#site-bugs

Just ask

It's probably not a bug if you just don't know how to solve it

ok im on the secound part of it and the Invoke Expresion command doesnt execute a script i tried provided line also a few othe variants of Invoke Expresion command with empty output

You're probably doing something wrong

#room-help

Hi, in RP: PS Empire, Task 3, Question 7, the correct answer is ServerVersion, however the server header option is now Headers. Might have been changed recently.

@undone quarry Known issue

Hi ,in the room: Anthem, when i go to /authors/jane-doe/ i get an internal server error. Is this intentional?

Runtime error*

@rare swallow fix yo box

lol what?

i made sure that i added 404 redirects

here

so everything should be pointing to the main page if it tries accessing something that is not there

here where

Sooooo... My anthem box just shut itself down...

Yeah, it's a known bug

@tender nimbus After an hour?

i think so yes, i added time so i dont know exact

Yeah so adding an hour doesn't work for some reason

It's the same bug that hackpark has

🤔

i was 7th person completing peak hill.. Now i saw the scoreboard my number went to 9th. why?

if your score is the same as other user's then the places are randomized

the speed doesn't count if you didn't get first blood on any task

no 😦 all our scores will be same

yeah got it thanks.. lol

Account lockout timer not cleared on password reset

@placid shard It's 5 minutes.

And you can get around it.

Very easily.

Not sure if this goes here or not but the mobile version of conversations doesn't conform to the phone view width

When in portrait

THM mobile is uh

Yeah nah

I mean yeah not to actually do boxes but I like checking some things on it

One of my tasks inside of my room has zero questions inside of the actual room but from my management side I see the questions Ive added its been updated, saved,reloaded its been like that for a day or two dont know whats going on with it

i cant log in anymore

i get "Cross Site Request Forgery Attempt.."

i disabled all extensions and im using firefox latest stable version

Can you log in from a private browser window or a different browser like Chrome to confirm?

I've somehow managed to join the Linux Challenges room even though I'm not a subscriber, and there doesn't seem to be a way for me to leave the room. Is this a bug?

^^ it wont let me do any tasks in the room, just shows the screen telling me to subscribe... i was just wondering how to leave the room since theres no way for me to make any progress on it unless I subscribe (yes, im stingy and organized and i dont wanna be in a room if i cant do anything on it lol)

email support@tryhackme.com detailing your issue

@oak cove upvote the thing to get it fixed sooner so I can complain at skidy with more weight

Can confirm @mild maple 's above issue, also happening for me

Hey In the steganography crash course Theres a bug

I need to dm someone

any mods can help me ?

@mortal dirge There is no need to dm anyone, what bug have you found?

like I found a url

but it is wrong

@mortal dirge Please post the link to the room

https://tryhackme.com/room/ccstego

in this go to exam2

Which task?

I got this

but the url is wrong

@mortal dirge Remove that image as it is a spoiler, the url is working

@mortal dirge It's likely that you transcribed it wrong

It's not a bug

Check for characters that look similar.

Closed: Not a bug.

I need help solving that

where can I ask

#room-help

for some reason I can't connect to the website in Advent of cyber

I did with everyrooms find

@bitter meadow #site-support

I think it's a bug tho idk

@bitter meadow It's not.

there's a bug/typo in the androidhacking101 room instruction, who should i inform?

The creator @covert kernel

oh ok, thanks

Just tag them here @covert kernel

ok

A bug/typo in androidhacking101 room instruction. The instruction at [Task 5] Reversing -> search for apk d file.apk , it should be apktool d file.pak @warped osprey

Hello, is flag11 (alias command in .bashrc) missing in Linux Challenges? I'm stuck on this.

It's not missing

There are more places it could be stored, or you might be looking as the wrong user

A bug/typo in androidhacking101 room instruction. The instruction at [Task 5] Reversing -> search for apk d file.apk , it should be apktool d file.pak @warped osprey
@covert kernel fixed, thanks

Not sure why but the python-pickle badge didn't get added to my account after finishing peakhill

I updated your profile to include it.

I made a mistake when assigning the badge, I fixed this yesterday:)

thanks :)

Also

At a 30 day streak

You can't lose that

Daymn

i'll still do two tasks a day from the walkthrough rooms

gotta set a record

Oh wow, I mean, at least it's causing you to keep coming back

You made the platform too addictive 😛

I still have some other rooms to do so it's not like i wouldn't :)

Mission Accomplished

Yeah thats fair.

mostly BoF, asm or windows related

Room Learn Linux Task 33 does not create/return/execute the binary Shiba2

@orchid hazel You're in /home/shiba1

The binary is in /home/shiba2

damnit

thx

No skip steps

This is the second crackme file - Unlike the second file secound file unlike secound file? room : https://tryhackme.com/room/reverseengineering

@sly raft also room icon pls?

hum i'm also missing the "python pickling" badge, am i doing something wrong?

Whats your THM username?

swapgs

This uh

same, but it was fixed after a cache flush :)

Ok the bar is still taller than I feel it should be

step 2 of JoyStick is (really too much) shortcutable, is it intended? it's supposed to be a hard room 👀

Hey, not sure about this but i've just seen my streak go down from 4 to 3 after completing a room (Anthem, fyi)

nevermind, fixed itself as soon as i wrote this message

Streaks are buggy

.<

They're being fixed

Hello, I just joined TryHackMe and i wanted to subscribe to get a kali machine directly in your network, but i can't pay with paypal at the moment

I've got the same problem as @fiery kayak

Error 502, bad gateway

+1 Same issue! 502 Bad gateway when try to buy using Paypal!

We're looking into that issue now - in the mean time, please use a monthly subscription ♥️

It works again, thanks

@potent epoch I'm still getting a 502

That's weird, my Paypal has been processed and I am currently subscribed

Paypal payment*

We'll have it fixed fully by the end of the day @fiery kayak

if you can, use the monthly subscription for now

i don't have a credit/debit card. It's fine I'll just do it tomorrow

There is issue in Daily Bugle, where in after some time CMS stops responding even after spawning a new machine, issue persist.

@mint creek issues can't persist between redeploys -- the redeployed version is completely reset. The issue will have to be something on your own computer; my bet would be the VPN connection

Network issue

the machine is not responding

tried regenerating vpn

Room: hackpark

windows machines don't respond to ICMP ping by default @weak rune

use -Pn in your nmap scan

@rare swallow He wrote that by accident.

Not ping it was a mistake

I can't access the webpage or anything whatsoever

is it after an hour?

I tried to restart the machine

is it after an hour?
@rare swallow Yeah I think

But I added time to it

And also I restarted it

its the same for me too

yeah, the box crashes after an hour

same goes to Anthem

HackPark is pretty unstable from what I've heard

yea that should be fixed its very annoying to do everything from beggining

it's going to be easier if you take notes

Write an autopwn to do it for you 🤷

or it can be used as a method to practice

that, plus notes taking is an important skill to have

^ Notes are very important

yeah, the box crashes after an hour
@rare swallow Shouldn't launching a new machine fix that?

I launched a new machine it is the same

Give it 5 minutes to boot up properly

Even if we extent the time to 2 hours, the machine crashes when the time remaining is 1 Hour.

no launching a new machine fixes it but you lose all your progress

yup

it's a buggy bug with those rooms

hi all

@unborn hornet Do you have a bug to report?

Please remember that this channel is only for reporting bugs.

Yo. I clicked a link to another room when I was in the room "Blue". Before my webpage loaded the link, I clicked the "Terminate" button for the remote machine. What I was greeted with was a "500" error.

#ultratech1
#5 The software using the port 8080 is a REST api, how many of its routes are used by the web application?

i thing the port in question is wrong...

Saving a room in the room management panel whilst it's loading changes the name & description to "Loading..." and resets all the other options to their default(?) state

should probably not let people save rooms if they're still pulling the data :p

/releases not updated

Hello, I am just getting started on TryHackMe. It seems that the virtual machines that are deployed are blocking both my pings and nmap scans. I have seen similar posts online but no resolution. Does anyone have any suggestions? (Yes, my OpenVPN is connected)

#site-support

The streaks thing reset even after I submitted multiple questions, I'm not really too worried about it as my streak was only at 4 but I don't want someone else losing a bigger streak

If I just did something wrong let me know and I'll delete this message

@wispy yacht We know the streaks are broken, they are being fixed.

@spiral flame sounds good, didn't know if it was known and didn't wanna see someone lose a streak and flip out or something

@rugged ermine on the Blaster room, just a note, a modern windows 10 machine can no longer connect over RDP without the error: "The function requested is not supported...This could be due to CredSSP encryption oracle remediation"

the short term fix for that is to disable the protection via gpedit. this article had details: https://www.itechtics.com/solved-authentication-error-function-requested-is-not-supported/

Are you using Remmina?

windows 10 msrtc

Use Remmina instead

It's more flexible about that

And I quite literally cannot patch that machine without breaking it

Albeit I'm fixing a different issue with the browser later

ok cool. i solved it anyway 🙂 its just the note for the specific task says on windows use rdp

I'll adjust that now ❤️

I will check it

adjusted

noice

Does anyone encounter problems with RDP in Corp room? It keeps on disconnecting and I wonder if problems with logging as admin on the box (surely with correct creds) are not caused by some problem with the machine 🤔

@rugged ermine

Also the browser history isn't there for me @rugged ermine

I'm aware of that and fixing it.

Cool

While you're fixing

yeah the browser history i guessed past due to doing 25 days a week ago 🙂

sorry forgot to mention it

Adjusted that now

I'm fixing the flag now and I'll reupload it in a few

@rugged ermine ❤️

Currently working on this fun project but I figured I might as well get that knocked out so it can be uploading in the background

Oh it's on.

@rugged ermine

xD

https://github.com/Sq00ky/Buffer-Overflows?files=1

ThErEs A rEpO fOr ThAt

Would you like me to link to your repo in the room?

@hazy stratus

nah

there's a million completed scripts out there already :p

You can link mine though. 🙂

https://github.com/dievus/rubybufferoverflow

I'll add my Python stuff if you want.

Go for it! I can link it in my putting everything together step

❤️

Ok, I have everything in that link above.

Schweeeet, thank you for putting that all together!

https://github.com/dievus/bufferoverflow

Sorry, changed the name.

I'm going to add it as a reference for a complete and working script in the putting it all together section just in case people get stuck

Okie doke

I'll link your twitter and THM profile as well on that

Blaster is fixed @inland granite @spiral flame

Sweet

That txt.txt hit me on retro

haha I adjusted that as well

Not a big deal but day 17 (Advent of Cyber) has a flag that is wrong.

Easy to figure out that it was a typo

Just a heads up

@celest bronze That was caught and fixed

IIRC the password for that is broken anyway

But really, skidy should copy the standalone hydra VM onto advent of cyber for that task

Fixed?

I just ran into it 10 mins ago @spiral flame

@celest bronze For the standalone hydra

Or maybe that's where it was broken as well

Oh understood

IDK, the VM needs other fixes

I tried creating a new room, but unfortunately I can't upload any files. Is this a known problem? Clicking the Reset Upload button does nothing.

Clicked on Hacktivities, filtered by completed then refreshed and the filter button doesn't work

@urban flame normally means you filtered before the page loaded

Ah probably the refresh then

I think this has been reported a couple times with the different filter functions

And still happens

@pseudo ruin if you log in and out it should fix it

Password policy on Corp needs to be addressed. Administrator password now requires reset before you are able to be logged on to the account.

@sly raft Tried it thrice and no changes. It still says that an upload is ongoing.

what's your THM username?

it's svennergr

Bugs in room Learn Linux.
The passwords of the shiba* user are readable
The shiba4 user's home directory already has all the files and directories needed to complete the challenge

@mortal kayak Not a bug

Well, not really a bug

They're not all readable

Yes they are. Atleast from the shiba3 user.

@mortal kayak I mean it's still not really a bug

@covert kernel you could fix this though, seeing as you already have suid in place for reading them

@spiral flame Okay! But they sure can be a easy cheat route XD
Also please look into the shiba4 user's home directory. That already has all the directories and files needed for the challenge

@mortal kayak We know about that one

Also, you're only cheating yourself

I just pointed out only 🤷‍♂️

room/completebeginner doesnt show as completed even if completed

been like this for a week

@covert kernel Check through it, make sure every question is complete.

did like 100 times

not the first time i report this

it even says 100%

no challs left to do

@rugged ermine Task 5 Question 8 of Empire is no longer the same answer.

I'm assuming an update with Empire.

@celest bronze bunch of them have changed

Do you mind helping me out?

I'm Googling with no success.

Not at my PC rn, will take a look once I've sorted takeout

Nevermind

I found it in the Writeup

And I was just about to give you a hint 😛

dogcat removed from the releases page? @frosty cape

I have to adjust Empire. That's my next project

Unless jammy did it, I didnt

It doesn't show up for me

Room is still public

Bug replicated @frosty cape

https://tryhackme.com/releases

It's a tag

That makes it display

@frosty cape So do you add those tags, or do the creators?

@sly raft upload is still broken for me btw.

mind if i DM @pseudo ruin ?

I'm new to this, can anyone help me. I'm a fast learner, I might be of any use in future

@soft tusk #room-help

mind if i DM @pseudo ruin ?
@sly raft sure, no problem

Authenticate was made private then public again, I now cannot rejoin as I am already in that room, could an admin fix that please?

Assuming that's to do with room instances with the same name, a user joined the previous instance without overwriting current status

mind if i DM @pseudo ruin ?
@sly raft after an other reset it's working now!

my streak reset to zero from 6 days on my 7th day (today)

Yeah, let's just say streaks are buggy...

They're being fixed, but ignore 'em for now

my streak reset to zero from 6 days on my 7th day (today)
@obsidian sundial Whats your username?

@frosty cape sloshy

@frosty cape sloshy
@obsidian sundial Your streak is still in tact and hasn't been reset to 0? Where did you see this occur?

@frosty cape

strangely it says 5 now after refreshing the page multiple times. should say 7 i believe but either way as long as the backend is working im good. Not super important its just cool to get the badges and eventually the 5% off

Another bug with streaks, I answered a question and my timer reset back to 23hrs but the daily count didn't increase - another thing to consider about streaks 🙂

^ Yeah it will, your streak only increases every 24 since answering your first question.

E.g. You can your first question at 3pm, (so you have 24h to answer again), if you re-answer 2 hours later (at 5pm) you will have 24 hours again to answer, but your streak will increase in 22 hours time (from 3pm, not 5). - Hope that made sense.

@frosty cape
@obsidian sundial https://tryhackme.com/p/sloshy Your profile says 7. I think the issue is with the date/time - What timezone are you?

Can I suggest koth invite links don't automagically add you to the event? I just wanted to open it, but got added to the event which was a surprise.

That's the point of the links

you can join a spectator link to watch the game without joining

or the on-going public lobbies are on the koth page 🙂

Can I suggest koth invite links don't automagically add you to the event? I just wanted to open it, but got added to the event which was a surprise.
@fresh lynx That said, I've added it to the #641405480547385354 channel

@topaz venture I didn't realise i was clicking a join link, and without confirmation i was in. If i hide this behind a bit.ly link?

Yeah I understand

Hindsight, it's caught me out a few times haha

It also meant i joined a game that started 10 minutes earier and had to try ultra hard to catch up (I did 😄 ).

Went to the upload page and got this, even if I click reset it still give me this message.

Log out and back in @strong pumice

Okay, just done that, same issue.

I'll try clear browser data and see if that sorts it, Edit, it fixed it. disregard 😄

@spiral flame What Kali machine was that in the bug-submissions? The one deployed from the in-browser page?

Optimised

Or from another task in /room/kali

I haven't checked the others

Ah ok

Thanks

But I'd recommend checking the others as people have complained

Yeah I will, Im at home atm, so don't have full access to everything.

so. one thing I noticed in the hacktivities page when u select a type.. click on a challenge and do back. the type remains unchanged but the result reverts to the original no-filter kinda set. So u have to select a different type then your preferred type.

not really a bug, but maybe the avatar upload file size should be restricted?

it just took me 45 seconds to load the dogcat management panel because 2 people who wrote writeups for it have like 15 mb gif avatars set

or maybe at least slap a loading="lazy" on them

Just auto resize after uploading

Why is the server getting 503?

and now i got a 504

interesting

here

and one more

Cloud is not on scale

to many users

Is anyone getting the same troubleshooting?

Have some patience

Let skidy fix it

It happens several times in the week

Im getting disappointed and doesnt want to learn

lol

Im getting disappointed and doesnt want to learn
@strong carbon Sorry about that! We've identified the issue and have fixed it - We're working really hard to ensure things are running smoothly. Happy Hacking.

^ Yeah it will, your streak only increases every 24 since answering your first question.

E.g. You can your first question at 3pm, (so you have 24h to answer again), if you re-answer 2 hours later (at 5pm) you will have 24 hours again to answer, but your streak will increase in 22 hours time (from 3pm, not 5). -
Hope that made sense.
@frosty cape

I was thinking this right before I opened up discord a moment ago. lol thanks I got my 7 streak when I logged in around 10 last night utc-6

Hackpark died after 30mins, webapp no longer responds. Due to the stability issues and it not extending, should it really be a part of the Offensive Pentesting path?

The entire path needs adjusted. Is this a singular issue? I've not experienced it personally but can check if you want/need.

@autumn wave I redeployed and it seems... fine? But it definitely has stability issues and that's been reported A LOT

I've only ever noticed the issue where it dies at 58 minutes after time is added.

Log out and back in @strong pumice
@spiral flame @sly raft btw, upload bug is back for me. relog didn't work. using another browser didn't work as well.

btw, upload bug is back for me. relog didn't work. using another browser didn't work as well.
@pseudo ruin Try clearing all browser data for both browsers. Also probably best not to ping Mod's or Admins, see #rules 1

Hackpark died after 30mins, webapp no longer responds. Due to the stability issues and it not extending, should it really be a part of the Offensive Pentesting path?
@spiral flame This is weird and I am not sure whats causing the issue - I deployed and extended is > 1h and it was fine. So its very strange.

Never the less, as its been reported as unstable, I'll take a more detailed look into it. Added to my to-do list as medium priority.

@pseudo ruin Try clearing all browser data for both browsers. Also probably best not to ping Mod's or Admins, see #rules 1
@strong pumice Tried that and it didn't lead to any success me. I pinged them because of previous conversation about that bug.

picture is not loading for ultratech room

@pseudo ruin mind checking if the upload works? :)
made a small change

Can I DM you @sly raft ? It's important.

what's it about?

Weakness in THM website.

if you email hello@tryhackme.com, that'll be better 🙂

I emailed to support@tryhackme.com

With full explanation.

@pseudo ruin mind checking if the upload works? :)
made a small change
@sly raft Looks like it's working. Couldn't reproduce the bug for now. Thanks for the fix!

give me a shout if it breaks haha 🙂

@mighty night mind forwarding it again - I can't see any recent emails about bugs 🙂

Okay!

Forwarded!

Getting this error when I'm trying to upload a Ova, I have tried clearing data, and a different browsers. Not sure if it's a me problem or THM problem.

log out -> log in

seems like you are 'already uploading' something

Have done, same issue.

give me one sec :))

try again now pls?

Fixed, thank you 🙂

Anyone else notice inconsistencies with the streak counter? Today mine was at 4, and the prompt said to complete a question within 16h to keep the streak going. I completed a question and the streak count went to 5, then I continued to answer questions and about an hour later the streak counter is at 0. Am I doing something wrong?

@sturdy fern It's being fixed.

Let's just say that you'd probably be best ignoring it for the time being

Should be fixed soon 🙂

Okay cool, I thought for a second that the streak counter was a challenge itself

Was about to start reverse engineering it

Haha

Might as well be -- the upload page is

Anyone else notice inconsistencies with the streak counter? Today mine was at 4, and the prompt said to complete a question within 16h to keep the streak going. I completed a question and the streak count went to 5, then I continued to answer questions and about an hour later the streak counter is at 0. Am I doing something wrong?
@sturdy fern yup same here but i will ignore as said by @orchid remnant

@next anchor Hello, in room https://tryhackme.com/room/ultratech1., there is a little mistake on the port number in the question (it's 8081 io 8080).

not a mistake, feature

Guys why does servers ain't working ?

Guys why does servers ain't working ?
@hallow hamlet THM website?

@fresh tide yes I am connected but I can not nmap or ping the machine

which room?

tony the tiger

is it a windows box?

IDK

says java tho

have you tried adding -Pn to your nmap scan?

yes I did nmap -Pn -sS -sV

even -p-

how long ago did you deploy the machine?

5 mins

give it a few more and see if theres any differences

it also happened in an other room yesterday it was fixed after an hour

@hazy stratus okay,

this might be something @frosty cape and or @sly raft will need to look into

Just throwing my hat into the ring, can you try switching VPN servers?

Tony the Tiger takes a hot few minutes to setup but should be responding to pings after 3 or so minutes at least

@topaz venture I am tryin thompson machine

now same problem

and I restarted my service

Best thing I can recommend is switching servers and regenerating your config, importing that and seeing if that helps @hallow hamlet

I fixed the problem brother. I changed my server location to us west

thanks for contacting back

Good stuff 🙂 happy hacking

@hazy stratus hey I'm suffering from an irritating bug for the last few days. Can you help me? It's in the "Advent of Christmas" room on day 11. Whenever I connect to the FTP server and send an ls or dir command, it says "500 illegal PORT command". Can't even go into passive mode because of an "invalid pasv_addr" error. Very irritating. Already tried to switch servers, both AUS and EU 1 have the same problem.

There's no need to ping a mod.

Try using ftp -p <ip>

@hazy stratus hey I'm suffering from an irritating bug for the last few days. Can you help me? It's in the "Advent of Christmas" room on day 11. Whenever I connect to the FTP server and send an ls or dir command, it says "500 illegal PORT command". Can't even go into passive mode because of an "invalid pasv_addr" error. Very irritating. Already tried to switch servers, both AUS and EU 1 have the same problem.
@median sapphire Can't even go into passive mode because of an "invalid pasv_addr" error.

Text is been wonky

Upon further investigation it was my dns blocking maxcdn.bootstrapcdn.com

@lunar pine run your VPN on the same machine you're connection to FTP from. This means if you're using a VM, connect from the VM not the host.

I think I have found a points bug, I don't want to just blurt it out though. Anybody I can DM? It may already be known, just wanna make sure

Report it to Skidy

Will he mind If I just DM him or is there a proper procedure?

@frosty cape is around rn so if you give him a little while I'm sure he can answer that

Okay cool cool cool cool cool

hey..
so while the hacktivities page loads, if you click Filter Completed as expected it doesn't work. But even after everything is loaded if you uncheck and check that checkbox again it throws the same .length of undefined error.

Also, if I want to contribute on fixing these bugs can I do that anywhere?

THM is closed source

You can contribute to the docs, but not thm

By reporting them, you're helping

cool thanks

I think I have found a points bug, I don't want to just blurt it out though. Anybody I can DM? It may already be known, just wanna make sure
@strong pumice Hi there, DM me please.

one more thing.. so i have currently 3803 points. And I joined THM in this month 18th I think. So in the leaderboard of the month I can see people with <3800 points but not me.

is it because I have not yet completed my 1month?

https://tryhackme.com/faq
points section

ah! sorry

:)

@lunar pine run your VPN on the same machine you're connection to FTP from. This means if you're using a VM, connect from the VM not the host.
@spiral flame doing exactly that bro i'm not really new to THM

I never said you were

@spiral flame

You backgrounded FTP

this is what i see

It's already using that port so you can't rebind

You're repeatedly backgrounding it

Don't do that

Control Z is not undo

so i should kill ftp and retry?

Kill all of the ftp processes and retry.

still the same. 😭

can anyone of you please verify whether it is a problem with the box?

ps aux

sudo killall ftp

It's not a problem with the box, it worked for me

root@kali:~# ps aux | grep ftp
root 5616 0.0 0.0 6148 956 pts/1 S+ 21:26 0:00 grep ftp
root@kali:~# killall ftp
ftp: no process found

Iam in the Vulnversity room but if i type in the ip in google he says "This site can't be reached". Is it a problem with the box or did i make a mistake

You made a mistake.

#room-help

For the RP:Metasploit room, Task 7, #1, the command that we are told to use is depricated (per meterpreter output). Recommand updating it to use the non-depricated command ||run post/multi/manage/autoroute SUBNET=172.18.1.0 NETMASK=255.255.255.0 ACTION=ADD||.

not sure if this is a bug , but ask away :)

idk why it wouldn't accept this answer

@ember goblet which room?

cc;pentesting

did you try using double quotes? @ember goblet

i tried and it works

but it took some time haha

10/9 flags while i only submitted 9 flags.
The possible reason i could think of is: i think my left mouse click double clicks most of the time so it may have submitted a flag twice while clicking the submit button.
So spamming the Submit button or using any of the techinal ways could count the same flag twice or more times
https://tryhackme.com/games/koth/3936

@frosty cape skidaddle, we found a race condition point dupe bug in KoTH

Naughty and I

Got a PoC too

@frosty cape https://tryhackme.com/games/koth/3940

Nice, mind writing it up and sending it to me?

Or is it just spamming submit for a flag?

@frosty cape tiny bit more more than that

Can I DM?

Yeah

@covert kernel Once you've slept, there seems to be random, empty code blocks in ccr2

Alfred is not showing as completed for me, I've checked the room for any additional tasks, but there seem to be none, I've also tried leaving the room and joining again, but Alfred still shows as uncompleted.

Not really a /bug/ so to speak but whenever i copy IP from here, an extra space gets added to the start of it.

is it just me ?

I haven't had that issue

Okay then

I get that as well. It seems to be browser specific I think?

Curious to see others thoughts

These days I just type out the IP address

i doubleclick on the ip, it will just select the ip

Pretty sure it's browser specific that one

'i doubleclick on the ip, it will just select the ip'

DIdnt you want to double click the ip

@oak marten ????

Please please, remove already completed rooms from suggested

@tired obsidian Closed, not a bug

There's nowhere else to request it

#522158404614225920 #544951750801752079

Pick one

...fair

Not really a /bug/ so to speak but whenever i copy IP from here, an extra space gets added to the start of it.
it happens even with me... using firefox in kali.. a lot of people have already mentioned this earlier

i believe at least for me i needed to install neo4j server for bloodhound to work.... idk if its just me but ya without neo4j the server would not start

Been paying attention to the hours that I do challenges, and my streak just reset to zero. Was so close to a 30 day streak 😦

not anymore

i mean, i have 7 days and it shows as 1

Failed to deamonise connection timed out in Vulnversity

@proud pilot #room-help this is a "you" problem not a bug

wrong channel for that

@acoustic saddle neo4j is installed with bloodhound if you follow the directions in the room all you have to do to setup neo4j up is to run neo4j console and follow the instructions that come with it

Been paying attention to the hours that I do challenges, and my streak just reset to zero. Was so close to a 30 day streak 😦
@celest bronze Hm, it doesn't use your yearly activity, but if you answered a question 24 hours before your last one (or played a KoTH game).

How long did it say you had left?

When you covered over your 'Streak' sidebar?

Honestly I’m not 100% sure, I know I was super close and I do at least 1-3 rooms a day on THM. I’ll pay closer attention to the hours, thank you @frosty cape

I gave you your streak back.

I think I need to be a little more lenient on the streaks?

Wait, did you fix it randomly clearing streaks?

Huh

They were buggy

Like horrendously

It should be fixed now (I think).

Thank you!

I could have sworn I answered in the time frame!

So this means, if I don't answer at least 1 question in 11 hours. I lose it again?

Because if that's the case, I am very sure I did that.

funny profile with too much points, exploited a race somewhere? https://tryhackme.com/p/DrBrix

cc @final fox :)

Uh, yeah @frosty cape?

Might wanna check the leaderboards...

The bug Dan found, or a similar one, may still be in play...

@frosty cape / @celest bronze: same issue with streaks here. I completed a room this afternoon and now it still tells me "you have two hours left to answer".

He has 2 completed rooms

It's possible he made a room on alt account with a bunch of questions

And spam completed it

Also possible that this is an actual bug which has already been responsibly disclosed 🤷‍♂️

Just worth bringing it to Skidy's attention, methinks

We can hope

and now I solved a question and the streak in my sidebar went from 5 to 4, and it tells me I have 22 hours left to answer (why not 24?). Outside the timezone bugs, issues are still present. I'll create a test account and try to summarize everything.

i just made room with a lot of tasks

and solved it

lol

nice :)

Guess what Pars

You were right...

im friend with szymex

so i think

he wont mind

xD

i mean

till someone wont reset

my points

@frosty cape plz fix?

I maintain

Only approved rooms should grant points

^^

Even if approved != public

Or admin approved private rooms

That ^^

Also solves the problem of us getting points while testing...

and room should be "reapproved" after adding task

coz it would be still possible

to spam adding tasks and solving it

That's the job of the tester to notice -- we wouldn't accept a room if it wasn't genuine content, even now

If tasks are being added randomly, we have the option to pull it

i just made room with a lot of tasks
@final fox You mean you just made a private room with lots of tasks?

Hm, from now on (until I push my latest code base), all private room points don't go towards your main account score.

Then I can just create a room on my alt

Accounts are cheap

AKA free

Then I can just create a room on my alt
@spiral flame You need to make the room public tho?

Which goes through room reviewers

yeah

all private room points don't go towards your main account score I think I misunderstood this

private room

I think I misunderstood main as room creator

Also my poor hackback2 points

private room
@final fox Ok ty, I reset your score/level back to 0.

and now I solved a question and the streak in my sidebar went from 5 to 4, and it tells me I have 22 hours left to answer (why not 24?). Outside the timezone bugs, issues are still present. I'll create a test account and try to summarize everything.
@sullen vessel Oh really? Can you check using your /p/<username> (public profile)?

👍

im still 0xG0D here

xD

Ta for the reminder...

ahahah

😁

(That would probably have slipped past if you hadn't brought it up 🤣)

lol

Don't worry

You might have just accidentally become an admin...

I really hope that's fixed...

yeah

i saw that

XD

ADM1N

rank

I really hope that's fixed...
@orchid remnant It is and it was just the level displayed

No roles and/or permissions were attached

Its just a level number

Hehe, fair enough 😁

@frosty cape : ok, the streak count on public profile is right, it's only wrong in the sidebar

ooo

oka

Let me look into that now

I have data to work with

Whats your THM username?

and now I see that I have 23 hours to answer, it increased :P

swapgs

oh, so its fixed?

i'll let you know

You need to refresh your page to see your streak time left:)

yep, i did it multiple times

Ah no, it is bugged

Let me see why

it's also weird that i have events the last 25 days but only a streak of 5 days, i guess i got tricked by the 22 hours time window

Oo, I found the bug

Oooh

Bug report?

should wrong answers or answers that need to be updated be posted in bugs?

Yep

im doing the beginner path:
RP: Nessus
[Task 4] Scanning!
#9 it asked what web server type and version

When i did the scan on the deployed machine for this section i get Apache/2.4.7
but it says that is wrong and has an indication of: **/..

Offensive Pentesting Path - Proving It - Game Zone description contradicts itself I believe it should say no SQLMap - Initially exploit this machine via SQLi and reveal a hidden service using an SSH tunnel. Try not to use any tools for this one (no SQLi or Metasploit).

@rugged ermine might need looked into?

@cinder crow That, uh, might need changed

I'll take a look 🙂

@cinder crow Where's the contradiction?

(no SQLi or Metasploit) you need to use SQLi but not with SQLmap like in the room

There's an SQLmap task?

yes however the room says use SQLi as an exploit then says no SQLi so I am assuming that’s intended to say no SQLmap

path not room sorry

Aaah

that explains it

Yeah, can't edit that one I'm afraid 😢

so what should i do?

Wait for dark to fix

ok thanks

one of these should be wrong though

idk why they both gets accepte

@twilit brook He won't fix it for a bit, I'll tell you the answers when you come back on

Why do you think they're wrong?

one is "not accessed" within the last 10 days

means the window is 10+ days to the past

the other one is "within the last 2 hours"

yet they accept the same flag

-120 or -19

*-10

Press refresh

See if it changes

Yeah James is right

That usually fixes it

You are correct though, it should be +10

If it changes, then there's answer tolerance

it does
but what does >answer tolerance mean

There's some tolerance on the answers that you give

A small amount of the answer doesn't have to match

but why do we have this feature though

doesn't it mean it's more likely to goad the user into wrong knowledge

Take it up with Skidy

We've asked for more control over it, as room creators

Answer tolerance is dumb

On the same question I missed quotes and it said it was wrong, even though it would work without them

I've also asked skidy to effectively refresh that field on submit+correct answer

@spiral flame please DM me when you come online, i think i have found another use of our bug 😄 (Points abuse in simple rooms) or should i share with someone here?

For bugs it's best to contact admins I think

instead of 690 points got 1380 points https://tryhackme.com/p/ToxicNaughty

For bugs it's best to contact admins I think
@short jackal skidy already knows about that one.

But i think James only told him about KOTH but it also works in other rooms as well

Its because of the extra points you got the user and root.

I need to recalculate points and include extra points.

I just did retro room on that account but instead of 690 total points i got 1380

https://tryhackme.com/room/zthlinux > Task 25 > "Recall that ls allows shows us our username twice in one of it's fields." > Remove allows. Not much of a bug. Sorry if this is the wrong channel.

@rugged ermine @frosty cape

a moment?

?

isn't it suppose to say Jenkins?

OOF

or is it intended?

LOL

LMAOO

@frosty cape send halp, we gotta updoot that and add more to the rotation

oof

We totally need to add FLYNN LIVES

it's gonna be like the Minecraft title screen

'Leeerrrroy Jeenkinnnns...',
wait wha

We should grab one of the MC title screen texts that is more iconic

"Hack The Who?"

Hack the WHO? Not again

I'mma veto that

It's just hard to see it

@wanton copper It should be working. The LFI won't give you a shell, as I assume the writeups will have showed you

Lmao I think they realised a mistake, ok

It's just a matter of reading through

Aha 😁

read more of the walkthrough it points to a dif port after the same issue as me

odd as that port isnt the vuln app

That port just serves the logs

Not exactly realistic, but it's useful here

Authenticate room broken? says I have already joined it or banned

log out -> log in did not help

@spiral flame I went through it at the start and discounted it - buzzer went on the cooker so ran out of time to chat and finish it lol

Hi, i want to know what login and password i need to entre to connect on webbrowser machine (kali)

It should be written in the room @covert kernel

Is the in-browser not working?

Yes look

Terminate and redeploy @covert kernel

Bug is being fixed this week

Ok thanks @spiral flame

I will do that

hey people I had 6 days streak at tryhackme .com I finished room today as well buut now it is gone

Yes look
@covert kernel This is being fixed, scaling our in-browser functionality once and for all has been a task and a half! Almost there with it.

Which room @covert kernel?

Terminate and redeploy

hello friends! i'm having trouble with Common Linux Privesc- Task 4 #6. when i enter in my answer I get "Uh oh! undefined". Screenshot also has the browser console (per #room-help advice)

Unlikely to get fixed

But ok

I can't report it unfortunately

@covert kernel DM me a screenshot of show databases; in mysql

It's a database name

The name of a database

mysql can have several databases

https://tryhackme.com/room/introtonetworking T4Q7 uses the english spelling. As TCP is an american thing, it's with a z. @orchid remnant

"form" should be "from"

@olive drum

my bad, i’ll fix soon

@sudden flint Wrong chat. Email support@tryhackme.com

thanks!

guys it is a bug? SystemScheduler dont work 😦

SystemScheduler.exe tooo 😦

is my last task in HackPark box

@covert kernel That's not the name of the service

To be fair, the answer it's looking for is actually incorrect as well

so it is another name? i found this at last on the video

i must search about another one? or?

A service is a separate construct to an exe

exe is a file

and SystemScheduler?

sc query

That lists your services

in windows shell or meterpreter?

You need to put .exe on the end of the correct service which isn't actually correct

It's a windows command, and this is changing to #room-help

thank you! now i now.. but i don't spoiling 🙂

know*

After the enumeration of user accounts is finished, we can attempt to abuse a feature Kerberos within Kerberos with an attack method called ASREPRoasting.

Should be After the enumeration of user accounts is finished, we can attempt to abuse a feature within Kerberos with an attack method called ASREPRoasting.

In https://tryhackme.com/room/attacktivedirectory

Task 5 description

@hazy stratus

This doesn't show the new box

new box font issues

Also, wasn't it meant to be a a challenge room tonight at 8pm?

@frosty cape release issues

appears to be browser specific hm?

@sly raft Yeah that means there's a font set that shouldn't be set

Overriding the default for the questions

Happening to me as well, I'm using Chrome 83.0.4103.61

It's trying to use a font you don't have locally

And falling back to serif

It's trying to use Ubuntu Mono

This is a known issue

But shouldn't have happened IMO

fixed

Still not showing up in hacktivities though

new box font issues
@rare swallow Check again please, this will be fixed when I move everything over to use MarkDown and not HTML

looks good @frosty cape

hello friends! i'm having trouble with Common Linux Privesc- Task 4 #6. when i enter in my answer I get "Uh oh! undefined". Screenshot also has the browser console (per #room-help advice)

https://tryhackme.com/p/elli0t43 another exploitation of the "private rooms can grant points"?

yeah

nice

He was rank 3 earlier 😂

i guess they will take the first rank the 31th :)

<@&568449888682246145> why does tryhackme deletes me streaks I had 6 yesterday and I have completed a machine but now it says that I have 0 streaks

No need to ping the admins 🙂

Streaks are being fixed.

I was going to get the badge 😦

Streaks are buggy as hell

They're being fixed

okay just please give them back ahaha 😄

tl;dr it's because you have a delay of 24 hours hours max between each answer, it's not reinitialized at midnight

@sullen vessel it was only 10 hours ago

7 days streak badge doesn't show

So the points change hasn't gone through

Also, I have a 10 day streak according to the heatmap. Please can I get the badge for 7 days?

https://darkstar.will-never-love.me/JEtzTN5B0ivl.png

O_o

i have just answered several questions

https://darkstar.will-never-love.me/kmXyvyHxVI4s.png

Refresh

refreshed multiple times

I still cannot express how much I love that domain

force-refreshed and went to other pages too, still shows 1h or 2h

and I really don't want to loose this streak

Reconnected sevral times doesn't help. Tried using openvpn, no result.

Yeah it's coming back

Skidy pushed some new code

#site-support

OK, thank you!

Cleaning browser cache is solution, thx

The file for Flag 56 in CTF100 is missing the data in it that would have the flag

Like, it should be an ascii file but it's just empty

Just restarted the box and it's still missing

lemme check

check the original zip ;)

?

check the 429E zip file

it's all good, you missed a step :)

On Kali

And I have to decrypt GPG

@tired obsidian More context required

The RDP window in the Kali room, the link is broken

As is the access in browser link, the hostname is set to undefined

Clear your browser cache

Shift+Refresh -> Same issue

@tired obsidian That's not clear cache

Clearing now

Still broken

@frosty cape

Powershell Hacking is broken, kicks me to the Remote Login screen on the inbrowser RDP

(bit better than just not loading the page in general)

I restarted the machine and it didn't fix it

@tired obsidian remote tryhackme login?

Ooof that was meant to be fixed I think

Yeah it was fixed under kali, but this one is still broken

sub 120

114 rank, retiring for the night

#general

ope i thought i was there, sorry

I posted in #site-support but I believe there is something wrong with the Windows PrivEsc Arena room. I cannot log in as user, only as TCM. I cannot change user with runas /user:user cmd, I get a 1327 error: user account restricted even though I'm entering the correct password: password321. There was also no GUI way of changing user as far as I saw. I'm using remmina

ope i thought i was there, sorry
@tired obsidian yo, when you deploy an inbrowser machine, what are you seeing? What URL?

@jolly jetty you didn't perform a full scan

@tired obsidian yo, when you deploy an inbrowser machine, what are you seeing? What URL?
@frosty cape Proper URL, but instead of tryhackme with its sub-domain it displays as undefined

@spiral flame Which setting do I need to enable for full scan ? I was following all the settings given on the room section, so I thought I was

@jolly jetty I don't know without looking at nessus, but this isn't a bug. This is user error.

well its not doing it anymore for some reason, ill keep you updated

Yeah it fixed itself 🙃

@spiral flame I think so, but since no one responses on those room help channels so I have try to post on other channel to make someone like you to notice that

@jolly jetty That's not how this works. It's not a bug, don't misuse the channels. There's a procedure for getting help if you don't get help in #room-help

Okay then. I have removed those messages from this channel, and I have actually post it on channels #room-help and #692465827143876689 for hours, wish you or someone else can help me on my error over there

@icy bramble #room-help this is not a bug.

Room Tracking specifically

I posted in #site-support but I believe there is something wrong with the Windows PrivEsc Arena room. I cannot log in as user, only as TCM. I cannot change user with runas /user:user cmd, I get a 1327 error: user account restricted even though I'm entering the correct password: password321. There was also no GUI way of changing user as far as I saw. I'm using remmina

im still having this issue is anyone able to verify

i just changed the password and runas worked successfully

IP banned? why

@prime spindle ??

Can't view the site

Show us

https://i.imgur.com/7V2PJBX.png

Do you share your broadband with anyone?

nope

nope
@prime spindle Hm, we have no rules in place that would stop your access.

Are you using a VPN?

nope

DM me your IP, I'll have you unbanned.

My streak counter just jumped from 14hrs to 1 randomly jumped to 2 hrs after answering a question and it won't increase now

@frosty cape Can I have my 11 day streak and the 7day badge please?

it should reset in 1-2h to the normal count, i had the same problem yesterday @urban flame

14 -> 1 ->2 ->1 -> 2 lol

the script that calculates it clientside is weird af

@frosty cape Can I have my 11 day streak and the 7day badge please?
@spiral flame If that's the case, same please as I'm on 18days now

If it resets again, I'm giving up for now

Answered 5 questions and it won't reset my countdown oof

should go back to normal count in an hour or so

is it a bug if you use an unintended path to solve the box?

Creator is probably interested

@celest edge Which box?

Basic Pentesting

That's a THM one from memory

I think the intended way to to grab the ssh key and use that to log in as the second user

So they probably wouldn't be hugely interested

I've heard there's an unintended there before actually

Can't remember what it was, but it's come up

though ||vim.basic|| is suid root and can read the flag

from the first user's account

🤣

I like that

Has to be Vim

can also read the shadow file, but seeing the password, not patient enough to bruteforce it

Yeah, you aren't bruteforcing that password

No need either, you can get full RCE with Vim on SUID

normally yeah

could add myself to sudoers 🙂

but if it's a known bug then that's fine

down votes count twice when upvoted the number goes up by 1 when downvoted the number goes up by two tested on multiple rooms

@cinder crow Yes that's not a bug

That's how maths works

Score = 5

Score +1 = 6

Score -1 = 4

Difference between upvoted and downvoted appears to be two

oh yeah haha wasnt even thinking about that oops

@cinder crow However, it is kind of a bug that we can't remove an upvote

that what I was thinking in terms of and wasnt even thinking about an upvote straight to a downvote

@orchid remnant https://i.imgur.com/EVoyg8a.png Wat?

The 6 was me typing too fast but it still accepted it

@median dome yes, that plus answer tolerance

Refresh the page

Skidy needs to add a thing that sets the answer field immediately after it's marked correct

ah it changed back to 12345

every pic in vulnversity is broken (not that its needed in my case)

every pic in vulnversity is broken (not that its needed in my case)
@modern pike on the webpage?

on the answer submission screen

working fine for me?

must be me then

Not sure but may be try clearing cache and stuff?

or it could be just your browser? Try using a different browser or incognito mode?

i fixed the problem, my laptops time and date is messed up and i have to manually fix it each time i boot up

So on Task #35 Question #3 of the Learn Linux room, not sure I understand why its not sudo with the list flag.

is there a bug?

hackbak2019 room does not accept the first flag

@undone nebula Just the flag

@hallow hamlet That room has a lot of tasks, you need to be more specific

ugh...

It's probably the first Jurassic Park flag

thank you

@undone nebula Answer format exists for a reason, use it.

Hi i am 14 is it late for me to learn hacking?

@covert kernel Wrong chat

@spiral flame I have found all but expect 1st flag I also found that one but does not accept

@covert kernel Not really a palace for #site-bugs

@hallow hamlet There's a LOT of tasks. Which one?

@median sapphire o sory i forgot to change chat😬😁

task4 question 5

That's broken unfortunately, I've already reported it to Dark 🤷

I have just check walkthough even there it says the one I found is 1st flag

That task is broken....

it had a different flag originally but the VM was switched to use the one from the standalone room

@short jackal so what now 😄

nothing you can do tbh

did you get it?

I bet you did 😄

i got it before it was switched

can you send that one pls

Be careful of rule 5

but the room is broken

I can not do anythig

yeah not sure if I can share it

Trading flag1 that doesn't work for flag1 that does is OK, as long as @short jackal can verify the flag that odesn't work

@spiral flame you can check it yourself as well 😄 eveybody says it is broken

I can't check it

me and ma1ware checked this like a week or two ago, the VMs were merged so the original flag is lost

Because I haven't completed it

me and ma1ware checked this like a week or two ago, the VMs were merged so the original flag is lost
.

dm me the flag you got

basically, if szymex can confirm the flag you got should be correct, then I don't see the problem with them giving you the valid flag

yup thanks guys

@short jackal Me want's flag too

dm :)

how to fix it?

@covert kernel Not a bug. #site-support

ok

Is there a known bug with 'WebAppSec 101'? Cant seem to launch a box with the web application on port 80 or any other port 😮

Connect to the VPN @sly cedar

I am connected & so does the website state, thanks for quick answer

there is some tcp port open on 111 tho

Hey actually nvm, it does work now, guess it wasnt done yet

.prune 3

There's not an issue with the room, it just takes time to boot

thank you for insane quick response :>

have a good one

pls no self bot, violates discord ToS

Hey so I thing we have a bug in the Authenticate box.
Basically
eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0K
this works
but
eyJ0eXAiOiJKV1QiLCJhbGciOiJOT05FIn0 this will not.

The difference is a newline character. So basically {}\n is e30K and {} is e30=(which is e30 in jwt)

@hollow arch

7 days streak badge is not there

Think Binex might be broken, repeatedly crashes after being up for about 3 minutes.

I've tried around 20 times

The badge Monthly Hacker is not automatically awarded

monthly one is, the 7 day one isn't

the streak counter on the sidebar is a bit off

(i'm not talking of 1 month streak!)

ah, the top 1 from monthly right?

yep

i had 14h to answer to keep my streak, i answer a question then it started showing 1h to answer to keep your streak after reloading after few seconds its showing 2h O.o

the timing on sidebar is off, should reset to normal hours in an hour or so

im having a issue connecting with my vpn it takes forever connecting

There is an issue with the VIP server, I dm'd Skidy about it

@short jackal i figured that i even downloaded new ones and still cant connect

i had 14h to answer to keep my streak, i answer a question then it started showing 1h to answer to keep your streak after reloading after few seconds its showing 2h O.o
@fresh tide Happened to me yesterday with the same numbers

Hacking with powershell task #2 , the link to ps commands 404's : https://docs.microsoft.com/en-us/powershell/developer/cmdlet/approved-verbs-for-windows-powershell-commands

maybe replace with https://docs.microsoft.com/en-us/powershell/scripting/developer/cmdlet/approved-verbs-for-windows-powershell-commands?view=powershell-7

If a user is in a room which is made private, it kicks you from the room but THM isn't updated so the user status remains in the room and is then stuck, can't leave as you are not in a room but can't join as you are...

Ah thats weird

What room is that?

Authenticate

Ah, Skidy's already seen. Just typing it up to throw into submissions 😆

schrodinger's CTF

i had 14h to answer to keep my streak, i answer a question then it started showing 1h to answer to keep your streak after reloading after few seconds its showing 2h O.o
@fresh tide what timezone are you in?

Ooh, that sounds fun actually. Might make that...

Ooh, that sounds fun actually. Might make that...
@orchid remnant pls no

@strong pumice Get ready for pain

@fresh tide what timezone are you in?
@frosty cape Same here, don't think it's a timezone issue @frosty cape as going to assume we are on the same timezone

oh muirl why