#site-support

Hello, I have a problem with images in Linux priv esc room. Can't see images.

Have you checked if your ISP has blocked the site where the images are hosted?

Seems like it, thank you.

Imgur.

?*

yes that's the src

I'm trying to download an openvpn configuration to access the wreath network. I keep getting a message that an unknown error occurred. I have clicked regenerate before trying to download it.
I've tried hard refreshing the page. I have tried in Edge, Chrome and Firefox.

Thanks @weary spindle

Gave +1 Rep to @weary spindle (current: #1 - 2229)

How do I fix this

Which server?

EU-regular 1

Use eu reg 2

ok

oh thanks it worked

Gave +1 Rep to @weary spindle (current: #1 - 2231)

I've got a question about uploading machines. It's been stuck on 39% for a hot minute now, cancelled it but then it got stuck at 39% again. What might cause this?

Oh and I mean it's stuck at converting my bad

generally kernel replacement problems for aws

would recommend pinging a moderator when they are around to get added to creators-lounge @spiral wigeon

this will help too

Looks like my issue with getting a vpn config for the network wreath is giving 504 (Gateway Timeout) erros on download and regenerate

Got it thank you!

Gave +1 Rep to @plush bay (current: #4 - 1734)

hello does anyone know why i keep hgetting the wring answer on Writing IDS Rules (HTTP) What is the number of detected packets? I keep getting 328 on my end but its says its wrong

for the snort the basics room???

your answer is wrong

check the output of your command again or write a new rule

snort

the correct answer starts with a 1

good luck searching for it and figuring it out

i dont get how my rule is wrong

It has these extreme spikes in like 2 minute intervals:

https://prnt.sc/OEWK44hlUhPT

I cant terminate the machine ^

same problem same room here

I can confirm its also not browser specific, tried last night in Chrome, today Firefox

if I don't have an active subscription, how come I cant remove payment information from my account?

when attempting to access tryhackme.chargebeeportal.com from various different browsers, i receive a message saying either "Invalid URL" or "Session expired. Please try again"

Staff are aware of this. 🙂

I'll drop them a message again 🙂

Hey guys I need help my subscription renewed ( I completely forgot i turned it on yearly) and i really don't have the finances to continue with payment, Im in a rather difficult place right now. Is there any way for you guys to help me?

You need to email us at support@tryhackme.com 🙂

ok great appreciate that

I was solving Sysinternals room and followed the instruction but it is giving me this error what to do?

Edit: No worries issue resolved

ok i have sent it

last 2-3 days my thm attackbox is really slow, anyone know how to fix it? with slow i mean, starting something takes 10sec, writing a letter takes 10sec aswell

I completed tasks yesterday morning and now this morning my streak is set to 0. Is it possible to have someone look into my account?

You'll need to mail support.

ok thanks!

Gave +1 Rep to @weary spindle (current: #1 - 2237)

hi, is there an endpoint to get users' total points? it's for my classroom leaderboard

Do you all have the same domain?

what do you mean?

If you're all signed up with the name@schooleduaccount.com

You may get to see it in workspaces

no we don't have anything like this, I try to workaround

THm don't release documentation on their API.

yes, that's why I asked here, but thx 🙂

Gave +1 Rep to @weary spindle (current: #1 - 2238)

How did you manage to solve it?

I saw environment variables it was there already, so it means the sysinternals tools might be already installed on the machine. Thus I tried to solve the next challenges and it worked..

Ah, nice work. Thank you!

Gave +1 Rep to @karmic seal (current: #2073 - 1)

I am trying to run the VPN in Ubuntu 24.04 GNOME as well as on Fedora 39 GNOME but the VPN cant connect. But when i run the script in the terminal, works without any issue. Any idea how to resolve this issue. Tried regenerating the file but no success. I am using the US-East-Regular-1 file. I also tried the thm-troubleshooting step.

Tried with Fedora 40 KDE and the VPN worked through the OS settings

trying to download the network vpn server config file but it keeps loading

Hey, internet connections stop working when i connect to thm vpn connection

How are you connected to the VPN.

network manager openvpn plugin

That will be why,.you're routing your network through the THM vpn.

You need to use the CLI.

this is after i connect

got it

also, it can't resolve the domain, even when i'm trying to access with the ip

Did you add creative.thm to your hosts file?

oh, so i need to do a 10.10.122.162 creative.thm ?

got it

thank you

i have openvpn on my chromebook but it wont properly connect, i keep getting the 'connection timeout' error and settings show that it succesfully connected for about a millisecond before it disappears

can comeone help me out

Which version of the GII for openvpn are you using?

says current version 3.4.2(9909)

Connect or communities?

Connect

Use the communities one 🙂

That works.

where do i find that?

Hello, I'm a Twitch Partner Streamer and I can't find any info about rules or guidance regarding livestreaming myself trying to solve rooms and completing activities. Could someone help me please?

https://openvpn.net/community-downloads/

You might want to drop an email to THM Support for a formal answer.

@limpid cove

Cheers!

Hello, new user here 🙂
For background, I'm a complete beginner in the cybersecurity field.
I am currently in the Linux Fundamentals Part 1 learning room, and followed the steps shown on the screen to start the machine (web-based). It opens a blank screen on the right side and nothing else, while the tutorial shows that a terminal is supposed to be displayed once the machine starts.
Am i missing something, should I do some extra configs from my end before starting the machine?
Thanks for helping

guys the exploitad machine doesn't work

3 of us asked for reset but we're not enough

systemd-resolve --interface exploitad --set-dns 10.200.83.101 --set-domain za.tryhackme.loc
root@ip-10-10-242-148:~# ssh za.tryhackme.loc\t2_lawrence.lewis@thmwrk1.za.tryhackme.loc
ssh: Could not resolve hostname thmwrk1.za.tryhackme.loc: Temporary failure in name resolution

its up for like 34 min

Seems like its a fluke, try stopping and starting it again, ping me if it doesnt work

hello

am running into an issue with one of the rooms and i think theres a bug

is this where to comaplain about it?😅

Hello, thank you for replying
I tried doing that several times, blank screen after each try.
I just cleared all Cache and cookies and tried again but still on a blank screen.
I'm using chrome on a macbook air M1

Gave +1 Rep to @sick nexus (current: #318 - 15)

thats truee.. am in the same room but running into a different where am trying to exploit a certificate but my tgt is not being created for somehow it says "KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP"

Does ir instantly open to a blank screen or load first

can someone help me please if anyone available regarding this?

I was just dealing with someone having the same issue

There's a loading bar first (takes about 1 minute to finish), once it loads I can only see a blank screen.
In the video tutorial, a terminal is supposed to be displayed once the loading bar/setup is ready, but in my case only a blank screen is displayed after

idk if the same room tho

Thats really weird but it seems like something might be incompatible

However if anyone else has better advice they can definitely say it

Seems like it, I'll try to find a fix and let you know

Thanks 🙂

so its nothing i can do on my part? yesterday i had the same issue but somehow the KDC suddenly vomitted the tgt after so many errors, but today am trying again but it aint working at all

Yeah there might be an unstable release or something but i dont think theres a fix right now

i guess the old rooms really are left out in the dark

The rooms reboot as if you're betting the machine up

They rarely change them.

guys im trying to load the windows fundamentals 3 vm, but it just shows a blank screen. I have terminated and restarted 3 times, but no luck so far.

same issue, I'm on the linux fundamentals part 1

Is the site not working or something

I contacted support and they suggested I clear my cache and cookies (did not work), run in incognito mode (did not work), try different browsers (did not work).
Give them a try if you'd like, let me know what happens

the same situation guys. Just black screen in VM

:/

I have the same issues, VM not starting (black screen)

Same with the Redline room

hope soon everything will be fixed

@versed blaze @karmic kraken @patent sinew apologies for the inconvenience
This is being looked into

Everything should be in good order 🙂

Working again on my side, thank you🙏

Gave +1 Rep to @paper sable (current: #58 - 117)

Yo can any1 help me. I have downloaded the OpenVPN gui and config and i have put the config in the vpn and have connected but i cant connect to the machine/ip

NVM got it sorry for distubing :)

everything is working, thank you for fixing this!

Hello! I am trying to connect to tryhackme with openvpn but I am getting an error. Could someone help me solve this please?

I am getting this

2024-05-09 22:14:33 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-09 22:08:02 VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: CN=ChangeMe, serial=425397202556807641543660048237946304772097879576
2024-05-09 22:08:02 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2024-05-09 22:08:02 TLS_ERROR: BIO read tls_read_plaintext error
2024-05-09 22:08:02 TLS Error: TLS object -> incoming plaintext read error
2024-05-09 22:08:02 TLS Error: TLS handshake failed
2024-05-09 22:08:02 SIGUSR1[soft,tls-error] received, process restarting
2024-05-09 22:08:02 Restart pause, 300 second(s)
^C2024-05-09 22:09:47 SIGINT[hard,init_instance] received, process exiting

Hi, i am having issues with my Paypal account, i was subscribed before but i cancelled it a few months ago through paypal, thus it ended up in the inactive subscriptions on there. The only way paypal allows to be activated is trough the seller ( wich makes sense ). But now comes the real issue, there's no way to remove the existing paypal on tryhackme, i tried ignoring it and trying to link it again regardless, but it just keeps loading at the popup for paypal login, what can i possibly do now? Even the support has no option for this issue, so i cant even make a ticket.

Solved by doing the exact same as before, i guess being stubborn did the trick

Which THM OpenVPN server are you using?

I am trying to connect to EU-Regular-3 but neither of the servers works for me. I tried multiple servers.

Hi everyone, My Attak box sometimes runs very slow and sometimes disconnected frequently even if I have subscription Does anyone know the reason and how to fix it

Try 1 or 2.

I have tried, it didn't work.

If you don't mind, from which country are you connecting from?

Croatia.

Do you have extra computing resources you can use to setup your own attack machine (assuming your country isn't blocking VPNs)?

It should be working though. Is your system time correct?

Yeah.

Do all three servers give you a certificate verify failed? When you change your OpenVPN server, do you wait for 2 to 3 mins to generate your OpenVPN config file?

Yes, I have tried regenerating the file. All of the servers give the same error.

How about the US THM OpenVPN servers?

I have tried every single server. The US, all EU servers, AU and the one IN.

None of them worked :/

What OpenVPN version are you using?

The latest. I thought this could be the problem so I updated it.

the latest being what??

different distros have different newest version in repos

Hello there! i've been away from THM and i'm trying to connect to network again but having problems

i get an 10.6.x.x IP address but access page show disconected and cant ping to the machine, only ping to 10.10.101.0

is the target machine a windows machine???

if yes that would mean it can not be pinged easily

if so try and run an nmap scan without the ping part to see if it is up

i'm not sure is just the "Fowsniff CTF" room (first task is to nmap scan)

but is ok if access page shows disconnected ?

yeah the access page is bugged

if you can ping 10.10.10.10 or curl curl 10.10.10.10/whoami it works

Ok, thanks. I'll try again

Gave +1 Rep to @plush bay (current: #4 - 1741)

I am having problems connecting with pop3 from nc machine name Fowsniff CTF

What have you tried thus far?

Hello, I’m having the same issue as DavLu is but when I try to connect to target IP address it doesn’t load. I see a good connection and can both ping and curl 10.10.10.10. Any suggestions?

Ive tried other servers and I run into the same issue.

What they told me in that step, the victim IP and port 110, then I have to enter user, the user that I had to crack and the password, I enter it and it says failed, and I think it is a problem with the machine

im trying to use the machine listed in the room but it seems like it doesnt work can some1 help?

Hi, I’ve lost all my account progress, can you help?

How did you login to your account - via password or Google?

Password but I reset it, as I forgot it

Have you tried to refresh the page?

yes

What room are you working on?

Is there a delay between resetting your password and logging in! It just constantly says incorrect password I’ve changed it 5 times now and it says the same damn thing over and over

anyway guys its really impossible to finish the exploitad room. because every hour the machine reset and not work for like one hour. but everytime the machine reset, you need to redo everything again. and for finish this room you need the entire day only for waiting that the machine starts to work again. any advice?

https://tryhackme.com/r/room/burpsuitebasics everytime I try and complete the burpsuite basics modules my computer fan kicks in and the site is broken af. This hasn't happened in any other room, and this is happening without even a VM deployed just merely reading and scrolling the webpage. Still haven't got a response or help from last time I inquired a few days ago...

Sorry I couldn't continue yesterday...

OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=yes with_sysroot=no

Now I am getting this while trying to connect to EU-1

2024-05-10 13:27:12 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-05-10 13:27:12 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-10 13:27:12 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-05-10 13:27:12 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-05-10 13:27:12 OpenSSL: error:0480006C:PEM routines::no start line
2024-05-10 13:27:12 OpenSSL: error:0A080009:SSL routines::PEM lib
2024-05-10 13:27:12 Cannot load inline certificate file
2024-05-10 13:27:12 Exiting due to fatal error

Are you using kali?

No, I am using Pop OS

Seems like I am not the only one having this issue :/ #room-help message

It shouldn't be related to the OS though as it is based on Ubuntu

I'm facing the same problem

2024-05-10 15:13:22 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.```

To be honest I think this might even be on THM side? I mean it worked perfectly fine a month ago.

It didn't work for me at all

Does it relate to the version of OpenVPN

Like the old one would work well ?

I don't know but the old version didn't work for me either.

i can ping to 10.10.10.10 just fine
but i can't ping to machine generated by room atlas
https://tryhackme.com/r/room/atlas
did anybody has experience the same issue?

sudo it

I did...

U fixed it?
Does it work when connecting to another server?

Use EU reg 2

I didn't fix it... I used sudo thats what I meant.

I tried all EU servers including that one and none of them worked :/

Which country are you in?

Croatia.

hi i need to know the email of my account

Do you know your username?

yes

You can login using that assuming you know the password.

i do not

If you don't, you'll need to contact support.

where?

alright thanks

Hi,

are users supposed to actively share Machines?

im doing https://tryhackme.com/r/room/bsidesgtdav with a friend, and we both seem to have the same target machine

I would consider that somewhat of a flaw/security issue tbf

What you mean with "You have the same target machine"?
Like you both have the same IP assigned to your started machine?
Or you were just sharing the target machine IP with each other?

We both had the same target machine ip

without sharing anything

Mh, that would be the first time I saw that

I noticed after I uploaded my own revshell into the directory

That we indeed had the same target (while having different OVPN IPs etc.)

so either the room might be misconfigured (if thats possible) or something else went wrong

his is the php-rev shell, mine the revshell.php.

We are friends on THM, but that didn't cause anything previously. So I'm not sure.

Are you both still having that target machine running?
And if so, can you share me a screenshot of the Target Machine Information from you and your friend?

sadly no, we completed the room about an hour ago. I can still provide you with the IP, if thats any help?

I mean yes, let me see 🙂

10.10.175.106

Oh, that machine is also down already, right?

yes, sadly. I could give you the timeframe in which we most likely started it?

It's ok, there is not much I can look at right now.

Not saying this wasn't the case for you and your friend, but that really would be the first time for me to encounter that.
I would had to see a screenshot of you and your friends Target Machine Information box to see.

So in case you encounter that again, let me know please. 🙂

If we encounter it again, we'll let you know. How exactly do we obtain the target machine info?

It's just that box:

Also potentially a screenshot from both of you when checking on https://tryhackme.com/api/vm/running 🙂

Ah I see. Well it'll most likely then have had the same IP, since each of us has its own Account and OVPN Profile.

We crosschecked on 10.10.10.10 that our IPs were indeed different

We could also provide you those, if they are any help

It doesn't really matter on your OVPN config on what IP you get assigned, so that's fine 🙂

Ah okay. Was hoping maybe that would help to track.

We'll keep it in mind for the future and will gladly get back to y'all

Sounds good, thx!

I can't connect to VPN, VPN belongs to you, can you please help?

@weary spindle

eror fix not tag no dm

Scrubz is not from THM Support. Can you describe what issue you are having?

no no bo errorr is fix

Hello Everyone, I am Rajendra Mohan Navuluri, I am trying to complete OS security module , but when I am trying to give password as dragon to login to sammie linux box, it is throwing error, can someone please help me?

What is the command you are using?

Thanks, I figured it out, but help me how to vrify my account if possible

Gave +1 Rep to @ivory spruce (current: #13 - 544)

@earnest trench

I tried to send a msg to @west chasm / verify and my token attached

Just type /verify here directly and it will be sent to the THM bot.

Thanks alot, seems like that worked

Hey I was playing koth .. windows machine Offline, and my name is there in king.txt file, but I am not king in the game ..

any ideas why this is happening?

Is KOTH service running? Or did you refresh the page?

Hey where to contact for subscription related issue

It was running

I was able to submit flags and all

But was port 9999 on the machine open?

Yes I think so..

I have no clue to post this, but I have a 233 day streak but I stopped getting daily email notifications after I missed a day and used one of my streak-savers.

Is it possible to get the e-mail reminders back?

Port 9999 actually communicates with TryHackMe so if it wasn't open then King couldn't be read. Then no one got points for it

Oh okk... Will check that next time

I am having just the worst time trying to get my windows box to connect to the VPN. At first, it wouldn't connect to the VPN at all, but I read somewhere that using the Insecure Security Level will allow it to connect. And it did; it says I'm connected. The Access Details page on THM says I'm connected as well. I can ping the Internal Virtual IP Address listed on that page. However, when I try to do any of the rooms I can't seem to communicate with the machines. For instance, in the 'contentdiscovery' room, I can't access any of the websites. When I try the same from good ole Linux, I have no problems. "Well just use the Linux box, duh!" - I know, I know... but I really want to get this working on the Windows box.

Whoa... wall of text there.. If anyone was kind enough to read all of that and has any suggestions, please let me know

US West-VIP (if that matters), I've tried US East too though, same results

How are you connecting to THM OpenVPN in Windows?

Via OpenVPN Connect

Use the Communities version instead. Also, is Windows your host? If so, it isn't generally recommended to do so.

#site-support message

Thanks, I'll give that a try

You shouldn't have issues if you are using the VIP servers.

I just want to say thank you very much. You fixed me up in no time flat after I spent hours trying to figure it out on my own. Thanks again!

No worries. If you have any issues, just ask away and someone will definitely get back to you.

You'll need to be patient at times as most folks here (aside from THM Staff) are volunteers.

i'll second the idea that when you're connecting to THM (or any hacking learning lab for that matter) you should connect from a VM guest and not your VM host

Hi, I got a problem to download and regenerate the VPN configuration file for Wreath network

2024-05-11 17:26:41 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-05-11 17:26:41 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-11 17:26:41 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-05-11 17:26:41 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-05-11 17:26:41 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-05-11 17:26:41 DCO version: N/A
2024-05-11 17:26:41 OpenSSL: error:0480006C:PEM routines::no start line:Expecting: CERTIFICATE
2024-05-11 17:26:41 OpenSSL: error:0A080009:SSL routines::PEM lib:
2024-05-11 17:26:41 Cannot load inline certificate file
2024-05-11 17:26:41 Exiting due to fatal error

how to resolve this

Which THM OpenVPN server are you connecting to?

#site-support message

hey i'm having trouble connecting to the machine in a room, i get this:

2024-05-12 06:37:21 Note: --data-cipher-fallback with cipher 'BF-CBC' disables data channel offload.
2024-05-12 06:37:21 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-05-12 06:37:21 library versions: OpenSSL 3.1.5 30 Jan 2024, LZO 2.10
2024-05-12 06:37:21 DCO version: N/A
2024-05-12 06:37:21 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2024-05-12 06:37:21 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.168.160:1194
2024-05-12 06:37:21 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-05-12 06:37:21 UDPv4 link local: (not bound)
2024-05-12 06:37:21 UDPv4 link remote: [AF_INET]18.202.168.160:1194
2024-05-12 06:37:21 TLS: Initial packet from [AF_INET]18.202.168.160:1194, sid=baa357aa 4f1146d8
2024-05-12 06:37:21 VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: CN=ChangeMe, serial=425397202556807641543660048237946304772097879576
2024-05-12 06:37:21 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
2024-05-12 06:37:21 TLS_ERROR: BIO read tls_read_plaintext error
2024-05-12 06:37:21 TLS Error: TLS object -> incoming plaintext read error
2024-05-12 06:37:21 TLS Error: TLS handshake failed
2024-05-12 06:37:21 SIGUSR1[soft,tls-error] received, process restarting
2024-05-12 06:37:21 Restart pause, 1 second(s)
2024-05-12 06:37:22 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.168.160:1194
2024-05-12 06:37:22 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-05-12 06:37:22 UDPv4 link local: (not bound)
2024-05-12 06:37:22 UDPv4 link remote: [AF_INET]18.202.168.160:1194
2024-05-12 06:37:22 TLS: Initial packet from [AF_INET]18.202.168.160:1194, sid=ab0fbfd5 fe7d3ee6

Which server are you using?

eu-regular-3

that's the default one

Switch to 2.

k i'm gonna try

I get this:

2024-05-12 07:31:54 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-12 07:31:54 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2024-05-12 07:31:54 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-05-12 07:31:54 library versions: OpenSSL 3.1.5 30 Jan 2024, LZO 2.10
2024-05-12 07:31:54 DCO version: N/A

Which country are you in?

Are you using Kali/Ubuntu ?

I'm in France and using kali

And you're using sudo?

yes i did: sudo openvpn ~/Downloads/maximelettier.ovpn

Can you DM me your config?

how can I do it ?

Just DM me and then click and drag your config to my DM.

yeah but about the config wdym ?

He's referring to the downloaded *.ovpn file

oh okayy

Can you delete this one? He was asking you to send it directly to him. Click on his profile, and select send message.

any clue why i cant access this webpage? I'll try my best to answer any questions you guys have im confused

Your VPN on?

oh my fucking god

im a fucking moron

i forgot to turn it back on

alright time to leave this server and move to a different country

why am i still level 7 on discord :((

it can take up to 24 hours for it to update on here

or you can force it with /verify

thx

Gave +1 Rep to @pastel tinsel (current: #7 - 838)

That's a long 24 hours since may 8.

the bot goes through the user list, so it can take longer or shorter, depends on where in the list you are

Could also be rate limited.

systemd-resolve --interface breachad --set-dns 10.200.26.101 --set-domain za.tryhackme.com
Unknown interface breachad: No such device``` The network breachingAD for the attackbox

Use pinned post in #breaching-ad

Reverify

I agree. The Caldera room needs to be reviewed. The Sigma rule titles expected by the room questions are all different from the rule titles in the room machine's Aurora instance.

Hello everyone i'm getting and error with this room "Snort Challenge - The Basics"

the first question seems to have an issue.

can you help me please ?

Hi, I'm having issues getting the VPN to work, I get the following:

2024-05-13 14:36:06 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-05-13 14:36:06 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-05-13 14:36:06 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2024-05-13 14:36:06 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-05-13 14:36:06 library versions: OpenSSL 3.1.5 30 Jan 2024, LZO 2.10
2024-05-13 14:36:06 DCO version: N/A
2024-05-13 14:36:06 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.129.195:1194
2024-05-13 14:36:06 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-05-13 14:36:06 UDPv4 link local: (not bound)
2024-05-13 14:36:06 UDPv4 link remote: [AF_INET]18.202.129.195:1194
2024-05-13 14:37:06 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-05-13 14:37:06 TLS Error: TLS handshake failed
2024-05-13 14:37:06 SIGUSR1[soft,tls-error] received, process restarting
2024-05-13 14:37:06 Restart pause, 1 second(s)
2024-05-13 14:37:07 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.129.195:1194
2024-05-13 14:37:07 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-05-13 14:37:07 UDPv4 link local: (not bound)
2024-05-13 14:37:07 UDPv4 link remote: [AF_INET]18.202.129.195:1194

It will keep attempting to connect. I did notice it's not creating a tun0 interface for whatever reason...
I'm running as sudo, connecting to EU-Regular-1 from the UK.

Try Eu-Reg-2

No luck - same error

I tried the thm-troubleshoot Github script which reports:

[+] Stable internet connection
[+] OpenVPN is installed
[-] tun0 interface does not exist
Would you like the script to attempt a connection automatically (Y/n)? Y
[+] Connecting....
[-] Using outdated switch for cipher negotiations. Attempting to update...
[+] Successfully updated cipher switch! Please connect to the vpn using the following command:
sudo openvpn ./K3rne1.sh

However, I have investigated and attempted multiple times without any progress, not sure what could be causing the issue.

I also have problems with VPN. It works fine in the terminal, but not over the networkmanager in Kali. Would love it over the network manager instead of needing to run it in the terminal

It won't work as good over network manager, CLI is th ebest way

Oh okay, so it's not worth it to keep trying to fix it. Thanks, for letting me know

i can not copy paste what is the problem i hope some body help me

Include shift if you use CTRL+C and CTRL+V, or use right click

i already use it but it dosent work

Can you be more specific about where the issue occur?

thanks that works

same here

trying to connect to bot EU servers, same error.

same here with the same error but i have installed the tun0 by executin this "sudo tunctl -t tun0
" in the folder /dev/net in Ubuntu

but i still have the same error

if i execute the troubleshooting script it says that the MTU value is failing at 1000

i hope someone can help us

When i copy the IP address to my browser get an Error Code 405. I have openvpn configured and on

Which room are you doing?

The tutorial room

Which ip?

10.10.255.108

That's the IP for the attackbox

Thank you

Gave +1 Rep to @weary spindle (current: #1 - 2250)

so the thing is before I could copy something from outside the vm and paste it inside but now I can't do that

it's too much difficult to write scripts and urls and word lists for gobuster or other search

Mobile view isn't optimised for mobile displays, so it could be cutting it out.

I tried pasting with ctrl v

doesn't work

what about you try pasting something from outside vm

Could be an optimization issue, as I said.

does it work in your side ?

Well yes, because I'm not using a mobile device

Hey all, I've been trying to figure out what i could do to make stuff like reverse shells work with my wsl2 setup, it just wont ever make the connection, only thing i can find is applicable for windows 11, but im on windows 10. Any suggestions?

everything else like the VPN and such works perfectly fine, its just getting a connection through netcat for example doesnt seem to work

and maybe also some ftp shenanigans, but that might have been me

From what I've heard wsl has connection issues a lot, and it might be a better solution to run Linux dispo on a VM. Unless anyone else has a suggestion that would fix your wsl problems of course.

Was worried that was going to be the answer lol, guess I'll go setup a kali linux VM in Vbox

Is there any way to copy from browser and paste to attack box?

Thanks!

I'm getting the same message as you now regarding "MTU value failed at 1000, aborting MTU check -- please ask for further assisntance in the TryHackMe Discord server". A new error message is progress...

hello
I have encountered some problems on tryhackme s website and I don t know if its on my side or the website
does anyone else have crazy lag in the burp room? Either it won't load, work really slow, load partly or even crash the computer
Tested on other sites and I don't have any issues, tested both on Linux and Kali and had the same problem happen
The laptop is an older gen (8gb ram, i5 2.9 ghz) but never goes above 20% CPU use when on the website

Hey there, i have looked into this problem in previous threads, however i could not find a solution,

I am having problems with connecting to my tryhackme vpn "h3l1um.ovpn"

I have read an article on the internet saying that once you switch from your premium tryhackme account membership back to a free account, non premium, that it would cause issues?

Yes, i am running the command as sudo and i have confirmed that the hackthebox vpn is working so this points solely to the tryhackme version

(I have also made a new VM since i have a new pc i dont know if this has to do anything with the issue?

Please feel free to tag me as i am bad with noticing notifications

I have tried this command as well and kali told me there was no such dev interface (( sudo ip link set dev tun0 mtu 1200 ))

Update: I have simply just redownloaded a different VPN server's config file and it works!

From server1 to server2

is there anyway to get account support ? cant login and cant reset password, i dont get an email

I did it like an hour ago, i did recieve an email

Check your spam

im trying since an hour, no spam sir 😦

You sure you did not make a typo?

already got timed out a few times

Oh lol

is there any way to check if my account is still active ?

Getting support from this discord server is your best bet, they do reply quite fast, dont know about account based issues though

I can check for you, whats your user

Woob

and again locked

Alright let me check

Lemme dm you

Accept the friend request pls

Please ask before sending these

Oh i wasnt aware you werent allowed to send friend requests?

my bad

#rules if you need a refresh

My bad

👍

how i can change my email on thm ?

i tried to click reset several times not working

If the reset password is nit working, contact support@tryhackme.com

Is it greyed out?

?

Why I can't ping any cicdbuildscurity hosts not even with attack box in

How can I change my email of my account?

Log in and change it.

Unless you signed in with Google

Yes

Unfortunately you won’t be able to change it as you’re using Google SSO

Anyone

Is contacting support will change anything or i should make a new acc

We can’t do anything to change it unfortunately as it’s google SSO, you’re best is to make a new account

remove your cookies and refresh site

Is anyone having issues starting the attack box? I've tried both the Kali box and the attack box, and i'm just getting grey screens. Tried on multiple browsers as well

Seems to start fine for me

Do you have one running currently?

I have just closed it, it wouldn't load

Could you start it up again, and in case you get that grey screen again, check if you can click on the "View in full screen" button at the bottom left?

It goes through the whole "initializing" but then the message disappears and your left with the dark blue screen and nothing

I did try that, on that screen it just had a spinning wheel

Please try that again and share the URL with me via DM 🙂

Done

Opens fine for me as well with that URL.
Maybe try to open the developer tools, then navigate to that URL again to see if you get any console errors

Nothing that I can find, giving up, wasted too much time on this

thmVNC encountered an error:

Tried on multiple devices

Oh well, hopefully it works tomorrow

I signed with Google. Guess, I new to create new account?

My organization email will be soon expired hahaha.

the vpn is literally unusable , every config in europe gives an error code ( certificate error ) or does "connect" which results in nothing working. the script also doesnt work - anything im missing out? a linux setting?

How are you trying to connect to the VPN? I can't get it to work over network manager on either kali or popOS. Works perfectly fine in the terminal though

Yeah

You've can't use the network manager, if you do it that way I routes all your traffic through the VPN.

since adding the vpn to the network does work even worse i tried the terminal , sudo openvpn Config.ovpn

worked fine i the past, hence my lvl but i cant get it working anymore

either it connects and is super slow / doesnt load or it simply doesnt even connect

If it were me I'd try purging openvpn and installing it again. Not an expert though

I'm connected to ovpn but still getting access machine in THM

the problem is, the vpn does indeed work for every other provider - just signed into htb for testin purposes, vpn worked fine

i like THM way more tho, so id really love to stick to THM instead of HTB

That doesn't go for much.

Different protocols used by THM and HTB.

Thm uses UDP.
HTB uses TCP.

So it could be a good chance udp is possibly nlcied, or the port.

Blocked*

Okay, that makes sense

in 90% of cases it cannot load the inline certificate

sometimes , after regenerating multiple times / switching around it does connect

theres no connection tho, or its way too slow to work with it

the access panel does rarely acknowledge the connection then

I am trying to complete the Persisting Active Directory room but the mimikatz.exe file is 0 bytes and will not run, it just hangs. I have tried multiple times, reloaded the attackbox, reset the server, logged out and back in of the ssh session. It is still zero bytes and just hangs when I try to run it. None of the kill options work for it either, I have to close the terminal to escape. Any ideas?? I've spent almost 2 hours on this task trying to get it to work.

I found an answer in case anyone else has this issue. I also reached out to support for a fix to the instructions on the task.

[SOLVED] If C:\Tools\mimikatz_trunk\x64\mimikatz.exe doesn't work, then try C:\Tools\mimikatz_trunk\Win32\mimikatz.exe

Access panel is broken, its on the list.

When I go to the room: 'Burb Suite: The Basics' from the 'Jr Penetration Tester' path it gives me a hugh spike in memory. It increases from 3GB to >8GB is this normal? And how come?

Oh i see - well i got it to work somehow & it acknowledged my connection, speeds were fine too. Im a little confused why its working now, but whatever

hey.. I am doing the Burp Suite: The Basics and am on Task 10... I cant find my target IP.. I only see the Attackbox IP and that does not work I get Error Response .. can anyone help please?

Did you deploy the machine? It will be a green box in one of the tasks

Guys I get this error when trying to use ovpn help me please

2024-05-14 09:31:34 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-05-14 09:31:34 TLS Error: TLS handshake failed
2024-05-14 09:31:34 SIGUSR1[soft,tls-error] received, process restarting
2024-05-14 09:31:34 Restart pause, 1 second(s)
2024-05-14 09:31:35 TCP/UDP: Preserving recently used remote address: [AF_INET]3.104.196.208:1194
2024-05-14 09:31:35 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-05-14 09:31:35 UDPv4 link local: (not bound)
2024-05-14 09:31:35 UDPv4 link remote: [AF_INET]3.104.196.208:1194

Which server are you using?

yep I deployed the machine and have the IP at the top but not working. Checked the IP on the machine and its the same.. found this so not sure why its not working - https://www.reddit.com/r/tryhackme/comments/xe0wqu/burp_suite_basics_405_method_not_allowed_error/

@night bluff

If you verify you can send a screenshot, shiw me which ip you’re using

ok thanks.. my machine has expired now so will try again tomorrow..

Gave +1 Rep to @wind wedge (current: #59 - 117)

Hello, maybe i have an issue in Exploiting Active Directory Room, i trying use the Rubeus tool and following the instructions, but i have this error: [X] KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP. I read some articles in Google, but they say me that pre-authetication isn't enable in Domain Controller, but i don't have access to the DC.

Tried all eu servers and the au one

Please!!!! My computer shut down in the middle of the exercise and the ip_machine for accessing the site won't display any more please anyone have a solution? i can't even finish the room

?

Hello, I am not sure where to reach out for this issue so please let me know if there is a more appropriate channel. I am trying to reset my account's password but am not getting the reset password email. I do not have any tryhackme emails blocked.

You'll need to contact E-mail

thank you!

Hello, i think there is an issue in one machine in te JR penetration tester --> SQL injection

Why do you think there is an issue?

You can simply terminate the box and restart a new instance?

I have the flag, but when I enter it in the answer box it says it is incorrect.

You have the whole flag?

Like THM{…}?

Yes

I completed the machine trying random numbers to the end of the flag:
THM{XXX_XXXXXXXXX_####}
I kept trying to change the # for numbers and i finally got it right

I've sent a mail to the support team at support@tryhackme.com so it can be checked with pictures so they can understand it better

Its the wrong flag, I just did the room today

You first have to click next and use that flag

It's a bit confusing, with that I agree

Any knows a solution for this? Have the same problem or knows why it's occurring?

Because I have only 8gb ram memory rn in my laptop, and because it uses all I have to restart my pc

Close any unnecessary background tasks, try clearing cookies as well. You can also use task manager to see which service is using the most, if it isn't a necessity, you may temporarily disable it (some anti-virus programs are more bloatware than anything, and tend to take up more resources than needed).

Nothing else is really running. It suddenly spikes with 5gb ram (maybe more) when opening that specific room. All is used by Firefox. However it doesn't seem to occur on my other laptop, very strange

I'd try either a new browser, uninstall/reinstall current one and try to find any malware or virus either through multiple anti virus programs or via manual search via PowerShell or Command Prompt. Definitely shouldn't be spiking that high

I'm gonna give it a try. Did a ram test everything seems ok

im having trouble trying to RDP in the redteam capstone challenge

└─$ proxychains xfreerdp /u:laura.wood@corp.thereserve.loc /p:Password1@ /v:10.200.113.21 /cert-ignore /dynamic-resolution +clipboard
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Strict chain ... 127.0.0.1:1080 ... 10.200.113.21:3389 ... OK
[02:14:45:550] [13924:13926] [ERROR][com.freerdp.core.connection] - Timeout waiting for activation
[02:14:45:552] [13924:13924] [ERROR][com.freerdp.core] - freerdp_abort_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_CANCELLED [0x0002000B]

any hints please? i cant get it to work

Do you have the vpn running?

my own VPN configuration file? yes

i can ssh to the ubuntu machine no problem

What about the vpn belonging to Laura?

no i havent. i did last night when i attempted this and it didnt work, let me try now

just ran laura vpn, still same error

Try using Reminna?

It's better than xfreerdp

Why proxy chains too for initial access?

im following a walk through

Do you have proxy chains set up the way they do?

i just modified the proxy chains config like they did

sock5 127.0.0.1 1008

from memory

Tried logging withouf proxychains?

just tried remmina and still didnt work. let me try

without proxychains, same error

any special configuration needed for remmina? i put in the server IP 10.200.113.21 and her username laura.wood@corp.thereserve.loc and the password and no dice

Is the vpn running without an error?

looks like it

└─$ sudo openvpn laura.wood@corp.thereserve.loc.ovpn
[sudo] password for kali:
2024-05-15 02:22:42 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-15 02:22:42 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2024-05-15 02:22:42 OpenVPN 2.6.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2024-05-15 02:22:42 library versions: OpenSSL 3.1.5 30 Jan 2024, LZO 2.10
2024-05-15 02:22:42 DCO version: N/A

Is 10.200.113.21 in your routing table?

31 isnt no

Fixed it

MAIL 10.200.113.11
VPN 10.200.113.12
WEB 10.200.113.13

thats it

Not your network diagram.

route -s

sorry i dont understand

Use the command route -s in a terminal

└─$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default unifi.localdoma 0.0.0.0 UG 100 0 0 eth0
10.50.110.0 0.0.0.0 255.255.255.0 U 0 0 0 capstone
10.200.113.0 10.50.110.1 255.255.255.0 UG 1000 0 0 capstone
10.200.113.21 1.mubc.chcg.chc 255.255.255.255 UGH 1000 0 0 tun0
10.200.113.22 1.mubc.chcg.chc 255.255.255.255 UGH 1000 0 0 tun0
12.100.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0

OK. The machines are there.

Can you nmap it.

?*

wont allow me to nmap 10.200.113.21

says it is down

Which command are you using?

nmap 10.200.113.21 -sC -sV

OK, what sort of machine is 10.200.113.21 ?

i believe its the WRK1 host

Which OS though?

it would be windows

So what does that mean for nmap?

no ping?

So you need to nmap that.

Now can you scan it?

yes. sorry

└─$ nmap 10.200.113.21 -Pn -v
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-15 02:50 EDT
Initiating Parallel DNS resolution of 1 host. at 02:50
Completed Parallel DNS resolution of 1 host. at 02:50, 0.00s elapsed
Initiating Connect Scan at 02:50
Scanning 10.200.113.21 [1000 ports]
Discovered open port 139/tcp on 10.200.113.21
Discovered open port 445/tcp on 10.200.113.21
Discovered open port 22/tcp on 10.200.113.21
Discovered open port 135/tcp on 10.200.113.21
Discovered open port 3389/tcp on 10.200.113.21
Connect Scan Timing: About 10.90% done; ETC: 02:55 (0:04:13 remaining)

OK, so we know its up.

What details do you enter in Reminna.

Connect Scan Timing: About 55.47% done; ETC: 02:52 (0:00:49 remaining)
Completed Connect Scan at 02:52, 84.24s elapsed (1000 total ports)
Nmap scan report for 10.200.113.21
Host is up (0.69s latency).
Not shown: 995 filtered tcp ports (no-response)
PORT STATE SERVICE
22/tcp open ssh
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 84.29 seconds

i havent used remmina before, but the IP, the username, the password. possibly the port somewhere

domain?

I added that in

corp.thereserve.loc

yep i tried that and still wont connect

cannot connect to the "10.200.113.21" RDP server

used laurawood as username, IP as 10.200.113.21, password as Password1@ and domain as corp.thereserve.loc

Ah!

Username.

That's wrong.

It's Laura.wood

no sorry i mean laura.wood

i cant paste images in here so was a mistype

not sure whats changed or happened, but now it doesnt say cant connect. its now saying "enter RDP authentication details" has all laura's details but i click ok. it thinks about it and just spits me back to same page

removed the @ out of her username etc still no good

any other ideas? i feel like this network is glitchy

i have problem with openvpn

2024-05-15 0435 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2024-05-15 0435 Exiting due to fatal error

how i can solve it ?

how to remove friends from the list?

If you hover over the friend there should be an x that appears to the side of it

Okay, now I'm sure where the memory leak is comming from. But I still don't understand why it happens on this specific laptop and not on others.
It has to do with the lottie player. As soon as there is a loop mentioned in it the memory keeps on building untill everything breaks. If I disable the loop the problem does not occur. So I have found a workaround for now, but solving the problem would be better 🙂

any help ?

Anyone knows why I keep getting this error message? "{"status":"error","message":"There was a problem, please try again later."}"

I've been getting this for 3 weeks now

With what, exactly?

"{"status":"error","message":"There was a problem, please try again later."}"

Ok,

Where are you reading this message?

When I go to the site as soon as I'm logged in

I have to delete my cookies to even show the home page

Sounds like an issue on your end?

How?

Well, if it was a website issue, there would be more than yourself reporting,

And it seems to be "fixed" when you clear cookies.

It's not fixed when I delete my cookies

Then it only shows the home page

That's a start.

If I'm signed in it tried to send me to the learning paths but i can't view those

Then i get the error

#site-bugs message

hey same thing today.. I can't figure out why its not working .. IP 10.10.151.215

That's the wrong ip.

That's the ip from the attackbox

You need to start the machine in task 1

thanks... from what I am seeing there is no machine to start in task 1 -

Gave +1 Rep to @weary spindle (current: #1 - 2260)

My mistake, this is one of the few rooms where the machine is actually in task 9.

ahh gotcha... thank you very much! Seems I cant start my attackbox again so will have to wait again until tomorrow.. thanks again!

Gave +1 Rep to @weary spindle (current: #1 - 2261)

Yeah.

You can either subscribe, or create a vm if your system has the resources, and you can connect via the VPN.

yep I am just seeing how it goes and then probably subscribe for a year .. the courses look good

THM is very good value for money, (especially if you're a student, you can get 20% off)

And they release atleast 2 rooms a week, so there will always be something for you to do .

I done THM alongside my studies, and was years ahead of the class and work.

thats really good to know... currently unemployed and looking to improve my skills for employment so looking for a good source.. I might bite the bullet in the next few days if I can get through this burp course...

Anyone knows why I can't reach 10.10.10.10 but connected to Openvpn successfully ?

ip a | grep "tun"

Can you run that for me please.

for macOS

Does anyone have issues with VPN connections for free tier ?

damn, just saw the X sign but it is not properly aligned with the name thats why couldnt see, not able to click it lol... thanks for guiding

Gave +1 Rep to @wind wedge (current: #56 - 120)

I don't get any points from completing rooms, did 8 rooms and stayed at the same ammount of points

I need to defend my ego and get the leaderboard, anyone knows why?

Which rooms did you do

nmap, bursuitem, basic pentesting, Introduction to OWASP ZAP

I don't get how the points system really works, perhaps some rooms don t give point

I just know they are based on dificulty but I didn t gain any

Some rooms won’t give points, such as private rooms

I believe basic pentesting is now private which would be why

This is a doc on how points work https://help.tryhackme.com/en/articles/6563910-points-explained

having problems with Wreath lab

Which THM OpenVPN server are you using?

root@ip-10-10-53-171:~/CVE-2019-15107# ./CVE-2019-15107.py 10.200.87.200
Traceback (most recent call last):
File "./CVE-2019-15107.py", line 10, in <module>
from prompt_toolkit import prompt
ModuleNotFoundError: No module named 'prompt_toolkit'

using AttackBox

so you'd think the script they tell us to use would actually work on the box they give us.........

Have you checked if python3 or python2 would work?

niether work, and Im seriously just copy-pasting

so the writeup isnt in sync with the script

https://tryhackme.com/r/room/wreath

Task #6

DAMM

Got it, thanks

time to grind that leaderboard

Is OpenVPN available for users on the free tier?

I've set it all up and 10.10.10.10 says I am connected, but the OpenVPN Access Details on the THM's access page say I am disconnected.

Comparing my connection information to the provided how-to video, my internal virtual IP address is 0.0.0.0 instead of a normal IP address (like the 10.6.13.139 address the 10.10.10.10 page says I'm using) so maybe that's why?

Access page is broken

The acces page seems to be broken. Seems like its working if you see an IP when accesing 10.10.10.10

Yeah the access page being broken would definitely explain that connection discrepancy. I take it that also means I cannot use OpenVPN to connect to a room until it is fixed (since it seems like that function talks back to the access page)?

You can

It's just the access page that is broken.

curl 10.10.10.10/whoami

browsing https://10.10.10.10

ip a | grep "tun"

Should all give you an IP.

I've got it now! Thank you!

Gave +1 Rep to @weary spindle (current: #1 - 2262)

Thank you as well!

Gave 1 Rep to mats.m (current: #487 - 9)

If you are a subscriber, your Attackbox should have internet access and you can download the said module accordingly.

wrong

you're speaking hypothetically

the reality is the script they tell you to use does NOT work

OR.

The script just needs updated.

As the room is few years old.

do they not update them?

No, Wreath was a community member created network.

gotcha

Unsure if Muiri was staff when he created wreath.

do you know of similar environments to Wreatch I can try?

In real life, you can't expect everything to work the way you expect them to.

thats Dad

thanks Dad

Please don't be rude. @ivory spruce has a valid point.

it's kinda obvious, but ok

No worries, he's doing himself a disservice and not to me.

I pretty much expect every script to be buggy in someway, hell, half our business is troubleshooting our own systems, but I was hoping THM had a better handle on the code

my guess is the script referenced in the walkthrough got updated and is now broke

so by following the instructions as is, the lab isnt functional. Unless maybe someone posted a workaround

is this normal? https://ibb.co/Hp1ZF0v
i already paid for premuim

I believe you can extend time

here's my acc
https://tryhackme.com/p/Nephrite

orange box under the lab diagram

k

"The Network will go to sleep if there is no activity"

yo

thank you

Gave +1 Rep to @midnight barn (current: #2078 - 1)

🙏

GL 🙂

:)

So is there a reason why if I'm connected via openvpn, it still says that I'm offline through the access machines thing at the top, but on the actual openvpn access page, it says that I'm connected?

Access page is broken

#site-support message

What time does support start working?🙃

It varies, but mostly in uk time 8am-6pm, there might be times where some of us work a bit later as well

Ok, thanks.

Gave +1 Rep to @wind wedge (current: #56 - 121)

I am connected to openvpn and when i solving any machine port scan shows port 80 is open but when i visit it through browser its not opening since last 5 days .I had also tried different vpn server . Is there anyone who can help me

Im having issues with openvpn too, i downloaded the .ovpn and execute a "sudo openvpn thefilename.ovpn" and the connection keeps retrying, the first error it throws is "VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: CN=ChangeMe, serial=******************* after that a bunch of TSL errors.

CN in my .ovpn file is actually not "ChangeMe" but the actual filename

Using ParrotOS but Kali does the same for me

i have uploaded my room but i dont have that develop option now ? also i wanted to check if it runs smoothly ?

Can you verify your account and share a screenshot of what the screen looks like and the last few lines of your OpenVPN log upon establishing the connection?

@nocturne swift

Which THM OpenVPN server are you trying to comnect to?

Hi, I am getting "This browser is not supported by splunk" I am using the AttackBox

Room: Splunk: Exploring SPL

Same on my own attackbox

Has support started working or not? 🙃

Hello, i cannot connect to the vpn :/

even after changing the ciphers

Yes, if you’ve raised a ticket please be patient and one of us will get back to you

👍🏼

Hi , I'm connected to VPN but unable to reach 10.10.10.10

anyone can help ?

*utun0 10.14.81.52 --> 10.14.0.1 netmask

Are you sure you need to connect to 10.10.10.10?

If you could sending a screenshot of the error and the machine ip would be nice

Its expired

Which THM OpenVPN servers are you connecting to?

Can you share the last few lines of your OpenVPN log?

RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

Thu May 16 20:12:45 2024 CONNECTED : 34.253.19.14:1194 (34.253.19.14) via /UDPv4 on utun4/10.11.89.134/ gw=[10.11.0.1/]
Thu May 16 20:12:45 2024 COMPRESSION_ENABLED : Compression enabled. This may be a potential security issue.

Is there a line on "Initialization Sequence Completed"?

The EU 3 one , I also tried EU VIP but I'm not sure if that is also for premium members. But both failed on me

EU VIP is for premium / subscribers. Are you one? If so, wait for ~2 to 3 minutes after you switched your THM OpenVPN server before generating your config file.

If not, try EU-Reg-2.

I am a premium yes 🙂 I'll try again in 5 minutes. Haven't checked what version of OpenVPN exactly but i do know it's the latest updated one

I'm connected to ovpn but still getting access machine in THM

What do you mean?

my initialization sequence completed but i cant see that green dot in THM dashboard

and none of my revshells are working so i think there is some problem with vpn connection

Can you connect to 10.10.10.10?

yup

024-05-16 08:12:14 TUN/TAP device tun0 opened
2024-05-16 08:12:14 net_iface_mtu_set: mtu 1500 for tun0
2024-05-16 08:12:14 net_iface_up: set tun0 up
2024-05-16 08:12:14 net_addr_v4_add: 10.11.75.159/16 dev tun0
2024-05-16 08:12:14 net_route_v4_add: 10.10.0.0/16 via 10.11.0.1 dev [NULL] table 0 metric 1000
2024-05-16 08:12:14 Initialization Sequence Completed
2024-05-16 08:12:14 Data Channel: cipher 'AES-256-CBC', auth 'SHA512', peer-id: 5, compression: 'lzo'
2024-05-16 08:12:14 Timers: ping 5, ping-restart 120
2024-05-16 08:12:14 Protocol options: explicit-exit-notify 3

Which IP and port are you using in your revshells? Have you opened a listener on your attack machine?

yup used 8080/4444/1234 none of them worked

not getting a shell

How about the IP?

was using tun0 address but also tried eth0 desperately when nothing worked.

Youre a lifesaver, waiting 3 minutes before pressing regenerate did the trick. Tyvm

Can you run ip a | grep tun?

─$ ip a | grep tun
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
inet 10.11.75.159/16 scope global tun0

??

…

Check it's not been disabled.

Sorry i didn’t understand

It’s the second day I can’t get an answer from support, how long should I wait, is there a big queue or what, I'm just curious? 🙁

Go to Other > develop rooms

Support can be really busy, you;ll just need to be patient I'm afraid.

Also I hope you haven't sent a new e-mail, this will push you further down the queue

i enabled now but i have more question now do i need to upload that room again

cause it takes really really long time

It can take time to respond one of us is on holiday and i believe someone hasn’t started until a little while ago, we are a site with 3 million users

You’ll most likely hear a response by tonight or tomorrow

😟

?

Can you see the room?

no

but i can see it when i go to the uploads

tryhackme.com/uploads

but not in manage rooms

I imagine ithe queue has gone up quite a bit, have you been sending new emails as scrubz said?

I can't Take a screenshot of your room that you've created?

Now go to your room?

Yesterday at lunchtime I wrote a letter to support, and now about 20-30 minutes ago I created a ticket.

nothing there as u can see

tim is here to save the day.

The first image (Your Material) you posted shows VMs (machines). This is an asset that gets attached to a room. A Room is a separate concept to which you can attach a VM to a task in a room. A Room is comprised of 1 or more tasks. 🙂

now i have to upload again

ig

A room you can create on the site, you only upload machines. Two separate things. 🙂

There's a green Create new room button on the Manage Rooms page:
https://tryhackme.com/r/rooms?tab=manage-rooms

If you only created a ticket that long it can take about 1-3 days depending on how many tickets there are

Well, I created 1 ticket and there’s probably no point in creating more than 1 ticket (or maybe there is a point). I’m also interested to know how often you have had cases where a person paid for a premium subscription, the money was debited from his account, but the premium subscription was not displayed on the website?

If you’ve paid we will activate the subscription but unfortunately, i’m not sure how many tickets there are and we are a site with 3 million users, it can take up to 1-3 days depending on how many there are in the queue, creating another ticket will make you go down the queue even further, we will get to you as soon as possible

What will be your role as a Junior Security Analyst?

Is this for a THM room?

Okay, I got it, thanks.

Gave +1 Rep to @wind wedge (current: #56 - 122)

It is.

Sometimes this can be THM just waiting for word from you bank it's been paid.

Hello, has anyone had any problems with the “Logging for Accountability” room? https://tryhackme.com/r/room/loggingforaccountability

On my side, the splunk service GUI doesn't work, I have a blank page https://10-10-90-198.p.thmlabs.com/

https://10-10-90-198.p.thmlabs.com/

Are you loadig this link in the attacbox?

If so, try http://10.10.90.198/

ok, http works, thanks!

Gave +1 Rep to @weary spindle (current: #1 - 2265)

Hey I am doing the Linux Privilege Escalation and working on Kernal Exploits. I have logged into the machine through ssh but the /home/karen directory is missing and this account doesn't have any write premissions anywhere else. Any thoughts?

Never mind the tmp directory is writeable

In the real world execution from /tmp is usually banned by something like SELinux btw, regardless of the user's permissions

yeah I figured but its the only file I can write to on the box right now lol

some one deleted the /home/karen

It won't be deleted.

The box boots up from a saved state every time.

Hi everyone ,im new here im not sure if im allowed to ask this in here. i was going through the THM "Snort Challenge - The Basics" and i realised that the first question on task 2 is rejecting my answer. may i ask if anyone else has encountered this problem and how did they deal with it?

We had this on reddit the other day.

One moment...

This might be the answer.

lol well there is no /home/karen anymore and restarted the box multiple times. So unless they did it on purpose to mess with us lol Which is possible

Can you link the room?

yeah hold on

https://tryhackme.com/r/room/linprivesc and its the Exploit Privlage exploitation section

Which Task number?

Kernal Exploits?

wow i think that was the reason i was getting it wrong. the rule of matching both directions kept making sense. thank you the method you provided worked fine. i guess it wasn't rejecting my answer it was rejecting the wrong answer. thanks

Gave +1 Rep to @errant breach (current: #1039 - 3)

yeah sorry kernal exploits

Ah I see what you mean, it's ok, you can ignore it.

I got around it

Yeah, the main point of the task is to use the CVE you found on a directory you can write to.

hence /tmp

glad I could help

Hello, I am having difficulty with something. My English is weak. I have just started education. I am using the test version. I am stuck in the 2nd room. What is the answer to the question?
Question: Which team focuses on defensive security?

Do you know much about red/blue teams in cyber?

The 1st lab on Kibana (Investigating with ELK 101) is not working; rare loads, 504/502 errors;
if it opens when i try to input the dates that i need it loads non stop and then error, then again connection lost.

blue team is the defence; red team is the offence, purple is both

I have a problem in tryhackme

Can you elaborate?

Are you talking about Openvpn?

When I try to call VPN It connects without problems and it shows up for me ip My but when I start to solve ctf seems to me treatise you are disconnected I use a system parrot As a main system

Which machine are you having an issue connection to?

Mr robot

What can't you connect with, nmap?

No, PHP reverse shell not working

What have you tried?

Yes I tried but it didn't work

Yes

Can you elaborate what comes up when you try to use it?

ip a | grep "tun"

Not working

The problem is that after calling, it does not show me an My IP address is on the page ctf Show me the word access machine