#room-ideas

lmao that's gonna be a difficult one

Hey Guys,

I on my last exercise for the Complete Beginner Path. I completed the Scripting Room but was not able to code the last 2 questions in it. I watched the blogs online and then completed the exercise.

So can we have some more rooms related to coding ?

What kind of coding? @oak finch

What kind of coding? @oak finch
@tropic cave I would imagine he's talking about general coding concepts. Not sure if a room could ever be expansive enough to cover all of the intricacies of writing code.

@oak finch
This page includes a link to a 4-hour (ad-free) YouTube video on Python 3 (Python 2 is being deprecated). https://www.freecodecamp.org/news/best-python-tutorial/

I wasn't sure if it was general coding or bash or python or whatever. But yeah what bit1 said here is pretty good. Python is a good place to start learning to code

Especially, cause a lot of code written for security people, by security people, is in Python.

There's an intro to python room already

2 even

Do they cover Py3?

Exclusively

Sweet.

Gonna have to check them out.

noone uses Py2 anymore

Nor should they.

No one should

Doesn't mean no one does

BoF still uses a lot of python2

that's because it's vulnerable maybe 😛

It's due to the byte strings

Would be nice to get more AD rooms

I'll tell you what, I'll finish up the AD Section of my "Looting Windows" room tonight

😄

I really should make a box

I was actually gonna stand up an AD lab at home

just to learn

i know like nothing on windows

y’all are going to end up being sick of ad content in about a month

Thank you @karmic raven -- really need Windows stuff right now 😆

I’ve been just grinding out all the ad content

Lovely. I understand that AD isn't actually in OSCP, but it all helps

Lovely. I understand that AD isn't actually in OSCP, but it all helps
@native raptor It is real life though 😉

Indeed. Just focussed on the OSCP now 😆

AD appears to be the future though

hi guys I want to level up at CTFs what should I do ?

This is a better question for #general chat. But in short, practicing CTF's is the best way to get better at them. 🙂

@tight night sorry I didn't know bro

It's ok. 🙂

hello

@rotund tapir If you wanna chat go to >> #general

TNX BRO

A C# room maybe? With a focus on the “hacking” application of it

Honestly, that would be too much of tiresome work.

😂😂 Fair enough

Although there can be a room with a custom C# application and in order to exploit it, you have to know the C#.

#room-ideas we need a music boat pleas

#544951750801752079, this is for thm room requests

#room-ideas we need a music boat pleas
@solemn canyon A... what?

a music bot ..... like groov bot

Ah. A bot

what did you think, Muri? 😆

a boat lol

Indeed 😁

plz no

Oh yes

Nope 😁

Is there a room on the Firefox/chrome dev tools?

HTTP fundamentals covers them but not extensively

What about a room that we can learn SQL?

learn SQL or SQLi? @glacial acorn

Flask Room

AWS Attack Room

SQL @sleek elbow

So that we can get a good understanding and exploiting it will be easier

(Remember this is a hacking platform -- not a programming platform)

I don’t really think a room just on SQL will help with anything in particular except understanding sqli what do you want to gain from learning sql

I wish I knew more about SQL tbh

What about sql and sqli?

There are some really good resources for it online

Very different things

SQLi can be covered well enough

SQL is more Dev side

maybe a bit of how a sql database looks inside of a sqli room but I don’t think there should be a whole room on It

Lets let the community devide on that one?

our opinions dont necessarily voice the majority of the platform

@outer jewel I’ve thought about doing an attacking the cloud/ attacking azure and aws room but those environments are just not practical for tryhackme

and I dont think the "TryHackMe isn't a programming platform" argument isnt a valid one because we literally have Intro to Python and Intermediate Python requested

but those make sense because python can be used a lot more for ethical hacking sql by itself has no use for ethical hacking

^^
Scripting is an inherent skill for hacking. I do agree that SQL is a really useful language to know, but it's not like being able to automate attacks, wouldn't you agree?

Happy to have that opinion changed, for the record

Just becomes a really fine line between what we're focussing on for dev work

Which, in the end, is up to the admins 🤷‍♂️

🤷‍♂️

I just make what I’m told

you need to understand how something works before you can really understand how to attack it, 'OR 1=1 will only get you so far. I'll be the first to say it, I have no clue what UNION SELECT even means or does or how its relevant to SQLi

obviously its SQL commands but I have no clue what they do

I only learnt that recently -- I do agree with you there. Wouldn't have had a clue before that

But the stuff we need for hacking can all be easily learnt from w3, or just otherwise by searching it up

Same as if we're looking at code for vulnerabilities

Anything we don't know is Googleable

Which is why I think it should be a part of it along with the sqli so you can understand exactly how your exploiting sql

You don't need to be able to write it to understand it

But yeah, introducing the commands as you go along does seem like a really nice idea

thats why I think supporting material should be included in an SQLi room

Focussing on SQLi, but also covering the background that's required

its one thing if someone tells you to do it, its another to explain what its actually doinf

I am pretty sure there's something in the works for that actually

Oh, 100%
A tutorial that doesn't explain how something works is a crap tutorial

Who knows there’s a lot of content being made now

iirc a SQLi room has been pitched to multiple room authors and no one has really been looking forward to doing it

True...

Fairly sure Chev had been assigned it months ago

I've got four boxes on the go, then PWK to get on with

I don’t think anyone likes sqli they just deal with it

If there's nothing done once that lot is done, I'll do it myself

^^

hello

can someone of the utmost experience in ethical hacking message me

....

lol or someone who would like to be hired for a job?

idk where to post this LMFAO

.....

im probably in the wrong area im sorry

@scenic badge Rules 3 and 9

oh shoooot

what are they

hit me with em

#rules

Read the rules.

right its not illegal its a pentest

Rule 3

self promotion??

im sorry lol im missing something

You're advertising for a job

That counts.

Please stop. Official warning.

ahhh it says dont turn it into advertising

Don't argue over this.

oh no sorry im not aruging

im saying i can see what the rules say

i didnt read the end of the rule 3

hmmmmmmmm

do you know where i could post a job????

ill just look online sorry for the distrubtion!!

Probably not in this server.

#cyber-and-careers would be the best place in here 🙂

Craigslist

lmao

looking for EXP HACKERS in local area

lmfao

Although chances are you'd be better asking elsewhere

Ad agencies in your local area, for example

awesome makes sense sorry for the confusion! didnt want to disrupt anything!

Has anyone started or already created a room on the socket module for python?

That again seems like something that might be best Googled

Be a bit difficult making a room entirely about the socket module

True

I do have some ideas about using the module to get a flag. Could be a challenge room

If no one has anything like that made or planned, I could make it a challenge walk-through

@tacit anvil More of a heads up, if you're making one then I think if you can do a certain number of programming challenges that involves network interaction then it'd be quite good.

Alright, I'll definitely involve some network stuff into it

Maybe one anime related box. Cause from the discord dps I can see people watch anime here. :-3

nah, we don't

Powerplant based box.

Anyone considered an Ansible box yet?

Might be better once we get networks soon ™

Though maybe you can use Docker Containers to simulate additional workstations that you're automating??

I have antman right now

Tinkering with it.

Sick

I saw network chuck do a vid on it and thought itd make a good room

I have it for Raspberry Pi too and it's a bit different and limited. I'm hosting it in a VM as well to try some of the more heavy stuff. Issue is I cant get KVM's to load, despite hypervisor being turned on naturally.

I think the cost is incredibly high for their hardware and software.

I thought Ansible was free

@tight night

I'm thinking something slightly different.

Antsle.

Havent heard of it

DLL exploits

Windows DLL and more reverse engineering stuff.

In the pipeline. I believe 🙂

is there a suitable place here for me to ask questions about a room I am creating, I don't want to spend a lot of time building something to find out it can't be licenced, I know windows is ok because blue, but what about MS SQL Server - can I install Dev edition to my challenge ova and upload it?

If there's a community license available or free edition or it's open source it's fine I assume

You can ask in #general though

cheers

don't know if this is a question for here. but i've made a machine with vagrant, and everytime i try exporting from virtualbox it's not keeping all my files on the box. am i missing something?

@sudden garnet this channel is for requesting content in thm really

ah sorry

Manual IDOR?

Excuse me
I want to upload a new room but I have a few questions before

With who I can talk ?

Have a read through of these here: https://docs.tryhackme.com/docs/room-creation/room-creation-getting-started/

Though in future, this would be best for #general. The topic of this channel is for requesting rooms you'd like to see on THM itself (:

Oh
Sorry lol

👍

Gimmie a ping in #general if that doesn't clear things up!

More Rooms like boxes like hackthebox have like brainfuck box maybe in OSCP path

Why would you have a brainfuck box in the OSCP path? The OSCP doesn't include anything on that language at all. Also the Offensive Pentesting Path covers OSCP topics quite well

Also, they aren't aiming to copy HTB so I doubt they'd try to make HTB esque boxes

Why would you have a brainfuck box in the OSCP path? The OSCP doesn't include anything on that language at all. Also the Offensive Pentesting Path covers OSCP topics quite well
Just for the record, I believe they were talking about the HTB box of the same name, commonly included on the OSCP like boxes lists.

That HTB list made by TJ Null really seems like they just wanted to shotgun blast a bunch of machines onto it. I've asked people about that specific one being on that list, and the 100% consensus is that it doesn't belong there.

Brainfuck isn’t oscp like period

That Box is entirely ctf

OSCP is a CTF

that is true

You have upset the offsec gods

A room on writing a good pentest report? Bonus: have them create a writeup

If you think I am sitting marking reports and sending out flags manually, you have another thing coming...

Another thing coming... adding rotating flags manually?

Rooms on HOW ROOMS ARE MADE, Showing the backend stuff

@lethal marsh we have the docs for that

And darkstar has a talk

Ohh

Can i getbthe link?

To?

Darkstar's talk

https://blog.tryhackme.com/making-the-mountain/

Can't find the video rn

Ill search. Thanks for this! 😃😃

https://docs.tryhackme.com

I have the video linked on my website @somber crow @lethal marsh https://www.darkstar7471.com/resources.html

@rocky gazelle Thanks man! :)

Look for the SECARMY talk, I have it linked just before my talk starts (albeit you'll want to pull up the slide as well as it's a little glitchy)

Okay!

Room request:
I'd like to see a room dedicated to topics and tools involved in digital forensics, if possible.

I have content like file carving and use digital forensics tools like that in the works, there is a volatility room already if you want to get to grips with memory forensics

is there anything you'd like to see in particular? (:

I could also go over FTK but that's quite a pricy tool that I doubt many have access to

Imager does a lot and is free, but full FTK is super expensive

claps

Covering imager would be fine, that's my point

is there anything you'd like to see in particular? (:

I'm a complete noob when it comes to digital forensics. So ideally, a lot of concepts and introduction to tooling, with a gradual increase to higher proficiency.

I hope that doesn't sound too demanding. I appreciate our content creators!

is there a room about virtual hosting and how to attack it?

Yes it's called Don't.

Because it's illegal lol

Im thinking of the wrong thing.

What are you thinking of

Its where you can find the secret login page like admin.htb

Secret login page?

You mean virtual hosts

yes

Ahhhh

Yeah those would be found with directory busting I think right JB?

You can do it with wfuzz I don’t think it needs a whole room

Wfuzz -H “Host: FUZZ.thm” ...

thanks

Np if you need more info look into subdomain brute forcing with wfuzz. I think ippsec has some videos on it

A Room where the basics of C/C++ is explained

A Room on How To Create Your First GUI Application using python or C it doesn't matter

@meager portal we're trying to avoid becoming a programming platform

@somber crow i see i see , now i can better gather my ideas

@somber crow false

@rocky gazelle I mean, it's been brought up before

Programming is an integral part of hacking and I'm pushing it on the platform

Thanks dark ❤️

A room more dedicated to Wireshark / reading out traffic?

More Python Stuff but on the intermediate side.

There's already a whole room dedicated to Python though. And it's fairly recent

What concepts would you like to see?

A room on the new SMBGhost exploit ( win10 )

There is already one in the works. Waiting for it to become part of msf @tacit anvil

There's already a whole room dedicated to Python though. And it's fairly recent
@tropic cave More pwntools usage. Tho, im just a beginner in python. More like a room explaining different ways python can be used in ctfs. Image Manipulation, RSA Decryption, etc.

You know you can do that with basically every programming language right?

And pwntools is just Par's room (cod caper) the python room is seperate

i've the python room by optional

it was really good

done**

@tacit anvil it may not be exactly what you're looking for but I'm making a room using python for networking/web stuff

I can give you some resources on image manipulation and cryptography in python

do any of you guys here thinking of bringing a room that contains idor?

There's a walkthrough on it waiting to be released

https://tenor.com/view/noice-brooklyn99-b99-jake-peralta-nice-gif-15085910

I can give you some resources on image manipulation and cryptography in python
@tacit anvil That would be amazing

@tacit anvil it may not be exactly what you're looking for but I'm making a room using python for networking/web stuff
@tacit anvil i'll be waiting

@tropic cave More pwntools usage. Tho, im just a beginner in python. More like a room explaining different ways python can be used in ctfs. Image Manipulation, RSA Decryption, etc.
@tacit anvil

Pwntools has it's own detailed documentation.

I can understand the conflict with a new person to python and pwntools. I could add it to my list to make a more beginner oriented guide to it

@tacit anvil

Pwntools has it's own detailed documentation.
@final sun I'm really newb, and it's really hard for me to understand that tbh.

I can understand the conflict with a new person to python and pwntools. I could add it to my list to make a more beginner oriented guide to it
@tacit anvil Yeah, That would be really helpful.

@final sun I'm really newb, and it's really hard for me to understand that tbh.
@tacit anvil Just ask me whenever you feel stucked, I'll be happy to help.

Alright mate. Thanks.

Programming based rooms in addition to the existing Python room. C++, C#, Go etc
@outer jewel i will be making one for golang :3

Btw can we have a room teaching how to create boxes? And how its integrated with THM because i think it will surely increase the content on THM

@rocky gazelle could surely pull up some great content ^^

https://docs.tryhackme.com/docs/room-creation/room-creation-getting-started

Oh that's great I'll check it out, thanks

I should probably make a room about it tbh

Room on creating and using basic Docker containers.

i wouldn't mind going through that

are you looking at also using certain docker containers too @tight night ?

I'll be completely honest in that I have no idea how to use them in general and think it would be something worth learning if I had the right environment to do that in.

let me see what i can put together

Docker is absolutely beautiful.

Docker is absolutely beautiful.
@native raptor especially docker compose

Being a Raspberry Pi guy I should probably know how to use it.

¯_(ツ)_/¯

im really down for a room about room creation 👀

What about some SDR stuff? I played with someone's YS1 at Defcon a few years back and that was a blast.

i really can't stress out how much a room showing how to make the machines is needed finally ❤️

A guide to designing good rooms with a standard in place would be great.

Room creation room was suggested

Delightful!

Maybe a room on shimming

why would we make a room on a credit card scam?

not that

https://en.wikipedia.org/wiki/Shim_(computing)

Idk I thought I had a good idea

For once

Credit card scamming it called skimming

So where should I go to learn to make rooms? I have a silly idea but I'm not sure how to make it work...

As it stands @cedar echo this is the best resource as it goes https://docs.tryhackme.com/docs/room-creation/room-creation-getting-started/

I'll take a gander

however, I believe a more formal process is in the works (if someone picks it up hehe)

If there's any questions, feel free to PM me (full disclosure: as a creator & tester)

Ok

How does the difficulty of a room get judged?

the creator sets it

And the reviewer will comment on it if it's wrong

However the docs set out a guideline for walkthroughs

^

room testers follow all of that + a few things when testing

First I'll have to get virtualbox working on the PC :)

hyperV

be a badass

yesss ^

Hard to export those

nah i hate hyperv

I will fight Hyper v -> vmware any day

vmware > hyperv

sudo vmware > hyperv

LMAO

Hyper V is fine, it's just a little greedy

Chev

I won't fight you on much

but this would be it

you go do you and keep your opinion being singled out

LMAOOOOOO

ssrf

there’s a room on that

called zth web vulns

@languid ibex that room doesn’t have ssrf. You could be thinking of SSTI

There is, however, an SSRF room approved and waiting for release

@native raptor I sent you a dm

@meager portal I noticed. Again, please keep an eye on the #rules channel

is there a room for breaking-out of a docker containers

There is one that requires it that I know of.

could you tell me one that is

sorry i ve just been looking for oneof them for a while

dog cat has a docker breakout if I remember correctly

ok thanks for the help

have a good day

Yea sorry I couldn't remember off the top of my head.

Hey guys

I need some help! Anyone who has developed any room before and can chat?

You might get better results by asking in #general. That said most people are inactive right now 🤷

Okay, thanks

So I'm considering make a room that caters to GitHub - given it's a service we all use and is fairly vital in the hacking community I figure the room will help beginners to the pentesting community. The room will cover the general understanding of Github including it's uses and how to use it. I was wondering on what you all thought of the idea whether it's something you think would be worth having on the site? If you could respond with an up or down vote dependant on the figures will help me to decide if it's a good enough idea.

Its not a bad idea but to me its not something that is needed as there are plenty of already existing content on GitHub and how to use it as well as its somewhat intuitive to use

other than the two boxes (i think ) that are out... any Pivoting type boxes in the works? maybe even larger scale to cater quasi to KOTH?

I'm working on a pivot box yes

👀

I've got one planned too

There will be a lot more when THM networks are out though

@karmic raven in that case, the Burp room was unnecessary because of Portswigger Academy.

no?

@grand tiger it's a learning environment, remember. Community spirit aside, that's what it is

Room on manual recon and enumeration? Especially good to know so the boxes don't get doxxed by a countless amount of bruteforcers

And just a general thing that was mentioned before: an update to the custom wordlist room

You don't share boxes.

I know. Still good to learn for bounties and other platforms

theres already plenty of rooms covering more manual tools for recon and enum such as enum4linux, linenum, smbmap, smbclient etc

Those are automated scanners

yes I know that’s why I said more manual and not manual however you’re not going to get very far really doing manual enum trust me it sucks if he’s worried about doxxing those tools won’t do much when it come to doxxing problems

True

Doxxing isn't the right word

My point here is really that there's times when automated tools are out of scope, so some knowledge in in manual testing can be useful. I have a few ideas for manual stuff that I can start working on soon

Room about wannacry or maybe ransomwares in general

CMNatic has it coming up in his malware series I believe am I correct @lunar plank ?

https://i.imgur.com/ZklNr1i.png heres the outline for the series wannacry is a little later @past wren

We need more malware stuff,they are great

Yesss correct @karmic raven thanks for sharing the path/route (: mucho appreciated. Room coming soon! @past wren

Need that now

More rooms on web app testing pls that will help us in bugbountys

I think there are some in the making

Would it be possible to get a room for the autorize tool within burpsuite?

Would be great to see priv-esc within autorize

burpsuite is such a big tool that covering everything and all the possible uses for it isnt possible the new burp room covers everything you need to know to get up and running with burp I think that would be better off researched on your own

gotcha, thanks @karmic raven

@limpid locust wrong chat

mb

More stuff on wireless pen test?

Hey, is the Linux challenges box being removed from free section?

@eternal pelican what free section? Probably wrong channel?

can I dm? @somber crow

@eternal pelican no.

here this Linux Challenges is asking for subscription

It's been asked for many times

how can i complete this graph isn't there any alternative?@somber crow

You can't.

@dense finch you mind?

No you have to take the subscription

More stuff on wireshark and .pcap file reading?

i would like a lot more free reversing and binary exploitation challenges
i don't want to be stuck a script kiddie

A room on making oneself Anonymous.. clearing logs post exploitation, scanning a target with nmap in stealth mode.. using proxies, decoy or zombies

so the big thing is you can't really be "stealthy" with nmap.
Its super loud and noisy, and its footprint is way too noticable. You'll want a homebrew port scanner. If logging is deployed & deception technologies are in use and you try to scan a whole address range and hit a fake box, you're instantly known.

and thats from first hand experience.

What mean u by deception technologies

Honeypots and such

Free binary exploitation walkthroughs would be cool. ROP4noobs would be very helpful.

More binexp coming soon

🙂

a room with the famous http -> redis SSRF? I would really love that ❤️

a room about covering your tracks when pen testing, etc.

not getting caught or traced

proxies, etc. etc.

already requested
https://discordapp.com/channels/521382216299839518/641573666353709085/701247768404164698

oh

is there like a release date for this sort of stuff?

When someone decides to make it

Or Skidy/Ashu decide to commission a creator to make it

these are just ideas for boxes that:

• community members can make a box of
• maybe they'll be picked up by admins and commissioned to a creator

ahh

what about creating/submitting rooms?

I'll see what I can integrate into my next box

thanks ig

You can create/submit rooms if you want

but they need to be confirmed by admin ofc

https://docs.tryhackme.com/docs/room-creation/room-creation-getting-started

Approved by a room tester

ah i see

ill try to find a topic im knowledgeable about in room-submissions

or just make a hashcat/johntheripper/hydra tutorial or guide

Long as it's actually a good, high quality one and not copy/paste from the docs

lmao it won't be

chrome dev tools room

Firefox comes with kali tho

python pwntools walkthrough room please

a room on how to be anonymous!!

@minor maple what do you mean?

This has been suggested multiple times over the last few days though

It is already in the room submission queue, as pointed by our local orange cat

a bug bounty hunter path !!

ehh, i believe the content on THM (and the internet) is good enough to teach someone about pentesting, and then that knowledge could be applied ro bug bounty

seems like it would be redundant, long story short

"bug bounty" is just a fad name for web app pentesting, except the triagers tell you your submissions aren't findings (which they really are findings generally).

Plenty of web app on the platform already.

Sa

chrome dev tools room
@tacit anvil @somber crow yeet thanks for submitting

Any django base vuln room are there....

@little olive yes

intense room on exploiting without the use of tools like metasploit. sort of like blaster but more in depth

nodemcu esp8266 room, how to load packages and make stuff in arduino

More exploitation without metasploit is already submitted, quite important due to OSCP restrictions

Would there be any interest in a "How webapps work?" Room?

Yep, I sure would be interested in that room

nodemcu esp8266 room, how to load packages and make stuff in arduino
@somber crow what do you think about this?

I also really can't believe we dont have an SQL injection room

@languid ibex is making a sqli room if I remember correctly 🤔

It's being reviewed at the moment

Personally, they're cool but a little out of scope for cybersec? @tacit anvil

@languid ibex is making a sqli room if I remember correctly 🤔
@lament star thanks!

yeah, it is under the last review rn

so should be ready very very soon

A room on nosql injection would be cool 😎

I can give early access once it's approved 😳

nosql would be nice as well

Personally, they're cool but a little out of scope for cybersec? @tacit anvil
@somber crow yeah but i there are some really powerful things you can do with it. it is a bit out of scope for thm in general as it would be hard simulating that irl

would be cool if we can hack wifi

You can't simulate it on THM

through your openvpn

There's a wifi hacking room

But you need to do that locally

maybe you can automate a way to deploy wifi networks the same way for vms

though that would mess up the ovpn stuff

Just as an FYI, I don't represent tryhackme

Other than for discord moderation

well yes but i cant exactly talk directly to dark or ben lol

Skidy/Ashu would be the people

ah, thanks

I could maybe look at that when I'm free. I saw a wifi card sim a while ago which could be used to simulate APs

theres a script on github that you can load into a nodemcu to create a virtual wifi to mess around with the wifi cards and stuff

not everyone owns a nodemcu

Ooh, when you do send me a link too @golden mountain

the point is to have everything you need on a thm VM

theyre really cheap

yeah youre right

that would kind of ruin the entire slogan i guess

https://github.com/torvalds/linux/blob/master/drivers/net/wireless/mac80211_hwsim.c -- this one?

I think that's the one

Hmm, yeah, I'll take a look at it tomorrow, thanks

I'm interested, would you be able to use monitor mode etc and have a virtual wlan?

🤔

not sure, i'll need to research that

If so, that makes this idea really feasible

from finding mon in code it looks like it might be possible, i'll get a vm and test that

Spicy

if this works then this opens up a whole new area of things to do

wireless pivoting maybe

If so, that makes this idea really feasible
@somber crow i get credit kthxbye

dev it yourself if you want it to happen

excuse me but i came up with the idea <:(

dear god just thinking about setting up wireless pivoting gives me a headache

lmao yes

fair point though

im making johnthecat rn

👀

It’s a cool idea but it would take a lot of dev time

leaked room code?

lol theres only 1 task

joined it for a split second

i will find you szy

the code is now the sha-512bit hash of a text

that’s evil now I can’t sneak into your room in the middle of the night

I’m in a lot of oddball rooms that have yet to be released

As a tester, I'm in more

how can i be a room tester?

Get selected

bruh

I feel that there aren't a lot of rooms running NoSQL dbs

also, how bloody evil are we allowed to be?

as evil as your little heart desires

just know that your standing in the community falls the more evil you are

so forcing someone to nmap without nmap is too evil?

............

i mean

yes....

That’s not evil enough

I just storyboarded a path I'd like to try to implement, but I feel like it'll be too easy to run into dead-ends

I also have to learn to willfully code vulnerabilities and I feel like that'll be hard...

and also block vulnerabilities where there shouldn't be any

do a room with a challenge about reroute the md5 to oc3

Could you provide a little more detail?

MD5 is a hashing algorithm.
OC3, you've said, is related to fiber networking.
I'm struggling to see what you're asking for here, and how the two relate.
@sharp bough

wait

i think i am wrong

it have no possibility to do in a room

Or in real life. They're very seperate things.

yeah

in real life

You can tap fibers, but MD5 hashes aren't usually sent over a network.

oh i see

Room on indepth buffer overflow with gdb and gdb peda

It's coming soon 🙂

So excited!!!

Should be a blast

A room about git?

not a room but if you wanna learn before a room is maybe created: https://learngitbranching.js.org/

a room about major exploits such as mirai, heartbleed (i know, really old) and so on.

There was a heartbleed one

also, we should have android vms that are hosted via noxplayer. i really want to know what hacking an android would look like, as its a phone

Mirai was a botnet that used a collection of exploits

yeah i know

AWS can run android natively, but it's just linux

we should look at how its structured

awesome

also a room about botnets

I suspect @lunar plank's malware series might cover that at some stage?

oh thats good. i hope he has tuts on rats and social engineering in there

what about android hacking?

CMNs series is on malware analysis so I don’t believe that there will be any content on social engineering and if there is any content on rats it would be about looking at the insides of a rat not how to use them as far as android hacking there is already a room on it and as James said aws can run android natively it’s just finding the right creator willing to make the room @tacit anvil

thats a mouthfull lol, thanks

ah, understandable, and id like to see how theyre structured

is the series out/partly out?

it’s partly out and he has a map to show the plans let me find it

https://m.imgur.com/ZklNr1i

that looks awesome

after i finish my current rooms, primer path, beginner path and a few network stuff ill do his series

plus i need to finish my own room

Dropdown arrow on the right

Best place for #general in the future please (:

thanks @lunar plank

anytime!

how much time takes room to get evaluated ?

@ruby zephyr have you got one in the queue?

yeah

i submitted just now

Depends on how busy the queue is usually. How big a room is it?

2 tasks
2 windows VM's

one for testing exploit
another for flag

no problem i wait
just asking

The writeup you linked is for a CTF that already took place -- do you have permission to be using the material in the room? 🙂

i am the author of that challenge

in CTF

Fair enough.

🙂

oh i remember doing that one. it was fun

Thanks for sharing that @karmic raven sorry I missed the q's about it (:

wb a capstone room thats really hard and makes you feel like a pro after finishing it?

......

we have plenty of hard challenges

networks will be similar to this idea however

You just want more hard content?

wb a capstone room thats really hard and makes you feel like a pro after finishing it?
@tacit anvil capstone? It's more useful for making a project, not a room. Only if you meant capstone the disassembler.

Can we have a room where we blow up a centrifuge? K, thanks, bye.

Stuxnet 👀

creating fake APs.

airbase ezpz

I don’t know how we could actually make a high quality room with that other than here you go wow now you have a fake AP gathering intel, recon, etc would be all hard to simulate in a room

room on how authentication tokens work

@tacit anvil specifically?

JWT is covered in a room already.
What are you actually asking for?

https://auth0.com/docs/tokens/concepts/access-tokens

this

how they can be exploited, stolen, etc.

So you want session tokens basically

https://tryhackme.com/room/authenticate oop

nevermind theres a room on it

Look first

ninja, do you want to re-do the wifi hacking room now?

@somber crow how tf am i supposed to know what the rooms are named

Common sense

Learn to use the search feature

It's really good

@tacit anvil there's /hacktivities that filters through names, tags and description

Try a couple keywords

Ezpz

Ezpz

hello. is anyone here?

Just type the room that you would lke to request.. (kindly)

i looking for something with smtp

and should be great with message submission agent

and postfix server

V8 exploitation room

SherlockHolmes Room?

As in Sherlock the tool or a Sherlock Holmes themed room

As in Sherlock the tool or a Sherlock Holmes themed room
@karmic raven Sherlock Holmes theme of course

Sherlock holmes is probably public domain now

How is that, didn't understand sorry

Copyright stuff

Basically means it's probably OK to make a room themed around it

Well you're not making it based on the TV show so I think yeah that might be Ok

And Mr Robot isn't copyrighted?

@sinful pier Wasn't made by THM, no one is making money

I'm not saying you can't use characters etc

I'm just saying it's easiest to go Public Domain

Interesting, it's money based then?

Not a copyright lawyer

sure sure

https://fairuse.stanford.edu/overview/public-domain/welcome/

wait

the room i'm making at the moment, i have a theme based on a disney show

do i need to change it ? 👀

Copyright law is messy

I dunno what applies, ex. Bighead is a direct rip from Silicon Valley on HTB

Importantly, public domain is clear cut allowed

Honestly, as long as Disney fanfiction exists, I think you're fine @sudden garnet

@sinful pier i don't even wanna read some of the disney fanfiction out there 😅

That implies you do wanna read the rest. No judgement here

@sinful pier maybe you can come up with some when you try my next room, hopefully a little harder for you haha

guys... aloha.. any room to learn BoF on THM?

have you used the search feature?

This channel is for requesting rooms to be made

Not recommending rooms for you

yes... but I havent found basic of BoF

reason why I asked here

There are buffer overflow rooms

That are walkthroughs.

I just wanted to know if there's any room for basics of BoF already on THM

You would have seen these in your search

yes

thats all

There are

Use the search feature.

the one I found I never got them as basics.

but thank you any way

I appreciate it

https://tryhackme.com/room/bof1 That's a good bet @tame plaza 🙂

https://tryhackme.com/room/bof1 That's a good bet @tame plaza 🙂
@native raptor God Bless you... I really appreciate your help.

Np 🙂

tbh, the search feature is kind of hidden. I didn't know it existed until I checked this discord

I don't think of "hacktivities" as teh place to go looking for rooms

Where do you go?

Do room creator need to add flag himself?

Ya huh

Most use the THM{} formatting but it’s creators choice

Just as long as it’s consistent (:

Ah alright 😁

Hi . is there any room related to maltego

room on osint tools like pipl, whitepages, etc. other than maltego

Sherlock!

the thing is its hard to make good content on it we try to not only show you how to use the tool but also the knowledge behind the tool thats hard with osint I might make a room similar to cc: stego but with osint im not sure I have a lot of other stuff going on as well so

you have a problem with run-on sentences, cry

its just the way my brain thinks im a very run on kind of guy if you look at my rooms its not like that though mainly because I get bullied if I have bad grammar in my rooms

i can see that

Guilty of bullying o/

Cyber bullying is a crime!

@karmic raven if you need a shoulder to cry on I’m here for you

CVE 2019/2020 exploit based rooms. 👍

How do I can hide the account name on Facebook?

#general

hello

#general

@somber crow I am trying to upload vm but it's stuck at 0.00 for almost half hour

Can you please guide me

I am unable to upload vm

It's almost an hour now

Please don’t @ James he’s sleeping

Also this is not the correct chat

In which part I can post about it ?

#general

Binary hacking room

An in-depth binexp walkthrough room

There's a buffer overflow room in the works, through we already have these and a few others:
https://tryhackme.com/room/binex
https://tryhackme.com/room/bof1

@somber crow I am trying to upload vm but it's stuck at 0.00 for almost half hour
@slow anchor #site-support

refresh the page...?

pwncat room

should see about John doing it as he’s the best person for it

can anymod tell me what are the reasons?

Click "view room feedback"

i deleted my room few days ago and cant see feedback

That's why it was rejected then

You deleted the room.

ohhh ok

We can't evaluate a deleted room

Also please remember, not all the testers are mods

And not all the mods are testers

ok ok

i love how it says: don't like these emails? DELETE ACCOUNT

thm savage

general room on utilizing c2 frameworks like empire, covenant, cobalt strike etc or an update to the empire room with the new updates by BC-Security

Updates to RP Empire are on dark's list already

I'm actually playing with Starkiller and E3 right now. Pretty cool.

And I might touch on Covenant as I'm using it more and more.

Cobalt Strike probably won't happen unless they give everyone a license for it.

Would be great to have a room to learn about websockets

The python scripting room has a task that involves programming a python websocket to solve it

The python scripting room has a task that involves programming a python websocket to solve it
@tacit anvil Thanks, will check it out!

can we have a room covering passive recon?

We already kind of have google dorking, and sublist3r I could see about making a room on general passive recon however it’s hard to virtualize some of the techniques

maybe able to do passive recon room where you gather recon on tryhackme I don’t know I’ll see what I can do

if you were to do it, i’d suggest making the tasks not require answers since things will change all the time - such as those shodan questions

if you were to do it, i’d suggest making the tasks not require answers since things will change all the time - such as those shodan questions
@sudden garnet Yes, please consider this. Unless you write a program to auto-update the answers, the Shodan room is the bane of my life because of how frequently the answers changed 😦

I could probably fairly easily make a script that updates the answers once a week or every some odd days it wouldn’t be hard

and it isn't

the task update route is pretty straight forward

szy pls i bet u send me the route

let me make a program specifically for updating answers in rooms

I need this 😂

@light lynx sure, send me a DM and we'll talk in there

are there any rooms geared towards the Security+ exam?

I heard Blue Primer but I only see 2 rooms

@wet laurel 1.) #cyber-and-careers is a better place to ask this question
2.) there’s not any rooms specific to it however you can probably look through for reviews on it and see exactly what the content is and study on tryhackme from there

Thanks @karmic raven ! I have some people taking the exam in a couple weeks and I'd like to give them a hands-on supplement so they can do something besides death-by-powerpoint.

It would be easier if the exam was more hands on. But it's all theory.

Any room for the basics in port forwarding or tunneling using the like of chisel would be good if there isn’t any.

I may have a look into that 🙂

Cool thanks 😃

I'd like to see a room that is an Intro to CTFs. Going over the different types of CTFs, solving for each type, etc. Preparing you to then do the regular CTF rooms by discussing the structure and how CTFs work for those who may be new to CTFs and how they work.

That's called a writeup

You can check ctf writeups on medium https://medium.com/ctf-writeups

Then there are resources like https://ctf101.org/ and https://www.hacker101.com/

oThanks @brisk tapir I'll pass those along as well. In the security engineering mentoring I have done "what is a CTF?" seems to be a common question as well as sometimes from senior security professionals who don't work in the offensive space but want to learn what a CTF is and how they can get into them more. Those links you posted are good as well as John Hammond's Youtube video about it. When I first suggested it I was also thinking about it potentially being in the beginner or similar learning path on THM even as a "Intro to" type high level type room. Thank you again for your reply.

Room about regex would be cool

Funny you should say that

There's one submitted, almost ready for release

Uff

Just waiting on its creator to make a couple of changes 🙂

excellent, thank you for commenting

😄

is there any room for begginer crypto-cracking?

https://tryhackme.com/room/cryptofunhouse This is a pretty decent intro-to-crypto room with varying difficulties.

are there any more rooms to practice osint besides OhSINT?

Some rooms have OSINT in them but are not based around OSINT.

Is there a demand for OSINT based rooms?

I think educating people about how dangerous open disclosure of personal information on the internet is can be a good topic

Things like SIM hacking usually rely entirely on OSINT

and social engineering

I'mma be biased here and say Google Dorking

you can find some very

interesting results if you query it right

^

I feel like the dorking room doesn't teach you too in-depth about dorking

you could go so much more in-depth and thorough

It's not OSINT for people

For sure

but

I'm sure the Dorking room is a base overview though

How to get what you want with a web browser

Like it should definitely teach you about people publically disclosing things like PDFs and config files

it creeps closer and closer towards the borderline of "does this encourage blackhat stuff"

those are pretty important vulnerabilities

It does, but legally speaking

it creeps closer and closer towards the borderline of "does this encourage blackhat stuff"
Yeah exactly

It's designed with the mind of "research if you wish" but heree's how it works

without crossing the ethical line

right, but I also just think that it's a way for pentesters to find out if a webapp is disclosing unnecessary information

I mean- it's still a vulnerability that can be easily patched

It's like leaving your security config files out in the open to the public

But I guess you're right, since google implies that whatever you're pentesting is already out on the open internet

and is probably a production server

I appreciate the thoughts though smackhack

there's a lot further I could go into google dorking I fully agree

I'd say leave it to the user as Dorking is really powerful and TryHackMe might be in legal issues if someone takes it too far and blames it on us

Yeah, true

It's something I'll very much consider developing further when I get a bit of time

But yes

as Jabba said

It's very easy to encroach on that sort of things

I designed to make people aware the technique exists and how it works

Maybe provide them with the file. Saying "Using Dorking we found this website: " and then give them a .html or .php file containing the information they "found" and then let them exploit a webserver that was setup by a user

^

That could be a good idea

they'll have to research further outside of THM to do anything meaningful which in that it's on them

I like that!

Maybe like a built in browser query on a box that lets you look for hidden .pdf files

I have something similar setup for an event, once that is over, I'll definitely look into incorporating that into there

containing info that can be used to gain credentials

a ctf style via the info you found by google dorking

I'm writing it down (:

:D

Sounds awesome <3

I really like your ideas there (both of you)

I mean ideally- if we're training ethical hackers/webapp pentesters

it should be public knowledge that people can accidentally disclose this kind of stuff unintentionally on their webservers

and that pentesters should look for these

For sure

After all

ideally

ideally

use your powers for good, not evil

it's one of the main reasons why attacks happen the way they do

accidental disclosure

yeah

Not telling people about it would defeat the purpose of doing an all-encompassing pentest imo

Could make a bulletproof webserver, but if you accidentally disclose root account credentials in a random .conf or .pdf that happens to be on the wrong side of the server

Absolutely agree

I really like the idea of getting people to hack a box on THM using techniques such as that

I think part of improving cybersecurity as a whole is also educating people on very commonly and easily abused vulnerabilities such as these

If you could see my notepad rn

I'm on my 3rd page of the week 😛

even though it could potentially be used by blackhats, I think it's a good idea to make it public knowledge so people are more aware of not doing it by accident

LMAO

definitely

Damn CMN you're plate is full

by doing so, it also encourages blue teaming

"here's how people find data"

Wish I could take some of it off your hands

"so here's how you hide it"

yeah exactly

It's a really easy patch usually too anyways

it's literally just oversight

Yeah, I've been none stop for a while now @icy trellis, now with my work starting again

Keeps me out of trouble at least :PPP

I'm gonna go into full box dev as soon as I finish my networking cert exam 👀

it's literally just oversight
@tacit anvil exactly

thanks @tacit anvil @icy trellis

np np

I appreciate your thoughts on it fr

once this event is over

there should be something that I can develop further for it (:

Awesome Sauce

Damn CMN you're plate is full
@icy trellis tbh i have been telling cmn to take a break for like 3 days now

https://www.youtube.com/watch?v=D2UWNF8pKwk

There is a room on how to make a room coming right??

yes

yessss

ETA:

mid august

and that's when it'll be gone through via dark

and then the normal submission queue

ACtive directory machines?

There's one already, one coming, and then networks will bring a lot of AD content ss you can actually have a network of VMs to make a domain

there’s 5 out 1 ready to release and a huge network coming

@regal tundra

• Ra
• Set
• Attacktive Directory
• Post Exploitation Basics
• Attacking Kerberos

Nice, thankz

There's one already, one coming, and then networks will bring a lot of AD content ss you can actually have a network of VMs to make a domain
@somber crow I can't wait for this! has so much potential

Anyroom on wireshark

https://tryhackme.com/room/introtonetworking

this has a task that briefly explains how to use wireshark

and I think https://tryhackme.com/room/smaggrotto involves packet analysis maybe

There's also a whole room on pcap analysis

Plus a room full of challenges

Plus the ridiculously hard room full of challenges

And the advent of Christmas has a lot of pcap analysis

Hey there fellow hackers! So after pwning about 20-30 vulnhub/hackthebox boxes i want to make by own. tho i could use to help on making it (have the basic idea on a txt file). so if theres someone up for it ping or dm me! I woulden't mind a colab of some sort!

There’s a room coming out soon ™️ about how to make a box

oh awesome

John Hammond also did a video on the making of a box on YouTube

A room to learn GTFObins ?

There really isn't much to learn there 🤷

You just look up what binary you need and follow the steps

Well in vulnversity room you have to exploit a binary and use GTFOBins and "follow the steps" as you say, but it could be interesting to understand those steps, and why we do it that way

Dunno just guessing

usually youre following the exact steps, I think a little self research for why it works is expected if youre interested in knowing

@torn frost Check out the linux priv esc playground, or the lazy admin final rooms.

Those have tons of exploitable vulnerabilities, most of which are gtfobinnable.

Thanks for the info, I'll check

A room explaining how the browser Tor operates ? (Setup, dns, cryptography etc.) Maybe a part regarding how to use proxychains or other of our usual tools on Tor?

https://tryhackme.com/room/torforbeginners you mean like this?

Well maybe not the set up as there is already a room for that but for the how it works precisely

ahah I saw that one right after I wrot the above text 😆

🙂

it explains how it works too

Ill give it a look thanks 👍

Any room on how to make a room ?

I heard it was coming along soon

It's in the works at the moment

It's a soon™️ through you can use the docs + Dark's new video.

https://discordapp.com/channels/521382216299839518/554713196804440101/738835180071944214

https://help.tryhackme.com/room-creation/room-creation-overview

🙏

I meant like how to make a box

If you're more interested in box development,

give me one sec uhh

Yeah i meant that

https://docs.google.com/presentation/d/1e2_M-ErRHp8DoAHKDaTWKRT3uYwtsSMsMrHfmABm2rs/edit#slide=id.p

There's also a presentation on this by the lovely Dark on youtube

Last time i used vagrant it bork my whole ubuntu

i'm trying to look for it atm

Without vagrant if possible ?

https://www.youtube.com/watch?v=4DY4TXhmpGo&feature=youtu.be

Thanks a ton ❤️ @tacit anvil

np

Some basic Powershell box?

Already have that I think?
https://tryhackme.com/room/powershell

Oh Sorry. Didn't know it. Thanks.

I would love to see a regular expression room. I always have problems with them. And It would be nice to see a regex walkthroughs combined maybe with grep or find.

There's a find command room, but yeah, not regex afaik

A regex room will be released soon

Very soon

thats great! thank you!

@lament star do you mean like next room release cycle soon 👀

Maybe, maybe not 🙂

A regex room will be released soon
@lament star How the hell do you know that?

ma1ware has all the sources

insider info 👀

Any rooms on return oriented programming and return to libc (state of the art exploitation techniques)?

I'd would LOVE a room like that!!!

@native raptor I joined that room before it was even approved, the creator is a community mentor and he mentioned it in the mentors channel

Maybe a room/walk-through for writing your own shellcode would be interesting.

@lunar plank this seems like a room we can do together 👀 #544951750801752079 message although idk anything about hacking related ML 😛

Throwing out a suggestion. It would be really nice to see an android malware apk reverse engineering room!

there is one

https://tryhackme.com/room/androidhacking101

@lavish roost ^^

yay!

I would like to upload a vulnerable VM to TryHackMe, can it be in OVA format?

I think that’s the only format it can be

Does also take qcow

But I have never seen anyone try qcow

🐄

What the heck is qcow

People have never done that cuz they probably thought it was a joke

Does also take qcow
@native raptor last time I checked it doesn't even though it's on the page

Odd

Those are AWS requirements, not ours

{
  "message": "We are currently not accepting qcow2 files. Please convert to file type OVA and try again."
}

🙃

You guys rabbit holed your upload link jeez

🧐

imagine if somebody spent all that effort to making a qcow and it doesn't work

they are forked up

https://i.imgur.com/5BVDelm.png

Y'know @golden mountain you can have an answer to things in everything but JSON right

like

normies read in text

that's how the API talks

lemme just API and book

thats your way of learning

of look

this

let's JSONify it

Is there a room explaining gobuster?

Cc Pentesting

Thank you

The amount I've learnt from this site within a few weeks is crazy

How about a room on Network Steganography?

It's kind of a niche topic and would be hard to make but it would be really cool to see

Ew steg

I'm applying now to some cyber security company.
They asked me as an home exercise, to create some informative document about passive footprinting.

Now, while doing footpritng with some tools, we look, among the rest, for details like: DNS, IPs and other networking stuff.
I would like to know if there is some good room to understand why these details are essential actually, how do they help us at the further pentesting, what do they say at all?

Thanks.

Sounds like you need to look for some passive recon tools and see if there are rooms on them

@somber crow Yeah, it might be suitable. But there are a lot of them, I think it's not really realistic.
BTW, how can I look for rooms that contain even some word, for example, if some room contains the word DNS I want it to be displayed in the results.
I can search in THM only for my rooms, according to their titles I think...

False

Hacktivities searches by tag as well

And creator name

Cool thanks

@somber crow Yeah, it might be suitable. But there are a lot of them, I think it's not really realistic.
BTW, how can I look for rooms that contain even some word, for example, if some room contains the word DNS I want it to be displayed in the results.
I can search in THM only for my rooms, according to their titles I think...
@gleaming token Anyway, if someone has another idea, something more concrete - it would help me a lot 🙂

you've asked for this in the resource channel as well pal, try doing some research yourself too. hacking is not a skill is an attitude.

Not trying to sound rude but if you don't even know what recon is and how it's used in a RTE, you're gonna have a bad time

Also you asked about this a weekish(?) ago, as brought up by Chevalier.

(If this is homework, or for an interview then it's kind of unethical to ask us to find your resources for you.)

You're unqualified. Take the L and spend time learning the process instead of asking for the answers to the exam.

Is that really necessary?

erm, id say not, this whole conversation isn't even in the right place anyways

1. we're not going to help you do your homework to get a job. Do that yourself. You're not qualified for the position if you're asking in here for help :/ @gleaming token
2. Sundae, I agree, but please watch the tone there.
3. Career talk goes in #cyber-and-careers

I don't think I'm in the wrong. He asked about this last week and he was directed on where he can do research inside of this server to further inform himself. He was also told (by me) that he shouldn't just include THM in his research. He is here today basically saying he doesn't know about the job is that he's applying for and that's off-putting. You wouldn't hire a programmer that doesn't know how to program. You would tell your applicant to learn the process and come back later. I might have sounded blunt, but he's going to hear a lot worse if he actually lands across someone that knows he basically doesn't know the topic, but somehow has the job. I've seen people get pecked straight out of jobs because they lied about being qualified. He needs to learn the process and about the job before applying and that's what my overall message is.

@valid loom Please dont discuss further. Its not the primary topic of this channel.

w/e

Can we have rooms on DFIR? I actually haven't found any mainstream platform where we could practice DFIR. Tools like Graylog , Moloch , osquery and kibana , all these were alien names to me before I started looking into defense and Incident response or are these tools not feasible to use on Personal Computers. Just wanna know. Peace ✌️.