I'm not going to be going again, it's getting late
#koth
dry fossil
valid cairn
I'm not going to be going again, it's getting late
its 5 in the morning here
its never too late
jk jk have a good night!
dry fossil
I just want to know how the king.txt was protected, I had root most of the time but couldn't even change permissions of the text file or update it
Am also happy I technically found both ways onto the machine
valid cairn
Am also happy I technically found both ways onto the machine
there are 3 ways into food
fossil pecan
ssh was stopped, i restarted a few min ago π
dry fossil
ahh, will have to find the last one
fossil pecan
3+ on each machine
valid cairn
was the entire dir chattr +i or something
lsattr to see
dry fossil
it seemed like I couldn't modify or view anything in the dir
valid cairn
you will see eventually lol
fossil pecan
many ways to protect, you mentioned the big ones
dry fossil
was it chattr +i'd?
valid cairn
lets play again 9 tails!
valid cairn
sure
fossil pecan
was it chattr +i'd?
ya usually π ...
but as the guru koth dude says...
eventually, protecting king.txt is irrelevant
I'm going to do some research tomorrow because I have found that some other good ways of preventing writing are to bind it or use an LD_PRELOAD
and I might be able to write a few scripts to play with
fossil pecan
rarely use ssh during koth, but I do my best to keep it up and running for others π
plush moss
it was not my intention to forego ssh...^^
dry fossil
ah I see, I looked at a walkthrough and I understand why I was getting odd symbols now, makes sense
I was using netcat but really needed to use telnet
I now understand the direction I would have gone using that to get in
magic owl
asd
dry fossil
gg
plush moss
gg
steep agate
rarely use ssh during koth, but I do my best to keep it up and running for other...
could you leave the f11 full snipe for us to use π€£π
your agent is very OP
kingmakers, rootkits, scripts to protect king, using while, oneline, etc, doesn't even come close against your fullsnipe agent, and really very OP
π€£
umbral narwhal
weeeee
umbral narwhal
GG @ jassim15
valid cairn
GG bro!
dry fossil
@valid cairn what've you done to sudo?
valid cairn
<@789868665071337524> what've you done to sudo?
nothing
I did nothing to sudo
I only fixed the vuln for the Tar
dry fossil
the sudoers file is fucked then
valid cairn
the sudoers file is fucked then
the /etc/sudoers?
dry fossil
not even root can use sudo :/
yeah
I can't use chattr except with pkexec and I don't have the root password to do that
dry fossil
ah
valid cairn
you gotta download the binary on your host os and upload it using python3 server
then use it to your own will
let the game end and ask me for the password You will be suprised lol
dry fossil
I figured out how to hide the actual root dir
you won bc you got in way before me haha but that was good fun
am going to take a break for a bit and will be on later
managed to change the root password also
dry fossil
I did manage to change it though bc I copied the ssh keys from donkey to root, sshed in using them and then using the amended sudoers file managed to change the password without entering a password
radiant sun
hello peeps
plush moss
hei
fossil pecan
hello peeps
fossil pecan
who's up for some koth today?
valid cairn
who's up for some koth today?
ME
haughty turtle
how to get good with koth
valid cairn
how to get good with koth<:cri:631271644287074334>
Keep playing
Over time you will remember the way to get it
haughty turtle
Over time you will remember the way to get it
i need the way to keep my king haha
valid cairn
i need the way to keep my king haha
use chattr
haughty turtle
use chattr
it can be easily breakable with that
valid cairn
altho I couldnt figure out who to remove the permission with that
haughty turtle
i wanna know like advance techniques that can as a backdoor
valid cairn
it can be easily breakable with that
there is a flag in chattr which doesnt let the binary be changed
valid cairn
i wanna know like advance techniques that can as a backdoor
Use msfvenom to make one and than connect to it with msfconsole or metasploit.
haughty turtle
there is a flag in chattr which doesnt let the binary be changed
yea actually i know those basic term but thank you anyway
sour vectorBOT
Gave +1 Rep to @valid cairn
haughty turtle
Use msfvenom to make one and than connect to it with msfconsole or metasploit.
ohh never knew
valid cairn
ohh never knew
its easy tbh just look up a guide on it.
haughty turtle
and beside loop, what can u do to protect king?
or get king back when someone running loop
fossil pecan
many ways to king & backdoors ... I was thinking of hosting "Q & A" or "AMA" stream sometime soon, and can help answer questions & solve problems for anyone who's interested
valid cairn
many ways to king & backdoors ... I was thinking of hosting "Q & A" or "AMA" str...
I am bro
Your eternal rival lol
feral urchin
many ways to king & backdoors ... I was thinking of hosting "Q & A" or "AMA" str...
hewwo π
its Tetsu
how are you
fossil pecan
feral urchin
Tetsu ?? can it be??
you know me ?
valid cairn
i dont know you
are you freaking out?
feral urchin
or i just dont remember
valid cairn
Bro it was a joke
feral urchin
8 for each koth i think
dry fossil
not sure where the last 2 are
found 3 in different games and three in files called flag
valid cairn
Why is some one changing the flags in kOTH match?
naive goblet
oooh that is evil..... and probably not allowed
valid cairn
look at this
dry fossil
It's not allowed
quiet schooner
Pretty sure that's just how it is
valid cairn
that's not been changed
lion
quiet schooner
Deleted because spoiler
valid cairn
Deleted because spoiler
i removed the commands
valid cairn
and its wrogn answer
valid cairn
did u give up with fortuna?
error with it
dry fossil
what error?
with the ssh?
Password was changed, you had to find another way in
was hoping you'd find a way in and try and fight for the king, had a little trick up my sleeve
naive goblet
is the trick named shadow???
valid cairn
was hoping you'd find a way in and try and fight for the king, had a little tric...
nah not that lol
dry fossil
Nope, if I told yous it'd spoil the fun haha
but seeing as I've had a chance to play about I've managed to prove that it works as intended
Even if you were to have root it'd stump you unless you figured it out haha
valid cairn
Even if you were to have root it'd stump you unless you figured it out haha
okay next match !
stiff egret
how many flags are there in fortuna?
If you hover on the flag icon on the left of submission box, you can see how many flags each machine has.
sour vectorBOT
Gave +1 Rep to @stiff egret
fossil pecan
If you hover on the flag icon on the left of submission box, you can see how man...
Took me forever to realize this bit lol π
valid cairn
+rep @valid cairn HMMM DOESNT WORK
valid cairn
Took me forever to realize this bit lol π
bro what did you do to the king.txt
even after overwriting its content and shredding it
doesnt change lol
dry fossil
I believe f11 made a rootkit sort of thing
probably uses ld_preload to prevent writing to king.txt
fossil pecan
bro what did you do to the king.txt
dry fossil
we do a little control f and bam
very cool that you did make a custom rootkit tbf, I want to do that soon
fossil pecan
π
steep agate
hiiiiiiiiiii guys
fossil pecan
https://xcellerator.github.io/posts/linux_rootkits_01/
This is a great blog series, i didn't know anything about rootkits going in, and came out building my own π
dry fossil
This is a great blog series, i didn't know anything about rootkits going in, and...
I am actually going to read it thanks
sour vectorBOT
Gave +1 Rep to @fossil pecan
fossil pecan
hiiiiiiiiiii guys
dry fossil
This is a great blog series, i didn't know anything about rootkits going in, and...
what version of ubuntu is your rootkit written for?
fossil pecan
what version of ubuntu is your rootkit written for?
i can build it for any kernel π π
linux* lol
dry fossil
what are the main ones used by koth now? 20.04.4 and 16.04.4?
fossil pecan
mostly 16 & 18, only 1/2 20+ i think
and 3 rhel/centos
and 1 debian8
something like that
uname -r to check each kernel version, and then need to find same/compatible VM (usually) to build with those exact header versions π
dense sigil
nice
wary adder
`uname -r` to check each kernel version, and then need to find same/compatible V...
Do you think you could do it with a lil docker container? Might be a lil faster but idk
Vagrant is always convenient too tho, esp with the synced folder ability
haughty turtle
many ways to king & backdoors ... I was thinking of hosting "Q & A" or "AMA" str...
i'm looking forward to that haha don't forget to ping us
valid cairn
https://xcellerator.github.io/posts/linux_rootkits_01/
damn yall are really dedicated to KOTH your making your own rootkits for it now π€£
valid cairn
i'm looking forward to that haha don't forget to ping us
I guess as soon as 5+ people are interested I will contact the lead mod for KOTH and then we can do a session.
steep agate
many ways to king & backdoors ... I was thinking of hosting "Q & A" or "AMA" str...
That would be really cool!
haughty turtle
I guess as soon as 5+ people are interested I will contact the lead mod for KOTH...
great I have so many things i wanna see
dry fossil
@fossil pecan started that work on the rootkit π
Got a setroot successfully working and have started assembling a list of functions I'll implement when I get a chance
stiff egret
Unpopular opinion
backdoors >>>>> rootkits.
dry fossil
well a rootkit can have a backdoor can't it π
a backdoor can't have a rootkit so it is an unpopular opinion
stiff egret
I was planning on not saying this, but ....
what if upcoming boxes are docker based.
dry fossil
Then you design the rootkit to escape containers :p
stiff egret
I meant only based off dockers. i.e. the whole game is supposed to be in dockers only.
dry fossil
I thought docker does use a kernel but that it's very cut down?
stiff egret
I don't remember seeing anything where you can use a rootkit in docker without privileged mode being on.
I can be wrong or limited by my knowledge though.
dry fossil
I imagine there's probably a way
stiff egret
@brazen cloud Tagging you here for the discussion, respond when you have time. You are my go to person with peak level docker knowledge.
dry fossil
I hate docker everytime I've used it I've struggled
stiff egret
tl;dr docker based rootkits exists?
dry fossil
They certainly do if it's privileged as you've said but I'm not sure about otherwise as privileged containers can load modules into the host kernel
stiff egret
I absolutely love them, I am sucker for managed storages and the whole container logic gives off a very 'managed' vibe.
dry fossil
This being said it's not unlikely that someone has found ways of doing it as it depends how poorly the docker instance is set up
stiff egret
Keeping in mind, if we are to launch any box that is to be played in docker only, then it will be stress/security tested to ensure stability of the game. So the possibility of hacking that docker itself is bleak, that being said, attacking the host docker will be most likely off the limits and appended into rules.
dry fossil
oh for sure but in the meantime I get to play around with a homebrew rootkit
stiff egret
That, is a very fruitful journey.
dry fossil
it is indeed, just added the code to hide itself while loaded in
stiff egret
All the best for the rest of it.
dry fossil
Thanks π
haughty turtle
@fossil pecan when did u join the game, huh?
i don't remember seeing u in the first 20 min of the game
am i tripping?
fossil pecan
<@118749350795935744> when did u join the game, huh?<:pepega:658067905870561282>
I joined when you got 420 points π
haughty turtle
I joined when you got 420 points π
how can u join midgame?
btw it's GG from here cuz i have no idea how to get king back
fossil pecan
how can u join midgame?
I just wanna tie you at 420 lol π
haughty turtle
I just wanna tie you at 420 lol π
hehe i still need to learn alot more
hope to see u do koth on stream some day
maybe explaining some manual enum
jovial field
_what if upcoming boxes are docker based._
I really dont know if this is a good idea.I mean docker is very minimal and what about machines like H1:Hard where docker containers would need to be in a docker container
stiff egret
I really dont know if this is a good idea.I mean docker is very minimal and what...
The point of using dockers is to enable moderation in games, and dockers can be/are generally based off dockerfiles, you can go from minimal to gigantic real fast. About H1:Hard, there can be work arounds, plus no point introducing repeating machines. If there's already a docker escape in pool, why add more?
valid cairn
The point of using dockers is to enable moderation in games, and dockers can be/...
why not add other machines which use docker?
stiff egret
Heavy machines, hard to moderate, slow to start, π€·ββοΈ though depends in the end on the machine.
valid cairn
Heavy machines, hard to moderate, slow to start, π€·ββοΈ though depends in the en...
hmm okay
btw you and naughty have a great guide on koth machines!
valid cairn
wind fjord
imagine new boxes
valid cairn
<@789868665071337524> wanna join vc?
nah not rn
lol cause parents are around
and I dont wanna show them my discord and spicy memes i Have on it π₯
nova tide
you can screenshare and i could watch π
valid cairn
sure
valid cairn
you can screenshare and i could watch π
i Have joined lol
already inside the machine
escalating priveleges
valid cairn
ahh shit I gotta secure it lmao
@nova tide sorry I gotta stop streaming the ports etc
lol
nova tide
oh i already have backdoor and root shell so doesn't really matter xD
Just wanted to see your tricks and see if i could recommend something.
valid cairn
good job lol
and you kicked me out of the machine π
|| @nova tide || you gone now?
nova tide
no still there
valid cairn
do you have permenant root access to the machines?
or do you get a new one everytime?
nova tide
Still have that initial shell and a backdoor.
valid cairn
KOTH lead mod perms go brr
Naughty is dominating the game
I hope my nmap scan with -p- and -T5 finishes before the game ends
stiff egret
KOTH lead mod perms go brr
rumor is we get aws shell access on all machines.
@nova tide
valid cairn
_rumor is we get aws shell access on all machines._
you guys are KOTH lead mod after all lol
stiff egret
I should mention that it is a joke and we don't get AWS Shell access.
valid cairn
ik naughty told me that
valid cairn
I can get access but developing custom rootkits for it etc seems really excessive tbh
stiff egret
Totally agreed.
valid cairn
the other a freind of mine was telling me in the dms that he spent idk hours trying to make a custom rootkit that gives prevents the file from being changed
stiff egret
Don't take me wrong, it is really good for the researching and learning part, but other than that, it's a complete overkill for KoTH.
Atleast KoTH as of from TryHackMe.
stiff egret
π€·ββοΈ I don't know what top players you are referring to, but it's really a game of a good script to write your name in king, and your speed / skill to point and shoot at people in the game.
chattr, echo, ps, kill, rm. (insmod) this should cover most of it.
valid cairn
π€·ββοΈ I don't know what top players you are referring to, but it's really a game...
mr niko, f11 , mathuez etc
you and naugthy
all of you are top players
stiff egret
π€·ββοΈ as flattering as it is, if you are monitoring processes really well, you can basically kick off anyone from the game.
valid cairn
i think and naughty should make a room called playing koth
stiff egret
by embedding them cant you?
get in the machine faster, monitor the processes, you can see what they are doing, undo their shit, and kick them off. Preferably in the same command, they won't know what hit em.
valid cairn
get in the machine faster, monitor the processes, you can see what they are doin...
good point!
π₯
stiff egret
put a temporary chattr on basic files, essentially freezing the machine for the starting few minutes of the game to give you breathing space.
passwd, shadow, authorized_hosts, ssh config, id_rsa etc etc
rephrasing, by freezing the machine, I do not mean hanging it, but keeping it in same condition, so you have more time to setup your defences. Meanwhile everyone else will be confused why their one liners to setup backdoors aren't working.
valid cairn
thanks for the great tips my guy!
steep agate
hii guys π
valid cairn
hii guys π
sahhh dude
I had to leave home to get some supplies
sorry I left the game lmao
stiff egret
Hm, that is a nice one. Can be basically based off the blog that was shared earlier here.
wary adder
Hm, that is a nice one. Can be basically based off the blog that was shared earl...
Exactly π€·ββοΈ
I'm not an expert on the subject by any means, but I'll probably start on that so that I myself can learn, then have someone like f11snipe look it over and correct me
radiant sun
yo
rugged leaf
why do i feel like the machines in KOTH are not being updated?
nova tide
because they are not? π
stiff egret
π
radiant sun
why are you not talking here?
Whatβs up
nova tide
valid cairn
Whatβs up
sup my guy
wary adder
kek
magic maple
hello guys, i hav a problem. How can i protect king.txt :<
stiff egret
castle.
nova tide
ehm ehm CASTLE
nova tide
hello guys, i hav a problem. How can i protect king.txt :<
||jk||
||You can search up for chattr binary and it's use. You can make the binary immutable so no one will be able make changes even if they are root unless they use the binary as well||
stiff egret
_castle._
I was kidding, it was a chess joke.
Self plug, but you can read the blog in the pinned msgs to get more information about how to protect the king file.
rugged leaf
because they are not? π
why senor?
nova tide
why senor?
It's a secret 
stiff egret
why senor?
because people are just too lazy to work on the new machines π
steep agate
||jk||
||You can search up for chattr binary and it's use. You can make the bina...
or kingmakers, onelines, loops, etc.
magic maple
||jk||
||You can search up for chattr binary and it's use. You can make the bina...
this is the first king badge. i had gotten it UwU
fading moat
I was kidding, it was a chess joke.
This shit was epic man i screenshotted it and put it in my memes for geniuses folder
latent osprey
π
Hey Holmes...
Earlier you were having a portfolio website.... Can you send the link please
stiff egret
Hey Holmes...
Earlier you were having a portfolio website.... Can you send the l...
Which one you talking about? It's likely on my GitHub if you need that
latent osprey
Which one you talking about? It's likely on my GitHub if you need that
It was somewhat like hacker terminal
stiff egret
Ah, yes, damn when did you see it, I removed it like 1.5 yrs ago
latent osprey
Then i Might have seen that 2years ago 
But can you specially tell me the technologies you used in creating that website?
I really want to make something like that
stiff egret
I was a really dumb dev back then, so I just really did it in css lol
latent osprey
Whaat???
stiff egret
It was all just html and css. handmade
latent osprey
Seriously
That was really good website
How can someone make something like that in css and html
stiff egret
ngl I ask myself that, I don't know if I can make that rn if I wanted to lol
But ye, I think it's on my GitHub if you'll search for css maybe
stiff egret
Found it, here ya go https://github.com/holmes-py/holmes-py.github.io.OLD/tree/master/old.portfolio
latent osprey
Hah thanks 
steep agate
this is the first king badge. i had gotten it UwU
congratulations!!
rose nimbus
How can someone make something like that in css and html
you can do amazing things with CSS and HTML only. Check this out: https://css-only.art/
there are even crazier CSS 'artworks' to find online. People get super creative
stiff egret
very cool!
It was noob work really. I just w3schooled my way to this lol
fair adder
echo helm
haha
just saw we will be playing offline
to bad haha
will be hard tbh, complety new for me
fair adder
yeah that's a different game. the one i started starts in 16 ins
mins
i gave myself some time so i can install some tools.
echo helm
@haughty turtle Bout to pass tbh π
haughty turtle
<@811988743417233408> Bout to pass tbh π
same i don't like window box
echo helm
Really really no idea how to start here
Haha, sameee xD
Shall we join @steep agate
Even tho I feel bad for fs5150. but I really have to learn before attacking windows servers
Only found a password
steep agate
Shall we join <@745672959804571742>
which game ?
echo helm
fs5150 just pwned it xD
echo helm
which game ?
ur KOTH
echo helm
fs5150 just pwned it xD
@haughty turtle
echo helm
Not ur nickname?
steep agate
<@456226577798135808> https://tryhackme.com/games/koth/55289
this game
dry fossil
rootkitted? @steep agate
steep agate
rootkitted? <@745672959804571742>
no, in this game I didn't use rootkit and I didn't fix the entrypoints
and I didn't fix the path to root either
steep agate
did you replace chattr?
no
steep agate
what'd you do?
nothing
dry fossil
I mean there has to be a reason I can't set ownership or write to it after chmodding etc.
fair adder
@haughty turtle did you change the ssh login password of webmaster lol?
haughty turtle
<@811988743417233408> did you change the ssh login password of webmaster lol?
lol no
i don't even know ssh password
echo helm
I got a php reverse shell but couldnt get my script to work
Voicechat guys?
Really curious what your approaches where
steep agate
VC for a sec? <@745672959804571742> <@811988743417233408>
gg
haughty turtle
i get rev shell as serv3 and get root by crontab
the only thing i changed was the directory in crontab: backups to ok
echo helm
Yup, thats why it didn't worked I guess. Isn't that even against the rules? ^-^ @haughty turtle
@haughty turtle Or am I misinterpreting.
I revshelled trough php but where stuck then since the crontab wasnt working anymore... rly sad :c was wondering, what I was doing wrong tbh
haughty turtle
<@811988743417233408> Or am I misinterpreting.
I revshelled trough php but wher...
i think it's ok to just delete that line tbh
it should be considered as patch
misty jewel
anyone actively in public looking for a game?
misty elk
you never told me what you did btw, was it flock?
Maybe he deleted chattr from /usr/bin
After adding attributes
steep agate
Maybe he deleted chattr from /usr/bin
that's not it either
dry fossil
either replaced the chattr binary with one that didn't allow it or flocked it or something
wind fjord
big brain idea is to leave a fake chattr binary on the system that just kills your shell
or a backdoored chattr binary that runs shellcode or something like that
fossil pecan
big brain idea is to leave a fake chattr binary on the system that just kills yo...
Have you played production yet? (I think it's that one lol)
wind fjord
Itβs been a while since Iβve touched any of the KOTH boxes so I probably donβt remember
radiant sun
big brain idea is to leave a fake chattr binary on the system that just kills yo...
big brain is cp /bin/true
πhomie told me once .. respect βΎοΈ
jovial field
other big brain move is to recompile the chattr binary with a delay of 1sec
stiff egret
other big brain move is to recompile the chattr binary with a delay of 1sec
π€·ββοΈ just switch the chattr binary with your own infected binary that writes your name in king.txt lol
that's what I've been doing for a long time initially -
jovial field
or you alias chattr to echo your name into king.txt
wary adder
π€·ββοΈ just switch the chattr binary with your own infected binary that writes y...
tranquil pewter
GG @ samarrajsingh
Sorry to whoever @me I haven't been on discord a good while. π
unborn ice
any one know how to fix this problem ?
i got this while using chattr
stiff egret
Use static binary.
median sinew
ionic wagon
either replaced the chattr binary with one that didn't allow it or flocked it or...
What do you mean by flocked. Google isnβt helping much since I have little context, and flocked has a βnormalβ definition haha sorry
dry fossil
Man flock
ionic wagon
Thanks Iβll check it when I get home
mental birch
hello
first try
anyone down for some koth
ahh ?
@fair adder hi , wanna play some koth ?
fair adder
<@456226577798135808> hi , wanna play some koth ?
Hey!! I most definitely would of but I'm at work rn 
After work around 6pm maybe ?
naive goblet
ahh ?
in your profile on the about you part there is a bit where you can change to allow you to play koth
this thingy:
mental birch
Hey!! I most definitely would of but I'm at work rn <:NotLikeThis:68984772596924...
Oh its alright, good luck with work
mental birch
After work around 6pm maybe ?
Its 9:50pm here ,idk what time is 6pm
mental birch
this thingy:
Ah yes thanks , but doesn't that mean I'm not good enough yet ? Like I saw the video and no clue about it
sour vectorBOT
Gave +1 Rep to @naive goblet
naive goblet
Β―_(γ)_/Β―
naive goblet
nah think it is for everyone if it is public games
just you can't choose the target koth machine if you do unsubscribed thingy
mental birch
Oh great that mean when inferno subscription is over ,he can still play koth with roki this weekend
mental birch
So you'll likely be asleep !! Lol
Ahh its fine, maybe weekend? Or anytime we both free
mental birch
Wait I need my own vm ?
Game already started
Eh what on earth made me get into something that I got no clue about
jovial field
if you scroll down here https://tryhackme.com/games/koth you will find an faq
feel free to ask me if you have any questions
mental birch
Thank you π
jovial field
you are welcome
mental birch
@jovial field hello
I took a look at the rules ,points ,etc...
Questions:
1-Should I have my own Linux and then connect using the open VPN, or do I get an attackbox ?
2-"How to play" number 3 says "hack into the machine which is related to my question 
3-number 5 says "patch the machine vulnerabilities to maintain your access " which i don't know how ? And does that mean if I don't I could be kicked of the game ?
jovial field
- Yes you should use your own linux machine but in theory you can use an attackbox spawned on another box. 2. you should scan the machine for vulnerabilities and gain access to the machine. After that other players will try to kick you from the machine so you will need to find tactics to prevent them of that. 3. To hold your place on king.txt you can patch the vulnerabilities you used to gain access and search for even more, so other players wont even get into the machine. An other way to protect king.txt would be using tools such as chattr
mental birch
1. Yes you should use your own linux machine but in theory you can use an attack...
Okay ,thanks for making things clear
Just 1 last question, is there a video or a room to practice tools like chattr? Or anything I can do alone before getting into the game
I'm more into practical than theoretical
jovial field
i mean you could do some rooms of the beginners path to get used to tools like nmap, nikto, gobuster etc. while you are doing that you will also learn things about linux.
mental birch
I looked into YouTube and what I saw was looking advance for me and couldn't find anything for tutorial
mental birch
i mean you could do some rooms of the beginners path to get used to tools like n...
Alright thanks , will do
sour vectorBOT
Gave +1 Rep to @jovial field
versed notch
Hi Iβm looking to get into this but Iβm not quite sure where to look to learn skills to do thisππ Does anyone have any suggestions?π
versed notch
You can Practice in these two rooms π£
Thank you!π
sour vectorBOT
Gave +1 Rep to @radiant sun
primal fog
Hi guys! I'm looking for someone for hacking together. Is there anyone?
mental birch
I wish but not ready yet π©
primal fog
I or you?
mental birch
Me ,im not ready yet
primal fog
What is your level?
jovial field
Hi guys! I'm looking for someone for hacking together. Is there anyone?
if you want to we could do one match
fossil pecan
how's everyone been? had to rebuild my rig and take a break for a bit haha, but I'll be back to play more soon! π
haughty turtle
how's everyone been? had to rebuild my rig and take a break for a bit haha, but ...
when will u stream more koth on youtube?
fossil pecan
when will u stream more koth on youtube?
Soon! It's been too long haha, I'm itching to play again, hopefully i can get setup to stream sometime this weekend π
haughty turtle
Soon! It's been too long haha, I'm itching to play again, hopefully i can get se...
maybe show some techniques next time haha
mental birch
Soon! It's been too long haha, I'm itching to play again, hopefully i can get se...
If u stream koth , pls ping me , would like to watch
boreal pewter
Well I tried , VJ99. I know it's something to do with abusing the .jpg upload but I'm a bit rusty lol.
Hope you get it
fossil pecan
fair adder
https://tryhackme.com/games/koth/join/73b4376c7362b74e63e33b7a 14min
When Are You Streaming Bro ?
mental birch
Yeah same question
fossil pecan
When Are You Streaming Bro ?
Just getting my setup & tools back up and running for some test games today, hopefully will find some time to stream again this weekend!
mental birch
Wait stream through discord vc ?
fossil pecan
ya sometimes, but mainly stream on YT & twitch (YT primary for hacking content)
mental birch
Nice because I can't use discord vc its banned here
fossil pecan
I'm "F11snipe" pretty much everywhere, also have twitter, github and stuff π
don't have 100 subs for my "branded YT page" (yet) ... but this is easy redirect https://f11snipe.live
fair adder
@fossil pecan LOL Bro What's That I see something like yo**m*m π€£
fossil pecan
hahahah, oh ya! it's a joke query param, to mess with their analytics/tracking
fair adder
Ya
fossil pecan
so they'll see visits to my page with source "your mom"
lots of eastereggs when i'm involved π
fair adder
Yes
fair adder
@fossil pecan Its Was Really Good Game GG! i don't deserve the win.
fossil pecan
I just really like to try and tie points haha π
fair adder
Ya i know
fair adder
@fossil pecan Are You Using ChaShell ?
fossil pecan
<@118749350795935744> Are You Using ChaShell ?
No, I'm not familiar with it. I'm still bad at knowing what tools already exist, ended up making mostly custom ones haha
fossil pecan
<@118749350795935744> Are You Using ChaShell ?
just looked it up, pretty cool! i'm working on something similar π
fair adder
just looked it up, pretty cool! i'm working on something similar π
Nice man!!!
Cuz I see dns over your ip so
upbeat bone
Anyone wanna play?
gritty stump
fair adder
primal fog
Anyone for play?
vital tide
anyone else playing rn?
theres 4 other people in the game with me but idk if they active
im the only person whos submitting flags
fossil pecan
anyone else playing rn?
I'll probably get on to play a few in an hour or so, if you're still around π
fair adder
@fossil pecan When you are Going to Stream?
Watting For It
steep agate
<@118749350795935744> When you are Going to Stream?
Watting For It
too
I wanted the f11 to come back with the streams
miss you
fossil pecan
<@118749350795935744> When you are Going to Stream?
Watting For It
Still need to finish setting up all my hacking and streaming tools haha... But maybe tonight! I'll be working for a few more hours, so won't be until at least 4 hours from now
fair adder
Still need to finish setting up all my hacking and streaming tools haha... But m...
Nice Man Tell Me If I can Help
harsh obsidian
https://tryhackme.com/games/koth/join/123a40e7ef24612208a95f14 starting in 22 mins
harsh obsidian
^^^ 5 minutes
radiant sun
yo
paper iron
test
harsh obsidian
https://tryhackme.com/games/koth/join/8b9dbb765bf62a7540092f10 kicking off in 22 mins
neon verge
anyone for a match in 5mins?
plain badge
@desert umbra could you stop resetting the machine and try other ways to get access to it? π
harsh obsidian
<@773564809803333663> could you stop resetting the machine and try other ways to...
oh damn.....
obsidian mesa
fair adder
https://tryhackme.com/games/koth/join/8b9dbb765bf62a7540092f10 kicking off in 22...
yup
this is no longer available
nova tide
well it's been two days now so π
fair adder
i know im a complete moron. I didn't see the date until i actually looked π
mind you i've been using two monitors now and i can barely see my laptop lmao
this is where i have discord on
i've said this before but i think it's time for me to take a break from discord..see you later naughty ! 
stiff egret
mind you i've been using two monitors now and i can barely see my laptop lmao
Ctrl + '+'
fair adder
Ctrl + '+'
Hello Mr.Holmes π
Yep I had this on full zoom blast. Thankfully I have my eye exam coming up so I'll be getting glasses soon
stiff egret
Hello Mr.Holmes π
Yep I had this on full zoom blast. Thankfully I have my eye ...
Ah, well, best of luck and health for the checkup.
fair adder
Ah, well, best of luck and health for the checkup.
Thank you,
sour vectorBOT
Gave +1 Rep to @stiff egret
stiff egret
rep farming ftw
jovial field
rep farming ftw
Thank you this is a good idea
sour vectorBOT
Gave +1 Rep to @stiff egret
steep agate
wtf
craggy spruce
why are people allowed to post the answers to koth online when the VMs are still the same after two years?
anyone playing Production now?
quiet schooner
why are people allowed to post the answers to koth online when the VMs are still...
They were allowed to post write-ups two years ago.
They shouldn't be posting flags or passwords.
craggy spruce
is port 9999 part of the infrastructure? It always comes up
quiet schooner
Yes.
quiet schooner
is port 9999 part of the infrastructure? It always comes up
This is specified in the rules
Please read the rules. Not following the rulss can get you banned
craggy spruce
so good to ignore port 9999?
quiet schooner
It's in the rules...
stiff egret
....
craggy spruce
Production was a fun machine
craggy spruce
someone just killed the services or banned my IP in KOTH game 58043
quiet schooner
someone just killed the services or banned my IP in KOTH game 58043
The rules state how to report someone
craggy spruce
This makes me wonder how much hammering a box can take. 6 people all firing dirb and more...!
The VPN network is good
resilient
hi @steep agate , it's me vs you a lot!
steep agate
hi <@745672959804571742> , it's me vs you a lot!
yeah
craggy spruce
I bet you've played all the boxes
steep agate
I'm winning... what!
yeah
craggy spruce
how did you lock king.txt ...
steep agate
<@745672959804571742> did you use chattr?
nop
craggy spruce
I would definitely pay for this, can't believe it's free
The only problems are that there's no-one playing sometimes
stiff egret
The only problems are that there's no-one playing sometimes
It is. Generally dropping a msg here before starting a match helps in finding players.
steep agate
have you locked offline down or can I keep trying? π
What?
steep agate
koth offline
Yes
steep agate
koth offline
but what do you mean?
craggy spruce
do you change passwords or patch the vulnerabilities?
craggy spruce
great, just checking
steep agate
π€
craggy spruce
should king.txt be at C:\king.txt ?
steep agate
should king.txt be at C:\king.txt ?
no
craggy spruce
where is it? π
steep agate
where is it? π
C:\Users\Administrator\king-server\
craggy spruce
thanks
craggy spruce
C:\Users\Administrator\king-server\
I got some king time π how?!
I think you kicked me out and changed the password
steep agate
I think you kicked me out and changed the password
try to enter the machine another way π§
craggy spruce
did you remove king.txt yourself or did I manage to write to it?
steep agate
there is not only one way
craggy spruce
there is not only one way
craggy spruce
LoL looks good these days. Are you coming back?
steep agate
LoL looks good these days. Are you coming back?
ranked match
harsh obsidian
.@fallow hinge gg
harsh obsidian
. @fallow hinge got king at the end. nicely done.
craggy spruce
hi anyone playing Hogwarts with me
sour zealot
When will some new machines be added to koth?
jovial field
in an undefined amount of time
nova tide
Good question.
steep agate
When will some new machines be added to koth?
this is what all koth players wanted,hope more koth machines will be added one day π€£
more windows machines would be nice π₯Ί
craggy spruce
there aren't many koth players
fossil pecan
there aren't many koth players
Got a full game going now π ... At least some players haha
https://tryhackme.com/games/koth/58356
Don't get full 10/10 often tho
harsh obsidian
I tried....no luck
craggy spruce
I tried....no luck
thanks anyway
sour vectorBOT
Gave +1 Rep to @harsh obsidian
craggy spruce
how do people lock king.txt other than chattr?
naive goblet
how do people lock king.txt other than chattr?
loops
harsh obsidian
gg <@692486061762543718>
gg. no, didn't harden anything/patch. if you need some practice, i can run a private game of carnage for us.
craggy spruce
cool thanks for not locking us out
have you solved the docx one? I have two users but not the docx one.
harsh obsidian
cool thanks for not locking us out
you're welcome. when i saw no one getting on the box and very few flags being submitted, i figured no need to patch or harden
harsh obsidian
have you solved the docx one? I have two users but not the docx one.
i actually found a faster / easier way than that
@craggy spruce I sent you a pm
craggy spruce
I'm amazed of all those players no-one else scored
craggy spruce
hello to anyone else playing carnage @MasterCynder @ATalkingSausage
sour zealot
Anyone know how to get custom name for busybox? Whenever i rename it it says applet not found
stiff egret
Um you can just download separate binaries?
Or compile your own - either way, you don't need to rely on in-box busybox. If someone messes with that, you'll never know.
sour zealot
Yeah but whenever i download the binary or compile it my self as soon as i change the file name it says: applet not found.
I know its possible but i dont know how
stiff egret
You realise that whatever applet you are using of busybox, can be compiled to run solo? e.g. chattr.
You don't really need the whole busybox package just to run chattr.
sour zealot
I know. I can rename busybox to chattr and it will work as only chattr or i can only compile chattr solo as you said but i just want the whole busybox package under a custom name.
quiet schooner
I know. I can rename busybox to chattr and it will work as only chattr or i can ...
Busybox can take the first argument as the program to run, eg busybox ls
You might be able to rename it, but I suspect it'll try and use it's new name as the command
sour zealot
You might be able to rename it, but I suspect it'll try and use it's new name as...
Yeah thats the problem. But i know its possible ive done it before a few years ago but i cant remember
craggy spruce
is Tyler a bit broken for the upload one? It doesn't actually write the file you upload to disk?
sour zealot
sour zealot
craggy spruce
hi @sour zealot, really fun to play against you π
thank you for not locking us out
how are you locking king.txt?
oh I see
@sour zealot why can't I find your files? rootkit?
gg
sour zealot
gg
craggy spruce
please answer my questions π
sour zealot
<@631200462993096714> why can't I find your files? rootkit?
My files were in /tmp/... so its easy to miss
sour zealot
what name did you put in the find because my files arent called busybox
craggy spruce
I'm looking in /tmp right now
sour zealot
yeah it was very weird. in one shell i had a different /tmp directory then in another shell
craggy spruce
interesting
sour zealot
no i never saw any of your command. were you hiding your shell or was it just me
sour zealot
sour zealot
fringe valve
@fossil pecan Good game. I had no idea there was a 5th flag on the box.
craggy spruce
@fossil pecan please will you invite me to the current game?
fossil pecan
<@118749350795935744> please will you invite me to the current game?
Hey sorry i missed this earlier, probably too late now, another should be starting soon i bet
fossil pecan
<@118749350795935744> please will you invite me to the current game?
next in 6min here https://tryhackme.com/games/koth/join/6d903d3d09fd37cea659d425
craggy spruce
Opening backdoors ...
Monitoring ...
Cleanup ...
SNIPED (10s)
``` haha
fossil pecan
<@118749350795935744> did you give up?
GG well played on last minute flags haha π
fringe valve
...
craggy spruce
hi
fringe valve
GG
naive goblet
the longer you are king the more points... so dunno anything else here
craggy spruce
we were king for the same amount of time
naive goblet
Β―_(γ)_/Β―
fringe valve
I am not sure, but are different flags worth more points? Could it be possible F11snipes were worth more?
craggy spruce
@fossil pecan no progress on offline?
I'm sure I pwned it before but this time I couldn't work it out!
Please join this someone: https://tryhackme.com/games/koth/join/4867ab96fdb6fd347512cf35
even if you don't play
fossil pecan
<@118749350795935744> no progress on offline?
I forgot about that one haha, I'm still not very good at Windows anyways... Need to actually practice some more eventually π
craggy spruce
please will you join this windows one: https://tryhackme.com/games/koth/join/2a981c1fac4ccedd5dd4b11f
fossil pecan
I am not sure, but are different flags worth more points? Could it be possible F...
Yes flags can be different points (and the food box has some of the biggest ... Just harder to find π)
fossil pecan
please will you join this windows one: https://tryhackme.com/games/koth/join/2a9...
I'm still working, won't be able to play much, but I'll poke around a little
steep agate
find / -name flag* -exec cat {} \; when I didn't know where the flags were on the machine. I always used this command haha
or grep -rli thm{ / 2>/dev/null
naive goblet
```find / -name flag* -exec cat {} \;``` when I didn't know where the flags were...
fun enough is that some flags won't be found by either of said 2 commands if shadow understands it correctly
one of the koth boxes has "games" you can play which are binary files with flags as rewards for winning the games
steep agate
exactly
but it helps a lot of new koth players to look for the flags, just like it helped me in the beginning π @naive goblet
naive goblet
true did not claim said commands are useless just that there are now some koth targets that have more hidden flags that won't be as easy to access
harsh obsidian
23 minutes if anyone is down: https://tryhackme.com/games/koth/join/16de0f66677e8592330f8bb5
harsh obsidian
Is anyone is down for a private game of H1: Medium? I have only one more flag to find.....
harsh obsidian
@fair adder hey man, do you have any idea where the sixth flag is? i'm losing my mind over here
fair adder
<@456226577798135808> hey man, do you have any idea where the sixth flag is? i'm...
Finding.....
fair adder
<@456226577798135808> hey man, do you have any idea where the sixth flag is? i'm...
dir \flag.* /s
This might help
harsh obsidian
I'll give it a shot, thank you
It still hasn't found the sixth flag. I'm good on the first five, but not the sixth
neither find nor findstr is working.......
craggy spruce
@fossil pecan is it a rootkit you have or something part of linux?
sour zealot
broken pilot
harsh obsidian
obsidian current
stiff egret
What about it?
nova tide
What about it?
Just check it
craggy spruce
@bl4ckrabbit nice perseverance
sour zealot
craggy spruce
@sour zealot wrong link
sour zealot
whoops correct liink: https://tryhackme.com/games/koth/join/719bd732b6fea0ad437b57fc
craggy spruce
this is my first time playing H1: Easy
stiff egret
Have fun! @craggy spruce
broken pilot
harsh obsidian
flint jacinth
Quick question about koth rules
am I allowed to play in the sudoers file to patch the way I PE the machine?
and change passwords/remove ssh keys
@steep agate Dude you are way much higher in level lol
misty elk
Quick question about koth rules
am I allowed to play in the sudoers file to patc...
Yess you are allowed to patch the machine
But you are not allowed to stop services or deleting the webpages, removing binaries
Except chattr, it can be removed
flint jacinth
alright
fossil pecan
gg @steep agate π
harsh obsidian
it's gonna come down to, quite literally, the last minute @fossil pecan
fossil pecan
Please tell me how to access a machine properly for koth
Which machine?
pearl pine
suppose i participate in a koth
there is an ip
say 10.10.183.139
now where to access that
i open a random attack box and try accessing it
but i don't think it works
fossil pecan
Attack box should work, better from VPN tho
pearl pine
Attack box should work, better from VPN tho
How to open attackbox ??
I am opening an attackbox by going in a random tryhackme room and starting the attackbox
Will it still work !!
I'm a bit confused
fossil pecan
i'm not sure, i don't use attack box sorry .. i think they are on same vpn, did you try already and it didn't work?
can download vpn config here and connect direct or local vm
https://tryhackme.com/access
pearl pine
Okay i'll try
misty elk
Will it still work !!
Yess it works
Download your openvpn from here
You can play with openvpn too
And if you don't know how to use open vpn here is the guide
steep agate
gg <@745672959804571742> π
gg
fossil pecan
streaming now - next game in 20 min https://tryhackme.com/games/koth/join/219c83bff999c095118be38a
harsh obsidian
nicely done @misty elk
harsh obsidian
c1nn3r, are you on here?
nova tide
how to get intermediate?
You can change it from your profile >> About You.
https://tryhackme.com/profile
plain wagon
You can change it from your ``profile >> About You``.
<https://tryhackme.com/pro...
thank you very much!
sour vectorBOT
Gave +1 Rep to @nova tide
orchid kelp
Hello!
fair adder
Yoyo
orchid kelp
gg
somber nimbus
median tapir
@steep agate How do you guys do that troll thing where you send ascii art over to someone's terminal in KoTH
nova tide
<@745672959804571742> How do you guys do that troll thing where you send ascii ...
You can output a binary to a tty shell using such as ./nyancat > /dev/pts/<tty session number>
You can see their tty sessions using ps aux | grep pts
quick rapids
You can output a binary to a tty shell using such as ``./nyancat > /dev/pts/<tty...
The question now is how do you escape that π©
steep agate
You can output a binary to a tty shell using such as ``./nyancat > /dev/pts/<tty...
@median tapir and even without TTY , you can run commands in someone else's terminal, send nyancat, etc.
I just saw the message now, sorry
broken pilot
Hahaha with goober dropping 8 flags right at the end.. will it be enough??
clutch move for the tieβ¦
fringe valve
Haha I dropped them cause I knew i had no hope
broken pilot
Damn gg goober⦠with that last flag with 18 secs left
@fringe valve
Im bored at work watching koth games β¦. Hahahaha
median tapir
<@899774430018936843> and even without TTY , you can run commands in someone els...
I have a lot to learn honestlyπ₯²
By the way..how do i change my tryhackme username
naive goblet
By the way..how do i change my tryhackme username
you would need to email support for that
median tapir
you would need to email support for that
Any special points to watch out for?
naive goblet
Any special points to watch out for?
think there are some guidelines for how to write a nice email requesting a username change in the pins of the #site-support channel
and also it might take a while before the email support gets to it as there is only one person handling said support email and they got a lot of emails to sort through
median tapir
and also it might take a while before the email support gets to it as there is o...
Thanks for the heads up
sour vectorBOT
Gave +1 Rep to @naive goblet
naive goblet
no problem
median tapir
quick question; besides editing the king.txt file, is there any other way to be king?
median tapir
quick question; besides editing the king.txt file, is there any other way to be ...
@nova tide
median tapir
quick question; besides editing the king.txt file, is there any other way to be ...
@fossil pecan ?
fossil pecan
quick question; besides editing the king.txt file, is there any other way to be ...
king points are only scored by who has username in /root/king.txt (different locations on windows) and get 10pts/min (each box serves "current king" via port 9999) - this is an official koth service and should not be altered, so no the only way to be king is when your username is in king.txt
TLDR; no must have username in /root/king.txt π
quick terrace
uh is the lobby bugged for anyone else
nova tide
uh is the lobby bugged for anyone else
What seems to be the issue?
quick terrace
What seems to be the issue?
its good now, it just had the timer with no ip, but everyone called a vote n it seemed to fix it
fossil pecan
ya same haha, we got all reset votes to get it going π
nova tide
aah that happens sometimes, iirc if you just hit refresh it would show up.
Not sure if that was the same bug in your case.
Did the machine show up as Machine Expired?
fossil pecan
ongoing matches only show if/when 1+ king minutes awarded .. i think π€
nova tide
Weird π€
fossil pecan
steep agate
I have a lot to learn honestlyπ₯²
quick terrace
darn u
median tapir
Anyone know where the king file for the Medium machine is? I finally got admin priv but couldn't find it for the rest of the gameπ
steep agate
Anyone know where the king file for the Medium machine is? I finally got admin ...
C:/king.txt
median tapir
gg @steep agate π
steep agate
gg <@745672959804571742> π
gg
steep agate
there isn't chattr on this box?
which box ? h1-medium ?
median tapir
yh
median tapir
sigh
median tapir
@broken pilot ggπ
steep agate
??
short tusk
@nova tide ?
short tusk
@orchid kelp You really thought you could delete this message?
@nova tide is this against the rules?
nova tide
After you chattr the binary you can't delete it.
Not against the rules.
steep agate
<@968826036269744138> You really thought you could delete this message?
I was completely lost with this message, I was like WTF? π€£
short tusk
Β―_(γ)_/Β―
orchid kelp
what happened?
tranquil pewter
orchid kelp
@short tusk one bug in machine
@short tusk @nova tide
I didn't know but I was trying commands and there was no king.txt but when you are root you can create it again..
nova tide
<@270975958511517697> <@267010557889085440>
I didn't know but I was trying comm...
No worries. Jabba was mentioning that just in case it could be against the rules.
orchid kelp
No worries. Jabba was mentioning that just in case it could be against the rules...
It can be when they report tryhackme and ban,
nova tide
It can be when they report tryhackme and ban,
They are the staff members, If they wanted you wouldn't be here right now π
No need to worry no one will ban you without any reason.
half quartz
Is there anyway some of the staff/ more reputable members could help me?
I've been hacked and my devices will try to hack and take over anything else I connect to... so any KOTH games and lessons. Before I knew what was happening I noticed boxes were crashing and extra ports were open.
I was thinking of creating a private game, and inviting some of the top players/ staff to investigate and shut down the process ?
orchid kelp
Is there anyway some of the staff/ more reputable members could help me?
I've be...
Have you been hacked? for connecting to tryhackme's VPN? if so you have to configure the ip tables.
stiff egret
Is there anyway some of the staff/ more reputable members could help me?
I've be...
Go to Police.
orchid kelp
Is there anyway some of the staff/ more reputable members could help me?
I've be...
If it is Windows put it in safe mode and have to do Forensics
jovial field
Go to Police.
I wish good luck ...
short tusk
Is there anyway some of the staff/ more reputable members could help me?
I've be...
Please do not use our services if you computer has been hacked, you will be liable if your system attacks our infrastructure.
jovial field
Is there anyway some of the staff/ more reputable members could help me?
I've be...
maybe you should undermine your theory of being hacked by logging into an virtual box which is in a virtual network with your "hacked "machine and test (for example with tcpdump) what data is being sent. I mean if suddenly new ports are open on a koth machine it litterally means nothing. It could be that other players installed backdoors or the machine just took a bit of time to start up the services listening on the new ports.
nova tide
Hi @alpine quarry
If you have any questions related koth you can always ask here or mail on koth@tryhackme.com
In your case deleting id_rsa shouldn't be an issue. π
quick rapids
Is BL4CKD3VIL#6424 here ??
serene crane
Who is rootpiebot?
quiet schooner
Is BL4CKD3VIL#6424 here ??
Yes
quick rapids
@quiet schooner DM ?
quiet schooner
<@252418040388517888> DM ?
Is it related to the KoTH rules?
quick rapids
Is it related to the KoTH rules?
Nope, techniques !
teal oyster
Lol
brittle flicker
Who is this Koth dude :3
teal oyster
@lavish crystal ??????
brittle flicker
Long time no see <@195389432356929536>
Glad to be back :3
Iβm hoping this day finds you well :3 Iβm thinking Iβll see this Koth guy after some practice on THM >;3
dusk cave
Someone up for koth?
yo just checked you on the leader board @fossil pecan you probably know all the flags and ways to get root on all the machines already:D
go easy on me
fossil pecan
go easy on me
are you "PrinceOfPersia" username on THM? (looking at user who joined current lobby)
teal oyster
@fossil pecan π§βπ¦―π§βπ¦―π§βπ¦―π§βπ¦―πππππ
Next match lolπππ
teal oyster
@fossil pecan lol dude πππ€π€
grim moat
can anyone tell me what I'm doing wrong here while making ssh connection using SSH in Production KoTH. Even after supplying id_rsa file, password is being asked??
stiff egret
Someone could've changed the password.
stiff egret
<@488782770017927169> did you `chmod 600 Iβd_rsa` ?
the perms in ls -al output show that it is 600
/ read only
stiff egret
I think it would work with r only. I could be wrong here though, never tried to compare these two.
broken pilot
yea Iβve never tried it with read only but thinking about it after I said it you might be rightβ¦
stiff egret
I mean it is on lesser permissions that minimum required, eh its complicated to phrase but yeah, iykyk
grim moat
tried all 400 600 700 still same
broken pilot
It could be they changed the sshd_config file to only allow passwordsβ¦
stiff egret
- Someone could've changed the passwords.
- What Trapnatized said
- You maybe have a newline in id_rsa key. Try with -vv to see if it is accepting key or not.
grim moat
Still same with rw
with -vv debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
ashu@prod.thm's password:
broken pilot
Donβt know if you added your own ssh pub key in to authorized_keys .. but it could be permissions not set to 700 for .ssh and 600 for authorized_keysβ¦
stiff egret
with -vv debug2: we sent a publickey packet, wait for reply
debug1: Authenticati...
You need password. Someone probably changed it.
grim moat
You need password. Someone probably changed it.
I'm new to KoTH, seems pretty tough to compete if someone is changing pass within 5-10 min of game start
broken pilot
Or they changed the public keys inside of authorized_keys and thatβs why your id_rsa no longer worksβ¦
stiff egret
I'm new to KoTH, seems pretty tough to compete if someone is changing pass withi...
It is a standard A/D move, generally the first thing you do is change/patch the way you got in from. This key way is one of the low hanging fruits, so it is very likely that it will be patched in less than 5 minutes.
Plus, because the machines are not new, most of the older players know the machines, and know how to get in without even doing a nmap scan, as they have notes from the last time they did that machine.
broken pilot
I mean it all depends on who you are playing against tooβ¦. Cuz 10 mins could be plenty of time for them to change passwords, patch the vulnerabilities and add their own persistenceβ¦
stiff egret
Or they changed the public keys inside of authorized_keys and thatβs why your id...
I am sorry you are facing this, but it is something you are going to face in most of the attack defense type matches. On the bright side, next time you see the same machine, you know exactly how to get in before anyone else.
We grow.
grim moat
Thanks for the info otherwise I'll be stuck at only one exploit forever thinking I was doing something wrong
stiff egret
There are mostly 3-4 ways to hack into every KoTH machine, so if one doesn't work out, you can start looking for others. There is a good chance that all might not be patched.
broken pilot
Agreeβs with mr Holmesβ¦
fossil pecan
I'm new to KoTH, seems pretty tough to compete if someone is changing pass withi...
I'm happy to join/host private matches for practice if you want, feel free to DM me anytime π ... I also know most of the entry points (for Linux boxes at least haha) if you have any more questions π
lusty basin
Argh! Thought I was getting somewhere and now there's a king! π Lots of "Hello friend in my term" π
uneven whale
What's the fun about doing every koth machines a hundred times @fossil pecan ?
fossil pecan
What's the fun about doing every koth machines a hundred times <@118749350795935...
Always more to learn! Been going extra hard today using games testing new tools π₯³
uneven whale
Did you deleted the authorized_key file for user Ashu ? I wasn't able to ssh using his private key so I want to be sure that's not an issue on my virtual machine
@fossil pecan
fossil pecan
Did you deleted the authorized_key file for user Ashu ? I wasn't able to ssh usi...
i don't patch stuff usually, probably other player ... i can put it back π
uneven whale
No that's fair game I should have done the same thing if I was connected first
uneven whale
i don't patch stuff usually, probably other player ... i can put it back π
If you don't patch any stuff you loose very quickly your king role don't you ?
fossil pecan
If you don't patch any stuff you loose very quickly your king role don't you ?
i have a few good techniques for king, it's more fun to let people in and join the party haha π
imo
uneven whale
i have a few good techniques for king, it's more fun to let people in and join t...
But when people are root that's just a stupid deleting/creating game for king.txt file right ?
fossil pecan
But when people are root that's just a stupid deleting/creating game for king.tx...
tons of different ways to protect / fight for it, pretty fun actually
new password for ashu lemmeinpls π
uneven whale
tons of different ways to protect / fight for it, pretty fun actually
Ok I didn't knew that, because I was thinking that as root you have some unlimited power π
uneven whale
new password for ashu `lemmeinpls` π
I'm out, just trying to do my best with tcp/9002 backdoor but I'm stuck, stupid length restriction ππ
fossil pecan
ah, ya that's a tricky one haha
uneven whale
For an easy machine like it, 9001/9002 aren't obvious
fair adder
broken pilot
GG @steep agate too fast bro..
steep agate
GG <@745672959804571742> too fast bro..
there are other paths open, I only corrected 1...
broken pilot
yea i gotta work on finding multiple ways in all the boxes...
broken pilot
@steep agate hahhaha that was funny. i was wondering why my chattr wasnt workind ....
*working
steep agate
<@745672959804571742> hahhaha that was funny. i was wondering why my chattr wasn...
hehehe why did i troll him π€£
broken pilot
hahahaha i thought that other other day when i killed your shell