#room-hints

what if the password was on the last line of rockyou

smb was being too wierd

it would have taken forever

would've looked for something else after about 30k

or 10 minutes

yes exactly

but with the hash we can use the whole file

yeah

ok I see your point

i had a shell and was running crackmapexec on the background and i got the password for achilles who was a admin

i was also little bit suprised

I had two shells from port 80 and 81 and running bloodhound

but did not need any of that🤣

How did you look at the SMB btw, I was getting nothing out of it at first.. dunno why maybe I should have waited a bit longer...

lunizz... finally got this f... password 🙂

i didnot look into it. I just bruteforced the password for smb using crackmapexec

ah, kk

good to know, good to know

I took the advantage of SeBackupPrivilege.

which user had that privilege? @lost crag

achilles

it is easy once you get the shell as achilles as it was on the administrator group

we were actually talking about the intended way to get a shell as user achilles

those who tried bruteforcing the password for user achilles dont even need to exploit the webservers for any kind of foothold

admittedly without the flag hints, you wouldn't have known achilles was a user there

unless you fuzzed for usernames, but it's hardly the most common username

and I feel like doing the intended taught me a lot more 🤷‍♂️

At first i got shell for two users exploiting the webservers and as i was finding that the user achilles was administrator as well as kerberoastable, I got the result from the crackmapexec as it was running on the background. I have shown both ways on my writeup though.

as @fervent python always says it is always beneficial to be running something on the background when you are doing manual enumeration

hey when I want to bruteforce a user inside of a machine is there any alternative to su bruteforce

cuz for some reason i am getting errors in it

inside of the thm machine only

For me this time I think It was lost for me.I was trying to execute command from port 81 but eventually I got password for achilles by bruteforcing and I did not even bother after that to get command execution from port 81.

@lost crag you can read my writeup. I have showed how to get code execution on port 80 and 81. I couldnot get code execution on port 82 though

is the ssh open on the box?

where do i put the dirsearch/dirbuster

Please clarify your question, because it doesn't make sense

like i have this question use dirsearch/dirbuster to find the hidden directories. and i dont know where to use the dirsearch/dirbuster i found dirbuster and its a bunch of .txt information

@stuck fractal

Room, task, question?

Did you skip the Linux Fundamentals rooms?

probably

where can i find that

its my first time using the website

!docs free-path

Task 1 Web App Testing and Privilege Escalation Question 3

btw @stuck fractal can i use kali linux to do this tasks or i always need to use the web console?

You can use Kali, but I think you need to learn how to use Linux first.

okok thx

@serene flax i am not bruteforcing the ssh login

i am bruteforcing the su login inside of the box

to get root

but yeah ssh is open

can root user login on the box using ssh?

bruteforcing the ssh would take much longer tho

I got in as helen. How do I get Achilles hash?

yes

you can try and bruteforce the ssh password. if it is intended way, it would not take more than 10 minutes

i actually did

the hint is we will, we will rock you

so ig that means bruteforcing

use Rubeus @white owl

yes i guess so

which room are you doing? @slender dawn

Tony the tiger

https://tryhackme.com/room/tonythetiger

i have done the java deserialization part

i am in task 7

I havenot solved the box. maybe those who have done it might be able to help you

thanks for your reply tho

happy to help 🙂

Thanks I'll check it out

Remedial question: I'm on the tutorial and I'm unclear on what the format of the flag text should be. I enter the IP address in Firefox, get a 405 error, and that's it.

Format should be provided in the answer slot

Wrong IP then

So, it's supposed to be the IP address from 'Active Machine Information' rather than the IP address at the top of the AttackBox?

Yeah that'll help

Thanks!

the IP in the "Active Machine Information" section is the IP of the machine you just deployed, and the IP at the top of the attack box is your IP

When I entered the IP from the 'Active Machine Information' section, it displayed the flag text instead of the 405 error

yes that's correct

any idea on when we can expect writeups for Hacker of the Hill #1?

Any hints on root flag for HOTH easy box? Or writeup soon? I got a shell pretty quickly and then hit a wall trying to privesc.... Don't know what I'm missing here.

Perhaps checking out cronjobs can help?@slim axle

I have already submitted the writeup. waiting for the creators of the room to verify it.

there are multiple ways to root that box. have you tried running linpeas?

would it be possible to send it or would that be against tos/morals?

well it is public on my website.

I did, but don't see anything (or don't know what I'm looking at lol). I just got into THM like a month ago. I dug around looking for creds, checked out SUID, thought I found some exploits but couldn't get anything to run, etc... I'll keep at it.

as which user do you have the shell currently?

looking for a hint in the Burp suite room, trying to find a request in juice shop that issues a 'Set-Cookie' parameter in the response header. Anyone know of an endpoint in juiceshop to visit to achieve this?

you got the permission ?

#room-hints message

nice .

@serene flax I got a shell as serv1 and serv3

||for serv1 check for the groups that the user in and search for the files owned by the group. For serv3 check the entries on the /etc/crontab and you can find that a script is being executed as root in every 1 minute and check if you can use that to execute code as root||

@serene flax I'll give it a try. Thanks!

@serene flax can you dm me your website? I'm interested in what i missed on the hard box

You tolk the breakout shortcut as well? 😂

i got in to the container on the hard machine with the password and i saw that the docker socket was exposed to it, but i couldn't even get root in that container to use it. i found some vulnerabilities/bugs/weirdness on the other sites on the hard box, but nothing i could turn into code execution

done 🙂

There is a way to get to a fully exposed docker socket on another container. From there it is easypeasy to get all flags.

yeah if i could have written to it i would have created a docker that mounts the host system, dropped in an ssh public key into root, and then with root on the host i could use docker exec -it to get into the other ones

this privesc was possible from the container which was running the service on port 80. I also tried to get root on the container that you were in but the code for that flask server was almost similar to the one of the documentation page except a minor change. So I tried for a while to get root and left that container

that was a good writeup

I am looking forward to seeing writeups on how to get flag 1-3 the proper way 😂

Thanks 🙂

I have tried to show the intended way as much as i can. As the writeup was pretty long already, so I did not show few privesc techniques for the easy room and also for hard room.

Question on the writeups of Lunizz: people are building their own python script (https://apjone.uk/tryhackme-lunizz-ctf/) to crack the password, however, I believe that what the script does is exactly what (for example) hashcat does when performing a dictionary attack. Am I crazy here? Why would someone reinvent the wheel? Plus with python? lol

Cool will read it when it comes out

Can hashcat base64 encode the words prior to hashing?

it is out and on my blog. just waiting for @steady stratus to verify the writeup.

Ok I usually just wait til it is public on the room page.

Hi anyone have solved this room or solving this room https://tryhackme.com/room/bufferoverflowprep

yes finished it earlier today. you can DM me with questions if you want.

Is there anyway to get some hint on the room Threat Intelligence question task 3 about the first 3 Network IP address blocks bleongs to?

I just know class A, class B.. etc

I think you have to wait some days for hints on that room

Since it has been just published

It's not that difficult though

it's a silly, and poorly worded question

@simple mountain need your pin for the new room

Oh, cool - Thanks. I thought it was a walkthrough, but that was yesterdays!

Do not provide or ask for help or hints for THREAT INTELLIGENCE room until 6th March, 7pm (GMT)

@ripe hedge I got confused..

yeah, that question has me baffled

Keep at it, I believe in you, Pood

You can do it guys

its probably really simple, but sometimes its the simplest things that destroy my brain

In fact, I think the question is wrongly redacted... but that's me

not sure what you mean by 'wrongly redacted'

hey, did they change something in Burp? My Community Edition has Sequencer's 'Analyze now' inactive 😦

For the cookies in the burp suite room?

It's a bug with burp

a ok, thank you

probably 'wrongly composed' 🙂 in some languages there is a word very similar to 'redacted', which means also 'composed', so English non-natives mix it sometimes (including me, haha).

Thanks, that makes sense.

Working on the linux challenge and it says I need to find flag 3 where the bash history is stored... I don't know where that is. I tried googling and using the command find / -name .bash_history but I didn't see anything that looked like the right directory.

figured it out!

You will bang your head against the wall when you realize what the answer is.

more so than now?

Yeah 😂

Has anyone here done the Nmap room recently ? Kind of struck on a question. No matter what I do I can't get the required ans. I tried the solutions available online even they don't seem to work

https://tryhackme.com/room/furthernmap

Task 14 - Q4 and 6

I did it recently

@near torrent I recall that the number of ports came easily from the scan result when limiting the ports to first 5000 and using only SYN scan

Okay. I will give it another possibly an issue on my side

there are 10 possible solutions if you look at the format 🙂

did you guys change the file in serv3's folder for KOTH #1? I am very bad with vim appereantly

you can use echo to write on a file. echo whoami >> serv3.txt will append whoami on that file

ah yes, ofc.. thanks 🙂

In the threat intelligence room task 3 ques no. 7 ? Anyone help?

@peak cave please see the pins

The room is still under hints embargo.

Okay sorry @stuck fractal

Think I'm missing something obvious on this question too.

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

hey everyone, im on goldeneye, task 2 question 2 and im trying to do a dict attack on pop3, however im getting the following error when attempting to run hydra

any help would be appreciated with this as ive had to resort to metasploits very slow bruteforcer

Have you checked the hydra manual?

ive googled this error everywhere and havent found anything too helpful

So maybe don't google the error... perhaps all the info you need is in the error message itself

?

what use is an error if you cant research it

Again.. did you read the hydra manual?

mabye my hydra is an older version?

That is quite possible... now check the help/options menu. Are there any other options that may potentially be of use?

hydra is up to date version help menu shouldnt contain anything that the manual dosent alrdy have will check anyway

nothing

Maybe just try the first half of that command

Sometimes the simple answer is the right one

..sometimes.

hydra's help is very short and contains nothing too useful besides basic syntax

will try running with -O but i dont think it will fix anything

ok looking at my command it has the -S option because i copied and pasted it from online

very dumb mistake

Hahaha don't worry you're in good company!

dont know how i kept missing that flag throughout troubleshooting

Did that solve it?

yeah

Nice!

hello guys, can anyone tell me please how can I upload a print screen here?

there's no drag and drop and can't find any upload button 😫

!docs verify

follow that

@split nymph

thanks

Can someone give me a hint for flag4 on dogcat?
i literally ran
find / -size +1c -and -size -90c -exec cat {} \; | grep -i THM
and couldn't find the flag

oh well maybe now that i think about it it could be inside a bigger file

jeez, don't help me for now i'll come back later when i failed more

*dogcat sorry

oh

flag 4 is the root flag, no?

nope

Hello everyone! I need help on the "Intro to x86-64" room 🙂 I'm doing something wrong when checking the value of var_8h for the if2 binary

it's the third one, the fourth is probably hidden somewhere in the fs

which flag are you looking for?

the fourth

oh right it's not in the container

i tough about escaping from the container but i couldn't find anything, i'll try harder thanks for the hint :D!

Can anyone tell me please why do I get the "?Invalid command" on anything a type in telnet?

there's not supposed to be a space between the c and the 1?

i've tried. I've tried other commands than ping...they are all invalid

try .RUN "ping -c 1 10.10.133.198"

are you sure that you're still connected to the server?

the telnet> prompt is unusual

checking

no clue

try using netcat instead of telnet

naw the room specified telnet

i am connected to the server. I can use my local machine

wich room is that?

I'm spinning up a machine to check

networkservices

yes, task 7 exploiting telnet

yeah you are not longer connected to the server

there's no prompt normally

I see. yesterday it happened also. Today I have the same issue

Am I doing something wrong?

exit the client, try reconnecting

ok, I'll do it...for the 3rd time. I'll let you know. thanks a lot

did you CTRL-C or something?

ups, yes:)

when I do the tcpdump on my local it runs forever so I stop it with ctrl-c. But even before that the telnet has the same issue

tcpdump is normal

the telnet won't show output

so it's basically blind

I am doing linux backdoor room , in php backdoor I have hosted the backdoor but when I access shell.php it ask for downloading it . which is I guess is right. My question is how do I access the cmd parameter

?

it's usually a get parameter, but your server needs to support php for it to work

if it's downloading it, then the php processor isn't setup

Ohhh

I have hosted it on local server in attack box

I guess php is not setup there

I also closed the tcpdump so I can access the telnet. couldn't do the telnet while tcpdump was rolling

it's an apache server or a python server?

Python

run the tcpdump in a separate terminal

👍

well yeah that won't work 😉

Will it work on apache server

if it's set up

Is thwre any syntax error in this cronjob

Your ip

Forget it

Shit

Hello, I'm doing the " Threat Intelligence " Room but I'm pretty blocked at this last question ( pic below ) I've read all links provided at the start + googling of course and it seems that I'm missing something but I don't know what, any ideas ? Thanks and have a good day

I'm sure the flag is very easy to get but I know I'm missing something

hey guys can I get a hint on the Windows investigation 2.0 for question

room goldeneye, task 3, final quest, officer needs help pulling up the aspell spell check feature when creating a new page, heard its CTRL+right click but when doing this i just get firefox's options. any help on getting this gosh darn spell checker to reveal itself would be amazing ❤️

Kind of a guess but that ABC ✅ button looks about right for a spellcheck

its a strikethrough 😦

Not that one

@rose cape

ohh 🤦‍♂️

Have to say I wasn't expecting a woop woop when I put the answer in. It's better to think of it as 'what standard defines those addresses'

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

It's my fault, I did not notice it was a new challenge

when doing it

I'm pointing it out, I haven't done anything more than that.

Yeah I know but I should have verified before asking

But I just found the answer, I've already tried it before but it kept telling me wrong answer, I don't very know why

Anyway thanks again for replying

In the ultatech1 room: The software using the port 8080 is a REST api, how many of its routes are used by the web application?

Can someone give me a bit of guidance on how to proceed? 8080 seems closed to me.

it might take a while to spin up, give it 5 mins then re-run your scan

I think the question is just wrong. I looked at the writeups and it seems like people just ignore the question asking 8080 and they go with 8081.

Box has been up for over an hour as well.

have you considered that 8080 (api) is only accessible from the local host (via port 8081)? I haven't done that particular room but it is pretty common to do it like that

8080 can be open Internally

This isn't specifically room advice but i'm working on something and I would like to understand how remote port forwarding works a little more. I think I just need to talk to someone to understand

If someone could DM me or something

#infosec-general

hey everyone, i'm a new user of tryhackme, can someone help understand what i should do here please, it's the getting started room

I'm not sure what room that is but you could try the common credentials provided in the description

i tried all of them and they didn't work

that's why i'm asking

the room is called "getting started"

The description is talking about a hidden administrator page

I don't think the /login is the correct page

oh i see

i found it

thanks dude

No Problem

how can I access sublist3r

?

you could try install it from github if it's not already on your system

ok ty

I recommend against it, just like the room does. Because you're gonna have to fill out a bunch of Captchas

ok

Trying to solve Lunizz CTF room, stuck at brute-force password, its been 20 minutes. Can someone tell me approx how long does it take to crack?

depends on your computer. I have seen everything from 4 hours to 5 days

seriously lmao

it is pretty much midway in the password file

idk but would u mind sharing it? I really wanna finish and move on... Like i never would have allowed bruteforce to go this long. Instead i would have stopped and looked somewhere else...

I recall it being in the 700.000-800.000 #word

are you bruteforcing or breaking the password using a modified script ?

i just used this https://zetcode.com/python/bcrypt/ and checking password

I do not have the password here anymore but I suspect you can find it in writeups

i actually took a hint but yeah i am on the right track i confirmed

remember the base64 part

basically word -> base64 -> bcrypt -> compare to the mentioned hash. If match, then word is the password

hmm... i opened but they are hidden lmao

I did a multithreaded script and it took me a day to crack it on my normal laptop. I initially used a sudo exploit to just get on with it and continue

hmm yeah i noticed that path too via writeup. but initally when i found the script i thought of using that but i really didnt like the idea to hide password so below

afterall its not simulating a real life pentest

its a CTF lol

I will follow down the exploitation path from here... but practiced a bit of python too. Thanks @gusty kite

If you pick the right length words out of rockyou, you can get the wordlist down to about 14000 and crack it in a reasonable time

how would you know the right length from the clues you can find? I didn't see any hint of that

tbh I got a hint that the password was 7m in and I used a sed to cut out a chunk of the file and checked that in a "reasonable"™️ time

You don't. You need the write ups for that - although you could reasonably have a stab at a certain minimum password length from the first one given. Someone on here said they'd done that and had success. After 36 hours of running a script, I felt that was a decent short cut, just to prove the script I'd written did crack it. I also considered the route you took.

i buckled before you did and gave up after about 6 hours checking 🙂 even multiprocessing it over 8 cores it was so painfully slow I just couldn't...

at least my script did find it with the shorter list, so that was nice

Out of interest, did anyone try it with colab? In hindsight I probably should have tried that 😀

bcrypt is designed to be slow, even on colabcat I reckon it would have been a decent amount of time to check >7m passwords - certainly longer than the 5-10mins THM guide time

Yeah. Bit of an odd one. Be interesting to know the thinking behind those choices. I mean it's realistic to say that rockyou isn't going to crack everything in 5 minutes, and make people think about that, but that did seem to go to the extreme if that's the only point.

i can only assume all the room testers used the baron to jump from the first user and didn't have to try cracking it, otherwise I can't imagine it would have passed testing

if you guys wont mind, can u share ur scripts with me. I would learn and improvise from them @median compass @candid nimbus

like how u did the mulithread part

well, on the understanding that it's about my second time trying multiprocessing and I can't guarantee the code is any good, then absolutely

dm?

yes sure, i appreciate it!

I am also trying to improve my python scripting and its hard to find like these kind of stuff, so its better to solve boxes and learn...

I'm on my phone and haven't got the right computer with me, but feel free to ask about anything you get stuck with.

Hello someone can pm for administrator flag in hackerone challenge (medium box)

I can share my terrible code....

import base64
import bcrypt
import sys
import concurrent.futures
from tqdm import tqdm

salt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6'

def testPasswd(password):
    bpass = password.encode('ascii')
    passed= str(base64.b64encode(bpass))
    return bcrypt.checkpw(passed.encode(), salt)

def genPasswd(password):
    saltySalt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UO'
    bpass = password.encode('ascii')
    passed = str(base64.b64encode(bpass))
    crypted = bcrypt.hashpw(passed.encode(), saltySalt)
    return crypted == salt

with open(sys.argv[1]) as f:
    passwords = f.readlines()
    maxLines = len(passwords)
    print(f'{maxLines} passwords to test')
    with concurrent.futures.ThreadPoolExecutor(max_workers=16) as executor:
        for pwd, res in tqdm(zip(passwords, executor.map(genPasswd, passwords)), total=maxLines):
            if res:
                print(f'Found match: {pwd}')

tried both methods

no dice

and it has issues loading all of rockyou

Room Buffer Overflow
https://tryhackme.com/room/bof1
Hi all, I'm looking for help on Task 7, anyone dying to help on this one?

I'm also looking for help on the regex room.

[Ff]ile[1-9]

How do I exclude 'File7' from the output?
Any help would be great!!

maybe expand the number range ?

[Ff]ile[0-689]?

Do not provide or ask for help or hints for the Team room until 8th March, 7pm (GMT)

any one playing Team room?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

Right after my message here too...

Cyber Scotland 2021
theo - password?

@slow slate i done it bro 🙂

@slow slate thanks anyway 🙂

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

Hope you enjoy the room man

Your code looks good, i bet the issue you are having with loading rockyou can be solved using using the following command to open a file: with open(sys.argv[1], encoding='utf-8', errors='ignore') , and when trying to encod the password to ascii put that code inside of a try except because it will fail, also it takes a looong time to find the password, so i can give you a hint : it is 19 characters long

naw it's just that rockyou is too big

Are you sure? I am having no issues

I can share my code if you want, also i've stolen from yours the loading bar, looks good 🙂

Then filter it using the hint i gave you, i really hate when boxes ask you to brutefoce things because not everyone has the cpu power to do it

especially bcrypt

I reencoded rockyou with iconv to remove the bad chars

Yeah, also hashcat does not support bcrypt with salts, odd

it totally does

Because bcrypt is default salted.

I've cracked salted bcrypt because there's no unsalted bcrypt.

yeah sorry i ment to say that it does not allow me to specify a salt, for example hashcat lets me specify a salt when cracking md5, but not with bcrypt

You can specify it, but it's actually a part of the hash

Same as sha512crypt.

Oh really

Well i've learned something new

any hint on foothold for team final

Do not provide or ask for help or hints for the Team room until 8th March, 7pm (GMT)

You read the hint on the room page?

yesss

I did it yesterday. Dm me if u still need help

@worthy cape Can I DM rq?

Sure

can i dm you ?

Where the heck is this “relevent config file” located in the Team box

@proud crag

Do not provide or ask for help or hints for the Team room until 8th March, 7pm (GMT)

Ok sorry

Hello, I'm on GameZone room at Meterpreter part. I've tried all the suggested payloads with no luck, I've tried RHOSTS with 127.0.0.1, also with target machine, I've tried LHOST with target machine and RHOST localhost but I got no luck. Any advice?

Please don't ask the same question over multiple channels like that

@cedar sluice Please remember rule 13, that room is under hints embargo.

Sorry I didn't know! ty ty!!

Idk where to search

What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

you generally google any vuln with its CVE. every vuln has its own CVE

ok ty

so I just would type a cve in this question?

We don't know the context because you haven't stated it

If you want help with a question in a room, we need to know what room and what question.

^^ @brisk pivot tell the problem followed by screenshots 🙂

teamcw i'm baffled

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

Still under embargo

mhhhhh

very super baffled now

ok i'm autistic l

and blind

Would you like to clarify that comment?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

So I am doing the investigating windows 3 room and could really use a hint on the question “this is the default communication profile the agent used to connect to the machine. What attack framework was used? What is the name of the variable”. I thought attackMitre was a framework I have also found a ton of variables in the powershell. Could use a hint here 🙂

oh ok

like I try to search for an cve but I don't get it

Please don't post answers @brisk pivot

But I do not have the answer

do I?

oh oops

so sorry I forgot that the answer was there 😐

hey guys, could anybody please give me a little hint for the team room? I found the lfi and been stuck on it for such a long time and couldn't make anything out of it. Would really appreciate a little hint 🙂 Thanks

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

Why though?

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

alright make sense 🙂

could I please get a hint of how to find the answer for the question: What is it called when you use Google to look for specific vulnerabilities or to research a specific topic of interest?

like a hint to find it

Please state the room, task, and question when you're asking for hints

oh sorry I gtg

I will ask it tmr if that is ok

🙂

any hits for room: teamcw ?

The attacker is using a specific tool which you need to identify to answer those questions. It's also listed in Mitre. They've also used a particular module. You should be able to identify what it is from googling information in the payload. After that it's a case of digging around, and reconstructing the steps to identify what settings the attacker chose (or left as default-hint) in running the attack. Oh and in that question the answer is the wrong way round from the question. The framework is the second word in the answer.

OMG, the answers are reversed, I lost a lot of hair over that for nothing 😦

Yeah it was only when I got both answers and couldn't see what else they could be looking for that the penny dropped!

I'm also looking for one

please read the pinned messages

no hints until monday evening GMT

Hint for Team room?

I added the ip in my hosts

cyberjunkie, on monday come back one will be realeased.

Then tge main site appeared

What?

a hint for the room will be released on monday.

Oh

anyone got any tips for getting from LFI to rce? no room in specific :))

or a tool which could help ?

Haha maybe the box doesn't have RCE from LFI

https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/

That is my go to for LFI to RCE

Unfortunately doesn't work often

yes im starting to think that, but having no luck locating specific files which could give me any creds, have user.txt but no foothold 😤

thanks !

ah its you ! 😂

@worthy cape nice box man 👍

Btw after Monday you can ask for hints officially on here

Cheers man glad you enjoyed it

yup is fun so far

guess im waiting till monday lol

hi guys i am stuck in wineventlogs romm at XPath Queries section ...can someone who completed this room give me some help with q1 and q2....i tried everything and no luck for now 😫 tnx

Is it possible to execute a script with lfi vuln?

When you're asking for a hint for a room, please state the room, task, and question.

Otherwise if it's a general question then #infosec-general

its team

Then don't ask at all

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

!rule 13

Having issues with Linux challenges "Flag 16 lies within another system mount". Tried cat /etc/os-release, cat /etc/lsb-release, findmnt (going through all the mounts). Hitting a wall here.

/etc/os-release, cat /etc/lsb-release, Why would those be relevant here?

Just based on the previous (Flag 15 Can you find information about the system, such as the kernel version etc.). Thinking 16 was a continuation

this are my best gueses on the questions... Using Get-WinEvent and XPath, what is the query to find WLMS events with a System Time of 2020-12-15T01:09:08.940277500Z? Get-WinEvent LogName -Application -FilterXPath '*/System/TimeCreated[@SystemTime='2020-12-15T01:09:08.940277500Z'] and /System/Provider[@Name='WLMS']' and second Using Get-WinEvent and XPath, what is the query to find a user named Sam with an Logon Event ID of 4720? Get-WinEvent -LogName Security -FilterXPath '/EventData/Data[@Name="TargetUserName"]="Sam" and */System/EventID=4720'

Ok. Look into where a USB stick would be mounted by default in Ubuntu @steady thicket

Any hint for question "Run Loki. Inspect the output. What is the name of the module after Init?" from room -Investigating Windows 2.0.
Checked the o/p but not able to understand.Is the module name printed in the o/p or do we need to dig it out from the Loki's code?

We are the same, I only need that one for weeks I still do not get it

Got it, DM me if you want to know

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

@white salmon This applies for another 48 hours or so.

@worthy cape I am enjoying your room, beating head against soooooo many walls, finally got my first flag!

Glad you enjoying it haha! Foothold is always the hardest bit in my opinion

I already gave up and come back to it 3 times, about to go for the 4th lol

heh...

So you are the creator of team box?

Been at it from evening

I replied to you on forums

@worthy cape thanks for creating the "easy" box

Haha yeah i was on the fence of easy / medium

your profile pic suits you

😂😂😂

still haven't been able to successfully enumerate that box... I'd vote "medium" @worthy cape 😋

so tru

@worthy cape plss a hint for priv esc

When i got the user flag i was very happy

@sweet ferry no hints until monday

F

concur 😭

If i got root tonight

I will do a writeup and publish it on. Monday or when allowed

Else i will be the one reading a writeup

xD

😭 my wife wants me to watch Coming to America 2 with her today...but "easy" team room!

The name hints it bro

It requires team work

ha!

invite your wife to solve the box

ez

Yeah woman can solve any problem

@slender dawn her solution would be to throw all of my computers away then say, "see, problem solved!"

Stonks

Team room is so depressing xD

I feel like I am stuck in an empty room enclosed on a all walls with the word "easy" being yelled at me constantly. However, I am enjoying it. Started playing with pentesting monday.... so learning all the things.

good proper enumeration always pays off

Once I figured out the blindingly obvious thing staring me in the face, getting the first flag was easy. This second one is going to be problematic, but may also be slap the forehead when I do figure it out kind of thing.

Funny thing, did not figure out the obvious thing from the actual obvious thing staring at me.

IMO it's on the hard end of easy

Bit guessy though

If you find all the clues its not that much guessing

Ok, taking a break, think I went down a ridiculous rabbit hole.

hello hackies, i have a question about the burp suite room

What's your question?

in the target definition portion:

"Navigate to the Target tab in Burp. In our last task, Proxy, we browsed to the website on our target machine (in this case OWASP Juice Shop). Find our target site in this list and right-click on it. Select 'Add to scope'."

i dont know which website is the OWASP Juice Shop

wait, do i just go to the website? 😆

still a lot of fuzzing to do

which is basically guessing

Hey great box!!

Just finished it!

isnt that what 90% of pentesting is?

Hacker Methodology. Ok so I searched but I cannot manage to find anything, may I have some help please. Just like a hint not the answer like where to find or what should I type in the google search bar

what room is that?

xD

google ****ing

nvm I found the answer from someone

but ty

I'm pretty sure that all those terms are in the description of the tasks

at least for all the rooms I completed so far

if it is not it is in the hint button

Dalemazza's room is harder than 2 hard rooms I finished before trying this one because everyone was talking about it:D

😂

I swear when you make it. You think it's easier then it is

^

I might have been lucky but I found it to be pretty straight forward. The most usual tools and attack vectors for easy rooms.

Uh oh, think I may be making a small, very small bit of progress....

If anything, regardless of the difficulty rating of a room, it demonstrates gaps in one's skillset related to the tasks/methods/techniques required to complete a room. A beginner room can take 4 hours, while a hard room for the same person can take 30 minutes. This is all part of learning. 🥳

Considering the fact that I just started learning a week ago, everything is hard 😉

But, learning a lot!

When it becomes easy, it is good for confidence for a bit, and than amp up for the next level of complexity/difficulty. 🙂

"when it becomes easy", they say....

It never becomes easy. 😄

well, then I must be a pro already, because it is hard, like rock, my head that is 😉

100% agree 😅

Its inspirational vibes today💪

Room : linux fundamentals
Task : 8/9
Problem : everytime I try to run a file it says /root/b.txt: Permission denied

Screenshot.

the machine or task?

Of exactly what you're doing and what's happening

what I'm trying to do

what's actually happening

You're not on the machine that you need to be

you mean attack box?

You are on the attackbox

oh u mean I forgot to ssh?

You need to SSH into deploy

Or as it's linux fundamentals 1, you use the browser access FOR THAT MACHINE

so in short

i forgot to ssh

In short, you're on the wrong machine

You're not told to SSH in, you're not told how to SSH in.

Ok, so what is the right machine?

sorry If I sound frustrating btw

The one that you deploy with the deploy button

NOT the attackbox

Caps are for emphasis, not anger.

You get a terminal above the tasks, because the room is set up specially for that

this?

oh wait lemme check

Yes that button

not clickable so ig it's already started

which lead me to this

That's different

That's not the main button

Screenshot the whole page.

Ok, below that video.

See this?

That's where a shell on the target machine shows up.

yep just got it after refreshing

This doesn't happen in very many rooms.

what's the difference between it and the other machine attack box ? and this doesn't require to be connected on the VPN right? cuz I'm not

The attackbox is a substitute for using your own kali machine. It's a machine you fully control that you attack from

The VM you deploy in the room is your target.

alright thanks James for saving my night!

not help but I didn't know where else to post this, what a fun box! Thanks THM and all involved.

short question about brainpan, or buffer overflows in general:

||this is about exploiting the "validate" executable.
the basic schema for exploiting it would be ./validate 'shell_code_to_write_into_eax' + 'padding_to_overflow' + 'address_of_a_call_eax'.
however, initially i had it the other way around, first putting the 'padding_to_overflow' (NOPs), followed by shell code, followed by the address to write into the eip.
with the second approach, the shell code is not being executed. i simply get a segmentation fault. shouldn't it not matter?
if i preprend the shell code with NOPs, program execution should simply slide along until it hits the shell code, no?||

@worthy cape

Is there any who solved Basic Malware RE ?

I need some help.

I am not able to unzip the file and lod the binary to Ghidra. If anyone can help me !

**load

@slender sand What do you mean "I am not able to unzip"? any error messages? or you don't know password?

The password is written in Task 1.

😂 I didn't saw the password earlier. Thanks for reminding.

I was trying to crack it. But was not able to. Thank you.

@rare dust Thanks

easy box my hole 😬

Tbf if you do good enumeration there is little to none guess work 😂

anyone rooted Team room?

im stuck there atm

I need some help

In Team too?

yeo

where are you atm?

lovely beginner box 🙃 🙃 🙃

Has anyone completed the Windows Event Logs room? I'm stuck on Xpath queries and need some help.

Yeah, I was lost in Middle-Earth for a while.

@modest swift what room?

@surreal sentinel yup

@modest swift you got it?

Can I have some help/hints with the third question? https://imgur.com/a/Y7kpBcg.png

room = https://tryhackme.com/room/ccpentesting

what have you tried?

ports, -port

what is the question?

there is an image https://imgur.com/a/Y7kpBcg

how do you set the target port

so... how do you set the target port?

that's what I don't know

you haven't tried anything?

I tried ports, and -port

or do you mean what have I tried to try and figure it out

I googled it

and looked at the metasploit help

what is the question?

why do you keep asking

i've already told you

the question is How do you set the target port?

is this a walkthrough room?

well, it's this room https://tryhackme.com/room/ccpentesting

no no...

sorry, I don't understand

what task?

task 8, question 3

you could've looked at the image

ummmm...

what was the question?

what are you talking about

How do you set the target port?

this one

yes..

what did you do before?

before what

the previous ?

the previous what

how do you set the host?

that is rhosts

oh.... lol

have you solved everything else?

all the previous things, yes

you can dm me

but.. why?

i'll explain

@late patio sure

same

on Inferno, was getting disconnected from your shell/ssh every 30 seconds meant to be part of the box?

Yes

🤮

Why are you specifying version 2?

Wait which Linux Priv Esc room?

There's a dozen

smh, just realised i was being an idiot and had the wrong ip - the error message threw me off. Thanks anyways!

Part of the fun yes. Pretty easy to circumvent though If you realize what happens

any kind soul could provide some hints? I read the article like 10 times ..... cant get it.

They all have something in common which is defined by a particular specification. That's what you're looking for.

anyone working on wekor hmu

No hints for wekor. It's a new room release.

Needs a pin

the arpawocky is one

THANKS. @cedar axle @candid nimbus got it

guys, please, someone had this same problem on Wonderland chal?

hatter@wonderland:/home/rabbit$ whoami
hatter
hatter@wonderland:/home/rabbit$ ls
date teaParty
xec "/bin/bash";':/home/rabbit$ perl -e 'use POSIX (setuid); POSIX::setuid(0); ex
bash: /usr/bin/perl: Permission denied

my terminal sucks with the entire command but its right. I really dont know why perl is displaying it. I tried every perl version on /usr/bin

Are you sure you're the right user?

Your command is super weird

its from https://gtfobins.github.io/gtfobins/perl/#capabilities

its a privesc by CAP_SETUID

!docs verify

I made that room

I know what it is

oh ok

If you think you're doing everything right, #room-help and post screenshots. You'll need to verify to post images.

ok thank u bro

Please don't call me bro.

🤦‍♂️

can someone give me a hint on how do i find the username for wgelctf

i have the private key

i tried with www-data but thats not it

https://tryhackme.com/room/wgelctf

see comments in html

shit i forgot to check comments of the apache site

thanks

Can someone please help in the room of wekor? The room owner said feel free to ask questions

didn't see that but defaulting to wait until the embargo is over first

sorry

fucking lmao

Need a hint for overpass priv escalation?

where are you at?

Hey guys! I’m the creator of wekor. If you guys need hints, I would gladly give you some without spoiling anything 🙂

bait ?

there is an embargo on wekor to Wednesday i suppose

creator can override, technically

I suspect that there are shenanigans with that room though

didnt started it yet

but looking forward to complete it

yeah I hit an impasse

Same... Hit a brick wall... Did some research but, dont even k ow if its the right thing 😆

I saw something but it doesn't look vulnerable

anyways

Are you guys all talking about wekor right now ? 😄

yeah, but not necessarily asking for hints

Ah ok 👍

I think I have an idea for something to try though

just finished it - thanks for an interesting room @frozen crane

No problem 🙂 glad you liked it

hated you last night though when I first started 😆 was too tired to do propper sqli checks. After a bit of sleep it all went a lot easier

😄

haha, I've yet to see where we can actually inject yet...but distracted by work

can anyone help me with this question from windows log event ...i cant get the right variable 😫

I thought I had checked everything and pretty much gave up. then tried again this morning and found it almost straight away

Oh and guys just another little detail.... how was the machine, if we are talking about performance ? Was it fast was it slow ?

The second one is a little slow at times for me

seemed alright, but sub boxes are faster

it was slow and for some reason the/xx-xxxx/ uri did not respond at first when I found it. returned to it some time later and it worked.

I actually did my own box yesterday and the pages weren’t even loading haha 🤣

spoilers, @gusty kite

Yeah it’s slow there’s only half a gigabyte of ram haha

I think we should boost the box a bit

it's a bloody huge site though >.<

Yeah that’s true as well

Well I guess I’ll ask at least

part of why I hate WP I guess

Hello! I am practicing nmap, but in the first exercise it asks me to verify the ip of "MACHINE_IP" with ping. Does anyone know how to get that MACHINE_IP?

deploy the machine

there's a big green button

ya lo hice

already did

there should be an ip address at the top of the page then

kind of like this:

also verfiy yourself

on discord

!docs verify

is the IP on machine details, on the attacking machine screen?

the box I screenshotted

No... Its on the room page where you deploy it. After the countdown is done, it'll show

that says "Active Machine Information"

for example

this is my machine, not yours though

Not asking for hints but i need a sanity check about wekor room because looks like I stuck at stupid thing, does ||privesc to root has anything to do with python library hijacking or path variable?||

I'm still looking for this one too. Did you figure it out @white salmon ?

Yes I did, need a hint ?

Hey, i would appreciate a little nudge on the privesc part. || i think i know what i need to to with the netstat -tunlp command and the open ports but idk how to reach them without curl or ssh creds for port forwarding ||

You can use nc or telnet

||ignore first part of the question and focus on the last part - question should really just say "where were the 3 first IP address ranges first get described?"||

yo man...help me out im stuck at the wordpress site

Take a look at /it-next 😉

Nice work!

Love the Kaspersky keyboard.

AV with one key only.

@frozen crane hey, liitle help! Stuck here for forever.

@frozen crane can i pm you ?

Sure

@frozen crane you did not make this very cli friendly

what do you mean?

the massive html that comes out of each request 😦

euhh every website has a lot of html lol

there's always a lot of html if you want to make the website beautiful 😉

can i ask for hint about the wekor room

or its a bit early

Not until the 10th 7PM GMT

ok thanks

yeah ... but not 10 KB worth >.<

yeah maybe I exagerated with the website a bit haha

hey @frozen crane, a little nudge for prviesc to root? I was able to extract password for the binary.

sure

hey, do I need some special wordlist in order to bruteforce Bounty Hacker ssh credentials?

I went thru like 3.5k pass from robot.txt

hope the question is ok

You should have found a file earlier

That looks like passwords

I did find that file that was mentioned, but apparently I'll have to take another look at it. Thanks

@frozen crane can I DM you?

Sure

yo guys, I'm doing wekor, can i get any hints? found the vhost and the cms running on it. feel like I'm missing something. also found a dir /re*******n

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

Do not provide or ask for help or hints for the Wekor room until 10th March, 7pm (GMT)

Need help for the team room 🥲

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

||Cannot connect to the Maschine with the openssh private key. SSH says invalid file. Is there any other step to do? I also can’t convert the key to ppk||

the comments in here are ridiculous

Is there something I can help you with?

lol, was a cryptic hint for F43i

Gotcha

Do you mean the # ? I removed them. Otherwise I don’t get it

im stuck on the network services 2 room. PM me if you can help

Just ask your question

many people can help, many people would rather it wasn't over DMs

can't showmount the NFS shares for some reason

Screenshot

nvm, figured it out

you do get it

You need toakw sure the key does not have and spaces in or line breaks ie make sure there isn't an "enter" at the end of each line. Also chmod 600 it

Thx guy’s you’re great

Hmm

i got user on wekor but root looks like it will be hard

Still under embargo 😉

yeah i know

whats embargo

Rule 13.

ah

actually these things give a lot of info bout the box

is it just me or is there a step missing here

No

The room sets the scene at the start of the mysql section, explaining that you already have creds

ty, must have missed that

On teamcw, I think I've found what I'm supposed to do but I'm not ||receiving a reverse shell ||

Im stuck on ConvertMyVideo room
i cant find the user that can access the secret folder
Im beating my head for a long time
someone plz gimme a hint :/

anyone

@tranquil ivy whats the room called?

@tranquil ivy whats the room called?
@cedar axle
ConvertMyVideo room

you have the link

?

What link?
Of room??

yeah

https://www.tryhackme.com/room/convertmyvideo

have you found the rce?

I opened with burp
Trying to do a reverse shell not working :/

but you can confirm basic command injection?

think about what characters might be filtered and try to bypass that

what is not working? The shell or the injection?

think about what characters might be filtered and try to bypass that
@cedar axle
Yeah
Figured out a way and got shell thnx :)

🙂

Hint please!
Nmap room
Task14
Scanning

Scanned using this command
Sudo nmap -Pn -sX -vv --top-ports 999 ip-address

Never mind, solved

I need some explanations tho, for the Xmas scan I got 1000 non-responses but the answer is 999
For the TCP SYN scan I got 6 open ports but the answer is 5... why is that?

Just fir practice, I'd not recommend using sudo for nmap

Reverse shells can be hard to fault find. If I can run elevated commands I always just throw a sticky bit on bash then run with bash with the "-p" argument. Saves the need for a reverse shell and listener and still get yous a elevated shell

I ended up doing just that qnd it worked perfectly

only use pn if requested by nmap, it mike make the scan longer as it considers all the hosts actives

any hint in room teamcw? Is the vulnerability in the home page or I need to find a another page?

the hint they give for the user flag is related to open ports but I just found 2.

And I'm stuck

https://tryhackme.com/room/wekorra

Still under embargo for help and hints, Rule 13.

You've got a way to go. You need to find more pages.

Anyone able to give me a hint on priv escing in Retro? I have a low level shell....

Was checking the pins and I saw this

nvm think I know the way 🤓

Hello. Room Steel Mountain. Task 4. I am unable to start a http server because it says that the port 80 is already in use. Is there any way to bypass this? I am thinking about changing somehow the port where the exploit is requesting the nc.exe but I don't figure out how can I change that. Looking through 39161.py I can't find the specific part that is using the port 80 😦 Can someone give me a for my problem? 😄 Thanks.

Yeah you can change it in the script

Look at where it's using your IP without a port for nc.exe

That's port 80, by default, because HTTP

I think I figured it out. I decoded that thing and added a :8080 after the ip 😏

Thank you. I hope it works

If you're talking about an initial foothold, you shouldn't be getting a reverse shell. You may need to enumerate more to access another service on the box.

Thanks. I went down a rabbit hole there but ended up rooting it yesterday

@frozen crane can i pm you... intentionnaly this time

sure

so I still have a problem here.

this is how I have tried to add :8080 after the ip_addr in order to get the nc.exe from that specific port

and I, obviously, opened the http server on that port (8080)

but I am still getting this error

and I did changed the ip_addr and local port

this being the ip_addr

and this is the nc listener I opened on that 9001 port

yet, this is not working.

someone that can tell me any little hint?

i am stuck on blog priv escalation.Currenly I have a shell as www-data .I found sql username and passwords.Am I heading in the right direction or is it a rabbit hole??

you might need to escape the backslashes

not sure that the vbs part does

oh

wait

haha you're trying to run a python2 script with python3

oh my god

im so dumb.

you are right

naw it's an easy thing to miss

God, I've been spending my last hour looking at this.

Thank you 🥰

Thanks @candid nimbus

What hash format are modern Windows login passwords stored in? I have tried LM hash and NTLM hash. None worked, need help.

What room? What task? What question?

On Brainstorm nmap shows fewer ports open than the correct answer. I did nmap -T4 -p- -Pn X.X.X.X any hints/clues?

did you give it enough time to start?

RE: Brainstorm, I ran nmap a couple of times the last was at least 20 minutes after I started the machine.

Any hints on wekor room privilage escalation?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

^ what have you tried so far?

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

It is still under embargo

Ahh

Thanks fir the clarification. Didn't check the release

Okay

hi everyone, hope you're fine, please can someone tell me what is the name of room when we use burpsuite to change our IP because the siteweb accept only ip 10.10.10.x thanks

if you proxy your browser through burpsuite using forxyproxy or similar, then you don't need to change anything in burpsuite, anything you browse to will pop up in burpsuite

so I don't understand what you mean, sorry!

thanks my friend, look on tryhackme there was room i forget the name,, there is some issue that the sitweb accept only reqeust from ip 10.10.10.x

so i forget the command to use on burpsuite to change the IP

and i forget the room name

sorry, I can't go through every room on tryhackme to find the one that you're thinking of

if you remember then perhaps come back and tell us then ok?

yeah yeah of course, i will search and told you