ill try that

Awesome, PickleRick once deployed works for sure

I've just tried and have had no problems with webappsec

ok just updated it ill try connecting to rick

samething

ill try a new config file

Try disconnecting and reconnecting

i did

Yeah regenerate your OpenVPN file too

i did that too

still nothing

is it because my normal home ip is on a 10...* address?

10.0.0.*

Ohhh, our routing table routes all 10. traffic

yea i read that

Do route -a

See yours routes

Which takes properties

while connected to openvpn?

Yeah

ok

Im just about to pop out to the shops

whats route -a

I'll help you diagnose it moreater

Is that ok?

route -a did nothing

i just did route and got that

oh the metric

hey @zenith obsidian, what's the issue? You can't connect to your machine?

fixed it

thanks @deep trellis

Cool

well

webappsec still isnt working for me

but all the others are

Oh, PickleRick works for you??

yes

Hmm I look into that later

Sorry man

ugh im so close

i have the first two ingredients for picklerick

Eyyy :)

im lost tho for the last one

im probably overthinking

nvrmind webappsec works now

Oh rihht

It does sometimes takes a minute to boot

I'm working on a VM :D, I might bother you about configurations soon 😃

yyyayyyy!

Thats awesome man!

Looking forward to trying it out

has anyone done Mr Robot ?

I’m not able to get a reverse shell

I have, what Reverse Shell are you using?

Use:
http://pentestmonkey.net/tools/web-shells/php-reverse-shell with nc -v -n -l -p {port}

Works vv nicely

yea i’m using that only

but what am I supposed to change in it ?

The host and port number

~ nc -lnvp 4444,
If the machine ip (box) is 192.168.1.3 then
$ip = ‘192.168.1.3’
$port = ‘4444’ ?

Try a different port

1234 ?

1234 or 3344 I think

it isn’t working :(( @copper mist

Will try to help more when I'm at my laptop

alright

What isn't working for you guys?

The Mr Robot

Not working for Sudo

I’m trying to get a reverse shell

That method should work

@naive dust you have to put your local machine ip address here

Today i completed this room

My local machine ip is 192.168.1.1
The Box ip is 192.168.1.3

Put the 192.168.1.1 in the php shell

No no no

Your ip isn't 192.*

It should be a 10.

Your ip will be in 10...*

I’m running the Vulnhub machine locally because my wifi is down @deep trellis

Ah ok

Because of some construction work going on

The Mr Robot room is free to use BTW

Okie np

$ip = ‘192.168.1.1’
$port = 4444

nc -v -n -l -p 4444

When i visit /wp-content/themes/twentytwelve/404.php it isn’t working

@naive dust listen try
Ip-address/wp-admin/theme-editor.php?file=404.php

Try this bcoz it's worked for me

Nd try
nc -l your-local-machine-ip 4444

May be it will work

Try nd let me know

Finally

it worked

Thanks a lot everyone.

@naive dust 🤘

now just Privesc is left

For Linux CTF there doesn't seem to be a command called flag11

Look at your alias'

alice@ip-10-0-0-207:~$ alias
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '''s/^\s*[0-9]+\s*//;s/[;&|]\s*alert$//''')"'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l='ls -CF'
alias la='ls -A'
alias ll='ls -alF'
alias ls='ls --color=auto'

Try switching accounts

I've just been told to log in as Alice

Who should I switch to?

You need to look around the file system

See what you can get

Clues

Or if you're stuck move on

and come back to it

lol got it

I switched accounts too early

Hello! Is it possible to re-upload a VM if I want to update it? Also I was wondering if I could try my own questions without getting the points, on the room? Thanks!

Hey, you can re-upload but you will have to delete your question (one with the material attached) and recreate it

I can update it manually if need be

So yes, if you want to re-upload it, let me know and I will change it for you 😃

Oh and you can't do your own room without scoring any points.

And its awesome you're making a room!

Oh thanks, I will let you know when it's uploaded 😄

No problem man 😃

Privesc is a pain!!!

Hi 😄

hi

Hey all

How're we all?

trying to get familiar with privilege escalation techniques but failing

Hmm

Its something we can explore adding

If you haven't already seen them, I suggest watching some of the video on IppSec's channel

He does HackTheBox walkthroughs and they have really good content going from entry to priv esc

Oh yeah

I've seen his videos

They're pretty cool

Why is it failed?

@thorn badger "Connection Timed Out" would lead me to believe either the IP you entered is incorrect (typo?), the system you're targeting is blocking access to port 445 or there is no service on your target running on 445

Port 445 is ‘SMB over IP’. SMB stands for ‘Server Message Blocks’. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.

Maybe it's not a Windows box, or maybe SMB is disabled?

@dense ivy it's the blue challenge on tryhackme . It have open smb service and it is windows system

Now what's the issue with metasploit?

Also, if you want to play with that smbv1 issue there is a nice write up on blue ;D

Oh I just noticed this announcement "If you make a room for others to use on the site, you will get a TryHackMe site award, t-shirt and sticker." - does this mean I'm eligible for a t-shirt and a sticker :D?

@wet shard yes

Yaay! I love goodies! How does it works, do I need to send you my address or something? (I don't remember if I gave it on the site or not)

You can send that, your credit card number, and those wacky three numbers on that back to me for that shirt ;D

@wet shard

@rigid oxide irl

Wait, how'd you find that picture of me online?

The power of OSINT

OOOF

@woeful stone was there a particular linux enumeration script that you liked for bookface? I'm trying to make sure the write-up I'm doing is beginner friendly and LinEnum didn't grab what the versioning information that is necessary for escalation in this case

Also making sure I don't have any non-sequiturs within the write up lol

Nope, I follow a priv esc checklist :) check sudo, check SUIDs, check world writeable files and then finally check the kernel version

After a while you start to spot SUID binaries which are out of place and remember kernel/program versions which are vulnerable

Makes sense, I think I need to personally get better at following a good priv esc checklist and that'll probably help out. I'll add a blurb in the write up regarding checking for those items prior to the online check regarding the item that has the vulnerability. Thanks much!! 😄

https://failingsilently.wordpress.com/2017/08/07/privesc/ can't really go wrong with this one :)

brb pinning that in my browser lol

@woeful stone ran that binary check and it worked like a charm! Thanks again!

I wonder if anyone would point out the right direction for solving level 2 hash #3 of this room https://tryhackme.com/room/crackthehash. I am not quite sure how to work out the format of this hash.

Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

Salt: aReallyHardSalt

Rounds: 5

@neat ether $6$ signifies sha512crypt 😃

I found this wiki pretty helpful

https://hashcat.net/wiki/doku.php?id=example_hashes

for the hashes

Hey, noob question, I am attempting the basic pentesting room and i have connected my openvpn and deployed my vm, but it would seem that my vpn is connected on a 10.8.0.0/16 interface, but my vm is on 10.0.0.4? Shouldn't I be on the same network as it or am I misunderstanding something?

You are actually! The entire 10.0.0.0/8 subnet is the network

Good question though!

try pinging your box

No response

Is the VPN connecting properly? This can take a few minutes sometimes

Also, try running an nmap with the -Pn flag set, see if it maps

that box in particular might not allow pinging

Also, Skidy will likely be up in few hours and can help too

He'll be able to check it from the admin end

The VPN seems to be properly connected, but to a different network segment from the vm. I'm not sure if that's how it's supposed to be? Should I change the net mask of my tunnel adapter

No, don't change any of the VPN settings from the defaults. This is a split tunnel and the config file does all the work for you on that end

The netmask will be inherited on the tun0 interface right after connecting

Try a different room, I know blue will respond to pings. I'll ping Skidy too and he can have a look from his end

@deep trellis

One way or another we'll get ya all sorted out

hey thanks!

No problem at all! VPNs can be finicky beasts sometimes

do i need to download a vpn config file for the other room?

nah, it'll just be your master one for the site

okay

It may be worthwhile attempting a redownload of that file to replace the old one

Are you running it on Windows or Linux?

linux

parrot

Gotcha gotcha, are you connecting via the cli one-liner?

yep just openvpn ./maibes.ovpn &

Try just this in a terminal: openvpn --config /path/to/config

and leave that running

okay

bg'ing it can be problematic sometimes and doesn't always work with the 30 minute time out on the vpn for inactivity

I suggest running that in a tmux pane, I usually remote into my box and just pull it up in a tab and kill the vpn when I'm done

my tun1 ip is 10.8.1.130 - 255.255.0.0 and my vm ip is 10.0.0.102, does that seem right?

yup yup

okay\

that's fairly standard, just keep in mind you can also only have one device connected at a time for the vpn

just to be clear, the challenge is on the deployed vm right?

shouldn't matter with only having the parrot box connected in this context but good to note

yessir

so i have to go through a default gateway to reach the vm?

yeah, the vpn should configure the split tunnel aspect of it automatically

if that is misbehaving, spin up a live boot of kali and try that for now

oh, i have to look up how that works

okay

that way you'll at least be able to have some fun and work on the parrot box on the side

ill give it a shot thanks

yup yup, ping me if that doesn't work

kay!

oh yay

i changed the default adapter settings from the parrot os vm image defaults, rebooted, and now it works

(im running it in vmware workstation) - thanks for your help!

No problem at all! I'm glad it working!!

$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom Anyone got any tips for solving this one. All i know is bcrypt. I don't know if im using hashcat wrong.

I'll give you the hint that it isn't bcrypt

(The hint is somewhat misleading on that for how to actually crack it)

I also keep getting this. Will this affect my chances I can use --force but I feel like that just aimlessly does stuff and then closes without any result.

Anyone know how to make my VM use my GPU because 26days to go through the whole of rockyou.txt would take me a bit.

Remind of this later and I can try to find the doc on setting up the gpu drivers for that. If you increase the gpu memory of the vm it might help in the mean time

Good evening! I think this is more of a question for @deep trellis , I'm writing content for an offensive security training session for devs and offsec enthusiasts, do you think TryHackMe could be used in this context ? Is there a way to create some kind of room "directory" with only the rooms for a specific session for instance ?

Yes, that's actually coming very soon :)

Like "Web" or "Forensics" etc .

And we will have "Paths"

Paths are a chronological rooms to complete

Oh I see https://tryhackme.com/paths/ ! Cool!

https://tryhackme.com/paths

You found that quick 😃

Its still in development

Haha yep I noticed, I didn't touch anything on the page, don't want to break the site 😄

Aha 😉

Its not functional yet

When doing the fowsniff room I'm using the pop3 login msf module. I understand that the user im looking for would be siena but I wanted to try going through them all but after the 3rd attempt it stops giving me error messages which I'm assuming means the server blocks the attempts anyone know how to get around this?

I understand I could do it manually but I thought for future uses I would ask.

@onyx merlin I will answer this tomorrow :)

@inland vessel Talk about your OpenVPN issue here

First I watched your video, then I ran this sudo apt install openvpn

Okay yeah

I always seem to take something this is so simple and over complicate it lol

Yeah no worries man 😃

did you do:

sudo openvpn "your file"

command not found... LOL.... Let me try it over from the start.

Ah yeah, its probably not installed properly

Or installed as root

sudo apt-get install openvpn

Run that

Shoot... Now its worse. I think when I installed brew I messed something up

sudo brew install openvpn

Error: Running Homebrew as root is extremely dangerous and no longer supported.
As Homebrew does not drop privileges on installation you would be giving all
build scripts full access to your system.

run is as a normal user

IT seems to be installed "Warning: openvpn 2.4.6 is already installed and up-to-date
To reinstall 2.4.6, run brew reinstall openvpn"

Hmmm

Okay, so if you;'re running the openvpn command and its not finding it, its probably not in your path

@inland vessel

https://apple.stackexchange.com/questions/203115/installed-openvpn-with-brew-but-it-doesnt-appear-to-be-installed-correctly

Follow that, it should add your openvpn client to your systems path (basically, it will tell your system/terminal where to look for that program name)

Thank you!!!! I will give it a shot once I get back. I have to go run some errands.

No problemo!

After following the steps on the page you shared, I was still not able to get it to work. I went with another recommendation on that page. https://tunnelblick.net/index.html

It seems like its just a GUI for OpenVPN.

You have an experience with Tunnelblick

It shows I am connected now. It seems to be working using Tunnelblick... Thank you for sending me to that page.

Oh nice, its awesome you got it working 😃

👍🏻

I have completed all the questions for Basic Pen-testing but I’m still at 91% completed @deep trellis

Oh really?

Can you please screen shot it?

Whats your username?

username: stayofftheweed

You have not completed question 4

Oh, thats odd.

...

My DB says you have not completed this question

🤦🏽‍♂️

Thats a really weird bug

Rod, I have just tested it and it works. This is really weird. Mind logging out of the site, then back in?

Ok the issue was on my end. I didnt know that I had to physically "click" on the completed tab for it to register. All good now

Ah, yeah, Ill make that more clear in the future.

no worries

@dusky plinth Does it take a long time to register for you?

Like when you click it, it lags 2-3 seconds before telling you

mhhh there is a slight delay I wanna say

~1 second lag

~

Oh wait, Chrome makes it lag badly. Firefox doesn't

Weird.

im using Firefox on Kali vm

Ah okay, thanks 😃

@rigid oxide teach me to setup the drivers :)
https://i.imgur.com/ciEa6Xj.png

Thank you for the reminder xD I'll see if I can find that article quick

Btw you can force hashcat to run anyways by adding the --force switch

Yup

However it's very slow I am not sure if it's due to having old graphics card or the drivers

Like it took it 10mins to get 2040 combinations

GTX 960M

So the trick is getting linux compatible drivers for the gpu and making sure to pass it through correctly, it's a little iffy

that's not too bad for a gpu, shouldn't be uber slow

Lool https://i.imgur.com/ZIfQEnQ.png

yeaaaaah, desktop cards are a lot better than m cards

https://www.secjuice.com/how-to-build-a-cracking-rig/

This isn't what I was looking for but it's a nice start, I'll see what I can do on more details

Thank you kindly 😃

yup yup!

https://tryhackme.com/room/rpnmap
How about if I want to scan every port?
#12

Can someone tell me the answer I would just do -p 0-65535

-p- is shorthand 😃

🤦 couldn't find it anywhere thank you 😃

@deep trellis Hello, I was wondering if there was a way I could change my username on the site. Thanks

At this moment in time, it's not possible to change your username.

ok im trying ultratech
cant believe im stuck on task3
i must be overthinking

can i get some help or some guidance 😂

idk if anyone remembers me i was quix

i think i may might of found it

i was forgetting to look at the source

do i need to get a shell for the last part of ultratech?

or am i really overthinking

I haven't completed it quite yet but @wet shard might be able to help since he made it

what part are you on

and i might be on the right track but i feel like its overcomplicating it

i could be of assistance to you 😄

I don't want to give spoilers, I'm at the point where I'm examining part of the api

just haven't bothered yet lol

oh ok

yea that was weird

yup yup xD

the power of the source is within you

😂

If you do any of the rooms I made I can definitely help with that lol

what rooms did you make

Blue, VulnOS, RP Nmap, RP Nessus, and Car Hacking. At least those are the released ones

I highly suggest doing blue if you haven't yet, I've geared it heavily to being well guided

oh i was going to do blue next

oh u made all the new ones

aweet

most*

Keep in mind with that one there's an official write up linked on that room that should help out

isnt it beginner?

oh the one im on?

yup, the write up is more to give a 'nudge' (blue that is)

oh ill be ok 😄

i hope

Nah, Ultratech is medium

https://tenor.com/view/late-late-show-james-corden-fingers-crossed-wish-gif-12171764

i mean blue

oh yeah lol, that one is beginner xD

well @wet shard i summon you

im sooo stuck

https://tenor.com/view/angry-anger-pixar-inside-out-aaah-gif-5628546

wtf

and now ssh works

https://tenor.com/view/rage-gif-4514235

yea im quiting till @wet shard is back

He's probably asleep at the moment, I'm sure he'll get back to you in the morning since you know, he's been pinged four times and probably doesn't need to be pinged more lol

@zenith obsidian @wet shard Can you help brute?

@deep trellis i just got home from school

im stuck on the final part of Ultratech

Hmm, when @wet shard comes on, he should be able to help you

wtf im doing basicpentesting and when im hydra ssh

Hmmm

If lp1 doesn't answer tomorrow I'll figure it out brute and help ua

ok

this one was different

but ok,

Hey ! @zenith obsidian

Sorry, I'm not at home atm 😄

I'll dm you

There's no bruteforce needed though 😄

I'll add more questions to make it more user friendly as soon as I'm back home (in 5 days)

Oh the bruteforcing was for a different machine

Ooh okay :D!

Does anyone know if VMware Workstation allows for USB devices I'm trying to connect a WiFi Adapter to my Kali Machine and whenever I do ifconfig the wlan0 won't show up any one have any guidance. I know that VirtualBox has an easy method so I might migrate over to that.

Hmm

I just think I'm being dumb. But honestly this UI to me isn't intuitive

If VirtualBox has the option, VMWare will

Well I added a network adapter that set to bridge to my adapter but in ifconfig it gets displayed as another eth instead of wlan and doing netdiscover finds nothing leading me to believe that it hasn't worked

hmm

I amnot 100% sure sorry

Maybe someone with more experience can help

Why is it so hard to find decent understandble documentation for these issues its either complete tech jargon. Google just brings me to a terrible online forum that says just go into the settings and click it well what if its not there oh no further support yipee. All the youtube videos seem to want me to download this thing called compat wireless. All the links I click seem to be dead however so I can't download it.

I would say is it a driver issue, but if you cant find anything about the device even on the VM, seems like its something deeper

Might be in business found a video that uses my exact wifi adapter

Hours later and I broke everything 🤣

^that's about how my experiences with drivers goes with wifi on vms

My kali no longer displays the desktop picture or any icons 👍

rip

Its a blessing in disguise because now I can switch to VBox instead of VMware because honestly the USB option seems great

I'm a vmware shop guy but VBox is what I prefer for doing THM work

Probably could do the same in VMWare but I'm too dumb and VBox seems to have more online resources and guides

since it's supported well on this site and it's easier to just use what everyone else is using for that

yeah

VMware is nice with the server setting, that's what I prefer on that end but VBox is nice on client side

Yeah I tried doing an ethical hacking course while using VMWare while the instructor used VBox my experience was horrific.

^that's one trick I've always found, always match what your instructor is using

and if it's on windows, use windows

but I wanted to be a cool linux man....

I remote into my box and just use pure linux that way, but I'm also fully willing to suffer my consequences of shit breaking and having to resort to my windows based backup

All I want is to see my glorious wifi adapter in action monitoring and packet injecting my sweet home network.

I don't want to turn this channel into my own personal tech support but anyone know why I can't sign into youtube it redirects me to /oops without any info even though I'm signed into my gmail.

Now that was certainly weird I clicked sign in got redirected clicked sign in and then after like 10 iterations boom it worked

hmm

I don't know either if I have 2FA do I need a password for youtube because I know there is an option??

Since YouTube is part of Google it has MFA

via your gmail

Yeah probably just some weird bug would be cool if I could replicate it still persisted after I cleared cookies. Just weird that it worked after clicking it so many times.

am i just using the wrong wordlist for Basic Pentesting

cause i cant seem to get the ssh pass

Hi again :D, the password is in ||rockyou||

lol i was using it earlier but i didnt think it would have to take aslong 😄

Anyone know of any tools that can be used for Weebly sites like WPScan for wordpress?

ultratech really slow for me

@slender breach Hi! Which operation(s) are/is slow on UltraTech?

If i need Support for CTF im right Here?

@patent arrow whatcha need help with?

With the CapterTheFlag Task 2

I extract the File an in there is a File with a hash, i tried to decrypt with base64 Decoder

lemme ping @little yarrow

@patent arrow try not to discuss sensitive things in public 😁

Also you can DM me whatever issue you are having

Ok, sorry about that 😅

Car hacking 101 scoreboard gone

That's intentional, it's a simple room since it's only one question

For the learning Burp room I followed step 1 and added the certificate but now I get this error on every site I try to load

All good got it apparently you can't use Java 11 so had to downgrade

Can I ask an hint on one challenge of crackthehash?

@half quartz yup! I'll DM you

hi, someone can help me with ultratech room?

That'd be @wet shard 's room

Ok, I'll talk him

https://linux.is-ne.at/yEbPWt

I cannot crack this for some reason.

Any help?

Nvm, got it.

Awesome, what was the issue?

@deep trellis

Hi all, I am trying https://tryhackme.com/room/crackthehash one of the challenges is to decrypt this: `
Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

Salt: aReallyHardSalt

Rounds: 5 So far I have found out its using sha512crypt and I am using the RockYou list and using hashcat with the command./hashcat64.bin -O -m 1800 -a 0 hash ../rockyou.txtthe hash I am decrypting is$6$rounds=5$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.`. Any hints would be apprecated !

@rigid oxide might be the best person to answer this one

@deep trellis figured it out with help from @opaque cape

Ah awesome

You have to miss out $rounds=5$

. Which I don't understand

Hey guys! Trying my first Tryhackme machine - the 'basic pentesting'. I can ping, scan the machine etc, but I can't open up the link (by typing in th eip) in my browser.. any ideas on to why? Its just loading, and ive tried resetting the machine and even buying vip 😃

Hey, thats awesome to hear

Are you connected to our network using OpenVPN client?

Yes i'm connected and have successfully scanned the services of the target machine (with nmap). It says port 80 is open, but I cant access it on port 80 from the browser

What does the website say when you open it in your browser?

nothing - its just loading forever

Can you try another browser?

2sec

Work?

yeah. I had burpsuite on with intercept - which is why it wasnt loading... thank you!

Ah okay, thats awesome!

Any questions please let me know

Will do! Thanks 😃

hi i wnt to knw how do i knw that my room is in competition ? and its current position?

Hey Whiteheart,

We will make all final decisions on the competition on Wednesday.

You room has been entered though.

ty

Hi @deep trellis when the results will be announced ?

??

I'm sure he'll announce it later, I believe it was 6 in the morning at the time of that first message for him haha

Yeah timezones sucks

I'll take third for making a sadistic room lmao, JoyStick was a very fun one to design overall

@deep trellis thanks much!!

(I'll release a write-up and author's notes this weekend since it's been rooted)

The "CaptureTheFlag" room, task 1, is confusing me. The hint mentions a command for finding strings but i've no clue what it means, is it refering to a commonly used program?

Ea

Yea

strings <file>

Extracts strings from files

@pulsar sundial

in what program?

You are provided a file and you have to look for the flag in that file

strings is a command on Linux system which print out all the human readable strings from any given file

So you have to use that command to print out string from a given file in the task

@pulsar sundial

cheers x

yeah okay, once I knew about the 'strings' command was very straight forward, cheers

Yeah

is there a writeup for crackthehash yet? Stuck on Level 2 Q3

The new room isn't accepting the pass?

Am I just being an idiot

Private message me and I will see if you;re getting it right

Oh wait, message @vapid dawn - Just seen he is online

I'm having the same password problem - am I the issue or am I missing something?

@vapid dawn can you fix?

yep just checking now

know what the issue is - just trying to fix it now!

Thanks :D

Thank you!

@pulsar sundial @naive dust it should work now

try with the user tryhackme instead of ubuntu

Thank you!!

It works

drop a message if anything else 😃

I still can't get in, doing tryhackme@IP with password 'reismyfavl33t'

try terminate your machine

actually wait

and deploy it again

yeah i just thought of that

probably a good shout

redeploy your server

yeah we updated the image it used so you need to redeploy

yeah makes sense

Perfect, cheers!

can I ask a question for crackme2

yeah sure

For the tryhack me classess, what do you do if you are a complete begginner and there are exersises that you do not know how to do?
Sometimes there are writeups
but no one answer the chat

Try HackMe classes?

Sorry confused

yes

I think he means rooms

yes

Oh right, you just join the room to get going

Room=Class 🤔

If you have any questions about what to do you should ask them here @forest karma

ok

cool

the chat sometimes works if anyone is online

Can anyone recommend me the best VM for osx??

What do you mean?

VMware

@pulsar sundial

Oh

Yea

VMware

yeah thought so, cheers lads

i have tied

so hard

but i guess there is a connection isssue

it has been 8 + hours

can someone save me

?

whats ur issue?

open vpn?

idk

i downloaded

the config file and all

fired up the basic pentest box

and enum4linux or smbclient not working

worked for everyone to who i asked for help

what do you mean by 'not working'

it is just showing a weird error

can we see it?

where did you get that IP?

from the site only

the ones I get from the room usually look like 10.0.0.X

when i deploy the machine

guys who got such ips also didnot have problem

it worked fine for them

does it respond to pings?

yes

it has been responding to oings

are you running a VM?

*pings

no hard dual booted kali

ok so you're running the openVPN connection on the same machine

hmmmmm

yes

not sure mate, wish I could do more to help, I'll check out the room myself just now

its working for everyone

literally everyone

hi

it worked

i changed my network

to a mobile 4g network

and it worked like a charm

it was my IP vendor's firewall

huh thats weird

aaaah damn

fucking vendors

well glad you got it sorted bro :D

9 hours man

thanks a lot bro

now i can sleep

😃

omgosh I think im getting the same error as you LOL

let me switch to my 4g

worked for me too lol, glad you suffered through it so I didnt have to xx

I'm glad you were able to get that figured out at least!

Haha

So finally we got the fix xD

It's okay, we are here to share.

I am just glad the suffering has ended after 9 hours.

Now can sleep like a little puppy

And not give a damn

🐶

And you are glad, I suffered. Lol, what world is it now lmao ? XD

you suffered so i didnt have to, a cyber security Jesus

Lmao xD

Glad to see you fixed it @naive dust

the "rank" on my profile, out of how many people is that out of?

See the dashboard

It will state how many people are on the site

ooh yeah, cheers x

forgot this page exists lol

Rank 15

Not that horrible

I shall improve it

What do the levels mean?

Its the rank you get when you get points on the site

It says I get privileges but I notice no differences

What level are you?

8

I will be releasing an email about levels this weekend

If you have not already noticed, there are a few extra things you can do...

You just have to find them

Ooooo

Fun

Yeah, Ill make it more obvious this weekend when I send an email to everyone about it

Use this instead: https://www.vmware.com/products/workstation-player.html

I'm a VMware shop guy myself anyhow, this is a free single VM (at a time) program that'll be easy to work with

@novel rivet

@deep trellis Thank you sir 😃

ok thank you im going to bed now will work on this when i get up. thank you @rigid oxide

No problem! Let me know tomorrow if you need more help!

ok just to clarify use that link provided to download virtual box?

I'm having you use 'VMware Player' instead

Better Mac support

ok thnx wioo message latwe

sounds good (I think) haha

sorry will message later so tired lol

sounds good xD

for the "joystick" room, how hard should i be reading into the title?

Hi @rigid oxide I've tried downloading VMware player but it said couldn't find an application to open it. Very frustrating at the moment just wanting to get on some hactivities 😭

https://youtu.be/lEvM-No4eQo

Use this to install Virtual Box my friend

Don't be scared to use Google ;)

@novel rivet Good luck !

Hi thats what I did and it still came up as not finding an application to support it 😦

ill try again

Follow the video. You are on Mac OS X right ?

hi im on MacOS mojave

still follow the video?

Yes. I think, not harm in trying. I don't have much experience with Mac OS Mojave

But still.

Let me check.

ok thank you ill try again quickly here

:)

okay found out why it didn't download i found out from this link: http://osxdaily.com/2018/12/31/install-run-virtualbox-macos-install-kernel-fails/

next question if any help. what should i really do now since the guide on tryhackme says download OpenVPN. what would be my next step? sorry if that sounds like a dumb question I'm quite new to all of this so just trying to learn

do i need to do something with my config file(like download)?

$sudo apt install openvpn
$openvpn your_config.ovpn
--snip--
Initialization Complete

Then click on deploy, you'll see the IP of the room and you're good to go.

put that into terminal?

Yup

okay thank you

There's a good YouTube video on config setup, have a look.

Isn't that supposed to be for Linux machine?

Or does those commands workon mac OS also ?

not sure. I'm still having trouble with terminal not accepting my account or apple ID password. Not really sure what to do from here.

You already booted Kali on Vbox, right?

no i have not. don't know how to do that tbh.

On mac, pretty sure you can use brew to install openvpn

@pulsar sundial would that be the reason terminal won't accept my password? I have downloaded VirtualBox

Tbh an HP brand laptop tomorrow with windows 10 on it. Its cheap and just use it for all my projects and will be probably easier to download everything I need.

Can anyone give me a pointer for 'crackthehash' level 2 question 3?

DMed you @pulsar sundial 😃

Hello there, it appear that the given is not in 10.x.x.x. (my tun0 showing 10.x.x.x).

Challenge: https://tryhackme.com/room/basicpentesting

with 34.x.x.x, the SMB (port 445 or 139) are filtered. Is this a bug?

The tun0 will be your VPN ip

And the 34 one is you machine ip the one you deployed

They will be different

Also maybe try to first ping the machine

And then run nmap just on those ports

Hi @little yarrow thanks for the reply. The ping on 34.x.x.x is successful. However, the SMB ports (required by the challenge) are filtered.

funny thing is i thought both ports are suppose to be unavailable and i try exploiting the port 8080 using struts2_rest_xstream but end up empty session.

Yup, i confirmed that the deployed 34.x.x.x machine is public ip. Can be access without VPN.

The IP details

Have you tried to terminate and re deploy it ?

yes, a couple of time. Still getting a public IP

Mk im stumped

I don't know the answer to lord of the root task 2 question 2

I rooted the box but I cannot figure out what the answer to this question is

@deep trellis

i've seen multiple people getting public ip's for that machine

I did too @steel bobcat but the port did not appear to be filtered

have you tried nmap -sC -sV -oA ?

Ah, I have contact @vapid dawn to update that room to be private ips 😃

Should be fixed soon

😃

Thanks for reporting

@restive spear Now i realized that I'm using my VM for the task but my VPN is activated on my host computer instead. Yup, the SMB port are open, my bad 😦

@deep trellis you are welcome 😃

!leaderboard

@last olive fantastic work!!

This reminds me that I have to complete some rooms, lol.

same haha

!leaderboard

Thats awesome

@last olive did a fantastic job on it!

Can we make Box Bot's Avatar TryHackMe's?

yup yup if you want

Just send me the asset you want me to use

If you wanna make a site mascot, I can always change the asset to that as well

It couldn't be possible if @naive dust and @rigid oxide didn't helped me.

ok so here is a target !leaderboard

just few days to go ....and my hibernation will end

😈

o.o

!leaderboard

ouch

that response time

leaderboard

!leaderboard

3 seconds

It's parsing

Good ol' python lol

parsing shouldn't take that long

!twiter

!twitter

https://twitter.com/realtryhackme

I believe that one is also partially due to the api response time

!leaderboard

!leaderboard

Seems fine to me

!leaderboard

3 seconds

Its not that big a deal?

!leaderboard

Thats pretty good tbh

!rank ben

Thats not done yet

O right

Am I doing rank or is robin? @rigid oxide

Take a look at the test server, he got it all done

It's actually done, Robin finished it pretty quickly

Oh ok then

Ok lord of the root is infuriating me

I cant figure out how it wants me to answer "how do you discover hidden ports"

I know how to discover hidden ports i did discover hidden ports I solved the bloody box

But every answer I give it rejects

@rigid oxide I'll take that hint pls

task 2 question 2?

Yep

1 sec

The only thing thats preventing me from getting all green

"port kn******"

Oh

poop, it's removing the extract *s

yeah

it's a simple one that's just pure terms

All green

Finally

Thank you @rigid oxide

nice and yup!

hi im trying to kali linux into virtualbox at the beginning when i select type do i select linux or other?

Did you extract the file?

The .7z one you downloaded

yes i believe so.

not sure maybe?

Did you?

Is there a folder with the extracted files

If you didnt

And you dont have 7zip installed

Download and install 7zip

Then right click the .7z file

Hover over the 7-zip

And click extract files

ok ill do that

ok thats done

should i still select linux on type then 32bit under version?

If you extracted it

@unborn shard isnt there a .ova file inside

ive extracted it but dont see a .ova file

What files do you see?

A screenshot would work aswell

did i download and install the right one there was a Download 7-Zip 19.00 (2019-02-21) for Windows: or
Download 7-Zip 16.04 (2016-10-04) for Windows:

i did the first

You clicked install now?

yes

Ok

Go back to your downloads

And extract the Kali 7z file

You should just be able to right click

Hover over 7z

And click extract files

Tis the simplest way

thats what i get when i hover over it

Oh ok

So there is an ova file

Ok

You see that kali

Orange box

yes

Double click it

It should just open up in vbox

thats what happened is that correct?

Yep

Click import

And your good

ok thanks its trying to start importing now

so i should be able to open vb andeverything just be done right? i can start using termininal?

Mhm

perfect thank you

i failed to start it

Oh

Do you have virtualization enabled in ur bios

ill have to check just a second

I'm on my mac now but im in BIOS and don't have the visualisation support option

virtualisation*

i think i read that windows 7 doesn't support it and maybe i need to download hyper-v?

Windows 7 supports virtualization

It depends if your cpu does

should i try to download or what do you think next?

sorry the hyper v?

shoot i just read hyper v isn't supported on windows 7.

actually not sure now lol, sorry

You can research your cpu and find out if it supports virtualization @unborn shard

i just checked it doesn't support it smh

any suggestions?

https://tryhackme.com/room/kali

Is an option

You can even use your browser to connect to kali

Control Kali with your browser

any1 i can ask for the wirshark challenge by Ben

That'd be Skidy question I believe

thanks man

@naive dust Ive used that link you provided and I have access now should i just use terminal from my windows button?

nevermind im not that far yet. But since ive im tryhackme's kali machine i can just open terminial on my computer and start on bandit now correct?

If you've got a terminal then go nuts

ok perfect so since im usingt the kali machine does my temrinial just assume im running on kali linux? just a typical question here

only reason i ask is because opn bandit it said to bring up a list of commands i need to type man<comman> and my terminal didnt recognize it

so it made me wonder if im doing it right before i dive deep into this bandit stuff

What

No

That's the windows command prompt

Not the linux terminal

You have to ssh or rdp into the kali machine

@unborn shard

oh 😦

is there instructions on how to do that?

🤔

Yes

lol @little dragon im a beginner lol

I can see that.

https://www.putty.org/

An ssh client for windows^

One must understand basic linux usage .

Yea @little dragon

Ssh is your friend

Once he gets set up

Hes gonna do bandit overthewire

@unborn shard download that

ok downloading putty now. thanks

done now

Ok

So it gors

<username>@host in the hostname box

So they give you credentials

And once you hit ok

They ask for a password

Enter it then ur good

type username or pick one?

and ok

Yes

They give you a username on the page @unborn shard

ugh that didnt work and now im getting this when i try to open it

got it back up

gonna try again

Why are you running the installer again?

is working

Ye it works

Hes just getting everything set up

thats what it said when i hit ok

What did you put in hostname?

<username>@host

No

bandit.labs.overthewire.org

the hostname

Your supposed to replace username with your username

And host with the actual host

bandit0

you mean my tryhackme username?

Overthewire is not affiliated with try hack me

If you want to directly connect to bandit

so how do i find my username?

If you just want

To connect to bandit

https://overthewire.org/wargames/bandit/bandit0.html

Use those creds

Oops, my bad

If you want to connect to your kali machine first

Then use the creds tryhackme gives you

In this case user: root pass: toor

okay ill just go with bandit first but how do i find my username bandit has given me the host which is bandit.labs.overthewire.org and a port number

so it would be <username>@bandit.labs.overthewire.org

nope

just bandit.labs.overthewire.org

username is not require for overtherwire

ah ok ill try that quickly.

Yes it is

In this case

bandit0 is the username

it came with this now

click yes

is ssh fingerprint

you will be directed to user and pass

^

user: bandit0
pass: bandit0

And then you're good to go

and find the flag

it says login as:

and thats it

should i just put user: bandit0

yes

just put bandit0 as the username

access denied on password

your password?

what have you put in

yes i put bandit0

now ive lost conmnection says inactive

i see the problem

login as: bandit0

not login as: user: bandit0

You have to change port 2220

If your using default it will fail

https://overthewire.org/wargames/bandit/bandit0.html

read the instruction

Change your port

got it

Great

Woohoo

lol finally thanks for being patient

You can move to level 1 now

https://overthewire.org/wargames/bandit/bandit1.html

okay perfect quick question.

for tryhackme since i have a kali machine would i just put in the ip address theyve given me? and what port number would i put? and for username and password should i use my tryhackme usernme and password? just so when i done with bandit i know how to login without bugging you guys

huh?

I can't confirm with you since the room only available for subscriber.

ok thank you

guys I connect to the VPN successfully but can't connect to any machine, please help

Try a different room. If it's basic pentesting, that one has had a public ip for a bit and is misbehaving

Alright let me check

other machines don't work either

I also tried an open source (older) version of openvpn

that doesn't have an effect

Any openvpn error when logging ?

Try sudo openvpn

@wet shard not anymore and still not working

@scenic iron I did this in all my tries obviously

also tried different openvpn versions

Did you verify your Vpn IP?

how would I do that

ifconfig

In a terminal

it says running under tun0

Right, what up did you get?

Ip*

10.8.3.101

What is the box IP from the room?

I'd have to re-deploy just a moment

10.0.0.104

Just try to ping it first. Deploy the box and give it about a min to boot up.

alright 60 seconds

Just see if you get a ping response

Or run a quick nmap scan ping or try a scan without ping.

ping doesn't work

What distro are you using as the attack machine?

Ubuntu

0 hosts up no ping scan

maybe I'll try this on windows to see if it connects

so I could at least pinpoint the cause

Huh, works on windows

must be something with openvpn

where did you get yours from?

I run kali linux on a raspberry pi

oh

well my openvpn is acting weird on ubuntu then

downloaded from package manager

I also built a different version from source

neither work

https://tryhackme.com/room/kali

You could go that route.

first of all I need to subscribe and secondly if I could get the VPN working I wouldn't need that would I

maybe I'll install kali though

Okay, no need to be rude. Just trying to give you options.

Installing kali would be better.

yeah I think I'll install Kali since the whole point of me using linux is for pentesting and stfuff

sorry if I came out rude, it's just my culture, very straightforward

Also ParrotOS is a great pentesting distribution.

Isn't Kali like industry standard?

But kali has tons of support

yeah that's what I expected

@little dragon Thanks for giving support 😃