#site-support

It's working now. Had to leave the room and return. Will attempt to get the link now.

hello i can not see the IP for ssh in linux fundamentals part 2 ?

@upbeat quarry Got the link. It's working now. Thanks for the help! https://10-201-6-60.reverse-proxy-us-east-1.tryhackme.com

Gave +1 Rep to @upbeat quarry (current: #14 - 630)

did you press the Start Machine button in Task 2?

yes sure i am currently useing attackbox but i can see the ip in documents

thanks for the link, I can reach it too
the conclusion probably with your previous instance is that there was some temporary issue in THM infrastructure
anyway, happy THM

Gave +1 Rep to @normal mirage (current: #2016 - 2)

you find it under Target Machine Information under the red heading at the top of the webpage, as per screenshot

thanks for your help @upbeat quarry !

Gave +1 Rep to @upbeat quarry (current: #14 - 631)

probably good to spend some time familiarizing yourself with THM environment
check this THM material:

• in particular: https://help.tryhackme.com/en/articles/7977454-how-to-starting-your-first-tryhackme-machine
• in general: https://help.tryhackme.com/en/

I will check them !!

Just confirmed — I can ping 10.10.10.10 successfully. Looks like I'm connected. Thanks for helping out, and yeah, the “Not Connected” label must be a bug

Gave +1 Rep to @deft quartz (current: #65 - 146)

no worries

yes indeed the label is broken

Halp! (Supposed to present a room to colleagues in <2h !?

• I regenerated/downloaded my VPN credentials

• I created the connection with sudo openvpn <username>.ovpn

• routes look good (ip r)

• I can only ping the VPN gateway (10.6.0.1)

• I can't ping machines (tried 2 rooms)

• I can't ping the machines' gateway (10.201.0.1)

• THM VMs:

  • can ping each other
  • can ping 10.201.0.1 and 10.10.0.1
  • cannot ping 10.6.0.1

My results:

> ping 10.201.57.103
PING 10.201.57.103 (10.201.57.103) 56(84) bytes of data.
^C
--- 10.201.57.103 ping statistics ---
114 packets transmitted, 0 received, 100% packet loss, time 115720ms

> ping 10.201.108.124             
PING 10.201.108.124 (10.201.108.124) 56(84) bytes of data.
^C
--- 10.201.108.124 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6152ms

> ping 10.6.0.1      
PING 10.6.0.1 (10.6.0.1) 56(84) bytes of data.
64 bytes from 10.6.0.1: icmp_seq=1 ttl=64 time=27.7 ms
64 bytes from 10.6.0.1: icmp_seq=2 ttl=64 time=169 ms
^C
--- 10.6.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 27.727/98.560/169.393/70.833 ms

> ping 10.201.0.1  
PING 10.201.0.1 (10.201.0.1) 56(84) bytes of data.
^C
--- 10.201.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2045ms

> ip r
default via 192.168.6.129 dev wlan0 proto dhcp src 192.168.6.203 metric 600 
10.6.0.0/17 dev tun0 proto kernel scope link src 10.6.37.105 
10.10.0.0/16 via 10.6.0.1 dev tun0 metric 1000 
10.101.0.0/16 via 10.6.0.1 dev tun0 metric 1000 
10.103.0.0/16 via 10.6.0.1 dev tun0 metric 1000 
10.201.0.0/17 via 10.6.0.1 dev tun0 metric 1000 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 

did your openvpn command end up with Initialization Sequence Completed?
can you ping 10.10.10.10? if yes, you are good with THM VPN
however, make sure you are not running more than one instance of THM VPN (check with ps aux | grep openvpn) You can terminate all your running openvpn processes with sudo killall openvpn in order to start from a clean sheet in case of doubts

Yes to all

did your openvpn command end up with Initialization Sequence Completed?
Not the last line, but final-10
can you ping 10.10.10.10? if yes, you are good with THM VPN
Yes, before and after 👇
however, make sure you are not running more than one instance of THM VPN (check with ps aux | grep openvpn) You can terminate all your running openvpn processes with sudo killall openvpn in order to start from a clean sheet in case of doubts
killed, restarted, same results as ☝️

Seems there's an issue between 10.201.x.x and 10.6.x.x?

check from my screenshot all the pings from your screenshot that work for me
I am using EU-Regular-4 THM VPN server, in case you want to try with that one

thanks, well noted, looks good

Gave +1 Rep to @nova whale (current: #208 - 46)

I mean from EU VPN subnet, not surprising that 10.6.0.1 is not reachable - I'll take 'er for a spin...

As for hte VMs, one is a windows box, so not surprising it doesn't respond.
TYVM for checking 🙇‍♂️

about Windows and ping, I guess it is the one, that I can nmap now but I could not ping in my previous screenshot

Even worse on US-west 😬

> ip r
default via [...]
10.2.0.0/17 dev tun0 proto kernel scope link src 10.2.113.9 
10.10.0.0/16 via 10.2.0.1 dev tun0 metric 1000 
10.101.0.0/16 via 10.2.0.1 dev tun0 metric 1000 
10.103.0.0/16 via 10.2.0.1 dev tun0 metric 1000 
10.201.0.0/17 via 10.2.0.1 dev tun0 metric 1000 
[...]
> ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
[...]
36: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet 10.2.113.9/17 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::de19:c639:b358:b777/64 scope link stable-privacy proto kernel_ll 
       valid_lft forever preferred_lft forever

> ping 10.2.0.1  
PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data.
^C
--- 10.2.0.1 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6152ms

> ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
^C
--- 10.10.10.10 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6141ms

> ping 10.6.0.1   
PING 10.6.0.1 (10.6.0.1) 56(84) bytes of data.
^C
--- 10.6.0.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4086ms

> ping 10.201.0.1
PING 10.201.0.1 (10.201.0.1) 56(84) bytes of data.
^C
--- 10.201.0.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4098ms

do not hurt yourself further
come to EU-Regular-4, where things work for me
after that you have established it works for you too, then try maybe another VPN server (for better performance)
no guarantee though

Eureka!
Thanks a million! (Eu-reg-4 FTW)

Gave +1 Rep to @upbeat quarry (current: #14 - 632)

anyone?

I cannot help you with that one, but the #pt1 channel is probably a better place to get feedback
otherwise, try to email THM support using the link coming below

found this, with an answer from THM staff: #pt1 message

I’m guessing THM is having a VM connection issue? Been trying to work on the network miner room all morning but it disconnects me from the box and the only way to get it to reconnect is term it and reopen. But even that is a 5 minute bandaid if I’m lucky.

Sometimes getting an “at capacity” error too

I’m on the US-West server btw

Is your VPN connection stable? check if there is continuous output in terminal where you ran the openvpn command
you can also run a continuous ping 10.10.10.10 and see whether you lose your ping responses when the target VM disconnects If so, that would be the sign the VPN connection is dropping
US-West was not good earlier with this user here: #site-support message Maybe you should consider switching to another VPN server, like EU-Regular-4

Thanks I’ll look into that

I am getting this error all morning as well.

for which room?

I don't know which specific rooms but I am going back through the pentest+ path and multiple rooms seem to be having issues starting machine or attack box. Seems like things are improving but it was going on for a while this morning/afternoon now.

It’s cleared up now. No issues wbu @solar python

Seems to have cleared up for me as well. But it was happening for a couple of hours today.

the attack box has been slow recently for me

Is the site and attackbox slow today?

yes

very

what does THM prefer?
do we use the attack box or connect via vpn?

are you guys able to launch attackbox? i tried it showed me an error saying thm is at capacity right now

just try again

really, it worked for me

i see x)

it felt like "just gitgud bro"

im joking btw

gitgud?

get good

no, you can solve most of your problems just by restarting

computer doens't boot? just restart
wifi option disappeared? just restart/wait

guys i dont know if this behavior is intended, but I cannot configure DNS on Breaching AD room. I'm using attackbox and in my /etc/resolv-dnsmasq I wrote my THMDCIP as instructed

when i try "nslookup thmdc.za.tryhackme.com" it says ** server can't find thmdc.za.tryhackme.com: NXDOMAIN

when i ping my thmdc, i receive the responses normally

Back to getting the error messages again

and i got disconnected from the attackbox

after updating /etc/resolv-dnsmasq, do the following

sudo systemctl stop systemd-resolved
/etc/init.d/dnsmasq restart```

Mine is still kicking. Might be on a different server.

I've been experiencing issues with Rabbit Store for the past 20 minutes, when I try to log in to the storage website the exact same way I've been, even after restarting my VPN and NetworkManager connection and host interface -- it's dead. I can send a POST request to /api/login but I don't get a response even with my web application security tool's "capture responses" checked, and yes it is in scope. I've restarted the room VM multiple times and plopped the new address into my hosts file, same result.

Omg thank you so much

Gave +1 Rep to @upbeat quarry (current: #14 - 633)

troubleshoot your VPN connection
can you ping 10.10.10.10?

I've just tried 2 rooms, while using their attack box I am able to access those 10.201 ip addresses, but definitely some issues using my VPN to connect, seems like when the boxes are started they are setting up to the 10.201, I'm on the us-east btw and can access 10.10.10.10

I'm also having problems. I can ping and curl 10.10.10.10 but can't with room machines

which VPN server have you used to download your VPN file?
make sure you have only one THM VPN instance running at any one time, and that includes not running THM AttackBox while running THM VPN
about these rooms, how are you trying to reach them (maybe they are not supporsed to respond to pings, which is typical of Windows boxes)

not running more than one instance of THM VPN?
Please screenshot ps aux | grep openvpn

I used Us-East-Regular-1. I wasn't running any AttackBox and the rooms I was trying were Hammer and OpenVPN. I've done both in the past and they are supposed to respond to the ports I've been trying to connect.

thanks
maybe you have the MTU issue: please run THM VPN troubleshooting script at https://github.com/tryhackme/openvpn-troubleshooting

Gave +1 Rep to @lament flame (current: #1054 - 5)

Incidentally, 10.201. block IPs are the same ones Rabbit Store is bringing up machines on.

Okay I'll try that out and let you know what happens

👍

ok, figured I'd just reach out to see if it was an issue

would nmapping hammer then just not work?

Didn't work some minutes ago when I tried

I have got an instance of hammer running
earlier I troublshooted VPN using EU-Reg-4, and that worked
after that I'll check with US-East
I'll report back in a few minutes

I did my test with hammer :

• using VPN server of EU-Reg-4, I could ping and nmap the target; scanning for all 64k ports, I found 2 ports open, but it was slow (474 seconds)
• using VPN server US-East-1, I could not ping nor nmap the target (same IP) I regenerated my VPN file, but same failure (of course ping 10.10.10.10 was succesful after Sequence Initialization Completed message from openvpn)
  Conclusion:
• I cannot explain why US-East-1 fails, as ping 10.10.10.10 works
• I suggest you switch to EU-Reg-4 which I know works (maybe slow though)
• you could try cycling through other VPN servers, and have better performance

That did it! Thank you very much

Gave +1 Rep to @upbeat quarry (current: #14 - 634)

based on my test with hammer for user sutdentenherz, I tried to reach the VM for RabbitStore, but had the same issue:

• I cannot ping/nmap the target VM using US-East-1 (despite ping 10.10.10.10 working)
• I can ping/nmap the target VM and browse to cloudsite.thm using EU-Reg-4
  Obviously there is something wrong with US-East-1
  Which VPN server have you been using?
  One way for you to progress is to switch to EU-Reg-4

I am really surprised, and happy
BTW, what is your new MTU value?
and which VPN server are you using for your current connection?

could you try to choose another VPN server than US-East, as that one does not seem to work for me (despite the succesful ping 10.10.10.10)
I have just done some tests with EU-Reg-4, and that one worked
so you could switch to EU-Reg-4, or try your luck cycling through other VPN servers

Sure I'll give those a try! but my issue was that I wasn't able to connect for this room, https://tryhackme.com/room/theserverfromhell which after getting a hint I found that I was using the right command, but not able to see the result.

and for that room it was OK with THM AttackBox, like you seemed to say in your first message?

That was for the second room I tried, which was https://tryhackme.com/room/windowsprivescarena using the attackbox to RDP was fine. The initial box I am supposed to be able to grap the banner of the first port but wasn't able to connect

Just tried EU-Reg-4 and still no luck, I'll try again tomorrow and cycle through them

too bad
with EU-Reg-4, I could ping and nmap the instances for both of these rooms:

• https://tryhackme.com/room/theserverfromhell
• https://tryhackme.com/room/windowsprivescarena

I'm wondering if I have the same/similar issue with my openvpn connection, I created a ticket a couple days ago.

are you connected to THM VPN right now?

I'm just connected using the attackbox currently.

if that helps, some troubleshooting above has shown that, at least for me:

• US-East-1 does not work
• EU-Reg-4 works
  if you want to try and provide feedback, maybe we can make progress together

Hey guys! how could i kill this ai bot in the left bottom corner? it starts showing me pop-ups and i really don't like it

There isn't such an option yet

Man your nick and AI which monitoring my actions on the site are really concerning coincidence

but thanks. Though it's really disappointing answer

Me too my VPN us-east-1 doesn't work anymore

Hi. The monthly rankings from my country are inaccurate. I am ranked number one (see the right side of the icture for your information), yet only inactive members for this month are shown on the top 50 list.

You all have 0 points , you're all ranked as #1

Just checking to make sure but I earned points today, so why are my points still at zero?

is there any active technical admin I want to talk to him about points not calculated

Ran the troubleshooter. First time, said MTU issue, still didn't work. Second time, said duplicate instances so it killed duplicates, still didn't work. Going to try EU-Reg-4

Only points from this month's challenge rooms is counted

Not an admin but everything works fine on my side

I will dm you if it possible

EU-Reg-4 seems to work

Ok. Still dont understand since nsome of the profiles have not even been active this year, or in five months, but thank you for the info.

Gave +1 Rep to @ember osprey (current: #1 - 5759)

<@&612305984752451594> Hey team! I lost my streak yesterday and I was really bummed about it—I’ve been consistent every day but must’ve missed it by a few hours or due to a timezone issue. Would it be possible to request a streak repair?

I totally understand if not, but I’d really appreciate any help. Thanks for all you do, this platform means a lot!

Hi I have a subscription related question.

Suppose I decide to pay for one month with the monthly option

and decide that I want the yearly subscription later

Do I have the option to switch options? Or am I perma stuck to one option

also do I get the 50% if I swap over or do I have to apply straight for the annual option wholesale?

done that before just not on the ss

why some challenges don't allow VPN boxes connect (Firewall?) for example injectics

I'm asking you want to make the vpn to connect to the firewall right?

never mind I can't even ping the attack box lol

something is off, I will just use the attack box, don't have the time to dig in. 😦

other wise, koth and other rooms work fine

Yes it would 🙂 . Send an email to support on the address below and explain your situation they will fix the streak for you 🙂

Seems like the bot is down but send an email to support@tryhackme.com 🙂 . They will fix it for you

You can switch anytime you want

unreliable vpn connection.

tried a new kali box and no better

us-west-regular-1 might be boned. eu-regular-4 seems ok so far

please no more hours of trying to get the vpn working for my class

Looks like you got someone stuck queuing up into leagues this week. Might want to check he code again, or are there really two accounts with identical name/rank/league?

@ember osprey Hi, yesterday, I interacted with several users having problems with US-East-Regular-1 and US-West-Regular-1, and some of them had success after switching to EU-Regular-4
my personal experience:

• US-East-Regular-1: not working (despite ping 10.10.10.10 working OK)
• EU-Regular-4: working fine
  do you have a view about which VPN servers work/do not work at the moment?
  thanks for your help

Gave +1 Rep to @ember osprey (current: #1 - 5760)

Hello. Lately, I've kept having problems with the AttackBox. You see, if I leave it unattended for too long (like a few minutes), it automatically disconnects and I cannot connect back again which forces me to terminate it and start again. Even when I am busy on the AttackBox, sometimes it freezes so I refresh the webpage and the AttackBox is somehow gone, so I have to start a new one again!

I am using Tryhackme on Chromium Version 137.0.7151.68 (Official Build, ungoogled-chromium) (64-bit)

thanks for the feedback

Gave +1 Rep to @dapper scaffold (current: #3070 - 1)

Can anyone explain me why am getting invalid url?

maybe this helps: #site-support message
check chat messsages before and after in the chat chain

Thanks you so much

Gave +1 Rep to @upbeat quarry (current: #14 - 635)

He actually exposed the room he is submitting for. But yeah eventually if someone get to my writeup which people will eventually but they will not know my identity here. Because both are completely seperated from each other.

I cancelled my subscription(on 30th july) still i got subscription for another month even tho i didn't pay. They are not replying my email , what should i do?

When did you mail them?

Okay i have a issue aswell, my machines are getting terminated out of no where. 30 mins ago i was doing a room and the machine i was working in just did a shutdown. Is this common thing? Its not only today that i have this issue its something i had for the past weeks.

Hello I have two questions : Is it possible to reset a learning path ( I have been out of it for a while and i want to do a redo for my jnowledge check)

Second question: When I do try to enter snort ( where I seem to have been last time) I can't I only get this

3 aug

this message (#site-support message) reported today similar issue, but for THM AttackBox
my personal experience is that is not uncommon for machines to terminate before their expiraton time, but it more often happens to my AttackBox in the morning (UK time), and I associate this to THM starting their day by fixing the issues of the previous hours/night, with some disruptive effect on their infrastructure Just my interpretation 🙃

Thanks for your timely response!

Gave +1 Rep to @ember osprey (current: #1 - 5762)

Thanks for reaching out @upbeat quarry . At the moment US-EAST-1 and EU-VIP-1 and EU-VIP-2 are definitely down . I will forwards the issue to staff now to see if they have more info maybe 🙂

Gave +1 Rep to @upbeat quarry (current: #13 - 636)

You can reset the whole path but you can reset individual room progress by going to Options > Reset Progress

For subscription related problems reach out to support directly on the email below

Problem is I can't enter the room because I got that message as depicted instead<< the problem seem to have resolved itself, ty KGB

scroll down a bit you should be able to click ok and be redirected to a room

Hello , there is a problem, i am at Linux Fundamentals Part 3 Task 5 , and I typed English but it said not English

I can’t send image to this chat..

@clear star

follow link above, then you can upload files

Ok I got it thank you

There is my problem

try another signal, as per room material

It seems like only that question have that problem

what I meant is that SIGKILLis the wrong answer
granted, that warning by THM about using English is misleading
refer back to room material for the right answer, concentrating on the word in bold in the question (cleanly)

Oh I got you😂sorry my English is not good, appreciate for your help and patient

Hi all, I tried to insert SS here but could not.
I got a discount email from THM stating that :
"This discount gets you 6 months free on an annual subscription"
but when i click on it and go to the THM page it says and gives 5 months ( Every small details matter).

@bright folio

you can insert SS after you follow the instructions from the link above

The email with : 6 months

when following link and try to get premium : says 5 months

My understanding is that enquiries about subscriptions is handled by email using the link coming below

@bright folio

Yeah, I just wanna be sure I got 6 months and not 5 🙂 , also its more professional for THM as well if the advertise their promotion correctly.

I guess THM will first check if that email was legit

@deft quartz hey, anything I can do now?

To try and have connection

yeah so can you ping or reach 10.10.10.10

via the browser

the label connected or not connected label on the website is broken iirc

someone help me this

Which region are you from?
I don't think it is allowed to tell you how to circumvent this.
But as the message says, there is still a lot of free stuff on THM you can check out.

I am at East Asia

Which country exactly?

Taiwan

Enumerating Active Directory

for the life of me I can't connect to this room, it's like tinder, I'm supposed to have a match but nobody is answering my messages

I connected to the vpn, I put the DC in my dns settings, but zilch

are you using THM AttackBox or connecting through THM VPN?

vpn and my own kali like God intended

anyone have sol to this

can you ping the IP of the DC?

no I cannot, I tried both leaving the dns settings empty and putting it in network settings in kali but in both cases I can't ping the DC

ip route does seem to indicate it can reach the network though

a few more checks first: is the status of the network running, like mine is in the screenshot?

yes it is

I am voting for a reset but I have to wait an hour

as a precaution, as it has only 23 mins left, extend it by one hour right now

ok

Yes, there are unfortunately restrictions for this country

I need to finish some chores might check back in a bi thanks

OK, ping me when you are back, I may be around, otherwise someone else

I sent out the last vote to force a reset, how I can ping the DC again, thanks for helping

Gave +1 Rep to @upbeat quarry (current: #13 - 637)

Does the VPN US east 1 repaired?

I am on EU regular 4 in the meantime

it does not work for me, despite several attempts today
this morning, I checked that EU-Reg-4 worked, as well as EU-VIP-1 and EU-VIP-2

@upbeat quarry ok I will check from time to time if it's repaired

How does the Recommended Challenges work? Does it check the rooms I have completed and able to recommend challenges I can answer from easy to hard, or it is random.

Though I am still on Cyber Security 101 path, I want to take challenges that will reinforce what I have learned so far.

pretty sure it tracks your learning path and goes on accordingly to give you challenges

but if you're on cyber101 keep learning as none of the challenges are THAT easy imo

but it will never hurt to try an easy challenge still

Not yet i think 🙁

It shows challenges related to the topic of your previous ones 🙂

Hi guys, where can I ask about renewing my subscription, please?

Hi , for subscription related questions reach out to support directly on the email below 🙂

Sweet!!! Thanks @ember osprey !!!

Gave +1 Rep to @west chasm (current: #56 - 179)

hey, i actually have no idea if im being paranoid but better be safe than sorry. while i was doing a ctf on a kali VM of yours (yes the VM on the browser). I had that VM serving a http server on port 9999 to transfer a file to the target machine of the ctf, usual stuff, but out of no where i start getting spammed with requests from this ip: 199.45.154.142 (on abuseipdb.com it has 100% Confidence of Abuse and 6471 reports). i will send a print of the requests sent to the vm (the first request is mine) https://gyazo.com/0ba050b42a5b66412916d89d92062d5b

who should I contact ? this room is broken, since we get that a necessary library for ruby is missing (thus ruby can't be used which is necessary for the root flag) https://tryhackme.com/room/empline

you have this channel for reporting (and documenting) bugs #1333993673381253162

Hello!

Can I ask how the 6 months free on the annual premium subscription works cause on the invoice it isn't showing anything?

something is wrong with the attackboxes on the site, today they stopped responding to me 5 times

you can check when your subscription ends by going to https://tryhackme.com/manage-account/subscription while logged in
otherwise, for anything commerical like subscription, it is best if you turn formally to THM support at the email address coming below

@visual karma

I couldn't find an email on the website that's why I asked on the discord

Thank you!

I think you will find it also indirectly by navigating your way through the THM bubble you can see at the bottom right corner of THM web pages, as per screenshot

Yes, I'll try to find more as I wait for a reply

Hey Guys, good morning, just wondering if anyone else is having issues getting to the network on 10.201.0.0 255.255.128.0 on tryhackme?

Im using openvpn on my mac. I am able to get to 10.10.10.10 (pinging just fine), but the target machine i am trying to get to is 10.201.58.108 and I cant get to it all (not pinging either).

I have tried EU, US-West and US-East openvpn config, and I got the same result.

when connecting to vpn, i can see the route being added in 2025-08-06 07:00:03 /sbin/route add -net 10.201.0.0 10.6.0.1 255.255.128.0 and confirmed with a traceroute that my first hop is to 10.6.0.1

From here im not sure what else i can do, any ideas or assistance would be greatly appreciated

US-East has been down for me since the WE Several users have reported similar experience in this channel
I do not know about US-West
I can confirm that these VPN servers work for me at the moment: EU-Reg-4, EU-VIP-1 and EU-VIP-2

I have not had that experience so far today
some users have complained of similar experience over the past few days, as far I can see in this channel, but it seems to appear as a temporary issue usually

Hey Shy1, Thank you!!!!! i tried EU-Reg4 and that is working now. Go figure the one you don't try works...lol

Gave +1 Rep to @upbeat quarry (current: #13 - 639)

hey guys i need your help
i play ctf in thm Instead of using AttackBox I want to use OpenVPN (on local VM) to access the target machine. I entered the target's IP in the browser but it's stuck on loading. I tried pinging the target IP from terminal and all packets are received. Also the access page shows that the VPN is connected. How do I access the target?(without AttackBox) I did all the steps i.e. download the config file, run the 'openvpn' command and the VPN is connected successfully. Just the target isn't loading.
is this server issue or what please let me know

can you ping 10.10.10.10

did you run an nmap scan?

maybe the webserver is running on a different port

or just not booted yet

ping works perfectly in 10.10.10.10 and also a target ip even port 80 is open
but when i search in firefox or any other browser it load till the end and never reply

well im in EU(IRELAND) server and IND vpn server

that could be an issue

what issue

that you are on a indian vpn server

but are in eu

so what is a perfect one

i would pick the EU ones since you are in the EU

always pick the one closest to your physical location

now you are sending data from ireland to india and back (thats very far) while you can send data from ireland to somewhere in the EU (not very far)

yep i'll try

hey, I have troubles making AD Tier Model room to work. The services on the machines keep stopping and I'm not able to start the tasks

@deft quartz still not working man

Can you see your ip reflected on 10.10.10.10 ?

@ember osprey what do you mean sorry , im newbie

i think no reflection it says
ping 10.10.10.10 (10.10.10.10) 56(84)

with your browser, when you go to 10.10.10.10, do you see your tunnel IP address reflected in the web page, like I see mine (10.23.59.253) as per screenshot?

Look at the image above 🙂

Thanks 🙂

Gave +1 Rep to @upbeat quarry (current: #13 - 640)

This thing also never showed up it loads till the end with no response,but i can ping with it

Hey THM team — I’m having an ongoing issue where I can’t reach any deployed room machines. VPN connects fine (tun0 up, IP assigned), I can ping 10.10.10.10, but every box in the 10.201.x.x range times out.

I’ve tested:

• Multiple .ovpn config files (default + region-specific)
• MTU tuning (mtu 1200)
• Clean firewall (iptables ACCEPT all, UFW inactive)
• Routing table correct: 10.201.0.0/17 → tun0
• curl and ping to room IPs hang every time
• I’m on physical hardware (Parrot OS), not a VM

This happens across all rooms, not just one. I suspect I’m stuck on a bad VPN exit node. Can I get reassigned or have this looked into?

Thanks!

Open up new terminal and run this cmd
sudo ip link set dev tun0 mtu 1200

looks like you may have the MTU issue
I suggest you run the VPN troubleshooting script that THM makes available here: https://github.com/tryhackme/openvpn-troubleshooting
if there is an MTU issue, it will flag it and propose a correction
please provide feedback

agreed 🙃

I did that. trying the vpn troubleshooting script now

and thanks of course 🤣

Gave +1 Rep to @ember osprey (current: #1 - 5771)

Yeah man I'll try it 👍

have you tried EU-Reg-4? that one has been consistently working for me
also, please pick up a target VM as a benchmark, so we have a common ground I suggest you choose this one (https://tryhackme.com/room/picklerick), as it responds to pings and has only 2 open ports (22,80), hence loads fast

can you provide more details? are you referring to the Windows services?
I have not done that room, but starting the target VM seems to provide a stable environment for me

@upbeat quarry thanks man it works

Gave +1 Rep to @upbeat quarry (current: #13 - 641)

[-] Script is being run as a low-privileged user
Would you like to run this script with higher privileges automatically (Y/n)? y
[+] Re-running with root permissions
[+] Stable internet connection
[+] OpenVPN is installed
[+] tun0 exists
[+] tun0 IP is in the correct range
[+] Only one instance of OpenVPN is running
[+] Confirming connectivity
[+] MTU value OK
[+] Connectivity checks completed!
[+] You are connected to the TryHackMe Network
Still can't accesss VMs including Pickle Rick

what is your current VPN server?

us-east-regular. I am going try another

US-East-reg-1 does not work
use EU-Reg-4: works for me and lots of other users as reported in this channel

i cant access the DC in the authenticated AD enumeration room, can i get a reset on it?

Woot! You fixed it! Thanks much!!!

Gave +1 Rep to @upbeat quarry (current: #13 - 642)

@ember osprey thanks for that code man it works

Gave +1 Rep to @ember osprey (current: #1 - 5772)

you have to add your vote so the reset happens when the quota for the reset has been reached
an alternative is to leave and join the room back again:

• advantage: you are assigned to a different network instance (i. ei. different IPs), and that may be a cleaner environment
• disadvantage: you are assigned to a different network instance (i. ei. different IPs), hence you may have to redo some commands to reflect the new IPs

i already added my vote, but i gotta get another vote~

yeah im in the same network instance after rejoining 🙁

wait 10-15 min after leaving before you join back

I also had trouble connecting with openVPN, switching to EU-Reg-4 worked. Does this mean everyone should just stick to using EU-Reg-4 ?

VPN servers not working is a temporary situation
you do not have visibility as to which one is working or not working
either you play around and discover for yourself or you come to THM Discord in #site-support to find out what other users have reported
some users, like KGB, have special roles (i. e. moderator), and seem to get direct info from THM, that gets passed here
of course, you always have the option to reach out to THM support via email (link coming below), but then you are in a queue that may take days before your turn arrives
personally, I cycle through through VPN servers (and regenerates) in case something fails, and I use the same target VM to test against (for instance Pickle Rick room: https://tryhackme.com/room/picklerick)

@forest rover

makes sense. I think I will just download the file for every server and cycle through if there is any issue. thanks a lot for the detailed answer.

Gave +1 Rep to @upbeat quarry (current: #13 - 643)

cant react to ``Bastion v1.6-badr (savagenj)

Target IP Address

10.201.7.111`` i am using cloudflare. if i add google dns sometimes i can reach but when remove google dns doesnt reach at all. thm vpn connected

which THM VPN server are you currently using?

VM is located in US East (N. Virginia)

that one does not work for me, and lots of other users
EU-Reg-4 works for me, and lots of other users I suggest you use that one

username CyBerKai the 'Start Machine' Showing error that TryHackMe currently at capacity

sorry, I need to know which VPN server you are getting your tunnel IP from

username CyBerKai the 'Start Machine' Showing error that TryHackMe currently at capacity

that is temporary, you can expect that situation to be fixed in a matter of minutes, in my experience
be patient, refresh and try again a few minutes later

Bastion v1.6-badr (savagenj)

Target IP Address

10.201.19.129

Expires

that is info for the target VM
that will work or not depending on the quality of your VPN connection
hence: which VPN server have you used to download your VPN file from THM Access page?
[back in 30-45 minutes]

in-reg-1

Hi

I can use that server too, and I can reach a target VM I have just started
so, do you have a target VM up now that you have trouble with?

EU-VIP-1
Internal Virtual IP Address

10.11.145.49``` i am using this now but same issue.

what is the issue: ping, nmap, browsing?
and what is your target VM?

its dns issue i think. thm att box doesnt connect with cloudflare wrap enabled. need to disable cloudflare wrap.

Global
           Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 1.1.1.1
         DNS Servers: 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 9.9.9.9 149.112.112.112 208.67.222.222 208.67.220.220
Fallback DNS Servers: 2606:4700:4700::1111 2606:4700:4700::1001 2001:4860:4860::8888 2001:4860:4860::8844 2620:fe::fe 2620:fe::9 2620:0:ccc::2 2620:0:ccd::2

``` i just added those dns. but if i connect warp then att box ip unreachable

need to disable warp

I think some users have indeed reported issues with Warp enabled
so if you can disable that, that would be a good move
[I may be back later]

you can search THM discord for warp under #site-support to collect past messages about warp, as per screenshot

https://tryhackme.com/room/adauthenticatedenumeration

The network isn't starting for me... it's been about 10 minutes stuck on startup

It's up now... sorry.

please fix cloudflare issue.i cant just use google dns because only using non cloudflare dns i cant visit some site

again using cloudflare warp enabled cant visit att box using thm vpn

i disabled wrap cli but using smart dns which work. wrap cli doesnt work

Back at it again, I am starting to think open vpn just hates me lol

Even on my host box I am unable to reach THM

I have tun0 and can ping 10.10.10.10.10, but the site says I am disconnected on the top right, and when I try to scan the target box IP, it just stopped at loading on browser and termina. Any idea why? I have downloaded multiple THM openvpns, but none worked.

Hey gus I am doing "Nmap Advanced Port Scans" and I am facing this error. I can't make out how to solve it. Moreover I noticed that sometimes using some flags like -sA I am not getting the result as I am supposed to get. Please help

Anyone else having trouble with the clipboard in the attackbox? It worked before but it hasn't worked for days now. Control shift c doesn't work. Also the clipboard menu doesn't appear at all. My settings in the Brave set for allow the site to use the clipboard. Is this a common problem now?

Try using another browser like chrome. If it works, it means the browser is the problem. Maybe it got updated.

which VPN server are you usring?
best to avoid using US-East-Reg-1 at the moment

you seem to have a strange syntax when it comes to specifying multiple IP addresses I would expect you would have to use characters like comma or hyphen
which task are you are doing with that command?

I have used like 4-5 different servers brother

EU-Reg-4, EU-VIP1 and EU-VIP-2 have worked for me all day long Have you used any of these?
also, on Windows, are you using Openvpn Community Edition, which the flavour THM expects for Windows?

I've tried EU-Reg-4, I have tried Kali Ubuntu Parrot and Windows 10 home.

I have disabled every adapter option other than my wifi and openvpn and checked my PFSense and wire guard.

I have checked the routes

@upbeat quarry

I've tried it hypervised and home system. I've tried open vpn and open vpn connect

dealing with the same vpn problems. haven't had a problem with them until now.

we can make some tests in parallel if you have some time
we can use this common ground:

• I am connected to EU-Reg-4
• I have started a target VM (Pickle Rick)
• using that VPN connection, I can ping and nmap Pickle Rick IP address (10.201.14.214)
  maybe you can start a VPN connection on EU-Reg-4 and see what happens when you ping and nmap the Pickle Rick IP? Please provide screenshots similar to mine

which VPN server are you using?

US east

gonna swap servers and try again

that is the one I would recommend you do not use
I have had no success with it since the WE, like many other users in this channel
I suggest you make some tests with EU-Reg-4 to make everything work
after that, you may get better performance with other VPN servers closer to your location

It appears to be working now, which is confusing. I am on EU-Reg-4 like I was previously but the connection is up and established. Not sure what changed but shit ill take it lol

EU-VIP-1 and EU-VIP-2 have worked for me also, if you need alternatives

Unfortunately im not paid yet, working my way through the free rooms after that ill pay

understood, EU-Reg-4 has worked for me since the WE

clipboard for THM AttackBox works as usual for me
10-15 minutes ago, the machine was very laggy, and I restarted it
the screenshot was taken after the restart: it shows the clipboard box in the middle is there as usual
I am using FireFox
I know there are ways to tweak browsers to behave differently in relation to clipboad, and for that you may want to have a look at this past message: #room-help message
personally, I avoid customizing my Firefox instance beyond a couple of extensions (mainly ad-blocker and dark mode)

which VPN server are you using? best to avoid US-East-Reg-1 at the moment
I you have stable VPN connection and can ping 10.10.10.10, please browse to that same IP address (10.10.10.10) and provide screenshot

Where can i see my discord token i registered with here? I realised that i got 2 THM account and not sure which one i used here.

check this screenshot

This i know, because i have 2 separate accounts. My problem is that i am not sure which one i used to reg. here.

not sure, probably KGB, or another mod, can help you with that
I suggest you ping them when you see them available

What's the issue exactly 🙂 ?

did you ever figure this out? ive been dealing with this for days. tried different servers as well. figured it was something on my end so i tried htb openvpn just to see and connected immediately? really frustrating

is it just me or everyone get disconnected from the attackbox machine every while ?
it happens like every 3 mins or so while i am reading the content of the room
when its on idle or while i am using it sometimes

so far i've got disconnected like 30 times since the morning until tonight

i uploaded one write up of whats your name? room. Can I know how long my write up can public

Works fine on my side

@eternal granite @topaz elm Try to use EU-regular or US-WEST at the moment . Access page on THM's website is broken - ignore it . If you access http://10.10.10.10/ in your browser your connection is working properly 🙂

i asked the built-in ai and it was saying that it could be some connection issues ...
but i used multiple devices and internet networks and it has the same issue

so either the ISP is having that kind of issue or it is just the attackbox machine that could be heavy on the thm network
it is a "windows server 2022 data center" type

happening to me as well. I'm getting US server instead of the usual Ireland one

the web service says machines are joined but after some time they stop responding and can't start doing the tasks

Hi THM support team.I face too much this instance termination specific on AD machines every day.

Please tell me how to fix this or what I should do to have less this message on screen.

Thank you very much.

Because it takes time to set up everything and in the middle of work I should start over.

I also see such messages from time to time, not only for specific machines, but for random machines from the room I'm playing with

I'll play with that rooom later today, and report back

OK

@eternal granite

Try to clear your cache and relog

Just did it my machines were reconnecting every 30 sec.

@upbeat quarry web services went down again, but I found the script and run it manually and check the progress text file for the flags

i cant connect to the target machine server using remmina it worked the first time but the machine is not connecting event after running new machines

are you using THM VPN or THM AttackBox?
which specific room are you doing?

attackbox

right now i got connected to the rdp but after executing commands a minute later it closes down

Windows Privilege Escalation Task6 Machine

Now this happens in my task7

https://tryhackme.com/room/windowsprivesc20: this room, right?
I have just connected to that target VM for Task 6 using remmina from THM AttackBox
screenshot shows the corresponding Target Machine Information: can you post similar screenshot for your instance of task VM?

I'm in the moniker link room and I'm having connection problems to the target machine as well, it keeps disconnecting me informing me that I have a weak connection but my internet speed seems to be fine (62.86mbps download/82.27mbps upload)

I tried both the web lab and tried Windows OpenVPN then connect directly via RDP. Still the same result.

Okay, nevermind I solved it by connecting to the target machine using the attackbox.

It was happening to me too but I thought it was my internet when both machines got reconnecting messages but after a while on another task my target got disconnected while the attackbox was working fine

What is the VAT of 20%? Is it some kind of tax? I'm not even living in UK:

ad machines are kinda heavy because it uses windows server 2022 data center

I am experiencing also RDP disconecting from the target, as per screenshot
my command was xfreerdp /v:10.201.45.182 /u:'THMTakeOwnership' /p:TheWorldIsMine2022 and that session kept working for 5-6 minutes (top red rectangle), then dropped without reason, and then I could not restart it (bottom red rectangle)
for the record: this is Task 6 ("Abusing dangerous privileges") of "Windows Privilege Escalation" https://tryhackme.com/room/windowsprivesc20
I will try again later, but I have other RDP issues in another room that used to work a few hours ago ("AD Tier Model": https://tryhackme.com/room/adtiermodel): same creds as this morning no longer work this afternoon
so my conclusion at the moment: temporary issue on THM infrastructure

I experienced the same issue with xfreerdp

Once disconnected then it pops up with an error

thanks for that tip
on my side, this morning, I started the DC and the workstation, and went through task 1 and 2
for task 3, I could collect flag1
this afternoon, I wanted to carry on but the RDP sessions no longer work (the creds are no longer accepted, but I also noted that there is no warning about the certificate)
I tried remmina and xfreerdp, DC and workstation: no luck
in case you get back on this room, I am interested to know if it works for you

Gave +1 Rep to @stuck sorrel (current: #1529 - 3)

Did you have any rooms in which you could use the RDP on our personal systems and which caused an error? My next room involves connecting via Remote Desktop Connection.

https://tryhackme.com/room/owaspapisecuritytop105w

by personal systems, do you mean a local VM (like Kali) connected through THM VPN? then the answer is no, just because I usually use THM AttackBox

not on the vm

but on my og windows.

do you mean RDP from the host? like connecting through VPN from my Windows 10 host to THM target IP?

ya

then no, as I never do that
if you do, please realize there is a risk, as your host is then connected via the VPN to all other THM users, who then can poke at your host in a dangerous way Of course, you can harden your host, but some script kiddies are good
so, my preference is to run a VM to THM VPN, and not keep anything sensivitive on it If that VM gets compromised, I can just delete and create a new one

so i will just run it on kali VM then

thanks

@marble breach we want a subscription for business how do we get hold of sales person?

Get in touch with support on the email below

Thanks

Hi! I'm able to connect to the attack box and target machine, but I can't open the cowsay page to complete the OWASP Top 10 - 2021 exercise. My connection is working. Any suggestions to fix this? Is it an issue with the firewall?

the target machine IP is 10.201.91.241, as I understand it
can you nmap that IP?
also, when you say "attack box", do you mean you are using THM AttackBox in-browser machine as attacking machine?

Yes, I'm using the THM AttackBox. I ran a nmap and the port is open.

are you using Burp?
if Burp is shut down but you left FoxyProxy active on your browser, that would cause that kind of issue
another scenario, is that Burp is running, with FoxyProxy active, but Intercept is on inside Burp

My status is active, but it's saying it's paused when I try to access premium rooms. Does anyone know what the issue is?

For account / subscription issues reach out to support directly on the email below

i have problem using gdb on my kali container arch amd , cause im using a mac arm

Is the red team capstone challenge not available anymore?

Hi TryHackMe team, I’m Rohit from India. I’ve been trying to get a yearly subscription but I’m facing issues. I tried using 8 different cards, including a credit card, and I’ve already enabled international transactions and e-commerce on them — but the payment still doesn’t go through. Can you help me with that

Im currently working through the Microswoft XDR rooms. There is a MS account given to follow the walkthrough. But that account got banned by ms lol

Try to post in #defending-azure-path

For payment related issues send an email to support on the address above

in the Red Team Capstone when shell proxychains bloodhound-python -d corp.thereserve.loc -u user -p "pass" -c all -ns ip --dns-tcp error ```json [proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4

[proxychains] DLL init: proxychains-ng 4.17
INFO: BloodHound.py for BloodHound LEGACY (BloodHound 4.2 and 4.3)
[proxychains] Strict chain ... 127.0.0.1:1080 ... ip:53 ... OK
INFO: Found AD domain: corp.thereserve.loc
[proxychains] Strict chain ... 127.0.0.1:1080 ... ip:53 ... OK
[proxychains] Strict chain ... 127.0.0.1:1080 ... ip:53 ... OK
Traceback (most recent call last):
File "/usr/bin/bloodhound-python", line 33, in <module>
sys.exit(load_entry_point('bloodhound==1.8.0', 'console_scripts', 'bloodhound-python')())
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3/dist-packages/bloodhound/init.py", line 314, in main
ad.dns_resolve(domain=args.domain, options=args)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/bloodhound/ad/domain.py", line 726, in dns_resolve
q = self.dnsresolver.query(query.replace('pdc','gc'), 'SRV', tcp=self.dns_tcp)
File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1363, in query
return self.resolve(
~~~~~~~~~~~~^
qname,
^^^^^^
...<7 lines>...
True,
^^^^^
)
^
File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1320, in resolve
timeout = self._compute_timeout(start, lifetime, resolution.errors)
File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1076, in _compute_timeout
raise LifetimeTimeout(timeout=duration, errors=errors)
dns.resolver.LifetimeTimeout: The resolution lifetime expired after 3.106 seconds: Server Do53:ip@53 answered The DNS operation timed out.

What is the 6 months free ice cube that's on the annual subscription? I was expecting it to mean that I'd be paying half what was shown on the price. Or does it mean I get 18 months?

I made it till task4, for task5 it needs configurations that are in task6. Not sure how the env will behave today

Gave +1 Rep to @stuck sorrel (current: #1228 - 4)

thanks for the response
I am really curious to see how it goes for you, as I have just tried again, and it keeps failing (and yesterday morning it was OK)
I am documenting my attempts below, so I can use that evidence in case I have to open a ticket or report under #1333993673381253162

• target IP is 10.201.5.200, as per first screenshot
• using xfreerdp
  • command is xfreerdp /v:10.201.5.200 /u:'THM\Administrator' /p:Password321
  • result: login failed The user name or password is incorrect. Try again (second screenshot)
  • alternative command (so username and password are prompted): xfreerdp /v:10.201.5.200 (third screenshot), and same result
• I have also tried with remmina, but same results with 2 flavours for username syntax (last 3 screenshots)

Gave +1 Rep to @stuck sorrel (current: #1057 - 5)

I had such behavior not accepting the user/pass during my "tries" to play the room during past 2 weeks. Something is wrong with this room. The web services that check if machines are synced also stops after few minutes and I had to dig and run the script that checks the flags manually. You may write these things to your report.

so, you are saying that some day user/pass works, and some day it does not, right?
about syncing, I'll keep an eye on that, when I have access to the room Actually, I thought intially I would do a first pass at the room without the workstation (and without the syncing), and have a second pass with the workstation

Hello guys i need help for the breaching ad box. I cant start the network and i can't reset it on my account. It's failing

first refresh the web page: the network may actually have started and be in the state of running, but the web page needs refeshsing to reflect that

correct

okay i'll give a try

I'd refreshed my browser but the network state is still stopped.

should i reset all the box ?

now it works

i'd to leave the room and check in again

good move, that is the way

thx ❤️

just restored the env to flag5 and it doesn't accept admin's user/pass

@upbeat quarry I feel sorry that I didn't finish the whole room yesterday when I got the env working correctly 😄

500 error is a server side error right?

Yep. 5XX Errors are server side errors. 4XX are bad input/user caused errors traditionally at least 🙂

In your case the target machine application errored out because it received an empty authorization token and likely doesn't properly null-check / null-proof it.

ya let me check once again

Yeah , you're missing your token 🙂

Is there a way to generally disable the ai chatbot "Echo"? For some people, it might be useful. For me, it is just annoying to disable it in every room separately. Any ideas?

hello i paused my thm subscription, is that mean i cannot do any rooms now ?

hello, i'm connected to the vpn and i have the response from 10.10.10.10 on the browser but in my room, i can't acces on the web page. I can ping, scan the port 80 but can't load the page but it's work with kali from the website tryhackme. Any idea ?

you may have the MTU issue: open a terminal and enter sudo ip link set dev tun0 mtu 1200

check the answer from KGB: #site-support message

Please don't instance termination my machines today it happened for me 4 th time today.

Please STOP 🛑 I am premium paid member.

I can't tolerate that. Anymore.

of course: I feel the pain
on my side, still not able to login:

• I had hoped that leaving the room and joining again would help, but no
• I also reset my progress, but not useful
• did the same on the companion room for the workstation, but not useful
• repeated the above steps multiple times
  my conclusion: the room is broken

Hello there,
I want to buy a premium yearly subscription with the current -25% offer
The new price if correctly shown on the pricing page, but when I click "Subscribe Now" the price is not correct (126€, full price, must be 94,56€), no coupon is applied, someone now why ?

Right now it happened again PLEASE STOP.

It is extremy annoying direct before the last command that I should get the flag text someone shot down the server for some reason.

Please stop. or send me the reason in DM. Thanks

Currenlty no

That doesn't depend only to you nor it's only THM side problem , it's probably related to their CSP also . Btw that thing is automatic , nobody is terminating your machines intentionally 🙂

But yeah , I totally understand you , it can be really frustating 🙁

Which room ?

Directly before the last flag happened. Administrator access and then termination.

Still nobody terminated your instance , that happened automatically , maybr due to a limits on THM's CSP side

Thanks for your reply. That's what I thought. Now, I am tinkering on a workaraound. With uBlock, it seems, I can block it ...

Gave +1 Rep to @upbeat quarry (current: #13 - 648)

Thanks for replying. Then it was a just a Bad luck.

Gave +1 Rep to @ember osprey (current: #1 - 5780)

in your web browser you usually need to specify the port as well you want to connect to so for example getting the webpage on the machine with ip 10.10.10.10 on port 80 you would write inside the url bar: http://10.10.10.10:80 thats my only guess

Thanks for your feedback, I just went back. I restarted the VPN and the target machine and it works. I didn't do anything else haha

@Shy1 https://medium.com/@january1073/tryhackme-disable-echo-29c3c48e54d2

thank you for sharing and congratulations for the initiative!

Gave +1 Rep to @vague zinc (current: #3074 - 1)

hello guys

Does anyone has the knowledge to deploy jupyter hub via podman compose ??

Try to ask guys in #infosec-general or #programming 🙂

that's not the correct answer

That's also not the flag . Flag should appear in a pop-up window once you successfully perform HTML Injection

I don't have Burp or FoxyProxy open. I only have the THM AttackBox open and the target machine. The link to find Joseph's password in the next exercise does the same thing.

that would be task 11 then ("4. Insecure Design"), right?
can you share a screenshot similar to mine? I have started an instance for that room on my side and launched THM Attackbox, with Firefox opening the web page at the link provided by the task

Neither Burp nor FoxyProxy are open. I only have the THM AttackBox and Target machine open. I also can't open the next exercise either.

#site-support message

so you can reach the web page with that new IP address, right?

Yes, with the one I just opened. But I can't log in now

Is there a VPN Server that's actually working? I was using EU-Regular-4 because the US-East-Regular-1 was not connecting, but now that's not even working. I'm using the attack box

you have to use the password reset feature

EU-Reg-4 works fine for me

It was working fine for me too but now it's not.

just tried eu-reg-3: works fine with me too

you know about the option to regenerate a VPN file, right?
just make sure that the regenerated file is different from the previous one (I just do a md5sum on both files to make sure they have different hashes), otherwise regenerate again

Even if I'm using attack box?

on the AttackBox your do not need the VPN files (except for some network rooms when there is a bug)
also, as a precaution, if you are using THM VPN, better avoid using as well THM AttackBox: I have become aware of this kind of precaution only recently (I think it comes up with the tryconnectme troubleshooting tool, and also in the pinned messages of the latest AD network rooms)
however: at this moment, I am running both THM VPN and THM AttackBox, like I have been doing for a long time, but I would stop one of them if I had to troubleshoot a VPN issue

That's what I'm saying is that I'm having trouble connecting while using the attack box, not the VPN files.

sorry, re-reading your first message, I realize I missed that bit

@dapper scaffold what is the trouble with THM AttackBox: is that pinging/nmapping a particular target VM?

It says my username from my THM user account doesn't exist

room material tells you that the username is joseph, hence use the password reset feature for joseph

It is the same problem I was having with my vpn connection. I can ping the server, but when I nmap scan or try to do anything else on the target host it says that it's down or otherwise unavailable. This latest instance is in the Metasploit: Meterpreter room and no session starts when I try to run the exploit with the username, password and RHOSTS set to their respective values.

Right. Got it. I thought I had to log in to get to the exercise. Thanks!

Gave +1 Rep to @upbeat quarry (current: #13 - 649)

ok, starting up that room, so we can share screenshots

I looked at the info on the attackbox right now, it's still saying region is US East, even though I've changed it and refreshed a bunch of times. I also logged out and back in, terminated the machine, etc. Still says US East

it looks like all THM boxes are in US-East, hence for me that does not matter
however, check screenshot: for the reverse shell, the hightlighted info matters

That is the ip that my machine is using. I'm still not able to start a session on the target machine, which the ip is different. I was able to just fine yesterday.

I PM'd you with some screeshots since I cannot post screen shots in this chat.

you have to verify with Discord using the link coming below so you can share screenshots

@dapper scaffold

@dapper scaffold hence better the screnshots here

Ok

I had to run the exploit 3 times, before the exploit succeeded, and I got the reverse shell
the previous times I did that room, I had the reverse shell on the first attempt, if I remember correctly

I just ran it yesterday and it worked fine

It isn't just this room

well now it

today I had a lot of issues with THM AttackBox

Ok so maybe just another blip. Ok. I think I got it to work for now. Thanks for taking the time. 🙂

you are not alone Check the pain of user Morteza earlier today/yesterday

How can i get my tags on this server?

oh i was talking about the perms like subscriber and level

Oh my bad, not sure about that.

I’m trying to do my first ever SOC simulation the first phishing one to be exact. I found a true positive and I’m trying to see if the user clicked the link or not and if I need to escalate but when I click SIEM and it loads up Splunk this is all I see. There’s NOTHING. I’ve even closed and reopened the simulation but I seriously can’t get logs to show up in here… is there another way to view logs or fix this issue?

You need to verify:
https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Thank you very much 👍

Gave +1 Rep to @knotty plank (current: #138 - 65)

I have been having issues accessing machines for the past few days. I connect to the vpn, I can ping 10.10.10.10 but I am unable to access machines. I have redownloaded my config file and even switched server locations.

which VPN server are you using?

Currently, US-East-Regular-1

best to avoid that one
earlier I tested EU-Reg-3 and EU-Reg-4, and they worked for me

I will give that a try. Just trying to pick the closer one to where I am located.

of course
I suggest this:

• try the 2 I mentioned above
• then, if that works, move to another one closer to you (but avoid US-East-1 certainly)

another channel is probably better for SOC simulation question: #soc-sim-help

Thanks, figured it’d be a website issue but you may just be right

Gave +1 Rep to @upbeat quarry (current: #13 - 650)

there is a pinned message there suggesting to check a Reddit thread, but I do not know where that is:

Ey thanks a ton dude

hello i paused my thm subscription, is that mean i cannot do any rooms now ?

i'm trying to connect to the THM ovpn server from oracle cloud vm and it looks like i'm connected, but on the access page it doesn't tell me i'm connected and i can't nmap the server i started up in a room. got any thoughts?

i can even go to 10.10.10.10 and it says "if you can see this page, you're connected" - it's really weird

in ifconfig, i get a 10.6. address as well.

I dont know if this is a bug, but the hostname for this room (www.offensivetools.thm) doesn't work. I had to use the IP of the machine (That is how I got the answer) I tried to use both attack the box and my own VM. Im just reporting it, sorry if I did smth wrong.

No , you will have your access until your paid period expires 🙂

Configure the settings per task instructions then run these commands to restart the service
sudo systemctl disable systemd-resolved sudo systemctl stop systemd-resolved /etc/init.d/dnsmasq restart

Access page is totally broken - ignore it 🙂

If you access 10.10.10.10 and see your IP everything is good 🙂

Those commands fixed the situation! When I wrote /etc/init.d/dnsmasq restart I got an error, so I suppose that is why I couldnt use the hostname. Thanks!

Gave +1 Rep to @ember osprey (current: #1 - 5782)

@ember osprey everytime i go on a room it says that my subscription is paused and cannot do nothing

If that's the case you will have to reach out to support on the email below

Thank you

How can i fix such messages after starting AttackBox ?

just click on the OK button, they have no impact, but they come back each time you spin up a new instance

oke

besides Clock and Network, what other icon is visible in the Notification Area? Whats the answer on ctf windows fundamentals 1

right-click the rightmost icon

i do it but not the word don't match , can you give the answer

the idea is to guide users, not provide straight answers
right-clicking you get the screenshot as per this message: #room-help message
question: what can you open after right clicking? from that answer, pick up the 2 words that matter

Thanks dude

Gave +1 Rep to @upbeat quarry (current: #13 - 651)

You can't , that's an issue on THM side and staff members are working on fixing it . However it doesn't affect the functionality of the AttackBox at all so like Shy said , just ignore it and press x 🙂

The machine in the room "The Lay of the Land" (https://tryhackme.com/room/thelayoftheland) doesn't seem to be working. I keep getting this screen in the split screen view.

I tried killing the machine and starting it again. I tried logging out of my account and logging back in. I tried turning off my VPN (sometimes it slows the connection). I tried connecting to it via my Kali VM and I can't ping it. I also just started another machine in a different room to confirm it's the machine and not me and I can ping the other machine no problem.

Is anyone else experiencing this? Does anyone have any possible solutions?

Did you try full screen? I had the same issue with split screen, but full screen worked.

Also, is there no option to rdp into it?

There is, but I didn't try it yet because I couldn't reach it via ping from my Kali VM

Good to know. I'll give that a try

Windows machines are not pingable by default

Ah ok. Thanks. I'll try the full screen or rdp then

Gave +1 Rep to @knotty plank (current: #129 - 68)

Hope it works and the machine is not actually down

Want to know something funny? I started the machine again while I was starting another task around the house, I just came back to it and it appears to be working in split screen just fine now...

Good to hear 👍

If it happens again, I'll make sure to try running it in full screen. Thanks again 👍

hey i think my account got hacked

could i request a ticket or something?

You can send an email to support on the address below

hellp

when i try to start my attackbox the system start and then i receive just a blank sad file on a white screen

Could you provide a screenshot or any further information?

i send it over there

Please don't send your email address in a Cybersecurity Discord server 🙏

thanks

hey guys, I am facing a really weird issue

nmap is not working for tryhackme VMs

I am using openvpn to connect to tryhackme

everything else works, even rustscan can scan for ports

but I need to find the services that the ports are running

and nmap just does nothing

it gets stuck

Hello, I encountered such a problem, I paid for a subscription last month, and this month I missed the payment and the subscription was cancelled, today I paid the invoice from the letters about the subscription renewal, the transaction went through, but the subscription was not renewed. What should I do in such a situation?

for which room exactly is nmap not working?

the room does not matter, it does not work in any of them

let's just start with one that you have tried

I have done a few rooms today and was like stuck because of nmap, after that I just decided to use atackbox just for the nmap

rn I am doing the vulnversity

I have just done nmap on vulnversity using my Kali VM connected to THM VPN as per screenshot
I am connected to EU-Reg-3 VPN server
Which VPN server are you using? and what is your nmap command?

I am connected to eu 2

nmap command just standart nmap -sV <ip>

can you do ping 10.10.10.10 when connected to EU-Reg-2?

PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
64 bytes from 10.10.10.10: icmp_seq=1 ttl=63 time=182 ms

--- 10.10.10.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 181.855/181.855/181.855/0.000 ms```

literally everything works except nmap

I can even scan the ports using rustscan

but rustscan does not give info on the services unfortunatelly

EU-Reg-2 works for me on vulnversity just as good as EU-Reg-3
what is your OS you are running openvpn on?

arch

can you share a screenshot of the openvpn command and its output?
in order to post screenshots, you have to verify with Discord using the link coming below

@soft pewter

Hi guys, I'd like to say that in the room "Tcpdum: The Bascis," I can't log in. The only option is to click the green button to log in, and nothing happens. The button is inside the virtual machine itself. There's no field to enter login details. I just click it, but I can't log in because the login details are wrong (I can't even type any). I'll keep watching YouTube videos of people who studied in the room to get a sense of what it would be like. But it would be great if they could fix this so I can study the room properly.

after you started the target VM, do you get a black window on the right, like in my screenshot?
if so, you can enter all your commands at the prompt I have hightlighted in red
as an option, you have the alternative of opening a ssh session using the creds provided as user:THM123

Well, the button isn't green anymore

which browser are you using?

Firefox

I'll try in another browser

the other day another user had similar behaviour with another room, and they switched to Chrome, and that worked for them

"Autenticação Inválida" = Invalid authentication
"Entrar" = Log in

Going to install chrome

for reference, here is their message: #1402956554092675184 message

ok give me a bit I will finish this room and come back

It works in Chrome. I'm not sure, but the error must be caused by something other than the browser itself. I use a lot of extensions to avoid tracking and maintain privacy. I don't use any of those in Chrome. I imagine the privacy extensions are the problem.

in case it helps, I use Firefox in incognito mode, with only 2-3 extension as per screenshot:

hey I am back, here you go

here is a better screenshot

thanks
if ping 10.10.10.10 works as above but nmap to the target VM does not, you may have the MTU issue
can you screenshot your browser in the VM connected to THM VPN opening http://10.10.10.10?

Gave +1 Rep to @soft pewter (current: #3074 - 1)

data chunk size or something?

btw it is not a VM, I am on bare metal

indeed, but then usually browsing to http://10.10.10.10 never terminates
try THM VPN troubleshooting script at https://github.com/tryhackme/openvpn-troubleshooting It has been updated for arch

Reach out to support on the email below

Disable browser extensions and ad-blockers if you're using some

I already wrote, as I understand they should answer on Monday. I just wanted to work on the weekend 🙁

Yeah , they don't work on weekends 🙁

Why do I get "This room is private" when I am trying to access the webosint room?

@ember osprey

Because it isn't available anymore , it has been discontinued

Try to ask in the #pt1 channel 🙂

Hi @west chasm . I am trying to pay for my tryhack me premium and the platform is not even trying to deduct from my account. It just shows a pop up message that says “your payment could not be completed at this time. Try again later”

for subscription, you will have to email to support
Support Hours: Monday to Friday 9 AM – 5 PM (UK Time).

@thorn junco

hi @west chasm is this a bug? The correct answers are 6667 and IRC but it is not shown on the nmap scan result.

You're tagging a bot.

Try adding -p- and -T4

thakns

looks like it was resolved by resetting the task and terminating the target machine.

i! where do i put my thm discord token? the image on the link doesnt represent what im seeing? thanks

I checked and the link is up to date. Shows exactly what you should see. /verify

thanks could you paste the link for me?

Gave +1 Rep to @austere horizon (current: #30 - 347)

i have the token but theres nothing on my screen that says what it says on link? im on pc?

Type /verify and enter your token

what happens now? better features? thanks

Gave +1 Rep to @ember osprey (current: #1 - 5790)

Yeah , you can upload images , gifs , add reactions 🙂

VPN not working properly for me? I'm attempting to do https://tryhackme.com/room/openvpn I'm using Windows 11 Pro on fast hardware on WIFI. I'm using Openvpn to connect to tryhackme's network. I have selected US-East -regular-1 , hit regenerate, and downloaded the configuration file. I have launched Openvpn as administrator. I have right clicked on Openvpn in the system tray, and imported the configuration file I downloaded. the status window makes it look like it's working? I'm able to connect to http://10.10.10.10/ and can see, "If you can see this page, you're connected to TryHackMe
flag{connection_verified}" but https://tryhackme.com/access shows my ip address is 0.0.0.0 , and that my connection status is "Connection Not connected"

I'm unable to access the target box at 10.201.25.104

US-East-Reg-1 is the issue
try another one, like any of EU-Reg-2/3/4

So I tried US-West-VIP-1 and it looked like it worked, but I can't even connect to 10.10.10.10 now. Even so tryhackme.com/access says the VPN server is online. Every few minutes I'm getting the message "Sun Aug 10 12:32:53 2025 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Aug 10 12:32:53 2025 TLS Error: TLS handshake failed" I will try Europe now.

@upbeat quarry You were correct, and thank you for your help. US-East-Regualr-1 and US-West-VIP-1 are both currently having problems and yet tryhackme.com/access says both VPN servers online. This is the first time I've used OpenVPN, what should I have been looking at what should I have seen to tell me that these THM VPN servers are currently broken?

there are issues at times with some VPN servers, but in addition to that the Access page is not reliable (check the Pinned Messages of this channel)
so the only way to know is to experiment a bit and/or ask around on THM Discord ( #site-support is the right channel for that)

So the third pinned message in September of last year says the access page is broken and 10 months later it's still broken?

yes
my very personal experience though is that some parts can be trusted, but like you have discovered the health status of the VPN servers is not correct

and FWIW 10.10.10.10 on US-East-Regular-1 loaded, but wasn't able to access the target box. Anyways the European VPN location is working for me.

Thanks, I didn't even figure a pin that old would be relevant, or that a THM would't fix a 10 month old problem.

Hello there. Why is there no Web Fundamentals room, but there's a link to it in Advent of Cyber? There is any alternative? It's not needed?

there is a learning path called "Web Fundamentals": https://tryhackme.com/path/outline/web

Room: crack the hash2
Task: task 5
guys this task doesn't work can someone help me out?
For example to download all words from example.org with a depth of 2, run:
cewl -d 2 -w $(pwd)/example.txt https://example.org
The depth is the number of link level the spider will follow.
What is the last word of the list?