#room-hints

But I think it's more of a problem from nessus

And I had literraly 0 vulnerabilities when scanning ... so .. I dont know 😄

@white salmon plz delete answers but yeah, there's 2 ways that it's normally not quite right

if anyone can help i've been stuck on task 6 question 2 of advent of cyber for a while now

i'm really not sure exactly what I need to do

I looked at the cookies and I don't see any consistency among them

im noob

@frank ether Do you have the cookie there?

After 4 days trying Year of the rabbit, I got root. Amazing box, thank you @inland onyx learned a lot!

@white salmon sorry I didn't see your response, yes I got the authid cookie but I'm not sure where to go from there in terms of "decoding" it and stuff

@white salmon can i PM you?

Sure @shrewd skiff

you have to accept the fr to pm me though, as my dms are set to friends only

could someone please assist me with flag 7 of the linuxctf?

i've done ps and top and thats all i know about looking at processes lmao

let me see

i'll check my notes real quick

cheers

@gentle herald https://www.cyberciti.biz/faq/show-all-running-processes-in-linux/
this will help

thank you, i'll try it out

Hey, so I was doing room Geolocating Images, task 6, so the thing is I got that place on maps, but still whenever I submit it as answer, it's not that, I can dm you the place to verify it's the right one.. I am out of ideas now

@wintry patio yes, send me your answer as I have completed it.

ah..nvm, got help from chevalier, apparently that stupid place has a name, which I can't find... yet

Oh right ok.

Yeah it's not what you think it is 😉

Hi guys

Hi

You got a question?

im working on Advent of Cyber day 10 , wondering that how can I know which metasploit module should be used .

i already knew which service is on

ohh i find the way 😅

Room Tony the Tiger , Task4 i should find THM{.} or try anything between flag Format

Yep. What's your Q?

i not found anything with THM{}

What did you try?

try all blog , curl all site

but nothing

Shall I dm you with a hint?

sure

The final flag does not have "THM{}" as detailed within the task 🙂

hey guys, Common Linux Privesc task 9 #6, when it says "Once you've finished the exploit, you can exit out of root" what it means

just exit the root account

switch back to normal one

@fossil cosmos

i wasnt even in root lol

but you were supposed to go there

thanks for replying though

sure

@pine ermine i got icmp on on my machine but why i can't get reverse shell ?

On Tony? DM me your command

yo, I wrote up on reverseengineering room, I need tips on really understading the last crackme3.bin if you will

anyone got any hints for the box "Tyler"

?

im pulling my hair out hahaa

anyone done it?

Linus Challenge - Task 2 - #4: very confused - I located where cron jobs are created but I'm missing something because I can't find a flag.

@cedar path Have you checked the hint?

Yes I have. I found crontab, cat'd it

unless im supposed to run it

I also found the crontabs in the /var/spool/ dir but the user I'm on doesn't have permissions to do anything with them @opaque pond - I feel like it's right in front of my face

It's ok to go looking on Google or your favourite search engine if you still don't know what you're looking for. Using your Linux skills will definitely help 🙂

Google is how I found the directory that crontab is located in in the first place. I don't see the flag so I'm blindly poking around everywhere I have access to looking for the thing

Well between Google and what you can do on the machine, there isn't anything more that you need other than to learn better. Keep trying. It wouldn't be fair if I gave you the answer. Have you finished the 'Learn Linux' room? It's a good starting point if you're struggling with the Linux Challenges room

https://tryhackme.com/room/zthlinux

Yeah I have. I don't have a question to google is my issue. It's not for lack of trying

In other words I have information here, I don't know what to do with it.

@opaque pond found it, thank you for not listening to my tantrum

I knew you were close and just needed to be persistent. Some of the flags are tricky like that but need a little more coaxing.

i didn't even know i could use flags with the command

which is where i got stuck

i'll just "man" commands next time if I can't find something ✨ l e a r n i n g ✨

That's what those tools are there for 🙂 If you need a good book, OffSec has a free pdf of their official Kali book at https://kali.training

can someone pls help me reverse engineering problem?

@opaque pond appreciate it!

can someone pls help me reverse engineering problem?

anyone?

You'll have to give more context than that

@late lark If you're having trouble with something, you can just post the problem you're having in the appropriate room. give details of the problem you're having.

@late lark Don't just ask to ask, what room and task are you stuck on, what have you tried?

means i m stuck in Introx8664

also a bit of patience

crackme challenge

sorry

hello guys

Room/Task/Question, details about the trouble you're having?

mean i m not getting the steps to follow for which the string compares to the actual password

Introx8664/Task6

I haven't gone through that room unfortunately - sorry buddy

Perhaps someone will be able to help out soon :^

oh no issue

beigner here. I ve gone through "Learn Linux" and I am blocked for some time at last step 43: find the flag under /root/root.txt . Any hint would be appreciated : https://www.twitch.tv/darkus3/

I haven't done that room yet either and haven't touched Assembly since the late 1990s... I'm a bit rusty 😛

anyone else ?

What have you tried so far? @prisma heart

@prisma heart Everyone gets stuck on that but you have all the tools you need already using what you learned in the room. You'll kick yourself for not getting it quicker but it is a head cracker 😛

^

have anyone done cc: radare2 room

There's a certain user that has sudo permissions which'll allow you to output the contents of /root/root.txt @prisma heart

I ve list users I found nootnoot

but I still don't have it's passwd

@prisma heart Look for files belong to all users

^ no need for anything fancy with this, everything you need you have done in the room - no escalation as such 🙂

If the answer isn't simple, it's not the answer.

hum ok I will try to look arround /etc/passwd to fin a user with root privilege

I mean that might not help you

Look for files belonging to each user

Introx8664/Task6 @stuck fractal pls help

@late lark No.

why?

Because I haven't done the room and I'm busy?

oh ok

Look for files belonging to each user
@stuck fractal generally speaking that would be the first step? I did the exact same thing when I got there, I tried looking for the password where passwords are stored or tried to find a user with permissions.

It's just the hint that I know

Patience is a virtue @late lark...

roger that

throughout the room you use a certain command to look for files owned by a user

there's a user who owns a certain interesting file

@steady stratus Ok Brother

Hi everybody, any hint on crackme2 in intro to x86-64 ELF ? With a colleague we found a file with a password, but the flag doesn't work

YOTR need a hint on how to ||exploit the vi command|| . I did try the usual stuff like|| !/bin/bash !/bin/sh etc etc||

@shrewd skiff https://gtfobins.github.io/

oh my what a gold mine

got it for crackme2

@lean pelican how?

look at the instructions after the scanf functions

you have two values put in two variables

these values are modified after

furthermore, remember when you compare strings, it compares letter by letter

with that in mind you will find it, good luck

stuck on a part in hackpark. can't find the service name, i found the .exe it wants but can't figure out the service name

if anyone can help i've been stuck on task 6 question 2 of advent of cyber for a while now
i'm really not sure exactly what I need to do
I looked at the cookies and I don't see any consistency among them

@frank ether Day 1?

Look at encoding types, see what you can recognise

ya the one with the ocokies

sweet thanks @stuck fractal

i feel stupid now

For RP: Nessus, I am having the worst time finding the web server version in the syntax it wants, is that an issue with the syntax on the flag or am I just looking in the wrong place? I looked over every vulnerability found and can't find the exact syntax it wants.

guys, anoybody knows what the password field checker is on the WackoPicko.com challenge?

@keen tinsel What do you mean?

"Perform command injection on the check password field", what is the check password field? on what page is it?

For RP: Nessus, I am having the worst time finding the web server version in the syntax it wants, is that an issue with the syntax on the flag or am I just looking in the wrong place? I looked over every vulnerability found and can't find the exact syntax it wants.
@whole field I did this room yesterday and the syntax was pretty okay I thought

But sometimes exact phrasing can be a pain in the ass 🙂

which one are you stuck on?

"Perform command injection on the check password field", what is the check password field? on what page is it?
@keen tinsel I'm not sure but if it's the room I think it is than the hint should help

@pseudo ermine It's the web server version part, the last part of the second section, I see the OS its running and the Kernel but none of those versions fit the syntax

@pseudo ermine I'm rescanning it though to see if something went wrong in my first scan

@whole field mmh I thought that one had the syntax pretty straight forward

but I might have the wrong question in my head

You see the ******* in the input field

for the syntax?

It was six asterisks followeed by a backslash then .* .* .**

Nessus should grab that

I'd hope

It did when I did it

did you look through all the vulnerabillities? 🙂

I looked through them several times, I've also used nessus at previous job so i'm fairly familiar with it, i'll try rescanning, I might've rushed through the options instead of doing it exactly how instructed.

You can DM me if you're really stuck

Will do, thanks, I am doing a different scan type on it and after that i'll re-run the scan from the room and then if it's still not in my vulnerabilities i'll DM.

good luck 😉

Woo. Got it, I ran a separate web vulnerability scan and that picked it up, it definitely wasn't in my original scan.

kinda stuck on linuxctf room, how do i get into alices account?

read the introduction of that section 🙂

the password is just there

because it was broken

facepalm

thanks..

see i woulda made it if the private key worked lmao

U got to the private key? 😄

I missed it too when I did the challenge haah

Can anyone point me in the right direction please - I'm doing Kenobi - T4Q4 - I've run the code as required but when I type id in the box it returns with invalid choice?

@white salmon Yeah, you haven't followed very well

Oh?

Look what you're setting your PATH to

That's what is shown in the image? 😒

I'm fairly sure I'll be missing something but thought I'd check. 🙂

@white salmon Ok, so if you're using /tmp as part of your PATH, what directory does the fake curl binary need to be in?

I'm with you, thank you once again @stuck fractal

Can I get a quick sanity check for the last step on Tony? I'm 99% sure I know what it is but I'm not looking forward to it so I want to check.

Hi friend @vague reef

@steady stratus 👋 DM alright?

It's okay - but for benefit of other people, perhaps try and keep it in here first? 🙂

@steady stratus Well I am trying but estimated time to completion is 8457 hours. 😀

For the last step you say?

That explain what I am doing?

Yep.

I assume you've managed to escalate to root in which case?

Nope. I haven't. I assumed that was the step to root was what involved what the hint referred to.

Ah, if you're trying to bruteforce root's password it won't work

Alright. Wrong path then. Thank you!

you need to escalate from a certain user up towards root 🙂

which User - I'm sure you can figure out with the "hints" on the box

Keep in mind that hint for when you do escalate to root though...

Yeah. I think I can find that. I thought it was saying to bruteforce the login and I was feeling very depressed.

ah, I understand hehe. Nah - the hint is for the final final step 🙂

gl with it!

Alright. Thank you!

hello .. guys I am stuck in hacking with powershell room .... I am getting error.. but it should not be

need help...

Can you please remove and re-post the image with your answers removed ? @coarse hornet

sure

thanks mate!

@steady stratus can you please help me with this??

I am not getting the actual problem...

hello i did a reverse image search of agentsudo

but i dint understand the correct answer

can someone help me ?

it's my last answer

anyone here done the CC: Ghidra room?

I made the room

What's up

i\m going crazy

hahahahaha

well done mate

😁 sorry about driving you crazy

task 4 #2

omg

#1 #3 #4 are ok

but that #2 is really driving me crazy

Haha

What's the question

no question

i just wanted to say it

hahahahaha

i'm still searching

got it

Nice one 😁

last task was far easier

done that right now

well done Paradox, nice course

hi am stucking in Learn Linux FLAG any hints ?

last flag

am facing problem with my machine due to network

@long niche sorry bud, i did that room 3 days ago but since i've done so many i can't remember

but the commands you need to have the job done, are in the course so...

it's about bypassing ?

you can try that

@long niche I am no sure how much we are "allowed" to help because I am also a newbe here.

it's hints section just throw some hints iy's ok

You will need to uselize what you learn in find chapter and sudo

tried to list sudo privilege for each user emmmm i will do a second look

thank u

what message does it return ?

i was stacking there because of network problem but am going to download new generated vpn file

and see if the problem is solved as u said

ok

thank u

hi! im new here and I'm starting.
i got stuck in the Advent of Cyber in day one part 3. I don't know where to get the answere.

@agile wyvern Have you figured out the cookie to use?

yes, authid

As in, have you decoded yours, made a false one for the admin, and resubmitted it?

😱 I didn't know that could even be done

Then, uh, that's the way forward 😁

thanks a lot!!

@inland onyx are you here?

does anyone know why the flag on the "Basic Steganography" doesn't gets accepted?

I think people had this problem

And it was because they didn't get it quite right

but i got the flag

hmmmm

Hi, guys I'm stuck at "learn linux" task21 "This challenge is pretty simple. The binary is checking to see if the environment variable "test1234" exists, and if it's set equal to the current $USER environment variable." I'm tried a bunch of things no sure what to do.

You need to create the variable test1234

and the value needs to be the $USER

read the task with $ title

got it! thank you

Room Tony the Tiger Task #7 what is hash Format ? @pine ermine

@eager flax you are trying to copy from Deskel's write up without doing it yourself. hence why it's not working.

@inland onyx @white salmon year of the rabbit is now solved. Thanks for the help and hints throughout the duration before success. 🙂

@eager flax you are trying to copy from Deskel's write up without doing it yourself. hence why it's not working.
@past night i made it myself and no i didn't copied it!

i spent hours and hours typing and changing letters....
i don't know what i did wrong in the process

send me a pm with the encoded text and your approach to it

ok

or follow this one: https://birgauanu.com/blog/thm-basic-steganography/

i did complete the room last night but i the flag didn't work and i had to change letters manually

alright it makes sense

Room Tony the Tiger Task #7 what is hash Format ?

@north moat
The final flag does not have the formatting of "THM{}"

K. I'm actually on the last step to Tony now. Can I double check my command? I tried a couple things and they failed to recover the flag. So I tried brute force and it ran for about 4 hours and crashed. I feel like (and hope honestly) that I'm missing something right in front of my face.

@vague reef You can pm me if you need a hint

Alright. I'll do that.

@river falcon i know , i found hash but i don't know the format to crack

its look like base64 but its not

@north moat You can DM me.

Can anyone help me with simplectf room
I got the exploit but it just return garbage values ☹️

hi all, i'm in room 25daysofchrismas day16 ... i'm stuck in third question... help please ?
they talk about file containing password. i can see in xxx files they are readable xml code. hum, in the others, they are base64 string... i looked for decode base64 in python to create images but they are some errors... in courses, there isn't tips about decoding so i think it's a bit easier

@echo laurel do you mean this https://tryhackme.com/room/easyctf room ?

Yes @shrewd skiff

I solved this room earlier today. How can I help ?

I know the CVE, but when I run the python script provided by exploit db ....it just return garbage values not answers

which CVE did you use?

It's ||CVE 2019-9053||

donut spoil answers ^^

Ahh...ok

thank you

Ok so the CVE you used works that much i can tell 🙂

I tried like 5-6 times

make sure your ips are correct

But it still gives garbage values

make sure your ips are correct
@past night
Ya that's correct ....

I'm getting usernames with like lot of 1s

reboot the vm maybe?

Did you use the correct arguments?

And everytime I running it .... I'm getting different answers

reboot the vm maybe?
@past night
Tried 😅

Did you use the correct arguments?
@shrewd skiff
Yup

Yea it works every time and the first time 🙂 So you must be doing something wrong

oh yea.. i converted it to python 3

I check his work in DM. He used the same command I did to solve but it is returning garbage date. For example, the first line of data would come back as 1311 and the second as d21111212121.

Hmm

Is your stuff up do date

Yupp...

I had to convert it to python3 in order for it to work.. my Kali is a fresh install.. maybe fresh installs lack some module or dependancy

i think i've done it a while back

not sure if it requires certain versions to make it work

there should be more than 1 script to do the job

check exploitdb or something

i only converted it because my python2.7 missed a module

Termcolor is missing in kali....

I installed it

oh yea i did install that too

for python 3

🙂

But still not working...☹️

Let me check for other scripts

i mean it 100% should work its the same snapshot of the server we use

@echo laurel send me some screen shots of what you are doing

in a DM

Hey guys, I'm stuck in XSS playground room. I can't figure this out. Could someone give me some additional hints to DOM Payload for changing the background?

nevermind 😄

Had I problem with quotation marks

May someone help me in Task 4 of juiceshop? I don't know what to do

i've been the whole day on a rabbit hole hahahahaha

anyone got a hint on rabbit hole?

i've tried everything i could think of

@eager flax what step, user?

nope i'm still off the box

scanned everything, enumerated, steganography etc

i'm hopeless

Found any dirs?

yeah i have found one dir

With 2 files?

yeap

i'm torturing the files right now

that meme is killing me 😄

hahaha

It's really a box full of Rabbit holes

And I laughed so hard with one you'll hopefully also see

But 'm, it's really in one of the two files

I'm booting the box (still need root) to give you more info in a DM you if you want

MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM======

some helpme with this

encryption

Hey if anyone has done the learning linux room, I could use some help on the last task (43). I have no clue how to get the root password

@pine ermine can you help me in rabbit machine

Yea, where are you stuck at? DM if there's spoilers

hey can someone help me in the room "Hacking with Powershell" [Task 3] [3]

"Get-command | measure" with Answer:||7935|| dont work

Does that correctly exclude the things you've been told to exclude?

Anyone got any idea who this Jim is from owasp juice shop?

@stuck fractal yes

Hey!! Need help with 25daysofchristmas!! I'm on Day 11. And I can't connect to the FTP server no matter how much I try!!

Always get the invalid PORT command error in every client

did you do an nmap scan ?

Yeah!! I did the nmap scan and even used the NFS share

Linux Challenges, task 3, #5. Please. It's gotta be something simple I am missing. Tried uname, hostnamectl, looking in /proc, looked in /sys, several sub directories. I must be missing something dumb

@frank dirge did you use "FTP <machine IP>" ?

@white salmon Yes

@frank dirge it works for me did you try to restart the machine?

@white salmon I get upto this. But then I use ls or dir and "500 Invalid PORT command" error comes

oh, lol my messages didn't scroll down

@white salmon I restarted the THM box and I'll try rebooting my machine

@cedar path look in bob's directory

Alright, thanks.

Oh jees sorry I did that already, I meant task 5.

"information about the system" etc

@white salmon still nothing

@frank dirge Please don't throw sudo at the problem and hope it'll work

It'll cause you a lot of problems later on

@stuck fractal Still doesn't work.

I wasn't saying that was your problem

I'm warning you that throwing sudo at problems when you don't need to can cause you more problems

Okay sure

hello guys, I am stuck at FLAG #15 of LinuxCTF room (Find info about system: kernel infos, ..., and find flag 15). I printed out the file /etc/os-release but I don't find any flag in there. I also tried multiple methods: uname, ... but nothing succesfull), any hint on where this flag is hidden ?

found it! nevermind

@inland onyx can you explain the above problem to me in caveman terms?

@cedar path Which one?

I don't understand the fundaments of task 5

anyone got a hint on "Year of the Rabbit" ? ? ?

@eager flax Which part?

@cedar path Gimme a sec, I'll look at it now

got in Eli but i can't find anything

@cedar path Which question?

@inland onyx hey bud, how r u?
Nice room!

i wanted to speak to you and apologize for DM'ing you the other night without asking first.. 😦

i feel bad about that since then..

Ah, yeah, don't worry 😁
I was away for a bit -- it's all good though 👍

@inland onyx I need to find flag 15. I've used uname, hostnamectl, cat proc/version, and opened several files and sub directories. 99% sure I've found several other flags in my journey through this system, just not the one I need.

Ah, T3Q5?

Yah.

Ah, do you have the flag and were wanting it explained, or are you still looking for it?

i can't read the flag and i cant escalate yet

i've run linpeas but cannot find anything interesting

any tips for me? or other rooms to study first?

@inland onyx Still digging.

@eager flax Ah, you're stuck on Eli?
Have a look at the motd

That's good old fashion enumeration

hmmmm

Remember that this room is very CTF like. It was literally designed for a box-dev workshop

So it's not particularly realistic. Look for the obvious stuff, not the real stuff

i have 0 experience so that's a problem...

i'm doing my best

Look at the motd (the message you get when you login) -- and search for stuff based on that

@cedar path Right, sorry.
Yep

You're looking for where your release information is stored

I've acquainted myself with that information in many different places. 'find' found me even more places to look. Will report back.

need some help with tony the tiger

i got the hash but couldn't crack it

crackstation.net

Unrecognized hash format.

What hash format is it?

good question

i couldn't identify it

https://md5decrypt.net/en/HashFinder/

No luck

@inland onyx that was unbelievably painful - what is the benefit of ||lsb-release|| over the uname command?

@cedar path In normal circumstances? Zilch. It's just good to know about
(and it's a challenge for a reason 😛 )

AFAIK at any rate

@inland onyx obviously i am not ready yet for the "Year of the Rabbit" room, it was nice but i quit, i have been there the whole day already

any suggestion about a room to help me get better?

In terms of looking for stuff to help with YOTR?

https://tryhackme.com/room/thefindcommand

Would help

whait

i think i found it

😁

got the first flag 😄

@inland onyx can you explain me something?

i have figure out what i need to do for the second flag

but it isn't working and i don't know why

Chances are that you've not got it quite figured out then 🙂

but i should be able to run it

😦

DM me with the command you're trying to run?

@inland onyx i made it

Ey!!

i'me very happy

but i'm tired to express it

i''ve been struggling for 12 hours

Good time to take a break then 👍

i haven't fully digest it yet

i know how it is done

but the why is so so

i mean yeah it's exploitable

hmmmmm i have a lot to think for digesting the info

it was very clever

Nah, that box is definitely not my best work. It's my second box, and it was designed for a workshop, rather than to actually be a challenge

one thing is for sure

i know better now what being specific is like

thank you, appreciate your mentoring

Good one @eager flax !

SUPPER STUCK! OWASP Juice Shop. Can't figure task 5 out.

already got the right email ? @round fog

nope

1. find Jims mail
2. find infos about jim (google?) and find the answer to the secret question

Hello Everyone

hello

im at OWASP Juice Shop , Task #5 q#1 "reset Jim's password using the forgotten password mechanism - what was the answer to the secret question?"

1. find Jims mail
2. find infos about jim (google?) and find the answer to the secret question

Checking , thank you xLogiiC

kk

if i run a search for "owasp juice shop find Jims mail"
it gives me the answers (i dont wana look on that so i wont cheat)

Thank you XLogiiC

@true gazelle i could give you a hint

i would love that!

so if you look at the about us tab on the website you find a part of the mail and maybe you could guess the first part
i will start with that thanks :

i inspected the about us button, i did Ctrl+F "Jim" - it gave me back nothing , so i tried to search on the page itself + source code , witf Ctrl+F again for "@" sign , yet no match for anything ... am i missing something?

@true gazelle I can dm you the way i've found the mail

i would appreciate another hint my friend 🙂 i wana get it on my own as much as possible 🙂

Don't try to be a hacker, act as a typical user.

soo you got that 1 part of the mail ?

I've got the mail

now the hard part 😄

@true gazelle got the one part ?

@round fog nice

soo you got that 1 part of the mail ?
@raven prism i didnt 😦 still looking

i inspected the about us button, i did Ctrl+F "Jim" - it gave me back nothing , so i tried to search on the page itself + source code , witf Ctrl+F again for "@" sign , yet no match for anything ... am i missing something?

close man you are looking for the part of the mail with @xxxx.xxx

testing

all i find is" @media"

you dont need to see the code man

you can find the mail on the "normal" website

Don't try to be a hacker, act as a typical user.
@round fog

👆 this

will try harder

@true gazelle got it?

@true gazelle got it?
@raven prism nope , evetually i will go trough the tutorial (on youtube) i didnt gave up yet (and didn't research enough

did you find the mail address?

didnt yet , still looking for it as you said under the "about us" tab

https://imgur.com/yNxvbtU.png

this is the clean"about us" tab , i cant see no email address anywhere

as a user , i cant detect anything

@true gazelle alternative you can find the complete mail at the #/search

has anyone done the webgramming room? I'm stuck on question 3

Dears,

I have a question regarding to CC: Steganography room I have done all the question but for the last task , I download the image and i used steghide to extract it but i don't no the paraphrase 😦 i try to embed a text but it doesnt work with me ❤️ how can i fix questions like this if I do not know the paraphrase

Even in any other room how to extract the flag if I don’t no the paraphrase

@prisma blade Just a tip steghide will always ask for a password even if there isn't one.. 😉

I press enter and it’s say wrong paraphrase

Hmm

🙄

One sec, I'll go over my notes

Specifically which task and question are you on?

Last task first question

So the final exam?

Yes

Ah I remember now @prisma blade

You need to use another tool before you run steghide.

What tool would you use to get information on an image...

Exiftool

I used it and got something like admin=pass

Ok so use that password that you have with Steghide.. 🙂

Hell ya hahah thank you buddy

I want to ask you if I don’t get the pass how can I extract it

Hello all

how are you

?

anyone here completed the Jack personal website challange

?

Can't say I have.

I am stuck at a point

can you suggest a wordlist for cracking the password in Jack personal website challange?

Like I say I've not personally done it but I usually find rockyou.txt does the job for most things.

yeah but rockyou take a lot of time

as there are a lot of passwords

I occasionally try directory-list-lowercase-2.3-medium but again tend to find for me I just revert to rockyou.

Odds are

If it's a password you need to crack for a challenge

The pass is in rockyou

if you try with the rockyou password list you need to stay near the computer as the challange expires

you need to constantly be near to extend the time

@echo thunder ||The password is not in rockyou||

can you tell me a password list that contains iot

it

No

or I need to create a custom oen

one

?

Telling you the wordlist would be a major spoiler

the wordlists that contains the password can be found on seclists github

?

Maybe, maybe not 😏

And this is why I hate hash cracking^

He's not cracking a hash

Through I have to agree cracking something like bcrypt is annoying

Oh password

That's my b

can you give me a hint where I can do a research on finding the correct wordlist

?

Cracking anything is annoying

^

It's just pick a wordlist and hope you're right

Same with brute forcing and same with dirbusting

i am using gobuster

and it is a great tool

I'm not talking about the quality of the tools

ok

It's the act itself

On the LFI room: I'm getting no return from exploring/injecting into the ||etc/passwd/ directory||. Can anyone give me a hint on how to get a return?

There's quite a few LFI rooms

Inclusion

Has anyone yet done "Lord of the Root"? I'm a bit stuck and could use some pointers

who knows what is the answer of What option sets the architecture to be exploited? in ccpentesting

Salve

As the maker of this room I can assure you the answer is in msf's option

i am using long time metasploit but i dont understand the question

The system architecture - x86 or x64?

it is not matter its about msf

Well clearly it does as the question is asking you what architecture is to be exploited...

How do you find files that have specific permissions?
I've been reading the man page but can't find it.

You need to add a flag to your search, -perm you'll need to read up on that.

Ahhh

Well clearly it does as the question is asking you what architecture is to be exploited...
@white salmon it is not the answer i dont see any options of arch in the module

Can you post a screenshot?

sure

@thick osprey Please don't DM me without asking first.

sorry

The image you have posted is of the questions, I was referring to your metasploit session.

we dont need session

@thick osprey I can confirm it's there... read again about metasploit

Ok, I strongly advise that you re-go over the topic and look in the options section.

There it will ask about architecture.

you need to use eternalblue exploit and find it in the options

Have you worked it out yet @thick osprey

Just deleting that image because it's full of answers @thick osprey 🙂

Please try to avoid posting spoilers

Have you worked it out yet @thick osprey
@white salmon yes thank you!

Glad to hear it! 🙂

I'm on the last Task of zthlinux. To see the /etc/sudoers you have to have sudo permissions right? haha Kinda stuck

I've seen that there are several users but none have sudo permissions, can I have a small hint ?

The bonus task?

Yes, I guess the user nootnoot has sudo permissions I just need to find the password

Look for files belonging to each user

Hmm

made it

i need to study more web apps..

Hmm, I've been looking at the files but can't find anything :/

@inland onyx Is the user nootnoot a good place to search?

@inland onyx Hey bud how are you? Just wanted to say hi!

@keen fable Try searching the other users first

👋 @eager flax

Not bad, yourself?

i'm good, trying to study 😄

Same..

@inland onyx Hmm nothing 😛

I hope I didn't override any file

You won't

Keep trying, it's in there

If you get really stuck, ask in #room-help or check the writeup 🙂

Ok

anyone got a hint for the jack room?

lfibasics: on the poisoning part, the injection in step 5 just removes all output to the file and the url remains the same. Can someone give me a little nudge in what I should try?

@true gazelle alternative you can find the complete mail at the #/search
@raven prism

#/search?q=jim didnt get anything ethier

Hi

I have a question regarding one room

on jokerctf at task 18 i

the command lxc image list does not show any alias

@echo thunder Known issue, only fix is redeploy and re exploit until it works

ok

thanks

I redeployed 2 times now

i will see the third one

thanks

It's a pain

guys pls give some hint about the year of the rabbit room i just have found the rickedrolled.mp4 only I am not able to figure out what to do next?

me too

i am in the same spot

@late lark try to listen to it

you mean at the voice that tells you that you are the wrong spot

?

it tells you that you are looking in the wrong place

@solid patrol can i PM u?

i just got many embedded files inside that video thats it

@late lark can I ping you?

yep

If someone need a hint for the year of the rabbit can DM me as well

I would like to say that I did Year of the Rabbit as my first CTF room ever. Not a good choice, but i managed to solve it after a lot of research. I also would like to provide help in form of hints for year of the rabbit. Please ask here first before a DM. 🙂

Every room you do is a good choice, you'll learn from all of them is my opinion

Cool you solved it also

was someone able to do the buffer overflows room i'm stuck on task 8

hi guys

i have a question

for the wpscan in order to make it crack faster, do you insert also the --max-threads options on the command? if yes can you tell me a good value in order to crack faster?

Hi guys. I'm in the Linux Challenge room and stuck on finding Flag 26. Any ideas or resources that I should be looking into?

Anyone can help me with hackpark please?

He guys I have done using sonic visualizer to get the flag for cc:cryptography room

But I’m not sure why it telling me it’s wrong

Second flag for the exam in last task

is mean in nmap ?

what wordlist do i need to use for jack

is the list on kali or a github repo like SecLists

@proven bridge ... 😁

(?)

It's default on Kali @young socket, in the same directory as rockyou.txt

very small list

is it fa-------.txt

cause that one doesn't work

@young socket It is indeed that one

it doesn't work tho

@young socket It should work, pm me the command you're using

Can anyone help me with steganography last question in the last task ? I’m stuck with the QRcode I used my phone and some online tools but no answer

am i the only one that has read your name as kylo ren instead of @young socket

lol yeah

What is the critical find that had its permission changed Linux privesc

Read the output on linenum

All it said me to do is search for passwords which is /etc/ shadow

I found vboxadd with this ! Indicator

It's only task 4 part 6 of Linux privesc

is there a bug in Advent of Cyber day 13 quetion3??

No

ok button is not clickable

@fickle merlin Not a bug

would u give me a hint ? i stuck here quite long..

Ah retro

The infamous retro

If you're stuck you can always read a writeup

@white salmon lol....Have to love retro.

hey i need a hint

how do i upload the shell on wordpress for jack

@young socket I'm gonna point you to some research

https://www.hackingarticles.in/wordpress-reverse-shell/

no i know that

its a low privilege user

only access to posts

Well work on changing that maybe then?

yeah trying

Room Game zon, lasttask and question.. cound somebody gime a hint

Hi. I need some hints for lordoftheroot privesc. I found ||SECRET|| but seems I need to bypass ASLR. Is this the way?

hey guys I'm just finishing the "learn linux" room and I can't do the last task which is reading a file in /root, I've been looking for 2 hours and I can't find any way to access it or give permission to a user. A hint would me most welcome. Thanks

hey guys, I've been stuck on learn linux task 4 cuz the putty command prompt thing just turns up blank whenever I pull it up. Anyone know how to fix it?

Anyone here doing the dogcat room? cause.. I am at something but I can't get anything working as intended.. || whatever I put in the view GET param with %00 at the end, nothing works..||

no one?..

%00 didn't work for me, try a different route

Hm

Okay!

yep that's been patched in php a while ago, try something different ;)

but that dog & cat limitation in the request is really annoying

Anyone here doing the dogcat room? cause.. I am at something but I can't get anything working as intended.. || whatever I put in the view GET param with %00 at the end, nothing works..||
@viral crane Try another payload

I have the dogcat dockerfile but I don't see the 4 flag

@white salmon I installed the command ssh on my windows much simpler than putty in my opinion

Tony the tiger room help: Task 7. I achieved to get the contents of root.txt and it looks like base64. However, I'm not able to decode it to get the hash successfully. Any help would be appreciated!

@devout egret dm me if you like and see if i can help you without spoilers

@devout egret you're so close!
Keep up bud

Thanks for looking at the issue with me @eager flax . Finally got past it

I've trying to decrypt the hash but no luck

Hashes can't be decrypted. Might be why

Are you trying to break the hash @azure spindle?

hey @inland onyx how are you bud?

yes

@azure spindle find the type of hash and then break it

I am awake, and totally bored. It's a start 🤷‍♂️

And that ^^

i couldn't identify the hash type

Is this for Tony the Tiger?

yes

Have you decoded it?

it looks like md5 but it is not

no

Focus on that first 🙂

It's not currently in a breakable format

ok...

how do i get shell on jack

hi guys, i enrolled in the beginner path and until now i found the lessons pretty straightforward, until i got face to face with OWASP. some things i googled but how was i supposed to inject SQL command to check for admin or stuff like that with zero knowledge?

there are 8 tasks but since the beginning i was clueless. seems like this one is totally different from the easier ones

maybe i should do other rooms before OWASP ? or did i walked the beginner path wrong ? thanks

doing this room atm https://tryhackme.com/room/thecodcaper but for some reason in task 5 i can't get a
reverse shell. I can send text data from the machine to mine using nc but not more... i know it's not really
necessary to get a shell for the task but i still would like to know if i'm just doing something wrong...

Look at the history of nc -e

-e very rarely works

It all depends on the version of Netcat

There's like 4 or so variants of netcat

is there another way to get a shell through nc withou -e?

There is

Yes, with some research

ok ty

Well, a few, to be fair

One guaranteed

Thank you! i cracked it @inland onyx

rptmux: what exactly is a valid answer to the key binds? I've tried all of them shown and none are accepting as an answer

There are literally everything you need to know in the image on the top of the page ?

Whatever I put in doesn't work as an answer

I just need to know how I'm supposed to key it in right

Would Ctrl+Xx be a valid answer provided x being a bind?

@white salmon which number?

I'm not at my screen currently but right after the installation steps

You don't have to do anything like Ctrl+xx

So just the regular command?

Read the questions very carefully

Alright. Thanks

someone that is doing the dogcat challange? can you pm me

for the Steel Mountain room I know the name of the app but it won't accept it, does someone know how I am suppose to format it? thx

@white salmon Google the file-server name

ahh thx @tidal sedge

i have been using metasploit but now i find that i don't know how to set architecture

any hints

someone that is doing the dogcat challange?

@white salmon The answer is a popular Linux distribution

damn

great hint @tidal sedge

that was easy

thanks

for blue room wehave to download any window in vm?

No

I need some hint about payload for dogcat || LFI , tried all payloads form Payloadallthething, but doesn't work||

Could you put that in spoiler tags please @silk plank

how to insert to spoiler, I am not familiar with discord much

||msg||

nice, thank you

Hi anybody understands what am I supposed to do here, just a hint please :)

@smoky meadow Create a file called noot.txt then run the binary

Don't run the file run the binary

hey peeps,
I'm a bit stuck on https://tryhackme.com/room/lfi#. The question is what file will let me log on to the user's system? and the hint is read the private key file in the .ssh folder in user's dir. Any idea what that file might be called? When I google, I get a lot of .NET questions, but not how to read the file.

.net

That's weird

I just googled it and got the answer you were looking for

Try generating an ssh key for yourself locally @patent jacinth

And seeing what the file is called

ahhhh

')

😉

@tidal sedge I google how to run binary in linux it only shows how to run a file in binary!

🤦‍♂️

@smoky meadow Run the shiba1 binary

Dang

Id like to know how to run a file in binary

oh I understood now thank you

Hey, I'm on the "dogcat" room, I found what I need to exploit and I manage to recover the content of some files ||(the .php files such as index/dog/cat)|| but I don't know which file I need to recover, any information ?

hey guys im in the christmas 25 days room,
i cant seem to understand what to put in the answer even though i found the hidden poem of day 6

Oooh whoever wrote that challenge my props

Nice jabberwocky reference

hi, anyone can help me with dogcat flag 1 ? i found || flag page || but i cant bypass the || dog/cat waf ||

is there a way to paste into vim on the kali vm deployed through tryhackme?

ctrl shift v not working 😨

in vim copy: y paste: p -- dont know about vm

it says nothing in register

I don't think it handles data from outside of the vm

I could technically do the whole room from the vm, but it would be slower

anyone for some hints on jurassic park? I cant find flag 2 and 4

looking for some help on dogcat

Anyone has a hint for the last task of "learn linux"? get to read a file in the /root directory

@elfin condor, how did you fuzz the hidden files?

@spiral stag SQLI

Mainly on the homepage

yes

im in

but cant find flag 2 and 4

Ah someone else had an issue with flag4, it's meant to be in:

||/tmp||

@spiral stag respect for the monokuma

can't find a file called or containing flag4

@white salmon ❤️

❤️

did a grep and a find on the whole system

can i pm to avoid spoilers?

just use

spoiler tags

||msg||

ok

Oh that's how you do inline spoiler

im on the system as ||dennis|| i found the password for ||root on the mysql db|| and can look in the db. also found the ||/secret privesc for ubuntu change MySQL pass on system|| but no idea how that should work

tried to ||alter a pw|| multiple times

i think i need to either become ||root or ubunutu||

you're overthing it

heavily @spiral stag

😅

as usual

Anyone done dogcat ?

just check for low hanging fruit @spiral stag

so no need to change user?

dogcat: I know how to bypass the filter and what file I need to include, but there is no output shown

I can open source ||index|| ||dog and cat|| but cant open ||/etc/passwd ||

you don't need ||/etc/passwd||.

@white pike but i was opened all source and no any interest file in ||/var/www/html||

@white pike any hint for me ?

try somethin like dirbuster, you may find something interesting and you can use a small list

@white pike can i pm you :)?

@white pike like ||flag.php|| ?

@plucky adder Sure :)
@sick sun yes, but I can't get the output of this file to show

@white pike can i pm you

?

looking for some help on dogcat

@pale slate whre you stuck ?

LFI

me too

Can you look some php file ?

Can you look some php file ?
@sick sun I can only read cat.php and dog.php

but no index or ||flag.php||

same here

I'm stuck on flag 2 if someone have any hint 🙂 (dogcat)

@elfin condor can i pm you ?

Yes

Also looking for help... I can pull index file but I cannot get RCE... Would love some help 🙂

@warm schooner can confirm flag4 is not where it's supposed to be

this is going to bug me

an unfinished room...

DM me if you want the flag

Hey guys I can use some help I'm doing the new LFI box and I'm stuck at the part where I need to give the name of the file that will give me access to falcon. Now I know it's in the . ssh I just need to know what can I do to list the files in that directory. Now I've used Google to search for a way. I just don't know if I am doing it. Anyone got any suggestions.thanks

Nevermind I found it

But thanks anyways

Where is flag4 dogcat

I can't find it even got root

Anyone care to give a subtle hint for 1st flag on dogcat? Tried a bunch of things without success

@silk plank I'm doing this from my phone using nethunter and I just got the ssh key for the lfi box and vim and nano suck on nethunter lol

@hasty gustdid you try robots.txt

I did @cloud perch but can't seem to see any files using LFI

@hasty gusttry to view source

It might be in the html code I haven't done the dogcat yet but it's just a guess

I did but got a not found error <ip>/robots.txt

and tried .../../../../../../robots.txt etc

The hint said there more to view then dogs and cats so I would views source page

I'll give that another shot, thnx

@hasty gust try using gobuster and see if there is any other directories

Just about to try that. Hopefully that'll start me off on this box 😄

just finish dogcat! thanks to the creator it was fun

@hasty gust if that doesn't work maybe the flag is hidden in the pictures themselves might be a steganography u can use curl or wget to download the pictures and use exiftool to check the metadata

that's not a bad idea. @wraith fulcrum is the first flag hard? Or am I likely to be massively overlooking it?

I might be wrong but it's worth a try

I agree, thanks! I'll definitely try it. I just thought it was going to be LFI at first. Maybe it still is. Hmm! What an interesting box

that's not a bad idea. @wraith fulcrum is the first flag hard? Or am I likely to be massively overlooking it?
@hasty gust I was stuck on the first on a stupid thing....

feel like im bashing my head into a wall for dogcat ||LFI||

@upper heath me too lol

Was able to get ||cat.php and dog.php|| but not ||index|| yet

You got further than me. I can't even get the first flag. I think once I get it, I'll be ok, but the first one has got me confused

no flags yet either 🙂

Try converting to base to pull it

Remember if you pull a php file it’ll just blend into the page

had some minor success doing that but I'll look into digging deeper

stuck on the only cats or dogs allowed error message for anything other than ||cat.php or dog.php|| though

for actually pulling the file

just finish dogcat! thanks to the creator it was fun
@wraith fulcrum any hints for flag4 please 😦

escape docker

find things happening in regular intervals

thank you

Gonna have a break and come back to this one. Tried a bunch of things but nothing working

itakana can I pm you

?

@silk plank can I ping you

?

yes

damn finally figured it out

i think view can help

but file that contains 1st flag is blank or what

@upper heath can i discuss a thing with you

sure

Hello everybody. Pentesting newbie here who joined the Advent of Cyber yesteday. I'm currently doing Task 9 where I'm a little stuck and would very much appreciate a hint for "#7 What is mcsysadmin's password hash?".

I thought to generate the hash based on the password that I already have. I used the "openssl" command but it doesn't seem to be the right hash.

@little stirrup read the supporting material

There's a line

Something like. Sensitive system files are often backed up with extensions like .bak @little stirrup

Working on OWASP Juice Shop. Trying to get Jim's security question is this done through ||SQL Injection?||

Hi! I'm doing the linux room and on Task 3 #5 I'm not sure what do they mean by flag on the nmap result. Can i get some help

Which linux room is this?

nmap room*

and nvmd im blind

found it

Thanks, @stuck fractal. I think I missed that part.

Anyone here done TonyTheTiger?

me

what's the question?

@glossy basin - the first flag - the way I read the task, it sounds like it'll be in source code. It doesn't seem to be. I've run dirb, looked at the source on every page, looked at the jboss ports etc. Not sure whether i'm overthinking it?

is there a hint?

Nope, no hint for it

It just says:" Tony has started a totally unbiased blog about taste-testing various cereals! He'd love for you to have a read..." for the description

there's supposed to be a flag in ||some picture|| if i remember correctly

hmm i am sure there was a hint on that question

hmm i'll look again. I did check the images. Maybe I missed something

@glossy basin Yeah, you remember correctly, through you might want to put that in spoiler tags 😆

it was in a hint idk

I might terminate and restart the box. Definitely no flag in that area for me... strange!

run them through some stego tools

Ah ok thanks. Didn't try that. Wasn't sure if it would be that involved. Cheers!

Hi guys. Can someone help me with a hint about the "CommonLinuxPrivesc" room? Task # 6.3
I enter the command as indicated by the task, but when I enter the hash it is not correct.

@unique locust Make sure you don't have the []

omg

thank you @stuck fractal

just finished 🙂

can anyone DM hints for privilege escalation on dogcat, i have a shell and two flags

Can anyone help with my payload in the TonyTheTiger room? I've constructed most of it - just not sure if it looks right?

In gamezone room, task 4, when doing privilege scalation, ||when I do john to the .msf4 file||, it says "Loaded 2 password hashes with 2 differents salts..." what do i do next? im kinda lost

I'm in https://tryhackme.com/room/heartbleed and have successfully exploited the HeartBleed vulnerability on my VM but can't find the flag in the output. I used spool to dump all of it to a file and then used strings to look for anything useful in it but can't find anything that looks like the flag.

stuck on flag4 dogcat

@white salmon if you have the passwords, you can ssh into those usernames. I forgot the exact option but there's a switch you can use to display both the name and pass

Uh...

What?

?

John2 right? It has that option, correct?

I might be mixing it up

I honestly have no idea what you're on about 😁
If you have passwords you can SSH in, yes. If you have hashes they need broken first. A switch to display username and pass wouldn't really help

No need to convert a straight SHA512crypt hash either, if that's what you're alluding to?

I completely forgot the hashes

Sorry man

Ah, fair enough 😄

Happens

That it does

Hey all. I don’t have a lot of time left. Can someone help me nudge which dictionary to use for box “ Jack”?

You can extend VMs

I keep extending the time but my subscription is about to expire

Outch

I am three hours into brute forcing jack

This is the last box I need to complete for OSCP learning. Can someone help me on which dictionary ?

Haven't done it sorry

Ok thank you

can someone help me with priv esc on jack

https://rastating.github.io/privilege-escalation-via-python-library-hijacking

am i on the right track?

need some help on flag2 in dogacat

Heya, I am working on the following two and I can't seem to get the answer right. Can I DM someone to show which answers I think it is and then you can hint me forward? 😄

been stucking on dogcat LFI for hours, man this machine aint easy

you may be over thinking it

if you want a hint pm

dogcat is pretty tough. been at it a couple hours

again probably over thinking it

I need to give it a go tomorrow

frenz, was that to me or Nobody?

Probably for dogcat

@lofty flicker It's a research roon, the answers are real easy to find with search engines

I though so to I got the last question just need the one with base 2

@lofty flicker that was to Ninja

@abstract glen wait, was it? I hadn't said anything before

Sorry not you briskets

my b

@lofty flicker if you've done any webdev, or image editing you would have seen it

I think the answers are case sensitive?

Probably

I think they are for all rooms

Ah I see, would have been nice if it wasn't. I remember one of the previous question I had the right answer it was just in the wrong case