#room-help

* Host target.thm:80 was resolved.
* IPv6: (none)
* IPv4: 10.66.157.134
*   Trying 10.66.157.134:80...
* Established connection to target.thm (10.66.157.134 port 80) from 192.168.<REDACTED> port 40596 
* using HTTP/1.x
> GET / HTTP/1.1
> Host: target.thm
> User-Agent: curl/8.19.0
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 404 Not Found
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sat, 23 May 2026 14:38:12 GMT
< Content-Type: text/html
< Content-Length: 306
< Connection: keep-alive
< ETag: "69f52157-132"
< 
<!DOCTYPE html>
<html>
<head><title>404 Not Found</title></head>
<body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server. If you entered the URL manually, please check your spelling and try again.</p>
<p>Please go back to the <a href="/">homepage</a> and try again.</p>
</body>
</html>
* Connection #0 to host target.thm:80 left intact

the nginx is alive.. so the / home page dont exist probably.. do u try enumeration for check ? its like the host is on another path .. like /login , /index.php etc...

i havent done this room yet

try gobuster or ffuf

Hello, i'm new here and just started my cybersecurity journey though i have a basic knowledge but i still consider myself a notice. I hope i am welcomed here. Thank you!

the room specifically calls out robots.txt and sitemap.xml.... neither seem to be live
dirb only gets hits on :9999 (feroxbuster get a pile of FPs 🙃

Letme try

hello everyone, im currently in the Cyber Security 101 course and im learning windows powershell basics, im unable to get the IP address of the target machine, please help

Click on Start Machine and it will display at the top of the room

Restarted the box - same 💩

which task ?

T3 - there's supposed to be an X-FLAG header that never appears

@smoky grail I'm struggling with the reverse shell, How did you get it ?

I got the Shell too but whoami /priv is not working

Maybe I'll try it again in Attackbox since Kali is not working

I got rid of it too but still stuck 😭

@smoky grail Wait actually is it possible to get the results of whoami /priv with just using the ASPX Web Shell or is Reverse Shell mandatory ?

here works bro

use a curl -v "http://IP_that_show_to_u_on_your_page"

ah, might be that I'm not using the IP explicitly 😵

yah i have the same problem when he try resolv, so i try with directly ip

That was it - TYVM @primal pollen for the help 🙇‍♂️

hello i need hit to solve Support room i got the password of login page user: specialadmin@support.thm password:snoopy

@smoky grail I did it finally, I just completed the room (Really got exhausted today) 😭

for best results, link the room and explain what you've tried

Hi, chat
Does anyone can login this Windows machine?
I tried and failed, so i wanna find out it's my fault. Thanks!

https://tryhackme.com/room/logsfundamentals - Task 3

https://tryhackme.com/room/support

nice ^^ its cz the server is using a vhost and configuration header is waiting to request header with IP
when u send
curl -v target.thm
the server get
Host: target.thm:80

but he waiting for a Host: 10.67.164.250:80
nginx can behave differently depending on the Host header.

using IP hits the default nginx site/app, so using target.thm hits another vhost

sorry my english

.

sure is

the lab password is wrong, either use the split view or change the password and login over RDP. Please kindly report this issue to #1333993673381253162 to help future learners

Okey I get you

@orchid rover oh okey I get you

Okay, thanks!

Room: AD: Authenticated Enumeration

I accessed bloodhound website, uploaded the zip file and now I get "Unable to connect" error when I try to access the website again.

whatsup guys

i m new in cybersecurity

and i need a friend that help me to understand it.

Thank you buddy

Start with Networking mate

okay

thnx bro

hii , we are friends .

@oak ice Rep-bot having a hard day? 😅

News Room – JUMP

Hi, I’m working on a machine exposing only FTP (vsFTPd 3.0.5) and SSH. Anonymous login is enabled and there is a world-writable incoming/ directory (777) with a README saying: “Files are processed automatically on arrival”. There are also uploads/ and archive/ directories.

We tested:

• uploads with multiple formats (.txt, .csv, .py, .php),
• traversal attempts (../../../),
• sensitive file discovery,
• Telnet/STAT/FEAT/SITE enumeration,
• Nmap/NSE scans,
• SSH access attempts,
• monitoring directories before/after uploads.

However, no observable behavior occurs:

• files are never moved,
• no logs/output,
• no visible execution,
• no additional services detected.

The FTP is chrooted and looks fairly hardened. It feels like there is some hidden sync/pipeline logic, but we cannot trigger or observe anything meaningful. If anyone sees a logical angle we may be missing, I’d appreciate the help.

try uploading a .sh reverse shell in the incoming and set up a netcat listener

Great write-up; which room is this?

"JUMP"

Hi, did anyone here finish the room “Support”
It’s in Jr pentester > web application vulnerabilities II

thank you

I’m on Guided Pentest: Infrastructure : Task 4 trying to get a reverse shell. I was able to use metasploit to connect but am not geeting the reverse shell at all

msf exploit(unix/irc/unreal_ircd_3281_backdoor) > exploit
[] Started reverse TCP handler on 0.0.0.0:4444
[] 10.49.129.58:6667 - Running automatic check ("set AutoCheck false" to disable)
[] 10.49.129.58:6667 - Connected to 10.49.129.58:6667
[] 10.49.129.58:6667 - Trying to register a new IRC user: katrice
[+] 10.49.129.58:6667 - The target appears to be vulnerable. UnrealIRCd detected after registration
[] 10.49.129.58:6667 - Connected to 10.49.129.58:6667
[] 10.49.129.58:6667 - Sending IRC backdoor command
[*] Exploit completed, but no session was created.

I have trie to set LHOST to TUN0 as well as 0.0.0.0 could it be that vpn issue or am missing something?

Problem solved

so basically reverse shell connection was actively dropped by firewall via an ICMP “administratively filtered” rule. i used wireshark and found that ICMP Destination unreachable (Communication administratively filtered). and the solution was to assign ttun0 to the trusted with firewall-cmd --zone=trusted --change-interface=tun0 gosh that took me a whole day lol 💔

is there anyone on here that can help me with the caido: the basics room

Is there anyone that has completed the new room Silent Monitor?

if you still on this, wdym "metasploit to connect "? the MSF exploit shown in the room requires rhosts, rport (should default to correct port), lhost, lport, and a proper payload set. once the exploit runs, you get initial access

Sure thing

@half drum use the metasplot in Attackbox (it has msf6), our's one is msf and it doesn't have interact module as payload

who can help me?i meet some trouble about tryhackme.why i cant download the .ovpn file ,and always show VPN ssm file not found

Dm me

Metasploit: Payload Generation there is no SMB port

after restart it worked

hello people out there!! i'm new to this Discord channel!! i was facing problem in doing the TryHackMe cybersecurity tasks especially task 5 reset password and fuzzing! can someone help me with that one pls!!

On the actual target, your payload will be executed automatically after you upload it to the SMB share. ?? when?

yes

indeed

omg this RAG LLM sucks

knows anybody how to execute the shell.exe in this metasploit capstone

is there evryone is hacker?

Hey everyone i am Scott.I’m so thrilled to join this server and I would love to do great things

Anyhelp to escalate from svcadmin to system in Windows Jump room

Ill try this room

hello

i want room help

im in my pre security learning path in "extending your network" room in the "firewall task", The question asks "what layers of of the OSI model do firewalls operate at?" it is supposed to be answered in the number form and 3 dashes are given "_ _ _" . Now i asked for hint, searched the entire internet, even saw the video of this room and the correct answer is layer 3 and 4 but it is not accepting also it asks for 3 layers even though the hint itself only gives 2 layers(3 and 4)

Hello Everyone

hey yall so i was doing the greenholt phishing room on thm and looked up the owner for 192.119.71.157 , and found it to be HostPapa , but when i submitted the answer it was wrong so i found an old video online solving the room and the ip had an older name for the owner , so it got updated , am i wrong or did they just not update the room?

Hey! I'm from milky way.

No way im from solar system

Thanks for the note. The room was recently updated but it seems the ISP/owner has changed since then.
Will have to look into it further and update again.

Gave +1 Rep to @azure iron (current: #3779 - 1)

np 🙏

Hello everyone!👋

Dark web ka koi grup hekya

Did you change the payload?

the correct answer is ||layer 3 and 4||
Consider useing spoiler tags, and/or not leaking answers 😉

I can confirm yo're correct - did you follow the correct formatting in your submission?

(Answer format: * * *)

hey, anyone here know how to remove full remote access hacks SOS

Hey all,
I'm trying to figure out the third flag in room "Jump".
I am aware of this ||healthcheck.timer|| and ||healthcheck.service|| , but the timer seems broken or not being triggered by the ||monitor_user||.
Anyway, I changed the contents of the ||/opt/dev/bin/ps|| to get a ||shell|| but again nothing happened because of the above.
Any help or confirmation is appreciated. Mostly, trying to see if I'm on the right path or if others having the same issue with this room.
Thanks!

yes i did

well i was able to get payload work in attackbox however when i did it in my own machine with vpn as shown in the log no session was created.

You are on the right path and I struggled a lot with this myself. Did you modify the permissions of ||/opt/dev/bin/ps|| ?

Thanks for the reply!
Yeah, I think I did (I made a lot of changes, I'm pretty sure I did ||755|| on that file and all the parent dirs). Although, what I saw in the ||systemctl status|| were ||Active: active (elapsed)|| and ||Trigger: n/a|| and couldn't verify the ||healthcheck|| is running with ||ps or pspy64||.
But, I'm gonna redeploy and test again to make sure. Probably I'm missing something obvious.

Gave +1 Rep to @soft raft (current: #3779 - 1)

No worries, I went back and tested this twice and got it to work. Should be enough ||with just putting a reverse shell in /opt/dev/bin/ps and modifying the permissions of it. Also, make sure you have #!/bin/bash on the first line, followed by the reverse shell on a newline.||

hey guys im stuck on this qn , i dont see anything on packet 39765..and how do i get file name and use the md5sum to get the hash? nevermind i found the answer

Has anyone done the Forward room yet?

in what?

was working on this yesterday. got stuck on 3rd flag as well lol. i also noticed a certain custom log file in the main directory where logs are usually stored. reading said log file also makes me believe the path forward is PATH highjacking, but couldnt get anything to be triggered by the monitor_user.

Ran pspy for a while and never saw anything being triggered by monitor_user either that would help me see how to trigger something

Hey everyone!
I'm working on the Time-Based Blind SQLi section of sqli room (task-9 challenge, level 4) and ran into something weird.
When I use a basic SLEEP payload it works fine and delays by 2 seconds:

?referrer=tryhackme.com' UNION SELECT SLEEP(2),1 ;--

But as soon as I add FROM information_schema.columns, it just loads forever (even without the where clause):

?referrer=tryhackme.com' UNION SELECT SLEEP(2),2 FROM information_schema.columns WHERE table_schema LIKE database() ;--

Could someone explain this to me? thanks

Yeah, tried everything. Seems nothing triggering it. This is what I see: ||○ healthcheck.service - System Health Check Loaded: loaded (/etc/systemd/system/healthcheck.service; static) Active: inactive (dead) TriggeredBy: ● healthcheck.timer||

When you clicked on the packet, you'll see it has a comment, or you right-clicked... is this really the correct packet? or try Ctrl+alt+shift+C on the bottom u'll see commant section

I am looking for the password, typical flag style in these packets within wireshark. I have followed the directions as they are stated and am not finding the password. What am I doing Wrong? Last question in the networking secure protocol room.

heyy, i just got a question about dead drop room, is the web server dropping after a revshell or no ?
cuz it's the case for me, and i cant make any progress