#room-hints

is this not correct for the positions?

Remove the other position

as in just the symbols or the content too

and there's one at the bottom too, around 'submit'

Make it not a position

alright

You only want to fuzz the filename.

Extension, more accurately.

still all 200

Then your encoding setting is wronf

nope, 200 on that too

Show me the setting

Turn that off.

Run.

it was before my man, already tried it

Oh no

and, just as before, they're all 200

They're meant to all be 200

...then why were you telling me i was doing something wrong

You uploading the wrong file type isn't a HTTP error

Because they all had the same length

woohoo i got it! thanks @stuck fractal

can someone help with room:ZTH: Obscure Web Vulns // unable to do the xxe challenge tried different payloads but nothing works

i got a reverse shell, just need pointing in the right direction for this one:

whoami?

Might not work not sure

that doesn't seem to give the right answer, the answer's 4 characters long and im pretty sure www-data is longer than that lol

..in fact every pid seems to be "www-data"

if i do ||pid -u p [pid]|| at least

Have you looked for users on the system, then checked their files?

Looking for who might have the files for the website

i think checking every user like that would take... a long time

Look at all running processes and see what’s running the web server

Or just check the passwd file

To see 4 letter users if you wanna hack it

Wouldn’t recommend tho

blob no cheating!

Where the hell i am supposed to download the files from.

Sowwy

I’ll go back to the doghouse

Good boy.

@slate isle The box.

connection refused

ZZZZZZZZZZZ

aaaaaaaand im not sure where to go on the last vulnversity challenge

i ran the command, but...

hmm

Which command?

||/bin/systemctl||

i took a look at the writeup after posting

So, there's a special permission or "bit" set on the systemctl program

you have to figure out how to exploit this to get you somewhere

yeah, i know

Also, the command to run isn't necessarily only that

You have to do a little more than that

need help with - https://tryhackme.com/room/zthweb2 task 7

why am i getting connection refused when trying to connect to the box reeeeeeeeeeeeeee

why am i getting connection refused when trying to connect to the box reeeeeeeeeeeeeee
@slate isle try disconnecting and starting it back again

Harder box is updated....HTB domains are fully deleted.

@random thunder Please give more details about what you need help with- where are you at and what do you need a hint for?

i did run the wfuzz with --hw 57 but i only get this after the run C=404 instead of a 200

am still getting connection refused

:(

@slate isle What command are you running? Has this occurred before? How long have you been connected to the VPN? Are you connected to the VPN? Are you using the correct IP?

works through scp, but doesnt work with ftp or filezilla

now my question is how do i get the flag from mp3 file, commands used for playing it don't work as they are not installed.

Ok guys... a question about room "Intro to x86-64", last task because I'm confused. So I go into crackme2, look at the disassembled main it ||points at a file. which has the password in it.|| I guess that's too easy... see the hint on the task and guess the thing. Game over, I feel like a cheat. I decide to give ti another look. Look at the assigned vars and find the same answer, but not ||why the answer is reversed||. I feel disappointed that I didn't understand that part in the assembly

anyone got a hint for what I'm missing?

I mean- that's the thing about RE is that it's all about critical understanding of a hard-to-understand program.

It helps to try and "categorize" or group a piece of assembly into functions

Remember, this assembly that you're looking at is very likely just a program coded in C++ or something

aye

and the compiler turns your C++ programming into optimized assembly programming.

Keyword is optimized- so it isn't really meant for "our eyes", but it's still trying to do the same functions as the original C++ programming

Try to think about how you'd program this program in Python for example

A lot of functions, especially string manipulation ones, are usually just loops

Welcome room access your first machine... Do I have to use a VM or is there an easier option like steps 1, 2 & 4 please?

aye
@near shoal did you RE it with Ghidra? sometimes it's so efficient, especially with it's decompiler, it can give answers away where it normally would have taken a bit more work with gdb or r2.

So with this, you can assume something like

password = file.txt
final_password = do_thing(password)

if input == final_password
    pass
else
    fail```

since you have a rough idea of how the program works already

@quiet horizon nah, I did it in r2

You just need to piece together the "groups of assembly" to these lines of code

every piece of assembly is linked to one of these lines

yeah thanks @white salmon I get what you're saying. I'm going to keep looking at it and see if I figure it out

yea

Like it helps to set a breakpoint inside the loop, and try to think of what it's doing in terms of a higher programming language

like "for each letter in string, do thing"

yeah, I think I may be still missing some clarity on few instructions. Time to spend some time with it and decompose everything 😄

gladly I have the patience

@wary ridge If you have TryHackMe subscriber, then the easiest way is to start up the web-browser based Kali VM. Otherwise you'll have to set up your own, (or alternatively convert your current working computer as your hacking machine but it might be difficult)

I actually enjoy this kind of puzzle, kinda wish the hint hadn't given it away so I wouldn't feel like such a cheat 😄

Yeah, RE takes a lot of patience, willpower, and understanding

lmao

it's really fun and rewarding though

that it is...

it's like figuring out a new language (it is)

it's the demon-souls of hacking 😛

yeah lmao

Like I said, take notes though.

lol

I do.

it helps to try and group things for your own organization's sake

Always dos stuff with my notion.so next to it

if you watch videos on people doing RE or assembly work, they always group together assembly instructions as a whole function

and it really does help

yeah, would probably help to look at the chart view

but trying to avoid it for this room

just exactly for that reason that I need to get the habbit of doing that for myself first

thanks for all the help

definitely appreciate it

if you watch videos on people doing RE or assembly work, they always group together assembly instructions as a whole function
@white salmon any recs 👀

oh one sec

https://www.youtube.com/watch?v=bVJ-mWWL7cE

@white salmon got VBox Kali setup it works however not sure how to get the result for the task

this is a really interesting video on how the compiler tries to optimize your code

and may help you understand a lot more on how it interprets your functions and conditionals/loops

Oh

have you read the instructions? what have you done so far?

Ty

ye

You can learn some cool programming tricks too

that may or may not be useful for speed

Who needs speed. Just need it functioning

yeah

Really cool cool idea of using math expressions as if conditionals

instead of using if statements

Only time speed matters if you’re doing a coding interview

but it's also a dumb idea because you can't read your code

LOL

Copied the IP address tried to load the website in Kali Linux connection timed out.

Are you connected to the VPN?

Really cool cool idea of using math expressions as if conditionals
@white salmon what do you mean?

are you going to the actual IP address of the machine, or are you going to http://MACHINE_IP

@oblique cliff This is an If statement

for a very specific purpose but it's an if conditional that's made pretty much made only out of math

oh boi

@wary ridge

!vpn

Very interesting

Theoretically this is super optimized for assembly

and runs very very quickly

compared to using an if statement

which may or may not have to "pause" to interpret future data

it does all the instructions in order already

iiiiiiiiiinteresting

That’s really cool

Run it through OpenVPN?

I’m gonna code like that for work from now on

@oblique cliff good luck on your new job next month

What

Also #general

Run it through OpenVPN?
@wary ridge You need to connect to the TryHackMe network in order to talk to anything on 10.x.x.x. The THM Attack Box or THM Kali are already on the network

@stuck fractal ok, how do I do that from VBox Kali as don't have a way to use either through tryhackme site please

Connect to the VPN from Kali

The tutorial is in the welcome room, and you've just been linked to it

Ok thank you

any hints on Looking Glass still in enumeration phase

🤔

any hints on Looking Glass still in enumeration phase
@limber iron New box

No hints

Rule 13

Sure

The hint is in that room? Hmm... Inspect?

The hint is in that room? Hmm... Inspect?
@wary ridge ???

Is OpenVPN in Kali?

wut

Is OpenVPN in Kali?
@wary ridge Openvpn is preinstalled in Kali Linux

You need to get your config file and use that to connect to TryHackMe's openvpn

Have you done the OpenVPN room yet?

!vpn

These are what I have so far

Connect to the VPN

Follow the OpenVPN room.

We've asked you to please look at that about 3 times now

We've provided a solution, please actually listen and act on it

Hold on... Just got something that didn't show up before... Thanks for your help everyone

i have no idea why johntheripper is doing this

this is what im doing:

sudo john --wordlist=/usr/share/wordlists/rockyou.txt.gz hash.txt, with the hash in the hash.txt file

You’re using a compressed wordlist

Not sure if that works?

It does not

I hate to give answers but

i remember it working in the past

unzip rockyou.txt.gz

gunzip

gunzip worked

Whoops sorry

Obviously been typing something wrong here, as it claims there's an error in the command line...

What error

Screenshot

smh imagine not using tar xzcf

That’s what I do

As long as the command works I really couldn’t care

...aaaaaaaaaaaand apparently the cracked password isn't the right one, despite it... definetly being the right one

So you cracked it and got an output?

nvm

i was looking at the wrong thing

Typed sudo openvpn file location, filename, error opening configuration file of filename

Obviously it's different from what I wrote down.

Then you didn't specify the location correctly

#site-support please

This isn't room help, it's VPN help

I was way over thinking it!

🙂

I am currently working on the “Linux challenge” room an need some hints to get access to the / .bash_history directory for some reason not working for me 😩

It's not a directory

I

...wat

What you're trying to do makes no sense

The flag is located where bash history is stored

Why did you put a / there?

I’m new to this lol

Have you done the Learn Linux room?

Yes

I recommend you go back and do it again

😩😩

Going back lol

Lol I figured it out thanks looks like I need to go back and read up on some more

If you can't explain why you're doing something that isn't working, you probably ought to try something else

i need some hints on tomghost room

im already in ssh and proceed to privesc

What enumeration have you done?

i have done linpeas

but i saw these two files called credential.pgp and tryhackme.asc

So, try to do something with those

Time for some research into what those are

wait lemme clear up some understanding

pgp is email related right?

No

Look it up

No
@stuck fractal oh ok thx

thanks @stuck fractal !!
i rooted the box

Research is important

wfuzz not completing the entire list of words, is there anyway to force it?

iam using wfuzz from cli with version2.2.9-1

That sounds like a generic problem?

How do i fix that?

hey im beat

complete beginner here and im stuck

If you'd like a hint, please ask

And please give us enough info to give you a hint, like what room and what stage

Im at the learn linux and task 21

im a beginner so im kinda having trouble understanding all these

So have you broken down the task?

At this point, I know Task 21 by heart 😄

@white salmon Do you know what an environment variable is?
Do you know how to set them?
Do you know the name of the variable you need to set here?
Do you know the value that you need to set it to?

I dont fully 100% comprehend it yet, I'm looking back to other tasks and rereading but I've been at this for 30 mins now 😂😂

You're told what the binary will test for. You need to make that test succeed

Then you will get the password

Okay ill try

Hey there, I don't get it .. I'm stuck on a dumb question and I can't find the answer, I must be dumb haha ..
What is the name of the technique that "Search Engines" use to retrieve this information about websites?

I tried a lot of stuff but nothing works --'

I would approach this question asking how search engines get their information

Would a key phrase stick out?

The crawler get the different keywords of the website, send it to the Search engine so it can store it

Then the search engine make a query to his DB to retrieve it ?

Eventually, yes. But is there a phrase associated with what the bot is doing?

That's what I'm trying to find

But nothing so far :/

How does a spider move?

oh

You were right there

It moves on a web .. what i'm supposed to do with that haha

I thought your hint would help me but I don't know how to keep going lol

If I’m remembering the question and associating it correctly to a room, I believe you have already said the answer, but have called it a noun instead of a verb

Room "googledorking" btw (task 2)

A noun instead of a verb hmmm

The noun query I believe

Oh

A spider doesn’t just move it <...>

Query is also the verb lol

I must look dumb to you haha

You're not dumb, you're learning

true !

• the fact that english isn't my main langage doesn't really help for the understanding

Not a problem.

Try re-reading the segment Let's Visualise Some Things... It mentions how search engines work and briefly mentions how crawlers also have another word associated with their actions.

They index the content ?

But index was the answer of the previous question on the task

They index the information after they've acted as crawlers

A crawler will look through a website and attempt to traverse it

Yes ?

I've read everything again but can't find the word i'm looking for

Found it ...

That was dumb

😅

I'm glad you got it

In my mind, it wasn't the search engine that was doing the indexing part

So I wasn't looking on that side

You figured it out, though and you persisted 🙂

Anyway, thank you for your help on this one !

So spiders don't just move, they crawl among a web. In IT terms, we talk about crawlers the same way. Fun fact, crawlers can also just be called spiders.

Okay, got it

Are we able to talk about looking glass yet or is it still too new?

Usually it takes about a week before we can talk about them 🙂

ok thanks, I will keep going at it then

James is just mean for making the SSH change each boot

I mean it’s been more than enough time but I’m not sure if James wants a specific amount of time or not

can someone give me a nudge on the jigsaw 2 room i have ||d0zk0zsi4s07m3w0s3
p4as1aqz3m3cc
y375cy4l4a3j64z3|| but i have no idea what to do with it

@sinful plaza: Try to decrypt the hash?

hash??

Hi, can anyone give me a hint for the privesc on the Overpass 2 - https://tryhackme.com/room/overpass2hacked room

ls -lAh ~ in home directory

Well I mean that will give you the home directory contents

Yeah I've already tried that and there's a .suid_bash executable which does not set your UID to root

You need to abuse it

It's not as simple as running it

@trim haven Thanks for the help

That one took Cake and I a few minutes to figure out what the issue was there.

Iam getting no devices connected when i setup Nox and enabled the developer options on mac for https://tryhackme.com/room/androidhacking101 - task5 can somone help?

I had to scroll up and see hints on Overpass 2. That was a neat little thing..

I'm kinda confused on /room/zthlinux (task 33) ..
Here's the question (see screeshot)
So I went in the folder with cd test and now I don't really know what to do, I tried grep shiba4 test1234 but obviously that's not it (I was quite desesperate lol)

try using the find command to find the binary

I already did

But what do they mean by "The actual binary will check for two things"

Like, I got the directory called "test", and I got the file "test1234", so the binary should have all he needs ^^

if thats the case, that sounds right

did you try running the binary now?

Did you create the directory called "test"?

It was already there

With the file in it

Okay, good

But to run the binary, I need to find it

indeed

try using the find command to find the binary

At the root there's only the test folder

And in the test folder there's only 2 files : test & test1234

You shouldn't be able to access root..?

thats not root

That's not root

thats the base of the home directory for the user shiba3

oh

jabba

Yos

stop being slow

thats not root
@oblique cliff

@verbal vale you need to find the binary shiba4

@oblique cliff wut

you can do this using the find command

@trim haven

Yeah I did

I'm sure the binary is called binary 3 btw

The room put the wrong binary name iirc

Oh

You need to look at the task name

"Binary - Shiba3" ?

ok either way, you need to use the find command to find it. the find command you tried is only gonna search in the current directory for whatever youre searching for

you want to search the entire file system

oh

"Binary - Shiba3" ?
@verbal vale yes, the binary is called shiba3

ok Imma try something

👍

But the previous one was already shiba3 (when I was logged into shiba2)

^^

anyway I need to find the flag that search in every directory

Must be shiba4 then my b

ok so lets ignore jabba for now

np np

haha

and the binary name will be shiba4

Yeah ignore me, I'm half asleep

everything still stands that i said before, just change the name

so you now need to search the entire file system for a file called shiba4

But the find command is supposed to search through all the child' folders isn't it ?

(Without any flags)

Default find command

no

well, uh yes

but you gave the base directory the home of shiba3 the user

they never said its in a subdirectory of the user shiba3

hence your need to search the entire computer

which starts at /

Oh

youre starting at /home/shiba3

I think i did something bad

I typed shiba3

Instead of shiba4 --'

I'm presuming you type find / shiba3

haha

or find / shiba4

Yeahhhh haha

Now we good

no

you just searched for everything the subdirectory /home/shiba4 contains

you need to find the file shiba4

regardless of where it is in the file system

can you research how to use the find command to search the computer for a file of a specific name?

Using a flag that only give me files and not directories ?

I'll try to find than using man find

you could do that but thats not important for this. They is where to start your search

@verbal vale you can use the almighty google for this, which will work. There's also a room called thefindcommand which will help your endeavors. tremendously

I'm confused, I don't really understand, so somewhere in the computer there's a binary file called shiba4 right ?

And using the find command I need to find it ?

With his path, I'll then be able to execute it because I have all the requirements

I guess I'm right so far

With his path, I'll then be able to execute it because I have all the requirements
@verbal vale ?

i dont understand what you mean by that

but the other 2 comments are correct

The requirements given in the task description

I mean, if I execute it but the 2 things aren't good, it won't give me the password I believe

yes, the binary checks that the directory /home/shiba3/test exists

I tried find / shiba4 -type f but it says there's no file or dir with shiba4

and that the file /home/shiba3/test/test1234 exists

really? get rid of the type and see if that helps

(Same with shiba3, just in case i tested)

That's not how you use find to find a file with that name

Keep reading the manual a little closer

looks like i gotta read too

oh jk

i missed that 🤓

find -type f / shiba4 that's what I tried at the beginning

But I think I'm doing a punctuation pistake

mistake

research how to find a file based off the name of it

I tried this then

Oh i need to quote it

nop

That looks more correct

Now just add 2>/dev/null to get rid of all the errors

^

what do you mean

How ?

That means take stream 2 (standard error) and redirect it to /dev/null (like a black hole)

Just put it on the end

/dev/null

okay

you typed "2>dev/null"

Yay !

Woop

Nice it works !

No spoil

Thank you for your help @trim haven @stuck fractal @oblique cliff 😄

No spoil
@stuck fractal +1

Is there like a possible hint for the last task in learning linux?

there's a whole write up

Look for files owned by users that are out of place @white salmon

there's a whole write up
@toxic scarab he just wants a hint. Hence the hints channel

Oh okay thanks

@oblique cliff and for that final task there isn't really a hint i can think of that doesn't say what it says in the write up

im confused on task 12

Same

of learn linux?

it's looking for a flag that you can use with su command. maybe try man su to read more about the command?

Don’t know he didn’t specify the room or anything

Okay I'm still dead stuck at task 43 of learn linux

just going by the last room he was asking for help in #room-help

none of the shibas are able to do sudos

so you can't sudo then

check files owned by every user

Sir Blob's hint from above told you to check for files owned by different users

Shibas aren’t the only users on the machine

Oh sneaky, thanks okay ill find my way around 😅

im in c4ptur3-th3-fl4g room

i cant seem to find the #3 datatype

MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM======

dont need a direvt answer if there is some resource i can llokup

That looks like a base encoding to me

oksy ill check

And a specific one by character set and trailing =======

i tried 64

Too many = for b64

hmm

And base64 typically has lowercase

aaha so its a base encoding and the ======= give it away

i am rather new so. :/

The character set and the bunch of trailing = tells me pretty quickly what encoding it is

aahaa

base32 🙂

so it has caps and spammy ====

nice

Guys im stuck at the last task of zth web 2

I got 3 .php pages

keep looking

Also tried wfuzz on the command params

On all three pages

When i reach 'select' word while bruteforcing with big.txt the connection times out

It doesnt time out while using other wordlists

it doesn't time out. it creates an error on certain words in big.txt

Yaa that happens

So thats correct?

Plus its not always the same word

the same word causes the error, but the server responds at different rates so it gets back to you on a seemingly different word in the wordlist

but this really has nothing to do with the challenge

Aah yes i got that word

But its irrelevant¿

Ill try continuing the fuzz after that

Am i still on the right track?

you found 3 .php pages
the hint was given: keep looking

I did continue but didnt get any

Isnt that hint very vague

i don't think so, since it pretty much reveals that the 3 .php files you found are not going to do you any good, so there's no need to fuzz them with command parameters

Ill search for a fourth page

Still nothing 😪

Obv im doing something wrong

Cant figure it out anyhow

The task doesnt tell you to search for a .php page

I did that just in case

With and without php

Also the command parameters

Oh hell

read the task

I got one part

^that was just me being dumb

Im back to where i was

A small hint maybe

?

re read the task multiple times

Omg

Hi people. I'm at the last task on ZTH: Web 2 room (API Bypassing), the room uses the wfuzz tool, I'm really stuck here

Any tip?

I tried to pass these parameters: IP/api.php?cmd=FUZZ

Tip is

Re read the task multiple times

Alright, I'm probably losing something

keep in mind your ultimate goal for the task

anyone ... am stuck again on overpass2 ive found the needded file .||/suid_bash|| ive searched gtfo bins and tried most of the commands there..almost all of them put me back again in james or spawn a reverse shell with james's acc 😦 how do i get root 😦

It's just bash

Bash drops privileges when ran as root with suid, unless you tell it not to

gtfobins bash

gtfobins bash
@toxic scarab ive tried almost evrythng there 😦

Bash drops privileges when ran as root with suid, unless you tell it not to
@stuck fractal let me search that

It's on GTFOBins

There then 🙂

So : /room/zthlinux
How am I supposed to access the root folder ?
Like ... I don't have his password

Bash drops privileges when ran as root with suid, unless you tell it not to
@stuck fractal thank you so much ❤️ ❤️ after two days now i've solved it 😄

@verbal vale You need to get root privs

Oh

Lemme try something

I don't get how, I wanted to see group list with /etc/passwd but I can't
I also tried to add the user shiba4 to sudo group (believed there is one, but no)

have you tried all the users?

I don't get how, I wanted to see group list with /etc/passwd but I can't
I also tried to add the user shiba4 to sudo group (believed there is one, but no)
@verbal vale You need to be root to add the user to the sudo group

group list is in a different file

Before I check room write ups, is it gonna give me the answer or just hints ?

It will give you the method

It won't give you the flag

I don't want it then

I prefer searching more "myself"

With just hints when I'm stuck

So I need to be root user, or give myself permission to the file

You need to become root

So maybe I should check the permissions associated to the file ?

You can't give yourself permissions without being root

Okay

It's only readable by root

So you said root id's are written somewhere else on the computer ?

No

I did not.

Root's id is always 0

By id's i meant password, and yeah my bad I don't know why I thought you did ^^

Alright then, where can I start my research in order to try to be root ?

Look for files that are out of place

Files that are out of place ... there are so much files ^^ '

and when doing that remember that different users can access different files, so you might want to try the same thing as different users

Could that help ?

I see there are those noot & nootnoot users

maybe poke around there and see if theres anything interesting in those directories, eh?

Files that are out of place ... there are so much files ^^ '
@verbal vale Users will usually create files in their own home directory

Yeah that's what I see

But I can't access this file with my actual user ..

That's pretty tough I got to admit

I didn't think the third room I do would be that challenging haha

So. Look for files that are out of place

Using find

That's what I did I found something interesting

I finnally succeeded to get a good command and I try to run it on the different users

no spoil

Yeah sorry

But, I can't connect to that user, even tho I'm using su command and the right password

Oh i was using the wrong one ..

Did it!

Hi again, after the @toxic scarab tip I tried with this command:
wfuzz -c -z file,/usr/share/wordlists/dirb/big.txt --hw 0 -Z http://IpAddress/api.php?cmd=cat /FUZZ/flag.txt but without success

wow. that looks pretty complicated

I'm close to the resolution? I'm in the right way?

nope.

=/

yeah, I don't know how to do this

you are making it much more complicated than you need to. just remember what the task tells you to look for

the task tell us "You don't know any user, try and read the flag.txt"

I don't know where the flag.txt is, because that I used the FUZZ as the user folder

so do that: read the flag.txt

were you able to get http://ipaddress/api.php?cmd=ANY_COMMAND to display anything no matter what command you tried? if not, why expect that your fuzzing is going to generate anything?

if http://ipaddress/api.php?cmd=id did not generate something like the example showed, then this version of the api does NOT work the same way the example described. Without documentation or any clue as to how the api works, we don't know what parameter the api will work with. It could be cmd, action, command or a near-infinite number of other parameter names. Without that, we can't even begin to try different values for the parameter.

Got it

Jesus Christ

I lost a lot of time in this task

Living and learning...

No time is lost if you learnt something.

Is firefox the only web browser allowed on the virtual machine?

You can install whatever you want

This doesn't sound like a #room-hints question

I am trying to hit my machines webpage and keep getting an error with firefox

sry noob here

Not all machines have a webserver

I am trying to answer probably one of the simplest questions...Go to your machines website - What is the flag text shown on the machines webpage?

I would take the public IP address and place that in the machines webpage?

Not a public IP address

Click deploy on the Welcome room

it gives you a 10.10 IP address

The Public IP address will be for your Kali or AttackBox

Which also has a 10.10 IP

ty..I was deploying the attack machine

You need both

Or the VPN and just the target machine

gotcha..ty

look at that..it worked, thanks for the help

i mean there is a certain way how to use it, that does not add up

It's something special about bash

i got it

Bash drops permissions if suid

i exploit it but i do not understand how i access it

What do you mean?

can i msg u ?

Ok

ok lame failure as always, thank you James. I delete my comment as there are hints in it

I am probably way overlooking the obvious here, but need help with the initial room. I tried both the Kali and Attack Box in-browser deployments and both just give a 405 error on their IP's in the in vm browser. I see port 80 is open on 0.0.0.0 with python.

You're not meant to put those IPs into the browser

You're meant to deploy the VM in the Welcome room and use the IP in Active Machine Information

When I deploy the VM in the Welcome room via the "Deploy" button, it will configure and show at the top of the screen, but only with the non-routable IP. That machine is not listed under "My Machine".

@faint helm That is expected

It's a local IP address, on the TryHackMe network

My Machine is your attacking machine

The machine that you deploy in a room is the target machine

I just figured that out...knew I was missing something about how the platform worked. Thanks for the help.

hey, need help for this room :https://tryhackme.com/room/linuxctf for #2 Task 3 : ```
Flag12 is located were MOTD's are usually found on an Ubuntu OS. What is flag12?

What do you need help with?

Did you google what MOTD is as well as what this may be located?

^

You'll have to google where MotDs are stored on Linux for it

and look inside the file itself

@ashen matrix yeah

i already look for a lot of website that's why i'm asking here 🙂 i already found this :

||/etc/update-motd.d/ ; /etc/motd ; but none of them works||

The flag is stored in a file that has the MotD when you login.

ok i'll search thx 🙂

ok i got it thx 🙂

Please delete the first screenshot because it shows the flag/correct answer

@white salmon sorry

thanks :D

np np

Are you sure your LHOST is correct?

i hope so im using the web brwoser thm kali linux

ill try the ip below the browser kali

Yeah, double check both IPs

I don't think the web browser kali linux should be in 10.10.0.0 range

Hey, for room/linuxctf
I heard about the uname command, am I on the right path ?

i got two different ips and none of them seems to be working

i heard the bolt_authenticated_rce doesnt work nomore

@verbal vale i got it and didn't do it with the "uname" command

strange

Okay

Have you updated your metasploit?

Because for the hint, they give *release but it doesn't really help haha

I think the web browser kali has an older version of metasploit

yup i did

I tried find / -name "*release" -type f 2>>/dev/null

@verbal vale yeah 🙂

i had the older version of it cause i coulnt find the exploit, but after updating i finnaly saw it in my metasploit

i didn't use "release" btw 🙂

Oh

@white salmon ill try it at home on my own kali linux

@alpine lantern I found a lot of commands there, I'm testing them : https://www.tecmint.com/commands-to-collect-system-and-hardware-information-in-linux/#:~:text=1.,kernel name of your system.&text=To view your network hostname,with uname command as shown.

@verbal vale i didn't found the flag with theses commands too 🙂 but maybe u can

I didn't ^^

sad

u need to read a file @verbal vale

Are we able to get hints for Looking glass yet? I am stuck at humptydumpty.txt, I have the password from it but having issues with the first part of the file

Hey I'm trying to do the cross site scripting room, In the stored XSS challenge where you need to steal jack's cookie I am using request bin and I'm sending it with window.location, my only problem is that jack never checks the message. Is there something special I have to do to make jack view the message board or does it run automatically?

ok I'm an idiot I just found the solution to my issue. I just had to hide it in an image tag 😄

Hi, can soemone help me for the last question of this room : https://tryhackme.com/room/lfi#

I run as root but I don't know how to find the root flag

check /root/

@tidal token try using the find command

should be there

Thanks I found the flag

Ultratech room. Stucked at the beginning of task3. I'm trying to understand the hint 'Look closely how the Api is used'. Any hint to clarify the hint?

Using command injection

Using command injection
@astral smelt Ok many thanks. Trying command injection the page outputs a file name and It was it. Thanks!!!!!💯

NP 🙂

Need some help with Sublist3r room Task4 #8

One last one for fun. NBC produced a popular sitcom about typical office work environment, which dns record might be associated with this show?

Can anyone give a hint?

I’m presuming they’re referring to “The Office” but you can probably find that with a google search

They are

Did you look through the list of records?

Yeah! I've looked all over the records...Got no clue

There’s one that pretty obviously related to “the office”

I've tried the voice

but nothing seems related to the office

Jabba just mentioned the show

Try searching with that keyword in the accompanying text file

done

thx

Hi everyone. I am pretty stuck at the room ZTH: Obscure Web Vulns. I am trying to get tplmap to work. But neither on my pyhsical client nor on the THM VM I can start tplmap successfully. I get python errors all the time. Anyone was facing this issue recently?

Please consider my question as resolved. It took me some time but finally got tplmap to work

Whats the situation in asking for tips in looking glass, can we ask yet? 👀 I'm stuck in humptydumpty and dont know where to go, i have one thing that i think maybe is the next step but i'm not sure, not gonna say here because might be spoilers

are the writeups published yet?

if no, ask james, but probably not till he posts writeups

Writeups are not published yet

It's a good round to complete

yo

im a little stuck here

i got the key, changed the permissions, all that but uh

i can't figure out the username

this is in the networkservices room btw

the only usernames that seem to make sense don't exist, apparently

You found a name at #4.4 I believe

Try different formats

i have tried literally every format i can think of

You haven't done the most common one apparently

can anybody give me a hint of looking glass

I did over in the John Hammond discord

can i dm you?

@woven mirage seeing as you're both at the same stage...
Something is out of place and should stick out for you when you're enumerating the filesystem. See what you can do.

No. You cannot.

okey let me try

There's a video coming soon as well, once the video drops I'll give more hints.

Hi guys, need a hint to bof rooms

the second exercise

@white salmon so the exploit doesnt work in browser. i tried it in my own kali linux and everything worked fine 🙂

hint now available for the looking glass room??

Only very very gentle hints

There's a video for it coming soon

cool

So is it okay now to ask for small hints in room looking glass . Been at it for days 🙂 just stuck at Alice now

Run some privesc enumeration scripts and try some manual enumeration

See what files you can read that might give you some information on how to privesc

Yup already been doing that ... but guess I would have to better at using my looking glasses 🤓 since I must have overlooked it.....

There's a video coming soon on it, I'll give more hints then

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md

In the mean time, I recommend working through that

so quick question, on looking glass ||do the poems have anything hidden inside them, after getting access as humptydumpty I mean||?

@stuck fractal tnx will be working through the list again more thoroughly... just want to make it before the video 🙂

@left frigate Keep enumerating

Same hint I gave earlier.

seeing as you're both at the same stage...
Something is out of place and should stick out for you when you're enumerating the filesystem. See what you can do.

alright thanks 🙂

@stuck fractal tnx man think i found something very interesting i just need to figure out how to use it 😄

@mild eagle can I dm you? something small I found that I wanna confirm 🙃

i am currently in Linux Walkthrough room, under task 18, im asked what the value of the home environment variable is, i am at a dead end here, am i supposed to find it in PuTTY or? hints plz 🙂

Hints on Looking Glass ? Nmap let me down on this one

@shut pollen not yet

i am currently in Linux Walkthrough room, under task 18, im asked what the value of the home environment variable is, i am at a dead end here, am i supposed to find it in PuTTY or? hints plz 🙂
@brittle hedge google how to check environmental variables on Linux

Hints on Looking Glass ? Nmap let me down on this one
@shut pollen Nmap is going to give you a bad day. Use a simpler scan or wait for it to finish

Simpler than NMAP without any flags ?

https://i.imgur.com/ixJ6v0s.png

i have the binary but idk what to do next.-.

Create the text file

Run the binary

but i have the text file

but i don't know how to run it..i mean it's giving me an error

You don't run the text file

ugh

hey, need help for https://github.com/rebootuser/LinEnum the LinEnum room, i wget LinEnum but i can't execute it :

you downloaded the html page

you need to wget the raw.github page, not the github page itself

gib more upvotes

@oblique cliff Thx 🙂

@trim haven reeee

😎

HEY

For Dumping Router Firmware Room, Task 2 number 7 . I have tried submitting the date and time i got from Binwalk 20*8-*****. The room says wrong submission

Please help.

So I'm trying to do the burpsuite room (rpburpsuite) and I'm stuck on the Sequencer, I can't seem to get it to show any results and the Analyze now is always greyed out, any ideas how to let burpsuite sequencer analyze?

this is apparently incorrect

anyone?

Ok

2 things

tcpdump needs to be running on your box to listen

would be cool if the room had explained that

And you need to replace [local tun0 ip] with your tun0 IP. No brackets.

would be cool if the room had explained that
@royal venture it did.

it tells you the question before

right, i misread

aaaaaaaand i didnt get anything on the listener

and, yes, its my tun0 ip

...you pasted it in there as [local tun0 ip]

You didn't replace it

You also may have killed it by attempting to run sudo

yes, i know, im saying i went back and re-did it correctly (relogged too) and it isn't working

What do you mean by relogged?

And you need to show us what you're doing if you want help with it

You can't just say "I did it correctly and it didn't work" because the room isn't broken so you've made a mistake

well im doing what it says so idk man

What do you mean by relogged?

i mean i exited the telnet session and started a new one

Terminate the box and deploy it again

yep, still isn't working

...the "run" had to be caps, apparently

Are we able to get hints for Looking glass yet? I am still stuck at humptydumpty.txt, I have the password from it but having issues with the first part of the file

@agile whale https://crackstation.net/

James, when is that video coming out? I need some hints on getting into Alice (have found possible way but having issues exploiting it), am hoping to get some more hint before the solutions are given out

Tomorrow.

Read some documentation for it, that's my hint

ok

Hello, I am stuck on the Hacktivity called Linux Walk Through on the last task, 43. I don't know how to gain access to get the key at /root/root.txt. I know that I need sudo priviledges to check the password of root which is at /etc/shadow. I checked /etc/group and found out that nootnoot is in the sudo group so if I could find the password of nootnoot first, I can gain sudo priviledges. I'm stuck now. I know the /home/nootnoot has the file ll that counts from 1 to 1000, but I don't knwo what to do afterwards. Can someone give me a hint?

Look for files that are out of place, using find

If the ll file doesn't have anything useful in it, then you'll have to keep looking.

hmm k

Try to look for files that you haven't really messed with during the entire walkthrough

those are usually the suspects

I went back to the shiba1 directory. I noticed that the shiba1 binary file has user rws priviledges. I tried editting the shiba1 binary file by looking at where the file calls the shiba2 password and it was "cat /etc/shiba/shiba2". I made sure noot.txt was there. I changed that string to /root/root.txt. I ran it, but it didn't work. It just gave me the Segmentation fault (core dumped) error. Do I have the right idea?

Nope.

You found that one of the users was a sudoer

You can't edit a SUID binary btw, it loses the SUID bit when you do that

idk lol

am i overthinking this?

No

Look for out of place files

k so in shiba3 directory, I realized that I never used /test/1234 but there's no data inside it so it's useless?

The binary checks for certain conditions first

Make sure to fulfil them

are you talking about the /opt/secret/shiba4 binary? because it only requires a test directory in the home dir and contain a file test1234. The previous task doesnt require a file 1234

I'm talking about a file that is out of place

Normally users create files in their own home directory

well the shiba3 and shiba4 files in /etc/shiba do look strange since the groups are both not root

Keep looking.

You will 100% know when you see it.

Use find, search for each user.

idk i'm stumped

ill try again later

thx 4 ur help

anyone here done with privs on python playground ?
need some hint

i must be overthinking looking glass

If you're trying kernel exploits, you've gone too far

@stuck fractal not at all 🙂 enumerated a lot and found stuff that sounds like it is intended for later

Which user are you?

just jabberwock

Oh... Do some super basic privesc enumeration then.

It should jump out at you pretty fast.

I always, always, always overcomplicate 😄

is it possible to get another hint with looking glass, I logged as alice and found a few things with sudo but not short if I am wasting my time with it (have been stuck on this bit for a while now)

oooh i wish i was there 😛

you sound to be just a few days behind me 😉

I always, always, always overcomplicate 😄
@low oriole no seriously just throw an enum script at it or follow the Payloads All The Things guide

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md

@stuck fractal I just did. I'm so stupid 😄

That cheatsheet is really really helpful.

@stuck fractal is hostname/sudo important or am I wasting time on it? can you give a few more clues before the video gives out the solution in a few hours

It's nearly 9am and I'm going to sleep

Read some docs

That was actually a lot of fun. Thanks @stuck fractal

Hints on looking glass ?

@shut pollen how far are you?

Scan

If writeups aren’t on the room I believe it’s because James doesn’t want any hints

I believe that later on tonight the room will open up as there is going to be a video uploaded of the room.

I apologise if I’m incorrect I’m just following what other people was told yesterday.

Still , a lil help would be good. Like the Nmap scan is returning a long list.

I believe that later on tonight the room will open up as there is going to be a video uploaded of the room.
@trim haven

Exactly

Thank you Quantum

We have to respect what the room creator wants so until James comes online we will have to avoid providing help.

https://tryhackme.com/room/cryptofunhouse

im working on this room...need some nudge or resource to solve...

Guys, I need some help for the ConvertMyVideo room. Stucked on challenge 2, where I've to find a username to log in the secret page. Any hint?

hello I am working on the splunk room and on task 2 question 21 it wants the splunk command for renaming fields when doing a search and I believe it is rename but every time I type rename it says it is wrong. I have checked the pdf and searched through google and splunk's other docs and they all say rename. Is this an issue with the question or is there a different renaming command?
hello I am working on the splunk room and on task 2 question 21 it wants the splunk command for renaming fields when doing a search and I believe it is rename but every time I type rename it says it is wrong. I have checked the pdf and searched through google and splunk's other docs and they all say rename. Is this an issue with the question or is there a different renaming command?

wow don't know why that sent twice

Because rename is wrong

got it thanks!

hi , I'm working on the advent of cyber room and I'm stuck in [Task 16] [Day 11] , I created a directory named 'nfs ' as a mount point ..so i run this commande : sudo mount <IP-address>:/opt/files /home/root/nfs .. but i get " mount point /home/root/nfs does not exist".
but when I use : mount......./root/nfs I get : acces denied by server while mounting <IP-address>

if anyone can help pls

Can you show screenshots instead of typing that ugliness

ok

Try specifying the nfs format using the -t flag

mount -t nfs <ip>

question 2 task 18 of Learn Linux room pls help?

What's the problem

Looks pretty straightforward

still get the same result

@sleek mantle Post a screenshot again

@tidal sedge

Try using nfs version 3 🤔

Let me try from my machine

ok

https://tryhackme.com/room/25daysofchristmas

Okay, it works for me, try changing the directory name to something else other than nfs, try test

i did many other names

still the same problem

Try changing the dir and cd'ing to it again

Oh, wait you can't mount it 🤔

It worked for me on the same ip 🤔

Are you running the vpn on your host or your kali?

yea i'm the only one with this prblm .. I've seen some solutions and it worked for them without any trouble

on my host

Run it on your Kali

create a new directory in different location better to be in desktop, root sometimes won't allow

It's a VPN problem

You're supposed to run the vpn on your attacking machine (in your case Kali)

but I've already used many tools and thm tasks with vpn on my host

Run it on your Kali.

ok

Running the vpn on the host can cause problems, like not being able to catch a reverse shell, being unable to mount stuff etc

Hey stuck at Priv esc part of Year of the rabit I'm user ||Eli|| but I know there is some msg sent when I login using SSH some database where o couldn't find something useful any hints?

Guys, I need some help for the ConvertMyVideo room. Stucked on challenge 2, where I've to find a username to log in the secret page. Any hint?
@mossy ermine try messing with the / page first,

Hey stuck at Priv esc part of Year of the rabit I'm user ||Eli|| but I know there is some msg sent when I login using SSH some database where o couldn't find something useful any hints

do you know what the message is?

@stuck fractal I finally figured out the solution! Finding all the files of each user was a big hint. Bad assumptions I made are that I did something like find / | grep shiba1, but that was too specific. And I thought that the Permission denied error output was too long to read so it's only when I added 2>/dev/null at the end of find which mades things much easier to see.

Ew, don't pipe find into grep!

Use the arguments to find to make your find more specific

the pipe into grep makes a red highlight on my terminal which made it easy to see which files were not permission denied

bad assumption

Can any1 tell me if I’m barking up the wrong street with a brute forcing script for looking glass?

If you're checking more than 20 ports, you are.

You shouldn't be brute forcing anything

Ok there is a “c” thing with a nmap script for it

Ty

I wouldn't use nmap here

Tyvm

For those stuck with initial access on Looking Glass, your hint is "O(log n)"

Lol not sure what’s different other than the 1 with c so not sure how to use that

anyone free to give me a hand with the.. umm beginners nmap room?

Just ask your question, don't ask if anyone can help

After all, how do we know if we can help if we don't know what you need help with?

Good point, well presented.. I'll try again...

Hey guys, I'm having trouble with the last nmap beginners room task. i'm running it as nmap -A --script vuln <ip address>, but I'm not seeing the promised vulnerability

This is what I see

try some more scripts

And specifically on port 80

Rightio

I guess I got tunnel vision from the previous questions

hello, i need help i don't know why i can't send my "POST request" in the "Web fundamentals" room last task question 2

Screenshot

doesn't work with "&lt"

That’s cuz that’s supposed to be <

You didn’t send it to the right url

Look where you’re supposed to send it

Look where you did

10.10.20.42.8081

it the same

what do you mean

The directory

Hi everyone!

how are you?

Hello

Hello

im at /Harder yet and im trying to get the shell, but when im trying to execute some command like nc or php for the shell the server is like... freezing?

i reboot the server 3 times now because of this

but just that subdomain

( @oblique cliff )

Lol

The &lt is a <

Ignore that

Don’t put it in there

i'm dumb

sorry

please don't jude me

I’m not judging you at all

You’re not dumb

thanks

Just a bit inexperienced you’ll get there 🙂

i thougth that maybe would be nc for some reason and like php was going to work and, same thing. I dont know if keeping trying or what

thanks

but still not working

huuf

Replace <whatever you want to send> with what you want to send

Which is just flag_please

After you do that. Check the directory you’re sending the post request to and check if it matches where you’re supposed to be sending the post request @rough helm

hint: it’s not

or maybe some way i can experiment with commands without taking down the service?

ho

OMG

My brain just blow up

🤯

Like that?