#site-support

browser console

Request is not hitting the server

getting a 403 on click

Can you deploy in other rooms?

Please try another room first

Same error trying to deploy a machine in "CaptureTheFlag"

Okay hm, what browser are you on?

Vivaldi

So Chromium-based

but no issues in Firefox...

well, at least that last attempt just worked in FF

Its our obfuscation method then

I will have this fixed in the next month or so

Sorry for the issues

Some browser have issues with it

I am going to remove all the obfuscation methods in the future

Thanks for reporting!

np

weird

I'm glad that it was able to be pinpointed at least

Need my level on here bumped up to [0x9][0MN1]

@eager fulcrum done!

Thanks

Another new rank, 0xA harry

donee

How do I get pip2 for kali?

This damn exploit script uses some lib for printing with colours and it's going to take a bit of work to avoid it. And it's stuck in python2.

apt-get install python2-pip?

python packages are weird on linux

nope, that package doesn't exist

python-pip then

I have pip3 installed, why do people insist on using Python2 still?

This is a 2019 CVE

it's python-pip and python3-pip iirc

Let's try it

And the exploit doesn't work

Returns empty strings, great.

was it python-pip?

Yea

But there's a variable here that needs explaining

it says say the time to something appropriate as it's time based

IDK if it means unix timestamp or what

So it's a time based attack, sqli with a sleep in the sql command. But it doesn't work for me lol

I'll go to roomshelp now

Why does port knocking genuinely never work for me? Hackback2 and now https://tryhackme.com/room/knockknock

Have u tried knock sequence && ssh whatsoever@ip?

It was telnet, I'd made a slight mistake in a command that I can't remember now

Gonna go back and try the hackback one later

Having an issue with the adventure time box

What type of issue?

Gobuster is finding the directory to move on from index, however browser isn't recognising it

might be my end

Oh wait restarted the instance and it's fine

mb

Hello techsupport can you help me im noob

when i open a room i can deploy a vm but my questions seem gone

cant input anything

Leave and rejoin the room

This is a really odd bug

It seems persistent

I never had the issue

Thats why I am so puzzled

it's very persistent

it gave me a short message

you have been banned

red box top right corner

What do you mean?

when i reloaded the room, it gave me a red commentbox in the top right corner, the messages i usually get is woo-woo

for the feedback as in the answer is correct.

after that it said something like something went wrong or you are banned from this room

Can you screenshot it please send here

That happens if your connection is dodgy too

i tried to recreate it but i got nothing

Everything seems fine when i leave the room and look at the room page.

When joining i get nothing for the first task

second task seems to work now

Ohyeah, thats really strange

Let me look into that

Input seems to work correctly

Ohhh

Just found the bug

Daymn, that was a really nasty error on my behalf.

I am uploading the patch now

Right, should be fixed now

Joining new rooms wont do that - if it has happened, leave the room and re-join.

working now and did not have to leave room

yeah my function checks every user when someone re-joins a room

So me joining would have fixed it aha

😄

Is there a bug in the Linux CTF from the learning paths. The RDP flag can’t be located - I can’t find it anywhere.

Task updated

Hey! While you're updating tasks, the last flag in the new Windows Corp vm isn't possible

I have the flag, but the flag does not match the question

Send in a private message please 🙂

@steel bobcat this is fixed now, just thought you'd like to know

Thx @warm spear

The leaderboard thing is not showing on this room, other rooms seem to be working fine.

Yeah, some rooms have the option to remove the leaderboards

aaaaah ok

nothing going on then 🙂

I guess when the points are dynamically earned you don't get to see a leaderboard

Yea 🙂

I wanted to check a walkthrough because i have problems finding two answers 😄

what ones?

i can help you 🙂

move this to #room-help tho

ill move ther

Having some trouble connecting

^ did you manage to get it working @leaden peak ?

help me

i need a way to download linux pls send url

@flat granite huh Google?

And you are going to need to be a bit more specific, too

^^

I can't deploy getting subscription error

Hey nubsec

Whats your profile link?

nubsec

https://tryhackme.com/p/nubsec

Its because you are no longer a subscriber

Whats the email? You can private message me for this if you want

@deep trellisok

Just seen the problem - I will DM you.

Contributors != Subscribers

@vapid dawn No. The Blueroom has not been working when i try to connect

Not sure why

@leaden peak just a quick heads up, if you want to be able to do blue while we troubleshoot this you can also download the OVA from https://darkstar7471.com/downloads

😄

did you manage to get it working @leaden peak ?

@rigid oxide Appreciate that

@vapid dawn Just tried again, still no luck

Works for me? Are you connected to our OpenVPN server?

I'm going to subscribe later today, I'm currently a student in College and would like to get the student discount applied. What do I have to do to get that

I need help I installed a tool on github all went well but when I execute my.sh it opens a cmd window and then it all goes back to work right away someone knows how to remove this problem?

Windows or Linux tool?

@deep trellis could you take a poke at the student discount for m00?

WINDOWS

I not quite sure how to help there, can you link the tool for some context?

ok

i am one windows 10 and i want to install phishing tool the installation Is went well but when i execute myfile.sh a cmd windows open and close instantly

Well the shellcode it's trying to run is likely meant for linux or you need to launch it from the command line instead

ok thank you

@naive dust once either Skidy or Ashu is on we should be able to get that taken care of for you

thanks DS

@naive dust drop us an email at hello@tryhackme.com

Sent @vapid dawn

for some reason after deploying the juiceshop and after having to f5 because I forgot to stop intercept on burp. Now I can't load the page. It just gets stuck loading other pages work.

Is this for all other pages?

Oh just rooms?

@onyx merlin

DW I got it fixed I just disabled the proxy whilst not using it instead of just turning intercept off this seemed to resolve the problem weird how other pages were loading though I think maybe my certificate wasn't working exactly as intended.

Okay, very weird

Glad its fixed 🙂

will send you an update tomorrow @naive dust :))

Yo! Just got my rfmon card, pretty new to this stuff so why do i even need one? What kind of stuff can i do now that i couldnt do before?

I'm presuming you mean specifically a wireless card that supports monitor mode

Having that means you can sniff traffic and 'watch' all wireless networks in your local area

Something which you need in order to perform wireless attacks

One thing to note, it's important to figure out if the card chipset also supports packet injection as this is needed for many attacks such as WPA2 hacking or pixie dust attacks

Generally speaking though, having a card with monitor mode means you've essentially unlocked wireless hacking, or at least the start of it

Hello tryhackme or hackthebox ??

Once you start learning, you'll see how unique each thing is.

both ?

Tryhackme to learn and start out and hackthebox to work on what you’ve learnt

If you have no experience then htb will just eat you alive

^Different audiences for each, different but similar goals. The path to achieving the goals is what differs heavily between the sites and a lot of it comes down to 'how do you like to learn'

I think Tryhackme is much better for starting out. I got into hack the box but after that I had no idea for what to do. When I found try hack me I immediately hopped into the password cracking exercise and worked through it. The beginner Tryhackme boxes are really good at starting simple and working up as you get more confident

Wow that's awesome thanks 😊

possible to change name yet lads?

@naive dust

Did you fix the Kali issue you mentioned in the general chat?

No actually I need rdp setup it's really slow

Thanks for asking

@deep trellis can you check the Alfred room? I deployed it about 4 min ago and the ip is not alive yet...

I terminated & deployed multiple sessions of the machine

And yes, i'm connected to the vpn ^^

Did someone said Alfred? He's in batcave.

@snow oriole

can you ping it?

tried that + scanning it with nmap with no ping probe and nothing

okayu 1 sec

Works for me 🙂

It just took 3 minutes to boot

😦

Gonna try again, i’m on another network now

@deep trellis works now ^^. No idea what was the problem earlier...

@rancid ingot Are you connected to the VPN? Is it actually running a webserver?

"hi, when i open "blue" deployed machine in my browser using given ip address, it's not working. Can anyone help me to get through it?"

Please don't the @ everyone

And thanks @eager fulcrum for offering the help 🙂

Doesn't tag anyway, you have perms set right @deep trellis

Thanks to @rigid oxide for that

@eager fulcrum yeah i connected to VPN. I got a ip address also.

Did you portscan it?

I put 99% odds on it not being a webserver

Does blue have a webserver?

Maybe it is more apropriated to #room-help

Yeah I agree, convo better in that channel

General question for the owners regarding scalability. How do you plan on dealing with inadvertent ddosing on the brute force based rooms when the site inevitably grows to a larger user base?

AWS Shield

https://aws.amazon.com/shield/

And "inevitably grows to a larger user base", thanks for believing in us 😉

Thats from direct ddos tho right? but surely with the increased users running hydra attacks it’ll require a lot more resources? Say you have a few hundred using it on a box?

Oh right yeah I get what you mean

So we will have multiple OpenVPN servers

For a multitude of people, hopefully a server near a the users location too

To help latency

Ah ok that makes sense

Quick note, blue doesn't have a web server haha

Anyone had any issues on the RP: nmap room with the final question?

Seems mine just hangs and won't complete

I may just change that question, that scan takes a long time

Vuln scans are long in general

Yeah just got it

Really liking these RP rooms tho

Any chance I could get the 0x9 rank too

Glad you're liking them!

Can I get upgraded to 0xC Guru please? https://tryhackme.com/p/NinjaJc01

Oh god, I so want to work on the role cog

But exams, projects and I'm done for.

@deep trellis check this out

https://imgur.com/p04GtLj.png

the write up redirects to http://aaa

and am i the only one who thinks the room is a troll?

https://imgur.com/TfIXHC8.png

Hmm, might have to start having rooms pre-vetted

In order to make public

If you're a new room maker, your first few rooms will be vetted

Otherwise, you can push

I'll make the changes today

Maybe allow high ranked users to submit feedback directly to creators? Or opt in preview boxes?

Wouldn't work well for first blood though

@eager fulcrum done!

I think I messed up copying the hashes between computers

Well, gonna try the exploit again

Win first time now

I guess my msf install was probably broke

hey @ashu

@vapid dawn

I can't get the webappsec room to work for the login with admin/admin

Oh nvm, wrong login

Uh I killed the box

I clicked create user on the admin page, got a php error and now I can't ping the box EDIT: was temporary DoS

Can I get 0X9 role

@eager fulcrum Those changes are now made!

Awesome

Less laggy, shows the author on simple rooms and the chart wont flash out now either.

Thanks for your suggestion too.

0xD God please

Ninja, you're powering through the ranks

Im going to need to make more ranks

What other names could I include after god?

John Wick hehe

DarkStar

lmao

Why not?

NextGenHacker101

Elliot maybe

Elliot I like

and/or Mr. Robot

https://www.youtube.com/watch?v=SXmv8quf_xM

NextGenHacker is a little large

but the mans a god

Ooooo

I could add that to the quotes?

aha

After god.

Perhaps

I have no ieda

hm

I like Elliot

Ill add that after God level

any more?

Dade, from the "hack the planet" Hackers movie ?

Eyy okay awesome

2 🙂

Crash&Burn

CrashOverride

AcidBurn

Hmm, not really that friendly

Top rank should be /lp0 on fire or something

Kinda want to keep it fun names aha 🙂

Tron?

Flynn?

I'd very much appreciate both of those lol

GhostInTheShell

GH05T_1N_TH3_SH311

^

Is it possible to have the THM discord bot in other servers?

Would love to have it set up in our society discord to track ranks etc

I'd have to think on that. The bot is open source (the access key withstanding of course) but the implementation part outside of this discord is what I'll have to consider

Sounds good man 😄

x-posting as I dont know which channel this best fits:

On the Buffer Overflows image it doesn't appear that r2 (or gdb) are installed?

hi, I can't connect to tryhackme's network through my kali linux virtual machine

Can you show your OpenVPN client output?

i can't download the configuration file, when i click it nothing happens

Can you please try re-generating your config file

doesnt do anything

refresh the page and try again 🙂

still not working

I didn't see your request hit the web server

So I guess its a client-side issue

Can you please open your console in your browser?

Right click -> Inspect Element -> Then go to the Console Tab

i think i fixed it now, didnt realise i had javascript disabled, but thanks for your help

oh right

Okay no worries

Having issues with the website loading? Particularly the rooms page?

Pages are just loading very slow

TLS handshake failed for fontawesome

And then finishes

Hi @eager fulcrum

This is not happening for me

Can you please confirm your OS, Browser and Version?

Kali, firefox esr

I'm thinking it might have been ublock, but that's weird because it loads on windows

Ahh, yes there is an issue with some version of FireFox on Kali

I will have this fixed soon.

It was reported earlier

Ah cool

I’m also using Kali and didn’t have any issues

It might just be kali+ublock

If it is lemme know please

Is there any wrong with Brainstrom room I can't find answers for that can anyone confirm the room is working correctly

I dont think so? @vapid dawn can you confirm?

afaik the room works correctly but I'll check again tonight

Hey guys, I'm struggling to access the WebGOAT machine. I've got the IP, I've got the OpenVPN connected, and I've got the proxy settings set up in firefox and burp (127.0.0.1:8080). Does anybody have any advice?

Send a ping request to the machine IP, does it go through?

Ahh shit, nah it doesn't

should I try get a new IP?

Yeah, try resetting the machine

and check your access page

Make sure THM says you are indeed connected to their network

I'm 100% connected, and I've reset the machine and the new IP doesnt work either

This is the room I'm in https://tryhackme.com/room/webgoat

Try starting another room, send a ping request

if it comes back, then the room is scuffed

and you can @ DarkStar (the room creator) and give him the heads up

Okiedokie will do, ty

Set up a new room and even that one doesn't work

Hmm

regenerate your connection packet

and see if theres any difference between sudo openvpn user.ovpn
and
openvpn user.ovpn

I just tried that, no luck yet :/

Still timing out whenever I try and ping them

thats wack

oooh I'm getting a response now

:D?

But I'm still getting failed to connect

Boxes sometimes take a while to boot up

on my browser*

Yeah they can take about, 2 minutes

max 5

Spoke too soon

it was responding for 10 seconds

now it's gone dark again, F's in the chat

Summoning @rigid oxide

monkaS

it's responding now, still getting failed to connect on my browser though

Sorry for all the hassle, I've decided that 4:30am is the best time to teach myself pentesting

It may not be a a web host?

The brain is most creative late at night ;) , the perfect time for hacking

true!

it's this one

https://tryhackme.com/room/webgoat

I assume it's a web host

do a simple nmap scan on the webgoat machine

if you dont get any HTTP ports returned then it isn't built for web hosting

nmap IP_HERE

Doing it rn, ty

although I have to add -Pn or I get this

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Been getting that for the past couple hours on every nmap scan I attempt, so I just put -Pn for them all now

and if you're feeling extra l33t
nmap -vv -sV IP_HERE

Is that for all machines?

Or just on webgoat?

Yeah for all of them

Whats your thm profile?

Want to take a peek at the rooms you've done

Some rooms have a soft lock against "loud" scanning

https://tryhackme.com/profile although I just made this profile, I had a random one earlier when I was testing the site with a friend but now I'm subbed I've moved over to this one

your public profile

omg I need sleep

hahaha

as if I just linked that

Just double checking, you're not confusing your THM VPN file with a HTB VPN file are you?

https://tryhackme.com/p/georgedmu

and n

I'm downloading it from https://tryhackme.com/access

also the nmap scan finished, here you go:

root@kali:~# nmap -vv -sV -Pn 10.10.241.25
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-23 23:37 EST
NSE: Loaded 45 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 23:37
Completed Parallel DNS resolution of 1 host. at 23:37, 0.01s elapsed
Initiating SYN Stealth Scan at 23:37
Scanning 10.10.241.25 [1000 ports]
Increasing send delay for 10.10.241.25 from 0 to 5 due to 11 out of 11 dropped probes since last increase.
Discovered open port 22/tcp on 10.10.241.25
Discovered open port 8000/tcp on 10.10.241.25
Discovered open port 9001/tcp on 10.10.241.25
Completed SYN Stealth Scan at 23:37, 17.25s elapsed (1000 total ports)
Initiating Service scan at 23:37
Scanning 3 services on 10.10.241.25
Completed Service scan at 23:37, 12.78s elapsed (3 services on 1 host)
NSE: Script scanning 10.10.241.25.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 23:37
Completed NSE at 23:37, 0.14s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 23:37
Completed NSE at 23:37, 0.06s elapsed
Nmap scan report for 10.10.241.25
Host is up, received user-set (0.026s latency).
Scanned at 2019-11-23 23:37:12 EST for 30s
Not shown: 997 closed ports
Reason: 997 resets
PORT     STATE SERVICE  REASON         VERSION
22/tcp   open  ssh      syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
8000/tcp open  http-alt syn-ack ttl 63
9001/tcp open  jdbc     syn-ack ttl 63 HSQLDB JDBC (Network Compatibility Version 2.3.4.0)
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service ```

trimmed the end off cause it was too long

Go to the ip in your browser

but with port 8000 specifier

so if the ip was 192.0.0.1

so <ip>:8000

192.0.0.1:8000

yeah

10.10.241.25:8000

still nada :/

screen?

can u paste a screen

just infinitely loading

Is burp intercept enabled?

nah it's off currently

Oh yeah I see that now

Close out of burp and try again

What's going on?

Minimize possible interference, narrow down the problem

guessing that's cause my firefox is set to the burp port right?

My boy george here is having issues doing a room you made

which room?

Look fellas I don't want to cause any drama 🤣

WebGoat

WebGOAT

Yeah I'm going to make that one private

I was testing it the other day and that OVA has problems

I'm glad I'm not going crazy and am the only one

What does that mean in englando

I recommend using DVWA in the mean time, I need to swap that

Aka it borked

I will fix it tomorrow

.OVA are whats used to host the "Machines" you hack on THM

.OVA being a Virtual Machine file

Oooh I get you

It's hidden for now, I'll swap the machines out tomorrow and fix that

Alright I'm glad it wasn't anything I was doing wrong at least! Cheers everyone for the help ❤️

Thank you for being a surprise beta tester 😉

In the mean time, I recommend trying out some of my other wonderful rooms that DO work haha

haha no worries mate, my friend told me about the site like 6 hours ago and I've subbed already, time to spend some of this student loan on beneficial things other than greggs meal deals

I'm a beginner to all of this so I'll try find some easier rooms

surprise beta tester
lol

hehe

I'm glad you like the site! ❤️

change.org/implementasurprisebetatesterbadgeforgeorge

lmao

Ask Skidy for that one haha

I hiiiiiighly recommend checking out Blue, Ice, or RP: Metasploit

Those are all my creations and I can assure you they work wonderfully lol

hahaha cheers man, I'll try do one before I pass out

DVWA crashed after 5 mins if it's worth mentioning

it's back up, was up for 5, down for 2, now up again

And it's down again

hmm now that one I know works

weird

back up again

this is too much of a rollercoaster for this time of night LMAO

are you mostly trying out burp?

I wouldn't say mostly but I keep on needing it for challenges so I've just kept it open

I dont mind giving it up and trying something that wont need it

The reason I ask if because ignite also has a webapp, albeit somewhat less vulnerable which I know is 100% stable without question

alright I'll try that one now

does this look right?

yeah that's it

that's a real web app, there is something wrong with it but it's not quite the same as DVWA

alright gotcha, will see how it goes!

aaaaaaaaaaand it's gone down for me

10.10.116.122

No idea what's causing this :/

That's on your end for the connection more than likely

I'm doing this through VMWare if that makes a difference at all

Shouldn't matter, my kali lives on a vmware blade

it's weird cause everything else works on there

I can open a new tab and google shit etc

it's back up now

seems to come and go randomly

I think it's your VPN connection truthfully, it seems to be intermittent if that's happening

Down again, yeah that sounds about right

Are you wired or on wifi?

Wired

220mb down

hmm

everything else is working fine it's just the IP's I'm being given

are the ip's on a similar range to your home?

Because that will cause routing issues

nah this IP is http://10.10.116.122/ and mine starts with 86

Is your private ip range 10.0.0.0/8?

its back up again

or 10.10.0.0/16

Where do I check? Sorry I'm a big noob

ifconfig in kali

no worries

ifconfig being a command of coursse

I'll DM you this hang on

Hey,
I am connected to internet and all is working good except when I am
deploying any web challenge and try to connect to it through my Kali
Linux installed in the virtual box I am not able to connect it or do
Nmap scan

whereas windows machine can easily connect

are you connected to the vpn @lyric hearth

yes

my virtual box kali machine shows me connected

but it doesnt work the nmap shows this

OK from what I can see you started the openvpn process, then stopped it

I know it's not the best way, but I run the openvpn in a terminal, then send that terminal to another screen and forget about it

then open up a new terminal (terminator in our case) and do my work from there

Also another thing I have noticed is that sometimes you end up with multiple vpn instances occuring at once which bugs the shit out of some things. So I'd restart your VM, re-run the vpn, only this time minimize it once it's done!

@lyric hearth

Or you could do && disown at the end of the openvpn command

For example:

Hopefully that made sense! If not then let me know and I'm more than happy to jump in a quick call and explain it

i did this way too opened connection in another terminal and didnt do anything and opened terminator tried nmap BUt still no success

try adding some flags to your nmap scan

such as

nmap -sV -Pn 10.10.148.4

@lyric hearth

@rigid oxide Hey, i resolved this issue but i think there is a bug in the website because what exactly happpens is when i start connection and do nmap it doesnt work but later on like 5 to 10 minutes if i close firefox and open the access to that particular room again the ip address changes WHICh basically means that before the nmap that i was trying to perform on ip was not correct and after opening the lab again the new ip address stays and now it is working

it took a lot of my time to resolve this so i would request you to look into this matter or specify users to refresh or open again

I can certainly take a look into it, thank you for bringing it to my attention

again the problem persist will be not playing for now as i cannot connect to ip address please tell me when you resolve this bug

not able to connect to ip in middle of challenge

I'm not quite sure what's going on here as this is the first I've heard of this issue. Once Skidy is up and I'll run it by him

this happened last time then again the website stops loading and i am not able to play anymore

dirb command gives this error

FATAL: Too many errors connecting to host
(Possible cause: COULDNT CONNECT)

i myself dont know why this is happening

Hi there

So you run gobuster, it works for a little bit, then it stops you communicating with the box?

Can you ping it after?

Does the box connect successfully after some duration?

yeah but i am not able to do gobuster and this will not let me go further

Inshort the box mis behaves like first connecting is difficult sometimes it let me connect sometimes it doesnt load the url or allow nmap then sometimes things like gobuster are not able to work and even i have noticed same issue on my friends computer not sure what is going on

Sounds like the vpn is unreliable

tried regenerate file again connecting, leaving one terminal after connecting and tried also to use another directory buster known as DIRB gives this errie

(!) FATAL: Too many errors connecting to host
(Possible cause: COULDNT CONNECT)

Try curl

in the morning when website doesnt load curl also doesnt work but now website is loading and working and just right now tried curl it is also working

Well, try dirb etc again now that it's working

right now the next step was busting directory and both of them is not working in the morning i was talking about only connecting to the website but after that nmap is still working and i finished few levels and then when directory bust level came i am again stuck

Did you actually give the VM a chance to boot up before you started hitting it earlier?

If it works now, then just accept it and carry on

no just read my last message

in short it keeps on misbehaving

**** then when directory bust level came i am again stuck*****

I even tried to terminate and get new ip and now tried dirb and gobuster but they are still not working

Sorry to confuse, inshort at the movement cant bust directory but nmap, curl and website acc. to level on port 3333 is opening

Maybe it realises you're bruteforcing it and blocks you. Are you meant to be running any directory busters on it?

I think your VPN connection is probably broken

Raghav, if you continue to have this problem, email hello@tryhackme.com and I can arrange a time to walk through it together.

yes the challenge gives us how to do dirbuster and i have played ctf before so i am not a newbie or a total noob lol

@deep trellis i appreciate but can you just try to dirbust once and see if it is working for you?

Gobuster worked for me on that challenge

on firefox what proxy conf did you have can you please confirm?

Oh. You have a proxy bound

@lyric hearth Do you have Burp running in intercept mode?

try turning that off

nope i didnt i saw on the internet why gobuster is giving this error and solution was proxy changes in firefox but its already set to automatic

leave will try another challenge

gobuster won't use your firefox proxy

no problem let just skip its not a big deal

i think this is the resolution

NOT_FOUND is the response code that gives a webserver for not existant pages
or documents. DIRB use this code to locate only the correct existant pages and
eliminate the rest. By default most webservers use code 404 (Page not found)
but in some cases the NOT_FOUND code is not 404 and most CGI scanners will
fail in detecting existing pages.

Shot myself in the foot by updating my CTF -Rig Exploit failed [unreachable]: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: wrong version number

Oh god

I went away for 2 hours, came back and now I'm getting ``` Exploit failed [unreachable]: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: wrong version number

How do you fix this? I legit just went away from my pc for 2 hours, I've restarted the target machine though

fixed by typing 'set SSL false'

Hmm, I might start keeping a log of all the little problems

Make a searchable FAQ

Either that or a wiki, albeit I think it'd be good to have the wiki directly integrated into the site

Although an FAQ would probably be a better solution in the long run

Actually a community wiki would be amazing

Hmm, wonder if there is an open source wiki we canuse

Ill look into it when I get a chance

Mediawiki

Any way to "munge" a string? I have a string with 3 places there could be substitutions and I know what letters would go there

But I just need to generate the l33tspeak or munged strings

So like, "h#ll#, w#r#d"

hello, world

e could be 3

sed comes to mine

Honestly this "functf" is not so fun it seems

it was OK to start with but it's a lot of the same

@rigid oxide I can hop over to rooms-help to give a better, in context, example

I haven't even completed that room, truthfully we'd need falcon to explain it

the in context example could probably lead to a solution

Not really tech support but can admins/owners manually namechange or would that be a ballache? I really regret being called georgedmu when there are so many nice names available

I wanna be called spyro 😦

@deep trellis

Currently name changes aren't possible, it's a technical issue that we have to address

Not possible as in the feature isn't possible rn? Or you are unable to manually do em? Either way it's okay

worst case scenario is I make a new account and sub on that when this one ends and then use my notes to complete all the same rooms haha

Make an alt and reserve your name

its what i did, not sure if Skidy approves but I'd hate to see name changes being implemented and the name I want is already taken 😅

Username changing coming soon. ETA December.

Woohoo

Networks are delaying me.

If anybody steals spyro I'll be very sad, pls don't guys thanks

I'm creating the course for the networks, making it work how THM currently works, so much to consider.

Gl!

Also want to ensure its built properly for the future

ezpz make an alt to reserve it

But I will get around to all those features.

If I get the greenlight then I deffo will

Also more of a concern is: Removing chat in rooms, updating points, review room quality etc..

also with namechanges would you be able to change to someones old username? or once a name has been used once it can never be re-used despite it not being in use

Yes, if you change your username, someone else can claim it.

I might add a "buffer"

Like 3 months

So people can't just take your username and pretend to be you.

But I hate it when ppl take usernames (cough twitter cough) and no-one else can register it.

Same for domain names.

I feel you! I'm trying to register a twitter now, georgesec is taken by some old bloke who hasn't tweeted since 2016 (I'm not counting automated instagram tweets from june 2019) and spyrosec was registered in 2009 and not touched since

spyr0sec it is

Yeah, its annoying aha

glances at my spotify, ninjajc012, and my last.fm ninja_jc01

LMAO

@eager fulcrum I have a Python function that does exactly that (the leet speak transpose). Let me dig it up.

I mean I tried it

And it uh

Didn't work

None of the URLs were correct

Ahh. ok. I wrote it to generate all permutations of a domain that was registered like "c0mp4ny.com" and then I calculate the Damerau–Levenshtein distance from a list of domains $day_job owns. Goal is to find targeted phishing domains before that can go live

Clever

Does anyone have a convenient way to have a folder on my host desktop be synced to my virtual kali desktop? (One hosted locally) I tried Virtual Box and the tutorials but never could get it to work. If there's other virtualization software that makes it easier I'm open to try it. Just something that's dumb easy to transfer files to and from the virtual machine to my desktop

I've had really good luck with VMware but you could just mount the C drive

+1 for VMware (I'm using Fusion here) just configure the shared folder in the VM settings and then on the Linux box:
sudo mkdir /mnt/hgfs
Then add to /etc/fstab
.host:/ /mnt/hgfs fuse.vmhgfs-fuse defaults,allow_other 0 0

Also make sure that open-vm-tools-desktop is installed in the Linux guest

I keep all my wordlists on my host machine and share the folder to all my VMs so I'm not wasting GBs of disk space

ote: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.15 seconds

is it only me whos nmap gives these error?

@lyric hearth add -Pn to your line

yeah but after that i cannot scan all ports as its showing 1 hour and the challenge needs us to do that

anyone around?

Whatcha need?

@mossy ermine @deep trellis can help you with that in a bit for taking care of the password

locked out of account after i set it up a hour ago and tested the logout login

password reset links back to forgotten password page creating no way to reset password

i am pretty sure i didnt fat finger my password but not sure, proably should be tested

I'm heading to bed sorry to give you the headache almost at midnight the day before thanksgiving... good luck happy holidays

if anyone gets zenmap going on 2019.4, hmu

Prefereably without using alien to install it from the rpm

Didn't used Zenmap in Kali 2019.4

Gonna check it out once at home!

It's not installed by default, and it's not in apt anymore

@mossy ermine Sorry you're having issues with that. Either use the forgotten password form or email us to get your password reset.

I think wrong tag 😂

Sorry aha

👍 np

Heya, is there any way to change your e-mail? I'm looking to buy the subscription but I'm signed up with an email that isn't a student email, even though I'm a student?

hey @mild jungle we're currently working on that functionality - for now drop us an email at hello@tryhackme.com

Cheers!

any admin around

@deep trellis @rigid oxide The forgotten password system now works but it will no longer allow a login even after i successfully reset my password

opps nevermind just got in

took asec to take

Amazing, glad you managed to login 🙂

Cheers guys, Ben got in contact about changing the Email!

How do I link my TryHack me profile with discord using the token thing

DM the bot

I'll make a blog post about it

so it is November 29th how do you enter the 25 days of cyber?

There will be an announcement

How do I redeem the student discount black friday sale? I already have a subscription. Do I cancel then re-do my sub?

@warm spear i think that's for @deep trellis or @vapid dawn

@warm spear Contact me

I see at the advent of Christmas has been updated to a email notification of subscribed users of tryhackme, has the email been pushed out? last i knew today was the only day to sign up and the day is almost over.

@mossy ermine the email will be tomorrow :)

cool, so happy

Tomorrow for whom?

Itll be as part of the normal site new emails

So I've ventured to VulnHub and picked up a couple vm's to hack away at but I've run into an issue. I've tried connecting my Kali vm and the vuln vm to the same virtual network, but I can't seem to get the darn things to talk to each other. I've been using the 'netdiscover' command on Kali to scan for ip's on the network, but it only returns VMWare's loopback ip. I've looked at a couple walkthroughs (just so I can get past this step), but they seem to start after a connection is already made. I've tried setting both virtual adaptors to Bridged, but to no avail. Any ideas?

Try reinstalling vmware, that sounds like potentially a driver issue

is the advent hack challenge reserved to subscribers or is it open to all people who signed up with TryHackMe... info is not clear at all...

Will be open to all

More information will follow in an email today

^Exactly this

Anyone else getting much worse boot times on 2019.4 compared to .3? Exact same VM settings but my 2019.3 VM boots in like 20% the time

Anyone got IDA debugging working in Linux?

I got it working, error message wasn't very helpful

Setting up a new VM on my laptop, but I really want to download 2019.3 of Kali, is there a way I can get an older version?

I'm really not big on the appearance of 2019.4

Big brained it and used the wayback machine

https://images.offensive-security.com/virtual-images/kali-linux-2019.3-vmware-amd64.7z

Yes, you can download 2019.4 and then delete the pre-installed GUI (I'm assuming it's XFCE) and replace it with the classic GNOME graphical system you've grown to love

This is the reply from discord support about me being automatically removed from the server.

Do y’all use auto ban bots?

Nope

I have moderation bots that I like but I don't use them currently

If you're using a VPN you might be getting hit with a residual banned ip but that's the only thing I could think of

@foggy blaze https://cdimage.kali.org/kali-2019.3/

Also I just install the ISO on a vm

We are planning on our moderation feature for bot in near future.

How come the Christmas challenge says come back tomorrow when the challenge starts at 8am GMT?

@cursive mantle I thought it was 8pm

Ok, maybe I misread it. Thaks

Thanks

I've been trying to check out a couple of the free rooms and cant seem to deploy and machines. I click the button and I get the message saying "starting your machine. Please wait". But no matter how long I wait, nothing happens. I dont get given an IP. Ive tried in both Chrome and IE and its no different. Anyone got any ideas?

Hi there

can you try re-reploy

and can you please let me know the room you're deploying VMs in

By redeploy you mean just click it again? Ive tried that and again nothing. Just tried this morning in the metasploit and nessus rooms. Both dont work for me

(not staff) but are you blocking Javascript by any chance?

I've had similar issues before

Ah yea ^

can you also please check your browser console (F12, Console)

I do have ublock installed, but it should be disabled on this site. Let me check the console

Hmmm

Failed to load resource: the server responded with a status of 403 ()

can you send a screenshot

Ublock shouldn't interfere with it, I run ublock

Well, origin

I had that error before when running Vivaldi, think it was something to do with the obfuscation - anyway I should stop talking, I'm just finding ways to procrastinate from my dissertation :p

Sign out and back in maybe?

Can you try another browser?

If so, I think I will remove the obfuscation method

Pretty sure I tried IE before a few months back, the last time i tried to get this working. But will give it another go now... One sec

Thank you

Just tried in firefox aand it deployed the machine straightaway... strange. At least I can deploy now and progress with some of the rooms. Thanks

Okay, I will fix the problem later this week

If you can use another browser for the time being, that would be great! Thanks

Thanks. Yes, no problem to use FF in the mean time. Thanks for your help

Hi, I am trying to learn how to use metasploit in the room RP: Metasploit.

After executing "exploit" or "run -j", I get a message saying "Exploit completed, but no session was created". Am I doing something wrong, or is it supposed to be this way?

Thanks for the help!

ps: I am running Kali Linux on virtualbox

This goes into #room-help. Anyway, I think @rigid oxide can help you there (I had the same issue, I can't remember if I passed the task or if it's stil hanging btw)

@nimble bridge are you sure that you have set the LHOST and LPORT correctly!

I didn't read anything about "LHOST". The challenges in the room say

1. set RHOST YOUR_IP_ON_TRYHACKME
2. set RHOST BOX_IP

@lament needle

@nimble bridge hop over to #room-help , I wrote that room

At the risk of sounding a bit thick. Is it possible to amend my email? I've made a typo in it, so can't verify it

yeah it is email them and they can change it I believe

Ta - I'll drop them a line

hello@tryhackme.com incase you didn't know

^

Hey @eager fulcrum

Hiya

I just tried connecting 5 or 6 times and finally I succseeded

Sorry for trouble

Sometimes it takes me two attempts, but not normally more

But that's fine, I'm glad it's working

🙂

Don't know the right channel for this. Can I have the subscriber flair? Been subbed for a few weeks but never go round to requesting it

@naive dust The !verify command will do that

I also just added it manually for you but verifying will give you the correct rank as well

Thank you my friends

Went to deploy the kali VM and launch it in Browser but to do not know the username

Have the Pass but not the user name

Refresh the page, it should auto log you in

thanks

yup!

if it doesn't teminate the instance and re-deploy

Spinning up Kali VM now will post results

!skidy

!dark

...in retrospect I should have seen that coming hehe

Oh god really

This is was is displayed after launching Kali VM in browser

RDP session works

Dumb question: Is there a way to update my accounts email address? It's currently set to my username instead of my actual email address.

@fast shuttle email hello@tryhackme.com with your email and account name

Thanks!

@naive dust i'm having the same problem with deploying VMs atm as well

@naive dust Ah, this is annoying.

Can you please let me know when you;re around

Using RDP now

Ah ok

When you're done, let me know

Ill see why the browser based stuff isn't working

@deep trellis understood thanks

I'm getting an invalid login on kali browser; is there a step I'm missing?

@elder meteor yeah, it shouldn't be asking for a login at all in the browser. I think there's something up w/ the tokens not getting populated in the url (token=undefined). I think @deep trellis is looking into it

Ahh, thank you!

I'll take a look tomorrow @elder meteor :)

Sorry for the trouble, can you please rdp into it for now?

good deal, I assumed it was something more complex than just asking for "creds" lol. I saw the URL and it had me thinking. Definitely works for me, I'm just cloning over my Kali VM and I'll use that for now, thanks for looking into it Skidy, much appreciated.

I'm having trouble connecting to the vpn I keep getting udp link local not bound and tls handshake failed

Hi @elder meteor

can you please try now?

@rapid flax can you try now too please

Watching our logs

To see what the problem could be

I got "Down for development" on the access page a second ago @deep trellis but all back to normal now

it coincided with some VPN issues

Yeah I restarted the server

Sorry about that

ahh going to guess that's what the other guys were having issues with

So I think the Kali in-browser stuff is fied

Let me know 🙂

still can't connect to vpn 😦

To the VPN?

yes

You try redownloading a new config file for OVPN? @icy umbra

i did it didnt help

@woeful stone Did you say VPN was having issues

What errors are you getting?

@deep trellis yep, that fixed the guacamole issues for me

udp link local not bound

tls handshake failed

My Kali machine just freezes when I pick language every time.

can you email (hello@tryhackme.com) your file?

Give it a sec @copper fern

If shouldn't

let it "warm" up

I just got a bunch of @deep trellis for a while but I assume it was while you were restarting

Mon Dec 2 00:53:03 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:08 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:13 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:18 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:23 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:28 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:33 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:38 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:44 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:49 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Dec 2 00:53:54 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

no issues after I killed openvpn and reconnected 🙂

Okay hm

I need to split our ovpn into more severs

All good on Kali in Browser access, thanks!

aha guess there's a lot more demand now because of Christmas

Yeah :/

@rapid flax amazing, sorry for the trouble

If it happens again, please let me know

Lol, no worries. Thanks for the support! Much appreciated. I'm sure things will even out as the event moves forward.

My initial guess was that THM was using the Amazon Client-Site VPN but I guess that'd be crazy expensive to do

Yeah aha

We do our own

Yeah makes sense vs paying hourly per connection 🙂

It'd be a killer

Yeah aha

It works well and we have more control

So

I used to have a mini remote hacking lab based on ESXi where I used a pfSense VM to do all the OpenVPN stuff

I wish I had more time to automate it though, the THM VPN client generation is really slick

Thank you, it took a while to find a method that would work.

Thats pretty cool tho

In the networks Im creating I wanted to add a load of routers (pfsense and cisco)

But configuring it on different subnets all the time is a pain

Dude what's your background, you seem to be so advanced in so many subjects

Yeah I can imagine @deep trellis

@copper fern going to assume you're talking about @deep trellis here aha

Haha yeah although I'm certain you're also quite a bit more advanced than me

Nah, I might appear that way

I seem to know a lot about a little

(if you were talking to me) thanks tho

& a lot of time researching and experimenting

Haha nah you know loads, I'd try and recruit you into the company I work for but I'd be afraid I'd accidentally kill THM if you joined :p

Aw thanks aha

You wouldn't kill it

Im sure

@deep trellis yeah I was talking about you :)
I'm just getting my bearings a little. I've only touched infosec on the surface and the Advent thing sparked my interest, since I want to work in security eventually

Its a great place to start, each day a small security challenge with supporting material is released

Start with the foundations and just grow from there

You can get an idea of what you like/dislike too

Yeah a lot of the material looks promising! I had a tiny course in uni about information security that got me interested. I do some website work so the xss-stuff was interesting right away 🙂

Sorry, can we move this chat into #521382216304033794

yeah sorry I just realized we are in tech-support

@deep trellis @vapid dawn - I am using the Kali machine for the avengers box and the following commands dont work: ftp and gobuster

is your roles suppose to automatically update or are we suppose to re-register the token with the bot

🙃

never mind figure it out

hello ... im trying to do task 5 of the day 1 challenge, and I'm on the vpn, and I have an "Active Machine" as indicated by the "Active Machine Information" red bar... but when i go to that IP address http://ip:3000 , i get an unable to connect message

my local network is a 10.0.0.0/24... could that be whats causing it? that my local network has a similar subnet to the vpn, and when i go to the 10.0.0.x target/active machine ip, my machine thinks it's a machine on the local network?

@coral palm be sure to replace "ip" with the IP address of the VM that launched in your browser for the room. it will probably be 10.10.x.x (where the two 'x's are something assigned to you)

thank you @quaint seal , i got it

👍

Good evening! I subscribed to THM and have a token... what do I do with it?

@shadow glen dm the bot with !verify tolken and it will update your roles. you have to reverify if you get new levels and or roles

Okay, thank you 🙂

hello

Hey Tomas

Let me take a quick look and see if i found the 26th flag

I haven't completed the whole room

So, i didn't complete that one. Might have to get back to the room

thanks i've put that to the side for a min to clear my head. see if some time away will help solve it .

Sometimes takin a step back might help ya (happens to me so often. Lol)

i signed up for the cyber-advent ctf and the initial task of accessing the machine with the given ip address gives

me a message of " having trouble finding that site"

i wonder did this happen to anyone else

Oh, yes. So... it might take a good 3-4 minutes in order to boot everything

start the machine, wait around let's say 5 min

i see...

thanks

and check with nmap if the port is open. Or you can try accessing it directly

i actually have one more question...

when logging into rooms , previously when i deployed a machine it would open up. now recently when i deploy a machine i get a window that says "remote hackme" and asks for a username and password. is this a change for the site

that didn't happen to me. And that would be a question for @deep trellis

thank you

I'm sure Skidy will respond as soon as he sees this, but he's asleep now i guessw

@terse canyon @snow oriole That's a known issue atm

I believe Skidy is looking into it

for the time being would my username be my email or username for the site...

same question for password

@terse canyon if it's the kali one, try RDP if you can. I can't see another way around it, looking through the chat here

I'm not using Kali in browser since i have it locally. And @terse canyon you can user your email for your username (i saw someone saying there was some issues when trying to login with your username) and the password you set for your account

thank you i'll try those..

hi anyone can help me

on windows

openvpn seems to be connect according to access page

https://tryhackme.com/room/25daysofchristmas task 5

machine is deployed since awhile ago

cant seem to access it tho

Do you have your VPN on? Also, I HIGHLY recommend using a Kali VM

Doing this in Windows is doable, however, it's significantly harder

only machine i have now is a windows

will probably get the vm up a day or two later

Do you have OpenVPN installed? You need to have it up and running with your configuration from the website to reach the box

as mentioned https://tryhackme.com/access shows connected

OpenVPN sometimes can't perform the routing/route add operations that it needs to do on Windows and that might be what you're experiencing here

is there a way to fix it

I would recommend looking to get a Kali virtual machine setup, it'll be an easier fix in the long run

Not really, it's a permissions issue with the service

need a temp fix since download speed here is a bitch

Google is likely your friend there, I'm not sure I can provide a lot of help

no problem

thanks!

Yup! Don't forget, the cyber advent challenge doesn't time out each day so you can catch up after missing a few days if need be

are there more rooms in christmas puzzles, I am done with advent of cyber?

There's one a day

There'll be another one in like, 5 hours and 18 mins

@burnt holly

Actually in cyber advent machine it is written that this machine is 3 days old

yes

thats because this room was made 3 days ago

1 a day

1st dec to 26th dec

@burnt holly even if the room was made a few days earlier, it wasn't released. Probably they tested it to see if everything is working as expected 🙂

Ok cool

I can't connect with openvpn still

been trying all morning

Download ur openvpn instance and just do openvpn <vpnname>.ovpn

by instance do you mean my config file

because I did that

Yes

Also, run it as root

In case you don’t run is as root the connection might fail

sudo openvpn <yourfile>.ovpn

running as root did not resolve the issue

unfortunately 😦

Guys any clue?

I am running from a Kali VM, btw

Oh well it seems like I cannot connect to any page at all

Imma reboot

Hmm weird

Let me know if that fixed the issue

Can someone help me setup openvpn on mac? I tried with homebrew but its not starting up

Solved, seemed like an VM fault

It doesn't start up, it is a command line only package

Try downloading the access file from the tryhackme page and run sudo openvpn youraccessfile.ovpn

Awesome 🙂

Hey folks, having issues with the 25 days of christmas. Launching the day 1 machine doesn't seem to work. I confirmed on the network access page I am on the VPN, am I making a silly mistake?

http://10.[ip here]:3000 just says connection refused

@candid dust It takes like 5+ mins to get started

ahhh, okay. The text says up to 3 minutes, that was my confusion.

thanks @eager fulcrum

Yeah it was like 10mins for me

Can someone help me setup openvpn on mac? I tried with homebrew but its not starting up

It seems I cant access the VPN from my office network, too bad

@naive dust unfortunately not at this time, this is something we're looking to implement in the future

@severe furnace depending on the office setup, you may have a rare instance where the ranges utilized overlap or the VPN is blocked by your office

yeah I guess, so that means I will need to do it later when I get back home

basically tls handshake was failing

same issue I had. it worked when i got home

I might subscribe.. that way I can use the Kali VM for connection

Hi, is there an option to update our email address?

@severe furnace email hello@tryhackme.com with your account name and the email you want it changed to

nvm

not sure who wants to handle this but question 1 on day 2 cyber is wrong on one of your servers. i've confirmed i have the correct answer with your mods. have screen shots but dont want to post answer in discord. let me know how you want to proceed

@mossy ermine 8Char string starting with 'S'?

yup

In directory format

yup

Daymn, broken challenge is broken

I had spooky reach out to me, I'll talk with Skidy but I can also just update that quick

(I confirmed it was the correct answer based on my answer that was accepted as correct)

So you're all very clone, the regex should make it still work

Web directories are typically forced to lowercase

Keep that in mind

One moment, I'm hopping on my kali box

@rigid oxide Yeah, both my answer and their answer match in case, both lower.

Let me DM you quick

I've verified the challenge is correct on the website, it's likely a sync issue

I'm on day1 task6 of the 25 days of christmas room. I can't seem to connect... I hit deploy then try to open up http://<your_machines_ip>:3000 in my browser. I'm using the IP given by OpenVPN which is the same as the one listed under "Internal Virtual IP Address" in my access tab

am I missing some step here?

@crimson fog you dont use the ip given by the vpn you deploy the virtual vm and use that one

is that done when I hit deploy?

I got a popup message, but nothing else. Maybe I have an addon blocking something?

yup join the room first to deploy a vm then a red bar called active machine info with refresh with the page

oh cool I didn't see that part

I see the 10.10 ip now

thank you

yup np

Hello there, I Joined TryHackMes Discord yesterday, but today I found it was not added, thought I was kicked or something, I Joined it again today, did I do something wrong?

could someone help or is it normal?

That's not normal, I can promise you that you weren't kicked

@naive dust similar thing happened to me, but nothing warranted a kick, I'd bet there could have just been an issue with discord

it seems so, I will just ingore it, lets see if it kicks me out again

been 5-10 mins since I started the christmas challenge 2 machine and it aint loaded 😦 I can ping it and I get a response but nothing comes up in the browser, and I cant run gobuster against it

@foggy blaze make sure you use port 3000 🙂

Cheers! still nada though :/ nmap is only showing port 111 open

and that's rpcbind

ok so here's the fun fact, like yesterday just be patient

It won't load any faster. Just hold onto that excitement and wait

I know it takes a few mins (up to 5 apparently) but it's been 10+ now, with a restart

but I'll keep waiting

yes

and I'm here to tell you I waited 10 minutes ish

it varies