#site-bugs

New bug after the timer rework. Deploying the Kali machine really screws the expiration time. It's counting up on my screen

Infinite kali machine

@frosty cape One of my class mates isn't getting the reset password email

Normally its because they're not entering the exact email they used to sign up

He says when he used the same email in the signup again and it says its in use

Weird, can you get him to email us please: support@tryhackme.com

We can help him sort it out

Sure can!

Thanks:)

Ok hes has sent the email :)

^ replied to it 🙂

@covert kernel i was unable to reproduce the bug you posted on the bug-submission

@floral tusk could you share how you got that bug to happen

Everytime I deploy a machine the timer starts at 0 and counts up. If I click the button to add an hour, the timer gets set to 60 and counts down like normal, except I only get 1 hour from the time 8 click the button

@sly raft

The machine has expired

So just needs a check to say "Machine Expired"

@ornate moss Did you get a popup saying "Machine Terminated"?

Yea

Yea, so thats a super easy fix. Thanks for letting us know 🙂

:)

ok thanks @floral tusk - will look into it :D

I see the same timer but it's right after starting it. It just counts up though. No termination

I keep having problems with the VPN not getting reverse TCP requests

It works fine on the kali room but not on local

That might be your own firewall

Or settings on your local machine

@ornate moss make sure there's only one instance of the VPN connection running too

ps aux | grep openvpn

And of course, the problem 99% of the time ^^ 😁

Weird stuff happens when you have 2+

*cough* 36 *cough*

Yep your VPN is ded @ornate moss

Kill it and reconnect

when reducing browser's width some of the content squeezed nicely but some content breaks the boundaries and I think that behavior should be punished

where can i locate the bookclub

heeeeey

I solved the seventh task from cryptopals, but I can not choose the format of the answer please tell me

@frosty cape is https://tryhackme.com/room/xss broken?

can't seem to get anything back with the payload specified and a few alterations from it? T3 #5

Its not broken, some payloads don't work. Try using more simple methods:)

then what's whe point of the script provided haha

oh sorry

That question

I've done that question, it should work

yeah, tried a few different payloads but still doesn't return anything :/

Should say "finished OUR work"

isn't it this one?

Ah ok, suppose that could be right 🙂

Honestly it should probably be changed though

What room and question? @wise lodge

the tmux one

isn't it this one?
@olive drum so i am stuck on the last question of task 3 of this room called tor. I think the *.onion site is no longer available (pls confirm ?)

People keep thinking it's down and it never is. This isn't a bug, it's #room-help

ohk ...

Not sure if this is just me being dense but I am in the attackdive directory room and everytime I deploy it I get a box with only 3 open ports. I waited like 10 minutes and no new services start. The other odd thing is one of ports is ssh which would be odd to see on a Windows box right? I checked the write up to make sure I wasn’t just being an idiot and it isn’t listed on there as open either. Anyone got same or is it just me.

@rose kettle ooh sorry, it was a bug. Thanks for reporting it

@spiral flameno worries I was mind bent for sooo long

Still having problems with the machine timer creating Kali boxes. It used to have a countdown until you could access the box, but that countdown now just counts up and doesn't show remaining time left. This makes it hard to tell when to add time to the box. Adding time proactively doesn't help because the button resets the remaining time to 1 hour instead of adding an hour. If I add an hour to the box right after it is created I can see a countdown from 1 hour but am no longer allowed to add time to the box

can you DM me @floral tusk

hi im trying to load a room

it wont load

https://tryhackme.com/room/kaliuop

@humble jay What do you mean?

it says loading room....

with a spinner for ever

The page won't load?

Oh yeah I have that too

Refresh and switch to a different tab

Just clicked to check

https://gyazo.com/ebb4c082ca23e3455b7bcc9e5d345bb5

Refresh and switch to a different tab
@tribal knoll Doesn't affect it

i tried incognito

oh

i tried new browser

@frosty cape it borked

@frosty cape This one is you dad

that's my usual fix for that

Confirm -- it's dead

?

Oh weird

@humble jay What room is this?

When I join, it lists as the kali room

kaliuop

its my uni room

for my courswork

It's not a coursework challenge

Because those are different formats, pretty sure

no its for access to the kali

for my courswork
@humble jay Ah, really? can you DM me the link

machine they provide me ;/

Are all rooms not working?

No, just kaliuop

https://tryhackme.com/room/kaliuop
@humble jay @frosty cape

Oh the description says use the regular kali lol

Ahh

I see the problem

Oof, thats annoying once sec

@humble jay It says please use https://tryhackme.com/room/kali instead in the description, it just gets truncated

i just clocked that now

So there's a fix for the meantime

omg

pfft im an idiot

thank you

Fixed

I'm interested now

Its because Toby has locked the KaliUoP room

Ah

So something messed up,but all fixed.

Shows that now

Can you leave a locked room?

Yes, sweet

@rugged ermine Nessus being nessus again, someone has a different answer for the Apache version

pog locked room hype

The nessus room was weird for me

I recall every answer it gave me being completely wrong

Then resetting the machine and everything being right

Making the webpage smaller brakes some of the css

Searching in Hacktivites before it loads doesn't allow you to search after it does.

Oh right, will get on this:)

Also applies if you press back, weird stuff happens

Searching in Hacktivites before it loads doesn't allow you to search after it does.
@ornate moss Fixed

Also applies if you press back, weird stuff happens
@spiral flame What type? Works ok for me?

Lemme try again

Because it broke the search before

Ah okie

Can't reproduce, mainly because I can't remember how I broke it

Ok, if you do let me know

I am sorry, but I think Kenobi, task#2, is wrong or the answer is not properly formulated

It should be corrected or the question should be more clear

Mods, feel free to PM me and I can elaborate more

Hey gang, when I terminate a "room" virtual machine and then re-deploy, is the re-deployed machine completely fresh, or is it the same machine I was just interacting with before termination?

sorry wrong room

Scoreboard isn't working for some reason

@pale notchnot a bug, but completely fresh

@celest bronze because there is no wiggle anymore, it shows but they overlap exactly

So it doesn't appear to show

I'm going to change to barcharts anyway:)

Maybe, but sure yet

Or show score over time, like koth

Long code blocks break the CSS in rooms:

Multi-line code blocks would be really nice

serious one

I see the problem

Please DM me

sure

Hello, I can't connect to Hackpark machine even I've tried to re-deploy machine. Are there any problems with that machine ?

@copper lotus how are you trying to connect? Are you connected to the VPN properly?

hello

@covert kernel wrong channel unless you havw a bug to report

@covert kernel wrong channel unless you havw a bug to report
@spiral flame lol

@spiral flame Hi James, I am using VPN. And yes, I can connect to others machine, but Hackpark, I can't

@copper lotus There was another question too

How are you trying to connect?

@spiral flame I try to access Hackpark's website, but it's usually get time out. Sometimes I can access, but after few minutes, it got time out again

Have you checked that you're only running a single openVPN connection?

@spiral flame yes, I am running only one openVPN connection. I rooted Steek Mountain few minutes ago, I don't think my VPN connection have issues

What are you connecting from?

from Vietnam

What OS etc?

@spiral flame Hi James, I am using VPN. And yes, I can connect to others machine, but Hackpark, I can't
@copper lotus How long ago did you deploy HackPark?

Kali Linux

It can take up to 5 minutes to deploy and configure.

ps aux | grep openvpn and post a screenshot @copper lotus

Also that yeah

It's windows so it takes a bit longer

Ok, you should be good VPN wise then

I've deployed Hackpark again, let's wait a few minute then

^^

Give me the IP (DM), can then check if its you or TryHackMe (gunna take a stab here and say its most likely you tho)

Gotta typo in Kenobi: T4Q3

I think, that might mean to say /bin/sh

Also had a request for that question to be reviewed generally. Apparently it's not going into enough detail about the attack vector

https://tryhackme.com/room/zthlinux

Am I doing something wrong? Am I not supposed to have a linux opening here?

https://gyazo.com/cbca100c699dd8517e2f74bb3d60bce0

I have bought the subscription

Not all rooms have browser control @dense bridge

oh I see

thanks

There should be a task there on how to access it 😄

😄 will look into it

<@&568449888682246145> am I meant to be able to do that?

@orchid remnant meant to tag admins? Maybe

Aye. I have no idea why it would be allowed but it lets me do it 🤷‍♂️

Figured it was worth asking

I imagine it's allowed in case of emergenciea

I mean, we'd usually just tag one of the admins (or some people do all three I suppose)

Not that it makes a huge difference, given we can do that anyway

Just wondered 😄

As long as you leave @Community Mentor off, Pars, I'm happy

I mean

You're only pinging dark and ashu there

Skidy doesn't have red admin

skidy has blue admin

Which makes it even stranger having it open

Sometimes you may just want to summon dark and ashu

Hi

:))) i'm newbie

@orchid heart welcome but this is not the #general ^^

@grave flicker tks 👍

In the room /room/zthlinux I think there is a small mistake in the description of chmod 455 Task 24

Ben I think the counter is messed up

Someone on uop room got this error

@frosty cape

yo

What timezone is the user in?

@sly raft coded the counters

Ours I believe

Which room? Ill check it out, dont think its room specific tho

Uop cw 2

@covert kernel ^^
That is wrong

ahhh that's weird

Do you know what browser?

and whether refreshing the page fixes it?

might re code the entire thing over the next few days

:))

he said refreshing didn't help it and issue continued

not sure of browser, I assume firefox on kali

@orchid remnant?

chmod 455 in zthlinux. I didn't notice it before, but you've said that the user can execute only, group can read and execute, and world can read and execute.

Did you mean that user can read only?

that is a mistake

thank uuuuu

Thank @jovial swift 😄

@jovial swift Thank uuuuu

Np 🙂

Tiny typo, in Linux Challenges, Task 3 Linux Functionality, #2, says 'were' instead of 'where'

rooms start with 3 hours now?

@thorn briar Nope, I think timezones are messing again

Lemme check

yeah they should only start with 1

An hour and 5 seconds

@sly raft yep, timezones still borked

was able to add +1 hour on 2:55h mark

yeah so your timezone is 3 hours out or something and it's messing with JS

im natural hackerman

typo @frosty cape

The kali room is very unstable as of late. Disconnected or lost connection when doing anything. Note: I have tried to see if this was just an issue with my computer or internet but after testing it on multiple computers and networks it give the same result. Now this wouldn't be a problem as I run my kali locally but scans which should take <10 mins to complete instead take over 1 hour.

found typo,
Chance should be change

hey there

I am a newbie here

I tried to deploy the machine

But it doesnot get deployed

Please help me

@covert kernel Which room has such issue?

it was 25 days of christmas

but I solved it

thank you

Sure! If you have any questions later, feel free to ask

will do

hey...I got the value of the cookie and even decoded it but it says it's incorrrect when Isubmit it

I submit*

go to #room-help

problem just was solved, read there

okay

a small question, how can you achieve higher highscores?

@covert kernel scores are based on how many people have answered the question before you. Complete lots of rooms, and be the first to complete new challenge rooms

👍 thx for the feedback

is alfred dead?

hi

can you help me?, i don't get it

#room-help @tulip shuttle

Not sure why but I'm pretty sure the video player crashed my browser D:

Hi everyone, I just wanted to contribute with another "fix" for day 13 challenge of the 25 days of christmas room series. Changing the default browser to chrome and to IE again, enabled to select the browser to perform the exploit correctly.

@rigid bolt It's not a bug, it's set up that way intentionally. That's not the actual fix

Oh damn

@frosty cape finally reproduced the search bug

if you start typing before it loads the rooms, you have to reload the page to get search working

Virtual machines

@karmic sequoia #general or #site-support

Probably general

That or dual boot it

If you have a big enough hard drive

When looking at profiles on mobile, you can't see the activity graph thing because it gets cut off

Mistake in Q4 of rsa:
It's asking for the totient, which is phi, not n.

When creating a room, it appears that if you have used the same room-code of a room that previously existed, the tasks appear to merge with your tasks.

I.e. I deleted a room, re-created it with the same room-code and the previous tasks duplicated into the room. You'll get two "Task 1" and "Task 2" respectively. Removing the duplicate "Task" i.e. "Task 1" will also remove the "Task 1" that you made

Interesting

Seeing what you said in creators lounge, it could be API latency in hindsight - especially as the website isn't running optimally at the moment

is it just me.. or the website started working at least 30% slower

@olive drum loads of people have been using the platform, John Hammond hug of death

yeah that's understandable

but there's more positive in this than negative!)

Load balancing is coming

still working on it

Will be up, today/early tomorrow

hello, i am new and i am having trouble in advent of cyber 6) task. I am trying to deploy the machine and nothings pops up although i did downlaod correctly the Vpn etc

is anyone willing to help me

head over to #room-help

tasks from paid rooms getting added to your incompleted tasks before going through the "why-subscribe" redirect page (idk about other rooms but had this problem with Learn Linux)
[EDIT : doesnt happen constantly tried with Kenobi and my list didn't get updated]

Per DarkStar's request, mentioning here that https://tryhackme.com/room/bof1 is 196 days old with nobody having 100% completion. No complaints about the room itself, just that it is a walkthrough with great information on the theory behind buffer overflows however doesn't touch much on the actual process of exploiting a buffer overflow. This is the reason I think there are no 100% completions. Most users I can see on the Scoreboard can get to the last two tasks but can't actually complete them.

Is it challenge or walkthrough?

searching "crack the hash" doesn't get me the room

@spiral flame I have put the root flag in twice for Alfred (it was one of the first rooms I completed) it randomly just disappeared again.

No need to tag me

I didn't notate it, I will for the future but any chance you can help me with this?

I can't fix that

I thought you were the one that helps with rooms?

quality etc

I review the quality of rooms, I can't fix bugs with THM

Is the discord bot supposed to update your rank ever?

Would you mind giving me the flag, so I don't have to redo the entire room?

I would appreciate that.

@floral tusk Use !verify again

@celest bronze Can't give out flags 😛

James, for future reference, do you have the fix for that (flags disappearing)? I seem to remember seeing someone deal with it before. Might have been you?

I’ve literally helped people complete Alfred.

Ah, I see. Should the bot automatically update ranks every so often instead of having to do it yourself? Or is that not intended

It’s not giving me anything I didn’t already have. It’s my fault for not saving it!

@orchid remnant I think it's a weird windows thing

as it happens with Blue aswell

No, Pars 😄

As in, the THM website

oh

Isn't saving it 😁

@orchid remnant Not being visible in the room, or on THM?

I haven't heard that issue before

On THM

I was mistaken

@frosty cape something very broken, it deleting saved answers

Huh. I'm sure I've seen someone deal with it

I posted in bug-submissions

Thank you

There's a bug submissions?!

yeah

Huh. The things you know 😁

For the bug report, see it says I completed the room. But the last question is unanswered again... Which means, I'd have to redo the entire room.

in my opinion, when this type of thing happens, I feel the flag should be given privately

It's not my fault it happened!

I wonder if it gives you the points again

If so, that's broken

I can confirm that when I get the flag again.

I also wonder if it takes the points

Right, I wouldn't be able to see that.

I just asked someone that I helped though it, for it 😛

Added an extra question to Alfred

Which is why the room looks like it's not complete for loads of people

@sly raft Did you delete the root flag question?

And the create a new one?

Actually, you would have had to

@sly raft After I sent you the updated info on Alfred with the payload not working properly, the answer to Task 2 #1 can't be found

They have to run the original msfvenom command to get teh proper payload

what do you mean the answer can't be found?

The room was updated to have a different msfvenom payload command run. The new command generates a different sized payload than the original, which had issues.

Task 2 #1 asks for the size which is still set to the original size as the answer

So unless someone decides to run a msfvenom generation command specifically how it was originally written in the task information, they'll never get the correct answer without just guessing or being told

Sorry if pinging you was the wrong person, I just know you had me send you the original info of what did and didn’t work for the actual exploit

Yes

I had to complete the room with Covenant, and then I was given the correct MSFVenom payload to use (without encoding).

Now the root.txt flag is missing, which would mean I'd have to restart the entire room. I take notes now, but I didn't at that time.

@covert kernel @celest bronze So the reason the flag was deleted is because there's no way to add a question other than at the end. This meant the root flag question had to be deleted and thus the saved answer was too. It's affected everyone who did the box before the change was made

Understood, so everyone has to redo the room?

Or should we wait.

I don't think there's a fix for it, it was a destructive change

@frosty cape This is another reason we need to be able to rearrange tasks and delete tasks that aren't the final task

Think he has his hands full for the time being

there is a misspelt answer in nmap room

Where?

syn scan should be -sS not -sC I guess?

@ocean reef good point - will change the q now 🙂

**sorry not in the room it is in the writeup of the room

The writeup screenshot you've just posted shows -sS

not -sC

so not really sure what you're getting at?

after the answer it says -sC

Where?

o

also few paragraphs below it

Think he has his hands full for the time being
@worthy stag That's fine. Still sending the info so they're aware.

Ignore that, just realized you weren't responding to me 😅

@vocal raptor -- Apparently there's a bug in the Shodan room. Ask @obtuse galleon 🙂

@vocal raptor yes it is i can dm or here if u want

Just post it here Mate. That's what the channel is for 😄

|| ||

this is at the moment not the good answer

||but 2008||

(preferably blurred...)

ups

Sorry. That's my fault 😄

or put it in ||

on either side

That ^^

Very nit-picky typo I've just noticed when creating a room: the tip when hovering over the two room types is missing a space between "The roomwill..." it's the same for both "Walkthrough" and "Challenge"

Hackback 2, there's a close button on the Context rectangle

It does... nothing

advent day 17, for the flag1 it says if it takes longer than 30 tries something is wrong but the password is way deeper than 30 tries on rockyou.txt

Which day is day 17?

If it's Hydra then yeah, that's completely wrong

Yeah that one was broken

Known Issue, but it's never been fixed, and won't be now

I think it's fixed for a standalone version

Yep

Would just need to be merged I think

I've got a shortened wordlist

Gimme a second

bc the hydra box is similiar but the web password is diff

Yeah. It was fixed for the standalone

yeah

can the hint at leaset be changed lol

https://raw.githubusercontent.com/MuirlandOracle/passlists/master/rockyou-short.txt

least*

Use that instead of rockyou

that's what i used

on that box

Hang on, you already used my list? 😁

i used a short rockyou for that box bc the original was taking forever

i was like 4000 deep when it was saying 30 would be to many lol

Aye. That one is thoroughly broken

It's something like 9 million in

oh dang

hi everyone! i tried to use "cat .bashrc" but couldn't find the flag. help me please

@hearty charm Wrong chat

#room-help is that way

sorry

thank you!

Hi everybody! Got to know about this amazing service today and checked it out. I signed up, logged in, verified my account, set up the VPN, and joined many rooms. But when I hit 'deploy' the VM never loads up

I waited for about 30 mins or so but to no avail

Try refreshing your page?

You should see the IP appear below the graph

The IP appears but no interface

Active Machine Info is available to me but no VM appears

Unless you're trying to access the "Kali VM" there is no browser interaction for the rooms, all you are given is the VM IP Address and expiry countdown 🙂

like this:

Oh Ok

I thought that there would be a browser interaction for every room

Sorry I'm a newbie 😄

If you're able to connect to it through the VPN then any help you'd need would be best in #room-help. If you can't connect (check the access page to verify) then #site-support 🙂

No worries!

Welcome to the platform

Thanks a ton!

Hello from NC!

Salve @strong mirage

Down for dev??

yes

Here's a bug for you :p

Nice, it's fixed!

... the picture, that is

Flag doesn't render, hovering gives 2 Chinese characters

CSS class flag flag-春上

Yearly Activity is missing

Have you done anything this year @quartz ocean?

Yeah, completed 9 rooms in the last 2 weeks or so

@orchid remnant

Worth checking 😁

Fair enough. Yeah, something's off there

Ooh

Wait up

It's lost all of march for everyone

@frosty cape -- something's up with Yearly Activity

No one has anything from February to March

Just checking a few more accounts now

No -- it's working going forward, but everything from February until yesterday seems to be missing

Except it was working recently

I swear

Mhm. I remember it working until recently too

@orchid remnant Works for me?

https://tryhackme.com/p/ben

March 17th

March 17th appears to be when it starts working again

Specifically, after the load balancer update

That's mine, for example, and I know I've done a few rooms recently

Including Alfred yesterday (17th) afternoon

I mean, not the end of the world 😁

Just good to know about

Ah okay weird aha:)

Not really complaining here, been a user for mere 2 weeks so I haven't lost much, au contraire 😉
Intermittent/blank history could become an issue in the long run if people start showing off their public THM profiles to potential employers -- just like devs do with their public GitHub profiles
As you grow bigger as a company (and I really hope you do because I like THM a lot), I don't think you guys will be able to afford losing such data. People might start considering their histories/assiduity very valuable. I mean, from a professional/career oriented point of view (Please take this as friendly constructive feedback only because it's all it is.) Keep up the good work, lads! 🙂

Not really complaining here, been a user for mere 2 weeks so I haven't lost much, au contraire 😉
Intermittent/blank history could become an issue in the long run if people started showing off their public THM profiles to potential employers -- just like devs do with their public GitHub profiles
As you grow bigger as a company (and I really hope you do because I like THM a lot), I don't think you guys will be able to afford losing such data. People might start considering their histories/assiduity very valuable. I mean, from a professional/career oriented point of view (Please take this as friendly constructive feedback only because it's all it is.) Keep up the good work, lads! 🙂
@quartz ocean The data is not lost, I have verified this:)

But thank you very much for your kind words

I'm looking into why its not displaying, I know the data is there as teachers use it to monitor their students progress.

And I can see data since the last few weeks

Looking into and will fix asap:)

We still can't leave subscriber rooms when you're a non sub

You need to verify if someone's a sub before adding them to a sub room with /jr/ links probably/

Minor bug: The button to "add 1 hour" stays disabled if you click it when you couldn't add more time, even when enough time has passed that you now can add more time.

Euuh hey theree i hope your doing well ?
Soo i'm having this little problem idk what's going on xD
okay so i'm not even a subscriber and i have the linux challnges rooms upon my rooms and i don't remember joining it even with the jr link or idk how to call it or the room code ....
So that's it !! i hope it's not that big deal

If you create your own room, and it ends up sub only, you can't complete it

👀 you should be able to send in here @worthy gulch

Yeah, I just realized It's cause I was being a dummy

Isn't this incorrect? HttpOnly means that the server-set cookies shouldn't be accessible by JS in the browser

from https://tryhackme.com/room/rpwebscanning

@rugged ermine So I think RP Nessus is being weird again

Figures

I'm redoing that room once I'm done with RP Burp Suite

HackPark, issues: Task 4, Question 2. the format is off. sysinfo does not display that answer in that format in anyway.

Ah really

Looking at it now

Which way does it display?

Changed & deleted to stop cheaters 😉

Thank you

Updated

Both questions

thanks

@floral jewel Wrong chat.

https://tryhackme.com/notifications/get

?

What about it?

Yes?

It's JSON

what is it

after login thsi append

the bell icon.

It's not a bug

just after the login

What?

that append without myself this

after login

I can't understand what you're trying to say

when i got loged , this url pop

popped up where?..

did it redirect you there?

yeh

after the login

y

i guess it's not a bug

might be website lag

Cannot reproduce

don't worry about it

My guess is session expired as you clicked on the bell or something

Probably a one off

https://tryhackme.com/room/linuxctf flag 16 should surely be marked as a bug, using the logic that its a common mount point despite the fact nothing is actually mounted there is absolutely ridiculous. You're sending people on a wild goose chase checking mounts in any ways they can only to eventually google the answer to find out its not even mounted, its just buried under a few directories.

The room is focused on using Linux syntax to find things

if you're looking for mount points (even though it is a common mount point) etc in that room then you should be able to find the flag irrespective in theory

the question says "Flag 16 lies within another system mount."

Also there's no feature to mark known issues yet

thats not even true

Uh, one

Ignore the invite I accidentally just sent you

lmao

Tried to mention you instead 😁

2

There are two places where things are mounted in Linux

The question is accurate

It's just in the "automatic" mount point, not the "manual" mount point

so you're saying /media is the automatic mount point and thats why it doesn't appear on things like mount and fstab ?

Ubuntu!

/media is where things like USBs are automatically mounted to

hello guys it's a pleasure to be here

@twin steeple unless you're about to report a bug, wrong chat

but hey o/

im not sure you can really call it a system mount when nothing is mounted there, regardless of being the "automatic" mount

What exactly does the question say?

Flag 16 lies within another system mount.

Well, it's technically another system mount

Albeit simulated.

A system Mount isn't necessarily an unmounted partition.

Just another file system

^ in a real-world scenario, you can use mhddfs

well i get what ur saying

It's just that it's a simulated / virtual mount as Muirl was saying

but i feel it would be a much better question if you actually had to check what was mounted and find the flag that way

instead of essentially asking "
Flag 16 lies within another system mount, but its not actually mounted, all you need to know is the location of a common mount point"

Ah, but then you wouldn't learn about default mount points. You would learn the commands, but not the infrastructure of a Linux machine.

then change it to be "flag 16 lies in the default mount location"

because that is just confusing af and no one is taking anything from that

i've put it past my friends and they were just as confused as me

Yet, the hundreds of people who've already completed the room don't seem to have had a problem...

i searched #room-help and many had the same question

im not an idiot i just didn't expect the question to be so badly worded

Just because something is a common question, doesn't mean it's a bug

I see two people who've asked

It could mean it's a good prompt. Makes people think

Out of 2066

That room is also notorious for making people think. It's a challenge, not a walkthrough

i wonder how many of those also googled the answer and then bashed their heads on their keyboard

Welcome to hacking

If you want my honest and blunt opinion, I don't think IT is for you if it makes you bash your head on the keyboard >.>

Don't do Madness, Cherryblossom or Willow

No matter what you do

Or CCT2019

I hear it's a killer

Jigsaw(2) might also be good ones to stay away from

Definitely do Madness. It doesn't require advanced techniques or knowledge

Just a lot of thinking

I spent a good few hours on CCT2019, couldn't get a start on the Wireshark

nah bruv, ctf 100

ctf 100 v3

you're going to hate someone

i can't add more times and i'm excuting a brute force

@frosty cape sorry for tagging bro

are you subscribed?

Is "add 1 hour" still disabled if you refresh the site?

also the timer has been bit buggy lately (just a bit)

Tags skidy
Tags skidy again to say sorry for tagging

@spiral flame Sorry!

Not you

I know this :)

@spiral flame yeah

@spiral flame that's kinda annoying sometimes

@olive drum what do you mean? @olive drum @olive drum @olive drum

@spiral flame i mean

I know that only tagged you once. Didn't want to escalate

i can't add more times and i'm excuting a brute force
@ocean stream Refresh your page

It workd after refreshing serval times

sorry for not answering guys i wasn't here

thanks god i didn't lose my progress espacially in brute-force

@frosty cape plz give me retro badge

^^

did you get yours?

Nope

i got

i tried harder and it worked out

It appears the expire time for me when I activated the Basic Pentesting room was higher than it is normally

we'll be pushing the new expiry time soon 🙂

the windows god has spoken!

is the Yearly Activity section working fine?

cuz i think mine is broken

hello

yo

@rose kettle I brought that up to Skidy a few days ago. Good shout posting it again though 🙂

ohk

Looking into it now

:c

4 hours into cracking a password and i'm delighted to see this haha

Should've probably not done it on that machine :p

should've, but didn't

i like to risk it for a biscuit

@frosty cape can you restore me session :c

^ Connect RDP for now

Im going to make a button that reconnects.

Oh wait

I can give you your username and guac auth session if you want?

sure

if you can @frosty cape

Typo 🙂

openvpn room got duplicate questions

Refresh, fixed.

Typo 🙂
@celest bronze thanks, fixed locally. Will push later:)

@frosty cape thanks. yeah, after refresh the page it's fixed.

Its a bug I thought I had fixed:)

Clearly not

Will add to my list

(Blue)
The answer was accepted with an spelling mistake in the "meterpreter"

@tardy anvil not a bug. The site used a degree of regex when accepting answers

I keep writing meterpeter

meeterpreeter

mreterpreter

I cannot add 1 hour

is this a bug?

yes.

refresh the window

Lazy frontend devs ||/s||

^ Lazy I think not

@worthy gulch do you work for TryHackMe

no

He owns it

😛

Oh

Wait

Wrong person 😁

Told you, @rugged ermine People'd get confused!

tryhackme is a decentralized learning platform

noone owns it

He owns it?

No

Skidy does

Well

Skidy and Ashu

Skidy and Ashu

Skidy and Ashu

lmao

@spiral flame jinx

@spiral flame you owe me a root beer

@orchid remnant and you are an admin or something like that?

No

Nope

He's a community Mentor

Community mentor

Nah

Just community mentor

These two are mods though

And despite the similar color, I'm just some guy TM

green has power

pink is a wannabe

I am wondering out of all these hacker has anyone tried hacking tryhackme

orange is regular guy

😂

@worthy gulch you're not just some guy

You're the guy!

also orange is admin

I hacked tryhackme once when I had a machine with 2h20s on the clock by accident :p

😂

I've reported an XSS on THM, so literally hacked THM with Muirland

XSS is the worst

Responsible disclosure y'all

xss
"hack"

#neveracceptuserinput

#neveracceptusers*

#neveracceptconnections

The best way to make a machine hackerproof is with a hammer.

This ^^

The best way to make a machine hackerproof is to not build it at all

Ah, but to be a machine, it must already exist 🤷‍♂️

This is true. Now it was never vulnerable to begin with.

Otherwise it's just a concept

Can you hack concepts?

but does anything exist

no.

rooms that use backticks for code formatting no longer nicely display this

EG Ice task 4

Bug on the room editoring

When dragging a task from the bottom to top it swaps them around instead of slotting in

Hi everybody

Who can send me courses about learning Hacking

what do you mean

like a book?..

if you want video courses I can recommend cybrary.it

Hi, is there an issue with the day 11 of AoC ? I get a connection error when I try to 'ls' on the ftp server

Or is that intended and I should find another way ?

ls on ftp..? :)

to list the files

ls on ftp..? 🙂

but is it via an ftp connection?

ls does not work with ftp

it's a bit different thing

:D

Even Filezilla can't list files

are you sure there are actually any files?

And the ftp server process the ls command, else it would have sent me an error for the command, not 425 connection error

The challenge is to find the name of the file on the server

hello

somebody is here ?

no

multiple people are here

Is it re. a bug? @oak hare

shoot your shot

so i have question about christmas 2019

ask it

we can't answer a question we don't know

i have the ssh credential but i get i error for the password

santa:rudolphrednosedreindeer

Can you add that into spoiler tags? @oak hare using || < message> ||

|| on both sides or whatever oops

so || text ||

||message||

@topaz venture you can escape chars using \

|| ty ||

:^

You're connecting to user satan

i want to connected to the ssh service i have all require information

You're trying to connect to satan, not santa

the user the passwd and the host but i think something wrong

That's a typo

You put satan

The real user is santa

try santa@ instead @oak hare

ok i get it

So do anyone has a solution for my issue on AoC day 11 ? I get a 425 connection error when I try to 'ls' on the ftp server

sorry for inconvenience @tribal knoll @covert kernel

What command / method are you using to connect to the FTP server? @covert kernel

both ftp on WSL or filezilla

@oak hare dw about it, happy to sanity check

Have you tried using a browser? So ftp://ip in the address bar

You're trying to connect to satan, not santa
@covert kernel hahaha, that's great

I'm not 100% on AoC, I didn't complete all of it

Was going to say, for that challenge I'd really encourage using the ftp linux command rather then filezilla @covert kernel

@tribal knoll Both firefox and Chrome have an issue trying to access the ftp

I'll let @topaz venture or someone else take over here, I'm not too sure on this one

@topaz venture I tried to use ftp, but I get an error

!multivpn

try that

also I assume you're VPN'd from whatever you're connecting from

also using OpenVPN to connect to THM with WSL is really-iffy iirc. Wanna move over to #room-help maybe and I'll help out?

oh WSL yep

do you get a strange page when you visit https://tryhackme.com/notifications/get?

this is where I got redirected after logging in

@frosty cape 2 people have reported this now

It's intermittent but something's up

i got to the login page from twitter

if that of any help

(to the login page that lead to the notifications/get?

What link from twitter?

this is where I got redirected after logging in
@thorn briar Fixing now:)

Fixed, will be made live in the next THM push

Hey. Not sure if I should post this here.

Well, is it a platform or room bug or are you looking for help?

I'm new here and I'm trying to make the Advent of Cyber room. I have virtualBox running Kali linux, I joined the room, I am connected to the server. I used ifconfig to check my ip. But when I try to connect to: http://<your_machines_ip>:3000 it doesn't work

!multivpn

Give that a shot?

Also, this is probably better suited to be in #site-support

Also, have you given the room a couple (up-towards 5) minutes for it to fully boot? Think of it as turning on your PC @flat hornet

Yeah

Oh, speaking of which @topaz venture -- fancy sending over that list of common issues you've been compiling. I'll collate 'em

Was hoping you'd do the same 👀 I'll shoot 'em over when I get a chance x. @flat hornet as Muirl said, #site-support would be a good place - we can help you out over there

kk should I copy paste the text and go there?

Nah it's okay!

kk See you there and Thanks

@quick ore Not a bug, #room-hints

oh sorry

Any hope of messing with the Access page?

guys - just thought i'd come on here and say thank-you for a brilliant service. I've got my OSCP code and I'm all ready to go , yet I do have apprehensions about my preparedness before the time begins. Your OSCP path is really helping and I am very appreciative. Brilliant and I can't wait to see how the service progresses. Many thanks.

Thank you! @brisk stream

But for future reference

#522158404614225920

This is the #site-bugs channel

You'll want to post that in the #522158404614225920 channel

Dude so sorry - I don't even know why it defaulted to me being in here!

You're good man :)

posted into feedback. No bugs so far, many thanks!

😁

Hey

i think the port is wrong in this part of the cllaneg of ultratech1

http://prntscr.com/rjwzwa

there is no port 8080 only port 8081

so i think its a typo

Challenge name : Ultratech1

on the new room the cod caper, i missed my copy paste by 1 letter and still got the answers right

The first letter is missing in both boxes

@floral tusk not a bug, the site uses regex to determine answers.

There's some tolerance on it

Mhm it's not a bug it's a feature

Mix of both

kekw

perhaps a way to adjust tolerability for each room?

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

lwld

Uhh... this looks bad. This is me trying to open a link in gmail about me getting a badge on android phone

same in firefox browser

well it's not tryHACKYOU

but really, you think hack in domain name causing it?

Yeah filters can be a problem sometimes

esp android ones

its happening on windows firefox too

never had such problem with any browser

check your security settings, might be something there

yes, my browser and add-ons are privacy oriented but now I have tried edge browser with default settings and got the same popup (first time using it not for chrome download! wohoo!)

Hello, got a problem withe the last exercise of day 9. The password hash is obviously in /etc/shadow, but I've got no permission whatsoever to the file and I'm not on the sudoer list. If someone could hint me in the right direction, that would be great 🙂

How're you folks

You're more likely to get an answer if you try in #room-hints, @covert kernel :)

also, hello @slate idol! Feel free to chat me up in #general ;)

thanx @worthy gulch

No problem!

The discord is a bit slow ATM. 'murica's asleep

Calm before the storm :^

c;

👀

eyewitness

hahaha

I'm just sleepy

Help

??

i am stuck on an room

#room-help

Not a huge bug, but I referred two people. One Subscribed but didn't get any points as of yet.

Still says 2 tokens pending instead of 6.

Dyamn, not sure how the referrals got found as its not been advertised

This is 0day...

@celest bronze its because they have not got more than 100 points

He finds everything...

Weird it shows a number tho

running gobuster on the platform ey;)

There are a few pages I need to clear up

Been wondering, what's that for Skidy?

he runs a dir search everyday

Are there any benefits for people using that link?

There's a nice handy link

Was that from back when VM running needed credits?

https://tryhackme.com/referrals

Ooh, that could be it

I might make every page respond with random garbage to stop it

People will wfuzz then

https://tryhackme.com/referrals @covert kernel

Mhm

and what do tokens give

I fixed the link

random garbage, random input fields, random legitimate looking data

jk

Uh, Skidy, there might be a problem with authentication there as well. Might have just accessed Pars' referals page

Lemme confirm

Also do you have a way to stop people from referring themselves and just doing a room @frosty cape

Like through alts

Uh, yeah, definitely got no user validation. I can access 0days' as well

Not that it hugely matters

Doesn't give you any access or anything

It's not really sensitive information

True

Doesn't really matter

Also do you have a way to stop people from referring themselves and just doing a room @frosty cape
@covert kernel good point and no.

Nice room @topaz venture , thanks a lot.. I have a comment

Thanks! A comment? I'd like to hear. Is it a bug/issue or a #522158404614225920 comment?

I'm not sure.. it's about task 13. you talk all time about IDA
even "For this room, we will be using IDA Freeware within the context of statistical analysis. Navigate to the directory "Tasks/Task 13" and open "install.exe" with IDA Freeware, following the instructions below:"
But to answer we have to use PEstudio.
It's this ok?

#Advent of cyber

Oh okay, defo the right channel for that sort of thing - I'll have a look to double-check @bleak wraith. Thanks for letting me know

@topaz venture it seems some people are having trouble connecting to your room

Often having to try multiple times before it works

The room takes quite a while to boot-up even on subscriber resources it seems

Could you make a note of that in your intro task

I'm iterating that into the room now

:^

Thank youuu

<3

Apologies for the oversight

It's all good, thanks for making such a good room

The room takes quite a while to boot-up even on subscriber resources it seems
@topaz venture The windows machine takes up to 5 minutes to come alive

So I set a timer for 5 minutes

Might be worth saying that.

There is a bug (now fixed) where if you refresh, it will stop it showing the 5 minute timer.

Often having to try multiple times before it works
@covert kernel The room opens a terminal in browser, but take a while.
if you get a MSTSC conection before browser ends to load, you probably lost you original conection. (because browser take over the only allowed connection)
I have had to close browser conection and re-connect from mstsc.

Sorry my english()

Apparently it's just a timer thing

@bleak wraith

might be. Imho, the browser terminal is not neccesary.

I've stipulated that now @frosty cape ty. Also @bleak wraith I've sorted the issue you raised 🙂

I remember re-writing that specific question before so I obviously didn't save it or something lmao

yikes

wow.. nice moidification.. thank you.. @topaz venture

Thanks for pointing it out 🙂

Was it fairly intuitive otherwise? I mean you managed to solve a wrongly-written question so 😛

the question gave the clue.. so.. it was not a really challenging misterious task

Was it fairly intuitive otherwise? I mean you managed to solve a wrongly-written question so 😛
@topaz venture

Thanks for pointing it out 🙂
@topaz venture my pleasure... i love this site.. 50days in it, and I learnt more than one year on other Boxes, you know what I mean.

<3 @bleak wraith

We're glad to have you

if it everything is on the right track, next Thursday I will be able to get paid subscription.

😁

wicked! Very much worth it imho

wicked! Very much worth it imho
i highly support that claim!

absolutely worth every $

I also highly support that claim

indeed

wicked! Very much worth it imho
@topaz venture

Hey @bleak wraith, you left me a nice comment on my Cherryblossom write-up, didn't you?

Have you had a chance to give Willow a shot yet?

Should probably move over to #general or #thm-community-media btw

@topaz venture can you check why PEStudio is going onto "Not Responding" on the VM when the files are loaded into it.

That may be a problem with the tool itself not the room

Is there a file / task in particular? @wise epoch

Oh, my.. I was thinking only me had this problem..

@topaz venture 12, 13 consider 14 too

PEStudio is going insane! Seems like a BOF

Is there a file / task in particular? @wise epoch
@topaz venture i had this issue on 13 but now it's no longer required.

@bleak wraith you can't even imagine how I did 12th one ✈️

(install.exe)

@bleak wraith you can't even imagine how I did 12th one ✈️
@wise epoch 12 was nice for me..smooth

Mhm that’s real bizarre. I did a lot of testing with those tools for that sort of thing...

Might have got weird after the VM was pushed.

Yeah. I'm gonna pull the room into private, sort out an alternative to using PEstudio as that's the re-occurring theme. Will get it fixed within the hour or so

Great!

@topaz venture can you please send me the install.exe

Just sorting out alternatives @wise epoch

sure no worries @topaz venture :))

@vagrant needle refresh the page

^^

This bug has re-appeared.

Weird

they should go away

@vagrant needle doesnt work....i'm trynna login again

Its most likely not going to work

I will look into this Monday

Out of interest, when you joined the room, how did you join? Did it lag?

Did you refresh the page again?

@topaz venture how much time?

i dunno

Okay, regarding https://tryhackme.com/room/malwareanalysisprimer:

After a few intermittent issues with a specific tool, with @frosty cape being Skidy, I've re-written the task to use a different, much more responsive tool.

If you are in the room, re-deploy and refresh the room (Ctrl + R), there is new content regarding using this tool that should be all okay now. ( @wise epoch @bleak wraith thank you lads)

No worries! Thanks for the quick fix :))

If interacting through browser, the room will take a minimum of 5 minutes to connect. RDP a bit sooner, but still assume 5 minutes regardless

Done with the room :))

biggest sigh of relief

🤝

Have you made the room public again @topaz venture?

Yes it is public :))

Aye, you were already in it though, weren't you?

New people joining are struggling to get in

Yeah it should be public now 🙂

Lovely

The box just seems to really take it's time when using the in-browser

Yeah it does take much time to load within the browser!

There we go, he's in now

Better go for RDesktop!

@topaz venture you on LinkedIn?

Skidy has made it so that even non-subs deploy with the same resources as a subscriber.

Even locally the VM takes a bit of time to deploy, seems like there's quite a lot going on during the boot-process

Yeah!

Well, the various socials that I am on are on my thm profile - and even then they're not hard to find :^)

we'll move to #thm-community-media though ^^

sure!

how is every one

what up

Probably not something for #site-bugs @lament remnant?

@orchid remnant

?

Do you have a bug to submit?

no

just saying what up

my bad

Maybe keep it over in #general or #thm-community-media then please? 😄