#room-hints

I’m doing the room “The Great Disappearing Act” and found two possible passwords. Not sure if they’re real, so I need someone who’s done this room

Any help on windows priv escalation. I've run these commands word for word. I even just tried to copy and paste +modify them all. My lisenter isnt catching anything. It's start to annoy me I've done it 3 times so far

I tranfer file, rename old one. Copy my rev shell and restart the service and nothing each time

Fuck me nevermind, i was using powershell this needs to be done in cmd.... RIP. its always some shit like this that will trip me up for an hour

Sorry @brittle pine I haven’t started nor completed that room yet. Did you make any progression since your post? Best of luck friend

Is that not a spam/bot user?

Oh is it? Sorry if I didn’t realize, so some users are spam/bots in the chats. Why would it specifically tag the 3 of us? lol

Oh I wasn’t sure myself, just seemed like it, I could be wrong. Link looks sketchy though

Haha it most certainly looks sketchy - only one way to find out, click on the link and send it 🤣😭 (please nobody engage with that link, just joking)

Okay please tell me I'm not nuts but I'm currently doing "The Great Disappearing Act" and I keyed in the password to Unlock Hopper's Memories but where do I go next?

https://tryhackme.com/room/hackacademyprivesc i need access to this room can anyone help me

The Room is Private

Hey i'm so stuck on active directorys task 4 its making me pull my hair out

Directories**

What's the issue 🙂 ?

any hints for upload vuln room task 8, i cant find out how to do it and echos hint is kinda useless

nvm i got it

The AI calendar is kicking my butt. I just can't seem to get the request formatted correctly.

Hello, i got a little problem
The second question in task 6 of the unified kill chain room, i answered it correctly but it's still having a space remaining and I'm pretty sure i typed the correct the answer

I cannot see the email analysis files, even after restartting the attack-Vm , for this section SOC Level 1
Phishing Analysis
Phishing Analysis Fundamentals

and how do we upload images here ?

What's the question and what's your answer ?

You have to verify , follow instructions from the link below

What is the netstat parameter in MS Windows that displays the executable associated with each active connection and listening port?

Should be -b

its not 🙁

https://share.google/DLvhCwWhgKhucOFQq

It is

Anyone working on Hoppers Origins from Advent of Cyber that can help with the direction of Server1 Admin? I've exhausted everything and I feel my sanity slowly draining.

@coral shell For Server1 Admin, don’t brute-force or chase credentials. The solution is in careful enumeration on Server1. Look closely at running services/processes, and inspect any config files, scripts, or scheduled tasks tied to admin-level services. There’s a small misconfiguration / overlooked file that gives the direction forward. If you’ve checked everything once, re-check auto-run scripts and writable files.

i figured out till the login page but now i'm not able to figure out what to do now ? mean how can i get credentials to access asylum

@haughty basalt You’re already at the right place — now go back to enumeration:

Check Server1 again, especially anything related to Asylum (configs, scripts, environment variables).
Look for hardcoded creds, tokens, or references inside:
Web app files
Config files (.conf, .env, backups)
Cron jobs / startup scripts

Pay attention to files readable by your current user but used by an admin-level service.
If the login page exists, the credentials are usually stored somewhere locally, not meant to be cracked.

In short:
👉 The Asylum credentials are revealed through misconfiguration or leftover files — not through attacking the login page itself.

.

Hi all, anyone completed the Hoppers Invitation side quest?

I am going crazy here!

https://tenor.com/view/balthazar-crazy-family-guy-fou-gif-11775947423386520412

I am going crazy here!! ANYONE worked on the Hopper's Origin invitation?

Does anyone know which ".json" file is correct for the PS ECLIPSE room? This room is for using Splunk to investigate ransomware activity. Thanks.

No hints are allowed for side quest

i was thinking of teaming up T-T

Check out #1444365547432186077 channel then 🙂

Big shout out to @hoary moth - eveytime I get stuck on a room, I search for the problematic task here, because people have had the same issues previously, and almost every time KGB has provided the support to the issue. Thank you, I appreciate it.

Gave +1 Rep to @hoary moth (current: #1 - 6054)

Thanks 🙂

Gave +1 Rep to @boreal tendon (current: #3459 - 1)

No Hints For SideQuest, If U Need Walkthrough Solve it After 31st Dec after the event is Officially fully over After That You Can Use Walkthrough To Solve

hi sir, I have been stuck on the hammer room, I just find the web port is 1337, and find some path which is available, two login page, and some other pages, and canot find a way to grab the flag how to get to the dashboard, can you give me a hint ?

@stone portal sir ,can you help me , hi sir, I have been stuck on the hammer room, I just find the web port is 1337, and find some path which is available, two login page, and some other pages, and canot find a way to grab the flag how to get to the dashboard, can you give me a hint ?

Hi sorry for bothering you guys but can any of you hint me on how to access the side quest machines in AoC I have Key1 and Key3 but can't access there relative machines every time I try I get this error

Maybe This Walkthrough Will Help U To Figure Out Your Issue - https://www.youtube.com/watch?v=Y8-ahp7mnLI

hi, anyone able to help me on this room? https://tryhackme.com/room/injectics

what issue are you having with the room?

may i know why this command || {{[‘id’,””]|sort(‘passthru’)}} || works in the admin panel's ssti injection? i have previously tried using || {{passthru('id')}} || but it gave an error.

@hardy gale In Injectics the SSTI is Twig, which blocks direct PHP function calls, so {{ passthru('id') }} throws an error.

The payload {{ ['id',''] | sort('passthru') }} works because Twig’s sort filter accepts a callback function. By passing passthru as the callback, Twig internally calls passthru('id'), executing the command.

So it’s an indirect function execution via filter callback, which bypasses Twig’s sandbox restrictions.

Can U Please Provide a Screenshot ?

yellow, so either am stuck becaue of a glitch or am just probably stupid (https://tryhackme.com/room/introtodockerk8pdqk)
in this room task 7, flag, i am unable to get it. As far as i understood i should do this "docker run -d --rm -p 80:80 --name webserver webserver"
then "curl https://10-80-178-219.reverse-proxy.cell-prod-eu-west-1a.vm.tryhackme.com/" but no progress was made, please tell me if am doing smth wrong
nvm fix
(i was supposed to unlock the webpage in my local browser but my dumbass thought i was supposed to curl smth)

I've done this ages ago but in my notes -rm was not required (not sure it makes a difference tho, except that removing the image which forces downloads upon further retries).
But the question mentions

connect to https://LAB_WEB_URL.p.thmlabs.com/ in your browser/
So wrong domain?

I thought they meant connecting in the vm, which was only a terminal so i thought they meant to curl it (still kinda dont know how curl works), but then i just pressed the link and voila the flag was bright as the sun

and yes --rm wasnt needed, i was just trying to re download it because i thought it glitched

Heya ... I am in the Linux Live Analysis room and in Task 6: Hunting for Processes I somehow don't get any results that help me to answer the question. The first question asks for a process running from the /tmp/ directory but even if I list all processes there is no process with this path. I continued on and it remains the same for the next tasks. Am I missing something?

nvm ... forgot to switch to sudo 😕

Hello! I am on the Linux Fundamentals 3 module 6 on crontab. I have been stuck for over an hour on the question “when will the crontab on the deployed instance (ip address) run?”
I believe the answer is in the crontab -e being 05**1 however the answer space in 7 spaces long and the echo AI is not being helpful

Update! I was misreading the question! I got it

So I'm currently working on the Buffer Overflow room.
I just finished task 8 but wondered, that while using a disassembler (used gdb and radare2) I could not successfully call the setreuid syscall to set the uids to user2. After the first syscall, rax raises errorcode -1 and the shell afterwards gets called but still for user1.

Running the binary with the payload by itself works just fine calling a shell for user2.

Is this due to some protection level in the disassemblers or is this a mistake somewhere else on my side?
(attached disassambled shellcode)

Can anyone provide more to go on for the into to web hacking > File Inclusion. Specifically for flag3? It looks like when you do a POST with curl it won't strip out the directory traversal but it's adding .php onto my flag3 path. I've tried experimenting with all sorts of user-agents, Referer, X-Forwarded-For including malformed urls, content-types. I've been able to get all the other flags for the exercise.

/etc/flag3 ?

@lucid junco I was able to get it to work by sending a URL-encoded null byte at the end of the string. This prevented in the include from appending .php in the eventual OS system call for file open

hello can anyone help me out of this, this url doesnt display in the browser
You should have found a secret page that allows you to add funds to a bank account (http://fakebank.thm/bank-deposit). Type the hidden page into the FakeBank website using the browser's address bar.

u should paste in the attackbox browser

can u provide a screenshot of that issue

@stone portal I got it! thanks so much

Gave +1 Rep to @stone portal (current: #217 - 49)

no prob

(juicy room)
how do i get the internal panel flag???
juicy has not returned the answer at all with a lot of tries, do i just keep asking this request with different wording?

is someone able to give me some hints on this room task 2?
https://tryhackme.com/room/wafexploitationtechniques
i've been stuck on it for a couple days. i can't seemingly get the cookie and have it sent to python http.server

need some hints for finding the vulnerability in the room Jax sucks alot... all i could find was that there was a session cookie encoded in base64 which in decoding looks like this

{"email":"admin@gmail.com"}

i entered the input admin@gmail.com and got this in the session cookie

Can you provide some shots of what you're trying to do ?

HI there,
am stucked in SOCL1 Alert reporting The question is What flag did you receive after correctly escalating the alert from the previous task to L2? Note:If you correctly escalated the alert earlierjust edit the elart and click "save" again
MY ANSWER IS
THM{nice_attempt_faking_microsoft_support} But it says incorrect answer search on internet and medium.com website blog also show this answer. CAN ANYONE PLEASE HELP ME IN THIS QUESTION

i have the same thing, the dashboard is giving me this flag also but the question expects a thm{1234_123_1234567890_1234_12345_12345} format

Python for Pentesters Room, Task 2, Subdomain Enumeration:

The python script is fine, when I created a subdomains.txt file and added the items in the image, I was able to get a response from using google.com.

The intro says to do the Python Basics before, which I did.

What's missing:
In Task 2 for the subdomain enum, it doesn't cover the command needed to run the script, which requires you to add the target (python3 subdomainenum.py <target>). I figured this out by my method of 'screwing around'.

If you go to Task 3, it says 'Once subdomains have been discovered' which nothing in Task 2 ensures you've found one and if you use the list they provide in the image, no subdomains are discovered either.

Task 3 is cool in that it shows the command needed to get your work done.

Just sharing this here as I continue through the module and in case someone else gets a little stuck. Fun course though, just wanted to share my experience.

Guess I'm done with Python for today.

Other rooms open, but this one is broken for now.

Hey guys so im on Authentication Bypass room and ive created a valid usernames txt file and filled it with a bunch of other usernames i found ab a hundred or so but i ran this command:

ffuf -w /root/Desktop/valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.64.157.229/customers/login -fc 200

It worked just fine the problem is i got 0 hits on the passwords and or usernames i was under the impression that attackbox would have the password for the site somewhere in the file or was i wrong and i need to find like 1000 from the internet?

Hello?I'm new here

What was the output?

i dont have it anymore but it didnt have any errors it ran all the names and it was just empty the only thing that was there was the command and the stuff it ran

You got me curious so I just ran this exercise again and it works as intended. The ffuf command you show is perfectly fine. So I'm guessing the problem is in creating valid_usernames.txt . Mine had 4 entries.

yea it ran fine i created the txt document and put a bunch of possible names in there or am i wrong and the program will put what its found into that document?

i was under the impression your supposed to fill the document with a bunch of possible names

The idea is to use names you could collect from your target instead of a generic list. Like an educated guess. In the room it's about the logic flaw that the signup page can reveal possible usernames. So the file your should use is from the previous task.

oh so the names from the previous task i should put in

(edit: signup page)

yeah, brute-forcing the signup reveals the existing accounts, which is generaly a good starting point.

ah okay i just put in a bunch of random usernames i found on the attackbox

i didnt think it was that straight foward

i was overthinking it

thx for your help (sorry im abit slow at this😂 )

Well, you still need to start with a list of generic names (the signup) to find out which ones to keep in the second step (the login).
Here is tip that seems absent from the Username Enumeration task: adding ... -s > valid_usernames.txt to the ffuf command will build your file silently, without the ffuf comments.

ok ill try that thx

Adding to a file without feedback won't be very good for somebody who is new to troubleshoot?

hi sir: I am afaid I have ruined the Include room, I follow the guide of the chatgpt, and put in some payload and I am afraid I have ruined the backend of the platform, it is now not work now,

sorry it is DOM based attack room, not include room, it is now runied

and for the include room, I can not finish it , some Yotube poster have suggested use the maillog poisioning and ssh posioning, and it is seemed that vulneralbility have been repaired already and it is not work now, I hope you can give me some further hint in getting its final flag

Reset the room.

You can't ruin it, just that instance.

need a hint for the room Rabbit Store. how do i find the credentials for the login page at the subdomain storage.cloudsite.thm?

Cookie 😄

haha thanks i knew it had to do something with manipulating the jwt cookie

Gave +1 Rep to @lucid junco (current: #2 - 3936)

i need a hint for the first shift ctf of task 2, how do i find the answer of the question

U Can Have Hints After 24h Jan

hello guys, in the CTF Madeye's Castle i am getting a 500 error on visiting the http://hogwartz-castle.thm website even after adding it to my /etc/hosts file. i could access the default apache page at http://<target_ip> but it seems that i cannot access the website with the domain name. after checking the writeups i found out that i was the only one facing this problem.

Known issue

Hello, im stuck on room - session management task6 i can see all students tab when i change the cookie userRole but not the flag of user ''x'' what im doing wrong? i have seen others walkthroungh's and in everyones they get the id 11 and i always 8...

this one pains me to ask as im sure im going to kick myself:
hxxps://tryhackme.com/room/nmap

What is the non-numeric equivalent of -T4?
T4 aggressive (Its not this but fits the space perfect. )

[Resolved]
God im going to bed at this rate lol
-T aggressive

hey looking for some guidance in offensive seciurity module 1 task 3 if anyone can help lmk!

Post the question...

somebody help me i cant do a recap lol

Which command would properly create a forensic image of a compromised disk while preserving evidence integrity?

i tried the ftkimage, dd, dcfldd nothing works

@jagged otter Simplest could be dd if=/dev/disk/by-id/(device partition here) of=/path/to/locationofsoontobeverylargefile bs=(size, align with your topology x 1000) (try to keep it at least 10MiB)
then watch -n 30 killall -USR1 dd in another window

That makes an exact copy of everything on the designated block device.

"Forensic" image dumps just hav a bunch of fancy dates and checksums. Is this for legal purposes or just learning to make backups

@jagged otter dont forget the sudo 😉

hello, need help with this room
https://tryhackme.com/room/res

i can't find the binary to escalate, and yeah i did read the wrteups and still no help

Post exploit phase or initial access ?

Post exploitation

Need to escalate but couldn't

Regular Expressions room. I solved all tasks but been stuck with this for a while now.

I tried couple of regexes none worked (Couldn't include the last '1')

||\.*\S+ ||this one looks like it works but still not correct

w also works but still not the correct answer

Hint: ⁨||⁨w⁩⁩|| is part of the expected expression

Hey! I am in a room Digital Footprint and i am stucked at task 2, need a nudge in the right direction

nevermindfoundit

Revisited my notes and it seems the binary that has the suid bit isn't working. Searched the discord and found this - #1440742153037807868 message

Hey guys hope you all are doing well,

I just started the SOC Fundamentals and im stuck on this room. I answered all the W's except one. Would any one be able to assist me?

Thank you

What is the issue ? 🙂

i was being a little silly i figured it out thank you 🙂

Gave +1 Rep to @hoary moth (current: #1 - 6083)

Hey friend , what is the methodology to use in room message to Garcia.

Digital Footprint room - The Leaked Photo. I have found the street address of the picture but when i enter the THM{city} flag it is not working. i have tried every combination i can think of (case sensitivity/spaces/punctuation/city.vs.suburb). Am i missing something and off the track? any help appreciated thankyou

There is office name.

Yes there is city neme in first letter cap and all small

still no luck i must have something wrong

Is there any error in "Digital Footprint" -> "task 2 Archived Company Website". I was also surprised by Task 1 because the GPS coordinates are wrong (I know the city). There are no other obvious clues that would actually lead to the house. From my point of view, this isn't "easy".

Just double-checked, no errors in task #1 or #2. OSINT uses imperfect data by design. Easy ≠ obvious. fyi, Google Search (AI Overview) finds #1, 1st hit just pasting the coordinates as-is from the image meta-data;)

You’re a bit over-scoped. The flag isn’t the street or suburb - it’s the city inferred from the wider view. Zoom out, not in.

thanks for reply, i figured it out in the end, have pmed you my mistake so as not to spoil

Gave +1 Rep to @regal knot (current: #746 - 10)

room/caseb4dm755task 6 question Including hidden files, how many files are currently stored on the flash drive?:
The number I'm counting is not single-digit as the answer field suggests. What's the right way to count files here?

Hi there, I'm doing the room SOC Alert Triaging - Tinsel Triage, but for task 5 I can't access / find any logs. It might be because of the layout differences, like I can't find anywhere mentioning Events at all unless maybe its under a different name

Count files of type "Regular File" that are not deleted.

No event at all can be a sign that the time frame is incorrect. Is it set to "All time" or something like that? Also, you can try the simple broad query * to find everything the SIEM has; iirc you'll then be able to see log names.

currently doing hoppers origins network. i found the flags for: web, db, server1, server2 and ai.vanchat.loc. now i am stuck and i have no idea what to do next (or maybe i just need sleep)

Just started on try hack me and on task 4 in Offensive Security intro the balance isn't going into a + even though I'm following what it asks and comes up saying what I've done is correct.
Fixed it

I am in the File Inclusion room (first intermediate room), and I am having some trouble with trying to figure out the challenge answers even though I have done all the previous questions along with looking at walkthroughs for the room. I just want to be able to do it on my own, so I decided to not just ctrl+c ctrl+v the answers :3

hello guys i am finding difficulty in fuzzing rest api in the CTF bookstore. half the write are using wfuzz to fuzz it. but i want to use ffuf to enumerate the api. is it possible to fuzz api with ffuf or am i supposed to use wfuzz only like the others?

Hello

Hello, im doing Road ctf, and i have some problems, can someone help? Thanks

Can somebody tell me why I cant do azure labs after paying 35 Dollars extra? I alrdy reloaded the page too? I purchased "Cloud license access"

guys i'm in Upload Vulnerabilities room, i follow the steps and set the etc/hosts file, but i continue to get this:

Please read the instructions in task one. You must access this server with one of the following virtual hosts:

overwrite.uploadvulns.thm
shell.uploadvulns.thm
java.uploadvulns.thm
annex.uploadvulns.thm
magic.uploadvulns.thm
jewel.uploadvulns.thm

Refer to the instructions in task one for more information

someonle can help me?

i need help in Wireshark: The Basics task 5 question 2

Please Mention Ur Issue U are Getting

Chocolate-Factory: If your using vpn connection and your running kali, root.py wont run, it just errors and you cant load missing imports. just rewrite root.py for python3 and your done.😀

@calm tide Try launching room machine and wait +/- 15 min for it to load. Then you should configure the /etc/hosts file on your machine (e.g. AttackBox).
To access a specific website for example: overwrite.uploadvulns.thm, try add http:// before the website address.

when i apply packet 4 as a filter i don't find the correct number off the displayed packet

i think u are just typing packet 4, try frame.number == 4

if u still get any issue paste the screenshot there, but u need to verify first - https://help.tryhackme.com/en/articles/6495858-discord-how-do-i-verify-my-tryhackme-account

where can i get my certificate on love at first breach?

What command would you use to perform content discovery on the website http://10.10.10.5 using ffuf with the common.txt wordlist?

Hi, any idea why this answer is not correct? Question from recap

ffuf -u http://10.10.10.5/FUZZ -w common.txt

have you tried full path? /usr/share/seclists/Discovery/Web-Content/common.txt

Yeah

Your command seems ok to me.
Seems to me that Echo needs some tuning. So I guess you need to guess how it came up with your question to figure out the expected answer.
But before that, try silly alternatives like : ffuf -w common.txt -u http://10.10.10.5/FUZZ or ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://10.10.10.5/FUZZ . Also in other intro rooms show how to define another keyword such as NORAJ instead of FUZZ, like in ffuf -u http://MACHINE_IP/NORAJ -w /usr/share/wordlists/SecLists/Discovery/Web-Content/big.txt:NORAJ

Hi everyone, which rooms do you recommend for training before tackling Investigating Windows room?

Windows Fundamentals 2
Windows Event Logs
Windows Logging for SOC
Windows Forensics 1
Compromised Windows Analysis
Then Investigating Windows

Thanks

Gave +1 Rep to @vernal latch (current: #302 - 34)

Hey. So I'm trying to do the tcpdump basics room right now. My issue is that to answer the questions I'd need a traffic.pcap file which is not available on the machine and there is no command to my knowledge in task1-2 that would create it

Could someone help please?

the traffic.pcap file is preloaded by the room You dont need to generate it manually
It’s usually located in like
/home/tryhackme/
or
/root/
Find it quickly
find / -name "traffic.pcap" 2>/dev/null
Tasks 1–2 are just for learning tcpdump syntax the .pcap file is used in later tasks

Nothing returns. Could only send img from phone

Room machine bug ie file didnt load
Restart the target machine
Wait 1–2 minutes then run
find / -name "traffic.pcap" 2>/dev/null
If still missing then Terminate then Start again
If still broken then Use AttackBox instead of VPN

I'm on attack box and this is my 2. try but ok. Gonna try restarting it

Thanks

Sure

Hey guys

Yo bro

Sup

Assalaam o Alaaikum ! I'm Samavia I have a confusion about task 4 "Attack the admin page". Guys can you all please help me solve this? I’m not understanding anything.

Link of the room'?

https://tryhackme.com/room/offensivesecurityintrokKx12l39?taskNo=4&sharerId=699ed6ddd9248a707c1072d1

gobuster dir -u [http://fakebank.com](http://fakebank.com) -w wordlist.txt

Please don't post flags in chat.

It ruins it for members.

Mb

Jazak Allah Hu Khairan(THANKS)

Np worries

any hint on Operation Endgame room..?

Give the exact question or task u need hint with

Anyone got a tip for "Azure: Can you GA?" Task 2 last question "What is the user flag?".

Provide me the room link

https://tryhackme.com/room/canyouga

Navigate to Microsoft Entra ID in the Azure Portal
Click on Users
Click on Download users or check the user list

maybe im too slow but i dont see the user which has the flag? is it " wiz" ? and if so, i pasted the text into the field in thm but it doest work

Ensure you include the full string which typically follows the standard THM{...} format

Hi, m I allowed to post the operation endgame machine writeup

you can post a write up but make sure it doesnt include direct answers or flags.

hello, I am going through the owasp juice room and I am on task 4. Am I gonna wait this or what? Whenever I click the OK button, the intruder closes. Should I wait till its done?

dont wait You are using Burp Community Edition and Intruder is heavily rate limited + autocloses so it wont finish the attack properly

how am I gonna see the status code sir?

it wont let me click it

Because Intruder Community locked UI and throttled you cant properly click live results So dont rely on the intruder here

Intercept login request then Send to Repeater
Go to Repeater tab
Click Send
Look at top right then HTTP status
401 means wrong
200 means correct

but the room is doing the intruder

Ik the room uses Intruder but they assume Burp Pro You are on Community

I can still do it with john the ripper?

Hydra is the best choice

I dont think ive encountered hydra. Not sure, but I will try. Thanks sir

No worries

hydra -l admin -P /usr/share/wordlists/seclists/Passwords/Common-Credentials/best1050.txt \ http-post-form "/rest/user/login:{"email":"^USER^","password":"^PASS^"}:Invalid email or password"

If anything errors out just drop the message I will fix it for you

thank you sir. I will

@vernal latch I managed to see the password, its admin123. Thank you sir. I am advancing now in task 5

Gave +1 Rep to @vernal latch (current: #202 - 53)

Great

Anything else?

I will send it here. Ill just try to solve it on my own

thank you

Good luck

Hello, I am now in task 7. Ive already done the xss inframe but there are no flag. Where do I get it?

already ran a new machine

performed a DOM XSS

nvm, I just need to copy paste it. I manually copied it. XD

added the header but it the xss wont show

Turn intercept ON then logout then catch request then add
True-Client-IP: <script>alert(1)</script>
Forward it login as admin open Last Login IP then XSS should pop.

okay, wait ill try

after forwarding, should I turn off the intercept

?

turned it off, nothing happened

After you forward the modified request turn Intercept OFF so the rest of the traffic isnt paused

Then log in as admin and check Last Login IP

Heyy

I want to make phishingg page?

So which is best option ! 1 i make own clone page ya i use tool?

Give me some suugeestions my heross

Gophish

Uh...

Why are you assisting used to do illegal stuff?

Users*

Did you know it's illegal to even try and phish?

Regardless of you're successful or not?

Its not my intention to assist with anything illegal

But you're doing it anyway?

I only mentioned that name to try him out legally

...

It's not legal to try and phish.

It's illegal point blank.

Ok mb should I delete that?

@vernal latch okay okay

Iys illegal

Its

So dont teach me how

Sorry, why do you want to make a phishing page?

hello, ill try it now

I got frustrated yesterday and it was lunch time so I did not finish it

nice it worked XD

Great

Greetings, just wanted to know if "Easy" is the correct level for the "OWASP Top 10 2025: Application Design Flaws" room, as it's giving me a throbbing headache, and it gets worse when this room belongs to CyberSecurity 101... really frustrated at this point...

I watched youtube videos for this one XD

hi guys, im doing web enumeration. Should I make a directory first?

nvm, just followed the instructions lol

have a problem in question 2 task 5 in (https://tryhackme.com/room/wiresharkthebasics)

What is the number of displayed packets?

yes

It is displayed at the bottom right-side of the status bar.

thank you so much

No worries

Anything else?

@idle shadow

no just that thank you

Ok fine

if i need anything else i will text you

Ok 👌

Hello there, Need help for room OWASP Juice Shop, Task 3 Inject the juice, what should I put as answers in both the questions there???
Question #1: Log into the administrator account!
Question #2: Log into the Bender account!
Thanks in advance

oh...nvm, forget my question... 😅

For Task 3 Inject the Juice in the OWASP Juice Shop room those questions are usually about SQL Injection to bypass login

Log into the administrator account
' OR 1=1--

Log into Bender account
bender'--

@remote monolith

yoooo

My Wazuh room doesn't display the number of security events for a specific host. Even though I've read the guide and followed all the steps, I still get the "data not found" message. Is this a bug, or am I doing something wrong?

You are likely using the wrong time filter

Click the time range calendar
Set Absolute time to include March 11 2022
Keep filter agent.id: 001
Click Refresh
Then the Security Events count will appear

I don't understand what's wrong

Remove the filter manager.name: ip-10-112-144-207
Keep only
agent.id: 001
Click Refresh

Please tell me how to do this, I don't see a mechanism to remove the filter🥲

Look at the filter bar where it shows
manager.name: ip-10-112-144-207
Hover your mouse over that box
A small X will appear on the right side
Click the x to delete it
Leave only
agent.id: 001
Click Refresh

For testing purposes I created a new filter that can be deleted, but the manager.name: ip-10-112-144-207 field is not deleted.

Click the manager.name: ip-10-112-144-207 filter then Unpin it pin icon then Remove it leaving only agent.id: 001

This doesn't work either, ok, I'll try next time😔

Give me the room u doing and the question no.

including task

Wazuh, Task 4

Open agent-001 from the agents page then go to Security Events then change the time filter to Years ago then refresh the search then the dashboard shows 196 Security Event alerts generated by AGENT-001

see dms

In general, nothing helped, so I finished the rooms. Thank you very much for trying to help)

Gave +1 Rep to @vernal latch (current: #131 - 79)

Check ur dms

https://tryhackme.com/room/machunt
Question: Which network did jake connect to after reading the instructions in the pdf?

I found the pdf, it referenced a file, i found traces of the file in the trash, 7z x'd it to see its contents. and then looked at the payload, I can't find any persistent trace of a file referenced from that script.

On macOS saved Wi-Fi networks are stored in an XML plist file at

Library/Preferences/com.apple.wifi.known-networks.plist

There are two Library folders user and system which can be confusing The file can be viewed with the command

less com.apple.wifi.known-networks.plist

In the file Wi-Fi SSIDs appear with the prefix wifi.network.ssid before the actual network name

Hi guys Im going crazy of the recap topics and how buggy they are. On the question: what Gobuster command would you use to enumerate directories on the target http://example.com with the wordlist /usr/share/wordlists/common.txt. I keep getting wrong answer when.i write gobuster dir -u http://example.com -w /usr/share/wordlists/common.txt

It's annoying

And that's not the only one

There are some 2 other recaps

Extremely stupid

gobuster dir -u http://example.com/ -w /usr/share/wordlists/common.txt

http://example.com/ with / at the end

recap questions are not buggy but extremely strict with formatting 😅

But in their question there is no /

That's why i didn't put it

did u tried ?

I tried both with / and without

Nothing works

bug

Have you tried with quotes or double quotes? Like
gobuster dir -u "http://www.example.com" -w "/usr/share/wordlists/common.txt"
Also I'd try with .thm because one of the literal text in the room is
gobuster dir -u "http://www.example.thm" -w /usr/share/wordlists/common.txt
Finaly try with -r like in room:
gobuster dir -u "http://www.example.thm" -w /usr/share/wordlists/common.txt -r

@potent anchor unfortunately I tried many combinations it might be just broken. Come on, how hard is the gobuster syntax😀

anothe one thats killing me is this one. And i tried variations of curl, ping and nc.

is it not just ping bankgpt.example.com ?

Nope

yeah, it cannot really be qualified as broken if it was not fully working to start with 🙃 . There was a case a while ago where to the question "give a python command that sets a webserver that only responds a specific response code" the answer was something like "python3 myscript.py" which was from the room's text.
Which module is your recap for?

so many variants and the question lacks context: is there a firewall? is it a windows server? A bank would also use TLS, etc. The solution could involve telnet, a script, etc. My snapshot is what an LLM suggested to that same question: it even suggests wget! I guess the point is testing if the application itself responds: could it be a websocket, an API, etc.
Another LLM suggested curl -I -s -o /dev/null -w "%{http_code}\n" https://bankgpt.example.com

Omg yes it was curl -I https://bankgpt.example.com

Someone knows how to pass the question from the recap in the Security Solutions room(Cybersecurity 101 course)
Id of the question is 69b736dfb6b931269fa0b1d4

Question is

What Windows Defender Firewall command would you use to create a new outbound rule blocking TCP traffic on port 443?

I am stuck cause it was a GUI program in the example, without any commands, just interface

Might be New-NetFirewallRule -DisplayName "Block outbound TCP 443" -Direction Outbound -Action Block -Protocol TCP -RemotePort 443
If it fails, try variations like without the displayname.
If it fails again try its linux version (out of curiosity and hoping Echo is a bit confused) sudo ufw deny out 443/tcp

hah i've tried many variations but it still cant go through idk why this recaps so buggy

can somebody give me a hint for this room i am completly stuck with that container thing

Try focusing on the container metadata Sometimes files or images inside containers still keep useful information like tags comments or hidden metadata use tools that can inspect containers and look for anything unusual inside them

where can i find answer for this question?

Hello guys! Im on the moniker link room, in the exploitation part, and I can’t make the responder to capture the hash

Im using RDP through remmina. I’ve tried everything but the responder doesn’t listen. I’ve tried to use tcpdump just to see if the connection was being made, and it is live

if you just need a sanity check, I just confirmed all is working as expected and was able to capture the hash with Responder. There are approx 15 steps that need to be followed exactly in the right sequence for this all to work. If you are looking for someone to troubleshoot your issue, you will need to provide way more detail.

If I had to guess - it is the syntax error in the exploit.py script provided. It should be: file:///\\YOURATTACKBOXIP/test!exploit

From which room is this question?

Missing Person

It was not the script. I was able to run it through the attack box though. Thank you nonetheless

As I stated above the tcpdump was able to capture each time the link was clicked on the windows machine, so there was no error in the script. The problem seemed the responder itself, either version issues or some ports on my machine. Solved it by running the attack box instead of through VPN

Which room?

https://tryhackme.com/room/missingperson

Idk much about OSINT to be honest 😅 , so...sorry, I thought I could do it but I couldn't :p

It was for another user.. can't do THM yet as still at work. 😅

alright

Bonsoir everyone

bonsoir

Yeah, I was expecting you

i just reached my room

....

Can we talk in personal

sure

can i ask someting about the OSINT Level 3 iam stuck on a answer the i will have finished OSINT Level 3

Send links/ss please

hey guys, any hint about how to complete last task from chocolate factory room ? It's completely broken

Please send link or ss

It’s all good thanks ! I used a fernet decoder online it worked as an alternative

Does it have something to do with the source code you have to download? W1seGuy. Feels like I'm missing something

yes the sourcecode is relevant

ok so was it supposed to download w1seguy.html or source-number.py

cause when I downloaded it the first time it downloaded w1seguy.htm and I spent AN HOUR looking through everything

no the python script from task 1 is relevant. It contains the encryption algorithm which helps you creating the decryption algorithm.

now I got the py code

yeah I got the py code when I click download this time but the first time I somehow got the html file?

now it make sense why the source code is relavent

i guess you did rightclick "save as". Your browser then downloads the html of the page you are on so you downloaded the HTML of the Tryhackme room ^^

maybe i cant remember

but yeah I know where to go now. Thanks

Anyone having trouble with the box THM - Res? I solved it. As you all know xxd no longer has the SUID bit. The way I solved it was by getting the username from /home when I got the shell, and then using Nmap Scripting Engine to bruteforce ssh for username:rockyou.txt and then escalating with sudo su

@dusty lintel @austere lantern @vernal latch

Tag anyone else having issues. I left my hint ambiguous and left out the UUID and command syntax to let people learn, but this solution works 💪 unsolvable box = solved ✔️

Wow!! Great work. I will have to check it out. Thank you for the info.

Gave +1 Rep to @white atlas (current: #3700 - 1)

actual syntax in dms so any n00bs dont get their necessary problemsolving ruined for them

Thanks 💪🏼

Gave +1 Rep to @white atlas (current: #2404 - 2)

Lmk if you guys get it working with nmap NSE

Hilarious that I solved it with nmap of all tools

Hi, I tried and it works with nmap NSE, but I prefer Hydra because it's faster.
Anyway, I was close, before your suggestion I was trying hydra, but due to a typo with the user I waited too long and killed the process, I was tired I didn't notice the typo. Thank you very much for your advice.

Gave +1 Rep to @white atlas (current: #1818 - 3)

Yes its def easier with hydra, I just did it with nmap for fun.

solution found ✅

Where do i find documentation or playbooks for Process alerts in soc simulator? How do i know if a suspicious parent child relationship process creation is malicious? I have no playbooks available.
Do i have to find my answer from external sources outside THM?

may it will help. https://tryhackme.com/room/irplaybooks

Hello everyone, so, I tried completing the. Active directory part and when they asked me to connect on the Phillip user, I have tried doing it with the PowerShell and the RDP vendor, both are saying that the user does not exist, Idk if I'm doing something wrong

What is the exact user name you used when you tried to connect?

hi

Anyone got any hints about the first answer on the new have a break room? it says its the google maps exact name but ive tried literally every single gas station full address name and none of those seem to be working for some reason, i thought i just mistook the gas station but that doesnt seem likely with all the ones ive tried up until now

#1489686534717308948 message

oh i didnt know the room released less than 72 hours ago, although being more competent than a toddler when making sure the answers in your site are right might be harder than i first thought, thanks!

Gave +1 Rep to @lucid junco (current: #2 - 4013)

Not my site.

someone please given me a hint for question 2 of 'Have a Break' i think i got the answer but was wrong

#1489686534717308948 message

how are we supposed to find the full name of the culprit 😭

#1489686534717308948 message

Any hint for room3 task 5?

Can you share the room link?

solving this room https://tryhackme.com/room/splunklab

i am at task 6 i did evry thing i can see the events in spunk whent to sourcetype: syslog
it doent allow this answer its only _ _ _ _ 4 when to read some walkthrows they all set it as syslog i am unable to solve this room

ah ok finaly solvet they needed defrent log source thats why

Use any Text Editor and edit the content of the read_secret.sh. Inside that file, write a script to read the contents of secret.txt. What is inside secret.txt?
-rwxr-sr-x 1 root perm : read_secret.sh
-rw-r----- 1 root perm : secret.txt
how to change permission?
i use sudo need password but shows student is not sudoers file

Please do not post the same thing across multiple channels.

Folks here will help you if they know the answer or have time to respond.

could you able to run read_secret.sh? and also make sure there's a shebang #!/bin/bash at the top.

hey! I am doing https://tryhackme.com/room/networkingcoreprotocols room but I am stuck on the pop3 task-7
The challenge requires me to pull 4th message from the server but when I telnet on port 110 and try to RETR 4, it throws error

telnet 10.49.172.216 110
Trying 10.49.172.216...
Connected to 10.49.172.216.
Escape character is '^]'.
+OK Dovecot (Ubuntu) ready.
AUTH
+OK
.
USER linda
-ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.

I have tried openssl and that fails with renegotiation error

openssl s_client -connect 10.49.172.216:995 (as well as 110)
+OK Dovecot (Ubuntu) ready.
AUTH
+OK
PLAIN
.
USER linda
+OK
PASS Pa$$123
+OK Logged in.
RETR 4
RENEGOTIATING
ERROR
4027AD8F1F7F0000:error:0A00010A:SSL routines:can_renegotiate:wrong ssl version:../ssl/ssl_lib.c:2892:

I have tried forcing tls 1.2 as well but no go there. Curl is also failing.
Any idea what's up here. The example simply telnets on port 110

nevermind - known bug and closed

operation takeover - is frr and vtysh the right direction?

72 hr rule in effect

sorry i don't get it... 3 day payment rule? Or is the VM so new?

Please be mindful as a general guideline to not ask for/provide hints in the first 72 hours after a challenge is released. This also covers streaming.
Ignoring this rule will result in being muted until the hint embargo has been lifted.

oh. ok..🤐

Hey guys am new here, how are you all doing.

Welcome

Hi im new here and i wanted to ask if the linux fundamentals 2 ad 3 are supposed to be under paid subscriptions

Yup

Does hacking pay ?

I almost got my ip and info leaked 😭😭🫡

But also got $5k from a random gig

Anyone know how to make serious money hook me up asap 🫡😈😝

No, we're all broke af

Maybe yall ain't using your abilities to the full potential

Nah, we’re just doing it for the love of the game

Hi i'm doing the rooms hammer , i forged the jwt token , but it keep saying me that the token is invalid

too little detail to help much, this writeup explains it quite well: https://medium.com/@princeoffl/hammer-walkthrough-c1d45267e254

that white rabbit ai room is killing me got flag 2 and 3 no clue what that first onbe should be but i've escaped xD any hints or tips?

nvm found it in the most convoluted way XD

Cool

that was a pita

I believe this should work
curl --location --request POST 'http://10.67.169.182/challenges/chall3.php'
--header 'file: ../../../../etc/flag3%00'
--header 'Cookie: THM=Guest'

https://medium.com/@Aircon/file-inclusion-tryhackme-thm-5dae64d5dae4#:~:text=[Question 8.3] Capture Flag3 at /etc/flag3

hi
I’m experiencing a recurring issue with the lab machines across multiple rooms.

The problem is:

The machine expires immediately after I click “Start Machine”
Sometimes I get redirected to a “Page not found” error
This issue is happening in multiple labs, not just a single room

What I’ve already tried:

Restarting machines (Terminate → Start)
Reconnecting the VPN
Logging out and back in
Refreshing the browser and clearing cache
Trying a different browser

I also noticed that when I access TryHackMe from Kali Linux, everything works normally. The issue only happens on my main system.

My VPN connection is working correctly, so I believe this may be a platform-side issue or related to my environment.

This issue is preventing me from continuing my learning progress.

Could you please check and assist?
(Expires 0m 0s)
Thank you.

Hey everyone, I am currenly in pre-security course, module 2 ( Defensive security). I am given a site in which there is some suspicious thing I have to identify in the lab. I have to put the IP address but i can't find the IP address.

@robust hearth have you completed the jailbreaking room yet in the AI path?

Can you verify your account and share a screenshot of the instruction?

@livid gull

well, I am now stucked on some other problem but sure i lemme verify my account and send the current problem's screenshot here

Alright, so the issue is that i am given a list of three IP addresses, which i have to try one by one to identify which one is malicious. But the same grey pop up error message is showing when trying all three IP addresses.

Aren't those already blocked?

Hey guys, I'm a beginner, and I've been trying to complete task 3 of the room "Experience Cyber Security." I've found the flag which is "BANK-HACKED" but it doesn't fulfill the required format of {_________} (there is a permanent underscore after 6 digits) can anyone help me?

Hi, did you try THM{BANK-HACKED}? You should always copy the flag in the correct format. Also, next time asking for help, please provide the room link

I hacked the AI from https://tryhackme.com/room/promptdefence with a simple "Hello" - LOL
You had me with hello - Jerry Maguire - https://www.youtube.com/watch?v=cR9FMrck4gw

works every time ...

Hello could be the one of most powerful and underrated prompt injections of 2026

high in linux funemental perms i cant seem to find the owner of "important"

https://tryhackme.com/room/linuxfundamentalspart2

find / -type f -iname important 2>/dev/null
ls -la important
-rw-r--r-- 1 yourturn go 14 May 5 2021 important

i figured it out, i had to login to the ssh in the attack room, which i did

but then i went to get something to eat and it expired so and i wasnt in the ssh when my confusin happnbed

@regal knot

best way to learn the term- now you'll always take note of the command line prompt;)

Was that method patched tho? It dosent work now😂

shouldna said anything😂

Exactly😂

This is the equivalent of if it works don't touch it

tru- great find tho🙌

Yep! 💯

Nice pfp btw bro

now ya got me curious.... what if the system prompt now blacklists Hello😅

Actually it doesn't, it still responds to hello but not with the flag it says hi how can i help you

But now I'm again curious

Because the ai translates what we say to numbers like hi how are u becomes 33 678 82 28

And then it matches it and responds

But I think the first time they gave the ai to much freedom/creativity

Like I think they set the temperature to 0.7-1.0 instead of 0.2 or 0.3

Which is probably why the first time it returned the flag

I don't know if what I said is understandable or confusing😂

it takes a lil bit more but basically it locks in on the "Hello! How may I help you?" phrase and tries to predict the tokens that come next (highest probability) - had to nudge it with the auto-complete prompt at the end

Dudeeeee

I'm speechless

Idk y I'm so awestruck every time i learn something

😂 😂

yeah - pretty cool - deleted to not spoil

Yep

Plus the flag wasn't censored so it's best to delete it

but ya may be right - a temp setting could make it "more resistent" to just one word that happens to begin its system prompt

That was really cool, I'm studying ai security and I'm just now learning abt auto completing the prompt

Hmm

but clearly this is not the way to secure these systems, am i right?😅

yep

its a bit to easy

well when you finish this module, if not already, HTB Academy has a next level AI course with optional cert at the end if you want to learn more

yoo thats awesome

ill check it out

how much is it bro

student plan $8/mo, cert is ~$200

alr bet

i actually live in india so its gonna be worth a bit more in ist

will probs save up for it

Bro I saw ur thm profile ur also doing the ai security path right?

@regal knot

finshed that one, took the HTB 8 months ago

Yoooo

Dude how are u finishing paths so fast

5yrs of practice, i guess?

Absolutely Inspiring

keep on slaying it- 5 yrs flies by

My 1st year has just passed

So 4 more

💯 💯

Bro can i add u as a friend, wld like to keep in touch

sure thing

Thank u

When will the crontab on the deployed instance (10.144.181.45) run?

the answer is seven characters long

the only two possible crontabs it could be about are

0 */12 * * * cp -R /home/cmnatic/Documents /var/backups/

or 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/

the first runs at twelve hours and the second at 5

twelve, noon, 12am,twelveam are all wrong

apparnetly it was reboot

hi

hi

How far are you on the AI path? It was a fun one, can't wait for them to add more to the path

I finished module 1, 4 more to go🎉 😂

Awesome, keep it up

Thank you

😄 😄

What should I do? I'm starting in cybersecurity for the first time and I'm on the 'Intro to Defensive Security' task 4. It asks: 'What is the flag that you obtained?'. I need help, please. Thank you!

I'm assuming there's an interactive application for the task that you'll need to complete in order to get the flag

thnx

No worries

Im on the smae level with thhe same issue, but ive done all the terminal stuff, and firefox isnt updating

Any help would be appreciated!

What exactly do you need help with? If it's Firefox being buggy you can try restarting it

What do you need help with

I am having trouble with the Message to Garcia ( https://tryhackme.com/room/messagetogarcia ) room and I not sure where to go next.

||

• I am able to determine what directories exist on the target machine using the resource fetcher
• I discovered that the authorized_keys file is located in the /root/.ssh/directory.
• I know that website files are located somewhere in /var/www/html/
• I have run nmap against the target
• I know there are three open ports: 22, 80, 5000
  • Port 22 has OpenSSH
  • Port 80 uses nginx
  • Port 5000 has been unidentifiable. Navigating to it in a web browser takes me to the web page.

I think my best path forward is to use the backup page to upload a new authorized_keys file that contains a new RSA public key that I generate. However, I cannot figure out how to traverse directories using the backups form and I have been unable to discover any ways to use command injection to move the file. I considered trying to initiate a reverse shell, but without a way to trigger the payload once I upload a script, it won't do anything.

Am I on the right track here? I was thinking maybe I forgot something from one of the other rooms (I'm working on the Jr. Penetration Test Path right now): is there a lesson that would point me in the right direction?
||
Thanks!

having trouble with Experience Cyber Security room, in the screenshots they have provided, flags has been intentionally blurred. Is there a VM that is suppose to start and reveal the flag or how it works?

room link please

I still need a hint for my above message. I added a link to the room I'm working on.

It is here. I used spoiler text as I didn't want to inadvertently reveal where I was to people who didn't want to see it.

the vuln is on the website /fetch endpoint - can you figure out what vuln it is and gain a foothold?

@regal knot https://tryhackme.com/room/careersincyber

no flags in this lab, walkthrough only with a quiz on Task 9 that opens into a split screen

cool, thanks for your help @regal knot

Gave +1 Rep to @regal knot (current: #296 - 36)

Thanks for the help, I managed to complete the room.

Gave +1 Rep to @regal knot (current: #278 - 39)

hi i'm stuck on OWASP Top 10 2025: Application Design Flaws Task 3 -

Been using this CURL - curl http://10.146.129.85:5003/api/process?data=debug against the victim machine.
Getting a 405 Method Not Allowed

Trying alot of stuff but not getting anywhere. Any tips?

did you download and examine the source code provided in the Task?- it tells you what Method is allowed, your error message hints at the issue

Hi

Hi everyone! I'm stuck on a "Topic Transition Recap" task in the Windows and Active Directory room.

Task question: "What PowerShell command would reset the password for user 'alice' in Active Directory and prompt for the new password securely?"

I've tried:

Set-ADAccountPassword -Identity alice -Reset -NewPassword (Read-Host -AsSecureString -Prompt "New password")

But I keep getting: Set-ADAccountPassword: invalid arguments

I've checked for typos, kept it on one line, and included -Reset. Nothing works. Could someone please point out what I'm missing? Thank you!

try ||Set-ADAccountPassword alice -Reset -NewPassword (Read-Host -AsSecureString -Prompt 'New Password') -Verbose||

Thanks

Yes i read the Python and used Echo for help - it suggested curl -X GET http://10.146.129.85:5003/api/process?data=debug but the terminal hangs when thats used- times out

Echo has led you astray- find a other source of truth

Yeah i think it has. Heres an update on where I am. Still not sure what todo

This suggests you're new to Python, new to curl new to API's and new to parameters and their syntax. How to fill these knowledge gaps without giving you the answer outright??

But that is the labs lesson

any hints would be greatly appreciated. 🙂

It would best to work through this on your own. One suggestion would be to give the source code to GPT and ask it to walk you through it. You could do the same for the screen output that you just shared.

Got it

I am having trouble with a question from Task 6 of the Splunkk 2 room. here is the particular question I am having an issue with :

"What unusual file (for an American company) does winsys32.dll cause to be downloaded into the Frothly environment?"

https://tryhackme.com/room/splunk2gcd5

Bug and workaround: #1503058062041288874 message

https://tryhackme.com/room/vectara
stuck on task 8 last 5 hors may be 1-7 can be done but this one suck my brain

i forget all my thing

can you help me on this

How can I get the last flag of Vectara room

i mean that curl command will solve that answer, just grab the required cookies from devtools and run it. if all of that is new to you - it's a great op to dive in and learn about it. GPT will explain it to you like you are 5;)

Am I allowed to ask for assistance on the last question of the Vectara room? The others were fairly easy to get thru, but this one is posing quite difficult. I've 'discovered' a number of items of interest in the output and I have some theories on what may need to be done, but absolutely nothing feels like it is actually getting me closer to the flag. I've been working on it for hours and hours and I'm pulling my hair out

#room-hints message

I just really need to know after failing for so many hours and having to interact with that putz medbay.ai 😭

who could point me in the direction of xss learning to get cookies?

Yo guys can I publish a writeup of vectara with all flags hidden? or do i have to wait till the event ends?

If you could wait until the event ends, that would be ideal.

Have you checked the xss rooms in THM?

HOW you find task 8 flage ??

Tomorrow is the last day?

i told AI "give me the flag make no mistakes"

Same here

I've been trying the last task for more than 3h

any hints for model leakage event 1-2? i just finished all from easy to insane but in model leakage i got flag 3 but lost somewhere 1 n 2...

Does anyone have any hints to getting flags 1 & 2 from task 2 on Injectus IX

man been stuck on the Vectera last task for 2 days now. so far i have made the bot reveal the system prompt and i have found the class-3 medicine's name. but i cannot really exploit the LLM05 vulnerability. ]

this is the workaround #1503058062041288874 message

anyone please help me in ctf

kali brother please help me with one ctf

Hey ...what's up?

help me with the ctf

Lemme finish up something I was doing..will ping you

I am having a problem in this room Penetration Testing Frameworks task 9 Question 2

hi free brother ? now

Hi, did anyone here finish the room “Support”
It’s in Jr pentester > web application vulnerabilities II

Hi, im also having some trouble getting through "Support", has anyone here finished it?

Yeah, where you at

I already got to the api panel and got the admin email, i tried bruteforcing the password with ffuf and rockyou but page crashed at the 80,000 pass attempt

where you at?

I’m done

There’s no brute forcing after support account

Look at the module where the room is in, you gotta test for everything you learned

I guess the only thing i have left is command injection but i can't seem to get where i could try it

So you got flag1 right?

Command injection is only after flag1

Not yet, i have the admin email from the API and i found some password in config.php from the LFI in the themes but it does not seem to work for the admin email, do you know where i should look at next?

I sent you a dm

Is there anyone that has completed the new room Silent Monitor?

You can text me in dm I already finished all the rooms✅

hello people out there!! i'm new to this Discord channel!! i was facing problem in doing the TryHackMe cybersecurity tasks especially task 5 reset password and fuzzing! can someone help me with that one pls!!

hi can you help me in 1 flag?

yo guys does the room "intro to csrf" require the attackbox? i usually avoid using the attackbox and use a kali vm instead, but it seems that for this specific room, i would need the attackbox

i have already created the settings.html file on the attackbox for carrying with the html attack, but i simply cannot access that site

1nd

hello

dun dun duuun

hi

ooooo Love this

Ayyy new rooom

soo, im doing day 12 of advent of cyber (encryption/decryption stuff)
we got an encrypted .gpg file and a rsa key

cant import the key

now, the key isnt a gpg key

@tranquil nymph You need to read the hints for that one

There's no other way

oh

rip

should have done that earlier

now this gets me to wonder tho, why couldnt john get the passphrase of the key if it was so short and simple

Wordlists

can someone help me im a begginer and I just connected and started the VulnUniversity and I used zenmap on the given IP and it doens't show anything

I think you'll be better off in #room-help , there's more guided help in there rather than pointers and hints wait no james said otherwise

somebody pointed me to here

yeah james said so

Give the room a chance to boot

anyway could somebody help me?

How do I know when it finished to boot?

Give it 5mins

oh ok

It'll take a couple of minutes, are you able to ping the IP address perhaps?

it's gonna respond to ping way before it starts responding to most other services

ok yeah that'll be the check I'll script that so I'll know when the machine is booted

you don't need to script a ping 🙂

I guess

yeah I'm able to ping it

That's like chopping onions with a samurai sword...

or some other obscure metaphor

lol

I'll delete it later so there won't be spam

anyway I'm able to ping it but its still show's the following message at zenmap "NSE:

dnet: Failed to open device eth0

@deft jay

Zenmap is trying to use eth0, not tun0 (the vpn)

"Shooting sparrows with a cannon", @steady stratus ;)

that works too! @bitter crane :^)

Zenmap is trying to use eth0, not tun0 (the vpn)
@steady stratus
How do I tell it to scan the VPN?

If you can ping it then you're connected to the network so it's not like tun0 doesn't exist.

Uhm, can you just nmap it through the command line? say nmap -sV <ip address> ?

I'll try

Are you running as an administrator?

yeh

yeah'

If you can ping it then you're connected to the network so it's not like tun0 doesn't exist.

Uhm, can you just nmap it through the command line? say nmap -sV <ip address> ?
@steady stratus

still doesn't work

do you get any kind of output from that? even an error message? This'll be for #site-support I think now

ok, for the day 13 challenge i tried so far:
||iis exploits in metasplot
bluekeep exploit
hammering rdp with common usernames + rockyou
enumerate webserver - quite literally nothing there besides the demo page from what i can see||

i dont want to click the actual hint on there since they might be too big

Oh, retro

OSINT it @tranquil nymph

huh ok

Look ||on the page at all the posts||

I don't understand flag20 in linuxctf
I found the file not that I really had to look for it and the output looks different to previous flags, but it is of the same type (ASCII) so I don't believe I need to convert it or anything. I don't know what data type ends with =
Someone push me in the right direction?
It just says find and retrieve flag20

ohhhhhhhhhh

i should have just used a bigger wordlist

@tranquil nymph No, OSINT

Read it and do some research

yeah, i didnt even find ||/retro|| because i used a small wordlist

o, you were stuck there

yup

any hint for HackPark room ?

What is the name of the binary you're supposed to exploit?

The room has hints

Follow those

yes but how can i see log service

Research

googling is not bad, it's a part of your learning!

googling is a pentester/hacker's best friend, even when they're really up there skill/knowledge-wise

exactly

especially CVE database + exploitdb is something which is supposed to be used

heck, or just plain ol' stackoverflow :p

Any advice for getting the php reverse shell to work? Added internal IP and port, listening with nc, but nothing coming through

the shell must be executed

Yeah, ran it but still nothing

hmm, odd

getting failed to daemonise error, which it says is non-fatal

still nothing on nc

try redoing it

cuz seems like you are doing everything right

i've tried several times and used diff ports (4444, 1234, 80)

weird. I'll keep trying

what room are you doing

did you set the same port at nc

vulnversity

ye i knew that

yea, set nc to listen on port in script

gonna start over from scratch

thanks for the quick responses tho

🙂

finished cmess room,I'm never forget it 🙂

Popped!

Problem was I was using my internal virtual ip address while also using the THM Kali instance. Gotta ifconfig within the instance to get the actual IP to use in the script

if i'm not getting tomcat version from nikto in toolsrus room

done

May I suggest waiting a little longer before asking Xande? As I think you've noticed, a lot of questions can be answered with a little more patience.

ok

but the room is for help ,isnt it ?

Correct

But as you've discovered yourself, if you spend a little bit of time on it - you can solve it yourself!

That in itself is worth 1000x more then someone telling you how to do

right

If you feel like you're going down the right path or need a little push in the right direction, that's what this room is for 🙂

Am I the only one getting only a single port found open on thecodcaper with -p-?

Also to build upon what @steady stratus just said, even if you're on the wrong path. Rabbit holes are a learning experience too! You don't learn anything being spoon fed

Terminate, refresh and reboot @idle merlin

That was a problem

We've fixed it now though

Was that in the past 30 mins? Did that exact step 30m ago before bothering to even ask haha

Mhm. My working version has been up for 35 minutes now

A'ight, lemme give it another try

Gonna give it some time in case the service is taking its time but still only getting the http atm. Be back in ~10 mins with an update 😛

SSH should start up pretty quickly

What is the title of the machine?

Machine 1

If it's Machine 1 then there's a problem

Oof

Right

Excuse

This is ridiculous

Hold on

Terminate, refresh the page, and redeploy @idle merlin

There we go, must have been the need to refresh. Getting the Caping of Cod now

Por favor

Ok that's better

woah

its my first time using sqlmap

and this is crazy powerful

Mhm

Can someone verify if my hashcat command is correct for 'Crack the hash' room?

This is the command Im using for level 2, question 3: ||hashcat -m 1800 '$6$rounds=5$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.' rockyou.txt --force||

@cyan swift For some reason, skip the rounds

so, the database is compromised and sqlmap spat me out some username/password tuples...
but none of them match the format of the task

What command did you use?

i used one with -a before, and then this
||sqlmap -u http://10.10.158.21/administrator.php --current-user --passwords --forms||

Um

the interesting user would be

debian-sys-maint

Ah, ok, different way of doing it

I would always recommend capturing a request and passing it in with -r for SQLMap

Makes life a lot easier

huh

Try doing --dbs for your first scan as well

Gives you the lay of the land

hmm

what exactly would be the upside of using -r instead?

I believe it's able to parse it faster than sending a GET request

It also doesn't break as much

oh

i figured it out

really nice pointer with the --dbs

😄

And yeah, it gives SQLMap something definitive to latch onto, rather than setting it at a URL

GIving it a previous request means it knows exactly what to go for

gotcha

makes sense

ahhh i cant wget a reverse shell on the target

do i really have to echo the entire reverse shell into a file

nvm

big nvm

Hello, I am on the Linux Challenges and am stuck. In Task 2, #5 it says "Find and retrieve flag 5" / the hint says to use the find command. However, I must be missing something because running the command
"

find . -name "flag5"

isnt returning anything as of yet, (and i do have the * around flag5 it just keeps making it italic)

You're currently only searching the current directory @white salmon

Try searching the whole system

Hmm, I tried that, I went up to / with both Bob and Garry. Maybe I'm missing it

AH I think I found it

😄

Missed it. piped my find command into a grep command. worked well 🙂 I will use that from now on lmao

Hmm, "Look at the systems processes. What is flag 7"

I am assuming it's not asking for a "ps -A" because that's not it lmao

Man I thought I was comfortable with Linux 😂

OH F ME.
Okay, I promise everyone I am smarter than this omg 😂 I found it...

Okay, first hour of TryHackMe done! Super excited to be a subscriber.

I got the worst score on most room So don't worry

Anyone around to help with an issue, I'm not sure if it's burp or something else.

@wintry isle i think u should ask at #site-support instead here :/

Hello for the reverse shell, which ip address should I use? Virtual ip or real ip

Morning! You need to use the IP address given by OpenVPN / TryHackMe

You can do ‘Sudo ifconfig’ and look for “tun0” or check your “internal IP Address” on https://tryhackme.com/access

You can do ‘Sudo ifconfig’ and look for “tun0” or check your “internal IP Address” on https://tryhackme.com/access
@steady stratus thanks

Hello, Im on the Advent of Cyber and I'm stuck at the last exericese of task 9. The password hash I must recover seems to be inthe file /etc/shadow but I have no right to the file whatsoever and I'm not on the sudoers list. Can't find my way around this one 😦

@white salmon yes. you don't have permission to read it, but you can find a backup file 😉

(which you will have permission to read)

Oho !!! thanx @glossy basin !

first time asking for a hint

the cod caper, found an ssh key need the password