yes i do

can you ping the IP of the DC?

➜ ~ cat /etc/resolv.conf

This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:

[network]

generateResolvConf = false

nameserver 10.200.27.101 (THMDC IP)
nameserver 10.255.255.254
search redacted.com
➜ ~

WSL is known to cause trouble with THM VPN
you should consider using THM AttackBox or running a VM on your host outside of WSL

here is the reference about WSL (it is pinned to this channel): #site-support message

Alright thank you

i was going to take my pt1 exam today however i encountered an error i already reached out to support around 4PM UK time concerning it
and i hadn't verified before however earlier last month i tried to take the exam but the verification system was not working due to some session error so i just left it since then after i confirmed it was back up

I am sure other users than me can help you better about PT1
just these 2 pieces of info though:

• you may have better responses if you post under #pt1 (browsing through older messages would be very useful too)
• I am not too optimistic you will hear from THM quickly as they do not work during WE

Thx @upbeat quarry

Gave +1 Rep to @upbeat quarry (current: #15 - 595)

Thank you

Gave +1 Rep to @upbeat quarry (current: #15 - 596)

rooms task websites are not working
any fix?

which room, which task, which website?

Thanks! Now it works.

Gave +1 Rep to @ivory spruce (current: #11 - 853)

How does the repair streak work? I completed a room but still on day 1 ?

Try to reach out to support on the email below

Also system may get buggy around midgnight sometimes

sudo openvpn ~/Desktop/Lightandqrk.ovpn
[sudo] password for kali:
2025-07-25 19:01:34 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2025-07-25 19:01:34 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2025-07-25 19:01:34 OpenVPN 2.6.14 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-07-25 19:01:34 library versions: OpenSSL 3.5.0 8 Apr 2025, LZO 2.10
2025-07-25 19:01:34 DCO version: N/A
2025-07-25 19:01:34 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.168.160:1194
2025-07-25 19:01:34 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-07-25 19:01:34 UDPv4 link local: (not bound)
2025-07-25 19:01:34 UDPv4 link remote: [AF_INET]18.202.168.160:1194
2025-07-25 19:01:34 read UDPv4 [ECONNREFUSED]: Connection refused (fd=3,code=111)
2025-07-25 19:01:36 read UDPv4 [ECONNREFUSED]: Connection refused (fd=3,code=111)
can any one help me about it? I am using vm too

Maybe try to change the vpn region ? Temporarily

At first I was on EU 3, then I switched to EU 1. Are you suggesting I try the WEST server?

or maybe regenerate the vpn file idk vpn issues are anoying and usually i get it fixed via doing something again

ı will try it first

Maybe there is a small issue rn with the EU ? Don't know

ive had the same issue above with htb academy 90% of the time i needed a new file for some reason

2025-07-25 19:06:44 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2025-07-25 19:06:44 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2025-07-25 19:06:44 OpenVPN 2.6.14 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-07-25 19:06:44 library versions: OpenSSL 3.5.0 8 Apr 2025, LZO 2.10
2025-07-25 19:06:44 DCO version: N/A
2025-07-25 19:06:44 TCP/UDP: Preserving recently used remote address: [AF_INET]3.254.253.220:1194
2025-07-25 19:06:44 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-07-25 19:06:44 UDPv4 link local: (not bound)
2025-07-25 19:06:44 UDPv4 link remote: [AF_INET]3.254.253.220:1194
2025-07-25 19:06:44 TLS: Initial packet from [AF_INET]3.254.253.220:1194, sid=f4b6edf9 3413ffea
2025-07-25 19:06:44 VERIFY OK: depth=1, CN=ChangeMe
2025-07-25 19:06:44 VERIFY KU OK
2025-07-25 19:06:44 Validating certificate extended key usage
2025-07-25 19:06:44 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-07-25 19:06:44 VERIFY EKU OK
2025-07-25 19:06:44 VERIFY OK: depth=0, CN=server
2025-07-25 19:06:44 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-07-25 19:06:44 [server] Peer Connection Initiated with [AF_INET]3.254.253.220:1194
2025-07-25 19:06:44 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2025-07-25 19:06:44 TLS: tls_multi_process: initial untrusted session promoted to trusted
2025-07-25 19:06:45 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2025-07-25 19:06:46 PUSH: Received control message: 'PUSH_REPLY,route 10.10.0.0 255.255.0.0,route 10.101.0.0 255.255.0.0,route 10.103.0.0 255.255.0.0,route 10.201.0.0 255.255.128.0,route-metric 1000,route-gateway 10.21.0.1,topology subnet,ping 5,ping-restart 120,ifconfig 10.21.233.254 255.255.0.0,peer-id 60'
2025-07-25 19:06:46 OPTIONS IMPORT: --ifconfig/up options modified
2025-07-25 19:06:46 OPTIONS IMPORT: route options modified
2025-07-25 19:06:46 OPTIONS IMPORT: route-related options modified
2025-07-25 19:06:46 Using peer cipher 'AES-256-CBC'
2025-07-25 19:06:46 net_route_v4_best_gw query: dst 0.0.0.0
2025-07-25 19:06:46 net_route_v4_best_gw result: via 10.0.2.2 dev eth0
2025-07-25 19:06:46 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:d1:f8:5d
2025-07-25 19:06:46 TUN/TAP device tun0 opened
2025-07-25 19:06:46 net_iface_mtu_set: mtu 1500 for tun0
2025-07-25 19:06:46 net_iface_up: set tun0 up
2025-07-25 19:06:46 net_addr_v4_add: 10.21.233.254/16 dev tun0
2025-07-25 19:06:46 net_route_v4_add: 10.10.0.0/16 via 10.21.0.1 dev [NULL] table 0 metric 1000
2025-07-25 19:06:46 net_route_v4_add: 10.101.0.0/16 via 10.21.0.1 dev [NULL] table 0 metric 1000
2025-07-25 19:06:46 net_route_v4_add: 10.103.0.0/16 via 10.21.0.1 dev [NULL] table 0 metric 1000
2025-07-25 19:06:46 net_route_v4_add: 10.201.0.0/17 via 10.21.0.1 dev [NULL] table 0 metric 1000
2025-07-25 19:06:46 Initialization Sequence Completed
2025-07-25 19:06:46 Data Channel: cipher 'AES-256-CBC', auth 'SHA512', peer-id: 60
2025-07-25 19:06:46 Timers: ping 5, ping-restart 120
2025-07-25 19:06:46 Protocol options: explicit-exit-notify 3

is it okey?

Looks good yes, just try a box

yes ctrlz it then do bg

or just make a new terminal

you can also try by pinging the box to make sure it is working properly

so ı can connect to ssh server in my machine right?

yes

yeah

ty so much

np was a team effort

np

yeah this looks okay
now try
curl 10.10.10.10/whoami
if that returns an ip address you are able to access target machines on tryhackme

Has anyone experienced issues where after an hr or so in a room and can no longer connect/ping to the target?

The attackboxes are being shut down automatically after 2 hours, if the time is not being extended. Not sure how it is with the target machines specific to the rooms though

If a non-subscriber, the target is only up for an hour and you need to extend. It is 2 hours for a subscriber.

ouh, I missed that info

thanks for the info

Gave +1 Rep to @ivory spruce (current: #11 - 855)

sudo openvpn --config Gervis00.ovpn --daemon
[sudo] password di kali:

┌──(kali㉿kali)-[~/Scaricati]
└─$ ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
^C
--- 10.10.10.10 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9205ms

can someone help me?

Can you please verify and upload a screenshot , follow instrcutions from the link below 🙂 ? Also if you don't mind me asking , where are you from and which VPN server are you using ?

OpenVPN Access Details

VPN Server Name
EU-Regular-3

Internal Virtual IP Address
10.21.198.209

Server status
Online

Connection
Connected

but why the ping don't work

Can you access it through your browser ?

yes

Can you see your ip reflected ?

why here i'm logged: https://tryhackme.com/access

but: ┌──(kali㉿kali)-[~/Scaricati]
└─$ ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
^C
--- 10.10.10.10 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2027ms

and other: ┌──(kali㉿kali)-[~/Scaricati]
└─$ ping 10.10.181.150
PING 10.10.181.150 (10.10.181.150) 56(84) bytes of data.
^C
--- 10.10.181.150 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2046ms

run ping command with sudo

I have an issue in exam PT1

Where can i find support ?

Try in the #pt1 channel but the best option is to email THM support directly on the email address below but be aware that they don't work on weekends

Thanks

Hi there

I'm trying to connect to the VPN using OpenVPN on my Windows laptop, but it fails with this error

this is the error

I'm using the EU-VIP-2 server, have regenerated the ovpn file too

you are not using WSL, right?

nope, using the openvpn app client on windows directly

i need this for the windows fundamentals room, so tryna use the rdc app on my laptop without needing a vm or using attackbox (it takes lesser time this way that's why)

for Windows, you are using the community edition: https://openvpn.net/community-downloads/ ?

I got the client from this msi - https://openvpn.net/client/

that may be the issue
check this pinned message: #site-support message

i see, will try thanks

also, be conscious of what you are doing by connecting your Windows host to THM VPN, as it will be exposed to other THM users who may want to poke at it in a dangerous way

oh is it

is it still fine to use it to connect the remote desktop?

that's all i'll be doing

rest i will be using my vm

in order to use RDP you will need to connect to THM VPN also, therefore you will have the same issue

yeah that's why i was trying to connect

that is the recommended option
do not have sensitive stuff on your VM, and if something goes wrong you can delete that VM and start again

ok sure ty

Hey my THM WINFUN1.1 keeps connecting and then giving a connection error? Then after 15 seconds it reconnects but then directly gives the same error again. My internet is stable is really quick (350mbps download) so that shouldn't be a problem? All suggestions are more than welcome!
Thank you for your time!

Has anyone else ever had issues with using the quote ' " key in the linux terminal and have a fix? Making it very hard for me to use the echo command etc. rn...

what do you need to do?
with echo, you may be better off with singe-quotes as there will be no interpretation by the shell of the characters inside the quotes (e. g. if there is a $ character it will not be interpreted as a shell variable)

I mean like when I press the ' key on my keyboard nothing happens not even a dead key waiting for another input, I ran this command to check the keyboard layout and that looks fine but still can't get a single quote in the terminal

in a terminal of THM AttackBox, you get the single-quote output to the command line by pressing the key for that character followed by pressing the space key
same recipe for double-quotes
at least, that is how it works for me

Thanks this worked for me too

sounds like something not stable, hence I would just terminate the target and restart it
alternative: use RDP from an attacking machine, but if the target is not stable, I would expect the RDP connection to be unstable too

Never really encountered a program where I had to do quote + space before, usually just do quote + any key and it works across most programs

why the config vpn file dosnt works on wsl but with openvpn on windows it does ?

Don't use WSL for THM . A lot of users reported connection problems with it . Install a proper VM if possible 🙂

i had used it for past 6 months was alright

ok

now it works

👍🏽

did you read the answer to me for non-subs?

👍🏽

Hello wsh won this ctf

Honeynet??

hello i am currently in the soc1 roadpath doing summit room and the machine wont run

How ?

i start the machine and it wont do anythnig else

Click on the link provided in the task

ok let me try thanks

if i cancel my sub do i lose my premium or i keep it and the next year i wont pay

You will have your premium benefits until the paid period expires thus until Jun 6th 2026 in your case 🙂

Ok ok ty

Gave +1 Rep to @ember osprey (current: #1 - 5703)

Hello i have à problem with my access to premium adventage, they debited my monthly subscription on july 17 and i dont have access to the premium, anyone know who do i have to send message to ?

You will need to contact support directly on the email below

Okay thank you

Gave +1 Rep to @ember osprey (current: #1 - 5704)

Hey everyone, about 20 minutes now I am losing connectivity with the windows remote machine from Windows Privilege Escalation room. The Linux attacker's machine is ok, anyone has any similar problem?

Hey, I have a 34 day streak but did not get the 30 day badge, is that normal? One of those days, a streak freeze was used

You should get it , try to email support on email address below

I am unable to download any of the room task files - it seems to be account related as it happens on multiple rooms and different devices. I have tried to clear my history, enabled popups, changed computers, changed browsers to no avail...anyone have any ideas?

maybe disable browser extensions

The website has a bug where it is impossible to redo and read material once a path is completed. Let's say there is Jr Pentester path completed and user goes to race conditions room. When user presses on section the confetti congratulation activates. Anyone knows how to disable that without reseting progress in the room?

I mean permanently. I know I can do it with browser dev tools but only once.

Hey every time I input my bill address it says "invalid zip/postal code" I've tried different zip codes but it doesn't work.

And I verified that I'm inputting everything correctly.

For payment related issues reach out to support directly on the email address below

I'm on the Wireshark basics room, but the virtual machine won't let me perform the Traffic Sniffing. It says couldn't run /usr/bin/dumpcap in child process: permission denied. How do i get past this. I need to know the packets to move on

You aren't supposed to perform the live packet capture , you're supposed to inspect the pre-recorded pcap file 🙂 . That machine doesn't even have Internet access

i've completed all the room and now I want to review some basics, and every time I click on a room I get this message,
it's getting a bit annoying, it's slowing me down in my revision.

Looks like you are not alone: #site-support message
Maybe worth a post under #1333993673381253162 so more users can add their experience and upvote the issue with

done👍 thank you

Gave +1 Rep to @upbeat quarry (current: #15 - 602)

I’m having an issue with the Summit room on TryHackMe — the machine is not starting for me. I've tried multiple times, but it still doesn't work. Could you please help me resolve this?

Machine shouldn't start in the split-view , click on the link provided in the task to access the lab 🙂

Seems like a lot of users are reporting this , I will forward it to staff members 🙂

cool 🙂 thx

Gave +1 Rep to @ember osprey (current: #1 - 5708)

hello,
I am new on tryhackme and I was asking myself a question:
why can’t I see the maximum points on challenges when I have completed all the missions?

thankss

this may help: https://help.tryhackme.com/en/articles/6563910-points-explained

thank you very much for your response, it helped me a lot!

Gave +1 Rep to @upbeat quarry (current: #15 - 603)

when ticket promotion event open?

There is none atm

@wind wedge actually you replied my email in morning
for give streak freeze thankks for that .
is possible to get another one freeze day after tomorrow if time not enough to revise pre security path . its help me to revise without pressure about streak

I have weird errors interacting with the attackbox and some of the windows host computers.

In the attackbox seemingly my CTRL only works if i toogle it manually via the clipboard. there I can pick it with my mouse together with other keys but then its always on or off. pain in the ass to always toogle it manually.

with the windows host pc-s that I run in split view the problem is a weird cursor. If i take a screenshot of it, it looks good:

however, what i see on my screen from outside (taken via phone) is just useless as i dont see what exactly i click.

Maybe the issue with the attackbox and the windows target systems are having the same root cause?
help pls

inside THM Attackbox, Ctrl-C, Ctrl-V, Ctrl-X work OK However, be aware that some applications, like in the terminal windows, work with Crtl-Shift-C (etc.) for copying to clipboard, as Ctrl-C is used to kill a process (check for the shortcut keys in the menus)
if you want to transfer from your windows host to Attackbox, you use the clipboard box available as per the GIF here: #general message
about the cursor issue, I am not sure: please confirm you are not using a mobile or a tablet to access THM rooms

1. control button does not work at all, unless I pick it from the 'clipboard menu' in the middle of the split screen. No other way it detects me pressing ctrl! I know i need to use shift in terminal along with it.
2. i use mint and firefox.

about issue 1, I have not encountered that myself Maybe this older message would help: #room-help message I have not used that tweak as there are some security considerations
about issue 2: cannot help any further (I guess reloading does not help, right?)

Hello, I'm doing the Lookup room and lookup.thm is not resolving, is this intended?

edit /etc/hosts with the IP for lookup.thm

what's the IP for lookup.thm

the one that you get 1 minute after pressing the Start button

thanks that fixed it but I'm kinda confused how that works

lookup.thm cannot be resolved by your DNS service, hence you work around that by editing /etc/hosts which gets looked up before DNS kcks in

when I go to the IP directly, it redirects to lookup.thm but if I resolve lookup.thm to the IP it works?

yes, it will work as per #site-support message

I think I'm still missing something on how /etc/hosts work, it doesn't just replace the domain with the IP?

so going to the IP directly is different from using /etc/hosts with a domain host to go to that IP?

by going to the IP and encountering lookup.thm, the OS realizes it needs some translation and knows that it will find that under /etc/hosts
please note that this mechanism is subject to some configuration (like everything in linux), hence check documentation for nsswitch.conf , but the default configuration is as per previous messages

alright I'll look into it more, thanks

Gave +1 Rep to @upbeat quarry (current: #15 - 604)

uhh i am doing exploitation part of cybersecurity 101, i cant copy the PoC code into attackbox

are you using the clipboard box, as per #general message?

thank you so much dawg i am so dumb i didnt see the gif they added in room

how do i do this rep thing? reply to you with "thanks"

I think, but it does not really matter There are rules about that like some cool down between thanks, etc. 🙃

Gave +1 Rep to @halcyon bobcat (current: #3054 - 1)

@halcyon bobcat so funny, somehow I gave you a point of reputation 🤣

lol, anyways thanks for the help

Gave +1 Rep to @upbeat quarry (current: #15 - 605)

Hlo please help me i had purchased tryhackme subscription on 10 july 2025 for 3368 on something summer discount it was yearly subscription but yesterday 3368 again debited from my account

For payment related issues reach out directly to support on the email address below

I had mailed to them

Will i get response tomorrow

As my money was debited twice i am worried

@west chasm I am attempting to start my PT1 exam and reach an error page for verifcation: "Your verification has expired" I have cleared cookies and restarted my VM. Can you help?

It can take up to a week to get a response

Try to ask in #pt1 channel and send an email with that screenshot on the address below

how did you solve the issue

i'm not able to access wazuh, tried multiple times

Listen to my issue

On 10 july i buy subscription there are 3 transaction on 10 july 2025 two was pf debited 3368 and another 3386 but than on 10 july i got credited back 3368 but on 25 july 2025 again 3368 debited

are you using THM AttackBox or THM VPN with your own local attacking VM?

I told you already , Discord users are volunteers only we don't work for THM . For payment related issue reach out to the official support channel

Okk

nvm it worked, used attackbox

I have problem with Linux PrivEsc room im using openvpn and the target machine doesn't work open vpn is connected everything works but in this room i cant even ping it

can you ping 10.10.10.10?

yes

what is the IP of your target VM for Linux PrivEsc?

other rooms worked before restarting vm and now after i restared it worked xD but ty for help

Gave +1 Rep to @upbeat quarry (current: #15 - 606)

I have permissons to use CTRL outside the attackbox, on other parts of tryhackme website with no problem. So it should be specific to the attackbox part and not on my base firefox part. In the attackbox i cannot use it anywhere by pressing any CTRL button, so tinkering with the firefox there would not help me too much.
that cursor error may seem like not a big deal but it makes navigation terrible on those windows system. Any other part: ubuntu virtual machine from tryhackme for example work fine with CTRL

Anyone had this problem before? Im trying to do the room super secret tip and the http server is closed no matter how many times I restart the machine. I know it shouldnt be like that because I was on it yesterday

I know it isnt my vpn cuz I can ping the machine and see ssh still open

I have just started that target VM, and for me there is a http server running, but on a different port than 80

Thanks for checking it out. It wont connect for me on the alternate port

Gave +1 Rep to @upbeat quarry (current: #15 - 607)

Maybe I change my vpn file

The nmap scan says its there but closed

I am using THM AttackBox
you may have the MTU issue
try this: ip link set dev tun0 mtu 1200

I’m not receiving a password reset link to my email. I’ve checked the junk folder.

Yeah this is weird. Its not working in the attack box either.

If the attack box wont connect I have to assume this is something I can't fix lol. Sad. I wanted to finish this one today

and you waited for the 5 minutes it suggested in order for the target to load fully, right?

yeah

oh no way

maybe im being impatient or something was being slow

it just loaded lmao

after how much time?

about 12-13 minutes

noted
I am just restarting that target VM, and after 6 minutes the http port is not open yet

earlier, I had started it, and done other business, so I did not monitor the bootup time

Got it. Appriciate the help. Yeah thats the longest ive seen one take to start. Of course I assume its just broken

does anyone know how to fix openvpn, i have tried everything and can never connect

maybe not, I have a feeling that lately THM machines are slower, and I have been thinking that this may be some optimization on THM infrastructure (meaning optimizing costs 🙃 ) No way to substantiate that assumption anyway

this time, 10 minutes to have nmap reporting the http port is up

Yeah thats brutal. I honestly have no idea about the infra but Im sure something is going on. Never seen it take that long. Either way Im sure theyll figure it out

can you share a screenshot of the output of your openvpn command?

do you get the output to stop?
and do you get the Initialization Sequence Completed towards the end?

what do you mean output to stop, and yes squence complete does show

Initialization Sequence Completed means your VPN has started ok
to confirm it is OK, check you can ping 10.10.10.10
if you can ping OK, you are OK with THM VPN

what the hell ive been trying for so long and it randomly worked today i didnt change a single thing. Thank you for helping tho

Gave +1 Rep to @upbeat quarry (current: #15 - 608)

its like when you cant find something and u ask ur mom and she finds it exactly where you looked lol

how long does it usually take THM support to get back to you

THM support took about a day to get back to me and referred me here.

oh ok

It can take up to a week

oh alright thanks 🙂 just your usual not being able to access email to reset password

Gave +1 Rep to @ember osprey (current: #1 - 5713)

I'm sorry to hear that but only support can help you with account/payment issues 😦 . They will reach out to you asap .

HI could I get some help to set up the vpn connection?

This is the message that I get

2025-07-28 17:09:06 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2025-07-28 17:09:06 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2025-07-28 17:09:06 OpenVPN 2.6.14 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-07-28 17:09:06 library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
2025-07-28 17:09:06 DCO version: N/A
2025-07-28 17:09:06 OpenSSL: error:0480006C:PEM routines::no start line:Expecting: CERTIFICATE
2025-07-28 17:09:06 OpenSSL: error:0A080009:SSL routines::PEM lib:
2025-07-28 17:09:06 Cannot load inline certificate file
2025-07-28 17:09:06 Exiting due to fatal error

I'm running Linux, OpenVPN version 2.6.14

I'm having some connectivity issues with the AttackBox, the AttackBox becomes unresponsive for a few minutes and then works just fine again. 🤔 Not the first time this happens around this time of the day. System updates running maybe?

Delete your old vpn files , try eu 3 or 4 server , wait a few minutes , download a new file and try again

It may be . AttackBox performance also depends a bit on THM's CSP , it may also be something on their side

Weird, but it worked

Thanks!

I can't connect my openvpn

What's the exact issue ? Can you provide some shots ?

@fresh elbow Can You Explain the Issue ?

@ember osprey a while back you shared a url to see all active machines, can you share it again?

Oo found your original msg #subs-room-help message

Link to see running machines: https://tryhackme.com/api/vm/running

https://tryhackme.com/api/vm/running

hello why doesnt tunderbird work for me in soc path threat intelligence tools room

@upbeat quarry Please censor answers 🙈

How ? What's the exact issue 🙂 ?

Anyone from THM here? i got a question about the amount that was charged on my subscription.

For payment issues reach out to support directly on the email below

Ok thank you.

The access page shows my connection as not connected, but I'm able to access 10.10.10.10

Am I connected or not?

I also seem to get an ip when I run curl 10.10.10.10/whoami

Running linux

Is the ip that i get from curl 10.10.10.10/whoami the one I should use for setting as LHOST for exploits that create a reverse shell?

I believe 10.10.10.10 is to test whether you have a connection to the vpn. It is not the ip of the target machine.
You should use the ip of the target machine for any exploits.

LHOST is the ip of the attacker machine, RHOST the ip of the target machine.

Are you on the AttackBox or your local machine?

Access page is broken - ignore it 🙂 . If you access 10.10.10.10 and see your ip reflected your vpn connection is working fine 🙂

if i bought an exam voucher, but have no time to complete and exam, is there a way to reschedule/refund an exam voucher?

Thank you

Gave +1 Rep to @ember osprey (current: #1 - 5721)

I'm on my local machine

Probably , try to reach out to support on the email below and explain your situation 🙂

I see various interfaces when I'm connected to the vpn with my local machine. Which one should I use as my LHOST?

It should start with 10.
and is most likely under the line containing tun0

Okay! Ty

does anyone know the solution

also how do i know which EU is best for me? (there's 4)

I fixed it

I can't click the start machine button :/

It's greyed out

room? screenshot? maybe it is already started? does it show an ip at the top of the page?

nvm, sorry!

i dont have permission to join vc for study

You will have to verify first , follow instructions from the link below to learn how to do so 🙂

Hello I am experiencing an issue where I cannot resume my subscription and I get the error "User is missing subscription details " please help

hello all
im having a problem when starting my PT1 exam
on the id verification section i get redirected to page with this error >

Your session has expired
The SDK token provided in this verification process has expired. Please go back and try again.

EDIT:
anyone had this error too ??

check #pt1 where some users have reported the same issue
also #sal1

will do thanks

@ember osprey

Only support can help you with payment related issues , you can reach to them on the email address below

Ticket Message:

Hi, I'm working on the Intro to SSRF (Premium room), and the target machine doesn't seem to be working properly. I’ve started the machine twice, waited over 30 minutes, and I’m only getting the default “Welcome to nginx!” page at http://10-10-187-17.p.thmlabs.com. No login or registration page loads. I also scanned with nmap — only ports 22, 80, and 9999 are open, and there’s no app running on port 9999 either.

Could someone check if the target instance is misconfigured or down?

Thanks!

Hi, I just checked that machine and it is working just fine for me

I emailed them almost 2 days ago and got no reply

It can take up to a week please be patient

If there is no reply after a week is there a way to raise the issue further?

Hi guys , the room remnux getting started keeps on crashing for me . I attempted to try to get it to work but to no avail . I just tried another room right now and it works fine

My attackbox is crashing constantly and target machines

"The requested connection does not exist. Please check the connection name and try again."
I guess the VM is crashing.

My target and attack are also crashing today more than usually

Yeah, i have now stable but when i started no crashes but today happend more than ever and i think servers has bad day or something😁

I've been getting 405 code issues for about an hour now on attackbox

Hey Folks, I just did the S3 room on the AWS path .
But whatever i do I cannot terminate the EC2 Instances, have tried through AWS CLI, attackbox, AS well as resetting the env in TryHackMe. Keep getting Permission errors (AWS) or "Something went wrong" (THM)
Just dont want to leave instances running, will these terminate or can THM staff terminate them for me?

Hi, it's the exam labs PT1 is going under maintenance? when it will be available?

@naive dust

yes

follow this intruction

fwiw, i am currently able to access: https://10-10-145-150.p.thmlabs.com/customers/login in the ssrf room ...

Try to ask in #pt1 channel 🙂

Alright thank you

Hi, i got my certificate, but i was have "." as name, is it possible to like regen it from the website ?

Yeah reach out to support on the email below and explain your situation 🙂

😢

done, thank you ❤️

Gave +1 Rep to @ember osprey (current: #1 - 5728)

heyy is there anyy issue with the vpn,am unable to connect

please provide screenshot with your VPN command and output

thanks for the response,i tried reconnecting and restarted the system and it worked

Gave +1 Rep to @upbeat quarry (current: #15 - 614)

btw, should i put all my names ? like Name1 Name2 LastName ?

Specify the name that you actaully want to put on the certificate in the email that you will send to staff members

ok ok

ty

Hello, I started working in the Ledger lab and when I am attempting to enumerate shares have been receiving this error "NetBIOSTimeout on target : The NETBIOS connection with the remote connection.py:174 host timed out" . Any suggestions or explanations on why this is coming up

guys I have a problem

When I try to access a link with Brup's own browser, it searches forever and does not access the site. What could be the reason?

Disable Interceptor in Burp

thankss

hey guys, this has been happening for a couple days now, on different rooms with different target machines, i turn the machine on and no matter how long i wait, when i try to access the ip on my browser it just spends a really long time loading the page and showing "Transferring data from 10.10.206.141" but i if i close the connection it loads the html and on burpsuite browser after a long time it actually loads the page, im currently on LDAP injection and had the problem also with SSTI injection room, i am connected with open vpn but even the 10.10.10.10 page takes a while to load, however if i launch the attack box everything works perfectly fine in it, this started happening after a couple days of me having linux on dual boot and trying to fix things on that but i doubt that has any effect but just a thing that lines up that i thought i should add

Also to add, I even generated a new config file and it didn't change anything

for Windows, you are using the community edition: https://openvpn.net/community-downloads/ ?

i had to use a vpn for that page to load cuz my country is silly lol, but yes im pretty sure thats the ones im using, i just use it from the system tray, i also had the problem on linux with the CLI tool

if your country makes things difficult for VPNs, I am not sure you will be able to have a good experience connecting to THM infrastructure
however the description you made may point at an issue with MTU, hence try this: ip link set dev tun0 mtu 1200

i have used it fine for the last year even with the VPN but ill try that rn

not sure how to do that on Windows though...

the thing with countries banning VPNs is that at times it looks more like disturbing VPNs than banning them outright
I have experienced that situation while interacting in THM Discord with users from these countries, and more than once they have reported that it worked fine till x days ago Also, sometimes, they would say it works at some place but not elsewhere

found a work around lol, i turned on warp, turned on open vpn, turned off warp and now it works perfectly 👍 doesn't make sense but who cares lol

I'm trying to start the VM in the room Windows Fundementals 3, however it keeps prompting "APACHE TRyHACKME REMOTE", when you press login it just says it was invalid login

site being updated? Getting a 500

whihc page?

They will fix your cert

Yep it’s good, already talking with the support.
Thank you !

Gave +1 Rep to @ember osprey (current: #1 - 5733)

Hello I have an issue regarding voucher payment. I am using the same revolut card I used to pay monthly but it is getting declined.

only thm support staff can help you with billing problems

email to the address above ^

thx

no problem 🙂

Hello,
I think we have a problem in the "Race Conditions" room, in task 5. I followed the exercise instructions, but the account balance never changes after the POST requests. Therefore, I can't complete the exercise. Could you check if there's a problem with the exercise or if the problem is me? 🥲

are you using the attackbox?

Yes

how many requests are you sending at a time?

Today I only tested one request to confirm if the problem persisted. But I've already tried 5, 10, and 15 times as well.

try restarting the target vm, start with 6 requests, make sure everything is set correctly

OK, I will do that

if that doesn't work, I will test it out 🙂

hello, in one of the beginner classes, in a video the narrator said it would be wise to learn about The FIND command in linux. how can i access that room or whatever it is?

there probably isn't a room on the find command, but the linux fundamentals rooms probably teach them, check linux fundamentals 1 room

from that linux fundamentals rooms i got this link. https://tryhackme.com/room/thefindcommand but the content is private

yeah, check out the linux fundamentals room

the first one

this one, check this room out:
https://tryhackme.com/room/linuxfundamentalspart1

i did that room

that is where i got the link from

then it should teach the find command

nevermind thank you

no problem 🙂

i sent a message

to whom?

may I ask?

Hi !
am i the only one to have a "500" when i check my certificates ?
like when i watch for others, it's working.

(maybe it's bcs i've requested to regen my cert, so it's doing weird stuff for the moment)

I think it is a bug in the site

I've re-tested, but I'm getting the same results. If you could run a test to verify that everything is working as it should, I'd be grateful.

seems like a bug:

sure 🙂

I am getting one while logging in, on the dashboard

still 500

hmm

No idea. Who ever answers on the contact us button

oh, I see, did you ask about the private room or smth?

because if the room is private, THM can't do anything about it

Can't really remember what I asked. Got some things to do right now. But if it's been made private, it is a bit odd that in linux fundamentals you have a link to go and learn about the find command. I would be ok if i didn't acquire a premium account. Maybe it was removed for some reasons. But since the learning is so nicely done here. I would love to learn it instead of going blindly around the internet.

Of course i can go on chat gpt and ask for what i need

A command to get something... But that is not learning

why does it say 95% even though i complete all tasks and their questions?

as a workaround, search the internet for walkthroughs, either written or video
for example, this video is the companion video for the room by DarkSec, who used to be part of THM: https://www.youtube.com/watch?v=UeMxWW6Yqdo

Try to restart the room progress

and try again

Yes yes. But from my 2 weeks of learning, I've found i work better if i first try and do the whole room and after that i watch the video.

More than this, i am more easily distracted if i only watch the video

Thanks for the video nonetheless

Hello, I am still still still waiting 🫠

Room submitted in the end of January... I was planning to organize some CTFs on the platform with my non-profit association but it will be difficult if we'll have to wait nearly a whole year...

It may take up to a year 🙁

A year ??? Damn... We take only 4 to 5 months to organize a whole CTF
It won't be possible to organize it on THM with these conditions...

anyone still suffering from 500?

I can add you to creator's channel if you want , maybe you can get more info there

Works ok for me

Yess please

Hi the Openvpn network isnt working for me

When I run the config file it runs as usual but im unable to access any ips of the rooms im solving

I tried regenerating and even using different regions

➕ Gave the role Creators-Lounge to yessir123

Try to access
https://tryhackme.com/

Here you go , you maybe able to get more info in #creators-lounge 🙂

Can you access http://10.10.10.10/ ?

I figured it out already seems like there was some problem with the ovpn file

thank you

can anyone help me? My attackboxes dontt seem to mount properly after I purchased the premium

the popup windows with a mount error message can be discarded They do not impact the functionality

whenever I enter any line of code on terminal, I get the 405 eroor

are you using THM AttackBox? can you share a screenshot?

Yes, THM Attackbox, sharing screenshot now

https://tryhackme.com/room/flarevmarsenaloftools

I cannot reach the FlareVM... neither with rdp.

what is the room?
make sure you target the right IP, and not the IP of your AttackBox (in which case you will get a 405 response code)

content discovery
What would be the right IP? I thought it's asking for Atackbox IP

that would be the IP of the target VM that you start in Task 1 After 60 seconds, you get a IP address under the red Target Machine Information heading, as per screenshot (target machine still loading in my screenshot)

you can discard that by clicking OK No impact There may be a second popup window similar to that one

no issue for me as per screenshot
maybe terminate and start again?

I'm dumb, thanks that worked. I got confused and was just opening my attackbox instead of starting the machine from task 1

Gave +1 Rep to @upbeat quarry (current: #15 - 616)

i did. i tried yesterday for like 5x times. same. restarting pc etcetc

do you have extensions in your browser? I suggest you disable them
however, if you have the same behaviour with rdp, then the issue is not about extension
I think I saw another message in Discord with that error, I'll look around
for the moment, I can propose this idea: use the machine I have just started as per screenshot If you say OK, I will keep it up for at least 1 hour (if you need more time, come back to this conversation)

", I can propose this idea: use the machine I have just started as per screenshot If you say OK, I will keep it up for at least 1 hour (if you need more time, come back to this conversation)"

Sorry, what machine? where can i find?

#site-support message
IP is 10.10.134.162

and how can i use that? terminate old and?

or with rdp?

terminate yours that does not work and use mine by connecting with RDP, as per screenshot from room material

i cannot connect to it either.... i tried pinging it, but nothing

ping works, but you have to be connected to THM VPN
or use THM AttackBox like I do

okay it works now in my browser, some of my plugins blocked the site.

thanks!

I'll terminate my instance then

I'm having trouble connecting to my OPVN, It has worked every single day for the past week but now I get an issue where it cant negotiate TSL. I have verified the routes and that my firewall isnt blocking the connection. Any ideas?

Can you share the error message you are having (using a screenshot)? Also, from which geographic location are you connecting from?

@twin marlin

I am connecting to US-West-Regular-1, I just reran the command and have no errors however there's no data passing through the tunnel.

can you ping 10.10.10.10?
and which country are you connecting from?

I cannot ping 10.10.10.10, USA

have you done some modifications to the VPN config file after downloading it from THM? I noticed in your screenshot that the MTU has a value of 1110, which is unusual
BTW, I did a test with a VPN config file from US-West-Regular-1 like you used: the first attempt failed (openvpn command got stuck), so I regenerated the VPN file and the second attempt succeeded Maybe consider that option?

I've generated multiple new profiles and have event attempted US EAST, I found something online showing a modified MTU value could be the problem so in the current config in the screenshot I sent the MTU is modified. I can regenerate a new one without it modified and show but it displays the same result, its just weird because it was working completely fine yesterday. Maybe I just rebuild a VM and try from ground 0

about the MTU: sometimes that is an issue, but consider that scenario only if ping 10.10.10.10 succceed but you have issues with browsing for instance (actually transferring bigger traffic than just some small ICMP packets) Hence I would not modify the MTU at the moment
rebuilding your VM is a bit extreme I think, knowing that THM VPN is prone to frequent issues
I think the way forward for you is to cycle through different VPN servers till you can ping 10.10.10.10 You may end up temporaly with a server far away (EU,IN,AU), but that would validate your access to THM infrastructre and your VM

also, when cycling through VPN servers, but failing, consider regenerating the VPN file

I have generated multiple VPN files across multiple different servers and 2 seperate accounts, I have also upgrade and installed and uninstalled openvpn.

what is your OS?

Most recent Kali 25.2

maybe the latest Kali is the issue then, and building something which is not the latest is the way
referring to your previous VPN connections, that were succesful, were they with the same configuration and the same VM?
BTW, I am not a big fan of the latest everything: this is my Kali

Linux kali 6.11.2-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.11.2-1kali1 (2024-10-15) x86_64 GNU/Linux

Gotcha, yeah I'll prob load up a basic Ubuntu instance to see if OS is a problem, all my previous connections are on this box with no prior issues which is why I am confused lol. I haven't changed anything personally but clearly something went wrong

weird, indeed
it looks to me like you are experienced with these things
I just know that THM VPN is often weird, and you have to be the one more stubborn
BTW, here is my THM VPN through US-West-Reg1 (not that it is very useful though)

one more thought: do not have multiple THM VPN sessions simulaneously, and that includes not having a VPN session on your local VM and one via THM AttackBox

Yeah I killed all openvpn connections on my desktop as well as the VM prior to testing unfortunately it didn't fix it haha I appreciate all the ideas THM free versions always been unstable

VPN for subs also had issues, and you had to swtich to non-subs 🙃
#1349307729671487499 message
#site-support message

getting trouble to get the url :/

Lovely 😅

as you like funny things: I interacted yesterday with another user that found a weird way to solve their VPN issue: #site-support message

Logs Fundamentals room,

Press the reconnect button?
Refresh the page?
Restart the target VM?
For me, the target VM loaded after 3-4 minutes

Tried them all and same issue :)) Even tried the attack the box machine just to check (it worked)

do you get an IP for the target VM that you could use with RDP?

yes, let me try this

When you switch to another THM OpenVPN server, you should wait for ~2 to 3 mins before generating your OpenVPN config file.

is there a way to mute echo permanently? I don't want to keep doing "snooze for this room"

I am still getting a 500 error while accessing any page of try hack me, can anyone guide me what to do? It is happening since yesterday

I'm having trouble getting OpenVPN started. I've installed OpenVPN and downloaded my config file, but sudo openvpn ~/Downloads/CalendulaAsteraceae.ovpn hangs when I try to run it. The last output before it stalls is 2025-07-31 23:31:40 Protocol options: explicit-exit-notify 3. Same result if I copy the config file and change the extension to .conf. What might be causing this, or what are the next debugging steps I should take?

(I'm on a 2017 MacBook Pro.)

There's no currently

can we get that added to the emoji's? It happens alot, would be nice to emote with it.

When I try to do the check in for PT1 I get this error from onfido (Your verification is expired)
Is there a way to restart the check in process?

Try to ask in #pt1 channel also , try sending an email on the address below

I opened a ticket yesterday, directly from the home page. Should I send an email to support@tryhackme.com or I might wait until the ticket is closed?
Thank you

Gave +1 Rep to @west chasm (current: #58 - 175)

I think you can send an email and wait

Thanks
Nevermind I checked now and the ticket system automatically sends the ticket to support@tryhackme.com 😬

ahhh, makes sense

any THM support available ? I created a ticket and still no response

what did you ask about?

and how long has it been since you sent a ticket?

something related to voucher, and it was 2 days ago

Why has the AttackBox started crashing so often?

Is there anyway to get the site for SOC Level 1>Cyber Defence Frameworks>Summit to work? Doesn't matter the browser i use or how long i wait i always get 504

That means that the machine isn't up yet , refresh the page with f5 after a few minutes

"Does not matter how long i wait"

I have tried on different networks, different bowsers, cache cleared, dns flush and still get 504

It works on my side

It can take up to a week

ok ty

Gave +1 Rep to @ember osprey (current: #1 - 5740)

You're using AttackBox or ?

guys i wanna start learning ethical hacking am new and i don't know what to do i just downloded linux

you there?
I have just started that target, as a test, and it works for me
I am curious if you can access it: https://10-201-30-4.reverse-proxy-us-east-1.tryhackme.com/

you may want to have a look at the roadmap: https://tryhackme.com/hacktivities?tab=roadmap
then move quickly through what you already know, as a refresher and way to familiarize yourself with THM environment, and drill down on what is new

You can check out free path for beginning 🙂
https://tryhackme.com/resources/blog/free_path

when will this start working?

Try to refresh the page

okay, thank you! also, I can't see the free roadmap in the learning section, was that removed?

Gave +1 Rep to @ember osprey (current: #1 - 5743)

It is temporary removed but you can refer to this resource 🙂
https://tryhackme.com/resources/blog/free_path

thanks a lot!

Gave +1 Rep to @ember osprey (current: #1 - 5744)

I'm not trying to come across as entitled here, but as a premium user I genuinely don't understand how this is happening

Try to refresh the page

sry i was blind 😄

I visited the thm website, it said something about re-verifying my email and had a link. Opening my inboxes showed nothing new from THM and re-opening the THM website removed the popup.

I guess the website just trusts me lol

Hello, is this still an issue for you?

Is everything ok now 🙂 ?

This worked, thank you!

Gave +1 Rep to @upbeat quarry (current: #15 - 621)

yesterday I was working on a room (mr robot) and I was using my VPN, was working fine. Today I can connect to the VPN, but not to the target box. Has anyone ever seen that before? I spent a half hour respawning target boxes because I thought the target was not starting up right, and it turns out the box is there, I just can't see it through the VPN... ideas?

HI, i was checking out and older room named "Bulletproof Penguin"
https://tryhackme.com/room/bppenguin

The room is scored via a binary named get-flags that references/runs a python program /opt/checker/checker.py
The problem is that the scoring depends on a lambda server with the hostname m0mxzvy8s2.execute-api.eu-west-1.amazonaws.com
That lamda server is no longer reachable - at least because it can not resolve.
Its a cool room even if it is dated. It would be nice for the scoring to still work.
Cheers,
-nonattribution

I will forward it to staff members 🙂

Try to change VPN server and download a new VPN file

yo i dmed yo something check it out please

Will do

:hammer: alexvaldoo330459#0 has been banned.

Thanks for reporing he has been removed from the community

Gave +1 Rep to @static valve (current: #3066 - 1)

HEY site is not working without vpn , i think that it got somethingn in my region (IN)

please see this issue

Hello, THM,
Currently stuck at the room 'ItsyBitsy'. Having trouble on connecting with the VM. The message i get continuously after starting the ELK VM - 'Kibana server is not ready yet'. This is consistently happening and i am waiting around 5 to 10 mins to let the services in VM start, but no luck. I have regenerated my VPN file and restarted all my connections. Can the team check and resolve the issue.?
Thanks in advance.

It can take up to a 20min for Kibana to fully startup

Ok. let me check that again. Thanks.

Now its working. Thanks for the input.

Gave +1 Rep to @ember osprey (current: #1 - 5745)

Site not displaying when i connect, just a blank white screen

which site?
please provide screenshot

It just shows as a white screen, the help centre button is there tho

I can access other websites

just the basic tryhackme[.]com

for troubleshooting:

• consider disabling (some) browser extensions
• consider putting tryhackme.com on the allow-liste of your antivirus
  also, if you have a VPN (I do not mean THM VPN), like NordVPN, ProtonVPN, it would be usefull to check whether you can connect to tryhackme.com when that VPN is on (that would allow to isolate the issue to a particular network)
  also, I guess you did tons of refreshing of that page, right?

Yes refreshed quite a bit, cleared cache etc.

No browser extensions to disable

No VPN and Im using a VM of Kali so no antivirus. Weirdly the site works on the host machine, just not the VM. All other sites work fine with the VM

if the site works on the host but not the Kali VM, I wonder whether you configured something on the firewall of your Kali VM

Its a fairly clean install so there shldnt be anything set up to block it, but will have a look.

Tbf i can just use my host machine to access the site and use the VM to do the practical stuff

so got a workaround for time being anyways

understood
however, if you get to the root cause of the issue, I would like to ask you to share it here, so we can learn from your experience
thanks in advance

No worries - also for the firewall question there is nothing btw

I wonder whether you can map tryhackme.com from your Kali VM: nmap -Pn tryhackme.com

Are you using a translator ?

Nah, everything is in english. I tested it in chromium on the VM and it works. So something is up with my firefox 🫠

If i find root cause ill share but def not something on your guys end

Had to upgrade my firefox, dont think it was compatible with some of the site content

Im having an issue with the OpenVPN connection,I can connect fine and ping/curl 10.10.10.10 but any box i start is unresonsive. Tried restarting everything, new boxes, different VPN configs, different devices, same issue, It looks like they are being assinged but are unreachable from the VPN for some reason. any tips?

Unable to make payment since 2 days I am trying while selecting card or PayPal it is not loading

thanks for that update

this may apply to your case: #site-support message

Hi, anyone experiences lack of enumad interface when trying to complete enumerating AD room? anything i can do besides writing to support?

on THM AttackBox?

yes'

that is a bug
download th VPN file for that network from your access page and run openvpn with it
if that fails regenerate the VPN file
if that fails, leave the room with the options button and join a few minutes later (5-15 minutes maybe)
also:

• make sure the network is running
• start the THM AttackBox after the network has been running

Thanks for help. Here is what i did and it worked:
On AttackBox there is NetworkConfigs dir on Desktop. There are all network ovpn files so I could access it directly without additional downloads.

Running ovpn adenumeration.ovpn throws this error:
Error: problem with tun vs. tap setting
Exiting due to fatal error

Quick fix is to replace this header in file:
dev enumad
with
dev tun

running ovpn now creates new tun0 interface and network is accessible.

Hope this might help someone if they are looking for quick workaround

thanks for the trick

Gave +1 Rep to @jolly idol (current: #3066 - 1)

Hi, I'm on the "intro to LAN" section, there is some interactive task to do, but I can't see any button to start machine, I'm on premium and connected to the VPN and I can start virtual machine in OpenVPN guide, but in the "intro to LAN" section I still can't see any button

Go to task 1 and press green View Site button 🙂

okey, I got the problem, I didn't know how to interact with this task to see those scissors xd thanks 🙂

Are there currently any known openvpn issues?
Wireshark shows TCP Retansmissions and TCP Dup Ack.

I cannot reach the endpoint http://wekor.thm/it-next/ in the room wekorra over the VPN.
It is reachable using the attack box.

Guys, I have observed some of the rooms in THM take incorrect answers as correct one and flag the right ones as incorrect. Did anyone of you notice it or have encountered this yet?

just checked with my instance for that room, and I can reach wekor.thm
I guess you added that domain to your /etc/hosts on your local VM, the one through THM VPN, right?

I can also reach wekor.thm but not wekor.thm/it-next
I am using the THM VPN on a VM.

The same endpoint is reachable via the Attack Box.
Seems to be a network issue as I see lots of retransmissions in wireshark.

strange: I can reach the endpoint on my Kali VM

try this: #site-support message

Will try

Didnt work, tried to restart after too. I can ping 10.10.10.10 and my Virutal IP, but its literally just the box that wont get pinged or scanned. I have no clue why.

which box for example?

Thank you. This worked. I should have done it on my own but there's only one server on the east coast and I didn't want to use the west coast. But it seems to be fine. Thank you!

Gave +1 Rep to @ember osprey (current: #1 - 5747)

mr.robot box, but i have tried multiple and its happening to them all.

have you got the option to use THM AttackBox? and check whether you can reach that box from there?

I was having the exact same problem... Disconnect from your VPN, DELETE the ovpn file, then go choose a different VPN server, regenerate the VPN file, download it and then connect using the new ovpen file.

works fine in Attackbox

I tried this but ill try it again. Thanks

maybe try restarting your VM after deleting the original ovpn and using the new one

That fixed it

I had the same problem all day yesterday (connected to VPN, could see 10.10.10.10 but could not ping the Mr Robot box) Following the instructions I just gave, it worked for me

do you remember if the IP for the target VM had a format like 10.10.X.X (or possibly 10.11.X.X) or was it like 10.201.X.X?

The orginal VPN connection was giving me 10.10.. the new one is giving me 10.201..

tired that and it didnt work for me, what config file did you use? and the one im having issue with is a 10.201.x.x

the one I'm working on now is at 10.201.36.123

I have a feeling something has changed in THM infrastructure, moving into 10.201.X.X, and that seems to cause issue
another user earlier had similar problem (works on AttackBox, not on THM VPN)
you can watch his headache as he encountered this while streaming on Twitch: #room-help message

it works fine in attackbox so ill do it through there for now ig lol, i just hate the attackbox ngl

I'm connecting to the US West VIP i think, 54.193.147.96

thats the one i just tried too smh

this shi just hates me

yeah, that sucks. I don't like the attack box either. friggin slow and doesn't have all the tools

I saw a post last night that said they changed something in the VPN infrastructure that was supposed to make VPNs faster. I asked if that could be why I couldn't connect to my target anymore but didn't get a response

Somehow I have an issue deploying the https://tryhackme.com/room/maldoc machine. (IP: 10.10.33.175)

I wonder if thats it becasuse everything was working completely fine for me 2 days ago, and now its like I cant do anythign

either that or its big coincidence

Sometimes some servers go temporary down ( ex: for maintenance purposes ) . Try to return to East US in a few days 🙂

Im having this same issue atm: able to access 10.10.10.10 but not any of the machine I start.

does not work for me either (IP: 10.201.2.117)
I'll try again, but it have a feeling there are mulitiple issues in THM infrastructure preventing to access target VMs

second attempt: different instance, and waiting longer, but failing to connect to the target again
my conclusion: issue in THM infrastructure
worth reporting it under #1333993673381253162

which machines have you tried?

Basic Pentesting and Ice. Both of them were assigned 10.201.X.X addresses and the problem manifested itself the same way both times.

Just tried accessing Bolt though & everything seemed to work fine

thanks for your input
what is the format for Bolt: 10.10.X.X or 10.201.X.X
also, working fine with Bolt now is through THM VPN?

Gave +1 Rep to @mossy walrus (current: #3067 - 1)

10.10.X.X

Bolt was a 10.201.X.X. It is now working fine through THM VPN, I never touched AttackBox so far

if you are still facing the issue, there is a workaround:

• from THM AttackBox or your own local VM (like Kali) connected through THM VPN
• start a VNC session, for instance using remmina
• in remmina enter the IP as X.X.X.X:1
• when prompted for the password, enter the one provided by THM, i. e. malware (no prompting for the username)
  Check screenshot example using THM AttackBox

Hi, I am trying to use Openvpn through wsl in mirrored mode, is there anyway i could do so?

if you mean to use THM VPN with WSL, it is known to cause issues, and you should avoid it

like i cant curl to 10.10.10.10 through wsl too

so ig i cant fully retire my vms

not sure about the context: you used to use hypervisors like VirtualBox or VMWare? For THM, if you do not use a local VM running on a hypervisor, you can use the in-browser attacking machines provided by THM (there are 2 flavours for subscribers: Ubuntu and Kali)

wait there are multiple flavours?

Am i missing something?

Honestly i have a VM-kali sitting around taking shit ton of space shifting to wsl kinda eases stuffs for me it works on the hypervisor but allows me to integrate a few stuff on my windows machine

yes i use the attackbox but i have the default machine

that is kali ig

i never knew we had ubuntu access too

default is the Ubuntu flavour, commonly known as THM AttackBox It displays as recommended as per my screenshot

i was also told by someone i can download tools on the attackbox but i could never figure that out either

ohhh

I have a feeling they are restricting updating and upgrading of these attacking machines (I guess to avoid paying traffic through their AWS cloud infrastructure)

but it gets difficult to do stego on attackbox hence i shifted to VMs

ohh

also, the Ubuntu flavour is the one recommended because it contains all the tools you are expected to use to solve THM rooms (in particular the walkthroughs)

difficult for challenges tbh

yes, and also no persistence

i have had issues performing stego based things in various red team challenges is there any good workaround you can suggest

no, sorry I am not stego-friendly 🙃

ohh what domain you focusing on?

actually, I am not too much in challenges, more doing the walkthroughs

i was more on the walkthrough too but i started facing issues in practical scenarios

which challenges specifically?

like chocolate factory for example you gotta do some stego in it

Check out my standard stego enum script:
https://pastebin.com/iKbgS7mN
Obviously don't blindly run this, but look over it or paste it into ChatGPT to verify it is not malicious.
You might need to run this with sudo.
It is supposed to work on the AttackBox. It installs all necessary tools automatically, e.g. binwalk which I believe is by default broken on the AttackBox.

This should be enough for most stego challenges.

You just scroll through all_output.txt when it is finished or paste the output into an AI assistant.

thank you i shall look into it

i was looking into the script, and well there are so some tools that dont work well in the attackbox like binwalk

Yeah the script fixes that

ohh thats really amazing thank youu!!

Gave +1 Rep to @knotty plank (current: #181 - 51)

These 3 lines are needed to fix binwalk:

sudo apt-get remove --purge python3-capstone capstone
sudo pip3 uninstall capstone --yes
sudo pip3 install capstone==4.0.2

The script runs them

ohhh

thank youu

you're welcome mate

where do I ask basic questions like if I run a command on my attackbox but it doesn't appear to be able to talk to the thm site in question?

room help? maybe I just answered my own question 😉

Here’s fine if it’s to do with the attackbox

I started in the room-help channel - thanks anyway! maybe if we don't get it fixed there I'll come back 🙂

Wdym exactly ? Can you provide some shots please 🙂 ?

Whats going on the site? attackbox dont work and the deployed target machine too.

attackbox and target machine didn't seem to be able to work as expected with the ffuf command. my attackbox timed out and I re-initialized it and it worked as expected

not sure what happened but it sort of resolved itself

a little more detail... when I started the room and got down to the task that involved ffuf, the command that was intended to be copied into the attack box didn't recognize the targe machine IP. even if I explicitly put the target machine IP in the command it wouldn't work properly. It only worked properly when the attackbox was re-initialized and somehow that populated that IP of the target machine in the text that was intended to be copied over to the attackbox... that may sound confusing but that was the sequence of events.

for me, when i activated the target system it reveals me the original dns of the server

and after when i wanted to get on the site i get 502 error, of course the target one

some of these instructions aren't great... I'm re-reading and trying to follow them but they aren't generating the intended output. In the latest instance, in the authentication bypass room: https://tryhackme.com/room/authenticationbypass

it talks about looking at PHP code (where is the code and how do we look at it) and it mentions a $_REQUEST variable. That's awesome, but I have no idea how to find that based on the instructions.

It also mentions using a Blue button. I really want to use the blue button, but I have no idea where it is:
"This walkthrough will require running both of the below Curl Requests on the AttackBox which can be opened by using the Blue Button Above."

That said, I believe I have access and have the attackbox opened in a side window, but the mention of the Blue Button is confusing.

did you get it fixed?

or is it something with THM servers?

thank you!

Gave +1 Rep to @ember osprey (current: #1 - 5748)

is there anywhere to submit an official ticket? my vpn is still not working, tried like 4 different config files. the VPN connects, i can see 10.10.10.10 ping my ip as well. But i can’t get any box working unless im using the attack box

has to be something with THM servers, HTB i’m having no issue at all on either device.

Same problem here. I'm going with the attack box, for now. It works fine with the machines. Maybe it's a server problem.

If you can access 10.10.10.10 everything is fine with your connection , can you see your IP reflected on the 10.10.10.10 page ?

yes

Also where are you guys from and which server are you using ? @digital citrus @solar bear

its just the box that I cannot ping or access the webpage. I tried multiple boxes

I tried East and West

Which box ?

Mr robot, UltraTech, Overpass and Smol

im guessing its them all though its the only 4 I tested

Yeah attackbox is working for me as well, But i would rather use the vpn lol

Me too XD.

I'm from Brasil. I tried to use US EAST regular 1 and I am using EU regular 1 now