When you see it, you’ll know what to do. It’s just a matter of knowing the right tool and seeing what is going on

@verbal wedge did you create this room?

Yes

Awesome room! It was fun. After I got the link from the QR code I may or may not have listened to it during the rest of the time rooting the box

Hahahaha finally somebody that actually looked at the SMB stuff

lol, I also analyzed the QR code

me too

tailor swift ❤️

Lol kinda

Lol yeah when I saw the null session I went straight there and quickly realized what was going on with the stego lol. Still worth it for the soundtrack 😂

@verbal wedge at least you did your research once I mentioned that musician to you lol

I'm glad you enjoyed it hoof

Hahahah I included that FOR you man

Literally was the next thing I did when you mentioned it

Hi everyone, Im a bit stuck in the webgramming room, I created a bash script to get the flag in the 'repeat'section. I do get feedback repeating 'behind me' as the input of the nc command but even after a 1000 iterations, it still doesnt match the flag and gives me the 'wrong answer' :/ Anyone could give a hint ? Thanks 🙂

Just to confirm, does blog room priv esc need bof?

no

No, just look at what it is doing

can i pm you @mellow notch

Yeah for sure 👍🏼 @atomic shuttle

room: Blog
regarding getting first shell, can MSF help ?

or I have to use some manual technique ?

Have you tried either?

I recommend trying things before asking for help

msf failed 😕

the RCE in MSF, i mean

What error did you get?

There is a weird bug in msf where you have to set the payload manually.

let me try again !
it said exploit completed but failed

Try different payload options

-] Exploit failed: An exploitation error occurred.

Did you manually set the payload?

@mellow notch no

and okay

There is a weird bug in msf where you have to set the payload manually.
@mellow notch I didn't have to, but interesting

Oh really? Yeah I was having that issue with other machines on various platforms, so I googled the error and saw that there was a bug with the default payload. Suggested setting it manually so I did that and it worked. @stuck fractal

Might be the default payload on your version

I haven't updated msf for a bit

Okay yeah then that is what it is, the bug is on recent updates of msf so that is most likely why

They fixed the windows payload but

payload failed:
1 multi/meterpreter/reverse_https (default)
2 php/meterpreter_reverse_tcp

payload I tried, that worked:
php/meterpreter/reverse_tcp

@mellow notch thanks.

No problem, just make sure to exhaust all your options and try multiple approaches

why are my USER.txt location and USER.txt value not being accepted ?
whats wrong with default "user" path and default "user.txt" file ?

@burnt dust did you read the file?

damn it. sorry.

Anyone able to help navigating around SMBclient? I've connected to the share, but don't know how to navigate around the files shown with ls

dir

try help

Anyone able to help navigating around SMBclient? I've connected to the share, but don't know how to navigate around the files shown with ls
@reef carbon More or less standard ftp/linux commands

not so much linux

get command to download files ?
Anyone able to help navigating around SMBclient? I've connected to the share, but don't know how to navigate around the files shown with ls
@reef carbon

I think i'm doing something wrong. I get a load of NO_SUCH_FILE or OBJECT_NAME_NOT_FOUND errors

have I connected to the wrong share maybe?

you have provided no information. we dont even know what room you're working on. how could we possibly answer that?

Aye

Network Services, [Task 4] Exploiting SMB

I've connected with //[IP]/p******* -U Anonymous

but now any command results in errors

Show us

If you want help with errors, it helps to screenshot them

Tells us what you're doing, and what the error is

Thanks @stuck fractal , I'm a little new to all this

screen shot of error messages

you have to escape spaces. it is looking for a file called Working, which does not exist

or put it in quotes @reef carbon

Thanks, I knew it was something dumb

not dumb, just didn't know it yet

now ya do

I've been poking the owasptop10 room that dropped a half hour ago, on lunch from work. I finished the day 1 stuff but there is a question for day 2, are we supposed to find that from further exploiting the box or is that just a way of keeping the room open for each day? (If I don't have more to find in the box I need to get back to work)

it's a placeholder

thanks - gotta get back to the day job

what is the best way to grep for payloads in msfvenon if i wants to get windows x86 meterpreters ? .. cmd : msfvenon -l payload | grep windows?????

@stuck fractal hi, thanks to your suggestions I was able to complete room "intro x86-64", "CC:Ghidra" and now i just completed the Blog room. Thank you so much 👍

@mild eagle yes, you can apply several greps to further specify, e.g. msfvenom -l payload|grep windows|grep x86

Is there a good read on the passthru command somewhere other than what was linked?

@stark reef is this room-related?

Related to the new OWASP 10 injection room

and are you looking for a hint for that room?

Correct

in that case, you should tell people the room, task, and question, so that they can assist you

Where should I start in OWASP 10 injection

reading all the content of task 4 is a good start

Have you read the content in the room yet?

yes ive read it

@nova rampart By following the reading and step by step of the room you can unroll it smoothly...

ok

hi there. I am almost done with the "learn linux" one. But really, I am searching in files and with find for an hour now. I can't get to find a way to read the root.txt file. Any hints appreciated. Thanks

in room GHIdra i'm missing two questions but task 4 question 2 i the function i can't see what the variable is set to . maybe I got the question wrong but i cant get it to find with the ** in the answer box any hints ?

and the question 3 no variables is in the function have i decompiled it wrongly ?

sorry the decompiled c code didn't match the assembler code.. it was easier to get it from the assembler but wasn't the answer supposed to be in the c code ?

and it was the same, "yes i got the answer", for the first question so i guess i decompiled it wrong ?

hi there. I am almost done with the "learn linux" one. But really, I am searching in files and with find for an hour now. I can't get to find a way to read the root.txt file. Any hints appreciated. Thanks
@clear quail Which user are you logged into the machine?

I went through all 4 shiba users.

Sorry for the delay as to the answer, was turning on the machine and redoing the room to remember...

@trim haven cblte *

but none has sudo right, so I need to get access to the other ones. I know to read the file with a user who has the rights to do so

Maybe you’re not looking for sudo rights

Maybe you’re looking for a file ;)

I found ||some files in the nootnoot home dir. the file ll for example. But it does not make any sense to me. Counting numbers from 1 to 1000||

but none has sudo right, so I need to get access to the other ones. I know to read the file with a user who has the rights to do so
@clear quail In the room you were guided to use the find command, it may help you in the search for the user who will take you to the home of root...

I know that it must be the ||nootnoot|| user because of that ||.sudo_as_admin|| file. But the search for a password was not successful. I keep trying...

I know that it must be the ||nootnoot|| user because of that ||.sudo_as_admin|| file. But the search for a password was not successful. I keep trying...
@clear quail So you know that nootnoot has the right rights to your goal, forget it for now, go back to the beginning, [Task 31] #3 is your 😉

@verbal wedge nice box. just finished and learned something new. Thanks!

Awoooo

Thanks

@merry helm thanks. but .... i have no idea. nevermind. i will continue tomorrow. maybe the brain is able to solve it in the morning. 🙂

@merry helm thanks. but .... i have no idea. nevermind. i will continue tomorrow. maybe the brain is able to solve it in the morning. 🙂
@clear quail Well, you have other users... how about finding something from another user that is relevant? Well, good rest

ah oh man. thanks. I could not believe I oversaw that thing there. from then on it was easy. thanks @merry helm I totally oversaw that one thing. Should pay more attention to the details.... now I can sleep well 😉

hello i was wondering if somewon coold give me a hint about the room RP namp, in nmap scanning for question 6

Is there anyone I can dm about blog?

which part of blog?

@astral trellis Privesc from www-data.

ah, honestly thats where i am but from what ive gathered its a SUID

I'm stuck there too

Try some RE

RE? Reverse Engineering?

@astral trellis yup.

anyone doing the OWASP top 10 room pls

yes

We can help you better if you give us a little more to work with on what you’re stuck on

how can know how much non root users there are on a linux system

i tried to cat /etc/passwd

this is the only way i know is there any other one ?

Have you tried researching and googling before coming here?

yeah i did

ok i got it, that was funny

Well you can look at how many users based on how many are in the home directory or you can do it from etc/shadow

yeaah but i think and the home directory you can know how many users there are

?

but how to check if they are root or not

How many subdirectories are in /home?

There is only one root user -- ignore it

There’s one root

(It also won't have a home directory in /home)

So, the answer is literally how many subdirectories are in /home

(In this case)

but on the shell i can't change directory

i type cd /

You don't need to change directory

ls /home

aaah thanks

Or pull a reverse shell and do it that way -- either

i think there's no need to upload a reverse shell to answer the questions right ?

There is not. The webshell will suffice for that

i don't understand this question

what i'm suppose to look up for

the default shell of the user

shell's have to be be kept somewhere

like /bin/bash etc etc

hey guys when you paste a mkfifo payload how long does it take to get shell access?

@formal pier hey, I'd recommend learning how to use linux

the payload stuff never works for me

Run your VPN directly in kali

Make sure you're using the right IP

Make sure your listener works

tun0 ip or your host ip?

i'm using the ovpn ip

i pinged it and it works on the listener

https://discordapp.com/channels/521382216299839518/522158539129618453/697185180657385525

Read that 🙂

@stuck fractal i already know how to use Linux but the way questions are put in here it's kond of tricky for me

so if I interpret that correct, I just use my host IP? @inland onyx

No, use your OpenVPN IP, but never run OpenVPN on your host

Do it inside your VM

oh, but i do that anyhow

i already know how to use Linux but the way questions are put in here it's kond of tricky for me
@formal pier Users have shells -- that's how they execute commands. The setting for which shell they use is stored somewhere -- that's where you're looking.

oh, but i do that anyhow
@worthy iris Hm. In that case check the settings for your listener. Make sure you're using the right port, and that the payload is correct. Should be virtually instantaneous unless you have serious lag

@inland onyx thats what confuses me, when i ping my ovpn it gets picked up on the listener, but the payload does not

@inland onyx thanks mate i solved both of the tasks

Users have shells -- that's how they execute commands. The setting for which shell they use is stored somewhere -- that's where you're looking.
@inland onyx

Thanks, I was a bit stuck there myself. That got me in the right direction for Google to finish off the problem

yeah that question was a litl bit tricky for me too i think they should've used where instead of what

@inland onyx am i meant to paste the payload into the telnet listener? cos I've been doing that, I'm clearly messing up somewhere I just dunno where

hey just an update, I decided to use the VM on my laptop instead of my PC, and it just worked instantly, not sure why, but yeah...

Omg the users shell question got me a bit. But thanks to google I squashed it 😉

@formal pier sorry if the question was confusing. I tried to be as specific as possible

Nice Day 1 task in the OWASP TOP 10 room. I don't believe me on my self I answered all the question with some researching on google. Thanks. In hope for winning something😇

Win what?

There is a drawing everyday for the next ten days for the OWASP top 10 room

I had no idea there were prizes.

huh

no one knows what the prizes are but there’s prizes everyday

Win what?
@patent token Something at least something

No need to ping please.

Thanks. 🙂

By the way newbie here so Hello To ALL

https://tenor.com/view/penguin-hello-hi-heythere-cutie-gif-3950966

Hi everyone, I need a hint on the LFI walkthrough. I am on the last section, I've escalated privilege and have root. However, when I list files I am only getting returned the same text file from the previous section (user.txt). I know the flag in the file is not correct. What should I do?

Nevermind, I literally just figured it out

We'll call that a "taking a car whose engine is making a noise to the mechanic, only for it to stop making the noise when you pull in" sorta situation

some hint on room Blog for privesc.. i know it is something to do with ||binaries||

Have you searched for those then?

yes

I really recommend learning what's normal to see on an ubuntu system, and what's not normal

but there are a lot of them.. and of them one stands out..

There's one that shouldn't be there

Figure out what that one does

Do some basic reverse engineering on it

but there are a lot of them.. and of them one stands out..
@indigo ridge can I dm you for the confirmation.. becuase there some other also that I think should not be there

There's only one that isn't standard on ubuntu

okay

You can do your own research. I'd recommend that you do.

i will try it

Blog: for finding binaries i am using find / -perm -4000 2>/dev/null is it ok?

I don't know, is it ok?

If the command doesn't error the heck out, then it's ok.

You're allowed to do whatever

Room: BLOG

what should I be looking for changing from 'www-data' to a valid user ?
have looked into DATABASE conf for password
but the password don't work to switch from 'www-data' to a valid user?

some hint on room Blog for privesc.. i know it is something to do with ||binaries||
@indigo ridge .

Room: BLOG

what should I be looking for changing from 'www-data' to a valid user ?
have looked into DATABASE conf for password
but the password don't work to switch from 'www-data' to a valid user?
@burnt dust ur answer

@indigo ridge lol I got one binary with 'suid' bit

but don;t know how to proceed 😕

same here i just know you have to do RE

Hmmm

"strings" command can help you, but at the moment its not 😕

Eh I think it's better to use a decompiler

Grrr !

@stuck fractal thanks, was reluctant for going 2 disass, but now I think I should

Ghidra's decompiler is available for radare

Cutter is a good gui for radare

👍 thnaks

@stuck fractal thanks, cutter is good a GUI friendly too, the question is how to change the VARIABLE it asks for ?

That'll be a research thing

A quick google search will give you the answer

Look into the system calls and what they do

👀

Understand what it's talking about

Then it's trivial

yes, I got that !
i know I have to just modify (forge) the value

to binary to work

ThankGod!
iam root

^__^

room: BLOG

Room: BLOG
Difficulty: 6.5/10
I found it a good machine.

For shell: a RCE is req (msf default payload won;t work, so make sure to change it)
For priv-esc: do R.Engg via CUTTER

peace

and just some information regarding priv-esc, I usually use following 3 scripts:

1. linpeas (google it)
2. linenum (google it)
3. suid3num (https://github.com/Anon-Exploiter/SUID3NUM)

@indigo ridge ???

which software should I use?

which part you're stuck at?

privesc

try running all the three scripts I mention and then try to read outputs and see if you find anything useful.
specially script# 3

okay let me do that

Splunk room. "When viewing search results, it's often useful to rename fields using user-provided tables of values. What command do we include within a search to do this?" Surely it's ||rename||?

Also can #27 allow English spelling 😉

#31 has changed too (although it still redirects)

For the Ghidra room, can I use a VM for Ghidra?

Room: Jeff

how to get PASSWD for a valid user (web login)
the dic attack fails (ran for 10mints)
😕

advent of cyber task 29 || lfi in kibana || is the right path?

@white salmon yes

@radiant dew but we also need to do a file upload for || lfi||?

no

ok I'll try harder

search for Kibana CVEs

ye

feel free to DM me if you need

I'll try for couple for hours will do If I fail

in room linuxprivescarena task 12 question 1 i know what binary is assisting but i cant find the name of the cve - Any hints ?

Try looking up the name of the exact file/script that you're exploiting, and with the keyword 'exploit'

The version number of whatever binary can also help a lot in identifying the CVE

@white salmon makes sense but in the examples nginx is used and i pretty much tried all the cve for that .. could be the format of my input is wrong.

or it could be more related to something else in the tasks as symlinks ?

@white salmon finally got it 🙂

It's definitely something to do with nginx- try researching the exact hinted version in the task

nice

wrong input tnx @white salmon

Hi everyone, I'm new.

I'm working through the steel mountain room (https://tryhackme.com/room/steelmountain) but I'm having trouble with winPEAS.

I've managed to get a winPEAS executable onto the target machine, but when I then try to run it using the command winpeas.exe it just hangs on a blinking cursor.

I've tried numerous versions of the winPEAS binary - obfuscated and not, x86, x64, "all" - they all give the same non-result.

I was really reluctant to come and ask for help but I'm just stumped. Any ideas?

restart machine?

Tried multiple times. Just managed to get the .bat version of winpeas to execute, but others that have done writeups have succeeded with the exe version

@tough hollow what have you tried

Have you tried .\winpeas

Yep, but now I think of it I onyl started on that with some later binaries

Having to reboot server again, will try that same .\ prefix with some other binary versions

anyone ?
Room: Jeff

how to get PASSWD for a valid user (web login)
the dic attack fails (ran for 10mints)
😕
@burnt dust

Have you tried .\winpeas
@trim haven

So I've now tried the .\ prefix again mutiple different versions of the binary.

All result in a simple blinking cursor in the reverse shell.

Screenshot screenshot

Screenshot screenshot
@trim haven

You’re executing it but I don’t think you’re getting the output maybe slow connection

How long have you waited

About 10 min?

Maybe 15?

The batch file works quite quickly.

I’m not experienced in Windows. Have you googled your issue

I have. People just say "use the bat file", which I have, with success. Just can't see why the binary wouldn't work

Thanks for your help @trim haven , looks like it's just some weird bug. I'll try it on other Windows boxes

Hi, i'm doing the "blog" room, i found 2 usernames for WP. To acces wordpress do i have to brute the login page or there is another way?

@red minnow you can bruteforce the login page for one user.

@fallen sedge 😄 yea i found it, it took took long

Yeah very long for me too

shouldn't take long

you just need to bump up the threads for bruteforcing

Yes but with wp.... It's very long. 😉

no

took me two minutes

maybe even a bit less

and i don't have a good connection

Serious, almost 10mn for me

@wooden mist do you have a little hint for blog. I know where user.txt is, but i'm stuck to move to the other user

Maybe you don't need that user after all 😉

Thanks @wooden mist i will try to find.

The best way isn't always user -> root

Sometimes it's a bit different

What option sets the architecture to be exploited in metasploit?

You just have to select the appropriate exploit for the architecture you need

a question about the OWASP Top 10 #6 Print out the MOTD. what is referring to i got a rev shell on the box but still cant figure it out XD

Do you know what MOTD is?

not sure what shortcut is.

What

i got the flag .txt but cant figure this one

@final mortar but what option is it??

@white salmon Research what MOTD is

@tidal sedge i translated the hole question and i figure it out still MOTD has in dic a few specifications

Hello there, could someone use the sequencer of the BURP in the OWASP Juice to analyze the cookies??

@final mortar but what option is it??
@spare cobalt there is no option, there are different exploits

@sharp ether If OWASP Juice Shop has any sort of consistently randomly generated cookies, then yeah, you can probably use burpsuite's sequencer to analyze the data

@sharp ether If OWASP Juice Shop has any sort of consistently randomly generated cookies, then yeah, you can probably use burpsuite's sequencer to analyze the data
@white salmon ok, because i send to the sequencer a registry from the HTTP history with a header like this :

POST /rest/user/login HTTP/1.1
Host: 10.10.77.78
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: application/json, text/plain, /
Accept-Language: es-AR,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 56
Origin: http://10.10.77.78
Connection: close
Referer: http://10.10.77.78/
Cookie: io=ZX8ukEj_TnPUmeFEAAAA; cookieconsent_status=dismiss

sometimes it appears in the sequencer with the cookie and sometimes not, apart from that when i try to start the live capture i can't get any token

What you've shown is a request, not a response

The room asks for a response with a SetCookie header right?

yes

oh

ok, because i couldt find setcookie anywhere..

that's why

thanks

Now i sent this one to the sequencer:

HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Content-Length: 23
Access-Control-Allow-Origin: *
Set-Cookie: io=ZX8ukEj_TnPUmeFEAAAA; Path=/; HttpOnly
Date: Tue, 14 Jul 2020 14:54:03 GMT
Connection: close

20:42["server started"]

and i set Cookie: io=ZX8ukEj_TnPUmeFEAAAA in "Token Location Within Response"

now it has done over 4k requests and i haven't any token captured

you shouldnt be setting the cookie, you should be getting a response that already has the set-cookie header

Could somebody point me in the right direction for priv esc on the Blog room

I have a shell with www-data, and I'm not sure if the ||checker|| file is the key to escalation

you shouldnt be setting the cookie, you should be getting a response that already has the set-cookie header
@oblique cliff the header of the response that i send to the sequencer has in the header "Set-Cookie:" , where i put the Cookie: "io=ZX8ukEj_TnPUmeFEAAAA" is the location in the response where the token appears

inside the sequencer

can anyone help me with the Blog room? can someone give me a hint on how to get the user joel?

Maybe challenge your assumptions

Your goal from www-data is to get anywhere

the only where i've gotten is nowhere 😭

I know where the user flag is in Blog. I need a hint on how to proceed and also how can I get the joel account

Challenge your assumptions

You're assuming you need to log into that account

Or gain access

You can read the flag in that dir anyway

I receive permission denied

I am with www-data user

Wat

In Blog challenge

That doesn't narrow it down at all

you're assuming you have to get from www-data to the bjoel account @echo thunder, rather than look for that instead look for a file that doesn't fit when you enumerate the box and see can you exploit that directly

I did not understand the part to look for a file @median compass , can you explain it with other words or meaning

?

yes, when you enumerate looking for privesc a common trick is to look for a file that doesn't fit right? that looks odd or out of place, like it has privileges that it doesn't usually have or is in an odd place or owned by a strange user or group. When you find such a file that will be your path

and it may help to see the full list of tags for the room, only the first four show in the dashboard
"tags":["cve 2019-8943","wordpress","blog","web","wpscan","linux","security","cutter","reverse engineering","binary exploitation"]

yeah i figured out how to disassemble it with radare2 but i have zero idea how to read it lmao

I can tell that ||the binary has a setuid in there, and a check for a ENV variable, but I have no idea how to find out what it is||

Im at privsec at blog too
But i not good at reverse engineering
Any good room to practice and learn how to do this privsec ?

You don’t really need to do deep disassembly or reverse engineering, although it does give a very clear picture of what is going on if you do (radare/cutter/ghidra). Look up what commands can TRACE system calls.... hint hint

@white salmon google how to exploit what you found and there should be a useful article on the first page

hmm

He's really helping ya out here

You can do eeet

Got it

haha epic

Thanks so much!

tbh I really did fall too deep into the rabbit hole (of reverse engineering) lmao

It’s still a good exercise in reversing it tho, just for practice.

Oh yeah, definitely

It's definitely a good motivator for trying to learn more about reverse engineering

Nice and easy Task 2 in OWASP Top 10 room

Thanks @proud scarab

That's the bot

so having issues with "BLOG CTF" ||zlib file extraction|| help anyone?

what are you trying to extract @winter plover and are you sure you need to?

no im not sure hahah found a|| Zlib file in a .png and tried to pull some info using a python zlib script got nothing||. If im going the wrong way plz feel free to tell

@median compass

in the blog room?

PNG images are often detected as containing zlib

so binwalk etc wil tag any 'magic words' it finds in a file, the png standard uses zlib to compress the image data, so it's normal to find that there - a rabbit hole I'm afraid

haha well thank you.. iv been digging for a bit. appreciate the help. I don't use Binwalk often. @stuck fractal @median compass

no worries, happy hunting

Good luck!

Love, bjoel

Also, please find the hidden things I left

I really liked the Taylor Swift video

:)

Yessssss

i wonder how many people actually watched it

I, for one, think you did start the fire.

I watched it

Yayyyy

It gives me laughs every time

it's funny because I was actually thinking of the goat version when I watched it

Hahahah yesss

Did you find the QR code?

Yeah, that was a nice touch too

Also Billy's termination letter lmao

I'm glad you liked it hahaha

I figured it was a nice touch lol

Not enough backstory for all these poor users whose boxes are being hacked into 😤

Lol

That letter was awesome “because we don’t care”

Hahaha Im glad you liked it

What does Jack's first hint mean when it says "and don't use tools"? Does it mean don't use tools besides wpscan?

Don't use msf etc

Okay gotcha

Guys am stuck with BLOG room. Did SMB stuff , got down the rabbit hole. Now what ? It's wordpress , maybe wpscan ? I'm a beginner.

My personal recommendation would be try things

You suggested wpscan, why not try it?

I tried it with rockyou.txt , doesn't seem to work

Mmm... it works

Try to enumerate some users

Got the two of them sxb and bxxxl

Looks like something is missing

Enumerate the blog a little more

Suggestions ?

Google tools to enumerate Wordpress blogs

Ayyy

He's got it

|| I think wpscan has an enumerate users feature ||

||Kwheel||

Yup, just didn’t wanna outright say it

How do you make the text blackout to hide spoilers?

Heyo

Double pipe on each end

Okay thanks. Good to know 👍

Thanks buddy @mellow notch

I'll be reviewing write-ups this week with the release of mine on Friday

No problem @shut pollen

Let's see if we can break in

I'm around if you get stuck

I'm sure others will offer help too

wpscan does enumerate users

Yeah I just didn’t wanna outright say wpscan, but that was what I was poorly hinting at... still trying to figure out what is and isn’t a spoiler

Anything that gives something away for a room I'd imagine is a spoiler

Broke into ||kwheel|| , It's reverse php now I guess ?

Maybe, maybe not

Mysterious

|| maybe there's a specific WordPress vulnerability lying around somewhere ||

Really I gotta recommend trying stuff before asking

Ok man !

But yeah. Try a few things out

I'm here

I can help so long as I'm not busy

I'm just watching some anime

It's 5:01 am here man , I should have been in bed 6 hours ago.

Oof

Go to sleep

Lol jeez

The box isn’t going anywhere! But yeah I get it, once you start... its hard to stop

It's great. Plus need to learn stuff man.

Lol

itll be there in the morning

just note the password

then head to sleep

Thanks @verbal wedge you're a good man

its my room 😛

i gotta help

Hey guys,
This is my last question in the AttackerKB room. Went over all the posts posted on the form. As well as the Webmin sight that explains the vunerablity. However, No luck with what the answer is. Please advise.

There’s a hint there

Look at the first evaluation on attackerkb

States it explicitly.

How you do the bar over text in chat?

use two pipes - ||

oh

you mean this

strikethrough

~~ use two tildes

https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline-

no ||this||

figure it out.

spoiler, then the pipes - or just check the markdown reference posted

I don't have any experience with that particular box, but try it! and if there's a lot of users try using Hydra

humm guess not

So I guess in Blog it's the ||checker|| SUID

But I guess it's RE stuff now

kinda

not really RE

go to bed

Ghidra ?

could use Ghidra

or GDB

or Cutter

Doing that , now am stuck

#Noob

I'm a noob at RE and I used Ghidra and got it so if I can u can

Still man

I am new

I'd recommend not starting on intermediate content then 😉

or doing walkthrough rooms first

I have done stuff

Just ghidra and binaries are scary for me

Then you know what to work on

Just a bit on this and I'll push

Nothing stopping you coming back later

Keeping passwords as notes

||getenv|| and ||setuid|| parts ?

Do your research

:(

I'm feeling incredibly stupid

I'm trying Source

and im stuck at the initial enumeration

you nmap'd?

mhm

Try going to 443

im at the ||webmin login page||

Man I eaven got the code

im at the ||webmin login page||
@verbal wedge Maybe do the attackerkb room first?

break it down

that pretty much spells it out for ya 😛

Work out what it does

Trace the code through

@verbal wedge You want the screenie deleted?

plz

@shut pollen This is the hints channel, try to avoid dumping spoilers like that

Sure man, noted

Sorry am new

It's okay

It's my room though and its still fairly new

So avoid posting huge spoilers like that

Why cant I add the hostname ot my /etc/hosts?

Rather, which hostname do I put lol

the one you found

||source|| or ||root@source||?

One of those isn't a host name

true

but yeah im stuck

i dont mess with this file much

the first one

name\tip

\t is a tab

||https://i.imgur.com/EXXppsV.png||

like that?

👍

remove the old ones tho

lol

it doesnt work like that though

like if i do https://source

I get nothing

dig source

see if it resolves

I think so?

Im still rusty on reading dig's output

I'll work on it

ill just use the IP

well that was easy

Hi, I'm doing Alfred's room, but the machine don't boot...

it does

how long it take it to boot??

Many windows boxes don't respond to pings

I'm doing hping3 --udp <ip>

And?

It should respond?

Still won't reply.

mmmm...so I have to scan it with -Pn flag in nmap i think

I don't understand why do not respond to hping3 set in a different protocol....anyhow nmap is running well

Why would it respond though?

because it says that does not respond to ping (ICMP)

and hping craft package in other protocols upd, tcp

Ok, but why would it respond?

There's nothing running that would accept that and reply

No reason it'd respond

@stuck fractal OK, I will study more this topic

I mean if you use some logic

Why would it respond?

There's nothing listening

it's going to ignore them

Yes but ohter machines with no ICMP replay in other rooms has respond to hping3 --udp for example..

but I have to read more of this topic to understand why

Responding with ICMP port unreachable?

That'll be a firewall thing

Stuck on Intro x86-64

Trying to get the value of var_8h before popq and ret

I must of missed something, in Blue I have scanned it and found the open ports but how do I check vulnerabilities with that?

Try using the option --script=vuln with nmap

I'm gonna go through the nmap room again

https://tryhackme.com/room/ra
How should I approach this room.. where to start?

@indigo ridge Enumeration is always a good start

Already did that.. nmap scan gobuster

@indigo ridge
Okay. Without having done the room I saw two interesting vectors from initial look around. Have you discovered anything you want to pursue?

For instance there is an ||interesting http form|| and a ||service with associated users|| that might be worth checking out

Can anyone give me a hint on billy's password on Blog room? I know the username

For instance there is an ||interesting http form|| and a ||service with associated users|| that might be worth checking out
@devout palm

I was thinking about ldap.. but I never did that.. so no experience
And about that form.. i am still clueless

@indigo ridge There are several services running on the box. Have you identified which common and not-so-common ones are running?
What makes you clueless about the form? Without having attacked it I'd imagine it'd be a great place to start to gain access.

Okay.. yeah there was a service.. Which was not identified

Crack the hash room. Level 1 #4 and level 2 #3. For 1.4 ||bcrypt||, how? And 2.3, how do I format it for hashcat (with rounds)?

Have you tried googling the commands and its general usage

usually "how to decrypt with x" works as a good guideline on how to structure the command

I have, and I've managed the others, just not these two

@indigo ridge I think you're misinterpreting your results. There's a service with various listening ports for client/server and web admin console in both plain HTTP and TLS. That ties together with a ||username list|| on the webpage. There's also the ||reset form|| which is highly interesting.

For the ||bcrypt|| one I have an estimated time of 60 days 😆

Okay.. yeah there was a service.. Which was not identified

@radiant dew For 1.4: ||You specify bcrypt as the hash type.||
For 2.3: there's no need to specify rounds, it's already formatted the way you want it.

For 1.4 I'm running ||hashcat bcrypt.txt -a3 ?a?a?a?a -m3200||

2.3 is ||hashcat cth23.txt /usr/share/wordlists/rockyou.txt -a0 -m1800||

@radiant dew You are on the right path. For 1.4 I'd first try with a smaller character set than 'all', that'll probably lessen the time it takes for you.
For 2.3 it seems completely fine.

Thanks! I'll give it a go. Also I've just made a rockyou with ||only 6 characters|| which should speed things up too. And it's just the Hash, not the salt or rounds?

@radiant dew Yes, a 6 character rockyou ought to speed things up substantially for 2.3. I'm pretty sure you don't need to specify rounds (I just tried without, but could be because I've already cracked it and it's in hashcat's potfile I managed without), otherwise this link ought to explain rounds to you in the hash: https://security.stackexchange.com/questions/93674/how-does-hashcat-figure-out-the-sha-crypt-rounds-on-a-linux-password
I'm having trouble following your last question though. The hash string comprise of both the salt and the hash, and eventually the number of rounds for the hash function.

I found that and tried but it said invalid hash. I'm wondering if it's because Mrtn wrote rounds=5000& when I think he meant rounds=5$

My last part I simply meant do I need to reformat the hash given ($6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.). I can see it includes the salt, but not the rounds. Perhaps I'll try $6$rounds=5$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

As I said, I managed without rounds specified

I'll just leave it running 🙂

@radiant dew for reference, ?a?a?a?a takes 3+ days for me on 1.4 while ?l?l?l?l takes ~25 minutes

your gpu may vary though

Yeah, I'm doing ?l?l?l?l and it's saying 8hrs. Maybe not the best task for a Kali VM on a laptop, especially as it seems the VM isn't using the GPU at all

"VMware Workstation 15 does not support GPU pass-through at the moment."

2.3 should only take 20mins or so though

Hi everyone, anyone has a clue regarding the webgramming room ? I did a script providing "behind me" through nc a 1000 times but still I always get the same feedback from the server which is "wrong answer"

Can someone suggest me the answer to: "If A password hash starts with $6 $, what format is it (Unix variant)?"

Have you tried googling that exact question

type something like hashcat mode list on google, you should find some interesting stuff

hey what does a ip hostname looks like

A hostname is just another name for "device name" or "machine name" usually

But it depends on context- because it can also just be another way to say "website" usually

Host names are converted to IP Addresses via DNS servers

relly i passed device names like a while ago

haha thank you

Hey in Lord of the Root room there is a question about what method to exploit the system for privellage escalation called any hints on that i got root and stuff and i tried the name of the exploit and didnt get anywhere

Mr robot room || Can't switch to user robot automatically gets declined? ||

Are you sure the password you're inputting is correct?

I don't input any pass

It gets declined before I can enter

Are you typing in ||su robot||, or are you trying to copy and paste it or something?

sometimes a copy and paste might have a new line character in it that causes your terminal to involuntarily press enter

@white salmon || I am typing su robot, su - robot || I think my current user is at very low privilege

it should just be ||su robot||

tried both

Try SSHing directly into the machine as robot

ssh is filtered

Most likely the user that you're using probably can't su then

Try seeing if you can gain access to another user on the system

checked writeup they did the same and it works 😦

"python -c 'import pty; pty.spawn("/bin/sh")'" used this to change my shell and it works

oh

perfect

any hint for blog room

any hint for where you're currently at in the room

can I dm you bro

??

sure ig

read rule 13 btw

What are automated tasks called in Linux?

i think ans is crontabs but it's wrong?

||cron jobs|| i already answered in general, didnt i?

||jabs||

lol woops

@lusty notch The answer is clearly linked with a topic your doing, if you can tell us what including the question number we can perhaps help you a little more rather than trying to guess the answer.

Introductory researching task 2-> Q.2,4,5 ? @white salmon

You are on the right lines with Cron.

Perhaps use a space between Cron and the (next word)

now finally it's correct, thanks @white salmon

Regarding Q4 & 5 google is your best friend (especially given your doing a room called introductory researching 😉 )

@white salmon 👍 okay

Give it a bit of a shot with google, it's all easily researchable, if you're still struggling then come back and we'll be able to help!

Don't give up while researching- just keep trying different terms and ideas

trust me- if you give up just on googling, then you won't want to see what real enumeration will be like

Done bro @white salmon @white salmon 🤘

Glad to hear it!

Anyone got some experience with eternal blue? I'm on the blue machine trying to run m||s17_010_eternalblue|| but get this error. I've tried restarting the box a few times and changing LHOST but it keeps failing.

youre lhost is wrong

it needs to be your tun0 VPN IP address

tried that @oblique cliff still the same error

oh god the eternalblue exploit, i was never able to do it with metasploit

it always failes for me

@reef carbon the exploit itself is inconsistent so you may have to try several times. But you definitely need to have that IP changed

yeah tbh my experience with eternalblue was very rng

but when it works, it works

(but if it doesn't, then it crashes the entire machine)

also i like how you ||spoilered the exploit|| but forgot to censor the pic

yeah I tried a few writeups and googled it, all said the same thing. I guess I'll just pray to RNGesus

are you using a VM on your host, or the THM kali?

there's a room called Blue where the tryhackme admin that posted the video says "this exploit is very inconsistent"

i actually found a higher success rate tbh using THM's machine

Ah that's a good idea @white salmon i'll try using that

@reef carbon update your metasploit

You're using an old version that sets a payload that doesn't work

oh good point

i forgot to check which payload he was using

With correct settings, it works like 90% of the time

thanks @stuck fractal , i'll report back once i've finished

Break Out of the Cage 1, privesc to root, can someone give a hint as to what the note is? I figure ||its encoded/encrypted something along those lines|| but i dont recognize it. And I tried it as roots password but its not that either

is anyone working on the new room "Blog"? trying to get privesc going

||It looks like plaintext, but shifted. What if it wasn't caesar|| @oblique cliff

@gritty helm Do some privesc enumeration

i did ||rot1-26 but it wasnt that||

That's caesar

maybe its a ||ascii shift or whatever its called||

oh

ok ill look for what the other one is called

Have a look into similar but different schemes

||Maybe one that has a key||

oof im so bad with that stuff. Alright ill look into it

@stuck fractal linpeas showed ||ca-bundle.crt as 99% privesc vector|| but I've never gone that route before

It's talking nonsense

@gritty helm I'm pretty sure it's a false positive

Keep enumerating

-_- alright that's basically what I wanted to confirm, thanks!

linpeas tries detecting SSH keys, and that file is just full of random ones

yeah I was going through it and couldn't think of how to leverage them for privesc lol

have you tried logging in with every single key

¯_(ツ)_/¯

what are these 'schemes' generally called? i dont even know the category im researching... ||shift cipher||?

@oblique cliff Probably cryptography/string manipulation

thanks

unreal I got so hung up on that I missed the very obvious creds haha

I think you're being misled again

creds in the ||wp-config||?

Eh, try em if you want

Hey guys , still stuck with the ||checker SUID|| in Blog

Any help ?

You had the entire code

Read the code

Lookup the functions being called

See what they do

And then man ?

The manual?

I mean yeah I think there's man pages for them

Nah I mean I did that stuff

But Google has info too

What's next ?

Ah

Uhhh

If you're still stuck beyond that I'm not sure

Maybe practice some C?

i don't think you googled all the functions, then

Or that

Linux Programmer manual is included in Man

You can look up the library functions in that

Or online

so researching your hint for break out the cage I "narrowed" it down to:
||coumnar redefence transposition ubchi autoclave beaufort bellaso gronsfeld porta slidefair variant beaufort vigenere||

is it even in that list or am i on the wrong track entirely. Also, you said ||one with a key. I don't see a key anywhere, but i guess thats another problem altogether unless we're reusing the key from the vigenere cipher but thats doubtful||

That last one is typical in CTFs

You've seen the key. Make some educated guesses. 😉

we already used it on the foothold, so i thought it was gonna be something else

but i will soldier forth!

thank you for that

@stuck fractal 1 I love you (in a completely non-bro way 😉 ) 2 i actually got it! thank you yay for beginner CTFs 😄

I'll keep making content, just for you 😉

I'm doing the Learn Linux room by Paradox and I got stuck in the last task.

Any hints on how I get root access?

The room gives you a way of getting root access

ok

Hi can someone give some hints for priv esc? Im doing the Blog room and I'm stuck in www-data 😦

Thaaanks 🙂

Have you enumerated the machine yet?

I tried using LinEnum

but i havent found anything

or maybe i miss something? lol

Try multiple enumeration scripts to help you narrow down a possible path of escalation

It's possible- you might have to read through the output very carefully

Hey guys finally did it ( it was real easy and I was stupid ). Thanks everyone for the encouragement. Especially @stuck fractal @verbal wedge

Woooo

Hello I'm still stuck in the Learn Linux room. Can you please tell me where is this way you mentioned before? @stuck fractal

Read the previous tasks

Is it the /usr/sbin/checker?
@white salmon

Have you tried checking out the program

I just tried running it and it just shows Not and Admin lol

Reverse engineer it

Oh i guess i need to learn reverse engineering first

thanks 🙂

If you know some C, you'll be fine

in room dailybugle i found || a cve for the cms trying to run the sqlmap defined in cve to save time when i know th db is Mariadb isn't the correct to add the --dbms=mariadb switch " || just doesn' seems to work

the sqlmap one doesn't work for a lot of people

tnx so have to use the || metasploit || ?

No

There's a lot of exploits for it

In blog room || the dbase iii dbt file can be opened with libre office|| ?

Probably if you're www-data

I have the file in my system?

Did you download it from the box? You shouldn't be able to

I got it from || smb share||

Oh uh I didn't include anything worthwhile there just sayin

thanks ig 😄

questionhave I missed something in the hascat command line since hashcat only finds wrong pasword and john can password to bcryp $2y$10$0 || hashcat -a 0 -m 3200 crackme /usr/share/wordlists/rockyou.txt --force||

Room, task, question

Don't use --force

Otherwise you will get invalid results.

sorry dailybugle I use force because of running inside vm Device #1: Not a native Intel OpenCL runtime. Expect massive speed loss.
You can use --force to override, but do not report related errors.

Do not use --force

I've told you why

You've seen why

Use john

Got it 🙂

and tnx

just wanna try different tools to learn

Kali 2020.2 has working hashcat CPU support

Without --force

okay how ?

How what?

how do i run it without --force then ?

don't

Just... don't put --force?

Probably update your kali first

just don't use it on a vm

best to crack on the host if you have a GPU

I am running 2020.2 .. 🙂 and guess you are right about host and gpu anyway 🙂

I normally am right, especially about hashing

yeah- you don't need to hashcat in a VM technically

since it can take a local file as input

Room Madness hint on how to get ||ssh username||. Was able to ||get the secret from the hidden directory, but no leads how to get the username||

Steg

Steg everything

Literally everything

is that a life tip or room tip

but noted, steg everything when doing CTFs, got it

This room specifically

By everything, I can't emphasise how literal I want you to take that

no, you have emphasized it

so there are no other ||images|| that i can find... and I cant steg html pages, so what else is there to steg?

besides everything cuz i feel like ive covered everything but clearly im missing something

||Images on the room page? Hidden HTML on the room page?||

........................

whaaaaaaaaaaaaa

thats not fair

i didnt realize ||outside of the box was in scope for everything||

You're fairly passive here

So scope is eh

You're not attacking THM's infra

na its fine i just didnt realize the scope of CTFs, but now i know

also, so ||I found the other pic (the bunny ears and card) but its unable to be opened by steghide I believe this is right picture, is there another picture I should be looking for too?||

should I inspecting the kali machine image too

never mind i looked at the hint

Wow OWASP TOP 10 Day 3 task only resources to read that is it.

Not too much of a challenge

There's a challenge there....

Oh

I missed it then let me see again

My mistake did not refreshed the page

Thanks

@stuck fractal thanks for help as always, rooted 😄

Madness was designed to just be a pain

haha i mean the only thing that was a pain was the one part, everything was pretty normal. It was just a pain for me cuz i havent done many straight up CTFs so i have no experience with ciphers or extracting image from data or anything like that

but yea outside of ||the room image having data|| i thought it was pretty fair if you know how to do CTFs

although idk if id say that was an easy room - again, beginner at ctfs, though, so i might think different in a few months or whatever

Got the flag but I have no idea about the extra thing on the challenge (OWASP Top 10 Day 3)

Tried to extract data from the images but without the passphrase no luck

Any hints guys?

Are you looking for the voucher..?

Yes

Doubt anybody will help you there dude.

It's already been claimed

^

There you go :)

but for the time being here's a starting point: boxes are boring, escape 'em at every opportunity.

What they are trying to say?

It is okay that the voucher is gone but still want to know about how to proceed on here

there was 1 voucher and first to find it got it?

Yes

Has anyone solved this There may or may not be another hint hidden on the box, should you need it, but for the time being here's a starting point: boxes are boring, escape 'em at every opportunity.
i have an idea what its regarding but havent found anything yet..

That is related to the subscription code

Which is already claimed

I type #room-hints Yes someone has, meaning Check the channel, we've already discussed it.

Oh OK

theres only one. interesting

No one has really disscussed the solution?

Nope. I haven't managed to solve it in time but I think it had something to do with the ||email address on the front page as the domain was registered on the 12th this month||

I feel im missing something obvious on the ccghidra room,
currently stuck on task 4#2, where its asking what the first variable in main is set to, and it appears to want two characters...

how can i say what i think its about without the spoiler? is it OK to post that here?

can someone say if it's ctf-related, as in finding a flag on the box,or was it as simple as ||sending an email to that address||?

An email would have worked

Muir has said that

ok ty man

ohh so the solution was to send an email!?

That was a solution

I don't know if that was the solution

interesting theres more than one then... :/

I guess walking up to the thm office with a printed html of the page would also have worked

interesting theres more than one then... :/
@silent iron I didn't say that, but ok

your speaking in riddles

LOL

a solution is the correct action isnt it

No

I'm saying that's the solution I know of

There may be more, but I do not know if there is

In the world of penetration/hacking, there's always more than one solution usually.

Or what those might be.

It just depends on how hard you look/try for a new solution.

@oak iron I'll take a look, through if I remember correctly, you need to convert it to decimal(should be in hex I believe) 🤔

🤔 im missing a variable then, as the only vars i see are set by reading from STDIN and comparing the result

||```c

int main(void)

{
int stdin_similarity;
char stdin_data [8];

                /* read from STDIN */

fgets(stdin_data,5,stdin);
/* compare STDIN against "1\n" /
stdin_similarity = strcmp(stdin_data,"1\n");
if (stdin_similarity == 0) {
/ on match, print success */
printf("nice!");
}
return 0;
}

your speaking in riddles
@silent iron Ok, it was just email

@oak iron i had the same look in the assembler code 🙂

Yep, it's in the assembler code

what do you mean it was just email?

like you need to send an email to that address?

got it, thanks @mild eagle @tidal sedge

not sure why that worked, however

Yes, but it's claimed so don't email now @silent iron

oh OK

awsome, i just did actually before you said about it

oops

I already told you it was claimed... -_-

Did anybody find another way for the subcode (extra challenge in owasp top 10 day3)? Just want to know if there is another way

The only way was emailing

It has been confirmed by the creator

hello, I am struggling on finding the privesc and user flag for the box blog

I've spent 3 hours looking for the solution.. Would it not be better to add something like "the fastest gets the bonus price" to the description? 😄

does anybody have hints

does anybody have hints
@void lichen use linpeas.sh

I did

maybe I missed something

the pkexec looked weird

does anybody have hints
@void lichen yes i think so! im currently on it too...

the pkexec looked weird
@void lichen look for three config lines, these are "extracted" within the linpeas run... theres something like a hardcoded string

yeah the mysql database

right

which I got the password hash for the other user

which I couldn't decrypt

You won't be able to

Protip

hey there lovely helpful people, I have a quick question on jeff, finally went back to it after being scared away the first time 🙂 rooted it now but I can't get the user flag accepted. I got the hint to do the thing but can't seem to find a coding that works, anyone to give me a hint, sucks to be stuck on that part after getting the rest lol

nevermind, got it... did the thing on a online generator and it worked where ||md5sum|| did not, better go back and read the manual again I guess

yeah, no, I don't understand that... the command line consistently gives me a different response to the online tool... very VERY confused

\n at the end?

don't think so, on the command line I'm doing ||echo <text>|md5sum||

So you'd have a newline at the end

because echo has a newline by default

ahhh

i get the same result when I dump the text into a file though, and there's no \n at the end then, I checked with xxd

¯_(ツ)_/¯

yeah, me neither 🙂 thanks for the suggestion

does echo -n <text> | md5sum work?

that's a sheepish yes, thanks @toxic scarab

it is the newline that James suggested

So it's the \n then

yes James, you were right 🙂

I love crypto

I hate CTF crypto

well, at least I won't forget it now lol

use ciphey problems solved

oh hi

bee it took me a while to figure out who you were

wtf

Dw @wooden mist , I'm a new person now

jfc i'll mix you two constantly if you don't change it

hey guys ! i'm on room Learn Linux, task 11. whenever i try to run the binary, it says access denied. is there something i am supposed to do ?

Are you trying to run the text file you created?

yes

are you doing ./noot.txt

That's not a binary

That's an empty text file you just created

yes i did ./noot.txt

ohh

Hi guys, so i'm in the room called, linux challenges. I'm on Task 4 #7

Find flag 26 by searching the all files for a string that begins with 4bceb and is 32 characters long.

I run find at the root level, pipe grep -irl '^4bceb' *

the command runs, i see the search, my issue is the search freezes on files called "clear_refs" everytime! I mean is there something wrong with the room or am I just doing something wrong which causes the search to hang there?
@hazy sequoia so i still havnt figured this out yet, however i completed everything else in the room and moved on to tmux, while attempting this for probably 30 mins each day. no luck. any hints? Also do i have to run tmux from within an actual linux environ, using the web based virtual machine doesnt seem to work as when do for instance ctrl + b w it just closes the window.

so i got the password and succeeded. what's the point of creating noot.txt if i'm not going to be running it, and will use instead ||./shiba1 ||?

The binary performs a test

To see if you created that file

It's like an exam

soo if i didn't create noot.txt and ran the correct binary, it wouldn't give me the answer ?

Correct

does this apply in real life cases ? or is this something just to test me user out ? (not the running binary part, but creating the pointless file).

This is testing you.

ohh okaayy got it ! thanks james.

Hey, one question about OWASP day 3, I brute force directories for getting the "sensitive data directory" there is other way to get ir? Already end it, just curious

@narrow kettle Realistically, using something like gobuster is usually the way to go

In this instance there was a comment telling you the directory in the login page

In the main page? Can't see it

The login page

But the answer were a***** not login

Look at the source code in /login

Gotcha, that was I missed, check the code, thank you!

hello, can someone help me out with the last 2 flags on Django Room?

I'm struggling to find the user flag and the hidden flag

on room Learn Linux, task 14. whenever i do ||echo hello > file|| it gives me file: permission denied

Did you check if file exists

And if you have write permissions

Are you logged in as shiba2? Is you current directory still /home/shiba1?

yes i am logged in as shiba2, and directory is actually /home/shiba1 .. am i supposed to change it ?

Try it and see what happens 🙂

yes i am logged in as shiba2, and directory is actually /home/shiba1 .. am i supposed to change it ?
@valid rune Yes, you generally can't create files in someone else's home directory

even though i don't know how to change the directory to only be using shiba2 .. but i'll look on how to do it. if i'm stuck, i guess i will need help 😆

Google how to change directories

And if you’re the user and you’re trying to go to /home/{username} then it’s called your home directory

So you can google how to change to your home directory as well

@valid rune

Learn Linux room actually cover's it later too

Yeah Task 29, if you want

Looking for that code in the OWASP top 10 room, anyone find it? is it still there?

It's no longer claimable

The creator has said what you had to do to obtain it

I figured, darn.

It said it was on the homepage, tried steg on the image but nada

w/e

thanks!

@oblique cliff thanks ! i already did find the answer and changed the directory with a very simple command. honestly it's a small thing, but i feel proud that i figured it out myself 😂

good job! we all gotta start somewhere nothing wrong with being proud of yourself 😄

and to be honest it's all thanks to the researching rooms and motivational writing that one should google almost everything.

The creator has said what you had to do to obtain it
How 👉 👈

Email the address, but don't do that now

Hey everyone

I'm doing the linux challenge room

And I'm looking for flag26, but I'm kind of stucked with the regex synax

Could anyone help me?

And I'm looking for flag26, but I'm kind of stucked with the regex synax
@wraith pivot same here, been stuck on that flag for a while now.

Email the address, but don't do that now
Nah nah I am already subbed, just wanted to know the method 😂 damn it was so literal , I missed it

why am i stuck on enumeration for LotR

-p- isnt completing

and without it, it only finds one port

Want a big or small hint?

mmmmm

small

fornow^TM