#site-support

I'm hoping someone can help me... I had a streak of 36 just yesterday and when I logged on today, I'm back down to 1?

I don't understand why my streak went down?

I always answer at least a question or two a day, some days I get a whole bunch done

Thx for the info. But, i've already tried that. It seems that i forgot my password. Is there any alternative solution?

Gave +1 Rep to @ivory spruce (current: #15 - 430)

You can drop an email to THM Support and they can restore it for you.

Try reaching out to THM Support and tell them that you no longer have access to your old account. They may request certain info to verify your ownership over the account though.

Which virtual machine are you referring to?

Can you give me contact info of the THM Support? I can verify my ownership over the account.

@plucky talon

Chrome and Opera

Hi Everyone.. I don't know why but my machines just won't start on tryhackme. I'm a paid user, but some pages don't even load up fully

Which machine?

The one in the Upload Vulnerabilities room. It was working just fine last night, till it suddenly disconnected and refused to restart since

Is this the one where you need to eupdate the hosts file?

If so, have you pointed the hosts file to the new IP?

Yes.. That's the one.
And has I was able to point the host file to the new IP yesterday. But now that the machine won't start at all, I don't even have a new IP to update the host file with. The attackbox starts alright though, but the machine doesn't

I'm beginning to realize that it might be a problem with my browser, but I'm not sure what exactly the issue is. I'm using Google Chrome and I've noticed that my dashboard page remains loading forever. I'm not able to see my rank or my skill matrix as it keeps loading

I also can't view my learning paths unless I type out the exact directory in the address bar. What could be the problem?

Have you tried clearing cache and cookies?

Perhaps switching browsers?

Both are up to date?

Thanks a million. I just did and it worked.
But sincerely, I really don't understand why clearing cache and cookies worked

Gave +1 Rep to @weary spindle (current: #2 - 1984)

Sometimes the websites stored in cache won't load as well as live websites, when you clear the cache, the computer reaches out for a more up to date website.

Ohh. I see. Thank you

Hello, im having the issue, that i cant connect via openvpn. it says that the cipher is not supported. any ideas?

Can you share a screenshot of your output?

nvm, i just downloaded another ovpn file and now it worked fine again. but thank you

while in the splunk basics room it tells me to start the box and for task 5"addiding data i have to download task files. i have no idea of how to get those files into the box.

is just me or THM is having some problems? any time I try to connect or im doing a box, the machine be going extra slow

Send a screenshot of your OpenVPN output

What room are you doing?

What makes you think it’s slow?

Try reducing the MTU size

Have you tried accessing a different room?

Is your internet connection strong?

Is there an admin here that can help me figure out why I can't use the koth room?

do you mean the channel here in the discord?

Yes

You have to verify

I did

With the THM bot?

Let me.try that link you posted

Yes, I verified, still can't do anything

@bronze vale

Meh, seems to be working now... thx

hi guys, I need some support about vpn -> mtu..

┌──(kali㉿kali)-[~]
└─$ date && vpn/tryhackme/thm-troubleshoot
Tue Feb 20 17:11:55 CET 2024

Looks like you're running Kali @MuirlandOracle

[-] Script is being run as a low-privileged user
Would you like to run this script with higher privileges automatically (Y/n)?
[+] Re-running with root permissions
[-] Config not found in current directory
Please enter the path to your config: vpn/tryhackme/*_eu_vip_1.ovpn
[+] Config Located successfully
[+] Stable internet connection
[+] OpenVPN is installed
[+] tun0 exists
[+] tun0 IP is in the correct range
[+] Only one instance of OpenVPN is running
[+] Confirming connectivity
[-] MTU value failed at 1000, aborting MTU check
[-] Something went wrong -- please ask for further assistance in the TryHackMe Discord server, subreddit, or forum

┌──(kali㉿kali)-[~]
└─$ date
Tue Feb 20 17:12:48 CET 2024

2024-02-20 20:59:58 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.168.160:1194
2024-02-20 20:59:58 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-20 20:59:58 UDPv4 link local: (not bound)
2024-02-20 20:59:58 UDPv4 link remote: [AF_INET]18.202.168.160:1194
2024-02-20 20:59:58 TLS: Initial packet from [AF_INET]18.202.168.160:1194, sid=91663e1d c24621d9
2024-02-20 20:59:58 VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: CN=ChangeMe, serial=425397202556807641543660048237946304772097879576
2024-02-20 20:59:58 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
2024-02-20 20:59:58 TLS_ERROR: BIO read tls_read_plaintext error
2024-02-20 20:59:58 TLS Error: TLS object -> incoming plaintext read error
2024-02-20 20:59:58 TLS Error: TLS handshake failed
2024-02-20 20:59:58 SIGUSR1[soft,tls-error] received, process restarting
can someone help me with this error while using opnvpn to use ovpn file

Try tun-mtu 1200

Which server?

What server are you on?

tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1200

Dammit Scrubz every time

eu_vip_2

You're running another vpn do sudo killall openvpn then try to rerun the vpn

same with eu_vip_1

Tun1

Oh, Blackout caught it

EU-regular

which one?

That looks like 3.

Try 1 and 2.

done, I'll check on it

hey can someone try connecting to the AU server?

i was able to connect to it like 30 mins back

right now i cant seem to reconnect

to it

thankyou bro

this link that is on "walking the application" on tryhackme, does it still work for anyone, it doesn't work for me. this is the link https://lab_web_url.p.thmlabs.com/

please who can help

Did you press the green start machine button?

Yes, i did

I waited 2 minutes as well

maybe someone should try it now on the website and see if it works

1. I clicked the start machine button.

2. After 60 seconds, the URL updated to show the machine IP.

whenever i click join room in room 'wreath' it sends me to https://tryhackme.com/r/rooms

Several people have now in #general

Are you a subscriber?

here's wreath's url = https://tryhackme.com/room/wreath

no, but its free

Do you have a 7 day streak?

no

Then you don't have access yet

oh

Yeah the UI isn't very clear

so i have to join room when i have 7 day streak and then ill have constant access?

That I'm not so sure about

I think so

You do. 🙂

okay, thanks

It's on this part.

I have made the suggestion for it be made clearer, or a window opens letting you know if you don't have access, any sort of feedback really.

could you guys make difficulty filter a checkbox

#feedback-and-ideas

Wdym?

so i can filter rooms that are e.g easy and medium

there is one.

cuz it allows one choice currently

i cannot choose multiple difficulties

Oh! multiple.

I get you now.

yeah

Hello any tryhackme staff members here

Hello, I am in exploiting AD room, and since the begining I am in the network 10.200.79.0 and it switch to another network. Is that possible to put me back at the initial network please?

yes a few

well not easily... if you leave the room and wait a min and then rejoin it will probably give you another subnet... but there is no garantue you get the subnet you want

Ow.. admin cannot put me in an other network? 🥲

Because I could continue from my initial network but it seems down so.. I’m stuck 😂

as far as shadow knows.... no they can not put you in another netwokr

Ok ok thank you for your answer !

no problem

Hello I have a question
What time of day does the server restart the response streak?
I'm from Argentina, GMT-3 here.

Hey, first time this has happened before but a flag seems to be broken on the "Walking an Application" room. The final task, for retrieving a flag out of a response header isn't allowing me to submit. I've confirmed it's the correct flag as others have completed using this flag too. Just won't submit for me :s

nvm i found a flag for the next room rather than the one i needed lmao

Yes. I'm so sorry for the late reply

hello, is there a way to see all the rooms you have joined but not completed? "Recent rooms" doesn't show everything

If you click your profile > My rooms it will tell you how many rooms you have joined and can filter the completed ones

thanks

Gave +1 Rep to @wind wedge (current: #86 - 73)

Which room are you doing?

It doesn't ask you to ssh in

Are you on Windows or Linux?

What room are you doing?

Intro to offensive security, you're not suppose to ssh in

Are you trying to ssh into the machine in task 2? How do you know the SSH credentials if they weren't provided? Not all VM's will have the same default credentials, that wouldn't be very secure, and would defeat the purpose of learning how to hack into a machine.

What web version? The attackbox and Task VM are two different machines

Do you click split show view at the top?

SSH is used as a way for you to connect to a comupter remotely and securely, so if all computers running SSH had the same credentials, then hackers wouldn't need much effor to get into corporate or private networks 🙂

Ah I see, you won't be able to SSH into that VM as that's not how the room is intended to be solved.

Even if you could SSH into it, it wouldn't really affect the websites performance for you. The only difference is that with the Attackbox you access the website via the attackboxes web browser, whereas with OpenVPN you can access it through your machines browser.

Surprised to hear it's slow for you though

To be able to connect to TryHackMes network with your own VM, instead of using the web-based Attackbox.

You're using openVPN with your machine, to allow it to communicate with other machines on THMs network

No you're not, these are very valid and important questions, understanding how THM works from a network perspective will help with troubleshooting and general problem solving when it comes to challenge rooms 🙂

There is a section about the VPN here https://tryhackme.com/r/resources/blog/tryhackmes-vpn-explained

Let me know if you have any follow up questions

We recommend using VMs because this is considered best practice for Security, and it will create a good habit 🙂

When learning about cyber, you will, without a doubt, make mistakes and sometimes do things you might not fully understand. So, doing all of this in a safe and secure environment is important. If you have the resources to run a VM, for example, with Ubuntu or Kali, I highly encourage you to use it. Plus, it will teach you about VMs and how to configure them, which will come in handy

Just minimise the terminal, leave it running and that's you, good to go.

You can nmap the Ip etc

Once you're conected you can do the same stuff with your VM as you would do from our Attackbox

No, because without openVPN your Mac is not connected to the same private network as our machines

If you're using a kali VM, you will have most of the tools pre installed, so you can start running commands from your terminal. If you're using Ubuntu, you can download them via the terminal. It will be harder to find all of those tools on Mac, and as mentioned earlier, using your host for learning how to hack is not recommended 🙂

Type the task VMs IP address (with the correct protocol, so http here) into your machines browser

for example http://10.10.343.23 if that were the VMs IP

No

This is one room I suggest doing in the split screenmachine,

as http://www.facebank.com is a real website.

So you'd be attacking a real website.

However you're thought is correct.

You'd just use the ip. (but not for fakebank.thm)

gobuster -u http://myip<> -w wordlist/rockyou.txt dir -> Not your IP no, the target machines IP, AKA the one that is running the webserver you want to attack

Gobuster is a tool that tries to find hidden directories in websites, so for example, if fakebank.com has an admin login page, fakebank.com/admin_login, then gobuster would be able to tell you. Gobuster uses huge wordlists of common file and directory names, and tries them all on the target webiste to see if they are valid

Hey, i want to delete my payment credentials. I couldnt find a way to do it, is there a way?

Hi! I am planning to buy vouchers, how long do I have to redeem them? Is there an expiry date?

No expiry date :)

thanks a lot! that's good news 😉

Are you subscribed annually or monthly?

As your THM subscription is set to auto-renew, I think the only way you could delete your card number and other card data would be to cancel your subscription and remove your payment option.

Hi, can I DM you?

okay thanks a lot

Gave +1 Rep to @ivory spruce (current: #15 - 431)

Hey there.
I just registered using the referral link my friend sent me, but I can't use the discount code to buy premium sub. It says invalid coupon code

check the mtu on your tun0 device and maybe try lowering it to 1200 if it is on 1500

Gave +1 Rep to @plush bay (current: #4 - 1639)

@ivory spruce pls I'm still having issue with the tryhackme not showing in desktop view

I'm using chrome

What issues are you having?

The thing is the website is not responding to desktop view

You're trying to view tryhackme on your mobile?

Yes. See here

THM isn't designed for mobile, it might be a bit tricky

Ok, but I've been using the desktop view for a while now and I had no issue.

Thanks for helping out

you are using mobile because you dont have a pc?

Yes

ok do this...

Your house TV must be connected to the internet, using a chrome browser you will be able to cast your phone display into the TV, this way you can view the whole display and hack just using you phone

if you can get a chromecast even better

the old chromecast is very cheap not even 20 dollars I think, thats how the kid that had uber hacked using his tv

There's no tv where I'm staying currently.
Thanks anyway... I'll find other solutions

Really appreciate

I see, no problem.

ayo hi guys. i am not sure if this is the best place to ask but i have problem with my virtual machine(i know this is site-support room but idk where to ask). after i completed a room on thm i disconnected from the vpn all good, next day when i logged in on my machine i dont have network anymore, eth0 state is down. i tried everything from google but nothing good. do u have any ideeas?

you are saying your eth0 is not in your terminal when you do ifconfig?

it is

but

its down

what do you mean with down?

when i try to ping i get network inreachable

on "ip a" command

eth 0 has "state DOWN"

eth0 is not tryhackme is you wifi

i kno

aah just put back up

run eth0 up

it doesnt work

i tried

ifconfig eth0 up

i asked here cz, before i finished a room on thm eveything was good. after i disconnected from the vpn and restarted the machine eveything is messed up

nothing, i tried

oh thats weird. it should work, if you have access to the internet, your interface should be up

maybe is just using a different name other than eth0

idk, on ifconfig i have eth0 there.

i am getting this while trying to connect to openvpn

What server are you on?

i am getting the same in EU-Regular-2 + EU-Regular-1

Can you try and regenerate, wait for 3 mins then try to run again

@vestal tartan Did it manage to work?

yes

Hey this might be outside of working hours for support. But I am having trouble with OpenVPN. Might be my firewall rules. I typically just use the attackboxes. I am in the active directory basics room trying to remote into another user's computer. I tried doing it on the domain controller on the attackbox, but that is not working. Maybe I am not using rdp correctly? Not sure.

I saw that someone was able to rdp after configuring openvpn though and so that is the path I have been trying to take.

https://tenor.com/view/hysterical-laughter-laughing-gif-25735842

Know what! I just solve the issue. Thought I was stuck, but I was one more step from finding the solution. LOL

https://tenor.com/view/hysterical-laughter-laughing-gif-25735842

Is anyone available to help troubleshoot a vpn connection ? Im working on reverse shells and Im not able to connect the shell to my listener on my machine to the host. I tried the attack box and the shells worked perfectly on the webserver

I need Support i have issue

Can you describe the issue you are having?

Can you do ip a and share the result (if you can share a screenshot, that will be ideal)? You'll need to verify your account to be able to post screenshots.

Also, what OS are you running?

@nimble cedar

in my case i got issue one of my learning room finaly i tried to search google and i got the answer thank you for trying to support me wish you blessing

Gave +1 Rep to @ivory spruce (current: #15 - 432)

Got it. In any case, should you encounter any issue, feel free to describe it here and someone will definitely point you in the right direction.

Ok Leave it to me that if i got issue i'll share all of you

hi guys i have one query while solving a room on introductory networking. so i was on task no.8 networking tools dig. so there is question:-
Where is the very first place your computer would look to find the IP address of a domain?
i reserched it but answere i got is local cache
but the problem is it shows wrong ans
and ans format of the question is Answer: * **
does any one know about this room or ans?

Where did you get the answwer Local Cache from?

on internet

You're giving me more questions than answers dude.

Where on the internet did you find that information?

i just search it on chrome

Ok.

Please read the task information, All answers can be found in there.

It's even highlighted.

ok thnx

Hi I would like to get back my streak

You'll need to contact support via E-mail.

Thank you @weary spindle for always helping 🙏

Gave +1 Rep to @weary spindle (current: #2 - 1995)

thank u bro

Gave +1 Rep to @weary spindle (current: #2 - 1996)

No problem sister!

am not sister. I am male bro

How do yo know Scrubz is a bro?

bro is casual term even used for any female friends

hi, do I need to contact tryhackme support email to get help regarding trouble with logging in to my account on the website?

Yes.

Account help won't be on Discord.

I'm waiting for their reply

Just wait patiently, don't E-mail more than once within 7 days or you'll push your E-mail back down the list.

hey there, I'm having a. strange issue I hope someone can help me with. I am connecting to thm through openvpn. I can ping my active rooms and everything seems to be working fine. But on the dashboard on thm it says I'm disconnected and doesn't give me my IP address?

That's a bug, it's cool, ignore it

how do I get my IP address then? sorry silly question

ip a | grep "tun"

It will be tun0.

Not silly. 🙂

hello, does anyone here know why the number of completed rooms displayed on my public profile is incorrect?

thank you @weary spindle

Gave +1 Rep to @weary spindle (current: #2 - 1997)

i calculated the correct number of completed rooms by going to 'my rooms,' getting the total number of rooms joined from the top indicator, and then subtracting the number of incomplete rooms, which I found by toggling on 'hide completed rooms' and looking at the number

i get 180 completed rooms, while my public profile says 143

maybe i'm missing something about the way the number of completed rooms is calculated

If i am not mistaken "My Rooms" section also includes private rooms and such. Public profile might not include those and that might be the reason.

I also have two other random questions:
1.) I'd love to know how the hours active are calculated, as mine is def short. I feel like it is saying on average this section should take x person an hour?
2.) is there a better way to get back to my paths from a room? when I'm in a room it seems like to get back to my tracks I have to click to the dashboard, click paths etc.

i only have 3 rooms that i created and are not public, and i haven't completed any of them

i thought about this, it doesn't seem to justify the difference of 37 rooms

1. not sure about the calculations.

2. iirc, not really, you could always bookmark the path and just click on the bookmark.

Question 2 would be a good suggestion for bring a #feedback-and-ideas

Hello ,
I need some help in Network services (1-2). I'm facing problems with scanning the IP addresses . Every time I do an nmap scan , all ports are being filtered or closed and it doesn't even showed . I got a message saying that all 1000 ports are closed and I can't even see one port to complete the room .

Some rooms that were once public also goes private due to being outdated or replaced by better rooms. I was mainly talking about those and from my tests, those indeed are not displayed on public profile. I also have 27 room discrepancy, probably due to that.

Hello Everyone, I'm having an issues with Lab every time I put the ip address It says server not found .

ah, i see, that i didn't consider

thank you @wheat wagon

Gave +1 Rep to @wheat wagon (current: #175 - 34)

Does the lab you're doing have a webserver?

It also giving me an error 405.

You're entering the same IP as the Attackbox

You need to start the machine in the task material also

No, I'm working on DAST.

Hey I am facing some problem in connecting openvpn can someone pls help....

What problem?

4-02-22 12:08:36 UDPv4 link local: (not bound)
2024-02-22 12:08:36 UDPv4 link remote: [AF_INET]3.7.33.194:1194

getting this

2024-02-22 12:09:36 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-22 12:09:36 TLS Error: TLS handshake failed
2024-02-22 12:09:36 SIGUSR1[soft,tls-error] received, process restarting
2024-02-22 12:09:36 Restart pause, 1 second(s)
2024-02-22 12:09:37 TCP/UDP: Preserving recently used remote address: [AF_INET]3.7.33.194:1194
2024-02-22 12:09:37 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-22 12:09:37 UDPv4 link local: (not bound)
2024-02-22 12:09:37 UDPv4 link remote: [AF_INET]3.7.33.194:1194

What server are you on?

in-regular-1

in windows also i am facing problem

Regenerate your openvpn file

okayy

i did but same problem...

What OS are you on

linux

kali in vm

2024-02-22 12:15:32 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
is i have to change something ??

@wind wedge

Shouldn’t have to

Which country are you in?

india

Can you try an alternative server?

i should use in-regular-1 server or other ??

there is no other server for in

2024-02-22 12:29:46 TLS Error: TLS handshake failed
2024-02-22 12:29:46 SIGUSR1[soft,tls-error] received, process restarting
2024-02-22 12:29:46 Restart pause, 2 second(s)
2024-02-22 12:29:48 TCP/UDP: Preserving recently used remote address: [AF_INET]3.7.33.194:1194
2024-02-22 12:29:48 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-22 12:29:48 UDPv4 link local: (not bound)
2024-02-22 12:29:48 UDPv4 link remote: [AF_INET]3.7.33.194:1194

Try a different server altogether.

Is your VM time synched?

yaa it is not synced and i am figuring out to do so

Go to clock and there should be a setting

Right click your clock

got it

2024-02-23 00:15:41 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-02-23 00:15:41 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-23 00:15:41 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-02-23 00:15:41 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-02-23 00:15:41 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-02-23 00:15:41 DCO version: N/A
2024-02-23 00:15:41 TCP/UDP: Preserving recently used remote address: [AF_INET]3.7.33.194:1194
2024-02-23 00:15:41 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-23 00:15:41 UDPv4 link local: (not bound)
2024-02-23 00:15:41 UDPv4 link remote: [AF_INET]3.7.33.194:1194

thanks for helping @weary spindle
just fed up with this and i dont wanna do now 😦

Gave +1 Rep to @weary spindle (current: #2 - 1998)

@weary spindle can u help please

I need some help in Network services (1-2). I'm facing problems with scanning the IP addresses . Every time I do an nmap scan , all ports are being filtered or closed and it doesn't even showed . I got a message saying that all 1000 ports are closed and I can't even see one port to complete the room .

Are you on the attackbox or a vm?

is anyone here?
im not being able to 'ssh' to nmap machine from THM, help!

Which machine are you doing?

They're not all ssh enabled

nmap machine

You don't ssh in?

You just nmap it

i did connect openvpn then I used ssh
ssh tryhackme@machine's_ip

"connection time out"

It won't work because you can't ssh in to it...

You're not required to.

why?

Because you don't need to.

wdym?

For the room nmap, all you need to use is nmap.

I think the target ,mentioned frequently, in questions of Practical Section means the machine.

Yes, but as I stated before, you don't need to ssh in to every machine on THM.

the attackbox limits the time, so I thought to access through my own LINUX

Still doesn't change the fact you can't ssh in to the machine.

The Attackbox is not the same VM as the ones you start within a task.

Hi, I started a box (Razorblack). it is not responding does not terminate (button) after logging out and in several times nor ..

#site-support message

Hi, can anyone help me how to delete friends?

Press the X

It doesn’t work because the scroll bar is in the way

Can you zoom out the page?

Can anyone here help me troubleshoot a outgoing connection issue from a tryhackme machine to my vm ?

Sure, what's up?

let me control v the issue one sec

I try

Im working on reverse shells in the what the shell room. I can connect to the machine through SSH and get remote code execution by uploading a php shell. I just cant connect back to the listener on my host machine.

I tested the exact reverse shell method in the attack box browser and I had zero issues connecting the shell to the listener.

Im running
Windows 11
[10:40 AM]
and Parrot OS
[10:40 AM]
I ran the openVPN on my host machine and I still wasnt able to catch the reverse shell in the VM

I do have RCE within the cmd line in the url
i can execute basic commands like ls , cd , id, etc
Ive tried python and PHP shells.

image is the pentest monkey php reverse shell from port 1234
second image is pentest monkey php reverse shell from port 80
No connection but I do have a connection refusal error message. Why would tryhackme refuse a connection from one of their vpns ?

The daemonise isn't a THM specific one.

I dont know what daemonise means I know they are background processes but I have no idea what it means in this context

Per ChatGPT lol , "However, the warning itself is often not fatal, meaning it doesn't prevent the reverse shell from functioning properly. It's more of a notification that the process didn't detach as expected. The shell connection should still be established, but the shell process might remain attached to the terminal session."

Which task are you doing?

Room : WhatTheShell
Task : Practice and Examples #2

I can do these examples on the attackbox but its frustrating that I cant get shell connections on my VM

just for quick sanity check can you show the output of the terminal you are running the vpn in???

It worked for me.

Uh, is your php file empty?

Why port 80?

Anything under 1024 requires sudo

hmm I didnt know that. Ill try one sec

I use 9001-6

I never have anything on those ports.

uses 5527

and 3435

I've removed your previous shell file, so you don't get them confused.

Sigh

You're starting nc first, right?

yes i am

im positive its a networking issue. I can do this in the attackbox but I am lost on the VM.

I think its the route I have to the host

I'd say so, because I'm on your target machine.

but i can* ssh so idk

one sec ill show you i can get on the machine too with ssh. rev shells are just being blocked

scrubz what does HMAC authentication failed mean in vpn logs???

Possible cipher miss-match?

Possible re-generate could fix.

I will try that again but this is my second time today regenerating the config

Possibly parrot OS I've seen that OS have some silly errors

Do you have a different VM you can try?

ill give kali a shot. maybe HTB is jealous

lol

@weary spindle

no luck on kali

Facing some login issues since today. I have 2FA enabled and after login the site will redirect to 2FA but will stuck in an "redirecton error".

Your IP should be your tun0

That script looks like it's the box that is receiving it

This part here. this is the listening IP.

I feel dumb now. Shell achieved. Thank you for help sorry for the bother

Man, it's ok.

Now try that from your parrot, lol

Did it not click when you could get one from the attackbox using a different IP? 🤔

Parrot is still not working in the vm but kali is fine. I
Im hardheaded I just try to brute most things. It should have clicked lol

is MTU same on kali and parot

I closed the parrot box. but I did increase the mtu before trying again

anyone here having a problem with openvpn?

Can you describe the issue you are having?

i dont know where to post this. But in the "Room Prerequisites" to "Data Exfiltration" ( rooms/dataxexfilt ) a room named
"DNS Manipulation " is required.
That sounded like a fun room so i clicked on it but it says
"Room is private
...
If this is an error on our behalf. Please contact us. "
This is the link:
https://tryhackme.com/room/dnsmanipulation

Why can't i do this room? i have an active subscription.
Is there some kind of deeper level I need to join ?

Where did you get the link for the room?

just like i said, its a "Prerequisites" to the room "Data Exfiltration" https://tryhackme.com/room/dataxexfilt
its at the bottom of the Introduction

is not private, I just did it yesterday

it is private marked now

sooo probably a screw up on thm:s part

the room DNS Manipulation is private.
https://tryhackme.com/room/dnsmanipulation

What I am trying to say is that the room dnsmanipulation is listed as a "Prerequisites" for "Data Exfiltration"
Click on
https://tryhackme.com/room/dnsmanipulation and tell me that its not private .
If it is not private for you then let me know if you paid for some kind of extra module or something

thanks for reporting @steel aspen ... will forward to thm staff.... probably a temporary error... should be fine to ignore said private room for now

Gave +1 Rep to @steel aspen (current: #690 - 5)

thats weird

see im on it right now

that is because you joined before it got marked as a private and did not leave the room

i see

not gonna go into to much details how to join private rooms as that will get shadow in trouble

they dont trust me.... 🤔

nah it means something in the room is work in progress or a new replacement is being made

then im staying for the fun lmao

since im in, aint leaving now

lol

fair enoughs

i pay enough 💰 to THM of my own money that there should be no rooms that dont let me in. but i dont want to get ppl in trouble i just want to learn dns manipulation !

well basically all unreleased rooms and business and school rooms are also marked as private.... soo yeah

np , thanks!

the dns manipulation room is 100% gonna release in the future

just not right this instant

so probably they just forgot to remove the link while releasing this "new" room and mark it as comming soon

its a lot more work to set up ARP or DNS labs 'cuz they need multiple VMs or containers if i roll my own.
Any MITM or C2 stuff is just more work, so i got stoked when i saw rooms that i never did before .
Thanks !

Gave +1 Rep to @plush bay (current: #4 - 1641)

no problem

Hey all, this is probably user error however i can't see the flag for Task 6 Q1 of https://tryhackme.com/room/owaspjuiceshop. I'm in the administration path derived from the JS file that i un-minimised. However, unaware of what im meant to do next as there is no flag here 😂 Appreciate any insight, ty :)

ok nvm it gave me the flag but on another tab i had open from earlier lmao

https://tenor.com/view/cute-emoji-smiley-thinking-scratching-head-gif-17835192

2024-02-24 03:08:59 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-02-24 03:08:59 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-24 03:08:59 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-02-24 03:08:59 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-02-24 03:08:59 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-02-24 03:08:59 DCO version: N/A
2024-02-24 03:08:59 TCP/UDP: Preserving recently used remote address: [AF_INET]54.193.240.194:1194

Is this the complete log?

this is what i get when i try to connect to the openvpn server : 2024-02-24 03:08:59 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-02-24 03:08:59 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-24 03:08:59 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-02-24 03:08:59 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-02-24 03:08:59 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-02-24 03:08:59 DCO version: N/A
2024-02-24 03:08:59 TCP/UDP: Preserving recently used remote address: [AF_INET]54.193.240.194:1194
2024-02-24 03:08:59 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-24 03:08:59 UDPv4 link local: (not bound)
2024-02-24 03:08:59 UDPv4 link remote: [AF_INET]54.193.240.194:1194
^X@sS^X@sS^X@sS^C2024-02-24 03:09:24 event_wait : Interrupted system call (fd=-1,code=4)
2024-02-24 03:09:24 SIGTERM received, sending exit notification to peer
^C2024-02-24 03:09:24 event_wait : Interrupted system call (fd=-1,code=4)
2024-02-24 03:09:24 SIGINT[hard,] received, process exiting

What VPN server are you trying to connect to? Which country are you residing?

i'm trying to connect to US-West-Regular-1, and im from north africa

do i have to change the server?

Yeah.. Try other VPN servers except those listed here - #room-help message

it worked! thank you!

Gave +1 Rep to @ivory spruce (current: #15 - 435)

hi dears I am playing in the Red Team Capstone Challenge https://tryhackme.com/room/redteamcapstonechallenge I Faced an issue on the VPN Portal that gave us access to enter Internal network I got access for some employee inside the internal network and able to download their VPN profiles and I accessed the internal devices but from yesterday I can't access the VPN portal and test the credintional in SMTP server all are Valids
and I have reached to VPN Portal without login succeded

hello

is anyone from support team

Good morning are you guys familiar with this site (https://tryhackme.chargebee.com/). I'm being requested to update my payment record.

The formal or official way to reach THM Support would be to drop them an email .

Is this regarding the Red team capstone?

Hi

is there any problem with the server right now?

Nope, what issue are you having?

I'm havieng a issue trying to connect it from the attack box

Its impossible toi reach it

Is your network ok?

I think so, I'm listening music from youtube. But I started to having issues since the last windows update

yes

I booted an attackbox up ok.

mmmm I'm restarting all now

(╯°□°)╯︵ ┻━┻

http://machine_ip/robots.txt when I type this in the browser, appears a message about the site can't be reached

and when I'm trying to acces to the acme web page it appears a 504 error

gateway time-out

You need to start the machine in task 1

oh ok ty !

bruh I need help from the first task

in both not working

Hello, I have a question about vm timers. I was working on a room and the timer had 30 min left so I extended it. But then the vm terminated itself anyways. Does this mean I lose my progress, need to reset the room and start again, or is there a way to start the box up again without terminating it?

hi

The attack box just have 1 hour a day and if you submit the answer then you can continue your progresa next day. For that you need to subscribe or use your own vm.

Refresh the page when this happens

They’re referring to task VMs

Thanks for the replies, I am subscribed. I just terminated it and relaunched the vm. The previous steps were easily repeated. This is not the first time my vms have terminated early though, so not sure what's up with that. To be clear, not talking about the attack box, but target vms. When I checked https://tryhackme.com/api/vm/running it showed it still running but remote said false.

how do i upload a picture on here

You need to verify

Is anyone working on the Linux strength training for beginners task 8 ?

i am stuck

I am trying to use openvpngui to use thm's vpn, but I am getting some kind of certificate error and it is not working, what should I do? Kind people, please let me know.

What OpenVPN GUI are you using?

I use something called "OpenVPN GUI for Windows"

#site-support message

Sorry, I couldn't make that work for me.

hello, the machine for task 7 - Privilege Escalation: SUID in room Linux Privilege Escalation, doesn't seem to have the permissions require to complete the task, can you confirm?

Can you link the room?

https://tryhackme.com/room/linprivesc

Have you started the machine on Task 7?

no, should i use that one instead?

All the tasks in that room have their own machine you need to start.

correct, the machine in task 7 seven doesn't seem to be configure correctly so i can't finish the tasks, unshadow command is not installed and don't have permissions to install it

You're running unshadow on your vm/attackbox

no, within the machine provided, i guess i'll try it out outside... thanks 🤦

Rather, even with that, I got a certificate error.

@weary spindle so i kept going but it seems that nano with SUID is needed to be able to complete the room
update: I was able to do it in a different way but the instructions in the room are wrong, thanks

i tried adding an extra hour to my attackbox when its shows the warning of its gonna expire within few mins and i added an hour then it showed my time limit by adding an hour but still though my attackbox expire after few mins

i encountered this issue several times

so to get the machine back on again ,i need to suspend the machine inorder to see the visible option (start machine) in that task

then only the start machine option is showing for me again which takes few mins to load the attackbox ofc

I have actually launched my openvpn in windows host and when I'm trying to bridge the network in VMware so that it connects to my kali Linux it's not happening. I don't want to run my vpn file in kali just from my windows to kali machine.

You can't.

You need to run the vpn inside the vm.

Okayyy got it

What VPN server are you using?

tryhackme server

Hi all, does anyone knows what can I do to got fix my VPN.... recently I migrated from Windows to Linux desktop and then I'm running Kali Linux through GnomeBoxes, and I did the all the instalations, but when I downloded the vpn file, and put to run I got the error that it was not possible to connect and I've checked on the website ( tryhackme ) it's not showing up that is connected too, I've tried to use the THM trobleshooting file, but it's not working as well, when I run says " looks like you're not connected on the internet " but I'm surfing on internet normally and don't have nothing blocking the traffic or something like this, any help will be appreciated

PS. I'm trying to use the US-East-Regular-1

Yeah, but there are multiple THM VPN Servers such as EU-Reg-1, IN-Reg-1, EU-VIP-1, US-West-1, etc.

Anyone know what I can do if someone is screwing with a network I'm trying to work through?

The votes to reset aren't near the threshold to reset to default state, and it looks like someone set the firewall on a host I previously had working SSH access to. All ports filtered according to nmap.

This is the first machine (hostname prod-serv) in the Wreath network.

Has anyone experieced screen tearing issues in a kali VM on VB I have hardware acceleration turned off and its still tearing my screen with dual monitors

why am i pushing it with two monitors redlining the vram

nvm fixed

I think it was EU-Reg-3.

Try another VPN server.

Hi everyone, Just wanted to ask a quick question. I've connected to the VPN successfully and it shows i'm connected. But sometimes when I'm doing a room for example, (OWASP Top 10 - 2021) it shows as red for my connection but I can still do the tasks for the most part. Is this common or it'll resolve itself while being connected to the VPN?

This is a current bug that THM Staff is aware of and working to resolve at the moment. So long as you can reach 10.10.10.10, you should be good to go.

Thank you! Yes I can ping that specific ip

Gave +1 Rep to @ivory spruce (current: #15 - 438)

Anyone available to help troubleshoot a technical issue ?

Randomly my the difference between the icon of my mouse and where the mouse selects is off on the x axis by an unknown amount. I dont know how this happened but here I am explaining some weird event

This is on my VM and idk how this happened Im blaming an overly intrusive employer that like to bigbrother their employees

Since it's a certificate error, that change doesn't seem to make sense.

Greetings,
When do THM team support start their office hours?

There is no set hours, as long as they do 4 hours that coincidence with 9-5 GMT (I think)

Just be patient and they will email you back

Certificates are installed on the VPN servers. These are used to negotiate the keys to be used for the VPN session.

Okay, I'll give it a try. I'll report back if there are any glitches.

Hello All, I have an issue in OWASP Juice Shop - Burb is set up, the VM is up, I am using an attackbox. When I choose a fake email and password - and click on Log in - nothing happens. The request should go to BURB, but it does not do that. I am using foxproxy on Attackbox FF. Am I the lucky one having this issue?

I tried the method I was taught and was able to connect by using EU-Reg-3. Thank you, thank you so much.

Gave +1 Rep to @ivory spruce (current: #15 - 439)

is there a way to scale tickets or something? in january I paid to have access to a room, that room never worked(only 2 days) and support only repond every 2 weeks or so to tell me to do the same thing over and over, things I already tried even before i was told to do it. Now my membership been over for about 2 week now and my problem never got solved. it shouldnt be taking this long to respond to such import ticket because i basecally paid for something I never used

Every two weeks? Weird, let me check on that 🙂

thank you

Gave +1 Rep to @bronze vale (current: #6 - 1173)

is about the lateral movement room I came here looking for help with, I paid for the room and basically never worked expect for 2 days. in the first week or so I didnt mind because i told myself i have a whole month, but then after days of the box being in the state of "resetting" I came here asking for help, then after that i sent them an email

Hey, Can you DM me the email you used to contact support please?

sure

Hello, im having issues with my openvpn , it says "cipher not set" and "--allow compression" is not set to "no"
how can i fix this?

What does openvpn --version say?

2.6.7

Those are warnings then, what's the very last line in the output?

you mean after openvpn --version or when i try to run the server with sudo openvpn blabla.ovpn?

the latter

Basically
Data channel: cipher 'AES-256-cbc' , auth 'SHA512', peer-id 93, compression:'stub'
Timers: ping 5 , ping-restart 120

and than nothing happens just loads forever

do you see Initialization Sequence Completed just above that?

yes

that just means its running

Then you're connected

but whenever i try to connect via ssh tryhackme@10.etc it just tries to connect forever and nothing happens

Are you closing that terminal?

yes

ill send what it outputs when i try to ssh

if you close the terminal, you close the vpn connection

I tend to just minimise it and open a new terminal for doing the room stuff

okey now nothing happens when i try to ssh maaaaan ,_,

i minimized btw

So im connected with my VPN and it even displays it in the Access, but when i try to SSh after i start the machine on tryhackme, it just wont connect, nothing happens.

Which machine are you tring to ssh in to?

im in room linux fundamentals part 3
i even pinged the machine so i dont understand why i cant SSH to it

Can you verify your account and send a screenshot please

Done, what should i send a screenshot about exactly the ssh output or? (sorry im an idiot if it wasnt obvious already)

Yeah.

Can you try this command in a terminal sudo ip link set dev tun0 mtu 1200 while the VPN is running, and try again.

sudo ip link set dev tun0 mtu 1200

Pin for easy access

I was about to gid that out, I was able to SSH in.

okey it seems to have worked this time, can i get an explanation as to why and what did this command do exactly?

Reduced the data size of the tunnel

As for why that works, no clue

TLDR, and I think it was Scrubz who used this analogy, but to expand on it, changing the MTU size is basically like fitting a letter through a letterbox. Some networks (letterboxes) have a certain size, so reducing the MTU means that you are reducing the size of letter to fit through the letterbox to make it fit

When a packet (letter) is "too big" on a network, it'll be fragmented (split into smaller letters), reducing the size of the packet means that it'll be sent as one, making things more stable essentially

It was 😄

'tis a great one

I think it's one of the easiest for new people to understand.

Dankeschön ❤️

I assumed so but didn't want to guess hah

any help? on the ad enumeration network. it is also not working on the attack box

Edit the config and change "dev adenumeration" to "dev tun"

Or you can DM me your config and I'll do it^ 🙂

Worked, Thanks!

thank you very much

Gave +1 Rep to @zealous yoke (current: #8 - 812)

Trying to connect to THM network via openvpn to access virtual machines from my kali box but get this error message: 2024-02-26 14:35:33 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
2024-02-26 14:35:33 TLS_ERROR: BIO read tls_read_plaintext error
2024-02-26 14:35:33 TLS Error: TLS object -> incoming plaintext read error
2024-02-26 14:35:33 TLS Error: TLS handshake failed
2024-02-26 14:35:33 SIGUSR1[soft,tls-error] received, process restarting
2024-02-26 14:35:33 Restart pause, 32 second(s)
2024-02-26 14:36:05 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.168.160:1194
2024-02-26 14:36:05 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-26 14:36:05 UDPv4 link local: (not bound)
2024-02-26 14:36:05 UDPv4 link remote: [AF_INET]18.202.168.160:1194
2024-02-26 14:36:05 TLS: Initial packet from [AF_INET]18.202.168.160:1194, sid=c87d3290 bf8cc344
2024-02-26 14:36:05 VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: CN=ChangeMe, serial=4253972025568076415436600482379463047720978

Try regenrating you vpn file and redownload again

Done!

is there any problem with openvpn right now?

i tried redownloading files again and again still not working

how do i solve it now😪

That's connected.

4 lines from the bottom.

previously there was one but now there are 4 of these tun any way to remove them

no..when I ping machine its not working

Because you have multiple tunnels open.

sudo killall openvpn -9

Then re-connect once.

thanks it worked..I had tried with killall openvpn but didnt work then…will use kilall openvpn -9 frm next time..thanks sir

-9 just tells it to end without saving etc.

Just end.

already tried that

still no luck

What server are you on?

well I use EU

Which EU? Theres a few different ones

I have tried 1 and 3

Which one is the best for UK?

Try 2 and then regenerate and then download and try to run again after that

Which country are you in?

UK

Is your VM synched zto the same time and date?

Just checked this now and it does not seem to be

That might be thowing it off, as the time is wrong?

One second I was looking at the wrong place. Time is correct

I can try downloading EU 1 , 2, 3 again and see if it works

Working now

tried from attackbox and vpn.

Please just be patient in the channel.

Nobody can really help you in here.

All I can suggest is vote to reset.

Hey I have a problem with a pc I’ve just built. So I click the button to turn the pc on, ram, case fans and gpu starts flashing its rgb lights. CPU cooler and case fans are working but nothing is happening. I mean for the 20-30 seconds monitors don’t show anything and it looks like pc is waiting for gpu fans to start working. Until gpu fans don’t start working then pc will not turn on fully. Anyone knows why is that?

hi there, this is for TryHackMe related content, please use #general for this sort of help. 🙂

Alr

Same here. Voted. 1 more vote required.

can anything be done about a network that’s in a bad state? or am I basically screwed? I’ve voted to reset the Wreath network 3 times in as many days and still am unable to connect to the publically facing host (seems like last octet for this one is always .200). Seems like either the network is bugged or someone keeps rooting that machine then closing down the firewall.

Most motherboards have lights to tell you what's going wrong. Consult your motherboard manual and look at those.

Hej! I have the chance to get a sponsoring for a really high amount of vouchers, but I need to provide an invoice. I just bought a 1-month voucher to test that. There is no invoice, unfortunately. There is only an email saying: "Thank you for purchasing vouchers on TryHackMe. You paid $14 for 1 subscription vouchers that (once redeemed) will keep the user subscribed for 1 months. You can keep an eye on which users have redeemed them below:". Is there any possibility to get an invoice?

You'll need to email support.

Thanks a lot! 🙏🙏🙏

Gave +1 Rep to @west chasm (current: #246 - 20)

I am playing the Bandit challenge I compromised the Linux machine and I need Lateral Movement to the Windows machine may by misstic i removed the vuln file in or any other hacker was removed from local/share/powershell/PSReadLine/
so anyone face the missing file for PSSession

Hello, there's a bug in the Malware Analysis "Dissecting PE headers" room at the last question of Task 4, it asks for the Timestamp of the PE file so I copy and paste it but it doesn't account it as a right answer.

Soo i don't know, what am I supposed to do?

Hi mates,
can someone help me. I'm not able to connect using openvpn. I'm not able to understand the problem.
It says : TLS Error: TLS key negotiation failed to occur with in 60 seconds
TLS Error : TLS handshake failed

What server are you on?

Currently I'm using US-West-Regular-1
But non of the vpn server is working for me it gives the same error mentioned above

Have you tried regenerating your config and then redownload?

Yes @wind wedge

But no luck

Make sure your time is correct

Which time?

Time on your PC/VM, if it's not correct make sure to change it to correct time

It's correct

What servers have you tried?

I'm in India currently and tried all the servers to connect but same error is showing

2024-02-27 07:46:22 TCP/UDP: Preserving recently used remote address: [AF_INET]54.193.240.194:1194
2024-02-27 07:46:22 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-27 07:46:22 UDPv4 link local: (not bound)
2024-02-27 07:46:22 UDPv4 link remote: [AF_INET]54.193.240.194:1194
2024-02-27 07:47:22 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-27 07:47:22 TLS Error: TLS handshake failed
2024-02-27 07:47:22 SIGUSR1[soft,tls-error] received, process restarting
2024-02-27 07:47:22 Restart pause, 1 second(s)
2024-02-27 07:47:23 TCP/UDP: Preserving recently used remote address: [AF_INET]54.193.240.194:1194
2024-02-27 07:47:23 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-27 07:47:23 UDPv4 link local: (not bound)
2024-02-27 07:47:23 UDPv4 link remote: [AF_INET]54.193.240.194:1194

this is the error

Do you have any firewall set up and running?

I think it is coming from your router/firewall

yes im in my office network

Where are you connecting?

It could be your office network.

Try to go on a guest network or something

you have to allo the port from your firewall/router

oh let me try that. port 1194 i need to allow right?

Is this your network?

Or your Orgs?

No, you can't change the protocol.

https://help.tryhackme.com/en/articles/6496058-troubleshooting-openvpn-on-linux-and-mac

There is a script on the bottom it helped me. Did you try it?

Gave +1 Rep to @weary spindle (current: #2 - 2014)

i tried on my network also but the same error getting generated. currently im on my organisation's network

You used sudo right? xd

It is port 1194 for openVPN and 443 for TLS make sure both ports are allowed

That's not what I asked....

Are you currently only you orgs network?

yes

yes sir

Then we cannot help you.

If the Org is blocking your access, we can't change that.

Or aid with it.

We can only do it on your own network, if it's your home network it's usually something trivial,

Scrubz just hack the network and help him. /s

The only advice I can give about using TryHackMe in work, is to use the attackbox, unless that is blocked too.

Or just do your work 😉 /j

Thanks @weary spindle in my internal network it's working.

Gave +1 Rep to @weary spindle (current: #2 - 2015)

thank you too

No problem, good luck 😄

i will try to unblock that port on my organisation network cause i also managing the firewall

Be careful and research the impact first ;D

okay will keep in mind

how to solve this can anyone pls help WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

that's a warning, it doesn't affect your connection

Tue Feb 27 14:49:48 2024 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
Tue Feb 27 14:49:48 2024 OpenVPN 2.6.9 [git:v2.6.9/6640a10bf6d84eee] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 12 2024
Tue Feb 27 14:49:48 2024 Windows version 10.0 (Windows 10 or greater), amd64 executable
Tue Feb 27 14:49:48 2024 library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
Tue Feb 27 14:49:48 2024 DCO version: 1.0.0
Tue Feb 27 14:49:48 2024 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25345
Tue Feb 27 14:49:48 2024 Need hold release from management interface, waiting...
Tue Feb 27 14:49:48 2024 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:52527
Tue Feb 27 14:49:48 2024 MANAGEMENT: CMD 'state on'
Tue Feb 27 14:49:48 2024 MANAGEMENT: CMD 'log on all'
Tue Feb 27 14:49:48 2024 MANAGEMENT: CMD 'echo on all'
Tue Feb 27 14:49:48 2024 MANAGEMENT: CMD 'bytecount 5'
Tue Feb 27 14:49:48 2024 MANAGEMENT: CMD 'state'
Tue Feb 27 14:49:48 2024 MANAGEMENT: CMD 'hold off'
Tue Feb 27 14:49:48 2024 MANAGEMENT: CMD 'hold release'
Tue Feb 27 14:49:48 2024 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.168.160:1194
Tue Feb 27 14:49:48 2024 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Feb 27 14:49:48 2024 UDPv4 link local: (not bound)
Tue Feb 27 14:49:48 2024 UDPv4 link remote: [AF_INET]18.202.168.160:1194
Tue Feb 27 14:49:48 2024 MANAGEMENT: >STATE:1709041788,WAIT,,,,,,```

Just keeps on trying to listen. No Data is coming in

Are you using -v

nope just sudo openvpn filename.ovpn

that was directed to LifeIsGone^

I normally just do sudo openvpn configfile and that worked for the past week.

after that curl 10.10.10.10/whoami

(In a different session on the same pc)

Your VPN is still connecting, have you tried connecting at school before?

yes, didn't do anything.

Do you have permission from your school to use TryHackMe?

so can I just continue with the room it doesnt affect anything?

Correct

Only if you have permission

Can you show your whole error too

It's a higher school, everyone basically does whatever they want. I used it with some different networks (to see if maybe the school firewall is the problem) but that did not make a difference

Just because everyone does what they want doesn't imply you have permission to do it

It's not your network, you need to ask if you can do it.

We were given no restrictions on what we can do in the network. As long as it's not illegal and not bypassing the firewall, we can act on our own

That is what we were told

Keep in mind most schools have blockers

UDP connection blocking is common on school firewalls

Yes but outside of school it didn't work

Are you using the school computer?

AceS, I have got this^

nope personal laptop

Ifht

Ight

@real tapir I need a screenshot of your whole terminal

alright, one second

Funny thing is, the network protection at my work blocks the THM website by default too (im the administrator so no problem)

I kinda get it. Even tho it’s educational, there’s still aspects bad people can exploit and use it on there own system

True

But it is because hack is in the name

Cant really post an image in here

Ikr

.

@real tapir

You need to verify, see the above link

Alright

2024-02-27 08:53:57 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-02-27 08:53:57 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-27 08:53:57 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-02-27 08:53:57 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-02-27 08:53:57 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-02-27 08:53:57 DCO version: N/A
2024-02-27 08:53:57 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.129.195:1194
2024-02-27 08:53:57 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-27 08:53:57 UDPv4 link local: (not bound)
2024-02-27 08:53:57 UDPv4 link remote: [AF_INET]18.202.129.195:1194
2024-02-27 08:53:57 TLS: Initial packet from [AF_INET]18.202.129.195:1194, sid=654988a8 8ef189ba
2024-02-27 08:53:58 VERIFY OK: depth=1, CN=ChangeMe
2024-02-27 08:53:58 VERIFY KU OK
2024-02-27 08:53:58 Validating certificate extended key usage
2024-02-27 08:53:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-02-27 08:53:58 VERIFY EKU OK
2024-02-27 08:53:58 VERIFY OK: depth=0, CN=server
2024-02-27 08:53:58 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519

There isn't an error

2024-02-27 08:53:58 [server] Peer Connection Initiated with [AF_INET]18.202.129.195:1194
2024-02-27 08:53:58 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-02-27 08:53:58 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-02-27 08:53:59 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2024-02-27 08:54:00 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route-metric 1000,comp-lzo no,route-gateway 10.8.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.8.76.209 255.255.0.0,peer-id 9'
2024-02-27 08:54:00 OPTIONS IMPORT: --ifconfig/up options modified
2024-02-27 08:54:00 OPTIONS IMPORT: route options modified
2024-02-27 08:54:00 OPTIONS IMPORT: route-related options modified
2024-02-27 08:54:00 Using peer cipher 'AES-256-CBC'
2024-02-27 08:54:00 net_route_v4_best_gw query: dst 0.0.0.0
2024-02-27 08:54:00 net_route_v4_best_gw result: via 192.168.0.1 dev eth0
2024-02-27 08:54:00 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:8c:7f:c9
2024-02-27 08:54:00 TUN/TAP device tun0 opened
2024-02-27 08:54:00 net_iface_mtu_set: mtu 1500 for tun0
2024-02-27 08:54:00 net_iface_up: set tun0 up
2024-02-27 08:54:00 net_addr_v4_add: 10.8.76.209/16 dev tun0
2024-02-27 08:54:00 net_route_v4_add: 10.10.0.0/16 via 10.8.0.1 dev [NULL] table 0 metric 1000
2024-02-27 08:54:00 Initialization Sequence Completed
2024-02-27 08:54:00 Data Channel: cipher 'AES-256-CBC', auth 'SHA512', peer-id: 9, compression: 'stub'
2024-02-27 08:54:00 Timers: ping 5, ping-restart 120

Your VPN is fine

^^

I think he might be confused

No, you aksed for their VPN output

alright verified now

wt abt this Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

I did lmao

Just a warning

is this Putty?

Wait, had another session running that i didn't notice

one sec

fine thnx y'all

Still the same thing.

no virtual box

Something is blocking your connection

That is weird...

That gives me a small idea about what the issue might be

Do you have mobile data?

No

yes

acutally

but not connected right now

Tether to your mobile data and try connecting again

alright

This isn't a foolproof way but if it does connect, your school is blocking the VPN.
If it doesn't connect, the connection may be blocked by your phone's service provider.

Well that may be the case but this way i can quickly test out if something is getting blocked and might even find out what the issue is

The school is blocking protonvpn

Damn

Well, I'll try connecting to my account on a different pc. If that worked I'd know that my pc is the problem. I don't think the network is the problem since it used to work

Maybe they changed something huh?

Maybe. I'll look into this more. I don't think they'd change the network settings just cuz I was connecting to a vpn but everything is possible these days

You can try asking?

Maybe they dont did it because of you?

I will ask. Once I'm home again I'll try with another pc and a couple of other things to make sure that my pc is the problem

Have you tried connnecting on your host to ensure your VM isn't the problem?

Yes a couple of times but I get this output

Windows?

Yes

what are you connecting with?

openvpn gui

OpenVPN connect or the other one?

The one with the smaller file size

Can you send the link?

https://openvpn.net/community-downloads/

Windows 64-bit MSI installer

yeah that's fine

np

I tried doing it with the one with the big file size but that one also didn't work

Last time openvpn didn't work at all I changed servers. Then everything worked

This time there is no way out.

I am slowly losing all my nerves with this but I guess that's just part of the job.

I am trying to do one room in which attackbox is mandatory, but the problem it is running too slow that I am not able to run a single command. Can anyone suggest how i decrease the lagging of attackbox?

Connect to the VPN and RDP in

In that room two machine is required for the victim I have already done RDP, the attacker machine should be on attackbox. It didn't provide me option to do attack using own machine.

Which room?

Caldera

https://tryhackme.com/room/burpsuitebasics why is the attackbox so slow. I click a button and the action takes place after 10 seconds. I am using windows to access the attackbox. I even have premium subscription.

Same thing is happening with me, it took me 10 second to write a single word in cmdline

Even moving cursor from one end to other is taking time

it was working fine before. I started facing this issue 2-3 days ago

Lemmie boot the attackbox

yes

Im curious if i have the same issue

nothing strange

hello guys can you someone tell me , I am not able to open the room Vulnversity under complete beginner I dont have any VPN installed

https://tryhackme.com/room/vulnversity

@bronze vale

I mean I have the VPN for Try hack me I dont have any other VPN installed I am able to use other rooms and completed them

only this room

With the tryhackme VPN?

Then you can do other rooms yeah

Yes

I am able to connect to Tryhack me VPN and do other rooms , only this room having issues

this is on my Linux , But when I open the same on my other machine like Windows it works but the task that is deploying a machine , That IP i am not able to access

Mhh i dont know

Maybe someone else has some wise words

Hi guys, these are compared to what/whom?
In the top 9%
83014
Rank

To other THM users 😄

you mean that in 3 weeks I did more than 90% of the members?

uh yes

but there are many users who did one task or something

or only made an account

so compared to all accounts, not only active users

And is there a way to see from the active users? 😄

Im scared not

ok, I will still remain proud of myself thou 😄

Also, when is this resetting?
48 hours
Studied this week

i dont know

may be they should change the pattern to be in top 10 amoung active actual users

Exactly, or both 🙂

ahah

#feedback-and-ideas 😄

oh sorry

no i meant, you can submit an idea

ahh

yea , Okok

not to reprimand you 😄

Done: Thank you for your feedback! If you have anything else to add ever, write it here! 🙂

Gave +1 Rep to @stiff barn (current: #436 - 10)

:))

i still dont understand this rep +/- thing . whats it for

gm

It gives the mods an idea of who's being helpful, otherwise, nothing.

ah i c , thank you

Hello

I am a student in school