#site-bugs

2sec

welp, my bad @orchid remnant

that's a real code 30 lol

is this bug in cmess room

i mean points

?

No -- some rooms have extra points added

ok

Not sure if this belongs here, but I'm having issues downloading the openvpn configuration file. The resulting file from the download has the following contents

<pre>NotFoundError: Not Found<br> &nbsp; &nbsp;at SendStream.error (/home/ubuntu/api/node_modules/send/index.js:270:31)<br> &nbsp; &nbsp;at SendStream.pipe (/home/ubuntu/api/node_modules/send/index.js:585:14)<br> &nbsp; &nbsp;at sendfile (/home/ubuntu/api/node_modules/express/lib/response.js:1099:8)<br> &nbsp; &nbsp;at ServerResponse.sendFile (/home/ubuntu/api/node_modules/express/lib/response.js:429:3)<br> &nbsp; &nbsp;at ServerResponse.download (/home/ubuntu/api/node_modules/express/lib/response.js:569:15)<br> &nbsp; &nbsp;at /home/ubuntu/api/server.js:82:9<br> &nbsp; &nbsp;at &lt;anonymous&gt;</pre>

@dry valley Have you tried regenerating?

Yeah, couple of times

That, uh, looks like the server might be having troubles..

@frosty cape -- this is one for you, I should think...

what server are you on @dry valley ?

** VPN server 🙂

I tried both Regular and Regular2
Same results. I've tried regenerating for each as well

hmm lemme take a quick look

lemme move to DM

Just reporting this here as it seems to basically always be the case, even after the new update. I apologize if this is a known issue.

I think something is wrong with the exp bar on the Dashboard. I'm no mathematician but I think 5268/8000 should be over half. Instead...

Hey, I'm attempting to complete Task 14 from Advent of Cyber room, but both of these servers are down -- or i'm doing something wrong?

@covert kernel wrong channel, #room-help but other than that, task 14 doesn't have a machine attached

@covert kernel I'd probably check #room-help first, as when it comes to boxes there's always a chance it's part of the game. If you just deployed I'd wait a few minutes and try again. If, for instance, you think the server is down because nmap thinks it is, -Pn, etc.

@dawn hedge does exp reset to 0 at each new level? or does it compound? I've just signed up and am only level 1, so I'm not sure haha
That progress could technically be correct if its a compounding exp value

any mod/adm i can dm a bug in the platform i dont think should be here?

@near raven If it's a bug, send it to support@tryhackme.com 🙂

Better to handle that kinda thing via email

will do

CMesS scoreboard is borked

the additional points system wasn't updated and people gained 800 from it

I think the points reset ignores the bonus points for anyone who completed it before

more so people who completed cmess earlier

have 800 points

seen it on borderlands which was updated

CMesS scoreboard is borked
@worthy stag Fixed

@frosty cape was surprised inoculation hasn't got additional points on it

I asked Zayotic, but he doesn't want extra points on his rooms anymore

ah that sucks

what's going on?

two questions require input and these are the ones i have points from

merhaba

türk var mı

two questions require input and these are the ones i have points from
@short jackal What room is this?

@short jackal I believe that's a really old room

Back when thm first came out

You could get points from tasks that didn't require you to press input

What room is it?

https://tryhackme.com/room/ctf

Oh right, it looks ok for me?

@sour cave Keep it in English please 🙂

The points are off

it just looks weird, thought that with the change the points would reset

optional did this room today and 0 points for the no input tasks, just 60 points total

it's only two questions that give points

ended up with 60 poiints

I completed cmess today and got 850 points

How do I open Kali machine?

I saw it was fixed

U have Room which is called kali machine

@sour cave If you're a subscriber, https://tryhackme.com/room/kali

This isn't the right channel though

i am not subscribed

Then you'll need your own Kali VM

how can I do it?

how can I do it? Can you help?

Google is a good start https://itsfoss.com/install-kali-linux-virtualbox/

a very big program

Huh?

I mean it takes a lot of space

Please keep an eye on the #rules channel @sour cave 🙂
Rule 1, specifically 😄

It's not that big

But yes

VMs are not the smallest things in the world

😄 😄

https://tryhackme.com/room/jack

this needs fix

Hi

Hi I'm in the Learn Linux room, and I cant connect to the ssh

from using putty or linux

@vast socket #room-help

thanks

Yeah

Everyone had their levels affected by the new point calculations @covert kernel

It's not a bug

yeah but how is the progress bar at the start and not even at half

It just be like that ;-;

I got taken down to a 0xC

it's because it's counting from 4000 to 8000, not from 0

ez fix

is there a bug with rpnessus? the very last question asks for the php version but doesnt seem to accept the answer 😦

@inland granite i did it yesterday... Got it right

hrm.......

It did accept the answer

ill try restarting the vm, see if its just a temp thing

I'm not home but if it's still not working give me a message and we'll check together when I'm home

@inland granite iirc nessus gives the two different php versions (one more detailed than the other) in two different scans

That could be it... I wasn't to sure about that to just say it like that, haha

hmm. the version nessus gave me met the mask, and then i went and looked at the site directly (giving its x-powered-by header val) which also matched the mask. no dice

possible im missing something 😄

I've seen a lot of questions about exactly these tasks in the nessus room.. So when I did it yesterday I expected to bump into those issues... But I didn't 😕

its been a painful room so far - largely cause nessus takes like an hour to install on the kali vm thm gives you

almost as long on my real host, only for the results from my windows machine to be anaemic 😐

I agree.. They should've used a docker or something

nessus itself is a bit painful these days. really pushing for that gigantic license fee 😄

lol the site reports 5.5.9-1ubuntu4.14 and i saw a walkthrough that reported 5.5.9-1ubuntu4.26, so i just increasing from 4.14 in 0.1 increments. it ticked over at 4.20. is this a bug in the room?

I'm just home.. Gonna look at what I got yesterday

I agree with @inland granite

apparently I got lucky and got exactly what the walkthrough told me...

@inland granite you did deploy the second vm right???

(just to be sure)

one mo operator

actually i did not! up to this point on the path there has just been one vm per room - i missed the second deploy

however doing a quick look, it reports a php version that didn't work when i tried it before...4.26 still rather than 4.20

4.26 is right... that's what I have (and is the correct answer)

hmm. how does the answer system work, do you know? does it inspect the running vm itself, or is it hardwired?

hardwired...

i.e., if i had the wrong vm running, would it throw it off?

yes

or no..

the questions/answers are static.. just like the vms (should be)

i swear i tried 4.26 before. copied it straight out of the walkthrough in desperation, no dice

could you just deploy that vm? and see if nessus reports the right one?

id have to reinstall nessus, so no 🙂

LOL

anyway, assuming my brand of idiocy isn't unique, whoever maintains this might want to add a note in bold under the second deploy instruction that notes a new vm needs to be deployed

HackBack 2019
Task 4 Question #5 Flag doesn't work

Reported by: @TheMythologist

Room Ninja Skills file bny0 not exist

Chances are that’s only local

Pretty sure the time limits are handled remotely? There were some issues with machines just dying because the time wasn't syncing up

all the timing is done at the server so there shouldn't be any discrepancies

Hi everyoone

Hi!

@modern vine Do you have a bug to report? 🙂

No, website is running, sometimes you got to redeploy some machine but appart from that, everything is okay thanks ^_^ @orchid remnant

openvpn over UDP is blocked in my country , Could I use TCP instead like HackTheBox ??

Some problem with the vpn

My ping starts to go blank untill i re-connect the vpn

@winged dune #site-support

Has it been removed now?

after i removed it myself, yeah

amazing thanks

no worries

i noticed sometimes the filter completed checkbox doesn't work. anyone else?

See if you can reliably reproduce it

I've not seen it break

ahh i think i see what's going on. if i select it before the rooms load it wont work

Sounds like the same thing that was going on with the search bar

Lemme check

@fair moon When you say it doesn't work

I take it you mean that it just doesn't do anything

correct. sorry should've specified that

Nothing on the page actually breaks, but the filter box doesn't get rid of your completed rooms

Nah, not at all

Just confirming, because that's what I'm getting

Yeah all the filters and search are broken that way

I reported it a while back

Skidy fixed the search

I haven't seen the filter box mentioned?

@frosty cape can you please help me

im in a koth

and no matter what it wont recognize my username in the king.txt file

i chnaged it to the other guy in the match and he got points

changed it back to mine and nothing happens

@covert kernel

Are you sure you're using your THM username

yeah its N3M0

Case sensitive

Everything

i entered n3m0

after N3M0 didnt work

i tried nemo

That's really weird

each time i wait 1 minute

nothing happens

amd ive never had king despite having root shell cause it just doens like my name

i went to my user profile

https://tryhackme.com/p/N3M0

@frosty cape something to look at

which is were it brings me on the koth when i click my name

but im not in america

im in new zealand

???

Shouldn't matter

As long as you're using the right username

what even

im so done

that holmes guy has done nothign and i gave him king for 1m and that worked so what??

@frosty cape @covert kernel save me

i dont think thats me yet thats where it brings me when i view public profile

this bug or whatever it is hass made me lose so many games and lost me getting a hat cause i had king for 15m that never got counted

i dont think thats me yet thats where it brings me when i view public profile
@frosty lily Ah I see the problem

I've DM'd you to resolve the problem

Hello, I have tried SQLi labs room less-7 doesn’t seem to be working I have also checked source code through github it should generate result.txt not found. Also to make sure I run sqlmap to check

Task 2 of the Powershell room contains a dead link
https://tryhackme.com/room/powershell

Hello to everybody :-H

@covert kernel #general or #thm-community-media please

anybody around that i can ask about a possible bug in Brainstorm?

If it's that you can't run the binary, that's not a bug @dire siren

no, it's port counts

Under 1000 vs all

Comes up occasionally

well, the question states "How many ports are open?"

nmap scan clearly shows a certain number and the answer is not getting accepted

i've tried both -p- and normal top 1000

also tested with masscan

How long has the box had to boot?

9m

@spiral flame ok if i DM you so the details aren't in a public channel? i'm not sure how strict THM is on spoilers.

I haven't completed the room so I can't see answers

got it.

Is there any problem with Vip VPN Server tonight ?

no, not for me at least

Well, thanks 👍

Is anyone else having issues with box deployment times? I request for the box time to be extended but no matter what or how many times I hit that button, nothing I do changes the fact that after an hour the box is gone

Someone else reported that

It's under investigation

@fierce condor #685858111952781324

thanks for the heads up, makes for an interesting speed run but it is also killing me lol, if I could take a stab in the dark im guessing there is some issue with my profile on the guac server. maybe issue me a new one and see if a new acct fixes the issue? I was using my Kali box for a long time, I changed the password to the root user and had to log back into the xrpc interface with the new root password, worked fine the first time, after that it started going haywire

Guac is unrelated to the extension

Completely seperate systems

well then, guess i have two issues lol

Also gauc doesn't do XRDP

fun times, ill dig deeper

Does it happen with every box you deploy?

The expiry thing

Hackpark and Alfred for sure,

Hackpark has come up before

Is it every time?

yea, ive been at it for a while now and every hour without fail im out

@frosty cape Can you help fix this?

2 people have now reproduced it

appreciate the help @spiral flame

when i submitted a writeup it didn’t let me put in a link from Medium

Yeah because it had an @ sign in it

yeah that's what I thought

https://stackoverflow.com/questions/17105977/can-i-use-an-at-sign-in-the-path-part-of-an-url/17106141 invalid character for URLs

Medium bad

There's a way around it, by URL encoding the character IIRC @vast quest

Oh yeah i guess I just take the auto encoding on burp for granted

lol i just used bit.ly

Thanks

Some bug here i had already got level 8.

@winged dune Not a bug

#announcements

got it; hadn't read that

uhh

@topaz venture Yeah that's how it works

Downvote is -1

Upvote is +1

No vote is 0

Do creators have influence?

Yes

oh

ofc yeah

that makes sense

duh

sleep deprivation be like that ahaha. Ty lad

2 people have now reproduced it
@spiral flame Yes, its hard to replicate as its okay for me. If people report can you get them to post the IP, even if its terminated.

I assume there's a bit of a time limit on investigating it?

Is anyone else having issues with box deployment times? I request for the box time to be extended but no matter what or how many times I hit that button, nothing I do changes the fact that after an hour the box is gone
@fierce condor Do you know the IP of the machine? Might be a little late now, unless its stored in your terminal history

I assume there's a bit of a time limit on investigating it?
@spiral flame everything is logged, so I can see when it bootsup, when an expire extend request is sent, and then the machine is scheduled to die

Ah cool

im in the koth atm, can I get it to you here in a min?

Get it over whenever:)

@frosty cape alright, I went back and grabbed the ones I used today 10.10.92.24, 10.10.124.125, 10.10.28.86.

also random question, is there anyway I can change my username without having to make a new acct? or can I make a new one and transfer my purchase?

No you can't change your username yet

lol I will be patient then, thanks

So 10.10.28.86, had 2 hours expire time.

It looks like it was manually terminated

10.10.92.24 has 2 hours expire time, and was terminated automatically.

10.10.124.125 also had 2 hours expire time, and was terminated manually

Are you sure your VPN connection didn't die and it looked like the machine was down?

I had hit the extend timer button on all of those instances, my vpn has seemed to been stable all day. My shells died and I verified it by trying to go to the blog being served up and that would time out as well. Between my shells dying and the webserver no longer being able to be accessed even though the dashboard said I still had time (usually died around 58 to 57 min left with a request in for more time), I terminated the box in the dashboard when my connections died and spun up another connecting to it with no issues again, didnt reset my vpn or anything.

Honestly the first few times it did it, I figured it was on my end but at the third and 4th time it did it at exactly the same time. I can run it again, anything specific you would like me to note down or get outputs, screenshots, video?

unless its a feature of the box? lol that would be an interesting twist

@frosty cape another room with bugged points https://tryhackme.com/room/cherryblossom

@fierce condor all the timing is handled server side

So if the request for launching a VM/increasing the time takes time to go to and come back from the server it may reduce the activite time

Hmm it shouldn't be that much

screenshots would be good

and the room and exact time as well

@frosty cape another room with bugged points https://tryhackme.com/room/cherryblossom
@worthy stag Fixed, thanks for reporting:)

Hy guys how you all doing

@west dew #general might get you a better response

Ok

@frosty cape another room go point bork https://tryhackme.com/room/hackback2

how to learn information sec everyone can help me

@viscid anchor #general

@frosty cape another room go point bork https://tryhackme.com/room/hackback2
@worthy stag Updated the room to stop the points.

might need to check the points given out as I know myself and szymex used it to bump our points 😂

😇

boi I used that back in January

ah yes but your points would of been reduced to 30 per question answered

we just got 500 points per submission

hey, i got a bug in alfred room. when i solved this box, there were another task named task 4 and it was saying something like 'coming soon...' . after couple of days i checked the room again to see whether task 4 arrived but i saw that it's been removed. so the bug here is that alfred room is not showing as completed in my dashboard:

papi

I bork my /messages page

it's also saying I have 208 unread conversations

not sure why

hackpark, fourth time this happens. The VM became urresponsive after a certain amount of time. Admin Webpage, NC rev shell and meterpreter died. this is the time remaining. I've added 1h, so is up since 1h 5m

i wrote a message yesterday (https://discordapp.com/channels/521382216299839518/522158539129618453/702122912819314709) about the same problem, but no responses. the time coincides.

hey, i got a bug in alfred room. when i solved this box, there were another task named task 4 and it was saying something like 'coming soon...' . after couple of days i checked the room again to see whether task 4 arrived but i saw that it's been removed. so the bug here is that alfred room is not showing as completed in my dashboard:
@tall maple still remains the same @spiral flame

hackpark, fourth time this happens. The VM became urresponsive after a certain amount of time. Admin Webpage, NC rev shell and meterpreter died. this is the time remaining. I've added 1h, so is up since 1h 5m
Just experienced the same thing, HackPark died exactly after an hour

Hackpark is quite unstable and we're looking to get it modified 🙂

https://tenor.com/view/cool-awesome-nice-gif-5320509

Hey, I don't know if this is a bug, I think it's related to the new point system! but yeah I first blood this room but got only 60 point I don't really care about points tbh but yeah still wanted to report this!

https://tryhackme.com/room/yearoftherabbit

@polar sapphire Yeah the new points thing is kinda broken when anything has extra points

Yeah alright 😉

I wasn't sure but I thought it was related to this

I keep receiving this problem but every other page works fine. Hackpark and I don't like eachother lol 😆

I'm also experiencing the HackPark issues. It seems to just die after the first hour even if you extend it. No response from the webserver or any shell(s)

Hackpark is quite unstable and we're looking to get it modified 🙂
yes @polar pelican. let's pray our admin lords to fix the issue. hail to the admins 😄

To this day I haven't experienced this unstable box

I've done hackpark 6 times and never had any issues

hello, i got charged twice for my subscription. Emailed 2 times but no response yet. Any admin here that might help ?

@frosty cape ^

hello, i got charged twice for my subscription. Emailed 2 times but no response yet. Any admin here that might help ?
@fierce furnace Hi there, can you DM me your email please - I'll speed up the response time on it (we've had a lot of emails lately) 🙂

Hi, how to use the Internal Virtual IP Address

?

I was listening on a port in a vagrant box in my windows machine, but I can't get the reverse shell back

Already on vpn

@undone kelp internal IP is your tun0

if you type ip a in terminal you can see it there

can you elaborate more ? @olive drum

so it can't be used for reverse shell ?

can be

in reverse shell you need to put your tun0 IP address

and then launch the nc listener on some port

let me elaborate more

I deployed my kali machine

and I tried to do nc to my tun0, but it still can't connect

you just need to nc -lnvp {port} to launch a listener

and then specify your tun0 in reverse shell file/payload

yeah already did that

it isn't even reverse shell, I can't connect using nc

isn't the kali machine supposed to be able to connect to my internal ip ?

tun0 is kali's IP address

inside the network

wait I'm loss here

@undone kelp tun0 is the ip given to you when you connect to the THM vpn.
Use ip addr show tun0 to get the ip

@median sapphire is it different from the Internal Virtual IP addr from the /access page?

Use ip addr show tun0 in your kali terminal to get the tun0 ip.

I think we are not synced

I'm on my pc, connecting through openvpn

on my pc, I'm listening on port 8000

Use openvpn on your kali machine.

I deployed a kali machine

and then tried to connect to my pc "Internal Virtual IP addr" from the /access page

but it failed

Ah, so you're using the online Kali

yep

ip a should return the ip that you need.

no, I don't want it to connect to the online kali

I want it to connect to my pc ._.

the online kali is just for testing purpose

the online kali can't connect to my pc

Then hack from your own kali.

yeah the problem is it won't connect

do you understand the problem ?

the online kali won't even connect to my local listener

@undone kelp #site-support

if i understando what do you want to do @undone kelp, you need a static ip address from your ISP and the port open on the router

like port forwarding ?

@cloud tundra He's connected to the vpn on his host machine as far as I know.

so what's the /access virtual ip for?

port forwarding is for public ip, I'm connected to vpn

@cloud tundra He's connected to the vpn on his host machine as far as I know.
@median sapphire yes, i missed that part

sorry. go back to my cave 😆

Hey guys.
When trying to connect to the 1st box in the linux walkthrough I'm getting the "ssh: connect to host 10.10.11.124 port 22: Resource temporarily unavailable" error

what command did you use?

ssh shiba1@10.10.11.124

are you connected to vpn?

10.x.x.x is usually local

Wrong chat btw

which chat

#room-help

alright

thx

https://tryhackme.com/room/privescplayground answer is bugged

NinjaJc01 told me to let you know in here and that he confirmed it

(Bugged for just them, still shows fine here)

Submits correctly too

Correction, they made a mistake in the flag

Hi! i want to report a bug or maybe a mistake of mine

something has to be wrong in the Hydra https://tryhackme.com/room/hydra room. I tried to get the post service password and i didnt get it still while im doing the same as the write up

not even 20k attempts later

It worked for me

Several times

it worked today?

The VMs are cloned from the same image, each instance is yours and non persistant @pearl fable

i know, but maybe something is wrong at the image, maybe they change something

i mean, im doing the exactly same thing that the write up

wait, now is different. Wait

well 7k attemps still the same. The difference was the verbose, i was wrong. it wasnt different haha

@pearl fable update your rockyou.txt

donwload a new one and use it

ok

i once had the same issue and turned out my rockyou was outdated or something

okok, ill try. Ty

It's normally when people use bad versions of rockyou

im going 2k, im going to wait till 10k

I can give it a go again if you'd like, I have it saved in my bash history

yes, could you? It would be really helpful

I dont know if im talking english or tarzan-english. Sorry for that

10k with the new dictionary and nothing

i'd cut it

update hydra maybe

already did it before i start with the room

!multivpn

@pearl fable Works here, DM me your command

ok

The bug was in my brain. Sorry!

sorry about my type from earlier 🙂

Could have sworn I copy/pasted

sound like an end user 😦

hi, i am using tunnelblik. also i am connected to VPN.

but the User name and password for a machine is not working

could you please help.

@cinder trail #site-support if your VPN isn't working. #room-help if it's a room that you can't get working.

Room Ninja Skills file bny0 not exist
@worldly pagoda yeah ive used mabe four variations of the find command and this is the only file I cannot see the path of.

(this is not a bug, but a big inconvenience) Hello, just wanted to report that adventofcyber/[Task 22] [Day 17] Hydra-ha-ha-haa's answer hints are mixed up. The hint of #1 should be the hint of #2. It's so misleading that if I wanted to crack #1 I would have to wait an entire week on my machine for the answer to come up in its 905k+ place in rockyou.txt. #2 has the answer within top 30 though so if the hints changed places the problem would be solved.

how can i decrypt a bcrypt hash?????

faster

anyone??

They are slow to decrypt.

Best thing you can do @dense quail is use a GPU

Hi 0day

Still isn't fast.

Hey whats up Night

i have a problem with hackback 2019

I don't think I've completed that.

Link it to me.

task 4 flag 1

https://tryhackme.com/room/hackback2019

No I haven't and these questions are for #room-help or #692465827143876689

btw

Meet me over there

yes i used hashcat on my host computer in order to use gpu but its showing 29 days xD

I need to report a bug regarding HackBack 2019. At task 4 flag1 when inserting the correct flag extracted from flag1.txt it tells me that the answer is correct. I;ve tried to remove a letter from beginning and after that from the end and the answer still is incorrect. I've attached photos with the issue and also with the flag

@flint dragon Can you remove that picture? It's showing the answers.

ok

is it ok now

?

thanks

i wanted to attach the photo to see that i really have the answer

why i still see the picture with the flag?

@cloud tundra ?

I see it.

I noticed it as well now

ah ok, so he didn't removed the first one with the flag in the terminal

I can't delete just the image

Hi there , I am a newbie to this wonderfull world of ethical hacking. Want to make some friends on my journey to exploring this craft.Hi there , I am a newbie to this wonderfull world of ethical hacking. Want to make some friends on my journey to exploring this craft.

Just answered 23 questions, got 0 points in intro to networking - All were answer based not No answer required

@urban flame because that room is huge, it gives no points

Oh lol

Unless I'm blind, it would be nice to be made aware of that haha

@urban flame because that room is huge, it gives no points
@spiral flame Does that apply to CTF100 and other large rooms?

@urban flame it's specifically for quiz style rooms I think

It's in the docs

mhhm

@topaz venture Yeah that's a thing

ah okies - as long as it's been reported before :^^

It'll just keep overflowing that @topaz venture

wait is 0XD god the highest level? I coulda sworn there was one above

Nope, it's the highest

oh

what's the word for one of those things that you've always thought wrong

seems like sleep deprivation is the bug in which case nvm

@warped osprey your user.txt is borked

it doesn't work

yellow @warped osprey

try now

@rare swallow

fixed

Is this large waiting time wanted? 🤔

Its not, does refreshing your page fix it?

Nop and it happens at every room with Browser integration. Using default firefox in kali.

Corp applocker bypass doesn't work

@exotic venture It did for me.

@spiral flame What did I do wrong then?

Moved to #room-help

In the rpwebscanning room, question #8 seems to out of date as the rule is depreciated since early Feb 2020. That alert doesn't show in current ZAP version 2.9.0. || https://github.com/zaproxy/zaproxy/blob/develop/docs/scanners.md ||

@wind dune it does, just not reliably. I tested this myself last time it came up, on that release.

ok, I might keep trying to see if that alert appears

hello, greetings

@mint coral Salutations! Do you have a bug to report?

oh no

One of the most used invites goes to the bugs channel for some reason

is points in retro room buged?

it gives +200 points for user flag and +400 for root

Regarding Blue, there's a change in Metasploit 5 I'm guessing, Task 2 question 3 is pluralized, but the answer wants non-pluralized

Hello Guys

👋

Hello, I want to add write up for NAX but when i try to fill write up tittle and past medium link site give me an error .

@barren aurora @ signs in URLs are invalid technically.

They need to be encoded

can we use tiny url to shorten write up link ?

Or just fix the URL so it's actually valid.

Much better than masked URLs

Thanks @spiral flame

Don't like these emails? Delete Account

Passive aggressive....

https://tenor.com/view/intrigued-yes-nod-gif-13920961

How to mark this room complete?

@fresh tide Reload the page, it will appeared as marked next time

Since the first day its just like this. first there were two rooms shown i showed here i think Darkstar fixed that but it still wasnt marked as Completed

@fresh tide Reload the page, it will appeared as marked next time
@median sapphire Did it like days ago

@fresh tide you mean the bar in the right corner?

that's the difficulty 😉

This room is not being marked completed

ooh.. the mark 😮

yeah that IS weird

retro room is still 690 points

@fresh tide does incog mode do anything for you?

@lost wagon i have completed this room 2 weeks ago.. At that time there were two rooms available in "My Rooms" I asked here for the fix i think DarkStar fixed that and asked me to leave the room and join again. i did since that day its not been marked completed yet.(Joined not completed with 0 tasks left to do)

@fresh tide ok.. I'm no help then 🙂

Even 2 weeks ago it wasnt marked completed , Did all the tasks..

Also why do i have 2 Badges of Blue Room?
https://tryhackme.com/p/Naughty

I guess your account is f'ed up 🙂

@frosty cape bug party right here

Also why do i have 2 Badges of Blue Room?
https://tryhackme.com/p/Naughty
@fresh tide Fixed

Not sure why that happend

Also the room completion thing

so.. what's up with the email thing I posted? is that... normal?

Passive aggression. Just how we like it

Surely that should be an “unsubscribe” button

lol

yeah.. weird thing is.. it redirects to https://tryhackme.com/dashboard

Also the room completion thing @frosty cape

Hello, just completed the room bebop and noticed that the root flag is actually readable with the unprivileged user, i guess that's not on purpose...

@tribal knoll your room?

I confirm what @winged badge said

in the RP: Webscanning, part 2 question 7:

This website doesn't force a secure connection by default and ZAP isn't pleased with it. Which related cookie is ZAP upset about?
The answer isn't the cookie name, but an attribute of the cookie, that should be clarified or ideally rewrite the question

@rugged ermine Plz fix.

what does it mean when you enum the correct username from smb but when you try to brute force the password with hydra it says the user account doesn't exist? basic pentesting room question #6

Not a bug.

oh sorry my bad

Also the room completion thing
@spiral flame still not fixed.. (OpenVpn)

is room uopeasy cracked hash isnt in rockyou.txt

and points in that room are buged

@wispy storm It should be, the page suggests to use rockyou.txt

it isnt but i got it

Can I dm you?

yea

hi guys

am doing "CC: Pen Testing" am stacking in section 14 question 3 "How do you specify which rule to use?" ?? which i try "-rules"
but didn't work is it a bug ?

No, your answer is wrong.

@frosty cape

@fresh tide Whats your username on the platform?

Naughty

That's happening on Alfred as well

Alfred had a question added and then removed so that might explain why?

Naughty
@fresh tide Updated

Alfred had a question added and then removed so that might explain why?
@spiral flame Its most likely this yea

Makes sense

Thanks

https://tryhackme.com/room/laxctf

I believe LaxCTF has a problem due to the new VPN config. I could be wrong, but I tried everything I could find in my research. It doesn't seem to be connecting. In reference to the root flag/rev shell.

What new VPN config?

It's the same port but a different IP for the VIP VPN's

It puts you on the same network

Yeah, well I researched this exploit and couldn't get it to call back.

I tried for about 2 hours.

the VPN configs are almost exactly identical so you shouldn't have an issue O.o

could it be a problem with the exploit (some tend to be unreliable and take a few gos to run)

Also do you have the right options set for the exploit?

I tried every config, and my own configs of the exploit but couldn't get it to even run the file. I was able to spawn a rev shell from the user account. So, I know it's not an issue with my VPN.

Either way, I'd like to root the machine but maybe I'm missing something?

It's pretty straight forward.

If you're already in the machine, maybe manual enumeration or even installing and using enum4linux would prove useful instead

@covert kernel I enumerated the entire machine and I know exactly how the priv esc works.

It's not working, that's why I'm in #site-bugs lol

When in doubt

Fair point

local_exploit_suggester

hahaha ❤️

@frosty cape skynet points massively off? just done the room and only got 40 points, others have 150

The link for Phishing: HiddenEye no longer works because GitHub has since taken down the repo for hidden eye

I retract my statement I just can’t read

Hello everyone!

@chilly sage #general or #thm-community-media unless you have a bug to report please

Okay thanks @spiral flame I am new here didn't know that

Read the channel titles, and topics. It'll get you a long way

I didn't even click on this channel that's why

Yeah, that's a pain. It's not your fault 🙂

I believe there is a small error in the room https://tryhackme.com/room/toolboxvim
Task 4 Q6 is "how do we cut a line?" The real answer being "dd" but it asks for "d". Moreover the pattern is similar to Q1 which asks for "yy"
Q8 should also be "d$" instead

@frosty cape skynet points massively off? just done the room and only got 40 points, others have 150
@worthy stag It looks like this room was made into a walkthrough room, which means you only get 25% of the points. I didn't change the room to be a walkthrough

Not sure who did\

Let me update your points

Shouldn't it apply retroactively too?

What do you mean?

If the rooms a walkthrough but was set to a challenge.

And is then later set to a walkthrough because that's what it is

Ohyou mean change all the points in the room to make it fair

Yea

Thats a good idea tbh, will add. Already have the functions to recalculate scores.

And if you can fix the bonus points thing too

Do you mean the extra points?

I think after the recalc, people didn't get the bonus points if they'd done it before it was recalculated

the +250 thing

It also means insane amounts of points come out of those

250 is a lot now

Oh right, as in, if they'd completed it before the recalc, the bonus points were not factored in?

They lost those +250 points

Yeah I get what you mean, will look into having these added.

Its a good point

Is the room Retro really buggy for anyone.. webserver will load after 5 mins then just time out

been happening all day

nvm prolly on my side

I was going through the cod caper and stuck at the gdb point running it exits due to a seg fault?

why dont I see my tryhackme public profile picture on here?

Because your discord account and TryHackMe accounts are separate?

my tryhackme account say dont give discord my discord number

why is that ?! as if im trying to go commercial or something they think.

its just a online picture im using

i should dm verify it anyway

@polar iris not a bug. But the disclaimer on the website is about sending your token in public channels. Don't do that.

oh ! Thanks for the advice

i still dont understand though! everyone else got they profile pictures.

When renewing the time on the box it mentions that you should renew the box as the timer runs down, if you used both this shouldn't show up. Also, could we get a limit for the second renewal of time of an hour? Users can click 1+ hour off the bat and +1 hour shortly after.

Did u guys submitted the rooms?

@sharp crest what do you mean? (also wrong channel)

I mean have u paid for the better rooms>

like a subscription?...

yep buddie

yup, currently paying for 3 months straight

How is that?

if you want to discuss subscription, move over to #general

OK Thx

@ tomghost room, same writeup twice:

Also.. I sometimes see some typo's .. you want me to report them also? I have trouble reading so I read sentences like 2 or 3 times... so I maybe see them more often than normal readers

feel free to report them here or @ the user @lost wagon

I meant in the rooms.. you mean the user of the room?

because we'll be doing that too

no, the owner of the room

yeah.. owner, my mistake 😉

if it's tryhackme that's skidy or ashu

other than that usually they have the same user as on discord

yes ofcourse.. thanks Chad_Lad 🙂

anytime

hello all

there is a problem with tryhackme website

when clicking on manage and than teeam

teams

Seeing as I don't have teams in that menu.

other and than teams

works fine for me

now it is ok for me also

pog :s

I dont know if can be considered bug or not. I solved 'SimpleCTF' room without SQL injection. I just found robot.txt, and I figured out user will be mitch and I brutforced password

Hi everyone, i've just finished the room Blue. I answer to every question but some task don't become green.. it is a bug? how can i resolve?

can you screenshot task 3?

The answers from it?

Can you try refreshing the page please?

lol it work. i feel so dumb right now

thank you

nw, weird bug

@frozen thicket Hey there are some tasks where u just have to press on completed xD

happened to me a lot lot of times already

aah ok

Bloods don't apply retroactively, so for older rooms people lost that extra score

Hello

Can someone help me?

Not in bugs chat

sure, go ahead to #room-help

Thank you @olive drum !

hackback2019 task4 #5 doesn't seem to like the first flag. anyone else get that?

Google dorking task3 #3 needs to be updated?

Don't show answers

And you didn't read the answer format or the question

/100.

I was never here

does jack room requires privlage escolation?or it is a bug ?

most of the rooms require priv esc

yea i know but i didnt need it in this

so thats why i am asking?

i wasnt root but i could go in root directory ,and i couldnt run ls in that directory but i was able to run cat

all that while regular user

@wispy storm In some systems you might be able to access a folder without being able to use or affect the contents of it. Other users/groups might only have specific permissions for different commands on a system or with normal or escalated privileges.

yea that make sense but was quite suprised when i saw that i can,becaus on other tryhackme machines i couldnt

Hi, I believe the input for first flag in task 4 of the room hackback 2019 is still incorrect

@cobalt oar Try the standalone version

yup, the flag works for the standalone version but not the hackback 2019 versino

*version

where do i find the IP to scan in the first excersize?

I dont see it anywhere, it just says "<machines ip>

the ip of the machine you deployed @covert furnace and for that questions please go #room-help

Yearly Activity seems to be broken and stopped showing activity after 25 of this month

Hi Im new 🙂

@tidal wing Hello person named new 😄 , this channel is only for posting bugs, do you have a bug to report?
Otherwise head over to #general or #thm-community-media

Hey admins (don't want to ping lol)
I have three different emails awaiting a reply (two of which are about probable bugs on thm) sitting on the hello@ inbox
could you check them out quicker than the previous one? 😄

I'm unsure if one of the rooms as a bug. In CCPentesting, in the second metasploit lesson when it tells you the exploit the machine, metasploit says the exploit completed but no session was started.

When running the exploit without "set forceexploit true" it would tell me that the target isn't vulnerable. After setting forceexploit, the output is as stated above.

@vocal iron Not a bug, that's user error or VPN issues.

oh shit you're right

@vocal iron What is you're LHOST set to?

#room-help

I didn't use the vpn. I forgot. Thank you @spiral flame

Sorry for that

Not sure if its a bug or not but it should be fixed.. after koth ends the invite link should not add you in the game

Dang I'm still having the same trouble. Used the VPN and the same result. LHOST is set to my IP @median sapphire

@vocal iron Is LHOST set to you're tun0 ip?

@median sapphire x_x it was set to my eth0... Thank you so much!

It worked!

My oscp prep path is bugged

I've finished the path but the first 2 rooms which are "Kali Machine" and "Open VPN" are completed but I don't know why, the path thinks they arent

Thats annoying

Oh wait

Can you go into each room

There is a task not complete

Go into the OpenVPN room

I added another task today

So it will show as it not being complete.

Oh sorry didnt notice

Shouldnt it mark as incompleted?

If there is a new task added, it will show as incomplete (the whole task, not rooms as you've previously completed them)

Oh okay, didnt know that sorry

The room Shodan.io has outdated questions in comparison to the actual Shodan.io database, I know this may be an issue to provide good questions. Just that it's not accurate to the questions, had to use reasoning on the questions based on character count. Using a paid shodan.io as well.

Looking at the robots.txt

Allow: /host/

# Every bot that might possibly read and respect this file.
User-agent: *
Crawl-delay: 10
Disallow: /search*
Disallow: /host/
Disallow: /report/```
Wonder if there would be a way to scrape this information passively? Maybe a dedidcated RPI or permission?

@zinc hare Which questions?

What is the 3rd most popular country for MYSQL servers in Google's ASN?

Currently going through the challenge rn

@zinc hare DM me your answer for that, I don't have shodan set up

Gotcha deleted it

@vocal raptor this has actually changed

.

you need to be specific about your query @zinc hare ^^, i helped someone a week ago about it

@rare swallow Nah the ordering has actually changed

is it? i knew i had a small problem about finding it but still got it right

I don't have shodan set up, but the screenshot that I was DM'd showed the answer moving to 4th

alright, i know it was something about the query that i had to tune

but very likely stuff changed

i still won't classify it as a bug, probably as an issue

Can I report spelling typos in here or is this just for major bugs?

James does, so go for it 😆

@topaz trout You seen #685858111952781324 lately?

I don't seem to have access to that channel

You can read

Not write

I don't see that channel at all.

@frosty cape Also, few typos for you

Weird

@rugged ermine Can you make that channel world readable please?

Is there a certain format that I should submit the bugs in?

Nope

Describe them and we'll sort that

Alright, give me just a second.

@frosty cape Also, few typos for you
@spiral flame huh/

in #685858111952781324

Room creator's interface stuff

Oh right,yeah ty:)

https://tryhackme.com/room/rptmux

#23 Last but now least, how do we spawn a name tmux session named 'neat'?
There was another one in a different room that I just completed. Ill have to go back and look

I now have #685858111952781324 🙂

Thanks dark

https://tryhackme.com/room/rptmux
There was another one in a different room that I just completed. Ill have to go back and look
@topaz trout Hi you have any news about this bug? I'm stuck in the last question because the typo lol I have a OCD about leave stuff incomplete 😂 I need to see a 100% complete

The bug was a typo, and not one with consequences

@covert kernel If you need help, please use #room-help

@covert kernel If you need help, please use #room-help
@spiral flame understood tks

Hey, so the cryptochallenges room (https://tryhackme.com/room/cryptochallenges) has this task that noone has solved (#8, challenge 7) because the answer contains characters which the plaintext output of the cipher does not contain (it only has them on few of the lines)
Could someone maybe fix it by removing these chars (dots and escaped single-quotes) from the answer so it's solvable?

Room: gamezone
Task 5)#1: Typo

I just noticed this, I've completed retro for quite some time, but have not been awarded the badge, my profile is:https://tryhackme.com/p/ma1ware

Same ^^

Chev is in the same boat

It's been raised before

no one cares about CMs ;-;

@frosty cape When you're free can you please fix the above mentioned?

@frosty cape When you're free can you please fix the above mentioned?
@median sapphire Fixed

Thank you!
@rare swallow @orchid remnant Skidy fixed the bug 🙂

thank youuu

same

I just noticed this, I've completed retro for quite some time, but have not been awarded the badge, my profile is:https://tryhackme.com/p/ma1ware
Same 😭

On the Vulnversity Course I completed the nmap portion and took a break and now I can't seem to nmap the new machine. bug?

Probably not.

weird

im getting a ping and able to run gobuster against it

@frosty cape https://tryhackme.com/room/learnburp This room, you NEED to turn the security from impossible to low or something. This should be specified.

Hi, I'm pretty sure the timer on https://tryhackme.com/room/webgramming is broken for the final task "Catch me if you can". It looks like it's using unix time, but isn't properly subtracting the current time, so it says that I took 50+ years to send the flag. Been pulling my hear out for a while, so I'm pretty sure that it's not a part of the challenge to manipulate the time somehow - unless someone who's completed it can correct me?

@spiral flame It's been a while, but I'm still having the issue where the VMs shut down after an hour. Which IP were you wanting?

They're for @frosty cape

I don't have any control over the website/AWS stuff

Ok. But was it my IP or that of the box that is dying? or both?

I can't tell you, can I?

If I can't access any AWS stuff...

Not exactly a bug, but I guess this one cannot be solved. Room: https://tryhackme.com/room/bpvolatility
Virustotal does not show any malware in there while Hybrid Analysis is not accepting files over 100 MB for upload :(.

@azure turret Read carefully

DLLs, not the binary

The binary isn't infected

ahh okay, thanks 🙂

tbh, whenever I think that something cannot be tricky and is definitely straighforward... 😄

but i love the community 😁

hi all

i can't connect to this challenge "[Task 18] [Day 13] Accumulate "
??
any help

@wicked raptor #room-help

@frosty cape https://tryhackme.com/room/learnburp This room, you NEED to turn the security from impossible to low or something. This should be specified.
@spiral flame Updated this room's task to explain that, thanks for letting me know. This room will be deleted soon anyway as there is a 🔥 BurpSuite room coming very soon by @rugged ermine 😉

👍

@spiral flame It's been a while, but I'm still having the issue where the VMs shut down after an hour. Which IP were you wanting?
@jade beacon Just so I remember, they termiante even if the expire time has more than 1m on it left? If the button is disabled and you can't extend, refresh your page and extend.

I'll make the extend button undisable automatically

@frosty cape Yes, they terminate after 1 hour, despite having added extra time.

That change has been needed for a while

Hackpark woooo

@frosty cape Yes, they terminate after 1 hour, despite having added extra time.
@jade beacon What browser are you using?

I think other people have reported it with hackpark

@frosty cape Firefox 75.0 in Ubuntu

it's not just with HackPark for me

happened on steele mountain earlier

In the room https://tryhackme.com/room/privescplayground you can run the kali machine in the browser without being subscribed

Is it intentional?

That's not the kali machine

What's that console then?

A terminal

To access the VM for the room.

It's something that room creators can get set up

Oh cool

It starts with welcome to ubuntu

It starts with welcome to ubuntu
@spiral flame You're right 😅

Thank for the explanation

The kali machine also has a GUI.

@spiral flame Oh okay, so I wasn't wrong then? I thought I was going crazy bc of lack of sleep.

@zinc hare Huh?

The order of servers for the Shodan box

I barely read your messages above just now.

I mean you might have been

Ah, okay.

Creator hasn't been around for a lil while

When I deploy the machine in the room webgramming, I get an undefined IP Address

tried reloading the page as well as re-deploying the machine, both didn't work

ok nvm it works now

Room https://tryhackme.com/room/tomghost has uneven spread of points. I finished that room as 8th person the day it was released and now all my blood points are taken away.

I've completed all the rooms in "Complete Beginner Path", but the "Web Application Security" remains red

Same problem in OSCP Path. Could be that i've completed all the rooms non being enrolled in the path?

look openvpn room @cloud tundra

theres a new task

just mark as completed

oh, i understand. i'll check all the rooms. thanks @covert kernel

just the openvpn one :)

i got the same issue in DVWA in Complete Beginner Path. Now shows all in green

This is a "bug" or something? In agentsudo room, when it asks you for the ssh password, which is ||"hackerrules!"|| , if you just type ||hackerrules|| it tells you its correct too, shouldn't it just be correct if its completed?

jurassicpark: "Flag 4 is a joke, It was originally from /tmp directory. (Thanks to user Darkstar who provide the flag)" <-- yeah, that's not a joke, it's a bug.

!!!!!!!!!!!!!!!!!!!!!!

Why is the primer rooms off compared to the other ones

It’s short, just like @rugged ermine

keen to agree

that's probably true

@olive drum that's already made it into bug submissions

okay, ty

@RealTryHackMe that path disclosures make me a little bit nervous. #remember The shoemaker’s son always goes barefoot.

@slow roost twitter handle != Discord username

And it's fine.

I've spoken to them about it

I know that about the Twitter/discord handle. Just c&p ffrom Twitter because no reaction

I cannot think of a good reason why node modules are installed locally to root and other users (I hope that another user runs the node stuff).

@slow roost talk to skidy about it.

@RealTryHackMe that path disclosures make me a little bit nervous. #remember The shoemaker’s son always goes barefoot.
@slow roost Not sure what you're refering to, unless its the /root, where the platform is running inside a container with the right permissions.

How do you define a new ENTITY?
in xxe task 3 q4 seems to want an incorrect answer (missing character in the answer) and ironically is case insensitive in its answer

@frosty cape do we get a badge if we docker escape on tryhackme.com

I guess you can award yourself any badge then

trueee

Knowing skidy

He probably has a root.txt with a lifetime thm voucher inside the container

😁

@echo terrace #room-help

I was reporting an error in an answer is that not here? don't need help with the question

@echo terrace Nah, the answer it requires is correct

huh that's weird I was sure I entered in a '<' for the answers before it and it accepted it and wouldn't accept it for that one which is why I was confused but upon refreshing the site it formatted my input.. 🤷

That's answer tolerance

You're not meant to have < in the answers for that

@sly raft This quite reliably comes up, and I have to keep relogging

After I've uploaded something

hmmm

are you uploading VMs?

It was VMs both times yeah

Haven't tried material

the current alternative is that you can only have one upload page open at a time

and that would solve the relogging issue

would that be better?

Not sure

as for that message, i'll investigate more

I think it's just not detecting that it's finished

ah did the message show when it didn't successfully upload or?

Both

I mean "successfully" is a bit misleading here since there's a really weird bug in the VM I uploaded but it converted etc

First was a failure, second worked fine

and the first failure was an upload failure and not a conversion failure right?

Nope, conversion

Although I think I cancelled an upload at one point

koth? cant join a public game

Will put out again that tryhackme.com/releases does not show the correct first bloods

e.g. nax is wrong as stuxnet created the room and szymex didn't get root blood on dogcat

I also did Cod Caper 2-3 months before everyone else because I tested it

@worthy stag Submitted

much appreciate, seems to hav ebeen bugged for a while

Blood points are also bugged

I wonder if it's the same cause or just from the points changes

Loads before stating "You need to create a room to assign tasks to! Create a room here."

is it normal to take forever to deploy

its been like 20 mins and it hasnt opened

are you connected through vpn? @golden lion

yep

which machine you are trying to deploy?

im having issue loading vm too..

what is the issue you are facing? make sure you are connected to the vpn as that is most common mistake everyone makes

yes , im connected to vpn

unable to connect

which room

Blue

seems fine to me

Windows machine just takes a couple of minutes to deploy

waited for about 15mins

should i wait longer?

can you see the ip?

are you trying to ping it?

im trying to launch it via web browser

try using
ping <ip>

not all the machine have a cloud vm

and blue is defintely not one of them

its windows machine. you cannot access it in your browser

how should i laucher it ?

@drowsy dune #site-support

have you done the openvpn room?

nope, as i was able to connect without issue.

you are connected through openvpn right?

yes

is there other way to open to vm after deploying other than using the ip in web browser?

*the

not all vms are http servers

read the tasks

alright, let me try again

it walks you through the room

ctf100 down?

which part of ctf100

deployed it 15min ago, not responding to ping

tried redeploying, same thing

am i missing something or is it not booting?

which stage of ctf100

it has like 8 vms.

oh, first part then

did you read what you were asked to do?

do I really have to download the ova...

.<

no

then I might be blind

follow the steps you are asked in there

okay guess it just doesn't answer icmp requests

yea will do, don't like reading the help parts but i guess you have to in this one, sorry 🙂

Try solving your issues on your own before asking someone else for help, That way of learning is more fun

yeah. works just fine

it does answer icmp requests

thats weird

check your vpn with ip a

no problem with my vpn connection, checked it multiple times to be certain, but I did get an answer from the port scan so it is working

just not answering to pings from my end

hmm. weird

I'm pretty sure blue is configured to ignore pings

Windows Firewall by default blocks ICMP packets

Or something along those lines

yes

small bug here, i accidentally added a character to the flag after clicking Enter to submit it and it saved it as correct

spoiler:

the ~ isn't supposed to be there

Flag submission uses regex with some level of tolerance like 90% (don't quote me on that)

damn, i had no idea

There was a question in a room that read "What iPhone did this person use" and you could use any number or letter because of the regex

ahahahah

thats cool, thanks

maybe there could be an option to enable/disable regex in certain flags (for the room maker)

hi, I'm doing the Linux challenges

For the flag 17

I should log as Alice to read the flag

but i can read it as Bob

Read flag 17 as Bob in Linux Challenges

@tawny quail Other users have Read privilege for that file

@tawny quail Other users have Read privilege for that file
@pseudo meadow Yes I imagine for the scenario just Alice should have the right to reade it ?

Sorry my english is not perfect 😄

Technically yes but I imagine it was made to be less challenging as it is an introductory room for beginners 🙂

can anyone help with the syntax to decode base64 after its been encoded 15 times? I have the syntax to decode it once but I cant figure out the syntax to loop through it

#room-help @indigo quail

That will be covered in an earlier section as well

Go back to whichever task covers loops

thank you

Hey!

I got a bug on the room hackback2019 task 4 (Jurassic Park) question 5.
I can't complete the question because the flag is not the correct answer

Maybe that's the wrong flag

Flag 4 doesn't exist @young hatch

Its the flag 1 xD