Awesome 😁

TryHackMe sticker swags, when

already exists in the merch shop :)

https://youtu.be/K52hlk98soU

@graceful coral

Ey Latin America, today KOTH in stream at 930 pm gmt-5, CTF with consoles:
https://www.twitch.tv/hackorgame

https://youtu.be/Yp3tKw2kvr4

https://youtu.be/vAZSyC1nh3c

Let me underline that it's important to pay close attention to details. There's a hidden thm code inside currently unclaimed

is that the first time chev face reveal? 👀

perhaps, i have linked too ya know

ghostping?

If anyone wants to join the show we are doing VulnNet now at https://twitch.tv/sup3rhero1

Back again after dinner break - join me for h4cked 🙂 link above

@willow patrol Hi, this channel is for Streams, videos, blog posts, etc of TryHackMe content so I've deleted your message.

In this video for our series Pop Pop Pop Another Server Drop, we are popping the Mr Robot vulnerable machine. Things learned in this lesson include:

1. Nmap for port scanning and arp scanning
2. Gobuster for directory busting
3. Wordpress hacking
4. Password cracking with john the ripper and WPScan
5. PHP reverse shells
6. Hashes
7. Netcat for reverse shells
8. TTY and how to use python to get a more stable shell
9. Basic BASH commands
10. SUID bit
11. Nmap interactive mode privilege escalation
    So let’s get popping!

https://www.youtube.com/watch?v=ABS91i3vR88

Hacking some Windows on TryHackMe over at https://twitch.tv/sup3rhero1

Hi people, hi latin american people, today we have KOTH 930 GMT-5:
https://www.twitch.tv/hackorgame

https://youtu.be/w50EujRY_V4

Posting a bit late but hope it still helps some of you

https://youtu.be/8NMBqW2Lsl4

Hopefully this helps someone

https://www.youtube.com/watch?v=tUWCmpxWYdo

https://www.evernote.com/shard/s743/sh/3f51bb24-85f9-466b-7bd5-a875449bb09d/b24a9f12b50cca3a7465327ba2a77c4b

guide to go with it 🙂

http://blog.daanbreur.systems/writeups/2021/THM/ nice :)

https://mrzeeqa.gitbook.io/mrzeeqa/thm for fellow dutchmen

https://youtu.be/DhvKw908Jks

https://youtu.be/oWbUrOJM5AM

https://www.twitch.tv/hey_its_lgg

We are live now! making cyber security defence path ~ Windows Logs

https://youtu.be/Nhu_2_SLny4

Nice video

Good explanation

https://youtu.be/0vIPUKK_8qs

Ey today in my channel we have KOTH, ey people from latin america!, if someone wants to particpate, let me to know!;
https://www.twitch.tv/hackorgame

Hey @dry kestrel !
This channel is for TryHackMe only content 😄
You can post direct links to write-ups but this isn't the channel to promote your blog :<

If you would like, you can post it in #general -- just as long as you don't excessively promote it :))

Ah, it's fine, i asked in general and was told i can post here lol.
Sorry for inconvenience :sweat_smile:

No problem :))

https://twitter.com/0xTib3rius/status/1385702182750724096

Is there a way i could DM OSINTDojo, creator of Sakura Room?

He's not in this Discord it seems

so it would seem

Could probably try their Twitter?

ya doing that

site dm

It was regarding the badge system.

I use my personal account on Discord 😆

This looks fun https://www.reddit.com/r/tryhackme/comments/mydj02/professional_red_teamer_taking_on_viewers_in/

Hey I am live hacking on TryHackMe over at https://twitch.tv/sup3rhero1

@dark condor As that is not tryhackme community media, I have deleted your message.

Just about to start hacking on TryHackMe over at https://twitch.tv/sup3rhero1

#site-support

https://t.co/b7bZOeAST1?amp=1

@here hi guys today we have KOTH, latin americans are invited, if someone wants to play with us, you are welcome:
https://www.twitch.tv/hackorgame

https://www.youtube.com/watch?v=g2CnIgjHeX8

8 minutes until it’s live!

where is the result of the OSCP draw?

They're currently removing cheaters

😆

We are about to play some KOTH over at https://twitch.tv/sup3rhero1 Come and join us!

Streaming some THM Hacking over at https://twitch.tv/sup3rhero1 Come and join us!

https://youtu.be/q5Nmrao5aIM

https://aksheet10.medium.com/brooklyn99-walkthrough-tryhackme-db684ea1b7ae

Hi Everyone, today it a KOTH day by streaming, eveyone is welcome!
https://www.twitch.tv/hackorgame

This room was released way before this exploit. Would be beneficial for you, and anyone reading, to also know the intended route. It’s good you highlight a kernel exploit that will work, but the intended route can teach people more.

OverlayFS will work on honestly the majority of THM rooms, because it's so new

RootMe write up : https://www.notion.so/RootMe-a79e204f8e0643758b05132e7ff0ab08

@graceful coral nice 1

📋 "Hack your way in. Get the Flags. Don't get stung."

🐙 Me and ~1800 more hackers was trying to root the box for the chance to get the OSCP voucher and five One Month TryHackMe Subscription Vouchers. With this one I've learned so much that without this write-up everything I've learned would be lost forever. Hereby behold, my 7 days of struggle!

🔥 Read my #writeup of "Year of the Jellyfish" hosted by Try Hack Me.
https://ethicalme.hashnode.dev/thm-yotjf

@flat plinth
Few things not quite correct there:

• The throttling with the public IP is your ISP -- not the box
• I didn't change the filter after the event: *.phtml by itself would never have worked. *.gif.phtml still will

Also, please submit to the room for review before sharing publicly 🙂

ahh didn't know we have to get through some review process before publishing

thanks for telling me that

Nah, just courtesy to let the room creator have a look first

Ah, ok. I just think about it how I approach the challenge and to share with others what my thoughts were during the solving process. Like, I'm not doing the official review or something - it is more like my process and thoughts. But from the other hand I can get a immediate feedback on where my logic went wrong - so that's nice.

Thank you for indicating where I can correct the article

Some THM Wreath over here: https://www.twitch.tv/hey_its_lgg

Tooling then THM https://twitch.tv/ahaquer

https://defaltlibary.blogspot.com/2021/05/owasp-top-10-tryhackme.html

https://defaltlibary.blogspot.com/2021/05/pickle-rick-tryhackme.html

i liked it, great write up 😄

https://twitch.tv/ahaquer

Hi boyz/girlz today we have KOTH in channel, everybody is invited:
https://www.twitch.tv/hackorgame

I see we had the same idea this week 😄

📋 "Listen Morty... I need your help, I've turned myself into a pickle again and this time I can't change back!"

💡 Practical example of reverse shell usage and sudoer understanding.

🔥 Read my "Pickle Rick" write-up
👉 https://ethicalme.hashnode.dev/writeup-get-schwifty-pickle-rick

I read about it nice one man btw i try to use python payload didnt work

the port you are connecting to from the target machine could be a problem - I've got that issue on YotJF if I remember correctly

also depends what kind of problem you had

@flat plinth Python Payload didn't execute i finally use perl payload to done the shit. I use python payload not a python3 i think that might be the problem

well, maybe

I3 rice almost finshed looking good and minimilistic

a newbie makes his first hacking blog post: https://hermannc.dev/2021/05/30/tryhackme-overpass-2-hacked/

Is there a reason you haven't submitted this to the room?

Kinda wanted to see what people thought of it, and because I didn't know that was a thing to do 😄

I'd also appreciate it if you could remove the answers/any passwords

Sure, i left out the actual 'main' answer

Is the picture with the information included, but not called out acceptable? (like for question 2?)

I'd rather it wasn't there, like especially the password

oh yea, i'd definitely obfuscate passwords

this particular one didn't have any actual passwords

I made the room

Just this image here, I'd appreciate it if you blocked out the password just below. That sort of thing.

ooooohh, that password, sorry, i was thinking flag, sorry!

As for this bit, John is fussy. It needs --wordlist=/path

also be careful with i vs I, it's always I when you're saying like I did this

Ah true, my crappy lazy habits 🙂

Also, I JUST realized this was only part one 🤣

do you consider

So, right off the top, we see an HTTP GET request to /development/, and then a POST to /development/upload.php, which my gut instinct tells me would be the URL, but, as THM helpfully shows us, it's looking for a single world between slashes.

to be too close to an answer?

A little, but eh. Also, typo - world/word

🤦‍♂️

What I will probably do is complete the rest of the parts that i completely missed, and submit as one big post for the room

https://defaltlibary.blogspot.com/2021/05/vulnuniversity-tryhackme.html

good one @graceful coral

https://github.com/Defalt-cloud/CTF-Writeups/blob/main/TryHackMe/Basic Pentesting/Basic pentesting.md

good1 @graceful coral

Reversing ELF TryHackMe | Reverse Engineering | techy krish https://youtu.be/0RF-id8vUk0

https://defaltlibary.blogspot.com/2021/06/simple-ctf-tryhackme.html

https://defaltlibary.blogspot.com/2021/06/cat-pictures-tryhackme.html

https://defaltlibary.blogspot.com/2021/06/bounty-hacker-tryhackme.html

Great box !! Such a madness
https://defaltlibary.blogspot.com/2021/06/madness-tryhackme.html

@orchid estuary Hey that isn't TryHackMe related 🙂

https://defaltlibary.blogspot.com/2021/06/mustacchio-tryhackme.html

great box from optional
https://defaltlibary.blogspot.com/2021/06/cmess-tryhackme.html

Complete walkthrough of c4ptur3-th3-fl4g room:
https://youtu.be/mdpnBG6TRW8

RootMe Walkthrough
https://www.youtube.com/watch?v=SQflsrtS21A&t=6s

Pickle Rick Walkthrough
https://www.youtube.com/watch?v=EaiIqKqGnpI

@gloomy ruin u dont need to download the vpn file everytime

only once (non sub)

is fine as well

I know, it is in the second video

I figured that out

what is no sub?

subscription

yes, no sub

I will get it once I am done with my grade 10

just gotta concentrate on study now

weeww 10th grade

Yup

Same mate

nice

Ok from pins 📌 I see that flags are not allowed to be shown . I have some doubts

1)for old rooms do I need to wait for the permission of the author of the room to publish the write-up ?
2) I see write-ups showing the flags for old rooms not the new ones is it ok with that? Coz it may need some lil bit more editing

@spice kayak Please do not include flags or passwords (also SSH keys probably count there) in your writeups.
You don't need permission from the creator but it's nice to. That's what submitting it to the room is for, in part.

ok

i will just dont cat the flags during recording ftw

You can wc them, or maybe md5sum them

yeah i also though if the same thing wc

https://aksheet10.medium.com/zth-web-2-walkthrough-7ab1c3523162

https://youtu.be/uIMC30s_TKQ

https://aksheet10.medium.com/pickle-rick-walkthrough-tryhackme-315ed4b04272

How can I get the Act of Kindness badge? I thought I need to solve both of the wonderland room and I'll get it. I had to realize I've dove with them.

Is it a bug or I have to solve another room?

Act of kindness is a community badge

Being nice, purchasing vouchers for users, giveaways etc.

oh

Usually you’re commended by a moderator to Skidy

I thought somehows it connects to the wonderland series

Ty for the help

That'd be act of Malice or something, those rooms are just mean

couch tryhackme writeup

https://github.com/nandk4552/nandk4552/blob/main/Couch Writeup TryHackme

https://youtu.be/llMS_0ciFks can i have some traffic towards my channel brothers 😁

I did my second write up,

https://ekimik.medium.com/tryhackme-boiler-ctf-c498ae3040b8

Check it out and let me know for feedbacks!

https://dovidfriedman.com/REAL-BLOG-POST-TRUST-ME

im dead

that's amazing

Lol here's my one: https://cybxrlxnd.blogspot.com/2021/07/looking-to-get-into-cyber-security-this.html

oh crap I missed an "or"

It's not as "proffesshanoal" as mine.

Your one is incredible, a true work of art

Yeah

Much info, many detail

Can't wait till I get my 10 tickets

https://tenor.com/view/sweating-nervous-paranoid-gif-4974019

https://gist.github.com/Mercury-180/290c478a4966cf11252c579f2c5798fc

Here's mine!
https://blog.cyberethical.me/review-pre-security

Edit: that compression

le blog post https://blog.hydrashead.net/posts/cybersec-with-tryhackme/ 🙂

le blog https://aksheet10.medium.com/gifts-are-in-the-air-e8f9838dccac

https://medium.com/p/a089d746df2c Here is my blog post.

can i use tryhackme content (images and animated videos) for creating content on youtube ?

https://htmlhacker.medium.com/how-to-get-started-really-started-in-hacking-41d3b8d3d5d3

My post now in English

https://lupen.medium.com/bare-bones-of-learning-cyber-security-9e179d3d00f

looks great, thanks!

Gave +1 Rep to @real zodiac

thank you 😄

Gave +1 Rep to @thin oak

https://www.youtube.com/watch?v=hQd33arI_80

Hi all, this is my first Medium post for a TryHackMe room, Fowsniff CTF, would really appreciate any feedback:
https://thef1ash.medium.com/tryhackme-fowsniff-ctf-107ca257ca1c

Looks great

https://www.twitch.tv/westar WESTAR IS STREAMING

Guess it's worth dropping here:
VulnNet: Roasted - Raw take (for the most part)
A great Windows box that utilises a bunch of AD wizardry
https://www.youtube.com/watch?v=5Db2ywExEGc

ok i have a doubt can i write blogs / make viedos on subscriber only rooms ?? and networks ?? like throwback and holo

Yes

ok thanks

Gave +1 Rep to @tropic lava

https://www.youtube.com/watch?v=qxwaAwz578k

I just started streaming! Check it out: https://www.twitch.tv/sup3rhero1 Let's look at some fresh rooms!

THM wallpaper pack when? 👀 .

Ask CMN ;)

👀y e s

Interesting idea

oooh I wanna make another one with the jetpack man 😮

Writeup for SweetTooth
https://manash01.medium.com/tryhackme-sweettooth-inc-non-port-forward-method-a658d587c481

Dentists hate it 😄

Nice writeup though!

Thank you

I have submitted it on the room's page but can't see it there. Should I contact the room's creators for this? Sorry, this is my first time posting 😅

Writeup for CMSpit

https://cyberjunnkie.medium.com/cmspit-ctf-tryhackme-d21b9b51291f

Hey yeah, usually it is for the room creator to accept. Although, I'll take a look at the writeup and accept it if it is unique to other writeups (if there are other writeups) you should get an email from THM if I accept or reject it 😎

ooh there is like 8 pending, lemme sort through them real quick in order of when they submitted

Cool thanks ❤️

Back doing some THM on stream in 10min https://twitch.tv/sup3rhero1

I accepted it a while ago (basically just as I sent that message above) (:

🥳 just saw that mail :) thanks

npnp!(:

Pain, suffering and memes in this VulnNet: Internal Raw Edit!
https://youtu.be/SuRMLj7YeuM

This is the followup of the first part of the room CC:Pentesting

https://www.youtube.com/watch?v=QRs34pVRWUc

If anyone is streaming some rooms tonight (UK time) please ping me, would be interested to see more experienced folks than me working through things.

Continuing Wreath as if it were an actual pentest! Come ask questions and join the fun https://twitch.tv/optionalCTF

Come and join some free training using TryHackMe resources! https://twitch.tv/sup3rhero1

Write-up for final challenge in the Upload Vulnerabilities room.
Bypassing the simple upload form to get RCE on a server.

👉 https://blog.cyberethical.me/thm-uploadvulns

It would be polite to get that accepted on the room before advertising it 🙂

Especially given I see at least one inaccuracy off the bat

Nginx is the load balancer / reverse proxy. Express is the backend.

thanks Muiri for correction, I really appreciate it
but, once again I don't feel like posting the writeup in the room because it is just my interpretation of the solution - are you guys chasing other people posting their writeups of rooms? when you google the "thm uploadvulns" phrase you can see that there are many writeups already, but not a single one in the room writeups - it is just a training one, nothing advances, so you can see the community don't stress much about providing the writeups at the official channel 🙂

Gave +1 Rep to @formal sparrow

I don't find it being rude, to share the THM content and by doing so, giving appreciation to the platform by providing articles about it - I don't see a need to be it accepted on the THM first

No, we're not chasing people for it -- you're getting asked because you're using the official Discord server to advertise your solution, rather than just posting it 😄

As a general rule it is polite to ask the room creator to approve it before going out of your way to advertise it. As you say, it's your own solution, so it's a case of making sure that the creator is happy with endorsing it as a solution on the room.
That's more the case for challenges than for walkthroughs, obviously -- Jewel just treads the line between them.

from that point of view.. that makes sense - but.. are really all content posted here is accepted beforehand?
and well if I make some mistakes - community can always contact me/write a comment, that's how it suppose to work, right? that way both sides can learn
first YOTJF, then Jewel - I must learn that finally 😛

Mhm -- we try not to allow anything in here that isn't accepted on the room first

ok I understaind, but is it somewhere written down for new users?

damn, good point

removing the post until it got accepted

Wonderland Road to Top 50 Raw Edit
https://youtu.be/V19y1Sz3vmg

Streaming some easy beginner friendly THM room over at https://twitch.tv/sup3rhero1

https://www.notion.so/kiwids/SOCKS-Proxy-Setup-07112c68fcc14aa1917505dcd6eeb35b

Question, regarding writing a blog post, I'm about to start /room/relevant, but it says writeups own't be accepted, but if i did as it suggests and write an actual report and post that to a blog? More of an ethics question than anything else.

well, ethically, if a creator asked you not to do that and you do it, its probably mildly unethical.

if it was unlisted/private write up I doubt it would be unethical but I assume other people have access to your blog

ok, thanks. I wasn't sure if the penetration report would still classify as a "writeup" since, from my brief research it's more of a conclusion/recommendations document, more than a how to (which if it would include, i wouldn't)

well a pen-test report needs an attack narrative which is 'what you did to gain access', basically the meat and potatoes of a writeup

I imagine that room creator has those requests because they would like their own guides to be the ones referred to, if you are doing something like that for potential employers to look at later I don't think it'd be too bad really

ok, yea, there is a guide

thank @stone marsh

Gave +1 Rep to @stone marsh

For your own blog, go ahead :)
Please keep flags/passwords out as a common courtesy, but blog post reports are good for résumés 😄
Just bear in mind that it won't be accepted to the room, and we won't advertise it in here (I.e. please don't post links to it in the Discord/subreddit). In terms of writing it though? Go for it. It's not like there isn't already an official walkthrough for it 🤷‍♂️

It might take me a year and a half to get through it though. first thing that's "freeform"

https://holliewhite.com/2021/08/30/How-to-get-started.html

You are going to kill my eyes 😆

*Cue 240% zoom*

Looks fine on mobile

Seems like a you problem~

Trillium pfft

Wrong image 😆

Haha, trying to squeeze it into the conversation, I see you

@urban crescent how does it look on an ultra-wide? 👀

I see how that might be a problem

I need glasses

Same 😆

even smaller on mine

Loving the content though

Displaying fine on mobile

Well written and accurate though, will recommend to anyone who wants to join infosec

amusingly

I wrote it on an UW and it looked fine to me

It looks like morse code if I try to zoom in

Beep Beep dash dash mofo

Display is fine on 24" 1080p monitor aswell

am trying to do wreath with as less help from the walkthrough in the room: https://www.twitch.tv/mrzeeqa, feel free to give me some feedback if you all don't mind

You won't have much difficulty -- Wreath is a sandbox. It's not designed to be difficult. The only purpose for those machines is to follow along with the teaching material in the room -- otherwise it would take about 10 minutes to do, if that.

Trying to do it blind is entirely missing the point 😆

I didn't mention but i already did the network once while being guided, now i wanna try and see if i could do it without guideness

But i understand your point though. Wreath is actually a well explained walkthrough. So i'm challenging myself to see whether or not i understood what was being explained

Ah, gotcha 👍

You did a great job i believe, already on the gitstack and haven't peaked at my answers. Your way of explaining can be longdreaded sometimes, but it's all coherent so it sticks for the most part

I remember wreath explained pivoting at one point, which made me come to the conclusion it's not necessary to upload a nmap binary on prod-serv, but rather i can use sshuttle to route the traffic via ssh specifying the id_rsa with --ssh-command

https://twitch.tv/mrzeeqa doing some ctfs

@tropic lava

https://www.twitch.tv/h8handles

Hi, where can I ask questions about the progress of my thm room and other stuff about room creation?

#creators-lounge @cloud wagon

You can ask one of the mods to give you role

nvrmnd

Ty

Gave +1 Rep to @formal sparrow

https://www.twitch.tv/0xtib3rius

THM KOTH live rn^^

i was about to post it...

😁

i

am

going to give

this a shot

😎

https://www.youtube.com/watch?v=FX3h9xKrxrM

wopah 🥺

Anyone know how can I share my profile on LinkedIn?

Oh that’s it lol. I thought I can share it directly from THM.🙈

@tropic lava

Done

Thanks:D

How can I upload gif image as profile pic in Try Hack Me ?

you can't anymore

Empline Writeup : https://mikadmin.fr/blog/tryhackme-empline/

@graceful coral Please try to keep it to just THM content here

Ah ok, will do.

Hey guys Im trying a new method of self-study and streaming some THM study alongside of my OSCP prep. Feel free to drop in and chat, I want to get more engaged with the community! https://www.twitch.tv/gonski47?tt_medium=link_copied

https://youtu.be/an6qEot7Djk

hey hey, its a nice one just a lil typo here

@queen jackal This channel is for Streams, videos, blog posts, etc of TryHackMe content

oh I'm sorry

is there any room where I could share that video about note taking for the CySA+ ?

#resources I guess

Hey so I made this for people that want their tryhackme badge on their github profile README for some reason if I just linked it with the aws link it wouldn't work so here is a github action that just downloads the image and uploads it on a repo you own to be linked in the README https://github.com/p4p1/tryhackme-badge-workflow

I don't really know where to posts this so ping me if it's not the correct channel

Ironically, the issue that stops you from just embedding it directly has just been fixed

Hahaha no way 🙂

I just checked for me it hasn't been fixed for some reason well at least it exists for people that are interested 🙂

Not sure it's been pushed yet, but it's definitely fixed in dev

#site-bugs message

Just uploaded a new video about XSS, check it out
https://youtu.be/o9gkGV25B9A

Hey everyone! 😎

Just in case there's anyone here going through the latest TryHackMe Learning Path!

I just did a walkthrough for the first Room 🥳

Hope you enjoy it! 🍀 😊

https://www.youtube.com/watch?v=95cOZkQtNUc&t=237s

awesome @queen jackal but a good consideration if you want to do youtube videos, is to consider whether images like that (the images/components in the thumbnail) are actually yours/you have the rights to use (:

you are absolutely right @formal iron ! I might have take that for granted, I'm sorry!
Do you know who I can contact from TryHackMe to ask for permission for future walkthroughs?
Thank you so much for your kind advice 🙂

Gave +1 Rep to @formal iron

@stable heron this channel is for directly THM related content

@formal iron just sent you a message on twitter, asking for permission to do a walkthrough of your Room 🙂

hello I will get to it when I'm out of my lectures (:

@queen jackal

Thank you!

You could walk through other content

Thank you for responding on Twitter Ben! @formal iron !
I really appreciate it 🥳

Gave +1 Rep to @formal iron

No thank you (:

Gave +1 Rep to @queen jackal

You missing a comma there, bud? 😆

Let’s eat, grandpa. vs Let’s eat grandpa.

Ahah xD

Commas are evil

When I am on mobile

English standards and rules do not apply 😄

If you can depjyjer it then god speed

2nd writeup https://deltreey.blogspot.com/2021/10/tryhackme-simple-ctf-room.html

Here's the walkthrough of the second room from the newest learning path, Jr Penetration Tester 🙂

Hope you enjoy it!

https://www.youtube.com/watch?v=thD8JMEJ_I0&t=498s

@stable heron this channel is for THM related content

writeup #3 I'm having an awesome time https://deltreey.blogspot.com/2021/10/tryhackme-bounty-hacker-room.html

and another! https://deltreey.blogspot.com/2021/11/tryhackme-inclusion-room.html

https://deltreey.blogspot.com/2021/11/tryhackme-lazyadmin-room.html another ctf writeup

Anyone up for a new challenge! There is a competition happening right now! https://www.linkedin.com/posts/jackpalmercybersecurity_competition-prize-2-month-subscription-activity-6864289185528991744-1ngl

https://youtu.be/hIkESyCcDfo

https://youtu.be/HnxJrnULWh0

https://youtu.be/cTz6f-7RUhQ

Finding and Fixing DOM-based XSS with Static Analysis
https://blog.mozilla.org/attack-and-defense/2021/11/03/finding-and-fixing-dom-based-xss-with-static-analysis/

@spiral heart Is this tryhackme related?

xpost from #general but hello good morning

I will play some ETS2
And then
stream in vc
I need to look into/fix the Yara room

Since people seemed to enjoy last nights

https://www.youtube.com/watch?v=LMyrMYlpCx0

sharing third time? 🤔

@lime cosmos Please stop reposting the same video, it's turning into advertising.

ok 🙂

Hey I have uploaded the walkthrough of today's Day 5 challenge by two methods - one is the intended path and another by stealing cookie from target. 2nd method is at Timestamp 3:50.
https://www.youtube.com/watch?v=Y8Ny5y2FXcA

nice method 2

https://tenor.com/view/cookies-gif-14785632

Hey everyone! I have a question
When we make a walkthrough, do we have to blur all the answers or just the flags?
Because some of the more beginner friendly answers are written on the question itself, or even on text above the question, so its almost impossible not to "read" the answers, before we even start the practical hacking part. So it's hard to bleep/blur everythin

What should we do?

Well, then you could write something like..."And here you should read the text :)" and only focus on describing the steps for the parts that involve something hands-on

That's actually one way to do it! Thank you @graceful coral

Gave +1 Rep to @umbral charm

If it's an article, it's a bit easier. The main goal is to avoid answer dumps or people just copy/pasting answers

Got it! Maybe I should just focus more on the rooms that only have the practical approach and blur the flags in the end (?)

So that people can learn the methodology but have to put it the work to get the answers

Hey this is my walkthrough on day7 of Advent of cyber
https://youtu.be/xlXDHqENMUo

@strange pelican Is this tryhackme related?

No Sorry, hahaha my fail, is for other community

Starting a youtube to start doing walkthroughs etc, going to include write ups as well. Here is my first, youtube video is my first test 1. https://rubelefsky.medium.com/tryhackme-advent-of-cyber-3-walkthrough-day-1-idor-insecure-direct-object-references-54883eb74ee7

https://rubelefsky.medium.com/tryhackme-aoc3-day-2-walkthrough-23e7d477b9f0

https://link.medium.com/4pk3QalJZlb

https://youtu.be/qW8oNTbpaqM

https://youtu.be/nomVI6DYtbI

https://youtu.be/UVT1W1pKj1s

For Day 17's task if you want list of regions go here https://github.com/darkoid/Cloud-Hacking/blob/main/AoC3-Day17/regions.txt

I have also added the script to list all answers automatically but you will need to find the AWS Access Key ID and other stuff from file

https://youtu.be/WHFUYkdB0Vs

Aren't auto scripts considered cheating?

Writing buffer overflows in Rust today
https://twitch.tv/mrglitchbyte

https://youtu.be/isksBJz9-Co

AoC2? I've been here since Hackback2!

I guess we're not the same?

@heavy kindle This channel is for THM content like YouTube videos of THM rooms, or writeups.

oh sry

where do i put it then though

Looks really nice and professional.

What's that autocomplete action going on in your video?

I wanted this video to be clear, I re-recorded everytime I made a syntax error. Target of this video is people who currently dealing with #878393611929129000

I didn't realize kali had autocomplete though on your command line, that's cool

Yep, it is.

Learning more about buffer overflows today!

https://twitch.tv/mrglitchbyte

What music are you playing on your VOD that you don't get a copyright strike?

https://www.youtube.com/watch?v=ORBwkXsUNEs

There are a couple others I use

https://www.youtube.com/watch?v=VMAPTo7RVCo

And any of the Streambeats by Harris Heller

I currently have music during live streams, but the stream is separate so it doesn't get me schwacked in the vod

Glad to see in not the only one who has issues just getting started while I'm trying to stream. I gave ya a follow

Yeah thats always tricky, finding music that doesnt schwack you later. Youre definitely not the only one, I couldnt get RDP working for the life of me
Also followed you!

Its Wednesday Hackday. We're just going to hack something today.

https://twitch.tv/mrglitchbyte

Falling down the rabbit hole and entering wonderland today.
https://twitch.tv/mrglitchbyte

God, I love the art sometimes. Most times, actually!

wait what is this

can you give me the room link?

osi room

Two things:
A) Answer dumps are not writeups. Indeed, there's an explicit instruction when you submit writeups to THM rooms that they should not contain answers. Besides that, it doesn't do you any favours to simply reveal answers. If you want your writeups to be respected + beneficial to you (and the community at large) they need to explain how you reached an answer, without revealing the answer itself.

B) Have you had those accepted on the rooms before posting them here? I would suspect not (for the above reason). As a heads up, if the writeups have not been accepted to the room, we don't give them an audience in here (especially if it's for community submitted rooms, out of respect for the creator -- although that doesn't apply here).

As a side note as well: writeups for walkthroughs are generally not a good idea. They tend to either be answer dumps (which are objectively bad), or the writeup author attempting to explain the content of the room themselves.
That latter one is fine to host on your own platform, but attempting to attach it to the room is... insulting, to say the least, because it tells the creator that you think they've done an inadequate job, thus necessitating your own explanation.

It be that way sometimes

I'm genuinely surprised more people don't share their journey, but maybe I'm weird

well, I've done plenty of ctfs but it's because of one critical reason(imshy)

Fair enough

I like having study buddies and like to see how other people make it through it all

I've posted a short explainer of the log4j vuln - https://youtu.be/wyp2tCBY8jw
A walkthrough of the Solar room is coming soon!

seems good.

Thanks! Trying to churn out some more content before I get back into studying in the next couple of days…

Gave +1 Rep to @tropic dust

Do you have examples of what a write-up should be?

There are a few ways of going about it. The easiest is a walkthrough of the room explaining what you did and why. You can improve that by showing what didn't work and perhaps why it didn't work.
You could also write a full pentest report style format, if it's appropriate (boot2root etc)

Not off the top off the top of my head (well, none that I didn't write).
As James said, it should basically be an explanation of your thought process when working on a challenge. What worked, what didn't work, why did you try what you did?
You explain how you reached the answers, without actually revealing the answers.

Ill give both your suggestions a try, I haven't submitted a write-up for a box yet but Id def like to!

Thanks! @tropic lava @formal sparrow

Gave +1 Rep to @tropic lava

Hacking through THM's Wonderland, a rabbit's descent!
https://twitch.tv/mrglitchbyte

Finally finished the write-up for Wonderland!
https://www.glitchbyte.io/wonderland-thm-write-up/

Bounty Hacker CTF (/cowboyhacker) write up: https://exploit.quest/tryhackme-bounty-hacker-ctf

RootMe CTF (/rrootme) write up: https://exploit.quest/tryhackme-rootme-ctf

Nice writeup!
||You could have placed your fake random in the current working directory though||

Thanks!
I eventually did as I was going back through everything

I loved this room, wish people would make more series, anime, novel based ctfs/rooms

You have to worry about copyright and licensing.

Ah the licensing bullshit, forgot about that, It was a pain finding a picture on the internet and seeing if it was publicly available whenever you wanted to make a simple video i.e

First Monday of the year started off right, with THM!
https://twitch.tv/mrglitchbyte

Can Pickle Rick be saved? Find out on the next episode of TryHackMeZ!
https://twitch.tv/mrglitchbyte

Wonderland Part 2: Into the Looking Glass. What will we learn today?
https://twitch.tv/mrglitchbyte

OSCP Prep Day 15: Into the Looking Glass!
https://twitch.tv/mrglitchbyte

OSCP Prep Day 16: Time to break the glass!
https://twitch.tv/mrglitchbyte

OSCP Prep Day 17: Finishing and going over the Wonderland series on THM today.
https://twitch.tv/mrglitchbyte

OSCP Day 18, Intro to PoC scripting and Rust!
https://twitch.tv/mrglitchbyte

OSCP Day 19, Proof of Concept Scripting.
https://twitch.tv/mrglitchbyte

OSCP Prep Day 20, starting on the PATH.
https://twitch.tv/mrglitchbyte

OSCP Prep Day 21, hack and slash through EternalBlue.
https://twitch.tv/mrglitchbyte

Another study session. Checked out the Welcome, RootMe, BountyHacker, and Skynet rooms https://www.twitch.tv/videos/1267310956

A full-length walkthrough of me completing the Solar room (approved and on the room walkthroughs list): https://youtu.be/25IvtwEwyp4

There are timestamps in the description for each section of the room.

nice work (: 😎

hi guys

I like how nicely you labeled your timestamps

Report spam

thanks @waxen grove it's been dealt with (:

Gave +1 Rep to @waxen grove

tomghost - TryHackMe - Starters Series
https://twitch.tv/ancientreddragon

@manic snow I made this for you, I hope you enjoy it

hahahahaha

you can call me haz btw (long story, hxz sounds more like hacks but is actually meant to be haz but i cba changing at this point)

that "zee" reminded me you were american

i normally hear "h x zed"

Huh, I've been pronouncing it hiz

xz both being pronounced with z

there we go

Meh

Sorted @manic snow 😁

Yeah people pronounce my username 'ay-tee-eightch' instead of just saying ATHLETE. I thought people could recognize the L337 "hacker-speak" but i guess not

💀 i've always pronounced it as athlete but never noticed the "leet"/1337

I wanted to create a box around the two 3s, in d&d ATH is short for Athletics, a proficiency you're often asked to roll during a game

@sullen charm

now we can finally communicate without a language barrier

trust me you don't wanna see the code for that 💀

i got lazy

".shift()" twice 😂, probably should have made the test.split into a variable too

you wanna see lazy?

😂

aaaaa i didnt notice till now

I love it though, our respective countries should give us ambassadorships

i agree

After a much needed break, we're hitting the ground running! https://twitch.tv/mrglitchbyte

Res - TryHackMe - Starters Series
https://twitch.tv/ancientreddragon

Lumberjack Turtle - TryHackMe - Official Walkthrough

https://youtu.be/LDUoD85AVek

https://www.youtube.com/watch?v=pBrzpOyVY4U

Streaming the Ignite room on THM 😄

@sacred ferry Advertising other servers is strictly prohibited

Okay im sorry.

I did some reading in Red Team Recon and got to play with DNS, built-in tools, and advanced searching (google-dorking). I'm going to try to do every Monday as a "Cyber Monday" study session. Gotta schedule time for things if we want to level up, right?
https://www.twitch.tv/videos/1282892512

https://www.youtube.com/channel/UC7hgvxOCLAFZRhDRbUSjAsw

https://www.danaepp.com/post/how-to-approach-reverse-engineering-elf-x64-buffer-overflows-these-days

Great article, I had the same problem using python3 but I saw that A*39 also worked but your sys.stdout.buffer.write() makes more sense, thanks

Gave +1 Rep to @stable nest

Blaster done, got through it despite the known room bug by using a bit of critical thinking https://www.twitch.tv/videos/1290781932

Walkthrough of DearQA (PWN) with no flag reveal https://www.youtube.com/watch?v=XIBwx2ZEuwI

Completed Phishing Emails 1 on this glorious "Friday Night Phishing" https://www.twitch.tv/videos/1295144662

https://mikadmin.fr/blog/tryhackme-gallery/

Hey everyone! New walkthrough of Bounty Hacker!

ps: the user.txt and root.txt are blurred... so no copy pasta here 😅

https://www.youtube.com/watch?v=QOhsQQlKOSs

For anyone who uses pwncat that wants to automatically exploit pwnkit, I've written a module you can use. You can grab it on Github at https://github.com/DanaEpp/pwncat_pwnkit . You can also see it in action at https://asciinema.org/a/n3DRuvT0hr8yslrXX7RsGG1LW

Silver you are just a legend! Thanks!

Gave +1 Rep to @stable nest

I might change it a bit and make it fully self contained, lots of machines don’t have gcc installed so I think it would be a cool feature,

My code already does that

Part of the pwncat framework

If gcc isn’t on the remote target it compiles it on your machine and then uploads it

Oh cool than I have no improvements haha

You must set the “cross” variable in pwncatrc so it knows which gcc to use locally

It will even compile to an arm target

It checks the remote arch and sets the -march flag in gcc

OH MY GOD!!

it's amazing!!

Is this TryHackMe content?

community media 🙈

media of the community ? idk sory sory ma bad

As the channel description, it's intended for THM content eg writeups

if I record a public tryhackme room and upload on youtube is fine or?

Unless the room says not to, it's fine

https://sh3bu.github.io/posts/LumberjackTurtle/

you will be good. I actually just got a notification on reddit, they are looking for streamers that record rooms.

👀 Well, I still didn't start with recording rooms. Planning to do tho.

I would have to do a run through with the rooms, first. I still feel like it takes me forever to get through one.

well

I am recording rooms, in fact

(If this is considered spam I apologize beforehand)

Is this tryhackme content?

What is considered tryhackme content? Videos referring exclusively to THM rooms?

Yeah, video walkthroughs of THM etc.

In that case no, in this particular video I didn't refer to any specific room.

Okay, please keep this channel just for THM content, as the channel topic says.

Sure thing 👍 it is support material for several rooms, but not room-specific

My first video "writeup" premieres in ~20 minutes! - https://www.youtube.com/watch?v=XCksAoCN7qU

That's cool :)

Great video.

Thank you, I appreciate it! 🙂

Gave +1 Rep to @lime crow

https://sh3bu.github.io/posts/Napping/

My writeup video
https://youtu.be/n6yr_O3xdVg

My another writeup video (including supra)
https://youtu.be/mkxSO8irxbU

what is the name of the extension with usefull command ?

I found !

I made a comprehensive walkthrough for the Simple CTF challege with a python script for hash cracking. You can find it here https://medium.com/@n3phel1m/simple-ctf-tryhackme-ctf-walkthrough-451cb6361405

would somebody like to create a nice icon for my upcoming Layer 2 (MAC Flooding and ARP Poisoning) room? 🙂 my self-made icon is somewhat lame 😄

thx but it's really just a random pixabay pic and two filters/overlays ^^

Gave +1 Rep to @ripe badge

I’d say, remove the fire, and add more “futuristic” type stuff

adds a old lightbulb

ok, I can try. what about a tsunami (for the mac FLOODING) ? jk

or what do you think about a depiction like this, for the MITM?

I believe the WebOSINT room needs to be updated

the answers don't work, new number new nameserver etc

you are about the 15th person shadow has seen mention that problem in different channels

ok

i should've known

but i don't work for thm so i didn't know

Not at all :)
You are under no obligation to know, although typing keywords from the problem into the search bar can do wonders too 😄

true

i was joking don’t worry

https://dev.to/ionut11/thm-source-writeup-2p0f

My first writeup 🙂

https://dev.to/ionut11/tryhackmethm-mrrobot-writeup-49eb

Going live to chill and solve some boxes. Come hang! https://www.twitch.tv/offftherecord

Back at it again tonight! ^

https://medium.com/@xJay/a-comprehensive-and-practical-guide-to-stack-based-buffer-overflows-ed510a4f587e

I just uploaded a tutorial for pwn106 from PWN101 room. A thorough step-by-step guide to understand the format string vulnerability. How do format string vulnerabilities happen, why and how can we abuse them. https://www.youtube.com/watch?v=0-ulL3Y0MS8

Is it ok to use screenshots of premium rooms in a writeup? Of the challenges and their solutions ofcourse not the theory concepts

Should be fine, no idea why no one replied to you till now

I just published the tutorial for pwn107 from PWN101 room. An in-depth explanation about bypassing stack canaries and PIE/PIC by abusing a Format String vulnerability. We will understand what a canary is, what is its main purpose and how can we bypass it in order to hijack the program's execution flow. At the same time, we will dig into Position Independent Executable (PIE) or Position Independent Code (PIC) and learn how to bypass it as well, exploiting the same Format String vulnerability. Leaking addresses from the binary will allow us to get the dynamic binary's base address (its base address during execution) to finally perform a ret2win attack https://www.youtube.com/watch?v=FpKL2cAlJbM

Hi everyone! I stream TryHackMe most nights on Twitch. I'll be spending the next hour and a half (until midnight central time) working through the Throwback Network and working on Active Directory hacking. Would love to have some of you join me. I am live right now... see you soon!
https://twitch.tv/tyler_ramsbey

Hey I am making a research paper on RDP if anyone is willing to give me criticism I would greatly appreciate it!

@midnight socket this channel is for media of tryhackme content

oh my b

I just published the tutorial for pwn108 (from the room PWN101). In this video we will see step by step how to overwrite GOT (Global Offset Table) entries by abusing a Format String vulnerability, hence hijacking the execution flow of the program. We will see in detail how to overwrite memory with the %n format specifier from the printf family of functions, understanding how to write 4 or less bytes with the values we desire at the address we want. Besides, bad chars of printf function will be also discussed, which define how the payload must be arranged. https://www.youtube.com/watch?v=9SWYvhY5dYw

Hi everyone. I have a YouTube channel where I post a lot of content and writeups of TryHackMe rooms, but I also have other security related content. Feel free to take a peak and if you like it let me know 🙂

Here is just one video as an example of the room Mr. Phisher
https://youtu.be/IkzvybP046Q

Check out my newest video:

https://youtu.be/pZAd_nskaq0

omg, remade the video but OBS crashed, causing audio sync issues and leaving off the final batch of answers. Today's not my day https://youtu.be/VCkRRyU_0-0

Latests video about a room that bugged me out a lot. Its a crazy room I will say that. The video got rather long, but I decided to keep it. It shows some struggle, frustration and the person behind it. I hope you like it.
https://www.youtube.com/watch?v=uHg-7Mo7Vio&ab_channel=Securityinmind

Gave +1 Rep to @half epoch

Thanks 🙂 you made a fun box 📦

Gave +1 Rep to @ripe badge

Check out my newest video on a old room.
https://youtu.be/eytRMU-Scns

Enjoy 🙂