#site-support

1 messages Β· Page 138 of 1

scenic torrentBOT
#

Gave +1 Rep to @tawdry orbit (current: #14 - 661)

arctic plank
#

Do I need a subscription or a minimal site XP level to create a room on the site?

jolly depot
arctic plank
#

nice

flat nimbus
#

Hi, I was just trying the new 'Introduction to Wordlists' room and the attackbox machine doesn't have cewl installed (necessary for Task 3). I ran an apt install but then got an error message that the spider gem is not installed. It also prevents you from running Bundler as root, and then even says that it can't locate Gemfile.
I don't know if I just got the dud virtual machine that's not configured properly or there is something missing in the room instructions.

eternal relic
granite dune
#

Hello everyone, I have a problem with the Cyber Security 101 course, Module 5, Networks, specifically Task 4, Question 1. It doesn't accept any answers and says they are all wrong.

eternal relic
granite dune
eternal relic
scenic torrentBOT
#

Gave +1 Rep to @granite dune (current: #3759 - 1)

granite dune
eternal relic
granite dune
eternal relic
# granite dune 60

you are confidently providing the wrong value, that explains it - the good news is the lab is working as expected;)

granite dune
scenic torrentBOT
#

Gave +1 Rep to @eternal relic (current: #288 - 37)

eternal relic
granite dune
# eternal relic u got it then? gg!

Yup, I tried several values extracted from the images and they were rejected more than once, but I tried again now with 40 and it was accepted.

eternal relic
granite dune
#

Yes, that's definitely what I'm trying to do. Thank you so much, my friend, for your help.

arctic plank
#

What is the expected deliverable for creating a challenge, a docker file or OVA?

ivory spruce
arctic plank
#

thx

faint terrace
stable relic
#

i have a problem in a room of search skills where it asks me "Answer the questions below
I'm ready to begin!" what is the answer to this its an introduction question

flat nimbus
scenic torrentBOT
#

Gave +1 Rep to @eternal relic (current: #281 - 38)

tulip radish
#

help me to verify my account with discord token

bronze geyser
tulip radish
gilded sandal
#

help me i want to change my email account but i cant please

tulip radish
gilded sandal
tulip radish
# gilded sandal thm

i dont think there is an option to change u should send msg to customer service

gilded sandal
tulip radish
#

try here

gilded sandal
inland smelt
#

Anyone else having rooms get stuck or crash a lot when using the attackbox? I stepped away for several weeks because the Windows Priv Escalation attackbox was a massive dumpster fire and on the setup I was using, didn't have the option to go openvpn, so just wanted to see as I was trying a room just now, room started fine, now it seems to be broken.

clever eagle
inland smelt
clever eagle
#

I guess it just happens

inland smelt
# clever eagle I guess it just happens

A lot apparently. I stepped away because of it and weeks later come back to hit up a lab this morning and bam, it's happening again. I'll use OpenVPN soon, just didn't have access to my laptop for a bit.

clever eagle
#

I'm having an issue that I reported last week, and I still haven't got any answers as to what's happening with that, so good luck getting that resolved

inland smelt
clever eagle
#

Yeah, the product manager

I accepted it too, we'll see how it goes

Perhaps she can help me get this issue resolved, if they play to keep me on the platform

trail fog
#

Can someone find my email address from my old phone not the name but like the password

#

please

#

very urgent

eternal relic
fringe fox
#

Did anyone get the problem when you complete the room and Weekly Progress "Completed Rooms" bar doesn't increase? I completed like 4 rooms, public and premium and no dice.

proud notch
#

is the server down or something rn?

low pond
#

I cant visit the site either

austere horizon
#

Yep, can confirm it is down. Team is on it.

#

Are you all from EU?

proud notch
#

yes

proud notch
hybrid pulsar
#

US is pinwheeling as well

viral timber
austere horizon
viral timber
#

I’m gonna lose my streak πŸ™

umbral ocean
austere horizon
austere horizon
austere horizon
umbral ocean
scenic torrentBOT
#

Gave +1 Rep to @austere horizon (current: #20 - 537)

twin peak
#

Hi guys/team,

i ran into some issue, I have enabled the 2fa in THM but I actually didn't setup it in my authenticator app, now it is telling me to enter the code which I do not have, any suggestions?

formal sable
#

hi, is there any problem with mumbai server? i cant start machine in room, have been waiting for 1 hour with "no available machine right now"

final linden
#

is there anyone on here who can help reset passwords? im not recieving any password reset emails.

#

i've being speaking to bigfawn however we keep missing each other

lean rapids
#

this is room is locked?

granite quail
#

Do support respond to anyone? I've had issues with synching my gmail account and none of the VPN (or Squawker) work for me at all.
Can start the machiens, can launch the vpn's from my Kali, but can't seem to communicate with each other.

austere horizon
ember osprey
wanton sonnet
#

why can't I edit my billing information when my annual sub ended - when going to purchasing a new one I can't edit my contact email for example

#

I also don't have any billing history even though I had an annual sub

#

I can't seem to access that stripe billing info page which was available when I had the sub, there was a link to edit my billing info

ivory spruce
ivory spruce
ivory spruce
ivory spruce
west chasmBOT
#

@twin peak

TryHackMe's Email

TryHackMe's support email address.

​

support@tryhackme.com

TryHackMe Socials Β·
lean rapids
feral crane
#

guys i got a problem like i had a mail my 2nd main gmail acc and it was on my old phone and i broked it i got a new one and now how can i have that mail i just remember the email name but not the password

rich whale
#

and yeah u may likely say that u have no backup of this emaiul even not that linked number, right?

feral crane
feral crane
rich whale
feral crane
rich whale
#

if its possible to recover any gmail just by its name, then any cybergeek can hack into pros gmail xD

rich whale
feral crane
#

i had a main acc

#

on dc

feral crane
rich whale
#

anyhow, whether u had main account or not, but how does google know that this man had nothing now so provide his email.

rich whale
feral crane
#

bro

twin peak
twin peak
scenic torrentBOT
#

Gave +1 Rep to @west chasm (current: #44 - 268)

teal musk
#

not sure if this is the right place, but ill go ahead and ask

#

i have kali linux in a virtual machine, and im trying to access the THM website in the browser

#

i can access any website fine except for THM

#

ill show a screenshot

tacit needle
#

Are you using the attackbox on thm?

#

Ok hold on what exactly are you trying to do?

teal musk
#

not even that, it's trouble accessing the main website

#

wack i cant share a screenshot

#

but it says "page failed to load, something went wrong while loading the page"

#

but outside of the vm, i can access THM just fine without issue

#

i have to go for lunch but ill be back

rotund patio
teal musk
hearty karma
#

Hi the Attack box (FlareVM_Defensive_Security_Toolingv6---badr) in the FlareVM: Arsenal of Tools room keeps freezing. Been like this for 2 days so I cannot finish the room. Any help would be greatly appreciated! πŸ™‚ tried restarting it multiple times.

eternal relic
timber sky
#

Hello, I am thinking of buying premium annually, if I have made a year purchase, I then cancel my subscription, will I have my Certificate of completion for each path permanently or during the subscription period only?

gilded latch
thorn hamlet
#

hey, I would like to change my discord token. I had an account before, but I made myselfa new one so i can start fresh.

hasty drift
#

I’m doing the Hoppers Origins, and the VPN access has stopped working.

twin peak
#

Hey there,

We regret to inform you that we are unable to verify ownership of your account. πŸ™βŒ
If you wish to continue using our service, you will need to create a new account with us.

We apologise for any inconvenience and welcome you to reach out with any further questions.
​
ο»ΏKind regards,
BigFawn
TryHackMe

#

I even got the JPT from that account, still they told me they were unable to verify the ownership of the account

dull silo
#

Hey, is there an error with the weekly challenge? I should be done with the complete 2 rooms quest by now but its still 0/2

thorn hamlet
#

Hello. is there a discord mod online, I would like to change my Discord token.

tacit needle
rugged dew
#

Hello, which admin do I need to ask permission from, so that I can follow some channels

weary spindle
#

Support would tell you that you need to contact a mod.

velvet mist
#

hi! I'm trying to figure out tryhackme. I use kali and virtualbox. I connected the vpn, but the pings do not go through it. Who knows what the problem is? network - nat

split socket
#

hey am I the only one receiving this msg " Oh no, an error occurred whilst starting your machine. There was a problem, please try again later. " whenever I try to run an attackbox or a virtual machine :(
EDIT: nevermind I 'solved' it by using a chromium based browser, I hope they'll fix it soon if it is a general problem

ivory spruce
ivory spruce
ivory spruce
left dock
#

hey man, did you find a solution for this

civic plover
thorn hamlet
dawn glacier
#

where and how do I manage email or any kind of notifications?
I want to receive them especially for the streak

deft prism
#

How can I become a cybersecurity professional? How much does Tryhackme cost? It's paid, but I want it for free; I'm new.

tacit needle
#

You can do a bunch of tryhackme for free

#

but it is worth the cost for a sub

eternal relic
tacit needle
eternal relic
tacit needle
#

if I have the finances I would like to sign up for premium again but for now free is fine there is still plenty to do.

warm hinge
#

the VM in the file inclusion room repeatedly stops working after exactly one input attempt, forcing me to terminate the machine and wait for it to start again, unless i use the attackbox. i've tried restarting my VPN connection, but every time, i load the website, click one of the labs, type in one file to include, and it loads the first one fine. but after that, every time i try to reload the website, load the home page, load it in a new tab, or type another file inclusion, it hangs indefinitely. i tried the attackbox as a last resort and it worked for some reason, but i really don't like using the attackbox.

eternal relic
warm hinge
#

i'm using us-east-1, i'll try 2 next time it comes up but i'm already past needing this VM. i usually have no problem with the VMs.

#

in the remote file inclusion playground, it can successfully download the file i wanna serve it from the terminal and the lab claims to load the file, but it's not showing anything on the webpage, and after changing the file i was trying to send, i don't see any requests reaching my python terminal.

#

changing the file again and back lets me see the contents of the second file

#

but neither the php result nor the code itself is showing up in the first file i tried

steady aurora
#

Hi, I've looked in my emails. I have the invoice for my PT1 exam but not the actual voucher

#

The invoice is May 27 2025 so I need to write the PT1 exam ASAP

#

I was planning on taking the exam today but didn't realise I'd have this hiccup

safe geode
#

VulnNet: Roasted nothing works on the machine, smb, looksupid etc. timeouts

proud ember
#

Heyo, everyone, I am just curious about the monthly leaderboards and how they are calculated, according to my region, and my score last week alone, I should be number 3 right now.... but if it is about LAST months score, I do believe my leaderboard score should be higher than it is anyway... so how is it calculated and when and how often is it updated?

steady aurora
#

Done πŸ™‚

sly oriole
scenic torrentBOT
#

Gave +1 Rep to @steady aurora (current: #2442 - 2)

steady aurora
#

It's making me question if I should give up trying to find a pentest job and switch to defensive side

tacit needle
manic oriole
#

I'm in the middle of a room and am trying to access a VM on the AttackBox but, all of a sudden, it takes forever to connect! Did I add the site and IP address to the hosts file? Yes! Did I flush the DNS cache? Yes! It worked fine earlier this morning but now it suddenly just broke down!

rn_image_picker_lib_temp_921495b8-b8f3-4dbc-990c-72916023c6d6.jpg
#

Actually, I just reconfigured my VM server settings to connect to one closer where I live and that fixed the problem. Sorry

steady aurora
#

I've mostly done offensive side stuff, not sure if its too late to switch to defensive just so I can get a job coz i heard theres more analyst jobs than pentester out there

tacit needle
thorn hamlet
#

Hello

#

is there anyone that can help me update my discord token?

#

where do I find the button?

deft prism
#

Hello

thorn hamlet
#

hey people there are pople trying to scam out of here

#

i got contacted about creating a ticket

#

and providing my defi wallet

#

the messages disapeared from here

#

and i got invited into annother server

deft prism
#

How can I learn cybersecurity from scratch, and how many nights and months will it take?

tropic sluice
#

can anyone pls help, I am running kali and open VPN my reverse shells (or anything sent through netcat) dont show up on my computer but get sent from rooms, ive tried multiple rooms with working payloads none get sent but they work on hack the box so i think its something with the VPN

light zodiac
#

the site keeps auto refreshing into error: dbc3106774d04e54bfbcc3844565cef5

frank vine
#

I keep getting Oops, this page failed to load
Something went wrong while loading this page. Try refreshing to give it another shot.

Error ID:
09bcf8c4d1eb4380ac5833c4bde6af60

flint turret
frank vine
#

It seems a 500 internal server error

#

Hello there,
TryHackMe Performance Site Problems
We are investigating the problems with the website and apologise for the inconvenience.
We are aware of the site bugs and are actively working on resolving it. Please note that this ticket will be marked as closed as we are not able to update all the users on the platform.
Thank you for your patience.
Best regards,

#

Fix is being deployed already. Can be around 20 mins

#

This is the reply I got

obtuse maple
vestal iron
#

I joined this discord just to say: same!

tulip rivet
#

Oh, so it is not only me who have this problem.

vestal iron
#

How often does stuff like this happen? I just returned to tryhackme after not using it for 4 months. So typical...

obtuse maple
south flax
rare jetty
#

Im not using it 24/7 tho like some people do

steady aurora
quartz kettle
#

Hello. Checking in to see if the platform is down. I keep getting an "Oops, this page failed to load". Error ID: c672938c6a0a4c87bfbb786e9ded4b54

split socket
#

same

calm shadow
#

Same I came to discord to see if other people were having the issue

harsh valve
#

Getting error a7843ff5af57474ab3da94599577a4ef

crisp egret
#

Hello, I cannot login either Same "Oops" error

junior monolith
#

bruh i have an exam tomorrow and at the same time i dont wanna lose my streak

silver swallow
#

same 7f9ee58bac554dad9f8ec5854695c648

steady aurora
#

I'm writing my exam now 😒

crude bramble
#

What's going on with the site today? I'm in a Cloudflare queue

#

I can't login with Google oAuth

ornate wolf
#

Starting to load now

crisp egret
#

I just got back in.. clear cache and cookies.. should get you up

crude bramble
#

yea same. Guess they're super popular

blissful nimbus
#

i'm in just wait

rich whale
#

Hellow

#

Anybody knows how to pause tryhackme subscription?
Is there any option to pause the premium subscription and resume again when I will be free?

hollow timber
#

i think you can just end it bro

rich whale
#

And now I have touched the grass.

#

By phone there's option to cancel but not for pause

left dock
ripe herald
#

Hi, I am at Snapped Phish-ing Line room in SOC path 1. The activity server isn't loading

rn_image_picker_lib_temp_56d820a5-4832-4d25-b80f-73328eb6a327.jpg
umbral rock
#

Hey
How to contact TryHackMe?

eternal nexus
#

Hi, I have a doubt about the format of the PT1 report

dim charm
#

I need support

#

It's important problem

sand knot
#

finding it hard to start a machine on web. i have logged in an out a few times.

thick sequoia
#

is anyone else having trouble starting machines in different rooms? haven't been able since yesterday afternoon. I cant even join rooms

mental stone
#

Hello All
Do you have also so much issues with your attack box today?
Most of them are with DNS

eternal relic
thick sequoia
#

I was using openvpn, sure, but the problem right now is I can't start rooms, join them or start the machines. Of course that means I can't connect to them either, but that's not the main issue

#

In case it is significant, it started happening after I used hydra to crack a password in the room Simple CTF

#

It just randomly started working again, after logging out and in again. Thanks!

jolly depot
jolly depot
umbral rock
harsh valve
#

vnc.tryhackme.tech took too long to respond.

turbid pilot
#

why thm is not opening??

thorn hamlet
#

Guysss, I have been trying to reach a discord mod for 5 days already, none have responded. I want to link my discord acc to a NEW THM account.

#

i cant do "/verify"

ember osprey
ember osprey
thorn hamlet
#

I can provide you with my new one though.

ember osprey
thorn hamlet
#

well, it looks im stuck with this one..

#

how nice

#

i wrote a ticket in the site

#

i got told to delete my acc

ember osprey
thorn hamlet
#

thank you!

thorn hamlet
#

that was very nice

#

finally

#

i got bummed

ivory spruce
pale thunder
#

Anyone else not getting the points counted? πŸ₯Ί

image.png
devout night
#

Hi, cheat-sheet link is not working in Task5 Command Injection room.

#

Page not found

wary fog
spice copper
gleaming mulch
#

can you fix the description pls

image.png
tacit needle
gleaming mulch
#

I love the segment 2

#

best skill

tacit needle
#

Also that

rigid shore
#

Hi,

#

Is it possible to stop the automatic region changes for VPN? Lately I'm often getting switched and it's annoying to get connection cut and go to the settings and set back to previous region.

ember osprey
wary fog
eternal osprey
#

Hi THM Team,

I hope you’re doing well. I’ve reached out a few times by email regarding an account-related request but may have missed a response, so I wanted to politely follow up here.

I understand support can be very busy, and I truly appreciate your time. THM has been an important part of my cybersecurity learning journey, so any update whenever possible would genuinely mean a lot to me.

Thank you again.

fickle linden
#

Does anybody know why the CTF is inaccessible?

wheat bridge
#

yeah how to play the AI odyssey ctf ?

rich whale
#

But I think I had used at that time so , next pause option will appear after 1 month.

urban loom
#

Hello ! Did Tryhackme remove the profile badge with all the statistics (day streak, room completed etc...)? I can't find it anymore

tacit needle
urban loom
#

How can I find it ?

tacit needle
#

Did you check your profile on thm if its not there it could be a bug or it didn't load correctly. I will check on mobile and see if it shows up.

#

Its still there for me

urban loom
#

I mean, this thing

image.png
tacit needle
#

Oh not sure about that

#

I just view profile and get my status the profile card thing I never really bothered with.

slender rock
#

iam trying to do the room "Data Poisoning in RAG Systems " and the agent isnt working it just says Error: An error occurred while processing your request .any solution?

Screenshot_2026-05-14_174433.png
hollow flicker
#

Hello does renewing certificates cost anything do i have to buy it again or is it free how is it?

#

(SEC0)

small shale
#

Hi there, is there a way to reset my whole progress? (I know that I can reset the rooms individually.) I am returning since a long absence and would like to start over (Haven't done that much in the past.)

tacit needle
#

You would have to restart each room individually

small shale
ember osprey
ember osprey
tacit needle
ember osprey
tacit needle
# ember osprey wdym ?

Like to renew the cert I know with comptia and you can take classes to renew and keep your cert active.

ember osprey
tacit needle
scenic torrentBOT
#

Gave +1 Rep to @ember osprey (current: #1 - 6192)

hollow flicker
scenic torrentBOT
#

Gave +1 Rep to @ember osprey (current: #1 - 6193)

empty ember
#

having some weird display glitches on the site??

image.png
subtle lake
limber basalt
#

Goodmorning every one

#

Can some one help me out

#

What is the verb for the action that a router does?

gilded latch
limber basalt
#

That i think so but its not the correct answer

limber basalt
#

Extending Your Network task6Try sending a TCP packet from computer1 to computer3 to reveal a flag. I have do sendtpackage From computer 1 to computer 3 packet type TCP Data nothing

#

And try others to what i do wrong

dapper sonnet
#

I'm stuck in Splunk 2 Room Question 400 question 4. The answer is ||λ‚˜λŠ”_λ°μ΄λΉ„λ“œλ₯Ό_μ‚¬λž‘ν•œλ‹€.hwp|| and its escaped unicode character is ||\u1102\u1161\u1102\u1173\u11ab_\u1103\u1166\u110b\u1175\u1107\u1175\u1103\u1173\u1105\u1173\u11af_\u1109\u1161\u1105\u1161\u11bc\u1112\u1161\u11ab\u1103\u1161|| , but this answer was rejected. The message shows, "Uh-oh! The answer you provided may not be in English. Please review it and try again." I tried this answer in Firefox and Chrome. Can I get help?

rich whale
#

Hii

dense jasper
#

Can anyone help me with the Wreath network challange?

The problem is even after starting the machine, the network does not show running in the corner.

That is why connecting with the VPN provided with the challange fails because the network is not up by itself.

Any help pls?

deep hill
#

Trojaned Model - Neural C2 Beacon is DOWN ???

shrewd knot
#

@THM STAFF

ember osprey
#

like 10-15min

shell marlin
#

How can you pay tryhackme premium by crypto?

eternal osprey
eternal relic
dapper sonnet
scenic torrentBOT
#

Gave +1 Rep to @eternal relic (current: #197 - 56)

heady ruin
#

Hello, Where can I find a bot to which I send the certificate ID and it approves it so that it can be seen on my Discord profile?
And the second question, if I accidentally bought a subscription, is it possible to get a refund to my account?

dense jasper
#

Someone please just check and tell me whether the network is showing running status or not in the top right side corner

Challenge name : Wreath

ivory spruce
ivory spruce
heady ruin
ivory spruce
scenic torrentBOT
#

βž• Gave the role eJPT to anogota9

eternal osprey
#

⚠️ Be careful with this profile @Daisy Chapman β€” this person is actively looking for victims in the support channel by pretending to be a hacker offering β€œhelp.”

A real hacker or cybersecurity professional would never ask for $30 to install some β€œsecret software bug” to access an account πŸ˜‚
The whole message is fake technical nonsense meant to scare or confuse people into paying.

This is just a wannabe scammer with no real skills trying to exploit users who need help.

Do NOT:

send money
download anything they send
give them account access
share passwords or personal information

Stay safe and report the account if possible.

image.png
ivory spruce
scenic torrentBOT
#

Gave +1 Rep to @eternal osprey (current: #832 - 9)

eternal osprey
#

🀣 🀣

image.png
cold owlBOT
#

:hammer: daisychapman.#0 has been banned.

eternal osprey
#

It's the same thing chosen for this account as well. @dire turtle .

image.png
#

I think it's the same person

manic crane
#

How do the Monthly leaderboards actually work as I have shit ton of points and more than guys from my top 50, but I am still not in top 50 of my country?

grizzled delta
#

I ran into a glitch midway through the pickle rick room- the connection dropped through openvpn, I disconnected and reconnected- at this point I had the first flag only. It suddenly filled out all the answers and said I completed the room?

I reset my progress and continued where I left off, and finished on my own. I figured it was worth mentioning though.

jolly depot
eternal osprey
jolly depot
zenith panther
#

is anyone else having alot of problems with the windows VMs? keeps crashing for me and not sure if its a bug or if its just me

ember osprey
cold owlBOT
#

:hammer: lilyadams0759#0 has been banned.

rapid plaza
#

How can I learn all this?

#

Is it really hard to learn

#

Who'll guide me through

tawdry orbit
eternal relic
# rapid plaza Who'll guide me through

You will, plain and simple. being a self-starter is the 1st filter for this trade. if your curiosity and passion isn't strong enough to dive into the wealth of free info avail here and elsewhere, you are going to have a rough go of it, imho.

tacit needle
#

Ideally you just wanna dip your toe with presecurity if it doesn't grab you after that then at least it wasn't as big of a time loss.

opal forum
#

@tawdry orbit need assist for exploiting AD room...Not able to get meterpreter for the task 5..Been almost a day of trying....followed everything properly

shrewd knot
#

@tawdry orbit help our team is not showing in the leader board and we complted the event and the rooms but its still shows like this

image.png
#

@torn citrus @austere horizon @ember osprey

gleaming mulch
#

i stil have 2 tickets instead of 4

spice sphinx
errant schooner
shrewd knot
#

we need help

ember osprey
#

@spice sphinx @shrewd knot That's out of the moderator powers πŸ™

fallow flame
#

Sam

ember osprey
#

Reach out to support on the email below

west chasmBOT
#
TryHackMe's Email

TryHackMe's support email address.

​

support@tryhackme.com

TryHackMe Socials Β·
shrewd knot
spice sphinx
errant schooner
shrewd knot
#

@deep trellis Help

digital cedar
magic lagoon
#

Any idea why wallthrough rooms or challenge rooms are not displaying?

digital cedar
hoary idol
#

Hi, I cannot find my team on the scoreboard of the AI odyssey ctf event, do you know why?

dense topaz
#

Hey, I'm running into tons of issues on the Metasploit: Exploitation room since the room does not allow me to have both the target machine and the attackbox active at the same time. When switching from the target machine back to the attackbox, the meterpreter session dies.

eternal relic
dense topaz
scenic torrentBOT
#

Gave +1 Rep to @eternal relic (current: #193 - 58)

dense topaz
#

this room has given me so many issues, i took a break from thm for several months because it was making me so frustrated, in the hopes that it would be fixed when i came back

dense jasper
eternal relic
dense topaz
cedar cedar
#

Hi, are walkthroughs down? It does not show any for me!!!

modern delta
#

no walkthrough rooms are showing.

image.png
torn scaffold
red bloom
#

The rooms are not loading @west chasm

IMG_20260518_102903_065.jpg
cold owlBOT
#

Done!

ember osprey
#

@red bloom @modern delta It has been reported to staf 🫑

twilit lark
#

hi i am try hackme premuim user
can you plz verify me?

my username is utxdev

thin snow
#

Probably a very dumb question, but, I pressed the "start exam" button but i realised i cant take the exam now. Now in the main home page/dashboard i have that's in progress. is it actually in progress if i didnt press "start check-in" button?

ivory spruce
west chasmBOT
thin snow
steep lichen
#

Token City Room ShopFlow starts only with port 22 open

soft smelt
#

Is anyone else having their VMs shutting down randomly a lot this morning? I can't go more than 15 minutes into a room before my Attackbox or Target goes down for no reason

opal forum
soft smelt
opal forum
#

is annual only for 35 usd???

void musk
#

how do you get it so cheap

clever bison
#

student mayby

lyric axle
ember osprey
lyric axle
#

probably

lyric axle
opal forum
kindred kestrel
#

Hello guys, does anybody has encountered this bug?

"Pre Security
Attacks and Defenses
Become a Hacker"

task 3 -> finding weaknesses -> http://www.onlineshop.thm/

the website its completely frozen like a picture, not responding, the terminal its fine though

I've tried the following:

  • Update the browser
  • Switch to Another Browse
  • Incognito/Private Mode
  • Clear Cache and Cookies
  • don't have any extensions
  • try different computers

Normally I use Brave, but I have tried Firefox and Microsoft Edge. That's 3 browsers in different computers and different networks.

Also, every other lab works perfectly fine, it's just this particular website that seems to be broken, please I need this website to work in order to complete the question "After logging in using the password found, what secret message is displayed on the page?"

Please let me know if I can do anything to fix this,

twilit pagoda
#

for a company that is supposed to be so good why are there so many bugs and why does the AI suck

twilit lark
#

hi

#

@torn citrus how to be verified

west chasmBOT
tacit needle
ashen ibex
#

hi there

#

does student discount apply to certs like sec0 or sec1?

#

if not are there any discount codes for the bundle? looking to buy it

hollow flicker
#

hello everybody does anybody know if i buy any cert like SEC0 i need to renew it after 3 year do i need to buy the cert again or is the renewal for free or how much does it cost ???

blissful nimbus
#

bcs i want to do the SEC0 and SEC1 together

tacit needle
#

to be recertified

hollow flicker
tacit needle
#

Well yes after 3 years you are taking the exam again which I am pretty confident to say is not free.

hollow flicker
scenic torrentBOT
#

Gave +1 Rep to @tacit needle (current: #344 - 29)

spice tulip
#

the new attack box is taking forever to load

#

do I need to change anything to get it to work?

#

already terminated first attempt and re-initialized

#

ip-10-65-124-144 - Amazon DCV

#

still just spinning

eternal relic
versed abyss
#

my attackbox crashed and now the 'start attackbox' button is missing. i tried clearing my browser cache and it didnt fix it. is there another way i can start the attackbox? EDIT: was able to start it by going to tryhackme.com/room/tutorial

spice tulip
#

it was fine this morning (a few hours ago)

#

(except for the sickly green background, which I always immediately change) lol

#

.
11:46 - Alright, I'm going to terminate again and re-try again.

#

11:52 - new try still spinning. THM AttackBox running in US East (N. Virginia) 10.64.127.72

#

11:57 - still spinning, no start
where do I go to escalate this?

#

any troubleshooting path?

#

FYI
Chrome
Version 148.0.7778.168 (Official Build) (arm64)

#

There used to be a way to start the attack box without being in a room. Does this still exist?

#

12:03 - restarted attack box from tryhackme.com/room/tutorial like @versed abyss did. US East (N. Virginia). 10.65.100.237.
12:08 - Still loading.

#

12:19 - loads with Safari Version 26.3 (20623.2.7.18.1)

eternal relic
spice tulip
#

Room is fine, new attack box is the issue.
worked this AM with the old version.

Works with safari Version 26.3 (20623.2.7.18.1).

Will clear chrome cache and restart

eternal relic
warm fox
#

Any solution to solving the issue on the access page where I try to download the OpenVPN config file but I just get "VPN ssm file not found", doesn't work on either my host windows machine or my Kali VM

spice tulip
#

UPDATE
12:47 - Legacy attack box loads fine on Chrome Version 148.0.7778.168 (Official Build) (arm64)
- New attack box just spins and will not load.

New attack box loads fine on Safari Version 26.3 (20623.2.7.18.1).

spice tulip
scenic torrentBOT
#

Gave +1 Rep to @eternal relic (current: #187 - 60)

eternal relic
# spice tulip Thanks for the response!

just loaded everything and all works as expected, about the same speed wise as i've used in the past (although i try to use my own kali whenever i can) - i'm using us-west-2 region so may want to try alt region. testing kali web version now...

#

kali web based seems a little faster than legacy AB today

image.png
scenic moth
#

i'm sorry if im in the wrong romm here asking this question, but everytime i want to download the config file for openvpn it tells me VPN ssm file not found

eternal osprey
#

Hello everyone,

I would like to know if it’s possible to refer/sponsor a friend to join TryHackMe.
I looked through my profile settings but I couldn’t find any referral option or invite link. If this is possible, could someone explain how to do it?

Thanks in advance!

weary spindle
eternal osprey
ivory spruce
primal sentinel
#

when i try to start the machine.. show this messege to me.. have any way to do this?

image.png
plush swallow
#

Is it just me or are machines "slow" today?

#

i open 'em normally but they feel sluggish eg. in ssh

#

I terminated it and started a new one, same thing.

twilit lark
#

Failed to verify your account. Please ensure your token is correct.

even after entering the right one tried several times what do i do

fresh sphinx
flat nimbus
#

Hi, I encountered an issue/error in the NetworkMiner Walkthrough room. Task 5, question 1 asks for the Linux distro mentioned in the file associated with frame 63075. However, there is no file at that frame.
Using a writeup from 2 years ago I found the intended file needed to answer the question. The updated/correct frame number is 63602.

swift atlas
#

Hey there I am having a problem with the Moniker Link (CVE-2024-21413), I got the email to send but the directions aren't very clear, I am trying to modify the exploit.py to show capturing the file in responder, but everytime I get an error message this IP is not found, I changed it to the IP address of the attack box I think I am missing something here. I wish the directions were a little more clear

prime dock
#

I have a question, if I start the SAL1 exam hours before gets expired, will I have the 24 hours to do it?

granite bridge
#

what the heck happened to the access page?

austere horizon
#

Not the place for advertising other platforms.

stuck lintel
#

Hello all the contents in the command line rooms from cybersecurity 101 specifically windows powershell room suddenly disappear. when i see the list it says im at 70% completion but when i entered is just an empty room with no questions.

this happen while I was doing the room.
other rooms are fine.

tacit needle
#

I wonder if it got updated

tardy narwhal
#

Anyone know how to switch back out of the legacy path view? I don't see the option for some reason. πŸ€”

image.png
lament flame
#

The new AttackBoxes aren't loading for me on Chrome 148.0.7778.167

tepid isle
#

maybe finish it idk

#

i am pre 2010 era clanker so not smart

tardy narwhal
uneven vector
#

i have finished almost 50% of the cyber security 101 and all learned the networking, linux, windows fundimentals. Should i enroll into the new jr pentester path or finish the cyber security 101 because as i saw the cyber sec 101 covers the same things just a bit less info on them.

tardy narwhal
uneven vector
#

I will learn the defensive first and then switch i havent gottent into defensive yet and as you mentioned its important to know how you can be detected. Thanks!

still stratus
#

I have a very dumb problem I forgot my email address.

spice tulip
still stratus
#

I think im in that room?

flat nimbus
#

Hi, I encountered an issue/error in the NetworkMiner Walkthrough room. Task 7, the final question asks for the DNS query of frame 62001 in the case2.pcap file - Netminer shows DNS queries for frames 61971 and then the next on the list is 62033, making the question unanswerable.
The same old writeup from a few years ago shows the answer should be pop.gmx.com and they have a screenshot showing that frame 62001 did previously exist and contain the answer, so I'm not sure what has changed in the file since then.

rancid beacon
#

@ember osprey hey mate! can you help me changing my Discord token pls?

ember osprey
rancid beacon
ember osprey
rancid beacon
# ember osprey Done

Thanks! Now getting this error: 'Failed to verify your account. Please ensure your token is correct.'

scenic torrentBOT
#

Gave +1 Rep to @ember osprey (current: #1 - 6201)

rancid beacon
#

And it's correct

ember osprey
rancid beacon
clever eagle
#

Will the raffle system work like it should for once? The ghost tickets are becoming a recurring issue

south kelp
#

hey ! it's been now 2hours since i clicked "Reset env" for the AWS IAM Initial Access lab
and it's stuck, any idea on what to do ?

image.png
#

(sorry it's maybe not the good chat)

plucky umbra
#

hi

#

i can't connect target machine in jump challenge

#

hellp me pls

west chasmBOT
plucky umbra
#

😭

wispy leaf
#

Hi everyone!

Are you planning to translate the website into other languages?

plucky umbra
wispy leaf
plucky umbra
wispy leaf
#

I asked about the translation of tryhackme into other languages and expect those who own the information to answer

plucky umbra
wispy leaf
#

The whole site of tryhackme or at least start translating the main rooms and directions

plucky umbra
#

Changing the browser doesn't work either.

wispy leaf
#

Have you tried looking for some good translators for websites? For example, extensions

#

I’m quite satisfied with google translate, but sometimes it translates so hard that you have to switch back to the source text and think about the essence

plucky umbra
plucky umbra
#

@wispy leafare you do jump challenge?

wispy leaf
#

yeah

plucky umbra
#

how you connect?

#

ssh tryhackme@<target_ip>

#

?

wispy leaf
#

I’m going through the basics now and haven’t reached the point of connecting to the machines. The only thing I had to do was start the machine in the browser

plucky umbra
#

i mean own linux

wispy leaf
#

You can ask Ai’s assistant Β«echo” or look in faq

It shouldn’t be difficult because there was a simple connection on hackthebox

plucky umbra
scenic torrentBOT
#

Gave +1 Rep to @wispy leaf (current: #3778 - 1)

wispy leaf
#

There, as I understand it, you can check the connection and the OpenVPN installation manual

plucky umbra
swift atlas
#

Metasploit: Msfvenom, I watched a full walk through on Youtube. Okay so you hit start machine on the tab and have the target machine, where the users name is Murphy. Then you start an attack box to set up the payload into the vulnerable computer, well everytime you leave the Vulnerable computer it kills the session between the attack computer and the Vulerable computer. In other words, when you run the .elf file on the Vulnerable computer and then go to the attack box it keeps saying session died. Very annoying

twilit lark
#

i need help with resetting my streak

#

they already did 2-3 times so ig they wont cuz they did 2x streak this week

#

and i lost again

#

200+ days streat i had

#

plz helppp

#

😭

#

my pc wont work so i gtg keep it alive tho phone for few days πŸ™

warped arch
#

Ive already emailed support, but do you think I will get a refund for forgetting my subscription cost?

ivory spruce
west chasmBOT
#

@twilit lark

TryHackMe's Email

TryHackMe's support email address.

​

support@tryhackme.com

TryHackMe Socials Β·
ivory spruce
warped arch
ivory spruce
warped arch
#

less than a day

ivory spruce
# warped arch less than a day

Drop them an email to request a refund. Refund requests are available within 7 days upon renewal (even if they reply after more than 7 days so long as you made the request within 7 days).

warped arch
#

Thanks : )

#

Appreciate it

carmine gate
#

Hello THM team, kindly help!

image.png
shut falcon
#

Hello, I'm having a problem where the new AttackBox gets stuck at 100% and never actually starts, no matter how many times I restart it. The legacy one works fine, though

amber goblet
#

hello, I'm having a problem with "Guided Pentest: Web" room, the target machine is hanging and when trying to terminate it, it doesnt shut down, also my answers for task 2 keeps resetting, no matter how much I submit the answers it keeps showing empty. I've already tried re-logging didnt work.

spice tulip
#

I reported a connectivity issue, but nothing has changed yet

#

PS THM design team - please add the dark red background as an option to the new box.

tawdry orbit
spice tulip
#

throbber throbs and fluff text cycles, but box never completely loads.

fathom cradle
#

Hello, I have a problem with the room AD Authenticated Security Room. Im using the attack box and ran tryconnectme and I had some bugs, it said to go onto the discord and send the file log.

#

(Won't let me send the log).

ivory spruce
west chasmBOT
slow nexus
#

i think there is an issue with tryhackme SOC l1 analyst Mitre room in task 2 which is att&ck framework in where question number 1 because it for sure is defense evasion but it expects a 7 letter answer no matter what i put it keeps getting worng plz someone help and review it @west chasm

rich whale
olive kite
#

i need help

#

who can help me

#

why i cant download the .ovpn file?it show VPN ssm file not found.i changed many location but it didnt work

short ice
halcyon panther
#

For some reason, I haven't been able to get streak freezes even if I do one entire week of lessons.

Not sure what is wrong with my account, or if this is the normal behavior, but, if I really lost my streak, this is pretty much the end of it for me (360 days).

#

I would just like to understand why I never got any freeze again for 7 day streaks.

Screenshot_2026-05-24-17-40-58-690_com.brave.browser.jpg
#

It wasn't something that was affecting me - until now.

humble star
#

Hello, I was about 90% done with the Jr penetration Tester course and took a bit of a break because other things came up. It seems like the course has been restructured which means I have lost most of my progress leading towards a certification. Is there a different course title that still has the same rooms as the previous course structure?
Thanks!

tacit needle
humble star
scenic torrentBOT
#

Gave +1 Rep to @tacit needle (current: #300 - 36)

tacit needle
humble star
tacit needle
#

No problem

clever eagle
#

CSRF Introduction room, Task 5 is not working
instead of achieving CSRF, I keep getting "This site can't be reached"

#

Scratch that, no CSRF works in the room

surreal dune
#

Hello my Instagram acc got hacked and deleted How to defend it

ivory spruce
ivory spruce
west chasmBOT
#

@halcyon panther

TryHackMe's Email

TryHackMe's support email address.

​

support@tryhackme.com

TryHackMe Socials Β·
ivory spruce
halcyon panther
scenic torrentBOT
#

Gave +1 Rep to @ivory spruce (current: #11 - 948)

halcyon panther
# ivory spruce You can drop an email to THM Support and they can restore it back for you.

E-mail sent explaining the situation. I had actually been wondering about the streak freeze issue for a while already, since I found it strange, but since I was doing everyday, it wasn't bothering me.

Hopefully they will be able to troubleshoot my account.

I also wonder if this could somehow be related to the streak freeze I received once during the Christmas event, because since then, it never replenished anymore.

nova whale
#

Any one know what study group s are/how to join one πŸ€”

rich whale
rich whale
weak plover
#

On the Red Raffle Jr. Penteter Path. I have completed all 20 rooms that assign tickets but I only have 19 tickets showing on my Dashboard. I have refreshed and logged out and logged back in. Please advise!

whole tangle
#

hey i wanna change my discord token in the website. This is my new discord acc

#

@quaint sentinel this was my account but im not using it anymore

deep trellis
#

@gloomy blade Speak here

#

Whats up man? How can I help πŸ˜ƒ

gloomy blade
#

I’m wondering about the β€œadd credit”. When I try it, it doesn’t say anything when completed.

#

Thanks for creating the channel.

deep trellis
#

No problemo! If you enter the amount in the text box and then click the "Add Credit" button, it will show a pop up box.

gloomy blade
#

Sorry, I was a bit vague. I complete the transfer but afterwards it doesn’t say if it completed properly it just pops up again.

#

I did it twice yesterday because I thought something went wrong the first time.

deep trellis
#

Erm, give me a moment. I will take a look into this!

gloomy blade
#

No worries.

deep trellis
#

Ah, I am having the same problem. I do apologise. I just checked and you have not been charged. I will fix this right away!

#

I do apologise!

gloomy blade
#

No problem at all.
I really like your site and I’m looking forward to try it out more.

deep trellis
#

Thank you! It honestly means a lot man πŸ˜ƒ

gloomy blade
#

😊

deep trellis
#

Hey, thank you so much for brining this to my attention.

#

The problem has now been solved!

gloomy blade
#

Awesome, good work. Don't mention it.

deep trellis
#

How much were you trying to top up?

#

Ill add a little bit of credit to say thank you.

#

20% extra on top for reporting this.

gloomy blade
#

I was trying to put in 5Β£. That's awesome, thank you so much!

deep trellis
#

When you top up Β£5 I will add another Β£1 and will also give you extra on site points.

gloomy blade
#

Wow, I really appreciate it! Gonna do it right away.

deep trellis
#

No problem!

gloomy blade
#

Worked like a charm this time. πŸ‘Œ

deep trellis
#

I have awarded you Β£1 extra credit and 1000 on site points.

#

Thank you for reporting this bug!

gloomy blade
#

πŸ™ Glad I could help!

deep trellis
#

Heyo

wet shard
#

Hiya ! Oh, I just noticed from #521382216304033794 that there is a badge for the first 5 people to subscribe, is this still going on πŸ˜„ ?

deep trellis
#

Yes!

#

A badge and extra months subscription

#

We also have rooms coming such as: Game hacking and Cloud Penetration Testing

wet shard
#

Cool ! I was about to subscribe anyway, I voted for the per-month subscription in the vote section! I'm going to do it now then

deep trellis
#

I saw (that was one of the reasons I changed the whole credit system)/

#

Its easier for people to subscribe

wet shard
#

Whoops my credit card isn't accepted

#

Is there a restriction with MasterCards ?

deep trellis
#

Er really? There shouldn't be any

wet shard
#

Mh that's weird, I tried with my personal visa credit card and my work mastercard and I get a "Something went wrong, please check your card details are correct. You have not been charged." message

deep trellis
#

I will check this right away, sorry about that.

#

Ah! I see the problem

#

Sorry about this.

wet shard
#

No problem ! Take your time

#

(they're both in euro, and issued by French and German banks (n26) if it helps)

tender ice
#

The site died

#

Oh hi btw

wet shard
#

Hi ! It's up for me !

#

Whoops

#

You're right, was probably some cache

deep trellis
#

I had to restart the server, sorry guys.

#

It should be back.

#

You should not have a problem subscribing now .

wet shard
#

Thanks ! I'm going to try again

naive dust
#

Is it possible for you to add web pentesting labs like Dvwa, Multillidae, WebGoat, JuiceShop, sqli labs etc all in one ? @deep trellis

wet shard
#

It worked \o/

deep trellis
#

There is a DVWA room and Juiceshop room sudo πŸ˜ƒ

#

But all in 1 lab, I can do that yeah

#

Eyyy, thanks @wet shard

#

For supporting the site, I will add your award and 1 month extra subscription now

wet shard
#

Thanks πŸ˜„

naive dust
#

that would be awesome, I wouldn’t have to run 5 vms and 3 local servers just to practice.

#

Sqli labs doesn’t work for me

#

On localhost

deep trellis
wet shard
#

Thanks a lot :D! I have a few questions about some of the rooms aswell, is this the right channel to chat about that ?

deep trellis
#

Put it in the #room channel please

#

@naive dust You can only deploy 1 VM at a time I am affraid.

#

To start a new VM you will need to terminate the first one.

#

I can code having multiple VMs running if you're a subscribed user mind

naive dust
#

I’m saying

deep trellis
#

Oh you wouldn't have to.

naive dust
#

If you add all the web pentesting exercises in 1 Vm it would be easier for everyone

deep trellis
#

More tasks for each web application vuln will be added

naive dust
#

thanks

deep trellis
#

@naive dust Yeah!

#

I will have this created and uploaded by tomorrow.

naive dust
#

I love u

#

this never works for me even after resetting the db

deep trellis
#

Hmm, weird. I will have a look and install it, putting it onto the site

naive dust
#

tysm

deep trellis
#

No problem πŸ˜ƒ

deep trellis
#

@naive dust What I will do it upload it all but not add any questions

#

I will add questions later

deep trellis
#

@naive dust You're right, it is hard to install

#

Daymn

deep trellis
#

Fuck me, finally got it all to install

#

2 hours later lol

torpid niche
#

Does anyone know if it's possible to use a VPN other than OpenVPN for deploying VMs in TryHackMe?

deep trellis
#

Erm

#

Let me check

#

Is it just an alternative client you need?

#

Because the VPN server uses OpenVPN

torpid niche
#

I know nothing about OpenVPN so i didn't know if it was possible to use a different VPN to deploy

#

I guess it requires an OpenVPN to OpenVPN connection in that case?

deep trellis
#

Yeah you can download the OpenVPN client on Linux or Windows

#

There are also videos to help you use it πŸ˜ƒ

torpid niche
#

Oh, im sure i can find tons of stuff on youtube about OpenVPN but i just figured i'd ask before i went whole hog on an OpenVPN subscription

deep trellis
#

Yeah sorry, you need to use OpenVPN client to connect to our network.

torpid niche
#

Oh, no need to apologize! It's a great platform and im definitely looking forward to using at whatever the cost of OpenVPN is lol

deep trellis
#

OpenVPN is free my man

#

No costs at all πŸ˜ƒ

torpid niche
#

oh, dang! I was finding some link that took me to a $6/mo or $35/yr link

deep trellis
#

No No No No!

torpid niche
#

like i said, i know NOTHING about OpenVPN

deep trellis
#

Thats not a problem, Ill help you set it up

#

What Operating System are you on?

torpid niche
#

Win10 Pro

deep trellis
#

Scroll down until you see "WINDOWS INSTALLER"

torpid niche
#

I was so close. I clicked "Get OpenVPN" instead of Community

deep trellis
#

Oh aha right πŸ˜ƒ

stiff briar
#

2 cm on the left

deep trellis
#

Yeah aha πŸ˜ƒ

torpid niche
#

Oh, we're in biz now boys!

#

So now i just need to go download the TryHackMe config and import it into the VPN correct?

deep trellis
#

Yeah

#

Once its downloaded you can select the OpenVPN config file and it will connect

#

Also, you might have to run the OpenVPN program as administrator

torpid niche
#

10-4! Thanks for helping me figure out the VPN download!

deep trellis
#

Watch the video from there

naive dust
#

using one single command line is, IMHO, really easier (on windows or linux client ;-))

deep trellis
#

Did you get it working @torpid niche

#

When you have connected, go into a room and deploy a VM

torpid niche
#

Indeed I did! Thanks for checking in. It's spaghetti night at the house and I've been tasked with cooking so once all that's over I'm hoping to hop into one of the beginner level rooms

deep trellis
#

Brilliant, well if you need any help just let me know

#

I am not sure how much experience you have

#

Might be a good idea to use that room

torpid niche
#

Very little in the ways of InfoSec BUT I am currently in IT Support hoping to move towards security at some point in the future

deep trellis
#

@torpid niche then you have signed up to the right place :)

woeful swan
#

Is there a way to PM the owner of a challenge? I am 99% I have a flag that the site says is incorrect. I don’t want to post it in a public chat.

deep trellis
#

Yeah, PM me

#

I'll take a look into it

#

@woeful swan DM and I'll sort the problem out (if it is a problem them is :D)

woeful swan
#

@deep trellis Oddly enough, I tried it from another browser and it worked. Computers are strange beasts at times.

deep trellis
#

Oh, that's odd.

#

Can you tell me what browser it was on?

#

That caused the issue

woeful swan
#

The one that didn't play nice was Chrome on Windows 10.

#

However, it was at work

deep trellis
#

Uh oh. Hmm, I'll take a look into it :)

woeful swan
#

So there may be a web filter that was part of the problem

deep trellis
#

I obfuscated all the code client side

woeful swan
#

I submitted from Chrome on Mac OS when I got home and it worked fine

deep trellis
#

And sometimes the browser can't handle it

#

Thanks for reporting tho :)

woeful swan
#

Our web filters cause all sorts of strange issues, so I'm guessing it isn't a site problem

deep trellis
#

Ah okie

#

Do you have any feedback on the site

#

Or something you'd want to see more of

woeful swan
#

More PCAPs!

#

That's the one I was working on

#

I was disappointed to only have one challenge

#

Network traffic analyzation is one area I'm pretty ok at.

deep trellis
#

Okay, I'll add some more to the site in the next few days

#

:)

woeful swan
#

If you want some ideas I'm happy to help

deep trellis
#

Ideas for pcap challenges or other rooms?

woeful swan
#

Did you design the current one?

#

pcap

deep trellis
#

No I didn't

#

That event

woeful swan
#

ah cool

#

I just discovered the site today, so I'm still poking around

deep trellis
#

@woeful swan

#

Ill be adding another CTF challenge (not made by us)

woeful swan
#

Nice

#

You should add one that requires you to decrypt https traffic using a cert

deep trellis
#

Thats actually a very good idea

#

Using the master token for TLS traffic

#

Thats a cool idea

woeful swan
#

You can capture the very being transferred using an insecure method

#

I’ve seen where there is an email in the capture that contains the very

#

Very = cert

deep trellis
#

Ohh I like it

#

When I have more time I'd like to make loads of challenges and tutorials for the site

#

I think TryHackMe can be the place to go for security fun

#

This year I should pump loads and loads of material and challenges to the site

#

So stay tuned

woeful swan
#

Can normal users create challenges or only admins? I’m still not quite sure how the rooms work

deep trellis
#

Anyone can

#

On the site, make a room, upload your material and assign tasks to it

#

At some point Ill make a video on using the site and making challenges/rooms

woeful swan
#

And that room can be public?

deep trellis
#

Yeah

woeful swan
#

Sweet

deep trellis
#

πŸ˜ƒ

woeful swan
#

Maybe I’ll build some out

#

I’m supposed to be giving a Wireshark workshop at my hackerspace

deep trellis
#

Ohh nice, TryHackMe can be a perfect platform for that.

woeful swan
#

Perhaps I should just build the challenges here and point everyone to the site

deep trellis
#

You can give downloadables and questions

woeful swan
#

Perfect

deep trellis
#

People can chat, there is a scoreboard etc..

woeful swan
#

Oh ya. I was going to ask about the score board

#

How do the x,y axes work?

#

I get the y is points

#

Except I’m not sure how it would drop

deep trellis
#

Scoreboard is based on the points they recieve from the questions

woeful swan
#

Oh I guess I mean the chart

deep trellis
#

Yeah so it works based on points from questions again

#

If you hover of certain blobs, it will tell you the task and the points scored for it

woeful swan
#

I’ll take a closer look when I get home

deep trellis
#

πŸ˜ƒ

woeful swan
#

Ah you added the Cloudshark challenge!

#

That’s a good one

deep trellis
#

Yeah

#

Ill make some more bespoke ones when I have time

#

But for now Ill add some community ones

woeful swan
#

I’m planning on giving that to my students as homework

deep trellis
#

Ey, again use the site to issue the homework.

#

You can just give them a link to a room you made

#

That contains the questions and downloadables

#

Then you can see who has done it using the chart and scoreboard

woeful swan
#

Totally

deep trellis
#

If you want I can make the room for you

#

And you just give them the room link

#

Let me know (when you know obvs)

woeful swan
#

I’ll do that when we get closer

deep trellis
#

Brill, well, when you do let me know so I can help πŸ˜ƒ

odd pivot
#

Hi there

#

I would like to talk about KnockKnock, someone available ?

deep trellis
#

Hy

#

What seems to be the issue?

odd pivot
#

The answer of the last port used

#

Wondering if that's an error or me who doesn't understand

deep trellis
#

The last port that needs to "knocked"

odd pivot
#

Yes, sorry

deep trellis
#

So if you were port knocking in this order: 9000 8888 1234

#

The last port knocked would be 1234

#

:)

odd pivot
#

Yes ofc

#

Can we talk in private ?

deep trellis
#

Yeah sire

naive dust
#

knock knock

#

πŸ˜„

stiff briar
#

who's there ?

naive dust
#

with his smoother voice "hey there, it's 1234 with my RST friend"

dense ivy
#

Found a typo on the "Basic Pentesting" room

#

Question 6

#

brutefroce == bruteforce

deep trellis
#

Thanks @dense ivy for letting me know

#

I'll have this updated later today :)

dense ivy
#

No prob. I might have more feedback on this module once I've finished it

deep trellis
#

Awesome, can you use the feedback form on the site?

dense ivy
#

Absolutely

deep trellis
#

Thanks :D

vapid dawn
#

changed the typo - thanks so much @dense ivy πŸ˜ƒ

dire eagle
#

any advice of rev eng?

vapid dawn
#

what task/question?

dire eagle
#

reverse eng, the first one xd

deep trellis
#

Use strings on the binary file

vapid dawn
#

the reason it's the first challenge is strings will literally print out the strings in the binary file

#

and it's useful to see what information developers have hardcoded in

dire eagle
#

So I tried that, but I wasn’t sure the flag format

#

@deep trellis @vapid dawn thank you πŸ™πŸ»

deep trellis
#

Yoyo

#

Did you figure it out @dire eagle

dire eagle
#

yeah I did, Apparently I submitted the flag with an extra space the first time.. that was probably why i didn't get it points

#

@deep trellis ty! btw

deep trellis
#

Hey @dire eagle

#

That shouldn't have not given you points

#

What's the room and task? I'll look into it :)

dire eagle
#

reverse eng. crackme1

#

I pmed you

deep trellis
#

Hey everyone, did anyone have any problems with challenge CrackTheHash task2, question 3??

naive dust
#

nope πŸ˜ƒ

wet shard
#

nope, worked fine for me

tender ice
deep trellis
#

@wet shard

#

How did you run the command?

naive dust
#

did anybody ever played with captchas? I mean, I'm running a curl (GET Req) which gives me a dynamic string ; then I OCR it ; and then do a POST to give the answer. but I'm wondering if the second curl request doesn't call for another captcha to be generated as I answer the previous one

#

(even if it's only a POST one)

vapid dawn
#

hm not to sure

#

i saw an article where captch's could be OCRed but i didn't know they could anymore hm

#

mind sharing how you did it once you manage?

marsh plinth
#

@deep trellis I tried several different rooms to rest out yesterday, such as the basic pentesting one (which I understand is down for maintenance) and the basic burpsuite one. The burpsuite one, whenever I would try and Launch a machine would never launch and would be stuck in buffering. Have any ideas?

deep trellis
#

Ummmm, I have not had any problems deployment machines.

#

Basic penetrating one shouldn't be under maintenance

keen cosmos
#

Hint: BP isn’t down for maintenance;)

marsh plinth
#

@keen cosmos ah! Haha ok. Thanks. I’ll try burpsuite one again.

deep trellis
#

The VM you access says down for developments

#

But it's deliberate

#

It's part of the challenge :)

#

Also just tried deploying burp on my phone and o had no problems

#

Try using a different browser if you're having issues with chrome

marsh plinth
#

I’m using Firefox, but it could be something on my end. I’ll try it again today see if it works.
Also, I see! Haha I had thought that it was actually Down for maintenance! Appreciate it! πŸ˜ƒ

deep trellis
#

No problem man :)

unique falcon
#

Hello !

unique falcon
#

For question 3 in the Knock Knock challenge, I thought we just needed to do TCP stream, right?

I did so and got Port 80, but that doesn't seem to be right.

wet shard
#

Hi ! Which task are you doing?

#

Oh, I had the same kind of issue with this question before. You actually need to try port sequences on the server, you can't get the answer just by looking at the pcap file

#

I think the "In the pcap file" part of the question is kinda misleading imo

little yarrow
#

Hi, I am trying to work on the new Linux challenges machine

#

I am solved 91% machine

#

but I can't figure out the question 4 of task 3

#

Flag 4 is located where cron jobs are created.

#

Any clue how to do it

#

I have already checked on teh most obvious place

woeful stone
#

@little yarrow I can't remember exactly as it was a while ago, where have you checked so far?

prime hill
#

/etc/cron.*

deep trellis
#

;

#

;)

prime hill
#

i would have being lasy and just recursively grep'ed the system.

grep 'FLAG' -R /* -a
#

if i knew the FLAG format.

deep trellis
#

Well the flag format is 32 characters

#

So look for thay

prime hill
#

i wasn't supprised that i woulend be that easy.

deep trellis
#

I made the challenge

#

So aha

prime hill
#

it is always fun when someone makes a CTF.
i made a while back one in php about sqli and xss.

<?php
require_once 'config.inc.php'; // setup database $mysqli
require_once 'flag.php'; // $flag

$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
$password = mysqli_real_escape_string($mysqli, $_POST['password']);

if (strlen($username) > 0 && strlen($password) > 0) {

  $query = "SELECT * FROM users
            WHERE username = '$username'
            AND password = '$password'";
            
            if(!$result = mysqli_query($mysqli, $query)){
                echo mysqli_error($mysqli);
            }
            if (strpos(mysqli_error($mysqli), '<script>alert()</script>') !== false) {
                echo "<br>".$flag."</br>";
            }

} else {
  echo "Niet alle velden zijn ingevuld!";
  exit;
}
?>

very intresting exploit.

#

there are 2 leaks.
first is xss ( gives flag ) second is sqli.

odd pivot
#

Am I crazy ? I'm unable to dicover the web service in 'WebAppSec 101'

#

I have 3 open ports : 22, 111 and 54629. No web service behind

wet shard
#

Hi @odd pivot , I finished this one, gimme a second I'm going to check

#

Did you try to open the http/https ports in a web browser anyway? Maybe they just didn't answer depending on the kind of scan you used

odd pivot
#

Yes

#

None works

wet shard
#

It took a bit of time for the http service to actually run when I deployed but after a few minutes the port 80 answered

#

I did a nmap -p80 -A -T5 {host}, then a curl {host}, it seems OK for me. maybe you just need to wait a little bit

odd pivot
#

Indeed, just tried again and it's up

#

Wow it's quite long to start

vapid dawn
#

hey @odd pivot

#

that rooms take some time to start up

#

sorry about that

#

if you need any more help, feel free to PM me πŸ˜ƒ

odd folio
#

My team and I signed up for HackBack but we can't see where we can start the challenges

#

Has anyone had any luck with this?

#

@here

deep trellis
#

Hey

#

U fix it?

#

Room code: hackback2019

odd folio
#

Yep we figured it out. Thanks

odd folio
deep trellis
#

Hey

#

Whats your username?

odd folio
#

Team name is HuelSquad and my username is DMeechan

deep trellis
#

Did you login to your team account??

#

You need to login to the platform

#

Using your team information

odd folio
#

Oh okay we didn't know about that. We're in. Thanks!

deep trellis
#

Sorry, it was in the Slack chat!

odd pivot
#

I'm unable to catch any request going through OpenVPN with Burp suite

#

It caches everything but 10.0.0.*

#

I also tried to redirect via iptables with :
iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j REDIRECT --to-port 8080

#

Without success

deep trellis
#

It should do

#

Hmm

#

If you're proxing your requests through your browser, it should capture it on your machine

#

Your traffic gets routed at layer your network layer (layer 3)

#

Errm, if you still have problems let me know

vapid dawn
#

also make sure you check the 'use for all protocols '

#

in the network proxy options πŸ˜ƒ

green bramble
#

Hi, I'm trying to get my head around this thing that seems simple but no sleep + this = nope apparently. I'm trying to find out how many characters it would take to encode a ASCII character based on the base. so base16 would be FF for example. base 8 would be 777. What formula would I use to take say base16 to equal a length of 2? (if that makes sense)

wet shard
#

Mh. That's a good question. I didn't try it yet but can't you divide the number X times by the base you've chosen until it's < the base. Wouldn't X be the number you're looking for ?

# 
def get_num(number, base):
    i = 0
    while number >= base:
        number /= base
        i += 1
    print(i+1)
#

That's what I have in mind, if I understood correctly

green bramble
#

@wet shard Awesome! That works :D, still trying to see how it works but it works πŸ˜„ thank you so much.

wet shard
#

Haha no problem, there is probably a more elegant solution. In a nutshell I just divide the number by its base until it can't be divided anymore, and I count how many times it has been divided

green bramble
#

Ah cheers :), it seems the best solution to me

odd pivot
#

Sorry for late reply.. My problem was due to an extention who was messing up..

#

Now I'm trying to route traffic from tun0 to Burp (to avoid switching proxy in Firefox).. But this doesn't work :
iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080

#

Any idea ?

pearl loom
#

Trying to do HackBack task 15, question 6. The question is literally "At what time did Windows first assign special privileges to a new logon?", Event ID 4672 is "Special privileges assigned to new logon" - I can see no reason why the first event 4672 isn't the answer to the question, there isn't really any other way to take it.

deep trellis
#

Hey, I will answer this in the morning :)

#

PM me your answer

#

So I can check it

little yarrow
#

Hey can anyone help me with hackback2019
task 3
[Task 3] [Scripting] [Medium] Gotta Catch em All

#

I have written code

#

but I am getting connection refused after one or two ports

deep trellis
#

Hey, it's because the port changes every second.

#

So you need to ensure its waiting

#

For either the next port come alive

#

Or move onto the next port

little yarrow
#

okay thanks for that

#

but now when I am trying to deploy the machine in hackback2019 I am getting an error saying I am not a subcribed user(I am not) but it was working yesterday on free subscription

deep trellis
#

Yeah, I had to make the room subscription only as it charges me when people deploy rooms.

#

If you're a student it's Β£8 for the month

little yarrow
#

Okay No problem!!

zenith obsidian
#

wtf so sometimes i can connect to tryhackme machines and most times i cant
im connected via openvpn
and i keep getting this

woeful stone
#

What does your openVPN console output look like?

deep trellis
#

And does that machine have a web server running on it?

zenith obsidian
#

yes it does

deep trellis
#

But yeah, OpenVPN console output is best

zenith obsidian
#

its webappsec101

deep trellis
#

It's thowing no errors

zenith obsidian
#

well

deep trellis
#

Ermm, try loading up another machibe

zenith obsidian
#

ill try updating openvpn

deep trellis
#

Like PickleRick and see if you can connext

zenith obsidian
#

ok