#room-hints

I have no clue what you're talking about but you don't need to access any external sites

So if you think you need to go to the JavaScript website, yes, you missed something

I didn't think so either....

lol

the site's javascript. The code that makes up the website

it gives you a screenshot of what its talking about

not a javascript website....ty

I knew what I was looking for, just didn't realize it was for the website I was on.

It makes sense.....but they capitalized JavaScript so I wasn't applying it to the website I was sitting on.

¯_(ツ)_/¯

@sick sun Give it 3 days from release.

oof I see a typo in that screenshot

well, at least a way that it could be made more accurate. IDK if it's wrong as such

Could anyone that's done https://tryhackme.com/room/thecodcaper spare me on section 5/11
question 3: What is my ssh password?
I've rooted the box, found some interesting things and found an alternate way in but still haven't been able to find out how to answer this question
Any help much appreciated

It's a file, on the box

Maybe look for out of place files belonging to different users using find?

Only one I'm seeing outside home dir doesn't contain hash for said user

You're not looking for a hash

You're looking for a plaintext password

Partially aware, but even "find / -user x | xargs cat" for both users doesn't appear to have juice unless there's something I'm just being oligrophrenic on

there are more than 2 users

Alright, I'll keep enumming. If it's there then it's there and I suppose I'll find it

Thank you Ninja and Blob

I am Blob

100% now and the second major thing I learned about how to not be an idiot

Thanks again.

🥳

Am Blob

https://tenor.com/view/blobgodeto-blobdance-gif-18313011

room Sublist3r
task 4
q 3 & 5
any hint pls

That's not how this works 😁

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

If you have an IP Address for a THM room, how do you use it to open a terminal so you can determine, say, the value of the home env var?

Specifically, the Linux Walk Through room.

You ssh in

room Sublist3r
task 4
q 3 & 5
any hint pls
@silver meteor 👀

Heyy, how can I inspect this alert login boxes?

Check pins @silver meteor

@final mortar what pins buddy?

The first pin

@final mortar tnx mate
i just logged out now
try it later
tnx again

Heyy, how can I inspect this alert login boxes?
@sleek garden ist das verwandt mit try hack me?

Hi, in the Linux Challenges I am asked to:

"Using SCP, FileZilla or another FTP client download flag32.mp3 to reveal flag 32."

I dont have (and I dont have root privileges to install) FileZilla, so I am using FTP

but I am not connected to any server when using FTP

The server is the machine that you deployed

You have root on your attacking machine to isntall filezilla

oh, so I have to enter the FTP server through my attacking machine?

That's the only logical way it could work, right?

Can't I enter the ftp server from the machine that I am attacking?

You need to get the file on to your machine

The FTP server is running on the machine you deployed.

okay, I'll try

I get connection refused

Time for you to find out what ports are open

I know what port is open and is used for FTP, do I need credentials?

22 is SSH.

the port used for FTP is not open

Then maybe it's on a different port.

You don't have to run a service on the standard port

In the writeup it says that I have to send it from the attacked machine

thats the problem

I was trying to connect and download it, instead of sending it

In the writeup it says that I have to send it from the attacked machine
@safe nova What?

Yes

You can connect and download it

@safe nova google how to set up and use a python server to transfer files

there are many different ways to transfer files

I have to send it through SSH

which is the open port

SCP.

yes

But have you checked if there's an FTP server running on a different port?

using SCP

You don't have to run a service on the standard port

yes I have checked that

how can I open my port 22

When I try to send the file through scp I get port 22: connection refused

its because its closed, right?

scp it the other way

thats it

thanks

Hydra challenge problem

huh?

What do you need help with?

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

bruteforce not working on rockyou.txt

Can you show me the command (and the task)

(and the room link)

It's the most disliked hydra i think

There's several.

Make it clear now and it makes it easier.

Ok

https://tryhackme.com/room/25daysofchristmas

Day 17

That's broken

Use the standalone room

https://tryhackme.com/room/hydra

There's a work-a-round

Ok thanks

There's a work-a-round
@trim haven Yeah you can cheese it but that defeats the purpose.

I'm not 200% sure why the webserver flag is stored easily for the people who cheese it although

because that's the easy way of doing it

Hi, anyone for a hint on the last part of intro to x86-64 ?

theres a function being called from inside main

follow that function and put breakpoints everywhere, checking out what happens to your input

@urban wraith

OK, I'll check that

thanks @oblique cliff

Any hints for the learn linux bonus challenge room?

Look for files out of place belonging to each user

Users generally create files in their home directory

Use find.

Ok got it, thanks

https://tryhackme.com/room/jigsaw2 evening, anyone able to get port knocking on jigsaw 2 correct to open ftp 21 ? please dm me with hint - really appreciated. thanks

Hello, can I have any help of task 14 od ZTH room? Thanks.

there are 3 zth rooms, which one are you talking about?

Oh my bad, zth obscure web vulns

Hi I'm having issues with owasp juice shop Question 1 Access the administration page. Well, I accessed the admin page but I didn't receive a key string signifying completion. Am I missing something? Thanks in advance!

Got it never mind

@woven mirage hey can I DM you?

only if you call him termy

Hahah

Hey blob,sup

Henlo

@woven mirage hey can I DM you?
@eternal brook sure

In the Linux Walk Through room, is the "home env" variable == $HOME?

Yes, I believe.

Can someone give me a hint on privesc to root of mnemonic room.... stuck here for hours

they said wait 3 days for hints since it just released yesterday

and I feel you, I was trying to enumerate last night for hours and got nothing I could figure out how to exploit so I can't even get in 🙂

xD

Privesc? Do you have condor? 👀

Hello

In mnemonic room, how can i get image for mnemonic decode.

Enumerate :)

have you finished??

Yes

oki, i enumerate and can't find:((((

Enumerate harder then 🙂

sad, can i get a hint??

The file doesn't exist on the box, there's only a reference to it

at social media account??

🙊

https://tenor.com/view/the-simpsons-homer-simpson-good-bye-bye-no-gif-5173989

any hint to "internal"?

or maybe someone doing it right now?

What bit you stuck on?

Are hints being given out on that room?

I would assume you can as there is a writeup for it

Oh goodie

Thanks Blackout

anyone one for shodan.io room? im on 4.4 Under Google's ASN, what is the most popular city? it clearly says here kansas city no?

That's outdated

elbee give me two seconds

np

Due to the nature of Shodan updating a lot, the room tends to break quite often.

If this is the case, post on Reddit / The Discord / The forums these details:
* Question / task number that broke
* The correct, current answer
* The search query (URL of the search) that shows you this answer.

😩 ok

I'll do you a solid and DM bee for you

lmao thanks

its fine though, i just looked at a writeup

It has to be updated anyway.

What bit you stuck on?
@astral smelt i just want to ask that is jenkins is a part of priv esc?

yes it is

crap. Cant find creds for him

brute force maybe the username?

ill try. I guess username is one from wordpress note or linux local username

thank you

any hints regarding that secret file in Mnemonic room

Nope

Rule 13

Not for the next 3 days

Hi, hope i'm in the right channel for this:
I'm currently going through Linux PrivEsc created by Tib3rius and I'm stuck on Sudo - Shell Escape Sequences.
I'm guess when it's asking "one program on the list doesn't have a shell escape sequence on GTFOBins" it's asking me to looking into ALL Binaries?

Task?

Nvm

It’s asking you to look at all the programs you’re allowed to run with sudo permissions @frigid wind

@oblique cliff thanks, yeah i've been interpreting it wrong

Np

@oblique cliff just to clarify, from that list that 'usr' is allowed to run via sudo is where I will find the program that doesn't have a shell escape sequence? Just wanna make sure i've got enough food to last me a short trip down the rabbit hole and not one that'll last 900 years 😩

Sounds good to me

I haven’t actually done the room I just glanced at the question

Nope
@trim haven were we supposed to guess the name
finally got the file

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

But yes it seems like 1 of the xx commands you can run as sudo doesn’t have an escape sequence that you can find on gtfobins @frigid wind

@oblique cliff ty

i ahve been trying all day to do the Crack The Hash room with hashcat and i have tried what feels like everything but i cant get it to work. The hash is e5d8870e5bdd26602cab8dbe07a942c8669e56d6 and the salt is tryhackme. Could someone maybe poing me in the right direction?

Have you checked the hashcat examples page?

yes

You know it's HMAC sha whatever

i know it is sha1

No

Hmac sha, isn't it?

Different to regular sha.

every hash detector i have tried says it is sha 1

perhaps that is why

let me try a differnet -m number

brb

Check the hint @quaint lion

okay

Tells you the hash type, not the mode.

dont you specify the hash type with -m?

Yes.

so there is two of them

150 and 160

You need to take that hash type, and look up the mode number.

Yep

You need to work out which one it is.

one says pass and one says salt

is that for which one will come first in the input?

Yeah. Which one is the key. That's what it asks

Not at my PC so it's hard.

so if i do tryhackme:e5d8870e5bdd26602cab8dbe07a942c8669e56d6 i do 160?

and if i do e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme i do 150?

oh wait

does 150 mean there is no salt?

and 160 means there is?

I don't know from here. But you're trying to get the password out, not the key. You know the key.

They are both "salted" but HMAC isn't the same as hash+salt.

okay

OH I GOT IA

IT

THANK YOU!!!!

hey do you know the answer to those questions @woven mirage

i saw you typing

could you maybe explain teh difference between 150 adn 160?

lol

waht?

They're different based on what you know

how so?

Whether you know the message or the key

150 | HMAC-SHA1 (key = $pass) | Raw Hash, Authenticated
160 | HMAC-SHA1 (key = $salt) | Raw Hash, Authenticated

one says pass and one says alt

Yeah so pass is what you're cracking for

makes sense

So it's whether you know the key or the message

what do you mean by message?

150 is finding the key

Look into HMAC

okay

so 150 find the key

what does 160 find?

the message?

If you know the key, it finds the message

oh okay

thank you

do you know what the potfile is?

The file that hashcat/john stores the cracked hashes along with the plaintext

Like hash:pass

okay

where is that file?

It depends™️

i would like to delete the one i just foudn so i can experiment with the options

i have 2020 kali linux

and installed it with apt-get

if that helps

could i use the find command?

"hashcat default pot file location" into google

okay

i found it with the find command :)

thank you for your help!

I'm having issues with owasp top 10 day 2 broken authentication. When I go the site via machine IP I'm only giving page for directory search and not page with user authentication.

When I review write ups for the same task their screenshots show an actual authentication page.

can someone provide me some hint on how to find the first flag

on the webpage of the machine iteself

which room which task which question

i dont think this is a room

this is my first time

and just went to the tutorial and it asked me to deploy the attackbox \

something like that

Can you send screenshot of what you're seeing

The url too

This is openvpn box I think

error code 405

How you downloaded the openvpn?

Then ran it?

i am using the machine itself can

Oh

can i not use that?

http:// ip

Sure you can

sorry? @spice flare ip?

ip of the machine you deployed

ow

Have you deployed you machine?

10.10.65.187

yes

i dont think i have much time left

Let me check for you

Press add 1 hour button

i cant i havent subscribed yet

you don't need to be subscribed

Uh-oh! Non-subscribed user can only deploy the free AttackBox once a day. To subscribe visit your profile.

are you using free web based machine

yeah

don't add 1 hour to machine

ad 1 Hour to your room

can you send a ss of the whole room

This is the welcome room just follow the steps

sorry but i am new here i dont know what a room

Everything should work

whats

if you want I can take a video

@gusty galleon thing your in is a room named Welcome

room?

now click to thet

tuturial room

*tutorial

and?

now send an ss

ok

Click on deploy

have you downloaded

your vpn file

Read the instructions there

ohh

you were using browser based machine

when you deploy

there will be an ip address

after 1 minute

then copy it

and in a new tab write http:// ip

thats the one right?

at 11 40

come to streaming voice channel

Ill help you

No you’re using your private ip from the web browser

You need to deploy the machine in the room and go to that ip

yes

like thhat

sorry again but how do i get to that ip?

do i need to use my browser or openvpn?

from the room you deployed

owwww...

now i get it there is a deploy button next to the deploy attackbox

Thank you

yeahh i was missing that

thanks alot

one more question please so i use my attack machine which i cannot add hours but can add the hours of the test machines right?

thats what you meant earlier?

yes

room Mnemonic , i found image maxr*****.*** its right way ?

Rule 13, no help on new releases for a few days

@wooden mist can i dm ?

Sure

What am I supposed to put in answer after getting into the admin account is OWASP juice shop task 3 (inject the juice) #1 https://tryhackme.com/room/owaspjuiceshop

the flag you get on the website

So I'm trying to do the GoBuster task in Vulnversity. I have BurpSuite open, I'm using their browser, openvpn is running, I deployed the machine and tried to go to the IP given, and it says Fail to connect. I don't have Intercept on, so it should work, right?

Any thoughts on something else I should have done?

are you navigating to the correct port?

It automatically uses 80

then I tried 8080

Let me check I don’t think either of those are the ports

Screenshot please @stone oyster

Because it could be the webserver, or could be the proxy server

It tells you the port you need to redirect to

Port 80 and 8080 is incorrect

hmm...let me look again

Ok. I didn't look back far enough. I found it.

Ty

Am I correct in thinking that Vulns site explicitly has dead links to point you in the right direction?

https://tryhackme.com/room/rpnmap this room doesn't give any ip to scan

Did you press deploy

No deploy button

But in my case it not showing

Screenshot

Soory it sown on first page

Thanks

anyone root the box Mnemonic?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

Please wait just a little longer. 3 days from release.

Can someone give me a hint regarding the CCT crypto1 challenge? I'm currently stuck on crypto1a and I can't figure the cipher out.
By now I'm relatively sure that it is some sort of transposition cipher or a monoalphabetic substitution cipher, though I think the latter is less probable.
I am a bit confused about the statement that there would be an online tool for the cipher.

            ; DATA XREF from entry0 @ 0x55a68ac1f50d
┌ 43: int main (int argc, char **argv, char **envp);
│           ; var int64_t var_8h @ rbp-0x8
│           ; var signed int64_t var_4h @ rbp-0x4
│           0x55a68ac1f5fa      55             push rbp
│           0x55a68ac1f5fb      4889e5         mov rbp, rsp
│           0x55a68ac1f5fe      c745f8030000.  mov dword [var_8h], 3
│           0x55a68ac1f605      c745fc040000.  mov dword [var_4h], 4
│           0x55a68ac1f60c      8b45f8         mov eax, dword [var_8h]
│           0x55a68ac1f60f      3b45fc         cmp eax, dword [var_4h]
│       ┌─< 0x55a68ac1f612 b    7d06           jge 0x55a68ac1f61a
│       │   0x55a68ac1f614      8345f805       add dword [var_8h], 5
│       │   ;-- rip:
│      ┌──< 0x55a68ac1f618      eb04           jmp 0x55a68ac1f61e
│      ││   ; CODE XREF from main @ 0x55a68ac1f612
│      │└─> 0x55a68ac1f61a      8345fc03       add dword [var_4h], 3
│      │    ; CODE XREF from main @ 0x55a68ac1f618
│      └──> 0x55a68ac1f61e      b800000000     mov eax, 0
│           0x55a68ac1f623      5d             pop rbp
└           0x55a68ac1f624      c3             ret

I need help

This is the question:
What is the value of var_8h before the popq and ret instructions?
from what I understand this.. the value is 8 right..

var 8 is assigned with 3 -> then var8 was compared with var4 -> since it wasn't greater than 4 (from var4) it continues and adds 5 to var8

which yields 0x8

@last nova gib guidance pls

this poor soul is lost

not my room. can't help

okie

@inland onyx gib gib

@past edge You're analyzing the if1 binary, are you?

AH

yea

fk me

I think my brain has given up already

@past edge You're analyzing the if1 binary, are you?
@atomic flare thx u for the sanity check

anyone can tell me what mistake am I doing?

Well, you need to be root to use the command adduser

I dont know which Room You're doing right now

Common Linux Privesc

page 6

But i would imagine by the questiona that you need tô edit /etc/passwd yourself

Maybe you have that privilege

yea user7 has write priv

I'm turning on my pc

I'll check it

thanks

yea user7 has write priv
If you have write privilege you need to write to the file, not use the command adduser

How can you write in files?

well

now I got stuck on that one

?

okay nvm I did it

ty for ur help^^

Hey ... on the Mnemonic room

what is the name of the secret file?

i think i have to dirbuster or gobuster to find the secret file on the http server on port 80 am i right ? (no hints i only want to know if i am on the right way)

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

@neat perch That's still a new room. Please wait 3 days from release before asking.

So basically 20 hours from now.

ok

Here I am again, in common linux privesc,.. task is to create a payload using msfvenom but for some reason "command not found"

send screenshot

you need to use it in your machine

if you are using kali linux msfvenom will already be there

otherwise you have to install it

Msfvenom is a hacking tool, it won't be installed on target machines.

I'm looking for a basic hint for the Jacob The Boss room. I ran nmap, explored the webapp on 80, and did some research on the services I found. So far nothing is standing out. any hints to get me in the right direction? I think this doesn't violate rule 13.

you didn't do enough research on the services you found

the room has more than 1 http service

@woven mirage I found that, on a random port. Sorry I forgot to mention that. I looked through it but didn't find anything. Im not sure how much I can say what I did without spoiling

the cake is in this port

@woven mirage thanks, ill keep on enumerating

it is a known application

Can someone give me a hint regarding the CCT crypto1 challenge? I'm currently stuck on crypto1a and I can't figure the cipher out.
By now I'm relatively sure that it is some sort of transposition cipher or a monoalphabetic substitution cipher, though I think the latter is less probable.
I am a bit confused about the statement that there would be an online tool for the cipher.
@atomic flare DM me if you're still stuck.

@woven mirage Ended getting a shell exploit up and running. pretty cool room. Ive been doing a lot of rooms with manual exploits that I forgot to look up the name of the service and see I can find a exploit. Thanks for the hint!

Hi Everyone

I'm stuck on Mnemonic last flag

Any pointers?

Hints are not allowed on new rooms for 3 days I believe.

It's been 3 days but not sure if we're still allowed to give hints

Its released on 28th and today is 30th. So, its two days.

oh I didnt know. Thanks

Mine says 27th

Didnt even realize its a new room

I'm needing help with telnet side of room Network services question #10
Great! Now that's running, we need to copy and paste our msfvenom payload into the telnet session and run it as a command. Hopefully- this will give us a shell on the target machine! I have done the following copy and pasted the msfvenom payload with the port number of 4444 and my internal virtual address, to no avail! It will not connect to my ncat it's crazy!

hello everyone! ,for this time i dont need a hint , i wish to discuss abouTask5 q3 at the OWASP-Juice-Shop room ,
i just played with the url(with burp) and found how to download the file , tho it just got me more interest to know about this null byte thing and why it was not 00%
i googled it but found nothing helpful to learn from , if any of you got some metirial for me or i may talk to you about this please let me know

what exactly do you want to know?

the reason it's %00 its because in url encoding that will be encoded to null

check out url encoding

and when you are sending the null byte, it will be checked as the end of the string, so the .md doesn't get added

but it depends on how you're handling it on the backend for it to work

i will do a further research and will come back with more specific answer thank you

apoligies for writing errors , i am focusing on be clear as possible lol

no problem 🙂

can we ask hints on aster now? or can i dm someone for it?

oh walkthroughs have been released just noticed...

yeah

so i ||decompiled output.pyc using uncompyle6|| but could not not understand much over other ||found one article on asterisk on hacking articles|| but i need user and pass to login tried some defaults also ran auxillary module to find creds but it was not sucessfull

hey termack

well, you can research how the service works and write a script yourself

yea but what about the creds

and is that.pyc file a rabbit hole?

not a rabbit hole, it gives you a username

now you need a password

can i dm?

yes

Hi all, can someone help with room CCT2019. I did the first extraction and validated the 4588 packet size and got user pass and nick and get other staff but did not find the flag in any of theses. Thx

so i ||decompiled output.pyc using uncompyle6|| but could not not understand much over other ||found one article on asterisk on hacking articles|| but i need user and pass to login tried some defaults also ran auxillary module to find creds but it was not sucessfull
@eternal brook use uncomple2 since it is a python2.7 bytecode

Uncomply6 is compatible with both python 2 and 3

box : pickles rick

got one flag..

is there a way to reverse shell

Where are you stuck?

What all did you try?

Where are you stuck?
@eternal brook stuck inside burp

I can't tell what you're doing inside burp be more specific

Have you got the username?

found RCE and read the frst flag through burp and seen two users rick and ubuntu

trying to get reverse shell

Have you found the login page and logged into it?

yes

Ok cool

Then try something with command panel there

Try some reverse shells

It'll work

ok

I'll try again

thanks

If you're using bash shells try adding bash -c in the beginning if normal command doesn't work

Also url encode them

👍

https://tryhackme.com/room/gamingserver
hey i'm doing this gaming server room and i already got the user flag now i need to priv esc and ran linpeas already ,, can anyone give me a hint what i should look for .... i only saw 2 intersting results that is a /cdrom folder and mtr-packet cap , any hint ?

check your groups

got it

Hi all, can someone help with CCT2019 box https://tryhackme.com/room/cct2019.

I extracted the second packet and extract files from it too but no ressources has the flag !!

@white salmon Then try something that is not a file transferred via HTTP.

I extracted all data png html and certs but data not a file !!

Ok i am going to burn some neurones thinking of it 😊

Yeah, but wireshark can only extract files from some transports.

I did not use wireshark I used foremost and python scrappy too

Well, my comment holds for all tools 🤷

But thanks a lot I will check again because for sure I missed some protocols 😉

If you need a hint: ||There are some packages that occur more often than you'd expect in a normal network||

Thx @atomic flare

In the introtox8664 room question #7 (crackme2 challenge) does the password begin w/ a lowercase ascii t?

mapping this on the whiteboard has been an absolute peach

In the introtox8664 room question #7 (crackme2 challenge) does the password begin w/ a lowercase ascii t?
@fleet pike No. The first character is a ||d||.

petunias..

unmuth: Thank you.

hey has anyone done Network Services 2 room?

Just ask your question directly

because lots of people have. Some people (like me) have done it about 3 times.

Im currently working on Understanding MySQL and im having trouble answering question #4 which is "What is a common application of MySQL?"

Google should answer that for you very quickly

I am doing the pentest basic room and i am having issues running linpeas.sh I am getting permission denied but in the video he is able to run it with no problem

You need to make it executable.

I did that let me try again

Am I missing anything?

That directory might not allow executables to be run

Try putting it in tmp

you're removing executable permission

you need to add it

that worked @oblique cliff

i thought chmod -x was adding?

minus

No you need to +x

subtract

Remove

But you can also restrict scripts from being run in certain directories

That box might have that directory on a blacklist

ahhhh smh im a noob excuse my dumbness lol

You’re excused

Not dumb. Inexperienced

#Mnemonic
which wordlist i should use to get secret files.?

@lusty juniper web fuzzing?

yah

either dirb or dirbuster should be fine

I mainly use dirb/common.txt

@void lava i tried with that. but found nothing

either a different wordlist or that's not the right approach

did you complete Mnemonic room?

@lusty juniper pm me if u still need help

hint for question 4 on investigating windows

It was given to you when you first connect to the room via RDP

You crossed it

its not that

hello everyone! ,for this time i dont need a hint , i wish to discuss abouTask5 q3 at the OWASP-Juice-Shop room ,
i just played with the url(with burp) and found how to download the file , tho it just got me more interest to know about this null byte thing and why it was not 00%
i googled it but found nothing helpful to learn from , if any of you got some metirial for me or i may talk to you about this please let me know
@true gazelle

@woven mirage , so after exploring the subject (yet i am honestly not 100% complete with the idea but lets move forward to the questin,)
they are mention there %00 byte (aka null byle which i do not yet understand the force behind that byte) , all of the sudden they (THM) throw us to use now %2500 , iv`e done a respectful research but i came back here with an empty hands 😦 what is that %2500 byte now , why didn't %00 work but they did told us about it althow we used at the end with %2500

thank you for your time

Have a Great Day!

hey can anyone help me, im stuck in mnemoic room
i found the secret file but still I coudnt find ||password for the file||
i used zydra with rock you

@dry escarp just completed it

huh?

which one?

Mnemoic

oh so you mean for Shunt?

Yes

Yeah well, I used || zip2john and then john with rockyou.||

@mighty quail

THM down?

Sorry I know wrong room

Yeah well, I used || zip2john and then john with rockyou.||
@dry escarp oh ok dude

anyone root Motunui room?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release, unless specifically allowed by the content creator.

Please wait a bit as it is a new room

Hi @atomic flare I got the content ||of the packages and it’s a good hash|| 😉. Still searching for the famous flag

@true gazelle %2500 is the url encoded form of "%00"

its used when the server decodes the url params twice by accident

and so you can use it to bypass filters

and the reason why null byte truncation attacks work is because the underlying C functions think that the null bytes terminate the string

@white salmon Then you're not far from the flag 😄

Hop so, @atomic flare yesterday I passed times on the Net and after 55 minutes I got what I needed but still no flag , arfff perhaps I have to decrypt something but what ?

Ok first stage passed thanks a lot @atomic flare

Hi guys i'm struggling with something, which may be very stupid, but i can't figure out why i can't see questions in one of the learning paths, could i post a screenshot to let you understand what i mean?

im doing jack , i know i have to ||bruteforce the wp and i got the usernames, but rockyou doesn't work what wordlist should i use ?||

Try a shorter one

Hi guys i'm struggling with something, which may be very stupid, but i can't figure out why i can't see questions in one of the learning paths, could i post a screenshot to let you understand what i mean?
@wispy ether State the room, task, and question

learning Paths are made up of rooms.

hmmm so i should try rockyou but a shorter version right?

owaspjuiceshop is the room, should be task 3 if i'm not mistaken

i just don't understand what i'm supposed to fill the forms with xD

hmmm so i should try rockyou but a shorter version right?
@foggy blaze Nah, much much shorter. Something from SET

ow ok thanks

Hi guys i'm struggling with something, which may be very stupid, but i can't figure out why i can't see questions in one of the learning paths, could i post a screenshot to let you understand what i mean?
@wispy ether Ok i sorted it out, there was a flag somewhere i was supposed to submit

Guys why gobuster giving me wrong results?

vhost doesn't do subdomain enumeration in gobuster

We're not trying to do subdomain

There's no DNS server for subdomain

Is there any way gobuster can do this instead of wfuzz?

@sinful obsidian https://github.com/OJ/gobuster

@red minnow Read that but didn't find anything to remove bad results in gobuster.

@sinful obsidian I think that with gobuster you can remove only status codes

yeah i'm not able to remove the invaild results (404 pages > it's saying are valid)

ios forensics, the cookie left behind
I've looked through the safari restore/state file and I can't see much other than the current open page. Where should I be looking?

Hello everyone

I am actually doing the malware introductory room

I am doing a static analysis with Peid but I don't know how to interpret the result found

Please, help

What is the question you’re having trouble with?

What does PeID propose 1DE9176AD682FF.dll being packed with?

Here you are

The big bar at the bottom is what it thinks it’s packed with

@left phoenix

Please help me with the Gaming server room... I am having an issue uploading the image to the server using either wget or scp... both are stuck at 0%...
an example of wget command

Can you upload other files too? I've seen a guy who was having same issue with uploading alpine.

@oblique cliff which bottom bar ? Can you do a screenshot please ?

I've tried those bottom bars but nothing

I got stuck

Room : Malware Introductory,
What is the famous example of a targeted attack-esque Malware that targeted Iran?

Can you upload other files too? I've seen a guy who was having same issue with uploading alpine.
@wintry yarrow I was having issue uploading only alpine... other files like a text file or even the lxd exploit were uploaded easily...

Idk if that guy solved the issue or not. But the issue was just like you.

I'm doing the crack the hash room and I am stuck on the bcrypt hash. I tried both John and hashcat as well but hashcat shows an error and John doesn't detect the hash. I verified the format of the hash from the hashcat website as well

Show the contents of the file please? @austere violet

I've tried those bottom bars but nothing
@left phoenix there are only a few things being displayed and only one fits the answer length. Try them all to see which works

Assuming you have the full hash, it should be recognised. Can you take a proper screenshot of what happens? Photographs of screens are hard to read

Sorry my bad

My system shut down due to electricity outage and it just restarted. So I attempted the same hashcat command again and now somehow it's running.

Can there be possibly any reason for the failure in the first run

If you supplied the hash on the command line, $ is a special character

I don't know what you did so I can't tell what's wrong

My exact command was:
hashcat -a 0 -m 3200 hash_file.txt /usr/share/wordlists/rockyou.txt

Can you show screenshots

It was taking a lot of time so I cracked it online

At online hash crack

That shouldn't work for bcrypt

Seeing as it's salted

@oblique cliff this is what i have

Is there something that I should know about the video for Vulnversity? I click play and it doesn't play.

https://media.discordapp.net/attachments/690557518837186560/761366725060722708/peid.PNG

It’s somewhere on this image

If you’re stuck on the same thing

@stone oyster maybe refresh?

Nothing changed. I'm just using it as a collection of stills to see if I can figure out what they're doing.

Working for me so it’s something on your end

I don't doubt that

I'm so beginner I've only set things up according to how my friend told me to.

Haha no worries. So you press play and it just doesn’t play?

right

Perhaps try a different browser?

thats it. FF runs it

🥳

found the issue, it is me not reading properly 😦

skipped this part "You need to add the DNS domain name along with the machine IP to /etc/hosts inside of your attacker machine or these attacks will not work for you - MACHINE IP CONTROLLER.local "

@oblique cliff I did it but nothing

This is a case of try harder. It’s in that picture. Try literally everything in that picture. It will work

Ok 🙂

Thanks

kinda need someone explain to me of || /var/log || from || LearnLinux room ||

question is: why there would be a || user:pass combination || stored in there?

Because the room creator wanted the to be there @solar fjord

Don't expect to find credentials there on every machine

@final mortar thats a relief, really confused me with abstract infos

legit givin me sweats finding the reasons on google

/var/log is a log file as it seems and it records a variety of events. Sometimes it even could have creds info, so you just need to be ready

that includes the user system pass or just dumps, hashes etc. ?

if thats the case or any form of creds was stored in there, is there a way to redirect the default to somewhere else, for instance : /.test?

I would suggest googling on Linux Log Files

https://www.loggly.com/ultimate-guide/linux-logging-basics/

tnx for the infos, ill start my research

Can someone confirm in Mnemonic room is the ssh user ||james|| i have the pass for id-rsa but can't login with that user?

You should be able to, try going over your command make sure everything is correct.

Can someone confirm in Mnemonic room is the ssh user ||james|| i have the pass for id-rsa but can't login with that user?
@eternal brook Make sure to set the right port 😉

||ssh -i id_rsa james@10.10.52.130 -p 1337||

changed id_ra format to standard format too private one

Lower case

Linux usernames are always lower case @eternal brook

oh alright...but i tried that too

i'll redeploy the box now and see if it works now...

It will close the connection if you get the wrong username but the right key

i think that what happed:(

it said connection closed

yea it worked once i reverted the box thanks:)

anyone have issues re-running the exploit for Brainstorm? i had it working and finished the room. Then I went to re-run it to show someone how a buffer overflow works and it won't pop a shell. i didn't change my exploit code other than the target IP address.

Brainstorm is unstable

Or broken

If it's been fixed someone will correct me here

@granite plover

It hasnt as far as I know

Are we allowed to ask for Charlie and the chocolate factory at all? (after Key, got user, on root)

That's not a public room?

yea? its free?

or I don't know what you mean sorry dude

It's not a public room

eh, so i'm should not be on it?

It hasn't been submitted for review either

then how the...

You're certainly not going to get help in the help chats, seeing as it's not public

wait so this is like an in dev room ?

You would have had to join the room with a joinroom link, tryhackme.com/jr/

Not all rooms are public.

I found it on linked 😦

ok

Rooms are used for teaching as well

right ok

And prototyping, and various other purposes

ok, I'll best put it down then lol

sorry, I didn't realise at all, assumed it was a normal room

I saw this "This is a free room, which means anyone can deploy virtual machines in the room (without being subscribed)!" and was like cool! fair game lol

Can anyone answer a question regarding the Gatekeeper room pls......?
In fact, I have this issue in various other rooms too and I was wondering if I'm just missing something in general that I need help with...
I get an initial foothold as a low priv user (natnit or whatever...) I can execute general win commands fine, but things like winPEAS, powershell etc. give me no output and appear to hang/crash the shell.. no output, no prompt, nothing
If I redirect the output to a file , then the shell quits...
Do I need to improve the shell somehow, or is there something basic I'm doing wrong with these types of machines?..... Happens on more than one machine so I think there's a step I'm missing...

Don’t ask in multiple channels

Someone will answer eventually

..I've deleted it from the general chan.... Cheers

What others rooms you're talking about?

Buffer overflows can be unstable 🤷

You have to be more specific with your question. With powershell you often cannot upgrade with a regular reverse shell just cuz it doesn’t like that. As for not being able to run winpeas it could be multiple things

Re other rooms... I can't remember, just know I've bumped into this a couple of other times, not necessarily just with THM rooms...
Everything looks fine and stable, shell behaves perfectly except for when you go to powershell, or run winPEAS etc....
Maybe it's just the way it is just because.....
Makes recon. difficult I suppose.....
Just thought it was something simple, maybe a switch with nc or similar.....

With powershel, I get the PS banner, just no prompt. Have to exit with ctrl C

Like I said. Powershell that isn’t uncommon

Winpeas you’ll have to show examples

Thanx for the feedback Radient cocoon Blob... will get some screen grabs..

I am Blob

🙂

Hey everyone - pretty new to all this. I'm working through the Learn Linux room. When I put my IP address into PuTTy, nothing happens, and Putty stops working. I've downloaded it, and followed along with the video. But I can't get further.

Any suggestions?

Are you connected to the VPN?

"Nothing happens" is fairly unusual though

I have an IP address generated by the system. But When I click "Deploy" nothing happens.

You've already deployed the machine

That's not your ip address for reference

That IP address is for your target machine

Ah, OK. I tried exiting and re-entering the room. But Putty just stalls.

Are you connected to the VPN?

Did you terminate that VM?

Yeah, I just shut it down. Should I restart and try again?

I was going to see if I could get to it from here

Oh, Sorry. I figured on/off might be the next step in my path to resolving this. I am re-starting the connection.

Yeah it's a good step

That implies the VPN isn't connected properly

This is what I get with the new IP address.

Hmm. any suggestions on what I can do to sort that out?

You're connecting from Windows which makes it a little harder to troubleshoot

But if you can grab the logs, I can take a look

I tried doing it through the cmd prompt - same result.

How do I get the logs? (sorry - total newbie at this stuff)

I don't know with the new Windows client

My kids are on netflix and my wife is watching a movie. Would that impact my connecting to the VPN?

Probably not, works fine in my shared house

Thanks for your help. I can try and muddle through this. I am not sure if I'll have to log into the server again to answer these questions, or not? If I open up an instance of Kali in my virtual box, I should be able to follow along and figure out some of the <man> commands.

You can follow along with a lot of it, but not the binaries

Right - I can't get the password for shiba2...

I'd recommend trying out a different VPN server

How would I do that? (BTW - is it ok to post all of this in this chat room?)

Yep

On the Access page, choose a different server from the dropdown and redownload your config

OK, thanks again for your help. I think I'm in. I have a screen with a linux box, and I can ssh in with putty.

Great

shiba1@something?

yes. Although I logged into the putty with root and used the password provided.

That's not the correct VM then

It needs to be the VM that you deployed in the learn Linux room, not the my-machine attackbox

Oh. So i need the OpenVPN machine?

No

You need to be connected to the VPN, and then you need to deploy the machine in Task 1 of the Learn Linux room

I'm a little slow - where do I go to get the VPN connected?

the access page is not a reliable indicator of whether you're connected

!vpn

There's a room for that

Ha! Awesome. Of course there is.

So I get as far as connecting using my configuration. Then it fails to connect and stops working.

Oh, there's a fix for that pinned in #site-support!

Thank you @stuck fractal !

sir i got issue with this question

XSS Playground

i have Jacks cookies and i change cookie value "Jack" but norhing

any solution?

Have you logged in as jack and posted a comment?

no

i cant login with jack

Oh yea sorry you did change it with your own cookie right

how to do that with a cookie

You go to inspect element

then you go over to storage and then overwrite your cookie with jacks cookie

before xss action?

or after exe payload xss?

If you already have his cookie do it now

THANKIES

@astral smelt

Hey I need some help/tip with the room "set"
I'm at the last stage and want to try to get a connection via plink and metasploit.

Do you have any Idea on what could be wrong ?

*Evil-WinRM* PS C:\Users\MichelleWat\Documents> echo y|&./plink -R 2805:127.0.0.1:2805 -l hacker -pw secret 10.11.11.222 plink.exe : FATAL ERROR: Network error: Connection refused + CategoryInfo : NotSpecified: (FATAL ERROR: Ne...nection refused:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError

Stick to one channel @white salmon

Someone will respond

I wasnt sure which one would be the right channel 😄

If you have gone through the write-up then #room-help otherwise here

alright, thanks!

Hello!
I just want to finish the room Intro the x86-64 but I have some questions.
Someone who finished the room?

Just ask your question

I think I did something wrong, I'm beginner at reverse engineering.
After the command px @rbp-0x4 I can't move on, I don't know where to look.

Look at the hexdump

how do I find the ||image|| in mnemonic room?

I looked into the shell I have ...i hope finding the image is right path?I escaped my restricted shell with ||vi|| also ran pspy but i don't think i can do anything with that ids script right now.

i've tried that it says permission denied

hey guys im working on Internal, im www-data on the machine and looking for ways to own user. i ran linpeas and managed to find a db_pass ||wordpress123||and a username, ||joe||which makes sense given the mayor is the room creator. ive tried to authenticate to the sql server and to /phpmyadmin but am having no luck with seemingly anything. could i get a nudge anyone

hey guys im working on Internal, im www-data on the machine and looking for ways to own user. i ran linpeas and managed to find a db_pass ||wordpress123||and a username, ||joe||which makes sense given the mayor is the room creator. ive tried to authenticate to the sql server and to /phpmyadmin but am having no luck with seemingly anything. could i get a nudge anyone
@rose cape ||rabbit hole|| just look around further at place where they would be stored if someone did not know how to secure or redact them

alright

thank oyu that was quick lmao

how do I find the ||image|| in mnemonic room?
@eternal brook which image? you dont get the image directly 😄

@eternal brook Try using find to search for most common file criteria

@eternal brook Try using find to search for most common file criteria
@final mortar Thanks Quantum that worked

HFS exploit is not working in steelmountain. Any hint guys?

Screenshot of show options? @white salmon

@eternal brook

This is what the output of exploit

Your LHOST is wrong

@white salmon

To get the correct LHOST either type “ip a a tun0” and use the value from there, or type “set LHOST tun0” which sometimes doesn’t work correctly

@trim haven Thanks much

@main ibex could you delete that screenshot as it contains answers :)

Please specify the questions that you need help with by copying and pasting the whole question. Someone will help you when they can.

Room: Mr. Robot CTF
What i want to do: Get the password for a known username
What have i tried: About 10 hours of hydra with the wordlist given in the task ||"fsociety.dic"||

I know that if the bruteforce on THM is taking more an hour, you are doing something wrong. So what am i doing wrong?

show your command @sturdy kiln

||hydra -l Elliot -P fsociety.dic <mac_ip> http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^:The password you entered"||
@white salmon This is the command i am using

try it with wp scan

what with wp scan @white salmon

you can brute force with wpscan

Room: Mr. Robot CTF
What i want to do: Get the password for a known username
What have i tried: About 10 hours of hydra with the wordlist given in the task ||"fsociety.dic"||

I know that if the bruteforce on THM is taking more an hour, you are doing something wrong. So what am i doing wrong?
@sturdy kiln look at the file it contains duplicates remove that....

That's why it's taking that long

@sturdy kiln look at the file it contains duplicates remove that....
@eternal brook i am already down to 62k words out of 800k

It'll take really really long I would recommend remove duplicates from the file and it will save lot of time

Hello, i need a little hint for the linux challenge room. "Linux Functionality" Task 3

I already search other system but nothing ..?

It'll take really really long I would recommend remove duplicates from the file and it will save lot of time
@eternal brook That helped, down to 800 passwords

@rough helm Look for a mount, not system

google how to find another mounts

what ima supposed to do with that?

@rough helm https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/media.html

Thanks a lot, but how ima suposed to find this folder

bc i google things like "other mount system file" "mount system folder" and i don't find anything about media folder. @glossy basin

eternal blue exploit why does it fail?

can anyone help me on this?

Can you screenshot your options please

LHOST is wrong

i just need to set the rhosts to the ip right?

You need to set LHOST as tun0 ip

No

TryHackMe uses a VPN so you can communicate with the network

oh!

i didnt think of that

Metasploit doesn't detect this

Hence why you have to set it manually :)

the room didnt mention it too

thank you! 🙂

now it works xD

thanks alot

hello can someone help me with reverse engineering

Please don't ask the same question in multiple chats at once. Ask in one chat and wait for a response.

are this allow to ask about || Motunui Room || ?
need little hint about || pkt File ||

@sick sun what kinda hint?

||there are multiple devices in the file, why not check what makes them work?||

Hello all im stuck on some questions in intro networking- wireshark
1.What is the protocol specified in the section of the request that's linked to the Application layer of the OSI and TCP/IP Models?
2.In the section of the request that links to the Transport layer of the OSI and TCP/IP models, which protocol is specified?

when i open my wireshark the hypertext transfer protcol doesnt show up and im not sure if thats need for that.
thank you all for you help

anyone able to give me a pointer for wonderland

I've got user.txt, but I don't know if I should pivot horizontally or try to break out of a container (if there is one, it doesn't look like it)

@brittle rock Horizontal.

That's the only direction you really have at this stage

(on the assumption you're alice)

Yeah, because it asked for privilege escalation, when the user was root

Oh I'm currently root in the box

I have about 30 minutes left, so I figure I'm halfway right?

If you're root, you're root.

uh

okay

well

I just completed the box then

nice

No spoil

oops sorry

that was a really enjoyable box though, it had my three favourite kinds of privesc

oh wait

you created it

thanks a lot

now do the sequel

oh boy

I might give that one a day or so before attempting it

I need a hint

like a question says -

How do you do a "ping scan"(just tests if the host(s) is up)?

my answer is -sP wrt nmap

its wrong answer

Check the manual

On Task 4 of Learn Linux, do I need to ssh into anything if I am using the attack machine?

Yes

Deploy the machine in the room

Ok, I thought I did that, but am unable to ssh into the machine using shiba1

The machine you deploy in the room is different to the attackbox

Go to task 1

Click Deploy

Use that IP address

ok, thanks. I will try that

Why did you put the room name in spoiler text lmfao

I stuck in https://tryhackme.com/room/internal for several days now. trying to bruteforce jenkins login with hydra. using rockyou it would take up to 80 hours. the autor used a self-crafted wordlist called "kerbruteforce.txt" and i can't find this list anywhere. any suggestions? otherwise i just have to be patient and have to hope that it is included in rockyou...

If you're meant to use rockyou, you'll find it in under 5 minutes

That's the rule for THM boxes

ok, thx! Didn't know the rule! i'll try other lists then

@gilded pasture in what part are you stuck?

actually foothold....

( topic : can someone please give me a little hint for a foothold on Motunui?)

(just leaving a reference if anyone else will need that)

you didn't get anything useful in FTP?

ftp?

i got something from smb

smb*

yep, but i'm pretty noob about those files

already opened of course

but my networking skills are pretty much 0

well, i'll give you a big hint

i think that i have no idea of what i have to do

search how to extract files from a pcap

well, thanks.

i've done that some time ago

you got a file from it?

yep, talking about the older ctf i'm referring to

but i'm gonna try now to follow the stream and find any file

good luck 🙂

thanks

may i dm you if i need some more hints?

i don't wanna just wait for a writeup 😦

hints are way better then solutions

you can ask here

i didn't finished the room, i tried the first day, got a little bit far, gave up to try later and i still haven't tried again

we can work together on it if you want

we are 3 at the moment haha

every monday i have friends at my home trying an hard tryhackme room together

Hi, Folks
could someone who has already done the room "Inoculation" help me? I'm stuck at the root flag. The exploit "41240" always fails:

maynard@inoculation:~$ sh 41240.sh 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@  CVE-2017-0359, PoC by Kristian Erik Hermansen  @
@  ntfs-3g local privilege escalation to root     @
@  Credits to Google Project Zero                 @
@  Affects: Debian 9/8/7, Ubuntu, Gentoo, others  @
@  Tested: Debian 9 (Stretch)                     @
@  Date: 2017-02-03                               @
@  Link: https://goo.gl/A9I8Vq                    @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[*] Gathering environment info ...
[*] Creating kernel hijack directories ...
[*] Forging symlinks ...
[*] Pulling in deps ... 
[*] Building kernel module ... 
[-] FAILED: your need make / build tools
41240.sh: 61: 41240.sh: /tmp/r00t: not found
41240.sh: 62: 41240.sh: /tmp/r00t: not found

maynard@inoculation:~$ make
The program 'make' can be found in the following packages:
 * make
 * make-guile
Ask your administrator to install one of them

THX!

Hi , for MrRobotCTF box , do I need to crack the login credentials for the wordpress login ?

yes, you need a revshell

Hello

Task 4, question 3 HackPark, i'm going crazy

lol

workiong on kenobi

checking oput a walkthrough , why did the OP use this root@kali:~# nc 10.10.68.87 21
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [10.10.68.87]
SITE CPFR /home/kenobi/.ssh/id_rsa
350 File or directory exists, ready for destination name
SITE CPTO /var/tmp/id_rsa
250 Copy successful

Because that's exploiting the vulnerability?

what exactly is it doing

Look into the site copy command and the vulnerability in proftpd

i did i just dont understand why hes copying a ssh key

or why in the tmp folder

This goes beyond #room-hints
If you'd like to move over to #room-help then I can try to explain

thanks James im brand new to the server so i dont know my way around

@stuck fractal still free to explain?

i never heard from you on room-help

Hey guys, I'm doing ZTH: Obscure Web Vulns and I am at the XXE part where I inject xml into the POST request and when I use xml <?xml version="1.0"?> <!DOCTYPE data [ <!ELEMENT data (#ANY)> <!ENTITY file SYSTEM "file:///etc/passwd"> ]> <data>&file;</data>
It just says user already exists. Can I have a hint?

@terse isle You need to modify a few things in the exploit for it to work

@dry escarp In the KoTH room hogwarts! I just can't seem to figure out a way to privesc, i've been on it for days now! Any hints?

Enumerate harder sharper, did you use/try LinPEAS/linenum? If yes, then look at the output carefully.

yes

i tried everything

#room-help Shodan.io Task 4 - #1 and #5 the answers were changed or not accepting. can someone verify it

Due to the nature of Shodan updating a lot, the room tends to break quite often.

If this is the case, post on Reddit / The Discord / The forums these details:
* Question / task number that broke
* The correct, current answer
* The search query (URL of the search) that shows you this answer.

can someone help me how to connect to the https://tryhackme.com/room/postexploit machine

in remmina

i have used the creds as user:Administrator pass:P@$$W0rd domain:controller.local

but it tells password wrong

try dropping controller.local off of he end

i cant get u @last nova

hi community,can i ask a hint for room ZTH: Obscure Web Vulns / Task 18,been stucked for a couple of hours

I got the jwt token after login and modified it with the proper header and changed the role in admin,but when i paste it/overwrite it in the browser cookie nothing happens,im sure that i paste the modified in the wrong place

this is my token : eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdXRoIjoxNjAxOTkxMzM0MDg1LCJhZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NzguMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC83OC4wIiwicm9sZSI6ImFkbWluIiwiaWF0IjoxNjAxOTkxMzM0fQ.ZVjLC-Ej2y73hcHs0pK0d93YKX49nNa0VK0RCbHIC7M

https://jwt.io/

Hello guys,

I'm looking for website that can help me with JAVA

Like how to code Hanoi tower in Java

I hate to break it to you, but this is the wrong channel

Try #infosec-general or #resources

hahah, I know this channel is for learning hacking, like using TryHackMe and H1

No

This is for hints on TryHackMe Rooms

@cobalt gate maybe you can give me a hint on task 14? It looks pretty simple but for the life of me I can't get the flag... I've followed.all the steps manually, and also tried the jwt tool from github mentioned in help, which confirms that the forged token is valid.. Am I supposed to do something other than pasting the token in the web form...? Thanks.

@brave bloom You get the flag way early, at Task 12

Try focusing on the JWT you sent and it's output

Yes I've followed all the steps in task 12 and no luck. Then I tried the jwt tool from github mentioned in the help section, which incidentally confirms the validity of the forged token, also with no luck... Guess I'll have to keep at it, as long as there's nothing wrong with the task... Thanks.

Yes I've followed all the steps in task 12 and no luck. Then I tried the jwt tool from github mentioned in the help section, which incidentally confirms the validity of the forged token, also with no luck... Guess I'll have to keep at it, as long as there's nothing wrong with the task... Thanks.
@brave bloom It's on the machine you deploy

Visit the machine from task 14

Submit a JWT to it, it will give you the flag

Shouldn't it be a matter of taking the provided token, changing the algorithm type to H256, encrypting with the public key found in the machine (public.pem) and submitting...?

Yes, that's what it's doing under the hood

The task above that explains you how it works

Hello guys, I am getting stuck in the volatility room

I don't understand this question :
What malware has our sample been infected with?

Please help

@left phoenix if you upload the right file to virus total, it should tell you

hi there. guessing I have a tech support question, but double checking here in case I'm about to learn something new about MSF

I'm trying to crack Blueprint. using the THM attack machine. exploited the vulnerable app, so good so far

when I try to run hashdump or a lot of other commands I get errors