trying to do the Wreath Module. I began a few weeks ago, but now i need to reset my openvpn configuration.
I tried to regenerate and download it. But i get a 0kb file Nameofthefile.ovpn . I tried to download it on my VM and on my local computer but i have the same file. (0 kb) Can someone help me please ?

!docs verify

Please follow the link.

Can you regenerate it?

Hi, i have a little bug i thinks. I do "Jr Penetration Tester" and i am in the chapter "content discovery" dans in task 2 i got a bug with le link, some one can halp me?

What's the bug?

when a click on the link i can't find a page

Which link?

yess

Vm or attackbox?

i think vm but i'm not sure

it's in learn path

Are you using your own vm?

!docs verify

Follow the link 🙂

i use mine

!vpn

Are you connected to the vpn?

nop

I need to connect to a vpn to do the lesson?

If you're not using the attackbox, yes.

oh, i use the attackbox because i start it in the task 1

Hello thanks for your help :
Same result unfortunately

Gave +1 Rep to @weary spindle

Thank you

Gave +1 Rep to @weary spindle

Are you also, on the VPN?

This was what I meant earlier on @weary spindle

Yes

It works perfectly on attack box but not on my machine. Same code btw

which room are you doing, sorry?

Is that IP correct?

I can't ping it.

That’s was earlier

Let me restart

Linux priv escalation

Same issue

Can you share a screenshot?

No, thats working?

Aaah! Did you background the OpenVPN process?

It's supposed to get stuck there

Please don't use that word here 🙂

ty for the help

Openvpn is running on background

Is that what you mean ?
I don’t really understand your statement

Leave it on the foreground

Backgrounding the process will stop it, open a new terminal window 🙂

Ok

Thanks I’ll try that

Ca you help me please ?

After regenerate i still have a 0kb file

Whcih subnet are you on for wreath?

10.200.81.XX ?

Can you try leaving the room for 10 mins?

How ?

Press the cog on the top right

Oh sorry, i didnt know : Done

Wait 10 min(s) and re-join the room please 🙂

Has anyone had success with OpenVPN on a 10.10.x.x home network? The config file is automatically writing a /16 route when I connect

Your tun0 is 10.10.xxx.xxx ?

Yes, but so is my eth0 so I'm having issues loading any webpages in the labs and I obviously can't connect to the internet either.

Are you on the attackbox?

No, I'm using a parrotOS install on virtualbox. Sorry, I misspoke. My tun0 is 10.6.x.x but the route applied was 10.10.x.x via 10.6.0.1

Yeah, that's fine, which room are you doing?

I've had the issue with all the rooms. I can look the other way for not having internet access in the VM but when it takes upward of 30 seconds to load a webpage it becomes frustrating

The vpn doesn't have an impact on your browsing.

It just creates a tunnel.

I understand that but what would you suggest is the issue then? I can curl the webpage and it displays instantly but when I type it into the browser the status hangs on getting the googlefonts api

Can you verify and share a screenshot?

!docs verify

Sure, what exactly do you want in the screenshot

A picture. 🙂

sudo ip link set dev tun0 mtu 1200

Can you try that command in a temrinal please.

And then re-try the webpage please

Still the same

Can you do ip a s please

Why is your ENPOS 10.xxx ?

idk that was the DHCP assignment

It's a strange one at that.

Agreed but I just verified that I get the same subnet when I open my Kali VM. This is a clean install of the OVA from parrotsec so I haven't modified anything yet

Are you using virtualbox, sorry?

Yes

IS that within your own DHCP rules?

No, I'm using NAT

whats about the box is asking me to update? when i clicked update, it asked me for a password

If it's a THM box, just ignore it.

ye, the THM box, okay thank you

Gave +1 Rep to @weary spindle

I’m still getting same error

Can you do ip a s ?

sudo ip link set dev tun0 mtu 1200

Can you try that in a terminal, then re-try

You might need to look up how to get virtualbox to not do that

I'm not sure.

It’s not virtual box

Hahaha

It works

😭😭😭

Thank you

That reply wasn;t for you.

MTU lowers the maximum packet size that is being sent.

So the code I typed was to increase the packet size or?

decrease. 🙂

Thank you 🙏

I'll look into it. Thanks for your help

Gave +1 Rep to @weary spindle

hi, what can i do if my Internal Virtual IP Address 10.8.. is different than my linux machine address 10.10.. and mask is 255.255.0.0 so they are not in the same subnet?

Nothing. This is normal. The VPN server routes your 10.8 to the 10.10

so why i cant connect with ssh "ssh: connect to host 10.8.161.102 port 22: Connection refused"?

because you're trying to connect to a device (presumably yours) (10.8.161.102) and it looks like there isn't a SSH service running

you're not connecting to the vulnerable/target machines which resides on the 10.10.x.x

that is what you need to ssh into (if you're supposed to ssh that is)

all the machines deployed in a room reside on 10.10 anything outside of that is a device/client on the VPN

okey, thanks 😄

no problem 🙂

It works thank you very much

Gave +1 Rep to @weary spindle

Gave +1 Rep to @weary spindle

Sorry for the late reply, been caught up with work. Here are the screenshots as requested. Again, I'm unable to join the "Lateral Movement and Pivoting Room". It shows up in my "My Rooms" tab as if I am enrolled, but when I enter the room itself I'm unable to proceed with the learning material.

hello i am having a problem with doing the tryhackme openvpn with my kali linux i tried looking for help but i couldnt find any for my problem

2023-08-24 04:08:55 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-08-24 04:08:55 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-08-24 04:08:55 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-08-24 04:08:55 DCO version: N/A
2023-08-24 04:08:55 OpenSSL: error:0480006C:PEM routines::no start line
2023-08-24 04:08:55 OpenSSL: error:0A080009:SSL routines::PEM lib
2023-08-24 04:08:55 Cannot load inline certificate file
2023-08-24 04:08:55 Exiting due to fatal error ```

What syntax are you using to load the file?

Which country are you in?

Are you on your home network?

im downloading it from my kali linux firefox

im in lebanon

yes i am on my home network

and im new to all of this trying to learn a new thing

Are you doing sudo openvpn file.ovpn ?

ofv

ofc*

sudo openvpn IDK1211.ovpn

Which server are you using?

eu

eu 3

Try Eu reg 1 🙂

alright thanks man @weary spindle

Gave +1 Rep to @weary spindle

well it worked thanks

Excellent, happy hacking.

Title: Further Nmap

Setup: I connected using openVPN to the tryhackme server with the configuration file given. I used superuser privileges to set up the connection, which was successful. I have the openVPN session running to keep the connection active. Tryhackme identified me as "Connected" and both the IP on the website and the IP of the server I've connected to with OpenVPN are matching. I am able to ping the IP shown on the website

Issue: In Furhter Nmap room I've starting the active machine with IP of 10.10.1.56. This is where my problems start. Trying to enter the http://10.10.1.56 ends up with IIS Windows Server webpage instead of OpenVPN or Tryhackme page that indicates that I am able to reach to the machine. Pinging it does not work. Running any scan against it does not work either for I am unable to reach it. I am not sure exactly what I am doing wrong for I was trying to follow the instructions (maybe I botched that somewhere?)

Could it be that I am on a wrong subnet?

You can't ping a windows Machine.

The that loads up with the IP is intentional.

so I am able to reach it? it just is a windows machine with default windows server page? damn.

Yeah, all you have do it answer the questions with nmap.

gotcha. thanks

Is the openvpn connection timeout issue somewhat common?

No?

So I seem to have an issue with openvpn then, i already looked too make sure the openvpn profile had the data-ciphers entry but I am still getting this error.

Ah, you're on Windows?

Yes sir i am right now. Currently a new build a few days old so no linux vm yet.

I wouldn't suggest placing your host on the THM network.

Although we're all friendly ethical hackers, there will still be a small % who'd maybe just mess around with you as a joke.

Seems fair, I will just try to use the Attack Box for now then. Thank you

I have an old thm account linked to this discord account, how can I change the old token linked to this account for the new one?

Is it possible to connect to the virtual machine using a VNC client? The browser is messing up badly on my mobile setup and I really want to use THM on the go. Tried connecting to it using the IP displayed on the client when setting up the machine but that times out every time
I am connected to the openVPN, so that's not the case

what happen if i do ssh and then connect to ip without writing the tryhackme

i dont understand attackbox how do I know if I am connected when i use the machine in browser

Hello there
I have 357 day streak but i dont have the badge yet ,🤔🤔

you are expert

Don’t be rude, this is your second intervention from me today

!email

Is there like a "special" badge or certificate that users get when they finish all learning paths? 🙂

If not, I think that would be a nice little motivation for someone to complete them. 🙂

You get certificates after completing learning paths

I know 😊

hello guys.I have completed 35 % of breaching active directory in tryhackme but now i can't join this room for complete all tasks, although i click 'join room' . who can help me?

Think they mean one that says they have completed ALL learning paths

he is expert after 1 year

is it possible to get the certificates with the realname insteat of the username?

Not after you have generated them.

???

ok good to know, dont remembered that i had to choose 😄

I completed a certification last year but new content has been added. If I complete the new content, will my certification be updated to the current date?

How do I change my location on my public profile? Apparently I’m at the other side of the world!

I can't connect to OpenVPN for some reason

2023-08-25 19:53:34 Note: cipher 'BF-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-08-25 19:53:34 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-08-25 19:53:34 library versions: OpenSSL 3.0.10 1 Aug 2023, LZO 2.10
2023-08-25 19:53:34 DCO version: N/A
2023-08-25 19:53:34 OpenSSL: error:0480006C:PEM routines::no start line
2023-08-25 19:53:34 OpenSSL: error:0A080009:SSL routines::PEM lib
2023-08-25 19:53:34 Cannot load inline certificate file
2023-08-25 19:53:34 Exiting due to fatal error```

it's telling me to add BF-CBC to my file but it's not working even after adding those :

what vpn server have you choosen and are using???

there has been some problems with one of the EU-reg vpn servers

EU-Regular-3

try changing vpn server... regenerating the config.. wait 3-5 mins and download the new one... and see if that fixes it

your local tryhackme vpn ip might change if you do this but that is still better then not being able to access anything

Yes I tried Eu1

it's working thanks

no problem

i am not able to connect with the tryhackme machines at my kali linux

can anyone help me out

Maybe you could verify your account and send a screenshot?

!docs verify

what command you run and what is output

firstly connected the vpn file of tryhackme with my kali

after that going wiith ssh step providing me difficulties

!docs verify

so you can post pics

as you can see here it is showing the problem of not getting connected

permission is denied again n again , whyyy ???

that ip is that some room or ?

dvwa room

link it here pls

https://tryhackme.com/room/dvwa

if you type that ip in browser do you get dvwa website?

Yeah it doesn't look like you SSH into that machine at all, just deal with the website like ralexander87 said

as i can say that is correct. no ssh into. just pure hacking

nopesss.............

is you THM vpn running ?

meanning are you connected to thm vpn

yess

now it works...

i have tried earlier too but it was not working.......

then you just start hacking

thanks mate for your support and time

happy hacking

Hi frens, I'm not sure if this is the best channel to post this. I'm new to infosec in general but I am a developer so I have a lot of computer experience. My personal computer is an M1 MBA, what is the best approach to getting access to kali to use tryhackme? Docker, UTM or VMWare Fusion?

Docker comes with some drawbacks, mainly networking related. I personally use Vbox and have used VMware in the past. In my experience, VMs are the most convenient solution. You have separate networking but are limited in performance as you share resources within your host OS. A good trade off if you have a decent system.

Hi guys!
I am trying to access websites in ACME it support in content discovery module. They doesn's really seem to work.

I am subscribed to premium if it changes anything.

Did you start the correct machine?

Yup, I've stared it with the green button

are you going to http://10.10.xxx.xxx/ ?

Hello, I'm having trouble accessing the website mentioned in the room using my own browser in the adjacent tab. Any idea why this might be happening? Could it be necessary to configure a proxy to access the site?

Are you on the VPN?

yeah i just used the openvpn from the THM

And are you going to http://10.10.xxx.xxx/ ?

yeah

What happens?

Can you verify and take screenshots?

!docs verify

i cannot send the sc here

follow the link that scrubz sent, it'll show you how to verify so you can send sc's here

okay got it, i am very new this space and learning cyber security from THM.

My actual problem is: i want to access the website in my new tab from the browser but i cannot access

you were using the AttackBox ?

No, i can access from there but i want to access the site in next tab of my browser

is this only accessible from attackbox?

i reported issues in General previously today

my streak remains at 53, i signed in, did Intro to Containerization task 3 and my streak did not change to 54.

• i tried shift + F5
• i refreshed the page numerous times
• i logged out/in again

i would try AttackBox. the VPN is # 1 problem people have

you need to either use the attackbox or be connected to the vpn for most stuff on tryhackme

I used OpenVPN but using attackbox makes the screen split which i dont want. I can barely see the full information from attackbox's browser. I have seen some dude accessing the site in the diffferent tab.

well you can exit split view mode for the attackbox and have it in its own tab so that is an option

but weird if even with the vpn it is failing

you can open the attackbox into a new browser window

look at the buttons on the bottom

Thanks for the help but what i want to say is that i have been using it the way you said but isn't it the time consuming for accessing the challenge site. copying the site and pasting it to the clipboard of Attackbox and again pasting it to the browser of attackbox. I just wanted to access directly from the same browser but on the next tab.

Gave +1 Rep to @plush bay

not much shadow can do now then ¯_(ツ)_/¯

maybe possibly the vpn script but not much else

!vpnscript

okay thank you @plush bay for the help. Appreciate your time and effort.

no problem

Hey guys, i am struggling with this issue please help

sudo openvpn Evimerow.ovpn 12.7s  Sat 26 Aug 2023 05:49:07 PM EDT
2023-08-26 17:49:37 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-08-26 17:49:37 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-08-26 17:49:37 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-08-26 17:49:37 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-08-26 17:49:37 DCO version: N/A
2023-08-26 17:49:37 OpenSSL: error:0480006C:PEM routines::no start line
2023-08-26 17:49:37 OpenSSL: error:0A080009:SSL routines::PEM lib
2023-08-26 17:49:37 Cannot load inline certificate file
2023-08-26 17:49:37 Exiting due to fatal error

Regenerate your ovpn profile, wait a few minutes, and re-download it

I have done that, it still does't work

Which server are you using?

Which country are you in?

^ ?

I am trying to play introduction to burpsuite room I have gone through on Task 13 when I try to browse http://my-machine-ip I get 405 I can’t see anything on Response from Target therefore not able to proceed

You're using the wrong ip.

hey guys
wifi is not working in parrot but adapter RTL8187 is dected

hey guys, in the data exfiltration room, task 6 it says:

In a typical real-world scenario, an attacker controls a web server in the cloud somewhere on the Internet. An agent or command is executed from a compromised machine to send the data outside the compromised machine's network over the Internet into the webserver. Then an attacker can log in to a web server to get the data, as shown in the following figure.

and then shows the following figure:

in the command prompt of the image, its written curl http://web.thm.com --data "file=<Content>". But doesn't that command send a GET request to web.thm.com? And shouldn't there be a -X POST in there?

i'd say u'r right

curl defaults to a post request when you use the --data flag. add -v (verbose) to the command and you'll see that curl is making a post request

Oh alright, thanks!

Gave +1 Rep to @shy jungle

I hit the 3 machine limit, but I don't know where all the machines are that I started. is there somewhere I can find a list of running machines? Or do I just have to wait for them to terminate by themselves? In one room I started a machine, and then a later task required another machine, so I started the second one. Now I don't see a way to terminate the first machine.

https://tryhackme.com/api/vm/running

Use this link. 🙂

cool, thanks for the link.

Gave +1 Rep to @weary spindle

Hi,

Is there a way to change what is being displayed on the badge ?

I mean it displays my username but not my name.

I thought I might be missing a setting like "show name on badge" but couldn't find it 🙂

No, all badges show your username.

I'm having issues signing in all of a sudden. It says email or password is incorrect. I click the link to change my password and I never get an reset password email. Can any site admin help? I've emailed THM directly and no response...

You'll need to wait for THM to reply.

Big sad:

i have the same issue ^

503 Service Temporarily Unavailable

I am having the same issue as well.

same

same ^^^

i was just about to send out a ping to alert the admins of the issue

@sharp bear not sure who to reach out to but tryhackme.com is down

Hello hello, we are aware of the issue and looking into it. 🙂

kk

👌

hope it comes back before my streak resets!

Hi, please note that I am experiencing this from within Australia, tried from multiple devices and from various networks for the past two hours and all to noavail

am flagging this in the hope the access for Australia is restored so we don't lose our streaks

#announcements

#site-support The website appears to be down.

Same!

Ya website down

Same

will this cause a streak loss 😭

No just email their support and they can return your streak

Any update when the website will be up again?

@upbeat vault Providing god tier information yet again 🙏

i

hi

the site is down

we're waiting

i'm guessing it'll be up in a few minutes
Edit: it was not

what to do now to feed the addiction?!

small steps, it's now showing "503 Service Temporarily Unavailable" 🙂

for me it's been alternating between the cloudflare page and the 503

life has no meaning now. i might have to resort to... going outside

😴 😴 😴 😴 😴 😴 😴

streaks dying, streaks dying everywhere........

recovered👍

what are windows machine credentials

it should be told on the page

if not, please try and restart your machine

i gonna restart it, was working but then become blank and password didnt work

oke now it work

Is there any chance of getting my streak restored? I lost it because the site was down while I was studying.

if you email support they will reset it for you

!email

Thanks

how can i change my username on the site?

!email

Need to contact support, who will be busy, I'd expect around 6-9 day(s) [This is just a rough guess].

It's okay, thanks!

Gave +1 Rep to @weary spindle

Is the "Complete Beginner" learning path outdated?

I'm asking because It's not included in Learn > Learning Paths

It was supposed to be, but they reversed the decisison, and was turned off for A|B testing.

I see 👍 Should I finish it? I'm still a noob

Of course! 😄

Hi guys, I need some help, I am using the OpenVPN to connect to the TryHackMe network, after connecting I am able to access the machine through the terminal with many of the tools, but when I try access the web site running on the machine using curl or wget or ffuf, etc. It takes too much time to response and while using the browser the website is not at all accessible. I tried with all the VPN files available on TryHackMe and also tried downgrading the version of the OpenVPN but nothing works. Can some one please tell me any workaround

Can you do

1. Tell us which room you're currently doing

2. ip a s and count your tun*

Someone knows why servers in https://tryhackme.com/room/uploadvulns don't reachable? Nor with openvpn, nor from attackbox

hey Im struggling with Wazuh Room, can't connect to the instance , VPN is okay and pinging...any help?

Did you add it to hosts?

How long ago did you boot the machine up?

Forgot, tnx, it helps

it shows loading for more than 20 minutes, terminated and reconnected , no help at all

Can I have your ip please?

10.17.59.97

not your tun0, your target. 🙂

okay 10.10.28.76

It works for me.

Are you accessing http://10.10.28.76/ ?

yes its not working "http://10.10.28.76/app/login?nextUrl=%2F" this url comes and buffering for a long tym

Can you do ip a s, and count the tun* ?

re ^^

0,1, and 2 was there

Are you leaving your openvpn open?

!multivpn

Follow the above steps. 🙂

but i need use openvpn on my pc or just install on my vm linux on virtual box ?

On your VM.

The VPN needs to be run in the enviorment you wish to use.

ok i do all steps

Okay how to disconnect the multi vpn

sudo killall openvpn

You have the vpn running in Kali)

okk but why i can't use nmap and gobuster ? i have connection refused all time ?

Can you verify and take a screenshot please.

!docs verify

Room: Internal
Tun Count: 1 (tun0)

OK, so you don't get a response from curl, have you done an nmap scan?

Yup that's connected

and when i open other terminal and i try nmap and gobuster i find nothing

Can you fo ip a s ?

Yes, nmap works fine
Sometimes I do get curl response but it takes too long, sometimes I don't

Are you doing a room now?

Yes

Ok, you're connected, what issue are you having exactly?

In a seperate terminal

sudo ip link set dev tun0 mtu 1200

i find nothing whereas normaly i need find port

whcih room are you doing?

Oh wait

That's the wrong IP

All target machines are 10.10.xxx.xxx

you are probably scanning your self

ha i see

my fault

yes

Done, and now looks like it's working, I am able to access the web site in both browser as well as in curl

this is the good ip address ?

Use that IP.

Ah that's good.

MTU just downsized the packets sent.

ha thx its good ^^

i am so bad sorry xd

i have a question

when i disconnect my vm i need reupload file and use sudo openvpn "file" command ?

@weary spindle still not working, buffering 10.10.186.87

With this set, would I still be able to do faster nmap scans??

And thanks a lot for the help @weary spindle

Gave +1 Rep to @weary spindle

doubtful.

Terminate and re-deploy

Yes, it will need to start running.

Ok

we can close terminal who use opvpn ?

Still not working : )

No, leave it open

okk

dont know what to do? : (

but i see tutorial who explain we need copy the ip adress on url tools but me i have just a connection verified i don't have the server on maintenance

Yes, you miniseries that terminal, and open a new terminal

ok but why i don't have the good web site

I can't say for crtain, it works on mine.

@eager vapor

What's up?

hmm its ok i restart machine with other ip and its ok

Guy can i get some help with my vpn connection

Regenerate your cert.

I didnt get it

you mean download new vpn file ?

thanks man

Gave +1 Rep to @weary spindle

Did that work?

It did

work

🙂 excellent

is there a way to add multiple members to a group at the same time?

No, you can only have 4.

Unless you're in a workspace.

Thanks

Gave +1 Rep to @weary spindle

Hello, Yesterday I lost my days using tryhackme because the server it was out. How could I recover my sequencial days?

you need to send email to THM from email that you are registered on THM with you username and amount of strikes you lost

!email

strikes??? you mean streak right

My subscription is cancelled even after I’ve been charged from my credit card. Can anyone Advise please

@bright kindle had a similar issue , I guess they didnt like the reason I gave lol 🙈

no but I would just cancel again, best to take a screenshot aswell

!email

Need to contact via E-mail.

Thanks.

I paid for a subscription but my premium was not activated. Tried to email and raise a ticket but no response. Any advice?

There is a slightly longer delay in responses.

Hello ! I m thinking of using the workspace feature with a couple of friends from university and was wondering if i need to create a new account ( sign in with university/school email ) or can i just somehow use my already existing account

You can change your account to your educaitonal E-mail in your profile.

Not only will this place you all in the same workspace (same domain) you'll aso benifit from a student discount.

oh thank you !

yo can yall tell which path is optimal for pentesting? its kinda confusing

Jr Pentest and/or red team path.

arent both of them intermediate?

or it is just the difficulty

i thought its like for intermediate people

They can be tricky.

but they're doable.

okay thanks!

None of the vm machines launch from the rooms
is anyone else experiencing this?

Hi. Can I not use my own machine to do the OpenCTI room? I can't connect to the OpenCTI web server by doing so.

It does say 'via AttackBox', but I'm not sure if it means that it's only accessible via AttackBox

How long is left on the countdown?

22mins have passed

still not respodning

ok it literally just responded

i tried 1 min ago and nothing

dammit

thanks anyways

Haha, no problemo

Actually I have a question if you don't mind

my AttackBoxe and remote machines are incredibly slow. Is it normal?

I wouldn't mind if some rooms didn't force me to use remote machines (like the PhishTool machine in Threat Intelligence Tools room)

it was incredibly frustrating taking like 10 seconds for a mouse click to register

It probably is normal considering I live in ME (130-170ms ping) and general traffic, but it's bordering on unusable. Would be great to find some remedy

@whole mirage I am having the same problem

Yeah you're better off running kali on virtualbox, that's what I'm doing.

oh my god

did you connect to the box via openvpn?\

@whole mirage

Yeah

dm me if you want help setting it up

No, it sounds like a connection problem with what you descibred

Hey everyone, I've got a sort of "platform" question if this is the right place to put it. Not so much a technical support question, but more "what's the intended purpose?" question.

tl;dr: Going through Holo atm, not sure if the task list is a "last resort" option to learning how to do the intended path of compromise or if I should be following along with the task list.

Apologies if this question doesn't belong here!

I want to do this the intended way to learn as much as possible. But with my background in OSCP/HTB training, I'm inclined to bash my head against this for a little while before going to the task list to learn what I'm supposed to do. On the other hand, this feels structured in a way that I feel like I should be going through the task list first and foremost.

I think the platform is designed in such a way that it presents rudimentary information (at least in beginner rooms) for each section in a room and expects you to do further research on the topic/experiment with it in your own way. The task list is there for more of a 'I completed this' sense than a 'I now know this' sense. This was my experience with 20ish rooms in the SOC L1 path, which I assume is very easy compared to more advanced rooms, so I cannot comment on how task lists work there.

That makes a lot of sense. I have about 4-5 years of casual pentesting experience under my belt, so a lot of the things in some of the learning paths come very easily to me.

But I didn't wanna "cheat" here if that's not the point, ya know?

But I also didn't wanna just make it unnecessarily more difficult for me.

I've just had a look at the Holo room, and the task list seems straightfoward. Don't really know how you'd approach it without looking at what it's asking haha.

See, that's where I'm at LOL

You may get more out of it if you try to exploit the machine without looking at what is being asked first, and when you've hit a limit you can submit the flags you already know and continue on from there.

But yeah I wouldn't focus too much on it and just do the tasks.

anyone knows why sqlmap is ignoring --suffix when using --os-shell

it's breaking the payload and stopping it from uploading files

@burnt kiln This is because the --os-shell option tells sqlmap to execute a shell command on the remote system, and the --suffix option is not relevant to this task.

Seems like there's no easy way to get a shell on the mysql version I'm dealing with so sqlmap is trying to use the injection to drop a php file and run it through web requests, so suffix is relevant in this case since it's needed for the injection to work

seems like a dead end anyways, but still weird

Hi all. I'm trying to do the OWASP Juice Shop room using my Windows client. I have OpenVPN connected and on the THM webpage I can see my IP in the green box at the top indicating a connection. However, when I launch the instance I cannot open the webpage or ping the IP address. The troubleshooting guide says to give the instance at least 5 minutes to boot up, but its been 10 minutes now and still nothing. Any ideas?

Experienced same a while ago
Regenerated and downloaded the vpn file again
It worked for me somehow

Hi I completed this room https://tryhackme.com/room/sakura It shows all the tasks turned green the questions are not showing up and the room is not turned green as completed rooms do. It didn't seem to be completed but there is no task left to do. What should I do.

BTW I completed that room long ago ig

Getting this error when trying to load a room

Hello, Should I ask my question regarding referral link issue here? Is it the right channel?
I've already opened a bug report on the site, but it's taking a long time to answer and some of my friends want to start using the site with my reference link. Has anybody experienced a similar issue?

Wondering if anyone has faced the same issue. My subscription wasn't activated so i raised a ticket. Today, support seems to have resolved the ticket, but the problem is still there. Does anyone know if it will activate after a certain amount of time?

Room: https://tryhackme.com/room/webenumerationv2

Task 6: There are some virtual hosts running on this server. What are they?

After running gobuster vhost -u http://10.10.35.223 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

I get no results

What I tried:

restarting machine
adding webenum.thm to /etc/hosts
adding --append-domain webenum.thm to the gobuster command
updating SecLists
pinging machine

It turns out I was supposed to use gobuster vhost http://webenum.thm

instead of the machine IP
(Which is absolutely impossible to know if you're a beginner)

good catch and good point

even the gobuster help page seems to indicate you wanna use the ip

why is that?

do you know

Nope

if you could resend the above message in #room-bugs maybe someone will look at it and change it or add some note about it

Anybody run into issues with Intro To Logs? The VM on there crashed during Task 5.

Is there a way to download files from machines? They're unusable to me and I'd like to download the task/working files to do the exercises on my own machine. I used SCP for ssh-able machines but ones that dont allow that have me stumped.

The snort room is hell because it's so laggy and is intense so I cannot deal with browser-based. I just might have to manually replicate the files.

Does anyone know what "Missing anti-clickjacking X-Frame-Options header" is?

I've seen this pop up when using nikto numerous times now and I can't figure out how serious this vulnerability is

why doesnt http://fakebank.com work, how am I supposed to finish the first room?

you need to open it in the split view

how do you do that?

on the top of the page next to this there should be a show split view button

but normally it opens that by itself when you hit this button:

if the room is made to open in split view that is

tnx a lot

guess you got it working then

Hi good afternoon, I have try hack me on my school account and I try to transfer my work and my voucher to my personal account, by changing my email address and I lost my work and my voucher. What should I do to regain my voucher and my work?

I lost my work and voucher on my school account*

anyone able to get their streak restored by THM?

!email

Support can do it.

If I have an active VIP subscription and I use the voucher for one year, will it extend my VIP subscription for another year?

You can't use a voucher while having a running subscription, you'll have to wait for it to run out before using it

When I try to join any room it just keeps loading without joining, this problem started after the latest site maintenance. Any help?

Hey, you might need to clear your broswers cache

try ctrl+F5

It worked, thank you.

Gave +1 Rep to @glacial hound

Why http://burp/cert doesn't work ? For download cacert.dr

127.0.0.1:8080

if set on 8080 (default)

Thank u

Gave +1 Rep to @high stump

Referring to the technique from question 2, what mitigation method suggests using SMS messages as an alternative for its implementation?
if there any fix for this question will be welcome

Good morning

I keep getting this error when I try to use metasploit to create a session

Which room are you doing?

Steel mountain

Is there a solution to this please

Hi. I'm unable to start a room (razorblack) bc it's "running" (but it's not). I'm not able to terminate it as well, because when I refresh the page it's "spawned" again.

I'm on VIP if that matters

Maybe someone left this file using metasploit on the same box. Try terminating a box and start it again, so you get connected to other instance

I’ve done that a few times same error

sh*t

do you have to use metasploit?

if there's a metasploit module, there's a big chence there is a standalone exploit for the vulnerability

maybe try that

I am a premium user at public profile it shows premium user but still I am getting Go Premium button and my level is 9 at public profile it shows 9 but at dashboard it is 1

And I have completed 98% of Jr penetration tester pathway but now it is 0

!email

Need to contact support

Okay

There’s a stand-alone exploit for this particular exploit but I really wanted to complete the MS module for the experience

@pearl horizon I had this problem too, after restarting the machine, it was ok.

Thank you

Gave +1 Rep to @brave anchor

For some reason it won't let me run nmap in the network security room.

what error do you get?

Let me reopen the machine to check if I got an error

There was no error

Would you like for me to paste what's in the terminal right now?

Yes please.

Starting Nmap 7.60 ( https://nmap.org ) at 2023-09-01 15:38 BST
Failed to resolve "MACHINE_IP".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.14 seconds

You need to start the machine on Task 3

I am on task 3

Yes, you need to start the machine.

https://help.tryhackme.com/en/articles/7977454-how-to-starting-your-first-tryhackme-machine

Have a read over this link.

Oh...

My bad. I thought I started it already.

Thank you for the help.

You started the attackbox, it's a different machine. 🙂

my friend doesn't see his top percentage, from which rank on does it display?

do you need to be top 50% or something

What rank are they?