#room-hints

Hm, that's true, if I had done that it'd have been easier

Thank you

Well, It's a learning experience. Not all systems have a handy file sitting there with credentials sat in it!

Ik, in my case I went scrapping for any file related to the room (passwords, usernames and such) and I got to that one 'cause the location was odd and I was feeling like I was doing it the wrong way

If you get the results you wanted, then it is the right way.

Flag 26 for Linux Challenges says to locate a file that begins with 4bceb and is 32 characters long. I was thinking that strings would do that. But it didn't seem to. So I tried find with that part of the flag string, and I think it dumped every file.

Am I on the right track?

Strings looksfor human readable strings in a file

So no, not really

ok

ty

Remember you're not looking for a filename

You're looking for file contents

right. Trying to look into a file.

Find only looks at file names?

Does the 32 characters factor into the command, or is that just to make sure you found something that's the right size?

So, grep isn't "failing" but it isn't returning anything either.

What command are you using?

well, I've used a few trying to get something.

grep -iRl "string" ./

try grep -iRl "string" /

and so I shall

Hello- currently in network services task 7. I have run the tcp dump as it states on my local machine and ran the .RUN ping etc on the telnet session I have open. I have been waiting for about 7 minutes and havent received any pings. Is it normal for it to take this long? For reference: command used on local machine : sudo tcmdump ip proto \icmp -i tun0. command used in telnet session: .RUN ping 10.10.87.189 -c 1

That looks like the wrong IP

It should be your VPN IP.

From the highest folder level I ran grep and it goes straight to /snap/core where everything is Permission Denied. And it just hangs there.

You can filter error messages out

add 2>/dev/null to the end of the command

But it's still going to take a while. Searching through every single file on the system

Why does grep tell me what I know?

I try to look into a folder and it says that's a folder. I'm just like...well....duh

?

oy..

hold on.

it is telling you that you cant use grep in a directory like that

if you want to use it recursively in a directory you need to use the flag -r

Ok. So I have this huge list of files coming down. Am I to understand that every one of these files has that sub-string in it?

whats the command?

I think grep -rw '4bceb' /

yeah.

well, the files that show up should have the string

Ok. So, all of those files are also permission denied.

lol

if i remember correctly you are given other clues in order to help you narrow it down right?

It says to search all files for that string. it'll be 32 characters long.

like it's not only that the string contains 4bceb

Is there a grep for a max string length?

ok, so you want words that are 32 characters long

I haven't found it yet.

Unless i need to regex

does it say anything about whether the string starts, ends, or just contains the string?

starts

ok, so you got it, regex is your friend

if you man grep you'll see how to include regex as your search term

I tend to give regex a wide berth as soon as i see.

Kinda' like poison ivy.

and i'd recommend regex101 as an easy way to build your regex

ty

I will look into that

happy hunting

mmmm....hunting....

this btw is the hardest of the questions in this room

oh goody

lol

[a-zA-Z] can I sub with numbers?

er...nvm

[[:alnum:]] Do I need to specify in this flag what I'm looking for? Or is this a flag saying that it will look for alpha-num strings?

play with it a little longer, you'll learn more

Sorry I don't know where to put this, but there was a room on port knocking. It's no longer there.

Retired?

what was it called, there are a few boxes with port knocking

Knock knock I guess

Yea that box is private now

At least I think I can’t seem to find it

was that in the CTF 100?

Yup , 😩

was that in the CTF 100?
Not sure

@median compass I tried egrep '(4bceb)' -rwb /|less

Is it looking for rwb in the string?

i don't see anything in that regex that specifies your 5 characters are at the start of the string, nor that your wanted string is 32 chars long

yeah. Working on it.

[[:<:]]

for beginning

did you look at regex101.com? it's good because it has a nice ref guide and let's you test if you're matching what you want

yeah. Poking thru

Room: Find Command
Task : 2
Question:2

idk whats wrong in my answer

file /home -type f -iname user.txt

Well, you put file not find

wtf thanks

lol

so I was gonna use [[:<:]] for the beginning of the string.

I should put the sub-string outside of this, right?

I don't want to use [4bceb] because that allows for any character to match, whereas (4bceb) has to match explicitly

it's a little simpler than that

just 4bceb on it's own will match, no surrounding brackets at all

then you need something before it to say that's the start of the string you want

and something after to say how long the rest of the string should be

I'm trying to figure out the length option

try testing with these strings in regex101
4bceb 4bceb243523rsadfsdfgserfasefsdscvsdgvrghefdfsdfse fgrfgfdgdfs4bcebsgfsesefdsefse 4bceb123456789012345678901234567

you only want to match the last one

ty

I can get it to match that pattern many times. Haven't seen how to limit the length of the string.

ok, so give me the start of your regex then

{32} matches exactly 32 times. That's not what I'm looking for, but it's the only thing that keeps popping up.

ok, makes sense to start with your search substring right?

and then follow that with a number of ANY characters

lol my machine expired.

yeah, but you can do this bit without the machine

What I've learned: () exact match, [] any match, ^beginning of string, $end of string, {}match upto x times.

^(4bceb)

this starts at the beginning of the string and looks for exactly 4bceb

I can find 4bceb however many times I want to.

that's right except for the (), they're only needed to capture a string, for example in a find-and-replace

So you want to match that string

Then match x number of alphanum chars afterwards

so for your purposes ^4bceb works just as well

ty

but that's right, that's the start of the search string

so what matches any alphanumeric character?

I keep seeing ^[a-zA-Z]{x}$ as a way to get an exact length. But that's not right. That finds the a-zA-Z upto 7 times.

[[:alnum:]] or .

there you go, the second of those

and how many do you want?

.{32}

not quite, 32 is the whole string right?

so minus 5

27

bingo

so put it all together now

Lord have mercy on me.

ty

to insert that into my egrep I need to egrep [option] /regex right?

oh...and directory

well, i'd check it first against those test strings I gave you just to make sure there's not one last thing (hint hint)

and then yes, plug it into your grep/egrep command

Yeah. Forgot the $

I guess I'm asking, how do I tell egrep that I'm using a regex? Does it have to start with the / ?

that's a googleable thing, just look for egrep examples

lololol

I might just step away for a little bit. I need to paint the bathroom. Maybe the fumes will help me think clearer and do this righter because it gave me the same file dump as it has so many times before.

egrep '^(0|1)+ [a-zA-Z]+$' searchfile.txt is an example I found. So I egrep '^4bceb.{27}$' /

Ya'll have a great day. I will talk more with you later.

Thank you for your help.

Hello- Currently stuck in the room "blue". task 2. I chose the exploit, changed the RHOSTS to the victim machine, and ran it. I keep getting back "fail" as it executes the exploit. I searched through the show options command and didnt find anything else that I could change. Any pointers of what I could do to get back on track?

show options and post a screenshot

Most likely your LHOST is wrong

I noticed that before and changed it to the host IP and ran it and it didnt work so i restarted the victim machine and started from scratch (thinking that it wasnt the issue) ran it just now before getting the screenshot just in case..AND it worked.

LHOST needs to be your VPN IP

vpn ip**

i set it to that the first time with no luck. not sure why it didn't work the first time but ran the second but it is what it is. onto the next task 🙂

it's a not uncommon thing with msf @queen hull, sometimes the LHOST parameter resets itself, it's a good idea just to quickly do a show options right at the end before you exploit

Hello, i've got an issue with room : https://tryhackme.com/room/nax - i've made it all the way to the metasploit bit. However it doesn't want to connect/says host is not exploitable.

Yes i set the LHOST and RHOSTS and PASSWORD

I checked writeups and they all say the same and it should work but doesn't, also connected to VPN, able to ping host/open website manually

nvm had to restart machine..

I have another question/stuck in the blue room. I got to the very last task (find the flags) and found the first flag on the C: drive. in meterpreter i ran cat flag1.txt. I got back an operation failed. I tried to download it, same thing. I have since restarted the victim box as well as my own just to make sure there wasn't any issues there. the screenshot provided is the second time around

cat C:/flag.txt?

Remember, file paths that aren't full relate to your cwd

ahh ok that makes sense. I was confused on how I was connected but not able to reach it. thank you!

Hi guys. Anybody done the physical security room please?

It's always best to just ask your question

Plenty of people have done most rooms

i mean you ccould just do shell get windows shell and read the file

Just ask.

I can’t answer a few questions from the room. I’ve solved 64%

I’ve watched the videos over & over but I still can’t answer the questions

Maybe if someone explained or sumn

google bosnianbill on youtube, some of the answers require you to research beyond the videos you're given

like a lot of the rooms here, google is your friend

Rip me lmaooo this is proving to be my most difficult room ngl

patience grasshopper, soon you'll try Ra or YearOfTheWhatever and this will be but a happy memory

Challenge accepted kek

lol

so true

ONCE you get it, you get it. You'll look back and wonder why you didn't.

I FOUND #36!!!

Not looking for that one.

So, if you run a regex and it says Permission Denied, it's saying that I can't scan thru that file to find what I'm looking for.

If it says Invalid argument, it's telling me that the string I'm looking for isn't there.

Does that sound correct?

It should fail silently of the string isn't there

Invalid argument means one of the arguments was not valid

In the Madness room I couldn't get the shell exploit for the suid binary to get root to work for some reason and couldn't find another way to get access to that flag 😦

Really enjoyed that room otherwise though 🙂

hello, can somebody help me plz, im on room "upload vulnerabilities", and i am stuck at the challenge of task 8, help plz

can you explain exactly where are u stuck at?

bypassing the filter

but wait a sec

lemme try something ive found

okay. reading the material will probably give u everything u need to solve that task 🙂

ok ok

i uploaded it

can i dm u ??

if u uploaded then u are pretty much done.

you can say it here, if something is spoilery u can enclose that with spoiler tags ||...||

oh no

it didnt worked

the machine doesnt recognize the format XDDD

okay but did u read the material that is there in the walkthrough itself?

every step of the way is explained there isn't it?

yes

something tells me that ive missed something

yeah re read and try to do the steps in the task itself, as it's a walkthrough room i think most of information would be there itself.

ok ok

ill try other time / later

im kinda tired

thx anyways @hasty slate

np 🙂

Uhmm what do u guys think what is wrong here

find / -type f -perm 604

Find all files that are exactly readable and writeable by the owner, and readable by everyone else (use octal format)

well, i don't see nothing wrong

That currently looks for the following conditions: (U)ser / owner can read, can write and can't execute. (G)roup can't read, can't write and can't execute. (O)thers can read, can't write and can't

That currently looks for the following conditions: (U)ser / owner can read, can write and can't execute. (G)roup can't read, can't write and can't execute. (O)thers can read, can't write and can't
@limber bane Yeah but it's not working

You want 0644

(U)ser / owner can read, can write and can't execute. (G)roup can read, can't write and can't execute. (O)thers can read, can't write and can't execute.

644 works thanks men
i thought i need to 0 the group

Always remember the octal values, (R)ead = 4, (W)rite = 2, (X) = 1

Total of 7

(U)ser R,W,X (G)roup R,W,X, (O)thers R,W,X

-rwxrwxrwx = 777

You can get really easy to use permission calculators online that will help with understanding but try to not rely on them outside of understanding what they're performing

Eg. http://permissions-calculator.org/

so i need a hint

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

OK

The learn linux room, task 21, and i'm not finding a binary

Screenshot please?

okay

Room- steel mountain tried powershell_shell > . .\PowerUp.ps1 hangs. uploaded to correct directory file on the machine

here is my screenshot

so i found some stuff that the question talks about but i don't know if it's what i am looking for.

Go home

To your home

shiba2 home, right?

Your current user's home, yeah

cd on its own takes you home

Okay so anyone who has trouble on steel montain don't use msf6 worked first time using attack machine

done

Okay as im reading the challenge it says take close attention to the can reset being set to true where is this? i have the answer im just trying to understand for future reference

how do i find a file in windows using command prompt? tried google

hello guys can someone help me with the room Upload Vulnerabilities Task 9?

I can't find the uploaded files

nobody? 🙂

room upload vulnerabilities?

Please try to remember that everyone here is a volunteer

@stuck fractal I didn't knew that. First time I ask a question here, sorry.

@white salmon https://tryhackme.com/room/uploadvulns

ah sorry i haven't got that far i only started yesterday

I'm stuck in that part :/

how do i find a file in windows using command prompt? tried google
@white salmon dir fileyouwant.ext /s /p
/s = look all disk; /p = pause if found
But it could take a century..

thanks alot @hollow maple

Room: Find Command
Task: 2
Question:
Find all files with write permission for the group "others", regardless of any other permissions, with extension ".sh" (use symbolic format)

The answer i try:

find / -type f -perm g=w -name "*.txt"

Hello All. Working on NIS - Linux Part I task 5 (grep). When using grep against any of the two grep txt files it is given a permission denied reply. Is it looking for a specific input?

@hidden fractal Extension: .sh

.txt and .sh are different

And it's asking for others, not group

I mean, .sh =/= .txt '-'

oh ok im sorry
i think its my second time asking for a obvious mistake
lol

U.G.O
User - Group - Others

tnx

Hello All. Working on NIS - Linux Part I task 5 (grep). When using grep against any of the two grep txt files it is given a permission denied reply. Is it looking for a specific input?
@spice stream Yeap, but, you can't do that, 'cause you don't have permission for..

@stuck fractal i found the answer to Learn Linux, Task 21. Thx for the help!

Up until this point the commands had permissions to the file for that task. i.e. cat for cat.txt. Am I just missing something?

Well 🤔

Where's the file? currently directory?

/home/chad/

What's your pwd?

wait, are you in grep group?

-rw-r----- = root (user) | grep (group) | --- (others)

root can read and write, grep can read, others can nothing.

This box has been pretty restrictive with commands. It seems the commands are in the groups related to their file. Example:

Yeap

root cat cat.txt
root grep grep1.txt(?)
root grep grep.txt
....

did anyone get the 7zip file?

That's very vague.

on the nislinuxone room. my bad

wrong ninja there

more information would help us help you

what task

holy crap. show's you how long it's been since i've been in this discord. lol

and what are you tring to do?

task 15

extract the zip.7z file.

which room is nislinuxone?

learn linux?

yeah

which room is nislinuxone?
@woven mirage https://tryhackme.com/room/nislinuxone

ooh the new one

i can't help you, sorry

no worries. i'll figure it out. ty.

lol wrong ninja again

holy crap..

arghhhh

dont need to ping

just ask

anyone can answer

I'm used to a lot smaller thm discord. whoops. lol

I can't help either, heads up

I might work through the room tomorrow if you're still stuck

ok, thank you. i'll ping Chevalier in a bit. thank you guys.

box: library .... done dirb with custom user agent ... s

did some ssh bruteforce

coudn't fifgure the useragent:rockyou in robots.txt

sorry for the trouble ssh brute force worked.....seems i lack patience😅

In "Relevant", can't do anything with the file left there, enumerated even more just in case, but knew I had write permissions in this box and decided to put a rshell, one made for the version of IIS it is. (Hopefully not giving away tooo much.. lol) Anyway, I couldn't get it to work, tried multiple ways, encoded even, getting execution through browser, or through curl etc... it doesn't want to reach back out to me. I've done these before and don't think I'm missing anything.... Looked up the owners walkthrough, and looks like I'm doing it the same way.

I've restarted the box multiple times

I think I'm locking up the service

did u try to put nc and run nc with cmdasp?

as relevant has windows defender on, malicious signatures will be deleted

so try with nc?

is the payload staged?

non-staged

gonig to try cmdasp

lol

I didn't get that to work either, let me reset the box again

Pretty cool little webshell though, I never used it before

So, I restarted, did everything the same I just waited awhile first. Then, the shell took a minute to come back to me as well. But, i'm in.. 🙂

eyy gj 🙂

I mean, if you know it should work... just go over all the details again... right port, type of system, port, ip, all that... then restart the box and try again with patience lol

had my fair share of those. very true. lol

hi

I would like to ask about some hints for NIS - Linux Part 1, Task 15 7zip

extract the zip.7z file.
@late patio Owh, u have the problem too?

Reread the task it tells you how to unzip the 7z file

yes i read it

I am not sure whether i understand the steps wrongly or i didnt use the correct method

It gives you a command to use use that command

i do use it

but i state that permission denied

LFI Basics task 3 trying to inject the command as shows on the task.
User-Agent: Mozilla/5.0 <?php system($_GET['lfi']); ?> Firefox/68.0 if there any typos since it wont work?

Havent done that yet.

LFI Basics task 3 trying to inject the command as shows on the task.
User-Agent: Mozilla/5.0 <?php system($_GET['lfi']); ?> Firefox/68.0 if there any typos since it wont work?
@fallen jolt

@paper plinth Yeah, there's something wrong with it I believe. I got it once. never again. lol

So u get the flag already?

Wait, please don't tell me that the 7zip is broken again

yo @late patio @paper plinth what happened

OH FOR GODS SAKE I JUST FIXED BINWALK WHY IS THIS BROKEN NOW

yes

ahaha

sorry to tell you that but

7z is broken too

permission denied

@past night not sure. run the command and it doesn't extract the .txt file.

yeah, i figured it out

i was going to pm you, but didn't want to bother. lol

instead of doing -aG i-ve done -ag last night to fix permissions on xxd

yeah, noticed you fixed the binwalk one. lol

yup

and messed up 7z because i didn't set up the groups correctly

🤣 whoopsies.

there's a privesc too for the ones that want to get the file the hard way

lol. i'm about to get some sleep, but might check out the priv esc in a bit.

fixed now will ask one of the admins to republish it again

yup. that looks a bit more like the output i was bashing my keyboard to find. kekw

yeah, i am really sorry for this

i've mistyped a command

say thanks i haven't broken everything around it while at it!

lol. all good. the rest of it works. lol

@past night ty, and have a good one. going to get a bit of rest.

oki, rest well

thank you

oki, rest well
@past night

no worries, if you want the flag i am happy to dm it to you as you clearly done it correctly @paper plinth

nah its ok @past night Thank you fror the room

no worries, and apologies

in startup is the ||.pcap|| file supposed to be empty?

nope. but it's not ||pcap|| it wa ||pcapng||

yuh yuh same

its showing empty to me, i guess ill restart the machine

What is a flag.h file?

its showing empty to me, i guess ill restart the machine
@frail rain yeah probably good idea.

rooted the machine thnx

eyy gj potato!

@past night I think the new room is having a grep error

i think your command might be wrong scrap that

let me check

can you drop me your room ip really quick @glacial gust

10.10.47.135

2 minutes for Attacker Box to boot

fixed it for you @glacial gust

just exit and enter again ^^

i'm waiting for the fix to be pushed live

thanks

no worries, i do apologise

is the 7z error still being fixed

nvm

i fixed it on your instance

just doing hot fixes for now

its a good room

thank you, i'm sorry i messed up that part, i tried fixing something and broke it somewhere else

it happens

thank you for understanding and letting me know 🙂

i wasn't sure how many things were broken afterwards

Who is the creator of Ghidra room? I am having some difficulties

You don't usually need the creator

Task 4 question 2 "What is the first variable set to in the main function?"

Just ask your question directly, and if someone can help then they will

I don't see where I have to look

Have you jumped to the main function in ghidra?

yes I am on it

I think at least, is that correct?

question says "first variable" so "iVarl" correct?

What is it set to?

||strcmp = (local_18, "l\n")||

I think

But that not the correct answer

You'll want to look at the assembly if you're still working on it @white salmon

@stuck fractal I still have Ghydra open yes, even thou I was doing something else. I am not really good at assembly right now😬

It's a crucial skill for RE.

But that was an hint anyway, now I know where to look thanks!

Hi

how can I chain oput of one command as argument of another?

That sounds like a good question rather than a #room-hints question

I have a question for Motunui room. || I found the network.pkt file but it says the only way to open it is with Cisco Packet tracer. Downloading it requires me to make an account and follow a course. Am I doing something wrong or is this the intended route of the room? If it is, it seems oddly complicated||

Hey can somebody give me an idea on how to get ||root password|| on room Brute It

Room: ToolsRus
Metasploit task

I am getting an error and I don't know how to get rid of it. Can someone help me with a tip? I have attached my options for msf5

Your LHOST seems a bit off?

set LHOST to tun0

well, i've read that it should be my VPN ip but I am using an in browser machine and I thought that it is the machine ip

It should tell you your IP on the page

either set it to tun0 or go to 10.10.10.10 in your browser copy that ip and put it

Have you used the Browser Based Machine @white salmon

ohh

sorry i didnt notice

Wrong exploit it's upload not deploy

Thanks Blackout

I just checked in 10.10.10.10 and it's the one from there. I will try the upload one now

working 😉 thanks guys

Just trying to do old advent calendar and got stuck on Day 24,Elf Stalk 2nd task. Am I correct if I'm thinking CVE-2018-17246 should be used over here?

@fathom mulch Yea that's correct

Cheers.

Now need to figure out how to upload that revshell..

finally rooted startup took a good 45mins

root@startup:~# id id uid=0(root) gid=0(root) groups=0(root)

Hey guys, I'm new to THM, just going through the Metasploit intro lab but I'm just a bit confused, I want to load an exploit into a Windows host but I don't have a Windows lab host?

press the big green deploy button at the top of the page homie

That's deployed my linux box, or is there another big green button I'm not seeing

Task 5

Click the green button

NOT this one

Ohhh got it, nice one thanks for that

i'm having an issue with the metasploit room...one of the questions is not accepting my answer O_O

It's not asking for the number

read the question again carefully

could anyone give me a push for the Startup room? I gained shell as www-data, then priv-esced to the next user....i have an idea of how to root, but everything i tried failed....dont really know what to do now

run scripts to enumerate the machine such as linpeas and pspy

Linpeas doesnt really give anything...i know the files i need to work with, but idk how to make them do what i want since they need root access to edit

pspy will give great info

Im not really familiar with that.. i used it once in the oscp proving grounds... ill find it and mess with it some more... thank you

check linnies home folder and pay attention to the files permissions and who they run as

quick question: in the OWASP room task 5, am I supposed to see a txt file somewhere in Burp's site map?

OWASP TOP 10 to be more precise

Task 5 question: What strange text file is in the website root directory?

nevermind I figured it out

Thats weird.... i did the same thing i did earlier, but my 2nd shell spawned as the low priv user again, so i thought it was wrong....just tried it again and it spawned as root 🤷‍♂️

Really fun box though

nah its ok @past night Thank you fror the room
@paper plinth fixed now 🙂

On the Linux Challenge room, flag 26 that gives the start of the flag, someone mentioned using find/grep. Could someone explain what I would find that then goes to grep?

or should it be grep/find?

Is the one that gives a string that's the beginning of the flag?

You don't need find for that

Only grep

Use grep recursively in the directory you want to find

If you don't know the directory, use grep in / and it will search through all the files

It can take a while

I personaly used find and grep, tried with only grep and it took forever, but works

Ack, I'm totally brain farting the setting I need to change sometimes for browser to lookup the domain and tld '.thm' .... Very sleepy today, struggling to remember dumb things

It's like..... domain lookup file, refer it to this box IP specifically or something.. I think it's a linux setting not a browser setting... top of my tongue here for awhile

do you mean /etc/hosts?

ding ding ding

thank you good sir/ma'am

np

lol

Working on Mr. Robot, not looking for hints, but am I nuts in that I'm completely missing flag two? I got dashboard access, but. Stumped. Again no hints, but I feel like to get the second flag it's complicated. Am I possibly overthinking this maybe? Trying to be vague cause this is the first non-walkthrough box I've attempted and trying to do this without hints really..

Do you have wordpress admin?

ya

You can usually get a shell on the system from that

that's what I was fiddling with anyway so that's good. at least I'm not over thinking it

hey guys... pretty fresh here... I'm up to task 7 in the OWASP juice shop: Question #1: Perform a DOM XSS!.

I put in <iframe src="javascript:alert(xss)"> into the search bar and get the xss alert but no flag? Trawled through a bunch of walkthroughs on the internet to figure out what i'm doing wrong but it's pretty straightforward - apparently the flag should appear like the rest?

tried inspecting the element/checking browser console for the flag as well

try to redeploy the machine and do it again

I'll give it a go now

nope still won't appear

You need to follow the instructions super carefully

Use the payloads etc you're given

uh there isn't any? It just says to input <iframe src="javascript:alert(xss)"> into the search bar

maybe i'll run it through burp suite

I would suggest clearing cache or trying the payload through burp

clearing the cache didn't work - would delivering the payload through burp be by using the repeater and crafting the http://ip/search/?q= bit

i went to /api/challenges and found the line for it (#15) and tried searching using the iframe in there <iframe src="javascript:alert(xss)"> which didn't work either haha sorry if i'm just being dumb... pretty lost

can somebody please help me with Physical Security Room - Task 6 - Number #5 - An improperly hung door which opens away from you can be bypassed using this type of tool? and Task 6 - Number #8 Adams Rite hardware fixtures are susceptible to a bypass where a wire is snaked through the keyway and actuates the locking mechanism behind it, what could prevent this bypass?

I have watched the videos over 3 times and cant find the answer to them

thankyou

Can somebody help me in intro to x86-64 room in the crackme2 binary?

I'm so confused

@cunning quartz What's up?

Where are you stucked? What have you tried?

I'm almost embarrassed, but I'm stuck in the NIS-Linux room. I just can't find anything that has to do with shiba in any way ... Tast 2-16 were a piece of cake, but task 1 is killing me

Can someone point me to the right direction?

Am I supposed to break out of the rbash?

i need help in mitre room

hey @white salmon, did you read the text at the start of the room? ||A requirement for this room is to finish the Learn Linux room - https://tryhackme.com/room/zthlinux.

As it covers all the basic requirements and this is just a follow up to it in order to strengthen the understanding you gained throughout the room. In order to do so.
Below I will be asking a few questions related to that room, so please, make sure to complete it first :). If you didn't feel free to go through the tasks and come back to this once you finished the room||

So I have to Deploy the machine from the other room?

@snow matrix it's better just to ask the question

well it's more that you should have done that room and have the answers in your notes/stored in THM - if you haven't then yes, the only way to get them is to go do the other room

done the other room a month ago 🙂

maybe i didnt get the task right. thanks 4 help 🙂

But it's not a problem to break out of the rbash in NIS 😄

it doesn't matter if you break out of the rbash, the users shiba3 & 4 don't exist on this system

the only way to get their passwords is from the other room

there is a way of breaking out of rbash discovered by 0day, but the only thing you gain out of it is cheating yourself imo

For the scripting room i am at task 2 where you need to use socket but i am not receiving anything. Do i need to send a command after i connected?

usually you open a connection then ||recvXXXXX from it||. you should go study up on python sockets is my suggestion, lots of examples out there

ok thx

I use recv but stays empty

you could/should have a look at pwntools too, their socket implementation (tubes) is very easy to use and it leads on nicely to buffer overflow techniques later

i will have a look at pwntools thanks

i'm afraid I haven't done the room in question, your script looks ok at a glance, what port are you interrogating first?

3010?

if so do you get anything from it when you connect directly with ||nc IP 3010||?

the port changes every 4s i am refeshing the webpage to get the current port and giving that as arg with the script.

i will try to convert tubes and see if i get more luck. I think it has to do with the recv(1024)

i will try to lower that

because i don't think i get that much data

so its waiting to long

i hope

pwntools has a very useful-for-ctfs recvuntil which let's you read from the socket up until you get a particular character/string, makes it much easier to grok incoming info and script a response

gotit

i need to send the get command

But i will be using tubes waaaaayyyyy easier

thanks for the push in the right direction

@rose cape if its not for a thm room then please ask in #general

alr

Hello- Stuck in steel mountain- task 3. I downloaded the file, unzipped it, and ran the command prompted within metasploit (within meterpreter). I have also tried using the location of where it is at in my host machine to no avail.

Can you be a bit more precise?

"the file"?

Im sorry, the file from task 3. it is a powerup script that we are prompted to download

Told to download said script, then use upload command in metasploit then gives the following : upload /opt/windows/powersploit/Privesc/PowerUp.ps1

Ok, and what happens?

Is that where you downloaded it?

no. I used the original command first (the one above), then I also tried it with the location of where that file is at on my host machine, got the same error message both times

did you download the script to that location?

you have to put the location of the file on your local machine

most likely ~/Downloads/PowerUp.ps1

yeah thats where I had it prior. it is currently in the opt directory

ran code, same error message

wait

why have you got - / on the end?

put a web server on your local machine then wget from meterpreter

No no no

They're doing something really weird

huh

They have - / as the destination

Urgh that font nvm

Whatever they're doing, the file isn't there

the current command im using is: upload /opt/PowerSploit-Master/Privesc/PowerUp.ps1

So the file isn't there.

I see it in there, I'm not sure what you mean

do an ls -la /opt/PowerSploit-Master/Privesc/PowerUp.ps1 for us @queen hull

upload evil_trojan.exe c:\\windows\\system32

upload source destination

ninja I tried to do the upload for evil_trojan, same error

ok, so in none of the original commands you showed us was that the path

yes after xnth mentioned that I moved the file there and tried, can provide screenshot for that as well

please do

upload source destination

re ran it and it went

idk

lol

it was the M in master. all that. im dumb

you're nearly always better off cutting and pasting long paths for exactly that reason

good luck with the rest

thank you for your help

In reference to Mr. Robot, I discovered either a modified or custom switch on a certain command and I was trying to see if I could tell what the switch was doing because I'm getting strange stdout msgs with it. In reference to the command, for those that have completed the box, is there a .conf file or something that houses custom switches?

That's very very unlikely

i figured. Just thought I'd ask

You're being quite vague about it. If you'd like an answer, it's best to be more specific

I know, I'm trying not to get to many hints with this box cause it's the first I've attempted without a walkthrough.

There's #room-help if you're worried about spoiling something

ah so that one is less specific in regards to questions about a box?

No

oh I see

#room-help is for once you've checked writeups and something is not working

More than just hints, you don't have to worry about spoiling the intended path

Obviously don't post passwords or flags if you can avoid it, and don't dump spoilers for no reason, but that's how it breaks down

the more specific you are the easier it is for us to help you just the right amount @half citrus, if you ask a very general question you're likely to get more than you want/need

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

I know. But it's like, I need to have that first box I get on my own you know? as a noob it's a fine line

That's the template

Then don't ask at all?

It's your decision, and we can't help at all unless you help us help you

Ok, I'll try it this way: Working on Mr. Robot, 3rd flag. found in interesting switch within nmap that upon using it, i get this output. I'm not showing input due to spoilers unless you think it's ok to post.

as for the input, I'm targeting localhost, and various standard nmap switches to see what the output is, if it changed.

so you can surround anything you think is a spoiler with ||

ah thanks

no, double pipes

lol

my input is ||nmap -oS - localhost||

Right process, total rabbithole

lol ok

-oS means to output your findings in scriptkiddie format

hence the int3resting

wait, so scriptkiddie format is l33t?

yeah

haha ok, that makes sense

I didnt know that

https://nmap.org/book/output-formats-script-kiddie.html

google is your friend 🙂

I did google around for that, but I didn't put together that -oS was a part of nmap

so that's why I missed it. Thanks folks.

good luck with the rest

You're supplying it as a flag to a program

everything after the nmap has to be passed to the program as an argument unless there is a ';', '&', '&&', '|' etc. that signifies a new command or a pipe/redirect to another binary

thanks for the help. I feel a bit like a dummy spending so much time on this.

everyone starts at the start, keep at it and you'll find a whole world of new things to fail at, that's the joy of infosec 🙂

Some start before the start

On kali what is the best wordlist to use for gobuster i can't find anything decent i check the dirb wordlists but there like 5 directory searches

THere is no best

There's a lot of wordlists in /usr/share/wordlists

dirb and dirbuster lists are the best place to start

Yeah but which is okay. common.txt is awful

Common is just fine

Big is just fine

really?

You have to try these things out yourself

It's a tradeoff between time and coverage

Like password cracking

Ahh okay. ive just tried big.txt this is working better thanks common was too quick didn't get much

another question if an exploit for example the one i have is 2.4.3. and it shows other exploits with 2.4.3.1 can i use them on the 2.4.3 version?

I am saying this generally not for any room, usually it depends on the software, exploit etc.
like they may have fixed it, or they haven't. I have used like exploits which was for very different version with no problems. And also i have seen exploit that didn't work because of .1 difference of patch version. So if you can find an exploit which exactly matches it's cool otherwise u have to use trial and error to see what works.

thank you

Hello I'm stuck on the room CC:pentesting on task 4 last question, I tried to do my gobuster command with (I think) the good parameters but I cannot find the file, can someone give me an hint please ? 😄

(I tried a lot of dictionnaries too)

What did you use to specify the extension?

If it's the question I think it is, make sure you're looking on / rather than the dir you found

Trying to crack the password on the HackPark room: Hydra find a wrong pass everytime, is my command wrong ? Task2 Q2

That wordlist looks broken

That's rockyou.txt

1. it's got a different name

2. It's got HTML in it

I just get the 8 chars from rockyou

Rockyou has HTML but I think you're doing something wrong and breaking the page

You're missing A LOT of request body from your hydra command

Since i know the lenght of the pass i just stripped rockyou

Alright, that's maybe the problem then. Thanks

I used -x .xxa to specify the extension

I used -x .xxa to specify the extension
@elder knot Make sure you're using gobuster on / not the dir you found before

Ok I'll try tomorrow thanks a lot

How am i suppose to do simple CTF if the exploit is written in python2 and kali no longer uses python2 or pip2 installer?

Either fix the exploit, or fix python2 for Kali

not so simple ctf lol

room. owasp zap:
hi
i need help with owasp zap. i installed it and import the certificate on firefox. set foxyproxy for go through port 8080 and zap rout me always over https and not to http.
anyone has a solution?

That's intended behaviour

okay. its not like burp?

Did you try to set the proxy manually (firefox)?

okay after a few resets it worked!

nope with foxy proxy; 127.0.0.1, 9090, http

Ok!

I'm currently on Task 21 of the Linux Walk Through, and here's what i've got so far.

shiba2@nootnoot:/home/shiba1$ echo $USER
shiba2
shiba2@nootnoot:/home/shiba1$ ./shiba2
bash: ./shiba2: No such file or directory
shiba2@nootnoot:/home/shiba1$ ls
b.txt  ls  noot.txt  noot.txt.  shiba1
shiba2@nootnoot:/home/shiba1$```

what am I not seeing this time

link the room please @grizzled berry

https://tryhackme.com/room/zthlinux

Change to the home directory of the new user @grizzled berry

You are still in /home/shiab1

which command would I use for that?

You have to change directory to /home/shiba2, how would you do that ? cd /home/shiba2, or relative path cd ../shiba2 , Or just type cd anywhere to go to your home directory

cd ../ to go back

and then what could you do 👀

There is a cd section you must have passed on your way here tho

Read up things more carefully

I keep forgetting things, thanks for the help

~

I keep forgetting things, thanks for the help
@grizzled berry Read them again, take notes, read the notes again !

Whatever you gotta do :)

Yea it can be confusing learning a lot of new information at once but I find for stuff lie using linux for example it becomes a lot easier to learn it when you immerse yourself in it

maybe try using wsl or a linux distro as a main os occasionally? seems to work for a lot of people

I actually don't remember learning cd

Hmm, it's coming up then @grizzled berry

I did a C^F on the page for cd and found it a couple Tasks later

im on chown right now

Yeah it's Fine. Keep doing them 🙂

I have officially learn what cd does

change directory

@grizzled berry

I'm back

im trying to create a new directory called test in home, but im getting Permission denied. Heres how its looking...

shiba3@nootnoot:/home$ mkdir test
mkdir: cannot create directory ‘test’: Permission denied

I've tried to use chmod to change my permissions however that wasn't successful either:

chmod: changing permissions of '..': Operation not permitted

I feel like im somewhere near the right path...

@night cave
Actually I'm not able to crack the crackme2 part

What have you tried?

I have tried in the radare2

And?

Gdb

Changing the breakpoints for noticing the eax and eips but I got confused

Okay, show me what have you done.

Okay

@grizzled berry make sure you are right user and in the right directory.

found it

@night cave i not able to get the movq operation

you can see the last intruction of comparing the registers, but when i check their values it always gives me fffffff @night cave

see @night cave

Are you trying it on your machine?

no on remote machine

ssh

i deploy the machine and the files are present their only

Do you have the directory /home/tryhackme/install-files/secret.txt?

yes

it got some text

but that is not the answer

i already tried

Indeed, that's not the answer.

actually i'm a beginner in binary exploitation

Wait, so where exactly the program ends for you?

wait

@night cave

Ah, move to DM, if I try to help you any further, this will just spoil everything.

So, DM would be the best.

all these pics?

What should I do now? @night cave

No, just DM me your approach on where you set breakpoints and all

Okay

Can anybody provide a hint as to where I should be looking for Mitre: Task 6 "Where can you find step-by-step instructions to execute both scenarios?". I' feel like I've read the whole website and entered the correct answer, but I must be missing something obvious for the required answer

Click on the APT29 link and you will find it

@astral smelt Thanks, I got it. I was looking in completely the wrong place

anyone know where I can find command aliases

what do you mean 'find' them

like on a running system?

or examples of them

what room and task are you doing?

https://tryhackme.com/room/linuxctf
task 2 question 1

im supposed to find where command alias are stored and get flag 11

you mean task 3 question 1?

yes, apologies

have you tried googling? it pops up in the very first result for me when I search "linux define alias"

Im googling the wrong questions I guess

that's just a question of practice too. Got it now?

hi, on the INVESTIGATING WINDOWS machine i am surprised to say that I am stuck on question " What was the extension name of the shell uploaded via the servers website?

"

I have answered all other questions, been wondering how to find out

sorry, haven't done that one. Can you find a log file for the web server?

yeah I found the one, but now its telling me to look where the alias are created

hmmm @median compass will try to find one

all the commands and info you need are in that link @grizzled berry. It gives you the command to print all aliases and further down it tells you how to make aliases that persist across sessions

im going through it right now

@median compass I have discovered it. THanks man, hah, cant believe i spent like 30 min and did not think about that

https://tryhackme.com/room/lle
Task 6.
I can't find the flag

@white salmon What extension you tried ?

using spoiler tags (surrounding the text with || on both sides), show us what you've done, i.e. the commands you used @white salmon

Could someone please assist with this question in the MITRE room

task5 Q1

thanks

have you gone to the SHIELD website as instructed and looked at each of the tactics in turn? @polar mountain

https://shield.mitre.org/tactics/

https://shield.mitre.org/techniques/

no, I'm aware of the website, I'm asking have you gone there and read it?

because each tactic lists the techniques that apply to it

and the question just wants to know which has most

so the answer is on the site

there seems a fair bit to read through

well, that's kind of the essence of learning

but you could just count them and not read them

true

not sure if i am looking at the right page

this is #room-hints, not #room-tldr

fair enough

I did ||find / -type f -name "*.conf" 2>/dev/null|| but there are too many results

@white salmon You can snag a sneeky grep if you want to

||find / -type f -name "*.conf" 2>/dev/null | xargs grep "*THM*"|| did not find anything

You're very very close

Check for more option in your grep

||-i|| did not help

Nop. But look arround you're close

@median compass sorry mate i was bamboozled with the website and was looking at the attack codes instead of the name, all sorted out

do i have to use ||-e||?

What this tag used for ?

||regex||

Well, this channel is for hints not help. I might gave you the hints that can lead you to the flag (i just tried once again and it works). Try to find by yourself again with those hints. Then check the writeups, if you still can't find your way then ask in #room-help

alright. thank you

morning

any idea on how to search all files for a string that starts with 4bceb and is 32 characters long?

@stone oyster, you got this one!

nope

You can use grep only, or find/grep(my favorite)

lol

Find is kicking my butt.

I was trying type.

size.

I just keep geting errors or super long lists

Currently I have find / -size -50b -type f | grep

I'm trying to remember the grep I had the other day.

you need to build a regex to match the search string @grizzled berry - you can try regex101.com to test to make sure it matches - and then as kana says, use grep on its own (works fine but very slowly, like >1hr) or find with grep together

using a regex do I need a -regex flag, or / or ' ?

@grizzled berry We are working on the same flag

I caught up

ill let you know if I get anywhere then

I remember that one being a nightmare. Let me look thru my notes to see if I wrote anything down about the regex string that could be helpful without giving it away

I had started building a regex, but I can't seem to find it right now.

i can't hint any more than I already have @stone oyster sorry

I know.

No worries.

I'm working on it.

You mentioned the size, the string...

Actually if you don't like the regex, i just tried with find only

It works (but that's very silly)

If I was better at grepping back then I would have done that probably. Find * in / | grep string

A awk can be usefull too

and maybe sed

There are so many ways to find this, hardest part is to pick one lol

for the regex, do we need the /gm at the end?

nop

ok. To begin a regex is there a special way to signify that we are usinig regex?

First thing first

man grep

Google grep regex

Then ask again here.

In the research that I've done I've seen pages us -regex, /, and '

So I don't know if I need or dont' need and if so, which.

need more coffee.

brb

afk

https://www.cyberciti.biz/faq/grep-regular-expressions/

If you can't find your way with that, i don't know what else i could do without giving the answer

heres what im thinking
rgrep -e '--5bceb--' /

Looking at this example about purchase followed by anything it says to use 'purchase..'

Would only 2 dots allow the 27 characters we need?

or would we have to put in 27 .?

We had discussed .{27} the other day

Guys if you really want to learn something about that (which is important to me) try to find the command by yourself with the resources i provided. There is literaly the answer in this web page. Try to work on that together if you want to. It will be way more useful for you.

I'm trying

that site regex101.com is great for building regex guys, seriously try it

it has all the syntax and you can see exactly what is and is not being matched

a dot matches any single character marc

so purchase.. matches purchase99 and but not purchase9

putting a number inside {} means match that many of the character before

but seriously lads, you can get all this from the links kana sent or from that regex101 site

No doub.t

We just need to piece it together.

find / looks at everything from / onward. I guess it's about as root as we will get with this one.

so we can look at all files in garry, alice, bob and elsewhere.

find looks at everything from where you tell it to

riight

if you use find / ... then from root

if you use find /home ... then from /home, etc

Do we need to look for hidden directories?

Do we need to look for hidden files?

have a look here for an example of find|xargs|grep https://unix.stackexchange.com/questions/131535/recursive-grep-vs-find-type-f-exec-grep-which-is-more-efficient-faster

I think were supposed to look through all files just to find something that starts with 5bceb and is 32 characters long

I found a 41da

lol

4bceb @grizzled berry

Is the file named like the flag?

no, the flag is what you'er searching for

when you get the command it'll return one 32 character string and that's your flag

Right. The file has it's name, and we will find that name, not that it really matters, by running a grep for the contents

yes, the file name is incidental

My size option isn't working. I tried -size 32b and -size 10b and received the same huge list

its not making any sense

if you want an answer then i suggest #room-help, there's not many more hints anyone can give I'm afraid

the beast is going to give in to me if only to get me to quit poking it.

I'm making assumptions. Is the file we are looking for going to be a .txt?

nope, the only assumptions you should make are the ones that are given to you

Bah! I have to go for now.

Thanks for the help

will poke more later.

Any hints for what Room Mitre, Task 6 Question 5 is needing. I've found the website but everything I enter isn't working. Not sure what I'm missing

Ctrl + F and keyword from the question into website.

I found it right now easy peasy..

I'm still missing something.. the question is "Where can you find step by step instructions to execute both scenarios?" and I see the link to the website but the answer format is ****** ******* and I can't seem to make anything work..

It's a placeholder.. So 2 words..

Click on the APT29 link and you'll find your answer

Yeap

I'm in the APT29 link and it takes me to pdf hosted on github and I find the link within that document that claims it has step by step instructions which it does. But I've tried several different combinations of 2 words I could think of that would match the format with no luck. I know I'm missing something I'm just not sure what..

Am I on the right track or am I overlooking something?

PDF?

You're clicking the FIN6 link if it's taking you to GitHub

I mean, read the previous question, it's a huge hint.. just saying..

Found it. I was going into the pdf from the link, I needed to back up and look at the other page. I had the answer correct I was missing a "special charactor" within the answer. Thanks for your help

no prob

on room hydra what wordlist should i use to bruteforce i have loads of wordlists

lord i hope the passwords in here

@white salmon rockyou 🙂

always rockyou unless the room states otherwise

@dusk violet thank you 🙂 didn't wanna sit through a million different wordlists and thanks good tip. also does hydra work off gpu or cpu?

cpu

damn i only got i5

normally passwords will be closer to the begining of the file..so wont take too much time

Orite thank god

no worries...hydra is bruteforcing password on a webserver

the bottleneck is the network

Lets hope it doesn't crash im using high threads

when you are cracking hashes or pgp using john/hashcat is more cpu intensive

you can crack pgp with john wtf?

-t 4 will be enough

hashcat uses gpu right?

if you set a high threads you might miss the password...

hashcat can use cpu/gpu or both

gpu is much more fast 🙂

ahh okay im on 40k passwords right now so maybe reduce threads?

will a gt710 work okay lmao?

are you using a VM to connect to THM openvpn?

yeah

then you cannot pass through the GPU resourses to the VM

just CPU

ahh okay. thanks for the tip

however...if you get something to crack offline you can send it to the Host and use Hashcat there with GPU

So you mean a hash.txt?

yep

great im not sure a gt710 will handle hashcat though pretty weak gpu

in THM metwork you won't need a beast to pass the rooms 🙂

in fact the VM they provide to use through the web browser is basic. so don't worry

Thank god i had a problem with a ctf on another website that used hashcat

make sure the hash is detected

and you're using the right -m

https://hashcat.net/wiki/doku.php?id=example_hashes

use 'Find' to make sure you are doing it properly

yeah i was it said something like your GPU could crash and aborts

i was using a bog standard hp intergrated graphics card lol

🤣

@white salmon Hydra is network brute force. It doesn't really depend on your hardware speed, unlike hash cracking.

Okay thanks what are recommended specs for hashcat

There are none.

Your cracking speed will depend on your hardware. It will run on most GPUs.

i dont have decent hardware though

normally hashed password on thm rooms take a little time to crack even in bad pcs

Is it safe to run with bad specs?

well, i don't see why it wouldnt be

might crash pc?

are you afraid that your pc will explode because of hashcat?

no ive had it crash before

Try AttackBox to do it!

theres probably an option to make it use less resources

are you afraid that your pc will explode because of hashcat?
@woven mirage let me tell you ok. I’m on my sixth exploded computer after trying to use hashcat ok

so your pc can explode lol

he's joking kk

lmao

Am I 👀

@white salmon I've read to don't use the --force option (ignore warnings) on hashcat, and you'll be good to go.

(on machines with low specs)

that explained why my pc crashed before

at least it didn't exploded 🤷‍♀️

yet*

Hydra + John + Hashcat = what would happen? Using a 775 LGA socket w/o GPU, 1GB RAM

https://tenor.com/view/fire-fire-bender-avatar-flame-burn-gif-4493955

looking for hint on gaming server ctf. i have the private rsa key. how do i use it to login using ssh ?

google how to login to ssh with rsa key

or do man ssh

do i have to bruteforce a private rsa key?

nah you use it to login

just think of it as a password and youll be fine

i think the syntax is ssh -i id_rsa

i tried that but doesn't work

https://tenor.com/view/google-it-eyes-search-engine-mike-barreras-gif-13674257

did you chmod it?

oh true

also it would be great if you gave us more info than just "it doesn't work"

chmod 600 yes

@white salmon send screenshot of the output of the command

i closed it lol

to hard lol

Room: Mitre, task 4, question 2. "For the above analytic, what is the pseudocode a representation of"

Do they mean the TA0003 tactic, or the analytic of CAR-2014-11-004 ?

Room Mitre, Task 5, question 5, "Continuing from the previous question, look at the informationf or this ATT&CK Technique, what 2 programs are listed that adversary's will check for?"

I've scanned all of the VM detetction techniques and I cannot find any mention of two specific programs (especially that correlate between the sub techniques) on those pages, or any linked content on those pages that match that hash count.

Room mitre, Task 7, question 3. "As your organization is migrating to the cloud, is there anything attributed to this APT group that you should focus on? If so, what is it?"

Stupid users doesn't fit the hash. Email phishing, does. but apparently is not the right answer. neither is Cloud Security or Email Filtering ... any thoughts on what they are trying to get as an input box? (As this seems to relate directly to Crowdstrike, i also mined crowdstrikes site with the feline sounding group name who is listed as an actor. No particular mention of tools/techniques, detection tips. or deployed platforms on crowdstrikes webiste asides from the same copypasta that went everywhere.. Email phish, person clicked msg. application executed. blah ) .. By correlating the empire links, i discovered an app that starts/ends with same letter on an entirely diff url .. But I'm not sure what I should be detecting as an aerospace industry to catch this person (asides from incompetent users)

Can someone help with a https://tryhackme.com/room/physicalsecurityintro, task 4 question 5? I've done all the others but completely stuck on this one

@fleet pike Task 7 question 3 you almost had the right answer, just try some variations of the ones you already said...

spear phishing didn't work either ..

For T4 Q2, another analytic tied to TA0003 tactic. @fleet pike

hmm

Ty for clarifying TA003

Is a variation of ||Cloud security||

TBH, if i'm trying to protect my organization against APT33, im just goign to remove my users ability to send/receive email

lmao

"No email privileges for you"

Make them go back to letters and stamps

Got any Azure creds? Go phish

For T5 Q5, the answer is on the page that represents the technique mentioned for T5 Q4.

TY

T5 Q5 My Hint his that in the page of the technique the tools are listed with a "," but in the answer you have to use a conjunction

Is there a prefered way to nmap scan ? i usually do nmap -sS -sC -sV -A -p- -oX scan.xml <ip_Address>

@white salmon I think this kind of question goes to #general channel or something along that line

it's for a room im doing

Anyway for the sake of answer, there is no prefered way it all depends on what you are doing, how much time you have, what kind of machine you are scanning etc...

the machine im scanning is a windows machine

But as example if you read nmap man page you will see that -A incorporate -sV and -sC in himself

what do you mean

Read the nmap man page you will understand

Oh i see thanks

how do i connect to the pics? Anonymous CTF

Do you have access to that folder?