#site-support

hashcat -m 1800 -a 0 kawai.hash /usr/share/wordlists/rockyou.txt

give me the hash

ill give you a one liner

$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02

salt : aReallyHardSalt

round;5

gunzip -d /usr/share/wordlists/rockyou.txt.gz && echo '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02' > kawai.hash && hashcat -m 1800 -a 0 kawai.hash /usr/share/wordlists/rockyou.txt

will this give me the answer

just run it

copy and paste the command

you forgot 'you' in rockyou

wt noo

cant copy and paste ur command

also you is there

are you trolling me

the command in that screenshot is wrong in many ways

the last one

ok I guess WSL kali doesn't have rockyou

WSL Kali?

@_@

yea

wget https://raw.githubusercontent.com/praetorian-code/Hob0Rules/master/wordlists/rockyou.txt.gz && gunzip -d rockyou.txt.gz

you check there is rockyou.txt.gz in /usr/share/wordlists?

+1

Goddamn, what a great speed.

echo '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02' > kawai.hash && hashcat -m 1800 -a 0 kawai.hash rockyou.txt

remove ] at the end

I dont remember adding ]

:))

Too dark to see.

echo '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02' > kawai.hash && hashcat -m 1800 -a 0 kawai.hash rockyou.txt --force yolo

that is the basic colour of kali

That was my brightness level, nvm.

append -n in echo to remove trailling new line

the wt now

someone else be tech support

echo -n '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02' > kawai.hash && hashcat -m 1800 -a 0 kawai.hash rockyou.txt --force

something is wrong with the hash

https://tryhackme.com/room/crackthehash

task 2 3rd and 4th question

the hash missing "." at the end

oohhhh fk

tehee

you're not being very kawaii with us here

facepalm

you need to watch some ippsec kawai

ippsec wt

what

..............................?

what does wt mean

I assume it means what

you need to learn networking concepts and basic programming stuff

Zayotic is done with being tech support?

mannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

i just wanted to do 2 questions man

ah ik

xD

give me the answer then

I didn't do it

!rules

2. No personal drama or drama from any other discord community is allowed to be brought into this discord. This is a space for gaming and hanging out, keep it that way.

3. No excessive self promotion. Linking to another discord server is strictly prohibited, just don't turn it into advertising. For any self-promotion please reach out to an administrator first.

4. Keep it civil. If action is necessary in a dispute or any other sort of disruption on this discord punishment will be doled out evenly both to the individual(s) who started the issue and to those who reacted inappropriately in their response.

5. No cheating is allowed whatsoever within this discord. Any cheating (other than specifically within a developmental environment where it has been preapproved by staff) will result in an immediate and permanent ban.

6. Severe racism is not tolerated and will result in a permanent ban.

7. Administrators reserve the right to modify the rules at any time and extend them accordingly to cover infractions which may not be currently included in these rules.```

Rule. 5 :P

Damn, bot is not useless afterall.

cheating wt cheating noo me not cheatinh

tehee

kawaii language starting to show

yep

man my brain hurts now so much

Been there

just wait, cracking a sha512 has never been instant

True

That's sha512, good luck. @plush apex

It appears no gpu as well 👀

@plush apex cracking is not really skill based its money based so don't dwell on this

hmmmm

just to be sure how much time will it take

depends on the password, depends on the speed

Usually I set it and forget it, so open a new Kali window and move to the next one while that one is going, or start another room if you don't want to continue that room until that one is cracked

can u guys make this a room lol https://www.vulnhub.com/entry/tr0ll-3,340/

delete that @plush apex

?

you're exposing a solution to a challenge

where

the screenshot

actually i wanted to know where is the answer

its right after the hash

where

how old are you

18

dumb as hell

baby dumb

no you not

so where the answer tho

its appears after the hash has been outputted like hash: password

nope cant see

dming you the thing then

cough cough

@everyone thanks for the help everyone finally bested tht room

ps not bested maybe

kali on windows store 😬

@zenith obsidian I actually installed that

Just to see what it was like

Legit none of the tools came preinstalled

yea thats why i uninstalled it 😂 :

Like

Why even put kali on there if you're not gonna have the one reason people use kali

eh ease of access

u can easily download the tools

if you add kali's sources and apt get them

Yea but there are already automated tools on github that do just that

what

u add the source and do apt-get update apt-get upgrade

i think thatseasy enought 😂

If you're using another debian based distro there are tools that install kali tools effortlessly

oh yea

but if ur using kali 😂

For example, katoolin.

<@&568449888682246145> I need an assistance with my account please

@civic ruin you might need @deep trellis if it's a site issue

Thanks @rigid oxide

Problem with https://tryhackme.com/room/xss machines. They work for like 10 minutes and then just refuse the connection. Tried with three different machines.

Port 80 goes from open state to filtered.

Hey there

Hmm, let me look I into this

It shouldnt do, but I will test it and get back to you tonight?

ty

What's your username on site too?

joona

Ah awesome :)

Hey, Can somebody provide some more information on learning paths? i did read the info provided on that page but wondering if somebody can provide be a bit more insights. Are those learning path are video training? special rooms? just a blog? one on one's? or something else ?

@golden thunder google is ur friend

@golden thunder the idea behind a learning path is that it's a a comprehensive guide to learn about a particular topic in security - the learning path is usually composed of multiple rooms where each room can have resources including practical content(VMs/other files) with supporting content that helps someone understand the theory behind the topic as well 😃

@vapid dawn thanks alot!! i am thinking of subscribing, so wanted to know what exactly is available. Thanks alot, really helped!

Ah, so many enemies ahead.

^ enemies?

😮

Healthy Competition 😉

Did you see the chat logs been darkstar and I yesterday @deep trellis

On this channel?

Quality competition right there

On general

Ooooooo

Well a new box comes out tomorrow.

Its darkstars box

This one is guided, but has some challenges along the way

So that means

cha ching

Points, points and more points

points

@_@

Ooo, I could do a weekend where there is double points.

NUUUUU

WHAT

YES PLEASE

that would be absolutely devastating

THAT WOULD BE AWESOME

On top players who dont have that many points to gain @deep trellis

Time of release?

wait

good point

I propose

i can just make an alt

LOL

Double points for a specific box

like a random box?

That way its fair for everyone

No a new box

touche

imagine that multiplies

with the first

Fair for everyone

blood

😂

Oh dear lord

Time has to be specific

:(

i mean

there's already first blood

why double that

6PM GMT is the release time

🤔

Ffs, doomed.

perfect

i can widen the gap

Hehe

For you

indeed

why, that not a good time Robin?

I'll try pick a time that works for everyone

Nani

^?

My advantage disappeared

XD

@golden thunder perfect! Let me know if you have any more questions :)

@deep trellis NUUU

Welp

This is fine

This is probably fine

lmao

shoor

@last olive ha ha ha - Don't worry i am just a noob. Can't complete with you 🤣

@golden thunder I'm newbie too.

@deep trellis Something like like 5-6 hours before 6PM GMT but it depends on you.

Whatever fits with you.

Next week I will release it earlier.

Sure

ANYONE solved vulnversity last question ?

whats the question

i think linux privs

Become root and get the last flag (/root/root.txt)

well do it?

how to do it ?

It explains what you should be looking for

Gotta investigate a little bit for that. Since you are already familiar with the part which involves SUID look up what that's actually doing

Then try a couple of more obvious google searches related to hacking with what you've found. You'll find something that starts with the letters GTF

The goal is to abuse something to perform a privesc to a root shell, keep that in mind

If you need any further hints, let us know

Just dont be afraid to bang your head on it for a bit and fail a few times, that's what hacking is all about anyhow

thanks Darkstar

@lofty shell yup!

hey can somebody helpme? whenever i have a reverse shell from any linux box (tryhackme or vulnhub) and i am tyring to edit and text file using nano or vi the arrow keys produce these strange characters and i can't navigation through the file. any ideas ?

try this

https://vim.fandom.com/wiki/Fix_arrow_keys_that_display_A_B_C_D_on_remote_shell

😃

@vapid dawn thanks!! already tried all those solutions but no luck 😩

even "escape" key produce those weired characters

only keys that work are a-z and 1-9

Did you do stty foreground?

nope, didn't try that

is that like when i have the upding shell using python -c 'import pty; pty.spawn("/bin/bash")' just run stty fg ?

No

CTRL-Z stty raw -echo && fg

Press enter twice

thanks mate!! will try that. I rooted sputnik yesterday and was facing that issue. I will try this today!!

Doesn't hurt to do export TERM=linux as well

Oh okay. I tried export TERM=xterm and export TERM=screen but no luck

!rank Shikra

@golden thunder You're working hard.

@last olive 😃 Just trying mate!!

I'm too.

trying to transition my professional careers into cyber security/red teaming!!

Ah, I thought you were a student. What you do now? Programmer?

Wow, graphic artist. @golden thunder

strange right ?? i know

Not strange, so crash...

but i love IT and cyber security. Recently got my CCNA and Linux+ preparing fro Pentest+

CCNA, nice.

When you get free can you show some of your work on graphic design? @golden thunder

Sure!! will DM you

@thorny stone CTRL-Z stty raw -echo && fg works like a magic!! thanks alot!

Did you guys fix the *10. ip problem?

@deep trellis

I believe it's staged to be fixed on Monday or so

Monday it will be fixed.

^^

It's going to be migrated to 10.10..

Alright cool

Hi there. I'm a Protonmail user, and whenever I receive TryHackMe emails, I get a warning message saying it may have been spoofed. Might wanna look into it.

We might have to check the domain spf settings since protonmail is likely performing a reverse lookup of the records

SPF should be ok

hmmm

Feel like we're at a disadvantage having the word tryhackme as the domain aha

DKIM and SPF

Hmmm

^haha, you're not wrong regarding the name

is it possible to change a username afterwards ?

Not at the current moment

hey, i installed burp suite set up the proxy with chrome, added the certificate as well and its saying that the certificate is invalid, can some 1 please help

Heya

Is the cert defo installed?

I normally use FireFox not chrome

yes

Have you updated chrome to latest version? I use firefox as well

Or did you get it working?

I think jc fixed it by using FF

Oh ok cool!

Yeah that's right Google sucks!!! >:)

hey i want to some help

is tryhackme a paid service?

no, not really

thanks i want to organise events for my collage here

We have a subscribution

But you can do alot of machines without a subscription

okay thanks

Yeah, most of the machines are free

hey
i connected to openvpn and deployed the machine
but i cant ping it or scan it using nmap
any thoughts what coludve gone wrong?

btw it was working pretty fine 3 days when i last used it

wait

what machine is it?

its on ignite room

try nmap with -Pn flag

btw

try now

maybe it was just launching

yea its scanning

just a sec

btw i need to do it too

XDD

lmao

ok so its done scanning

it just says all 100 ports are filtered

what's your nickname on thm?

100

1000*

same as the discord

CrockSt3r

im still new

oh, that's your first machine?

yep

Try verifying on the access page that you're connected @tawny epoch

^

you might need to reboot that box, it can take a moment to come up

you mean the vm?

The site vm that is, yeah

Not your VM rather

ok
Host seems down. If it is really up, but blocking our ping probes

and this is the message i keep getting from nmap

ppl: vms
htb: machines
thm: boxes
docker: images
hotel: trivago

@tawny epoch try another room to see if you can reach a different box like Blue

@tawny epoch if need be, I also have a downloadable option for Ignite

tries blue

everything breaks

crock blames the site

nani

I'm having trouble on getting the DOS attack name on RP: Nmap, could anyone help me?

did the entire scan finish? mine took a while 🙂

Uhhhh, I think it didn't, but I supposed it just was waiting for input

I'll wait, thanks

just be patient, should pop up

It sure took time, finally returned what I needed. Thank you MrSeth

^^

Hey @lament needle I have a question on the Pentest quizz

@wet shard im available

If you still need help

@naive dust nvm I got it! Thanks anyway

@wet shard great

hi.. am i allowed to ask questions about specific rooms here and how to do something ?

Go for it

darkstar.. im actually looking at your box right now lol

blue.. it is epic

Haha I'm glad you like it

first time i ever used metasploit so it's really nice for beginners just giving small hints

Once you've done that box, you should try RP: Nmap

The primer series, both red and blue, are meant to help peeps start out strong

for sure...

OMG i just figured out my issue on my own.... dear god i just spent an hour trying to figure out what type of hash to use in hashcat... lol smh..

I do that all the time ¯_(ツ)_/¯

right... ok that feels good........

We all do it

lol thats good to know... hahah

thanks for the blue box DarkStar... i just completed it... very good intro....

@lavish marten it worked for you?

yes

Blue has quite the history of failing

:<

it was failing a few times... the metasploit module i could not get to work for probably half an hour, i kept getting this error about the LHOST being wrong or something

Oh then that's not blues fault surprisingly

about the 127.0.0.1 wasnt setup correctly or something

eventually i restarted and then it randomly worked, i have no idea what i did differently

oh i see....

It might be

Honestly blue has a different problem for every person

Its quite remarkable really

weird... there was 1 thing i remember it saying it might error out for the meterpreter so i got worried before doing that step, but it worked the first time... ok glad it worked OK then lol

You can put down the issue you had in your writeup of blue

You are making one right? @lavish marten

in writeups?

Ye skidy will approve it for u when ur done

I think Pars is laying on the sarcasm thick

ah ok i was really confused... lol

anyway, have a good night folks 🙂

Good night my dear friend

peace duder

If anyone had any issues with downloading their OpenVPN config file, I have rectified the issue.

Hi @deep trellis ! How are you doing? Some of my badges haven't been activated, I think I qualify for Mr.Robot (I finished the room, probably before the badge existed) and supporter as I was among the first paid users :p

Omg yes! Lp1 hi!

I will have them added now

Added!

For the simple ctf's third task, what is the CVE. I've tried searching for CVE's for apache, OpenSSH and vsftpd 3.0.3 that I come up with when I nmap but nothing seems to stick. What's the CVE?

There is something to be found on the webserver.

Use Dirb, dirSearch, gobuster or Dirbuster to fuzz the webserver and checkout your findings.

@prisma sparrow let me know later if you're still stuck, I can give you more pointers

@rigid oxide I'll try some more

before I get pointers

does anyone know how to get a list of all the rooms? i see there are 71 total rooms on the main page and when i go to hacktivities, it only shows a maximum of 4 pages with 10 on each page, which would be 40 total

That's a glitch, keep clicking the side arrow

and you'll be able to see all ofthem

ohhhh i see, cool thanks

is there a way to tell what rooms are paid only?

Top right, there's a checkbox for at least free rooms

Skidy might need to add a paid only selection as well

yes i saw the free one, i wanted to tell which ones were paid, ah i see...

Hello there :)

cuz for the subscription, i cant tell what u get included as well thats why i ask

Para is sleepy

xd

do you guys ever run full port scans for some of these boxes? i was checking the top 1500 ports for the ultratech box because one of the questions asked what other non standard port is being used, but only 3 ports came up as open and none of them were the right answer, now im running a full port scan but i feel like it is going to take like an hour lol

Iirc a computer has 65536 ports in total

You gonna run em all?

i mean i guess, i dk why it didnt show up in the top 1500, i assume it is a random "non standard" port, you think i should try to open it to like the top 20k ports or something instead?

i just didnt want to waste time and do the top 10k and then nothing showed up then keep making it bigger

I always scan all ports unless I'm in a hurry

It's common in industry for people to hide things on high ports

interesting..... ok i see...

Nessus defaults to only common ports but I always force all ports to find extra loot

right... yeah that makes sense i didnt think of that

Bummer....I tried to upload an VM, but it's based on debian9. Any thought on when debian9 also is supported?

Heya, I don't think it is! It will be shorty (end of September)

Debian 6.0.0-6.0.8, 7.0.0-7.8.0, 8.0.0 are all supported

Nothing is stopping you uploading it and trying tho! :)

@deep trellis already tried it, gave me an error.

Oh right, I am still looking into my other solution 🙂

Hopefully soon there wont be a problem with having VMs uploaded and converted.

I hope so. I'm almost done building another one and it's a really fun challenge. But its also based on debian9.

Yeah my next big task is to try and fix the conversion on differnet OS's

Soon.. soon!

@lavish marten I've updated our pagination

Pagination updated. Let me know your thoughts!

https://tryhackme.com/hacktivities

^^ Tells you the max pages and I increased the pages you can click on too

nice that looks good 😄 @deep trellis

does anyone know, do you need to do the pro version of burp to intercept traffic that isnt a normal http port (not 80 or 443?), i saw there is a config change in the proxy settings, but do u need to regenerate the certificate in your browser? i saw burp needs to restart to regen the cert, but settings arent saved in community version

Hey. Trying to connect to a room but having some trouble

Which room in particular?

Blue Room

trying this again now

Says im connected and all

But cant get into the room

what a shocker

?

Has there been problems lately?

Yup, most of the users had problem with that machine.

Ohhh...

Fun fact, that machine works fiiiine

it's a long running gag to blame it on it

It's not, I've tried almost 10 times but my exploit always fails.

Every good gag

Has a bit of truth

🙃

Renamed this chat to reflect more accurately the purpose

Not quite tech support but is there a way to change my username on the THM? I have my old handle on there? 🤔

It's still in progress afaik.

This is a stupid question, but do you need to download hashcat? lol

Not if you're using a pentest OS like Kali or ParrotSec

If you do need to download it, there is a github where you can download hashcat:
https://github.com/hashcat

Ok, thanks 🙂

Hi, can anyone help me with the Linux challenge on flag16? Task 4 #6?

Hi, I am currently stuck on this instruction. First time im doing this... (var_8h is 99 i think)
andl $0x64, var_8h

@naive dust hey, can you provide some more information about what you're trying to do? Which room are you having issues in?

i think it's the BoF room

It's x86-64 I guess.

yeah sorry it is the introduction to x86-64 room.

Hey @naive dust feel free to DM me :))

@deep trellis Any idea on when VMs with Debian9 OS can be uploaded? I have 2 very nice CTF-like machines waiting, but can't due to the kernel/OS restriction.

You can downgrade the kernel to make it work

As a short term fix

Otherwise, I will to make this all automatic

Would love to see your CTF too 🙂

cool....I'll try and downgrade the kernel

Anh kernel from 7.0.0-7.8.0, 8.0.0

k

Hey, how does the points and charts works?, I get the y Axis is points and x is Questions and hovering reveals points, but why are the point scores different for everyone for the same question , is it a time based on when you compete the last flag? , Thanks 😄

Generally speaking, points are higher for the first person to answer a question. They go down slightly for each subsequent answer with a small amount of wiggle. The wiggle is new, I think Ben added that to reflect the number of attempts per question with points being slightly reduced per attempt

Ah! ,curiosity of how it worked and why there were vast differences :D, Thanks for the reply , not too fussed about my lack of points ha-ha

🤔 Is there a point guide somewhere on the site? If not, there should be.

I'll work with Ben and Ashu on adding that, it should probably be on the FAQ

yeah 1st place i checked ha-ha

ex-1st place cough cough

¯_(ツ)_/¯

I'm sorry, I can't help that I'm awesome 😎 @fossil dust

that redirect tho

.>

Hi o/! Would you by any chance keep the .ova files sent to create rooms? I might have deleted UltraTech's VM ^^'

Erm, I think I can revert the process and get the VM as an ova, but its a process I have not really looked into

^Oh this is gonna be the fun kind of weird

there is an error in a question of VulnOS2 (question 5)

@frank harbor can you dm me the error?

gonna sound like a thicko, but how do you copy and paste from the vnc Kali room to local machine?, typing these flag is killoing me 😂

Are there options on the left hand side? The VNC settings

Also, you can always log into your account on the Kali Machine

ah cool, cant seem to copy out the terminal window, weird must be me

https://tenor.com/view/gordon-ramsay-idiot-sandwich-angry-mad-what-are-you-gif-4169547

ah just got what your were saying, i assumed that the kali vm internet cap would be disabled

Nah 🙂

Hey, I'm having problems with THM - most of the boxes don't respond to RCE stuff (they leave me hanging... forever, even when I copy walkthroughs code 😦 ). Do you think using the Kali box will give me better results? (on a vip server btw)

Hey there

What do you mean they don't respond to RCE stuff?

As far as i remember, RCE vuln machines are Ignite & Blue

Check your config

Hey, I'm on Q2 of filter evasion , I can get the pop up hello but not receiving the flag code?,,

using the following

removed----------------

any idea's?

tried another method, please ignore

i cant download the vpn

when i download the file its just blank

@deep trellis

i need help

Blank or does it have an error message?

@naive dust Thank you for reporting, my backup today caused my API process not to restart properly.

I have fixed the problem, go ahead and "Regenerate" your configuration file, then try re-downloading

Let me know if it works

Ok thanks!

hello!

I would like to change my account username

could anyone guide me to that? 😄

and after the change, press save!

i mean on THM :p

thanks tho

😄

lol....need to be more precise 😂

sorry XD

THM account I don't know. No change option available.

yeah I saw, that's why I was hoping an admin could help me out :3

but thanks dude <#

❤

np love back 😋

Name change coming soon iirc

@fossil dust boop

@fossil dust boop

How do i upload a machine to TryHackMe?

https://TryHackMe.com/upload

@naive dust you making a room? :O

i want to upload MInUv2 for now but im working on one

:3

Yes, there is a room competition coming up too :)

Win up to $200 for making a room with a virtual machine that teaches a subject of your choice

ooooo

I'll release more details about it tomorrow :)

looking forward to it 🙂

NO BOOPING @supple sonnet @torpid urchin

honkhonk

hankhank

@fossil dust boop

NU

NO BOOPING

@fossil dust boop

NU BOOPING

Boop

I just subscribed for the kali vm and Its so slow

@summer cove really? I have had no issues with the machine, are you using the browser or RDPing into the machine? What country you in?

What's your internet speeds?

Tried both and it was pretty bad, UK, 50 down, 20up

@deep trellis

Whats the bit-depth when RDPing into Kali?

Is anyone else having issues with kali?

What do you mean by bit-depth

@deep trellis

Oh I get what you mean and

Reduce it to like 16?

its still so laggy

Hm, thats really strange as I have not had any issues before. How laggy in ms would you say?

Everything loads like a old fashioned tv

How are you accessing it? RDP?

Like pixel line by line, never had any issues before remote desktoping into machines

yeah RDP

Try in browser

yeah its a little bit better just still laggy, I guess its got to be expected in a way

Ive just never had issues with remote desktoping into machines

Yeah very weird hm

Any other problems let me know

@summer cove On a different note, I've added your subscriber tag on the discord

thankyou

yup!

Boop

NO BOOPING

Booping

NO

boop

NO BOOPING

REEEEEEEEEEEEEEEEEE

BOOOOP

BOOOOP

NU BOOPING

REEEEEEEEEEEEEEEEEEEE

no u

Boop

NO

NEVER BOOP

Reverse uno card

Your doomed to boop

Baka

I was wondering if I could get some help. I’m trying to configure Firefox to use with burp. I have setup the proxy as stated in the “Learn Burp Suite” room. But I can’t get https traffic or websites to view. I have configured Firefox with the 127.0.0.1 proxy information. But I still can’t get to the DVMC page or any page. Any assistance would be helpful.

https://support.portswigger.net/customer/portal/articles/1783087-installing-burp-s-ca-certificate-in-firefox

Check out that link and use the extension 'FoxyProxy'

Also, don't forget to make sure intercept is turned on

this is the error I am getting.

Your burp proxy is on

I under the impression that the burp proxy has to be on to intercep the traffic from Firefox? Or am I thinking about this the wrong way?

So the way it works

URL Requested -> Burp -> Web server
Web Server -> Browser
But in Repeater it can go
URL Requested -> Burp -> Web server
-> Web Server -> Burp

Confirm cert

View all University teams on the platform! You can search by University, username or team name. Teams will be getting ready for the hackback event this October!

Eyy

The link to the hackbak page takes you to the old hackback i am trying to figure out how to make a team 😄

It shouldn't do?

https://tryhackme.com/hackback2

Hi, I just deployed the Kali machine, but I have no idea what the username and password are

terminate the machine

Then re-start it

nope it goes to https://tryhackme.com/hackback/

https://tryhackme.com/hackback2 goes to hackback

as long as you understand my point lol, on teams it says look out for the hackback event and when you click on it, it takes you to the old one

Really weird

Oh you have an extra slash

😄 the difference is no number 2

Thast how you enter

I will fix the other issue later today aha

Oh i did it through the profile page

@chrome cipher did that work?

Yeah thats how you do it @fair dock 😄

@deep trellis yes, thanks!

Its a problem that I am currently fixing 😉

I am not at home, so wont be fixed until Monday evening - it should work full time for you now.

No worries, I am happy that it's working after the restart

It should work full time now, its just on the first ever start

Let me know your thoughts too 🙂

I will 🙂

Hello

Hey, terminate the machine and restart it for that Kali box

Just seen the error message appear on my other monitor if you're the same user on the site

I m new here, I just deploy my own Kali and unable to login

What username and password should I use for kail?

Yeah, terminate it - then re-deploy it and you shouldn't have that problem

Did that work @final laurel

Yes I just logged in

Thanks

Awesome! 😄

🙌

I just fixed that problem so it shouldn't happen again.

@deep trellis is the Kali machine running all the time after we deploy it? does it save its state?

If you check there is an expiry time

So when that time is gone, it gets terminated

Just keep extending it

and it shouldn't die

thanks

Hey does any one have any recommendations on a opensource netflow like tool that can take a span port and provide reports and top talkers?

OSSIM

I'm a bit biased for this since I use it daily but I'm a big fan of it

https://www.alienvault.com/products/ossim

@dapper imp

hey, i completed the mr robot room, got the flags. however its bugged out, its duplicated each of the tasks

Can you leave the room and rejoin it

same things happened

this is what i mean (its same for task 2 also)

Oo, I will look into this, thanks for reporting :)

alri, no worries

it also deleted my flag1 entry too (it was right) if thats of any use to you

@naive dust it shouldn't be displaying two?

Just checked and it looks ok hm

Is this in the mrrobot room?

ok, i'm getting invalid login on the kali room vm no matter what I put in there. what is supposed to go in the login box there?

can't find instructions for the new browser based access on the page or via email

Ye in mr robot room I tried it across 3 machines and same across all three @deep trellis

@quaint seal try terminating the machine and redeploy it

Did you have any other machine deployed when you tried?

@naive dust I will look into it, think I know the problem

Alri thank you

@naive dust That was a weird bug - its been fixed now aha 🙂

Ah good ty

if i pay for sub by debit card and cancel it, ill still have premium for a month right

Yessir

Once the initial payment goes through it'll keep for that month. It just won't renew

If it causes any issues, just let us know and we can remedy that

okay thank you

@deep trellis i tried terminating kali vm, leaving room, re-joining room, and re-deploying. same issue. also had the same problem in another room (investigating windows). I did have other rooms deployed at the same time (as I assume would often be the case for having the kali vm deployed)

@quaint seal I will investigate 🙂

Wait 1 sec

When I tell you to deploy

Can you?

So I can see the error

sure, i'll get it pulled up

When you're ready deploy

I am looking at the logs

starting machine now

Okay

Looks like it works from my end

and my thm<-->discord identity is now revealed 😛

All log usernames are anonymous

So I can just see what functions are being called

And the requests X user is making

I can link them if I reallllly wanted to, but its a hassle

you took all the joy of my osint joke and ruined it with your real-world infosec

😉

My Bayd

aaaand, the kali vm just deployed and i have in-browser access for the first time in several days

Wait

When was it playing up?

Because I fixed a big bug like 3 days ago

last night when I posted it was still happening

Oh r.i.p

I did see your message as I was researchign whether this was known

(from your fix a few days ago)

Do me a favour?

Keep kali alive, can you deploy the Investigating Windows room

Have 2 VMs shown in the browser

ok, deploying IW room

same browser, diff tab

Nice nice

yep, working on IW room now as well

1 sec, how quickly did you deploy the Kali room and IW room?

Like deploy one after another

Did you have access to 1 but not the other?

just now or yesterday and this past week?

Yesterday

no, i couldn't get to anything that deployed in-browser access within the last week

no matter delay b/w launches, leaving room, rejoining room, etc.

Is this the first time you're seeing it?

no, it was working about a week ago

Okay, if there are any other problems let me know 🙂

and stopped sometime after that and now it's working again as of now for me

If it plays up again, lemme know 😄

will do, thanks for your time

No worries 🙂

@deep trellis kali vm ran out of time and shut down. just restarted it and it's giving me the login prompt again

Hey

You still online?

yep

Did you have another machine running/deployed?

i did, i had Ignite room going

Any others?

I don't believe so, just that one

can you try redeploy?

sure, one sec

i did shut down and re-deploy earlier after it happened and still had the same problem the second time around

ok, terminated. about to deploy again

Wait

waiting

When that happens in future, can you also please let me know the URL from the large in browser button

It just messed up for me too

So I can investigate

the link that the access in browser button points to?

yeah, when it happens again can you click on it

And copy/paste the URL

Only if it breaks

yes, i can do that

thankjs

ok, deploying kali room vm again

did the IP of the kali box say "undefined"?

there was some url param that was == to undefined, but i don't remember what it was

Okay

Thats the issue

If the token is showing as undefined

Its not good

that's what it was

Breaks the whole thing

token=undefined

Oay thats why

Ill add some safety measure in to stop it

Thanks for letting me know.

Anyone have problem with the powershell room? Tried to access with room using RDP but end up the following error.

while the browser mode takes forever to load

Tried to restart the machine but no luck

Thanks in advance ^^

Oh yea, this is my RDP version

False alarm, Just got the shell......lol

@deep trellis fyi, having kali room vm issues again just now. refreshed the webpage and getting the login prompt now (even though token param is there and populated)

Dont do anything 🙂

So

Have you got another Vm deployed?

yes, but not one that yields an in-browser remote session

How long has Kali been alive before it died?

i've extended it a few times, so maybe 2 hours?

Hmm, I wonder if the token is just dying after 2 hours.

I will code something in that can help fix the issue

Like a "Re-login button"

or if a user is already hitting the "add 1 hour" button, perhaps that could add more time to the token as well

I have very limited control over the token

I think after 2 hours the token expires

gotcha, just thinking about the UX

that way the user doesn't have to "add 1 hour" and then click a separate "re-login" button

Yeah, thinking of a solution hm

Did the Kali linux die when you did anything specific?

Was it when you refreshed the page?

Like as soon as you refreshed it asked for a login?

yep, exactly

What page did you refresh

The Kali linux one?

yes, that is correct

and even if i click the "access in browser" button now, it opens a new tab that still prompts for login creds

Yeah it will hm

If the little screen asked for login, both will.

nods

Oh wait

Where you using the Kali machine?

Because tokens expire after 60 minutes of inactivity

yes, i was defintely actively in it

had typed something in teh console of a meterpreter shell running in the kali vm within the prior 30 secs

Yeah I think the tokens expire after 60-120 minutes

Now thats a larger problem than I had anticipated

maybe most people don't take as long as me to figure things out, so they don't need the kali vm as long at a time 😛

Aha, nah I am glad you said because it can be a pain when it just expires.

Is everything you have the same?

Kali still up?

nope, just killed it

ah bugga

ok

if nothing else, repetition has been shown to increase retention. restarting and doing it all over again may help me better remember what i'm learning 😄 </silver_lining>

That is very true

I am not sure how to increase the token time

Thats the only thing

Other than a crappy button that says "Login"

well, sometimes a sub-optimal solution is better than no solution

Are you using Kali

I'm going to restart the remote server

i am atm but no big deal

It might not break

Lets tru it

did it break?

it didn't

eyyy

reconnect

yeah it might have f'ed up now

lol sorry

😛

Hopefully my solution fixed long-term Kali sessions now

I can give you a token manually if you want?

So you can replace it yourself

and get your sesh back

no no, it's fine. i'm terminating and will re-deploy

thanks!

thanks for the offer though

Wont happen again now hopefully

@summer cove sorry! Your LinuxCTF box will have also been disconnected - SSH into it manually.

what?

Youre in the LinuxCTF room?

yeah

Your session in the room might have been killed

nah its good

awesome 🙂

im still online aha

🙂

Fabbbbbbb

decided to use the VPN

now

much easier

Yeah best way

ty ty

np man

wouldnt mind helping me quick @deep trellis

Yeah sure

kinda stuck again

lets move this into another channel tho?

Move over to #room-help

yeah

Question @deep trellis

Yea

Shoot

Will it make a diffirence being on the VPN and connecting to the Kali machine

Nope

You dont need the OpenVPN connection

yeah

So you can use the Kali machine from anywhere with an internet connection

but last time I used it, it was laggy as hell

Oh really?

It shouldn't be hm

I can increase the resources of the box

Last time I used it, it was fine

Yeah still is laggy

its like a old fashioned tv

like loads pixel by pixel

line by line

rdp

or in the browser

tbf its a bit better in browser

and that was RDP

Hmmm

On RDP reduce your color bit depth to 16

That can help 🙂

I did

aha

In browser it works okay

I guess

🙂

I cant get kali to vm on my linux for some reason

or I would have done that

What do you mena?

get driver erro

errors

You cant SSH into the Linux machine from the kali box

Screenshot?

what what

oh yeah 2 secs

im talking about local machine now

oh

I am not sure if its your local machine

well vmplayer

dosent work

I tried vbox and it gave me a driver error

never had issues with vmplayer on centos

but on ubuntu it has issues

Weird 😮

Not sure without seeing it first hand

Skidy, any reason a Windows 10 OVA would fail converting? Failed around 38~%. Tried uploading twice at two different times, just in case it borked for some reason. Once Saturday night, once Sunday.

Created in VMWare, had no issues re-importing it.

Also, I'm willing to make a couple boxes for part of the educational portion, I've got a few ideas in mind 😄 you can DM me if you're interested.

Any recommendation of best room for absolute beginners?

Hey @supple sonnet did you follow the box requirements on tryhackme.com/upload ?
Our backend is very specific with what versions of Windows it accepts

And yeah sure @deep trellis and I will DM you :))

@quiet spindle DM me and I'll suggest you some rooms :))

Hmm, I may be missing it, but I'm not seeing anything on exact version specifications:

https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html

There's more info here :)

@vapid dawnok bro

ty ❤
note: you can toss me a PM whenever :D. it's about 3am here right now, but I'll respond whenever I get a chance.

👀

Building in Virtualbox, ensuring disk partitioning scheme is set to mbr not gpt was the trick 😄

Hey, is it possible yet to change the email on my tryhackme account? The email I'm using doesn't exist anymore (I no longer own the domain) 😦

@deep trellis this would be a you question

Yall im trying to subscribe but it wont do it for me

Hi @devout relic

hey

What happens?

so I put my card number in and hit submit

but nothing happens

I really want to try this

Can you check your browsers console for me please?

what do u want to see

Are there any errors?

um where do i check that

im on crhome

chrome*

ctrl + shift + i

ohh the inspect lol

yeah lol

i dont see anything there

Have that open and try to subscribe

okie

Refresh your page first 🙂

Make sure that is still open

oh

Sorry about this too

lol its fine

Yeah thats fine 🙂

oh yea there is an error

wait why is that

your card

So your card got declined, but it didn't show you an error?

happens all the time with mine lol

it doesnt takes discover?

lol

Sorry bud x

lol what do i do

use a different one?

lol

use visa card

um ok

privacy.com?

yay lol

Thanks

No problem

Let me know what you think of being a subscriber

okie dokie

Will tryhackme support debian 10 soon on uploading virtual machines?

We will! Were a little bit limited currently by AWS uploads and subsequent kernel support but we plan on supporting it :)

Thank you for the answer DarkStar 🙂

Ill welcome your thanks in the name of darkstar

🙂

rip everything

^^

Is the site dow/VERY slow or is it me

Yes, our event is killing our webserver

oh

😦

Everyone is bruteforcing

@deep trellis Send some pics from the event

Can't seem to deploy the 'Ignite' room

@rigid oxide

Press deploy "Please wait" and then nothing

try again please

Watching the logs

just clicked

Really?

Can you check your console