#room-hints

flag xx lies within another system mount. what does it means ?

lies = fake right ?

what room & task are you on?

in this content lies == resides/lives/exists

https://tryhackme.com/room/linuxctf task 3

so any drive/device that gets added to a linux filesystem is attached at a 'mount point'. you can see what's mounted by typing mount. Specifically here you should look for removable devices which are added under /media

this is really interesting but am i found this flag wrong way ?

nope, that's the way, well done

thank you so much ^^

@median compass that's a bit more than a hint IMO

Just saying where the flag is...

fair enough james, I was perhaps a little short on inspiration in the moment

Advent calendar 2 Day 1 Question 3

In what format is the value of this cookie encoded?

I have put ||hexidecimal|| but it doesn't seem to be working

I am honestly not sure what else it would be since I used cyberchef to get that

one letter off

spelled wrong?

yeeee

but ma wiki lol

u right tho

lol

thanks man

yeah, that's wrong

good job

Is it spelled wrong in wiki or in the question?

I have never thought this hard about how to spell it lol

in the wiki, i've never heard of it being called hexi, always hexa

you're right

and wiki has hexadecimal too wikipedia.org/wiki/Hexadecimal

I google everywhere else and it's ||hexa||

lmao

||hexi|| listed the hint from the question and ||hexa|| did not adding to further confusion. Thanks for the help though!

Can anyone help about catregex room?

Match all of the following filenames: File1, File2, file3, file4, file5, File7, file9
DONE!

Question 2: Match all of the filenames of question 4, except "File7" (use the ^ symbol)
Resposta 2: ?

so for the first of those you used a generic kinda regex right? I mean, it would match more than just the file names given

for the second question then just concentrate on the one you don't want

🤔

well, would it match ||file08|| for example?

the first one I mean

my point is just that for the second one you shouldn't worry about what it WILL match, only to exclude what you don't want

humm... I´ll try. let you know if worked.

still researching. rs

how do you exclude something?

there's a specific character for that

In the room we learned about the hat ^

but I'm guessing it's only for the begining.

nope

humm...

it means one thing at the start of a string, i.e. that the regex shiould look for this pattern at the beginning of a string only

and another elsewhere

in Task 2 it talks about this

If its în brackets [] it exclude something, if its without [] îs for beginning

you don't get onto the other meaning until Task5

gonna check other tasks.

that's a spoiler @chrome bane, this is room-hints

My bad, I am sorry, wont happen again

no worries, we've all done it now and then 🙂

Still didn't get it! ehehehe Sorry.

Then, there is a way to exclude characters from a charset with the ^ hat symbol, and include everything else.
[^k]ing will match ring, sing, $ing, but not king.

From the room, is the answer explained here? rs

That's it! Tks brows! Got it.

Greetings everyone. I’m looking for a hint with Linux challenges Task 4, find flag 26 by searching the all files for a string that begins with 4bceb and is 32 characters long. Been on this for 2 days now and I think it’s time I ask for help

I’m not aware that you can literally search all files for that string

you need a regex and then you can use grep

i suggest something like regex101 to help build your regex

Thank you I’ll go google it

good luck!

Still not getting it. I googled regex and it told me to use ls -l | grep 4bceb

That returns nothing

I can’t be burnt out already I just started

I’m overlooking something I’m sure

Doing ls -l | grep 4bceb you will get filenames with 4bceb in their name

Oh so it doesn’t actually search inside the files

exactly ^^ this, what you want is to search the text inside the files

Dang it lol

this is the hardest question in the whole room imho

so it will take a little time if you want to figure it out by yourself

there's two hints i'd give

the first is to look and read the man grep output, that will show you how to search all the files

Match bat, bats, hat, hats, but not rat or rats (use the hat symbol)

Now I'm stuck at this one! LOL

and the second is to spend some time on that regex101 site and build yourself a good regex

I was testing here https://regexr.com/

you have all the bits you need for this edell

yes, that site does the same thing as the one I suggested, you can use either

😉 tks, will read the room again. rs

Ima take a break and let my mind rest for a bit

inside your matching pattern add the bits you want and then the bits you don't

Cuz grep “4bceb” *.txt doesn’t return anything either

It will make sense soon

You need to search inside the file, I guess

Yes I know but which file. They leave you in the dark right there

So I’m trying to do a blanket search of every txt file in the system

that's what you're trying to find @wind peak

did you do the two things I suggested?

Yeah and if you tell me that’s not a hint that’s the answer

I’m looking into it @median compass

done task 3!

😑

I need a hint for Linux Fundamentals 2 Task 9 Binary -shiba2

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

So the -r searches recursively but I still can’t find it lol

Burnt out

Taking a break

taking breaks is good and you have half of it there, a good regex then is the other part. It is a slow process though you should be warned, might take over an hour to find the one file

Can someone help me with this question, I can't find it?

Why are NULL, FIN and Xmas scans generally used?

Oh I legit keep canceling the search @median compass . Didn’t expect it to take that long

if you read back through the text, it explains why

I've reread it like 100 times. I am missing it

there is a faster way too @wind peak, it is more complex though, you can use find to pipe file names through to grep via xargs. If you google it you should find it. You're still going to want that regex though for the grep

I know it has to do with stealth

It doesn't

Xmas tree scans are super easy to detect

Because the flags are set in a weird way

It's not for stealth

• https://tryhackme.com/room/nislinuxone - Task2 named ls Question 6: How do you do a recursive ls? - i used ls --help and got answer of -R . And it said Your answer is incorrect. ls -R is not right?

look at the template for the answer, it's a lot longer than -R

Long form flag.

And it expects the full command

Ima just get some food and let the search run lol

for a lot of command switches there'll be a short and long form, so e.g. -h and --help do the same thing usually

Got it!! jesus, overthinking it!!

I’m such a far way from getting OSCP. I’m glad I’m prepping for it 1st with THM

Search seems stuck @median compass is that normal?

it's a long slow process

Okay it started moving again

Time to grab some food lol

like I said, using grep by itself can take over an hour

Wow the faster way is literally the only way to do it lmao. I can’t scroll all the way up

So this is pointless. What if it found it already

😂

Or when it finds it will it be the very last result

🧐

ok, so you shouldn't EVER run a find without this at the end 2>/dev/null

that redirects errors to the bin so you don't see them

learn that off, you should use it a LOT

if you run find in your home directory you probably wont have permission denieds

i mean if your find command isnt returning anything cuz of syntax errors you need to see the error sometimes

don't think they go to stderr though do they blob?

Finally got it

scratch that, totally right of course blob 🙂

I broke down the file system into chunks and grepd them 1 by 1

Thanks for the hints

this is the faster way, just for your reference, || find / -xdev -type f -print0 2>/dev/null | xargs -0 grep -E '<regex>' 2>/dev/null ||

thats a big command

that's what they say 🙂

That looks like some serious Spanish to me

Not even Spanish cuz I know a lil Spanish

Now I’m stuck again. How do I run a file owned by root without root password

😑

Makes no sense to me

You don't need root's password for that?

Oh?

You just run it like you would any other file

Most binaries on a Linux system are owned by root

look at the file privs with ls -la

And you're running those just fine

When I tried to run it it said permission denied

how do regular users get to execute restricted commands?

there's a command you use for that

But that didn’t work either

Unless my syntax is crap

ok, that's a spolier, we have || on either side to hide that

so do a ||man sudo|| and look for a way to check what you can do

Okay I got it

Thanks

Might as well hammer away while I’m waiting on my lunch to come

General question here. Am I doing this wrong? I feel like I should have ran through the OSCP course to learn what I need to then use HTB and THM and whatever else to practice.

I feel like I’m just missing certain information

Could be burnout kicking my booty but I dunno

you have to start somewhere and everyone comes to this subject with holes in their skillset. You just have to look for info in the areas you have weakness and put the effort in to bring your skills up, there's really no shortcut I'm afraid

I see

remember you can always go away from a room and come back to finish it later when you're ready

there may be other rooms that walkthrough something you're struggling with

and if you go do those and then come back, could be that you'll get it instantly

Hmm

and of course there's a whole internet of other resources, research is a critical skill for this

I think my lack of Linux knowledge overall is stressing me

Maybe I should run through a full Linux course 1st then come back?

Or try other rooms as you say

I was just following the learning path so I assumed

that's an option too, only you can decide what you need, afraid i can't help you there. there are plenty of rooms here where you can pick up the linux basics, could certainly be good to do those before doing challenges for linux

Yeah that’s what I’m thinking because I’m looking at some of these questions and I’m 100% lost as what to do

maybe download a Linux ISO and run it in a VM, then try doing all your daily stuff in it, that way you'll naturally research lots of stuff

my Linux knowledge grew largely after I finally got my dual booted Arch Linux up and running

Could i get some hints on "Regular Expression" room task 5 last question ("Match all of these emails while also adding the username and the domain name (not the TLD) in groups (use \w): hello@tryhackme.com, username@domain.com, dummy_email@xyz.com"). I tried many things in the past hours, i feel lost. The rest of the room was quite easy.

did you try doing 1, 2 & 3 here @wind peak https://tryhackme.com/module/linux-fundamentals

so a group involves surrounding the thing you're looking for with parentheses (). Make a regex for the username, that's just one or more of any character. Then you have a natural separator followed by basically the same things again for the domain

then a .com and one last operator

fml

didnt put .com at the end

solved

Can anyone give me a hint for task 43: Bonus challenge in learn Linux room

wasted 2 hours on that now i can start aoc, thanks allFun

look for files belonging to all the users you've found through the task @orchid scaffold, one of them should be in an odd interesting location and stand out for you

this is a good thing to do in general when enumerating just in case people have left stuff where they shouldn't

Thanks, I'll look harder

Hey guys! Not sure if this is the correct place to ask, but i'm having somewhat of a brainfart in the networkservices room (following the beginner pathway)
It asks for the name of the machine (using enum4linux, SMB enumaration) but the output of the 'Machine Enumeration' of enum4linux gives an internal error: not implemented in this version of enum4Linux

Tried updating my installation, but i seem to have the latest release... I'm kinda puzzled, am i looking in the wrong place?

So I have no idea how I ended up in the Linux challenges room. @median compass . I didn’t do any of the Linux fundamentals rooms lmao

No wonder it seemed so overwhelming lol

Nevermind, just noticed that the machine name is mentioned in the Nbtstat information section of the output 😄 (just me, talking to myself)

any very basic hints for Learning Linux final challenge? Just need a push in the right direction

Users generally create files in their home directory

look for out of place files

could someone help me with nessus room, its last question, the hint says its under resources, but i can't find, im stuck, please help

This is gonna be a very HTB like hint, but
"The answer is right in front of you"
(Just looking at the screenshots)

Lol wtf, and i was stuck a full day, thanks

Guys I’m on Linux fundamentals 2 on task 9 is it just me or does this task not make sense

you need to create en environment variable called test1234 and set its value to $USER

and then run the shiba2 binary

@slim egret

Hi. I was doing the nmap room and deployed the ftp-anon script on the FTP server at port 21.

If the result is filtered due to no-respone, does this mean nmap can login succesfully?

whats the full command you used?

nmap --script=ftp-anon.nse 10.10.9.202 -Pn -vvv -p21

try adding -sV to the end maybe?

Hmm..Ok but do you mind me asking why would that change the output on that port?

Filtered generally means VPN or firewall issue

ah, ok

So you're saying I need to check if it's indeed firewall or if it's open

and I assume I can do this with the -sV

no -sV is not for evading firewall, i said to try it because i don't understand nmap deeply and i know that -sV gives more output about the service and when i don't know how to help people i try to tell things that i would try if i was stuck in the same place, that's why i said it with a question mark, because i'm not sure if it would help :p

Well, I just ran it with -sV

and still get the same output

21/tcp filtered ftp no-response

which apparently means that nmap can login on that port?!

No

It means it can't determine if the port is open

!vpnscript

any one finished recent regex room ?
i am stuck at last 2 in Task 5

Stuck in Linux fundamentals 2 on Binary - shiba2

Here's what I did:
export test1234=$USER
echo $test1234
shiba2
. /shiba2
cat: /etc/home/shiba3: Permission denied

You've broken the binary at some point

Probably by using a command ending in >> $USER

That wrote to the end of the binary, and removed the SUID bit. The SUID bit here is a special permission on a program that allows it to do some things it wouldn't normally be able to

Terminate and redeploy the VM

Thanks!

hi alll i was just dong "basics of pentesting" there a part where claims i found and IRSA KEY but i never came accross it ? was the the nmap scan sapose to find it ?

It won't, no

i dont know i feel like i wont learn if i dont know what the write ups are talking about some seem to drift some where and then come to the task at hand...which make me more confused is it just me?

#room-help is the place to ask if you'd like clarification of something you see in a writeup

ok im working on vulnuniversity and i cant get the reverseshell.php to connect

why would it be stuck like that

did you type shell?

what syntax?

can somone give me an hint for Question 5 Regular Expressions Room?

cant figure out, i tried all the ways that came up in my mind

What task?

So basically

I suck with hashes

k

@soft fulcrum what task?

what room and task are you stuck on? @true slate

Im doing ignite and I got a hash and salt from the SQL database file (that I found with pwncat) and I think it is a SHA-1 from hashid and some websites but cant seem to get the right command for hashcat to crack it

google hashcat example commands

and it gives basically the exact command you need for each hash type

@remote gate task 2

@soft fulcrum its kinda hard to see but you have to match the space after the :

or you can do hashcat --help | grep HASHNAME

but also, long story short you just need hashcat -a 0 -m {hash mode} hash.file .../rockyou.txt -O

how do I include the hash

SOrry

not hash slat

salt*

I cant type

and I dont wanna talk about it

it's ok

I suck with hashes so thats probably a stupid question

we all make typos

Let me see if i got it, thx anyways @remote gate

if you don't get it and need a hint pm me

Ok ty mate :)

if you wanna include salt it's a different mode then just the regular SHA-1, and you need to do hashcat -a 0 -m {hash mode} hash:salt

there are no stupid questions, except maybe is this a stupid question? @true slate

fair

yea just look at the help menu, it's really good for syntax stuff if you know what to look for

yeah

ah okay I will try that I knew how to crack a normal hash but I have never had to do it with a salt surprisingly

--help and man pages can help a lot

I looked at it before I asked of course but I was probably just doing my thing where I just look at my screen and read it but dont process it

thanks for the help guys

yeah, it's not a common thing in lots of boxes to see password cracking including salt (as far as I can tell at least), try doing this room for getting better with hashes https://tryhackme.com/room/crackthehash

you're very welcome !tux

yw

already did that room but took a break, waiting for them to add the reset feature and im gonna go back through a lot of the rooms

understandable

tbh, cybersec is just so broad you can easily forget lots of stuff if you don't do them for a certain amount of time

@cedar palm did you just type something at me, all i got was a gray bar

Yeah it's a spoiler

Just click on ||it|| to see

it's gone

Pulling my hair out on the regex room for all the wrong reasons
||Match all of the following filenames: ab0001, bb0000, abc1000, cba0110, c0000 (don't use a metacharacter)||
Keeps rejecting valid answers, can't figure out what it wants me to be using

What have you tried so far?

I thought it wanted ||[a-c]{1,3}[01]{4}|| but that doesn't work

let me know if I should delete that

You are almost right.

why did it not accept my answer, wow

that is such a petty difference even for a regex test lol

Your regex is correct, but there can only be one answer for a question🙂

Having similar problems with almost every challenge

I have a task : tell the file name which contains stringpassword

I tried cat file* | grep "password"

But it doesn't shows the file name

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done.

I'm stuck at the last email regex question in the catregex room.
I've tried:
\w+@\w+\.com?
(\w|\d)+@\w+\.com?

is anyone done regular expression room created by concatenate

??

@short bobcat Me

so what is the answer for that "

Match all of the following filenames: ab0001, bb0000, abc1000, cba0110, c0000 (don't use a metacharacter)
"

hello

room furthernmap task no 14

There is a reason given for this -- what is it?

please give me answer for this

I need some help in regular expression room

we don't give answer @magic gale

oh @white salmon

did you run the scan as directed in the hint?

i have completed all tasks but except task 14 and only 1 question

I tried but did not get an answer

that's why

im solving this

lets solve it together

Dm

could you show the output of that command? @magic gale

yaa sure

it is right in the output after not shown

it is right in the output after not shown

yaaa

It gives a reason for not shown

any idea mr @white salmon

u mean -- not-shown this is a answer :-p

hahah i m kidding

nope

read your output

there is a reason why 995 ports are not shown

And ten minutes later someone asks for the literal answer to something, lol 😄

Anyone still working the regex room?

Pls put your answers in spoilers. You're in the right track. As for the pipe (the or symbol), it really has no place there.

I'm not on my pc but if you post the task I can help

im also working the email one. that and the "2f0h@f0j0%! a)K!F49h!FFOK" task.

this is where im at in the email ||^\w+@\w+.com$||

im just trying to figure out what im overlooking i guess

For the first one, I'm literally telling you in the question which meta characters to use. I don't think this warrants further hints

fair enough

As for the email, I never said it's a whole line (from beginning to end), just emails. Also I asked you to put some stuff in groups

It's all on the task description, you don't need to Google or anything

I got it done. Thanks.

i appreciate it, ill go back over

Also read up on the dot again

.

In regex that's a wildcard

the paste removed the escape. i have it there

I'm working on Linux Challenges and I'm a little stuck on Flag 16. I see there's a volume that's unmounted but I can't figure out how to mount it. It's not in fstab, and neither of the users I've discovered so far may use sudo so... What am I missing?

Hello room, I have all but one question (#9) answered in the NIS-Linux part1 room. the question is "

How would you read all files with extension .bak using xargs?"

any hints appreciated

Take the *nix philosophy and decompose your problem into two parts maybe? (Trying really hard not to give anything away...)

There are tools that do one single thing, and do it well. Maybe you can chain them together? (I could be way off base here, I'm not familiar with that room...)

gonna research *nix philosophy BRB

https://en.wikipedia.org/wiki/Unix_philosophy#:~:text=The Unix philosophy is documented,%2C as yet unknown%2C program. - I mean, no subtle hints there, just trying to guide your thinking into decomposing the problem.

The Unix philosophy is documented by Doug McIlroy in the Bell System Technical Journal from 1978: Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new "features". Expect the output of every program to become the input to another, as yet unknown, program.

thats a pretty solid way to put the mentality

Nvm, figured it out.

Doing the Hardening2 room, I struggle with “This is a random, arbitrary number, used as the session key, that is used to encrypt GPG.” Can someone please help me?

hey is anyone done with empire machine ??

Hello guys I'm in linux challenges task 2 I found the flag6 and I get the flag but when I put it it tells me it's wrong

what are the last 3 chars of the flag you found @white salmon?

89b

so go back and check again that you're capturing the whole string there, I think you're missing some characters at the end

sometimes if your terminal window isn't wide enough you might truncate a string accidentally

Use of uninitialized value $users in print at ./enum4linux.pl line 874.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877. i ma getting this error in in enum4linux tool any one can help me ?? how to resolve this

you could redirect your grep into a file with ... > flag6.grep and then cat that separately to see it easier perhaps

what parameters are you executing the command with @pulsar willow?

enum4linux -a 10.10.21.154 @median compass

and what room/task/question are you working on?

@median compass ok that's work thanks

Network Services room

What would be the correct syntax to access an SMB share called "secret" as user "suit" on a machine with the IP 10.10.10.2 on the default port?

did you try googling that? or man smbclient? I can tell you but you should try working it out yourself first

I think you are looking at the wrong tool.

so are you trying task3 question 3 with enum4linux?

Ohk

or task 4 question 1 with smbclient?

I am not getting profiles

cause the syntax to use smbclient is explained in Task4

you're not getting what? where are profiles talked about?

anyone solving the Regular expressions room?

I solved, ask your question

Match all of the following filenames: File01, File2, file12, File20, File99

||[F,f]ile.{1,2} | [F,f]ile\d{1,2}||

still stuck... after to awnsers

two*

@steep sundial dont't use ||,||

in the || [fF]||

ok 😛

thanks a lot

the devil is in the detail 🙂

someone can give me an hint for Task 4 Question 4 Regular Expressions Room?

whats your best guess so far?

[abc]{3,b}(dont know if thats right)[01]{4}

{3,b} you have to put minnumber,maxnumber

of the letters that you decalre earlier

re-read the example at the top of that task, it's {from,to} for repetitions

ah ok yeah got it thx mates

repetitions of course

Match all of these emails while also adding the username and the domain name (not the TLD) in separate groups (use \w): hello@tryhackme.com, username@domain.com, dummy_email@xyz.com
Stuck on last the regex site says that is correct my answer but counting the letters doesn't match|| \w+.\w+.com||

||(\w+).(\w+).com||

I am on the same one 😢

(hello|username|dummy_email)@(tryhackme|domain|xyz).com

I had this but it is waaay to long ahah

Ok got it

16.1 is the format... xmm

Want a clue ?

ofc

me too! in the same task!

So there is something wrong with ur dots

A dot is a random character

If u want a real dot, what should u add

And if you can be more precise than "a random character" U should go for the specific character

done 😄

do you want the awnser?

hope my hints weren't to easy

lol easy mistake I made 🙂

Yup !

Morning folks. Working through 'Networking Services 2' and I am hung up on the stupidest thing. "What is a common application of MySQL?". I have read through the documentation, and I am pretty sure the answer is along the lines of PHP database, but the answer layout is **** *** ******** or 4/3/8. I can not for the life of me pin down what the first 4 are.

re-read the text above the question @mild spindle, specifically the section marked What runs MySQL?

See, I knew it was going to be like that. Waaaaay over thought it. Thank you.

I do. 🙂

the email one @daring knot?

yes. "Match all of these emails while also adding the username and the domain name (not the TLD) in separate groups (use \w): hello@tryhackme.com, username@domain.com, dummy_email@xyz.com"

what's your best guess so far?

should I put here?

yup, in spoiler tags (surround with || )

here ||(\w*)@(\w*)\w*|| first time I use this, and didn't knwo yet how to do it! eheheheh

no, double pipes, ||

ops

done

there you go

ok, so you have the basic structure there, that's a good start

how long of a username will your first part ||(\w)|| match?

you can check with regex101.com or regexr, put the email addresses in the text box and see how much is matched

Various regex I tested here matched all emails from the question.

Should it match only before .com? (because of the TLD observation?)

ok, so you want one or more of any character for user and domain right?

• = one or more

and then just finish with the common part of each for the TLD

not forgetting how to specify a literal .

\w

yup you have the parts you need there now

Matches at regexr, but THM doesnt acceps ||(\w)@(\w).(\w)+|| what's wrong?

Let me check the literal .

but you didn't change the regex for user and domain

humm...

Still not going ||(\w)+@(\w)+.(\w)+||

-> so you want one or more of any character for user and domain
-> + = one or more

the inverted slash and the dot doesn't get preserved here in discord.

but your group must match all the chars, so username is everything in the ()

humm...

and at the end you don't need regex, just use the common ending they all have

finally! 🙂 the + had to be inside ()

tk so much!

hi, i need hint on regular expressions task 4 question 4...
i made the regex but it is not accepted... it doesn't have metacharacters as told...

What have you tried so far?

You are almost correct.||{min,max}||

done thanks. 👍

Also struggling with Reg Expressions Task 4 Q4. Success in regexr.com, but my query is much shorter than the recommended format

@steep sundial spoilers please 🙂

guys, please post the body of the question when you want a hint on it. otherwise I have to open the room every time to answer you

(same with everyone else)

Match all of the following filenames: ab0001, bb0000, abc1000, cba0110, c0000 (don't use a metacharacter)

alright

Sorry @thin bison

no problem, what did you try? put it in a spoiler

|| spoiler ||

I have tried ||a?b?c?[01]{0,4}|| and ||a?b?c?0{0,}1{0,}||

this || a?b?c? || is a very inefficient way to do what you're thinking. there's a much simpler way (read task 2).
the other stuff are both wrong, but you have the correct idea in the first one.

Thanks

you'll also need something like this || {* , *} || in the first part, cause there are different numbers of letters.

I hope this makes sense

Thank you @thin bison . I shall keep trying

Got it! Gracias!!

Did you ever have any success with the regex match string problem?

can i get hint for room unbaked pie

That room has only just came out please wait 72 hours before asking for hints

@thin bison

Match the string in quotes (use the * sign and the \s, \S metacharacters): "2f0h@f0j0%! a)K!F49h!FFOK"

i created a regex with \s\S and * matching the text but its not 10 characters, while the characters should be 10... can i get a hint.
|| \S asterisk \s asterisk ||

it's already 57 days old

It's not

That's not the release date

That's when the room was made

ok may be

No, it is.

Please wait 72 hours before asking for help or hints

ok ok just chill
i will ask after 72 hours

that's it

You decided to argue, please don't do that in future

no i am not arguing i actually don't know that the room is released today

ok whatever let it be

thank u for information

I am struggling with this one, too. Your solution results in 2 matches for the string, instead one. I have created a handful of variants, but none are 10 characters, and none are the correct solution

|| [\S]asterisk[\s]asterisk ||
how about this one its 10 characters and matching each string.

Any hint how to regex "File01, File2, file12, File20, File99" ? I created ~10 possibilities but none is the correct one

there are two sections the alphabets and numbers.

The correction is 13 chars long. My last one is this ||[\w]*\d\d{0,2}||

use part of the solution that you have already done in previous questions.

That can return empty matches. Very dangerous

I have tried bracketing the whitespace search with ||\S*\s+\S*|| or ||\S+\s+\S*|| or ||\S+\s*\S+|| etc... but nada no far.

guys I have no control over the number of asterisks. the correct answer has 9 characters. the thing is that you shouldn't try to match the asterisks by any means necessary. only try to do that if you think you are forgetting something.

generally, try to "cook" the easiest, simplest regex you can think of

also, a note. metacharacters don't need to go in a [charset]. they can but they don't need to. I see many people doing this

post your solution in a || spoiler||

Oh dear. Everything went "BOOM!" (500 error)

I definitely didn't cover how to do this in the regex room

need a pause from this one. regex101 shows me that I'm correct but there must be another solution

yes, that definitely can happen. do you want to post your solution? if it's correct regex but not the correct answer, I can tell you you're on the right track and also give you a hint towards the answer if you want.

That's very nice from you: ||\S+\d{0,2}||

Thank you @thin bison . I discarded the solution to the "2f0h@f0j0%! a)K!F49h!FFOK" match because regexr gave me a warning. Plugged it in now, and all is good. Thanks!

well it will work, but you're not being specific enough.

if the strings you want to match have similar patterns, you should try to translate that to regex

these strings definitely have a pattern

You mean something like ||[Ff]ile\d{0,2}|| ?

yep

the last part isn't quite right though

alright, will work with this. thanks! ❤️

Solved it. Looking at the solution it's really an easy one

well, everything looks easy in retrospect

good job

i got the solution but i think i tried it before and it didn't work ... anyways thanks for the hints @thin bison

I don't know if that's possible but glad you solved it nevertheless

That's why I keep a list of everything I try as I try it.

i ,kind of, manually brute force it sometimes .
therefore can't keep a list of all. but keeping a list is a good idea.

Hi people. Anyone finished the nmap room in the beginner's path? Task 14 demands scanning a deployed machine. But nmap tells me such machine is offline (even when I use the -Pn flag to avoid using the icmp protocol)... Help is appreciated

Are you connected to the VPN?

Can you load http://10.10.10.10/ ?

I m using the attack machine...

hm... interesting. The task says use an XMas scan (which dont seem to work), but using a regular tcp scan does the job

Hey guys

i am stuck on this one question in the furthernmap room
Why are NULL, FIN and Xmas scans generally used?

It's in the text

And it's not stealth

got it thanks

i kept trying answers around stealth 🙂

Apologies. Done.

#778305825797177374

Uh so Koth, how do I connect to the IP, ,there ain't no attackbox

You can deploy an attackbox under your profile

Or make your own VM or bare metal kali install and VPN in

Oh alright. thanks. but now I'm confused as how to find the flags? There arne't any directions or anything

KoTH are like challenge rooms

I recommend completing a good number of challenge rooms on TryHackMe first

There are 2 KoTH boxes available as standalone rooms too, Hackers and FoodCTF

FoodCTF is the easier one

I'm only doing it cause im with friend

Friend's gonna destroy me 😦

hey! i'm in "Internal room" and in the login pagePHP

but i keep been redirect on internal.thm

Add it to /etc/hosts

how to do that ?

That's a research question

thx

Can someone tell me how to solve this deamonise issue. I'm unable to get a reverse shell

Do you have a listener

On port 4444

And is that your correct tun0 ip

The daemonise is not the issue

The issue is the connection refused

It's splitscreen, so attackbox

I saw after

yes I have tried changing the port also

also the ip is correct

What IP did you use?

Anyone able to give me a pointer on the physical security room Adam Rite question ? It's the last question and been bugging me for weeks 😥

https://www.youtube.com/watch?v=vXrlZJKpK0o this is the vid I found

Watching it through to see if it's useful

@stuck fractal thanks,will watch it

Ok it's interesting but it doesn't describe the mitigation

Is anyone available to help me with “Network Services- Learn about, then enumerate and exploit a variety of network services and misconfigurations” I am stuck on getting the SMB flag, ive downloaded the id_rsa ssh key but i keep getting prompted for a password. Im pretty stuck :/

@manic citrus That won't help, but it might give you a jumping off point
As might this https://www.sparrowslockpicks.com/category_s/62.htm

Can you show us what happens when you try? And what you're doing?

@stuck fractal trying to ssh into server: ssh -i id_rsa johncactus@10.10.204.89 . It states: load pubkey “id_rsa”: invalid format. Ive tried regenerating it, re-downloading it, etc. No luck unfortunately

Wrong name

Invalid format doesn't matter, it will say that even on a successful login

You can't regenerate that key, seeing as it's on the remote system

You're getting Connection Closed right?

I tried three other usernames found from the enum4life tool

You have the right person

But you have the wrong username for them

Hmm thats the part im missing then, could it be a windows SAM name?

No

Read through the files on SMB and make some educated guesses

Okay thanks ill take another peek, i couldnt find any other files besides the work from home info

That's all you need

But use the information in that file to create some educated guesses and try them out

I am completely stuck, i have tried the following:

JohnCactus
JCactus
JohnC
JohnCactusPOLO

Its been an hour at least lol

1. it's going to be lowercase because it's a Unix username

Why are you assuming it's both first and last?

So used to windows its learning curve for me to get back on unix systems. I appreciate the help. I got it. Thank you!

Almost always first initial -lastname in active directory which was throwing me off immensely

Wondering if someone could help me out on "Network Services - Learn about, then enumerate and exploit a variety of network services and misconfigurations". I'm sure it's just some sort of syntax error on my end, but I cannot for the life of me get the "get" command to work after connecting via smbclient initially. I've looked up a write-up and copied the syntax verbatim, but I keep getting a "Error opening local file Working From Home Information.txt". Picture attached of my syntax and what I've tried.

any hint on why this is not working, the only thing I could think of is my path, because the hash is in the hash.txt file.

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done.

Have anyone done "unbaked pie" room

Hello All ... I'm on a nmap question it's made me crazy...
Room-Nmap/Task8/Question2. I'm on it since 30min ..... Heellllppp.

Why are NULL, FIN and Xmas scans generally used?

Ok I have it

yp

has it been out for 72 hours though?

Can i dm u?@pastel sedge

sure @rugged wasp

anyone working on REGEX room ?

Room: Regex
Question: Match all of the following filenames: ab0001, bb0000, abc1000, cba0110, c0000 (don't use a metacharacter)
My solution: ||[a-c]{1,3}[0-1]{4}||, this should've worked normally but its def not the best answer, just need to know am on a correct path or no

I am facing a similar problem

@frail rain try pythex.org to test you regex solutions

ive tested my solutions on site linked with the room 🙂

i have tried many solutions as well, but they are not accepted for some reason

because there can be n solutions to one problem

The right answer is typically the most efficient regex for that question.

yeah right

where are you stuck tho?

i will help, if ive done that question 🙂

task2 question4

what have you tried till now?

[Ff]ile[0-9^68]

[Ff]ile[1234578]

and a few more permutations somewhere around these two

your first part is correct but for the second one try not to be too specific

the solution is right there in front of you

the ^ operator doesnt seem to be working for some reason in the first part

you dont need the hat operator

ok

am quoting the doc written in the room:
"1. Be specific. Here's an example: you could match any character from a to c using the [a-z] charset. But if the question only requires you to match characters from a to c, you should use the [a-c] charset, not [a-z].
2. Don't be too specific. In contrast to the previous example, if a question requires you to match a, c, f, r, s, z, at that point, the expression that matches those specific characters would get longer and more complicated. So, it would make more sense to use [a-z], because it is short and simple."

ok

I get what you are trying to point

I got it

Thanks man

👍

You are on right track,

did you get it after all? you were very close. that regex was correct.

oh no, i took a break

correct as in it works, but the right answer is a little different

ay, finally someone took my advice 😛

oh yeah i got that,

hope this room doesn't get you from slightly disappointed to very 😄 lol

i hope that too lmao

in regex room , the email part
||(\w+_?@)(\w+.com)||
this matches all the emails but still not accepted... any hints for what concatenate think is the best solution for it?

Any nudge on “unbaked pie”

That room has only came out please wait 72 hours before asking for hints

Thanks 🙂

°°

pls read again what exactly I'm asking you to put into groups

also you need to read up on metacharacters again because there's a mistake in there

Got it Thanks for your reply...

I got the answer :), guess taking a break really worked lol

That makes total sense! Thanks dude.

hello. In Steel Mountain, task 3. I managed to upload the script into the machine but that command is failing. I understand that the problem is somewhere in the script but I assumed this should work 🤔

@jovial sentinel You downloaded the webpage, not the script

Click 'View Raw' and use that address for wget

🙈 oops. Thank you

guys i need help with the Simple CTF

What have you tried, where are you stuck

i helped him in dm 😁

Hi hackers. I am stuck in the Nmap section at the question " Search for "smb" scripts in the /usr/share/nmap/scripts/ directory using either of the demonstrated methods.
What is the filename of the script which determines the underlying OS of the SMB server?" Can somebody help me please. Many thanks in advance.

did you go to that directory /usr/share/nmap/scripts in a terminal @tired bough? if you look at the scripts there you'll see they have a common format, scripts that target a particular service generally start with the name of that service. In your case the service is smb. That narrows down the set of services to 20/30ish, now in that smaller set, what script could be looking at discovering the OS version?

In Nmap room of MuirlandOracle can anyone help me :
There is a reason given for this -- what is it?

It's in the text

Hi brother. I did try the command "grep smb /usr/share/nmap/scripts/scripts.db" and one file has been shown in red which is "smb-cabapilities" it wasn't the right answer tho!

try the way I suggested perhaps?

I cant open it in browser. Any hints pls

but it isn't what? that does match the addresses you're given

scratch that, you're missing a \

since . has a meaning you can't put it in without escaping it

yeah yeah

i forgot to add that while pasting it here

wait

nvm

ok, well then I don't get the issue, that is the right regex

it was actually

lmao

i didnt meant to put that here

okay now am stuck with 2 problems

imma take anathor 48 hr break for these

it wasn't the right answer, even with the dot escape

cause I asked for 2 specific things to go in groups, not the whole thing

it turned out it was correct @thin bison, just a typo i think

you were brave to do a regex room 🙂

if it was accepted it was due to thm's answer tolerance, but that wasn't the right answer even if it is correct regex. refreshing the page will reveal the right right answer (if that makes sense)

once the \. was in place it was the right answer I'm pretty sure no?

or the right right answer even

no, that's what I said

it wasn't right cause the whole thing was in 2 groups

2 specific things are supposed to go in a group, not the whole thing

I'm trying to do the Blue room, and I've found the appropriate exploit and trying to run it, but it's failing every single time I run it. I've tried waiting 5 minutes, 10 minutes, 30 minutes for the system to be up before trying it, but it runs the exploit and fails to produce results every time. I'm using a Kali Linux VM I spun up. Am I just extraordinarily unlucky, or am I doing something wrong?

show options and screenshot

chances are your LHOST is wrong

...Oh

Thank you, this was driving me up a wall

Yeah I had it set to my local IP and not the VPN IP

🥳

Hi. I need some hint for https://tryhackme.com/room/catregex room. Last subtask from Task 4. Tried with .*\w+ but it doesnt work. Please help. Also tested on https://regexr.com/ and works fine

theyre looking for something a bit more specific than an asterisk i believe 🙂

which question from task4?

last one

okay

first that . is optional then search for the word

.*

optional

cant type with backslash

you have only one dot

yah

.

\.

"." this is optional

go up and see for optional character

replace with *

• • 0 or more times.

this means optional form me 😛

but there is one file named "notes1"

right

?

this is optional

now is good

thanks

done??

yes

Okay

did you have starkiller installed

starkiller?

its a program

nope

program for regex?

noo its a program for empire machine

Well the question said: adding the username and the domain name (not the TLD) in separate groups.
so
||group(Meta char+) @ group (Meta char+) {esc char .} com||,
shoudlv'e worked

what you just wrote, only with a + in each group after the metachar does work

Yeah.. Maybe i just away with THM's answer tolerance, but still i wanna know what the actual answer was.

If I understand what you're writing, then yes, it will work, but it's confusing

but yes, the format is || (regex)@(regex).com ||

Yes i was correct after all

what do you mean? 😛

I meant the format was correct, lets not worry about this now.

yo yo yo so I dont know if this is the tool messing up or me not knowing how to use it but heres my command
wfuzz -z /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt --hc 404 -u http://FUZZ.cmess.thm
and it keeps returning with

********************************************************

Target: http://FUZZ.cmess.thm/
Total requests: 4997

=====================================================================
ID           Response   Lines    Word       Chars       Payload                                                                                                                                                                      
=====================================================================


Total time: 0
Processed Requests: 0
Filtered Requests: 0
Requests/sec.: 0

 /usr/lib/python3/dist-packages/wfuzz/wfuzz.py:78: UserWarning:Fatal exception: Pycurl error 6: Could not resolve host: www.cmess.thm

any help would be appreciated

trying to fuzz out the subdomain of http://cmess.thm

Do you have cmess.thm mapped to an active IP in your /etc/hosts?

yep

you need to specify an IP and a URL when fuzzing vhosts

you have cmess.thm in your /etc/hosts but you don't have any subdomains in there so it can't resolve them

so I need to edit hosts or my command?

your command, look for a switch that lets you specify an IP

okay I get what you're saying

working perfectly now thank you

https://tenor.com/view/im-back-baby-kuzco-emperors-new-groove-gif-8291749

https://tenor.com/view/nope-baby-run-nevermind-gif-11893441

im in the the physical security intro and stuck on task 4 - what is the piece that allows locking lugs to retract when the core is turneed? first of all is it lugs or should it be plugs? im not a native speaker and for the love of it all i cant get the solution figured out. need help here pls

the only hint I can give you is to check out bosnianbills videos on youtube, feels like I watched half the internet on that room and i'm still missing a couple!

ok thx

ok now this is my last question which needs an answer. this is killing me 😄

I'm working on linux fundamentals 3 rn. I'm having trouble finding the shiba4 binary after using: find /* | grep "shiba4" .

I'm also in the root of the file system

task 7

you can do it in a better way

instead of using grep

you can specify the name of the file you want to find

also, you dont need to use /* too look all directories, you can just specify the root dir since find looks recursively

like this find /

grep is all i've learned at this point besides -type or -name

well

with -name you specify the name of what you want to find dont you?

find / | grep "shiba4" worked, but for some reason if i didn't CTRL + C immediately the location would be lost in a sea of "permission denied"

it's because you dont have permission to see some of the folders

you can hide these messages by adding 2>/dev/null in the end of your command

Ah, thanks. I would scroll up and all the results wouldn't show lmao

the 2 means it's getting standard error stream

> redirects to a file

/dev/null is like a void, that just throws away anything you give to it

but its better using find / -name shiba4 instead of using find united with grep

wym "untied"

find / -name shiba4 better than find / | grep "shiba4"

@woven mirage appreciate the help 🙌

Termack

ya there? :3

helloooo!

Termy is always here

Hence his community mentorship-ness

I'm missing something in wonderland

but i don't know what it is

mind you, I'm on step 2.

blob best mentor

Blob legit is my mentor tho

I missed him sooo much.

what have you tried, and where exactly are you stuck?

can i pm?

should I pm you blob?

That room everything is more straightforward thank you think

James is mean that way

hm

Boi why are you asking to PM 🤬

Just do it or a kill you

haha

@oblique cliff you didnt blobhearted my message where i say you are best mentor

Yes I did

keep saying unable to find C:\mona\oscp\bytearray.bin

have you downloaded mona

i have to download it? i just connect to the vm provided via xfreerdp

nvm figured it out

because it stays charging like this

@nova patio please don't spam the same thing across multiple channels like that

ok

@stuck fractal Wonderland was fun.

Good

Sorry for Looking Glass

I haven't started it yet

but apology preaccepted.

granted, if it's anything like Muirs rooms, you'll know how I feel about you.

Oh it's nothing like Muir's rooms. It's just partially designed to bully you. Muir sets out for difficulty, this box was designed to hurt you emotionally.

Oh see, that I can handle quite easily because I'm already very very broken

no attack mode?

hi everyone 😄 im on the linux fundamentals 3 room and struggling a little on one of the find a binary, its asking to find a binary called shiba4 however, everytime i use the find command or ls command i cannot see the binary anywhere on the system ? any hints ?

Try using the find command together with the grep command on all files. It will search through all files and filter out your grep keywords.

thanks @glad hornet I'll give that a go

Could anyone assist me on this question from the network service room? Been stuck awhile. How do I connect to the server (I have the username and password) ? Do I smbclient into one of the shares? Tried netlogon and IPC$, wasn't successful

can you ssh into the server ?

ahhh of course...it meant to ssh into the server. Thanks. Basic understanding still somewhat lacking..

no problem 🙂 mine too!

actually it's kinda better to just add -name in your find command instead of grepping it

I can only seem to find a directory rather than a binary

you can try forcing to files only with -type f

but it should find binaries too by default

i must be missing something i think

I mean, if you can do find / -name bash and it returns /bin/bash then it means you're finding binaries too

a really simple check

i just cannot seem to find the binary file anywhere

got it 🙂

thanks for the hints 😄

you're welcome 😄

btw, I don't know if someone already told you this, but you can redirect all the errors to /dev/null for a clean output like this find / -name NAME 2>/dev/null

yeah i found that on google ... i think if you combine it with the grep you can use -v ??

i did however use 2>/dev/null

-v would return all lines that do not match the given expression

so you could technically do find / | grep -v denied

and it would reject all the Permission denied messages

yeah thats what i was getting at, or -v "permission denied"

but just sending stderror to /dev/null is kinda cleaner and somewhat faster since no extra programs are being run

that makes sense

Hiya, Im just having a bit of trouble with johntheripper.

I used "ssh2john" and converted the rsa to a .txt with the hash, used john for_john.txt --wordlist=wordlist

And it just outputs No hashes loaded

Here is the RSA

and

hash

@rustic sphinx show a screenshot of your command

Okay, here is a screenshot

Any ideas?

I miss your for_john file

?

in your command

you want the ssh2john command?

replace rsa with for_john.txt

tried that

same result

you want to crack the ssh2john hash, not the rsa file

that is the hash

john for-john.txt -w=wordlist

Look at th screenshot

I just posted

I did the .txt hash

same result

change the order

did that

I dont think it has anything to do with the order

what room is that @rustic sphinx

basic pen testing

the thing is

I was watching john hammonds walkthough

did the same exatc command for the john as he did

dope@UDP:/mnt/c/Users/HACK/Downloads$ john for_john.txt -w=/usr/share/wordlists/rockyou.txt Using default input encoding: UTF-8 Loaded 1 password hash (SSH [RSA/DSA/EC/OPENSSH (SSH private keys) 32/64])

Yup I think its something to do with my john

I tried reinstall it same result

It happens with every hash I input into john

so um

any ideas

use the attackbox maybe

or build a new john from source

I dont really want to use the attack box as im not a sub

Alrighty ill do that

https://github.com/openwall/john get this one and follow the doc/INSTALL

@white salmon Should I get bleeding jumbo?

yes

yesss

that worked

guess I just needed it to install from source

not "apt get install john"

john installed with kali worked fine for me

yeah ubuntu is weird sometimes

stuff happens man, worked fine for me on arch tho and ppl say that thing is unstable

Someone willing to help me with unbaked?

because, i think I've found something, although I'm working on something rn.

wonna trade hints 😄 i'm getting nowhere withe mine. damn last answer

https://tenor.com/view/pray-beg-please-homer-the-simpsons-gif-15706311

I have an idea

Let me check it on the site

Nope ok

i had so many ideas. i ran out a long time. now i hunt the internet for lockterms with 8 letters. this is so hard as a non native speaker to find the right part. and searching for locking lugs always brings me locking lug nuts for cars. argh!!!

the part in question is actually very commonly to be found on pictures and in explanations of car locks

i will lock into that. thx again

https://tenor.com/view/thanks-thank-you-dwight-gif-3898407

lol, most welcome

i finally found it. and i would never geussed it or found it without your hint(s) 😉

I am also stuck here. EDIT: Solved

Im stuck in nmap room with the Task 8: NULL,FIN,Xmas. Why are <those types> scans generally used? ******** *******

Check the text above

And it aint stealth.

Because xmas scans are super easy to detect

Wow, got it after a little more thinking about it. Thanks @stuck fractal for the tip!

how would you open a file if you have used SNB to a vunerable port?

hey guys

im stuck at the Linux walkthrough room

Task 24

nvm i found it

hey guys, im stuck at the latest NMAP room, Task 14

i think i could help u with that

thank you man

oh im sorry man i have done another nmap room

if you follow the hint, you will get that answer

I follow the hint but I don't understand what they want to write

Is this the New Nmap room 0r the Old one??

new one

Oh Sorry I haven't done it yet

when you do the -vv scan theres a reason given, you have to put that

Question 2 for today's advent calendar. Is there special formatting? I feel like I am missing something and have over thought it. I am entering ||wfuzz -c -z file,big/txt http://shibes.xyz/api.php||

#778305825797177374

perfect, thanks man

@wintry sorrel That's not correct CIDR notation for the network

Look up how to write networks in CIDR notation

Oh... Thanks man

what is the answer for this question in the nmap room?

We don't provide answers @graceful prism

We provide help and hints

I tried to search here: https://nmap.org/nsedoc/

But I dont know what to do next

Find the documentation for the script.

Try man nmap and look for the scripts segment

Thats what I found

Keep looking

You need to find the documentation for that script

Check what you have learned in earlier tasks while "using" scripts with nmap

It's a research question

wat

1. don't post answers

2. try things

It worked thanks

has anyone joined the dev group room yet?

Hi people. I am in the network services room. In task 7, we are supposed to telnet into a remote machine and then execute a ping into the local (attacker machine) from the telnet session. We should also use the tcpdump tool to check whether the ping actually arrives. But tcpdump does not show anything... I appreciate any help...

@odd halo yea

@strange river i’m having a hard time getting the initial foothold. I found a hash in a .git folder. am i on the right track?

@odd halo yes

@strange river i spent a lot of time trying to crack it. is it time wasted ?

okay thx for the hint!

👍 🙂

i have this doubt too hehe

Well the box assumes you have access to quantum 🙃

well like @strange river said i looked at the git folder and found good stuff. but still got overwhelmed by the objects that i found since i’m not a lot familiar with git folders @ancient island

but now it’s just a matter of searching

i found some interestings things, but i'm stuck

so close, but too far hahah

ahahahahah feel u

Anyone got a small hint for me for unbakedpie?

I've got a few things that just haven't worked.

Where are you stuck? Has it been 72 hrs yet?

man, this room has been around for 59 days

Yes, it has been

It was silent released

That's the creation date, not release date

ahhh

it's doing my brain in.

slowly that is.

my google fu is not strong enough i guesssss.

I need a hint on where u are stuck so I can give you a hint

well, pm me as there's no writeups for this room and I don't wanna spoil anything.

Hi stuck in task9 of windows privesc v1.0

@jolly knot do u have a link for the room?

any hints on devguru ?

not for the first 72 hours

@white salmon The creator has said it's open for hints

And provided some

okay didn't know that

so anyone give me some hints pl

There are some a little further up