#room-hints

the problem is i dont know which directory they are speaking about specifically

i get error 404 on certain ones but idk which one they want me to look at

https://i.imgur.com/TdhAKfO.png

you got this?

thats what i get from there but it answers a different question:THM{NOT_A_SECRET_ANYMORE}

yeah thats okay

now read the next paragraph

how would you view other directories?

I get that but inside the secr there is only one line and that is the flag theres no other css js files so thats why im confused

go back 1-2 directories then

that takes me to the home page i looked at all the css, img, js files none of them seem to have any txt file attached

The only thing I could find was that other flag with not_so_hidden hidden inside some css file

oh sorry my fault

i just started machine myself

you need to go to the directory where all the js css files are stored

like /assets/style.css?

kinda, style.css is the file. the directory is assets

aah ok

i got u i didnt know why i didnt think of that

https://i.imgur.com/YjXSbyR.png

i was just copying the full length paths i didnt think to look at the parent folder

read the task carefully

to be fair i never found the 403 forbidden page

but i did find the txt

because it is misconfigured

when you access /assets, it should be forbidden in secured scenario but it is not in this case

yeah i just tried it on an actual website and it returned a 404

thanks for your help

NP

any tips for the "Lesson Learned?" room?

It was just released so we'll have to follow the no hints within the first 72 hours policy.

@molten bay If you post flags in chat, please add the spoiler tag to them so that someone who hasn't gotten that far has the answer spoiled for them

idek how to do that

|| <text> || is made by || <text ||

10 time slower
Get-ChildItem -Path C:\ -Include *unattend.xml* -File -Recurse -ErrorAction SilentlyContinue

than

dir C:\ /b/s | findstr "unattend.xml"

improvements on powershell request?

Task 5 on https://tryhackme.com/room/phishingyl after I initiate the campaign, the status of brian never changes to Submitted Data. I have double checked all the steps, but I have received the same result. I added a temp email to the campaign to see if the SMTP server works, but it never receives an email. I also tried to Send Test Email to the temp email, but did not receive test email either. I figure something is going on with the SMTP server, but maybe someone else might know what might be going on.

Hi All, Just wondering if I'm heading down the wrong path or not on https://tryhackme.com/room/owasptop102021# - Task 15

What have you tried?

Can I list in here what I have found so far or will the spoil it for others?

You can use spoiler tags.

||I've identified that Apacher version running is 2.4.54 and that there are known HTTP Splitter vulnerabilies and after trying several I've had no luck||

All you have to do is get an RCE.

Yeah I looked at that and thought the CRLF was what they wanted but I can double back and check the RCE vulnerabilies.||

Thank you

There is a more simple one. 😉

Hmm

Have you identified what sort of website it is?

Yeah I have

That should help narrow it down.

I thought about that aswell just been focused on the Apache version first.

I am off for tonight but will come back with a fresh pair of eyes 🙂 Thank you @lucid junco

Gave +1 Rep to @lucid junco

Hello everyone,

I'm currently busy with the SQL Injection room on task 8 : Blind SQLi - Time Based.
So far I found the table_schema & table_name but I can't manage to get any column_name.

Does this error means the table is empty and doesn't have any columns ? Or am I missing something ?

information_schema.tables does not have a column named "column_name". Try using information_schema.columns. https://www.mssqltips.com/sqlservertutorial/196/information-schema-tables/ https://www.mssqltips.com/sqlservertutorial/183/information-schema-columns/

Oh right ! Thanks for the tip !

Doing year of the fox

||got the creds.txt and cipher.txt from smb||

but cant seem to find the correct cipher/encoding for them

been looking for hours now

i seems to me that they have multiple

but cant find the correct ones

blame muiri

@inland onyx i blame you

Now i could really use a hint 😂

hmmmm should shadow spoil themselves and look up a writeup to help here or should they hope someone else pipes in

Maybe it'd a rabbit hole...

considering it is muiri yeah definitely rabbit holes galore

muiri is the creator of the year of the rooms and has been known to do some tricky stuffs

Ok

What have you got?

Wdym?

2 smb users and their passwords

And 2 text files from one of the shares

Thats it

For now

hmmm smb gives shadow some fun potential exploit paths

though no clue if said things will work on this room

Thaught of that, doesnt seem to be vulnerable

fair enoughs then

assuming you are refering to eternal blue

Yes

because that is what shadow thought of

Ever thought of bruteforcing the users you found?

Thats the first thing i thaught of

I did

And got their smb passwords

There is a http login page

By that i mean auth besfore u even see the page...no loaded html

Tried the creds there

Didnt work

Dried BF that...didnt work...the server isnt vulnerable and buster didnr find anything

been trying for hours now again. Cant seem to find a way in...can i get any more hints?

Is there any way of speeding up nmap scan, something more with just -T#

Scan going to take 48 minutes so far.

there is no room on THM that require that amount of time for nmap =/

You can use --min-rate
But just don't increase its value too much
It may miss ports and provide false results
1000-3000 would be good ig

I'm having trouble with the crack the hash room specifically the hmac-sha1 question. is the answer really in the rockyou.txt.gz list?

oh.... oh noes... you need to extact that gunzip archive first before you can use rockyou.txt

really? hashcat says it ran through 14344385/14344385 (100.00%)

would not expect hashcat to unarchive a gunzip file but maybe it can

I'll try and post back if it changes results thanks @tropic shard

Gave +1 Rep to @tropic shard

@alpine kestrel I meant thanks to you. clicked the wrong name. I'm getting the same results can I post the results here?

@alpine kestrel thanks

Gave +1 Rep to @alpine kestrel

hashcat -m 150 -a 0 hashcrack2 /usr/share/wordlists/rockyou.txt is the command I used

I also tried -m 110 because I saw that in my research

same results basically

also tried without the -a 0

Answers will be delayed as shadow is now gonna go sleep

Same results meaning it didn't crack the hash successfully?

I'm having the same problem and without the simulation working correctly it's impossible to complete the room. I've re-setup GoPhish must be 6 times now and it never works.

I've raised a bug report with THM for this (I guess they'll be getting fed up with me soon)

i am getting an error on day 8 of aoc 2022
TypeError: Member "toString" not unique after argument-dependent lookup in type(library Strings).
--> EtherStore.sol:8:26:
|
8 | string internal f8 = Strings.toString((((100 / 25) + 20 / 2) - 7) - 2);
| ^^^^^^^^^^^^^^^^

Reported this issue to THM yesterday. Just tried it again and now it seems to be working OK. Try it yourself. I now have Brian's password and have completed the room.

@tropic garden yes exactly it runs through and status says exhausted.

Have you checked if there are excess spaces? Or can you add a screenshot of your hash?

Hi I have a question in the Password Attacks of the red team walkthrough they talk about many protocols but how to bruteforce an authentification page that is included in the browser (like "Website asks you to connect :
Username :
Password :
)

@tropic garden e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme

hey guys, doing room "Jack", and we enumerated the users but the rockyou just isnt working

can anyone hint me to the right wordlist please?

I have gone through 5 different wordlists now haha

You're going to kick yourself when you get the password

i just got it

And i want to burn the pc

Hey guys, I'm doing "Special Privileges and Security Descriptors" and when I try to run the c:\flags\flag2.exe after connecting as thmuser2 I receive this message "Sorry! You are still missing something. No flag for you yet. (4)".
Any idea?

That happens if you restart a new connection because you ended up the exercise and started again. In that case the you'd have to change the LocalAccountTokenFilterPolicy registry key with the following command:
C:> reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /t REG_DWORD /v LocalAccountTokenFilterPolicy /d 1

Hi folks, anyone can give me a nudge on Gallery (https://tryhackme.com/room/gallery666 )? I'm on the privesc part specifically on the || /opt/rootkit.sh ||. I read that using unquoted variables are a vulnerability in bash, and I tried to exploit it, but can seem to get the correct 'payload'.

the vulnerability is not related to unquoted variables / user input. read the script again and look at what each option allows you to do.

@twin arch Which section you found confusing , mb i can help you

exploiting telnet

You managed to achieve the reverse shell section ?

i finished it but i wanted more to understand it fully

because i cheated a lil bit when i got stuck

You are looking for information to understand better telnet or the way you got the flag out ?

more info is there a vid about it or something

https://www.youtube.com/watch?v=_llaFR0354E&ab_channel=MrAshCo

He's going through the room

Thank you so much

Will go through it again. Thanks!

Gave +1 Rep to @polar finch

but is there only Paula Januszkewicz explaining DPAPI?

sudo nmap -sS --defeat-rst-ratelimit 10.10.10.10 -p-

will only show open ports, after you found them you should check each one with -A to learn more about them. e.g. "nmap -vv -A 10.10.10.10 -p 21,22,80,

I'm stuck on the second question in the Password Profiling #2 task in the Password Attacks module: "What is the crunch command to generate a list containing THM@% and output to a file named tryhackme.txt?" My answer crunch 5 5 -t THM@% -o tryhackme.txt or any of its variant was not accepted. Can someone give me a hint?

Look into placeholders for special characters to be replaced
Like this
, for all uppercase letters @ for all lowercase letters % for all numeric characters ^ for all special characters

YAY another person with this problem

shadow knows the solution and think wolk here kinda explained it good enough

Match all of the filenames of question 4, except "File7" (use the hat symbol) my = [fF]ile[1-9][^7] good = [fF]ile[^7] why ?

which room is this???

@alpine kestrel Regular expressions task 2, question 5

catregex

yeah the reason here is to go for the shortest option that still works as we intend

if it is matching all files with the name file/File with any characters after

sparing out any which have a 7 directly after the file part

How do I post a picture so I can get some help ?

!docs verify

then follow those instructions in the link and you can post pictures

Thank you I think it worked

I can’t get past this stage

Am I not typing in the document correctly ?

You have a typo in comand

Check again

You ate a letter, guess you're hungry 🙂

So it’s not the pdinfo that’s wrong

pdFinfo

Thank you so much 😊

I was going crazy 😜

You're welcome

Good hint, always check the output of error

In 80% it can resolve your issue

Or you google it and find the solution

Google gave me bad info for “pd” info 🤣

Sometimes it happens

Good luck with your starting

https://tryhackme.com/room/linuxfundamentalspart1

can someone help me with grep?\

I'm supposed to find the flag in "THM"

What task is this?

6

searching for files

ah I see, what is your question exactly? The hint provided for the question gives you the command to run, is it not working for you?

nope

Could you send a screenshot?

If I had to guess the issue is that you are not in the same directory as the file you are trying to grep

Are you using the correct machine?

@lucid junco it works now and no I wasn’t

Ok, I know Linux Fund 1 opens up a cli machine, and not a kali webbox/attackbox.

What numbering system do you know that is base-16?

Yes.

What's the full name for hex?

I Was so stuck at this

and the answer doesn't make sense to me

can someone explain ?

Room "Red Team Intel" Last task before Conclusion

Working on finishing Windows Local Persistence task 8 - Persisting Through Existing Service. I created the shell.aspx but I can't seem to cd to the Flag. cd /flags does nothing. What is the command I used to reveal the flag 16.

You can get it from C:\flags\flag16.exe as It's a windows machine

?? @warped abyss @dim cedar @worn otter @fresh dome @cursive nexus

You didn't have to ping a bunch of people

same thing happened to me

I suppose the script should be updated

Hey what payload do you use to get a meterpreter on "Modifying existing services" in order to reach flag8?

Which room is that?

Please do not mass ping members of the community, auto-moderator may mute you to protect against raids.

Furthermore, this channel is for volunteers, please be patient and someone will help you when they can 🙂

👍

room: unified kill chain
task 6

Q: Mimikatz is a attack tool discovered on IT Manager's computer, what is the mission of the tool?

I have tried: privilege escalation, lateral movement, credential access

the answer is 10 stars and 7 stars.

the docs for mimikatz say it is for credentials and find vulnerabilities, escalate privs

am I close ?

Yes.

Third answer is half correct.

hmm...

first time seeing and using the word || dump || for an answer

Dump without permission

Hey guys,
I'ḿ doing Windows Local Persistence room and I can't get the flag8 after getting a meterpreter. Any idea?

im on task 6 of subdomain enumeration. im running the commands and they dont seem to be producing a result

nvm it worked now

anyone able to help me with flag 2 on the file inclusion lab?
i changed the cookies guest value to /etc/flag2

There is a prefix If you noticed

It wants you to access files from includes/ Directory

like file=../../includes/etc...

yeah, count backwards

and don't forget to bypass ".php" also

am i getting this right?

Nope, you need to change the cookie

change something in here?

delete that cookie and refresh, It'll create a fresh one

then change the value, refresh

just blank?

it gives a welcome page

No. That's where It gets the file name

type "a" there and you will see Warning: include(includes/a.php)

it previews that page

yeah i see that

yeah so It's trying to access a.php file in includes/ directory

if you put ../a there you will see Warning: include(includes/../a.php) which is equal to a.php in current directory

Add ../ until It arrives the main directory / and then etc/flag2

so ../../../a for example

until i get to a valid webpage?

Your goal is to read /etc/flag2

so instead of /a i put /etc/flag2

yes, this is path traversal

It's like go to the includes directory, go back, go back, go back ...

go back? do you mean keep adding the ../ until i find it?

do you know what directory is?

yeah like a folder

yes, so basically web codes are trying to include a file and you have an input for it

In challenge 2, It adds "includes/" at the beginning and ".php" at the end of the input

Currently, I'm in the /var/www/html directory

so If I type a there, It'll go to the includes/ directory and find a**.php** thus be like /var/www/html/includes/a.php

i see but instead of a.php im lookjing for exe/flag2.php

thing is ive added a lot of the ../ and cannot seem to find it

so the flag is in /etc directory : /etc/flag2 flag2 is a file

you also need to remove .php there

ah ok

need to delete the .php in cookies?

sorry what do you mean

You need to make it ignore .php at the end

by placing null bytes

oh the %00

eyy i found it

wow that was crazy

this challenge lab took me 2 days so far

got to question 3 now ahah

This is a medium-level room. I recommend you take a look at to the easy rooms first

ive already done the easy ones prior in the jr pentester lab

thanks btw

Did you start from that path?

i started there yeah

seems like you have background

i got a comp sci degree

they didnt teach us much cybersecurity but i am interested in it so ik alot of the basics

This was the way I'd suggest you follow:
#pre-security-legacy-path
#974406074444685322
#junior-pentester-path
#web-fundamentals-path

ah im already 20% through junior

i feel that the prequsites may be a bit easy since this was the only room i struggled with a bit so far

Regardless, It could be a nice refresher

Just saw this convo, I've done a bit of cyber sec in uni and college but starting from scratch after a while on thm def helped me. Lots of small things i forgot

Does anyone know the answer "Where you have the option, which should you use as a second authentication factor between SMS based TOTPs or Authenticator App based TOTPs (SMS or App)?
"

Which room is this?

"One of the questions in this room

"Common Attacks With practical exercises see how common attacks occur, and improve your cyber hygiene to stay safer online."

can you provide the THM room link?

https://tryhackme.com/room/commonattacks

Task 6

Ok I've gotten it now. Thanks

Gave +1 Rep to @umbral umbra

Did you read the task info?

Hey can i get some help on the file Inclusion Task 8: Challenge 3
http://10.10.221.62/challenges/chall3.php/index.php?file=../../etc/flag3%00

[Hint#1] Not everything is filtered! [Hint #2] The website uses $_REQUESTS to accept HTTP requests. Do research to understand it and what it accepts!

use Burp Suite

and conduct research on $_REQUEST

I'm stuck on the same question, I find that if I expand the attack window I can make ffuf works, but when I try to filter size, it no longer work no matter what window size I try. How do you make it works?

i terminated teh instance and re did it

make sure you terminate the instance and close out. make sure it gives you a new IP and then start instance. let new IP show up and then launch attack box

Thank you so much, it work now.

Gave +1 Rep to @spiral ginkgo

ive never used it before its the next segment

Burpsuite is getting changed, I'd skip it until after Friday

I see but could you help me with File Inclusion room?

Task 8 Challenge 3?

is this the right approach because i cannot seem to find the flag in these

anyone 🥲

Oh really? I am working acutally on it

ur looking for flag3? right

Check what $_REQUEST does in PHP - Hint of flag3

Ive looked at the hint it said that $_request is used to collect data after submitting a html form. but im not sure if im doing that burpsuite thing right

if not what kind of GET would I put instead?

None, you don't have to use GET. That reveals it

dont I want to reveal what the key is?

What?

"that reveals it" i want to reveal what the key is..

or what do you mean by reveal

I meant my previous sentence

reveals it

not sure what that means but im quite stuck on this one

Forget it

Try something other than GET

If you have already conducted research on $_REQUEST

hint for Year of the Rabbit i have accessd the /sup3r_s3cret_fl4g/ and truned off the js and listen to the video but it tell me that i am looking at the wrong place so can anyone give me hint

i just watched a walkthrough of the lab and they used burpsuite for the 3rd challenge. Burpsuite is not something that has been taught yet in intro to web hacking.

is it possible to complete that challenge without Burpsuite if not how come we are made to use it before even been shown it?

You can, with curl. I just remembered. Sorry for not saying it earlier

It's just a simple request

something like this:
curl -X POST "http://10.10.31.255/challenges/chall3.php" -d "file=../../../../etc/flag3%00"

or GET rather

it didnt return a key though

curl -X POST "http://10.10.31.255/challenges/chall3.php" -d "method=POST&file=../../../../etc/flag3%00" --output -

aah i see it brill

thanks

it seemed a lot easier in that burp tool unfortunatly it is taught after this room so i had no way of knowing how to use it

Noone says you have to do things in order 🙂

Hi

I'm struggling with crackmapexec issue

I tried password spraying on rdp

and it shows fails

while one of the users actually can rdp onto the box

crackmapexec rdp 10.10.120.247 -u users.txt -p passwords.txt --continue-on-success

does -p work for passwordlist?

iirc it does, but outside of that remove the continue on scucess so it stops and check your ip

ping the target

i even does not work when I supply arbitrary login and pass (valid) for rdp

I'm using the latest version of cme included in latest kali

even purged it and did clean install

no luck

try -P

-p just does the one password.

I think

nope

as it works fine for smb

it's purely cme issue. There's even github issue opened on main repo, but guy who proposed solution, points to use a non-existing repo (lol)

https://github.com/Porchetta-Industries/CrackMapExec/issues/788

oh interesting

indeed

plus, it's the latest version

could someone please check it on your side?

I'd appreciate as I'm going to create another github issue

what room is this?

Can you try adding --local-auth ?

sure

||enterprise||

Didn't help

Whcih room are you doing?

It's not non-existent, the current repository is the main one now since the crackmapexec dev merged it with that

see the spoiler tag above

well, at the end, it all boils down to the latest crackmapexec's version

just a lesson to don't rely soley on one tool

anyways, If someone could test it I'd appreciate

I don't see the room name.

Same issue with mine, v 5.4

Need help with Intro to C2. I needed to update the Metasploit Framework since it was 2 weeks old and I did that. When I tried to execute the program it says RHOST failed to validate. Is anyone else having this problem?

Enterprise

Thanks mate

Gave +1 Rep to @young gulch

hi @compact surge, can you try crowbar?

Dunno it

I've been doing THM Basic Pentesting room, Task 1, What is the username? I can't make it to work, could somebody help? I've got this error: I don't know which file to use, is it rockyou.txt? But then you need to set up a password file, too

any hints, help, or anything? I've run myself into a wall

finding the username is a massive part of it

hmm

but I can't seem to make it work anyway

break it down one step at a time

Where are you at? Where are you going? What is the next step to get there?

I'm at smb_login, am I even at the right place? That's the only thing I will ask

just a hint

What's the basic pentesting room say?

Something wrong with the Enumeration active directory ?

When it asks what is the username? The hint is: what about using SMB to find a username?

so I thought using smb_login module on metaspoit

but can't get it worked due to creds error

what other smb plugins are there around enumeration

smb_enumusers

I've tried that, but didn't seem to work, either

knowing if/why something isn't working is often more important than the what

it's not that it ins't working, it's that it gives me empty response

like scan complete, but no creds

okay, trouble shoot it using the OSI model

you don't have control over layer 1 or really layer 2

can you touch the target machine? layer 3. is the port right? layer 4

I also have layer7, but how does this info helps?

bro, I had to just run one script and scroll a lot

it wasn't metasploit

it was written right there 😄

thx anyways for help @clever heart

Gave +1 Rep to @clever heart

didn't read close enough?

more like didn't scroll enough

I used a script, skimmed through it without paying attention, scrolled a bit, thought it wasn't it and moved on. So tried to find it with Metasploit, just to later get back and read it throughouly that the creds were in the script all along

oof

Nothing like a good layer 0 attack (that's you)

😄

can't argue

Well. I guess you could say... LessonLearned.....

indeed

Damn

https://tenor.com/view/horatio-caine-yeah-csi-miami-sunglasses-meme-gif-4566497

Dr has a great humour today

now time to escalate privs somehow

that's the hardest part

just finished the room holy it was good

beat yesterday's me 😄

Hi,
i have a question about File Inclusion Task 8: Challenge 3 "get flag3":
I´ve figured out how to do it in the Terminal with the curl.
But I could not manage it to execute it within the browser.
Is that even possible?

What I tried:
-Cookie tampering within the dev tools
-dot-dot-slash in any variations

well you can edit things with burp suite to do most of the file inclusion labs easily

yeah, I know.
But I usually want to do it "the manual way" to understand the method better and then use the tools.
Also I´ve not done the Burp Suite Room now^^

What Burp suite is gonna do is allow you to intercept the request and view it, modify it and generally do what you want with it.

If you want to understand the method better, Burp suite will really help you because you can see exactly what is being sent to the server and exactly what it replies with

okay, I´ll try that tomorrow. I´m pretty excited to get my fresh hands on that new room 🙂
Do you have some tips what tools/rooms I should consider to do before going further in my learning path?

I´ve had few rooms that required further knowledge or tools to progress through, would help me a lot to know the preferred
"basic" tools.

I guess Metasploit is one of them too?

Yeah - metasploit is definitely one of them, it pretty much handles/automates all the tech logic behind an exploit for you so that all you need to do is supply the ip addresses of the machine you are attacking and - if its vulnerable - it will work.

Probably won't help you if you are trying to learn the 'manual' way but once you understand what is happening it'll make your life easier.

In my experience, I'd say nmap is definitely up there because it allows you scan the target and gather information which is your main resource when penetration testing - and theres a room on it 🙂

also if you're going after Linux machines, a bunch of scripts like Enum4linux, LinEnum, etc, I guess??? But this was for web sites so idk

Alright, so I´ll do the Burp over the weekend and leave my hands off Metasploit for now, for the learning effect.
I´ve done the nmap room, it´s definitively a pretty nice tool 🙂

Thanks for your respond, appreciate it alot!

Gave +1 Rep to @trim breach

cool, I´ll have an eye on them as I progress further and coming to test Linux machines!

Thanks m8

np

Still stuck on Gallery (https://tryhackme.com/room/gallery666). I'm at the privesc stage, but still can figure out how to exploit the || /opt/rootkit.sh || script. I tried all the options, but somehow the screen gets funky after running || export TERM=xterm || to read the report. When I explore the root directory using || /bin/nano ||, I can see the list of documents, but can't select the root.txt file.

In Simple ctf room, I found the CVE they were asking for, but then they're asking to crack a password using a wordlist. The thing they're asking to crack it with is old Python script that doesn't run on Python2 or Python3 :D. Any help?

I remember using hydra for it due to the same issue you are having

I suppose you already have the username?

nope

The script I'm supposed to run should give me both username and pass

but I have neither

What's the content of sh file, I don't remember the room

I remember I got the name via enumeration.

Using the script though, it did work until the username in my case. Had to update all the print "text" to print("text") but had errors in the password bruteforcing part.

I see

You can also bruteforce the username first and then the password

So you'll have to run your bruteforce command twice

which wordlist is used for the username?

cause if I try the one given, like 15 usernames with pass are given

"fixed the script" now it finds nothing

I don't have my laptop at the moment, but the script has the case command that has corresponding options for running /usr/bin/rootkit versioncheck, update, list and /bin/nano to read the /root/report.txt

Yeah, got it

I remember the Privesc

Did you try Ctrl+T Ctrl+X method from GTFOBin?

the thing is, you also then need a password, which I don't have

Yes, I already did.

And then reset; sh 1>&0 2>&0?

Or smth like this

Did that as well

you should get the root shell

with Hash sign

Yes

I followed the steps in GTFOBin

Gimme a sec; I'll check it now

I'll retry doing it when I get the chance.

Got the root

Ctrl+R Ctrl+X

Terminal looked stuck, but a clear fixed it

Oh.. didn't think of clearing the screen. Will check again. Thanks.

Uhm, is this incorrect?

Oooh, I think I got it. You never really use your private key to encrypt the messages you are sending. Rather, you use the public key of the other person right?

opa

go back and study how the RSA algorithm in particular works.

that's... what I'm trying to do in that room lol

thanks anyways ❤️

Hello everyone! Currently working on Network Services 2/Task 4. I was able to find the id_rsa file, copy it to my /tmp/ folder and used the 'chmod 600 id_rsa' command, but I still cant ssh into the machine when I use the command 'ssh -i /tmp/id_rsa cappucino@[ip]' and i receive this error: The authenticity of host '10.10.91.80 (10.10.91.80)' can't be established.
ECDSA key fingerprint is SHA256:YZbI4MCk+BQgHK2gc4cdmXuPTzO6m8CtiVRkPalFhlU.
Are you sure you want to continue connecting (yes/no)?
Host key verification failed.

Is there something obvious im missing? Thanks for help in advance.

Is the ssh port 22? Are you sure the private key is not protected by a password? Have you checked you are using the correct username?

Haven't done the room so I'm only thinking ofpossibilities.

Did you answer yes?

The host is giving you their public key to secure the comms, and your client doesn't know about it yet

This is before that step

I am getting this error for Task 13 of the aoc 2022 challenge:

"TypeError: Member "toString" not unique after argument-dependent lookup in type(library Strings).
--> EtherStore.sol:8:26:
|
8 | string internal f8 = Strings.toString((((100 / 25) + 20 / 2) - 7) - 2);
| ^^^^^^^^^^^^^^^^

"https://tryhackme.com/room/adventofcyber4

Hello 🙂 I am currently re-doing https://tryhackme.com/room/sqlilab

Task 3 SQL Injection 5 and I could need some help x) dm pls?

Oh ok, so the question doesnt actually require logging in yet? Thanks for taking time to answer!

Gave +1 Rep to @ripe hedge

I mean it asked you a question when you tried to connect, you have to type yes to actually connect

Wow, my apologies I totally misunderstood what you meant. I was just hitting enter assuming it would just auto select yes. Now I see that I had to type the whole word. Thank you!!

Gave +1 Rep to @ripe hedge

Ive hit another snag: Network Services 2 - Task 4

i have downloaded, copied the bash file, and moved to the mount. I ran the sudo chown root bash command as well as sudo chmod +s bash, however the permissions are not correct and is displaying the permissions for the bash file as -rwSr-Sr--.

Any hints are much appreciated. Thanks!

Room - RootMe CTF
I have located the uploads folder and the page topupload files.

I downloaded php-reverse-shell.php and modified with my IP address and port 4444

I could not upload as .php as the upload filter blocked it, so i uploaded as .php3

i opened a terminal and netcat listener for port 4444

The file uploaded , but when i click on it in the folder file list on the web pge it does not execute the reverse shell.

Any hints?

I also tried it with a file called shell-x64.php3 that i got from msvenom

Most of the time, the defaults are in caps, but this particular one doesn't have a default, or at least defaults to not yes

You're on the right path

Thank you for pointing out that distinction. Now that I think about it when I typically default in the terminal it is in caps, but never noticed that small difference. Good to know for the future!

Gave +1 Rep to @ripe hedge

Haha ok well thats good to know. My machine timed out, and am in class now, but I will give it another shot later this afternoon.

Can you share a screenshot of the start of your php reverse shell script?

Just got the chance to look at the box again.

So the reason my Ctrl + R and Ctrl + X commands are not being sent to || /bin/nano || was I didn't complete the shell stabilisation process specifically the Ctrl + Z and stty raw -echo; fg step.

It took me almost 2 hrs to figure that out.

Usually a skip the part with backgrounding and disabling echo

Only spawn a shell through Python if it’s available

Always check for Python or Python3

And in rare cases through socat

Just make sure to Export TERM

Can anyone help me with this one?
"Which section in Inspector is specific to POST requests?"
In Burp repeater room task 5

Difference between GET and POST, is that with GET you request something from server through Header Parameters

It’s the page you need, host, some other flags

But with POST request, you query is in the body

Hope you’ll get it

Oh yeah, thank you

Got?

Yes, thanks

I didn't understood the question properly

Good, keep studying.

Thank you

Yes, including export TERM.

Hey, I'm struggling with this question from vulnerabilities 101

It's asking who the author of Exploit-db is but I have been looking around for that info forever and haven't found anything

use google

I have been!!

Still nothing

Looked on the exploit-db about page too

Nothing that fits

i think his name was ||str0ke||

Yeah that's what I thought too but the answer format is ********* ********

Lol it didn't work

It's like, 9 asterisks space 8 asterisks

So it can't be that

Which task?

Oh I found it.

Have you tried looking at exploit-db?

Yeah, there's an about page and a history page and I couldn't find any names that fit in either of them

Normally. When I want to find out who owns a website, I check the footer.

Hmmm, I see

The footer says offsec services limited, doesn't fit the answer

I feel like the answer to this should be obvious

They recently changed their name.

As of March 2023. 😉

Hmmm

Got it now?

Nope :/

Can you point me in a direction?

What offsec short for?

Offensive security

HAH

There we go!

Man, thanks a lot

I've reported this to staff too.

Yeah it's a hard find

I appreciate it :)

I've updated the question:)

Well...specifically the answer to the question 😄

im so stupid
What do you need to access a web application?

What tool do you use to visit google.com?

like browser?

precisely

fuck, yeah, thx

Room = RootMe

I have a reverse shell and my notes to stabilize shell say use ;

python -c ‘import pty;pty.spawn(“/bin/bash”)’
Ctrl+Z
stty raw -echo
fg
export TERM=xterm

But when i enter the
python -c ‘import pty;pty.spawn(“/bin/bash”)’

I get "/bin/sh: 1: Syntax error: word unexpected (expecting ")")

Try putting a space after ;?

Looks like that did it

Thanks

Actually, addingthe space didnot work. I had to type it in instead of cutting an pasting.

Thanks again

Hi folks, I'm stuck on the last question on STRIDE topic, room threat modeling. The last question asks about unpatched applications and STRIDE categories, I tried every possible answer. Any idea?

Check the #1150825549191725179

Nice!!

Because when you copied, it was a “, but not a double quotation, that computer doesn’t recognise

Hope you see the difference

“””” """

Those are annoying

Hi folks, I'm stuck in the Secure Network Architecture room exercise Zone-Par Policies and Filtering, the time is too short I tried a bunch of times but can't move forward. Any idea how to solve the challenge?

I do, thank you

Gave +1 Rep to @fallow venture

Same for me, did you find a solution already?

when you get an option wrong it i gets highlighted with a red box after you click "run" so try to get as many right as you can and remember the wrong ones and change them and try again

You need to do them with this table

So this qustion here in the room Threat Modelling in task 2. I cant seem to find the awnser

A vulnerable target can be exploited

What a vulnerable target might have?

Hmm

Got it

I need a clue in practice Investigating Windows, What tool was used to get Windows passwords?

I'm in Task Scheduler but I don't know what else to put xd

"What command would be used to delete the deployment from question 5?"
My answer so far : kubectl delete <anything> hello-tryhackme
I am stuck.

Try to google it or Look in the manual

But îs a basic sentence

Kube please delete deployment with name hello-tryhackme

Try to get a command from this sentence

I'm not understanding the SSRF exercise

which task are you stuck on?

on task 2

I see that changing server changes the beginning of the url and the hint is to append &x=

but I'm honestly clueless on this one

ah yes that

it is very confusing if you have not read the later tasks in the same room and even then it might be confusing at first

should I continue on and go back then?

it might help so try it

if you want a small explaination you are gonna make the web server you are attack browse to its own url with the flag parameter thingy and end it with &x= to make it find the end of the query

@pure knot ⬆️

using the server parameter right?

yeah...

don't have the room open so don't recall fully and heading for bed so

hopefully someone else can fill in more details

yeah I think that's where I'm confused, because shouldn't &x= get rid of the rest of the url?

oh i got it

thanks for the help

Hi all! I'm kinda stuck in tryhackme's follina msdt room where I'm following the manual given but keep getting this error: "error detering http hosting address. Did you provide an ip or interface?". But the command doesn't have any info on providing interfaces. The command is to simply execute follina. I'm using attackbox. Any help on this?

What command are you running?

Hello, i'm looking for hint with the room wonderland -> https://tryhackme.com/room/wonderland i dont get the hint with the user flag 😦

What does the hint in user flag says?

"Everything is upside down here."

What is your current progress ?

I mean what are you doing on the box rn?

can i pm ? i dont want to spoil

Sure go ahead

Hmm.. not sure how the hint was useful. I guess its probably due to the root flag being in || Alice' home directory ||, but other than that, can't really recall if it helped at all. 😅

It was a fun room, though I overcomplicated the || teaParty || part.

Its good i found a way ^^

Any hints for the task2 of the cryptography room? This is what the question asks:

Decrypt the file quote01 encrypted (using AES256) with the key s!kR3T55 using gpg. What is the third word in the file?

Try it with --secret-keyring 'key'

figured it out, turns out when it asked for passphrase i was typing it in wrong lmao. thanks for help though

Gave +1 Rep to @ivory meadow

although, when i declared --passphrase in the command, shouldnt of it bypassed the need to type in the passphrase?

Yeah perhaps

https://tryhackme.com/room/seriskmanagement
Need a bit of help here in the very last task. It's just a simple math thing but im pretty sure i'm repeatedly having a stupid oversight

Specifically, how do you get ale after safeguard?

The ALE in those are the loss value if I remember it correctly. You simply need to compare that with the cost of the safeguard or control to determine if its worth or appropriate to deploy it.

I could use a hint for https://tryhackme.com/room/bsidesgtdav. 80 is only port open with default apache page and I gobustered the hell out of the URL. Can't find a foothold

Nevermind...

Don't know why I didn't pay attention to the title of the challenge

Hey guys the updated burp module in the other modules room task 8 who has any idea

hello im doing task 20 of owasp top 10. I've read the paper again and again i understand what i need to do but can't figure what to replace in the header.

I, too, sometimes fail to observe the obvious.

nvm i found the answer but i dont get why i couldnt get it first as i did the same procedure

I think the "wild card" is needed because the file name is actually.. "interesting-file.txt.txt"... that extra extension can cause a few issues 🙂 Thanks for getting us there.

What is the path to htb-student's home directory?
Linux FUNDAMENTALS
i cant understand like what path it needs?

Htb?

Probably best you ask in their Discord.

ye

Does anyone know the answer to the hint in "Virtualization and Containers' Task 5? Something is wrong with the machine.

THM autogenerates the IP in the question, but you need to use your Attackbox IP

Thank you, all sorted now

Gave +1 Rep to @slow python

Hi, guys, currently in room 'pyramidofpainax' and I feel like I'm missing something really obvious to answer the "redirected website for the shortened URL using a preview" question. I'm removing the SSL and adding the '+' to the preview, but I'm not sure if I need to find this in the any.run lab?? Not comfortable trying this on the browser.

Can anyone help me with the hints in overpass 1 . haven't got intial access yet. if you are willing to help pls DM me .

You can use a website like https://www.emailveritas.com/url-checker to check where the final redirect is

Where are you at currently?

thank you, @young gulch !

Gave +1 Rep to @young gulch

I found the login page. Can we DM. I don't want to expose anything or disturb others.

You can use the spoiler tag instead

Okay . Also found the javascript code. I guess it is broken auth or security misconfig.

You are correct, keep going.

But I'm not sure which of it is.

Look at the JavaScript code. || What is the requirement to get to the endpoint? ||

The /login.js ?

||/api/login|| ?

Don’t think too hard about it. || There is a requirement that is checked before the user is allowed to access the restricted resource, but what are we able to do with it? ||

is it ||" "|| ||(double quotes)|| ? , im weak in programming idk .

is it cookie? , forgot to mention there's a ||/cookie.js|| , but its the code on how the cookies to be designed .

Yes you are on the right track. It has something to do || not necessarily with cookie.js but with the cookies itself ||

Yes . But how can i get the cookie .

You mean some hints are hidden in
||/cookie.js|| ?

No, not really

Maybe you don't need to get the cookie? 😄

Yes. .i dont see any chances of getting the cookie here.

Yeah, but you really don't need to get the cookie. || Try reading the code and try to understand what you can do. What is it looking for? Is it something you can control, etc. ? ||

Is there something i need to do via the browser's console.

I mean can i extract something useful?

Its looking for
||SessionToken|| ?

|| yes ||

Okay but how am I able to extract it??

You don't need to extract it. || Like you said, maybe some fiddling with devtools will help ||

With the console? Coz i see ||/main.js|| .

Try to poke around with the tool, coincidentally, this is also possible with a certain extension. || What you want to do is forge a cookie ||

The extension you are talking about is ||cookie editor|| ?

But I don't have a cookie yet .

Shiiiiiiiiii i got logged in !!! @young gulch tyy broo
i figured it out !! Thank you so much for your time and patience..ahah ik i made you mad lol apologies.😂

Gave +1 Rep to @young gulch

Congrats!

I'm doing Ra room and cant get spark to launcher. It requires jvm8, installed it from nvidia package, but spark still says it requires another Java package that is replaced by the one from nvidia. How did you overcome this guys? Should i leave it and run it from Windows?

Hey im now in the privesc part. . should i find the password of user ||tryhackme|| ? i believe its ||cron|| but the ||script|| is located in that user.

No

is it something to do with ||cron|| ?

Yes!

but if i want to modify the file . its located in ||/tryhackme/***||

Maybe you don't have to modify that. || Try running linpeas to see what you can piece together about the cron ||

hmm trying...is it this one ||/etc/crontab|| i have to work with .

yes!

Was inspired to work on this box again. Tried this multiple times in the past, but can't get my head around the foothold until recently. It was a fun box.

yh its very tricky!

i can modify ||/etc/hosts|| file . So i tried replicating the same on my machine. . .am i doing right?

Yes!

omg k . Edit: Thanks i found the flag.

Could anyone give a nudge on Ra?

Would anyone be around to help with a room? Or rather, give a hint as to what I'm missing?

Don't ask to ask 🙂

Just ask, you'll get an answer faster.

I'm doing Ra room and cant get spark to launch. It requires jvm8, installed it from nvidia package, but spark still says it requires another Java package that is replaced by the one from nvidia. How did you overcome this guys? Should i leave it and run it from Windows?

Wine does not help either

Hi, has anyone here successfully completed the WithYouWithMe Linux Privilege Escalation Capstone Rm1 assessment? I have got halfway through Task 4, the Depot machine. I managed an exploit which gave me a low level user shell, was able to find the D user's password (v*) and submitted it as the correct answer. I then tried to log on to the target machine as the D user with that password, but it now seems to need a public key as well as the password. I can't create or attach a pair from the low level user and am stuck. I suspect that the configuration of the machine has somehow changed as in all the training that we are supposed to be assessed on, this problem was never presented and there are no obvious routes out of the low level user shell. Anyone got any insight into this? Thanks...

Can you give the room link for this?

Hey, how do you get around "nc: address already in use" when trying to run a listen command for a reverse shell?

Is the address already in use?

Ermmm let meee figure out how to check

How does this... work?

Connection to localhost 80 port [tcp/http] succeeded!

I also found out how to bypass the file upload restrictions and I've uploaded 2 different PHP shells, but they're not working

It just shows the code when I click on them in the web browser

Which room are you doing?

Attackbox or VM?

It's the simplest room there is lol

https://tryhackme.com/room/rrootme

And it's through the attackbox

Ah. Port 80 is used by the VNC for the attackbox.

I'd suggest using something in the 9000 range.

Will the listener still work if it's not using the same port as the website?

Are you trying to get a rev shell?

Yeah

Then if the port number match on the rev shell and nc.

I assume you're using pentest monkey?

UIhhm

I am now

I had to restart the instance because my attackbox and room machine stopped responding to input

😄

Then yeah, as long as the IP matches your ENS5 or Tun0 if you're using a VM.

And the port matches what you're using to listen with

Oh okay, so it doesn't have to use the same port as the website? (80)

Nope 🙂

Thank you by the way!

Gave +1 Rep to @lucid junco

Also... What do you do if it fails to daemonize and the connection is refused?

I've uploaded now... 4 different reverse shells

All have had connection refused

Which format?

PHP

I'm surprised you were allowed to upload a PHP 😉

Oh

I fudged the extension

So I'd do

filename.php.jpd (Which runs as php since the last file extension isn't a proper file extension

I've also uploaded it as .inc which runs as php

and I've run it is .phtml, which also runs as php

This challenge doesn't need as an extreme file type type bypass,

PHTML should have worked.

Have you changed port?

I have it set to 9000 and I've tried 9001

I also got the shell from the reverse shell localhost

Funnily enough, I wrote my own reverse shell in Python on my other laptop and got that to work in my own network but I can't seem to figure this out lol

What's your target IP?

10.10.150.98

https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php

Try that one

I also had to restart my instance once so some of my trial and error logs are MIA, but I get back to where I left off

Just put that one in with the proper IP and port and it failed to daemonize

Connection refused

And yes, if you're seeing my file naming convention, it is horrible

That one is a neat one.

Can you post a screenshot of your script?

Just the part with the ip etc

Sure thing

Wrong ip 🙂

wot

Can you do ip a s

on a terminal

wait

Am I supposed to use my IP there?

Yeah.

That's the listening Ip

...

I can explain

So either ENS5 or Tun0

#room-hints message

As I said earlier. 😅

Even though I wear glasses I am still blind

It's the little things.

Thank you again, again

Gave +1 Rep to @lucid junco

And to re-affirm this

You should read the file name that actually ended up working

I'm touched.

But yeah, if you need a response from a Rev chell, Metasploit etc.

You need to use your own address. 🙂

This explains so much

Even why I was able to get my python reverse shell working on my own network... Because I input my IP, which I was also attacking

My brain
It is big
But
My brain
It is smooth

Oh boy..

[DATA] attacking ssh://10.10.150.98:22/
[STATUS] 192.00 tries/min, 192 tries in 00:01h, 14344209 to do in 1245:10h, 16 active

Maybe I don't use rockyou

Should I just let this run?

You don't need to attack the ssh?

To get the rootme password?

Priv esc. 🙂

wait a minute... I found a bunch of directories with gobuster

No, nevermind, those are different, I got this

It is a room for those completing training, the Cyber Pathway, as provided by WithYouWithMe, and I suspect that it is private and as such I don't think I should give the link out - sorry. I was really looking for those who have done it as I suspect that I am on the right track but I think there may have been a configuration change which is preventing me logging in with a password that I obtained as one of the objectives.

I'm doing Ra room and cant get spark to launch. It requires jvm8, installed it from nvidia package, but spark still says it requires another Java package that is replaced by the one from nvidia. How did you overcome this guys? Should i leave it and run it from Windows?

It will appear as private and will not be accessible to regular users.

#rules

Hello guys im stuck on webenumerationv2, 1.3. Practical: Gobuster (Deploy #1). Last question. I´ve found the virtual hosts but no idea where the flag is. A little Help?

Nevermind. I was only looking for .php extensions

I think the "Brute Force" section in the Authentication Bypass part of Introduction to Web Hacking, may have some errors. I've checked my syntax over and over, and it's not giving the expected results... I should get back one entry that is not a 200 response code, according to the lab, but I'm not getting any entries. I have no returned errors, and I am getting 200 responses, so the ffuf command is working as it should, just not getting what I need back to complete the lab.'

I can assist when I get home.

Noted, thanks

Gave +1 Rep to @lucid junco

Okay, what's up?

I am not getting any desired reply for that.

Did you create a file called valid_usernames.txt ?

yes i did

Can you verify and show a screenshot please.

!docs verify

I just done it on an attackbox.

And it also worked on my VM.

Can you make the attackbox full screen?

Also, can you cat valid_usernames.txt ?

Did you pipe them out the ffuf reply from earlier?

Can you

nano valid_usernames.txt
admin
robert 
simon
steve```

And then try the ffuf command again

Working in my VM also.

Can you doulbe check the IP?

Oops my ip was wrong after doing the nano valid_usernames.txt

why it didn't work at first.?
why needed to copy the usernames manually to valid_usernames.txt.?
it was there when I cat valid_usernames.txt right.?

Yeah, but how did you get the usernames?

Did you pipe the fluff output?

ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.234.12/customers/signup -mr "username already exists" > valid_usernames

using the above commnd

valid_usernames.txt*

Yeah. The room states If you pipe it out it won't work

Ohh I see
Thanks for the help

Gave +1 Rep to @lucid junco

Room: Sakura Room
Task: 5
URL of the picture don't capture the flag

What?

Question 2? It does.

Yes, but the page is down on the Dark Web and the link in the tips image is not capturing the flag

There is?

You can't open the image?

I enjoy helping, but please respect the rules.

Yes, I can, but the image link is a flag, but it's not working, could you try?

I got it thanks for the support

Having a goal in mind helps

My main objective was to learn more about web application security and pentesting so I focused on that

Not really a good way to speed through and still learn the material. Only things I can think of to help you move quicker is to take good notes so you don't have to re-read task material when stuck and make sure to utilize google when you are confused. Other that it kind of just takes as long as it takes, once you get better challenge rooms will go by faster, but the walkthroughs will kind of always take a while because there is a lot of reading material

Hello! I have a question regarding Annie's room. I've identified the exploit and successfully established a connection, but I'm encountering an issue with obtaining a reverse shell. It seems that I'm not able to acquire the shell. Can you provide some guidance or assistance in resolving this?

Oke I fixed it, thanks!

so completing the threat intel tools room, something is not clear

Email2.eml from task 7

calculating the hash of the file is what you need to do i assume?

but i don't understand the question or what they are looking after ...

You need to get the sha256 hash of the email

you mean the sha256 of the file that was attached to this email, right?

No, you take the hash of the email and input it in Talos.

ah ..

got it

thanks for the tip 🙂

+rep @lucid junco

Gave +1 Rep to @lucid junco

Burpe Suit Repeater - Task 7 Challenge

Instructed to goto /products and modify requests to get a 500 internal server error.

I have changed several values and only get 404 error

the HTTP/1.1 needs to be on its own line

and also it is using numerical systems

so what number could break stuffs

HTTP/1.1 being on the firstline is how Burp captured it.

If i put HTTP/1.1 on the next line i get no response

never mind that part about where http/1.1 is might be wrong by shadow

k

anyways that is a large number... what would think would happen if you send a very small number....

Well.. convention on site seems to be single integer (i.e 1,2,3,4,5)
I tired 0.5 (flaot) and still got a 404

what about a number smaller then 0 that is still an interger

traget site map shows /products/1 through products/5

there we go , -1

you are in #room-hints hence why shadow is not giving the answer outright but trying to hint you towards it

yuups

thank you fgor the help

no problem

+rep @alpine kestrel

Gave +1 Rep to @alpine kestrel

Hi !
Does rooms have status page ? I'm currently doing the Simple CTF (free) room, and when i use a particular tool to exploit a particular CVE (no spoil oc !) the server seems struggle to handle my requests and prematurely stop my tool with RemoteDisconnected('Remote end closed connection without response').

There isn't, which tool are you using?

Just python with the appropriate CVE ||CVE-2019-9053|| script (||46635||), but I have broke it in several parts, find informations without crack part of the script then playing with hashcat after.

I restarted the machine a couple of time to get info I needed (||salt, user, hashed password||)

Threat Intelligence Tools Room task 5 how do i move download the email to analyse it externally in phishtool as the default machine doesn't have internet access?

The attached machine has Thunderbird installed, all you need is to read the mail and check it's source code to answer questions from task 5. Don't need to download it or Phishtool for this task.

Guys i successfully rooted the Brooklyn Nine Nine . still..kinda curious why there's a ||nano.save|| file in the ||/home/holt/|| dir . when opens its a huge file and almost hungs up the machine..what was it meant for ?

hello
i need a help on Chronicle ctf
actually iam trying to do Master Password for profile 0ryxwn4c.default-release:
in some writeups it shows password1 as worked
iam tried but not working
can any one give some idea
how can i crack this password

got it, thanks

got the answer from viewing the source code

Tried to take a stab at this (out of curiosity), but got stuck on the foothold. 😅

After 24 hr I'm seeing one reply any way..
Thank you 😊

Gave +1 Rep to @tropic garden

Still I'm stuck on it

any hint on " Linux Privilege Escalation " Task 9 , i tried serval ways, i changed backup.sh with payload explained in task and then tried a similar one in the payloads of all things and i didn't get a shell ... ( also tried the same method with antivirus.sh in /home/karen ). also copied a payload for test.py at /temp. can anyone give a hint ?

Can you link the room as there are multiple Linux Privesc rooms?

https://tryhackme.com/room/linprivesc

it's the one in The junior pentesting path

Got it. Did you change the script into an executable (via chmod +x)?

it denied me presession

Can you do ls -lash on both scripts please?

actually i'm not so sure, i think it didn't deny permission but i thought it was already processed.

thanks i'll try to do that

Gave +1 Rep to @tropic garden

this is on the backup.sh ( 4.0K -rw-r--r-- 1 karen karen 77 Jun 20 2021 backup.sh ) , hmmm it's seems that it's not executable .

What do you need to do to make it an executable? Same with antivirus sh?

Yup both methods now worked, thanks 😊

Gave +1 Rep to @tropic garden

@proud scarab just a quick note, in the MITRE room (https://tryhackme.com/room/mitre) under the Task 7 - ATT&CK® Emulation Plans, there is a link to the Center of Threat-Informed Defense (https://mitre-engenuity.org/ctid/), this is no longer correct. I think the correct one should be https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/

@flint parrot ?

This is a good catch - Updated the link. Thanks @heavy mica 🙂