Im not a python pro...but

python has to think
"Oh you want me to use this string as the key"

String not variable

Thats what i ment

i dont know

i don't understand anything

ok so

imagine you wanted to

💯 💯

import string idk

print(test)

and it should print hello

okay print

OH

print

no

xD

frick

how would you define

test

to make it print

hello

def

print("Hello, My name is Jovnn")

okay and

decode it by hand

xd

u know I actually tried

LMFAO

I dunni what else to do

xD

so

i just need to make it print key?

no

yo can you dm me

the script

I wanna try smth

Jovnn, cat that .py file and look at how the variable Enter Key is defined

yeah

so it's key=input enter key

that doesn't seems sus to me

How is it written

wdym

Is it like this "Enter key" or 'Enter Key' or Enter key

"

:D

it's just me lazy ass

dw

:D:D

Soo

can you pls copy paste the python script to me

wait

It just doesnt understand your key

Understand

key=[key]

print(key)

And screams at you

what would you put in

[key]

OH

what would you replace that with

to make that script work

that make sense

yes

doesn't work

lol

send the script

over

I'm on vbox

u gonna wait

on vbox?

oh ur working on windows

yeah

Virtualbox

It doesnt like copy and paste from guest to host, not like vmware

just dual boot like I do 😎

Negative

you might have to reinstall

everything like 3 times

a month I think

👀

wait so

what now

if "" doesnt work

what python are you running it with?

python

u cant with 3

Jovnn, you arent messing with the script itself are ya

wait a minute

nope

you copy the key correctly?

yeah

oh

now

Send a ss

I know why that '

is on that key

thats why

the '

is there

but

wait

nvm

I think

u were messing with ur script

i didn't

it's what I got

Send a ss of the screen

when I nano root.py

then edit the script and add ' to the end

of the string

which string

encrypted_mess

The only super long one

see

just tell me

Whose ss is that?

of him

mine

Dont need b

i didn't set b

indicates its a python byte string no?

Dont need that

type error must be bytes

see

ur script is broken then

idk

u don't have yours rn so I can just copy and paste and do that way

tbh I don't wanna reset room

Wait nvm

Pioli, add the first thing in ""

same thing

it's just broken

lemme se writeup to see

if it's the same

yea ok so

no

do it by hand

I changed key="actual key"

and when running it same result

No editing of the script is neccesary

yeah

script is fricked

But I do want to know what he did different

write up says u just need to set ket

and that's it

key

no edit is necessary

thats how i got the flag

Jovnn, soo what are you doing now?

yea same

nothing

listening to music

I mean to get the flag

pioli send me root flag at the least we found way

oh nothing

Why not

can't get a flag of a broken script

Dont give up

i mean I can manually get it

or just

reset the box

you have creds for charlie ssh

and can easily get root again

okay

if that script doesn't work

u will send me root

okay?

No

or

i will do it manually

and it will take 100y

lets just

hope it works

ok?

okay

Reach out to room creator if you think the script is broken...which it isnt

we will see

imma switch back to arch and look again

brb

Get to root from scratch and enter key

what encryption does the message use?

could just use an online tool

I DID IT

FINALLY

fricking script

xd

knew it

could you send it again?

I wanna see what the difference was

thank you guys

ofc

good job

sorry bot

lol

check dms pioli

need help in room mr Robot ctf key2 i brut force the login page and i didnt find anything

my brain

You're missing a ^

^USER^

james

i had more trouble with script then how to get root

I still haven't done it

u would probably finish it in 15m

i needed 3h

imagine me doing osiris

im just

so confused

idk maybe you sent the script wrong

like theres a part missing

since it just cuts off with no ' at the end

maybe

but we did it

thank you boys

i gain a lot of respect for you guys

ty

appreciate the thankfulness

holy moly this hash wont crack

how can i find the password for shiba3. from linux fundamentals 2

What instructions are you given?

Good job Jovnn

The binary is checking to see if the environment variable "test1234" exists, and if it's set equal to the current $USER environment variable.

So create the variable and set it correctly

Run the binary

Then you get the password

Make sense?

yes but i couldn't succeed

Ok, so maybe show us what you're doing and ask for help?

I tried silly things like this

Ok I don't think you read the question thoroughly

or looked back at how to set variables

or how to run a binary

uh okay

I've been trying export $USER=test1234 for 2 hours

I just was supposed to write the opposite like export test1234=$USER :P

That's incorrect

Yeah

Trying nmap -T4 -p- -A <ip> on chocolate factory but service time scan takes forever, any solution or suggestions please

Yeah, no-one's got time for -A -p- . First thing is use -Pn. A lot of THM boxes refuse pings and nmap will think they are dead and won't run the rest of the scan. If you just want to find what ports are open with -p- do it with a quicker scan first, then once you've found them you can bring out the big guns in a more targeted way.

Okay will sure try that, thanks for your time 👍.

The Juice Shop room is a free room, but it requires you to have done the exercises int he Burp Suite room (for subscribers only)...so does this mean the Juice Shop room is impossible for those who are not subscribers or have not learned about Burp Suite elsewhere?

could someone please give me a hint on the new room John, I'm stuck on this one question to finish it, Task8 Custom rules question 2 :

What rule would we use to add all capital letters to the end of the word?

thanks

well a john rule append is $ or Az so i'd start there

ok

thanks

could someone help me out with Crack The Hash 2.. Task 6 advice n 1? I have created rules in john but the hash wont crack.. dont know if i am missing something..

what rules do you have?

and can you show me the wordlist maybe dm

should be using rockyou

i got the same problem as you have

@wicked bolt can i dm you?

send me what rules you have and i can advise

sure

Hi,

I need a hint for the horizontal privilege escalation
(from ||www-data|| to ||aubreanna||) in "Internal" room (https://tryhackme.com/room/internal)

I've found some interesting things, such as:

||$cfg['blowfish_secret'] = '6wqoJ$mf_Wv($r?g$l4+#P#lAoCVVUM3';||

and I also found the password of the ||phpmyadmin||

you need to enumerate the box as user ||www-data|| to find an 'interesting' file. linpeas could help you here, but manual searching of the 'usual' places will probably be faster

I already used linpeas and checked all the interesting files,
that's how I found the password of the phpmyadmin btw

anyway, I'll repeat what I've done, maybe I missed something related to ||aubreanna||

maybe have a closer look at the ||[+] Finding passwords inside logs|| section for a file being written to

What rule would we use to add all capital letters to the end of the word ? for john the ripper ?

i can't figure this out

have you checked out the syntax here? https://www.openwall.com/john/doc/RULES.shtml

and at the end is append in john-speak

cc:crashcourse room.. working with nmap..even a port scan on a single machine ip taking more than an hour ....is it normal and the only way...to wait for a hour for scan completion..??

Cc: pentesting carsh course room

what command syntax are you using?

nmap -p- -T4 ip

@median compass yeah but still can't figure this out

@median compass

looking for some help on the Linux: Local Enumeration room on Unit 1 - tty, where is asks "
How would you execute /bin/bash with perl?
"

and its saying my answer of perl -e ‘exec “/bin/bash”;’ is wrong so im lost. any help guys?

this is on Task 2?

Yup @median compass

are you using the in-browser machine or your own VM/machine?

Vm

is your VPN active?

Hm...30 mbps

It's active

you can check with ip a you should see a tun0 interface and no other tunX mentioned

Yaa it's showing just a tun0 interface

if you have long round trip times you could try increasing the nmap timeout parameters - -w <time> in seconds

check your connection health by running a ping against 10.10.10.10, you should see a ping time measured in <100ms, if you don't then try the timeout tip

Ohh...it's around 250 millisec...tnx i will implement the tip

you might get more advice in #site-support for this

you might try pausing the Crack the Hash2 room for a little while and doing this one first, it's more of a detailed walkthrough on john
https://tryhackme.com/room/johntheripper0

stuck on root flag in Chocolate Factory. Though i input correct key it shows error as "Fernet key must be 32 url-safe base64-encoded bytes"

need help!

do you have any spaces on either end. I cant remember but i think i just used ||strings|| to find the flag

nope flag is encoded

Ahhh i might have to load up the box again to remember

created a 100 mb file of mexico cities

i created a 30gb file and couldnt find anything haha

i m trying all the rules

oh

..

every possible iteration

i found

a file

with most of the towns

though i used same key and token in an online decoder it works fine!

that had some towns that your file didn't

can i pm to show you my new list

not the 30gb one

ye

I am also struggling with the mex towns one

😕

Guess what. Yup, still stuck on Mexico. Tried as many combinations as the mentalist provides as well as toggling cases, all the john and hashcat leet rules... currently I'm down to trying different lists, spellings or just random combinations of substitutions. It can't be that tricky can it!!? The first 2 were a bit painful but the rest was straightforward 😎

same.

i used @vital spoke script to generate every possible character and iteration for every possible 14 digit place name i could find from lists.. so i must not have the place name right

or there's something sneaky like a 1 on the end

in which case i should be testing 13 char passwords and 12 with border mutation too, but thats not in the task

(is it cheating to use the input field of THM as a hint?)

as long as it gets the job done NO!🙂

i even tried places with spaces (heh) and iterated a _ instead of space

unless it's a placename with a space that has a different symbol instead

@white salmon is there a hint you may be able to provide ? 🙂

About what?

crack the hash 2 task 3

task 6 question 3 rather

sure for crackthehash task 6 quesiton 3 || use wordlistctl to find a cities list and then on /usr/share/john/korelogic.conf look for a rule about l33t||

also remember to convert uppercase to lowercase on the wordlist, that I did it with a linux bash command, but it can be done also with a jtr rule

@white salmon can i pm to show what i've tried

Hey guys, I got what I wanted but I'm looking to improve my output. Does anyone know how can I "grep" an output of

Get-ADUser -identity *********-properties *

I've tried

Get-ADUser -identity *********-properties * | Select-String -AllMatches "password"

There is no room for finding help with commands but I was hoping to see maybe someone has a clue?

Feel free, but not sure when I will be available

@wicked bolt you can also dm me if you for task 6 question 3

Guys, i really can't figure this one ...
Finished all other questions but still can't figure this one 😐
I know main use is to create dynamic passwords from wordlist considering the password complexity requirements and user tendency to append, perpend the required characters ...
Room : John The Ripper
Task : 8

I think I can see the exact text that fits that format

Right there

Tried : password complexity requirements ...

didn't work 😐

That was my first idea, even went to copy paste in fear of a typo 😐

hi

i can't crack the etc shadow hash in that room, did you manage to do it?

and @rocky charm look for the word "exploit" to find the answer

THX man ...

😄

did you crack the shadow hash?

yes, managed to complete the shadow hash

did you split the downloaded file in 2 parts ?

how much did you have to wait?

i have the unshadowed.txt file and john has been trying to crack it for hours

almost instat ...

i split it and ran unshadow and i have the file and john is working on it but i get no result

pass me the content of unshadowed txt

and I'll give it a run

so does it look like yours?

Use spoilers, also idk if its allowed to share things.

like root hash

the hashes are downloaded from the task as txt files

the decripting is a task 🙂

https://tenor.com/view/idk-i-dont-know-sebastian-stan-lol-wtf-gif-5364867

this one worked

try redownloading the file, splitting to passwd and shadow - runing unshadow again , and after that john on the result

and windows and linux generated different outputs when i ran unshadow and both were wrong

I recommend against unshadow

Just use username:hash

THX for the advice , i'll remember for future use 😄

Thanks for the tip!

Hello guys, I'm working on the steel mountain machine on THM. Do you know why I can't execute winpeas on the remote machine?

the l33t rule

doesn't work

ive tried wordlistctl wordlist + lowercasing

i tried both with and without spaces

The l33t rule works. Maybe wrong list? dm if you need help.

il dm u

nmap room help please. task 14. im supposed to deploy ftp-anon against the machine and tell if it is open for login in or not

Terminate and redeploy the target

ok

And/or check your VPN

ok

thanks

i did...but im still getting filtered..

Then fix your VPN

i restarted ovpn..

ok

https://www.reddit.com/r/oscp/comments/ga809w/how_to_use_winpeasexe/

I would recommend using the winPEAS.bat if you are unable to get the .exe to work. The .bat has always assisted me when the .exe would not work.

👀

I just did the same as you with both the .conf rule and the 2010 one with no joy. Do shout out if you get any new ideas for what's missing!

Thanks very much, I'm sorted now! Cheers.

if anyone could assist me with crack the hash advice 3, preferably thru dm, i would greatly appreciate it - thanks

dm

I think they need to update that room, its such a strange rabbit hole with that question

or update a certain wordlist with a certain city

I'm doing the upload vulnerabilities room: https://tryhackme.com/room/uploadvulns

I'm stuck on task 7, I've tried a bunch of different dirbuster scans with different wordlists but I'm only finding the /assets subdirectory and the ones it contains - however they don't contain the file uploads. The room says it should be at /uploads but that 404s. Anyone able to help?

can you provide screenshots/commands

https://i.imgur.com/i2SVsdv.png

oh nevermind i am just stupid. /images is different from /assets/images

hi

yes 😄

in crak the hash part 2 hi solved

soryy to distrub you

i have not researched before asking

never mind .

Great!!!

dont ban me

im stuck actually

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

okay thanks for help
GOD bless you!

Having trouble finding the location of the 3rd image in the Geolocating Images room, is it a mosque?

I think I have identified the direction the image is looking but I'm stumped as to the actual location, or what that white building is

oo I think I found it but it's not labelled on google maps

goddamn that was difficult

cc pentesting room : while using gobuster what are the wordlists that i can use...is their specificity to use particular wordlists...is kali come with any built-in wordlists in its software package??..

Yes

/usr/share/wordlists

For Crack The Hash 2, Task 6, Advice 1, I'm having trouble with the rule set. ||I took the 10k usa male names and prepended numbers upto 4 digits and then I used this rule with hashcat. || ||hashcat -a 6 -m 0 hash.txt num-pre_a1.txt ?s || Can someone correct where I might be going wrong?

If you are talking about task 4 question 4, they asked about the flag that sets a wordlist, as you know kali comes with wordlists for directories, that is used for dirbuster, for gobuster you need to specify the wordlist you want to use, so you have to use a flag to do that

Nope iam talking abt the last 2nd quesn after deploying the machine..it requires to find hidden directories using gobuster..

Okay, there is already existed wordlists at ||/usr/share/wordlists/dirb or dirbuster|| but you can download others if you want

cc pentesting room task 4 gobuster dir -u http://10.10.173.33 -w /usr/share/wordlists/dirb/common.txt -t 64

Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@FireFart)

[+] Url: http://10.10.173.33
[+] Threads: 64
[+] Wordlist: /usr/share/wordlists/dirb/common.txt
[+] Status codes: 200,204,301,302,307,401,403
[+] User Agent: gobuster/3.0.1
[+] Timeout: 10s

2021/01/22 12:46:51 Starting gobuster

/.hta (Status: 403)
/.htaccess (Status: 403)
/.htpasswd (Status: 403)
/index.html (Status: 200)
/secret (Status: 301)
/server-status (Status: 403)

2021/01/22 12:47:22 Finished how can i find which of the above is a hidden directory??

Have you also tried appending?

Which one most wants to be hidden?

Also the others aren't accessible

After using the gobuster tool ..it's the output which i have came across ..but how can i find which of the following are hidden??

It's not hidden on the Linux sense

The only fact that i know was that they are started with a dot in linux distros..

It's hidden in the "I don't want you to find this" sense

But what if i have to find them for a webiste.... should i directly visit the website and inspect stuff??

Why not try?

i gave it a try....but i can't find more than one directory while inspection in website
...from them

But the ans in the room is for a single directory..

It's in your scan

I can't find both secret and .hta directories in the website directly which are in the scan ....then how can i confirm that which one is going to be an answer??

.hta isnt accessible

Secret might not have a listing

Use more than 4 and include special characters

I'm looking positive and saying there was merit in getting me to question the dataset I was using, but it was at the expense of trying everything else! Bit weird having the place that doesn't seem to show up elsewhere. I'm more concerned that, given the hint the idea was to demonstrate using a certain tool, which I doubt anyone has done to crack it and is certainly far from the best thing to use in this case.

Dear can I get a hint for windows event log room last task question 8 I have found the event is but when I answer ther group sec id it says wrong

have you ||looked at your sudo rights||?

@river path or run linPEAS

cant figure out where im going wrong with this one, its in the HTTP basics room

nevermind, got it

Can some one help me set METAsploit module for Game Zone room ?

Or hint maybe ?

Can anyone help me with the theseus room? I found the query string and the xss vulnerability but I don't know how to exploit it...

What happened here

after run I get

[-] Exploit failed: An exploitation error occurred.
[*] Exploit completed, but no session was created.

Have u set all the options correctly then it should work

I set them as the pictures shows

or maybe I need to set Proxies http:localhost:10000

?/

I try with that and these didint work eather

I assumed that u have set ur LHOST and LPORT

nope

...

yaiks

I think it should be setup

but there is no options for that in that webmin module

Hi everyone, I would really appreciate a quick hint on Looking-Glass. I am at the humptydumpty user, I have to further escalate. I tried some enumeration scripts such as LinEnum and Linpeas. I haven't been able to find any vulnerability or password exposure. Many Thanks

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

Updated with more details 💯

try checking deeper with gobuster scan

all the directories that have ||status:403|| are inaccessible, so you left with the others, hidden in the sense of that you can't find them on your own, you have to use gobuster with the wordlist to find them

need some help in

cth level 2

which one?

i need hint on the stuxctf room, i found in the ||robots.txt|| a directory but is not accessible, and in the code source of the page i found those numbers, i tried what the hints said, but i couldn't find any hidden directory, do i have to crack it in a certain way or what ?

Can someone help with windows event log

@eager saffron If you are still stuck, try looking at payloads

@ashen scaffold I will tommorow. Thanks for hints

Hello. I'm doing the daily bugle room. I have managed to get a reverse shell using joomla and running a custom php file. But I don't have a lot of access and can't even get the user flag. I'm a little bit lost of what to do now, I have looked at the cron files, checked for something unusual running, looked at files all over the system, and I still don't have any idea of what to do next. Tried running linpeas too but it gets stuck at installed compilers.

What can you do in this kind of situation ? Any tips?

may I know what do you get running linpeas?

Sure. here it is. It gets stuck at installed compiler. Don't know why

It seems bit buggy, could i dm you to help?

Sure!

google where the passwords are stored in joomla

Alright. Thanks for the tip Anish. I have already finished the room.

Once again, thank you @onyx sparrow for your time

hi. anyone know what is login creds for splunk OVA???

Same here. On Advice 1 - Using the top1000 usa english male names list, I tried appending/prepending nums-symbols (1 to 3 times). Also a combination of appending and prepending 1-2 nums/symbols. I tried combining more than 3 num-symbols as well, however, I can't get any openCL version of MD5 working in either John or Hashcat on my osX machine to speed up the cracking process. Any ideas?

You can --fork to share the workload providing you have suffi cient cpus allocated. You will need to try more variables than you have, though.

Gotcha! Yep, I tried fork=16, but got discouraged when ETA was >1h and I thought I had to be doing something wrong if I did not crack it within 5 mins. Thank you!

Generally use fork==number of cpus

Oh ok, I know this sounds wier,d but on room 2, what ip am I supposed to ocpy

copy

which room specifically is it called @karmic oasis? and what is the question

its not weird to need help when you are starting out by the way, no one is born with this knowledge

Oh ok thanks

It's the second room

where you're supposed to copy and paste an ip

can you screen shot what you are looking at maybe?

(I didn't follow any path or anything on try hack me so my second room might not be what you did, and searching for room 2 shows me a few options)

@ashen scaffold @acoustic steppe
Hey Just wanna let you know, that your hints helped me.
What I need to do, was to list available payloads, use one of them, and I need to set RHOST to my localhosts because of the firewall rule on the target. Thanks

Hello fellow hackers
John the ripper room task 8 question 2 I am stuck for some days now at 96% wondering if anyone could point me in the right direction
In my mind it's --rule=A-Z or a combination of but nothings working any hints appreciated  thankyou

If you look in the text it explains how to format a rule for john. You need to use 2 letters which mean "put it at the end" and then format your regex using quotes and brackets like in the example

1)You want to append to the end of the word, 2)Add all capital letters, 3)dont forget the quotes(" ")

and forget about including "--rule" in the answer

Successful thankyou

I can now sleep soundly at night once more

guys. crack the hash level 2, task 6 ,n1 advice . I downloaded the male-names directory and added some custom rules, still cant find the password. I Am tired of trying, i have been trying for 3 days, still cant find the first question. What am i doing wrong? Custom rule: ||A0"[0-9]"Az"[0-9]"
A0"[0-9]"Az"[^&()+-={}|[];':,/<>?~*]" A0"[^&()+-={}|[]\;':,/<>?~*]"Az"[0-9]" A0"[^&()_+\-={}|\[\]\\;':,/\<\>?~]"Az"[^&()_+-={}|[]\;':,/<>?~]"
A0"[0-9][0-9]"Az"[0-9][0-9]"
A0"[0-9][0-9]"Az"[0-9][^&()+-={}|[];':,/<>?~*]" A0"[0-9][0-9]"Az"[^&()+-={}|[]\;':,/<>?~*][0-9]" A0"[0-9][0-9]"Az"[^&()_+\-={}|\[\]\\;':,/\<\>?~][^&()_+-={}|[]\;':,/<>?~]"
A0"[0-9][^&()+-={}|[];':,/<>?~*]"Az"[0-9][0-9]" A0"[0-9][^&()+-={}|[]\;':,/<>?~*]"Az"[0-9][^&()_+\-={}|\[\]\\;':,/\<\>?~]" A0"[0-9][^&()_+-={}|[]\;':,/<>?~][0-9]"Az"[^&()+-={}|[];':,/<>?~*][0-9][^&()+-={}|[]\;':,/<>?~*]"||. Do i need to add more options?

@fossil cosmos please ask in one channel only. 🙂

if you ever answer, maybe i will

Be patient. Someone may help you when they can. So, please post in one channel only. :)

sure man, thanks for the reply. At least someone have replied

lol

Hi. Yes you do need to try more options. ||Also your rules are fixing the numbers in place, if you just write 0-9 inside the brackets with the special characters|| you will have more chance of success.

Thanks man, really appreciate it

Hi, I'm also stuck on this question. (I also have the event) Did you find out why the group ID was wrong ? Any hint would be appreciated !
Edit : Well it's just because the answer isnt that obvious... 😉

hi guys, i'm doing the room "the market place" and i found a ||sqli i discovered it manually and wanted to exploit it quick with sqlmap but he can't find the vuln is there any options that will make the tool check better ?
i have a url like "<IP>/admin?user=2" then i use sqlmap
sqlmap -u "http://<IP>/admin?user=2"
but it says "GET parameter 'user' does not seem to be injectable"||

Probably because it's not an sqli

Have you tried a different user id

sqlmap probably cant find it because it needs the admin cookie to check that you are admin

but now that you found it yourself why not try to do it manually? It's a nice exercise to learn to do things without using tools 😉

yup i solved it like that ... and for the sqlmap i tried to capture the request and used -r as an option and it worked

thnx for the hints guys

anyone had luck with sustah room yet

@gusty kite that's still under hints embargo

72 hours from release, no help or hints until that passes

just curious about if people had luck with it.

Don't.

Wait 72 hours from release.

I think you misunderstand my intentions but no problem.

is this the room for stupid questions lie why is my progress not showing on the "complete beginner" page

It's for hints on rooms, so if you're stuck on a room an you need a hint or nudge ask in here.

So I'm in webappsec 101 and I'm tryna find the name of a logged in user. I'm using burp suit and through in a wordlist as the payload, and using battering ram as the attack on intruder, however it says every single name on the list is correct or has worked indicated by a 200 code

I'm confused at what I'm doing wrong here

Status codes are HTTP related

Not application related

Wrong passwords etc aren't a HTTP error

Ohh so 200 just means the webpage loaded successfully

200 is just OK

200 doesn't mean anything loaded or whatever

It just means nothing HTTP errored out

Oh. So any hint as to going about finding usernames? Keep learning burpsuite or start using hydra? @stuck fractal

I don't remember how to do it

well i would assume theres more than one way to do it

can u mimick a burpsuite pitchfork attack on hydra?

true that , try to fuzz it and filter the size

For crack the hash, can anyone confirm whether I'm just using the wrong wordlist.....

i'm trying both the SecList 'malenames-usa-top1000.txt'

and the male-names wordlist using wordlistctl

but no joy after 2 days of trying across john and hashcat..... :/

what task?

Advice 1, border mutation

I dont want a hint on the ruleset

I've generated a hashcat rule file that was 112gb

Just want to make sure its not a stupid move on the other end of the rule spectrum

fyi here is my john-local.conf which is why i swapped to hashcat, it starts to get a bit heavy and hashcat is ALOT faster

||lAz"[0-9?!$@#%?.:^&()+-={}|[];',/<>~*]" lAz"[0-9?!$@#%?.:^&()+_-={}|\[\]\;',/<>~*][0-9?!$@#%?.:^&()+-={}|[];',/<>~*]" lA0"[0-9?!$@#%?.:^&()+_-={}|\[\]\;',/<>~]"
lA0"[0-9?!$@#%?.:^&()+_-={}|[];',/<>~*][0-9?!$@#%?.:^&()+_-={}|\[\]\;',/<>~]"
lA0"[0-9?!$@#%?.:^&()+-={}|[];',/<>~*]"lAz"[0-9?!$@#%?.:^&()+_-={}|\[\]\;',/<>~*][0-9?!$@#%?.:^&()+-={}|[];',/<>~*][0-9?!$@#%?.:^&()+_-={}|\[\]\;',/<>~]"
lA0"[0-9?!$@#%?.:^&()+_-={}|[];',/<>~*][0-9?!$@#%?.:^&()+_-={}|\[\]\;',/<>~]"lAz"[0-9?!$@#%?.:^&()+_-={}|[];',/<>~*][0-9?!$@#%?.:^&()+_-={}|\[\]\;',/<>~*]||

can i get a hint on sustah room for task one

No hints or help are allowed for new rooms till 72 hours passes.

ok

in the ZTH: Web 2 Room Task 11, in Seciton 3 API Bypass. Is the solution really to ||fuzz for the flag.txt or is there another way to find it through, you know, an API bypass||?

You might need to think about other ways the name might be written, and use more variables. Think in terms of ap/pre pending say|| 3-5 ||numbers&characters. No 2 is exactly the same problem but is a bit easier on your machine, so you might try that first as a test.

go for it

what?

go for fuzzing

Hi Guys, Looking for hint for Crack the Hash 2 room. Task 6 Advice 3. Got the towns list from ||wordlistctl||, removed spaces,all lowercase, used the default jtr l33t rule,also used l33t rule from ||/usr/share/john/korelogic.conf||, still no luck. Anything else which i can try ?

Another list? Seriously try ||cities|| or it will drive you nuts

🙂 It already did. Ok will try ||cities||

And it worked! Thanks @candid nimbus . Only Advice 1 and 2 remaining. now. Also tried few things there also but no luck. Any hints there as well? Does the combination here means - for e.g. name is Ram, so possible combinations are 1%Ram,Ram1%,1%Ram1% ?

Sorry guys i am having this problem

idk if it's a problem of john or what

Spot on

Heellooo, is there anyone who escalated to system in alfred room without using metasploit

can i have a hint for break out of the cage room i literally didn't solve any flags
i have subdirectories and a file called dad_tasks
what should i be thinking of?

dad_tasks seems to be encrypted but i dont know what type of encryption is that

did you do anything to dad_tasks yet?

no it's an encrypted text

i think its base64, i tried to decode but nothing appears to be readable

you're on the right path...

try harder

https://www.boxentriq.com/code-breaking

this might help you

how to find out the key used in Vigenère

there are sites that will try to guess if you don't have the key

how indeed. ... boxentriq kinda tries

decode.fr also tries

cc pentesting room : while working on john the ripper...i referred the man page all the flags are documented as single dash(as Unix options) but the answers while completing the task are precceded with doubled dashed as gnu long options and while implementation too it's working as double dashed ....can i know what's wrong with the man page.??

Hey guys, I'm on the sustah room and I try to find the number for the spin. I create a python script but the request is really long and the number can be|| 9999( if you see the * and the script code )|| , I'm on the good way and I have to be patient or I do something wrong ? 🙂 thanks !!!

no hints for that room yet I don't think, not until it's been out for 72 hours

oh I though I can ask for hint and not for help 🙂

Have to wait another day for that room.

ok ok or I will try harder 😉

there is a js tool also for that

Hey, Im stuck on the Jenkins/Batman room - got everything working with the msf console reverse-shell - just can't get meterpreter to stabilize it keeps dropping any info on this?

Please don't replicate a question across multiple channels. 🙂

c'mon man, i was waiting for a response. I didn't see anyone active.

Just be patient. It's a virtue.

Man, ive been trying this for 3 hours on THM - i'm very close and i'm not exactly sure whats going on?

Hello again: Tried these rules ||Az"[0-9]"Az"[!$@#%.^&()+-={}|[]\;':,/<>?~*]" Az"[!$@#%.^&()_+\-={}|\[\]\\;':,/\<\>?~*]"Az"[0-9]"
A0"[0-9]"A0"[!$@#%.^&()+-={}|[]\;':,/<>?~*]" A0"[!$@#%.^&()_+\-={}|\[\]\\;':,/\<\>?~]"A0"[0-9]"
A0"[0-9][!$@#%.^&()_+-={}|[]\;':,/<>?~*]"AZ"[0-9][!$@#%.^&()_+\-={}|\[\]\\;':,/\<\>?~]"
A0"[0-9][!$@#%.^&()+-={}|[]\;':,/<>?~*]"AZ"[!$@#%.^&()_+\-={}|\[\]\\;':,/\<\>?~*][0-9]"
A0"[!$@#%.^&()+-={}|[]\;':,/<>?~*][0-9]"AZ"[0-9][!$@#%.^&()_+\-={}|\[\]\\;':,/\<\>?~]"
A0"[!$@#%.^&()_+-={}|[]\;':,/<>?~*][0-9]"AZ"[!$@#%.^&()_+\-={}|\[\]\\;':,/\<\>?~][0-9]"|| . Still not able to get it. Not able to figure out what is missing. Any other suggestion ?

Yup, you need to || app/pre pend 3-5 variables. Don't worry about having the numbers separate, just put 0-9 in with the special characters and use that as 1 variable. If that is eating up too much time, you can slim down on the special characters. The top row of a standard US/UK keyboard should be enough||

could someone spare me a hint on owning root on overpass 3? having trouble finding my vector. a hint or kryptic nudge would be appreciated. im on ||james||

Have you ran linpeas?

Because if you got to James, you found something and LinPEAS should have shouted at you

thanks james ill double check

can you tell me more about it

https://github.com/bobloblaw321/vigenereBruteForce

you give it a known chunk and it will continue the work for you

Huh, that's good to know seeing as I spoke to the creator about the theory behind that. That's awesome.

but it depend on the number of chars you know

at least it will make things easier

Yeah, the specific example it was built around was SSH key headers which tend to have fixed starting characters in base64

thats true

i tried that but used to use 10 chars to get my keyword

it's a new room, so no

wait a few days

or keep trying

No hints or help are allowed for new rooms till 72 hours passes.

Hello! Has anyone completed the NIS Linux part I room?

hello , yes for sure

Can you dm me a small hint for those shiba passwords? I cannot seem to find any clues in the room

Hi, any hint for Cyborg?

No hints or help are allowed for new rooms till 72 hours passes.

okey ty, i will try harder

👍🏿

hi, one question about gatekeeper room. When doing the bof I used my own machine (win 7 32 bits) to test it out but I have missing dll errors in there, did someone have the same problem?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.
This statement ^

it says the room is 24 days old

it was released yesterday

#announcements message

Oh ok sorry

the room age is from creation and includes creation and review time

if it's on that list, it's off limits

Oh I got it thank, sorry again

Not usually, if it is on top of the list, usually means to check #announcements

in any case, just try harder 😛

do some research based on what you find

i did research trying to install those dll the whole morning

i just want to ask if im in the good path or wasting time

He send that to me not to you I deleted my question

oh sorry then

i thought it was to me

sorry, haven't done gatekeeper afair

Room: owasptop10
Link: https://tryhackme.com/room/owasptop10
Task: 16
Exploiting and accessing the machine was out of the scope for the task. However, after doing so I found a user.txt file which contains a numeric value. Is it some kind of an easter egg and can that value mean anything?

Can someone give me a hint for Overpass3, how do I get access over the james account as paradox?

Have you tried ||linpeas||

yeah

Maybe I overlooked something though

probably, it'll be in bright red

hey can anyone give me a hint for Cyborg room
how to gain access to the machine, i tried to find but i cannot understand
i even got a hash and i crcked it but i dont know where to use it

Please wait 72 hours from release to request hints

ok

I think I found the right PE vector, ||but I somehow can't just mount the nfs-share, is this my error?||
||I used:sudo mount -t nfs <machine_ip>:/home/james /tmp/pe||

Look at the open ports on the machine

You can't talk to the service

Therefore you can't do that like that

Ok thanks I didn't think abou that

you're on the right track

Room: https://tryhackme.com/room/physicalsecurityintro
Task: Task 6 Hardware Bypassing
I can't find an answer for 2 questions in aforementioned videos. Any hints where can I find the answer?

The said questions:
An improperly hung door which opens away from you can be bypassed using this type of tool? (the second one)
Adams Rite hardware fixtures are susceptible to a bypass where a wire is snaked through the keyway and actuates the locking mechanism behind it, what could prevent this bypass?

An improperly hung door which opens away from you can be bypassed using this type of tool? (the second one) is 100% answerable with google

The other is a pain to find

it's in the video, but not quite by the same name

the other you can guess at it a bit if you think about it

I need help with the tunnel in the unbaked foot machine, can someone help me?

Which?

Unbaked pie

I do the commands well with ||chisel|| and it doesn't work

The problem is there are so many answers that would be also possible, I cant find the proper one (the first question)
The answer to the second would be just welding a wall so noone can just get to the locking mechanism

I am lost in my last answer in room Sysmon, Qustions: What C2 is the adversary utilizing in Investigation 4? - any idea?

the first one is in Deviant's video

@slim pivot a wall, like maybe a shield?

ooooh, got it

thanks 😄

you basically had it

the wording makes sense as an anglophone

but you have to be in that mindset

english is not my first language. It is sometimes hard for me to find synonyms

yeah

it's not a super commonly used word

about the remaining question - is it conneccted to thin cards that you put between door and frame?

that's one way

those are called shims

yeah, this one I got right

oh, so shim and cards is the same 😛

is it about this funny thumb-turn handle?

:/ i am lost on my last case in Sysmon room :/

ah i found it

Please don't ask the same question across multiple channels like that

please wait 72 hours from room release to ask for hints

Please don't try to enforce the rules, that's covered under Rule 15.

Room Vulnversity, Task 5, Q1. "Search system for all SUID files. What file stands out?"

A pointer as to what I'm looking for here? Goal is to privesc

@split steeple Did you run the command from the hint?

It's a find command that searches for suid files

Yes, copy pasted. Got a ton of results.

a bunch of errors?

Just permission denied.

try adding "2>/dev/null" to the end of it and try again

should narrow it down

that is basically taking all errors and thorwing them in null uinstead of dumping them on screen.

So permission denied counts as an error?

yes

you tack that command on the end and it will not show those

they are garbage

@split steeple You get it?

Yeah, thanks dude! Learning new things about ||systemctl ||as we speak.

@split steeple I'm glad it helped!

Im hella stuck on the last 2 questions of Windows Event Logs room. I don't understand xml queries well enough to find where "net1.exe" is in the "merged" event logs

They are litteraly the last 2 questions I have in the Cyber Defense path

||check the powershell history||

in blue right now and metapolit just worked before and now it says exploit completed but no sessions

what should i do??

screenshot

i used the exact same commands to set the hosts and i got it to work before

show options and screenshot

Did you disable your firewall?

Or explicitly allow 4444?

yeah i got rid of firewall

wrong LHOST ,LHOST = your vpn ip

fixed that but still getting same issues

show options and screenshot

Is it failing or is it saying no session created

You may also just need to reboot the box

no session created only

i reboot box twice already

I wonder if it’s that shell

Try with the default shell it gives you when you select the exploit

whats the default

i set it to the other one so many times its no longer default

Anybody?

Hey Ragnarok -- sorry this looks like it got buried

I'm taking a look now at this (:

Okay😃

I can't see anything that would require the value of that file -- however it does make me question the reason as to why it's there to some degree

are thair any voice chat rooms?

I'd personally say you're safe unless the questions ask for it. However the OWASP 10 event is on my ever-growing list of things to revisit and fix a few minor bugs that we discovered during the event -- I suppose that could be one of them!

Oh alright 😅

Yes -- quite a few @elfin ether but you have to synchronise your THM account with your Discord to access them

!docs verify

weill get you started ^

I was expecting it to be a THM subscription voucher🤣

It's very possible it was whilst the event was running (: I know there's a few so apart of that "updating the room" will be removing the remnants of them as they're obviously claimed by now

But aye yeah -- I can't see anything that's asking for anything like a user flag -- but I guess keep a note of it just in case? 😄

Oh..cool..thanks for letting me know that I can find some hidden cool stuffs like thm vouchers on further enumeration 😅 I'll look harder on newer machines ^_^

CMNatic arer you busy

I found another bug in task 16 of that room. The authentication of the login page is broken and I can visit the machine ip/note.php without even authenticating myself as I noticed that no cookies are being set after logging in.

I'm about to head off for the night -- well day as it's 7AM but I'll be around for a few more minutes @elfin ether

oof okies

I've jotted that down

All the more reason to bump that one up the list

Thanks for letting me know!

@steady stratus should i do the moduals befor doing the 25 day corse

25 day course? As in something such as Advent of Cyber?

idk where to start

should i do the 25 days of cyber security fist or do somthing else im new to this stuff but i wanna learn

Ah okies, I appreciate that. In my personal experience I've found events such as OWASP 10 and AoC2 to be incredibly useful if you're new to infosec (AoC2 was designed specifically just for that)

However, there's modules such as the linux fundamentals that I'd recommend checking out to cover the foundations of those (although they're quite over whelming)

we have this blog post to hopefully maybe get you pointed in the right direction

!docs free-path

In Cyborg room.....I ran hashcat for the password which was obtained and its running for a really long time....i guess i went on wrong way of approach...there are no writeups for that room...so....any hints??

but imho AoC2 was purely built to be super introducable in getting you started in cyber security @elfin ether

AoC2 where is that

Teaches you enough to get you going -- but leaves you the opportunity to research further more on your own or look at other content on the site

https://tryhackme.com/room/adventofcyber2 (:

Especially as every day has a full walkthrough video for the topic as well!

So you've got a lot of well detailed information in the tasks - and if you're stuck - an in-depth video to help you out (and then finally a great community here)

ok thank you

@proven bridge pls do writeup or any hints for Cyborg

@worn meteor please respect rule 13

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

hey i am in room cyborg and i am user **** and i figured out that there is one file that can make me root but how do i edit that file ?

see rule 13 just above

@kind bear

i mean i own that file still i am not able to edit it ?

or it is also part of that box ?

how do i create a file called noot im confused on that how do i creat a file in genral so i can note it down

im on Linux Fundamentals Part 1 part 9

Please read the rule.

so it is the part of that box ?

I don’t like repeating myself.

No hints.

lol no need

i got it

Guys, in "The Marketplace" I am stuck at the sqli step. I 've ||found a way to gain access to the admin panel using xss to steal Michael's jwt, and also the sqli vulnerable point. However, using burp intruder or sqlmap, after some payload the cookie stops working and I get a 403(Forbidden) error. It also happens when I try to exploit it manually.|| Any little hint to solve this problem?

Any nudges for sustah?

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

where are you at?

Foothold. I know I need to write a script to fuzz the input, but I don't know enough scripting to be able to do that.

which port, 8085?

yes

I've found the python requests library helpful

you could probably do it with curl though

gotta learn basic scripting though

ok I'll read up on it, probably a good excuse to learn some python

I mean the base will be a for loop

I had 27 lines of code, but I had an input for the target ip

and I used concurrency to go faster

Need a hint in Cyborg room, I found BORG files and crack hash for music archive, what should I do next ?

I think rule 13 still applies

@ripe hedge i ask @wicked bolt for help me and he report me!

take it up with the mods

Where are you stuck?

Ping me when you reply

Writeups for Cyborg will be approved about a week after it's been out.

I have one personally submitted but the creator doesn't want them shown yet.

Writeups have been accepted already..

I'm just telling you what he messaged me after I submitted.

Please do not send unofficial writeups :)

can i ask for a hint for cyborg room?

has it been 72 hours?

idk that's y im asking

72 hours is up tomorrow at 7PM GMT

is there a way to tell when a room was released, the age of the room isn't necessarily relevant to release. Do we just go off the announcements channel?

Hello everyone, i am pretty stuck on a easy task that's driving me mad: Juice shop room, Question #2: Log into MC SafeSearch's account! the password is there to be seen and i am strugling to log in. It seems i am doing something wrong! i tried various combination but at this point i fear something is wrong with the account

can someone help?

yeah just be checking announcement frequently... also you can check from the THM site dashboard(New Rooms section)....

A minor update for the Cyborg room
As writeups have been accepted, hints are allowed to be given out (Muirland Approved).
Please do not ask for spoilers, only nudges, if you do see someone asking for spoilers rather than hints, please inform a moderator.

@opal vine Your question is allowed, go ahead :)

i just solved it but thanks

@trim haven can you give me spoiler for cyborg room?

-mute @random gorge 20m You were explicitly told not to, after being warned for asking for answers.

🔇 Muted ZimE#4506 for 20 minutes

¯\_(ツ)_/¯

Thanks James

There's an argument you're missing

One that is required for bash/sh to not drop suid permissions

Just... Kinda... Add them?

Hey all, I have been stuck on Intro to x8664 for about 3 days. Task 4 Question 1 "What is the value of var_8h before the popq and ret instructions?" ||I have tried 63, 60 things related to c because of the hex conversion|| but nothing seems to work. I have been back through the previous tasks 5 times now and it's just not clicking for me.

I am using the ds, dr, dc, db, pdf @main, and px commands to search for it but it's not working so far.

Remember that the value that px @<register> gives back is base 16.

I literally just got it after I posted lmao. it always works that way. Sometimes wording the question makes it click for me.

@umbral umbra Thanks a ton though!

It was also confusing because it doesn't change from ||63 to 60|| until right before the instructions.

Yep. Usually when I get stuck, as soon as I tell my manager(s) that I'm stuck, I find the solution. Articulation seems to be the key to unlocking it

Sounds good, again, thank you!

Worked on this for a day now. Vulnversity room, final question. Privesc'ing by using ||systemctl||. I'm following some write-ups, but when I'm launching the very final command ||(/bin/systemctl enable —now $myEnvVariable)|| I get Permission Denied. Why?

Never mind. Got it, finally. Did some chmod magic. jeeeeezus that was satisfying

are there different versions of the Pickle Rick box? I noticed the write-ups show that you can immediately connect to a web page on port 80 and connect to the "Help Morty" page but my box only has a CyberChef page. Am I connecting to the wrong systems?

Am I connecting to the wrong systems? yes

You're using the IP of your AttackBox

The attackbox is the machine you control that you hack from

You need to use the IP of the machine under Active Machine Information. That's the target machine.

If you don't have that heading, you need to click the gree Deploy button with a cloud on it.

ok I just hit the deploy button and that seems to fixed my issue. I'm waiting for an IP address to post

i try to scan 999 port of that ip address

but it doesn't work

=(((

Does anyone have any idea ? it's in the nmap class

umm why is their a 0 in front of p

it needs to be -p- 999

Hi. I'm on the mr robot room, and the question is: why can't we spawn a valid tty shell with reverse shell with php, sh, etc. And ONLY with python?

I'm using the reverse shell cheatsheet

Sorry, not the reverse shell. Just spawning a shell, being already inside the machine

I can't comment on why some do and don't work, but it's not only Python. You have a few options most common ones are here https://netsec.ws/?p=337. Course you can also see if socat is available or can be downloaded

could someone please give me a hint with the room Windows Event Logs Task 5 X-PATH queries

Task 5 Question 1

Get-WinEvent -LogName Application -FilterXPath '*/System/Provider[@Name="WLMS"]

i think is the first part but can't find the info about system time

Thanks

I know it needs to be concatenated with and , but i seem to be stuck on the next part about the system time

No

figure out what the tag is called and use that

I got in the end mate, I was stuck for ages on it and could not find the correct syntax but found it now.!

thanks

cool

👍

Room: https://tryhackme.com/room/physicalsecurityintro
Task: 6
Question 5: An improperly hung door which opens away from you can be bypassed using this type of tool?
Any hints on this? Have been searching and searching but nothing. It's my last question on this room. Q4 is the same question but I have that answered.

Anybody able to solve the easter egg of owaspjuiceshop room? I went pretty far and landed on this page: ||http://10.10.17.210/the/devs/are/so/funny/they/hid/an/easter/egg/within/the/easter/egg|| but the page is not loading up. I tried inspecting the source code of the page and found out that the main init() function which is responsible for rendering the page is throwing few errors. So the page is not loading up.

Check out door by-pass tools on Deviant Ollam's page. It's demonstrated in the vid, but you might not catch him mention it.

ty, got it 👍

Web fundamentals room: Task 5 about curl.question 3 ...how can i get a cookie??...a little confusion with the flag ..need hint

You're given a route, a path to access

And the webserver will set a cookie for you.

Iam confused with the flag -c....for cookie.. whats the input that i should give for it??

No.

You're getting given a cookie

You don't need to provide anything

Thanks. I mean only python is valid as a tty shell but the rest aren't. They work but don't have full functioning

It's a two part query. 👍 Glad you figured it out.

hello,everyone. the room SQL Injection Lab task 6 , my python script use string.printable test admin password ,but the third letter not found ,why?

Hello guy , I'm on Jeff room and after gobuster the all dirs ! I found ||a zip file|| , I try with John but nothing at the moment. Any hint on that ? 🙂

NVM^^

hi
can someone help me pls 🥺
im stuck at "year of the rabbit"

it just that rick rolled 😫

i turned off js but i dont know what to do next

-p- ==> all ports
-p0-900 ==> from 0 to 900

try fcrackzip

check the requests for something interesting

has anyone tried hitman box.

linux agncy?

no hints for 3 days

hmm I have a feeling that the real obstacles in this room are the hints and not the actual tasks at hand.

The hints are definitely cryptic for sure. But that's okay.

well I am at one now that makes no sense to me so I think I am done for tonight.

i can't bribe that man
im really stuck there
i cant do illegal things 😂😂

Agreed , I am stuck trying to privEsc to Jordan ... not sure if I have broken the box or something else up 😦

YES!! my previous privesc b0rked something..... dropped down a user and used a different privesc path .....

i'm stuck as dalia trying to become silvio 🥲 <not asking for help btw>

No hints or help are allowed for new rooms till 72 hours passes.

hence my <>? Where else can we discuss new rooms without spoilers? General?

I have figured it out anyway

👍

I got to sean but I can't find his flag yet

passwords don't seem to be working for the named users

Physical Security Intro:
https://tryhackme.com/room/physicalsecurityintro
Task: 6
Question 3
Question 6
I watched the videos but I didn't get anything

getting jordan was fun!

i feel like if i give up half way through i'll have to do all this again 😆

same , already extended twice

trying to get to penelope now...... the clues are still giving me more of a head ache than the tasks

yeah.. same

Not if you get penelope 😄

I am going to have to give up on penelope for tonight ...... in work in the morning....

How do you like the progression of the challenges in Linux Agency?

flows quite well

Yeah, I thought it was very well done. Took me two days to test it all.

jeez found sean's flag at least

not sure if intended way or not but /shrug

i think it should be more than one part because like this its time consuming

was a bit of a pain lol

i've been copying bash and giving it SUID in the home folder +777 just in case my shells crash

I am starting to think penelope is really obvious but I am just too tired to see it

hahaha yes i just found it

but no hints sorry

i would love to give the tiniest little hint 😢

No worries 😄 like I said I should be going to be ..

Forgive me again... Total newb here. I finished my first room in the beginner's path and I'm now in introductory researching, I don't need my attack box to be running do I?I

Not in case there is no deployable VM attached to the room.

That's what I thought, my split screen disconnected and I wasn't able to follow along with the youtube video

Is there a reason this would happen or how I can remedy it, when it happens?

When it disconnects, refresh the page, when in split-page mode.

In case you're not a subscriber, you only get a limited time on the AttackBox, one hour per day. As a subscriber, this access to AttackBox is unlimited.

got to get my brain in gear for the user flag now! 😮

What means EVS

In linux

Thanks Tim the T

Environment variables.

What would Obi Wan Kenobi say?

Use the Force!

Did you research SSH key fingerprints?

Uh-oh! You have had your machine deployed for too long. oops!

Hey guys ! , im finished the goldeneye CTF , but i have no clue about this question , i know there is a pop3 server on that port , but i dont know about another service running on that . Some ideas ?

Ok, the question is misleading and needs to be re-written

It's actualyl asking for what program you use to interact with the pop3 server

Sorry for that!

I don't know why you're apologising

The room needs changing

Your question was fine

Oh the problem is the question of the room 😂

hahaha thanks ! yep it was that thanks a lot !

Hey dude, Physical Security Intro resolved; new hints 6.5: 'captain's traveler in peter pan'; 6.8: 'Marvel's Agents'

Anybody already did LinuxAgency room? Does anyone know if the flags retrieved in the privilege escalation segment work as user passwords or not?

nope

crack the hash-level one-task 1-question 4
will it actually take 22 days?

if it has to try all 14344385 words, yes

only if you do something wrong