Alright

Hello?

can I loggin the website throughout Kali OS

I mean my laptop is dual boot ( Windows and Kali)

Hi

I need help I can't signup

Please help me 😪

Stupid question

But I take it you filled out all the fields @dusky canopy

If so have you tried signing up from a different device?

@dusky canopy I have found the issue and am uploading the fix as we speak - I updated a filter function and it messed something up.

@dusky canopy Problem has been resolved, can you try signing up again?

Could anyone provide some ideas to help me solve some of the tasks in the forensics room? Specifically Task 2#2

Hey :D, just came across the site and wanted to try the web fun path, after subscribing it says its and example ? is not a complete course etc? Ta

Hey there D3fault, first off its awesome you found us 😃

The "Paths" have a very rough guide and is fully functional. The message at the top needs updating along with some of the information within the Paths.

I will have this updated this weekend to reflect the full course.

Just needs updating with the relevant information,

Ok perfects thanks, will get cracking then 😄

cheers for the quick response

Awesome, any questions let me know!

And no problemo

will do , Cheers

Im trying to deploy the vm blue but with no sucesss anyone else had this problem?

Hey

Whats the problem, it won't deploy or you cant access the machine?

The machine gets deployed from what i can tell but all ports are closed ...

Are you connected our network

Using OpenVPN

yep :p

Can you try deploy another machine on the site and see?

Just deployed Mr robot and that seems fine

I didn't make the blue room

Hmm, what ports are suppost to be open?

I dont know im just going to try third time

okay that worked

weird

Ah I'll take a look tomorrow

cheers

No problemo :)

Blue is meant to have a eternalblue bug but it appears to be oatched :p

False

I can promise I took a blender to that machine

@gaunt vessel

Okay...

could someone help me out with c4ptur3-th3-fl4g Task1 #10? I don't know what I'm supposed to do there

#10 of task 1?

yea

I’ll pm you

Hi everyone I have a question. It's something I need to ask tryhackme.com and I have just waiting for email response but thought I'd ask to see if maybe you all might be able to help quicker since in waiting. But I'm using tryhackme's kali machine web browser and I was wondering if I could download parrot OS on the kali machine web browser?

Does anyone have issues connecting to boxes?

No issues connecting to the vpn, but i seem to be having issues connecting to the box/machine. Just sits there loading and times out

Hey @unborn shard we only support Kali for now

Hey @naive dust what box are you trying to connect to?

MrRobot Machine @vapid dawn

I've also tried tunnelblick, still no luck

hmmm that's strange

I think the VPN can glitch sometimes

If you have a continuous problem with it let me know

I'll give the box another try tomorrow morning : )

Yep just DM if you have ant problems :)

Will do, thanks a lot

Good morning. I'm a cyber sec teacher. I want to know how TryHackMe will help in my class. I need to know if my students will need to be subscribers too

First, welcome @tribal ibex !

Your students can do many of the activities on the site for free (including every room I have created)

This includes items such as a walkthrough of running MS17-010 to learning how to use nmap

@tribal ibex feel free to shoot me an email if you have any specific requests for rooms or if you have any questions about the site! My contact is darkstar@darkstar7471.com

@rigid oxide Tks a lot

@tribal ibex depends on your curriculum

We're happy to recommend/create material based on what you need

And some of the content may be subscriber

@vapid dawn I'm willing to subscribe myself but I think my students may not affordit

So if you shoot me or @deep trellis a DM as well

We can work something out :)

Wow, so many answers in such a short time.

Oops sorry for hijacking - @rigid oxide has created some amazing content and has some brilliant insights so he's definitely worth talking to as well

Aw gee, shucks lol

im wanting to install a kali linux machine and parrot security machine into virtualbox. do i need to download the latest verison of openvpn before installing those two?

nevermind ive figured it out, sorry.

any way to save the results etc from enum4linux to a .txt?

i tried doing enum4linux IP > enum4linux.txt at a folder I created but got this:

➜  enum4linux enum4linux 10.0.0.45 > enum4linux.txt
Use of uninitialized value $os_info in concatenation (.) or string at ./enum4linux.pl line 464.
Use of uninitialized value $users in print at ./enum4linux.pl line 874.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877.

i didnt have these at the first time I ran enum4linux

Enum4linux ip_address output.txt

Try this

@naive dust

thanks

quick question regarding SSH

➜  USERNAME ssh -i id_rsa USERNAME@10.0.0.45
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0770 for 'id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "id_rsa": bad permissions
USERNAME@10.0.0.45's password: 

i got a private_ssh of a user for a task in Basic Pentesting

this came up, I did chmod -600 id_rsa

but that didnt fix it

@naive dust try chmod 0400 id_rsa

0400? or 600?

@tribal ibex

400

Nope

still the same

paste the error again

➜  USERNAMEchmod -400 id_rsa          
➜  USERNAMEssh -i id_rsa USERNAME@10.0.0.45
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0770 for 'id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "id_rsa": bad permissions
USERNAME@10.0.0.45's password: 

I created the rsa by doing leafpad id_rsa then pasting the key I got

then doing chmod 400 id_rsa

can you please share ls -alh id_rsa?

try chmod 400 id_rsa (without -)

one sec

chmod 600 id_rsa

@tribal ibex -rwxrwx--- 1 root vboxsf 3.3K Jun 6 10:55 id_rsa

ls -alh id_rsa for you

sure

so what now

try chmod 400 id_rsa

no

600

600 should work too

with 400 you make sure there is no way to damage the key..

nothing changed in terms of permissions

Aha

when I do ls -alh id_rsa

is there a way to download this file off of SSH directly

like

download a file in ssh

it was easily accessible and I copied the BEGIN till END parts manually

@naive dust chmod 400 id_rsa should change your permissions

scp to download & upload files

no difference in 400 or 600 @tribal ibex

I'll dm you

is it from htb? @naive dust

THM

https://tryhackme.com/room/basicpentesting

Try another user 😉

there is only one user lmao (beside this)

im trying to access this

aside that i found the issue

vbox shared folder was overriding the perms

Nice

I dont have ssh2john

any idea how can I get it?

I am stuck at Basic Pentesting. I got id_rsa which is password protected. But there is no ssh2john that I can use to convert the key to a hash

Well, when you installed John the ripper, it automatically available on machine.

It wasnt

I had to go grab the .py from Github, paste it in /usr/sbin and make it executable so I could use the module

just fyi @last olive

It was quite opposite in my case.

How so?

<@&568449888682246145> I believe OhSINT box is broken

the image metadata is wrong? using exiftool FYI.

I can provide details via DM so I don't post spoilers here

Have you double checked the write-up I have up? @naive dust

@rigid oxide there is no writeup. Thats why I was working on one

I double checked my exiftool via Jeremy’s exiftool and Kali’s exiftool

I might be overlooking at something though

I’ll DM you in a bit and share my findings @rigid oxide

For OhSINT?

1 sec

https://github.com/DarkStar7471/CTF-Write-Ups-And-Items/tree/master/TryHackMe/OhSINT

I've added it back in for Skidy to approve

Odd. I did get the same results as you did but for some reason it wont accept my inputs

I'll delete my cache and cookies

see if that helps

Weird, yeah try that

If it's being goofy I'll pull the image and dump it in here

If you ever need a write up, all of mine are here including some partially complete write-ups

https://github.com/DarkStar7471/CTF-Write-Ups-And-Items/tree/master/TryHackMe

odd. Wigle aint working for me.

That face you make

When you feel like a moron because you've spent the past half hour failing and the solution was so simple

@naive dust Awesome, Ill review the write up tomorrow. Thanks for writing it 😄

No problem

another one is coming soon; OhSINT

@deep trellis should definitely approve my write up for that lol

for both of us lel

^

i am slightly procrastinating rn but i should finish it by tomorrow midnight

Im gonna die before I crack some of these hashes

Hi everyone im trying to start kali linux in my vb. Finaly got a computer that supports virtualization(smh), but im getting this error wen im trying to start it. Could anybody tell me what im doing wrong possibly?

Not sure if yu can read it but it says: failed to open virtual machine kali linux 2019.2-vbox-i386

Then the details say: Not in a hypervisor partition (HVP=0) (VERR_NEM_NOT_AVAILABLE).
VT-x is disabled in the BIOS for all CPU modes (VERR_VMX_MSR_ALL_VMX_DISABLED).

Result Code:
E_FAIL (0x80004005)
Component:
ConsoleWrap
Interface:
IConsole {872da645-4a9b-1727-bee2-5585105b9eed}

Do I need to enable virtualisation?

nevrrmind that was it, sorry agiain. i overthink way too much.

If you want a Kali machine

https://tryhackme.com/room/kali

Have one that is deployed in the cloud

Much easier 😃

Use it in the browser as well as SSH/RDP

guys how do i get ssh2john???

I believe you should be able to use 'git clone'

@oblique tapir if you are using kali linux use command locate to locate where is ssh2john

locate *2john
/usr/sbin/bitlocker2john
/usr/sbin/dmg2john
/usr/sbin/gpg2john
/usr/sbin/hccap2john
/usr/sbin/keepass2john
/usr/sbin/putty2john
/usr/sbin/racf2john
/usr/sbin/rar2john
/usr/sbin/uaf2john
/usr/sbin/vncpcap2john
/usr/sbin/wpapcap2john
/usr/sbin/zip2john

locate ssh2john

done ty👍

@oblique tapir i’ve mentioned a fix for ssh2john in my writeup

https://arszilla.com/thm-basic_pentesting

Well I'm just doing some work with a mentor also and I've got the jail machine downloaded. Just have to put parrot on vb then windows 7 twice(2 windows virtual machines).

hi there 😃

o/

i am uploadin many times php reverse shell to wordpress ( in mr robot challange) but it doesn't connect with nc... could be bcz i am connect with openvpn ?

sorry if i have any mistake in english

@topaz niche are you using your virtual ip @topaz niche

The one tryhackme gives you

@naive dust , yes i am using it, and my listening port

You changed the values in the reverse shell file right?

just my virtual ip, and my port where i am listening

Then it should work are you sure your uploading it correctly

i think correct

Dm me what you're doing

@naive dust when i am trying to write you i get this msg: ClydeBOTToday at 9:36 PM
Your message could not be delivered because you don't share a server with the recipient or you disabled direct messages on your shared server, recipient is only accepting direct messages from friends, or you were blocked by the recipient.

oh hold on

I sent an fr

add me and then dm

Hi does anybody know how to connect 3 virtual machines onto one network I can't seem to find how? Im thinking that I need to change all 3 of them to bridge mode first then go from there.

Connect your host and nat the others

Thank you

lollava - First to get the new title. Nice

You found the secret function that comes with level 9?

@deep trellis @rigid oxide and I am still waiting :)

for our writeups to be added in their appropriate boxes :)

Hey, sorry

No problem

just wanted to remind you

The Basic Pentesting room is created by @vapid dawn

one can be overwhelmed so yea

Not me, he can read it

It looks good though

Ah, he has to approve the addition to the room?

Yeah

@vapid dawn also do note ssh2john is a bit 'broken' on Kali images. I didn't have it in my up-to-date VBox image and had to manually fetch it.

I've mentioned and told a fix on my writeup

@deep trellis what about the OhSINT room? I assume its BoT aswell?

I'll take a look at it tonight @naive dust :)

Thanks :)

I may update the guide meantime, fixing some errors/stuff I can improve on in terms of phrasing etc

Yeh of course

As long as the link remains the same it shouldn't be a problem :)

mainly unsure if I should write stuff as Hydra or Hydra

yea that won't change :)

to use ` or nah, that is the real question 🤔

And I've yet to find it skidy

@naive dust indents look so much cleaner but it would work either way

indents?

the ` you mean?

I mean since they are the tools, I want to make them slightly distinguishable

same goes the usernames on the box

trying to find how should I make them 'distinguishable' in each paragraph

Yeah that makes sense

Yeah I meant the back tick

hi dudeZzZZ, any clue with XSS filter evasion, I found 4 ways to comply with the instructions - givin me the alert and evading the filters in questions 3 and 4 but still no flag 😕

any people had problems running de reverse shell on ToolsRus ?

(and still no idea for XSS filter evasion?)

Hi does anyone know the easiest way to send /receive data between virtual machines? I have them on the same network and just want to see if they can.

You can always try using netcat?

If not that, set up a simple python server and send requests to it using curl?

Ok thank you

Either that or if one of them is a windows machine you can mount it's drives from the network

Hello , i'd like to subscribe to the website , but i have a question , in the learning section , i can only see the web fundamentals path. are there any other paths ?

At this moment in time there are not.

We are in the process of creating more though

Ah cool , thanks for the reply ! 😃

No worries 😃

What is web fundamental path?

It's a guided collection of rooms that focus on the fundamentals of web pentesting

Oh also, @deep trellis feel free to add RP: Web Scanning to that path if you'd like

+1

Oo, good idea

DarkStar, what section do you think they should go?

I'd say as it's geared for fairly low level probably at the start but I'll take a quick looksie

Feel free to snag Nessus and Nmap for if you want to do an Intro to Pentesting path

After reviewing the path layout, I think it could fit either within the tools section or at the very beginning as an intro room

We have the functionality for anyone to make their own paths too

Oh sweet, I'll do that with the primer series

That would actually be a great idea

I'm gearing up a blue primer set as well, just working to determine release times lol

I added your webscanning room to the top

Sweeeeeet!

As I add more relevant primer rooms I'll keep an eye on the existing paths as they fit nicely within the tutorial space

Ayy nice man 😃

Sounds good

I should have my first blue primer room going up later today as an intro to subnetting and the associated maths that are therein included

Just picking a time to drop it that won't lead to it only have a few peeps able to do it at the time lol

Would you be able to lock points as static for the room once it's ready? (I.E. each question is worth 50 pts no matter when it's answered)

Low point value as it's a tutorial room

Cool but when?

And nice DarkStar

@last olive when as in when will I release the new room?

@deep trellis and ty, do you think the static points would be possible

Tfw you get 2 correct possible passwords for the crackme and both of them give wrong answers

For the challenge

What do?

Well no do that apparently lol

@rigid oxide Yup

Might anybody know what I'm doing wrong I'm trying to download tarball source to parrot. I'm trying to use 'tar -zxf yara-3.10.0.tar.gz but I got an error message saying no such file or directory so I 'cd downloads'(bc that's where the .tar.gz is and then I try to 'ls' it but nothing happens. Any idea on what i might be doing wrong?

So its not in your downloads directory?

@unborn shard

Does ls see it?

It is in the downloads? That's where it went when I downloaded it to my pc.

That's where the file is located on my pc

Well

For one your on windows @unborn shard

So if your using the default cmd ls won't work neither would tar

For two I doubt you'd be able to install that anyway without something like WSL

You have a kali vm

Why not install it on there, you dont even need to compile it yourself

Oh so I need to actually have it on my virtual machine? Because I have kali linux, parrot os and windows 7 virtual machines but to my assignment I'm suppose to download it on parrot. So I need to figure out how to actually get that .tar.gz file on my virtual machine then it should work?

It's a lot simpler

Just go on parrot

And install it with apt

Okay I'll try that. Thank you

Any recommendations on best free malware sample to download and when I download should I download the zip file or tarball?

I hope you don't mean actual malware

At this stage, do not attempt malware analysis as it is outright dangerous if not done correctly

Well I haven't been told by my instructor to do malware analysis but just download a malware sample

Then I'm suppose to scan them

hmm

For interesting results

Well, the only 'safe' malware is old malware that has no possible way of executing on your system

This is a collection of old malware that shouldn't be able to impact your system but download at your own risk: https://archive.org/details/malwaremuseum

Ok maybe I'll ask my instructor first before proceeding

Yeah check with them. If you need current malware then make sure you 100% know what you're doing when you download it and verify that's what your instructor wants

Ok thank you

If your need is active malware, let me know but just keep safe

If I ever have a good chance to, I'll grab and censor an active malware analysis report I've created

I found a GitHub repo of malware samples and their writeups

I'll post here in a bit :)

If it's what I'm thinking of, then play very carefully with that one.

Also if you just want a malware sample @unborn shard EICAR files tend to trigger AVs and aren't malicious

for active malware virusshare is good site

Okay yeah all I'm aware at the moment is that I only need to scan them.

I dont wanna do anything dangerous so maybe I'll ask him first

EICAR is best to test

without harming

anything

ohhh......thans for reminding

i gottaa analyse latets RAT in wild

may be i got sample now

if you just want to see some sandbox analyses then this will do you, it's somewhat limited without an account/free account, but you can see the types of information gathered. https://www.hybrid-analysis.com

hit submissions and the type and you can dig around there.

@golden flare if you had a sample please let me know. Thanks otherwise I'll just try EICAR.

@silver gyro I just need to scan Malware samples and YARA files to literally "find interesting results". He didn't say anything after that.

If EICAR is absolutely safe I'll go that route. Really dont want have any issues if in just trying to scan some samples and yara files.

hmmm.....why dont you refer my blog and create a controlled envoirnment

https://advance-malware-analysis.blogspot.com/2019/02/dynamic-malware-analysis-lab-setup.html

the last sample i had is emotet

i dont think its safe for u😄

Okay so use crackme1.bin?

Would be the safest?

Anyone know how to use hash at really well could possibly help me

Not really well, but have some experience, what you need help with?

It's keeps coming up with no hashes loaded however iv got my md5 within the hash. Txt

What is your m param?

-m 0

So, a0 m0 hash.txt

Yeah

Have you ran the hash through hash-identifier or similar?

No not to sure what that is

You running on Kali?

Windowz

10

You need to be sure that your hash is indeed a md5,

Yes it is the right one

Hm, can you send me the hash in a pm, I can try in about 15 mins. Driving right now. 😶

What wordlist are you using, and how you specify it in the command?

hashcat64 --force -m 500 -a 0 C:\Users\too\Downloads\hashcat-5.1.0\Hash\hash.txt C:\Users\thomas\Downloads\hashcat-5.1.0\Dict\rockyou.txt

hashcat64 --force -m 0 -a 0 C:\Users\too\Downloads\hashcat-5.1.0\Hash\hash.txt C:\Users\thomas\Downloads\hashcat-5.1.0\Dict\rockyou.txt

and the rockyou.txxt

Seems correct enough...10 mins until I have a keyboard

okdokie thankyou

hi guys please help me

#site-support

@agile ridge what do you need?

i cant find smb pass 😦

room?

smb username jan

Basic Pentesting

pm me pls

for spoiler avoidance

Not sure who manages the site, but any chance of getting the Title in "Create a room" longer than 20 chars? I don't need to put an essay there, but that's kinda short.

Lemme ping @deep trellis

To be clear it's not a big deal for me, just would be handy for a little bit more.

Oh I understand, I'm not sure what the logistics of that looks like on the db side but if I had to guess it's likely dooable

I'm guessing the 20 varchar limit is likely arbitrary and was mostly a reasonable guestimate upon defining the room name limit size

It looks like the room code is generated from it too, so depending on how that's implemented it might need to be considered.

Yeah, I think the room code has a little bit of a shorter limit as well

Said this about me downloading malware samples. Not sure if you remember I asked some days ago but this is what he said:

@deep trellis This may not be too helpful but I'll suggest you to submit tryhackme on wechall CTF list, almost every CTF player went through wechall to find a good place to start.

^

I'm trying to run the 'final_exam' file from the radare2 room but having no luck. Installed a fresh Debian box but when i ./the_final_exam nothing happens...

@pulsar sundial it takes from standard input

It doesn't prompt you

should something happen if i type in the wrong password?

Nope

Something will only happen if you type in the right one

right, cheers x

@naive dust pleasepleaseplease give me a tip/pointer for the last question in the radare room? feel like ive been at it for hours

@pulsar sundial look carefully at the line that adds something

hmmm interesting

has anyone checked out the room "BP: Networking" i think there may be a mistake in task 4 number 9

yeah it is incorrect.

ah allright

?

@royal finch Whats up?

Fixed that, good catch

oh thanks i was about to pm you

Yup no problem at all

@rigid oxide you wouldn't happen to have

Login info for that vm

Right

Nah, but I can get you the credentials upon request if absolutely necessary

Drat

One thing that would be nice on the website (unless I'm missing it) is to show that you've completed a room when you look at it in the Hacktivities page without having to click into it. I'm already losing track on the ones I've completed vs just started.

Well then I can't give up now

#522158404614225920 @silver gyro

thanks

Wait hold on

Ah I see

Ok then now I doubly can't give up

WORK YOU GOD DAMN MACHINE WORK

FINALLY

GOD DAMN

VBOX GO FUCK YOURSELF VMWARE YOU THE NEW KWEEN

god dammit guys, I told you not to feed him after midnight.

Yeah I think Para had too much sugar

Let's hope so, that means a crash is forthcoming

Sugar

I haven't eaten all day

I should do that

Once I finish the room

the old man's room broke again?

The old man's room broke so much @fossil dust

i feel you bruh

That he had to provide the vm file

i feel you

all the way

sigh

It's ok though

I got the points

My appetite was satiated for the day

its all the points that matter

🤑

Mhm

must be great huh

trying to mess with the old man's room

XD

spending hours and hours

fixing that shit

Lol a good portion of the local vm setting up was my fault

but still a good room nonetheless

I blame windows for wasting an hour of my time

?

Just had some problems to fix

But it was worthless

Worth it*

Did you do the room? @fossil dust

nah

i have some reading to do that

and that lfs

HAHAHHA

Why hahahahha

probably will come back in a month

Lmao

nah i just need a little break from ctfs ja

You're giving up a on the monthly leaderboard

yes

XD

Alright then

its juat a leaderboard

Cra is my only threat for that spot now

ja

Im gonna get that damn badge

If its the last thing I do

aye i salute you

You best have a good break from ctfs

Cause when you get back you're gonna push the old man down to third place @fossil dust

ya i will try my best

btw i tried the room

and its

B

R

O

K

E

N

What a surprise!

IKR

wowzors

!social

Twitter: https://twitter.com/realtryhackme
Reddit: https://www.reddit.com/r/tryhackme/
Website: https://www.tryhackme.com

Ey

Boxbot

Works again

just for curiosity

but who made boxbot

Well, multiple people.

I, @naive dust & @rigid oxide

As of now

Its a group effort!

Team effort :)

:)

You gonna do the new room @last olive?

There's a new room?

Ye

coolio

Oh my

It gives a cool 12k points

On it

Hold up

You gotta

Download

The VM file

fucking great

And do it locally

these days we have to do that

Its 3.4 gigs btw

FUCKKKKKKKKKKKKKKKKKKK

REEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

ykno what

(-_-)

im still on break

so ill just watch you guys suffer

Hey I alrdy did it

I got my points

Robin gets to suffer

the points are all that matter 😉

ja

Exactly @fossil dust

watch robin go reeeing

and go swearing

Hope this worth

It gave me 15k

Itll prob give u

12k

It worth

aye

something 10k+ is always worth

^^^

Only if I'll complete it

If you do the room you'll move up to #6 @fossil dust

Its a pretty easy room

but but

im on my break

ykno what

ill just try and see

gib gib

Bitch get off yo break

MAN YOU JUST SUPPORTED MY BREAK

REEEEEEEEEEEEEEEEEEEEE

LETS GO

FUCK THIS

HAHAHAHAAH

See

Im inspiring competition!

HAHAHAHAHAH YES

INSPIRING

INDEED

YOU ARE

LETS GO

GIVE ROOM

NOW

NOW

NOW

NOW

What is your rank? @fossil dust

Theres a link to the vm file in the first task for the room

Lol

idk 8-9

Hes rank 8

Ur rank 9 @last olive

no no

im 9

robin is 8

Dropless?

ya

Oh my bad

!leaderboard 2

Ur 9 @fossil dust

Oh my

Lol

I'm on 10

Lel

time to start grinding deez points

you not hoopin @last olive

Beat that room before yume

I am trying

The room is batman themed

This is your court robin

How come it's Batman theme?

Dunno

The room was previously a training workshop for splunk

I believe

hey ! anyone doing Basic Pentesting room

having troubles getting the user name

||Use of uninitialized value $users in print at ./enum4linux.pl line 874.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877.

Use of uninitialized value $users in print at ./enum4linux.pl line 888.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890.||
constantly getting this error

ahh...

mercy on my first room

just 2 tasks

I have tried to install clamav to scan but its come back with 1 error code would anybody know what this means or how I could fix it?

Which is probably why its scanned nothing:

Figured it out but I think it's going extremely slow I've been here for a good 20seconds now

Got it scanned but no viruses I wonder why

Make sure the virus signatures are up to date

any1 i can ping for the wireshark CTF rooms?

I'll be back in business this Sunday and can help

noted and thanks

anyone else getting 504 Gateway Time-out?

trying to figure out if its my DNS or THM

Same for me, RIP site

I was going to ask the same question

Probably nginx being a goofball

Skidy was working to implement load balancing so it might be acting up a bit

Site appears to be back up

Going to add some custom stuff today to ensure that never happens again

Sweet!

Hey is it ok to ask for help regarding one of the rooms here?

Mhm @vestal vigil

Nevermind, lol. I made a discovery about a new tool called "enum4linux" and that helped me. Thanks for the response though @naive dust

Np

enum4linux is quite handy

but I use smbclient for SMB stuff

how does one enumerate a web server they've ssh'ed into.

So what you're looking for is local Linux enumeration. Look up linux privilege escalation techniques, it's a bit of a trial and error process

Although I didn't use all of that I did read

Method of s bit

Kernel exploitation

Service exploitation etc etc

someone can help me

i cant use nessus trought openvpn

Im on windows because i broke my linux distrib

Which room are you doing? @gritty roost

@vestal vigil yeah. Priv esc is a wide part of hacking. You won't use all of it at once but it becomes a write process over time

@rigid oxide how important is coding? I mean i know how to code. Just not very good at it

You'll learn as you go. For starting is not really important but you'll eventually want to work on learning Python 3

aye python

Python 3 is very easy though

I am doing RP room with nessus

I do know python3

@gritty roost spin up a fresh install of ubuntu desktop 18.04 for that, itll make you're life significantly easier

@vestal vigil then you're pretty much set for the time being

i'll re-download parrot

Like what im curious about is when do you "start" using coding when you're Hacking

Python in hacking is used for scripting things that you just dont have easy tools for

@rigid oxide Can you check THM-Bot GitHub after 10 minutes?

For example, what if you needed every email address from a website?

Yeah, can do @last olive

also python for string manip when procssing lots of text

^

Great

Oh

Yeah, with recon it's super common for me to need python for simple but lengthy tasks

Checkout the hack back 2019 room for some nice scripting challenges

There are at least a few in there

Hackback 2019. Will do

Basic Pentesting room looks buggy

@vestal vigil HackBack2019 -We're doing another event this October

Which Uni are you from?

Ah nice nice 😃

Is this sort of like hacktoberfest?

yeah

Oh nice

Lemme Google it

Oh it's nice it's a tryhackme event itself?

@vestal vigil can you tell me for which event you are talking about?

Hackback @thorn badger

Hacktoberfest is a github event for open source contributions. I suggest you guys do take part in it

Okay

Thanks

shhh.......hacking rule #3 never reveal ur personal info @vestal vigil

there are rules in hacking

o_O

Unspoken rules

muhahahaha u get spank if u broke them

https://tenor.com/view/yikes-oh-no-uh-oh-eek-snl-gif-5489925

ikr old man senpai

but the real question is

who spanks us

?

...

he is watching everything ......shhh.....he is watching

who is

o_O

👀

shhhh....

Hey guys I'm having a issue it shows I'm connected with the site and vpn but I cant ping anything or run anything to the machines I spoke with @rigid oxide and no matter what I do I keep getting blocked...this is a main OS version of kali not VB please help even if I need to subscribe to the monthly charge I will..

I'm in the U.S. but I dont think that should be a issue although I considered the time of the VPN and my Time might be different

Hey, whats your OpenVPN output?

From your client

It says sequence complete

What box have you deployed that you cant ping?

Any of them I have tried multiples

can you do "route -a"

It will show on my command line cannot be reached over and over

Let me connect now and I'll show you here are a couple images from yesterdsy

Okay

Try disconnecting and reconnecting

The vpn does say sequence complete I just scrolled up a tad to see the time

I tried that and regenerating my pack and still nothing

Thats odd

Can you privately send me your OpenVPN pack?

Did you wait for a little while after connecting to the VPN?

Yes

I would press the ping every 2 or 3 minutes after

I even waited around 10 minutes once and still says this

anybody done wirectf task 1?

@rich pine Yup!

Hey everyone, I was facing an issue in cracking the hash in the room blue

Can someone please help

@vestal vigil what's up?

Hey so I got the hash in the room "blue" but I am stuck on how to move forward now.

How do I get the password by cracking the hash

You'll need to do two things:

1. Figure out what kind of hash you have, I'll give you a hint that it starts with N and it's four letters long
2. Research the tool 'hashcat'

Hashcat is preinstalled on kali

I actually figured out the hash

The hashcat part is where I failed

Check the format

The password will be in rockyou.txt

I'm telling you, I even have the rockyou.txt

I checked everything

What is failing?

I don't wanna put a spoiler here in case a newbie joined. But yeah I tried a lot

I'm not getting a password even after using the right configs

Idk why

oh ya its good to send the command you're running

Are you sure you're using the right configs? Post the command in here w/ spoiler tags for just a moment

Give me some time, I will

If I figure it out I'll let you know what I was doing wrong as well

Sounds good

Getting TLS key error when trying to connect. Using OpenVPN as administrator on Windows 10 box. any ideas?

Tue Jul 09 14:59:34 2019 MANAGEMENT: >STATE:1562702374,WAIT,,,,,,
Tue Jul 09 15:00:34 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jul 09 15:00:34 2019 TLS Error: TLS handshake failed
Tue Jul 09 15:00:34 2019 SIGUSR1[soft,tls-error] received, process restarting

Let me investigate

Very weird, works for me.

Can you try regenerating your config file

ok

Then redownload

If the issue still persists, I will investigate further

same problem. No difference

I may try a different computer ( macbook )

Same thing happening on my mac. I may try it again from home tonight. It might be the network here at work is somehow preventing access to this.

^that's more than likely what's happening. I will have somewhat limited availability later but ping me if you need help

I should be able to help at least a little bit, it might just be later

Quick has anybody ever used sololearn? I just finished cracking hashes in my course work and all that and now I need to do some things with python but i need to learn the basics and only the basics for now. Would sololearn be the best or a very good place to learn the basics of python(side note- I'm looking to be spoonfed so if anybody knows any better resource please let me know).

Haven't used sololearn before but I've checked out TalkPython and Linda

Both of those are overall pretty high quality

Thank you @rigid oxide I'll check them out before starting

You're very much welcome

Just an update. I tested access from my home PC and everything seemed to work just fine. So it is an issue with the work network preventing something.

@Ideaton#5022

I found the problem, will fix inthe next 2 weeks

Its a rather large issue that some other users are having.

I will fix this in the future 😃

roger thanks

hello, Just joined the room zeus and the form to enter the flags are missing. I also noticed that the checkboxes for task 1 and task 2 next to my name are missing

refresh the page

or leave and rejoin the room, that's a glitch

field is strange

ah

yeah it shows that in FF as well when I'm not logged in.

cool re-joining fixed it

thanks

yea no problemo at all my man

@rigid oxide Regarding the Zeus room, are the flags the same in your ported room as the original machine on vulnhub? My OpenVPN connection is just so terrible I'm going to try to root the machine via the actual VM

Yeah, they're the same for exactly that reason @pulsar sundial

You're a star! <3

ah shucks haha

Also, if you want to download any of my custom machines they can be found here: https://www.darkstar7471.com/ctf-vms

@rigid oxide superstar!

Aye

Yeah sure, let me know which ones you want removed.

@naive dust

We have not "plagiarised" anything

Its clear that some of the rooms on TryHackMe are ported from Vulnhub

and thats why they're released for free.

Moreover, the VMs we have we either get permission from the owner or put credit in the room (or make it obvious some other way)

We also dont just port it, we add supporting questions. But agian, these rooms are released for FREE.

We are in the process of adding more custom content, but release this for subscribed users only until we have enough support to release more free bepoke rooms.

^^

Rather recently, I've been shifting to the mindset that it actually makes perfect sense to have all of the vulnhub rooms on the site as just a means to do the machines without having to set them up (as long as they're free of course)

^ Exactly

Hence why I've ported some of the newer ones over

No confs needed, we can add supporting hints/questions etc..

Exactly

Dont think people realise it costs us for them to use it for free.

@deep trellis Can you add the HTB feature of tweeting like for Vulnhub room like "XYZ has own user on XYZ"?

I mean I don't mind if it'd take sometime but it worth the time.

Like the shoutbox thing?

More or less, yup.

Hey, sorry I have never used that on HTB

What do you mean?

So when you get all questions correct, a popup box comes up and you click "Tweet"

Here's the shoutbox that's being referenced

Albeit ripping off HTB is something that shouldn't be done

A shoutbox gets regularly updated with user actions on machines like if he owned user it'll say "xyz has owned user on XYZ", it provides integration of tweet which is done by the main HTB account.

True

Well, drop off the idea.

Anyways, it won't make any difference.

I get the shoutbox thing, but not the tweet thing

I can add it into tryhackme.com/chat

Forget it.

Nah nah, I wanna know 😃

Sounds interesting

If you look close enough in that above image you can see a tweet option in the very end of all message.

Ooooo ok, sorry I see it yeah.

I can add that in for sure

As DarkStar said it maybe a rip-off so it entirely depends on you.

Can you just write like "Shoutbox" here Robin: https://tryhackme.com/feedback

Yeah hm, Ill add my own unique spin on it

Great

Honestly speaking, as I'm the bot lead dev now I'll add it too.

Probably

Awesome 😄

That would be too awesome though.

Ill add it to my list to add in to TryHackMe

Any other ideas let me know, love hearing what you all think needs adding/removing

Sure

So not sure if its just me or if its the website, but every time I try to deploy a VM it doesnt seem to deploy

Does it give you an IP or does it do nothing at all?

When I hit deploy it says in the top right that it is deploying the machine, and then that disappears and nothing pops up after that

I have tried in chrome and edge

If you refresh the page is there an ip?

negative

This seems like a bug

Post it in #site-bugs

@thin dove try leaving and rejoining the room in question

^^ This is a good idea

Did it get fixed Lord Stewie

Negative, sorry fell asleep just before he sent that and tried it before going to work this morning.

Can you try with a different browser please

Btw everyone who's reading the article of python, give me some reviews, okay?

I tried with IE and Chrome

@last olive it's really nice and detailed. And if it's the first in a series I really look forward for more

@vestal vigil Yup, it's a start. Long series coming up.

Really looking forward

^

idk python

so you guys dont know how grateful I am

Can you tell me some of the future topics you might cover potentially

For now, next I'll be covering some basic libraries like sys, requests, hashlib and other.

After that, I'll explain how to create your own custom tool for pentesting.

Since, THM provide labs don't you guys want to use your own port scanner, directory busting tools?

yeah........

we can become

1337 h4x0r5

w00t

@last olive It might be cool to have a post where the user can follow along and deploy a machine on the platform

Yup.

Will keep everything in mind.

After I will be done with series, I'll start some forensics.

^ Good idea

Heck yes

Would love that

Excitement ++

^

Blog posts have occupied my time so much, I have barely 30 minutes to watch something.

sighs but you guys are motivation.

we're glad to hear that

😄

the part about being your motivation

that is

I'm out.

hope it gets fixed

It will.

:p

I'm having issues connecting to the machines

everything in access looks fine, I'm connected to the vpn

🤷

Hey c0denina,

What issues? Can I see your OpenVPN client output?

You on linux or windows?

@carmine pasture do the machines start up?

@deep trellis Linux

Okay, so you just cant ping any boxes?

And the box has deployed ok?

the box deploys fine, I just cant do anything with the machine

@carmine pasture its running on tun1 not tun0

ok?

Can you do "route" and show me the output

It might be the 10.* network problem, something we will fix in a few weeks time

I think thats it

Yeah, we will move our boxes over to 10.10.*.* so it wont be a problem anymore

Alright cool

In the mean time you can use https://tryhackme.com/room/kali

Deploy the machine and use the open vpn config file on it

If you're a subscribed member, otherwise wait a week or two 😃

Sorry in the mean time!

@naive dust This will also be fixed for you too when we move our network over

its all good, thanks for the help

No worries.

Hey so I am still having the issue that I was before with deploying a machine, can anyone help me out? Or is this something that will be fixed in a week or two?

What issues Stewie. Machines should all deploy?

I've been having an issue since last week trying to deploy machines, with no luck. I posted about it on July 24 at about 20:00 est

Okay, could you launch a machine before??

Can you try using another browser

First time trying to launch a machine, so no to number one.
And I've tried it in chrome, edge, and ie

And when you've launched the machine, you can't ping it at all?

Can you post the out put of the following comment

route

That way I can see if your network is interfering, this will be fixed very soon

I DMed @thin dove and we figured it out!

@deep trellis I believe the issue might be my DNS server that I host locally, I'll find more info when I get home and update when I get off work today

Noice noice

@deep trellis / @vapid dawn I figgured out the issue, it was with my A/V (ESET) where it has "Web access protection" adding the url "https://tryhackme.com/deploy" to my exceptions list allowed it to start the VM thanks for the help guys!

Awesome!

Hi everyone is the Tragick Images server f*cked? Literally no payloads work

hey hey

we've tried it and we know the payload works :p

@deep trellis will free users keep the points when it’s locked again?

They will!

Is there any online site which can get information from a picture'

ohsint tasks

@plush apex you can use exiftool

If it's specifically designed to be a ctf type challange you can also run strings on it and search for stuff there

any recommended exiftool

no linux here

@plush apex https://www.sno.phy.queensu.ca/~phil/exiftool/

@plush apex I do recommend you either use a kali live cd or vm though

It will be invaluable when you start doing some of the machines

Thank you so much

:D

Man

I suck at pool

i can teach you @naive dust

can somebody give me a hint for hash 1,2 and 4 for CTF https://tryhackme.com/room/c4ptur3th3fl4g

https://hashkiller.co.uk/Cracker/MD5

try this web and try all crackers

also cyperchef to get the specific cracker

https://md5hashing.net/

this web is given in the info already so try it out

thanks!! trying this

good luck

@everyone does someone know easy way to install hashcat using kalilinux

so easy way tht a baby can understand it

@kawai#2945 hashcat comes default with kali I believe

But you can just use sudo apt install hashcat @plush apex

right!! hashcat is preinstalled in kali

whats the command for it

hashcat

was trying it but there was no command like tht

Odd

hashcat --version (latest version is 5.1.0

Then just use apt to install it

yea doing the intallation

I used hashcat -h in parrot to run it

Sudo apt install hashcat to install like said by @naive dust

thank you

I wouldn't recommend doing intense hash cracking in a VM lol

https://tryhackme.com/room/crackthehash

just want to do task 2 3 and 4

Generally you want to do it on your host machine and install the necessary hashcat gpu packages

yes the gpu packages for hashcat is there one u can give

me

It should be in the base ubuntu repo if I remember

isnt there a online site where i acn do the task 2 3 and 4th ques

What graphics card are you using and what is your host os

os window

graphic card dont know

I think with windows all you need is your graphic driver installed for it to use it but I think it will only support specific gpu and may need to some additional packages

I'm used to doing this with ubuntu so i'm not sure about windows

well thanks for the help man

wait how do i get the answer to my question

i did hashcat --help

and beyond tht is .... yea

What are the hashes

$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02

salt

aReallyHardSalt

round

5

use hash-identifier

I found it easier to do that by installing kali ontop of my windows installation, you wont be able to get those with an online hash cracker

i am using kali

still a beginner here

after hashcat --help

to help to identify the hash use: https://hashcat.net/wiki/doku.php?id=example_hashes

once you have that dm me what you think it is

1800

now that you have identified the type of hash you should be able to crack it with the hashcat command

cough cough cough how

hashcat -m 1800 -a 0 <hashfile> <wordlist>

The hashfile containing <hash>:<salt> @plush apex

and <wordlis>

Ye

So an example would be

hashcat -m 1800 -a 0 hashfile /usr/share/wordlists/rockyou.txt

@naive dust it seems like he doesnt have the wordlist on his comp im workin with him in dm's rn

put it in a text file

???

baby language plz

echo 'mygreathash' > kawai.hash