#site-support

@naive dust did the other tasks that don't show up require some kind of input or were they plain buttons to submit?

@celest sapphire i think you might be on to something, the only two tasks that gave me points were the only ones that required input

yeah, only they give points

the "check" ones don't

why my password is correct but the system say incorrect , could you help me pls ? :*(

try loggin in with email

not username

even when i use email , the system still say incorrect :*( and now i has been lock in five minute

After 1 minute, I was able to access it again, thank you very much admin

Im currently new and working on the linuxctf room in the begginer path, im stuck on a file transfer question if anyone could lend a hand, would be much appreciated

How can I connect to THM OVPN when I use Torghost? I tried to connect but I got permission denied. It seems openvpn can't use the ports because of Torghost. Can you please advise?

you're running the VPN with sudo or as root?

hey hi team , can anybody help me to connect https://tryhackme.com/room/windowsbase as rdesktop

@deep trellis do we have the credentials for this room/box available? We could provide those on the task information

Yes:)

can anybody help me on this

Does the in-browser stuff not work?

yes but not persistent

Our VMs don't support persistence between boots

https://tryhackme.com/room/windowsbase

The task includes the RDP credentials

yes , but its not

what task for this BOX ?

To RDP into the machine are as follows.

Username: Administrator
Password: TryH@ckM3!

Can you please clarify upon what you want from this? You want to be able to use the Windows VM as a workstation that saves to your profile?

I ask as both this and the Kali VM we provide reset every reboot back to their standard image

Actually thats probably a better question ^

Just wanna make sure I'm addressing your question correctly

I am getting this error

I seem to remember getting a similar error from Retro when using rdesktop

Give Remmina a try?

k i will

you can install remmina (if you don't have it already) with this command

sudo apt-get install remmina

k

Worked , thanks Team @barren birch @deep trellis @rigid oxide

Glad that worked ❤️

hi all

i am trying to log into the site from my vm, and it says that my account has been locked out for 5 mins

i am giving my correct id and password, still not working. tried this for 2 days , on different browsers

@ashen ravine Do you mean your tryhackme account on the website? If so, have you tried resetting your password?

i did, it works now somehow, i can log into my account from my main machine, but on my vm i was getting error like timed out and csrf attempt blocked

are you proxying your vms' traffic through burp or similar? Sounds like something isn't working completely right

you're running the VPN with sudo or as root?
@supple sonnet sudo

@latent fable everything was turned off, i don't know why that happened. didn't had any extensions enabled on that site. then i restarted my browser, and it was working fine

good ol' tech support 101.

turning it off and on again

Hello!

I have little problem with openvpn connection. I get:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

all the time

Hey guys i have a problem with the vpn connection

can't connect to CA inline certificate

@worn raptor @supple comet Try regenerating your config

Tried that

tried changing server

faced same problems

@worn raptor did you downloaded again your openvpn config file?

It worked for me~

Yeah sure

Hi,
I have logged out of the virtual kali machine. Now I cannot log in through the browser.
I have deployed a new instance(2020) and is presented with a login screen "REMOTE TRYHACKME".
However none of the documented passwords or default kali passwords work.
How do I log back into the machine?

You need to terminate and redeploy

CAn I ask what you did for that to happen? did that show when it booted straight away?

I shut down the machine from inside the kali menu. Because I wanted to test if the machine had persistent storage.
The login screen was presented to me when the machine was ready.
I have just terminated and redeploy.
Again the first thing that happens is that I am presented with the login screen "REMOTE TRYHACKME"

The machine doesn't have persistent storage

You need to terminate and then re-deploy

@deep trellis that is what i just did

1. I shut down the machine from inside the kali menu.
2. ask for help
3. teminate redeploy
4. same issue

Dont do it from inside the machine:)

Can you terminate in the browser?

@eager fulcrum thank you for the clarification 🙂

That is what i did when you asked me to terminate

I have just terminated and deploy again. Still did not resolve the issue. Is hello@tryhackme.com the appropriate place to "submit" a support ticket?

Yeah email there please:)

Are you a new user?

Great thank you :)
Yes I signed up and subscribed yesterday.

Awesome:)

I will get this looked into

@deep trellis thank you I have send a mail with more details.

thank you

!multivpn

hello guys i have a problem with metasploit

i tried a hacktivity named ice

here it is my notes from this

hactivity

and my metasploit problem is this :

ArgumentError wrong number of arguments (given 4 expected 5)

@noble umbra not really a tech support question, it's asking for the distribution more specifically.

Deleted, Sorry.. Thanks @eager fulcrum

Hey all, I subscribed last night and this morning when I went in to poke around I'm not seeing that I'm subscribed any longer

@deep trellis

I even have the email that says I've subscribed.

I even have the email that says I've subscribed.
@regal axle Emailed you, I know why this occured - isn't an issue.

Thanks!

speedy!

Anything I need to do on my end to keep this from occurring? And one last thing, I thought I verified my email last night, but I'll go ahead and verify again? Or is that not necessary?

@deep trellis

It wont occur again

Just logout/login

K thanks!

Hi all, subscribed yesterday and fired up my first Kali machine today. Wanted to follow along with the introtoresearch room.

I don't get results with searchsploit with the same (copy pasted) argument as the example in the room. I do get the result when I go to the exploitdb website.

I have internet. Pinged both Google and went to a random website.

Any idea what I'm doing wrong to not get any results?

Have you tried simpler terms? Perhaps some spaces

I'm trying to replicate exactly what is done in the room as an example. I wouldn't know how to simplify it further than this.

If I for instance do 'searchsploit wordpress' I get a bunch of results.

Anyway, it's not impeding me now to continue, I can just use the ExploitDB website. Hopefully it's a glitch and the Kali in browser is as useful as I'm hoping it is.

Thanks for your answer, appreciated!

oh, interesting. I haven't done the room

or at least I don't think I have :p

could you link it?

I'm updating searchsploit now. See if that helps. Wonder if I have to do that every time I fire up a Kali machine.

@latent fable https://tryhackme.com/room/introtoresearch

yeah, sounds like it's something like that

ah, this room

yeah, something's definitely wrong with your searchsploit

Update fixed it. Now gives me same output as in the screenshot.

And a low disk space warning 🙂

Hey guys, I'm currently doing the 25daysofchristmas room but most of the machines I deploy look constantly offline even after several minutes. Do you know anything about it?

@outer anchor Day 13?

No I had problems with Day 11 and now with Day 12

!multivpn

Make sure you're VPN'd

It took me double the time to finish Day 11 due to this problem

VPN is fine, I also tried generating a new identity

Pinging the machines give me little to no response. Sometime they answer back for few seconds and then stop

multivpn applies though

Gives you connectivity issues if you're running more than 1

Gonna check that

Mmm i'm using one vpn config only and I also deleted the old interface that was saved, but nothing changed. I still get no answer back from the machine D:

One config isn't what matters

One session is what matters

So what should I exactly try?

!multivpn

Assuming you're on linux

If you're not on linux then ???

I'm on linux, eyah

yeah

Ok apparently it worked, thanks a lot @eager fulcrum !

It's a common issue

I'm still kinda noob here, so good to know

Having a jolly weird time - my connection to my deployed machine works fine for maybe about 1h50 minutes, and then subsequently won't load - every single time without fail. Meaning I can't have a room deployed for more than about 1h50 mins. Just straight up won't load. Please advise. I've tried a new config file everything etc. etc. - just happens w/o fail. The VPN connection does not drop, just can't access the specific box.

Even if you extend the VM?

yessir

!multivpn

Even if you extend twice? @polar tree

nope 🙂

yes indeed

only the one open 🙂

excuse me

in task 5 from the linux challenges room, there is a question that says to download a file with scp or ftp or filezilla

but when I do the scp garry@ipaddress:/file /home/ and put the password letmein, it says wrong password

Hi there. I’m a new subscriber and I was wondering about accessing kali from the web. Every time I access the web I have to deploy the machine and I have to watch the time count down?

yep

You can extend it right away so you'll have ~2h initially

So I have to go to the kill and connect then go back and find a nother room right ?

You don't have to kill your Kali machine when doing different rooms

Everything is new I’m trying to figure it out. Thank you

Yeah, that's fine, don't worry

So, you can do everything in your Kali machine and just change rooms without doing anything

Ok both can work.

Awesome thank you.

Just terminate room's machines after finishing them, and that's all

Got it

@narrow charm and never forget to get your discord token to get verified :3

How I do that?

I’m sorry I’m new 😩

@narrow charm https://docs.tryhackme.com/docs/discord/verify

@barren birch Thank you

Np

how can i delete an account?

email support@tryhackme.com @naive dust

once a vm expires, it's gone right? theres no way to get that environment back if you missed extending the time before expiration?

Correct -- you can redeploy it, but it'll be reset

Can I copy and past a flag from web machine?

Please say yes the flag is too long 😩

...yes?

How?

Select it

I mean, your clipboard is shared between the browser VM and your PC

I can’t copy the flag and past to the answer. Keep showing the flag next command line

I don't understand

Hi, I'm trying to use a Python script found in exploit-db, but I cant see the results...

the script is for SQLi

anyone knows what is going on?

I can’t copy the flag and past to the answer. Keep showing the flag next command line
@narrow charm maybe control+shit+c ?

@kind schooner ...daily bugle?

im sorry, what?

i dunno what this is

oh

db

🤦🏼‍♂️

@kind schooner What room?

Daily bugle is a room, and I remember a similar sqli?

oh, i see

@outer anchor worked 🙏🏻 thank

its not on try hack me, but in Hacker101

but i had problems with this script before

@outer anchor worked 🙏🏻 thank
@narrow charm you're welcome dude 😄

on tryhackme

probably on simple ctf

yeah

simple ctf

https://blog.tryhackme.com/simple-ctf-writeup/

if you go down on the page

you will se this image

i dont understand why my results is not showing...

I feel like I lost @eager fulcrum's attention after I mentioned that my error wasn't on tryhackme lol

My openvpn worked for days then just stops its either connection failed or refused. Any suggestions

Show us the actual error message

and always check

!multivpn

Hi everyone! Maybe someone can help me with the Task 18 of the Advent of Cyber (retro web). I follow the instructions I've found, but for some reason I cannot trigger the exploit in the Windows machine, I've opened both browsers (Chrome and IE as instructed) then I do Run as Administrator on the file, click on the website of the Verisign but nothing happens. No website is loaded in IE nor in Chrome. I've even set up IE as default browser for the system but still, no matter how many times I repeat the process... no website is loaded in IE. Anyone can point me to what am I doing wrong?

I've read the archived channel, the medium article and search Discord for both Task 18 and Advent of Cyber and I could not find any tip to solve it, just to repeat it until it is triggered, and I've repeated it like 100 times using even different VMs

Wrong chat

oups, sorry

is it community-help the right onw?

Yes

hi guys, do any of you have challenges connecting to the boxes using your PC ?

any help. my machine can not connect .

@slim ravine May sound daft but have you connected to the Openvpn service?

He is connected

Yep just noticed, didn't see the image properley

puts head in hands.

yes i did @naive dust .

Even i have the same connecting issues

and have tried connecting to a other machines, but seems to get the same results

It randomly gets reconnected after a while

And also the box is super slow to access

how can i deploy a machine, i have openvpn connected but i have no clue how to access the machine

click the "deploy" button :p

It'll be under one of the tasks

:^

hi guys, do any of you have challenges connecting to the boxes using your PC ?
@slim ravine I found that switching my vpn worked

@wide dock what could it be, an idea ?

Ok my PuTTY says Network error: Connection refused. My openvpn a ays Its working and connected, but i can't pull up http://MACHINE_IP
I'm running on Windows 10

@rich loom you need to deploy

I have tried numerous times to upload a Kali VM(.ova) but I keep get this error message every time. I can't figure out what am I doing wrong, any suggestions?

MACHINE_IP is something for room creators, it'll autofill that once the VM is deployed @rich loom

@stark needle you didn't read the supported OS list, did you?

It's not a limitation from tryhackme, it's a limitation from aws

But here it says that .ova is supported and also Debian

@stark needle Read harder

:))

It doesn't support any recent debians

And won't support kali

ahhh

Debian 8 is the limit iirc

Also, why the heck are you uploading Kali anyway?

Why not?

Because there's already a kali VM.

@eager fulcrum

Ok..

@rich loom Ok, so you're doing a web ctf

And trying to SSH into it.

With creds from a different box

I'd like you to spot the problems there.

@stark needle yeah, it would kinda defeat the purpose of the subscriber Kali if you could upload your own.

There is actually a way around it, but I'm not saying what it is

@barren birch bulli skidy

You'd need to give skidy the AMI image

Oof -- nah 😂

So you'd need approval

There is a way of doing it without

And to some how get Aws cli working with an OS it doesn't support

Want me to DM you with it?

I want debian 10 CTF so bad yes

@eager fulcrum WOW I had no idea that would be a issue. Thank you

You have to connect using the correct type of client

That room is quite clear

And doesn't mention SSH at all.

When my VPN gets disconnected and I reconnect, do I automatically loose connectivity to the boxes I have started?

Connectivity yes, progress no

If the VM expires, then you lose progress

But if Ilose connectivity to the box... then I'll need to reset it anyway to continue, no?

No?

Why would you?

Ok guys I finally found the Kali machine, thank you for the support and sorry for being a noob :))

I guess my question wasn't clear lol. What I was asking is if I end up having to reconnect to the VPN, should I again have access to the VMs I deployed? Or am I dropped into a different VLAN?

Same LAN

Unless the VM expired, you can still access it

👍

Can I deploy a machine I have terminated again

@rugged sequoia You may need to reload the page to enable the button but yes you can

I tried but it didn't work

Didn't work how?

i solved the problem

thank u so much ^^

Not sure that this is the right channel to ask in. But I am looking to buy multiple licenses for my Computer Science Club(college level) . My question is: is there special group pricing or can I use one account and display that at the front of the classroom?

@deep trellis education@thm for this?

Yes please:)

@weak falcon please email education@tryhackme.com to discuss this, the admins will be happy to sort something with you

sounds good thank you! out of curiosity do you know what the average response time of that email is?

Skidy's around rn so shouldn't be too bad @weak falcon

beautiful, thank you for your help

Skidy and Ashu, the ones who run the business, are on UK time

Hi, I just had a quick question I am trying to use social engineering toolkit on kali Linux and when I make the credential harvester link it only works on my home internet, port 80 is open on my router but it still wont connect to anything that's not connected to my internet. Any help with getting it to work everywhere would be appreciated.

research CGNAT

@void gull This is for questions related to THM

oh my bad

any help, my openvpn works fine, but can not get response from the machine, since morning.

connecting from my pc

Unreachable, sounds like you might want to restart your openvpn connection

kk, @eager fulcrum . just did that, and have the same results.

i connected to the site how do i open kali?

??

@hushed spoke https://tryhackme.com/room/kali

i havent subscribed

do i need that?

Then you need to make your own kali VM if you want a kali VM

how do i do tha?

Kali is a full operating system, based on linux

Google will help you here

how to make kali virtual machine

Virtualbox is free virtualisation software

yu

ty

Hi, any reasons that my results do not show?

You asked the other day

yep

lol

Are you sure the exploit will affect that target?

You sure it's vulnerable?

yes, it happened to me when I was doing the simple CTF room

I saw on the writeups

and its the same thing as I did

but my results are simply not showing up

https://blog.tryhackme.com/simple-ctf-writeup/

I looked at this one

@kind schooner where did you get the exploit?

i remember someone was having the same issue a month ago

@leaden token exploit-db

https://www.exploit-db.com/exploits/9699

this one

the exploit is supposed to be written in python

https://www.exploit-db.com/exploits/46635
I believe this is the right one

and you have to use python for it ^

hm, ok , im gonna try this one

yup, if you look at the blog, you can see it's the right one

same results....

@leaden token

Hey, quick question about getting set up - I have a Kali VM of my own already, is it possible to use that for the tryhackme rooms? I'm a little confused by it all, I have no VPN experience

Yes you just need to connect to the VPN

preferably from the VM

!vpn

The VPN essentially puts you on TryHackMe's LAN

https://docs.tryhackme.com/docs/openvpn/why-openvpn

I need to find the time to make a new PR with the updated process of the whole regular/vip server

But I just need to find time at this point

should i just download the newest kali linux on their website to insert in virtualbox?

@hushed spoke that's what I've done yeah

Is it normal to loose connectivity to the deployed boxes after some time of being idle (even if they are being kept alive with the "Add 1 hour" button)?

No

This has happened to me a couple of times now. Right now it's specifically with hackpark. I went to another room for a while (kept the hackpark box alive in the background). When I returned, scanning a port that I know is open is returning filtered. Last time this happened, terminating and re-deploying the box fixed it, but now it happened again.

I'm able to reach the box in the other room, so I know my connection is good (VPN).

could it possibly be a virtualbox thing, if you're using that?

Not a problem I've run into before (in other scenarios), and have used this setup for a while.

I didn't have it on vbox

yo I was going to do the OWASP Juice Shop challenge but the juice shop website doesn't actually load. I'm connected and burp intercept is off

i waited about 20 mins then though the vm hanged so terminated and restarted but it still doesnt laod

nvm loaded now

@vapid dawn carrying over from #site-bugs. deployed a kali machine. kali machine can't see the deployed victim machine(s)

@final merlin Are you sure? Have you got a target machine up now?

yes, and yes

What's the IP of the target?

kali VM is 54.154.106.0/24 subnet (I assume 24), and the victim machine is 10.10.174.168

Whatever box that is, it's blocking ICMP

Inside the Kali VM, try nmap -Pn 10.10.174.168

success. I didn't even think about ICMP blocking. this has occured on a couple rooms I've recently attempted. derp.

Which box is this?

Fowsniff CTF, the previous was the Rick and Morty themed one

Hmm, those should both respond

Odd

¯_(ツ)_/¯

Well, hey, so long as it's working now 🤷‍♂️

I'll have a look and see if I can figure out why Linux boxes that didn't have a firewall are now blocking stuff

appreciate the support

Hello guys

Im newbie, my english isnt fluid at all

I'm trying to connect to openvpn but I got this

Then, restar pause, 5 seconds

Hi

How can i get some help with a room?

#room-help @exotic vortex

No need to ask for help either -- just ask the question 🙂

no one seems to know (its a subscription only room)

Anyone use hashcat on cmd? I can't run it on my Kali VM, but it's so clunky on cmd...

@peak seal Powershell

What improvements does that offer?

@peak seal Linux commands aliased by default, a nicer ui, generally better shell

Oh, it aliases linux commands? Nice

Yea so ls will run dir etc

wget/curl are a lil weird

Darn. I was hoping I could run a "md5sum" command, but doesn't recognize it

I know I can use certutil -hashfile, but I can't figure out how to get rid of the extra verbiage from the output.

@peak seal If you install git bash, you'll get md5sum

Ah but only in git bash unless you set your path up

So, the silly kicker

I have Windows Subsystem for Linux set up, with Ubuntu. But I can't figure out how to install my hashcat into it. I ran the apt command, but it only installs hashcat 4.0 (current is 5.1)

Yeah I'd avoid hashcat on WSL

Probably won't have access to the hardware, similar to a VM

Just run from windows, easy

Heyy

Yeah, I'm figuring it out

So I'm at task 12 day 7 in advent of cyber

And when I scanned the open tcp ports under 1000

I just loved that I could pipe hashes into a text straight from the terminal, and it was nice and clean, without any extra verbiage

There are 11 ports open

But the answer is a one digit number

Any idea why?

The question might be better asked in community-help. I'd help, but I'm still on level 3 >.> Which is why I'm talking about hashcat, heh

Welppppp

GoodLuck man

@peak seal what about Linux sub systems on windows

you can install kali though the windows app store

WSL and hashcat?

Huh. That's interesting. I already have it running on VirtualBox, though

And checking the WSL FAQ, they confirmed that GPU virtualization still is not a feature

You know you can use the windows binaries for it right?

worth a shot

Sorry, what do you mean?

@peak seal if you install git bash you can git clone hash cat from github and use it that way

I might try that, but I'm starting to get used to it in Powershell...maybe I can figure out some of the work arounds for the clunkiness. I just want to try to avoid installing different distributions and platforms for every piece of script that I wanna run

@vocal wasp No, Hashcat distributes windows binaries

As a download

git bash just allows you to use git clone on windows

Hashcat and John also bug out if you run them in gitbash as a BTW

@vocal wasp You can download without cloning

On the hashcat website

Yes, I got the binaries from the website, which is how I'm running it on Powershell

Not the repo

@peak seal So, what's the problem?

@eager fulcrum I know but you can ssh with gitbash to so i keep it installed

You can SSH with powershell now @vocal wasp

oh ok

neet

Neet

IDK if they integrated it yet but https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/

There's no huge problem, like I said, I'm figuring it out. My biggest thing was how I wanted to use Linux's MD5sum feature, which hashes more efficiently than certutil, but not like I can't hash in Kali, and then copy/paste the results to Powershell

oh you can't really see that

oh well

I like the wolf ASCII

Cyberchef is nice for playing with hashing and encoding

@peak seal the ascii is on my github if you want to use it for ssh MOTD

@eager fulcrum cyberchef is a good option but it doesn't cover everything

@vocal wasp 99%

I even found out how to do linewise functions

I'll have to look into those! I'm a new student in cybersecurity, but I'm pretty much brand new to anything linux, powershell, hacking...I've pretty much just used computers for gaming my whole life

@eager fulcrum just another tool to have in the toolbox

It's interesting dealing with the frustrations of why things don't work properly, offset by the satisfaction of figuring it out, or a decent workaround

well ubuntu machine switch my default layout to us

anyway to change to it_ I have tryed with user3@polobox:~$ setxkbmap -keymap it
Cannot open display "default display"

Is there any way to actually 100 % complete the rooms with the last question "task for not using metasploit"?

@tall cloud Yes -- wait for optional to update ‘em. They will be updated soon 🙂

@gritty umbra #room-help

sorry, ill copy it!

just subscribed is it preferable to connect through ovpn

@flint pond you still need ovpn unless you use the subscriber kali

it is. The kali VM on the website is great if you don't have access to your normal setup or haven't gotten your own setup yet

Where can I see my available wordlists in hashcat?

Not really #site-support but are you on Kali?

hashcat can use any list - it doesn't have builtin lists

Hm, sorry, not sure which one is better for this kind of question. I do have Kali, but it's on VM, so I use Powershell to run it instaed

Bread is right -- it uses any list that's on your computer. Kali has some built in at /usr/share/wordlists

powershell has hashcat? The more you know

Just grab 'em from there

Nah, I downloaded the binary and run it

@latent fable there is an exe for hashcat

^

well yes, I know that now

Thanks for the tips! Now to see if I can find that VM wordlist

here's a cute trick i did when I couldn't choose which one to use... use them all!

Oh gosh

though of course this is a problem if the algorithm is heavy

I'm still figuring out how hashcat works. I tried to have it work on just one word, and it took forever. I understand that part of the reason is that it gets throttled by the algorithm, but still not sure waht to do with it

some hash+algorithm combos just can't be realistically broken

you'd get it eventually, but when? In 1000 years?

Hm

I'm not even sure I can use my Kali's wordlist...don't think I can navigate to a VM's file system

Probably easier to boot the VM and copy them out

Or SCP if you don't have shared folder or clipboards

Yeah, just had the same thought

(win)scp to the rescue

Oo, a new tool..

(win)scp to the rescue
@latent fable or drag and drop 😁

Rockyou.txt is available online though

that's why I like winscp

^^

Naive-hashcat

Top result for rockyou.txt

If you only need rockyou then it's easiest to download it, yeah

Yeah, but I have a whole wordlist directory for me to use already. Plus, I get to play with this new tool

Always good to learn new tools

Just read the rules understood thanks

c:

Hm. What's the functional difference between scp and putty?

Putty is a client for a bunch of protocols like ssh, telnet, serial

Scp is a program to do file copies

Securely

Interesting. It just sets up an SSH to do so?

scp runs over ssh, yes

Hm. This looks like it will be tricky

what does?

Oh, just learning new things. I didn't actually think about how my VM isn't "on" my network, so I have to set that up now

This is all very interesting and strange to me that I'm bouncing around between Powershell, WSL Ubuntu, and Kali Linux VM

WSL is awesome, but for many network things it sadly doesn't live up to spec

Yeah, I mostly use it when I need to do something I can't do on Kali, but I find the Powershell too finicky, like piping words to a md5sum

Is there an advantage to keeping your VM on a NAT, instead of using the bridged network setting?

probably not, no

Probably defaults to NAT so you don't expose your VM to your network without consent, eh?

what are you running your vm in?

VirtualBox

I don't really know much about virtualbox.

most here recommend vmware. I'm running hyperv atm, but will make the shift at some point

Is it only me or does the Paths page take ages to load?

it does

I brought it up before but it works for now

With VirtualBox, NAT means VirtualBox itself is acting as the default gateway for the VM through your computer, in the same way your home router is acting as your PC's default gateway. Bridged just means your VM uses your home network's router/DHCP etc

Mm, that makes sense, thanks

Right. Wasn't sure if it was actually NATing, or just saying that it was

Yeah VMware does have more features and better support in general, especially with the paid version

And yeah, I see a lot of support for VMware now. The people I was first talking to, my brother and his engineer friends, all said they liked VBox

but what year was that?

VBox used to be popular

Yeah, it's NATted behind your computer

I mean, the advice was new, but could be that they just like what they're used to

creatures of habit :p

I figure when I get more comfortable with how Linux and stuff work, I might experiment with new VMs and distributions, but I don't think that's the best use of my time currently

Sounds like a good plan.

For instance! Figuring out why I can't set up this port forward for ssh

Vbox is still very popular and is perfectly fine for a lot of situations, plus it's free in every sense... There's also the issue that Oracle bought Sun so nobody knows if it might just disappear one day cos Oracle has disdain for Free/Open Source even though they benefit greatly from it

That would be unfortunate

@peak seal There's loads of good Linux resources online. The Linux Foundation's free intro course on edx is great, Kali has a free book/course on https://kali.training and I can point you to tonnes of other good resources

If I'm setting up port forwarding on my VM to SSH, is the guest IP my desktop's IP?

@rotund spruce Yes, thanks! I've actually gone through the Mastering Kali a bit, but it kind of expects you to know a lot of basics. I'm at that burgeoning stage right now where I'll say "Ok, I'm going to learn X today" and while I'm in the process of doing so, I find 20 other things I don't know about and have to explore. So I'm kind of all over the place

Like what I'm doing right now, perfect example. I woke up and logged in saying "OK, I'm going to finish level 3 on the 25 Advent hactivity"..and now I'm here researching how to SSH to a VM, so that I can take the wordlist directory from Kali, so I can practice hashcat on my Powershell

@peak seal That's perfectly fine. When you're learning something new, it can be easy to get distracted. Try scheduling say 2 hours that you're going to focus on a task and make sure that anything you're doing is related to that so you don't end up down a rabbit hole.

Just know it takes a while to learn and get comfortable with all this stuff

Yes, I've come to terms with that. I had a pretty frustrating day yesterday, trying to figure out the best way for me to use hashcat, since the apt-get feature on my WSL only installs version 4.0, but just got to cool off and try again later

anyone from india

some is, yes

Anyone else experiencing All TAP Windows adapters on this system are currently in use issue with OpenVPN?

@covert crow if you're struggling with billing, there's paypal for 3mo or more

TryHackMe uses stripe, so not accepting a card is on Stripe's end, not ours

On alfred, there's a step 4 which is "coming soon..." but it won't let me fully complete the room as it's asking for an answer I can't get - killing my OCD 🙂 - anything I can do?

@quick belfry Wait for the room to be updated, they're adding metasploit free exploitation. You can leave the room if you want, it won't delete your progress

I guess I can come back to it once it's done - I just finished the other steps just now 🙂

Ha! After all that, I finally got to SSH into my VM, and navigated to the folder with SCP...and Rockyou is the only wordlist that comes with Kali

Password list, yes

but there's a lot more reasons to use wordlists

@peak seal actually the entire SecLists repo comes with Kali

Now, I would strongly suggest not using hashcat on kali, especially in a VM, which is a suggestion I appear to have to make a fair amount these days

but if you must, Find where the SecLists repo is placed, it includes plenty of wordlists you can use with hashcat

That's not the direction that's happening here

They're running hashcat on windows and just obtaining wordlists

Oh ok

Then yeah, the SecLists repo is included and has many wordlists. It should be plenty to get started.

https://tools.kali.org/password-attacks/seclists

@small wraith Oh, awesome, thanks

yup

if you have hashcat troubles, just @ me

definitely one of the more active CTF discords for people using hashcat

pretty neat to see

@rigid oxide ^ Do we need a Hashcat Ambassador role? :p

But yes, the whole reason I was looking for the wordlists on Kali VM is because I was trying to take the wordlists from them and move them over to my host computer, so I can PowerShell it

oh ok

you dont need powershell for hashcat fyi

in fact, i've not even tried running it from ps

though i know there are a few people who use ps for scripting attacks and things

it should do the same to executables as cmd does

I tried just running the .exe, but it just opens and closes really fast

As in, double clicking it?..

https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#why_does_a_window_pop_up_and_close_immediately

Yes

hehe, yes. that doesn't work :)

Yeah, it's a CLI application -- it's expecting arguments, and writing errors to a console that doesn't exist

Right, that's what I read, and why I use it in PS

Or, does exist, but doesn't persist

yeah, cmd would work fine, but ps should also work

the point is, you can use cmd -- doesn't have to be PS

Oh, sure, but if I have PS, why bother with CMD?

ps takes a moment to boot x)

yeah, pretty much that

Not for me

On win7 it did

10 it's instant

10 they may as well have replaced cmd with ps

in fact, the forcibly did in the shift right click menu

in win7, you can shift right click in a folder, and open a cmd window there

in win10, you can do the same but its powershell

for a bit you could put the cmd option back via a registry hack, but it seems to did away with that at some point so now only powershell is the option for shift rightclick

HA~!

I JUST finished editing my register to include a Powershell launch on right cilck

lol

I didn't know you could shift click

very few people know about it for some reason

its been around for a long time

Also funny because I was like "I could have sworn I did this before"

Oh, right, seclists

lol

So I would still have to path to the specific txt file? Or can I just path to the seclists folder?

for what

When I'm using hashcat, for example

BAH! Damnit, Avast, leave me alone

in hashcat you can do /path/*

and it will recurse through the folder and sub folders

Ahhh, that's a good point

so if you put the seclists folder in the hashcat folder

./seclists/*

will have hashcat try all the files in all the folders under /seclists/ as dictionaries

Hm. Not sure what I did, but I can't seem to open my windows explorer

Hi, after deploying a machine to some room what password should I use?

for ssh

and user

ARGH! Damnit Avast, leave me to my nefarious ways

@small wraith I seem to have run into an issue when trying to unzip the Seclists. Can I message you with the error, see if you've seen it before? Hint, it's an issue creating the file name traversal list

sure, or paste it here

others may have this issue

well thats... odd

I found this, which seems to suggest that it's an error because the zip is designed to be sipped into other platforms? https://github.com/fireeye/commando-vm/issues/38

ohhhhh

those are literal zip payloads

Yes. As far as I know, I can't do a -apt-get in PS, so I have to grab the zip from github

yeah

um

try 7zip to extract?

Sure

its typically a little more robust

Hm. Same error, but this time it didn't leave a fragment behind

Hopefully it's nothing

ok

having zip payloads in a repo that can be downloaded as a zip seems... poorly planned

Is there a better way that I could do it?

not really

which is why it seems poorly planned on their part

Indeed. Oh well!

I've been at this for over 24 hours and still no luck. please help

bioninja4@cyberdojo:~$ sudo openvpn '/home/bioninja4/Downloads/bioninja4.ovpn'
Thu Apr 9 15:16:28 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Thu Apr 9 15:16:28 2020 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08
Thu Apr 9 15:16:28 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Apr 9 15:16:28 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Apr 9 15:16:28 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]18.202.129.195:1194
Thu Apr 9 15:16:28 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Apr 9 15:16:28 2020 UDP link local: (not bound)
Thu Apr 9 15:16:28 2020 UDP link remote: [AF_INET]18.202.129.195:1194
Thu Apr 9 15:16:28 2020 TLS: Initial packet from [AF_INET]18.202.129.195:1194, sid=5bbd4c11 8dbf0adc
Thu Apr 9 15:16:28 2020 VERIFY OK: depth=1, CN=ChangeMe
Thu Apr 9 15:16:28 2020 VERIFY KU OK
Thu Apr 9 15:16:28 2020 Validating certificate extended key usage
Thu Apr 9 15:16:28 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Apr 9 15:16:28 2020 VERIFY EKU OK
Thu Apr 9 15:16:28 2020 VERIFY OK: depth=0, CN=server
Thu Apr 9 15:17:28 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 9 15:17:28 2020 TLS Error: TLS handshake failed
Thu Apr 9 15:17:28 2020 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr 9 15:17:28 2020 Restart pause, 5 second(s)

There are two fixes for that

Regen your config, and check your time sync

@eager fulcrum thank u

anyone have issues connecting to corp through rdesktop on kali?

hey guys , if i would like to change my username , who should i talk to , i made i mistake

Username changes coming soon

Not supported yet

@eager fulcrum so I did both and finally got access

@rich loom

I think we pointed you at that before

But glad to ehar it's working

thats odd I can connect to a pc using smb in my windows file explorer but not within kali linux using psexec or any other. @eager fulcrum

That'll be a networking issue

Can you ping the remote host?

or a firewall?

lemme check

Firewall issue = networking

yeah I can ping it

it says status access denied

is it still the firewall? @eager fulcrum

This is for support with TryHackMe rooms

Well, tech support for TryHackMe

oh

nvm then

At least unless someone else can solve it

If it's something we can fix real quick, then we might help

guess that means you won't fix me :c

noobish question incoming: how to find out, what for a file extension is allowed on a http-upload form? 🙂 can i get a hint?

The room is a walkthrough @naive dust

It describes how

ohh.. ohhh my gosh 🙂 and i googled my fingers bloody

thx

Whenever I try to deploy a machine such as the "Learn Linnux" or the "Vulniversity" rooms, the room starts but does not actually respond to pings nor can i ssh into it etc. any idea why?

VPN

You need to be connected

I am

Vulnversity isn't meant to be SSH'd into

Yeah but i cant even ping into that one

But your VPN isn't working if you can't ping zth

ping that one*

hm

Ill try and redo the whole vpn process

also

!multivpn

im on windows

take a look in https://tryhackme.com/access

Don't use access

Not reliable

my vpn says its connected tho

under the access pannel everything is green

it says "connected"

you started it with sudo?

ohh

windows

Im on windows but i ran as admin...

dont know sorry im also a new guy 😉

ok xD

I invited a friend to the site but he didn't click my referral, could he still be added as someone I referred?

there's a referral system?

There is not. At least not one that I'm aware of

@untold ibex referrals?

Someone got me a referal link, let me try to find it

https://tryhackme.com/referrals/Odeseos

This?

Could an admin please verify this?

Yeah, pretty sure the referral system isn't in use...

oh, you're a mod, didn't see that James

It works

@deep trellis is this... actually a thing?

But it's not actually used for anything

lol there are referrals?

Yeah, but they don't actually do anything

does a counter go up?

not even the point system behind it?

That's a feature that's not had anything done with it yet. It's not been officially released afaik, but it's up and running

Just not used for anything 🤷‍♂️

hmm

so like 95% of the features I develop :p

It would be an incentive to get people to invite their friends etc

get them to subscribe etc

Pretty sure that was the idea @untold ibex

It's just not been capitalised on yet

just don't make that incentive too prominent. I always found that extremely offputting

It's kinda in limbo -- it's been released, but it's not in use

but would it be possible, for my friend to be added as my referral incase the system does go live in the future?

I have his profile in my clipboard

Not a clue there -- that's Admin level stuff. When Skidy turns off his Do not Disturb, ping him with it 🙂

Our powers end at the community I'm afraid: the actual techie side of things is all down to Skidy and Ashu

No problem!
Thanks for the help anyway!

I've pinged skidy

Anytime 😄

He'll probably get back to it in a while

Ooh, yeah, thanks James. There's already a ping in the conversation, so Skidy will hopefully get back to you when he sees it 😄

I'll keep an eye out, keep being awesome!

It was developed a while ago, I was going to have tokens redeem prizes or even swag, not sure how I can make use of it atm. But it's not "officially" active. :)

inb4 don't invite your friends until the feature goes live :p

well sheet, I just did...

I'd love a tshirt XD

I was joking ;)

I wasn't 😉

tsk :D

Hi all, quick question, when connected to OVP after 60 sec i cant access any website, its setting DNS in a waiy that wont allow me get outside the LAN, any ideas?

Are you on windows or linux?

@novel flame THM's vpn config doesn't set your dns

• it uses its own adapter so it doesn't interfere with your network settings

hi how do I get the student discount when buying pro thanks

@undone valley If you have a recognised student email address (and are signed up with it) then it should be applied automatically.

If you're using your student address on the account and it's not applied automatically

Send an email to support@tryhackme.com

They'll do it manually 🙂

ok thanks

👍

Do forgotten password email usually take more than 15 minutes?

Check your junk mail

Isit possible to change username and email or should I just create new acct?

I did not use my student email when i signed up for free svc, and my uname is a bit non desrcript

Email, yes

Username, not yet

Although that's coming soon

Gracias

Do u accept coin for subs?

Coin?

btc eth?

Nope

Ah, no, we do not.
There's a secure card payment, or paypal.
That was talked about, however, is unlikely to implemented anytime soon

For a variety of reasons

Ok, ty for being responsive

I might've accidentally fat-fingered the new email address. Still have not recieved anything in spam or regular inbox. Does entering a address try to verify from the old/new email?

@wise hatch What exactly are you trying to do here?

im having issues connecting to corp via rdp

can anyone assist?

What's the problem?

theres a complaint about trusting the ssl certificate and then a connection failure

Are you using rdesktop by any mischance?

i am

Changing email address, but never recieved confirmation. Have since logged out for whatever reason, and now when trying to utilize the forgotten password service, to which I have not received an email via gmail.

i saw that people were having issues with it

@waxen patio Give Remmina a shot

so ive tried xfreerdp instead

i will take a look at Remmina

@wise hatch Hmm. Try it again. Failing that, email support@tryhackme.com -- they'll be able to sort it out, I would imagine 🙂

(bear in mind that they'll be asleep rn though 😄 )

@barren birch btw is the machine that corp displayed only accessible via the thm vpn?

Yes

No worries, thank you.

Np 🙂

@barren birch ty, remmina seemed to work!

Perfect 🙂

although its behaving rather oddly

Username changes coming soon
@eager fulcrum when is soon?

Hey people is the VPN being whacky for anyone else? I can establish the session and I get the two routes 10.8.0.0/16 and 10.10.0.0/16 but no connectivity to the machines I am deploying (Alfred fwiw)

Edit: Never mind just doesn't respond to ping... Love Windows. Not.

I can't seem to setup or connect to OpenVPN. Using Kali Linux on a VirtualBox machine. After inputting the command as per instructed on the website, all it gives me is this result:

[1] 2951

remove & at the end and run it with sudo

Like this?

sudo apt install openvpn && sudo openvpn /path-to-file/file-name.ovpn

Obviously changing the required parts

it's the first time?

Yes

ok, do it

That worked perfectly

Thanks

What does the & at the end represent then? @dusky agate

it run the process in background

Ah ok

in the future if you didn't want to check update for openvpn you can use only sudo openvpn /path-to-file/file-name.ovpn

Thanks

Hmm. I cant seem to access the first machine for the Christmas task

TryHackMe says I'm connected to OpenVPN, green ticks etc

!multivpn

I deploy the Christmas machine, and it tells me to access it via http://my-machine-ip:3000

did you deploy the room?

Yes, It has the 1h timer counting down

cool

do sudo if config on your own box now

check if you have multiple tun interfaces

Sorry, whats the command?

I'm bare bottom n00b status

sudo if config

?

@stone roost

yes

sudo ifconfig in your terminal

Says command not found, but I reloaded the christmas page and now its loading

That was weird

ifconfig

not if config

or

ip addr

my bad lol

doing too many things at once

Thanks for the help guys.

I'll try continue the task now

erm, did you get in?

Yeah, learning how to decode the cookie now

hello

I'm experiencing some issues getting the vpn connection.

I followed the steps from the "how to connect" section. Tried to refresh it all, updated the app, it just hangs there attempting to connect for a long time.

Any ideas?

Are you connecting from inside your VM or in your main OS? Make sure you only have one connection. Refresh and download the new file.

Follow the steps in this room :
https://tryhackme.com/room/openvpn

Are you connecting from inside your VM or in your main OS? Make sure you only have one connection. Refresh and download the new file.

Follow the steps in this room :
https://tryhackme.com/room/openvpn
@rotund spruce Thank you. did that a few minutes ago and it literally just connected (took it a couple of minutes). I'm using the main OS (W10).

Ty though

@unreal pine I generally connect from inside my Kali VM but good to see you're in

Im doing RP:Metasploit, and i just deployed the machine and it asks me to type 'db_nmap -sV BOX-IP' but metaploit is not able to find any targets

Did you open the vpn

Connection

@long radish Did you actually put in the ip?

Hey there, I have deployed a machine in the "Learn Linux" room, but it is not working nor in the browser neither via openvpn

@loud cairn What's the IP?

10.10.30.107

Working fine for me. Are you connected to the VPN?

@loud cairn Wait, how are you trying to connect?

yes, assigned ip: 10.11.0.80

Try !multivpn

from the browser tab

!multivpn

You won't be able to open the IP in your browser

Lazy bot

Yeah, don't rely on the browser tab to tell you that you're connected

It's not reliable

No

I think they're just opening the IP

Not SSHing

Also, you'll need to connect with SSH

I dont have credentials for that

Yes you do...
They're in the room

Keep reading

got it

grazie

hi

@mortal cairn Can you please change your username? It's not appropriate

Yo, is there a way to have dual monitors on kali, or does it not support that? On windows its works fine, just not in live boot which i believe is the problem. Thanks!

hello friends, I am having issues connecting to VPN via WSL on Win10. it works fine from my main Win10 but getting this error on WSL:
ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

should I redownload the config file or is this a known issue?

maybe I can just $ touch /dev/net/tun and retry sudo openvpn <configfile.ovpn> ? any thoughts?

WSL can't do it

It doesn't have access to the right networking stuff as it's not a proper linux install

Hi, do you recommend to re generate the vpn Config sometimes ? I was having a lot of disconnection lately

!multivpn

That's what'll be disconnecting you

ahh, bummer. - thank you @eager fulcrum for saving me some time.

Make a kali VM @sudden quiver

Will be 10x better

I meant, because I got lot of disconnection, should I regenerate a VPN config and thy again

?

@olive pelican No

Okay

Just make sure you're not running multiple connections and then you'll stay connected

Okay

@eager fulcrum everytime I have gone about it, I've had problems. I've tried USB persistent boot, and both virtual box and vmware. which do u suggest? currently limited to my laptop until parts to my build arrive.

Virtualbox works fine here

I've used virtualbox and VMware for kali on my laptop and my desktop

alright, I will try again. and from what I've read recently in the past, I still want to connect my vpn on my main OS, rather than the VM, is that correct?

is anyone else not ablt to SSH into machines rn?

@sudden quiver No, 100% connect from the VM

Otherwise you'll get issues catching reverse shells and a bunch more

ahh, I see. I misunderstood then. Thank you.

@pale palm Which machines?
Not all of them have SSH open...

the common linux privesc room

Ah, that one should have it open

I'm gonna restart my machine, maybe that'll fix

Check your VPN

If it's had a few minutes to boot up, try checking your VPN connection

my VPN is good

!multivpn

I'll restart

is it good tho?

Restarting will also work

@eager fulcrum, "bridged adapter" network mode for the kali VM on VB?

NAT works

Genuinely doesn't matter for TryHackMe

Hello having problems connecting to open vpn. As its trying to connect, the status says tlc handshake failed. im on windows

nvm got it

I regened and redownloaded my config file and now am getting

Fri Apr 10 23:32:49 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Fri Apr 10 23:32:49 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Fri Apr 10 23:32:49 2020 OpenSSL: error:0909006C:PEM routines:get_name:no start line
Fri Apr 10 23:32:49 2020 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Fri Apr 10 23:32:49 2020 Cannot load inline certificate file
Fri Apr 10 23:32:49 2020 Exiting due to fatal error

anyone know why?

so uh

every time

i try to use termina

terminal

and i connect to ssh server

i just cant type

@eager fulcrum what do you mean actually put the ip in, sorry i am very new

Uhhh I don't remember the context now

You're gonna have to remind me

sorry

its the metaploit room

the first question asks you to deploy a machine and type in 'db_nmap -sV BOX-IP'

Yep, replace BOX-IP with the IP of the machine you deployed

OHHHHHH

And make sure you're connected to the VPN

OH MY GOD

thank u

u are an actual god

That used to be my site rank

Now it's level 998

i aspire to be you one day ❤️

Content creation is good fun

Hey there, y'all! I think I'm doing something terribly wrong and would love some assistance. I'm trying to get Hashcat running on my Linux terminal (working on a Windows 10 system), but when I run it I am getting the error "clGetPlatformIDs(): CL_PLATFORM_NOT_FOUND_KHR". Would anyone be able to assist me, please?

Not sure which channel to post; but. Is it just me or is THM really slow the last couple of days? To the point that all requests take a really long time or timeout

@peak monolith WSL?

@molten bolt It's being worked on

Ahh oke

Good that it's not just me

Understandably also, when I just got on there where only a few hundred users or so online at the time

Skidy and ashu are doing a big rewrite, site is growing massively atm

Yea

@eager fulcrum Actually a bona fide Windows 10 computer, but I got an Ubuntu terminal from the Windows store and have had good success in other, non-hacky tech areas so far

Yeah that's WSL

Oh, my bad

WSL isn't a full linux system, it doesn't get access to GPUs or a bunch of network stuff

Makes it a bit bad for hacking

You can run hashcat on Windows natively. Powershell.

Ahh, got'cha. Yeah, I might have to switch away from that, then

Make a kali VM, crack hashes outside of the VM on Windows

WSL is bae otherwise

@latent fable I've loved my WSL so far!
@eager fulcrum Off to make a Kali VM it is. Thanks ~

Wsl is useful quite often, until you need a proper kernel

The ovpn is too finicky for me. Stuck at UPD link remote this time. Other times it gets connected, but i dont get access to any box

We're doing VPN maintenance :))

will be done in 1.5 hrs :))

Ohhh cool

I am still facing issue after maintenance

@thorn badger you're going to need to give a little more detail

Sat Apr 11 14:22:05 2020 UDP link local: (not bound)
Sat Apr 11 14:22:05 2020 UDP link remote: [AF_INET]18.202.129.195:1194
Sat Apr 11 14:22:05 2020 TLS: Initial packet from [AF_INET]18.202.129.195:1194, sid=a6ff1513 d9db2308
^CSat Apr 11 14:22:20 2020 event_wait : Interrupted system call (code=4)
Sat Apr 11 14:22:20 2020 SIGINT[hard,] received, process exiting

You pressed control C

You killed it

Don't expect it not to die when you kill it

i killed because it was not working. Now, It's showing Apr 11 14:27:12 2020 Initialization Sequence Completed
still no response

Hmm try leave it running

It should connect as usual

can't ping machines

ah

Some machines don't respond to pings.

i am also facing the same challenge , just as crptonic007.

I see ninja

@slim ravine don't background openVPN if you can help it

just split your terminal and hide it

that's what i do

!multivpn for everyone

kk @eager fulcrum thanks. will do that