#site-bugs

@umbral stump yes, there's some tolerance on answers

Hey, if I worked every day, why my streak has been restarted?

A little mistake task 23 of cc pentesting, the link of the LinEnum have a "(" at the end

@covert kernel time to wake up 😁

Hey, if I worked every day, why my streak has been restarted?
@rare bough You need to make sure you're answering a question every day. Activity includes you downloading files and deploying machines.

Yeah I did it, this is why i'm asking

I did some activities 😦

@rare bough it doesn't work answering everyday but answering within 24 hours instead.. if you hover your cursor to your streak it will show you how much time left before you need to answer again to keep your streak

Oh okay...

Thanks

can someone put a dang question mark where it belongs in the KOTH page? specific to the discord bumper sticker

What are you talking about? could you take a screenshot of what you’re talking about?

better?

where does there need to be a question mark? I don’t see anywhere that would need one

oh boy, never mind.

probs replacing the full stop after hacking

Hey

I'm currently down the Web Fundamentals path (Obscure Web Vulns) Task 4: Manual Exploitation of SSTI. I've got the answer for the question but it just returns 'undefined' but when i enter the wrong flag it says it's incorrect?

in the Dumping Router Firmware Room, I think the firmware linked got updated some...

where does there need to be a question mark? I don’t see anywhere that would need one
@cinder crow The sentence should be, "Did you know, half the fun is talking whilst hacking?"

One is being asked if they knew the 'fact' that was made after the comma.

uhh not sure if a bug but how does the score board works?
Room: Anonymous
Multiple people have completed it(i think) but why its showing those with 0 points and 120 points. Also if someone in on scoreboard in a room and leaves it will it not show him on the board?

borked

oh wait

I think there was first blood for that one

@fresh tide yeah I am pretty sure you are still on the board

it is made out of people's points

@fresh tide yeah I am pretty sure you are still on the board
@olive drum this is what i see after leaving the room

🤔

I've completed that room so technically 9th place shouldn't be there

okay but that is a bug for sure

it's Anonymous room, right?

yeah

well i shouldn't be on board either. but its only showing for me on board for me only not if i see as another user.

i see the exact picture

placed in #685858111952781324

At https://tryhackme.com/room/rfirmware room some answers doesnt work. For example Task3-11 Verison is : 2.0.3.201002 . But answer is 2.0.2.188405

@violet oxide did you use the firmware version on Github? Or did you download it from the Linksys website. I had to go and change some things recently and that would affect the answer to that question

I am not a subbed user, altough I can join this room from the 'GET STARTED' page on the Dashboard.

Because it is reccomended, you can join it, but not play, altough you should not be able to join subbed rooms if you are not subbed. ( obviously. ).

My profile. ( for verification purposes. ) - https://tryhackme.com/p/Kurisuti.

More explicitly, you can join any subbed room , but not play, with. https://tryhackme.com/jr/<ROOM-NAME.>.

Everyone has them

?.

We all have recommended rooms even if not subscribed

the problem is that once you visit the url of a premium room

then you can't leave the room

and you're automatically added to it

@covert kernel Exactly!

which is pretty annoying

@heavy wyvern I do not mean recommended, I mean joining even though you should not be allowed to.

And after, you cannot leave them anymore.

We are aware of that issue 🙂

It will be probably be fixed soon™️

@heavy wyvern you forgot a T.

Room: Linux Challenges, [Task 5] #8

... which is apart of ...
This is maybe "which is a part of" ?

@violet oxide did you use the firmware version on Github? Or did you download it from the Linksys website. I had to go and change some things recently and that would affect the answer to that question
@hazy stratus I downloaded it from the link at the room

ill take a look at it tomorrow ^ thanks for letting me know

No problem, it is a great room btw

Hello, I am currently doing the WebAppSec 101 room and connected to the machine, but I cannot intercept the traffic through BurpSuite. I cannot access my machine if I set the proxy settings on. Any Suggestions?

that seems more like a #room-help question as its not a bug. @sharp garden

@fresh tide Ok. I am new to this 🙂

XSS room - is it broken or not ? dom-xss question where you have to change background color to red ?

posted this on #room-help , felt like a bug so posting here:

is carpe diem 1 not available when I click join room it says "Uh-oh! You are either already in this room or are banned."?

solution is: do a post request manually with roomcode to leave the room. then join again.

Hi guys, I'm having issues RPD-ing into the machine with the default creds in room https://tryhackme.com/room/windowsprivescarena

username: user
password: password321

Although the other creds

username:TCM
password: Hacker123

work.

Not so sure is it suppose to be like that?

xfreerdp show me an error message about

u:user p:password321 ERRCONNECT_PASSWORD_CERTAINLY_EXPIRED

Ah, I have just tried accessing this machine and you're right. Let me contact TCM and make him aware.

Thanks!

Actually, I've managed to fix it - give me 2 minutes and if you redeploy you'll be able to login normally.

cool, tnx

cool, tnx
@queen wren I just checked - Its all fixed now:)

Just out curiosity what was the problem skidy?

The password expired on the machine. I logged in, set the password not to expire and recloned the upload.

@rugged ermine On the room creation notes, can we add (where allowing ICMP is stated) to check if a Windows password needs to be set to never expire.

Anyone else having problems losing the CONTROLLER.local domain controller on the new Kerberos room? Both SSH and RDP refuse, when running Rubeus.exe on the machine. Get a "Error resolving hostname 'CONTROLLER.local' to an IP address: No such host is know", while the IP is in the /etc/hosts

Might have to reboot the machine and try again, SSH froze too 😄

hmm thats a new one? there should be only one area where that may happen

Ill pull up an instance and see whats happening

The first Rubeus.exe harvest ran fine

are you trying to password spray with rubeus?

Yeah, the brute /password:Password1 /noticket

so theres no question on that attack for a reason aws does something weird with the dns config of the machine and for that specific attack and no other does it give an error

Really cool room by the way.

so there is no question relating to that attack only knowledge there

Okay, I will try again and reboot the machine as my SSH froze.

If theres still problems let me know it may need a bump again. Enjoy the room

👍

Thank you for your help.

Machines dont have internet access however the corp room task 3 question 2 wants the user to download a powershell script from the internet which is not possible on the machine

@stone flint IIRC this is yours

While you’re at that^ the next command also misses a step that you have to “. ./invoke-kerberoast” in ps which most people probably wouldn’t know without explicitly being stated

Who said you need internet connection to download 'em on offline machine?

hi, i have submited the query a few weeks back regarding a room linux challenges. the room was free when i joined it but later was made subscribable only so it is now showing in my room and counting as an incomplete task in my bucket can someone please look into it

@stone flint I think they mean the room instructions -- the command you've given is to download directly from Github, which you do need an internet connection for.

Yeah because I had internet connection on my system, Its a direct link from github because I didn't created that powershell script.

Maybe its better to add a new section showing how to download that script/host on there system and then download to target system.

Sorry I forgot it was suppose to be beginner friendly 😄

Aha, fair enough. Yeah, why not just add a couple of sentences before that saying to download it to your own machine, start a python webserver, then download it from your own IP?

The powershell script would be nearly identical -- just changing the address and path

There's a bug on the config file

I created an account and i can't download my config file

Try switching servers and regenerating?

I already tried

Ok. @sly raft, I think this might be your ballpark just now?

got it now

thank you

It's working?

Yeah i change the county

*country

Thank you

Might sound crazy but is it doing it on purpose?
@covert kernel lmao. It really was

I still can't access the "My rooms" page. It's been like that for many days.

mind opening devtools and checking the console/requests after refreshing on that page?

Try checking in dev tools for my rooms if you are having this:

Request method:GET
Remote address:172.67.69.208:443
Status code:
504
Version:HTTP/2.0
Referrer Policy:no-referrer-when-downgrade```

@short jackal @fresh tide

Request Method:GET
Remote Address:172.67.69.208:443
Status Code:
200
Version:HTTP/2
Referrer Policy:no-referrer-when-downgrade```

not the culprit

any errors in the console?

gimme 2 mins

errors like these:

Resource URL: https://assets.tryhackme.com/css/bootstrap.min.css
Source Map URL: bootstrap.min.css.map```

not like this

these are usual

oh

well i was facing the same issue but i was having 504 on "My rooms" skidy fixed it for me

we're looking for an error from the room list parser because the api response is 200

unless the response is 200 but empty

check the response headers?

oh wait, I think I found what @fresh tide is referring to, one sec

the response that you sent was for rooms not myrooms

api

Request Method:GET
Remote Address:104.26.10.229:443
Status Code:
504
Version:HTTP/2
Referrer Policy:no-referrer-when-downgrade```

I just clicked "My rooms" in the sidebar

yeah ^

I didn't fiddle with the url or anything like that

umm i think mention skidy for that? as he is the one who fixed it for me

yeah

@frosty cape site broke

Site didn't o.O

I just clicked "My rooms" in the sidebar
@fading laurel Fixed for you

dayum

thanks

yeah can confirm

The fix is going live this week

Small UI bug:
On /rooms when you go to page 7+ and then filter for completed the page controls don't switch back to page 1 like they do on hacktivities

Answer regex

Sometimes produces some interesting results...

If you go on manage rooms it says that the assign tasks page has been removed, but if you go to the tasks tab and you don't have any tasks yet, it will still link you to the assign tasks page confusingly...

I was working on the room Blaster today, when i connected by RDP there was a shutdown error showing and the background wallpaper was missing and when i checked for the internet history that was gone too.

I restarted the room but it was the same.

@pseudo quarry machines do not have internet access

and it is not required to execute the programs

Blaster is required to have an Internet History, if you've read the questions in the room.

i've completed the room

and It is not required at all

@pseudo quarry you have an answer showing

yeah but browser history can be accessed without internet connection

(and i had to delete an answer)

It isnt required if someone has completed the previous rooms

yeah but i could not access the history

thats what im trying to say

The m/c might have been compromised by someone or may have lost data due to some other reason. After completing the room i had a look at the writeups and they had different visuals than the active m/c (like the file hhupd was out of the recyclebin and no history) thats why i thought maybe i should inform.

Python Playground room, showed a list of all users who are in the room, instead of "260 users are in here". On refresh of the page, it is not reproducible.

Not a bug on THM, but one that users will likely face when doing CTF challenges. If you are in the UK on sky broadband, for some reason, the Stegsolve website is blocked and when you use wget to download it, you'll actually download the error message from sky broadband. Workaround is simple, use a VPN and it'll work.

@scenic dirge that'll be parental controls.

yeh, most likely. I haven't set them up yet, because I just VPN when I see it 😛

Hey, I'm having some problems with the LapLANd machine in the Advent of Cyber room. I'm connected via the VPN but can't access the machine. It refuses my ping scans, and I think it isn't supposed to do so. Can someone help me, please?

#room-help the VM isn't broken @lunar pine

the ip copy button is not working

what do you mean by "ip copy button" @sharp portal

@cinder crow it was added very recently

But copy to clipboard is very browser dependent

I apologize in advance if this is the wrong channel for this as I am new here and to tryhackme. I'm currently in the learning Linux room trying to ssh into the machine I need to and can't find an IP Adress to use for the ssh. All it says is ssh shiba1@machineip. Am I just blind and missing something. Thanks for the help

@trim lily #room-help

You need to click the Deploy button.

Thanks for the help and pointing me in the right direction for discord!

Hey, is this the right place to to report a...it's not quite a bug, but zap has a deprecated alert: https://www.zaproxy.org/docs/alerts/10016/
which is expected to be used in RP: Web Scanning, no 8 in task 3
I was very confused trying to figure out what I'd done wrong

The reset password confirmation is confusing ."Reset the token"? How about "reset your password"? "If the user exists, then you will receive an email containing instructions on how to reset the token"

Hey guys i don't know if it's the right place to put it but there's a discord bot that i think comes from this server that sent spam, it's the second time. Anyway i don't know what you could do about it but i just wanted to make you aware of it

Yeah, thanks @frail briar
Another raid

We're requiring verification to send messages later 🙂

@frosty cape Do VMs now deploy with 2 hours for subs?

Without clicking extend, I'm starting with 2 hours

Huh, I thought I had just clicked extend without realising

Yess it's 2hrs for subs now :))

Welp that's going to get expensive IMO. Can we extend before 1 hour now?

We cannot.

Is it worth testing hackpark to see if it dies after an hour still?

you should still be able to extend

yeh worth a try

See you in an hour

@sly raft @frosty cape Currently sat at 1 hour and 2 minutes into hackpark being deployed, and it hasn't shut down.

Ok, as I said that it shut down

hack park still dies i think? i had issues with it earlier and decided to give it a few before i tried again

Yeah it does

After an hour, even though it's never sent the signal to shut down

👍

[Typo] Linux Walk Through: Task 29
Small typo for this sentence. Linux has the exact same thing, except their called directories. It just needs to be corrected to Linux has the exact same thing, except they're called directories.

Not really super dooper important, but a quick fix.

@covert kernel fixit fixit fixit

Tutu tu

I shall rush with fire and fury

to fix

Is the point system meant to wait until you tick over a single point past the final amount for a level before it grants you the next level?

can confirm that the hackpark room does die at one hour, happened again

Anyone can help in Webgaming please

I'm new

@olive drum i have some context regarding that bug, I saw that You(the current profile), the creator is mandatorily added to the board even if u and creator didn't finish the box.

@ebon oyster this creators getting added to their own rooms?

@ebon oyster i am a bit confused... can you expand on that a bit?

Yeah so even if the creators have not completed the room, they are in the scoreboard. there are instances when their scores are zero, but they are there in the scoreboard

I saw that in couple of boxes, let me check if I can find one.

Nevermind, the boxes I marked for that in my notes, don't have this problem currently. I remember willow and cherryblossom had this entry for MuirlandOracle with zero score.. But now it is fixed it seems.

sorry for the tag.

I am not sure if I misunderstood something or something went wrong :/

i loooked in the .bashrc too. seems there is no command flag11

#room-help @crimson delta

So i guess its not a bug, okey thanks 🙂

@runic wing please read the channel names and descriptions, then post in the appropriate one.

Noted, Sorry

Came upon this after in-browser VM has expired https://remote-eu-01.tryhackme.tech/#/manage/mysql/connections/

not sure if intended

I think there is a bug in https://tryhackme.com/room/node1#, I cannot download a required file

@broken shoal, that room is a deployable instance, nothing to download

@urban flame Understood, It is a download from the webserver it hosts

i use the jwt_took to detect the vul from jwt but i got the thing that it's not vul at all. could someone check it >?

it is task 18 in ZTH: Obscure Web Vulns room.

@covert kernel

Come be useful 😁

Huh?

JWT is just a token

It can't inherently be vulnerable

@broken shoal Yeah, I had the same issue, what I did since this is an HTB machine, I looked at the HTB writeups and proceeded from there.

@median sapphire dang it, I really wanted to avoid a write-up

@covert kernel but the application was turn on the bug for this.

Same, but the file doesn't really want to download 🤷

Why change password of yotf challenge?

It's autogenerated - prevents it being shared

ok thanks so the files inside are still the same?

Yes (:

thanks

@orchid remnant found that thing I was talking about.

and the 10th person is me. The current profile.

Oh, that's a choice of the creator

Not a bug really -- it's the only way we can deploy to test

We have to join the room ourselves

oh ohk.. then cool

but then again..

i get that u have to join the room, but that doesn't mean that u have to be in the scoreboard right?

That scoreboard doesn't matter for prizes, I assume you're aware?

no @spiral flame this is context to the bug in bug submission

Scoreboard for room Anonymous is broken. Displaying only 8 completed users while room has 1k+ joined people

Yeah so the sorting is broken

I assume it's putting Tyrael on there?

yeah so that's what I was saying, if the creator is there in the room, even if he has 0 score, the scoreboard shows the creator mandatorily.

@topaz venture More details for the bug you submitted

this one @spiral flame ? https://discordapp.com/channels/521382216299839518/685858111952781324/722381181357654136

@topaz venture Sorry, thought that was you lmao

Hehe all good ^^

We can't add the info to the message, only @olive drum can

I tagged swafox but coudn't give an example then. So maybe now u can tag?

maybe a bug maybe not, seems as if every time i terminate a machine and re launch it, i also have to relaunch openvpn. happens everytime. idk if this is supposed to happen but there ya go

It's not meant to, but it doesn't happen to me

eh, it's easy enough to deal with. i just get lazy having to type in my sudo password every hour lol

Grammatical error in the Common Linux Privesc Room. Task 6: Understanding/etc/password format:

Please note that you need to use the passwd command to computes the hash of a password..

@ebon oyster added more info to #685858111952781324

thank you for coming back to this and explaining more

Grammatical error in the Common Linux Privesc Room. Task 6: Understanding/etc/password format:
@unborn elm where's the error?

to computes the hash

Ah, sorry, I'm blind

Done 🙂

Haha there you go :)

when i lunch THM Kali i got error "Connection Error"

The remote desktop server is currently unreachable. If the problem persists, please notify your system administrator, or check your system logs.

when i lunch THM Kali i got error "Connection Error"
@worldly pagoda happened to me yesterday i just terminated it and started it again

The remote desktop server is currently unreachable. If the problem persists, please notify your system administrator, or check your system logs.
@worldly pagoda If this happens, wait another 30 seconds and click "Reconnect"

Unexpected...
I'm 1'st level lol 😮 (just 200/200 points)

refresh?

Good old [object Object]

it's no use

Open your browser console and screenshot any errors

Not a bug but spelling mistake, maybe fix this?

Hacktivities sort by newest still doesn't sort by release date @frosty cape

@spiral flame Console told me that it's a error in which CORS request did not succeed (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default)
And as I suppose, the main culprit is my AdBlocker

Screenshot @plush umbra

Just saying it's a CORS error doesn't really help

screenshoot

UPD:Tried with android - same thing

oops

1. Please stop using Windows 7, especially for security related stuff

2. Any chance of a screenshot in english?

This?

No. Of the console.

That's still a Cyrillic language, not English

Try a different browser

me language

@spiral flame It's parrot and chrome now

@frosty cape something is broke

What is?

Is this for 1 user?

Yep

It's parrot and chrome now
@plush umbra Whats the error sorry?

CORS error? Whats not loading for you?

the level isn't loading properly afaik

Ah ok, @plush umbra whats your THM username?

Let me see if its a bug on our end

@frosty cape CORS error was in firefox (android + win7) but with parrot and chrome there was another (maybe ?);
As szymex73 already said, my level isn't loading
And yeah, my username is same (Chronitron)

https://tryhackme.com/room/hydra
the post web form command doesn't have the ip

and to have it the same 'syntax' as the example ssh hydra i'd suggest maybe:
hydra -l <username> -P <password list> <ip> http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V ?

Maybe the XSS filter broke it, I wonder

No, it's just downright missing the IP 😁

And the wordlist, for that matter

@frosty cape Offensive pentesting path, task 2, mentions metasploit. The rooms have descriptions that state you should try to avoid metasploit, so it kind of contradicts itself.

Fixed, and I switched out <ip> with MACHINE_UP

@frosty cape I'm banned from https://tryhackme.com/room/welcome#

But I fixed it with a jr link

Grammatical error on Web fundamentals: Task 2:
https://i.imgur.com/kP9j6i6.png

request that load a website

@unborn elm Fixed

<3

@frosty cape i did but still can't connect

I write an answer, but it does not allow the nightmare

@unkempt dome wrong answer

ı wrote true answer

#room-help

Idk if I made a typo or if the website has done something wrong but it accepts postgresqql when it should be postgresql

It’s a regex match

So there’s room for error

https://tryhackme.com/room/xss
On task 8.2, Filter Evasion, I successfully managed to produce an alert on the page that says "Hello" but I am not rewarded with the flag.

RP: Burp Suite; Task 7- Question #4
https://i.imgur.com/ibE5yC2.png

It asks a question but no answer is required.

@rugged ermine

Strange, I'm going to have to check that

Nvm, the dev screen for that is bugged

room: https://tryhackme.com/room/blueprint
ntml hash :)
https://i.imgur.com/fz8yV7O.png
@earnest solar

@cinder crow task 1 typo Attack Privilege Requirments near the bottom

fixed thanks james lmk if you find anything else

🤔

Hello, in the Introductory Research room there is a bug at Task 3 Number #4.

https://tryhackme.com/room/introtoresearch

It asks for a 2020 buffer overflow CVE but the answer is in fact a 2019 sudo buffer overflow CVE.

The CVE was given a cve number in 2019 but only made public in Jan 2020 (:

Oh I see..

It would actually make sense to put 2019 instead, but hey..

Because it was there even before becoming public. UwU.

CSRF tokens borked

That's from trying to login

Firefox Android, version 68.9.0

i'm stuck with a cipher! any tips ? i found out 2 .txt files with similar text inside. tried base32/64 hex cant find anything that helps

just looking for a tip to help me continue

#room-help

@zealous mason

ups 😄 haha tks

I think this also affects other users..

Also the EU #1 VPN file will not generate for some reason.

Only the second one is available.

@covert kernel https://discordapp.com/channels/521382216299839518/559443389058252800/723853906924404747

so in the hacktivities page, I see the /hacktivities response which contains exactly 200 rooms And it does not have pagination which is bad and I went to the 20th page there was no second request for fetching the rooms. But weirdly, in the dashboard i can see: 214 public rooms. Where are those 14 public rooms?

so in the hacktivities page, I see the /hacktivities response which contains exactly 200 rooms And it does not have pagination which is bad and I went to the 20th page there was no second request for fetching the rooms. But weirdly, in the dashboard i can see: 214 public rooms. Where are those 14 public rooms?
@ebon oyster Weird, investigating this. Thanks for reporting it.

@worldly pagoda If this happens, wait another 30 seconds and click "Reconnect"
@frosty cape It has happened all day to me. I have terminated multiple times and it still does it. Any new info?

@frosty cape It has happened all day to me. I have terminated multiple times and it still does it. Any new info?
@gilded swan Whats your THM username? Let me take a look

Shandyclare200

So you deploy the machine, and even after 2 minutes after its been configured, its showing a connection error?

I can wait exactly 2 minutes if you would like me to. After it loads, it always comes to this picture. It has been working fine previously. I am not sure what is going on now.

Would you mind waiting another 1 minute?

And then click "Reconnect"

It works!! I am not sure how I got it up and running but it is finally working! Thanks! I have been trying all day lol

Wait sorry, did waiting an extra minute work?

Skidy: can you wait a minute?
Also Skidy: wait... waiting a minute worked?

😂

Ah no, the message sounded like Shandy had just re-deployed and it worked (rather than waiting a minute) aha:)

Hello, in the HackPark room despite the new timer at 2 hours, the box still seems to go down after an hour. Has happened 2 times now

that’s just hackpark for you don’t know what to tell you I believe it’s been asked to be removed but nothing has come out of it

Ah okay, well at least I'm almost done with it lol

Hello, in Ninja Skills one of the file is missing or unreachable. Could you have a look?

Dose somebody have minute for kali bug? Can i dm?

I need help

just ask your question in #site-support

Thanks

Dose somebody have minute for kali bug? Can i dm?
@covert kernel Don't ask to ask

i get connection Error on THM Kali

should wait ?

Give it one or two minutes and press “Reconnect”

hmm 2 mins need for initial and two mins for reconnect hmmm

Accepting a writeup

@celest bronze What rooms is this for?

Let me investigate

The Impossible Challenge

Now no pages work for me, I have to clear my cache @frosty cape

same here

Cache didn't fix it, it allowed me to login but getting the 500 error.

figured out the issue 🙂

fixing it in a second 🙂

Works again 🙂

There's a small rendering glitch on the badge's page (https://tryhackme.com/badges) when the notification tray is open:

"small"

Submitted, that's an OOF (reproduced here on chrome)

Ah no, the message sounded like Shandy had just re-deployed and it worked (rather than waiting a minute) aha:)
@frosty cape I am not sure what happened. I had tried to deploy it and then I went to another page without terminating it. I had spoke with you on here about it and then when I went back in and tried to re-deploy it, it was already up and working (because I did not terminate it). So, waiting a few minutes after it says that there is a connection error seemed to be doing the trick. Thank you again for the help!

The connection criteria doesn't meet :(. When I click the dropdown and select OpenVPN, it just redirects to the access page
https://i.imgur.com/hleumPD.png

Bug reproduced, submitting

Ah, (I might be wrong CC @sly raft) but I think you need to download your connection pack to that to be marked as complete.

yess you're right :))

Change it to Complete the welcome room or openvpn room?

Might be good, since it applies retroactively to all users (not all but many who are already actively using the site)

From yesterday, T16 Q1 of ccpentesting instructs user to just provide the url of the instance. However, at least the recent versions of sqlmap require more arguments to get the answer expected. Can I PM you @covert kernel about this and a typo from user feedback please? (:

Bby you can always PM me @topaz venture

I ship

Gnarly, will do shortly

Sav

e

Oo that's horrible. Updating that now

RP: Burp Suite write up by Holmes: The link to the write up leads to the tryhackme sign up page.

Uh-oh! You have had your machine deployed for too long. new Restriction for THM Kali ?

@unborn elm Because that is not a writeup, it was a flag for a CTF that THM was sponsoring.

That's not confusing at all.

Cool idea though.

I would've thought that would be taken down by now 🤔

I have to edit those, takes a little bit of time as some of the room editing screens can get reaaaaal laggy with a lot of users

Fixed it

Uh-oh! You have had your machine deployed for too long. new Restriction for THM Kali ?
@worldly pagoda You can only have your machne deployed for a maximum of 5 hours.

Hacking with Powershell - Task 2: "To get the full list of approved verbs, visit this link."
https://docs.microsoft.com/en-us/powershell/developer/cmdlet/approved-verbs-for-windows-powershell-commands - 404 Not found. Microsoft moving documents around on their support site as usual

Updated link should be: https://docs.microsoft.com/en-us/powershell/scripting/developer/cmdlet/approved-verbs-for-windows-powershell-commands?view=powershell-7

updated - thank you 🙂

lfi - Task 2: https://i.imgur.com/2Ir8diU.png

don't think the </code> should have been rendered ?

@orchid remnant I think you can fix this quicker

Hello, I found a broken link at the write-up section of https://tryhackme.com/room/steelmountain. "Steel Mountain - Write Up by HoodieSznd5" is broken.

cough muir this one's yours

Fixed and fixed

Cheers muri

https://ratelimited.me/qSD2nW21Gd1D.gif

/pages

the pages aren't upating properly

steps to reproduce: go to the last page that has 10 rooms, check the rooms completed mark and the buttons are still active

Attacking Kerberos VM is slow. Add more RAM.

Task 3 on Attacker Kerberos does not work.

Funny, the 43 people who already completed it might disagree with you there...

When you try to do password spraying it can not find the CONTROLLER.local domain. You need to add the CONTROLLER.local to the hosts files via: echo <IP> CONTROLLER.local >> C:\Windows\System32\drivers\etc\hosts

That's common knowledge

@orchid remnant Well this is the third time I have went into this room and ssh into the box is slow

no it's not

It is.

IT IS NOT.

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

It's also explained in the task...

Right there

RE READ MY BUG

you would seen I said C:\Windows

Which one?

Mhm? Your point?

it is a bug

You are using Windows.

@cinder crow do us a favour would yah?

The point I am making is that it is a walkthrough room. So someone new is not going to know that they need to do that.

I almost hate subbing bugs, bc seems like you just get harased

#522158404614225920

@tired solar hey sorry I just woke up let me see what I can do

I’ll look into the task and I’ll talk with the admins and see if they can give it a bump

All good, just trying to improve the room experience for someone who might be less informed on they might need to do that to run the tools.

thank you for pointing it out

❤️

thanks for making it. It is a important skill to learn for internal pentesting.

For sure, Windows rooms are quite notorious for requiring resource boosts so if that's the case needed here I'm sure the admins will take a look

@tired solar that attack was never meant to be executed on the host it was only as a demonstration because of how aws likes to bork our vms

interesting

how do you feel I can point that out more clear

you could add that step in and it would allow the user to do it

so have the user add the ip to the windows hosts

Something like .... In order to execute this command we need to add the CONTROLLER.local to the hosts file in windows.

to do this:

echo <IP> CONTROLLER.local >> C:\Windows\system32\drivers\etc\hosts

It worked on the windows host after I did that

@tired solar ok I have added the step to the task and the admins have bumped the machines resources

thank you!

This is supposed to happen?

This is supposed to happen?
@heavy wyvern Please terminate and re-deploy the machine.

Im working on a fix for that weird error.

All good now, but how's that I'm using the machine in browser as a nonsub?

@heavy wyvern it's not the kali machine

If the creator asks Skidaddle nicely, we can add in browser to any of our rooms

Skidy*

hello, I need help on the lab HYMNE

we dont have a lab HYMNE and this is not the right place to ask for help #room-help

ok thank's

however that lab is not part of tryhackme so the only place you could get help in this discord is #general -- #room-help is reserved for help with tryhackme rooms

Openvpn sometimes throws me out randomly..

#site-support

Hello, there is a broken link at write up section: "TryHackMe-Alfred by HoodieSznd5" ( Room: https://tryhackme.com/room/alfred )

By: HoodieSznd5 ^^^

By: HoodieSznd5 ^^^
@fresh tide What do you mean? :>

oh nvrmnd. i didnt noticed you have already mentioned his name

my B

🙂 ok

Bug w/ new "let's get started" path. Connect To Our Network will not complete.

It bugs my OC-CDO. 👀

Currently that's a known issue. If you download your config, it should mark as complete @thin forge

Thx. I was super confused as to why it didn't think I had done it

Cookies, on firefox at least, are in storage, not Application

@pine quiver Room?

oops: https://tryhackme.com/room/avengers

In that one Bob, check the local storage.

As well as session storage.

They weren't in the cookies for me.

That room needs an overhaul IIRC

I found it, but what I'm saying is the path to get to cookies was open dev tools, click storage. But it says open dev tools, click application

Yea, it's outdated.

also, smaller one on task 3, should be is

On the room manager the task preview doesn't update until another task is added/removed

help

...

yikes

who needs flags am I right

the flag is joining the room

On the room manager the task preview doesn't update until another task is added/removed
@severe idol That's annoying, let me take a look into that. Thanks for reporting.

@severe idol That's annoying, let me take a look into that. Thanks for reporting.
@frosty cape can you also fix the question system? (See vid above)
Thanks!

@frosty cape any update on the pages bug I posted yesterday? I think it might've gotten buried because of the discussion that took place here yesterday

https://ratelimited.me/qSD2nW21Gd1D.gif
@short jackal Ah, let me fix this one too:) - Thanks for reporting.

any update on the pages bug I posted yesterday? I think it might've gotten buried because of the discussion that took place here yesterday
Fixed locally, change will go live Monday.

If you join a Koth game which already ended (clicking a link from the Koth channel) you are added to the game with 0 points

which in turn shows that you participated.

Submitted

Maybe set all join invites to redirect to the spectator link after the timeframe is up?

My strak is stuck at 12 pls halp

🥺

@covert breach pls ask for help in #room-help and be clear about what the issue is

Anyone have this bug when upgrading their shell?

Running Ubuntu 20.04.

Github version.

It’s an issue with metasploit and not the room. Try restarting metasploit. In some extremes you may need to restart your OS also.

@covert kernel What room are you having difficulties with? 🙂

XSS task #8 q3 wont give the answer with the payload used in q2

Room UOPeasy https://tryhackme.com/room/uopeasy should be SQL injection

SQL is often pronounced sequel.

Pronounced yes. But it's still a bug

Indeed.

@orchid remnant fixit fixit fixit

only the professor can

Yeah, that's going

Giving handy manny a run for his money Muirl!

@winged jackal no

Done

Muirland and the admins can edit rooms @winged jackal

https://giphy.com/gifs/pusheen-5ArJanyCfxgiY

Muir is a mini admin anyway

😮

talking about SQLi....

know your meme

https://www.youtube.com/watch?v=JYc05gZFly0

cough cough

talking about SQLi....
@olive drum Almost done Swa 🙂

yay! :)

Room: https://tryhackme.com/room/thecodcaper

Task 8 - invalid command AS-IS: python -c 'import struct;print "A"*44 + struct.pack("<I",0x080484cb")'

SHOULD BE: python -c 'import struct;print "A"*44 + struct.pack("<I",0x080484cb)'

This " at the end is to much.

I checked few days back Blaster machine's history got expired. How long it takes to be updated ?

Room: https://tryhackme.com/room/hackpark

AS-IS:
#1"Our netcat session is a little unstable, so lets generate another reverse shell using msfvenom." If you don't know how to do this, I suggest completing the Metasploit room first!"

SHOULD-BE: #1"Our netcat session is a little unstable, so lets generate another reverse shell using metasploit." If you don't know how to do this, I suggest completing the Metasploit room first!"

Cause: As a reader I think the msfvenom is a part of the "RP: Metasploit"-Room but it isn't. So I think it's better to replace msfvenom with metasploit or meterpreter.

Hey, new here. New to all this cyber stuff. In the room [Introductory Networking] under Task 6 ping. The question is to ping blog.tryhackme.com and submit the IP address. When I do so it doesn't recognize it as a correct answer. I tried an IP lookup and i'm pretty sure I'm submitting the right answer but it doesn't accept it.

That's currently a known issue with the room

@orchid remnant any update on fixing this?

Yeah, trying to find something that isn't behind cloudflare...

I think streaks might still be weird

I had 0 streak, changed to 3 when I answered some qs

Dark, can you do something about the XSS alert on RP Web Scanning? Probably either pop the answer as a hint or remove the question. The alert is deprecated and people keep asking questions about it because they can't find it

hi, @raw karma i think there is a bug in Cross-site Scripting room (Filter Evasion - Challenge #2) after producing "Hello" pop up no answer 32 random code has been passed ... would you please help to resolve this issue it's my last question.

You, uh, know you just pinged the bot, right? 😁

As it is, that room has issues -- I think a few people managed it recently, but it's up to be redone 🙂

Anyone else had issues with Steel Mountain? I think my machine keeps restarting

why do you think you machine is restarting?

If the machine isn't restarting the services certainly seem to be

My shells drop but more importantly the web services seem to stop on the machine

So I can't load pages on either of the HTTP ports

I've tried terminating the machine and starting a fresh one

Maybe it's something else... The server uptime for the file server roughly matches the uptime of the machine =\

I don’t know about the web server dropping it shouldn’t and nothing has been updated that I know of that would Bork it and iirc the shell is unstable and needs to be upgraded

Yeah you're right, I'm just struggling to maintain the connection long enough to do that. All good, I'll keep working on it. Also, just realised this may have been the wrong channel to post this too so my bad on that one. Thanks for the help 🙂

The room scoreboard don't properly keep track of what position you finished the room in

I think this is because it's ordered by when you joined not root time.

i mad

Nope, now I even more mad

Hi @winged jackal, what's the tool you use for gif recording? Do you have a favorite?

i use OBS to record and convert it online :3

Oh.

Thanks, I'll give it a try.

Hi, pretty sure this is a typo in the "Intro to x86-64" room?

Room: https://tryhackme.com/room/hackpark

The machine always goes down, short before the one hour mark.

That's currently a known issue, and is being investigated

Do some have the possibility to run winPEAS.exe right now? Do winPEAS still deliver "Original Install time" information?

From my point of view, it doesn't with my current priviliges.

? #general or #room-help

I think the goal of asking here is there is a question in a room that asks you to run winpeas and submit the original install time as an answer

@storm lichen That's a question from HackPark. winPEAS.bat has this information.

@storm lichen That's a question from HackPark. winPEAS.bat has this information.
@covert kernel I did it with the winPEAS.exe file and at the result the information isn't there. Currently the bat is running.

Executing the *.bat file deliver the right information. So there is a difference between winPEAS.exe and winPEAS.bat.

https://stackoverflow.com/questions/2115651/difference-between-com-exe-and-bat

Exe is compiled. Bat is equivalent of a sh file in that it’s just doing cmd commands and running them one by one

There's something really wrong with adding questions at the moment, I think @severe idol identified it earlier. I currently have a question that I can't delete, and I can't create questions after it that have answers or hints as Add Hint or Add Answer seem to affect the question that I can't delete

Yes questions are completely broken

https://stackoverflow.com/questions/2115651/difference-between-com-exe-and-bat
@pine quiver 😛 really ? -> I was referring to the output. Not the difference between a batch script and a compiled versions. If you follow the github link, a user expect that the exe is the compiled version of the bat file, but currently it isn't.

i seriously think theres an issue with steel mountain. i had to reset the box to get an initial meterpreter shell because it kept hanging although all settings were correct. checked multiple times. resetting the machine would eventually let me to get past this part. Then when trying to restart the service needed to run the final exploit, it would die halfway through the reverse shell. Something very odd is going on. Ive been checking walkthroughs, and redoing steps over and over where everything feels right, but its doing some really weird stuff

I've rechecked steel mountain several times lately. The room is missing some instructions, as your msfvenom payload should be an exe-service otherwise you will get 1053 errors

Other than that, it's been stable for me

@rare wraith try changing to a different VPN server, as someone had an issue like that recently

is there a difference to setting the payload as exe or exe-service?

Yes

A windows service needs to tell the OS that it has started correctly. If it does not, windows kills the service and you get a 1053

exe-service tells the OS, exe does not.

oh ok

how do i specify that in the msfenom payload?

yea i was getting 1053 errors and setting it as an exe, so this must be where my mistake is then

#room-help I'm explicitly banned from helping people at the moment.

lol james what happened?!?!!?

T_T

well thank you james!

this saves me alot

because the walkthroughs i saw only used the exe version and it worked for them

weird

like mayors

and in the rooms image

of the shikata ga nai payload

alright.. well now i got the payload working since its not giving me the service error, but my shell is just like frozen, it shows that im connected but nothing happens

been sitting here like this for 3 min

i can still type but nothings happening

#room-help please

is it not a bug?

ive never seen a shell connect but then be stuck like this

not a bug, happens often if you do something incorrectly

i feel like something is off

oh ok

james also said he did that box recently and it worked. I have done that box within a week ago and it worked for me

i mean i got the right lhost and lport otherwise the connection would have never came backl

hmm

sorry though, ill move over!

I'm unable to login into my kali machine, it's saying credentials are invalid can someone help? I used
username- root
password- Tryh4ckm3

Shut it down and restart it. It should work.

It didn't

I can ssh though

so i think credentials are correct but there's some other issue

can't view the log file in the dogcat ctf. I only get the following message: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 104106104 bytes) in /var/log/apache2/access.log on line 1

Capitlsiation bug. On the terms & conditions, the capitalisation is not uniform across all headers: ```
What do we use your data for
How Do We Store Your Data
About cookies
Fullstory Cookies

Don´t know if this is the right spot to say this but I think that someone erased the IE history in the room Blaster, which complicates the finding of the CVE

Known issue

@tired vapor

Oh okay, thanks!

https://tryhackme.com/room/brainpan
description does not make sense: find a buffer overflow overflows

Fixed 👍

CC: Pentesting Task 4

theres no man page on kali for gobuster, maybe link it or at least point it out in the room?
https://manpages.ubuntu.com/manpages/disco/man1/gobuster.1.html

@covert kernel fixitfixitfixit

I can't find flag in "Plethora" room in #4 JuiceShop.

I want hint if anyone solve this task

#room-hints or #room-help @frosty jasper

Although if you’re really Mr. Robot this should be a walk in the park for you 👀

However you cannot get the flag the intended way as the ||template injection RCE|| does not work as the webapp is running in a docker container. It's a known issue with the room and juice shop.

@frosty cape How much dev time would it take to add room testers to the list of people that can add known issues? At the moment, there isn't much point behind known issues as users can't add them and creators often don't find out.

RP: Web Scanning - Launch ZAP, what option **to** we set.. should be what option **do** we set
https://i.imgur.com/uWl5eFS.png

Bot bug: bot doesn't mention the user properly in #648878292551598080

seems to be a discord error it appears fine for me

discord go brrrr

Yeah that's a discord issue, it's a really strange one that we don't really have a good counter for yet

Problem with What is the most likely operating system this machine is running? question in the Reconnaissance part of Vulnversity room

The hint there say using nmap -O would return the OS name of the OS running the server whereas nmap -O actually returns only the OS family not the OS name

it is the OS name.

Linux distro != OS name

Then the answer needs to be corrected cause it expects Ubuntu not Linux

yeah, but ubuntu is the most common linux distro

so it's pretty easy to guess

I guess it should'nt be though

also, nmap is not a perfect tool, so it can't always give you the right info

so in most of the cases you need to ~guess

Well doesn't change the fact that the question and the hint mismatch! I could've given the hint to look for the OS name in the scan result or it should've accepted Linux though

I personally don’t think it’s a problem considering the number of people who have completed it without any problems

afaik, unless Ubuntu implements the TCP/IP stack differently (which is probably a no), it's a random guess. It should be changed to Linux :U

or the question should clarify what it's looking for. You can get the distro from SSH fingerprinting/banner grabbing

that's true, but in the context of nmap -O, you're not getting a specific Distro unless the networking stack is implemented uniquely

hey there! In room blue at [task 2] I try to answer to the
Show options and set the one required value. What is the name of this value? (All caps for submission) question with ||RHOST ||but i getYour answer is incorrect.I checked the video and Darkstar has the same answer. Am I missing something or its a bug?

show options you haven't got the name quite right

@spiral flame ahh thank you! And sorry

||RHOST|| is functional, but it's not the actual name of the option in msf

Hey there, I can't nmap on Basic Pentesting room, any idea how can I fix it?

😦

#room-help @stray basalt

what do you mean you cant nmap

are you on the vpn

yes Sr

I cant reach my host through ICMP with no problems

but no nmap

😦

#room-help please, this doesn't seem like a bug 🙂

Use the following nmap command: nmap -v MACHINE_IP - If there is a webserver running on another port, go to http://MACHINE_IP:PORT``` in the FAQ. You should have a question mark on the `why not` part, I think, and it should be nmap -v -p- otherwise you may miss the webserver.

I think something's up with the THM kali, it takes over 5 minutes to boot

6 minutes total

^ it happens to me atleast 75% now. I posted here couple of days ago or general i forgot. But now definitely seems like something is wrong.

I think something's up with the THM kali, it takes over 5 minutes to boot
@spiral flame Really? Let me take a look there.

That's to SSH access, or to Guac access

Thanks for letting me know, I will investigate:)

does anyone know if the Blue machine have some kind of problem ? I am trying to exploit but it keeps failing

Just tried terminating and deploying a lot of times but no success

@hardy meteor #room-help

not a bug user error #room-help

tks

!dark

damn I was hoping it would pull up the “blue isn’t broken” quote

!dark

Also was trying to get the blue quote...

https://discordapp.com/channels/521382216299839518/610854557299376168/727311797777989653

im doing the linux priv esc arena im on the last task and i ran into this problem

should this go in #room-help instead?

Yes, it should! 🙂

Only if you're sure it's not a bug though

i mean there is no saying whether to log into root and do it since mount is the only usable with root but that defeats the purpose of the room...

TCM made the room and he uses 2019 kali which defaults to root so he doesn’t mention it @modern pike

Ahhh

Thanks

In room "Intro to x86-64" > Task 1 > Link 5 is not working anymore. For reference: https://www.radare.org/get/THC2018.pdf

In room "learn linux" goto tasks and go down to Task 9 and it says near the note

Where's the bug? @ember lotus

I thought it was a but , tophat cat told me its a short meaning for manual

is it normal that the new dashboard displays a different streak number than the streak number on the left menu?

Different between where and where? Doesn't sound normal

just something i noticed today, wanted to give a heads up 😄

Yep that's weird

Submitted that for you

In the editor, the Click to Select Task doesn't activate if you move the mouse slightly before releasing the mouse button

hi i don't know if its a bug or not but me as a user can generate any users badge id to the current users rank

The badges are just generated by ID

yes but is it okay if i can generate any users badge id like i go to your profile and generate your id?

I mean, why would it not be?

😅 okay..then its not a bug , i thought only i can generate my badge thats why i thought it as a bug sorry!

There's a Get Badge ID button on every profile even if you're signed out

oh.. okay...😅

It's generally spelled hooray

thats weird

Tried a refresh?

i am rank master, but i cannot even update my rank on thm discord too

What is weird about it?

yes, i am checking from last 30 mins

updates are automated now by the bot

yes, i texted the bot, it says rank updated but i a, still a lvl10

The two places showing different data would count as a bug to me 🙂

Question on Common Linux Privesc, Task 9 Exploiting PATH Variable, nuber 2 - answer is marked "correct" if ls is entered, but running the script under user5 provides a screen as if you just logged in rather than a file list:

but it’s not showing different data it’s simply a weird way of showing I believe it shows that master is the next rank

it is the same for me

Then isn't it missing the data on the right hand side?

It's certainly misleading

I think skidy got rid of it to simplify it

It used to be

-----------------------------```

no no, i was wizard before this, and if thats so then why my public profile is showing wizard

@sharp portal because your rank is level 10 the bar is just showing your progress to the next rank

Well, I agree it's misleading

> ---------------------------

i was following this order, hence got confused

@frosty cape maybe put something next to the rank in the level up progress bar to say next rank: level11.... as to not confuse people on their rank?

there should be 2 indicators imo current then next

it made sense to me but I can see how others could be confused

lol, i got excited after seeing that rank 11

I am doing the OWASP Juice Shop room and it said log in with the admin's credentials. I searched main.js for admin and then went to http://theip.com/#/administration and it just loaded the admin page right up. I am pretty sure it's not supposed to do that.

Maybe that is another challenge, but just going to the path is too easy.

Yeah, that is supposed to give me a 403 Forbidden, but it didn't and I haven't messed with anything yet.

THM didn’t make the box OWASP did so there’s not really anything they can do unless they go in and mess with things they might have done it to make it easier

Is blaster room broken for anyone?

The browser history being missing is a known issue.

Anything beyond that, I recommend heading over to #room-help

Thanks, also wanted to make it known here that it seems theres a connection issue as well. Can't connect to my box at all.

Hi I think I found a bug with some of the windows machines. Recently I notices that the timer on the machine starts at 2 hours instead of 1. The problem is now when the timer is just under 1 hour the computer will shut off. Is this a bug or am I doing something wrong?

@radiant hawk you probably won't be able to ping it, windows boxes ignore pings by default

@steady valley it's a known issue but if you have a list that'd be great. Skidy's looking into it.

Hackpark is the main one

I am doing the post exploitation room and it has happened a few times.

I think hackpark was the other one where it did that.

Another page button bug
Steps to reproduce:

• Enter hacktivities
• Filter rooms so there is only one page and the page buttons disappear
• Change the filter so there are more than one page and the buttons reappear
• The "Next" button is disabled

Expected behavior: "Next" button should be enabled

The room release date email gives a weird time. Email said 09:00GMT+1, calendar says 8PM GMT+1

which calendar?

Dark's google calendar @sly raft

(17th July for reference)

the web fundamentals card is smaller presumably because of the one liner bio

and the link for the offensive pentesting path is still OSCP which i thought the path was steering away from?

Public website : The footer has nav link Goals (https://tryhackme.com/goals), which just gives a 404 page

Day 23, advent of cyber, login page vunerable to a stored xss, i dont think its part of the challenge but i thought id report it.

sometimes you have level up but it will show when you have next level up

hi 😄

Can anyone confirm the PS Empire box works? I can't exploit it with the ms17_010_eternalblue? Also, the PowerView on PostExploit room seems to be buggy, it won't run the commands.

@covert kernel currently there's an issue where metasploit sets a HTTPS payload which doesn't work.
The most common issue with power view in post exploit is that people don't properly load the script.
I recommend #room-help for help with those two issues

@spiral flame Yes I know, so I changed the payload to reverse_tcp which didnt work either. Okay great, thank you.

Again, I recommend seeking some help first

Okay, thanks for confirming it's not the boxes.

Simple CTF seems really unstable, anyone else had this issue? Once a port scan is finished, the host stops responding and you have to redeploy.
@round cave the same here

me and my friend went to the koth and when we restarted the machine we couldnt login with ssh port again

sec@S3C:~/Desktop$ ssh <name>@10.10.196.187
<name>@10.10.196.187's password: 
Permission denied, please try again.

MACHINE : FORTUNE

we checked the password and user again and both of them are correct

You're allowed to change passwords 😉

They are also dynamically generated, each restart, they change @digital turtle

i told my friend to check that and he told me it didnt change

The passwords change each time the machine deploys

Not a bug

ok, i thought he did wrong too but i wasnt sure about it

thanks for ur help @spiral flame

Since the Blaster room is broken; why not remove the question which asks about what it is vulnerable to and just directly put it there?

Cc @rugged ermine 🙂

What specifically is broken about it?

Not really helpful to me to just say that it's broken without specifically stating what isnt working

I'd assume the browser history is what they're talking about?

I'd assume the browser history is what they're talking about?
@spiral flame i guess yus tho

??

yeah i think they are saying about that browser history in that retro room

or blaster room?

firefox, ConvertMyVideo, picture doesn't load

https://tryhackme-images.s3.amazonaws.com/room-icons/cbe93621ee926a7dd9e2d56eca3922cc.png access denied

!

"Alternate text Hacking Reminder"

There are question that request for a specific flag, for example nc (-l listen mode, -v verbose). Well, i have seem in some answer box even if the flag is wrong (example it needs double "--" and i just type one "-"(--help) the answers is still correct. Some times I entered deliberately wrong -dbs in sqlmap syntaxis and took the answer as correct, i have more examples but if you type a wrong flag and says is correct, thats is not ok, i have also lost time figured out what was the mistake until i realized.

there is a little bit of lenience on answers which i assume the --/- will get caught in, but if there are specific rooms/tasks with completely wrong flags i suggest you add them to that ^

@green hare yeah we’ve requested answer control but for right now that’s just how the regex handles it

@green hare yeah we’ve requested answer control but for right now that’s just how the regex handles it
@cinder crow
there is a little bit of lenience on answers which i assume the --/- will get caught in, but if there are specific rooms/tasks with completely wrong flags i suggest you add them to that ^
@mild breach I just wanted to let you know, thats all :D. Good job, I enjoy the plataform

there is a little bit of lenience on answers which i assume the --/- will get caught in, but if there are specific rooms/tasks with completely wrong flags i suggest you add them to that ^
@mild breach Not the complete flag only the -/-- when the -- is mandatory, just that. Let search for the room i found thtar recently

Hi! I'm trying to post a writeup for dogcat from my account. Unfortunately after setting a name and a URL, I can't submit it because it says the URL is not valid.
Here is the link to my website to the dogcat writeup: https://writeups.noxtal.com/#/posts/2020-07-03-tryhackme-dogcat
What do I need to change to make it valid?

I expect it's complaining about the # as that usually is used for a URL fragment

The usual solution is to URL encode the offending characters

Oh ok, thanks! I’ll try that out! 🙂

Basic Pentesting Room - writeups have a duplicate that link to the same one

Sorted 👍

The write ups listed for https://tryhackme.com/room/ccpentesting are no the right ones

@green hare ??

Yeah

But if you read it they dont really talk about that room

They talk about the last part

This write up documents the “final exam” machine that is presented as the last task in the room.

Greeting again, welcome to another short THM CTF write-up. Today, we are going to go through the final task of the pentest crash course. This room created by our lovely para. As for other tasks, you have to read the manual page. Without further ado, let’s get started

They only cover the last task, that's a part of the room

Ok, Now i realized this was the room about the -/--flags that confuse me

Sorry, my bad

The usual solution is to URL encode the offending characters
@spiral flame I have URL encoded the link and everything worked fine, thanks for that
Only problem now is that the URL encoded link is not working 😅

Use a standards complaint URL then

Wdym?

You're using a # in a way that it isn't meant to be used

It is used by how my website is working.. I know it seems wrong but the CMS library I use does that

https://www.urlencoder.io/learn/ it's a reserved character

https://en.wikipedia.org/wiki/URI_fragment

Yeah

But my CMS uses the URI fragement to know the post to render

THM is validating against the standard. Your URL happens to violate that standard. You're in undefined behaviour and it happens to work

No

It's not using it as a fragment

Oh

I was sure it was

Sorry

google.com#fragment is different to google.com/#/page

Oh, I see

Thanks

I'll need to find out a way to change that, I'll need to reverse engineer my CMS library XD

Thanks for your support and sorry for not knowing much

You can also use a URL shortener

Oh yeah, thanks

Probably not much of a bug, but I think the search feature should check for an exact match first, for instance when I type "ra" (the new box) into the Hactivities search it's on page 10 (without filter compete on).

My Learn Linux room is kind of messed up, I have completed it. But now it offers me to join the room, and when I do, the error message shows up. In the overview "My Rooms" it's not marked as completed with the little green marker.

My Learn Linux room is kind of messed up, I have completed it. But now it offers me to join the room, and when I do, the error message shows up. In the overview "My Rooms" it's not marked as completed with the little green marker.
@covert kernel Whats your THM username?

@frosty cape 0xUnicorn

@frosty cape 0xUnicorn
@covert kernel Fixed, I will look into why that bug occured later tomorrow.

Thank you @frosty cape

in the SSRF room, under task 3, there's a URL in the description that has one 0 too many (http://127.0.0.0.1:3306)

I could have sworn I asked him to change that

Fixed

there might be another typo in the solutions task with the content lengths

?

Is it doing anything at all?

Anything in your browser console?

Is the button greyed out/disabled?

Check your console.

Try a refresh as well

@cinder crow task 4, post exploit ``4.) Transfer the loot.zip folder to your Attacker Machine

note: you can use scp to transfer the file if your using ssh`` You're

I get scared every time I get tagged in bugs

@spiral flame fixed

I'll try not to tag you for nasty ones

blaster ||browser history|| not available anymore

It's solvable without it. But it's not there. Also the file is not in recycle bin.

that’s known dark just hasn’t fixed it yet

okay cool

the amount of time i spent trying to get browser history to work...

Room: Web Scanning - Task 3 - Q8: "Featured in various rooms on TryHackMe, Cross-Site Scripting is a vicious attack that is becoming ever more common on the open web. What Alert does ZAP produce to let us know that this site is vulnerable to XSS? Note, there are often a couple warnings produced for this, look for one more so directly related to the web client."

ZAP does not give any alert on XSS, and therefore not giving us the answer "||Web Browser XSS Protection Not Enabled||"
Room created by @rugged ermine

Investigating Windows:
#10: At what date did the compromise take place?
Answer format: MM/DD/YY

this should be: MM/DD/YYYY

Private King of the hill games, when spectating using spectate link, sometimes leak the IP.

that is weird, i made several private games and tried to get the private IP but didn't succeed so I assumed this was secured 🤔

@covert kernel Maybe reduce the 1930-1940s germany references first

omfg

@orchid remnant @spiral flame

Fixed, but to reiterate that, that's enough of the Nazi stuff, and please don't give James attitude. That's the last warning 🙂

Please keep comments useful and on topic in this channel @vale nest

just curios about what is going on

runcescape' room is private

That was the docker one what happened?

It was broken

i havent finish the offensive pentesting path but it shows its 100%

any idea about it?

According to "My Rooms", I'm in the "Kali Machine" room twice.. And it's not completed.

Which is incorrect... It's completed..

And under "Hackactivities", it is set as completed as well

According to "My Rooms", I'm in the "Kali Machine" room twice.. And it's not completed.
@fluid canopy Fixed, also you should always be using the "My Machine" page: https://tryhackme.com/my-machine

@frosty cape I'm actually always using my own kali VM.. Never using the in browser machine.. I have no idea why I was in the room twice, since I haven't been there since I started at THM 7 days ago 🤷‍♂️ but thanks mate!

No worries:)

Hi... I am in task3 and flag11 but didnt find it.. I still dint understand THM... how who is new to linux will find this if no details about this one..

im sorry I dont understand your bug could you give the room name, task, and question as well as a screenshot of what you think is a bug

im sorry I dont understand your bug could you give the room name, task, and question as well as a screenshot of what you think is a bug
@cinder crow Is this for me ?

The help panel links currently do nothing

https://tryhackme.com/room/cryptochallenges this room is very broken

Doesn't accept correct answers

@frosty cape This one's yours

Doesn't accept correct answers
@spiral flame Which tasks don't?

Single byte xor for one

It works fine

It's also heavily downvoted

Just tried it.

I mean I have the answer

Straight from cyberchef

And it's not accepting it

Yep

The decode gives you an apostraphe

should HackPark take 20 minutes to boot up?

I'm unable to access the web server, web page times out

It should not.

Are you connected to the THM network through OpenVPN?

yup, green checks on both server status on connected

Do you have 2 VPN connections running?

!multivpn

looks like i've only got one instance

Whats the IP of the machine

let me take a look

10.10.228.105

Weird Please try terminating and re-deploying.

Not sure why its borked.