#room-hints

nope, still gave me 300 results

No

find / -name '*release' 2>/dev/null

When using single quotes it's basically saying "only search for this string"

nope, still gave me 300 results 😭

Wut

Oh shoot

my b

Escape the asterisk

any advice ninja?

Find treats it as a pattern

I misseed the \

find / -name '\*release' 2>/dev/null

so '\*release'?

Sorry I pasted what was on clipboard and not what I was typing on my commandline

find / -name '\*release' 2>/dev/null
@trim haven cough

A A A H G

https://tenor.com/view/angry-anger-pixar-inside-out-aaah-gif-5628546

Are you the wrong user

Let me check the room

You are not the correct user I believe.

i only have two, bob and garry

at least I think

HOld on

What task are you on

task 3

question 5

Switch to bob

And try again

you rang?

Wrong bob

🤓

😮

nope, nothing for Bob either

I'll boot up the machine 1 second

gimme a sec

imma go take a dump

ill be back soon

You didn't read the question

You do not need to use find

The question states:
Can you find information about the system, such as the kernel version etc.

Hi. Need some help with jack room. I foud credentials for one user, but this is low level one. He cant manage plugins or templates. Can you give me some hint what sould I do next?

By literally copying and pasting that into my browser I found a directory, then I was able to go into the directory and find the *release file.

Hi. Need some help with jack room. I foud credentials for one user, but this is low level one. He cant manage plugins or templates. Can you give me some hint what sould I do next?
@rose root Check the hints on the room, it points you at an exploit

Obama I'd suggest you research more...

thanks

Hey lads

im on Linux challenges, task 4, and have gotten stuck on a question

I've been researching C in linux for the past hour and still have no clue what I could do to find the flag

if someone could just give me a clue or a hint that would be great

strings look into that instead

thanks man, imma go research that now

cool got it, thanks for the hint man

Room: Linux challenges
Flag - 26
How do I solve?
I tried using this but it is returning nothing
find / -size 32c -name “4bceb*” 2> /dev/null

have you done the room thefindcommand?

the -name flag is looking for the name of a file

so youre looking for a file of the name 4bceb, which isnt what you wanna be looking for

Thanks
I haven’t read the question properly

im on the linux room and i don't have permission to use mkdir is there another command i could use?

You're the wrong user

Or in the wrong dir

You probably are logged in as the wrong user and dont have the permission to make a dir in that particular place

How are you so fast james

Expensive keyboard

ill try on the other users

Go home

If you changed the user successfully, you may be in the old user's home directory which you dont have permission to access. cd ~ brings you to your home directory, or just cd

BP-networking room predominant addres reserved for router

Google will find that

I tried but all answer where going incorrect

Keep looking then

name for router ip in network that was easy

No third predominant address type reserved for router

A third predominant address type is typically reserved for the router, what is the name of this address type?

Question 10

Anybody know the answer of it

I have tried all possible answers

I have tried all possible answers
@rocky forge You have not

We do not give out answers here.

I have you an exact google search query that would have got you an answer

Yeah itired exact query

Then try changing it slightly

The answer is very easily found on google

Can share link where I can find it

https://google.com

For Overpass room. There's a golang code which seems to be the key but it's not loaded on opening any web page. Is there a way to run a go method in console

For Overpass room. There's a golang code which seems to be the key but it's not loaded on opening any web page. Is there a way to run a go method in console
@autumn rivet Golang is a compiled language, so no

But that's a huge rabbit hole

I was not able find

What encoding is used for cookies?

https://stackoverflow.com/questions/25665703/encoding-scheme-used-for-cookies

Hi i was trying introtox8664 im completely new, i understood some basics and started with radar2 If-statement-Continue section have 4 questions all are at same positions, i mean value of 3 variable before pop and return, i ds before the pop up and entered the value all 3 got success but the value of var_8h is not accepting, the value which i was getting is 60, before pop but it shows wring answer, can anyone help me?

Make sure you are reversing the correct file

It teaches you in file1 and asks you to reverse file2

yeah i did on file 2 only

Trying to complete the JVM Reverse Engineering room. Stuck with the Advanced String Obfuscation. Do I need to use virtually call the string functions from other code or I need to manually reverse engineer the code?

because all other values are accepted bro

let me check 1 sec

60 is wrong answer try harder

Do you mind posting screenshot of the disassembly because I am not in my vm

i need to check the value of var_8h before pop right? i checked by px @jagged scaffoldp-0x8, while assigning value it was 63 after performing And operation when i check by px @jagged scaffoldp-0x8 the value at 0th offset is 60, after pop operation i check for the same now it was 00

where i went wrong

bruh

its 60 in hex

it means its 96

oh this itself i dono, so what should i study for this?

"what is hexadecimal"

Its just how r2 displays it , actually its stored in binary

Thanks bros

My questions may be very low levels but just now im started thats y

Not your bro.

Uh oh

@dark salmon You did good

We all start somewhere!

😍

Since chat lest with room with introtox86_64
How to change the local variables? Or insert new lines of code? I remember someone in here gave the answer, but forgot 😁

You shouldn't need to change local variables or new lines of code in introtox86_64

Although if you're curious on how to do that, it's covered in the radare2 room

Then I need to reread the crackme2 <_<
Ooohhh, yeah!! I remember about it! Thanks!!

A big hint for crackme2 is that, the password is there, but the program does something to it

it only does one function to it if that helps

help for mr robot CTF im new in this and i want to learn about it can someone help me please?

https://tryhackme.com/room/zthlinux
Start somewhere low and then go on harder machines, if you got down a rabbit hole then use the hints, if no hints available on that task then look writeups

but there is a litle problem

i have a windows on my notebook

Okay

so i dont have to learn of Linux when i have windows?

The room you are trying to solve is linux based

i know

oh you mean the Mr Robot CTF is linux based?

yeah

oh sorry my bad

thanks for information

do you know som windows based room?

easy room please

Ice, blue

good for starters

+=Blaster

Well... you'll need to complete the 'rp: metasploit' room first to get a hand with it.

ok thank ya

sooo metasploit is tool like an NC or something like this?

Finish the metasploit room and you'll see :)

ok

ehhhhh i have a problems with the app

can someone help me please?

http://dontasktoask.com

Can you be more specific please?

yes sorry

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

ok sorry

i have problems with the ap Metalsploit in instaling proggres . The app instals but i cant see the app anywhere

Type msfconsole into a terminal

msfconsole -q

nothing happens

You haven’t installed it..?

sudo apt install metasploit

What OS are you running actually?

windows

Oh

Well I can’t help you there

can i somehow change OS on laptop??

https://www.google.co.uk/amp/s/blog.didierstevens.com/2017/08/14/using-metasploit-on-windows/amp/

You need to run the .bat executable

Why sink deeper in the hole though

Get a vm running

oh thanks

can i somehow change OS on laptop??
are you familiar with the concept of virtual machines ? If not you can search for Vmware and how to use it

@white salmon yea as they suggested I’d recommend using a kali vm at least to start 🙂

i have instaled kali

Why did you answered with windows when jabba asked for your os

bcs i dont using kali bcs i dont know how tothrow it back from kali to windows

What do you mean I dont know how to throw kali back to windows

You installed kali in a virtual machine ? on windows host ?

You can do all the exploiting on kali for now there’s no need to get anything back to your windows machine (for now)

sooo

i have to change the OS of my computer to kali yeah?

No one said that

I said to use a virtual machine, so you can use kali inside of your windows os

ohhhh

sry my bad

my english is bad at this

sooo i have to run a virtual machine with kali yeah?

Yes

but that costs money

Community version of VMware is free

VirtualBox, an alternative to VMware is free

thanks

Kali Linux is free

thank ya

Why do we have to install nessus in a vm

^just asking

Is it fine to install into an os like parrot?

Without the vm*

Yes

Thanks :)

So its just that windows isnt recommended right?

you can install on windows, but what's the point of separating your tools b/w Linux and windows when you have to use Linux anyways

Yaa obv wont do that

But in the room it said it was highly recommended in a vm and all

Anyways fine 👍

how i put kali in virtual box please?

Ask in #general

This is for rooms only.

oh sorry

@white salmon very googleable, lots of guides out there for that 🙂

im stuck in Metasploit Task 2 question 6

That's not helpful

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

hehe

At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?

Too fast for me, Sir I'll let you handle this.

i typed the stage?

• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

the Metasploit cant connect to data service and i dont know why

so then youre stuck on question 5, not question 6, right?

sorry

yeah question 5

were you able to successfully complete all the questions before that?

yeah

so question 1, initialize the database, that worked?

yeah

can you show the output of when you do the db_status command please

yeah no problem

postgresql selected, no connection

print screan not working

but that it types

yea, thats all you need actually

what??

i dont get it

soo

the questions asked in the room

oh

ok

so this is right?

uh, im not sure what the connection status is supposed to be, but you can answer the questions in the room with what you see

@white salmon

oh sorry for losing your time

You can't loose his time, you can loose your time and you can waste him time

but you didn't wasted anyone's time 🙂 Keep asking

Learning is not wasting time :D

We're here by choice ask away ;)

Jabba help stuck

need to hack google

Uhh

Reverse the url then append it to a binary and hash it

Broke Malware's brain

No your statement doesn't make any sense, how can they hack google by appending the url to a binary and hashing it? 😀

You tell me 😭

🧐

worked for me last night 🤔

Send proof

Yeah here's your password-

deleted all my traces 👀

you are assuming he has a google account

I'm not assuming, I know 😎

( •̀ ω •́ )y

If he sent you proof, then that'd be incriminating himself, duh

He hasn't pleaded the fifth yet so 🤷

i plead the 50th

which is 10 times stronger than the 5th

HI team i was newly working on reverse engineering, on this room i was trying to reverse the binary and to find the password, if you enter right password it prints some success message. but my problem is previous sections teaches me about the If conditions & Loops, initially i tried with general procedure of what they teaches but no luck for me, i dont need an answer, i need guidance can someone help me

Room: introtox8664

you need to keep track of jump instructions

@dark salmon which part is that?

Hey there

i am on toolsrus room

i m stucked in the part that is meant to be solved with nikto

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

"Use Nikto with the credentials you have found and scan the /manager/html directory on the port found above.

How many documentation files did Nikto identify?"

and i using the next cmd:
"nikto -id user:pass -h http://ipmachine/manager/html -p 1234"

and i get this output:
"- Nikto v2.1.5

• Target IP: 10.10.28.208
• Target Hostname: 10.10.28.208
• Target Port: 80
• Start Time: 2020-07-25 12:24:00 (GMT-3)

• Server: Apache/2.4.18 (Ubuntu)
• The anti-clickjacking X-Frame-Options header is not present.
• No CGI Directories found (use '-C all' to force check all possible dirs)
• Allowed HTTP Methods: OPTIONS, GET, HEAD, POST
• 6544 items checked: 0 error(s) and 2 item(s) reported on remote host
• End Time: 2020-07-25 12:51:33 (GMT-3) (1653 seconds)

• 1 host(s) tested"

@dark salmon for RE i could help you out, tho if you want someone more experienced ask @oblique cliff

If you want my master ask @white salmon but I’m always happy to help 🙂

👀

Only I can send 😡

@white salmon wait smackhack you into RE?

Dont tag anyone in a normal follow-up conversation 🙂 Thanks

yeah i did it maybe once or a lot

that's pretty ambiguous

lol

maybe that one time you did it made you understand it completely 🤔

quantum i'll keep that in mind

and i using the next cmd:
"nikto -id user:pass -h http://ipmachine/manager/html -p 1234"
It wasn't working because i have to put the port inside the URL, solved

HI team i was newly working on reverse engineering, on this room i was trying to reverse the binary and to find the password, if you enter right password it prints some success message. but my problem is previous sections teaches me about the If conditions & Loops, initially i tried with general procedure of what they teaches but no luck for me, i dont need an answer, i need guidance can someone help me
@dark salmon
My biggest advice for RE if you're not comfortable reading static assembly code is to take advantage of the debugger and set breakpoints before critical points. You know it's a password check, so look for all the functions and parts of the code that seems to relate to "checking for a password". Identify the registers that contain your input, and identify the registers that also keep track of the password possibly

If you see a loop, that usually means some kind of function is being performed, possibly arithmetic or something, especially if it repeats more than once

it's good to inspect the registers before a loop, and after a loop to see what the difference is, and see if you can identify a pattern

this is exactly what i did to solve the final task of the radare2 room

@dark salmon
My biggest advice for RE if you're not comfortable reading static assembly code is to take advantage of the debugger and set breakpoints before critical points. You know it's a password check, so look for all the functions and parts of the code that seems to relate to "checking for a password". Identify the registers that contain your input, and identify the registers that also keep track of the password possibly
@white salmon i thought this was for the room RA, and was confused for quite a while.

LMAO

hi, if i have a qustion about the room "learn linux"

where i can ask it?here?

sure

aehh ok..i`m new here and just want to know..

ok my qustion is about the task11

first, i don`t understant where i need the run the machine..how i need to run the shilba

i just make a TXT file in my machine and don`t get any password haha

Task 1, click the deploy button

Task 4, walks you through connecting to that machine

usually tasks should be done in order

so you don't miss out on anything

ok thanks

hey, im at the "learn linux". i'm not understanding the consept of a file having a user and a group (i'm in the task 25). Like why would i change the user and not group, what would it change? Can someone explain it for me?

There is only one user for a file, but a group can have several different users in it.

A good practical example would be if you wanted to let everybody work on a project at once, you would put them in the same group and every directory/file that they're working with can be interacted with by other members in the same group (depending on the perms on the file/directory)

hmmmm yeah makes sense, thanks alot 🙂

hey, im stuck at the task 5 question 1 in Metasploit can someone help me please?

What have you tried?

There's no answer

So why are you stuck?

because the comand does not working

That's far too vague

what?

because the comand does not working
@white salmon Explain.

oh

the comand output is Database not connected

but i have connected mi database

Clearly not tho

when i type db_stats output says

postgresql selected, no conection

So you're not connected to the database

but

i dont know how to repare it

#general for fixing your metasploit. That's outside the scope of the help channels here

ok

but in general is random chat

It's also help outside the scope of the help channels

Which your issue is now.

@white salmon How about search on google it will help you solve the problem with metasploit

i have searched. nothing helps me

btw you can use nmap

when i type nmap and hit enter it types unkown command :nmap

check pm

@white salmon i texted you

Hey folks, I'm on the new Brooklyn 99 room, getting this error back. ||steghide: can not uncompress data. compressed data is corrupted.|| Is this intended? If so any hints on how to fix the ||corrupted data||? Google is mostly showing me windows applications to solve it

@robust nymph try ||stegcracker||

Didn't expect that to be the way, thank you @gusty ermine

no problem man

uh that's the other way

hello just with root that will is it the best idea to use GTOFBins

to get sudo

or there is other best website

programName priv esc into google

Varies by room

Now I'm feeling really dumb, have creds to log in but I must be getting the username wrong? I've tried many variations of ||Holt, Holts, Jake, Amy|| Can't figure out where this password goes besides ||ssh||

What variations did you try

@stuck fractal thnx

||Holts, Amy, Holt, Ray, Jake, holts, jake||

In that list one of them is right

I guess that's not as many tries as I thought lol

Hmm okay

I'll keep trying thank you

Also it literally says which user has weak pass

@white salmon could I pm you a question?

@white salmon could I pm you a question?
@robust nymph sure

hey did any one complete the "Brooklyn Nine Nine" room?

yep

im stuck on the stego part can you give me a hint?

||brooklin99.jpg||?

yes

i cant seem to find any info in the image

@robust nymph try ||stegcracker||

thanks!!

dm me for any question about brooklynninenine (rooted) Hints!!

Easy peasy room... It is... Brooklyn 99... initial foothold matters though 😅

how do i access a directory that is locked?

i mean,without root account

@white salmon privEsc

what's?

You need to escalate your current privileges to root level

i cannot do nothing so access this directory without root

What challenge is that?

learn linux

Learn Linux task 43

final quest

You need to get root privileges

does anyone have any hints for SET box? I'm dying here 😅

anyone have a hint for the last task in learn linux

Look for who owns what files

Maybe you can come up with a find command to aid your discovery.

thanks

thanks i got it

Hey can anyone help me with Brooklyn 99

I'm not able to escalate my privilege

I want some hint on how to escalate my privilege

It is a new room, not many people have completed it. You might have to wait a while, whilst you're waiting keep trying!

Privesc on Brooklin99 it's pretty straightforward. Just keep trying and you'll get there

Yup got it

could I get a hint for the last bonus question on the Agent Sudo room?

Enumerate the machine more

Pretty sure you already saw it when you answered a previous question @white salmon

ohhhhh, you're right. didn't make the connection lol thanks

lol i'm lying i just didn't bother to read the message xD

hi im new to this and trying to figure out how to find the answer this question "After accessing his account, what did the user mcinventory request?" i dont want the answer just some help on how to get to it. its on the 1st problem of the Christmas thing
thank you

Log in as that user

then you see it

damn thats easy lol thank you

hey guys i need help cracking password

hashcat -a 0 -m 0 cc3a0280e4fc1415930899896574e118 /usr/share/wordlists/rockyou.txt.gz --force

and it says that i exhausted the keyspace

pls tell me what i do wrong

rockyou.txt.gz

the text file is compressed

uncompress it first

ah

okok

thankies

it doesn't seem to fix the issue

@wooden mist

don't use --force

it produces false-positives and false-negatives

if hashcat doesn't want to run without --force then use john

is there a problem with my hashcat

?

it runs --benchmark just fine

¯_(ツ)_/¯

force is bad

https://tenor.com/view/cute-cat-crying-tears-sad-emotional-gif-15881815

just finished Brooklyn99 Final, does the brooklyn99.jpeg have any meaning? ||I tried using steghide but it told me the compressed data is corrupted, also used some online tool for it and it gave me some gibberish. Im pretty sure its the second way to get root access, could you give me a hint?||

Hi Team, I have a doubt in Basic Room called Goodle Dork Room -
What is an example of the type of contents that could be gathered from a website?

Any Hints can really Help me

Example of Type of Content - can be metadata or Any Text type or image or vedio

I recommend reading back through the material

oh

Because it answers all those questions and it's an assessment of your reading skills

I see Understood

Thank yoiu

@red arch you can read the above chats for the second way

just finished Brooklyn99 Final, does the brooklyn99.jpeg have any meaning? ||I tried using steghide but it told me the compressed data is corrupted, also used some online tool for it and it gave me some gibberish. Im pretty sure its the second way to get root access, could you give me a hint?||
@red arch yes i just used that..

pretty simple

Morning all (at least over here it is 🙂 ) I am just about to finish the Skynet piece but I would like a bit of advice. On the CMS login I found some commented out code that gives you the oportunity to reset password. I managed to get it to appear and added my skynet email address, but I never received an email. I tested the squirrel mail and it works fineas I can send and receive to myself. Should I continue try for practice or is this a bit of a rabbit hole?

Because it answers all those questions and it's an assessment of your reading skills
@stuck fractal Got it !!! Super thanks

Have you guys had trouble with getting the Brainstorm exploit to work on the THM server but it works on a test machine?

@white salmon #685858111952781324 message

@oblique cliff, Sorry that link is taking me to a different place Every time.

Can you give me a screenshot please.

?

Brainstorm is unstable and/or broken

In bug submissions

Is the bug submissions just all the bugs that are attempting to be fixed right now.

?

It's bugs that are recognized and therefore submitted to the developers to be fixed in the near future

so they don't have to go through all the texts in these rooms to find what needs to be fixed

Okay thank you.

np

It means you can do the room if you want but it’s 50/50 if you get it working rn

Is the bug the test binary and service on the actual machine not matching up in addresses?

Brainstorm is unstable and/or broken

This is the bug

I don’t have why more information than you

I just know people can get it working locally and not remotely sometimes

Ok, that's all we have.

OK, thank you.

And also one of the qquestions ask how many ports are open.

I put in 3 but it says that it is wrong?

Is this known?

Yep

To both

Skip the room for now and return to it at a later time

Yep, will do.

Anybody can help me what to use to view the web app souce code / I mean not the web page source code but that web app souce code any tool I can use!

@broken cloud
Right click, view page source?

In Firefox?

Anybody can help me what to use to view the web app souce code / I mean not the web page source code but that web app souce code any tool I can use!
@broken cloud I'm not sure what you mean.. Have you already got the source code downloaded? And just want to view it?

@white salmon thanks for response. But The room says web application souce code has the default username and password

I check the page source but there was nthg there

I was struggling a bit with bof1 caused by the different address spaces when launched in the debugger or shell as discussed in #room-help by @oblique cliff and @stuck fractal
So here's a litte rarun config to have the same environment in radare2 debugging mode, as if it would be if you start the program normally:

#!/usr/bin/rarun2

setenv=PATH=<PATH>
setenv=_=<file>
unsetenv=R2_BITS
unsetenv=TMPDIR
unsetenv=RABIN2_DEMANGLE
unsetenv=R2_ARCH
unsetenv=R2_IOVA
unsetenv=R2_XOFFSET
unsetenv=RABIN2_LANG
unsetenv=R2_FILE
unsetenv=RABIN2_PDBSERVER
unsetenv=R2_BSIZE
unsetenv=R2_ENDIAN
unsetenv=R2_COLOR
unsetenv=R2_SIZE
unsetenv=R2_DEBUG
unsetenv=R2_OFFSET

PATH has to be set to your user's current PATH variable and _ is set to the file you run (e.g. ./buffer-overflow-2)
save as <config>.rr2 and launch with
r2 -d <file> -r <config>.rr2

worked in my testing

@broken cloud What room, task, question?

Top 10 owsap--> task 20-->Q2

@broken cloud And where does it say that the web application source code has the default username password?

The task description is just a teaching description, and has nothing directly to do with the question.. but gives a very good pointer on what do to, to answer the question

And if youre referring to the hint, it says find the app's source code, which is just rightclick -> view page source as said earlier

@torn pine thanks for the help . I didn't get anything from that I was doing that for a while so I thought I am doing something wrong so I thought to ask any if there is any chache here .
But as you said the hint refers to veiw page source than I think I should give it a one more try might I find the default username and password

@broken cloud normally you cannot view the source code on the backend, but maybe the application is open source?

If it is open source how can I view the source code@gentle mural

I'm stuck at room "common linux privesc" Task9 #4, I have what I'm pretty sure to be the answer, but it does't accept it. According to the answer format i need to add one symbol but all symbols that make sense to me don't work. The hint only reveals what i already knew and googling has not led to an answer

Hm one second

my answer:

echo ./bin/bash > ls

./bin/bash is trying to execute /bin/bash

Yeah i originally took the . out, but the format makes me thinks it needs it

If you look at the hint, look at how /bin/bash is written

Ah, right

Thank you

:D

😅

If it is open source how can I view the source code
Anyone who can help me with this!

If it is open source

It means that it is somewhere on the internet

So if it is on the internet

Maybe get a company name and google it 🤔

Okk🌟

Btw is there anyone who has already solved this room?

Yes

Many people including myself

So am I looking at the right place 🙄😅

What are you searching

according to hint i am searching for default user and pass in view source code

Just google ‘how to look at web pages source code’ @broken cloud

i did and i always responce me with use ctrl+u or right cilck and select view page source

i refer different page but give me the same answer.

And have you tried those?

use but didnt come accross anything that cout help me with default use and pass\

What happened when you tried them?

@broken cloud owasp challenge ?

YES

task20

The source code is not necessary the one you can find by "ctrl+u".

for instance most cms have default passwords that you can find with a bit of OSINT

ok that means i have to guess !

i look into main file changepw and mynotes

i also came across a comment with a js script on it

No it means that you have to find it somewhere

also when ever i click mynotes it redirect me to the main page

why is that

also there is a list with txt null on it

That's the page source

Not the webapp source

yes

any idea how to view web app source

Have you tried looking on the internet for it?

yes

Try again

You will find it

show the same use crtl +u

False.

Keep looking on the internet. There's a common website used to share source code for open source apps. You can find it, I believe on you.

i know of soucre forge

did you have done that that room

More than done that room

I created that challenge

any one did WebGramming Subscribe ?

Do anyone have problem downloading the backup file in the https://tryhackme.com/room/node1

What have you tried?

Yeah, that's a bug, I couldn't download it too

wow that is strange

design that way??

No

A bug is usually unindented

Yeah, from what I gather it's a bug 🤷 Try downloading it using wget or curl

ok i will

thanks

wget and curl can't download it

dsame error

Hm it is strange

hello

need help gamezone room stuck at Task 5 question 2

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

can anyone provide a hint for SET box I have question but don't want to post spoiler

as per question i follow step run ssh -L 10000:localhost:10000 <username>@<ip>

but its give me a output

agent47@10.10.45.19's password:
bind: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 10000
Could not request local forwarding.
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-159-generic x86_64)

• Documentation: https://help.ubuntu.com
• Management: https://landscape.canonical.com
• Support: https://ubuntu.com/advantage

109 packages can be updated.
68 updates are security updates.

@tacit owl do you have something running on port 10000

yes

You can’t bind something to port 10000 if you have something running on it

i can curl that its give me a source code

No, do you have something running on your kali machine port 10000

noo

even my remote macine give me a same error

Are you running that on your attacker machine or the victim machine?

victim

oooh

Which one does the room say to run it on

oppppps

local

🙂

thank you

Hi, anyone for a little hint on Set?

is there a way to get rockyou.txt to work with the owasp zap fuzzer? i think the file size just creates an instant error

is there a way to get rockyou.txt to work with the owasp zap fuzzer? i think the file size just creates an instant error
@worthy iris Try the first 50k lines, should work just fine

perfect thanks

Can someone advise what is the question exactly at Metasploit 7? The command is 'use 6' but it didn't match...

What's the name of the entire column?

6 exploit/multi/handler

oO

lol... Thank you 🙂

hey,
i guess there's a problem with sshing in the machine in overpass challenge

i cracked the key using ssh2john and john and still can't access the machine

Can someone help?

i've done it just fine, it's probably something with your method?

i've done it just fine, it's probably something with your method?
@tawdry tangle i have the passwords but it says Permission denied, please try again.Permission denied, please try again.

password*

i can't say with the limited info you've given me

Could you give a screenshot?

you should fix what it says in the warning

It actually kinda tells you why it's not working

didn't pay attention

thank you !

I've got an issue with the authenticate, there's no cookie being made in my browser and thus I can't edit it

Maybe there's a way to just create the cookie yourself?

cheers

hey everyone, im at the last task of "learn linux" room where i basically need to access a .txt file from /root but i dont have perms or something like that. I found already that "nootnoot as something called ".sudo_as_admin.successful", dont know if that's relevant. Can someone pls help or at least give me a hint?

Not getting reverse shell in de-seriolization chall. can somebody provide hint?

I've already tried encoding(base64) several revserse shell from pentestmoneky

used python script for encoding

I've already tried encoding(base64) several revserse shell from pentestmoneky
@wicked kettle That is not how the serialisation vuln is exploited, unless you mean using it in the python script provided

hi all gonna repeat a question I had that I abandoned and am coming back to

i'm on the authentication room on the step "JSON web token" I've gotten the JWT captured in burp, decoded and changed it, and got the new token. however when i go to change the cookie value, Firefox is giving me the error "No data present for selected host"

I've tried to resolve this in numerous ways -- I found a Firefox forum detailing a possible fix by logging in a new profile and restarting the browser --> no dice. Does anyone have a hint on how I can fix this so that I can finish the room?

I have this hex but dont know what to do with it (Blue/4/2)
aad3b435b51404eeaad3b435b51404ee:ffb43f0de35be4d9917ac0cc8ad57f8d

Research where you found it

And the room tells you what to do with it

okk

OWASP JUICE BOX TASK 4 INJECTION -Log in with the administrator's user account using SQL Injection
I am a bit confused as to how to verify if I am doing the task correct.

If I am doing it correctly should it let me login or only return [objectObject]

U should get a response with a 200 status code

Hi hi everyone, Wireshark CTFs, final task: I got the audio file with the child speaking about pumpkins and everything but I can't understand all that he is saying (Im not good enough in english for that) so if someone could help that would be much appreciated. By the way I can send the file if required 🙂 Thanks

@open storm If you want to DM me the audio file I can listen to it :)

You could also try finding if you can use google/amazon's auto-translate

jb, you can do the sqli without any tool

General question:
What sites do people use when checking is a service has known exploits that metaspoit can use.

Search from metaspoit is returning too many results and nothing really tells me what it is doing.

Exploit.db

CVE.details

Searchsploit is created by exploit.db as an easier way to find exploits on your local machine.

Also, enumeration tools help a lot

^

Versions, Software names and looking for file paths if you're exploiting a webserver

(some exploits require certain paths to work)

Yeah webserver. Maybe it's an upload exploit, I think I see one in the list. Thanks guys.

:)

By the way, be aware. Searching on popular websites might not show up anything. Sometimes just searching the general idea of the webserver you're exploiting may bring up exploits. Depends on how popular the framework/template is

Hello, please i need little hint for the nwebi challenge python :/ (manifold decoding)

Is it the final task?

yes, to intro python

Okay

What do you need a hint with exactly? :D

when i try to base32 decoded once base64 decoded i get the following error: raise binascii.Error ('Non-base32 digit found') from None
binascii.Error: Non-base32 digit found

Okay are you able to send a little snippet of the code?

I think I know your issue but I want to be sure

for i in range(5):
data = open("encodedflag.txt","r").read()
decoded64 = base64.b64decode(data)

for i in range (5):
decoded32 = base64.b32decode(decoded64)

print(decoded32)

Okay so

You're decoding it backwords

It was encoded base64, then base32, then base16 right? So in order to decode it you have to start from the end and work your way up

^

ohh ok T.T

If you look at your output, you should definitely notice that even though you followed the steps exactly, it still came out kinda weird

At that point, you should kinda think that "maybe it's in the wrong order"

Remember, usually real decoding isn't as black and white as this

The way I did it was by encoding my own string and seeing if I get a similar looking string to the encoded one

Then seeing how I encoded it I then reversed what I did to decode it

Smack you should see my code for this task it was like 13 lines long

lmao

i wonder what my linecount was o.o

brb checking

Bee taught me a trick with functions and libraries

Super smart

oh nice

thank i try now :p

No worries

Any more issues come back, that task was a little tough

i'm starting in prog :/

Ah, I coded mines with readability more than linecount optimization

lmao

for i in range(5):
data = open("encodedflag.txt","r").read()
decoded64 = base64.b64decode(data)

for i in range (5):
decoded32 = base64.b32decode(decoded64)

print(decoded32)
@wind fog I'd also like to mention that you're decoding the same string over and over rather than saving it to a new variable 👀

this was mines o.o

Send it in dms

Just in case 👀

lmao

true

Is there a quick way to decode bcrypt or is brute force the only way? In relation to the Crack The Hash room

so would I have to implement a for loop in another directly?

Is there a quick way to decode bcrypt or is brute force the only way? In relation to the Crack The Hash room
@ashen matrix As I understand it, it needs to be brute force only given it's complexity.

Okay so I've looked up a walkthrough and I'm trying to understand how I was meant to figure out which exploit to use.

Room: Advent of Cyber
Day 10
Exploiting the webserver.

Everything I found from nnap pointed to upload exploit but there was no upload portal. Walkthrough points at struts exploit, but I have no idea how I was meant to figure that one out.

I’m presuming there was a website name and or Versions which they put into google

When I search tomcat/coyote jsp engine 1.1

Nothing points to struts

Usually that means you didn't enumerate well enough

Checking for struts version is a common enumeration thing for apache webservers

Hmmm, okay. Supporting doc suggests it should be far easier then doing any of that. Suggests it should be a simple launch metaspoit and search the service.

any hints on DNS exfiltration question from Advent of Cyber?

I got the file... ran ||steghide|| but can't understand the poem

which task

task 11 day 4

sorry day 6

I looked at the number of * and worked it out from that. But as for the actual thought pattern, I'm not sure if there actually is one. Hahaha

@rapid flower

I don't remember it properly but it has everything try reading it a lil. For question #3 answer starts with || RFC|| work it out with this hint

ohkkk

Yeah, if you workout the thought process let me know. Hahahah

is that poem of any use tho?

Hi, i'm in the OWASP Juice shop room TASK 7 on the administration page.
i have to access another user's basket, and followed the hint telling me to look into the local storage.
I found a token seperated into 3 arrays but I don't know what to do with it :/

I thought about the Sequencer in Burp as it deals with session tokens but I'm kinda blocked

Any hint for me, please ? ^^

Sequncer? Maybe repeater

||on the XSS site, after I hijack Jacks cookie, I can no longer access the page (it just redirects me) ||

Redeploy

how would that help me in 'real world' cases though? surely theres another way

Wouldn't. Should've chosen a better payload in the first time.
Recommended for learning xss sure, but in a real life situation not so.

its the recommended payload 😒

I think I thought of sth

Thank you @gaunt herald for the help

|| so what I did was press Esc as soon as the page loads, before the script can redirect me, isn't clean but it worked atleast || @gaunt herald

awesome :)

Hello all, can anybody give me hints with Common Linux PrivEsc room? I'm stuck at Task 8 #4...
I tried msfvenom on kali machine browser, but the result is command not found

msfvenom is not installed on in-browser machine ?

Is that the issue

It's installed ig

Hello all, can anybody give me hints with Common Linux PrivEsc room? I'm stuck at Task 8 #4...
I tried msfvenom on kali machine browser, but the result is command not found
@arctic crest Are you sure you are copying the command correctly?

You should not be copying command tho

copy/replacing, same

@arctic crest Are you sure you are copying the command correctly?
@tough mirage I tried input the whole command, the result command not found, then type only msfvenom -h, results command not found

msfvenom is not installed on in-browser machine ?
@final mortar i tried apt-get install but no luck Hehehehe

mefvenom comes preinstalled with metasploit

Yeah, that makes me wondering why it doesn't work

First time i try the command in PuTTY, but command not found, then i try on kali in browser machine, the result is the same

Maybe the command is incorrect

@arctic crest Are you sure you are copying the command correctly?
maybe

Maybe, i guess I'll try again later hehe

Thanks guys

"Can you find information about the system, such as the kernel version etc. Find flag 15" /room/linuxctf Task 3 #5

I used lsb_release -a

dmesg

cat /proc/version

uname -r

hostnamectl

i'm missing something

did you look at the hint?

*release

yes i did

did you look for a file called that?

isn't this referring to the lsb_release?

no

https://superuser.com/questions/80251/how-to-know-which-linux-distribution-im-using

i see

thanks

i couldn't find this thread searching with "linux kernel version release command"

Hello everyone, I have a problem in the privesc room, I started Sharphound on the box and when I try to Invoke-Bloodhound it says "Invoke-Bloodhound : The term 'Invoke-Bloodhound' is not recognized as the name of a cmdlet etc etc. Someone can help me out? Thank you much.

o.o

It's invoke-Bloodhound

you typed in invoke-SharpHound

Right, right, I tried both infacrt

Also you didn't load the script

in fact

You just ran it

If you want to run functions from the script, you have to specifically load it, which is . .\script

Ok thanks I will try

Same 😦

Show the line where you loaded the script

Here

Again, not loading it

. .\script.ps1

Dot space dot

It works 😄

Thank you. I never used PS in my life

His problema isn't msfvenom

It's the code itself generated

Hello everyone, I have a problem in the privesc room, I started Sharphound on the box and when I try to Invoke-Bloodhound it says "Invoke-Bloodhound : The term 'Invoke-Bloodhound' is not recognized as the name of a cmdlet etc etc. Someone can help me out? Thank you much.
@white salmon you can also try with the .exe

@tough mirage ok, thank you !

His problema isn't msfvenom
@tough mirage they were running it on the target machine, they needed to run it on their attacking kali

Ok, I didn't see that coming xD> @tough mirage they were running it on the target machine, they needed to run it on their attacking kali
@stuck fractal

guys any hint for https://tryhackme.com/room/theimpossiblechallenge room

brute forcing not working

i have no idea how to extract file from a zip file any hint will help pls

☹️

i have no idea how to extract file from a zip file any hint will help pls
@sinful plaza Have you tried googling it

yes but no luck

What part of the extraction are you having trouble with?

Is the zip file encrypted with a passkey?

yes

Look up how to crack encrypted ZIP files with John the Ripper

have try that already not working

i think the flag is hidden in the zip file just like hiding txt file in an image

Have a hard time interpreting this question: "Find flag 26 by searching the all files for a string that begins with 4bceb and is 32 characters long." /room/linuxctf task 4 #7
Is this asking for a filename starting with 4bceb that's 32 characters long or is there a file with a different name that CONTAINS a string with the same format?

Here's what I've tried
find / -name 4bceb* 2>/dev/null
find / -type f 2>/dev/null | grep 4bceb

The first one you’re trying to find a file of the name 4bceb

The second one you’re doing the same thing (cuz you’re grepping on the outputted file names)

What you want is to find files and then grep on the contents of the file

@green prism

find / -type f 2>/dev/null | xargs cat | grep 4bceb ?

Uh. That looks like it’d might work theoretically give it a try

Although 1 your find command is gonna try to go into mounts which it doesn’t have permission to

So that part won’t work it’s gonna hang forever.

And then you can feed the output of find directly into a grep. But your way looks like it may work

Give it a shot @green prism

Is this asking for a filename starting with 4bceb that's 32 characters long or is there a file with a different name that CONTAINS a string with the same format?

A file that contains the string

any hints on this... I thought it was base64... but it is not working

Base64 typically has lower case

Maybe there's another that looks similar but is only upper case

Maybe there's another that looks similar but is only upper case
@stuck fractal Base64 but with uppercase letters

Oh god that's a horrifying CTF "crypto" challenge idea

LMAO

Unknown case so you gotta brute force all the possible cases

get people researching it for a long time until somebody just goes "have you ever tried just making it lowercase"

oh god

I just realized what you mean too

Maybe there's another that looks similar but is only upper case

wll look for that

Where's the ctf please?

https://tryhackme.com/jr/tryhackcit

Where's the ctf please?
@lavish spire

Thank you!!

@oblique cliff is there a better to do this?

@sinful plaza Did you decode the letters and numbers below Download?

Hello, when trying to use Metasploit when i run the exploit i get Exploit completed, but no session was created.

@green prism the way you’re doing is fine. But you can grep on the content of a file from one pipe out of a find. It’d just be a bit more efficient

@barren pike Type options and screenshot the output please.

Don't use run -j just type run see if that works.

Same output

reset box, worked for me

I tried

Update your metasploit, sudo apt update; sudo apt install metasploit-framework

i am on mac

i will update

Oh okay you do you

Done

Same

I have a little question here

Room: Game zone

There is a task where we have to figured out that the port 10000 has a service and i have to forward, cool, but, next the creator said "we can see that is blocked by firewall, using iptables"

Same
@barren pike Probably firewall

I am using the ip in access page on the site

There is a task where we have to figured out that the port 10000 has a service and i have to forward, cool, but, next the creator said "we can see that is blocked by firewall, using iptables"
@tough mirage How ded he get to that if iptables only can be run by root, mmmm

I am using the ip in access page on the site
@barren pike Still probably your firewall blocking the connections

@tough mirage Is the service accessible from outside the box? Yes/No
Is the service accessible from inside the box? Yes/No

If No and Yes, it's probably either firewalled, or only listening on loopback

In that case thats how he probably should explain no recommend a tools that can be only run by root

It's different the way you explain

@barren pike change the RPORT to 445

you are using wrong port

@barren pike change the RPORT to 445
@crystal glade No

This is icecast, not blue

8000 is the correct port.

445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)

no 8000 port maybe i'm wrong

Wat

445 is SMB

Icecast runs on port 8000, which means it's the correct RPORT here

I now get that

maybe expired?

Hi,
sorry If I sound rude or neglecting but I feel like my self-esteem is taking a hit here and I feel really, really stupid :(
I'm stuck on one of the first basic questions and I just don't understand what the right answer is?

I know (like I know, know) that passwords hash encrypted with SHA-512 is shown as $6$... but that's the wrong answer according to "Tryhackme"
Am I using the wrong format or is it in fact not SHA-512 the right answer?
I've tried "SHA-512_crypt, sha-512_crypt, SHA-512_Crypto, sha512_crypt" and so on... but still... always the wrong answer =/

The question?
If a password hash starts with $6$, what format is it (Unix variant)?

I'm not asking for the correct answer but rather some advise on how to proceed?
Any tips would be greatly appreciated <3

I'm scared that if I get stuck on one of these first basic questions, maybe Tryhackme is not for me? But I hope to be proved wrong.

If you check the answer format, it has a certain number of chars

Hey all, I am on intro to x8664, at the point [task 4] where you run PC @rbp-0x4, and then do. When I type ds, nothing happens, just returned to the same prompt

Px * autocorrect error

can you show a screenshot of all the commands youre running please

Actually, something did happen when you typed in ds

Sure, coming from photo from phone

ds advances your debugger to the next instruction

you have to type pdf @main to see where you are now at

ds doesn't really give you any output to tell you that it did something

you'll notice that your instruction marker has moved down a notch though

if you check @main again

leaving this to you @white salmon 👀

don't you know i have a monopoly on all RE help

Okay, sorry I thought the prompt would change.

Also actually wait

This is all newtonian me. Thanks

did you set up any breakpoints before you typed dc?

my bad 😊

you have to use dc first before ds will work

New to me* yes followed it twice

but if you don't set up any breakpoints with db, then the program will just advance to the end

Jge, jmp

Okay I think I figured it out, I did a pdf @main and got the same output as on the page. I just assumed that the prompt would change. I see now that it does not.

Yeah lmao

hii guys still stuck in top 10 owsap task 20 any specific guide to look for

hii guys still stuck in top 10 owsap task 20 any specific guide to look for
look for places where people store source-codes... documentation and stuff

There's a HUGE website for it

i search for git hub with different query on opensouce project with login and so on

i search for git hub with different query on opensouce project with login and so on
maybe you are not searching for the right thing

the thing you need to search is right there in front of you

i get this result

Titles are better than descriptions

i also seached adding swaptheme featue of login feature

or* login feature

Titles are better than descriptions

You're trying subtle things

Try really obvious things

kk thank a lot working on it😇

Hello guys... I am solving blue machine ...but I am unable to exploit that machine..?? Can anybody help me

@cloud wagon

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

screenshot, not phone picture please

Also, from the start

Ohk... I am solving blue room....
And I am stuck on exploiting the machine

You've said that

yep, we've established that. Please show a screenshot of your options and the outcome

This is my exploit which I am using to exploit Blue machine

set your lhost to your tun0 ip address

right now its your local IP address, not you VPN IP address

also, update your metasploit your payload is defaulting to the wrong thing because your metasploit is outdated

@oblique cliff what is tun0 ip address..??

!multivpn

oops

!openvpn

ahhhhh whats the command

@stuck fractal halp

just vpn

!vpn

@cloud wagon

thank you

Still I not got solution @oblique cliff

what I have to make change in ..??

click on the link the bot just sent

https://discordapp.com/channels/521382216299839518/690557518837186560/737429666968764466

and follow the prompts

you need to connect to the VPN

and then you will have a tun0 IP address

yes ... I am connected to my vpn

To the VPN?

It needs to be the tryhackme VPN

set your LHOST then

It already set to my ip address

It's set to a LAN IP

The target machine can't talk to that IP

It's not on that network

It has no way of talking to that IP

ip a s tun0

or do that

am i looking for a tool that will help me pass the credential or a soucre code of an webapp like the one in machine ?

am i looking for a tool that will help me pass the credential or a soucre code of an webapp like the one in machine ?
@broken cloud You are looking for the source code of the exact webapp

Now I replaced my lhost ip with tun0 ip ,,,,,but still the problem is same ... It get fails

Screenshot!

Of all of it

The start in particular

Update your mestasploit, it's out of date

hmmmm ..........If I try to use non-staged payload ..??? Will it solve my problem

Update. Your. Metasploit.

any more simple query than this!

Yes

Much much simpler

Titles are better than descriptions
@stuck fractal

Try really obvious things

about that blue room, I was also just on it, and even though I solved it I feel I've missed something important.. I've selected the exploit for eternalblue basically because the box was named "blue".. is there a more structured approach to finding the most adequate exploit based on the nmap results...?

vuln scans

There's also a metasploit scanner for windows machine, and specifically, a scanner for eternalblue.

Another key factor is just checking versions- a lot of Microsoft Windows SMB machines are vulnerable to it

Usually looking up any sort of key terms with version numbers into exploit-db or something can bring up something useful, including EternalBlue

Update your mestasploit, it's out of date
@stuck fractal Literally came into ask about this, seems my answer is resolved lol. Thank you! (Fail on Blue) I'll update... 🙂

MSF decided reverse_https was a good default choice

Except it never works on THM for some reason, IDK about off THM

oh, good info 😛

Blue room, Updated and using the ||windows/x64/meterpreter/reverse_tcp|| Is this correct to check (have done room before, just being a pain)

Still having problems: Authenticate-2 room, Task 4, Question 1: I still can't get to the cookies on the practice page. It looks like I am now able to access other sites' cookies, but not on the practice site. Any hints?

@odd panther yep

Room: Intro to Python

Can anyone help me out i have tried to read the everything i can find on decoding base64 using python here are some of the places i have looked

https://i.vgy.me/3RgdVB.png
https://i.vgy.me/lIs1tX.png
https://i.vgy.me/YtRyY6.png

is there anyone that can give me a hint on where or not i am on the right path or point me in the right derection.

That's the correct module/library, yeah

Do you know how to program in Python?

nope

I can help if you need

I'll wip you up an example

first time ever touching it

You should definitely look up a more thorough and fleshed out Python guide

like an actual class or something

It's pretty easy to learn tbh

codeacademy has Python classes, Google also has one too

https://developers.google.com/edu/python

https://www.codecademy.com/learn/learn-python

it is i have writen a few simple scritps i just think the decoding is a bit out of my scope right now

It isn't out of your scope

It's a lot easier than you think

so i am on the right path i just need to start by learing the code first ?

Here's a hint on what you need to do : You need to know how to use a loop

ohhhhhh ok

Also, how a method/function works

i think i get it now

👍

Don't worry about making the code super optimized or anything

Just get the job done ;)

ok thanks alot i think that just helped me out alot

@odd panther Please don't write out the code/answer for him- this room is for hints only.

@white salmon Very good point 🙂 thanks

Yeah, don't worry, @quiet yarrow if you need any more help don't be afraid to ask!

I get so excited to be able to help, but must remember better help is to teach!

@white salmon Very good point 🙂 thanks
@odd panther Thank u!!!! 🙂 its good that you're excited to teach!!! 😄

Yeah don't worry, you had good intentions

your code didn't actually give out the answer too so that was good

Yes I won't give answers but your right he's better off to learn the fundamental's, will serve much better in the long run

Yes I won't give answers but your right he's better off to learn the fundamental's, will server much better in the long run
@odd panther U can give answers if the user is like "I have smashed my head against my keyboard 500 times i have been trying for weeks someone please just help me"

have you seen a doctor for your head injury from smashing into the keyboard 500 times

I just like to help but need to help in a more structured way haha.

It's infinitely more satisfying when you teach somebody How to find the answer, and they end up finding it for themselves and figuring out the rest

Yeah, I work on a support desk, its my sole job to give answers as fast as possible I have to reign it in a bit, here at least for this lol

Also what language's do you know to code in?

I'm not particularly an expert at any language, but I know how to work with C, C++, Python, Java, Assembly, JS, and I guess Rust now lol

Oh and C#

I know c# the most started on it (8 year ago) stopped for a while, getting back into it now, but more python, powershell and I'm having to pick up some of the others for various tasks. python is fun 🙂

But Python and C++ are probably my most familiar languages

nice

Is there some sort of etiquitte /acceptable activities list for practice room boxes?

You don't share your VMs with anyone else

When you click deploy, that instance is yours and only yours