anyone for help #Advent of Cyber room

Grep.

I checked all the files
they're encoded but I don't know how to decode them
I tried base64 -d and redirecting the output to a file
but when I use the file command with the newly created file
I get : file : data

You don't need to decode them

i already used grep and got only encoded output

The information you're looking for is in there, in amongst the text

You just gotta grep with some nice regex

oh, I'm really bad at regex xD

digit digit dot digit dot digit match exact

Might need another dot digit

got it

[0-9]\.[0-9]

\d

If you have it in the right mode.

thanks alot for the help

Is the buffer overflow room borked?

I think there was some talk of a fix for one of the tasks @patent token

Task 8 I believe. I got excited when I saw some folks had finished it, but I've for the life of me not been able to. And I'm usually pretty good at BoF

anyone done NAX room ?

@sick sun I am, just need to finish 1 question. But I used a different exploit so I just have to find the one asked in the question lol

Can i PM you ?

there is msf module with cve in that room

@solid patrol can i pm you ?

go for it

Hello, i try finding this answer but i cannot find it on goole:
What are automated tasks called in Linux?

i found a thing such corntabs but it doesnt work

the structure is **** ****

2 words made of 4 letters

what room? @normal totem

Introductory Researching

oh then, you're in the good way

something about you said

i will look further now

have you looked at the hint? @normal totem

yes..

but i found the same page

i heard linuxtechi is a good page

okay, i look now 🙂

oh i got it 😄

thanks for the help

np ^^

@sick sun yes of course

In corp 3#3 I can't make hashcat work, keeps saying "Status exhausted"

@white salmon check that your mode is set correctly

hm wdym @glossy basin ?

anyone wanna help me out with identifiying and cracking a hash?

well now it says that

@white salmon verify your hash with it https://hashcat.net/wiki/doku.php?id=example_hashes

okay it's cracked

had spaces and fixed, tried doing again and says that with candidates huh

u cracked that hash

you are supposed to see the password then

no it's not in candidates

it should be above info of that picture u send in format hash:cracke

oh yeah sry

yeah

ty

I still need some help finishing this task to finish the room

but i still cannot find 2 answers

which one

room

on the Introductory Researching

ohh

the second topic

that's only on you

okay..

it is so confusing

Nvm i got it

@normal totem what do you need

i got it 🙂

took me just 30 min 😄

oh

Hi guys, meed help for this. Accessed blogengine website and tried to login but showing error. Password is breaked, but when entering it is showing something like ‘oops, developer caused this issue, appolgies, 20lashes to him vlah blah’

Anyone doin nax

what's up with nax?

Hi everyone!

hi

need help with nax

I was at 4am yesterday, starting with x86 crackme and i was so confused xD im going to watch it again now that i am awake

if you can be more specific about what you need help with

@static rampart

at foothold

revise your chemistry

also stuck there..

smtp pmpl?

can any one know about .zlib extension

i don't think you are doing it right ^^

use the information you got from the other tasks

Hey there!

I need help with Nax too lol

What's up with the spoilers here?

I'm assuming that I can't share my findings so far... 😛

we are discussing in -help

few of us are stuck

how do I go to -help?

I'm new in discord, sorry

its the other room, community-help under "Rooms"

Found it! Ty!

In hackpart my meterpreter session doesn't seem to work, I've uploaded the shell into the machine but nothing

anyone any help for Nax ? stuck so bad 3 hrs deep

people keep saying Chemistry, periodic table of elements and this referring to the .html page

yeah looking at the different elements, hard to come up with something

same

i'm not for the ctf type stuff

yeah

i feel yah

i can't solve Task 3 #7 in PS Empire. i can't find how to change the server appearence

@lime needle yes what u need ?

@odd belfry #bot-commands

oh sorry

Especially in the hints channel, since it's a bit of a spoiler

i cannot delete it sorry

NAX.

Should gobuster error on this box

Uh may someone give me a hint in skynet? I cant ||smb||map into the machine, it says "Authentication error"

Should gobuster error on this box
@white salmon what error?

wait a minute i want to ask about Linux Challenges

flag11 command found

ah i got it i logged in the wrong user

@white salmon i was getting errors in gobuster after a few minutes. ||ended up not needing gobuster.||

Anyone got a hint to point me in the right direction for OWASP juiceshop room resetting jim's password/finding more info about him

anyone finished Nax ? stuck with exploit

@late hare osint

More specifically, product reviews

@quaint star i finished it. where are you stuck?

Thanks! Like reviews on the site? I looked through a few, found admin section for his email but that's it so far. Gonna call it tonight I'll try again tomorrow

@late hare for products. Some juicy hints in those and some mild stalking and you'll get it.

briskets can i dm, dont want to spoil for anyone

@remote gate

@stuck fractal ahh ok didn't see there are reviews listed in the individual products maybe i'll find it there

i can't locate flag26 in Linux Challenges room

Hi everyone! Im doing the final exam in CC radare2 and im a little stuck when i try to follow the get_password function. Can you give me some advice?

salve

I made the room, what's up @grand pivot

let's go to #room-help

oooh hello!! Great, ok

Hi, has anyone made made a walkthrough to room 'Advent of Cyber'. I cant figure out how to encode the cookie. I have tried "base64 'cookie value'" and it still gives out some gibberish, which doesnt help me to figure out which part of cookie 'is fixed value'. Any advice is appreaciated.

do want a writeup or a hint?

@glossy basin anything is appreaciated.

https://www.base64encode.org/
you can use this website to encode ^

there is a write up i think

and decode also

there is a write up i think
@past night at least 4 writeups

hehe

true

where can i find them?

cookies?

in inspection tools

under the write ups

!writeup 25daysofchristmas

here ^

@glossy basin amazing thank you so much.

anytime

@minor bough can I DM about blaster?

or anyone that might have had issues creating the exploit in msf?

Can someone explain why he has, blacked out information in writeup. Is it some kind of sensitive information?

It stops people coping the flags

there are few writeups that doesnt have that

To just answer the question without actually doing the task

ok got it

In Skynet I've looked into the db-exploit but still don't know how can I upload the file, any hint?

btw is it considered to be unetical to show the flag to others?

try to spoil it with ||

@minor bough in Blaster, the steps to create the exploit need to have "set target" before "set payload" or you get error when "run -j" payload not compatible

@shadow basin yes. It's fine to help, but don't show people passwords, hashes, or anything else that lets them skip stuff

thanks @inland onyx there is no much i can spoil at the moment, but will keep it in mind for the future.

@white salmon good call, I'll tweak the ordering there

Adjusted now

Great, nice room btw

Thanks!

Does anyone know is there a chance to run two distributions at the same time.

besides vmware

@shadow basin As in, dual booting?

I think they mean running two distributions simultaneously

Well, in that case, no. Not without containerisation, VM's, or two machines 🤷‍♂️

yes simultaneusly, similar to vmware, but would like to know if there is other option someone might know

yes with containerisation

Docker

It'll have to be done either with another hypervisor, or through something like Docker, which does basically the same job

But without the resource heavy hypervisor

No GUIs if you use Docker

Although I would be very interested to see what happens if you try setting up an RDP server and connecting that way (having installed a DE)

but will it be compleatly seperate system

Hey

can anyone help me with this question:
What is the value of the home environment variable

Nope, still just a container @shadow basin

echo $HOME

the format is /xxxx/xxxxxx

@inland onyx does it mean that two kernels will be running at the same time ?

I mean, in a sense -- only in the same way that they would be in a hypervisor though

Also, probably better shifting this over to #692465827143876689

can someone possibly help with a ssh2john issue?

throwing errors

@tidal sedge ?

@normal totem What room are you doing?

@normal totem if you would 'echo $HOME' it would give you the output /xxxx/xxxxx

learn linux

@normal totem Use echo $HOME

ah i got it

i was doing it wrong

Thanks 🙂

:
anyone have issues with ssh2john throwing indexError: list index out of range when using?

hello on agent sudo what's the name of the accident, i'tried a lot of thing

Google 'roswell new mexico alien crash'

no idea ...

Hey! Blaster has my exploit chain in it now. Woot!

I'll take "alternatively" out of my guide I'm writing now. 😛

Haha yeah, I just adjusted it as it was very consistent with the web delivery method

if anyone has done Polos privesc and would like to offer some assistance ❤️

I'll cover it in my no metasploit guide doing it this way. 🙂

Hi, am doing "CC: Pen Testing" am stacking in section 14 question 3 "How do you specify which rule to use?" ?? which i try "-rules"
but didn't work is it a bug ?

@long niche No, your answer is wrong

@buoyant cairn Re-read how the imitation works

ok thank u

||or just disable the firewall from the command line :P||

I'm so naughty.

@buoyant cairn i should use brackets but should i define a rule here or something

@long niche ? say again

@long niche man john or john --help

tldr is also a great helper function

Can anyone hint me in the right direction regarding brainpan

I've managed to get a shell

but am unsure how to evscalate.

@stuck fractal i did 😄 but ..

@long niche Then you didn't read the output. I just ran it and got the answer straight away

@stuck fractal ok i will search again

believe me i read and i try many answers

@long niche Seriously, it's 100% right there in --help.

if ur talking about --single i tried it

You're looking at specifying a rule. Don't bruteforce the answer field. @long niche

Read the output of --help.

Hi

hi

:/

i read it but i didn't get it

@long niche There's like 4 sections to the help output. One of them looks relevant.

Can I ask if Stego is required for NAX?

I have author but stuck on username

@stuck fractal the answer [6 chars], i even use john --help | grep rule but nothing

@long niche There's no other way of saying this. It's there.

are u using kali ?

It's right there on kali too

believe me a even try random words but nothing

sudo john --help

@long niche I don't believe you. It's 100% there on Kali and Windows.

@past night reeee

yes?

Throwing sudo at something is bad if you don't need it

it doesn't work on 2020 without sudo

am using root user

so no need

Which kali?

kali 4

plz.

It's there

with sudo, yes

@long niche No such thing.

@past night They're not on 2020

okii

Linux kali 5.4.0-kali4-amd64Linux kali 5.4.0-kali4-amd64 i just upgrade it should be 2020

Does anyone can explain where did the register button has dissapeared. "Advert of Cyber"

@long niche It's there. DM me a screenshot of the output of john --help and I'll tell you that it's there

@shadow basin Page width

i had the same output

Huh?

i try every word

Then you're not doing it right

believe me i tried every syntax

I don't believe you, because it worked for me here. DM me a screenshot of the output of john --help and I'll tell you if it's there.

@stuck fractal

Page zoom then

It started to work much faster now, but there is no more register button and old login credentials doesnt work anymore.

If you terminated it, it's a whole new instance the next time you deploy it

yes but when I try to register with the same email, it doesnt allow anymore. Thats not a big deal, I just use 10 minute mail to bypass it, however there is no "register" button anymore.

but used to be

@stuck fractal I found what is the issue, I did not realize that "Advent of Cyber" task 6 and task 7 are two different machines. I guess task 7 machine "register" button does not meant to be there.

hey there

👋

can i get some hint for nax machine? tried to brute force the web directory with ffuf but still unable to find the hidden file

anyon?

trying to read the source code of login.php to find the hidden file but no luck man

You can PM me @dense marlin

cool

FFUF @dense marlin

THANK YOU

I've been trying to figure out what that bloody tool was called for weeks

God it was driving me insane every few days

@white salmon ya FFUF, it's ok managed to solved the initial part. Thanks for the hint from @tranquil dagger

FFUF @dense marlin
@white salmon FFUFFFF

yea that's a great tool for web directory enum @white salmon

Wfuzz has been my go to

But a buddy of mine said FFUF was better

So I meant to install it

But I could never remember the name

been using FFUF for months, i can say tht it's much faster than dirbuster

u should give tht tool a try

Everyone using gobuster

Me an intellectual: uses dirsearch

I need to get on the gobuster train ;-;

I’m 50% on the NAX box

I’ve tried harder. Can anyone help nudge me

I don’t want answers, just someone to point me in a direction to retrieve one final piece

@white salmon where are you stuck?

Step 4

Steps 1-3 are completed. What a ride so far. I’ll be cruising easily once i complete step 4

@white salmon try googling about the name you found

Ok thank you

May I DM?

@white salmon hi paradox, is it you the writer of this room https://tryhackme.com/room/ccpentesting ?

Indeed I am

😄 hello friend

it's great room

i stack in section 14 question 3, i did lot of try

i discuss with Ninjajc01 | james

about it

i think there's typo

:/

Typo!

Impossible!

It's actually very probable

Where's the typo

I'll fix it up

How do you specify which rule to use?

question 3

in section 14

i use many answer to use rule based on john manual page

or --help

@white salmon I told you about it earlier

@white salmon Pars no posting answers

Haha @stuck fractal

Typo fixed

@white salmon thank you it was fixed !

Stuck on #2 of Task 18 "What is the value of the home environment variable" for the $ operator

It's case sensitive

thought using "echo $HOME" would be the right but entering the output doesn't work

Are you the right user?

You might not be

ohhhhhhhhhhhhhhhhhhhhhhhhhh

Yup

Where does it say to switch to shiba2?

I missed that completely

Task 11

The entire point is switching user

dang

Technically task 12

Don't skip parts

I mean I got the password quickly too but didn't think to switch

yeah you're right

need to read more closely

thanks ya'll

I am at Common Linux Privesc at this moment , Exploiting PATH Variable -> "echo "[whatever command we want to run]" > [name of the executable we're imitating]" afaik it is echo ./usr/local/ > ls

anyone have a hint ? 😦

anyone comleted the bookface challenge

?

@drowsy needle ./usr/local/ isn't really the command...

Room introtonetworking Task 5 #3 i don't understand what mean https://tryhackme.com/room/introtonetworking

wireshark shows 5 pieces of data, one of these that links to the transport layer has a protocol specified, what is that protocol

(another hint: protocol is literally in the answer)

you mean i must enter protocol name ? @peak girder

yeah.. the protocol they are searching for.. yeah 🙂

can i DM ?

sure

I mean, if you understand what says above, its easy to answer

anyone completed the jack challange

?

can anyone give a hint on the wordlist in order to crack the password for the jack challange

?

the hint could be the first 3 letters

havent done it, doesnt work with rockyou?

no

@dark schooner Not sure why you want to add me but please ask your questions here if its HINTS you are looking for 🙂

try to look for a writeup, as i said i havent done it sorry

there is no writeup

@echo thunder is it this room: https://tryhackme.com/room/jack ?

@echo thunder ok so I assume thats the room. So um... rockyou.txt is good for many cases, but not always. Try different wordlists... Try the short ones too 🙂

If that is not the room then just ignore what i said 🥳

@shrewd skiff it is the room with the personal blog

I've tried rockyou password list

Yea try another one

thats my hint.

in the seclists under password are a lot of them

Yea i know

it is in the short ones

?

um that i dont know

i would totally try a shorter wordlist with more common passwords

where can I ask something regarding kali linux

I have a glitch problem

https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt I dont know if the password is in there but its shorter

when installed on the pc

try "general"

ok

@peak girder when you try one thousand times with ./bin/bash instead of echo "/bin/bash" ... dear lord... some things need to cool off before retrying it again 😂

That works if you're in / 😉

Hi, I have just started on the SQLi lab basic challenge. I am click on the image with various challenges. Im unclear as to what is required of me. THere are no instructions. The first 10 challenges are just static pages with no input boxes to exploit. So what i mean to be doing? SQL injection inside URLs or intercepting the request with burp suite and then injecting SQL. Some guidance would be helpful please. Thank you.

@quartz dirge in first lessons you need to modify link to get the result

the room is just a port from github basically

proper SQLi room is being made now

Yes

Basicly

And a tiny bit of c#... It uses the "Api" of windows against itself

@quartz dirge you'd have more luck looking into the repo of that room... It's in github by the user audi-1

He even has a blog where he explains on what to do (link is in the repo)

Actually I shoul;d have posted here

repasting:

evening guys
doing "find room"
i am going mad here as I miss 2 search commands
can anyone help with this one:
Find all files with write permission for the group "others", regardless of any other permissions, with extension ".sh" (use symbolic format)
*
I am doing this:
find / -type f -group others -perm -g=w -name *.sh
not sure where I make the mistake

@turbid veldt that's the owners group

UGO

Delete spoiler

This is hints

You probably misread a character or two.

I kinda tried all combinations.

It worked for me

well I must be blind then lol. is the first letter upper or lower case

No idea

ok it was upper. thanks anyways

@fierce bramble go through the help for msfconsole again it's in there. Maybe you're misunderstanding what it means by null. All you need is to clear a value or set it back to nothing...

guys anyone who has done The Cod Caper and can give a hint about the hidden ssh password? I rooted the box but can't find that file. Im going insane

Look for files belonging to other users @tight escarp

Not necessarily "real" users

hmm okay

ty

I think I found a way to break the machine lmao

@tight escarp How so?

nvm, it was just a coincidence. my vpn would crash exactly when i tried to execute a command on the machine

like 3 times in a row

lol

@glossy basin, @peak girder thanks very much for the guidance.....really appreciate the quick response and pointing me to github.

Anytime, @quartz dirge :)

May someone give me a hint in brainpan? I'm kinda lost where to start, ||have scanned with nmap and port 10000 is a SimpleHTTPServer and I see like "x20"||

i need help in biohazrad room

||try enumerating that server for directories, remember this is a buffer overflow box so you should ultimately be looking for an exe to debug @white salmon||

finished it already, its almost as same as brainstorm :D

yes very similar ports and everything 🙂 feeling confident on buffer overflows just in time for my exam later tonight :b

which one?

The big boy, OSCP

ow

wish you good luck with it!

appreciate it! gonna be studying hard all day

also remember, gfuel is your friend

that a snack? lol

its an energy drink

some type of preworkout for gamers

we shouldnt actually talk here, lets go to #thm-community-media if you want :)

oh true

i need help in biohazrad room who is leader of stars brove team

i need help in this room: https://tryhackme.com/room/biohazard

hi all

i have a question regarding smbmap

can anyone pm me please

?

https://tryhackme.com/room/ccpentesting

task 20 question 9

anyone

?

anyone ?

What have you tried so far @vague reef ?

know what is the answer of this question in || Lord Of The Root || || Hmmm, what method is used to reveal hidden ports? || ?

@patent token Hmmm? Related to what?

Your question. What have you tried already?

The answer to that one is pretty simple @sick sun

i'm stuck in this question || Hmmm, what method is used to reveal hidden ports?||

||Google nmap hidden ports||

@patent token i was try asnwer from google but nothing work

||https://www.google.com/search?client=firefox-b-1-d&q=nmap+find+hidden+ports||

||2nd link||

@patent token no work

I know it works because I've never done that machine before, joined it when you asked your question, and it's where I got the answer from. 🙂

@patent token oke man

I promise you the answer to your question is located

||in the second link||

@sick sun literally the room tells you the answer

How would I find php version?

try with burp

Oh... Got it! Thanks @white salmon

@patent token oke man i try it

@sick sun read the room well, the answer is on it

@patent token can you help me with Buffer Overflow 1 please?

Buffer Overflow Room

Which task? When you get to Task 8 it seems to be borked currently.

Task 8

😄

Yea, I don't think it currently works.

im not too sure what to do...

did anyone complete biohazard room

?

I have a question

on task 4 question 3

@white salmon oh man thanks i got it

I need an hint with Bonus Challenge - The True Ending
||I tried searching through /opt/ , /home using grep or sudo but i just don't know how to access it||

Look for files belonging to each and every user

^

thanks made it through

I get stuck in Ghidra room

Task 4 #2

I have this one, but I don't know anything about C, so I can't see where is the variable

@mellow vale I hope you understand this hint, but the answer should be translated from Hex to decimal (the first value is hex)

I had a hard time on this question also, but this hint saved me back in the days ^

damn, thanks mate, I got It

anytime 🙂

how are you supposed to do that in cyberchef? I tried and it wasn't working. Did it separately in rapidtables and it was easy.

@summer snow

oh wrong room thought it was the one that had a hint from dec to hex and from hex to ascii @glossy basin do you know what the recipe for that would look like?

I mean, something similar to that ^

just use the search bar on the left

dec -> hex
hex -> ascii

something like that

oh think I know what I did wrong hold on going to experiment more, thanks

🤷 I can't get it to work aha it doesn't recognize the input as a decimal think it's because it exceeds the range of ints even unsigned_long_long so idk how i'm supposed to format it for the recipe but oh well just would've been cool as I've started to use cyberchef often

Maybe it's a simple answer, but a get stuck and I don't know what is refered this: "How do we start entering text into our new Vim document?", on the Vim box, can someone give me a hint?

Yeah, the question is a bit dim.
How do you normally enter text on a computer?

thought you were trolling then went to the room and sure enough the hint helped a lot :p

Yeah, I got it, that was so unexpected 😂 , thanks

That question is actually stupid

I love that question

It definitely makes people take a reality check...

don't know best channel to ask but my strategy has mainly been go through as many easy rooms as I can and then start working on medium and then eventually hard I did all the complete beginner and 80% of BP/RP paths but is this strategy sound or is it better to stay within particular areas instead of jumping around etc

It's a hilarious question

It's not a good question

Just because it shows how simple VIM is...

simple
VIM

Pick one

Vim is simple

Vim is gorgeous

Vim is love

Vim is life

Deal with it

sudo vim > * && sudo passwd

🇻 🇮 🇲

nano > all

talking about vim can anyone give me a hint for "How do we save and quit, for all active tabs?" Tried all the ones I can think of and googled and nothing seems to work.

in task 3 of vim room

oh ignore me for some reason enter on keyboard wasn't working as an alternative to check for correct answer so I wasn't actually doing anything xD clicking it marked it correct

hey, could I get a nudge with catdog?

got lfi working, not sure what files to look for..

There are lots of things you can do with lfi @nocturne vault

There's a method available that requires some research to figure out

Just keep trying things

if you're talking about php wrappers I've done that already

hmm, gonna keep looking into it

Nope not that

okay i think i got it thnx

This challenge is pretty simple. The binary is checking to see if the environment variable "test1234" exists, and if it's set equal to the current $USER environment variable.

Create the variable, set it to the correct value, run the binary

Hey there. I'm trying to run through the ZAP room and having issues getting the Vulnerability GET:Brute login parameters to show so I can attempt to brute force them.

I've logged in to DVWA, grabbed my session cookie, set it as active, uploaded my directory list, and ran again, but I'm not getting anything that I can try to fuzz. Any ideas?

Is it http basic auth?

I believe so

I don't have much experience with ZAP, and kinda stink at web app in general, so trying to follow the guide pretty closely. I've restarted ZAP a few times and gone back through my steps but been unsuccessful in grabbing what is shown so that I can fuzz it.

Did you use a login form for it?

On page one, not a popup browser one

I logged in via DVWA's login portal, and snagged the PHPSession cookie that we needed.

On page, not popup correct.

So that'll be POST

That's what I thought as well.

But the guide isn't written that way.

Oh wait

Yeah, i also was curious about that one

Either way, I'm not pulling a POST either.

This is a page on DVWA for brute

ended up with POST

The post request for login is shown in the question

Lemme just take a look real quick

@white salmon ❤️ nice shoutout

pretty sure it was a get and it worked for me problem for me was getting the hunt.py to load i cloned and it doesn't show up in scripts not sure if I was supposed to save somewhere in particular or not don't think guide mentioned that

Ok I can confirm it should be a GET

Waiting for the server to stop dieing

So what did you do that I'm not I guess.

Well first things first I need to turn the security down

I did that

What's the issue?

Oh

You need to actually try to login in first

I'm not getting the GET parameters shown in the walkthrough.

When you have the proxy set up

I have logged in

Every time.

No, to that form

Not the DVWA login, the brute force params login

doh

I need to read better.

Thank you.

Time to finish doing this room myself

My eyes start wandering when the words are so close to the pictures I suppose. Silly me. Thanks for the help.

🙂

i found url by solving it.but it is not the 😩 key give me a hint

Then go to the URL

thanks bro @stuck fractal

It's the next logical step

I'm not your bro btw

Lol

did anyone complete bookface challenge

?

https://discordapp.com/channels/521382216299839518/521771811768107008/704832425410298008

Im trying with|| echo /bin/bash > ls||, can someone help me?

look at the task

specifically at the parameter to echo

I don't get it

in the task you have echo "command to run" > outputFile

maybe try to wrap /bin/bash in quotes?

anyone completed bookface?

@wooden mist Okey I did it, but why are the quotes necessary?

it's to keep the command intact in case you want to have spaces or any other special character in it

Who need help for jack personal website pm me and I will help you

@stuck fractal just wanna say i completely overthought the question and it was increcbly easy.

" it will be checking that there's a directory called test in your home directory, how you create that is up to you. " Room "Learn Linux" task 33. I dont have the permission to create anything at directory '/home'. I have to escaleta privileges?

Your home directory, not the home directory

ahhh thanks, I guess I got used to the fact that '/home' directory is 'My'.

task 25 What flag allows you to operate on every file in the directory at once? I dont see a single flag in the --help ls that would do this nor has he gone over that there is a flag that does this? wiki doesnt seem to have an amazing definion of flags either.

@graceful nacelle Which room is this?

On RP: PS Empire, Task 3 Question 7, "In addition to changing our browser profile, we can change what our server appears as. What option can we set to change this?" the answer it appears it should be is not accepted. Can you DM me plz @minor bough

@tidal sedge learnig linux

@graceful nacelle man chown

I have created the home directory||, have made directory '/home/shiba3/home/test' , file '/home/shiba3/home/test/test1234'. Found the binary 'shiba4' executing it, and I cant get the password what am I doing wrong?|| Room : Learning Linux

@rapid iron what do you mean? re-read what it's asking for. I just checked and the correct answer is accepted just fine

@summer snow this "server appears as" seems to be the key words to me. If that is the case, then the option h*****s would be correct as what it currently shows is exactly that. As it would seem that is not the case, I am not sure what I am missing

I git cloned the exact repo and installed so should see the correct options for the listener. Here is a screenshot of my options for it

odd I see why you are confused check the hint or try a different version. I'm running 2.3.0

@rapid iron

@summer snow so I have that rare issue mentioned in the hint

I am running 3.2.0

indeed, seems like it may have been renamed in the latest version? if that's the case more info should be added to the room

@summer snow seems that may be the case, if H*****s is the new one, what was the old one? Cannot finish it and the changelogs for the git repo doesn't show it and could not find 2.3.0 info yet

check history and you'll see it if you search far enough @rapid iron

Appreciate it @summer snow

I have created the home directory||, have made directory '/home/shiba3/home/test' , file '/home/shiba3/home/test/test1234'. Found the binary 'shiba4' executing it, and I cant get the password what am I doing wrong?|| Room : Learning Linux
@shadow basin ||to many home||

@still elm yeah but I dont have access to create anything at '/home'. Do I have to escalate privilages?

no, your home directory is shiba3 (full path: /home/shiba3), think about this and read again the task

@still elm thank you so much.

np

Hey there 🙂 I am currently working on the linux challenges and try to get flag 29. Well, to be precise, i found it already, but I feel like not having properly solved step 3 "Split by comma and get the last element in the split." for that flag. I removed the spaces and new lines in the file but i don't know what command to use for the "splitting and displaying the last element"-part. Might someone point me in a direction for that? :3

@white salmon try searching a shell command that deals great with strings, replacements, etc... or if you know how to code in python, you can create your own script

@still elm soooo, ||sed|| looks interesting?

Room Learn Linux, Task 43: || It asks to read the flag, "/root/root.txt", I have acess to 4 users and none of them are sudoers || no idea where to look, can someone please give a hint where to start?

@shadow basin look for files belonging to each and every user.

Hi people. A bit stuck on the reverse shell in the metasploit room. I'm getting this message and no sessions when I upload the file.
[] Exploit running as background job 0.
[] Exploit completed, but no session was created.
msf5 exploit(multi/handler) >
[*] Started reverse TCP handler on 10.9.2.21:1337
sessions -l

Active sessions

No active sessions.

Which task?

task 5 in gaining access

https://www.tryhackme.com/room/metasploit

in the beginner metaplot room

I think you missed a step.

After uploading it.

yeh

It won't just run it, you have to get it to run.

so I have to go to /shell.php

right

boom, we're in

thanks a lot @stuck fractal

What is the logic behind flag26 of linux ctf, if someone can DM me an explanation. I looked at the solution but still i don't understand what's going on and how i woul have been supposed to guess

Hi, new to this site - once connected to a room how do i know what the server IP is to complete the tutorials?

@white salmon I don't understand your question

What do you mean by "connected to a room"?

@stuck fractal DM?

No.

No need.

ok - im doing the Learn Linux Room - Task 11 references a challenge that requires i execute a binary to retrieve a pwd ?

Yes.

where do i get the binary from if i can connect to the server

cannot*

Ok, so you didn't answer my question

You said "once connected to a room"

What did you mean?

i see, once a room is deployed

Ok, I'm going to correct some terminology so this is less confusing for everyone

A room is the web page, with the tasks

Tasks can have a VM or some resources attached to them

When you click deploy, you are deploying a VM.

if i said joined ?

Joining a room adds it to My Rooms and allows you to deploy VMs and answer questions.

ok, have not found a room that has requested that yet.

Huh?

so i have joined a room and a task is referring to a binary i should execute - how do i gain access to this file

You skipped over part of the room.

Start from the beginning.

ok, will review the previous tasks.

Start from task 1

i have

hold that

i missed the deploy button on the side ... hand-palm-face

apologies

Don't skip over parts of the room

i did not - just didnt read the full task

That's a part

lol - ok then

Can someone rephraze the question for me please, I have no idea what is asked over here.

Task 11, room: "Advent of Cyber".

Someone leaked data using DNS requests

What was that data?

omg I still dont get it

can you suggest wrong alternatives pls?

DNS is a system that turns addresses like "tryhackme.com" into IP addresses

Look at the DNS requests

Find suspicious ones

all of them are suspicious for me. 😄

Some are weird.

ok thanks will be keep digging

@stuck fractal i have found the data, recovered it cracked it. But I just dont get what sort of ansver can be expected in 5 words .

and in two writeups no any clues, I guess I am missing something

DM me the data you retrieved

I done next two questions.

correct answers was accepted

@stuck fractal omg I did finaly found it. Thank you so much for a hint.

Get familiar with wireshark

yeah will do

task 33 Learn Linux: Its telling me to run a binary on shiba4. Why run a binary when i dont have permison to any of the folders?

try to find the binary 🙂

asks you to find it

by finding it im supoose to create directories inside each other and that somehow gives me access to test files

what's the task prompt again?

huh?

it asks you to find a file whose name is shiba4

@graceful nacelle

have you found the file?

hint: maybe there are multiple files named shiba4

yeaaah no. i was thinking i make a binary leading the test1234 files run it and somehting will happen that leads to shiba4

well that's the right approach yes

You don't make a binary tho

@graceful nacelle i gave you the hint, try to read it :)

why'd you create a 'Home' directory when you were already in the home directory

wasnt paying attnetion and decided to roll with it

could that effect the results? that path lead the file

yes... guessing the binary is a compiled program that is looking for the existence of a file with an absolute path leading to the file it wants. You can't just put it in a different directory and expect it to work. Someone correct me if i'm wrong or talking about a different room here.

I'm in https://tryhackme.com/room/thecodcaper Task 5. LinEnum return an error message: '''Syntax error: newline unexpected''' from line 8, but when I check the "script it's a commented line. Any advise to give ?

Did you download it right?

Yup I think so, used wget to get it and chmod it, eveeything should be ok ...

Did you wget from raw.github?

Nope i don't think so, got it from regular github page not raw one

That'll be it 🙂

not to hijack

you need to wget the raw contents of the file

then copy that URL :^^

All righ thx, gonna try. Yet, I don't get why it must be so

upside to that rather than having it locally,spinning simple server and getting it that way?

:^

I spawn a simple server on my side to get it after i downloaded it from github

That's what i did, didn't know i had to get raw one

@willow isle If you wget the page, it doesn't give you the file. It gives you the HTML page that your browser would render.

raw.github.com serves the raw files

Aww yeah that's right ! Did not remember this

Am i right saying that curl would have done the job ?

Just to know

@willow isle Curl would have given you the HTML too

That web address will serve you the HTML no matter how you access it

Ok, thx.

Is there a difference between those tools ?

Google it

That's what i was about to say ^^ thx

is the website down for everyone else?

Yes.

anyone give me a hint privs esc on securitay ? thanks

Securitay?

That's a conference

@inland onyx It's a room as well

I wonder, it might be yours

But seeing as we can't search for that room, we're kinda stuck @sick sun

Yeah, that's what I was thinking 😆

I imagine JOAT

Mhm

sorry man i mean Jack-of-All-Trades

😄

What are you stuck at @sick sun?

privs esc

@inland onyx can i PM you

?

We try to keep it out of DMs where we can here

@stuck fractal oke man sorry

Mhm -- what James said, although you're welcome to ask here if you want a hint, or #room-help if you want help with it

@inland onyx oke man

I know I'm late to the game here but I'm stuck on Cyber Advent day 5 Question 4. I've searched through the hints here and it looks like others have figured it out. I've used the archive and found the correct number of time to go back but it still won't accept the date. Any advice?

@uncut bolt So you went back that far, did you do the maths to work out the actual answer?

@stuck fractal Yes, that's why I'm confused. I don't want to go and say what I've tried to not ruin it for anyone else

DM me your answer

hey there

can i get some help for tmux room?

#22 Now that's we've finished out work, what can we type to close the session?

arent that we used tmux kill-session -t 0 to kill the session?

From your own command line

And don't kill things, it's bad

omg my bad....

i thought it's one of the commands from tmux

Don't post answers, please.

omg my bad

Hey everyone ,, can anyone give me hint with hacker note task3

@prisma blade I don't know how anyone can give a hint for that.

Either write a script, use burp with an extension, or use the prewritten exploits

By using the python exploit, you waive the right to complain about the speed

Same with burp unless you have pro

Thanks I will try my best I saw the hint but I didn’t understand

Which question number?

3

I assume q1.

You said task 3

Do you mean task 3 question 3?

Yes

If you wrote an exploit, run it

If you didn't. Write one, find one or use burp

I have seen the one on ninja github

The golang exploit is the fastest

But how can I run it from my terminal I mean

Google.

Read it, find what you need to change

If it's Go, you need to compile it.

Is it like python <name>

how to run python code

Okay thanks

Got it

did anyone complete Cross-site Scripting challange

?

I have a question

on task 5 question 2 I've managed to change the background to red

but there is no flag

Good morning. So I am at dogcat room last flag. I am root but I can see I am some kind of jail. Possibly docker. Do you know some good related materials? I don't know much on the subject

@tawdry dove https://gtfobins.github.io/ try look here. It might give you a clue or ideas. I dont know your room but i do know docker 🙂

Thanks @shrewd skiff .

@tawdry dove try look out anything related to date

What's up peeps 🙂

Quick question... Anybody have some tips and tricks for locating difficult flags?
Common locations, searching methods, find ticks, grep tricks, etc...

I'd really appreciate it ❤️

@mental osprey i think that this could be one of your best shots https://tryhackme.com/room/thefindcommand

@still elm Thanks for the info, I too was wondering how to locate flags easily 😀 😀 😀

@mental osprey Good question dude 🤩 🤩 🤩

@still elm I appreciate the advice but I've exhausted find commands :P
I did this room a while back

that's cheeky and not nice ^^

but it works, soo xD

it defeats the point of the room ^^

well even this not works 100% of the time

should i delete this then?

up to you, i would say yes

.. possibilities enabled by "-exec" is beyond the scope of this tutorial. Can anyone suggest a good place where I can find more info about it?

• related to privilege escalation

@shadow basin that's covered in the Advent of Cyber

@inland onyx Thanks, if you mean Task 13 then thats what I am doing now. But would love to have more in depth reed about "-exec" specially related to *escalation. Thought maybe someone can suggest a good read.

I doubt anyone's covered it in that much depth -- it's just one method. There's probably a gtfobins page on it. Realistically, all you need to bear in mind is that -exec lets you execute a command on the files that you find. Like, for example /bin/sh

why outcome is 'igor' if file is owned by 'holly'

because you execute your command on that file

yeah but I am 'holly'

yeah, have you heard of suid/guid

nop I am 'new' 😄

yeah, do some reading on that. you will understand

thanks

no problemo

Anyone for Jack? Need a hint please

wait I don't get it there are no suid/guid bits in the permission for the file though @past night

is it not?

would it not be something like -rws if that were the case? idk haven't done the room/task but I don't think it's suid related but then again not an expert aha

if it managed to run the command under the context of a different user i would assume so

it is suid related

hehe, i was right

I managed to run command as another user because /usr/bin/find was belonging to another user

if it wouldnt be so, that wouldnt be the case

• hope it is not considered a spoiling

oh that's because you're running find as igor not the file you could've created your own file as holly ran find <your-file> -exec whoami \; and gotten an output of igor

@summer snow note the "s" letter on '/usr/bin/find' , thats called sticky bit

it lets you run the file as the user i guess

yea that's what I'm saying the file_owned_by_holly has nothing to do with it. It's just a random file with 664 permissions and could be replaced with any file to get the same effect.

yes

however i havent figured out how to run the bash of 'igor'

somehow on every command works this way

gtfobins is my go to for finding more about stuff like this

what is 'gtfobins'

google

https://gtfobins.github.io/

thanks alot for the hint

can someone tell me whats the incident of the photo in agent sudo /

use reverse image search

i cant seem to find anything @solid patrol

i found it using yandex

@solid patrol just to be sure i need to search the green cute alien image right ?

i dont think that is the image

Hey can someone give me a hint to priv esc in Ignite?

i'll check and hint

Ok

On the main page check the Step 2 about database configuration

there's a hint on how to get some sensitive info

On the main page check the Step 2 about database configuration
@glossy basin Ok, thank u so much✌️

Anytime, if you have any further questions feel free to ask 😄

Ya sure😇

Lmao, for the room BP: Volatility, if you just put the file in your windows computer, Win defender will give you the last answer (:

I got stuck searching and uploading thing.. and then windows told me I had a virus

getting headache from privesc jackinthebox, nudge in the right direction pl0x

That's not a room

I assume you mean Jack Of All Trades?

$ find / -type d -name 'exploits' whats going wrong th this?

What are you trying to do?

And what's not happening?

im searching for all directorys whose name is direcotry

lol exploits

So what's happening that makes you think it's going wrong?

im taking a find course and this is one of the questions

yea i mean jack of all trades sry 🙂

"find"

@graceful nacelle Maybe quote mark types

ive tried them all

Find all directories whose name contains the word "exploits"

Ah

You're not quite doing that

@nocturne vault This channel is for hints

woops

sorry, will remove

also use backticks to get discord not to format

ty 👍

@graceful nacelle name = exploit isn't the same as name contains exploit

@nocturne vault What's up with JOAT?

having trouble getting root "/

cant seem to find the entry point

I figured
(watch as I try to remember how you gain root in that one)

Oh, I remember

Should be fairly straightforward -- it's the second thing you should be looking for with Linux privesc

First being sudo permissions

feels like i've checked everything i usually check for 🤔

and second being files with SUID bit..

Correct

i did that like, 2 hours ago lmao

got nothing

Bear in mind that's an ex-conference box. I didn't want professional hackers with full root shells running around...

I feel so freaking dumb right now

I always forget the freaking / after -perm ...

holy shit im mad, that's why taking breaks is important lol

cool thanks, nice box 🙂

@inland onyx

-name pattern
Base of file name (the path with the leading directories re‐
moved) matches shell pattern pattern. Because the leading di‐
rectories are removed, the file names considered for a match
with -name will never include a slash, so -name a/b' will never match anything (you probably need to use -path instead). A warning is issued if you try to do this, unless the environment variable POSIXLY_CORRECT is set. The metacharacters (*', ?', and []') match a `.' at the start of the base name (this is a
change in findutils-4.2.2; see section STANDARDS CONFORMANCE be‐
low). To ignore a directory and the files under it, use -prune
rather than checking every file in the tree; see an example in
the description of that action. Braces are not recognised as
being special, despite the fact that some shells including Bash
imbue braces with a special meaning in shell patterns. The
filename matching is performed with the use of the fnmatch(3)
library function. Don't forget to enclose the pattern in quotes
in order to protect it from expansion by the shell.
no where does it say put the astricksSsSs inside the quatations

No, because you're not understanding the question

find / find <what> find <where> type directory name exploits

@graceful nacelle look up wildcards

i have ./*. but why would i need that when that looks perfectly fight

nm

check this would what i typed work in any other enviroment

you should have it in the -name parameter, it will match anything containing the word exploits

so for example, the directory named 123exploit will be matched, so will exploit1234 and asdexploitasd or simply just the name "exploit"

I have not done the room you are referencing, but I think this is what you are supposed to do if I've understood you correctly

You were looking for a directory named exactly "exploits"

Which isn't what you were asked for

whew i feel better thanks now thanks guys

anyone who has done Cicada 3301 and can explain to me what means uuse negative integers to go backwards in the text? I have tried a lot of methods using that hint but couldn't figure out the correct link

||Use the line numbers||

can i actually pm you? im confused af

Links can have numbers in it

got it 😄

Better asking @solemn smelt for that @tight escarp.
I tested it, so I'm kinda limited in what I should be revealing 😆

had to put head to head your hints and found the key

thanks!

Oh haha there is a hint as to how to use the negative integers at the top of the document

@tight escarp

yes i know, but i have interpreted that hint like I have to start from the end of the line and go back

Basically|| If you use positive integers to go forward in the text starting at the first letter then using a negative integer you would go backwards from that first letter to the numbers.||

yep, i guess that hint can be interpreted in more ways than one

fun room anyway 😄

It was very hard trying to find a good way to write that

yeah, i can imagine

I initially thought that too, until I saw what they actually where 😩

can anyone give me a hint why it doesnt work?

where are you using it?

at my pc, testing SUID escalation example

but are you using ssh or something? or is it your terminal?

but I am not familiar much with python, do I need to install some library?

thats my terminal

i run linux as my OS

For a start

Use Python3

same result

sudo python3 -m http.server 80

@inland onyx amaizing thanks so much

@shadow basin Thanks for moving.

weird i dont need to use python3 to set it up

Systems no longer come with python2 by default

At least ubuntu

so python won't do anything

@white salmon If you have both versions installed, you need to specify which one

Or change the symlink in /usr/bin

hm i think my python2 doesnt work then

@white salmon " ls -ls /usr/bin/python* " might list all available 'python' versions

room XXE task 2 , question 5. I have done the rest of the room, seems like an easy room, but that question makes me wanna hit the wall.

can someone gimme a hint ?

@ornate narwhal try https://www.w3schools.com/xml/xml_syntax.asp

I think this might have the answer

@last nova thank you man, i dont know why i was looking for my answer in this line : <?xml version="1.0" encoding="UTF-8"?>

lol I was sat looking at that for a minute or two as well

well that makes me a feel a lil bit good.. im not that stupid after all 😄

on the last question of corp, can't connect or change the pw, I've tried it all, is the last question just not possible due to the expiration date? I've yet to find an rdp client that will let me log out and log back in. Could someone give me a nudge?

Microsoft RDP will allow you to connect and update the password IIRC

so do I need to spin up a vm or can i do it from the room's box

RDP into itself?

Sounds iffy

well the issue is when I try to log out from the provide box it disconnects me so I don't understna dhow I'd do it any other way because you need VPN to access the machine. and to my knowledge you can't be connected on two different computers can you?

connected to their vpn

No, you can't

But